avorelo 0.3.4 → 0.3.6

package/dist/avorelo.mjs

@@ -1702,8 +1702,8 @@ var init_generic = __esm({
         const promptPath = join8(dir, ".avorelo", "prompt.md");
         if (existsSync9(promptPath)) {
           try {
-            const { unlinkSync: unlinkSync5 } = __require("node:fs");
-            unlinkSync5(promptPath);
+            const { unlinkSync: unlinkSync6 } = __require("node:fs");
+            unlinkSync6(promptPath);
             return { removed: [promptPath], preserved: [] };
           } catch {
             return { removed: [], preserved: [promptPath] };
@@ -2562,6 +2562,7 @@ function buildCapabilityRouteDecision(input) {
   const proposalHints = unique(input.proposalHints ?? []);
   const allowedLegacyFeatures = input.allowedLegacyFeatures ?? [];
   pushCapability(selected, expectedEvidence, reasonCodes, "context-check", "CONTEXT_CHECK_REUSED", ["context_check_result"]);
+  pushCapability(selected, expectedEvidence, reasonCodes, "context-control", "CONTEXT_CONTROL_ACTIVE", ["context_control_summary"]);
   pushCapability(selected, expectedEvidence, reasonCodes, "tool-governance", "TOOL_GOVERNANCE_REUSED", ["tool_routing_projection"]);
   pushCapability(selected, expectedEvidence, reasonCodes, "receipt-trace", "KERNEL_RECEIPTS_REUSED", ["kernel_receipt_ref"]);
   pushCapability(selected, expectedEvidence, reasonCodes, "model-routing", "MODEL_ROUTING_SUBORDINATE", ["model_routing_projection"]);
@@ -2752,7 +2753,8 @@ var init_work_controls = __esm({
       "loop-control",
       "drift-guard",
       "company-loop",
-      "founder-cockpit"
+      "founder-cockpit",
+      "context-control"
     ];
     CAPABILITY_TO_LEGACY_FEATURE = {
       "production-confidence": "visual-proof",
@@ -5510,6 +5512,15 @@ var init_plan_contract = __esm({
         status: "implemented",
         enforcementSurfaces: ["cli", "local-dashboard"],
         privacyBoundary: "local_only"
+      },
+      {
+        key: "artifact_guard_basic",
+        pricingLabel: "Agent artifacts scanned for risks before AI touches the project",
+        tier: "free",
+        included: true,
+        status: "implemented",
+        enforcementSurfaces: ["cli"],
+        privacyBoundary: "local_only"
       }
     ];
     PRO_CAPABILITIES = [
@@ -7325,8 +7336,8 @@ init_run();
 init_work_contract();
 init_receipts();
 init_state_ledger();
-import { writeFileSync as writeFileSync37, mkdirSync as mkdirSync39, existsSync as existsSync62, readFileSync as readFileSync46, appendFileSync as appendFileSync11, rmSync as rmSync3, unlinkSync as unlinkSync4 } from "node:fs";
-import { join as join61 } from "node:path";
+import { writeFileSync as writeFileSync38, mkdirSync as mkdirSync40, existsSync as existsSync64, readFileSync as readFileSync50, appendFileSync as appendFileSync11, rmSync as rmSync3, unlinkSync as unlinkSync5 } from "node:fs";
+import { join as join66 } from "node:path";
 
 // src/avorelo/capabilities/activation/index.ts
 import { mkdtempSync, writeFileSync as writeFileSync11, mkdirSync as mkdirSync11, rmSync as rmSync2, existsSync as existsSync24 } from "node:fs";
@@ -8111,7 +8122,7 @@ function runFullActivation(targetDir) {
   const dashboardPath = join27(targetDir, ".avorelo", "dashboard", "index.html");
   const localDashboard = { available: existsSync30(dashboardPath), path: existsSync30(dashboardPath) ? dashboardPath : void 0 };
   const blockers = repairsBlocked.length;
-  const activationStatus = blockers > 0 ? "blocked" : "active_with_holds";
+  const activationStatus = blockers > 0 ? "blocked" : "active";
   const existingState = readActivationState(targetDir);
   const workspaceId = existingState?.workspaceId || makeWorkspaceId(targetDir);
   const state = {
@@ -8836,7 +8847,7 @@ import { join as join40 } from "node:path";
 
 // src/avorelo/capabilities/runtime-flow/index.ts
 init_entitlement_resolver();
-import { createHash as createHash12 } from "node:crypto";
+import { createHash as createHash13 } from "node:crypto";
 import { mkdirSync as mkdirSync24, writeFileSync as writeFileSync23, appendFileSync as appendFileSync9, readFileSync as readFileSync23, existsSync as existsSync39 } from "node:fs";
 import { join as join39 } from "node:path";
 
@@ -11464,137 +11475,1412 @@ function buildSummary(status, sourceCount, findingCount) {
   return `Checked ${sourceCount} instruction source(s). ${findingCount} finding(s) detected.`;
 }
 
-// src/avorelo/capabilities/runtime-flow/index.ts
-init_redaction();
-function runtimeDir(dir) {
-  return join39(dir, ".avorelo", "runtime");
+// src/avorelo/kernel/context-control/classify.ts
+var SECRET_PATTERNS2 = [
+  /(?:api[_-]?key|apikey)\s*[:=]\s*\S+/i,
+  /(?:secret|token|password|passwd|pwd)\s*[:=]\s*\S+/i,
+  /(?:aws|gcp|azure)[_-](?:access|secret|key)\s*[:=]/i,
+  /-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/,
+  /(?:sk-|pk-|rk-)[a-zA-Z0-9]{20,}/,
+  /ghp_[a-zA-Z0-9]{36}/,
+  /glpat-[a-zA-Z0-9_-]{20,}/,
+  /xox[bpsa]-[a-zA-Z0-9-]+/
+];
+var FORBIDDEN_PATTERNS = [
+  /PRIVATE[_ ]KEY/,
+  /\.env\b/,
+  /credentials\.json/,
+  /id_rsa/,
+  /-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/
+];
+function classifyContentType(content, label) {
+  const lower = label.toLowerCase();
+  const trimmed = content.slice(0, 2e3);
+  if (lower.includes("log") || lower.includes("output")) {
+    if (/^\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}/.test(trimmed)) return "log";
+    if (/\b(?:ERROR|WARN|INFO|DEBUG|FATAL)\b/.test(trimmed)) return "log";
+    if (/(?:exit code|exited with|status:)\s*\d/i.test(trimmed)) return "log";
+  }
+  if (lower.includes("test")) {
+    if (/(?:PASS|FAIL|✓|✗|passed|failed)\s/i.test(trimmed)) return "test_output";
+    if (/(?:tests?|specs?|suites?)\s+\d+/i.test(trimmed)) return "test_output";
+  }
+  if (lower.includes("diff") || lower.includes("patch")) return "diff";
+  if (lower.includes("tree") || lower.includes("directory")) return "file_tree";
+  if (lower.includes("conversation") || lower.includes("history") || lower.includes("session")) return "conversation_history";
+  if (lower.includes("receipt") || lower.includes("proof") || lower.includes("evidence")) return "receipt_proof_evidence";
+  if (lower.includes("doc") || lower.includes("readme") || lower.includes("markdown")) return "documentation";
+  if (trimmed.startsWith("{") || trimmed.startsWith("[")) {
+    try {
+      JSON.parse(content);
+      return "json_tool_output";
+    } catch {
+    }
+  }
+  if (/^diff --git/.test(trimmed) || /^@@\s/.test(trimmed)) return "diff";
+  if (/^[├└│─\s]+/.test(trimmed) || /^\s*[a-z_-]+\/$/m.test(trimmed)) return "file_tree";
+  if (/\b(?:function|class|const|let|var|import|export|def |async )\b/.test(trimmed)) return "source_like";
+  return "unknown";
 }
-function contextDir(dir) {
-  return join39(dir, ".avorelo", "context");
+function classifySensitivity(content) {
+  for (const pattern of FORBIDDEN_PATTERNS) {
+    if (pattern.test(content)) return "forbidden";
+  }
+  for (const pattern of SECRET_PATTERNS2) {
+    if (pattern.test(content)) return "secret_like";
+  }
+  if (/\b(?:internal|private|confidential)\b/i.test(content.slice(0, 500))) return "internal";
+  return "public";
+}
+function classifyPersistence(sensitivity) {
+  switch (sensitivity) {
+    case "forbidden":
+      return { safeForModel: false, safeForPersistence: false, safeForCloudSync: false, localOnly: true, forbidden: true };
+    case "secret_like":
+      return { safeForModel: false, safeForPersistence: false, safeForCloudSync: false, localOnly: true, forbidden: false };
+    case "local_only":
+      return { safeForModel: true, safeForPersistence: true, safeForCloudSync: false, localOnly: true, forbidden: false };
+    case "internal":
+      return { safeForModel: true, safeForPersistence: true, safeForCloudSync: false, localOnly: false, forbidden: false };
+    case "public":
+      return { safeForModel: true, safeForPersistence: true, safeForCloudSync: true, localOnly: false, forbidden: false };
+  }
+}
+function classifyVolatility(contentType) {
+  switch (contentType) {
+    case "documentation":
+    case "receipt_proof_evidence":
+      return "stable";
+    case "file_tree":
+    case "source_like":
+      return "semi_stable";
+    default:
+      return "volatile";
+  }
+}
+function classifyEvidenceRequirement(contentType, sensitivity) {
+  if (sensitivity === "forbidden") return "forbidden";
+  if (contentType === "receipt_proof_evidence") return "proof_critical";
+  if (contentType === "test_output" || contentType === "diff") return "proof_critical";
+  if (contentType === "log") return "helpful";
+  if (contentType === "file_tree") return "noise";
+  return "helpful";
+}
+function classifyRoleRelevance(contentType) {
+  switch (contentType) {
+    case "log":
+    case "test_output":
+      return ["executor", "reviewer", "proof_adapter"];
+    case "diff":
+      return ["reviewer", "proof_adapter"];
+    case "json_tool_output":
+      return ["executor", "reviewer"];
+    case "file_tree":
+      return ["executor"];
+    case "receipt_proof_evidence":
+      return ["proof_adapter", "receipt", "status"];
+    case "conversation_history":
+      return ["executor"];
+    case "documentation":
+      return ["executor", "reviewer"];
+    default:
+      return ["executor"];
+  }
 }
-var SAFE_FALLBACK_FORBIDDEN_ACTIONS = [
-  "persist_raw_prompt",
-  "persist_raw_source",
-  "persist_raw_secret",
-  "model_owns_READY",
-  "model_owns_entitlement",
-  "model_owns_production_readiness",
-  "claim_savings_without_evidence"
+function estimateTokens(content) {
+  return Math.ceil(content.length / 4);
+}
+function classifyItem(item2) {
+  const contentType = classifyContentType(item2.content, item2.label);
+  const sensitivity = classifySensitivity(item2.content);
+  const persistence = classifyPersistence(sensitivity);
+  const volatility = classifyVolatility(contentType);
+  const evidenceRequirement = classifyEvidenceRequirement(contentType, sensitivity);
+  const roleRelevance = classifyRoleRelevance(contentType);
+  const tokens = estimateTokens(item2.content);
+  return {
+    contentType,
+    sensitivity,
+    persistence,
+    roleRelevance,
+    volatility,
+    evidenceRequirement,
+    estimatedTokens: tokens
+  };
+}
+function containsSecrets(content) {
+  return SECRET_PATTERNS2.some((p) => p.test(content));
+}
+function containsForbiddenContent(content) {
+  return FORBIDDEN_PATTERNS.some((p) => p.test(content));
+}
+
+// src/avorelo/kernel/context-control/evidence-store.ts
+import { createHash as createHash12 } from "node:crypto";
+var evidenceCounter = 0;
+function createEvidenceRef(kind, sourceType, safeSummary, originalContent) {
+  evidenceCounter++;
+  const hash = createHash12("sha256").update(originalContent).digest("hex").slice(0, 16);
+  return {
+    id: `ctx-ev-${Date.now()}-${evidenceCounter}`,
+    kind,
+    sourceType,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    localOnly: true,
+    safeSummary: safeSummary.slice(0, 200),
+    retrievalPolicy: "available",
+    redactionStatus: "clean",
+    provenanceTags: [],
+    contentHash: hash
+  };
+}
+function createBlockedEvidenceRef(sourceType, reason) {
+  evidenceCounter++;
+  return {
+    id: `ctx-ev-blocked-${Date.now()}-${evidenceCounter}`,
+    kind: "BLOCKED",
+    sourceType,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    localOnly: true,
+    safeSummary: `Blocked: ${reason.slice(0, 150)}`,
+    retrievalPolicy: "forbidden",
+    redactionStatus: "forbidden",
+    provenanceTags: [],
+    contentHash: ""
+  };
+}
+
+// src/avorelo/kernel/context-control/reducers/logs.ts
+var ERROR_PATTERNS = [
+  /\b(?:ERROR|FATAL|CRITICAL|PANIC)\b/i,
+  /\bfailed\b/i,
+  /\berror\b/i,
+  /\bException\b/,
+  /\bTraceback\b/,
+  /exit code [1-9]/i,
+  /exited with (?:code )?[1-9]/i,
+  /\bsegfault\b/i,
+  /\bOOM\b/,
+  /\bkilled\b/i
 ];
-function safeFallbackProjection(reasonCodes, extraVerifierPlan = []) {
+var WARNING_PATTERNS = [
+  /\bWARN(?:ING)?\b/i,
+  /\bdeprecated\b/i,
+  /\bskipped\b/i
+];
+var COMMAND_PATTERNS = [
+  /^\$\s+.+/m,
+  /^>\s+.+/m,
+  /^Running\s+/m,
+  /^Executing\s+/m
+];
+var SECRET_LINE_PATTERNS = [
+  /(?:api[_-]?key|apikey|secret|token|password|passwd|pwd)\s*[:=]\s*\S+/i,
+  /(?:sk-|pk-|rk-)[a-zA-Z0-9]{20,}/,
+  /ghp_[a-zA-Z0-9]{36}/,
+  /(?:aws|gcp|azure)[_-](?:access|secret|key)/i
+];
+function isImportantLine(line) {
+  return ERROR_PATTERNS.some((p) => p.test(line)) || WARNING_PATTERNS.some((p) => p.test(line)) || COMMAND_PATTERNS.some((p) => p.test(line));
+}
+function containsSecret(line) {
+  return SECRET_LINE_PATTERNS.some((p) => p.test(line));
+}
+function redactSecretLine(line) {
+  return line.replace(
+    /((?:api[_-]?key|apikey|secret|token|password|passwd|pwd)\s*[:=]\s*)\S+/gi,
+    "$1[REDACTED]"
+  ).replace(
+    /(?:sk-|pk-|rk-)[a-zA-Z0-9]{20,}/g,
+    "[REDACTED_KEY]"
+  ).replace(
+    /ghp_[a-zA-Z0-9]{36}/g,
+    "[REDACTED_GITHUB_TOKEN]"
+  );
+}
+function reduceLogs(content, label) {
+  const tokensBefore = estimateTokens(content);
+  const lines = content.split("\n");
+  if (lines.length <= 50) {
+    const cleaned = lines.map((l) => containsSecret(l) ? redactSecretLine(l) : l).join("\n");
+    return {
+      reduced: cleaned,
+      estimatedTokensBefore: tokensBefore,
+      estimatedTokensAfter: estimateTokens(cleaned),
+      evidenceRef: createEvidenceRef("LOG_REDUCTION", "log", `Log: ${label}`, content),
+      proofImpact: "PASS",
+      reasonCodes: lines.some(containsSecret) ? ["SECRET_REDACTED_IN_LOG"] : ["SHORT_LOG_KEPT"],
+      blockedContent: false
+    };
+  }
+  const importantLines = [];
+  const repeatedCounts = /* @__PURE__ */ new Map();
+  let totalLines = lines.length;
+  let errorCount = 0;
+  let warnCount = 0;
+  let secretsRedacted = 0;
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    if (containsSecret(line)) {
+      secretsRedacted++;
+      const redacted = redactSecretLine(line);
+      if (isImportantLine(line)) {
+        importantLines.push(redacted);
+      }
+      continue;
+    }
+    if (isImportantLine(line)) {
+      if (ERROR_PATTERNS.some((p) => p.test(line))) errorCount++;
+      if (WARNING_PATTERNS.some((p) => p.test(line))) warnCount++;
+      importantLines.push(line);
+      const contextStart = Math.max(0, i - 2);
+      const contextEnd = Math.min(lines.length - 1, i + 2);
+      for (let j = contextStart; j <= contextEnd; j++) {
+        if (j !== i && lines[j].trim() && !isImportantLine(lines[j])) {
+          if (!containsSecret(lines[j])) {
+            importantLines.push(`  ${lines[j]}`);
+          }
+        }
+      }
+      continue;
+    }
+    const normalized = trimmed.replace(/\d+/g, "N").replace(/0x[a-fA-F0-9]+/g, "0xN");
+    repeatedCounts.set(normalized, (repeatedCounts.get(normalized) || 0) + 1);
+  }
+  const repeatedSummary = [];
+  for (const [pattern, count] of repeatedCounts) {
+    if (count >= 3) {
+      repeatedSummary.push(`  (${count}x) ${pattern.slice(0, 120)}`);
+    }
+  }
+  const parts = [
+    `--- Log Summary: ${label} ---`,
+    `Total lines: ${totalLines}`,
+    `Errors: ${errorCount} | Warnings: ${warnCount} | Secrets redacted: ${secretsRedacted}`,
+    "",
+    "--- Important Lines ---",
+    ...importantLines.slice(0, 100)
+  ];
+  if (repeatedSummary.length > 0) {
+    parts.push("", "--- Repeated Patterns ---", ...repeatedSummary.slice(0, 20));
+  }
+  const reduced = parts.join("\n");
+  const tokensAfter = estimateTokens(reduced);
+  const reasonCodes = ["LARGE_LOG_REDUCED"];
+  if (secretsRedacted > 0) reasonCodes.push("SECRET_REDACTED_IN_LOG");
+  if (errorCount > 0) reasonCodes.push("ERRORS_PRESERVED");
+  if (repeatedSummary.length > 0) reasonCodes.push("REPEATED_LINES_SUMMARIZED");
+  const proofImpact = errorCount > 0 && importantLines.length > 0 ? "PASS" : "DEGRADED";
   return {
-    selectedPrimitive: "deterministic_local_read",
-    selectedModelProfile: "none",
-    resolverStatus: reasonCodes.includes("MODEL_ROUTING_VERIFIER_REJECTED") ? "verifier_rejected" : "routing_unavailable",
-    providerClass: "none",
-    fallbackPlan: [],
-    verifierPlan: extraVerifierPlan,
+    reduced,
+    estimatedTokensBefore: tokensBefore,
+    estimatedTokensAfter: tokensAfter,
+    evidenceRef: createEvidenceRef("LOG_REDUCTION", "log", `Log reduced: ${label}`, content),
+    proofImpact,
     reasonCodes,
-    forbiddenActions: [...SAFE_FALLBACK_FORBIDDEN_ACTIONS],
-    modelMayAssist: false,
-    modelMayDecide: false,
-    scannerMayDecide: false,
-    finalDecisionOwner: "kernel/stop-continue-gate",
-    containsRawPrompt: false,
-    containsRawSource: false,
-    containsRawSecret: false
+    blockedContent: false
   };
 }
-function freshRuntimeId(seed) {
-  return "rts_" + createHash12("sha256").update(seed).digest("hex").slice(0, 12);
+
+// src/avorelo/kernel/context-control/reducers/json.ts
+var MAX_ARRAY_ITEMS = 3;
+var MAX_STRING_LENGTH2 = 200;
+var MAX_DEPTH = 6;
+function truncateValue(value, depth) {
+  if (depth > MAX_DEPTH) return "[... nested beyond depth limit]";
+  if (value === null || value === void 0) return value;
+  if (typeof value === "boolean" || typeof value === "number") return value;
+  if (typeof value === "string") {
+    if (value.length > MAX_STRING_LENGTH2) {
+      return value.slice(0, MAX_STRING_LENGTH2) + `... (${value.length} chars)`;
+    }
+    return value;
+  }
+  if (Array.isArray(value)) {
+    if (value.length === 0) return [];
+    const truncated = value.slice(0, MAX_ARRAY_ITEMS).map((v) => truncateValue(v, depth + 1));
+    if (value.length > MAX_ARRAY_ITEMS) {
+      truncated.push(`... (${value.length - MAX_ARRAY_ITEMS} more items, ${value.length} total)`);
+    }
+    return truncated;
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const keys = Object.keys(obj);
+    const result3 = {};
+    const priorityKeys = ["error", "message", "status", "code", "name", "type", "id", "path"];
+    const sortedKeys = [
+      ...priorityKeys.filter((k) => keys.includes(k)),
+      ...keys.filter((k) => !priorityKeys.includes(k))
+    ];
+    for (const key of sortedKeys) {
+      result3[key] = truncateValue(obj[key], depth + 1);
+    }
+    return result3;
+  }
+  return String(value);
 }
-function coded(text) {
+function reduceJson(content, label) {
+  const tokensBefore = estimateTokens(content);
+  let parsed;
   try {
-    return String(redact(text).value).slice(0, 160);
+    parsed = JSON.parse(content);
   } catch {
-    return "redacted";
+    const fallback = content.slice(0, 2e3) + (content.length > 2e3 ? `
+... (${content.length} chars total, malformed JSON)` : "");
+    return {
+      reduced: fallback,
+      estimatedTokensBefore: tokensBefore,
+      estimatedTokensAfter: estimateTokens(fallback),
+      evidenceRef: createEvidenceRef("JSON_REDUCTION", "json_tool_output", `JSON fallback: ${label}`, content),
+      proofImpact: "DEGRADED",
+      reasonCodes: ["MALFORMED_JSON_TRUNCATED"],
+      blockedContent: false
+    };
+  }
+  const truncated = truncateValue(parsed, 0);
+  const reduced = JSON.stringify(truncated, null, 2);
+  const tokensAfter = estimateTokens(reduced);
+  const reasonCodes = ["JSON_STRUCTURE_PRESERVED"];
+  if (tokensAfter < tokensBefore * 0.8) {
+    reasonCodes.push("JSON_ARRAYS_TRUNCATED");
   }
+  return {
+    reduced,
+    estimatedTokensBefore: tokensBefore,
+    estimatedTokensAfter: tokensAfter,
+    evidenceRef: createEvidenceRef("JSON_REDUCTION", "json_tool_output", `JSON reduced: ${label}`, content),
+    proofImpact: "PASS",
+    reasonCodes,
+    blockedContent: false
+  };
 }
-function mergeRuntimeGate(baseGate, actionVerdict) {
-  if (baseGate === "blocked" || actionVerdict === "block") return "blocked";
-  if (baseGate === "require_approval" || actionVerdict === "require_approval" || actionVerdict === "suggest_safer_action") {
-    return "require_approval";
+
+// src/avorelo/kernel/context-control/reducers/file-tree.ts
+var GENERATED_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  "dist",
+  "build",
+  "out",
+  ".next",
+  ".nuxt",
+  ".output",
+  "coverage",
+  ".nyc_output",
+  "__pycache__",
+  ".pytest_cache",
+  ".git",
+  ".svn",
+  ".hg",
+  "vendor",
+  "bower_components",
+  ".cache",
+  ".parcel-cache",
+  ".turbo",
+  "target",
+  "bin",
+  "obj",
+  ".terraform",
+  ".serverless"
+]);
+var PRIORITY_PATTERNS = [
+  /^src\//,
+  /^lib\//,
+  /^app\//,
+  /^pages\//,
+  /^components\//,
+  /^tests?\//,
+  /^__tests__\//,
+  /^spec\//,
+  /^scripts?\//,
+  /^config/,
+  /^\.(?:env|eslint|prettier|babel|jest|vitest)/,
+  /(?:package|tsconfig|webpack|vite|rollup)\.(?:json|config|js|ts|mjs|cjs)$/,
+  /(?:README|CHANGELOG|LICENSE|CLAUDE|AGENTS|CONTRIBUTING)\b/i,
+  /^docs?\//
+];
+function isPriority(path) {
+  return PRIORITY_PATTERNS.some((p) => p.test(path));
+}
+function isGeneratedDir(segment) {
+  return GENERATED_DIRS.has(segment.toLowerCase());
+}
+function reduceFileTree(content, label) {
+  const tokensBefore = estimateTokens(content);
+  const lines = content.split("\n").filter((l) => l.trim());
+  if (lines.length <= 100) {
+    return {
+      reduced: content,
+      estimatedTokensBefore: tokensBefore,
+      estimatedTokensAfter: tokensBefore,
+      evidenceRef: null,
+      proofImpact: "PASS",
+      reasonCodes: ["SMALL_TREE_KEPT"],
+      blockedContent: false
+    };
   }
-  return "allow";
+  const priorityPaths = [];
+  const generatedDirs = /* @__PURE__ */ new Map();
+  const otherPaths = [];
+  for (const line of lines) {
+    const cleaned = line.replace(/^[├└│─\s│]+/, "").trim();
+    if (!cleaned) continue;
+    const firstSegment = cleaned.split("/")[0];
+    if (isGeneratedDir(firstSegment)) {
+      generatedDirs.set(firstSegment, (generatedDirs.get(firstSegment) || 0) + 1);
+      continue;
+    }
+    if (isPriority(cleaned)) {
+      priorityPaths.push(cleaned);
+    } else {
+      otherPaths.push(cleaned);
+    }
+  }
+  const parts = [
+    `--- File Tree Summary: ${label} ---`,
+    `Total entries: ${lines.length}`,
+    "",
+    "--- Source & Config (priority) ---",
+    ...priorityPaths.slice(0, 80)
+  ];
+  if (otherPaths.length > 0) {
+    parts.push("", `--- Other (${otherPaths.length} entries) ---`);
+    parts.push(...otherPaths.slice(0, 30));
+    if (otherPaths.length > 30) {
+      parts.push(`  ... (${otherPaths.length - 30} more)`);
+    }
+  }
+  if (generatedDirs.size > 0) {
+    parts.push("", "--- Generated/Vendor (summarized) ---");
+    for (const [dir, count] of generatedDirs) {
+      parts.push(`  ${dir}/ (${count} entries)`);
+    }
+  }
+  const reduced = parts.join("\n");
+  return {
+    reduced,
+    estimatedTokensBefore: tokensBefore,
+    estimatedTokensAfter: estimateTokens(reduced),
+    evidenceRef: createEvidenceRef("FILE_TREE_REDUCTION", "file_tree", `Tree reduced: ${label}`, content),
+    proofImpact: "PASS",
+    reasonCodes: ["FILE_TREE_SUMMARIZED", "GENERATED_DIRS_COLLAPSED"],
+    blockedContent: false
+  };
 }
-function isProofAdapter(adapterId) {
-  return adapterId === "semgrep" || adapterId === "playwright-proof" || adapterId === "github-actions";
+
+// src/avorelo/kernel/context-control/reducers/test-output.ts
+var FAIL_PATTERNS = [
+  /\b(?:FAIL|FAILED|FAILURE)\b/i,
+  /✗|✘|×|❌/,
+  /\bnot ok\b/i,
+  /AssertionError/i,
+  /\bExpected\b.*\bReceived\b/i,
+  /\bexpected\b.*\bto (?:equal|be|match|include|have)\b/i,
+  /Error:\s/,
+  /\bat\s+\S+\s+\(/
+];
+var PASS_PATTERNS = [
+  /\b(?:PASS|PASSED|OK)\b/i,
+  /✓|✔|✅/,
+  /\bok\b/i
+];
+var SUMMARY_PATTERNS = [
+  /Tests?:\s*\d+/i,
+  /Suites?:\s*\d+/i,
+  /\d+\s+(?:passing|failing|pending|skipped)/i,
+  /Test Files\s/i,
+  /Duration[:\s]/i,
+  /Time:\s/i,
+  /Ran all test suites/i
+];
+var COMMAND_PATTERNS2 = [
+  /^\$\s+/,
+  /^>\s+/,
+  /^Running\s+/i,
+  /^Executing\s+/i,
+  /^npm\s+(?:run|test)/i,
+  /^node\s+/,
+  /^npx\s+/
+];
+function reduceTestOutput(content, label) {
+  const tokensBefore = estimateTokens(content);
+  const lines = content.split("\n");
+  if (lines.length <= 80) {
+    return {
+      reduced: content,
+      estimatedTokensBefore: tokensBefore,
+      estimatedTokensAfter: tokensBefore,
+      evidenceRef: createEvidenceRef("TEST_OUTPUT_REDUCTION", "test_output", `Test output: ${label}`, content),
+      proofImpact: "PASS",
+      reasonCodes: ["SHORT_TEST_OUTPUT_KEPT"],
+      blockedContent: false
+    };
+  }
+  const failingLines = [];
+  const summaryLines = [];
+  const commandLines = [];
+  let passingCount = 0;
+  let failingCount = 0;
+  let inFailBlock = false;
+  let failBlockLines = 0;
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (COMMAND_PATTERNS2.some((p) => p.test(line))) {
+      commandLines.push(line);
+      continue;
+    }
+    if (SUMMARY_PATTERNS.some((p) => p.test(line))) {
+      summaryLines.push(line);
+      continue;
+    }
+    if (FAIL_PATTERNS.some((p) => p.test(line))) {
+      inFailBlock = true;
+      failBlockLines = 0;
+      failingCount++;
+      failingLines.push(line);
+      continue;
+    }
+    if (inFailBlock && failBlockLines < 15) {
+      failBlockLines++;
+      failingLines.push(line);
+      if (line.trim() === "" || failBlockLines >= 15) {
+        inFailBlock = false;
+      }
+      continue;
+    }
+    if (PASS_PATTERNS.some((p) => p.test(line))) {
+      passingCount++;
+      inFailBlock = false;
+      continue;
+    }
+    inFailBlock = false;
+  }
+  const parts = [
+    `--- Test Output Summary: ${label} ---`
+  ];
+  if (commandLines.length > 0) {
+    parts.push("Command: " + commandLines[0]);
+  }
+  parts.push(`Passing: ${passingCount} | Failing: ${failingCount}`);
+  if (failingLines.length > 0) {
+    parts.push("", "--- Failing Tests ---");
+    parts.push(...failingLines.slice(0, 200));
+  }
+  if (summaryLines.length > 0) {
+    parts.push("", "--- Summary ---");
+    parts.push(...summaryLines);
+  }
+  if (failingCount === 0 && passingCount > 0) {
+    parts.push("", "All tests passing.");
+  }
+  const reduced = parts.join("\n");
+  const proofImpact = failingCount > 0 && failingLines.length > 0 ? "PASS" : failingCount > 0 ? "DEGRADED" : "PASS";
+  return {
+    reduced,
+    estimatedTokensBefore: tokensBefore,
+    estimatedTokensAfter: estimateTokens(reduced),
+    evidenceRef: createEvidenceRef("TEST_OUTPUT_REDUCTION", "test_output", `Tests reduced: ${label}`, content),
+    proofImpact,
+    reasonCodes: [
+      "TEST_OUTPUT_REDUCED",
+      ...failingCount > 0 ? ["FAILING_TESTS_PRESERVED"] : ["ALL_TESTS_PASSING"],
+      ...passingCount > 10 ? ["PASSING_TESTS_SUMMARIZED"] : []
+    ],
+    blockedContent: false
+  };
 }
-function buildProofAdapterReportItems(toolExecution) {
-  const found = [];
-  const verified = [];
-  const needsAttention = [];
-  const metadata = toolExecution.proofMetadata;
-  if (!metadata || !isProofAdapter(toolExecution.selectedAdapter)) return { found, verified, needsAttention };
-  const confidence = metadata.fake ? "inferred" : "measured";
-  if (toolExecution.executionStatus === "executed") {
-    verified.push({
-      code: "PROOF_ADAPTER_EXECUTED",
-      title: "Proof adapter executed",
-      summary: `${toolExecution.selectedAdapter}: ${metadata.summary}`,
-      confidence
-    });
-  } else if (toolExecution.executionStatus === "skipped") {
-    needsAttention.push({
-      code: "PROOF_ADAPTER_SKIPPED",
-      title: "Proof adapter skipped",
-      summary: `${toolExecution.selectedAdapter}: ${toolExecution.reasonCodes.join(",")}`,
-      confidence: "unavailable"
-    });
-  } else if (toolExecution.executionStatus === "failed" || toolExecution.executionStatus === "blocked") {
-    needsAttention.push({
-      code: "PROOF_ADAPTER_NOT_READY",
-      title: "Proof adapter needs attention",
-      summary: `${toolExecution.selectedAdapter}: ${toolExecution.reasonCodes.join(",")}`,
-      confidence
-    });
+
+// src/avorelo/kernel/context-control/reducers/diff-summary.ts
+var GENERATED_FILE_PATTERNS = [
+  /package-lock\.json$/,
+  /yarn\.lock$/,
+  /pnpm-lock\.yaml$/,
+  /\.min\.\w+$/,
+  /\.map$/,
+  /dist\//,
+  /build\//,
+  /\.generated\./,
+  /node_modules\//
+];
+function isGeneratedFile(path) {
+  return GENERATED_FILE_PATTERNS.some((p) => p.test(path));
+}
+function reduceDiffSummary(content, label) {
+  const tokensBefore = estimateTokens(content);
+  const lines = content.split("\n");
+  const fileChanges = [];
+  let totalInsertions = 0;
+  let totalDeletions = 0;
+  let currentFile = null;
+  let currentInsertions = 0;
+  let currentDeletions = 0;
+  for (const line of lines) {
+    const diffGit = line.match(/^diff --git a\/(.+?) b\//);
+    if (diffGit) {
+      if (currentFile) {
+        fileChanges.push({
+          path: currentFile,
+          insertions: currentInsertions,
+          deletions: currentDeletions,
+          isGenerated: isGeneratedFile(currentFile)
+        });
+        totalInsertions += currentInsertions;
+        totalDeletions += currentDeletions;
+      }
+      currentFile = diffGit[1];
+      currentInsertions = 0;
+      currentDeletions = 0;
+      continue;
+    }
+    if (line.startsWith("+") && !line.startsWith("+++")) currentInsertions++;
+    if (line.startsWith("-") && !line.startsWith("---")) currentDeletions++;
   }
-  if (metadata.findingCount > 0) {
-    found.push({
-      code: metadata.adapterClass === "ci_readonly" ? "CI_FINDINGS_SUMMARIZED" : "PROOF_FINDINGS_SUMMARIZED",
-      title: "Summarized proof findings",
-      summary: `${toolExecution.selectedAdapter}: findings=${metadata.findingCount} artifacts=${metadata.artifactCount}`,
-      confidence
+  if (currentFile) {
+    fileChanges.push({
+      path: currentFile,
+      insertions: currentInsertions,
+      deletions: currentDeletions,
+      isGenerated: isGeneratedFile(currentFile)
     });
+    totalInsertions += currentInsertions;
+    totalDeletions += currentDeletions;
   }
-  return { found, verified, needsAttention };
+  if (fileChanges.length === 0) {
+    const statLine = lines.find((l) => /\d+ files? changed/.test(l));
+    if (statLine) {
+      return {
+        reduced: `--- Diff Summary: ${label} ---
+${statLine}`,
+        estimatedTokensBefore: tokensBefore,
+        estimatedTokensAfter: estimateTokens(statLine),
+        evidenceRef: createEvidenceRef("DIFF_SUMMARY", "diff", `Diff stats: ${label}`, content),
+        proofImpact: "PASS",
+        reasonCodes: ["DIFF_STAT_ONLY"],
+        blockedContent: false
+      };
+    }
+    return {
+      reduced: `--- Diff Summary: ${label} ---
+No parseable diff content.`,
+      estimatedTokensBefore: tokensBefore,
+      estimatedTokensAfter: 10,
+      evidenceRef: createEvidenceRef("DIFF_SUMMARY", "diff", `Diff empty: ${label}`, content),
+      proofImpact: "UNKNOWN",
+      reasonCodes: ["DIFF_NOT_PARSEABLE"],
+      blockedContent: false
+    };
+  }
+  const sourceFiles = fileChanges.filter((f) => !f.isGenerated);
+  const generatedFiles = fileChanges.filter((f) => f.isGenerated);
+  const riskMarkers = [];
+  for (const f of sourceFiles) {
+    if (/(?:auth|security|secret|credential|password|token)/i.test(f.path)) riskMarkers.push(`SECURITY_RELATED: ${f.path}`);
+    if (/(?:migration|schema|database)/i.test(f.path)) riskMarkers.push(`MIGRATION: ${f.path}`);
+    if (/(?:deploy|prod|release|ci|cd)/i.test(f.path)) riskMarkers.push(`DEPLOYMENT: ${f.path}`);
+  }
+  const parts = [
+    `--- Diff Summary: ${label} ---`,
+    `Files changed: ${fileChanges.length} (${sourceFiles.length} source, ${generatedFiles.length} generated)`,
+    `Insertions: +${totalInsertions} | Deletions: -${totalDeletions}`
+  ];
+  if (riskMarkers.length > 0) {
+    parts.push("", "Risk markers:", ...riskMarkers.map((r2) => `  \u26A0 ${r2}`));
+  }
+  parts.push("", "Source files:");
+  for (const f of sourceFiles) {
+    parts.push(`  ${f.path} (+${f.insertions}/-${f.deletions})`);
+  }
+  if (generatedFiles.length > 0) {
+    parts.push("", `Generated files: ${generatedFiles.length} (${generatedFiles.map((f) => f.path).join(", ")})`);
+  }
+  const reduced = parts.join("\n");
+  return {
+    reduced,
+    estimatedTokensBefore: tokensBefore,
+    estimatedTokensAfter: estimateTokens(reduced),
+    evidenceRef: createEvidenceRef("DIFF_SUMMARY", "diff", `Diff summarized: ${label}`, content),
+    proofImpact: "PASS",
+    reasonCodes: ["DIFF_STATS_PRESERVED", "RAW_DIFF_NOT_PERSISTED", ...riskMarkers.length > 0 ? ["RISK_MARKERS_DETECTED"] : []],
+    blockedContent: false
+  };
 }
-function runRuntimeSession(input) {
-  const { task, dir } = input;
-  const planTier = input.planTier ?? "Free";
-  const now = input.now ?? Date.now();
-  const createdAt = input.createdAt ?? new Date(now).toISOString();
-  const warnings = [];
-  let compiledContextPacket = null;
-  let executorContextPack = null;
-  let plannedToolExecution = null;
-  const routing = decideRouting({ task, dir, planTier });
-  const c = routing.contract;
-  const displayTask = routing.displayTask;
-  const proposalHints = detectProposalHints(displayTask);
-  const entitlementState = resolveSubscriptionEntitlements({ source: "runtime_flow" });
-  const capabilityRoute = buildCapabilityRouteDecision({
-    taskType: c.route === "deterministic_only" ? "docs" : c.route === "blocked" ? "deploy" : "code_generation",
-    riskClass: c.riskClass,
-    proofTier: c.proofTier,
-    approvalPolicy: c.approvalPolicy,
-    proposalHints,
-    paymentTouched: c.safetyBoundary.secretRiskCodes.includes("payment") || /payment|billing|invoice/i.test(displayTask),
-    authTouched: c.safetyBoundary.secretRiskCodes.includes("auth") || /auth|login|session/i.test(displayTask),
-    dashboardTouched: /dashboard|cockpit/i.test(displayTask),
-    publicCopyTouched: /public|pricing|landing/i.test(displayTask),
-    mcpTouched: /mcp|connector|tool config/i.test(displayTask),
-    deepMode: /\bdeep|loop|retry until|autonomous\b/i.test(displayTask),
-    browserAvailable: false,
-    allowedLegacyFeatures: entitlementState.legacyFeatures
-  });
-  const actionWorthiness = evaluateActionWorthiness({
-    objective: displayTask,
-    riskClass: c.riskClass,
-    approvalPolicy: c.approvalPolicy,
-    proposalHints
-  });
-  const workControlSummary = buildWorkControlReceiptSummary(capabilityRoute, actionWorthiness);
+
+// src/avorelo/kernel/context-control/reducers/conversation.ts
+var OBJECTIVE_PATTERNS = [
+  /\b(?:objective|goal|task|mission|purpose)\s*[:]/i,
+  /\b(?:we need to|I need to|please|implement|fix|add|create|build|update|change|remove|refactor)\b/i
+];
+var CONSTRAINT_PATTERNS = [
+  /\b(?:must not|do not|don't|never|avoid|forbidden|required|constraint|boundary|limit)\b/i,
+  /\b(?:before|after|unless|only if|except)\b/i
+];
+var DECISION_PATTERNS = [
+  /\b(?:decided|decision|chose|chosen|agreed|confirmed|approved|rejected|accepted)\b/i,
+  /\b(?:we'll|we will|let's|approach|strategy|plan is)\b/i
+];
+var UNRESOLVED_PATTERNS = [
+  /\b(?:TODO|FIXME|HACK|QUESTION|TBD|unclear|not sure|need to figure|open question)\b/i,
+  /\?\s*$/
+];
+var STATUS_PATTERNS = [
+  /\b(?:verified|tested|confirmed|working|broken|failing|passed|deployed|merged)\b/i,
+  /\b(?:status|result|outcome|state)\s*[:]/i
+];
+var NOISE_PATTERNS = [
+  /^(?:okay|ok|sure|yes|no|thanks|thank you|got it|understood|right|exactly|perfect)[\.\!\s]*$/i,
+  /^(?:let me|I'll|I will)\s+(?:check|look|see|read|examine)/i,
+  /^(?:here's|here is)\s+(?:the|what)/i,
+  /^(?:great|good|nice|excellent|awesome)/i
+];
+function isNoise(line) {
+  const trimmed = line.trim();
+  if (!trimmed) return true;
+  return NOISE_PATTERNS.some((p) => p.test(trimmed));
+}
+function matchesAny(line, patterns) {
+  return patterns.some((p) => p.test(line));
+}
+function reduceConversation(content, label) {
+  const tokensBefore = estimateTokens(content);
+  const lines = content.split("\n");
+  if (lines.length <= 60) {
+    return {
+      reduced: content,
+      estimatedTokensBefore: tokensBefore,
+      estimatedTokensAfter: tokensBefore,
+      evidenceRef: createEvidenceRef("CONVERSATION_STATE_SUMMARY", "conversation_history", `Conversation: ${label}`, content),
+      proofImpact: "PASS",
+      reasonCodes: ["SHORT_CONVERSATION_KEPT"],
+      blockedContent: false
+    };
+  }
+  const objectives = [];
+  const constraints = [];
+  const decisions = [];
+  const unresolved = [];
+  const statusUpdates = [];
+  let noiseRemoved = 0;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    if (isNoise(trimmed)) {
+      noiseRemoved++;
+      continue;
+    }
+    if (matchesAny(trimmed, OBJECTIVE_PATTERNS)) objectives.push(trimmed);
+    else if (matchesAny(trimmed, CONSTRAINT_PATTERNS)) constraints.push(trimmed);
+    else if (matchesAny(trimmed, DECISION_PATTERNS)) decisions.push(trimmed);
+    else if (matchesAny(trimmed, UNRESOLVED_PATTERNS)) unresolved.push(trimmed);
+    else if (matchesAny(trimmed, STATUS_PATTERNS)) statusUpdates.push(trimmed);
+  }
+  const parts = [`--- Conversation Summary: ${label} ---`];
+  if (objectives.length > 0) {
+    parts.push("", "Objectives:", ...objectives.slice(0, 10).map((o) => `  - ${o.slice(0, 200)}`));
+  }
+  if (constraints.length > 0) {
+    parts.push("", "Constraints:", ...constraints.slice(0, 10).map((c) => `  - ${c.slice(0, 200)}`));
+  }
+  if (decisions.length > 0) {
+    parts.push("", "Decisions:", ...decisions.slice(0, 10).map((d) => `  - ${d.slice(0, 200)}`));
+  }
+  if (unresolved.length > 0) {
+    parts.push("", "Unresolved:", ...unresolved.slice(0, 10).map((u) => `  - ${u.slice(0, 200)}`));
+  }
+  if (statusUpdates.length > 0) {
+    parts.push("", "Latest status:", ...statusUpdates.slice(-5).map((s) => `  - ${s.slice(0, 200)}`));
+  }
+  parts.push("", `Noise removed: ${noiseRemoved} lines`);
+  const reduced = parts.join("\n");
+  return {
+    reduced,
+    estimatedTokensBefore: tokensBefore,
+    estimatedTokensAfter: estimateTokens(reduced),
+    evidenceRef: createEvidenceRef("CONVERSATION_STATE_SUMMARY", "conversation_history", `Conversation reduced: ${label}`, content),
+    proofImpact: objectives.length > 0 || decisions.length > 0 ? "PASS" : "DEGRADED",
+    reasonCodes: [
+      "CONVERSATION_SUMMARIZED",
+      ...noiseRemoved > 0 ? ["NOISE_REMOVED"] : [],
+      ...objectives.length > 0 ? ["OBJECTIVES_PRESERVED"] : [],
+      ...decisions.length > 0 ? ["DECISIONS_PRESERVED"] : [],
+      ...unresolved.length > 0 ? ["UNRESOLVED_FLAGGED"] : []
+    ],
+    blockedContent: false
+  };
+}
+
+// src/avorelo/kernel/context-control/cache-align.ts
+function analyzeCacheAlignment(items) {
+  let stableCount = 0;
+  let semiStableCount = 0;
+  let volatileCount = 0;
+  const invalidationReasons = [];
+  for (const item2 of items) {
+    const contentType = classifyContentType(item2.content, item2.label);
+    const volatility = classifyVolatility(contentType);
+    switch (volatility) {
+      case "stable":
+        stableCount++;
+        break;
+      case "semi_stable":
+        semiStableCount++;
+        break;
+      case "volatile":
+        volatileCount++;
+        break;
+    }
+  }
+  const totalItems = items.length;
+  const cacheBreakRisk = totalItems > 0 && volatileCount > stableCount;
+  if (stableCount === 0 && totalItems > 0) {
+    invalidationReasons.push("NO_STABLE_CONTEXT_BLOCKS");
+  }
+  if (volatileCount > stableCount * 2) {
+    invalidationReasons.push("VOLATILE_DOMINATES_STABLE");
+  }
+  if (totalItems > 20) {
+    invalidationReasons.push("HIGH_ITEM_COUNT_MAY_FRAGMENT_CACHE");
+  }
+  const layout = [];
+  if (stableCount > 0) layout.push("1. System/product contract (stable)");
+  if (stableCount > 0) layout.push("2. Project facts & conventions (stable)");
+  if (semiStableCount > 0) layout.push("3. Repo map & dependencies (semi-stable)");
+  if (volatileCount > 0) layout.push("4. Current task & tool output (volatile)");
+  return {
+    stableBlockCount: stableCount,
+    semiStableBlockCount: semiStableCount,
+    volatileBlockCount: volatileCount,
+    cacheStablePrefixAvailable: stableCount > 0,
+    cacheBreakRisk,
+    cacheInvalidationReasons: invalidationReasons,
+    suggestedPromptLayout: layout
+  };
+}
+
+// src/avorelo/kernel/context-control/diagnostics.ts
+function generateDiagnostics(result3) {
+  const diagnostics = [];
+  if (result3.blockedItemsCount > 0) {
+    diagnostics.push({
+      severity: "warning",
+      code: "CONTEXT_ITEMS_BLOCKED",
+      message: `${result3.blockedItemsCount} context item(s) were blocked due to forbidden or secret-like content.`,
+      remediation: "Review blocked items and redact sensitive content before including in context.",
+      safeForReceipt: true
+    });
+  }
+  if (result3.proofImpact === "DEGRADED") {
+    diagnostics.push({
+      severity: "warning",
+      code: "PROOF_IMPACT_DEGRADED",
+      message: "Context compression may have removed proof-critical evidence.",
+      remediation: "Rerun with evidence retrieval or use manual review to verify proof chain.",
+      safeForReceipt: true
+    });
+  }
+  if (result3.proofImpact === "UNKNOWN") {
+    diagnostics.push({
+      severity: "blocker",
+      code: "PROOF_IMPACT_UNKNOWN",
+      message: "Unable to determine proof impact of context compression.",
+      remediation: "Review original context to determine if proof-critical evidence was affected.",
+      safeForReceipt: true
+    });
+  }
+  if (result3.compressionRatio > 0.95) {
+    diagnostics.push({
+      severity: "info",
+      code: "HIGH_COMPRESSION_RATIO",
+      message: `Context was compressed by ${Math.round(result3.compressionRatio * 100)}%. Verify that important context was preserved.`,
+      remediation: "Check evidence refs to confirm key information is retrievable.",
+      safeForReceipt: true
+    });
+  }
+  if (result3.cacheAlignment.cacheBreakRisk) {
+    diagnostics.push({
+      severity: "info",
+      code: "CACHE_BREAK_RISK",
+      message: "Volatile context blocks outnumber stable blocks, reducing cache effectiveness.",
+      remediation: "Move stable project context (system prompt, conventions) to the front of the prompt.",
+      safeForReceipt: true
+    });
+  }
+  if (!result3.cacheAlignment.cacheStablePrefixAvailable) {
+    diagnostics.push({
+      severity: "info",
+      code: "NO_STABLE_PREFIX",
+      message: "No stable context prefix detected. Provider prompt caching will be less effective.",
+      remediation: "Add stable system/project context blocks at the beginning of the prompt.",
+      safeForReceipt: true
+    });
+  }
+  if (result3.estimatedInputTokensBefore > 1e5) {
+    diagnostics.push({
+      severity: "warning",
+      code: "VERY_LARGE_CONTEXT",
+      message: `Input context estimated at ${result3.estimatedInputTokensBefore.toLocaleString()} tokens before reduction.`,
+      remediation: "Consider narrowing task scope or excluding unnecessary context sources.",
+      safeForReceipt: true
+    });
+  }
+  if (result3.evidenceRefs.length === 0 && result3.estimatedInputTokensBefore > result3.estimatedInputTokensAfter) {
+    diagnostics.push({
+      severity: "warning",
+      code: "COMPRESSION_WITHOUT_EVIDENCE",
+      message: "Context was compressed but no evidence refs were created for recovery.",
+      remediation: "Ensure reducers create evidence refs for recoverable content.",
+      safeForReceipt: true
+    });
+  }
+  return diagnostics;
+}
+function buildReceiptSummary(result3) {
+  const reductionPercent = result3.estimatedInputTokensBefore > 0 ? Math.round((result3.estimatedInputTokensBefore - result3.estimatedInputTokensAfter) / result3.estimatedInputTokensBefore * 100) : 0;
+  let status;
+  if (result3.decision === "BLOCK_FORBIDDEN_CONTEXT") {
+    status = "BLOCKED";
+  } else if (result3.proofImpact === "DEGRADED" || result3.proofImpact === "UNKNOWN") {
+    status = "DEGRADED";
+  } else if (result3.decision === "ALLOW_AS_IS" && result3.estimatedInputTokensBefore === result3.estimatedInputTokensAfter) {
+    status = "INACTIVE";
+  } else {
+    status = "ACTIVE";
+  }
+  const summaryParts = [];
+  if (status === "ACTIVE") {
+    summaryParts.push(`Context reduced from ~${result3.estimatedInputTokensBefore.toLocaleString()} to ~${result3.estimatedInputTokensAfter.toLocaleString()} tokens (${reductionPercent}% reduction).`);
+  } else if (status === "BLOCKED") {
+    summaryParts.push("Context blocked due to forbidden content.");
+  } else if (status === "DEGRADED") {
+    summaryParts.push("Context compressed but proof chain may be weakened.");
+  } else {
+    summaryParts.push("Context passed through without reduction.");
+  }
+  if (result3.evidenceRefs.length > 0) {
+    summaryParts.push(`${result3.evidenceRefs.length} evidence ref(s) available for retrieval.`);
+  }
+  return {
+    contextControlStatus: status,
+    estimatedContextBefore: result3.estimatedInputTokensBefore,
+    estimatedContextSent: result3.estimatedInputTokensAfter,
+    reductionPercent,
+    evidenceRefCount: result3.evidenceRefs.length,
+    blockedItemsCount: result3.blockedItemsCount,
+    retrievalAvailable: result3.evidenceRefs.some((r2) => r2.retrievalPolicy === "available"),
+    proofImpact: result3.proofImpact,
+    topReasonCodes: result3.reasonCodes.slice(0, 5),
+    summary: summaryParts.join(" ")
+  };
+}
+function renderContextStats(summary) {
+  const lines = [
+    `Context Control: ${summary.contextControlStatus}`,
+    `Estimated context before: ${summary.estimatedContextBefore.toLocaleString()} tokens`,
+    `Estimated context sent: ${summary.estimatedContextSent.toLocaleString()} tokens`,
+    `Reduction: ${summary.reductionPercent}%`,
+    `Evidence refs: ${summary.evidenceRefCount}`,
+    `Blocked items: ${summary.blockedItemsCount}`,
+    `Retrieval available: ${summary.retrievalAvailable ? "yes" : "no"}`,
+    `Proof impact: ${summary.proofImpact}`
+  ];
+  if (summary.topReasonCodes.length > 0) {
+    lines.push(`Top reasons: ${summary.topReasonCodes.join(", ")}`);
+  }
+  return lines.join("\n");
+}
+function renderContextExplain(summary, diagnostics) {
+  const parts = [
+    renderContextStats(summary),
+    "",
+    "--- Explanation ---",
+    summary.summary
+  ];
+  if (diagnostics.length > 0) {
+    parts.push("", "--- Diagnostics ---");
+    for (const d of diagnostics) {
+      parts.push(`[${d.severity.toUpperCase()}] ${d.code}: ${d.message}`);
+      parts.push(`  Action: ${d.remediation}`);
+    }
+  }
+  return parts.join("\n");
+}
+
+// src/avorelo/kernel/context-control/learn.ts
+var KNOWN_FAILURE_MAPPINGS = [
+  {
+    pattern: /npm publish.*(?:OTP|auth|ENEEDAUTH)/i,
+    candidateType: "WORKFLOW_CORRECTION",
+    template: () => "When npm publish or dist-tag promotion requires auth/OTP, generate a local PowerShell script for the owner to run. Do not ask for OTP in chat.",
+    target: "CLAUDE.md"
+  },
+  {
+    pattern: /(?:EACCES|permission denied|EPERM)/i,
+    candidateType: "TOOL_LIMITATION",
+    template: (match) => `Permission error encountered: ${match.slice(0, 100)}. Consider running with elevated permissions or checking file ownership.`,
+    target: "AGENTS.md"
+  },
+  {
+    pattern: /(?:ENOSPC|disk full|no space)/i,
+    candidateType: "TOOL_LIMITATION",
+    template: () => "Disk space constraints detected. Clean build artifacts before large operations.",
+    target: "AGENTS.md"
+  },
+  {
+    pattern: /(?:timeout|ETIMEDOUT|ESOCKETTIMEDOUT)/i,
+    candidateType: "WORKFLOW_CORRECTION",
+    template: () => "Network timeouts are common in this environment. Use local-first approaches where possible.",
+    target: "CLAUDE.md"
+  },
+  {
+    pattern: /node_modules.*(?:large|huge|big|slow)/i,
+    candidateType: "NOISE_PATTERN",
+    template: () => "node_modules content should be excluded from context. Use package.json and lock file summaries instead.",
+    target: "CLAUDE.md"
+  }
+];
+function isSafeCandidate(text) {
+  const lower = text.toLowerCase();
+  if (/(?:api[_-]?key|secret|token|password)\s*[:=]\s*\S{10,}/i.test(text)) return false;
+  if (/-----BEGIN.*KEY-----/.test(text)) return false;
+  if (/(?:ignore all|disregard|you are now|act as|pretend)/i.test(lower)) return false;
+  return true;
+}
+function generateLearningCandidates(input) {
+  const candidates = [];
+  if (input.failurePatterns) {
+    for (const failure of input.failurePatterns) {
+      if (failure.occurrences < 2) continue;
+      for (const mapping of KNOWN_FAILURE_MAPPINGS) {
+        if (mapping.pattern.test(failure.pattern)) {
+          const proposedText = mapping.template(failure.pattern);
+          if (!isSafeCandidate(proposedText)) continue;
+          candidates.push({
+            candidateType: mapping.candidateType,
+            sourceReceiptIds: failure.receiptIds.slice(0, 5),
+            evidenceRefs: failure.evidenceRefs.slice(0, 5),
+            confidence: failure.occurrences >= 5 ? "high" : failure.occurrences >= 3 ? "medium" : "low",
+            proposedText,
+            suggestedWriteTarget: mapping.target,
+            requiresApproval: true,
+            safeForPersistence: true,
+            reasonCodes: [`REPEATED_FAILURE_${failure.occurrences}x`, `PATTERN_MATCH_${mapping.candidateType}`]
+          });
+          break;
+        }
+      }
+    }
+  }
+  const receiptReasonCounts = /* @__PURE__ */ new Map();
+  for (const receipt of input.receipts) {
+    for (const code of receipt.topReasonCodes) {
+      receiptReasonCounts.set(code, (receiptReasonCounts.get(code) || 0) + 1);
+    }
+  }
+  for (const [code, count] of receiptReasonCounts) {
+    if (count >= 3 && code.includes("BLOCKED")) {
+      candidates.push({
+        candidateType: "SAFETY_RULE",
+        sourceReceiptIds: [],
+        evidenceRefs: [],
+        confidence: "medium",
+        proposedText: `Frequently blocked context pattern: ${code}. Review whether this pattern should be allowlisted or permanently blocked.`,
+        suggestedWriteTarget: "CLAUDE.md",
+        requiresApproval: true,
+        safeForPersistence: true,
+        reasonCodes: [`FREQUENT_BLOCK_${count}x`, code]
+      });
+    }
+  }
+  return {
+    candidates,
+    dryRun: true,
+    filesWritten: 0,
+    summary: candidates.length > 0 ? `Generated ${candidates.length} learning candidate(s). All require explicit approval before writing.` : "No learning candidates generated from current evidence."
+  };
+}
+
+// src/avorelo/kernel/context-control/index.ts
+function selectReducer(item2) {
+  const classification = item2.classification ?? classifyItem(item2);
+  switch (classification.contentType) {
+    case "log":
+      return reduceLogs;
+    case "json_tool_output":
+      return reduceJson;
+    case "file_tree":
+      return reduceFileTree;
+    case "test_output":
+      return reduceTestOutput;
+    case "diff":
+      return reduceDiffSummary;
+    case "conversation_history":
+      return reduceConversation;
+    default:
+      return null;
+  }
+}
+function isForbidden(item2, input) {
+  if (containsForbiddenContent(item2.content)) return true;
+  if (input.forbiddenContext) {
+    for (const pattern of input.forbiddenContext) {
+      if (item2.label.includes(pattern) || item2.content.includes(pattern)) return true;
+    }
+  }
+  return false;
+}
+function isAllowed(item2, input) {
+  if (!input.allowedContext || input.allowedContext.length === 0) return true;
+  return input.allowedContext.some((a) => item2.label.includes(a) || item2.content.includes(a));
+}
+function needsManualApproval(item2, input) {
+  if (input.riskLevel === "critical") return true;
+  const classification = item2.classification ?? classifyItem(item2);
+  if (classification.sensitivity === "secret_like" && input.redactionPolicy === "strict") return true;
+  return false;
+}
+function processContextControl(input) {
+  const classifiedItems = input.items.map((item2) => ({
+    ...item2,
+    classification: item2.classification ?? classifyItem(item2)
+  }));
+  const totalTokensBefore = classifiedItems.reduce((sum, item2) => sum + item2.classification.estimatedTokens, 0);
+  const reducedParts = [];
+  const evidenceRefs = [];
+  const reasonCodes = [];
+  const learningSignals = [];
+  let blockedCount = 0;
+  let overallProofImpact = "PASS";
+  let overallDecision = "ALLOW_AS_IS";
+  let overallReductionKind = "NONE";
+  let anyReduced = false;
+  let anyBlocked = false;
+  for (const item2 of classifiedItems) {
+    if (isForbidden(item2, input)) {
+      blockedCount++;
+      anyBlocked = true;
+      evidenceRefs.push(createBlockedEvidenceRef(item2.classification.contentType, `Forbidden: ${item2.label}`));
+      reasonCodes.push("FORBIDDEN_CONTEXT_BLOCKED");
+      continue;
+    }
+    if (!isAllowed(item2, input)) {
+      blockedCount++;
+      evidenceRefs.push(createBlockedEvidenceRef(item2.classification.contentType, `Not in allowlist: ${item2.label}`));
+      reasonCodes.push("CONTEXT_NOT_IN_ALLOWLIST");
+      continue;
+    }
+    if (needsManualApproval(item2, input)) {
+      blockedCount++;
+      evidenceRefs.push(createBlockedEvidenceRef(item2.classification.contentType, `Requires approval: ${item2.label}`));
+      reasonCodes.push("MANUAL_APPROVAL_REQUIRED");
+      continue;
+    }
+    if (containsSecrets(item2.content)) {
+      blockedCount++;
+      anyBlocked = true;
+      evidenceRefs.push(createBlockedEvidenceRef(item2.classification.contentType, `Secret-like content: ${item2.label}`));
+      reasonCodes.push("SECRET_LIKE_CONTEXT_BLOCKED");
+      continue;
+    }
+    const reducer = selectReducer(item2);
+    if (reducer && item2.classification.estimatedTokens > 200) {
+      const result3 = reducer(item2.content, item2.label);
+      reducedParts.push(result3.reduced);
+      if (result3.evidenceRef) evidenceRefs.push(result3.evidenceRef);
+      reasonCodes.push(...result3.reasonCodes);
+      anyReduced = true;
+      if (result3.proofImpact === "DEGRADED") overallProofImpact = "DEGRADED";
+      if (result3.proofImpact === "UNKNOWN" && overallProofImpact !== "DEGRADED") overallProofImpact = "UNKNOWN";
+    } else {
+      reducedParts.push(item2.content);
+    }
+  }
+  const reducedContent = reducedParts.join("\n\n");
+  const totalTokensAfter = estimateTokens(reducedContent);
+  if (anyBlocked && blockedCount === classifiedItems.length) {
+    overallDecision = "BLOCK_FORBIDDEN_CONTEXT";
+    overallReductionKind = "BLOCKED";
+  } else if (anyBlocked) {
+    overallDecision = "COMPRESS_WITH_EVIDENCE";
+    overallReductionKind = "BLOCKED";
+  } else if (anyReduced) {
+    overallDecision = "COMPRESS_WITH_EVIDENCE";
+    const dominantType = classifiedItems.filter((i) => !isForbidden(i, input)).sort((a, b) => b.classification.estimatedTokens - a.classification.estimatedTokens)[0];
+    if (dominantType) {
+      const typeToKind = {
+        log: "LOG_REDUCTION",
+        json_tool_output: "JSON_REDUCTION",
+        file_tree: "FILE_TREE_REDUCTION",
+        test_output: "TEST_OUTPUT_REDUCTION",
+        diff: "DIFF_SUMMARY",
+        conversation_history: "CONVERSATION_STATE_SUMMARY"
+      };
+      overallReductionKind = typeToKind[dominantType.classification.contentType] ?? "NONE";
+    }
+  }
+  if (totalTokensAfter > input.contextBudget) {
+    reasonCodes.push("CONTEXT_EXCEEDS_BUDGET");
+    if (overallDecision === "ALLOW_AS_IS") overallDecision = "ASK_FOR_NARROWER_SCOPE";
+  }
+  const compressionRatio = totalTokensBefore > 0 ? (totalTokensBefore - totalTokensAfter) / totalTokensBefore : 0;
+  const deduplicatedReasonCodes = [...new Set(reasonCodes)];
+  const cacheAlignment = analyzeCacheAlignment(classifiedItems);
+  const partialResult = {
+    decision: overallDecision,
+    reductionKind: overallReductionKind,
+    reasonCodes: deduplicatedReasonCodes,
+    riskLevel: input.riskLevel ?? "low",
+    safeForModel: !anyBlocked || blockedCount < classifiedItems.length,
+    safeForPersistence: !deduplicatedReasonCodes.includes("SECRET_LIKE_CONTEXT_BLOCKED"),
+    estimatedInputTokensBefore: totalTokensBefore,
+    estimatedInputTokensAfter: totalTokensAfter,
+    compressionRatio,
+    evidenceRefs,
+    blockedItemsCount: blockedCount,
+    retrievalAvailable: evidenceRefs.some((r2) => r2.retrievalPolicy === "available"),
+    proofImpact: overallProofImpact,
+    receiptSafeSummary: null,
+    diagnostics: [],
+    cacheAlignment,
+    learningSignals,
+    reducedContent
+  };
+  partialResult.diagnostics = generateDiagnostics(partialResult);
+  partialResult.receiptSafeSummary = buildReceiptSummary(partialResult);
+  return partialResult;
+}
+
+// src/avorelo/capabilities/runtime-flow/index.ts
+init_redaction();
+function runtimeDir(dir) {
+  return join39(dir, ".avorelo", "runtime");
+}
+function contextDir(dir) {
+  return join39(dir, ".avorelo", "context");
+}
+var SAFE_FALLBACK_FORBIDDEN_ACTIONS = [
+  "persist_raw_prompt",
+  "persist_raw_source",
+  "persist_raw_secret",
+  "model_owns_READY",
+  "model_owns_entitlement",
+  "model_owns_production_readiness",
+  "claim_savings_without_evidence"
+];
+function safeFallbackProjection(reasonCodes, extraVerifierPlan = []) {
+  return {
+    selectedPrimitive: "deterministic_local_read",
+    selectedModelProfile: "none",
+    resolverStatus: reasonCodes.includes("MODEL_ROUTING_VERIFIER_REJECTED") ? "verifier_rejected" : "routing_unavailable",
+    providerClass: "none",
+    fallbackPlan: [],
+    verifierPlan: extraVerifierPlan,
+    reasonCodes,
+    forbiddenActions: [...SAFE_FALLBACK_FORBIDDEN_ACTIONS],
+    modelMayAssist: false,
+    modelMayDecide: false,
+    scannerMayDecide: false,
+    finalDecisionOwner: "kernel/stop-continue-gate",
+    containsRawPrompt: false,
+    containsRawSource: false,
+    containsRawSecret: false
+  };
+}
+function freshRuntimeId(seed) {
+  return "rts_" + createHash13("sha256").update(seed).digest("hex").slice(0, 12);
+}
+function coded(text) {
+  try {
+    return String(redact(text).value).slice(0, 160);
+  } catch {
+    return "redacted";
+  }
+}
+function mergeRuntimeGate(baseGate, actionVerdict) {
+  if (baseGate === "blocked" || actionVerdict === "block") return "blocked";
+  if (baseGate === "require_approval" || actionVerdict === "require_approval" || actionVerdict === "suggest_safer_action") {
+    return "require_approval";
+  }
+  return "allow";
+}
+function isProofAdapter(adapterId) {
+  return adapterId === "semgrep" || adapterId === "playwright-proof" || adapterId === "github-actions";
+}
+function buildProofAdapterReportItems(toolExecution) {
+  const found = [];
+  const verified = [];
+  const needsAttention = [];
+  const metadata = toolExecution.proofMetadata;
+  if (!metadata || !isProofAdapter(toolExecution.selectedAdapter)) return { found, verified, needsAttention };
+  const confidence = metadata.fake ? "inferred" : "measured";
+  if (toolExecution.executionStatus === "executed") {
+    verified.push({
+      code: "PROOF_ADAPTER_EXECUTED",
+      title: "Proof adapter executed",
+      summary: `${toolExecution.selectedAdapter}: ${metadata.summary}`,
+      confidence
+    });
+  } else if (toolExecution.executionStatus === "skipped") {
+    needsAttention.push({
+      code: "PROOF_ADAPTER_SKIPPED",
+      title: "Proof adapter skipped",
+      summary: `${toolExecution.selectedAdapter}: ${toolExecution.reasonCodes.join(",")}`,
+      confidence: "unavailable"
+    });
+  } else if (toolExecution.executionStatus === "failed" || toolExecution.executionStatus === "blocked") {
+    needsAttention.push({
+      code: "PROOF_ADAPTER_NOT_READY",
+      title: "Proof adapter needs attention",
+      summary: `${toolExecution.selectedAdapter}: ${toolExecution.reasonCodes.join(",")}`,
+      confidence
+    });
+  }
+  if (metadata.findingCount > 0) {
+    found.push({
+      code: metadata.adapterClass === "ci_readonly" ? "CI_FINDINGS_SUMMARIZED" : "PROOF_FINDINGS_SUMMARIZED",
+      title: "Summarized proof findings",
+      summary: `${toolExecution.selectedAdapter}: findings=${metadata.findingCount} artifacts=${metadata.artifactCount}`,
+      confidence
+    });
+  }
+  return { found, verified, needsAttention };
+}
+function runRuntimeSession(input) {
+  const { task, dir } = input;
+  const planTier = input.planTier ?? "Free";
+  const now = input.now ?? Date.now();
+  const createdAt = input.createdAt ?? new Date(now).toISOString();
+  const warnings = [];
+  let compiledContextPacket = null;
+  let executorContextPack = null;
+  let plannedToolExecution = null;
+  const routing = decideRouting({ task, dir, planTier });
+  const c = routing.contract;
+  const displayTask = routing.displayTask;
+  const proposalHints = detectProposalHints(displayTask);
+  const entitlementState = resolveSubscriptionEntitlements({ source: "runtime_flow" });
+  const capabilityRoute = buildCapabilityRouteDecision({
+    taskType: c.route === "deterministic_only" ? "docs" : c.route === "blocked" ? "deploy" : "code_generation",
+    riskClass: c.riskClass,
+    proofTier: c.proofTier,
+    approvalPolicy: c.approvalPolicy,
+    proposalHints,
+    paymentTouched: c.safetyBoundary.secretRiskCodes.includes("payment") || /payment|billing|invoice/i.test(displayTask),
+    authTouched: c.safetyBoundary.secretRiskCodes.includes("auth") || /auth|login|session/i.test(displayTask),
+    dashboardTouched: /dashboard|cockpit/i.test(displayTask),
+    publicCopyTouched: /public|pricing|landing/i.test(displayTask),
+    mcpTouched: /mcp|connector|tool config/i.test(displayTask),
+    deepMode: /\bdeep|loop|retry until|autonomous\b/i.test(displayTask),
+    browserAvailable: false,
+    allowedLegacyFeatures: entitlementState.legacyFeatures
+  });
+  const actionWorthiness = evaluateActionWorthiness({
+    objective: displayTask,
+    riskClass: c.riskClass,
+    approvalPolicy: c.approvalPolicy,
+    proposalHints
+  });
+  const workControlSummary = buildWorkControlReceiptSummary(capabilityRoute, actionWorthiness);
   const effectiveGate = mergeRuntimeGate(routing.gate, actionWorthiness.verdict);
   const layers = [{
     order: 1,
@@ -11851,6 +13137,54 @@ function runRuntimeSession(input) {
   } catch {
     base.contextPack = void 0;
   }
+  try {
+    if (compiledContextPacket) {
+      const ccItems = compiledContextPacket.selectedRefs.map((ref2, i) => ({
+        id: `cc_${i}`,
+        label: ref2.label,
+        content: `[${ref2.kind}] ${ref2.label} (${ref2.includeMode}/${ref2.safety})`
+      }));
+      const forbiddenLabels = compiledContextPacket.excludedRefs.map((r2) => r2.label);
+      const budgetMap = { tiny: 4e3, small: 16e3, medium: 5e4, deep: 12e4 };
+      const ccResult = processContextControl({
+        consumerRole: "executor",
+        items: ccItems,
+        contextBudget: budgetMap[compiledContextPacket.contextBudget.targetSize] ?? 5e4,
+        forbiddenContext: forbiddenLabels,
+        redactionPolicy: "standard",
+        riskLevel: c.riskClass === "critical" ? "critical" : c.riskClass
+      });
+      const summary = ccResult.receiptSafeSummary;
+      const status = summary.controlStatus;
+      const ref = (() => {
+        try {
+          const ccDir = join39(dir, ".avorelo", "context-control");
+          mkdirSync24(ccDir, { recursive: true });
+          const p = join39(ccDir, "latest.json");
+          writeFileSync23(p, JSON.stringify(summary, null, 2));
+          return p;
+        } catch {
+          return null;
+        }
+      })();
+      const detail = `status=${status} context=${summary.estimatedContextBefore}\u2192${summary.estimatedContextSent} reduction=${summary.reductionPercent}%`;
+      base.contextControl = {
+        status,
+        estimatedContextBefore: summary.estimatedContextBefore,
+        estimatedContextAfter: summary.estimatedContextSent,
+        reductionPercent: summary.reductionPercent,
+        evidenceRefCount: summary.evidenceRefCount,
+        blockedItemsCount: summary.blockedItemsCount,
+        retrievalAvailable: summary.retrievalAvailable,
+        proofImpact: summary.proofImpact,
+        reasonCodes: summary.reasonCodes,
+        ref
+      };
+      layers.push({ order: 3.5, layer: "context_control", capability: "context-control", status: "completed", ref, detail: coded(detail) });
+    }
+  } catch (e) {
+    layers.push({ order: 3.5, layer: "context_control", capability: "context-control", status: "unavailable", ref: null, detail: coded(errCode(e)) });
+  }
   if (plannedToolExecution) {
     const execCtx = {
       dir,
@@ -12393,6 +13727,18 @@ function buildControlCenter(dir, opts) {
     }
   } catch {
   }
+  const contextControlSection = runtime?.contextControl ? {
+    status: "available",
+    controlStatus: runtime.contextControl.status,
+    estimatedContextBefore: runtime.contextControl.estimatedContextBefore,
+    estimatedContextAfter: runtime.contextControl.estimatedContextAfter,
+    reductionPercent: runtime.contextControl.reductionPercent,
+    evidenceRefCount: runtime.contextControl.evidenceRefCount,
+    blockedItemsCount: runtime.contextControl.blockedItemsCount,
+    retrievalAvailable: runtime.contextControl.retrievalAvailable,
+    proofImpact: runtime.contextControl.proofImpact,
+    reasonCodes: runtime.contextControl.reasonCodes
+  } : { status: "unavailable" };
   const dash = buildLocalDashboard(dir, { now: opts.now, staleWindowMs: opts.staleWindowMs });
   const receiptsSection = {
     total: dash.totals.total,
@@ -12495,6 +13841,7 @@ function buildControlCenter(dir, opts) {
       continuity: continuitySection,
       efficiencySync: efficiencySection,
       contextCheck: contextCheckSection,
+      contextControl: contextControlSection,
       receipts: receiptsSection,
       entitlementGate: entitlementGateSection,
       modelRouting: modelRoutingSection,
@@ -12534,6 +13881,7 @@ function renderText2(m) {
   lines.push(`  Continuity:${s.continuity.status === "available" ? ` ${s.continuity.packetStatus} \xB7 ${s.continuity.safeNextActionCount} next action(s) \xB7 ${s.continuity.proofMissingCount} proof gap(s)` : " none"}`);
   lines.push(`  Sync:      ${s.efficiencySync.status === "available" ? `${s.efficiencySync.mode} \xB7 ${s.efficiencySync.eligibleCount} eligible / ${s.efficiencySync.blockedCount} blocked` : "none"}`);
   lines.push(`  Context:   ${s.contextCheck.status === "available" ? `${s.contextCheck.checkStatus} \xB7 risk=${s.contextCheck.riskLevel} \xB7 ${s.contextCheck.inputsChecked} source(s) \xB7 ${s.contextCheck.findingCount} finding(s) \xB7 policy=${s.contextCheck.policyPresent}` : "none"}`);
+  lines.push(`  Ctx ctrl:  ${s.contextControl.status === "available" ? `${s.contextControl.controlStatus} \xB7 context=${s.contextControl.estimatedContextBefore}\u2192${s.contextControl.estimatedContextAfter} \xB7 reduction=${s.contextControl.reductionPercent}% \xB7 evidence=${s.contextControl.evidenceRefCount} \xB7 blocked=${s.contextControl.blockedItemsCount} \xB7 proof=${s.contextControl.proofImpact}` : "none"}`);
   lines.push(`  Receipts:  ${s.receipts.total} \xB7 done ${s.receipts.done} \xB7 blocked ${s.receipts.blocked} \xB7 needs-attention ${s.receipts.needsAttention} \xB7 stale ${s.receipts.stale}`);
   if (s.modelRouting.status === "available") {
     lines.push(`  Routing:   primitive=${s.modelRouting.selectedPrimitive} profile=${s.modelRouting.selectedModelProfile} resolver=${s.modelRouting.resolverStatus} provider=${s.modelRouting.providerClass}`);
@@ -12613,7 +13961,7 @@ function openControlCenter(dir, opts) {
 }
 
 // src/avorelo/capabilities/activation/init.ts
-import { createHash as createHash13, randomUUID as randomUUID4 } from "node:crypto";
+import { createHash as createHash14, randomUUID as randomUUID4 } from "node:crypto";
 import { existsSync as existsSync41, mkdirSync as mkdirSync26, writeFileSync as writeFileSync25, readFileSync as readFileSync25, statSync as statSync4, accessSync, constants } from "node:fs";
 import { join as join41 } from "node:path";
 var ACTIVATION_V1_CONTRACT = "avorelo.activation.v1";
@@ -12628,7 +13976,7 @@ function activationPath(dir) {
   return join41(avoreloDir(dir), "activation.json");
 }
 function freshActivationId(seed) {
-  return "act_" + createHash13("sha256").update(seed).digest("hex").slice(0, 12);
+  return "act_" + createHash14("sha256").update(seed).digest("hex").slice(0, 12);
 }
 function loadWorkspace(dir) {
   const p = workspacePath(dir);
@@ -12833,14 +14181,14 @@ function renderDogfoodCheck(r2) {
 }
 
 // src/avorelo/capabilities/core-readiness/index.ts
-import { createHash as createHash15 } from "node:crypto";
+import { createHash as createHash16 } from "node:crypto";
 import { existsSync as existsSync43, readFileSync as readFileSync27 } from "node:fs";
 import { join as join43 } from "node:path";
 
 // src/avorelo/capabilities/canonical-readiness/index.ts
 import { existsSync as existsSync42, readFileSync as readFileSync26, readdirSync as readdirSync11, statSync as statSync5 } from "node:fs";
 import { join as join42 } from "node:path";
-import { createHash as createHash14 } from "node:crypto";
+import { createHash as createHash15 } from "node:crypto";
 var FORBIDDEN_CLAIM_PATTERNS = [
   { code: "guaranteed_savings", re: /guaranteed savings|guarantee[sd]? .{0,20}savings/ },
   { code: "zero_leak_guarantee", re: /zero[- ]leak guarantee|guarantee[sd]? .{0,20}no leak|no secret will ever leak/ },
@@ -13046,7 +14394,7 @@ function buildCanonicalReadinessReport(target, opts = {}) {
     contract: "avorelo.canonicalReadiness.v1",
     schemaVersion: 1,
     createdAt,
-    readinessId: "rdy_" + createHash14("sha256").update(`${createdAt}:${result3}:${blockers.length}`).digest("hex").slice(0, 12),
+    readinessId: "rdy_" + createHash15("sha256").update(`${createdAt}:${result3}:${blockers.length}`).digest("hex").slice(0, 12),
     result: result3,
     phaseCoverage,
     oldRepoCapabilityCoverage,
@@ -13239,7 +14587,7 @@ function buildCoreReadiness(opts) {
     contract: CORE_READINESS_CONTRACT,
     schemaVersion: 1,
     createdAt,
-    reportId: "core_" + createHash15("sha256").update(`${createdAt}:${result3}`).digest("hex").slice(0, 12),
+    reportId: "core_" + createHash16("sha256").update(`${createdAt}:${result3}`).digest("hex").slice(0, 12),
     result: result3,
     checks,
     safetyInvariants,
@@ -16076,7 +17424,7 @@ var FORBIDDEN_KEYS2 = /* @__PURE__ */ new Set([
   "rawPath",
   "settings"
 ]);
-var SECRET_PATTERNS2 = [
+var SECRET_PATTERNS3 = [
   /ghp_[A-Za-z0-9]{36}/,
   /gho_[A-Za-z0-9]{36}/,
   /github_pat_[A-Za-z0-9_]{22,}/,
@@ -16122,7 +17470,7 @@ function validateDogfoodLearningPayload(payload) {
 function inspectStringValue(val, key) {
   if (val.length > 256) return { valid: false, code: "value_too_long", detail: `${key}: ${val.length} chars` };
   if (val.includes("\n") && val.split("\n").length > 2) return { valid: false, code: "multiline_value", detail: key };
-  for (const pat of SECRET_PATTERNS2) {
+  for (const pat of SECRET_PATTERNS3) {
     if (pat.test(val)) return { valid: false, code: "secret_pattern", detail: key };
   }
   if (PATH_PATTERN.test(val) && key !== "createdAt") return { valid: false, code: "path_value", detail: key };
@@ -16416,9 +17764,9 @@ function renderPayloadPreview(p) {
 }
 
 // src/avorelo/capabilities/cloud-sync/claim-token.ts
-import { randomBytes, createHash as createHash16 } from "node:crypto";
+import { randomBytes, createHash as createHash17 } from "node:crypto";
 function generateLocalFingerprint(target) {
-  return createHash16("sha256").update(target).digest("hex").slice(0, 16);
+  return createHash17("sha256").update(target).digest("hex").slice(0, 16);
 }
 var CLAIM_EXPIRY_MS = 24 * 60 * 60 * 1e3;
 
@@ -16724,7 +18072,7 @@ function getTelemetryConfig(dir, state) {
 }
 
 // src/avorelo/telemetry/privacy.ts
-import { createHmac as createHmac2, createHash as createHash17, randomUUID as randomUUID9 } from "node:crypto";
+import { createHmac as createHmac2, createHash as createHash18, randomUUID as randomUUID9 } from "node:crypto";
 import { basename as basename4, resolve as resolve4 } from "node:path";
 var FORBIDDEN_FIELD_PATTERNS = [
   /rawprompt/i,
@@ -16883,7 +18231,7 @@ function inferAgentType(commandName) {
 function sanitizeTelemetryEvent(rawEvent, ctx) {
   const unsafeFields = detectUnsafeTelemetryFields(rawEvent);
   const excludedFields = new Set(unsafeFields);
-  const eventId = typeof rawEvent.eventId === "string" && rawEvent.eventId ? rawEvent.eventId : `evt_${createHash17("sha256").update(randomUUID9()).digest("hex").slice(0, 16)}`;
+  const eventId = typeof rawEvent.eventId === "string" && rawEvent.eventId ? rawEvent.eventId : `evt_${createHash18("sha256").update(randomUUID9()).digest("hex").slice(0, 16)}`;
   const occurredAt = typeof rawEvent.occurredAt === "string" && rawEvent.occurredAt ? rawEvent.occurredAt : (/* @__PURE__ */ new Date()).toISOString();
   const repoRoot2 = typeof rawEvent.repoRoot === "string" ? rawEvent.repoRoot : void 0;
   const remoteUrl = typeof rawEvent.remoteUrl === "string" ? rawEvent.remoteUrl : void 0;
@@ -16949,662 +18297,1726 @@ function readJsonl(path) {
     const parsed = safeParseJson(trimmed);
     if (parsed) values.push(parsed);
   }
-  return values;
-}
-function writeJson(path, value) {
-  ensureParent(path);
-  writeFileSync36(path, JSON.stringify(value, null, 2));
-}
-function writeJsonl(path, values) {
-  ensureParent(path);
-  const body = values.map((value) => JSON.stringify(value)).join("\n");
-  writeFileSync36(path, body.length > 0 ? `${body}
-` : "");
+  return values;
+}
+function writeJson(path, value) {
+  ensureParent(path);
+  writeFileSync36(path, JSON.stringify(value, null, 2));
+}
+function writeJsonl(path, values) {
+  ensureParent(path);
+  const body = values.map((value) => JSON.stringify(value)).join("\n");
+  writeFileSync36(path, body.length > 0 ? `${body}
+` : "");
+}
+function ensureTelemetryState(dir, now = Date.now()) {
+  const paths = getTelemetryConfig(dir, buildTelemetryState(now));
+  if (existsSync60(paths.statePath)) {
+    const parsed = safeParseJson(readFileSync44(paths.statePath, "utf8"));
+    if (parsed?.contract === "avorelo.telemetry.state.v1") return parsed;
+  }
+  const created = buildTelemetryState(now);
+  writeTelemetryState(dir, created);
+  return created;
+}
+function readTelemetryState(dir) {
+  return ensureTelemetryState(dir);
+}
+function writeTelemetryState(dir, state) {
+  const paths = getTelemetryConfig(dir, state);
+  state.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+  writeJson(paths.statePath, state);
+}
+function appendTelemetryEvent(dir, event) {
+  const state = ensureTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  ensureParent(config2.eventsPath);
+  appendFileSync10(config2.eventsPath, `${JSON.stringify(event)}
+`);
+}
+function readTelemetryEvents(dir) {
+  const state = ensureTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  return readJsonl(config2.eventsPath);
+}
+function readTelemetryQueue(dir) {
+  const state = ensureTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  return readJsonl(config2.queuePath);
+}
+function writeTelemetryQueue(dir, records) {
+  const state = ensureTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  writeJsonl(config2.queuePath, records);
+}
+function writeStoredTelemetryRollups(dir, rollups) {
+  const state = ensureTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  writeJson(config2.rollupsPath, rollups);
+}
+
+// src/avorelo/telemetry/queue.ts
+import { randomUUID as randomUUID10 } from "node:crypto";
+var BACKOFF_MS = [
+  15 * 60 * 1e3,
+  60 * 60 * 1e3,
+  6 * 60 * 60 * 1e3,
+  24 * 60 * 60 * 1e3
+];
+function nextRetryDelayMs(attempts) {
+  return BACKOFF_MS[Math.min(Math.max(attempts - 1, 0), BACKOFF_MS.length - 1)];
+}
+function enqueueTelemetryEvent(dir, event, now = Date.now()) {
+  const queue = readTelemetryQueue(dir);
+  const record = {
+    schemaVersion: "avorelo.telemetry.queue.v1",
+    queueId: `queue_${randomUUID10().replace(/-/g, "").slice(0, 16)}`,
+    event,
+    enqueuedAt: new Date(now).toISOString(),
+    nextAttemptAt: new Date(now).toISOString(),
+    attempts: 0,
+    sentAt: null,
+    quarantinedAt: null,
+    lastErrorCode: null
+  };
+  queue.push(record);
+  writeTelemetryQueue(dir, queue);
+  return record;
+}
+function getQueuedTelemetryEvents(dir, now = Date.now()) {
+  return readTelemetryQueue(dir).filter((record) => !record.sentAt && !record.quarantinedAt && Date.parse(record.nextAttemptAt) <= now);
+}
+function countQueuedTelemetryEvents(dir) {
+  return readTelemetryQueue(dir).filter((record) => !record.sentAt && !record.quarantinedAt).length;
+}
+function markTelemetryBatchSent(dir, queueIds, sentAt = (/* @__PURE__ */ new Date()).toISOString()) {
+  const queue = readTelemetryQueue(dir).map((record) => queueIds.includes(record.queueId) ? { ...record, sentAt, lastErrorCode: null } : record);
+  writeTelemetryQueue(dir, queue);
+}
+function markTelemetryBatchRetry(dir, queueIds, errorCode, now = Date.now()) {
+  const queue = readTelemetryQueue(dir).map((record) => {
+    if (!queueIds.includes(record.queueId)) return record;
+    const attempts = record.attempts + 1;
+    return {
+      ...record,
+      attempts,
+      lastErrorCode: errorCode,
+      nextAttemptAt: new Date(now + nextRetryDelayMs(attempts)).toISOString()
+    };
+  });
+  writeTelemetryQueue(dir, queue);
+}
+function quarantineTelemetryBatch(dir, queueIds, errorCode, now = Date.now()) {
+  const quarantinedAt = new Date(now).toISOString();
+  const queue = readTelemetryQueue(dir).map((record) => queueIds.includes(record.queueId) ? { ...record, lastErrorCode: errorCode, quarantinedAt } : record);
+  writeTelemetryQueue(dir, queue);
+}
+
+// src/avorelo/telemetry/rollups.ts
+function nowIso2() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function periodStart(period, now = Date.now()) {
+  switch (period) {
+    case "24h":
+      return now - 24 * 60 * 60 * 1e3;
+    case "7d":
+      return now - 7 * 24 * 60 * 60 * 1e3;
+    case "30d":
+      return now - 30 * 24 * 60 * 60 * 1e3;
+    case "90d":
+      return now - 90 * 24 * 60 * 60 * 1e3;
+  }
+}
+function filterByPeriod(events, period, now = Date.now()) {
+  const start = periodStart(period, now);
+  return events.filter((event) => {
+    const ts = Date.parse(event.occurredAt);
+    return Number.isFinite(ts) && ts >= start && ts <= now;
+  });
+}
+function countEvents(events, name) {
+  return events.filter((event) => event.eventName === name).length;
+}
+function uniqueCount(events, selector) {
+  const values = /* @__PURE__ */ new Set();
+  for (const event of events) {
+    const value = selector(event);
+    if (value) values.add(value);
+  }
+  return values.size;
+}
+function rate(numerator, denominator) {
+  if (denominator <= 0) return 0;
+  return Number((numerator / denominator).toFixed(4));
+}
+function weekStart(iso) {
+  const date = new Date(iso);
+  const day = (date.getUTCDay() + 6) % 7;
+  date.setUTCDate(date.getUTCDate() - day);
+  date.setUTCHours(0, 0, 0, 0);
+  return date.toISOString();
+}
+function buildWeeklyTrend(events) {
+  const weekly = /* @__PURE__ */ new Map();
+  for (const event of events) {
+    if (event.eventName !== "controlled_session_completed" && event.eventName !== "controlled_session_blocked") continue;
+    const key = weekStart(event.occurredAt);
+    const bucket = weekly.get(key) ?? { controlledSessions: 0, activeRepos: /* @__PURE__ */ new Set() };
+    bucket.controlledSessions += 1;
+    if (event.repoFingerprint) bucket.activeRepos.add(event.repoFingerprint);
+    weekly.set(key, bucket);
+  }
+  return Array.from(weekly.entries()).sort(([a], [b]) => a.localeCompare(b)).slice(-12).map(([start, value]) => ({
+    weekStart: start,
+    controlledSessions: value.controlledSessions,
+    activeRepos: value.activeRepos.size
+  }));
 }
-function ensureTelemetryState(dir, now = Date.now()) {
-  const paths = getTelemetryConfig(dir, buildTelemetryState(now));
-  if (existsSync60(paths.statePath)) {
-    const parsed = safeParseJson(readFileSync44(paths.statePath, "utf8"));
-    if (parsed?.contract === "avorelo.telemetry.state.v1") return parsed;
+function returningAfterDays(events, days) {
+  const byInstallation = /* @__PURE__ */ new Map();
+  for (const event of events) {
+    if (!event.anonymousInstallationId) continue;
+    const list = byInstallation.get(event.anonymousInstallationId) ?? [];
+    list.push(event.occurredAt);
+    byInstallation.set(event.anonymousInstallationId, list);
   }
-  const created = buildTelemetryState(now);
-  writeTelemetryState(dir, created);
-  return created;
+  let count = 0;
+  const thresholdMs = days * 24 * 60 * 60 * 1e3;
+  for (const timestamps of byInstallation.values()) {
+    const sorted = timestamps.map((ts) => Date.parse(ts)).filter(Number.isFinite).sort((a, b) => a - b);
+    if (sorted.length < 2) continue;
+    if (sorted[sorted.length - 1] - sorted[0] >= thresholdMs) count++;
+  }
+  return count;
 }
-function readTelemetryState(dir) {
-  return ensureTelemetryState(dir);
+function retainedWeeks(events, weeks, kind) {
+  const byKey = /* @__PURE__ */ new Map();
+  for (const event of events) {
+    const key = kind === "repo" ? event.repoFingerprint : event.anonymousInstallationId;
+    if (!key) continue;
+    const weeksSeen = byKey.get(key) ?? /* @__PURE__ */ new Set();
+    weeksSeen.add(weekStart(event.occurredAt));
+    byKey.set(key, weeksSeen);
+  }
+  let count = 0;
+  for (const weeksSeen of byKey.values()) {
+    if (weeksSeen.size >= weeks) count++;
+  }
+  return count;
 }
-function writeTelemetryState(dir, state) {
-  const paths = getTelemetryConfig(dir, state);
-  state.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
-  writeJson(paths.statePath, state);
+function providerCounts(events, selector) {
+  const counts = {};
+  for (const event of events) {
+    const value = selector(event);
+    if (!value) continue;
+    counts[value] = (counts[value] ?? 0) + 1;
+  }
+  return counts;
 }
-function appendTelemetryEvent(dir, event) {
-  const state = ensureTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  ensureParent(config2.eventsPath);
-  appendFileSync10(config2.eventsPath, `${JSON.stringify(event)}
-`);
+function computeTelemetrySummary(events, state, period, now = Date.now()) {
+  const scoped = filterByPeriod(events, period, now);
+  const weeklyTrend = buildWeeklyTrend(events);
+  const latestWeek = weeklyTrend[weeklyTrend.length - 1];
+  const previousWeek = weeklyTrend[weeklyTrend.length - 2];
+  const completedSessions = countEvents(scoped, "controlled_session_completed");
+  const failedSessions = countEvents(scoped, "controlled_session_failed");
+  const blockedSessions = countEvents(scoped, "controlled_session_blocked");
+  const startedSessions = countEvents(scoped, "controlled_session_started");
+  const controlledSessions = Math.max(startedSessions, completedSessions + failedSessions + blockedSessions);
+  const receiptsGenerated = countEvents(scoped, "receipt_generated") + countEvents(scoped, "first_receipt_created");
+  const receiptsOpened = countEvents(scoped, "receipt_opened") + countEvents(scoped, "first_open_used");
+  const activeRepos = uniqueCount(scoped, (event) => event.repoFingerprint);
+  const claimStarted = countEvents(scoped, "claim_started");
+  const claimCompleted = countEvents(scoped, "claim_completed");
+  const prLinkedReceipts = countEvents(scoped, "receipt_linked_to_pr");
+  return {
+    period,
+    generatedAt: nowIso2(),
+    telemetryMode: state.modeOverride ?? "default_cloud",
+    lastUploadAt: state.lastUploadAt,
+    privacy: {
+      rawCodeCollected: 0,
+      rawPromptsCollected: 0,
+      rawDiffsCollected: 0,
+      secretsCollected: 0,
+      envVarsCollected: 0,
+      terminalOutputCollected: 0,
+      unsafePayloadsRejected: state.unsafePayloadsRejected,
+      telemetryBatchesAccepted: state.acceptedBatches,
+      telemetryBatchesRejected: state.rejectedBatches
+    },
+    topCards: {
+      controlledSessions,
+      completedSessions,
+      failedSessions,
+      blockedSessions,
+      activeRepos,
+      receiptsGenerated,
+      receiptsOpened,
+      returningRepos4w: retainedWeeks(events, 4, "repo"),
+      prLinkedReceipts,
+      gatesTriggered: countEvents(scoped, "approval_gate_required") + countEvents(scoped, "unsafe_action_blocked"),
+      claimConversion: claimStarted > 0 ? Number((claimCompleted / claimStarted).toFixed(4)) : 0
+    },
+    northStar: {
+      weeklyControlledAgentWorkSessionsInActiveRepos: latestWeek?.controlledSessions ?? 0,
+      sessionsPerActiveRepo: activeRepos > 0 ? Number((completedSessions + blockedSessions) / activeRepos) : 0,
+      weekOverWeekGrowth: latestWeek && previousWeek && previousWeek.controlledSessions > 0 ? Number(((latestWeek.controlledSessions - previousWeek.controlledSessions) / previousWeek.controlledSessions).toFixed(4)) : null,
+      twelveWeekTrend: weeklyTrend
+    },
+    activation: {
+      firstCommand: countEvents(scoped, "first_command_run"),
+      firstReceipt: countEvents(scoped, "first_receipt_created"),
+      firstOpen: countEvents(scoped, "first_open_used"),
+      secondSession: countEvents(scoped, "controlled_session_completed") + countEvents(scoped, "controlled_session_failed") + countEvents(scoped, "controlled_session_blocked"),
+      resumeFromReceipt: countEvents(scoped, "receipt_used_for_resume")
+    },
+    retention: {
+      d1ReturningInstallations: returningAfterDays(events, 1),
+      d7ReturningInstallations: returningAfterDays(events, 7),
+      d28ReturningInstallations: returningAfterDays(events, 28),
+      w1RetainedRepos: retainedWeeks(events, 1, "repo"),
+      w2RetainedRepos: retainedWeeks(events, 2, "repo"),
+      w4RetainedRepos: retainedWeeks(events, 4, "repo"),
+      w1RetainedInstallations: retainedWeeks(events, 1, "installation"),
+      w2RetainedInstallations: retainedWeeks(events, 2, "installation"),
+      w4RetainedInstallations: retainedWeeks(events, 4, "installation"),
+      fourWeekRetainedRepos: retainedWeeks(events, 4, "repo"),
+      fourWeekRetainedInstallations: retainedWeeks(events, 4, "installation")
+    },
+    receipts: {
+      generated: receiptsGenerated,
+      opened: receiptsOpened,
+      exported: countEvents(scoped, "receipt_exported"),
+      resumeUsed: countEvents(scoped, "receipt_used_for_resume"),
+      reviewUsed: countEvents(scoped, "receipt_used_for_review"),
+      prLinked: prLinkedReceipts,
+      openRate: rate(receiptsOpened, receiptsGenerated),
+      resumeRate: rate(countEvents(scoped, "receipt_used_for_resume"), receiptsGenerated),
+      reviewRate: rate(countEvents(scoped, "receipt_used_for_review"), receiptsGenerated),
+      exportRate: rate(countEvents(scoped, "receipt_exported"), receiptsGenerated),
+      prLinkRate: rate(prLinkedReceipts, receiptsGenerated)
+    },
+    workControl: {
+      approvalGates: countEvents(scoped, "approval_gate_required") + countEvents(scoped, "approval_gate_passed") + countEvents(scoped, "approval_gate_rejected"),
+      unsafeActionsBlocked: countEvents(scoped, "unsafe_action_blocked"),
+      secretRisksDetected: countEvents(scoped, "secret_risk_detected"),
+      policyEvents: countEvents(scoped, "policy_config_created") + countEvents(scoped, "policy_config_updated"),
+      blockedSessions
+    },
+    integrations: {
+      gitProviders: providerCounts(scoped, (event) => event.gitProvider),
+      ciProviders: providerCounts(scoped, (event) => event.ciProvider),
+      prContextDetected: countEvents(scoped, "pr_context_detected"),
+      prReceiptAttached: countEvents(scoped, "pr_receipt_attached"),
+      ciChecksCreated: countEvents(scoped, "ci_check_created"),
+      ciChecksPassed: countEvents(scoped, "ci_check_passed"),
+      ciChecksFailed: countEvents(scoped, "ci_check_failed"),
+      jiraIssuesLinked: countEvents(scoped, "jira_issue_linked")
+    },
+    commercialIntent: {
+      pricingViews: countEvents(scoped, "pricing_viewed"),
+      proLimitReached: countEvents(scoped, "pro_limit_reached"),
+      teamLimitReached: countEvents(scoped, "team_limit_reached"),
+      claimStarted,
+      claimCompleted,
+      teamInviteStarted: countEvents(scoped, "team_invite_started"),
+      ssoInterest: countEvents(scoped, "sso_interest"),
+      enterpriseWaitlistJoined: countEvents(scoped, "enterprise_waitlist_joined"),
+      teamAdminInterest: countEvents(scoped, "team_admin_interest")
+    }
+  };
 }
-function readTelemetryEvents(dir) {
-  const state = ensureTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  return readJsonl(config2.eventsPath);
+function buildStoredTelemetryRollups(events, state, now = Date.now()) {
+  return {
+    schemaVersion: "avorelo.telemetry.rollups.v1",
+    generatedAt: new Date(now).toISOString(),
+    summaries: {
+      "24h": computeTelemetrySummary(events, state, "24h", now),
+      "7d": computeTelemetrySummary(events, state, "7d", now),
+      "30d": computeTelemetrySummary(events, state, "30d", now),
+      "90d": computeTelemetrySummary(events, state, "90d", now)
+    }
+  };
 }
-function readTelemetryQueue(dir) {
-  const state = ensureTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  return readJsonl(config2.queuePath);
+
+// src/avorelo/telemetry/events.ts
+function refreshRollups(dir) {
+  const state = readTelemetryState(dir);
+  const events = readTelemetryEvents(dir);
+  writeStoredTelemetryRollups(dir, buildStoredTelemetryRollups(events, state));
 }
-function writeTelemetryQueue(dir, records) {
-  const state = ensureTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  writeJsonl(config2.queuePath, records);
+function shouldQueue(event) {
+  return event.eventName !== "telemetry_batch_sent" && event.eventName !== "telemetry_batch_failed";
 }
-function writeStoredTelemetryRollups(dir, rollups) {
-  const state = ensureTelemetryState(dir);
+function recordTelemetryEvent(dir, rawEvent) {
+  const state = readTelemetryState(dir);
   const config2 = getTelemetryConfig(dir, state);
-  writeJson(config2.rollupsPath, rollups);
-}
-
-// src/avorelo/telemetry/queue.ts
-import { randomUUID as randomUUID10 } from "node:crypto";
-var BACKOFF_MS = [
-  15 * 60 * 1e3,
-  60 * 60 * 1e3,
-  6 * 60 * 60 * 1e3,
-  24 * 60 * 60 * 1e3
-];
-function nextRetryDelayMs(attempts) {
-  return BACKOFF_MS[Math.min(Math.max(attempts - 1, 0), BACKOFF_MS.length - 1)];
-}
-function enqueueTelemetryEvent(dir, event, now = Date.now()) {
-  const queue = readTelemetryQueue(dir);
-  const record = {
-    schemaVersion: "avorelo.telemetry.queue.v1",
-    queueId: `queue_${randomUUID10().replace(/-/g, "").slice(0, 16)}`,
-    event,
-    enqueuedAt: new Date(now).toISOString(),
-    nextAttemptAt: new Date(now).toISOString(),
-    attempts: 0,
-    sentAt: null,
-    quarantinedAt: null,
-    lastErrorCode: null
+  if (!config2.enabled || config2.mode === "off") {
+    return { ok: false, queued: false, excludedFields: [], unsafeFields: [], reason: "telemetry_disabled" };
+  }
+  const mode = config2.mode === "claimed_team" ? "claimed_team" : config2.mode === "local_only" ? "local_only" : "default_cloud";
+  const sanitized = sanitizeTelemetryEvent(rawEvent, {
+    appVersion: config2.appVersion,
+    mode,
+    anonymousInstallationId: config2.anonymousInstallationId,
+    anonymousWorkspaceId: config2.anonymousWorkspaceId,
+    anonymousTeamId: config2.anonymousTeamId,
+    osFamily: config2.osFamily,
+    salt: state.installationSalt
+  });
+  appendTelemetryEvent(dir, sanitized.event);
+  let queued = false;
+  if (shouldQueue(sanitized.event) && config2.mode !== "local_only" && config2.endpointUrl) {
+    enqueueTelemetryEvent(dir, sanitized.event);
+    state.lastQueuedAt = (/* @__PURE__ */ new Date()).toISOString();
+    writeTelemetryState(dir, state);
+    queued = true;
+  }
+  refreshRollups(dir);
+  return {
+    ok: true,
+    queued,
+    event: sanitized.event,
+    excludedFields: sanitized.excludedFields,
+    unsafeFields: sanitized.unsafeFields
   };
-  queue.push(record);
-  writeTelemetryQueue(dir, queue);
-  return record;
 }
-function getQueuedTelemetryEvents(dir, now = Date.now()) {
-  return readTelemetryQueue(dir).filter((record) => !record.sentAt && !record.quarantinedAt && Date.parse(record.nextAttemptAt) <= now);
+function disableTelemetry(dir, mode = "off") {
+  const state = readTelemetryState(dir);
+  state.modeOverride = mode;
+  writeTelemetryState(dir, state);
 }
-function countQueuedTelemetryEvents(dir) {
-  return readTelemetryQueue(dir).filter((record) => !record.sentAt && !record.quarantinedAt).length;
+function setTelemetryMode(dir, mode) {
+  const state = readTelemetryState(dir);
+  state.modeOverride = mode;
+  writeTelemetryState(dir, state);
 }
-function markTelemetryBatchSent(dir, queueIds, sentAt = (/* @__PURE__ */ new Date()).toISOString()) {
-  const queue = readTelemetryQueue(dir).map((record) => queueIds.includes(record.queueId) ? { ...record, sentAt, lastErrorCode: null } : record);
-  writeTelemetryQueue(dir, queue);
+
+// src/avorelo/telemetry/telemetry-status.ts
+function buildTelemetryStatus(dir) {
+  const state = readTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  return {
+    defaultOn: true,
+    enabled: config2.enabled,
+    mode: config2.mode,
+    lastUpload: state.lastUploadAt,
+    queuedEventCount: countQueuedTelemetryEvents(dir),
+    collected: [
+      "Anonymized installation/workspace/team identifiers",
+      "Repo fingerprints",
+      "Command names and safe status buckets",
+      "Receipt, session, and integration metadata",
+      "Work-control and commercial intent event counts"
+    ],
+    neverCollected: [
+      "Source code",
+      "Raw prompts",
+      "Raw diffs or patches",
+      "Secrets or tokens",
+      "Env var values",
+      "Terminal output",
+      "Repo names",
+      "Org names",
+      "Remote URLs",
+      "Absolute file paths",
+      "Emails and usernames"
+    ],
+    disableInstructions: [
+      "AVORELO_TELEMETRY=off",
+      "avorelo telemetry disable",
+      "avorelo config set telemetry.mode local-only"
+    ]
+  };
 }
-function markTelemetryBatchRetry(dir, queueIds, errorCode, now = Date.now()) {
-  const queue = readTelemetryQueue(dir).map((record) => {
-    if (!queueIds.includes(record.queueId)) return record;
-    const attempts = record.attempts + 1;
-    return {
-      ...record,
-      attempts,
-      lastErrorCode: errorCode,
-      nextAttemptAt: new Date(now + nextRetryDelayMs(attempts)).toISOString()
-    };
+function renderTelemetryStatus(status) {
+  return [
+    "Avorelo Telemetry Status",
+    "  Telemetry is on by default: true",
+    `  Enabled:       ${status.enabled}`,
+    `  Mode:          ${status.mode}`,
+    `  Last upload:   ${status.lastUpload ?? "never"}`,
+    `  Queued events: ${status.queuedEventCount}`,
+    "",
+    "  Collected:",
+    ...status.collected.map((line) => `    - ${line}`),
+    "",
+    "  Never collected:",
+    ...status.neverCollected.map((line) => `    - ${line}`),
+    "",
+    "  Disable/local-only:",
+    ...status.disableInstructions.map((line) => `    ${line}`),
+    ""
+  ].join("\n");
+}
+
+// src/avorelo/telemetry/telemetry-preview.ts
+function buildTelemetryPreview(dir) {
+  const state = readTelemetryState(dir);
+  state.lastPreviewAt = (/* @__PURE__ */ new Date()).toISOString();
+  writeTelemetryState(dir, state);
+  const config2 = getTelemetryConfig(dir, state);
+  const samplePayload = sanitizeTelemetryEvent({
+    eventName: "controlled_session_completed",
+    commandName: "run",
+    durationMs: 42e3,
+    repoRoot: dir,
+    repoName: "demo-private-repo",
+    remoteUrl: "https://github.com/acme/private-demo",
+    sessionId: "session-local-123",
+    receiptId: "receipt-local-456",
+    rawPrompt: "write code",
+    sourceCode: "const secret = process.env.API_KEY;",
+    errorMessage: "network timeout while syncing"
+  }, {
+    appVersion: config2.appVersion,
+    mode: config2.mode === "claimed_team" ? "claimed_team" : config2.mode === "local_only" ? "local_only" : "default_cloud",
+    anonymousInstallationId: config2.anonymousInstallationId,
+    anonymousWorkspaceId: config2.anonymousWorkspaceId,
+    anonymousTeamId: config2.anonymousTeamId,
+    osFamily: config2.osFamily,
+    salt: state.installationSalt
   });
-  writeTelemetryQueue(dir, queue);
+  return {
+    samplePayload,
+    excludedSensitiveFields: samplePayload.excludedFields
+  };
 }
-function quarantineTelemetryBatch(dir, queueIds, errorCode, now = Date.now()) {
-  const quarantinedAt = new Date(now).toISOString();
-  const queue = readTelemetryQueue(dir).map((record) => queueIds.includes(record.queueId) ? { ...record, lastErrorCode: errorCode, quarantinedAt } : record);
-  writeTelemetryQueue(dir, queue);
+function renderTelemetryPreview(preview) {
+  return [
+    "Avorelo Telemetry Preview",
+    "  Sample safe payload:",
+    JSON.stringify(preview.samplePayload.event, null, 2),
+    "",
+    "  Excluded sensitive fields:",
+    ...preview.excludedSensitiveFields.map((field) => `    - ${field}`),
+    "",
+    "  No source, prompts, diffs, secrets, env values, terminal output, repo names, or org names are included.",
+    ""
+  ].join("\n");
 }
 
-// src/avorelo/telemetry/rollups.ts
-function nowIso2() {
-  return (/* @__PURE__ */ new Date()).toISOString();
-}
-function periodStart(period, now = Date.now()) {
-  switch (period) {
-    case "24h":
-      return now - 24 * 60 * 60 * 1e3;
-    case "7d":
-      return now - 7 * 24 * 60 * 60 * 1e3;
-    case "30d":
-      return now - 30 * 24 * 60 * 60 * 1e3;
-    case "90d":
-      return now - 90 * 24 * 60 * 60 * 1e3;
+// src/avorelo/telemetry/integration-detection.ts
+import { existsSync as existsSync61, readFileSync as readFileSync45 } from "node:fs";
+import { join as join60 } from "node:path";
+function detectGitProviderFromConfig(dir) {
+  const configPath = join60(dir, ".git", "config");
+  if (!existsSync61(configPath)) return "unknown";
+  try {
+    const content = readFileSync45(configPath, "utf8").toLowerCase();
+    if (content.includes("github.com")) return "github";
+    if (content.includes("gitlab.com")) return "gitlab";
+    if (content.includes("bitbucket.org")) return "bitbucket";
+    return "local";
+  } catch {
+    return "unknown";
   }
 }
-function filterByPeriod(events, period, now = Date.now()) {
-  const start = periodStart(period, now);
-  return events.filter((event) => {
-    const ts = Date.parse(event.occurredAt);
-    return Number.isFinite(ts) && ts >= start && ts <= now;
-  });
-}
-function countEvents(events, name) {
-  return events.filter((event) => event.eventName === name).length;
+function detectCiProvider(dir) {
+  if (existsSync61(join60(dir, ".github", "workflows"))) return "github_actions";
+  if (existsSync61(join60(dir, ".gitlab-ci.yml"))) return "gitlab_ci";
+  if (existsSync61(join60(dir, ".circleci", "config.yml"))) return "circle";
+  if (existsSync61(join60(dir, "Jenkinsfile"))) return "jenkins";
+  return "unknown";
 }
-function uniqueCount(events, selector) {
-  const values = /* @__PURE__ */ new Set();
-  for (const event of events) {
-    const value = selector(event);
-    if (value) values.add(value);
+function detectRepoVisibility(dir) {
+  const configPath = join60(dir, ".git", "config");
+  if (!existsSync61(configPath)) return "unknown";
+  try {
+    const content = readFileSync45(configPath, "utf8").toLowerCase();
+    if (content.includes("github.com")) {
+      return content.includes("/public") ? "public" : "private";
+    }
+    return "unknown";
+  } catch {
+    return "unknown";
   }
-  return values.size;
 }
-function rate(numerator, denominator) {
-  if (denominator <= 0) return 0;
-  return Number((numerator / denominator).toFixed(4));
+function detectIntegrations(dir) {
+  return {
+    gitProvider: detectGitProviderFromConfig(dir),
+    ciProvider: detectCiProvider(dir),
+    repoVisibility: detectRepoVisibility(dir)
+  };
 }
-function weekStart(iso) {
-  const date = new Date(iso);
-  const day = (date.getUTCDay() + 6) % 7;
-  date.setUTCDate(date.getUTCDate() - day);
-  date.setUTCHours(0, 0, 0, 0);
-  return date.toISOString();
+
+// src/avorelo/telemetry/sender.ts
+import { randomUUID as randomUUID11 } from "node:crypto";
+function buildBatch(dir, limit) {
+  const state = readTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  const records = getQueuedTelemetryEvents(dir).slice(0, limit);
+  if (records.length === 0) return { batch: null, queueIds: [] };
+  return {
+    batch: {
+      schemaVersion: "avorelo.telemetry.batch.v1",
+      batchId: `batch_${randomUUID11().replace(/-/g, "").slice(0, 16)}`,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      appVersion: config2.appVersion,
+      anonymousInstallationId: config2.anonymousInstallationId,
+      events: records.map((record) => record.event),
+      privacy: {
+        rawCodeIncluded: false,
+        rawPromptsIncluded: false,
+        rawDiffsIncluded: false,
+        secretsIncluded: false,
+        envIncluded: false,
+        terminalOutputIncluded: false
+      }
+    },
+    queueIds: records.map((record) => record.queueId)
+  };
+}
+function appendTransportEvent(dir, eventName, errorClass) {
+  const state = readTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  appendTelemetryEvent(dir, {
+    schemaVersion: "avorelo.telemetry.v1",
+    eventId: `evt_${randomUUID11().replace(/-/g, "").slice(0, 16)}`,
+    occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
+    eventName,
+    mode: config2.mode === "claimed_team" ? "claimed_team" : config2.mode === "local_only" ? "local_only" : "default_cloud",
+    anonymousInstallationId: config2.anonymousInstallationId,
+    anonymousWorkspaceId: config2.anonymousWorkspaceId ?? void 0,
+    anonymousTeamId: config2.anonymousTeamId ?? void 0,
+    appVersion: config2.appVersion,
+    osFamily: config2.osFamily,
+    errorClass
+  });
 }
-function buildWeeklyTrend(events) {
-  const weekly = /* @__PURE__ */ new Map();
-  for (const event of events) {
-    if (event.eventName !== "controlled_session_completed" && event.eventName !== "controlled_session_blocked") continue;
-    const key = weekStart(event.occurredAt);
-    const bucket = weekly.get(key) ?? { controlledSessions: 0, activeRepos: /* @__PURE__ */ new Set() };
-    bucket.controlledSessions += 1;
-    if (event.repoFingerprint) bucket.activeRepos.add(event.repoFingerprint);
-    weekly.set(key, bucket);
+async function sendDueTelemetry(dir, opts) {
+  const state = readTelemetryState(dir);
+  const config2 = getTelemetryConfig(dir, state);
+  const queuedCount = countQueuedTelemetryEvents(dir);
+  if (!config2.enabled || config2.mode === "off") {
+    return { attempted: false, sent: false, reason: "telemetry_disabled", queuedCount };
   }
-  return Array.from(weekly.entries()).sort(([a], [b]) => a.localeCompare(b)).slice(-12).map(([start, value]) => ({
-    weekStart: start,
-    controlledSessions: value.controlledSessions,
-    activeRepos: value.activeRepos.size
-  }));
-}
-function returningAfterDays(events, days) {
-  const byInstallation = /* @__PURE__ */ new Map();
-  for (const event of events) {
-    if (!event.anonymousInstallationId) continue;
-    const list = byInstallation.get(event.anonymousInstallationId) ?? [];
-    list.push(event.occurredAt);
-    byInstallation.set(event.anonymousInstallationId, list);
+  if (config2.mode === "local_only" || !config2.endpointUrl) {
+    return { attempted: false, sent: false, reason: "local_only_or_no_endpoint", queuedCount };
   }
-  let count = 0;
-  const thresholdMs = days * 24 * 60 * 60 * 1e3;
-  for (const timestamps of byInstallation.values()) {
-    const sorted = timestamps.map((ts) => Date.parse(ts)).filter(Number.isFinite).sort((a, b) => a - b);
-    if (sorted.length < 2) continue;
-    if (sorted[sorted.length - 1] - sorted[0] >= thresholdMs) count++;
+  const now = opts?.now ?? Date.now();
+  const lastUploadMs = state.lastUploadAt ? Date.parse(state.lastUploadAt) : 0;
+  const dueByInterval = lastUploadMs === 0 || now - lastUploadMs >= config2.uploadIntervalMs;
+  const dueByQueueSize = queuedCount >= config2.batchSize;
+  const dueByOpportunistic = lastUploadMs === 0 || now - lastUploadMs >= config2.opportunisticIntervalMs;
+  if (!opts?.force && !dueByInterval && !dueByQueueSize && !dueByOpportunistic) {
+    return { attempted: false, sent: false, reason: "not_due", queuedCount };
   }
-  return count;
-}
-function retainedWeeks(events, weeks, kind) {
-  const byKey = /* @__PURE__ */ new Map();
-  for (const event of events) {
-    const key = kind === "repo" ? event.repoFingerprint : event.anonymousInstallationId;
-    if (!key) continue;
-    const weeksSeen = byKey.get(key) ?? /* @__PURE__ */ new Set();
-    weeksSeen.add(weekStart(event.occurredAt));
-    byKey.set(key, weeksSeen);
+  const { batch, queueIds } = buildBatch(dir, config2.batchSize);
+  if (!batch || queueIds.length === 0) {
+    return { attempted: false, sent: false, reason: "queue_empty", queuedCount };
   }
-  let count = 0;
-  for (const weeksSeen of byKey.values()) {
-    if (weeksSeen.size >= weeks) count++;
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), TELEMETRY_TIMEOUT_MS);
+  try {
+    const response = await fetch(config2.endpointUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(batch),
+      signal: controller.signal
+    });
+    clearTimeout(timeout);
+    if (response.ok) {
+      markTelemetryBatchSent(dir, queueIds, new Date(now).toISOString());
+      state.lastUploadAt = new Date(now).toISOString();
+      state.lastBatchId = batch.batchId;
+      state.lastBatchFailureAt = null;
+      state.lastBatchFailureCode = null;
+      state.acceptedBatches += 1;
+      writeTelemetryState(dir, state);
+      appendTransportEvent(dir, "telemetry_batch_sent");
+      return { attempted: true, sent: true, reason: "accepted", queuedCount };
+    }
+    if (response.status >= 400 && response.status < 500) {
+      quarantineTelemetryBatch(dir, queueIds, `http_${response.status}`, now);
+      state.rejectedBatches += 1;
+      state.lastBatchFailureAt = new Date(now).toISOString();
+      state.lastBatchFailureCode = `http_${response.status}`;
+      writeTelemetryState(dir, state);
+      appendTransportEvent(dir, "telemetry_batch_failed", `http_${response.status}`);
+      return { attempted: true, sent: false, reason: `client_error_${response.status}`, queuedCount };
+    }
+    markTelemetryBatchRetry(dir, queueIds, `http_${response.status}`, now);
+    state.lastBatchFailureAt = new Date(now).toISOString();
+    state.lastBatchFailureCode = `http_${response.status}`;
+    writeTelemetryState(dir, state);
+    appendTransportEvent(dir, "telemetry_batch_failed", `http_${response.status}`);
+    return { attempted: true, sent: false, reason: `server_error_${response.status}`, queuedCount };
+  } catch (error) {
+    clearTimeout(timeout);
+    const code = error instanceof Error && error.name === "AbortError" ? "timeout" : "network_error";
+    markTelemetryBatchRetry(dir, queueIds, code, now);
+    state.lastBatchFailureAt = new Date(now).toISOString();
+    state.lastBatchFailureCode = code;
+    writeTelemetryState(dir, state);
+    appendTransportEvent(dir, "telemetry_batch_failed", code);
+    return { attempted: true, sent: false, reason: code, queuedCount };
   }
-  return count;
 }
-function providerCounts(events, selector) {
-  const counts = {};
-  for (const event of events) {
-    const value = selector(event);
-    if (!value) continue;
-    counts[value] = (counts[value] ?? 0) + 1;
+
+// src/avorelo/kernel/agent-artifact-guard/guard-handler.ts
+import { existsSync as existsSync63, readFileSync as readFileSync49 } from "node:fs";
+import { join as join65 } from "node:path";
+
+// src/avorelo/kernel/agent-artifact-guard/index.ts
+import { join as join64 } from "node:path";
+import { readFileSync as readFileSync48 } from "node:fs";
+
+// src/avorelo/kernel/agent-artifact-guard/artifact-discovery.ts
+import { readdirSync as readdirSync18, statSync as statSync13, existsSync as existsSync62 } from "node:fs";
+import { join as join61, relative as relative3, extname as extname2 } from "node:path";
+var SCANNED_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".md",
+  ".js",
+  ".ts",
+  ".json",
+  ".yml",
+  ".yaml",
+  ".sh",
+  ".py",
+  ".txt",
+  ".toml"
+]);
+var IGNORED_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  "dist",
+  ".git",
+  "build",
+  "out",
+  ".next",
+  "__pycache__"
+]);
+var ARTIFACT_PATTERNS = [
+  { kind: "claude-skill", paths: [".claude/skills"], recursive: true },
+  { kind: "claude-instructions", paths: ["CLAUDE.md", ".claude/CLAUDE.md"] },
+  { kind: "codex-instructions", paths: ["AGENTS.md", "CODEX.md", ".codex/CODEX.md"] },
+  { kind: "cursor-rules", paths: [".cursor/rules", ".cursorrules"], recursive: true },
+  { kind: "mcp-config", paths: [".claude/mcp.json", ".cursor/mcp.json", "mcp.json", ".mcp.json"] },
+  { kind: "github-actions", paths: [".github/workflows"], recursive: true },
+  { kind: "package-scripts", paths: ["package.json"] },
+  { kind: "hooks", paths: [".husky", ".git/hooks", ".claude/hooks"], recursive: true }
+];
+function walkDir2(dir, results) {
+  let entries;
+  try {
+    entries = readdirSync18(dir);
+  } catch {
+    return;
+  }
+  for (const entry of entries) {
+    if (IGNORED_DIRS.has(entry)) continue;
+    const full = join61(dir, entry);
+    let st;
+    try {
+      st = statSync13(full);
+    } catch {
+      continue;
+    }
+    if (st.isDirectory()) {
+      walkDir2(full, results);
+    } else if (st.isFile() && SCANNED_EXTENSIONS.has(extname2(full).toLowerCase())) {
+      results.push(full);
+    }
   }
-  return counts;
 }
-function computeTelemetrySummary(events, state, period, now = Date.now()) {
-  const scoped = filterByPeriod(events, period, now);
-  const weeklyTrend = buildWeeklyTrend(events);
-  const latestWeek = weeklyTrend[weeklyTrend.length - 1];
-  const previousWeek = weeklyTrend[weeklyTrend.length - 2];
-  const completedSessions = countEvents(scoped, "controlled_session_completed");
-  const failedSessions = countEvents(scoped, "controlled_session_failed");
-  const blockedSessions = countEvents(scoped, "controlled_session_blocked");
-  const startedSessions = countEvents(scoped, "controlled_session_started");
-  const controlledSessions = Math.max(startedSessions, completedSessions + failedSessions + blockedSessions);
-  const receiptsGenerated = countEvents(scoped, "receipt_generated") + countEvents(scoped, "first_receipt_created");
-  const receiptsOpened = countEvents(scoped, "receipt_opened") + countEvents(scoped, "first_open_used");
-  const activeRepos = uniqueCount(scoped, (event) => event.repoFingerprint);
-  const claimStarted = countEvents(scoped, "claim_started");
-  const claimCompleted = countEvents(scoped, "claim_completed");
-  const prLinkedReceipts = countEvents(scoped, "receipt_linked_to_pr");
-  return {
-    period,
-    generatedAt: nowIso2(),
-    telemetryMode: state.modeOverride ?? "default_cloud",
-    lastUploadAt: state.lastUploadAt,
-    privacy: {
-      rawCodeCollected: 0,
-      rawPromptsCollected: 0,
-      rawDiffsCollected: 0,
-      secretsCollected: 0,
-      envVarsCollected: 0,
-      terminalOutputCollected: 0,
-      unsafePayloadsRejected: state.unsafePayloadsRejected,
-      telemetryBatchesAccepted: state.acceptedBatches,
-      telemetryBatchesRejected: state.rejectedBatches
-    },
-    topCards: {
-      controlledSessions,
-      completedSessions,
-      failedSessions,
-      blockedSessions,
-      activeRepos,
-      receiptsGenerated,
-      receiptsOpened,
-      returningRepos4w: retainedWeeks(events, 4, "repo"),
-      prLinkedReceipts,
-      gatesTriggered: countEvents(scoped, "approval_gate_required") + countEvents(scoped, "unsafe_action_blocked"),
-      claimConversion: claimStarted > 0 ? Number((claimCompleted / claimStarted).toFixed(4)) : 0
-    },
-    northStar: {
-      weeklyControlledAgentWorkSessionsInActiveRepos: latestWeek?.controlledSessions ?? 0,
-      sessionsPerActiveRepo: activeRepos > 0 ? Number((completedSessions + blockedSessions) / activeRepos) : 0,
-      weekOverWeekGrowth: latestWeek && previousWeek && previousWeek.controlledSessions > 0 ? Number(((latestWeek.controlledSessions - previousWeek.controlledSessions) / previousWeek.controlledSessions).toFixed(4)) : null,
-      twelveWeekTrend: weeklyTrend
-    },
-    activation: {
-      firstCommand: countEvents(scoped, "first_command_run"),
-      firstReceipt: countEvents(scoped, "first_receipt_created"),
-      firstOpen: countEvents(scoped, "first_open_used"),
-      secondSession: countEvents(scoped, "controlled_session_completed") + countEvents(scoped, "controlled_session_failed") + countEvents(scoped, "controlled_session_blocked"),
-      resumeFromReceipt: countEvents(scoped, "receipt_used_for_resume")
-    },
-    retention: {
-      d1ReturningInstallations: returningAfterDays(events, 1),
-      d7ReturningInstallations: returningAfterDays(events, 7),
-      d28ReturningInstallations: returningAfterDays(events, 28),
-      w1RetainedRepos: retainedWeeks(events, 1, "repo"),
-      w2RetainedRepos: retainedWeeks(events, 2, "repo"),
-      w4RetainedRepos: retainedWeeks(events, 4, "repo"),
-      w1RetainedInstallations: retainedWeeks(events, 1, "installation"),
-      w2RetainedInstallations: retainedWeeks(events, 2, "installation"),
-      w4RetainedInstallations: retainedWeeks(events, 4, "installation"),
-      fourWeekRetainedRepos: retainedWeeks(events, 4, "repo"),
-      fourWeekRetainedInstallations: retainedWeeks(events, 4, "installation")
-    },
-    receipts: {
-      generated: receiptsGenerated,
-      opened: receiptsOpened,
-      exported: countEvents(scoped, "receipt_exported"),
-      resumeUsed: countEvents(scoped, "receipt_used_for_resume"),
-      reviewUsed: countEvents(scoped, "receipt_used_for_review"),
-      prLinked: prLinkedReceipts,
-      openRate: rate(receiptsOpened, receiptsGenerated),
-      resumeRate: rate(countEvents(scoped, "receipt_used_for_resume"), receiptsGenerated),
-      reviewRate: rate(countEvents(scoped, "receipt_used_for_review"), receiptsGenerated),
-      exportRate: rate(countEvents(scoped, "receipt_exported"), receiptsGenerated),
-      prLinkRate: rate(prLinkedReceipts, receiptsGenerated)
-    },
-    workControl: {
-      approvalGates: countEvents(scoped, "approval_gate_required") + countEvents(scoped, "approval_gate_passed") + countEvents(scoped, "approval_gate_rejected"),
-      unsafeActionsBlocked: countEvents(scoped, "unsafe_action_blocked"),
-      secretRisksDetected: countEvents(scoped, "secret_risk_detected"),
-      policyEvents: countEvents(scoped, "policy_config_created") + countEvents(scoped, "policy_config_updated"),
-      blockedSessions
-    },
-    integrations: {
-      gitProviders: providerCounts(scoped, (event) => event.gitProvider),
-      ciProviders: providerCounts(scoped, (event) => event.ciProvider),
-      prContextDetected: countEvents(scoped, "pr_context_detected"),
-      prReceiptAttached: countEvents(scoped, "pr_receipt_attached"),
-      ciChecksCreated: countEvents(scoped, "ci_check_created"),
-      ciChecksPassed: countEvents(scoped, "ci_check_passed"),
-      ciChecksFailed: countEvents(scoped, "ci_check_failed"),
-      jiraIssuesLinked: countEvents(scoped, "jira_issue_linked")
-    },
-    commercialIntent: {
-      pricingViews: countEvents(scoped, "pricing_viewed"),
-      proLimitReached: countEvents(scoped, "pro_limit_reached"),
-      teamLimitReached: countEvents(scoped, "team_limit_reached"),
-      claimStarted,
-      claimCompleted,
-      teamInviteStarted: countEvents(scoped, "team_invite_started"),
-      ssoInterest: countEvents(scoped, "sso_interest"),
-      enterpriseWaitlistJoined: countEvents(scoped, "enterprise_waitlist_joined"),
-      teamAdminInterest: countEvents(scoped, "team_admin_interest")
+function discoverArtifacts(projectRoot) {
+  const artifacts = [];
+  for (const pattern of ARTIFACT_PATTERNS) {
+    for (const p of pattern.paths) {
+      const fullPath = join61(projectRoot, p);
+      if (!existsSync62(fullPath)) continue;
+      let st;
+      try {
+        st = statSync13(fullPath);
+      } catch {
+        continue;
+      }
+      if (st.isFile()) {
+        if (SCANNED_EXTENSIONS.has(extname2(fullPath).toLowerCase()) || fullPath.endsWith(".json")) {
+          artifacts.push({
+            kind: pattern.kind,
+            path: relative3(projectRoot, fullPath)
+          });
+        }
+      } else if (st.isDirectory() && pattern.recursive) {
+        const files = [];
+        walkDir2(fullPath, files);
+        for (const f of files) {
+          artifacts.push({
+            kind: pattern.kind,
+            path: relative3(projectRoot, f)
+          });
+        }
+      }
     }
-  };
+  }
+  return artifacts;
 }
-function buildStoredTelemetryRollups(events, state, now = Date.now()) {
-  return {
-    schemaVersion: "avorelo.telemetry.rollups.v1",
-    generatedAt: new Date(now).toISOString(),
-    summaries: {
-      "24h": computeTelemetrySummary(events, state, "24h", now),
-      "7d": computeTelemetrySummary(events, state, "7d", now),
-      "30d": computeTelemetrySummary(events, state, "30d", now),
-      "90d": computeTelemetrySummary(events, state, "90d", now)
-    }
-  };
+function classifyArtifact(filePath) {
+  const lower = filePath.toLowerCase().replace(/\\/g, "/");
+  if (lower.includes(".claude/skills/")) return "claude-skill";
+  if (lower.includes("claude.md")) return "claude-instructions";
+  if (lower.includes("agents.md") || lower.includes("codex.md")) return "codex-instructions";
+  if (lower.includes(".cursor/rules") || lower.includes(".cursorrules")) return "cursor-rules";
+  if (lower.includes("mcp.json") || lower.includes("mcp.yaml")) return "mcp-config";
+  if (lower.includes(".github/workflows/")) return "github-actions";
+  if (lower === "package.json" || lower.endsWith("/package.json")) return "package-scripts";
+  if (lower.includes(".husky/") || lower.includes("/hooks/")) return "hooks";
+  if (lower.endsWith(".sh")) return "shell-script";
+  return "unknown";
 }
 
-// src/avorelo/telemetry/events.ts
-function refreshRollups(dir) {
-  const state = readTelemetryState(dir);
-  const events = readTelemetryEvents(dir);
-  writeStoredTelemetryRollups(dir, buildStoredTelemetryRollups(events, state));
+// src/avorelo/kernel/agent-artifact-guard/rules.ts
+var RULES2 = [
+  // --- Destructive commands ---
+  {
+    id: "destructive-rm-rf",
+    title: "Recursive force delete",
+    severity: "critical",
+    category: "destructive-command",
+    pattern: /rm\s+-(r|f|rf|fr)\s/,
+    artifactKinds: "all",
+    description: "Recursively and forcibly deletes files or directories. Can cause irreversible data loss.",
+    recommendedAction: "Remove or scope the delete command. Use safe alternatives with explicit paths."
+  },
+  {
+    id: "destructive-drop-table",
+    title: "SQL DROP TABLE",
+    severity: "critical",
+    category: "destructive-command",
+    pattern: /DROP\s+TABLE/i,
+    artifactKinds: "all",
+    description: "Drops a database table, causing irreversible data loss.",
+    recommendedAction: "Remove DROP TABLE or add explicit safety guards."
+  },
+  {
+    id: "destructive-format-disk",
+    title: "Disk format command",
+    severity: "critical",
+    category: "destructive-command",
+    pattern: /(?:mkfs|format\s+[A-Z]:)/i,
+    artifactKinds: "all",
+    description: "Formats a disk or partition, destroying all data.",
+    recommendedAction: "Remove disk formatting commands from agent artifacts."
+  },
+  // --- Remote code execution ---
+  {
+    id: "rce-curl-pipe-bash",
+    title: "Pipe curl to shell",
+    severity: "critical",
+    category: "remote-code-execution",
+    pattern: /curl\s[^|]*\|\s*(?:bash|sh|zsh)/,
+    artifactKinds: "all",
+    description: "Downloads and immediately executes a remote script. Classic remote code execution vector.",
+    recommendedAction: "Download the script first, review it, then execute separately."
+  },
+  {
+    id: "rce-wget-pipe-sh",
+    title: "Pipe wget to shell",
+    severity: "critical",
+    category: "remote-code-execution",
+    pattern: /wget\s[^|]*\|\s*(?:bash|sh|zsh)/,
+    artifactKinds: "all",
+    description: "Downloads and immediately executes a remote script via wget.",
+    recommendedAction: "Download the script first, review it, then execute separately."
+  },
+  {
+    id: "rce-base64-decode-exec",
+    title: "Base64 decode and execute",
+    severity: "critical",
+    category: "remote-code-execution",
+    pattern: /base64\s+-d\s*\|\s*(?:bash|sh)/,
+    artifactKinds: "all",
+    description: "Decodes an obfuscated payload and pipes it to a shell.",
+    recommendedAction: "Remove obfuscated execution. Use plain, reviewable scripts."
+  },
+  {
+    id: "rce-reverse-shell",
+    title: "Reverse or bind shell",
+    severity: "critical",
+    category: "remote-code-execution",
+    pattern: /(?:nc\s+-e|\/dev\/tcp\/|ncat\s.*-e|socat\s.*exec)/,
+    artifactKinds: "all",
+    description: "Opens an interactive shell to a remote host. Post-exploitation technique.",
+    recommendedAction: "Remove reverse/bind shell commands."
+  },
+  // --- Secret exposure ---
+  {
+    id: "secret-private-key",
+    title: "Private key material",
+    severity: "critical",
+    category: "secret-exposure",
+    pattern: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/,
+    artifactKinds: "all",
+    description: "Contains or references private key material.",
+    recommendedAction: "Remove private key content. Use secret management instead."
+  },
+  {
+    id: "secret-id-rsa",
+    title: "SSH private key file reference",
+    severity: "critical",
+    category: "secret-exposure",
+    pattern: /(?:id_rsa|id_ed25519|id_ecdsa)(?:\s|$|")/,
+    artifactKinds: "all",
+    description: "References an SSH private key file directly.",
+    recommendedAction: "Use SSH agent or key references instead of direct file paths."
+  },
+  {
+    id: "secret-ssh-dir",
+    title: "SSH directory access",
+    severity: "high",
+    category: "secret-exposure",
+    pattern: /~\/\.ssh\//,
+    artifactKinds: "all",
+    description: "Accesses the SSH directory containing private keys and host configurations.",
+    recommendedAction: "Avoid direct SSH directory access in agent artifacts."
+  },
+  {
+    id: "secret-env-file",
+    title: ".env file reference",
+    severity: "medium",
+    category: "secret-exposure",
+    pattern: /(?:\.env(?:\.\w+)?)\b/,
+    artifactKinds: "all",
+    description: "References a .env file which typically contains secrets and API keys.",
+    recommendedAction: "Review whether the .env reference exposes sensitive values."
+  },
+  {
+    id: "secret-process-env",
+    title: "Environment variable access",
+    severity: "low",
+    category: "secret-exposure",
+    pattern: /process\.env\b/,
+    artifactKinds: "all",
+    description: "Accesses environment variables which may contain secrets.",
+    recommendedAction: "Verify that accessed environment variables do not contain sensitive values."
+  },
+  {
+    id: "secret-api-key-pattern",
+    title: "API key or token pattern",
+    severity: "high",
+    category: "secret-exposure",
+    pattern: /(?:api[_-]?key|api[_-]?secret|auth[_-]?token)\s*[:=]/i,
+    artifactKinds: "all",
+    description: "Contains an API key or authentication token assignment.",
+    recommendedAction: "Move credentials to environment variables or a secret manager."
+  },
+  // --- Privilege escalation ---
+  {
+    id: "priv-sudo",
+    title: "Privilege escalation via sudo",
+    severity: "high",
+    category: "privilege-escalation",
+    pattern: /\bsudo\b/,
+    artifactKinds: "all",
+    description: "Runs commands with elevated privileges.",
+    recommendedAction: "Review whether elevated privileges are necessary. Scope to specific commands."
+  },
+  {
+    id: "priv-chmod-exec",
+    title: "Make file executable",
+    severity: "medium",
+    category: "privilege-escalation",
+    pattern: /chmod\s+\+x/,
+    artifactKinds: "all",
+    description: "Marks a file as executable, often preceding execution of a downloaded binary.",
+    recommendedAction: "Verify the file being made executable is trusted."
+  },
+  // --- Prompt injection / hidden instructions ---
+  {
+    id: "injection-prompt-override",
+    title: "Prompt injection phrasing",
+    severity: "high",
+    category: "prompt-injection",
+    pattern: /(?:ignore\s+(?:all\s+)?(?:previous|prior|above)\s+instructions|you\s+are\s+now\s+a|forget\s+(?:all\s+)?(?:your|previous)\s+instructions|disregard\s+(?:all\s+)?(?:previous|prior)\s+instructions|override\s+(?:all\s+)?(?:safety|security)\s+(?:rules|policies|instructions))/i,
+    artifactKinds: "all",
+    description: "Contains phrasing commonly used in prompt injection attacks to override agent instructions.",
+    recommendedAction: "Remove instruction-override phrasing. Rewrite as direct task instructions."
+  },
+  {
+    id: "injection-do-not-tell",
+    title: "Concealment instruction",
+    severity: "high",
+    category: "hidden-instruction",
+    pattern: /(?:do\s+not\s+tell\s+(?:the\s+)?user|hide\s+(?:this|these)\s+(?:changes?|from)|don'?t\s+(?:mention|reveal|show|disclose)\s+(?:this|these))/i,
+    artifactKinds: "all",
+    description: "Instructs the agent to conceal actions or information from the user.",
+    recommendedAction: "Remove concealment instructions. Agent actions should be transparent."
+  },
+  {
+    id: "injection-skip-tests",
+    title: "Test bypass instruction",
+    severity: "high",
+    category: "hidden-instruction",
+    pattern: /(?:skip\s+(?:all\s+)?tests?|don'?t\s+run\s+tests?|ignore\s+(?:test|lint|check)\s+(?:failures?|errors?|results?)|bypass\s+(?:ci|checks?|validation))/i,
+    artifactKinds: "all",
+    description: "Instructs the agent to skip testing, linting, or validation checks.",
+    recommendedAction: "Remove test-bypass instructions. All changes should be validated."
+  },
+  {
+    id: "injection-ignore-policy",
+    title: "Policy bypass instruction",
+    severity: "high",
+    category: "hidden-instruction",
+    pattern: /(?:ignore\s+(?:all\s+)?polic(?:y|ies)|always\s+approve|auto[_-]?approve\s+(?:all|everything)|skip\s+(?:review|approval))/i,
+    artifactKinds: "all",
+    description: "Instructs the agent to bypass approval policies or auto-approve actions.",
+    recommendedAction: "Remove policy-bypass instructions. Approval workflows should be respected."
+  },
+  {
+    id: "injection-push-to-main",
+    title: "Direct push to main branch",
+    severity: "high",
+    category: "hidden-instruction",
+    pattern: /(?:push\s+(?:directly\s+)?to\s+(?:main|master|production)|force[_-]?push|--force\s+(?:origin\s+)?(?:main|master))/i,
+    artifactKinds: "all",
+    description: "Instructs the agent to push directly to a protected branch or force-push.",
+    recommendedAction: "Use pull requests and standard review workflows instead of direct pushes."
+  },
+  // --- Self-modifying ---
+  {
+    id: "selfmod-modify-own-skill",
+    title: "Self-modifying skill instruction",
+    severity: "high",
+    category: "self-modifying",
+    pattern: /(?:modify\s+(?:this|your\s+own)\s+(?:skill|instructions?|rules?|config)|write\s+(?:to|back\s+to)\s+(?:SKILL|CLAUDE|AGENTS)\.md|update\s+(?:your\s+own|this)\s+(?:skill|config)\s+file)/i,
+    artifactKinds: "all",
+    description: "Instructs the agent to modify its own skill, instructions, or configuration files.",
+    recommendedAction: "Remove self-modification instructions. Agent artifacts should be immutable during execution."
+  },
+  // --- MCP tool poisoning ---
+  {
+    id: "mcp-hidden-instruction",
+    title: "Hidden instruction in MCP tool description",
+    severity: "high",
+    category: "mcp-tool-poisoning",
+    pattern: /(?:when\s+(?:the\s+)?user\s+(?:asks?|requests?)|secretly|silently\s+(?:send|post|upload|forward))/i,
+    artifactKinds: ["mcp-config"],
+    description: "MCP tool description contains instruction-like content that could manipulate agent behavior.",
+    recommendedAction: "Review MCP tool descriptions for hidden instructions. Descriptions should only describe functionality."
+  },
+  // --- Package lifecycle risk ---
+  {
+    id: "pkg-lifecycle-exec",
+    title: "Process execution in package lifecycle script",
+    severity: "high",
+    category: "package-lifecycle-risk",
+    pattern: /(?:child_process|exec|spawn|execSync|spawnSync)\s*\(/,
+    artifactKinds: ["package-scripts", "shell-script"],
+    description: "Package lifecycle script or hook executes arbitrary processes.",
+    recommendedAction: "Review lifecycle scripts for unexpected process execution."
+  },
+  {
+    id: "pkg-lifecycle-network",
+    title: "Network access in package lifecycle script",
+    severity: "high",
+    category: "package-lifecycle-risk",
+    pattern: /(?:fetch|axios|https?\.(?:get|post|request)|XMLHttpRequest|node-fetch)\s*\(/,
+    artifactKinds: ["package-scripts", "shell-script"],
+    description: "Package lifecycle script makes network requests, potentially exfiltrating data.",
+    recommendedAction: "Review lifecycle scripts for unexpected network access."
+  },
+  // --- Network exfiltration ---
+  {
+    id: "network-external-call",
+    title: "External network request",
+    severity: "medium",
+    category: "network-exfiltration",
+    pattern: /\b(?:curl|wget|fetch|axios|requests\.(?:get|post))\b/,
+    artifactKinds: ["claude-skill", "claude-instructions", "cursor-rules", "codex-instructions", "hooks"],
+    description: "Makes an external network request which could exfiltrate data or retrieve malicious payloads.",
+    recommendedAction: "Verify the network call is necessary and targets a trusted endpoint."
+  },
+  // --- Eval / dynamic execution ---
+  {
+    id: "exec-eval",
+    title: "Dynamic code execution",
+    severity: "high",
+    category: "remote-code-execution",
+    pattern: /\b(?:eval|Invoke-Expression|Function\s*\()\s*\(/,
+    artifactKinds: "all",
+    description: "Executes a string as code, enabling injection and obfuscation attacks.",
+    recommendedAction: "Remove eval/dynamic execution. Use explicit, reviewable code paths."
+  },
+  {
+    id: "exec-child-process",
+    title: "Node child_process import",
+    severity: "high",
+    category: "remote-code-execution",
+    pattern: /require\s*\(\s*['"]child_process['"]\s*\)|from\s+['"]child_process['"]/,
+    artifactKinds: "all",
+    description: "Imports Node.js child_process module for arbitrary command execution.",
+    recommendedAction: "Review whether child_process usage is necessary and scoped."
+  },
+  // --- Filesystem access ---
+  {
+    id: "fs-broad-access",
+    title: "Broad filesystem access",
+    severity: "medium",
+    category: "filesystem-access",
+    pattern: /(?:fs\.(?:readdir|rmdir|unlink)Sync|glob\s*\(\s*['"]\/|readdir\s*\(\s*['"]\/)/,
+    artifactKinds: "all",
+    description: "Performs broad filesystem operations that could access or delete files outside the project.",
+    recommendedAction: "Scope filesystem operations to the project directory."
+  },
+  // --- Deploy / publish ---
+  {
+    id: "deploy-npm-publish",
+    title: "npm publish command",
+    severity: "high",
+    category: "deploy-publish",
+    pattern: /npm\s+publish/,
+    artifactKinds: "all",
+    description: "Publishes a package to npm, which is an irreversible public action.",
+    recommendedAction: "Remove automatic publish commands. Publishing should be a deliberate human action."
+  },
+  {
+    id: "deploy-dangerous-action",
+    title: "Dangerous deploy/publish in CI",
+    severity: "high",
+    category: "deploy-publish",
+    pattern: /(?:deploy\s+(?:--)?(?:prod|production)|push\s+(?:to\s+)?(?:prod|production|live))/i,
+    artifactKinds: ["github-actions", "shell-script", "hooks"],
+    description: "Deploys directly to production without explicit approval gates.",
+    recommendedAction: "Add approval gates before production deployments."
+  }
+];
+function getRule(id) {
+  return RULES2.find((r2) => r2.id === id);
 }
-function shouldQueue(event) {
-  return event.eventName !== "telemetry_batch_sent" && event.eventName !== "telemetry_batch_failed";
+
+// src/avorelo/kernel/agent-artifact-guard/scanner.ts
+var MAX_PREVIEW_LENGTH = 80;
+function safeMatchPreview(match) {
+  let preview = match.trim();
+  if (preview.length > MAX_PREVIEW_LENGTH) {
+    preview = preview.slice(0, MAX_PREVIEW_LENGTH) + "...";
+  }
+  preview = preview.replace(
+    /(?:key|secret|token|password|passwd|pwd)\s*[:=]\s*['"]?[a-zA-Z0-9_\-./+=]{8,}/gi,
+    (m) => {
+      const eqIdx = m.search(/[:=]/);
+      if (eqIdx >= 0) return m.slice(0, eqIdx + 1) + " [REDACTED]";
+      return "[REDACTED]";
+    }
+  );
+  return preview;
 }
-function recordTelemetryEvent(dir, rawEvent) {
-  const state = readTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  if (!config2.enabled || config2.mode === "off") {
-    return { ok: false, queued: false, excludedFields: [], unsafeFields: [], reason: "telemetry_disabled" };
+function rulesForArtifact(kind) {
+  return RULES2.filter(
+    (r2) => r2.artifactKinds === "all" || r2.artifactKinds.includes(kind)
+  );
+}
+function scanContent2(content, filePath, artifactKind) {
+  const kind = artifactKind ?? classifyArtifact(filePath);
+  const applicable = rulesForArtifact(kind);
+  const findings = [];
+  const lines = content.split("\n");
+  for (const rule of applicable) {
+    if (rule.multiline) continue;
+    for (let i = 0; i < lines.length; i++) {
+      const match = rule.pattern.exec(lines[i]);
+      if (match) {
+        findings.push({
+          ruleId: rule.id,
+          title: rule.title,
+          severity: rule.severity,
+          category: rule.category,
+          file: filePath,
+          line: i + 1,
+          matchPreview: safeMatchPreview(match[0]),
+          description: rule.description,
+          recommendedAction: rule.recommendedAction,
+          artifactKind: kind
+        });
+      }
+    }
   }
-  const mode = config2.mode === "claimed_team" ? "claimed_team" : config2.mode === "local_only" ? "local_only" : "default_cloud";
-  const sanitized = sanitizeTelemetryEvent(rawEvent, {
-    appVersion: config2.appVersion,
-    mode,
-    anonymousInstallationId: config2.anonymousInstallationId,
-    anonymousWorkspaceId: config2.anonymousWorkspaceId,
-    anonymousTeamId: config2.anonymousTeamId,
-    osFamily: config2.osFamily,
-    salt: state.installationSalt
-  });
-  appendTelemetryEvent(dir, sanitized.event);
-  let queued = false;
-  if (shouldQueue(sanitized.event) && config2.mode !== "local_only" && config2.endpointUrl) {
-    enqueueTelemetryEvent(dir, sanitized.event);
-    state.lastQueuedAt = (/* @__PURE__ */ new Date()).toISOString();
-    writeTelemetryState(dir, state);
-    queued = true;
+  for (const rule of applicable) {
+    if (!rule.multiline) continue;
+    const match = rule.pattern.exec(content);
+    if (match) {
+      const lineNumber = content.slice(0, match.index).split("\n").length;
+      findings.push({
+        ruleId: rule.id,
+        title: rule.title,
+        severity: rule.severity,
+        category: rule.category,
+        file: filePath,
+        line: lineNumber,
+        matchPreview: safeMatchPreview(match[0]),
+        description: rule.description,
+        recommendedAction: rule.recommendedAction,
+        artifactKind: kind
+      });
+    }
   }
-  refreshRollups(dir);
-  return {
-    ok: true,
-    queued,
-    event: sanitized.event,
-    excludedFields: sanitized.excludedFields,
-    unsafeFields: sanitized.unsafeFields
-  };
+  findings.sort((a, b) => a.line - b.line);
+  return findings;
 }
-function disableTelemetry(dir, mode = "off") {
-  const state = readTelemetryState(dir);
-  state.modeOverride = mode;
-  writeTelemetryState(dir, state);
+
+// src/avorelo/kernel/agent-artifact-guard/scorer.ts
+var SEVERITY_WEIGHTS = {
+  low: 1,
+  medium: 3,
+  high: 6,
+  critical: 10
+};
+function countBySeverity(findings) {
+  const counts = { critical: 0, high: 0, medium: 0, low: 0 };
+  for (const f of findings) {
+    counts[f.severity]++;
+  }
+  return counts;
 }
-function setTelemetryMode(dir, mode) {
-  const state = readTelemetryState(dir);
-  state.modeOverride = mode;
-  writeTelemetryState(dir, state);
+function computeRiskScore(counts) {
+  if (counts.critical > 0) return 10;
+  const weighted = counts.high * SEVERITY_WEIGHTS.high + counts.medium * SEVERITY_WEIGHTS.medium + counts.low * SEVERITY_WEIGHTS.low;
+  if (weighted === 0) return 0;
+  const score = Math.min(9.9, Math.log2(weighted + 1) * 1.5);
+  return Math.round(score * 10) / 10;
 }
 
-// src/avorelo/telemetry/telemetry-status.ts
-function buildTelemetryStatus(dir) {
-  const state = readTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  return {
-    defaultOn: true,
-    enabled: config2.enabled,
-    mode: config2.mode,
-    lastUpload: state.lastUploadAt,
-    queuedEventCount: countQueuedTelemetryEvents(dir),
-    collected: [
-      "Anonymized installation/workspace/team identifiers",
-      "Repo fingerprints",
-      "Command names and safe status buckets",
-      "Receipt, session, and integration metadata",
-      "Work-control and commercial intent event counts"
-    ],
-    neverCollected: [
-      "Source code",
-      "Raw prompts",
-      "Raw diffs or patches",
-      "Secrets or tokens",
-      "Env var values",
-      "Terminal output",
-      "Repo names",
-      "Org names",
-      "Remote URLs",
-      "Absolute file paths",
-      "Emails and usernames"
-    ],
-    disableInstructions: [
-      "AVORELO_TELEMETRY=off",
-      "avorelo telemetry disable",
-      "avorelo config set telemetry.mode local-only"
-    ]
-  };
-}
-function renderTelemetryStatus(status) {
-  return [
-    "Avorelo Telemetry Status",
-    "  Telemetry is on by default: true",
-    `  Enabled:       ${status.enabled}`,
-    `  Mode:          ${status.mode}`,
-    `  Last upload:   ${status.lastUpload ?? "never"}`,
-    `  Queued events: ${status.queuedEventCount}`,
-    "",
-    "  Collected:",
-    ...status.collected.map((line) => `    - ${line}`),
-    "",
-    "  Never collected:",
-    ...status.neverCollected.map((line) => `    - ${line}`),
-    "",
-    "  Disable/local-only:",
-    ...status.disableInstructions.map((line) => `    ${line}`),
-    ""
-  ].join("\n");
+// src/avorelo/kernel/agent-artifact-guard/policy.ts
+function evaluatePolicy2(counts, riskScore) {
+  let findingOutcome = "pass";
+  if (counts.critical > 0) findingOutcome = "blocked";
+  else if (counts.high > 0) findingOutcome = "requires_approval";
+  else if (counts.medium > 0) findingOutcome = "warn";
+  let scoreOutcome = "pass";
+  if (riskScore >= 9) scoreOutcome = "blocked";
+  else if (riskScore >= 6) scoreOutcome = "requires_approval";
+  else if (riskScore >= 3) scoreOutcome = "warn";
+  const ORDER = ["pass", "warn", "requires_approval", "blocked"];
+  const findingRank = ORDER.indexOf(findingOutcome);
+  const scoreRank = ORDER.indexOf(scoreOutcome);
+  return ORDER[Math.max(findingRank, scoreRank)];
+}
+function computeNextBestAction(outcome, counts) {
+  switch (outcome) {
+    case "blocked":
+      return `${counts.critical} critical finding(s) must be resolved before proceeding.`;
+    case "requires_approval":
+      return `${counts.high} high-severity finding(s) require review and approval before proceeding.`;
+    case "warn":
+      return `${counts.medium} medium-severity finding(s) detected. Review recommended.`;
+    case "pass":
+      return "No blocking findings. Artifacts are ready for use.";
+  }
 }
 
-// src/avorelo/telemetry/telemetry-preview.ts
-function buildTelemetryPreview(dir) {
-  const state = readTelemetryState(dir);
-  state.lastPreviewAt = (/* @__PURE__ */ new Date()).toISOString();
-  writeTelemetryState(dir, state);
-  const config2 = getTelemetryConfig(dir, state);
-  const samplePayload = sanitizeTelemetryEvent({
-    eventName: "controlled_session_completed",
-    commandName: "run",
-    durationMs: 42e3,
-    repoRoot: dir,
-    repoName: "demo-private-repo",
-    remoteUrl: "https://github.com/acme/private-demo",
-    sessionId: "session-local-123",
-    receiptId: "receipt-local-456",
-    rawPrompt: "write code",
-    sourceCode: "const secret = process.env.API_KEY;",
-    errorMessage: "network timeout while syncing"
-  }, {
-    appVersion: config2.appVersion,
-    mode: config2.mode === "claimed_team" ? "claimed_team" : config2.mode === "local_only" ? "local_only" : "default_cloud",
-    anonymousInstallationId: config2.anonymousInstallationId,
-    anonymousWorkspaceId: config2.anonymousWorkspaceId,
-    anonymousTeamId: config2.anonymousTeamId,
-    osFamily: config2.osFamily,
-    salt: state.installationSalt
-  });
+// src/avorelo/kernel/agent-artifact-guard/receipt.ts
+import { createHash as createHash19 } from "node:crypto";
+function createReceipt(result3) {
   return {
-    samplePayload,
-    excludedSensitiveFields: samplePayload.excludedFields
+    receiptType: "agent-artifact-guard-v1",
+    scannedAt: result3.scannedAt,
+    projectRootHash: createHash19("sha256").update(result3.projectRoot).digest("hex"),
+    filesScanned: result3.filesScanned,
+    artifacts: result3.artifacts.map((a) => ({ kind: a.kind, path: a.path })),
+    findingSummary: {
+      total: result3.findings.length,
+      ...result3.counts
+    },
+    findings: result3.findings.map((f) => ({
+      ruleId: f.ruleId,
+      severity: f.severity,
+      file: f.file,
+      line: f.line,
+      title: f.title,
+      matchPreview: f.matchPreview,
+      recommendedAction: f.recommendedAction
+    })),
+    riskScore: result3.riskScore,
+    policyOutcome: result3.policyOutcome,
+    nextBestAction: result3.nextBestAction,
+    containsRawPrompt: false,
+    containsRawSource: false,
+    containsRawSecret: false,
+    contentStored: false
   };
 }
-function renderTelemetryPreview(preview) {
-  return [
-    "Avorelo Telemetry Preview",
-    "  Sample safe payload:",
-    JSON.stringify(preview.samplePayload.event, null, 2),
-    "",
-    "  Excluded sensitive fields:",
-    ...preview.excludedSensitiveFields.map((field) => `    - ${field}`),
-    "",
-    "  No source, prompts, diffs, secrets, env values, terminal output, repo names, or org names are included.",
-    ""
-  ].join("\n");
+
+// src/avorelo/kernel/agent-artifact-guard/reporter.ts
+var SEVERITY_BADGE = {
+  critical: "[CRITICAL]",
+  high: "[HIGH]",
+  medium: "[MEDIUM]",
+  low: "[LOW]"
+};
+var OUTCOME_LABEL = {
+  pass: "PASS",
+  warn: "WARN",
+  requires_approval: "REQUIRES APPROVAL",
+  blocked: "BLOCKED"
+};
+function riskBar(score) {
+  const filled = Math.round(score / 10 * 20);
+  return "\u2588".repeat(filled) + "\u2591".repeat(20 - filled);
+}
+function groupByFile(findings) {
+  const map = /* @__PURE__ */ new Map();
+  for (const f of findings) {
+    const group = map.get(f.file) ?? [];
+    group.push(f);
+    map.set(f.file, group);
+  }
+  return map;
+}
+function renderReport(result3) {
+  const lines = [];
+  lines.push(`Artifact Guard Scan`);
+  lines.push(`Path: ${result3.projectRoot}`);
+  lines.push(`Files scanned: ${result3.filesScanned}`);
+  lines.push(`Artifacts found: ${result3.artifacts.length}`);
+  lines.push(`Findings: ${result3.findings.length}`);
+  lines.push("");
+  if (result3.findings.length > 0) {
+    const grouped = groupByFile(result3.findings);
+    for (const [file, findings] of grouped) {
+      lines.push(`  ${file}`);
+      for (const f of findings) {
+        lines.push(`    L${f.line} ${SEVERITY_BADGE[f.severity]} ${f.title} (${f.ruleId})`);
+        lines.push(`         ${f.matchPreview}`);
+        lines.push(`         ${f.description}`);
+      }
+      lines.push("");
+    }
+  }
+  lines.push(`Risk: ${riskBar(result3.riskScore)} ${result3.riskScore}/10`);
+  lines.push(`Outcome: ${OUTCOME_LABEL[result3.policyOutcome]}`);
+  lines.push("");
+  lines.push(`Next: ${result3.nextBestAction}`);
+  return lines.join("\n");
+}
+function renderSummary(result3) {
+  const parts = [];
+  parts.push(`Artifact Guard: ${OUTCOME_LABEL[result3.policyOutcome]}`);
+  if (result3.findings.length > 0) {
+    const counts = [];
+    if (result3.counts.critical > 0) counts.push(`${result3.counts.critical} critical`);
+    if (result3.counts.high > 0) counts.push(`${result3.counts.high} high`);
+    if (result3.counts.medium > 0) counts.push(`${result3.counts.medium} medium`);
+    if (result3.counts.low > 0) counts.push(`${result3.counts.low} low`);
+    parts.push(`(${counts.join(", ")})`);
+  } else {
+    parts.push("(clean)");
+  }
+  return parts.join(" ");
+}
+function toJson(result3) {
+  return JSON.stringify(result3, null, 2);
 }
 
-// src/avorelo/telemetry/integration-detection.ts
-import { existsSync as existsSync61, readFileSync as readFileSync45 } from "node:fs";
-import { join as join60 } from "node:path";
-function detectGitProviderFromConfig(dir) {
-  const configPath = join60(dir, ".git", "config");
-  if (!existsSync61(configPath)) return "unknown";
+// src/avorelo/kernel/agent-artifact-guard/allowlist.ts
+import { readFileSync as readFileSync46 } from "node:fs";
+import { join as join62 } from "node:path";
+function loadAllowlist(projectRoot) {
+  const filePath = join62(projectRoot, ".avorelo", "artifact-guard", "allowlist.json");
   try {
-    const content = readFileSync45(configPath, "utf8").toLowerCase();
-    if (content.includes("github.com")) return "github";
-    if (content.includes("gitlab.com")) return "gitlab";
-    if (content.includes("bitbucket.org")) return "bitbucket";
-    return "local";
+    const raw = readFileSync46(filePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed.entries)) return [];
+    return parsed.entries.filter((e) => typeof e.reason === "string" && e.reason.length > 0);
   } catch {
-    return "unknown";
+    return [];
   }
 }
-function detectCiProvider(dir) {
-  if (existsSync61(join60(dir, ".github", "workflows"))) return "github_actions";
-  if (existsSync61(join60(dir, ".gitlab-ci.yml"))) return "gitlab_ci";
-  if (existsSync61(join60(dir, ".circleci", "config.yml"))) return "circle";
-  if (existsSync61(join60(dir, "Jenkinsfile"))) return "jenkins";
-  return "unknown";
+function isAllowlisted(finding, allowlist) {
+  if (finding.severity === "critical") return false;
+  for (const entry of allowlist) {
+    if (!entry.reason) continue;
+    const ruleMatch = !entry.ruleId || entry.ruleId === finding.ruleId;
+    const fileMatch = !entry.file || finding.file === entry.file || finding.file.startsWith(entry.file);
+    if (ruleMatch && fileMatch) return true;
+  }
+  return false;
 }
-function detectRepoVisibility(dir) {
-  const configPath = join60(dir, ".git", "config");
-  if (!existsSync61(configPath)) return "unknown";
+
+// src/avorelo/kernel/agent-artifact-guard/receipt-store.ts
+import { mkdirSync as mkdirSync39, writeFileSync as writeFileSync37, readdirSync as readdirSync19, readFileSync as readFileSync47, unlinkSync as unlinkSync4 } from "node:fs";
+import { join as join63 } from "node:path";
+var RECEIPT_DIR = "artifact-guard";
+var MAX_STORED_RECEIPTS = 50;
+function receiptDir(projectRoot) {
+  return join63(projectRoot, ".avorelo", RECEIPT_DIR);
+}
+function receiptFilename(receipt) {
+  const ts = receipt.scannedAt.replace(/[:.]/g, "-");
+  return `receipt-${ts}.json`;
+}
+function storeReceipt(projectRoot, receipt) {
+  const dir = receiptDir(projectRoot);
+  mkdirSync39(dir, { recursive: true });
+  const filename = receiptFilename(receipt);
+  const filePath = join63(dir, filename);
+  writeFileSync37(filePath, JSON.stringify(receipt, null, 2), "utf-8");
+  pruneOldReceipts(dir);
+  return filePath;
+}
+function loadLatestReceipt(projectRoot) {
+  const dir = receiptDir(projectRoot);
+  let files;
   try {
-    const content = readFileSync45(configPath, "utf8").toLowerCase();
-    if (content.includes("github.com")) {
-      return content.includes("/public") ? "public" : "private";
+    files = readdirSync19(dir).filter((f) => f.startsWith("receipt-") && f.endsWith(".json"));
+  } catch {
+    return null;
+  }
+  if (files.length === 0) return null;
+  files.sort();
+  const latest = files[files.length - 1];
+  try {
+    const raw = readFileSync47(join63(dir, latest), "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function pruneOldReceipts(dir) {
+  try {
+    const files = readdirSync19(dir).filter((f) => f.startsWith("receipt-") && f.endsWith(".json")).sort();
+    while (files.length > MAX_STORED_RECEIPTS) {
+      const oldest = files.shift();
+      try {
+        unlinkSync4(join63(dir, oldest));
+      } catch {
+        break;
+      }
     }
-    return "unknown";
   } catch {
-    return "unknown";
   }
 }
-function detectIntegrations(dir) {
+
+// src/avorelo/kernel/agent-artifact-guard/index.ts
+function scan(projectRoot, options) {
+  const artifacts = discoverArtifacts(projectRoot);
+  const allFindings = [];
+  for (const artifact of artifacts) {
+    const fullPath = join64(projectRoot, artifact.path);
+    let content;
+    try {
+      content = readFileSync48(fullPath, "utf-8");
+    } catch {
+      continue;
+    }
+    const findings = scanContent2(content, artifact.path, artifact.kind);
+    allFindings.push(...findings);
+  }
+  let effectiveFindings = allFindings;
+  let allowlistedCount = 0;
+  if (options?.applyAllowlist !== false) {
+    const allowlist = loadAllowlist(projectRoot);
+    if (allowlist.length > 0) {
+      effectiveFindings = [];
+      for (const f of allFindings) {
+        if (isAllowlisted(f, allowlist)) {
+          allowlistedCount++;
+        } else {
+          effectiveFindings.push(f);
+        }
+      }
+    }
+  }
+  const counts = countBySeverity(effectiveFindings);
+  const riskScore = computeRiskScore(counts);
+  const policyOutcome = evaluatePolicy2(counts, riskScore);
+  let nextBestAction = computeNextBestAction(policyOutcome, counts);
+  if (allowlistedCount > 0) {
+    nextBestAction += ` (${allowlistedCount} finding(s) allowlisted)`;
+  }
   return {
-    gitProvider: detectGitProviderFromConfig(dir),
-    ciProvider: detectCiProvider(dir),
-    repoVisibility: detectRepoVisibility(dir)
+    scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    projectRoot,
+    filesScanned: artifacts.length,
+    artifacts,
+    findings: effectiveFindings,
+    counts,
+    riskScore,
+    policyOutcome,
+    nextBestAction
   };
 }
 
-// src/avorelo/telemetry/sender.ts
-import { randomUUID as randomUUID11 } from "node:crypto";
-function buildBatch(dir, limit) {
-  const state = readTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  const records = getQueuedTelemetryEvents(dir).slice(0, limit);
-  if (records.length === 0) return { batch: null, queueIds: [] };
+// src/avorelo/kernel/agent-artifact-guard/guard-handler.ts
+function checkActivation(dir) {
+  const configPath = join65(dir, ".avorelo", "model-routing", "config.json");
+  try {
+    if (existsSync63(configPath)) {
+      const raw = JSON.parse(readFileSync49(configPath, "utf-8"));
+      return {
+        activated: true,
+        routingMode: raw.mode ?? "seamless",
+        localFirst: raw.localFirst ?? true,
+        registryLoaded: raw.registryLoaded ?? false,
+        cloudRoutingEnabled: raw.cloudRoutingEnabled ?? false,
+        defaultPolicy: raw.defaultPolicy ?? "safety_proof_privacy_before_cost"
+      };
+    }
+  } catch {
+  }
   return {
-    batch: {
-      schemaVersion: "avorelo.telemetry.batch.v1",
-      batchId: `batch_${randomUUID11().replace(/-/g, "").slice(0, 16)}`,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-      appVersion: config2.appVersion,
-      anonymousInstallationId: config2.anonymousInstallationId,
-      events: records.map((record) => record.event),
-      privacy: {
-        rawCodeIncluded: false,
-        rawPromptsIncluded: false,
-        rawDiffsIncluded: false,
-        secretsIncluded: false,
-        envIncluded: false,
-        terminalOutputIncluded: false
+    activated: false,
+    routingMode: "seamless",
+    localFirst: true,
+    registryLoaded: false,
+    cloudRoutingEnabled: false,
+    defaultPolicy: "safety_proof_privacy_before_cost"
+  };
+}
+function getRoutingStatus(state) {
+  return `Routing: ${state.activated ? "active" : "inactive"} (${state.routingMode})`;
+}
+function activationWarning(outcome, nextAction) {
+  switch (outcome) {
+    case "blocked":
+      return `Activation warning: ${nextAction} Activation cannot claim safe readiness.`;
+    case "requires_approval":
+      return `Review needed: ${nextAction}`;
+    case "warn":
+      return `Note: ${nextAction}`;
+    case "pass":
+      return null;
+  }
+}
+function handleActivate(dir, options) {
+  const state = checkActivation(dir);
+  const guardResult = scan(dir);
+  const receipt = createReceipt(guardResult);
+  const receiptPath = storeReceipt(dir, receipt);
+  const guardLine = renderSummary(guardResult);
+  const warning = activationWarning(guardResult.policyOutcome, guardResult.nextBestAction);
+  const lines = [getRoutingStatus(state), guardLine];
+  if (warning) lines.push(warning);
+  lines.push(`Receipt: ${receiptPath}`);
+  if (options.json) {
+    return {
+      exitCode: guardResult.policyOutcome === "blocked" ? 1 : 0,
+      stdout: lines.join("\n"),
+      json: {
+        activated: state.activated,
+        artifactGuard: {
+          policyOutcome: guardResult.policyOutcome,
+          riskScore: guardResult.riskScore,
+          findingsCount: guardResult.findings.length,
+          counts: guardResult.counts,
+          nextBestAction: guardResult.nextBestAction
+        },
+        receiptPath
       }
-    },
-    queueIds: records.map((record) => record.queueId)
+    };
+  }
+  return {
+    exitCode: guardResult.policyOutcome === "blocked" ? 1 : 0,
+    stdout: lines.join("\n")
   };
 }
-function appendTransportEvent(dir, eventName, errorClass) {
-  const state = readTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  appendTelemetryEvent(dir, {
-    schemaVersion: "avorelo.telemetry.v1",
-    eventId: `evt_${randomUUID11().replace(/-/g, "").slice(0, 16)}`,
-    occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
-    eventName,
-    mode: config2.mode === "claimed_team" ? "claimed_team" : config2.mode === "local_only" ? "local_only" : "default_cloud",
-    anonymousInstallationId: config2.anonymousInstallationId,
-    anonymousWorkspaceId: config2.anonymousWorkspaceId ?? void 0,
-    anonymousTeamId: config2.anonymousTeamId ?? void 0,
-    appVersion: config2.appVersion,
-    osFamily: config2.osFamily,
-    errorClass
-  });
+function handleStatus(dir, options) {
+  const state = checkActivation(dir);
+  const status = getRoutingStatus(state);
+  const guardResult = scan(dir);
+  if (options.json) {
+    return {
+      exitCode: 0,
+      stdout: `${status}
+${renderSummary(guardResult)}`,
+      json: {
+        routing: {
+          active: state.activated,
+          mode: state.routingMode,
+          localFirst: state.localFirst
+        },
+        artifactGuard: {
+          policyOutcome: guardResult.policyOutcome,
+          riskScore: guardResult.riskScore,
+          findingsCount: guardResult.findings.length
+        }
+      }
+    };
+  }
+  return { exitCode: 0, stdout: `${status}
+${renderSummary(guardResult)}` };
 }
-async function sendDueTelemetry(dir, opts) {
-  const state = readTelemetryState(dir);
-  const config2 = getTelemetryConfig(dir, state);
-  const queuedCount = countQueuedTelemetryEvents(dir);
-  if (!config2.enabled || config2.mode === "off") {
-    return { attempted: false, sent: false, reason: "telemetry_disabled", queuedCount };
+function handleDoctor(dir, options) {
+  const state = checkActivation(dir);
+  const guardResult = scan(dir);
+  const lines = [
+    getRoutingStatus(state),
+    `Registry: ${state.registryLoaded ? "loaded" : "not loaded"}`,
+    `Cloud: ${state.cloudRoutingEnabled ? "enabled" : "disabled"}`,
+    `Policy: ${state.defaultPolicy}`,
+    renderSummary(guardResult)
+  ];
+  if (options.json) {
+    return {
+      exitCode: 0,
+      stdout: lines.join("\n"),
+      json: {
+        ...state,
+        artifactGuard: {
+          policyOutcome: guardResult.policyOutcome,
+          riskScore: guardResult.riskScore,
+          findingsCount: guardResult.findings.length,
+          counts: guardResult.counts
+        }
+      }
+    };
   }
-  if (config2.mode === "local_only" || !config2.endpointUrl) {
-    return { attempted: false, sent: false, reason: "local_only_or_no_endpoint", queuedCount };
+  return { exitCode: 0, stdout: lines.join("\n") };
+}
+function handleReadiness(dir, options) {
+  const state = checkActivation(dir);
+  const guardResult = scan(dir);
+  const receipt = createReceipt(guardResult);
+  storeReceipt(dir, receipt);
+  const latestReceipt = loadLatestReceipt(dir);
+  const artifactKinds = [...new Set(guardResult.artifacts.map((a) => a.kind))];
+  const highestSeverity = guardResult.counts.critical > 0 ? "critical" : guardResult.counts.high > 0 ? "high" : guardResult.counts.medium > 0 ? "medium" : guardResult.counts.low > 0 ? "low" : "none";
+  const blockingCount = guardResult.counts.critical + guardResult.counts.high;
+  const lines = [
+    `Readiness Check`,
+    ``,
+    `Routing: ${state.activated ? "active" : "inactive"}`,
+    `Artifact Guard: available`,
+    `  Files scanned: ${guardResult.filesScanned}`,
+    `  Artifact kinds: ${artifactKinds.length > 0 ? artifactKinds.join(", ") : "none detected"}`,
+    `  Highest severity: ${highestSeverity}`,
+    `  Policy outcome: ${guardResult.policyOutcome.toUpperCase()}`,
+    `  Blocking findings: ${blockingCount}`,
+    `  Latest receipt: ${latestReceipt ? "available" : "none"}`,
+    `  Next: ${guardResult.nextBestAction}`
+  ];
+  if (guardResult.policyOutcome === "blocked") {
+    lines.push(``);
+    lines.push(`Readiness: NOT READY \u2014 critical findings must be resolved`);
+  } else if (guardResult.policyOutcome === "requires_approval") {
+    lines.push(``);
+    lines.push(`Readiness: REVIEW NEEDED \u2014 high-severity findings require approval`);
+  } else if (guardResult.policyOutcome === "warn") {
+    lines.push(``);
+    lines.push(`Readiness: READY (with warnings)`);
+  } else {
+    lines.push(``);
+    lines.push(`Readiness: READY`);
   }
-  const now = opts?.now ?? Date.now();
-  const lastUploadMs = state.lastUploadAt ? Date.parse(state.lastUploadAt) : 0;
-  const dueByInterval = lastUploadMs === 0 || now - lastUploadMs >= config2.uploadIntervalMs;
-  const dueByQueueSize = queuedCount >= config2.batchSize;
-  const dueByOpportunistic = lastUploadMs === 0 || now - lastUploadMs >= config2.opportunisticIntervalMs;
-  if (!opts?.force && !dueByInterval && !dueByQueueSize && !dueByOpportunistic) {
-    return { attempted: false, sent: false, reason: "not_due", queuedCount };
+  if (options.json) {
+    return {
+      exitCode: guardResult.policyOutcome === "blocked" ? 1 : 0,
+      stdout: lines.join("\n"),
+      json: {
+        routing: { active: state.activated },
+        artifactGuard: {
+          available: true,
+          filesScanned: guardResult.filesScanned,
+          artifactKinds,
+          highestSeverity,
+          policyOutcome: guardResult.policyOutcome,
+          riskScore: guardResult.riskScore,
+          blockingFindings: blockingCount,
+          counts: guardResult.counts,
+          latestReceipt: latestReceipt ? true : false,
+          nextBestAction: guardResult.nextBestAction
+        },
+        readiness: guardResult.policyOutcome === "blocked" ? "not_ready" : guardResult.policyOutcome === "requires_approval" ? "review_needed" : "ready"
+      }
+    };
   }
-  const { batch, queueIds } = buildBatch(dir, config2.batchSize);
-  if (!batch || queueIds.length === 0) {
-    return { attempted: false, sent: false, reason: "queue_empty", queuedCount };
+  return {
+    exitCode: guardResult.policyOutcome === "blocked" ? 1 : 0,
+    stdout: lines.join("\n")
+  };
+}
+function handleReceipt(dir, options) {
+  const sub = options.receiptSubcommand ?? "latest";
+  if (sub === "latest") {
+    const receipt = loadLatestReceipt(dir);
+    if (!receipt) {
+      return { exitCode: 0, stdout: "No artifact guard receipt found. Run `avorelo guard scan` first." };
+    }
+    if (options.json) {
+      return {
+        exitCode: 0,
+        stdout: JSON.stringify(receipt, null, 2),
+        json: receipt
+      };
+    }
+    const lines = [
+      `Latest Artifact Guard Receipt`,
+      `  Type: ${receipt.receiptType}`,
+      `  Scanned: ${receipt.scannedAt}`,
+      `  Files: ${receipt.filesScanned}`,
+      `  Findings: ${receipt.findingSummary.total}`,
+      `  Risk score: ${receipt.riskScore}/10`,
+      `  Outcome: ${receipt.policyOutcome.toUpperCase()}`,
+      `  Next: ${receipt.nextBestAction}`,
+      `  Raw content stored: ${receipt.contentStored}`
+    ];
+    return { exitCode: 0, stdout: lines.join("\n") };
   }
-  const controller = new AbortController();
-  const timeout = setTimeout(() => controller.abort(), TELEMETRY_TIMEOUT_MS);
-  try {
-    const response = await fetch(config2.endpointUrl, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(batch),
-      signal: controller.signal
-    });
-    clearTimeout(timeout);
-    if (response.ok) {
-      markTelemetryBatchSent(dir, queueIds, new Date(now).toISOString());
-      state.lastUploadAt = new Date(now).toISOString();
-      state.lastBatchId = batch.batchId;
-      state.lastBatchFailureAt = null;
-      state.lastBatchFailureCode = null;
-      state.acceptedBatches += 1;
-      writeTelemetryState(dir, state);
-      appendTransportEvent(dir, "telemetry_batch_sent");
-      return { attempted: true, sent: true, reason: "accepted", queuedCount };
+  return { exitCode: 2, stdout: "Usage: avorelo receipt latest" };
+}
+function handleGuard(dir, options) {
+  const sub = options.guardSubcommand ?? "scan";
+  if (sub === "explain") {
+    const ruleId = options.guardArgs?.[0];
+    if (!ruleId) {
+      return { exitCode: 2, stdout: "Usage: avorelo guard explain <ruleId>" };
     }
-    if (response.status >= 400 && response.status < 500) {
-      quarantineTelemetryBatch(dir, queueIds, `http_${response.status}`, now);
-      state.rejectedBatches += 1;
-      state.lastBatchFailureAt = new Date(now).toISOString();
-      state.lastBatchFailureCode = `http_${response.status}`;
-      writeTelemetryState(dir, state);
-      appendTransportEvent(dir, "telemetry_batch_failed", `http_${response.status}`);
-      return { attempted: true, sent: false, reason: `client_error_${response.status}`, queuedCount };
+    const rule = getRule(ruleId);
+    if (!rule) {
+      return { exitCode: 2, stdout: `Unknown rule: ${ruleId}` };
     }
-    markTelemetryBatchRetry(dir, queueIds, `http_${response.status}`, now);
-    state.lastBatchFailureAt = new Date(now).toISOString();
-    state.lastBatchFailureCode = `http_${response.status}`;
-    writeTelemetryState(dir, state);
-    appendTransportEvent(dir, "telemetry_batch_failed", `http_${response.status}`);
-    return { attempted: true, sent: false, reason: `server_error_${response.status}`, queuedCount };
-  } catch (error) {
-    clearTimeout(timeout);
-    const code = error instanceof Error && error.name === "AbortError" ? "timeout" : "network_error";
-    markTelemetryBatchRetry(dir, queueIds, code, now);
-    state.lastBatchFailureAt = new Date(now).toISOString();
-    state.lastBatchFailureCode = code;
-    writeTelemetryState(dir, state);
-    appendTransportEvent(dir, "telemetry_batch_failed", code);
-    return { attempted: true, sent: false, reason: code, queuedCount };
+    const lines = [
+      `Rule: ${rule.id}`,
+      `Title: ${rule.title}`,
+      `Severity: ${rule.severity}`,
+      `Category: ${rule.category}`,
+      `Description: ${rule.description}`,
+      `Recommended action: ${rule.recommendedAction}`,
+      `Applies to: ${rule.artifactKinds === "all" ? "all artifact kinds" : rule.artifactKinds.join(", ")}`
+    ];
+    return { exitCode: 0, stdout: lines.join("\n") };
+  }
+  const result3 = scan(dir);
+  const receipt = createReceipt(result3);
+  const receiptPath = storeReceipt(dir, receipt);
+  if (options.json) {
+    return {
+      exitCode: result3.policyOutcome === "blocked" ? 1 : 0,
+      stdout: toJson(result3),
+      json: result3
+    };
+  }
+  if (options.ci) {
+    return {
+      exitCode: result3.policyOutcome === "blocked" ? 1 : 0,
+      stdout: toJson(result3)
+    };
+  }
+  const report = renderReport(result3);
+  return {
+    exitCode: result3.policyOutcome === "blocked" ? 1 : 0,
+    stdout: `${report}
+Receipt: ${receiptPath}`
+  };
+}
+function handleCli(options, dir) {
+  switch (options.command) {
+    case "activate":
+      return handleActivate(dir, options);
+    case "status":
+      return handleStatus(dir, options);
+    case "doctor":
+      return handleDoctor(dir, options);
+    case "guard":
+      return handleGuard(dir, options);
+    case "readiness":
+      return handleReadiness(dir, options);
+    case "receipt":
+      return handleReceipt(dir, options);
+    case "run":
+      return { exitCode: 0, stdout: "run not implemented in guard handler" };
   }
 }
 
@@ -17695,6 +20107,10 @@ function help() {
     "",
     "  context check [--target <dir>] [--json] [--strict] [--ci]         Agent context integrity check",
     "",
+    "  guard scan [--target <dir>] [--json] [--ci]                       Scan agent artifacts for risks",
+    "  guard explain <rule-id>                                           Explain a detection rule",
+    "  receipt latest [--target <dir>] [--json]                           Show latest artifact guard receipt",
+    "",
     "  dogfood-learning status [--target <dir>] [--json]                 Show learning status",
     "  dogfood-learning preview [--target <dir>] [--json]                Preview sanitized learning payload",
     "  dogfood-learning send [--target <dir>] [--dry-run] [--json]       Send or queue learning signal",
@@ -17738,8 +20154,8 @@ async function cmdActivate(args) {
       const r2 = activate(target, { approve: true });
       persistReceipt(target, r2.receipt);
       const state2 = runFullActivation(target);
-      state2.setupSteps.push({ id: "hooks_installed", label: "Claude Code hooks installed", status: r2.ok ? "passed" : "blocked", evidencePath: join61(target, ".claude", "settings.json") });
-      if (r2.ok) state2.receipts.push({ id: r2.receipt.receiptId, path: join61(target, ".avorelo", "receipts", `${r2.receipt.receiptId}.json`), type: "activation_with_hooks" });
+      state2.setupSteps.push({ id: "hooks_installed", label: "Claude Code hooks installed", status: r2.ok ? "passed" : "blocked", evidencePath: join66(target, ".claude", "settings.json") });
+      if (r2.ok) state2.receipts.push({ id: r2.receipt.receiptId, path: join66(target, ".avorelo", "receipts", `${r2.receipt.receiptId}.json`), type: "activation_with_hooks" });
       persistActivationV2(target, state2);
       process.stdout.write(JSON.stringify({ ok: r2.ok, mode: "activate-with-hooks", target, installed: r2.validate.wellFormed, receipt: r2.receipt.receiptId }, null, 2) + "\n");
       return r2.ok ? 0 : 1;
@@ -17762,7 +20178,7 @@ Activation taxonomy: ${preflight.taxonomy}
     process.stderr.write("Continuing with activation despite warnings...\n\n");
   }
   const state = runFullActivation(target);
-  const contract = createWorkContract({ contractId: "canonical-activate", objective: "full local-first activation", allowedPaths: [join61(target, ".avorelo")], planTier: "Free" });
+  const contract = createWorkContract({ contractId: "canonical-activate", objective: "full local-first activation", allowedPaths: [join66(target, ".avorelo")], planTier: "Free" });
   const ledger = new StateLedger();
   const receipt = writeReceipt(ledger, {
     contractId: contract.contractId,
@@ -17777,7 +20193,7 @@ Activation taxonomy: ${preflight.taxonomy}
     redactionClasses: [],
     receiptId: "rcpt_canonical_activation"
   });
-  state.receipts.push({ id: receipt.receiptId, path: join61(target, ".avorelo", "receipts", `${receipt.receiptId}.json`), type: "canonical_activation" });
+  state.receipts.push({ id: receipt.receiptId, path: join66(target, ".avorelo", "receipts", `${receipt.receiptId}.json`), type: "canonical_activation" });
   persistActivationV2(target, state);
   persistReceipt(target, receipt);
   const detection = runFullDetection(target);
@@ -17790,7 +20206,7 @@ Activation taxonomy: ${preflight.taxonomy}
     `  Mode:       ${state.activationMode}`,
     `  Scope:      ${scope}`,
     `  Status:     ${state.activationStatus}`,
-    `  State:      ${join61(target, ACTIVATION_STATE_DIR, ACTIVATION_STATE_FILE)}`
+    `  State:      ${join66(target, ACTIVATION_STATE_DIR, ACTIVATION_STATE_FILE)}`
   ];
   if (fv.found.length > 0) {
     lines.push("", "  Found:");
@@ -17805,17 +20221,22 @@ Activation taxonomy: ${preflight.taxonomy}
     lines.push("", "  Fixed:");
     for (const f of fv.fixed) lines.push(`    ${f}`);
   }
-  if (fv.needsAttention.length > 0) {
+  const blockedItems = fv.needsAttention.filter((n) => n.startsWith("Blocked:"));
+  if (blockedItems.length > 0) {
     lines.push("", "  Needs attention:");
-    for (const n of fv.needsAttention) lines.push(`    ${n}`);
+    for (const n of blockedItems) lines.push(`    ${n}`);
   }
   lines.push(
     "",
     `  Run entry:  ${state.runEntry.installed ? "installed" : "not installed"}`,
-    `  Billing:    ${state.billing.status}`,
-    `  Auth:       ${state.auth.status}`,
-    `  Production: not ready`
+    `  Agent Guard: available`,
+    `  Receipts:   working`
   );
+  const optionalItems = fv.needsAttention.filter((n) => !n.startsWith("Blocked:"));
+  if (optionalItems.length > 0) {
+    lines.push("", "  Optional (not required for local activation):");
+    for (const n of optionalItems) lines.push(`    ${n}`);
+  }
   let linkResult = "no claim provided";
   if (claimToken) {
     const baseUrl = process.env.APP_BASE_URL ?? "https://app.avorelo.com";
@@ -17906,6 +20327,14 @@ async function cmdDoctor(args) {
   if (ctxResult.findings.length > 0) {
     for (const f of ctxResult.findings.slice(0, 3)) lines.push(`    ${f.severity}: ${f.message}`);
   }
+  const ccLatest = loadLatestRuntimeSession(target);
+  if (ccLatest?.contextControl) {
+    const cc = ccLatest.contextControl;
+    lines.push("");
+    lines.push(`  Context Control: ${cc.status} (reduction=${cc.reductionPercent}%, evidence=${cc.evidenceRefCount}, blocked=${cc.blockedItemsCount})`);
+    if (cc.blockedItemsCount > 0) lines.push(`    WARNING: ${cc.blockedItemsCount} context item(s) blocked by policy`);
+    if (cc.proofImpact === "degraded") lines.push(`    WARNING: proof impact is degraded \u2014 evidence refs may be incomplete`);
+  }
   try {
     const { getModelRegistry: getModelRegistry2, getLocalModels: getLocalModels2, getAllProviders: getAllProviders2, isProviderAvailable: isProviderAvailable2 } = (init_model_routing2(), __toCommonJS(model_routing_exports));
     const models = getModelRegistry2();
@@ -18043,6 +20472,7 @@ function cmdStatus(args) {
       `  detected:     ${[contract.gitDetected ? "git" : "no-git", contract.packageDetected ? "package" : "no-package"].join(", ")}`,
       `  workspace:    local-only \xB7 cloud not claimed`,
       `  last run:     ${latest ? `${latest.status} (${latest.runtimeSessionId})` : "none yet"}`,
+      `  ctx control:  ${latest?.contextControl ? `${latest.contextControl.status} \xB7 reduction=${latest.contextControl.reductionPercent}%` : "not yet run"}`,
       `  routing:      seamless model routing active (local-first, no credentials required)`,
       `  control ctr:  available \u2014 avorelo control-center --target .`,
       `  next:         ${contract.firstRunRecommended.command} \u2014 ${contract.firstRunRecommended.reason}`,
@@ -18071,7 +20501,7 @@ function cmdStatus(args) {
     `  activation:   ${state.activationStatus}`,
     `  mode:         ${state.activationMode}`,
     `  contract:     ${state.contract}`,
-    `  state:        ${join61(target, ACTIVATION_STATE_DIR, ACTIVATION_STATE_FILE)}`,
+    `  state:        ${join66(target, ACTIVATION_STATE_DIR, ACTIVATION_STATE_FILE)}`,
     `  hooks:        ${v.installed ? v.wellFormed ? "installed (6/6)" : `partial` : "not installed"}`
   ];
   if (isV2) {
@@ -18144,7 +20574,7 @@ function cmdVerify(args) {
   }
   const input = loadProofInput(target);
   if (input) {
-    const contract = createWorkContract({ contractId: "verify", objective: input.objective ?? "verify real-workflow proof", allowedPaths: [join61(target, "src")], planTier: "Free" });
+    const contract = createWorkContract({ contractId: "verify", objective: input.objective ?? "verify real-workflow proof", allowedPaths: [join66(target, "src")], planTier: "Free" });
     const r2 = evaluateProof({ contract, artifacts: input.artifacts, readbacks: input.readbacks, dir: target, sampleSize: input.sampleSize, receiptId: "rcpt_verify" });
     process.stdout.write(JSON.stringify({ scope: "full", activationState: { valid: true }, proof: { decision: r2.decision, confidence: r2.confidence } }, null, 2) + "\n");
     return r2.decision === "STOP_DONE" ? 0 : 1;
@@ -18153,13 +20583,13 @@ function cmdVerify(args) {
   return 0;
 }
 function cmdSite(args) {
-  const outDir = arg(args, "--out", join61(process.cwd(), ".avorelo", "site"));
+  const outDir = arg(args, "--out", join66(process.cwd(), ".avorelo", "site"));
   const r2 = buildSite(outDir);
   process.stdout.write(JSON.stringify({ ok: r2.ok, outDir: r2.outDir, indexPath: r2.indexPath, pages: r2.pages }, null, 2) + "\n");
   return r2.ok ? 0 : 1;
 }
 function cmdServe(args) {
-  const outDir = arg(args, "--out", join61(process.cwd(), ".avorelo", "site"));
+  const outDir = arg(args, "--out", join66(process.cwd(), ".avorelo", "site"));
   const port = Number(arg(args, "--port", "0"));
   buildSite(outDir);
   serve(outDir, { port: Number.isFinite(port) ? port : 0 }).then((h) => {
@@ -18191,7 +20621,7 @@ function cmdServe(args) {
 }
 function readStdinJson() {
   try {
-    const raw = readFileSync46(0, "utf8");
+    const raw = readFileSync50(0, "utf8");
     return raw.trim() ? JSON.parse(raw) : {};
   } catch {
     return {};
@@ -18215,9 +20645,9 @@ function cmdLifecycleHook(args) {
     const sourceLabel = String(ccEvent.tool_name ?? "").toLowerCase().includes("mcp") ? "tool_output" : "tool_output";
     const r3 = scanContent({ content: toolOutput, sourceKind: sourceLabel });
     try {
-      const dir = join61(cwd, ".avorelo", "secret-boundary");
-      mkdirSync39(dir, { recursive: true });
-      appendFileSync11(join61(dir, "receipts.jsonl"), JSON.stringify(redact(r3.receipt).value) + "\n");
+      const dir = join66(cwd, ".avorelo", "secret-boundary");
+      mkdirSync40(dir, { recursive: true });
+      appendFileSync11(join66(dir, "receipts.jsonl"), JSON.stringify(redact(r3.receipt).value) + "\n");
     } catch {
     }
     process.stdout.write(JSON.stringify({
@@ -18234,13 +20664,13 @@ function cmdLifecycleHook(args) {
   }
   const looksLikeToolRequest = payloadRaw && ccEvent.tool !== void 0 && ccEvent.workingDir !== void 0;
   const req = looksLikeToolRequest ? ccEvent : mapClaudeCodeEvent(ccEvent, cwd);
-  const contract = createWorkContract({ contractId: "hook", objective: "lifecycle hook", allowedPaths: [join61(cwd, "src")], planTier: "Free" });
+  const contract = createWorkContract({ contractId: "hook", objective: "lifecycle hook", allowedPaths: [join66(cwd, "src")], planTier: "Free" });
   const r2 = handleLifecycleHook(event, req, { contract });
   try {
-    const dir = join61(cwd, ".avorelo", "events");
-    mkdirSync39(dir, { recursive: true });
+    const dir = join66(cwd, ".avorelo", "events");
+    mkdirSync40(dir, { recursive: true });
     const entry = redact({ ts: Date.now(), event: r2.event, tool: req.tool, verdict: r2.verdict, reasonCodes: r2.reasonCodes, redactionClasses: r2.redactionClasses, latencyMs: r2.latencyMs }).value;
-    appendFileSync11(join61(dir, "hook-fires.jsonl"), JSON.stringify(entry) + "\n");
+    appendFileSync11(join66(dir, "hook-fires.jsonl"), JSON.stringify(entry) + "\n");
   } catch {
   }
   if (r2.exitCode === 2) {
@@ -18647,13 +21077,13 @@ function cmdTokenCost(args) {
   }
   if (sub === "import" || sub === "validate") {
     const file = arg(args, "--file");
-    if (!file || !existsSync62(file)) {
+    if (!file || !existsSync64(file)) {
       process.stderr.write("Usage: avorelo token-cost " + sub + " --file <path> [--json]\n");
       return 2;
     }
     let parsed;
     try {
-      parsed = JSON.parse(readFileSync46(file, "utf8"));
+      parsed = JSON.parse(readFileSync50(file, "utf8"));
     } catch {
       process.stderr.write("Invalid JSON file.\n");
       return 1;
@@ -18794,9 +21224,9 @@ function cmdContextCheck(args) {
   const ci = args.includes("--ci");
   const wcPath = arg(args, "--work-contract");
   let workContract;
-  if (wcPath && existsSync62(wcPath)) {
+  if (wcPath && existsSync64(wcPath)) {
     try {
-      workContract = JSON.parse(readFileSync46(wcPath, "utf8"));
+      workContract = JSON.parse(readFileSync50(wcPath, "utf8"));
     } catch {
     }
   }
@@ -18824,8 +21254,64 @@ function cmdContext(args) {
   const asJson = args.includes("--json");
   const task = args.slice(1).find((a) => !a.startsWith("--") && a !== target);
   if (sub === "check") return cmdContextCheck(args.slice(1));
+  if (sub === "stats") {
+    const latest = loadLatestRuntimeSession(target);
+    if (!latest?.contextControl) {
+      process.stderr.write("No context control data yet. Run a session first.\n");
+      return 1;
+    }
+    const cc = latest.contextControl;
+    process.stdout.write(renderContextStats({
+      contextControlStatus: cc.status === "optimized" ? "ACTIVE" : cc.status === "blocked" ? "BLOCKED" : "ACTIVE",
+      estimatedContextBefore: cc.estimatedContextBefore,
+      estimatedContextSent: cc.estimatedContextAfter,
+      reductionPercent: cc.reductionPercent,
+      evidenceRefCount: cc.evidenceRefCount,
+      blockedItemsCount: cc.blockedItemsCount,
+      retrievalAvailable: cc.retrievalAvailable,
+      proofImpact: cc.proofImpact,
+      topReasonCodes: cc.reasonCodes,
+      summary: `Context control ${cc.status}`
+    }) + "\n");
+    return 0;
+  }
+  if (sub === "explain") {
+    const latest = loadLatestRuntimeSession(target);
+    if (!latest?.contextControl) {
+      process.stderr.write("No context control data yet. Run a session first.\n");
+      return 1;
+    }
+    const cc = latest.contextControl;
+    process.stdout.write(renderContextExplain({
+      contextControlStatus: cc.status === "optimized" ? "ACTIVE" : cc.status === "blocked" ? "BLOCKED" : "ACTIVE",
+      estimatedContextBefore: cc.estimatedContextBefore,
+      estimatedContextSent: cc.estimatedContextAfter,
+      reductionPercent: cc.reductionPercent,
+      evidenceRefCount: cc.evidenceRefCount,
+      blockedItemsCount: cc.blockedItemsCount,
+      retrievalAvailable: cc.retrievalAvailable,
+      proofImpact: cc.proofImpact,
+      topReasonCodes: cc.reasonCodes,
+      summary: `Context control ${cc.status}`
+    }, []) + "\n");
+    return 0;
+  }
+  if (sub === "learn") {
+    if (!args.includes("--dry-run")) {
+      process.stderr.write("Usage: avorelo context learn --dry-run [--target <dir>]\nLearning candidates are dry-run only.\n");
+      return 2;
+    }
+    const result3 = generateLearningCandidates({ failurePatterns: [], receipts: [] });
+    process.stdout.write(`Learning candidates (dry-run): ${result3.candidates.length}
+`);
+    for (const c of result3.candidates) {
+      process.stdout.write(`  - [${c.priority}] ${c.label}: ${c.description}
+`);
+    }
+    return 0;
+  }
   if (sub !== "compile") {
-    process.stderr.write("Usage: avorelo context <compile|check> [args]\n");
+    process.stderr.write("Usage: avorelo context <compile|check|stats|explain|learn> [args]\n");
     return 2;
   }
   if (!task) {
@@ -18854,12 +21340,68 @@ function cmdContext(args) {
   ].filter(Boolean).join("\n"));
   return 0;
 }
+function cmdGuard(args) {
+  const sub = args[0];
+  const target = arg(args, "--target", process.cwd());
+  const asJson = args.includes("--json");
+  const ci = args.includes("--ci");
+  if (sub === "scan") {
+    const output = handleCli(
+      { command: "guard", json: asJson, verbose: false, guardSubcommand: "scan", ci },
+      target
+    );
+    process.stdout.write(output.stdout + "\n");
+    return output.exitCode;
+  }
+  if (sub === "explain") {
+    const ruleId = args[1];
+    const output = handleCli(
+      { command: "guard", json: false, verbose: false, guardSubcommand: "explain", guardArgs: [ruleId] },
+      target
+    );
+    process.stdout.write(output.stdout + "\n");
+    return output.exitCode;
+  }
+  process.stderr.write("Usage: avorelo guard <scan|explain> [args]\n");
+  return 2;
+}
+function cmdReceipt(args) {
+  const sub = args[0];
+  const target = arg(args, "--target", process.cwd());
+  const asJson = args.includes("--json");
+  if (sub === "latest" || sub === void 0) {
+    const output = handleCli(
+      { command: "receipt", json: asJson, verbose: false, receiptSubcommand: "latest" },
+      target
+    );
+    process.stdout.write(output.stdout + "\n");
+    const latest = loadLatestRuntimeSession(target);
+    if (latest?.contextControl && !asJson) {
+      const cc = latest.contextControl;
+      process.stdout.write([
+        "",
+        "Context Control:",
+        `  Status:          ${cc.status}`,
+        `  Context before:  ${cc.estimatedContextBefore}`,
+        `  Context after:   ${cc.estimatedContextAfter}`,
+        `  Reduction:       ${cc.reductionPercent}%`,
+        `  Evidence refs:   ${cc.evidenceRefCount}`,
+        `  Blocked items:   ${cc.blockedItemsCount}`,
+        `  Proof impact:    ${cc.proofImpact}`,
+        ""
+      ].join("\n"));
+    }
+    return output.exitCode;
+  }
+  process.stderr.write("Usage: avorelo receipt latest [--target <dir>] [--json]\n");
+  return 2;
+}
 function cmdSecretBoundary(args) {
   const sub = args[0];
   const asJson = args.includes("--json");
   let content = arg(args, "--content");
   const file = arg(args, "--file");
-  if (file && existsSync62(file)) content = readFileSync46(file, "utf8");
+  if (file && existsSync64(file)) content = readFileSync50(file, "utf8");
   if (content === void 0) content = "";
   if (sub === "scan" || sub === void 0) {
     const r2 = scanContent({ content, sourceKind: file ? "file" : "tool_output" });
@@ -18926,7 +21468,7 @@ function cmdExplain(args) {
   const changedFiles = [];
   for (const { adapter } of detected) {
     const surface = adapter.getInstructionSurface(target);
-    if (surface && existsSync62(surface)) changedFiles.push(surface);
+    if (surface && existsSync64(surface)) changedFiles.push(surface);
   }
   if (changedFiles.length > 0) {
     lines.push("  Changed:");
@@ -18940,7 +21482,7 @@ function cmdExplain(args) {
   lines.push("");
   lines.push(`  Hooks: ${hookValidation.installed ? "installed" : "not installed"}`);
   lines.push("  Cloud: off (local-first)");
-  lines.push(`  Receipts: ${join61(target, ".avorelo", "receipts")}`);
+  lines.push(`  Receipts: ${join66(target, ".avorelo", "receipts")}`);
   const sessionStatus = getSessionStatus(target);
   if (sessionStatus) {
     lines.push("");
@@ -19100,7 +21642,7 @@ function cmdFeedback(args) {
   }
   if (sub === "share") {
     const file = arg(args, "--file");
-    if (!file || !existsSync62(file)) {
+    if (!file || !existsSync64(file)) {
       process.stderr.write("Usage: avorelo feedback share --file <bundle-path>\n");
       return 2;
     }
@@ -19404,7 +21946,7 @@ No loop metadata found for ${loopId}.
   if (sub === "doctor") {
     const issues = [];
     const ok = [];
-    if (existsSync62(join61(target, ".git"))) {
+    if (existsSync64(join66(target, ".git"))) {
       ok.push("Git repository detected");
     } else {
       issues.push("Not a git repository \u2014 loop needs git for drift detection");
@@ -19414,12 +21956,12 @@ No loop metadata found for ${loopId}.
     } else {
       issues.push("Claude Code CLI not found \u2014 install it or ensure `claude` is on PATH");
     }
-    const testDir = join61(target, ".avorelo", "loops");
+    const testDir = join66(target, ".avorelo", "loops");
     try {
-      mkdirSync39(testDir, { recursive: true });
-      const testFile = join61(testDir, ".doctor_probe");
-      writeFileSync37(testFile, "probe");
-      unlinkSync4(testFile);
+      mkdirSync40(testDir, { recursive: true });
+      const testFile = join66(testDir, ".doctor_probe");
+      writeFileSync38(testFile, "probe");
+      unlinkSync5(testFile);
       ok.push("Storage writable (.avorelo/loops/)");
     } catch {
       issues.push("Cannot write to .avorelo/loops/ \u2014 check permissions");
@@ -19460,11 +22002,11 @@ function cmdUninstallAll(args) {
   const target = arg(args, "--target", process.cwd());
   const adapterResult = uninstallAll(target);
   const hookResult = uninstall(target);
-  const removed = [...adapterResult.removed, ...hookResult.restored ? [join61(target, ".claude", "settings.json")] : []];
+  const removed = [...adapterResult.removed, ...hookResult.restored ? [join66(target, ".claude", "settings.json")] : []];
   const preserved = adapterResult.preserved;
-  const avoreloDir2 = join61(target, ".avorelo");
+  const avoreloDir2 = join66(target, ".avorelo");
   try {
-    if (existsSync62(avoreloDir2)) {
+    if (existsSync64(avoreloDir2)) {
       rmSync3(avoreloDir2, { recursive: true, force: true });
       removed.push(avoreloDir2);
     }
@@ -20057,7 +22599,7 @@ function cmdConfig(args) {
 function avoreloVersion() {
   for (const rel of ["../package.json", "../../package.json", "../../../package.json", "../../../../package.json"]) {
     try {
-      const pkg = JSON.parse(readFileSync46(join61(import.meta.dirname, rel), "utf8"));
+      const pkg = JSON.parse(readFileSync50(join66(import.meta.dirname, rel), "utf8"));
       if (pkg.name === "avorelo" && pkg.version) return pkg.version;
     } catch {
     }
@@ -20168,6 +22710,10 @@ function main(argv) {
       return cmdReadiness(rest);
     case "loop":
       return cmdLoop(rest);
+    case "guard":
+      return cmdGuard(rest);
+    case "receipt":
+      return cmdReceipt(rest);
     default:
       return help();
   }
@@ -20348,6 +22894,7 @@ async function finalize(exitCode) {
   } catch {
   }
   if (_cmd !== "serve" && _cmd !== "webhook" && _cmd !== "sync") {
+    process.exitCode = exitCode;
     setTimeout(() => process.exit(exitCode), 50).unref();
   }
 }