avorelo 0.1.0

package/scripts/lib/dashboard.js

@@ -0,0 +1,900 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const {
+  ensureProjectConfig,
+  getEffectiveConfig,
+  latestSecurityScanMeta,
+  latestTrustAuditMeta,
+  latestMemoryProfileMeta,
+  latestIntelSignalsMeta,
+  latestOutcomeEventsMeta,
+  safeReadJson,
+} = require("./fsx");
+const { summarizeLastSessions, weeklyRollup } = require("./metrics");
+const { loadMemoryProfile, buildMemorySummary, buildContextBudgetPlan, inferTaskType } = require("./memory");
+const { applyRecommendationDecision } = require("./optimization-v3");
+const { buildPromptSuggestions } = require("./prompt-suggestions");
+const { CAPABILITY_MAP } = require("./adapter-conformance");
+const { loadPricingExperiment, buildPricingMeter } = require("./pricing-experiment");
+const { readOutcomeEvents, aggregateOutcomeEvents } = require("./unified-events");
+const { readLatestCcusageImport } = require("./ccusage-adapter");
+const { computeProofMetrics } = require("./proof-metrics");
+const { validateScorecard, validateProofMetrics } = require("./anti-gaming");
+const { loadLatestIntervention } = require("./intervention-guidance");
+const { buildReentryMemoryStatus } = require("./reentry-memory-status");
+const { buildBudgetStatus } = require("./context-budget-guard");
+const { buildCostEvidenceSummary, buildImportedVsInternalDelta } = require("./cost-evidence");
+const { buildCurrentStateSurface } = require("./canonical-reentry");
+const { buildAgentSecuritySurface, buildAgentSecurityModeControl } = require("./agent-security");
+const { buildBrowserCapabilitySurface } = require("./browser-capability");
+const { buildActivationSummary } = require("./activation/activation-summary");
+const { buildAgentAccessGovernanceSurface } = require("./agent-access-governance");
+const { buildSafePathSurface } = require("./safe-path-engine");
+const { buildSkillsOperatingLayerSurface } = require("./skills-operating-layer");
+const { buildInstallIntakeRiskSurface } = require("./install-intake-risk");
+const { buildWorkControlSurface } = require("./work-control-receipts");
+const { buildSessionContextSurface } = require("./session-context-optimizer");
+const { buildWorkflowDisciplineStatus } = require("./workflow-discipline");
+const { collectWorkflowSignals } = require("./workflow-signals");
+const { buildOrchestrationStatus, buildAgentModelOrchestrationSurface } = require("./orchestration");
+const { buildAiWorkspaceHygieneSurface } = require("./ai-workspace-hygiene");
+
+function safeReadOperatingValueSurface(cwd) {
+  try {
+    const { buildOperatingValueSurface } = require("./operating-value");
+    return buildOperatingValueSurface(cwd);
+  } catch {
+    return null;
+  }
+}
+
+function safeReadBrainPackSurface(cwd) {
+  try {
+    const { buildBrainPackSurface } = require("./brain-pack");
+    return buildBrainPackSurface(cwd);
+  } catch {
+    return null;
+  }
+}
+
+function safeRequireWorkspaceRegistrySurface() {
+  try {
+    const { buildWorkspaceRegistrySurface } = require("./workspace-registry");
+    return buildWorkspaceRegistrySurface;
+  } catch {
+    return null;
+  }
+}
+
+function latestReportPath(cwd) {
+  const dir = path.join(cwd, ".claude", "cco", "reports");
+  try {
+    const files = fs.readdirSync(dir).filter((f) => f.endsWith(".md"));
+    if (!files.length) return null;
+    const latest = files.map((f) => ({ f, t: fs.statSync(path.join(dir, f)).mtimeMs })).sort((a, b) => b.t - a.t)[0];
+    return path.posix.join(".claude/cco/reports", latest.f);
+  } catch {
+    return null;
+  }
+}
+
+function explainReasonCode(code) {
+  const map = {
+    PROMPT_NO_DOD: "Prompt missing Definition of Done.",
+    PROMPT_NO_OUTPUT_FORMAT: "Prompt missing explicit output format.",
+    PROMPT_NO_CONSTRAINTS: "Prompt missing constraints.",
+    LOOP_REPEATED_TOOL: "Repeated tool sequence detected.",
+    CTX_LARGE_OUTPUT: "Large output stored out-of-band to reduce context pressure.",
+    CTX_SCAN_SKIPPED_UNCHANGED: "Repeated scan skipped for unchanged file content.",
+    FAIL_RETRY_GUARD: "Failure retry guard triggered to prevent repeated waste.",
+    EVIDENCE_RUNTIME_RETRY_REVIEW: "Measured runtime evidence triggered a bounded retry review before rerunning.",
+    EVIDENCE_ESTIMATED_LOW_VALUE_REROUTE: "Estimated low-value retry signals forced a cheaper-safer deterministic reroute.",
+    SEC_CURL_PIPE_SH: "Remote script piped into shell blocked.",
+    SEC_REMOTE_FETCH: "Remote fetch pattern detected.",
+    SEC_REMOTE_INCLUDE: "Remote include/import pattern detected.",
+    SEC_UNPINNED_GIT_DEP: "Unpinned git dependency detected.",
+    SEC_SUPPRESSION_AUDIT: "Suppression audit recorded from allowlist rules.",
+    SEC_REMEDIATION_JOB_CREATED: "Remediation job artifact generated.",
+    SEC_TRUST_UNKNOWN_HIGH: "High-risk scan on unknown changed trusted-surface files.",
+    PERM_FATIGUE_CONSOLIDATED: "Repeated safe permission requests auto-consolidated.",
+    IDLE_DEFERRED_SCAN: "Idle-time deferred scan hint generated.",
+    STOP_SNAPSHOT: "Stop event snapshot captured.",
+    TASK_COMPLETED: "Task completion summary generated.",
+    WORKTREE_EVENT: "Worktree lifecycle trust check recorded.",
+    BATCH_JOB_CREATED: "Batch job created for asynchronous processing.",
+    BATCH_JOB_COMPLETED: "Batch job completed.",
+    SMART_ROUTE_CHEAPER_SAFER: "Smart routing automatically downgraded launch to a cheaper-safer route.",
+  };
+  return map[code] || code;
+}
+
+function defaultRecommendations() {
+  return [
+    "Enable ENABLE_TOOL_SEARCH to reduce idle MCP schema overhead.",
+    "Tune MAX_MCP_OUTPUT_TOKENS for noisy tools.",
+    "Use clear DoD and output format to reduce retries.",
+  ];
+}
+
+function confidenceFromSignals(signalCount) {
+  if (signalCount >= 8) return "high";
+  if (signalCount >= 3) return "medium";
+  return "low";
+}
+
+function benefitSummary(weekly, nextBestAction, memorySummary, memoryEfficiencyScore) {
+  const savings = weekly.savingsFirstSummary || {};
+  const minutesSavedEstimate = Number(savings.estimatedMinutesSaved || 0);
+  const signalCount = weekly.loopsInterrupted + weekly.riskyIntercepts + weekly.largeOutputsStored;
+
+  return {
+    minutesSavedEstimate,
+    riskEventsPrevented: weekly.riskyIntercepts,
+    contextPressureEvents: Number(savings.outputsTrimmed || weekly.largeOutputsStored || 0),
+    confidenceLabel: savings.confidenceLabel || confidenceFromSignals(signalCount),
+    savingsEvidence: {
+      source: "metrics.savingsFirstSummary",
+      loopsPrevented: Number(savings.loopsPrevented || 0),
+      outputsTrimmed: Number(savings.outputsTrimmed || 0),
+    },
+    nextBestAction,
+    recommendationTraces: weekly.recommendationTraces || [],
+    memoryEfficiencyScore,
+    memoryProject: memorySummary.projectId,
+  };
+}
+
+function suppressionSummary(weekly, recommendationDecision) {
+  return {
+    suppressionEvents: weekly.suppressionEvents || 0,
+    trustAlerts: weekly.trustAlerts || 0,
+    recommendationSuppressions: recommendationDecision?.suppressedRecommendations?.length || 0,
+  };
+}
+
+function trustSummary(cwd) {
+  const meta = latestTrustAuditMeta(cwd);
+  if (!meta) return { latestAuditPath: null, unknownFiles: 0, untrustedFiles: 0 };
+  try {
+    const abs = path.join(cwd, meta.relPath);
+    const audit = JSON.parse(fs.readFileSync(abs, "utf8"));
+    return {
+      latestAuditPath: meta.relPath,
+      unknownFiles: Number(audit?.summary?.unknown || 0),
+      untrustedFiles: Number(audit?.summary?.untrusted || 0),
+    };
+  } catch {
+    return { latestAuditPath: meta.relPath, unknownFiles: 0, untrustedFiles: 0 };
+  }
+}
+
+function cloudSyncSummary(cwd) {
+  const sync = safeReadJson(cwd, ".claude/cco/cloud/last-sync.json", null);
+  if (!sync) return { enabled: false, lastSyncAt: null, syncedEvents: 0, outbox: ".claude/cco/cloud/outbox/events.jsonl" };
+  return {
+    enabled: true,
+    lastSyncAt: sync.ts || null,
+    syncedEvents: Number(sync.syncedEvents || 0),
+    outbox: sync.outbox || ".claude/cco/cloud/outbox/events.jsonl",
+  };
+}
+
+function latestInterventionSummary(cwd) {
+  const latest = loadLatestIntervention(cwd);
+  if (!latest) return null;
+  return {
+    kind: latest.kind || "intervention",
+    eventName: latest.eventName || "unknown",
+    createdAt: latest.createdAt || null,
+    whatHappened: latest.whatHappened || "",
+    nextAction: latest.nextAction || "",
+    preservedState: latest.preservedState || "",
+    artifactPath: latest.artifactPath || null,
+  };
+}
+
+function intelSignalsSummary(cwd) {
+  const meta = latestIntelSignalsMeta(cwd);
+  if (!meta) {
+    return {
+      latestSignalsPath: null,
+      runId: null,
+      totalItems: 0,
+      promotedCandidates: 0,
+      blockedHighRisk: 0,
+      topRecommendations: [],
+    };
+  }
+
+  try {
+    const abs = path.join(cwd, meta.relPath);
+    const signal = JSON.parse(fs.readFileSync(abs, "utf8"));
+    const items = Array.isArray(signal.items) ? signal.items : [];
+    return {
+      latestSignalsPath: meta.relPath,
+      runId: signal.runId || null,
+      totalItems: Number(signal.totalItems || items.length || 0),
+      promotedCandidates: Number(signal.promotedCandidates || 0),
+      blockedHighRisk: Number(signal.blockedHighRisk || 0),
+      topRecommendations: items.slice(0, 5).map((item) => ({
+        recommendationId: item?.recommendation?.recommendationId || item?.itemId || "unknown",
+        theme: item?.score?.theme || "optimization",
+        title: item?.title || "",
+        priority: Number(item?.score?.priority || 0),
+        sourcePlatform: item?.sourcePlatform || "unknown",
+        sourceLane: item?.sourceLane || "unknown",
+        url: item?.url || "",
+      })),
+    };
+  } catch {
+    return {
+      latestSignalsPath: meta.relPath,
+      runId: null,
+      totalItems: 0,
+      promotedCandidates: 0,
+      blockedHighRisk: 0,
+      topRecommendations: [],
+    };
+  }
+}
+
+function outcomeReadinessSummary(cwd) {
+  const events = readOutcomeEvents(cwd);
+  const aggregation = aggregateOutcomeEvents(events, { days: 7 });
+  const latestMeta = latestOutcomeEventsMeta(cwd);
+  return {
+    latestEventsPath: latestMeta?.relPath || null,
+    eventsCount: events.length,
+    // Legacy mixed-unit totals remain exposed for compatibility only.
+    measuredValueTotal: Number(aggregation.weeklyRepoSummary?.measuredValueTotal || 0),
+    counterfactualValueTotal: Number(aggregation.weeklyRepoSummary?.estimatedCounterfactualTotal || 0),
+    measuredCostTotal: Number(aggregation.weeklyRepoSummary?.measuredCostTotal || 0),
+    estimatedCostCounterfactualTotal: Number(aggregation.weeklyRepoSummary?.estimatedCostCounterfactualTotal || 0),
+    tokenUsageTotal: Number(aggregation.weeklyRepoSummary?.tokenUsageTotal || 0),
+    legacyMixedUnitTotals: aggregation.weeklyRepoSummary?.legacyMixedUnitTotals || {
+      measuredValueTotal: Number(aggregation.weeklyRepoSummary?.measuredValueTotal || 0),
+      estimatedCounterfactualTotal: Number(aggregation.weeklyRepoSummary?.estimatedCounterfactualTotal || 0),
+    },
+    costAwareTotals: aggregation.weeklyRepoSummary?.costAwareTotals || {
+      measuredCostTotal: Number(aggregation.weeklyRepoSummary?.measuredCostTotal || 0),
+      estimatedCostCounterfactualTotal: Number(aggregation.weeklyRepoSummary?.estimatedCostCounterfactualTotal || 0),
+      tokenUsageTotal: Number(aggregation.weeklyRepoSummary?.tokenUsageTotal || 0),
+    },
+    confidenceLabel: aggregation.savingsSummary?.confidenceLabel || "low",
+    byCategory: aggregation.weeklyRepoSummary?.byCategory || {},
+    aggregation,
+  };
+}
+
+function measuredUsageSummary(cwd) {
+  const latest = readLatestCcusageImport(cwd);
+  if (!latest) {
+    return {
+      available: false,
+      importedAt: null,
+      flavor: null,
+      totalCost: 0,
+      totalTokens: 0,
+      rows: 0,
+      artifact: null,
+    };
+  }
+  return {
+    available: true,
+    importedAt: latest.importedAt || null,
+    flavor: latest.flavor || "claude",
+    totalCost: Number(latest.summary?.totalCost || 0),
+    totalTokens: Number(latest.summary?.totalTokens || 0),
+    rows: Number(latest.summary?.rows || 0),
+    artifact: latest.artifact || null,
+  };
+}
+
+function buildPlatformBreakdown() {
+  return Object.keys(CAPABILITY_MAP).map((key) => {
+    const c = CAPABILITY_MAP[key];
+    return {
+      platform: c.platform,
+      supportsHooksCount: Array.isArray(c.supportsHooks) ? c.supportsHooks.length : 0,
+      supportsPermissionDecision: Boolean(c.supportsPermissionDecision),
+      supportsToolOutputReplacement: Boolean(c.supportsToolOutputReplacement),
+      partialSupportNotes: c.partialSupportNotes || [],
+    };
+  });
+}
+
+function buildTeamUnifiedView(config, weekly, benefit, cloudSync) {
+  const orgId = config.cloud?.orgId || "local-org";
+  return {
+    version: 1,
+    orgId,
+    projects: [config.cloud?.projectId || "local-project"],
+    platformBreakdown: buildPlatformBreakdown(),
+    benefitSummary: {
+      minutesSavedEstimate: benefit.minutesSavedEstimate,
+      riskEventsPrevented: benefit.riskEventsPrevented,
+      contextPressureEvents: benefit.contextPressureEvents,
+    },
+    riskSummary: {
+      trustAlerts: weekly.trustAlerts || 0,
+      riskyIntercepts: weekly.riskyIntercepts || 0,
+    },
+    costSummary: {
+      mcpToolCalls: weekly.mcpToolCalls || 0,
+      largeOutputsStored: weekly.largeOutputsStored || 0,
+      compactPressureEvents: weekly.compactPressureEvents || 0,
+    },
+    nextBestActions: (weekly.recommendations || []).slice(0, 3),
+    cloudSync,
+  };
+}
+
+function recommendationCategory(recommendationId) {
+  const id = String(recommendationId || "");
+  if (id.includes("SECURITY") || id.includes("TRUST") || id.includes("PERMISSION")) return "security";
+  if (id.includes("LOOP") || id.includes("RETRY") || id.includes("PROMPT")) return "loop";
+  if (id.includes("MCP") || id.includes("CONTEXT") || id.includes("COMPACT") || id.includes("THINKING")) return "context";
+  return "team";
+}
+
+function buildWhatChangedThisWeek(weekly) {
+  const changes = [];
+  const savings = weekly.savingsFirstSummary || {};
+
+  if (Number(savings.loopsPrevented || 0) > 0) {
+    changes.push(`${savings.loopsPrevented} loop reruns were prevented, saving review and retry time.`);
+  }
+
+  if (Number(savings.outputsTrimmed || 0) > 0) {
+    changes.push(`${savings.outputsTrimmed} large outputs were trimmed to reduce context pressure.`);
+  }
+
+  if (Number(weekly.riskyIntercepts || 0) > 0 || Number(weekly.trustAlerts || 0) > 0) {
+    changes.push(`${Number(weekly.riskyIntercepts || 0)} risky actions were intercepted and ${Number(weekly.trustAlerts || 0)} trust alerts were surfaced.`);
+  }
+
+  if (!changes.length) {
+    changes.push("No major waste or risk spikes were detected this week. Keep current defaults and continue monitoring.");
+  }
+
+  return changes.slice(0, 4);
+}
+
+function buildOrderedActions(weekly, topRecommendedFixes, nextBestAction, teamDefaultsApplied) {
+  const actions = {
+    security: [],
+    loop: [],
+    context: [],
+    team: [],
+  };
+
+  if (Number(weekly.riskyIntercepts || 0) > 0 || Number(weekly.trustAlerts || 0) > 0) {
+    actions.security.push({
+      id: "ACT_SECURITY_AUDIT",
+      category: "security",
+      text: "Run avorelo audit and resolve the top active security finding first.",
+      source: "weekly-signals",
+    });
+  }
+
+  if (Number(weekly.loopsInterrupted || 0) > 0) {
+    actions.loop.push({
+      id: "ACT_LOOP_REPLAN",
+      category: "loop",
+      text: "Review repeated loops and tighten Definition of Done before reruns.",
+      source: "weekly-signals",
+    });
+  }
+
+  if (Number(weekly.largeOutputsStored || 0) > 0) {
+    actions.context.push({
+      id: "ACT_CONTEXT_HYGIENE",
+      category: "context",
+      text: "Tune output caps and keep large outputs out-of-band to reduce context pressure.",
+      source: "weekly-signals",
+    });
+  }
+
+  if (
+    teamDefaultsApplied?.profile ||
+    teamDefaultsApplied?.recommendationMode ||
+    teamDefaultsApplied?.securityModeFloor ||
+    teamDefaultsApplied?.scanFreshnessHoursFloor
+  ) {
+    actions.team.push({
+      id: "ACT_TEAM_DEFAULTS_REVIEW",
+      category: "team",
+      text: "Confirm team defaults remain aligned with current repo risk and cost profile.",
+      source: "team-defaults",
+    });
+  }
+
+  (topRecommendedFixes || []).forEach((fix) => {
+    const category = recommendationCategory(fix.recommendationId);
+    actions[category].push({
+      id: String(fix.recommendationId || "ACT_RECOMMENDATION"),
+      category,
+      text: String(fix.text || "Review recommended fix."),
+      source: "recommendation-engine",
+    });
+  });
+
+  const ordered = [
+    ...actions.security,
+    ...actions.loop,
+    ...actions.context,
+    ...actions.team,
+  ];
+
+  const deduped = [];
+  const seen = new Set();
+  ordered.forEach((item) => {
+    const k = `${item.id}::${item.text}`;
+    if (seen.has(k)) return;
+    seen.add(k);
+    deduped.push(item);
+  });
+
+  if (!deduped.length) {
+    deduped.push({
+      id: "ACT_NEXT_BEST",
+      category: "context",
+      text: nextBestAction || "Run avorelo status to generate focused next steps.",
+      source: "fallback",
+    });
+  }
+
+  return deduped.slice(0, 6);
+}
+
+function buildTeamRollup(weekly, topRecommendedFixes, nextBestAction, teamDefaultsApplied) {
+  const savings = weekly.savingsFirstSummary || {
+    loopsDetected: 0,
+    loopsPrevented: 0,
+    outputsTrimmed: 0,
+    estimatedMinutesSaved: 0,
+    confidenceLabel: "low",
+  };
+
+  return {
+    teamRollupVersion: 2,
+    windowDays: Number(weekly.periodDays || 7),
+    sessions: Number(weekly.sessions || 0),
+    summaryFraming: "This week in Time + Risk + Cost: what changed, what to fix next, and what to keep stable.",
+    whatChangedThisWeek: buildWhatChangedThisWeek(weekly),
+    savingsFirstSummary: savings,
+    riskSummary: {
+      riskyIntercepts: Number(weekly.riskyIntercepts || 0),
+      trustAlerts: Number(weekly.trustAlerts || 0),
+      suppressionEvents: Number(weekly.suppressionEvents || 0),
+    },
+    topRecommendedFixes: (topRecommendedFixes || []).slice(0, 3),
+    orderedActions: buildOrderedActions(weekly, topRecommendedFixes, nextBestAction, teamDefaultsApplied),
+    nextBestAction: nextBestAction || "Run avorelo status to generate focused next steps.",
+  };
+}
+
+function buildUpsellSignals(weekly, config, memorySummary) {
+  const signals = [];
+  const tier = config.tier || "free";
+
+  if (tier === "free") {
+    if ((weekly.riskyIntercepts || 0) >= 5) {
+      signals.push({
+        targetTier: "pro",
+        feature: "advanced_recommendation_policies",
+        reason: "Frequent security/risk signals suggest value from policy-driven controls.",
+        evidence: { riskyIntercepts: weekly.riskyIntercepts },
+      });
+    }
+
+    if ((weekly.trustAlerts || 0) >= 2 || (weekly.suppressionEvents || 0) >= 3) {
+      signals.push({
+        targetTier: "pro",
+        feature: "pr_only_remediation_workflow",
+        reason: "Remediation activity volume indicates value from structured approval workflows.",
+        evidence: { trustAlerts: weekly.trustAlerts || 0, suppressionEvents: weekly.suppressionEvents || 0 },
+      });
+    }
+
+    if ((weekly.sessions || 0) >= 12 || Number(memorySummary.memoryScore || 0) < 55) {
+      signals.push({
+        targetTier: "teams",
+        feature: "managed_settings",
+        reason: "Usage/memory profile suggests value from shared policy packs and managed settings.",
+        evidence: { sessions: weekly.sessions, memoryScore: memorySummary.memoryScore },
+      });
+    }
+  }
+
+  return signals;
+}
+
+function applySimplifyMode(config, contextBudgetPlan, recommendationDecision) {
+  const simplify = config.simplifyMode || {};
+  if (!simplify.enabled) {
+    return {
+      simplifyModeStatus: {
+        enabled: false,
+        effectiveContextChars: contextBudgetPlan.maxContextChars,
+        effectiveToolOutputBytes: contextBudgetPlan.maxToolOutputBytes,
+        recommendationCap: null,
+        verbosityLevel: "standard",
+      },
+      contextBudgetPlan,
+      recommendationDecision,
+    };
+  }
+
+  const nextBudget = {
+    ...contextBudgetPlan,
+    maxContextChars: Math.min(contextBudgetPlan.maxContextChars, Number(simplify.maxContextChars || contextBudgetPlan.maxContextChars)),
+    maxToolOutputBytes: Math.min(contextBudgetPlan.maxToolOutputBytes, Number(simplify.maxToolOutputBytes || contextBudgetPlan.maxToolOutputBytes)),
+  };
+
+  const cap = Math.max(1, Number(simplify.recommendationCap || 6));
+  const displayed = (recommendationDecision.displayedRecommendations || []).slice(0, cap);
+  const suppressedExtra = (recommendationDecision.displayedRecommendations || []).slice(cap).map((r) => ({
+    recommendationId: r.recommendationId || r.id,
+    reason: "simplify-cap",
+    weight: Number(r.weight || 0),
+  }));
+
+  const nextDecision = {
+    ...recommendationDecision,
+    displayedRecommendations: displayed,
+    suppressedRecommendations: [...(recommendationDecision.suppressedRecommendations || []), ...suppressedExtra],
+    nextBestAction: displayed[0]?.text || recommendationDecision.nextBestAction,
+    reason: `${recommendationDecision.reason};simplify=true;cap=${cap}`,
+  };
+
+  return {
+    simplifyModeStatus: {
+      enabled: true,
+      effectiveContextChars: nextBudget.maxContextChars,
+      effectiveToolOutputBytes: nextBudget.maxToolOutputBytes,
+      recommendationCap: cap,
+      verbosityLevel: simplify.verbosityLevel || "compact",
+    },
+    contextBudgetPlan: nextBudget,
+    recommendationDecision: nextDecision,
+  };
+}
+
+function buildStatusDashboard(cwd, options = {}) {
+  ensureProjectConfig(cwd);
+  const { config, teamPolicy, teamDefaultsApplied } = getEffectiveConfig(cwd);
+  const limit = Number.isFinite(Number(options.limit)) ? Math.max(1, Number(options.limit)) : 7;
+
+  const sessions = summarizeLastSessions(cwd, limit, config.profile).map((s) => ({
+    sessionId: s.sessionId,
+    durationEstimateMin: s.durationEstimateMin,
+    toolCalls: s.toolCalls,
+    loopsInterrupted: s.loopsInterrupted,
+    riskyIntercepts: s.riskyIntercepts,
+    largeOutputsStored: s.largeOutputsStored,
+    topReasonCodes: s.topReasonCodes,
+    topReasonExplanations: s.topReasonCodes.map((c) => ({ code: c, text: explainReasonCode(c) })),
+    recommendationTraces: s.recommendationTraces,
+    recommendations: s.recommendations.slice(0, 5),
+  }));
+
+  const rollupWindowDays = Math.max(1, Number(teamPolicy?.rollupWindowDays || 7));
+  const weeklyRaw = weeklyRollup(cwd, rollupWindowDays, config.profile);
+  const memoryProfile = loadMemoryProfile(cwd);
+  const memorySummary = buildMemorySummary(memoryProfile);
+  const inferredTaskType = inferTaskType(weeklyRaw.recommendationTraces || []);
+  const contextBudgetPlan = buildContextBudgetPlan(config.profile, inferredTaskType, memoryProfile);
+
+  const weeklyRecommendations =
+    config.recommendationMode === "static" ? defaultRecommendations() : weeklyRaw.recommendations;
+
+  const recommendationDecisionRaw = applyRecommendationDecision({
+    traces: weeklyRaw.recommendationTraces || [],
+    memoryProfile,
+    signals: weeklyRaw,
+    profileName: config.profile,
+  });
+
+  const simplifyOverlay = applySimplifyMode(config, contextBudgetPlan, recommendationDecisionRaw);
+
+  const weekly = {
+    ...weeklyRaw,
+    recommendations: weeklyRecommendations,
+  };
+
+  const topReasonExplanations = weekly.topReasonCodes.map((c) => ({ code: c, text: explainReasonCode(c) }));
+  const nextBestAction = simplifyOverlay.recommendationDecision.nextBestAction || weekly.recommendations[0] || "Run avorelo status to generate focused next steps.";
+  const topRecommendedFixes = (simplifyOverlay.recommendationDecision.displayedRecommendations || []).slice(0, 5).map((r) => ({
+    recommendationId: r.recommendationId || r.id,
+    text: r.text,
+    confidence: r.confidence || "low",
+    evidence: r.signalEvidence || [],
+    actionPath: r.actionPath || "",
+  }));
+  const memoryEfficiencyScore = Number(memorySummary.memoryScore || 0);
+
+  const promptSuggestions = buildPromptSuggestions({
+    profile: config.profile,
+    contextBudgetPlan: simplifyOverlay.contextBudgetPlan,
+    recommendationDecision: simplifyOverlay.recommendationDecision,
+  });
+
+  const outcomeReadiness = outcomeReadinessSummary(cwd);
+  const measuredUsage = measuredUsageSummary(cwd);
+  const cloudSync = cloudSyncSummary(cwd);
+  const intelSignals = intelSignalsSummary(cwd);
+  const pricingExperiment = loadPricingExperiment(cwd);
+  const pricingMeter = buildPricingMeter({
+    weekly,
+    config,
+    cohort: pricingExperiment?.cohort || config.pricingExperiment?.cohort || "unassigned",
+  });
+  const costEvidence = buildCostEvidenceSummary({
+    aggregation: outcomeReadiness.aggregation,
+    measuredUsage,
+  });
+  const currentState = buildCurrentStateSurface(cwd);
+  const activation = buildActivationSummary(cwd);
+  const agentSecurity = buildAgentSecuritySurface(cwd, config);
+  const agentAccessGovernance = buildAgentAccessGovernanceSurface(cwd);
+  const safePath = buildSafePathSurface(cwd);
+  const installIntakeRisk = buildInstallIntakeRiskSurface(cwd);
+  const skillsOperatingLayer = buildSkillsOperatingLayerSurface(cwd);
+  const workControl = (() => { try { return buildWorkControlSurface(cwd); } catch { return null; } })();
+  const sessionContext = (() => { try { return buildSessionContextSurface(cwd); } catch { return null; } })();
+  const aiWorkspaceHygiene = (() => { try { return buildAiWorkspaceHygieneSurface(cwd); } catch { return null; } })();
+  const brainPack = safeReadBrainPackSurface(cwd);
+  const workspaceRegistry = (() => {
+    try {
+      const fn = safeRequireWorkspaceRegistrySurface();
+      return fn ? fn(cwd) : null;
+    } catch { return null; }
+  })();
+  const browserCapability = (() => { try { return buildBrowserCapabilitySurface(cwd); } catch { return null; } })();
+  const settingsControls = {
+    agentSecurityMode: buildAgentSecurityModeControl(config),
+  };
+  const workflowDiscipline = (() => {
+    try {
+      const wdCfg = config.workflowDiscipline || {};
+      if (!wdCfg.enabled || wdCfg.mode === "off") {
+        return buildWorkflowDisciplineStatus({}, wdCfg);
+      }
+      const budgetStatus = (() => { try { const { buildBudgetStatus } = require("./context-budget-guard"); return buildBudgetStatus(cwd, config.contextBudgetGuard); } catch { return null; } })();
+      const signals = collectWorkflowSignals({
+        cwd,
+        budgetStatus,
+        agentSecuritySurface: agentSecurity,
+        agentSecurityMode: config?.agentSecurity?.mode,
+      });
+      const status = buildWorkflowDisciplineStatus(signals, wdCfg);
+      status.signals = signals;
+      return status;
+    } catch {
+      return null;
+    }
+  })();
+
+  const benefit = benefitSummary(weekly, nextBestAction, memorySummary, memoryEfficiencyScore);
+  const orchestration = (() => {
+    try {
+      return buildOrchestrationStatus(cwd);
+    } catch {
+      return null;
+    }
+  })();
+
+  const agentModelOrchestration = (() => {
+    try {
+      return buildAgentModelOrchestrationSurface(cwd);
+    } catch {
+      return null;
+    }
+  })();
+
+  const promptContextTokenOptimization = (() => {
+    try {
+      const { buildContextOptimizerSurface } = require("./context-optimizer");
+      return buildContextOptimizerSurface(cwd);
+    } catch {
+      return null;
+    }
+  })();
+
+  return {
+    statusDashboardVersion: 4,
+    cwd,
+    dashboardFraming: "Time + Risk + Cost",
+    tier: config.tier,
+    config,
+    activation,
+    currentState,
+    agentSecurity,
+    agentAccessGovernance,
+    safePath,
+    installIntakeRisk,
+    skillsOperatingLayer,
+    workControl,
+    sessionContext,
+    brainPack,
+    workspaceRegistry,
+    browserCapability,
+    orchestration,
+    agentModelOrchestration,
+    promptContextTokenOptimization,
+    aiWorkspaceHygiene,
+    settingsControls,
+    teamPolicy,
+    teamDefaultsApplied,
+    latestReport: latestReportPath(cwd),
+    latestSecurityScan: latestSecurityScanMeta(cwd)?.relPath || null,
+    latestTrustAudit: latestTrustAuditMeta(cwd)?.relPath || null,
+    latestMemoryProfile: latestMemoryProfileMeta(cwd)?.relPath || null,
+    sessions,
+    weeklySummary: weekly,
+    memorySummary,
+    contextBudgetPlan: simplifyOverlay.contextBudgetPlan,
+    recommendationDecision: simplifyOverlay.recommendationDecision,
+    simplifyModeStatus: simplifyOverlay.simplifyModeStatus,
+    benefitSummary: {
+      ...benefit,
+      costEvidence: {
+        measuredCost: costEvidence.preferredMeasuredCost,
+        estimatedCostCounterfactual: costEvidence.preferredEstimatedCostCounterfactual,
+        tokenUsage: costEvidence.preferredTokenUsage,
+        costSource: costEvidence.source,
+        basis: costEvidence.basis,
+      },
+      intelSignals: intelSignals.totalItems,
+      newRecommendationsFromIntel: intelSignals.promotedCandidates,
+      highRiskIntelBlocked: intelSignals.blockedHighRisk,
+    },
+    intelSignals,
+    newRecommendationsFromIntel: intelSignals.promotedCandidates,
+    highRiskIntelBlocked: intelSignals.blockedHighRisk,
+    suppressionSummary: suppressionSummary(weekly, simplifyOverlay.recommendationDecision),
+    trustSummary: trustSummary(cwd),
+    recommendationTraces: simplifyOverlay.recommendationDecision.displayedRecommendations || [],
+    topRecommendedFixes,
+    topReasonExplanations,
+    upsellSignals: buildUpsellSignals(weekly, config, memorySummary),
+    nextBestAction,
+    promptSuggestions,
+    nextBestPrompt: promptSuggestions.nextBestPrompt,
+    latestIntervention: latestInterventionSummary(cwd),
+    cloudSync,
+    measuredUsageImportFreshness: measuredUsage.importedAt,
+    importedVsInternalDelta: buildImportedVsInternalDelta({
+      aggregation: outcomeReadiness.aggregation,
+      measuredUsage,
+    }),
+    pricingExperiment: {
+      enabled: pricingExperiment?.enabled !== false,
+      selectedModel: pricingExperiment?.selectedModel || "pending",
+      cohort: pricingExperiment?.cohort || config.pricingExperiment?.cohort || "unassigned",
+    },
+    pricingMeter,
+    teamRollup: buildTeamRollup(weekly, topRecommendedFixes, nextBestAction, teamDefaultsApplied),
+    teamUnifiedView: buildTeamUnifiedView(config, weekly, benefit, cloudSync),
+    controls: {
+      promptLintBypass: "[cco:raw]",
+      disableCommand: "/plugin disable avorelo@avorelo-marketplace",
+    },
+    reentryMemory: (() => { try { return buildReentryMemoryStatus(cwd, config.memory); } catch { return null; } })(),
+    contextBudgetGuard: (() => {
+      try {
+        const warningStatus = buildBudgetStatus(cwd, config.contextBudgetGuard);
+        if (!config.contextBudgetGuard?.enabled) return warningStatus;
+        if (config.contextBudgetGuard?.dashboardVisibility === "off") return null;
+        if (!config.contextBudgetGuard?.reductionPlan) return warningStatus;
+        const { generateReductionPlan } = require("./context-reduction-plan");
+        const plan = generateReductionPlan(cwd, config.contextBudgetGuard);
+        const dashVis = config.contextBudgetGuard?.dashboardVisibility || "basic";
+        const base = {
+          ...warningStatus,
+          reductionPlan: {
+            schemaVersion: plan.schemaVersion,
+            mode: plan.mode,
+            estimatedTotalTokens: plan.budget.estimatedTotalTokens,
+            recommendedLimitTokens: plan.budget.recommendedLimitTokens,
+            overBudget: plan.budget.overBudget,
+            estimatedReductionTokens: plan.budget.estimatedReductionTokens,
+            estimatedReductionPercent: plan.budget.estimatedReductionPercent,
+            nextBestAction: plan.nextBestAction,
+            topHotspot: (plan.hotspots || [])[0] || null,
+          },
+        };
+        if (dashVis === "advanced") {
+          base.reductionPlan.hotspots = plan.hotspots;
+          base.reductionPlan.recommendedContext = plan.recommendedContext;
+          base.reductionPlan.excludedOrReduced = plan.excludedOrReduced;
+          base.reductionPlan.approvalRequired = plan.approvalRequired;
+          base.reductionPlan.proof = plan.proof;
+        }
+        return base;
+      } catch {
+        return null;
+      }
+    })(),
+    workflowDiscipline,
+    capabilityLayer: (() => {
+      try {
+        const { buildCapabilityLayerSurface } = require("./capability-recommender");
+        // Re-use signals already computed above when available
+        const prebuiltSignals = workflowDiscipline?.signals || null;
+        return buildCapabilityLayerSurface(cwd, config, prebuiltSignals);
+      } catch {
+        return null;
+      }
+    })(),
+    operatingValue: safeReadOperatingValueSurface(cwd),
+  };
+}
+
+/**
+ * Effectiveness Scorecard (Surface 4).
+ *
+ * Provides managers/buyers/admins with a focused scorecard showing
+ * real operational value across the 4 proof dimensions.
+ */
+function buildEffectivenessScorecard(cwd, options = {}) {
+  const days = Number(options.days || 7);
+  const proofMetrics = computeProofMetrics(cwd, { days });
+
+  const scorecard = {
+    version: 1,
+    period_days: days,
+    total_sessions: proofMetrics.total_sessions,
+    generated_at: new Date().toISOString(),
+
+    outcomes: {
+      completion_rate: proofMetrics.completion_rate,
+      evidence_backed_completion_rate: proofMetrics.evidence_backed_completion_rate,
+      time_to_first_useful_result: proofMetrics.time_to_first_useful_result,
+    },
+
+    efficiency: {
+      retries_per_task: proofMetrics.retries_per_task,
+      dead_end_rate: proofMetrics.dead_end_rate,
+      large_outputs_managed: proofMetrics.large_outputs_managed,
+      unnecessary_tool_load_avoided: proofMetrics.unnecessary_tool_load_avoided,
+    },
+
+    trust: {
+      evidence_coverage: proofMetrics.evidence_coverage,
+      honest_fallback_rate: proofMetrics.honest_fallback_rate,
+      recovery_success_rate: proofMetrics.recovery_success_rate,
+    },
+
+    control: {
+      risky_actions_blocked_or_downgraded: proofMetrics.risky_actions_blocked_or_downgraded,
+      approval_interruptions_avoided: proofMetrics.approval_interruptions_avoided,
+    },
+  };
+
+  // Anti-gaming validation
+  const metricsValidation = validateProofMetrics(proofMetrics);
+  const scorecardValidation = validateScorecard(scorecard);
+
+  scorecard.anti_gaming = {
+    metrics_valid: metricsValidation.valid,
+    scorecard_valid: scorecardValidation.valid,
+    warnings: [...metricsValidation.warnings, ...scorecardValidation.warnings],
+  };
+
+  return scorecard;
+}
+
+module.exports = {
+  explainReasonCode,
+  buildStatusDashboard,
+  buildEffectivenessScorecard,
+};
+
+
+
+
+