npm - avorelo - Versions diffs - 0.1.0 - Mend

avorelo 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/LICENSE +21 -0
package/README.md +56 -0
package/bin/avorelo +9 -0
package/package.json +135 -0
package/scripts/README.md +40 -0
package/scripts/cco-dashboard.js +252 -0
package/scripts/cco-status.js +430 -0
package/scripts/lib/activation/account-state.js +37 -0
package/scripts/lib/activation/activation-runner.js +546 -0
package/scripts/lib/activation/activation-self-healing.js +480 -0
package/scripts/lib/activation/activation-state.js +83 -0
package/scripts/lib/activation/activation-summary.js +191 -0
package/scripts/lib/activation/adapters/claude-code.js +77 -0
package/scripts/lib/activation/adapters/codex-cli.js +52 -0
package/scripts/lib/activation/adapters/cursor.js +37 -0
package/scripts/lib/activation/adapters/github-agent.js +39 -0
package/scripts/lib/activation/adapters/terminal.js +42 -0
package/scripts/lib/activation/adapters/vscode.js +39 -0
package/scripts/lib/activation/adapters/windsurf.js +37 -0
package/scripts/lib/activation/ai-surface-detector.js +151 -0
package/scripts/lib/activation/connect-account.js +145 -0
package/scripts/lib/activation/detect-environment.js +75 -0
package/scripts/lib/activation/detect-hosts.js +62 -0
package/scripts/lib/activation/format-activation-output.js +109 -0
package/scripts/lib/activation/next-action.js +43 -0
package/scripts/lib/activation/repair-engine.js +219 -0
package/scripts/lib/activation-distribution-readiness.js +507 -0
package/scripts/lib/adapter-conformance.js +176 -0
package/scripts/lib/adapter-readiness.js +417 -0
package/scripts/lib/adapter-safety-boundaries.js +335 -0
package/scripts/lib/adapter-technical-readiness-gate.js +205 -0
package/scripts/lib/agent-access-governance.js +455 -0
package/scripts/lib/agent-enforcement.js +765 -0
package/scripts/lib/agent-policy-profile.js +210 -0
package/scripts/lib/agent-security/action-evaluator.js +507 -0
package/scripts/lib/agent-security/adapter-registry.js +98 -0
package/scripts/lib/agent-security/auto-policy.js +139 -0
package/scripts/lib/agent-security/bounded-scan.js +93 -0
package/scripts/lib/agent-security/enforcement-adapter.js +174 -0
package/scripts/lib/agent-security/enforcement-engine.js +1129 -0
package/scripts/lib/agent-security/file-write-adapter.js +183 -0
package/scripts/lib/agent-security/file-write-rules.js +178 -0
package/scripts/lib/agent-security/index.js +3342 -0
package/scripts/lib/agent-security/instruction-risk.js +181 -0
package/scripts/lib/agent-security/mcp-action-adapter.js +185 -0
package/scripts/lib/agent-security/mcp-action-rules.js +184 -0
package/scripts/lib/agent-security/package-action-adapter.js +175 -0
package/scripts/lib/agent-security/package-action-rules.js +233 -0
package/scripts/lib/agent-security/performance.js +148 -0
package/scripts/lib/agent-security/permission-minimizer.js +403 -0
package/scripts/lib/agent-security/scan-cache.js +74 -0
package/scripts/lib/agent-security/source-trust.js +146 -0
package/scripts/lib/ai-install-prompt.js +288 -0
package/scripts/lib/ai-workspace-hygiene.js +1499 -0
package/scripts/lib/alpha-activation.js +520 -0
package/scripts/lib/alpha-feedback.js +263 -0
package/scripts/lib/alpha-readiness-gate.js +332 -0
package/scripts/lib/anti-gaming.js +169 -0
package/scripts/lib/artifact-health.js +431 -0
package/scripts/lib/attribution.js +180 -0
package/scripts/lib/audit.js +289 -0
package/scripts/lib/avorelo-skill-registry.js +810 -0
package/scripts/lib/batch-jobs.js +71 -0
package/scripts/lib/brain-pack.js +578 -0
package/scripts/lib/brand-boundary.js +424 -0
package/scripts/lib/brand.js +74 -0
package/scripts/lib/browser-capability.js +1048 -0
package/scripts/lib/browser-proof-preflight.js +321 -0
package/scripts/lib/cache-readiness.js +187 -0
package/scripts/lib/canonical-reentry.js +162 -0
package/scripts/lib/capability-packs.js +314 -0
package/scripts/lib/capability-recommender.js +512 -0
package/scripts/lib/capability-registry.js +1059 -0
package/scripts/lib/carry-forward-surfacing.js +194 -0
package/scripts/lib/ccusage-adapter.js +188 -0
package/scripts/lib/company-loop.js +1149 -0
package/scripts/lib/config.js +637 -0
package/scripts/lib/context-acquisition-plan.js +287 -0
package/scripts/lib/context-budget-guard.js +170 -0
package/scripts/lib/context-budget-scanner.js +257 -0
package/scripts/lib/context-optimizer.js +715 -0
package/scripts/lib/context-reduction-plan.js +178 -0
package/scripts/lib/context-safety.js +88 -0
package/scripts/lib/context-savings-engine.js +158 -0
package/scripts/lib/cost-evidence.js +254 -0
package/scripts/lib/cross-host-install-plan.js +308 -0
package/scripts/lib/cross-host-install-readiness.js +237 -0
package/scripts/lib/cross-host-value-flow.js +268 -0
package/scripts/lib/dashboard.js +900 -0
package/scripts/lib/design-partner-feedback.js +346 -0
package/scripts/lib/entitlements.js +100 -0
package/scripts/lib/execution-packet.js +559 -0
package/scripts/lib/experimentation-events.js +547 -0
package/scripts/lib/external-capability-compliance.js +107 -0
package/scripts/lib/external-user-simulation.js +166 -0
package/scripts/lib/failure-recovery-readiness.js +81 -0
package/scripts/lib/failure-recovery.js +419 -0
package/scripts/lib/feedback-intelligence.js +537 -0
package/scripts/lib/feedback-signals.js +205 -0
package/scripts/lib/file-integrity.js +68 -0
package/scripts/lib/fsx.js +127 -0
package/scripts/lib/full-readiness-gate.js +451 -0
package/scripts/lib/guidance-builder.js +174 -0
package/scripts/lib/hook-apply.js +1019 -0
package/scripts/lib/hook-baseline.js +310 -0
package/scripts/lib/hook-config-preview.js +275 -0
package/scripts/lib/hook-contracts.js +290 -0
package/scripts/lib/hook-safety-boundary-readiness.js +80 -0
package/scripts/lib/host-capability-matrix.js +351 -0
package/scripts/lib/host-support-context.js +254 -0
package/scripts/lib/http-hook-action.js +538 -0
package/scripts/lib/install-ai-readiness.js +84 -0
package/scripts/lib/install-intake-risk.js +1037 -0
package/scripts/lib/install-journey-intelligence.js +329 -0
package/scripts/lib/intervention-guidance.js +57 -0
package/scripts/lib/known-limitations.js +115 -0
package/scripts/lib/l8-path-truth.js +146 -0
package/scripts/lib/launch-hardening-gate.js +436 -0
package/scripts/lib/launch-readiness.js +628 -0
package/scripts/lib/learning-memory.js +686 -0
package/scripts/lib/lifecycle-hooks.js +802 -0
package/scripts/lib/local-package-smoke.js +423 -0
package/scripts/lib/local-pricing.js +299 -0
package/scripts/lib/mcp-enforcement.js +311 -0
package/scripts/lib/mcp-least-privilege-policy.js +303 -0
package/scripts/lib/mcp-tool-inventory.js +388 -0
package/scripts/lib/mcp-tool-risk.js +0 -0
package/scripts/lib/memory.js +335 -0
package/scripts/lib/metrics.js +699 -0
package/scripts/lib/micro-proof.js +133 -0
package/scripts/lib/next-run-context.js +436 -0
package/scripts/lib/operating-value.js +1648 -0
package/scripts/lib/optimization-v3.js +122 -0
package/scripts/lib/orchestration/adapters/_shared.js +49 -0
package/scripts/lib/orchestration/adapters/aider.js +18 -0
package/scripts/lib/orchestration/adapters/claude-code.js +35 -0
package/scripts/lib/orchestration/adapters/codex.js +35 -0
package/scripts/lib/orchestration/adapters/gemini-cli.js +18 -0
package/scripts/lib/orchestration/adapters/git.js +25 -0
package/scripts/lib/orchestration/adapters/index.js +31 -0
package/scripts/lib/orchestration/adapters/lm-studio.js +18 -0
package/scripts/lib/orchestration/adapters/ollama.js +18 -0
package/scripts/lib/orchestration/adapters/opencode.js +18 -0
package/scripts/lib/orchestration/adapters/openrouter.js +18 -0
package/scripts/lib/orchestration/adapters/test-runner.js +25 -0
package/scripts/lib/orchestration/cli.js +438 -0
package/scripts/lib/orchestration/execution-manager.js +279 -0
package/scripts/lib/orchestration/handoff.js +314 -0
package/scripts/lib/orchestration/index.js +456 -0
package/scripts/lib/orchestration/inventory.js +47 -0
package/scripts/lib/orchestration/model-discovery.js +498 -0
package/scripts/lib/orchestration/model-profiler.js +170 -0
package/scripts/lib/orchestration/model-profiles.js +252 -0
package/scripts/lib/orchestration/model-refresh-policy.js +72 -0
package/scripts/lib/orchestration/proof-writer.js +349 -0
package/scripts/lib/orchestration/provider-discovery/aider.js +49 -0
package/scripts/lib/orchestration/provider-discovery/claude-code.js +56 -0
package/scripts/lib/orchestration/provider-discovery/codex.js +49 -0
package/scripts/lib/orchestration/provider-discovery/common.js +186 -0
package/scripts/lib/orchestration/provider-discovery/gemini.js +106 -0
package/scripts/lib/orchestration/provider-discovery/lm-studio.js +118 -0
package/scripts/lib/orchestration/provider-discovery/models-dev.js +12 -0
package/scripts/lib/orchestration/provider-discovery/ollama.js +100 -0
package/scripts/lib/orchestration/provider-discovery/opencode.js +47 -0
package/scripts/lib/orchestration/provider-discovery/openrouter.js +44 -0
package/scripts/lib/orchestration/risk-classifier.js +130 -0
package/scripts/lib/orchestration/routing-policy.js +486 -0
package/scripts/lib/orchestration/settings.js +112 -0
package/scripts/lib/orchestration/state.js +165 -0
package/scripts/lib/orchestration/verification-manager.js +138 -0
package/scripts/lib/output-profiles.js +146 -0
package/scripts/lib/package-content-audit.js +368 -0
package/scripts/lib/package-runtime.js +278 -0
package/scripts/lib/plan-surface.js +53 -0
package/scripts/lib/plans.js +2318 -0
package/scripts/lib/policy-provider.js +27 -0
package/scripts/lib/prelaunch-activation-readiness.js +409 -0
package/scripts/lib/prelaunch-evidence-store.js +816 -0
package/scripts/lib/prelaunch-intelligence.js +869 -0
package/scripts/lib/pricing-experiment.js +118 -0
package/scripts/lib/pro-moment-events.js +77 -0
package/scripts/lib/pro-moment-state.js +227 -0
package/scripts/lib/pro-moments.js +1216 -0
package/scripts/lib/product-learning-events.js +629 -0
package/scripts/lib/project-profile.js +555 -0
package/scripts/lib/prompt-compiler.js +280 -0
package/scripts/lib/prompt-lint.js +32 -0
package/scripts/lib/prompt-suggestions.js +52 -0
package/scripts/lib/proof-canonical.js +398 -0
package/scripts/lib/proof-drilldown.js +383 -0
package/scripts/lib/proof-events.js +342 -0
package/scripts/lib/proof-history.js +243 -0
package/scripts/lib/proof-metrics.js +296 -0
package/scripts/lib/proof-outcome-evidence.js +134 -0
package/scripts/lib/proof-receipt.js +335 -0
package/scripts/lib/proof-record.js +461 -0
package/scripts/lib/public-activation-distribution-gate.js +258 -0
package/scripts/lib/public-cli.js +3891 -0
package/scripts/lib/public-distribution-truth.js +211 -0
package/scripts/lib/public-install-claim-checker.js +294 -0
package/scripts/lib/publish-provenance-readiness.js +283 -0
package/scripts/lib/readiness-delta.js +218 -0
package/scripts/lib/readiness-evidence-closure.js +196 -0
package/scripts/lib/reentry-memory-capture.js +241 -0
package/scripts/lib/reentry-memory-retrieval.js +302 -0
package/scripts/lib/reentry-memory-status.js +146 -0
package/scripts/lib/reentry-memory-store.js +178 -0
package/scripts/lib/reentry-state.js +66 -0
package/scripts/lib/release-candidate-bundle.js +166 -0
package/scripts/lib/remediation.js +81 -0
package/scripts/lib/repo-map.js +391 -0
package/scripts/lib/run-improvements-lifecycle.js +330 -0
package/scripts/lib/run-improvements.js +789 -0
package/scripts/lib/runtime-decision-policy.js +387 -0
package/scripts/lib/safe-path-engine.js +705 -0
package/scripts/lib/safe-run-controller.js +887 -0
package/scripts/lib/score.js +262 -0
package/scripts/lib/seamless-enforcement.js +329 -0
package/scripts/lib/seamless-outcome.js +689 -0
package/scripts/lib/seamless-reality-gate.js +5043 -0
package/scripts/lib/security-risk-classifier.js +511 -0
package/scripts/lib/security-scan.js +384 -0
package/scripts/lib/session-context-optimizer.js +1211 -0
package/scripts/lib/session-timing.js +315 -0
package/scripts/lib/skill-hygiene.js +805 -0
package/scripts/lib/skill-packs.js +161 -0
package/scripts/lib/skills-operating-layer.js +580 -0
package/scripts/lib/smart-work-routing.js +768 -0
package/scripts/lib/source-catalog.js +700 -0
package/scripts/lib/status-value-summary.js +32 -0
package/scripts/lib/support-bundle.js +578 -0
package/scripts/lib/task-continuation.js +440 -0
package/scripts/lib/test-helpers.js +15 -0
package/scripts/lib/tier.js +38 -0
package/scripts/lib/token-context-quality-gate.js +370 -0
package/scripts/lib/token-cost-capture.js +187 -0
package/scripts/lib/token-cost-intelligence.js +358 -0
package/scripts/lib/token-efficiency-evidence.js +213 -0
package/scripts/lib/token-evidence.js +699 -0
package/scripts/lib/tokenish.js +17 -0
package/scripts/lib/tool-output-sandbox.js +304 -0
package/scripts/lib/trust-audit.js +136 -0
package/scripts/lib/unified-events.js +396 -0
package/scripts/lib/upgrade-interruption-recovery.js +407 -0
package/scripts/lib/usage-ledger.js +201 -0
package/scripts/lib/value-ledger.js +130 -0
package/scripts/lib/value-proof-calibration.js +531 -0
package/scripts/lib/visual-qa.js +231 -0
package/scripts/lib/voice-alpha.js +29 -0
package/scripts/lib/work-aware-orchestration.js +976 -0
package/scripts/lib/work-control-receipts.js +577 -0
package/scripts/lib/work-ledger.js +1123 -0
package/scripts/lib/work-panel-preview.js +352 -0
package/scripts/lib/workflow-discipline.js +280 -0
package/scripts/lib/workflow-signals.js +419 -0
package/scripts/lib/workspace-map.js +281 -0
package/scripts/lib/workspace-registry.js +1367 -0
package/scripts/lib/workspace-resolver.js +480 -0

package/scripts/lib/memory.js ADDED Viewed

@@ -0,0 +1,335 @@
+"use strict";
+const path = require("path");
+const { safeReadJson, safeWriteJson, nowIso } = require("./fsx");
+const PROFILE_REL = ".claude/cco/memory/profile.json";
+const TTL_DAYS = 30;
+function projectIdFromCwd(cwd) {
+  return path.basename(cwd).toLowerCase();
+}
+function defaultMemoryProfile(projectId) {
+  return {
+    version: 1,
+    projectId,
+    updatedAt: nowIso(),
+    hotFiles: [],
+    riskZones: [],
+    toolUsageModel: {
+      totalEvents: 0,
+      byTool: {},
+      byEvent: {},
+    },
+    retryClusters: [],
+    recommendationOutcomes: {},
+    signalDistributions: {
+      outputBytes: [],
+      contextPressureEvents: 0,
+      scanSkipEvents: 0,
+    },
+    sessionSnapshots: [],
+    memoryScore: 0,
+  };
+}
+function loadMemoryProfile(cwd) {
+  const profile = safeReadJson(cwd, PROFILE_REL, null);
+  if (!profile || typeof profile !== "object") return defaultMemoryProfile(projectIdFromCwd(cwd));
+  return {
+    ...defaultMemoryProfile(projectIdFromCwd(cwd)),
+    ...profile,
+    toolUsageModel: {
+      ...defaultMemoryProfile(projectIdFromCwd(cwd)).toolUsageModel,
+      ...(profile.toolUsageModel || {}),
+      byTool: { ...(profile.toolUsageModel?.byTool || {}) },
+      byEvent: { ...(profile.toolUsageModel?.byEvent || {}) },
+    },
+    signalDistributions: {
+      ...defaultMemoryProfile(projectIdFromCwd(cwd)).signalDistributions,
+      ...(profile.signalDistributions || {}),
+      outputBytes: Array.isArray(profile.signalDistributions?.outputBytes)
+        ? profile.signalDistributions.outputBytes.filter((n) => Number.isFinite(Number(n))).slice(-500)
+        : [],
+    },
+    hotFiles: Array.isArray(profile.hotFiles) ? profile.hotFiles : [],
+    riskZones: Array.isArray(profile.riskZones) ? profile.riskZones : [],
+    retryClusters: Array.isArray(profile.retryClusters) ? profile.retryClusters : [],
+    sessionSnapshots: Array.isArray(profile.sessionSnapshots) ? profile.sessionSnapshots : [],
+    recommendationOutcomes: profile.recommendationOutcomes && typeof profile.recommendationOutcomes === "object"
+      ? profile.recommendationOutcomes
+      : {},
+  };
+}
+function saveMemoryProfile(cwd, profile) {
+  const next = {
+    ...profile,
+    updatedAt: nowIso(),
+  };
+  safeWriteJson(cwd, PROFILE_REL, next);
+  return next;
+}
+function increment(map, key, amount = 1) {
+  const k = String(key || "unknown");
+  map[k] = (map[k] || 0) + amount;
+}
+function topEntries(map, limit = 10) {
+  return Object.keys(map)
+    .map((k) => ({ key: k, value: map[k] }))
+    .sort((a, b) => b.value - a.value)
+    .slice(0, limit);
+}
+function percentile(values, p) {
+  if (!Array.isArray(values) || values.length === 0) return 0;
+  const sorted = values.slice().sort((a, b) => a - b);
+  const idx = Math.min(sorted.length - 1, Math.max(0, Math.floor((p / 100) * (sorted.length - 1))));
+  return sorted[idx];
+}
+function buildRetryClusters(metrics) {
+  const counts = {};
+  metrics
+    .filter((m) => m.event === "PostToolUseFailure")
+    .forEach((m) => {
+      const tool = String(m.tool || "unknown");
+      increment(counts, tool);
+    });
+  return topEntries(counts, 5).map((x) => ({
+    clusterId: `retry_${x.key}`,
+    tool: x.key,
+    count: x.value,
+    severity: x.value >= 3 ? "high" : x.value >= 2 ? "medium" : "low",
+  }));
+}
+function buildHotFiles(metrics) {
+  const counts = {};
+  metrics.forEach((m) => {
+    const fp = m.meta && m.meta.filePath ? String(m.meta.filePath) : null;
+    if (!fp) return;
+    increment(counts, fp);
+  });
+  return topEntries(counts, 10).map((x) => ({ path: x.key, count: x.value }));
+}
+function buildRiskZones(metrics) {
+  const counts = {};
+  metrics.forEach((m) => {
+    (m.reasonCodes || []).forEach((code) => {
+      if (!String(code).startsWith("SEC_")) return;
+      const fp = m.meta && m.meta.filePath ? String(m.meta.filePath) : "(no-file)";
+      increment(counts, `${fp}|${code}`);
+    });
+  });
+  return topEntries(counts, 10).map((x) => {
+    const parts = x.key.split("|");
+    return {
+      path: parts[0],
+      reasonCode: parts[1] || "SEC_UNKNOWN",
+      hits: x.value,
+    };
+  });
+}
+function computeMemoryScore(profile) {
+  const toolDiversity = Object.keys(profile.toolUsageModel.byTool || {}).length;
+  const retryPenalty = (profile.retryClusters || []).reduce((acc, r) => acc + (r.severity === "high" ? 6 : r.severity === "medium" ? 3 : 1), 0);
+  const contextPressure = Number(profile.signalDistributions.contextPressureEvents || 0);
+  const scanSkips = Number(profile.signalDistributions.scanSkipEvents || 0);
+  const p95 = percentile(profile.signalDistributions.outputBytes || [], 95);
+  let score = 100;
+  score -= Math.min(35, retryPenalty);
+  score -= Math.min(25, Math.round(contextPressure * 1.2));
+  score -= Math.min(15, Math.round(p95 / 50000));
+  score += Math.min(15, Math.round(scanSkips * 0.8));
+  score += Math.min(8, toolDiversity);
+  return Math.max(0, Math.min(100, score));
+}
+function inferTaskType(metrics) {
+  const mcpCalls = metrics.filter((m) => String(m.tool || "").startsWith("mcp__")).length;
+  const writeCalls = metrics.filter((m) => m.tool === "Write" || m.tool === "Edit").length;
+  const bashCalls = metrics.filter((m) => m.tool === "Bash").length;
+  if (mcpCalls > writeCalls && mcpCalls > bashCalls) return "integration-heavy";
+  if (writeCalls >= bashCalls && writeCalls > 0) return "code-editing";
+  if (bashCalls > 0) return "automation-ops";
+  return "general";
+}
+function buildContextBudgetPlan(profileName, taskType, memoryProfile) {
+  const base = {
+    "cost-saver": { maxContextChars: 12000, maxToolOutputBytes: 18000 },
+    balanced: { maxContextChars: 18000, maxToolOutputBytes: 28000 },
+    quality: { maxContextChars: 26000, maxToolOutputBytes: 40000 },
+  }[profileName || "balanced"];
+  let maxContextChars = base.maxContextChars;
+  let maxToolOutputBytes = base.maxToolOutputBytes;
+  const p95 = percentile(memoryProfile.signalDistributions.outputBytes || [], 95);
+  if (p95 > 0) {
+    maxToolOutputBytes = Math.max(12000, Math.min(maxToolOutputBytes, Math.round(p95 * 0.85)));
+  }
+  if (taskType === "integration-heavy") maxContextChars = Math.round(maxContextChars * 0.9);
+  if (taskType === "code-editing") maxContextChars = Math.round(maxContextChars * 1.05);
+  const prioritySources = ["hotFiles", "recentFailures", "securityFindings", "teamPolicy"];
+  const dropPolicy = [
+    "drop_low_confidence_recommendations_first",
+    "store_large_tool_outputs_out_of_band",
+    "prefer_compaction_snapshots_over_raw_history",
+  ];
+  return {
+    profile: profileName,
+    taskType,
+    maxContextChars,
+    maxToolOutputBytes,
+    prioritySources,
+    dropPolicy,
+  };
+}
+function updateMemoryFromSession(cwd, params) {
+  const { sessionId, metrics, profileName, recommendationDecision } = params;
+  const profile = loadMemoryProfile(cwd);
+  const sessionMetrics = Array.isArray(metrics) ? metrics : [];
+  sessionMetrics.forEach((m) => {
+    increment(profile.toolUsageModel.byEvent, m.event || "unknown");
+    if (m.tool) increment(profile.toolUsageModel.byTool, m.tool);
+    profile.toolUsageModel.totalEvents += 1;
+    if ((m.reasonCodes || []).includes("CTX_LARGE_OUTPUT") && Number.isFinite(Number(m.meta?.bytes))) {
+      profile.signalDistributions.outputBytes.push(Number(m.meta.bytes));
+      profile.signalDistributions.outputBytes = profile.signalDistributions.outputBytes.slice(-500);
+      profile.signalDistributions.contextPressureEvents += 1;
+    }
+    if ((m.reasonCodes || []).includes("CTX_SCAN_SKIPPED_UNCHANGED")) {
+      profile.signalDistributions.scanSkipEvents += 1;
+    }
+  });
+  profile.hotFiles = buildHotFiles(sessionMetrics);
+  profile.riskZones = buildRiskZones(sessionMetrics);
+  profile.retryClusters = buildRetryClusters(sessionMetrics);
+  const taskType = inferTaskType(sessionMetrics);
+  const budgetPlan = buildContextBudgetPlan(profileName, taskType, profile);
+  if (recommendationDecision && Array.isArray(recommendationDecision.displayedRecommendations)) {
+    recommendationDecision.displayedRecommendations.forEach((r) => {
+      const id = String(r.recommendationId || r.id || "unknown");
+      profile.recommendationOutcomes[id] = profile.recommendationOutcomes[id] || { shownCount: 0, acceptedCount: 0, lastShownAt: null };
+      profile.recommendationOutcomes[id].shownCount += 1;
+      profile.recommendationOutcomes[id].lastShownAt = nowIso();
+      if (recommendationDecision.nextBestAction && recommendationDecision.nextBestAction.includes(r.text || "")) {
+        profile.recommendationOutcomes[id].acceptedCount += 1;
+      }
+    });
+  }
+  profile.memoryScore = computeMemoryScore(profile);
+  const snapshot = {
+    sessionId,
+    savedAt: nowIso(),
+    taskType,
+    budgetPlan,
+    memoryScore: profile.memoryScore,
+    hotFiles: profile.hotFiles.slice(0, 5),
+    retryClusters: profile.retryClusters,
+    riskZones: profile.riskZones.slice(0, 5),
+  };
+  profile.sessionSnapshots = [...(profile.sessionSnapshots || []).slice(-49), snapshot];
+  saveMemoryProfile(cwd, profile);
+  safeWriteJson(cwd, `.claude/cco/memory/shards/${sessionId}.json`, snapshot);
+  safeWriteJson(cwd, `.claude/cco/memory/snapshots/${sessionId}.json`, {
+    savedAt: nowIso(),
+    profileVersion: profile.version,
+    memoryScore: profile.memoryScore,
+    budgetPlan,
+    recommendationDecision: recommendationDecision || null,
+  });
+  return {
+    memoryProfile: profile,
+    contextBudgetPlan: budgetPlan,
+    taskType,
+  };
+}
+function buildMemorySummary(profile) {
+  return {
+    projectId: profile.projectId,
+    updatedAt: profile.updatedAt,
+    memoryScore: profile.memoryScore,
+    hotFiles: (profile.hotFiles || []).slice(0, 5),
+    riskZones: (profile.riskZones || []).slice(0, 5),
+    retryClusters: profile.retryClusters || [],
+  };
+}
+function buildMemoryEvidence(traceId, profile) {
+  const evidence = [];
+  const hotPaths = (profile.hotFiles || []).map((h) => h.path);
+  const risky = (profile.riskZones || []).map((r) => r.reasonCode);
+  const retries = (profile.retryClusters || []).reduce((a, b) => a + Number(b.count || 0), 0);
+  if (traceId === "REC_MCP_OUTPUT_CAP") {
+    const p95 = percentile(profile.signalDistributions.outputBytes || [], 95);
+    evidence.push(`outputBytesP95=${p95}`);
+  }
+  if (traceId === "REC_SECURITY_AUDIT" && risky.length) evidence.push(`riskCodes=${risky.slice(0, 3).join(",")}`);
+  if (traceId === "REC_LOOP_REPLAN" && retries > 0) evidence.push(`retryClustersTotal=${retries}`);
+  if (["REC_TRUST_SURFACE_REVIEW", "REC_WORKTREE_POLICY_RESCAN"].includes(traceId) && risky.length) {
+    evidence.push(`riskZoneCount=${risky.length}`);
+  }
+  if (traceId === "REC_PRECOMPACT_EVIDENCE" && hotPaths.length) evidence.push(`hotFiles=${hotPaths.slice(0, 3).join(",")}`);
+  return evidence;
+}
+function applyDecay(profile) {
+  const cutoff = Date.now() - TTL_DAYS * 24 * 60 * 60 * 1000;
+  profile.sessionSnapshots = (profile.sessionSnapshots || []).filter((s) => {
+    const ts = Date.parse(s.savedAt || 0);
+    return Number.isFinite(ts) && ts >= cutoff;
+  });
+  const byId = profile.recommendationOutcomes || {};
+  Object.keys(byId).forEach((id) => {
+    const last = Date.parse(byId[id].lastShownAt || 0);
+    if (!Number.isFinite(last) || last < cutoff) delete byId[id];
+  });
+  return profile;
+}
+module.exports = {
+  PROFILE_REL,
+  defaultMemoryProfile,
+  loadMemoryProfile,
+  saveMemoryProfile,
+  updateMemoryFromSession,
+  buildContextBudgetPlan,
+  buildMemorySummary,
+  buildMemoryEvidence,
+  applyDecay,
+  inferTaskType,
+  percentile,
+};