ceo-orchestration 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2356) hide show
  1. package/.claude/adr/ADR-001-runtime-state-directory.md +164 -0
  2. package/.claude/adr/ADR-002-hooks-package-layout.md +228 -0
  3. package/.claude/adr/ADR-003-branch-protection-replaces-skill-signing.md +266 -0
  4. package/.claude/adr/ADR-004-defer-bash-legacy-removal.md +171 -0
  5. package/.claude/adr/ADR-005-event-stream-v2.md +153 -0
  6. package/.claude/adr/ADR-006-registry-derived-manifests.md +145 -0
  7. package/.claude/adr/ADR-007-spec-v1-semver-rc-policy.md +159 -0
  8. package/.claude/adr/ADR-008-hook-adapter-layer.md +169 -0
  9. package/.claude/adr/ADR-009-squad-contract.md +167 -0
  10. package/.claude/adr/ADR-010-canonical-edit-sentinel.md +181 -0
  11. package/.claude/adr/ADR-011-event-stream-v2.1-injection-flag.md +150 -0
  12. package/.claude/adr/ADR-012-cross-adapter-golden-fixtures.md +182 -0
  13. package/.claude/adr/ADR-013-squad-trading-hft.md +135 -0
  14. package/.claude/adr/ADR-014-hook-migration-batch-policy.md +197 -0
  15. package/.claude/adr/ADR-015-reflexion-v2-outcome-loop.md +248 -0
  16. package/.claude/adr/ADR-016-spawn-token-tracking.md +179 -0
  17. package/.claude/adr/ADR-017-lesson-pruning-policy.md +193 -0
  18. package/.claude/adr/ADR-018-claim-grammar.md +302 -0
  19. package/.claude/adr/ADR-019-AMEND-1-confidence-gate-block-mode-lifecycle.md +128 -0
  20. package/.claude/adr/ADR-019-AMEND-2-CLASS-SHA_EXISTS-promote-to-high-confidence-block.md +67 -0
  21. package/.claude/adr/ADR-019-confidence-gate-enforcement-lifecycle.md +221 -0
  22. package/.claude/adr/ADR-020-lesson-pruning-policy-v2.md +171 -0
  23. package/.claude/adr/ADR-021-e2e-harness-contract.md +189 -0
  24. package/.claude/adr/ADR-022-reserved-slot.md +52 -0
  25. package/.claude/adr/ADR-023-docs-freshness-lifecycle.md +184 -0
  26. package/.claude/adr/ADR-024-perf-baseline-policy.md +222 -0
  27. package/.claude/adr/ADR-025-squad-edtech.md +236 -0
  28. package/.claude/adr/ADR-026-squad-government.md +263 -0
  29. package/.claude/adr/ADR-027-unified-agent-state-backend.md +266 -0
  30. package/.claude/adr/ADR-028-multi-llm-canonical-parity.md +244 -0
  31. package/.claude/adr/ADR-029-lexical-tfidf-retrieval.md +205 -0
  32. package/.claude/adr/ADR-030-llm-as-judge-methodology.md +336 -0
  33. package/.claude/adr/ADR-031-self-improving-skills.md +221 -0
  34. package/.claude/adr/ADR-032-interactive-debate-protocol.md +337 -0
  35. package/.claude/adr/ADR-033-cost-budget-enforcement.md +275 -0
  36. package/.claude/adr/ADR-034-shared-working-memory.md +233 -0
  37. package/.claude/adr/ADR-035-otel-export.md +242 -0
  38. package/.claude/adr/ADR-036-output-safety.md +263 -0
  39. package/.claude/adr/ADR-037-chaos-testing-methodology.md +289 -0
  40. package/.claude/adr/ADR-038-session-graph-continuity.md +243 -0
  41. package/.claude/adr/ADR-039-skill-marketplace-protocol.md +170 -0
  42. package/.claude/adr/ADR-040-AMEND-2-credential-blocking.md +390 -0
  43. package/.claude/adr/ADR-040-live-adapter-activation-contract.md +285 -0
  44. package/.claude/adr/ADR-041-transition-log-convention.md +272 -0
  45. package/.claude/adr/ADR-042-AMEND-1-read-only-mcp-tools-expansion.md +214 -0
  46. package/.claude/adr/ADR-042-mcp-server-contract.md +727 -0
  47. package/.claude/adr/ADR-043-soc2-audit-trail-mapping.md +503 -0
  48. package/.claude/adr/ADR-044-formal-verification-pilot.md +505 -0
  49. package/.claude/adr/ADR-045-policy-as-code-engine.md +705 -0
  50. package/.claude/adr/ADR-046-deterministic-replay.md +167 -0
  51. package/.claude/adr/ADR-047-predictive-budgeting.md +213 -0
  52. package/.claude/adr/ADR-048-cross-plan-memory.md +227 -0
  53. package/.claude/adr/ADR-049-policy-engine-dual-path-deprecation.md +96 -0
  54. package/.claude/adr/ADR-049a-worktree-orchestration-policy.md +414 -0
  55. package/.claude/adr/ADR-050-native-subagents-dual-rail.md +165 -0
  56. package/.claude/adr/ADR-051-skill-reference-expanded-trust-boundary.md +282 -0
  57. package/.claude/adr/ADR-052-multi-model-dispatch-by-role.md +444 -0
  58. package/.claude/adr/ADR-053-sentinel-hmac-deferred.md +227 -0
  59. package/.claude/adr/ADR-054-AMEND-1-anthropic-admin-key-tier.md +131 -0
  60. package/.claude/adr/ADR-054-github-token-rotation.md +111 -0
  61. package/.claude/adr/ADR-055-AMEND-1-spool-writer-async-drain.md +170 -0
  62. package/.claude/adr/ADR-055-AMEND-2-chain-reset-marker.md +126 -0
  63. package/.claude/adr/ADR-055-AMEND-3-opportunistic-drain-nonblocking.md +183 -0
  64. package/.claude/adr/ADR-055-audit-log-hmac-chain.md +264 -0
  65. package/.claude/adr/ADR-056-hook-lifecycle-expansion.md +261 -0
  66. package/.claude/adr/ADR-057-output-scan-redaction.md +268 -0
  67. package/.claude/adr/ADR-058-brainstorm-gate-and-two-pass-review.md +240 -0
  68. package/.claude/adr/ADR-059-skill-bootstrap-env-knob.md +204 -0
  69. package/.claude/adr/ADR-060-curated-skill-import-pipeline.md +464 -0
  70. package/.claude/adr/ADR-061-runtime-cost-streaming.md +171 -0
  71. package/.claude/adr/ADR-062-AMEND-1-rag-conditional-default-on-supersedes-opt-in.md +232 -0
  72. package/.claude/adr/ADR-062-rag-sidecar-mcp-opt-in.md +231 -0
  73. package/.claude/adr/ADR-063-agent-eval-empirical-dispatch-validation.md +609 -0
  74. package/.claude/adr/ADR-064-dynamic-tier-policy-learned-dispatch.md +288 -0
  75. package/.claude/adr/ADR-065-audit-event-naming-convention.md +185 -0
  76. package/.claude/adr/ADR-066-context-mode-orthogonal-to-manifest.md +92 -0
  77. package/.claude/adr/ADR-067-ceo-model-downshift-static-routing.md +219 -0
  78. package/.claude/adr/ADR-069-wondelai-skills-import-refused.md +183 -0
  79. package/.claude/adr/ADR-070-audit-emit-package-layout.md +228 -0
  80. package/.claude/adr/ADR-071-benchmark-comparison-methodology.md +209 -0
  81. package/.claude/adr/ADR-072-test-discovery-via-conftest.md +184 -0
  82. package/.claude/adr/ADR-073-semver-bump-criteria-sprint-32.md +209 -0
  83. package/.claude/adr/ADR-074-sprint-32-phase-3-b1-refused.md +320 -0
  84. package/.claude/adr/ADR-075-sprint-32-phase-5-b5-benchmark-refused.md +250 -0
  85. package/.claude/adr/ADR-076-sprint-32-final-closure.md +218 -0
  86. package/.claude/adr/ADR-077-2026-04-24-webfetch-injection-incident.md +203 -0
  87. package/.claude/adr/ADR-078-sentinel-cosign-clarification.md +295 -0
  88. package/.claude/adr/ADR-079-prompt-sha-salt-hmac-impact.md +221 -0
  89. package/.claude/adr/ADR-080-rail-anomaly-h4-defense-in-depth.md +1143 -0
  90. package/.claude/adr/ADR-081-token-as-time-unit.md +272 -0
  91. package/.claude/adr/ADR-082-l7c-mitigation-default-on.md +240 -0
  92. package/.claude/adr/ADR-083-mcp-injection-scanner.md +225 -0
  93. package/.claude/adr/ADR-084-multi-adapter-refused-claude-only.md +152 -0
  94. package/.claude/adr/ADR-085-framework-landscape-claude-only.md +183 -0
  95. package/.claude/adr/ADR-086-checkpointing-refused.md +124 -0
  96. package/.claude/adr/ADR-087-AMEND-1-otel-consume-native-opt-in.md +217 -0
  97. package/.claude/adr/ADR-087-otel-emit-refused.md +136 -0
  98. package/.claude/adr/ADR-088-guardrails-library-refused.md +128 -0
  99. package/.claude/adr/ADR-089-sec-cluster-disposition.md +182 -0
  100. package/.claude/adr/ADR-090-framework-activation-defaults.md +217 -0
  101. package/.claude/adr/ADR-091-dogfood-validation-deferred.md +128 -0
  102. package/.claude/adr/ADR-092-plan-closure-honest-deferral.md +165 -0
  103. package/.claude/adr/ADR-093-refused-adr-moratorium.md +181 -0
  104. package/.claude/adr/ADR-094-claude-sdk-compat-version-pinning.md +160 -0
  105. package/.claude/adr/ADR-095-calendar-gate-retraction.md +202 -0
  106. package/.claude/adr/ADR-096-vibecoder-only-by-design.md +215 -0
  107. package/.claude/adr/ADR-097-function-length-advisory-permanent.md +186 -0
  108. package/.claude/adr/ADR-098-ceo-boot-audit-emit-register.md +251 -0
  109. package/.claude/adr/ADR-099-changesets-adoption.md +245 -0
  110. package/.claude/adr/ADR-100-trusted-dependencies-re-affirm.md +208 -0
  111. package/.claude/adr/ADR-101-replay-redact-helper.md +106 -0
  112. package/.claude/adr/ADR-102-mcp-introspection-extends-042.md +165 -0
  113. package/.claude/adr/ADR-103-calendar-gate-final-purge.md +121 -0
  114. package/.claude/adr/ADR-104-AMEND-1-aek-dated-promotion-criteria.md +338 -0
  115. package/.claude/adr/ADR-104-adaptive-execution-kernel-advisory.md +210 -0
  116. package/.claude/adr/ADR-105-multi-llm-coordinated-supersede.md +126 -0
  117. package/.claude/adr/ADR-106-codex-mcp-adapter-contract.md +153 -0
  118. package/.claude/adr/ADR-107-pair-rail-mandatory-l2-plus.md +189 -0
  119. package/.claude/adr/ADR-108-cross-llm-veto-floor.md +129 -0
  120. package/.claude/adr/ADR-109-codex-skill-rehash-protocol.md +104 -0
  121. package/.claude/adr/ADR-110-codex-pretool-enforcement.md +94 -0
  122. package/.claude/adr/ADR-111-locked-corpus-governance.md +191 -0
  123. package/.claude/adr/ADR-112-grandfather-cap-scope-clarification.md +192 -0
  124. package/.claude/adr/ADR-113-plan-084-canonical-guard-extension.md +59 -0
  125. package/.claude/adr/ADR-114-codex-egress-redaction-symmetry.md +72 -0
  126. package/.claude/adr/ADR-115-post-sota-maintenance-mode.md +152 -0
  127. package/.claude/adr/ADR-116-AMEND-1-kernel-extension-v2.md +640 -0
  128. package/.claude/adr/ADR-116-kernel-hard-deny-tier-0-extension.md +465 -0
  129. package/.claude/adr/ADR-117-adr-id-collision-rename-policy.md +279 -0
  130. package/.claude/adr/ADR-118-AMEND-1-phase-c-enforcing-flip.md +191 -0
  131. package/.claude/adr/ADR-118-god-mode-auto-usable-state.md +338 -0
  132. package/.claude/adr/ADR-119-sentinel-unlock-contract.md +133 -0
  133. package/.claude/adr/ADR-120-pii-core-promotion.md +280 -0
  134. package/.claude/adr/ADR-121-sentinel-signers-rotation-policy.md +434 -0
  135. package/.claude/adr/ADR-122-dpop-mcp-bearer-replay-defense.md +232 -0
  136. package/.claude/adr/ADR-123-streaming-adapter-canonical-source.md +130 -0
  137. package/.claude/adr/ADR-124-post-audit-sota-execution-mode.md +362 -0
  138. package/.claude/adr/ADR-125-risk-tiered-defaulting-doctrine.md +355 -0
  139. package/.claude/adr/ADR-126-governed-sidecar-capability-model.md +509 -0
  140. package/.claude/adr/ADR-127-pair-rail-advisory-promotion.md +218 -0
  141. package/.claude/adr/ADR-128-c2-vector-memory-capability-class.md +380 -0
  142. package/.claude/adr/ADR-129-AMEND-1-key-floor-waiver-lift.md +249 -0
  143. package/.claude/adr/ADR-129-c1-crypto-capability-class.md +289 -0
  144. package/.claude/adr/ADR-131-c5-dev-tools-capability-class.md +215 -0
  145. package/.claude/adr/ADR-132-goap-advisory-planning-doctrine.md +333 -0
  146. package/.claude/adr/ADR-133-autonomous-loop-opt-in-capability-doctrine.md +440 -0
  147. package/.claude/adr/ADR-135-AMEND-1-write-mode-trust-boundary.md +457 -0
  148. package/.claude/adr/ADR-135-AMEND-2-write-mode-activation.md +175 -0
  149. package/.claude/adr/ADR-135-federation-contract-mvp.md +253 -0
  150. package/.claude/adr/ADR-136-AMEND-1-workflow-primitive-adoption.md +139 -0
  151. package/.claude/adr/ADR-136-workflow-engine-doctrine.md +155 -0
  152. package/.claude/adr/ADR-137-skill-priority-stack-decision.md +162 -0
  153. package/.claude/adr/ADR-138-ac-format-priority-and-story-anchor.md +149 -0
  154. package/.claude/adr/ADR-139-coverage-doctrine-tiered.md +133 -0
  155. package/.claude/adr/ADR-140-receiving-review-doctrine.md +136 -0
  156. package/.claude/adr/ADR-141-reduce-protocol.md +124 -0
  157. package/.claude/adr/ADR-142-opus-4-8-model-bump.md +116 -0
  158. package/.claude/adr/ADR-143-git-hook-bypass-guard.md +166 -0
  159. package/.claude/adr/ADR-144-subagent-model-tiering-frontmatter.md +111 -0
  160. package/.claude/adr/ADR-145-cross-model-review-persona-demand-modality.md +103 -0
  161. package/.claude/adr/ADR-146-adversary-review-hook.md +122 -0
  162. package/.claude/adr/ADR-147-eval-harness-doctrine.md +109 -0
  163. package/.claude/adr/ADR-148-canonical-pricing-source.md +123 -0
  164. package/.claude/adr/ADR-149-model-id-allowlist.md +196 -0
  165. package/.claude/adr/ADR-150-commit-signing-policy.md +12 -0
  166. package/.claude/adr/ADR-151-fan-plan-advisory-bridge.md +178 -0
  167. package/.claude/adr/ADR-152-claude-md-decomposition.md +262 -0
  168. package/.claude/adr/ADR-153-compaction-continuity.md +141 -0
  169. package/.claude/adr/ADR-154-updatedinput-single-rewriter.md +68 -0
  170. package/.claude/adr/ADR-155-install-baseline-manifest.md +66 -0
  171. package/.claude/adr/ADR-156-constitution-sync-cascade.md +122 -0
  172. package/.claude/adr/README.md +392 -0
  173. package/.claude/adversary.md +116 -0
  174. package/.claude/agent-metrics.md +101 -0
  175. package/.claude/agents/_dispatch.md +30 -0
  176. package/.claude/agents/_probe_architect.md +45 -0
  177. package/.claude/agents/_probe_canonical_edit.md +46 -0
  178. package/.claude/agents/_probe_missing_skill.md +42 -0
  179. package/.claude/agents/code-reviewer.md +166 -0
  180. package/.claude/agents/devops.md +114 -0
  181. package/.claude/agents/identity-trust-architect.md +234 -0
  182. package/.claude/agents/incident-commander.md +285 -0
  183. package/.claude/agents/llm-finops-architect.md +265 -0
  184. package/.claude/agents/performance-engineer.md +148 -0
  185. package/.claude/agents/qa-architect.md +167 -0
  186. package/.claude/agents/security-engineer.md +192 -0
  187. package/.claude/agents/threat-detection-engineer.md +238 -0
  188. package/.claude/benchmarks/_schemas/judge-prompt.md +26 -0
  189. package/.claude/benchmarks/_schemas/judge-rubric-example.json +11 -0
  190. package/.claude/benchmarks/_schemas/judge-rubric.yaml +39 -0
  191. package/.claude/benchmarks/calibration-grades.jsonl +6 -0
  192. package/.claude/benchmarks/human-sample-calibration.md +232 -0
  193. package/.claude/benchmarks/judge-rotation-schedule.md +61 -0
  194. package/.claude/benchmarks/retrieval-judgment-set.yaml +194 -0
  195. package/.claude/benchmarks/tests/test_retrieval_recall_gate.py +330 -0
  196. package/.claude/commands/agent-budget.md +105 -0
  197. package/.claude/commands/architect.md +130 -0
  198. package/.claude/commands/audit-page.md +149 -0
  199. package/.claude/commands/audit-tokens.md +89 -0
  200. package/.claude/commands/ceo-boot.md +118 -0
  201. package/.claude/commands/ceo-info.md +71 -0
  202. package/.claude/commands/debate.md +258 -0
  203. package/.claude/commands/effort.md +99 -0
  204. package/.claude/commands/fan-plan.md +129 -0
  205. package/.claude/commands/goap.md +163 -0
  206. package/.claude/commands/lesson-review.md +66 -0
  207. package/.claude/commands/memory-scratchpad.md +100 -0
  208. package/.claude/commands/onboard.md +204 -0
  209. package/.claude/commands/pitfall.md +54 -0
  210. package/.claude/commands/resume.md +90 -0
  211. package/.claude/commands/self-test.md +83 -0
  212. package/.claude/commands/skill-review.md +102 -0
  213. package/.claude/commands/spawn.md +212 -0
  214. package/.claude/commands/squad-install.md +94 -0
  215. package/.claude/commands/status.md +177 -0
  216. package/.claude/commands/terse.md +81 -0
  217. package/.claude/commands/veto-check.md +63 -0
  218. package/.claude/data/audit-registry.golden.txt +306 -0
  219. package/.claude/data/canonical_models.json +1030 -0
  220. package/.claude/data/confidence-gate-class-tiers.json +24 -0
  221. package/.claude/data/cookbook_patterns.json +139 -0
  222. package/.claude/data/federation/enabled.md +34 -0
  223. package/.claude/data/federation/lan-enabled.md +38 -0
  224. package/.claude/data/federation/peers.example.yaml +89 -0
  225. package/.claude/data/goap/action-cost-baseline.json +29 -0
  226. package/.claude/dispatcher/disable_predicate_eval.py +630 -0
  227. package/.claude/dispatcher/routing-matrix-loader.py +874 -0
  228. package/.claude/dispatcher/routing-matrix.yaml +343 -0
  229. package/.claude/dispatcher/tests/conftest.py +11 -0
  230. package/.claude/dispatcher/tests/test_disable_predicate_eval.py +424 -0
  231. package/.claude/dispatcher/tests/test_routing_matrix_loader.py +461 -0
  232. package/.claude/docs/dpop-scope.md +79 -0
  233. package/.claude/docs/sentinel-signers-rotation-DRAFT.md +117 -0
  234. package/.claude/eval/README.md +73 -0
  235. package/.claude/eval/reporter.py +109 -0
  236. package/.claude/eval/runner.py +532 -0
  237. package/.claude/eval/self_test.yaml +57 -0
  238. package/.claude/eval/tasks/__init__.py +185 -0
  239. package/.claude/eval/tasks/t01_fix_off_by_one.py +52 -0
  240. package/.claude/eval/tasks/t02_implement_fizzbuzz.py +65 -0
  241. package/.claude/eval/tasks/t03_json_config_parse.py +80 -0
  242. package/.claude/eval/tasks/t04_refactor_dedupe.py +71 -0
  243. package/.claude/eval/tasks/t05_add_unit_test.py +77 -0
  244. package/.claude/eval/tasks/t06_palindrome.py +58 -0
  245. package/.claude/eval/tasks/t07_sql_param_fix.py +69 -0
  246. package/.claude/eval/tasks/t08_word_count.py +53 -0
  247. package/.claude/eval/tasks/t09_readme_doc.py +64 -0
  248. package/.claude/eval/tasks/t10_binary_search.py +58 -0
  249. package/.claude/frontend-team.md +202 -0
  250. package/.claude/governance/README.md +37 -0
  251. package/.claude/governance/audit_tokens_allowlist.json +37 -0
  252. package/.claude/governance/codex-cli-binary-sha256.txt +32 -0
  253. package/.claude/governance/codex-cli-pin.txt +26 -0
  254. package/.claude/governance/function-length-grandfather.yaml +2095 -0
  255. package/.claude/governance/governance-waivers.yaml +28 -0
  256. package/.claude/governance/pair-rail-inputs-hash-manifest.txt +32 -0
  257. package/.claude/governance/pair-rail-verdict-template.md +58 -0
  258. package/.claude/governance/pair-rail-verdict-v1.16.0-rc.1.md +120 -0
  259. package/.claude/governance/pair-rail-verdict-v1.16.0.md +64 -0
  260. package/.claude/gpg-revocations.jsonl +1 -0
  261. package/.claude/hooks/SessionEnd.py +353 -0
  262. package/.claude/hooks/SessionStart.py +345 -0
  263. package/.claude/hooks/Stop.py +195 -0
  264. package/.claude/hooks/UserPromptSubmit.py +329 -0
  265. package/.claude/hooks/_lib/EXECUTION-CONTEXT-DEFERRED.md +82 -0
  266. package/.claude/hooks/_lib/__init__.py +26 -0
  267. package/.claude/hooks/_lib/action_required.py +592 -0
  268. package/.claude/hooks/_lib/adapters/__init__.py +87 -0
  269. package/.claude/hooks/_lib/adapters/_constants.py +127 -0
  270. package/.claude/hooks/_lib/adapters/claude.py +167 -0
  271. package/.claude/hooks/_lib/adapters/codex.py +754 -0
  272. package/.claude/hooks/_lib/adapters/live/__init__.py +378 -0
  273. package/.claude/hooks/_lib/adapters/live/_breaker.py +309 -0
  274. package/.claude/hooks/_lib/adapters/live/_cost.py +389 -0
  275. package/.claude/hooks/_lib/adapters/live/_policy.py +319 -0
  276. package/.claude/hooks/_lib/adapters/live/_result.py +206 -0
  277. package/.claude/hooks/_lib/adapters/live/_transport.py +681 -0
  278. package/.claude/hooks/_lib/adapters/live/claude.py +1027 -0
  279. package/.claude/hooks/_lib/adapters/live/claude_batch.py +652 -0
  280. package/.claude/hooks/_lib/adapters/live/gemini.py +270 -0
  281. package/.claude/hooks/_lib/adapters/live/local.py +195 -0
  282. package/.claude/hooks/_lib/adapters/live/openai.py +371 -0
  283. package/.claude/hooks/_lib/adversary_rules.py +196 -0
  284. package/.claude/hooks/_lib/agent_frontmatter.py +288 -0
  285. package/.claude/hooks/_lib/audit_emit.py +11746 -0
  286. package/.claude/hooks/_lib/audit_emit_dispatch.py +179 -0
  287. package/.claude/hooks/_lib/audit_hmac.py +1146 -0
  288. package/.claude/hooks/_lib/audit_rotation.py +101 -0
  289. package/.claude/hooks/_lib/canonical_json.py +145 -0
  290. package/.claude/hooks/_lib/codex_cli_shape.py +502 -0
  291. package/.claude/hooks/_lib/codex_egress_redact.py +185 -0
  292. package/.claude/hooks/_lib/confidence_labels.py +338 -0
  293. package/.claude/hooks/_lib/contract.py +254 -0
  294. package/.claude/hooks/_lib/cookbook_patterns.py +136 -0
  295. package/.claude/hooks/_lib/cost_envelope.py +719 -0
  296. package/.claude/hooks/_lib/credentials.py +188 -0
  297. package/.claude/hooks/_lib/effective_config.py +767 -0
  298. package/.claude/hooks/_lib/egress_taxonomy.py +448 -0
  299. package/.claude/hooks/_lib/embeddings.py +322 -0
  300. package/.claude/hooks/_lib/env_guard.py +353 -0
  301. package/.claude/hooks/_lib/env_persist_allowlist.py +147 -0
  302. package/.claude/hooks/_lib/escalation_signals.py +335 -0
  303. package/.claude/hooks/_lib/estimation/__init__.py +12 -0
  304. package/.claude/hooks/_lib/estimation/bayesian.py +147 -0
  305. package/.claude/hooks/_lib/estimation/pipeline.py +209 -0
  306. package/.claude/hooks/_lib/exceptions.py +101 -0
  307. package/.claude/hooks/_lib/execution_context.py +208 -0
  308. package/.claude/hooks/_lib/federation/__init__.py +104 -0
  309. package/.claude/hooks/_lib/federation/audit_chain.py +118 -0
  310. package/.claude/hooks/_lib/federation/audit_chain_ext.py +408 -0
  311. package/.claude/hooks/_lib/federation/cert_inspector.py +573 -0
  312. package/.claude/hooks/_lib/federation/client.py +327 -0
  313. package/.claude/hooks/_lib/federation/handlers/__init__.py +30 -0
  314. package/.claude/hooks/_lib/federation/handlers/audit_event_batch.py +346 -0
  315. package/.claude/hooks/_lib/federation/handlers/audit_event_push.py +395 -0
  316. package/.claude/hooks/_lib/federation/handlers/peer_register.py +484 -0
  317. package/.claude/hooks/_lib/federation/handlers/peer_revoke.py +356 -0
  318. package/.claude/hooks/_lib/federation/identity.py +1056 -0
  319. package/.claude/hooks/_lib/federation/rate_limit.py +476 -0
  320. package/.claude/hooks/_lib/federation/replay.py +284 -0
  321. package/.claude/hooks/_lib/federation/scopes.py +168 -0
  322. package/.claude/hooks/_lib/federation/server.py +2218 -0
  323. package/.claude/hooks/_lib/file_walker.py +145 -0
  324. package/.claude/hooks/_lib/filelock.py +191 -0
  325. package/.claude/hooks/_lib/frontmatter.py +124 -0
  326. package/.claude/hooks/_lib/git_bypass.py +971 -0
  327. package/.claude/hooks/_lib/gpg_verify.py +356 -0
  328. package/.claude/hooks/_lib/guardrail_validator.py +478 -0
  329. package/.claude/hooks/_lib/injection_patterns.py +252 -0
  330. package/.claude/hooks/_lib/injection_salt.py +160 -0
  331. package/.claude/hooks/_lib/mcp/__init__.py +5 -0
  332. package/.claude/hooks/_lib/mcp/bearer_replay.py +279 -0
  333. package/.claude/hooks/_lib/mcp/canonical_guard.py +1140 -0
  334. package/.claude/hooks/_lib/mcp_bearer_friction.py +475 -0
  335. package/.claude/hooks/_lib/mcp_injection_scan.py +250 -0
  336. package/.claude/hooks/_lib/mcp_routing.py +151 -0
  337. package/.claude/hooks/_lib/memory_shared.py +592 -0
  338. package/.claude/hooks/_lib/metrics.py +241 -0
  339. package/.claude/hooks/_lib/model_routing.py +227 -0
  340. package/.claude/hooks/_lib/otel/__init__.py +34 -0
  341. package/.claude/hooks/_lib/otel/bounded_exporter.py +373 -0
  342. package/.claude/hooks/_lib/otel/hook_bridge.py +53 -0
  343. package/.claude/hooks/_lib/otel/queue.py +229 -0
  344. package/.claude/hooks/_lib/otel_emit.py +604 -0
  345. package/.claude/hooks/_lib/output_scan.py +1062 -0
  346. package/.claude/hooks/_lib/output_scan_dedup.py +379 -0
  347. package/.claude/hooks/_lib/pair_rail_decide.py +244 -0
  348. package/.claude/hooks/_lib/payload.py +195 -0
  349. package/.claude/hooks/_lib/persona_routing.py +244 -0
  350. package/.claude/hooks/_lib/pii_patterns.py +851 -0
  351. package/.claude/hooks/_lib/plan_frontmatter.py +166 -0
  352. package/.claude/hooks/_lib/policy.py +1527 -0
  353. package/.claude/hooks/_lib/policy_preprocessors.py +462 -0
  354. package/.claude/hooks/_lib/rag_bridge.py +624 -0
  355. package/.claude/hooks/_lib/rag_events.py +171 -0
  356. package/.claude/hooks/_lib/rag_router.py +253 -0
  357. package/.claude/hooks/_lib/redact.py +228 -0
  358. package/.claude/hooks/_lib/replay_redact.py +511 -0
  359. package/.claude/hooks/_lib/scratchpad_lib.py +225 -0
  360. package/.claude/hooks/_lib/secret_patterns.py +905 -0
  361. package/.claude/hooks/_lib/sentinel_signers.py +740 -0
  362. package/.claude/hooks/_lib/spec_context_sanitizer.py +258 -0
  363. package/.claude/hooks/_lib/spool_writer.py +2613 -0
  364. package/.claude/hooks/_lib/state_store.py +476 -0
  365. package/.claude/hooks/_lib/subagent_dispatch.py +244 -0
  366. package/.claude/hooks/_lib/swarm_circuit_breaker.py +203 -0
  367. package/.claude/hooks/_lib/swarm_enable_gate.py +152 -0
  368. package/.claude/hooks/_lib/team.py +128 -0
  369. package/.claude/hooks/_lib/test_isolation.py +352 -0
  370. package/.claude/hooks/_lib/testing.py +351 -0
  371. package/.claude/hooks/_lib/tests/federation/test_federation_attack_surface.py +251 -0
  372. package/.claude/hooks/_lib/tests/federation/test_federation_audit_stitching.py +135 -0
  373. package/.claude/hooks/_lib/tests/federation/test_federation_identity.py +234 -0
  374. package/.claude/hooks/_lib/tests/federation/test_federation_replay.py +204 -0
  375. package/.claude/hooks/_lib/tests/federation/test_federation_sentinel_stage2.py +214 -0
  376. package/.claude/hooks/_lib/tests/federation/test_federation_server.py +385 -0
  377. package/.claude/hooks/_lib/tests/test_confidence_gate_class_block.py +313 -0
  378. package/.claude/hooks/_lib/tests/test_cost_envelope.py +759 -0
  379. package/.claude/hooks/_lib/tests/test_execution_context.py +254 -0
  380. package/.claude/hooks/_lib/tests/test_goap_advisory_invariant.py +134 -0
  381. package/.claude/hooks/_lib/tests/test_goap_planner.py +368 -0
  382. package/.claude/hooks/_lib/tests/test_plan104_audit_emit.py +324 -0
  383. package/.claude/hooks/_lib/tests/test_plan104_demand_resolver.py +584 -0
  384. package/.claude/hooks/_lib/tests/test_plan104_demand_scan.py +164 -0
  385. package/.claude/hooks/_lib/tests/test_plan104_microbench.py +109 -0
  386. package/.claude/hooks/_lib/tests/test_plan104_waive_parser.py +113 -0
  387. package/.claude/hooks/_lib/tests/test_plan105_audit_emit.py +259 -0
  388. package/.claude/hooks/_lib/tests/test_plan105_check_roadmap_binding.py +68 -0
  389. package/.claude/hooks/_lib/tests/test_plan105_goap_planner.py +158 -0
  390. package/.claude/hooks/_lib/tests/test_plan105_spawn_outcome.py +234 -0
  391. package/.claude/hooks/_lib/tests/test_rag_dead_code_disposition.py +262 -0
  392. package/.claude/hooks/_lib/tests/test_rag_router.py +209 -0
  393. package/.claude/hooks/_lib/tests/test_swarm_circuit_breaker.py +278 -0
  394. package/.claude/hooks/_lib/tests/test_swarm_kill_switch_chain.py +360 -0
  395. package/.claude/hooks/_lib/tier_policy/__init__.py +123 -0
  396. package/.claude/hooks/_lib/tier_policy/_agent_frontmatter.py +509 -0
  397. package/.claude/hooks/_lib/tier_policy/_constants.py +376 -0
  398. package/.claude/hooks/_lib/tier_policy/_types.py +355 -0
  399. package/.claude/hooks/_lib/tier_policy/fixtures/baseline.json +17 -0
  400. package/.claude/hooks/_lib/tier_policy/fixtures/oversize_64kib.json +1 -0
  401. package/.claude/hooks/_lib/tier_policy/fixtures/prototype_pollution_attack.yaml +14 -0
  402. package/.claude/hooks/_lib/tier_policy/fixtures/schema_v1_sample.json +5 -0
  403. package/.claude/hooks/_lib/tier_policy/fixtures/schema_v2_sample.json +17 -0
  404. package/.claude/hooks/_lib/tier_policy/fixtures/yaml_bomb_attack.yaml +20 -0
  405. package/.claude/hooks/_lib/tier_policy/loader.py +476 -0
  406. package/.claude/hooks/_lib/tokens.py +136 -0
  407. package/.claude/hooks/_lib/tool_lifecycle.py +488 -0
  408. package/.claude/hooks/_lib/trusted_env.py +77 -0
  409. package/.claude/hooks/_python-hook.sh +242 -0
  410. package/.claude/hooks/accel_dispatch.py +172 -0
  411. package/.claude/hooks/adequacy_gate.py +424 -0
  412. package/.claude/hooks/audit_log.py +1352 -0
  413. package/.claude/hooks/auto_boot.py +518 -0
  414. package/.claude/hooks/check_adversary.py +273 -0
  415. package/.claude/hooks/check_agent_spawn.py +2696 -0
  416. package/.claude/hooks/check_anti_ceo_overhead.py +786 -0
  417. package/.claude/hooks/check_arbitration_kernel.py +544 -0
  418. package/.claude/hooks/check_bash_canonical_forensic.py +180 -0
  419. package/.claude/hooks/check_bash_safety.py +1483 -0
  420. package/.claude/hooks/check_budget.py +916 -0
  421. package/.claude/hooks/check_canonical_edit.py +1197 -0
  422. package/.claude/hooks/check_closeout_guard.py +154 -0
  423. package/.claude/hooks/check_codex_filewrite.py +366 -0
  424. package/.claude/hooks/check_codex_response.py +403 -0
  425. package/.claude/hooks/check_confidence_gate.py +545 -0
  426. package/.claude/hooks/check_config_change.py +346 -0
  427. package/.claude/hooks/check_config_protection.py +381 -0
  428. package/.claude/hooks/check_cost_envelope.py +286 -0
  429. package/.claude/hooks/check_fluency_nudge.py +747 -0
  430. package/.claude/hooks/check_mcp_response.py +234 -0
  431. package/.claude/hooks/check_output_safety.py +237 -0
  432. package/.claude/hooks/check_output_secrets.py +518 -0
  433. package/.claude/hooks/check_pair_rail.py +1700 -0
  434. package/.claude/hooks/check_plan_edit.py +905 -0
  435. package/.claude/hooks/check_postcompact_reinject.py +265 -0
  436. package/.claude/hooks/check_precompact_continuity.py +379 -0
  437. package/.claude/hooks/check_protocol_semver_cascade.py +401 -0
  438. package/.claude/hooks/check_read_injection.py +366 -0
  439. package/.claude/hooks/check_scratchpad_access.py +228 -0
  440. package/.claude/hooks/check_setup_verification.py +297 -0
  441. package/.claude/hooks/check_skill_bootstrap_post.py +339 -0
  442. package/.claude/hooks/check_skill_patch_sentinel.py +413 -0
  443. package/.claude/hooks/check_skill_reference_read.py +518 -0
  444. package/.claude/hooks/check_subagent_fabrication.py +45 -0
  445. package/.claude/hooks/check_subagent_start.py +232 -0
  446. package/.claude/hooks/check_tier_policy.py +211 -0
  447. package/.claude/hooks/check_tier_policy_misrouting_24h.py +187 -0
  448. package/.claude/hooks/check_webfetch_injection.py +277 -0
  449. package/.claude/hooks/check_worktree_writer.py +773 -0
  450. package/.claude/hooks/codex_review_user_code.py +304 -0
  451. package/.claude/hooks/emit_architect_outcome.py +232 -0
  452. package/.claude/hooks/latency_report.py +343 -0
  453. package/.claude/hooks/policy_dispatch.py +168 -0
  454. package/.claude/hooks/review_loop.py +560 -0
  455. package/.claude/hooks/route.py +115 -0
  456. package/.claude/hooks/tests/_agent_fixture.py +153 -0
  457. package/.claude/hooks/tests/adapters/__init__.py +0 -0
  458. package/.claude/hooks/tests/adapters/live/__init__.py +0 -0
  459. package/.claude/hooks/tests/adapters/live/test_adapters.py +488 -0
  460. package/.claude/hooks/tests/adapters/live/test_audit_wiring.py +81 -0
  461. package/.claude/hooks/tests/adapters/live/test_breaker.py +272 -0
  462. package/.claude/hooks/tests/adapters/live/test_cost.py +191 -0
  463. package/.claude/hooks/tests/adapters/live/test_o7_modernization.py +670 -0
  464. package/.claude/hooks/tests/adapters/live/test_policy.py +168 -0
  465. package/.claude/hooks/tests/conftest.py +139 -0
  466. package/.claude/hooks/tests/fixtures/adapters/claude/in/agent_spawn_compliant.json +9 -0
  467. package/.claude/hooks/tests/fixtures/adapters/claude/in/bash_safe_command.json +8 -0
  468. package/.claude/hooks/tests/fixtures/adapters/claude/in/post_audit_event.json +1 -0
  469. package/.claude/hooks/tests/fixtures/adapters/claude/out/allow.json +1 -0
  470. package/.claude/hooks/tests/fixtures/adapters/claude/out/block_with_reason.json +1 -0
  471. package/.claude/hooks/tests/fixtures/adapters/codex/in/.gitkeep +1 -0
  472. package/.claude/hooks/tests/fixtures/adapters/codex/out/.gitkeep +1 -0
  473. package/.claude/hooks/tests/fixtures/adapters/gemini/GAPS.md +46 -0
  474. package/.claude/hooks/tests/fixtures/adapters/gemini/in/agent_spawn_minimal.json +1 -0
  475. package/.claude/hooks/tests/fixtures/adapters/gemini/in/bash_minimal.json +1 -0
  476. package/.claude/hooks/tests/fixtures/adapters/gemini/out/allow.json +1 -0
  477. package/.claude/hooks/tests/fixtures/adapters/local/in/agent_spawn_ollama.json +19 -0
  478. package/.claude/hooks/tests/fixtures/adapters/local/in/bash_minimal.json +8 -0
  479. package/.claude/hooks/tests/fixtures/adapters/local/out/allow.json +1 -0
  480. package/.claude/hooks/tests/fixtures/adapters/openai/in/agent_spawn_chat_completions.json +13 -0
  481. package/.claude/hooks/tests/fixtures/adapters/openai/in/bash_responses_api.json +9 -0
  482. package/.claude/hooks/tests/fixtures/adapters/openai/out/allow.json +1 -0
  483. package/.claude/hooks/tests/fixtures/anti_ceo_overhead/should-NOT-block-on-Y.ndjson +13 -0
  484. package/.claude/hooks/tests/fixtures/anti_ceo_overhead/should-block-on-X.ndjson +9 -0
  485. package/.claude/hooks/tests/fixtures/byte_identity/__init__.py +5 -0
  486. package/.claude/hooks/tests/fixtures/byte_identity/bash_safety_fuzzer.py +287 -0
  487. package/.claude/hooks/tests/fixtures/byte_identity/plan_edit_fuzzer.py +364 -0
  488. package/.claude/hooks/tests/fixtures/exchange_keys/negative/aws-iam-policy-arn-id-25.txt +2 -0
  489. package/.claude/hooks/tests/fixtures/exchange_keys/negative/blog-paragraph-18.txt +1 -0
  490. package/.claude/hooks/tests/fixtures/exchange_keys/negative/boilerplate-26.txt +4 -0
  491. package/.claude/hooks/tests/fixtures/exchange_keys/negative/cdn-cache-key-12.txt +2 -0
  492. package/.claude/hooks/tests/fixtures/exchange_keys/negative/certificate-fingerprint-10.txt +2 -0
  493. package/.claude/hooks/tests/fixtures/exchange_keys/negative/changelog-19.txt +1 -0
  494. package/.claude/hooks/tests/fixtures/exchange_keys/negative/commit-sha-01.txt +4 -0
  495. package/.claude/hooks/tests/fixtures/exchange_keys/negative/django-csrf-token-24.txt +3 -0
  496. package/.claude/hooks/tests/fixtures/exchange_keys/negative/docker-image-04.txt +2 -0
  497. package/.claude/hooks/tests/fixtures/exchange_keys/negative/docs-example-22.txt +3 -0
  498. package/.claude/hooks/tests/fixtures/exchange_keys/negative/haiku-20.txt +1 -0
  499. package/.claude/hooks/tests/fixtures/exchange_keys/negative/hex-placeholder-15.txt +3 -0
  500. package/.claude/hooks/tests/fixtures/exchange_keys/negative/hex-short-23.txt +5 -0
  501. package/.claude/hooks/tests/fixtures/exchange_keys/negative/image-thumbnail-09.txt +3 -0
  502. package/.claude/hooks/tests/fixtures/exchange_keys/negative/jwt-payload-decoded-08.txt +3 -0
  503. package/.claude/hooks/tests/fixtures/exchange_keys/negative/kubernetes-uid-06.txt +3 -0
  504. package/.claude/hooks/tests/fixtures/exchange_keys/negative/md5-hash-02.txt +2 -0
  505. package/.claude/hooks/tests/fixtures/exchange_keys/negative/phone-number-16.txt +3 -0
  506. package/.claude/hooks/tests/fixtures/exchange_keys/negative/postgres-uuid-05.txt +2 -0
  507. package/.claude/hooks/tests/fixtures/exchange_keys/negative/redis-cluster-node-13.txt +3 -0
  508. package/.claude/hooks/tests/fixtures/exchange_keys/negative/session-token-11.txt +3 -0
  509. package/.claude/hooks/tests/fixtures/exchange_keys/negative/sha256-checksum-03.txt +3 -0
  510. package/.claude/hooks/tests/fixtures/exchange_keys/negative/short-token-21.txt +2 -0
  511. package/.claude/hooks/tests/fixtures/exchange_keys/negative/software-license-14.txt +4 -0
  512. package/.claude/hooks/tests/fixtures/exchange_keys/negative/telemetry-trace-07.txt +3 -0
  513. package/.claude/hooks/tests/fixtures/exchange_keys/negative/zip-postal-17.txt +4 -0
  514. package/.claude/hooks/tests/fixtures/exchange_keys/positive/binance-api-key-alnum-03.txt +1 -0
  515. package/.claude/hooks/tests/fixtures/exchange_keys/positive/binance-api-key-hex-01.txt +3 -0
  516. package/.claude/hooks/tests/fixtures/exchange_keys/positive/binance-api-key-hex-02.txt +2 -0
  517. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bip39-mnemonic-12-31.txt +2 -0
  518. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bip39-mnemonic-12-33.txt +2 -0
  519. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bip39-mnemonic-24-32.txt +2 -0
  520. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bitfinex-api-key-11.txt +1 -0
  521. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bitfinex-api-key-12.txt +1 -0
  522. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bitfinex-api-key-13.txt +2 -0
  523. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bitstamp-api-key-30.txt +3 -0
  524. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bitstamp-customer-id-29.txt +2 -0
  525. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bybit-api-key-18.txt +2 -0
  526. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bybit-api-key-19.txt +1 -0
  527. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bybit-api-secret-20.txt +1 -0
  528. package/.claude/hooks/tests/fixtures/exchange_keys/positive/bybit-combined-21.txt +3 -0
  529. package/.claude/hooks/tests/fixtures/exchange_keys/positive/coinbase-api-key-uuid-04.txt +2 -0
  530. package/.claude/hooks/tests/fixtures/exchange_keys/positive/coinbase-api-secret-b64-05.txt +1 -0
  531. package/.claude/hooks/tests/fixtures/exchange_keys/positive/coinbase-combined-07.txt +4 -0
  532. package/.claude/hooks/tests/fixtures/exchange_keys/positive/coinbase-passphrase-06.txt +1 -0
  533. package/.claude/hooks/tests/fixtures/exchange_keys/positive/evm-private-key-34.txt +2 -0
  534. package/.claude/hooks/tests/fixtures/exchange_keys/positive/evm-private-key-35.txt +1 -0
  535. package/.claude/hooks/tests/fixtures/exchange_keys/positive/evm-private-key-36.txt +2 -0
  536. package/.claude/hooks/tests/fixtures/exchange_keys/positive/generic-api-key-37.txt +2 -0
  537. package/.claude/hooks/tests/fixtures/exchange_keys/positive/generic-api-key-38.txt +3 -0
  538. package/.claude/hooks/tests/fixtures/exchange_keys/positive/generic-api-key-39.txt +2 -0
  539. package/.claude/hooks/tests/fixtures/exchange_keys/positive/kraken-api-key-08.txt +1 -0
  540. package/.claude/hooks/tests/fixtures/exchange_keys/positive/kraken-api-secret-09.txt +1 -0
  541. package/.claude/hooks/tests/fixtures/exchange_keys/positive/kraken-combined-10.txt +4 -0
  542. package/.claude/hooks/tests/fixtures/exchange_keys/positive/kucoin-api-key-uuid-26.txt +2 -0
  543. package/.claude/hooks/tests/fixtures/exchange_keys/positive/kucoin-api-secret-uuid-27.txt +1 -0
  544. package/.claude/hooks/tests/fixtures/exchange_keys/positive/kucoin-passphrase-28.txt +1 -0
  545. package/.claude/hooks/tests/fixtures/exchange_keys/positive/okx-api-key-uuid-22.txt +1 -0
  546. package/.claude/hooks/tests/fixtures/exchange_keys/positive/okx-api-secret-23.txt +2 -0
  547. package/.claude/hooks/tests/fixtures/exchange_keys/positive/okx-combined-25.txt +4 -0
  548. package/.claude/hooks/tests/fixtures/exchange_keys/positive/okx-passphrase-24.txt +1 -0
  549. package/.claude/hooks/tests/fixtures/hooks/audit_log/in.json +1 -0
  550. package/.claude/hooks/tests/fixtures/hooks/audit_log/out.json +0 -0
  551. package/.claude/hooks/tests/fixtures/hooks/check_agent_spawn/in.json +1 -0
  552. package/.claude/hooks/tests/fixtures/hooks/check_agent_spawn/out.json +1 -0
  553. package/.claude/hooks/tests/fixtures/hooks/check_bash_safety/in.json +1 -0
  554. package/.claude/hooks/tests/fixtures/hooks/check_bash_safety/out.json +1 -0
  555. package/.claude/hooks/tests/fixtures/hooks/check_canonical_edit/in.json +1 -0
  556. package/.claude/hooks/tests/fixtures/hooks/check_canonical_edit/out.json +1 -0
  557. package/.claude/hooks/tests/fixtures/hooks/check_confidence_gate/in.json +1 -0
  558. package/.claude/hooks/tests/fixtures/hooks/check_confidence_gate/out.json +1 -0
  559. package/.claude/hooks/tests/fixtures/hooks/check_plan_edit/in.json +1 -0
  560. package/.claude/hooks/tests/fixtures/hooks/check_plan_edit/out.json +1 -0
  561. package/.claude/hooks/tests/fixtures/hooks/check_read_injection/in.json +1 -0
  562. package/.claude/hooks/tests/fixtures/hooks/check_read_injection/out.json +1 -0
  563. package/.claude/hooks/tests/fixtures/lifecycle/concurrent_interleaved.json +36 -0
  564. package/.claude/hooks/tests/fixtures/lifecycle/orphaned_pre.json +8 -0
  565. package/.claude/hooks/tests/fixtures/lifecycle/paired_bash_post.json +8 -0
  566. package/.claude/hooks/tests/fixtures/lifecycle/paired_bash_pre.json +9 -0
  567. package/.claude/hooks/tests/fixtures/normalized/agent_spawn_chat_completions.json +36 -0
  568. package/.claude/hooks/tests/fixtures/normalized/agent_spawn_compliant.json +24 -0
  569. package/.claude/hooks/tests/fixtures/normalized/agent_spawn_minimal.json +24 -0
  570. package/.claude/hooks/tests/fixtures/normalized/agent_spawn_ollama.json +42 -0
  571. package/.claude/hooks/tests/fixtures/normalized/bash_minimal.json +23 -0
  572. package/.claude/hooks/tests/fixtures/normalized/bash_responses_api.json +32 -0
  573. package/.claude/hooks/tests/fixtures/normalized/bash_safe_command.json +23 -0
  574. package/.claude/hooks/tests/fixtures/normalized/post_audit_event.json +31 -0
  575. package/.claude/hooks/tests/fixtures/output_safety/control/01_random_hash_log.txt +1 -0
  576. package/.claude/hooks/tests/fixtures/output_safety/control/02_docs_mention_email_no_address.txt +1 -0
  577. package/.claude/hooks/tests/fixtures/output_safety/control/03_partial_jwt_two_segments.txt +1 -0
  578. package/.claude/hooks/tests/fixtures/output_safety/control/04_random_11_digits_no_cpf_context.txt +1 -0
  579. package/.claude/hooks/tests/fixtures/output_safety/control/05_credit_card_shape_invalid_luhn.txt +1 -0
  580. package/.claude/hooks/tests/fixtures/output_safety/positive/01_api_key_anthropic.txt +1 -0
  581. package/.claude/hooks/tests/fixtures/output_safety/positive/02_api_key_github_pat_classic.txt +1 -0
  582. package/.claude/hooks/tests/fixtures/output_safety/positive/03_api_key_github_fine_grained.txt +1 -0
  583. package/.claude/hooks/tests/fixtures/output_safety/positive/04_api_key_aws_access_key.txt +1 -0
  584. package/.claude/hooks/tests/fixtures/output_safety/positive/05_api_key_aws_secret_assignment.txt +1 -0
  585. package/.claude/hooks/tests/fixtures/output_safety/positive/06_jwt.txt +1 -0
  586. package/.claude/hooks/tests/fixtures/output_safety/positive/07_bearer.txt +1 -0
  587. package/.claude/hooks/tests/fixtures/output_safety/positive/08_cpf_with_context.txt +1 -0
  588. package/.claude/hooks/tests/fixtures/output_safety/positive/09_cnpj_with_context.txt +1 -0
  589. package/.claude/hooks/tests/fixtures/output_safety/positive/10_credit_card_luhn_valid.txt +1 -0
  590. package/.claude/hooks/tests/fixtures/output_safety/positive/11_email_in_login_context.txt +1 -0
  591. package/.claude/hooks/tests/fixtures/output_safety/positive/12_nfkc_full_width.txt +1 -0
  592. package/.claude/hooks/tests/fixtures/output_safety/positive/13_zero_width_evasion.txt +1 -0
  593. package/.claude/hooks/tests/fixtures/output_safety/positive/14_bidi_evasion.txt +1 -0
  594. package/.claude/hooks/tests/fixtures/output_safety/positive/15_base64_encoded_secret.txt +1 -0
  595. package/.claude/hooks/tests/fixtures/output_scan/scenarios.jsonl +45 -0
  596. package/.claude/hooks/tests/fixtures/sample_payload_clean.json +13 -0
  597. package/.claude/hooks/tests/fixtures/sample_payload_with_secrets.json +12 -0
  598. package/.claude/hooks/tests/mutations/README.md +86 -0
  599. package/.claude/hooks/tests/mutations/__init__.py +14 -0
  600. package/.claude/hooks/tests/mutations/engine_mutations/__init__.py +15 -0
  601. package/.claude/hooks/tests/mutations/engine_mutations/mutation_01_parser_accepts_anchor.py +51 -0
  602. package/.claude/hooks/tests/mutations/engine_mutations/mutation_02_parser_skip_depth_limit.py +38 -0
  603. package/.claude/hooks/tests/mutations/engine_mutations/mutation_03_parser_accept_multi_doc.py +47 -0
  604. package/.claude/hooks/tests/mutations/engine_mutations/mutation_04_parser_accepts_bom.py +41 -0
  605. package/.claude/hooks/tests/mutations/engine_mutations/mutation_05_parser_scalar_len_off_by_one.py +61 -0
  606. package/.claude/hooks/tests/mutations/engine_mutations/mutation_06_parser_accepts_python_tag.py +50 -0
  607. package/.claude/hooks/tests/mutations/engine_mutations/mutation_07_parser_accepts_tab_indent.py +56 -0
  608. package/.claude/hooks/tests/mutations/engine_mutations/mutation_08_compiler_skip_regex_compile.py +45 -0
  609. package/.claude/hooks/tests/mutations/engine_mutations/mutation_09_compiler_regex_pattern_cap_off.py +31 -0
  610. package/.claude/hooks/tests/mutations/engine_mutations/mutation_10_compiler_accept_unknown_form.py +42 -0
  611. package/.claude/hooks/tests/mutations/engine_mutations/mutation_11_compiler_missing_predicate_tolerated.py +79 -0
  612. package/.claude/hooks/tests/mutations/engine_mutations/mutation_12_compiler_duplicate_rule_id_tolerated.py +66 -0
  613. package/.claude/hooks/tests/mutations/engine_mutations/mutation_13_compiler_missing_top_level_key_tolerated.py +46 -0
  614. package/.claude/hooks/tests/mutations/engine_mutations/mutation_14_compiler_schema_version_passthrough.py +43 -0
  615. package/.claude/hooks/tests/mutations/engine_mutations/mutation_15_evaluator_any_empty_returns_true.py +41 -0
  616. package/.claude/hooks/tests/mutations/engine_mutations/mutation_16_evaluator_all_empty_returns_true.py +37 -0
  617. package/.claude/hooks/tests/mutations/engine_mutations/mutation_17_evaluator_not_passthrough.py +37 -0
  618. package/.claude/hooks/tests/mutations/engine_mutations/mutation_18_evaluator_eq_true_on_type_mismatch.py +51 -0
  619. package/.claude/hooks/tests/mutations/engine_mutations/mutation_19_evaluator_regex_match_only.py +43 -0
  620. package/.claude/hooks/tests/mutations/engine_mutations/mutation_20_evaluator_path_under_no_realpath.py +48 -0
  621. package/.claude/hooks/tests/mutations/engine_mutations/mutation_21_evaluator_in_accepts_any.py +37 -0
  622. package/.claude/hooks/tests/mutations/engine_mutations/mutation_22_evaluator_length_off_by_one.py +45 -0
  623. package/.claude/hooks/tests/mutations/engine_mutations/mutation_23_evaluator_first_match_becomes_last.py +66 -0
  624. package/.claude/hooks/tests/mutations/engine_mutations/mutation_24_error_model_wrong_kind_on_parse.py +39 -0
  625. package/.claude/hooks/tests/mutations/engine_mutations/mutation_25_error_model_fail_open_on_load.py +42 -0
  626. package/.claude/hooks/tests/mutations/policy_mutations/__init__.py +16 -0
  627. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_01_remove_credential_leak.py +49 -0
  628. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_02_remove_rm_rf.py +44 -0
  629. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_03_remove_git_reset_hard.py +44 -0
  630. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_04_remove_git_push_force.py +44 -0
  631. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_05_reorder_rules.py +59 -0
  632. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_06_change_reason_enum.py +54 -0
  633. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_07_default_flipped_to_block.py +56 -0
  634. package/.claude/hooks/tests/mutations/policy_mutations/mutation_bash_08_flip_rm_rf_to_allow.py +49 -0
  635. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_01_remove_illegal_transition.py +79 -0
  636. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_02_remove_illegal_status.py +80 -0
  637. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_03_remove_missing_reviewed_at.py +80 -0
  638. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_04_remove_missing_completed_at.py +80 -0
  639. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_05_remove_missing_related_commits.py +79 -0
  640. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_06_remove_missing_abandonment_reason.py +80 -0
  641. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_07_scope_guard_inverted.py +93 -0
  642. package/.claude/hooks/tests/mutations/policy_mutations/mutation_plan_08_default_block.py +90 -0
  643. package/.claude/hooks/tests/probes/test_architect_probe.py +286 -0
  644. package/.claude/hooks/tests/probes/test_canonical_edit_probe.py +190 -0
  645. package/.claude/hooks/tests/probes/test_skill_content_probe.py +219 -0
  646. package/.claude/hooks/tests/test_SessionEnd.py +59 -0
  647. package/.claude/hooks/tests/test_SessionStart.py +42 -0
  648. package/.claude/hooks/tests/test_UserPromptSubmit.py +47 -0
  649. package/.claude/hooks/tests/test_accel_dispatch.py +96 -0
  650. package/.claude/hooks/tests/test_action_required_invariants.py +274 -0
  651. package/.claude/hooks/tests/test_adapter_drift_detector.py +254 -0
  652. package/.claude/hooks/tests/test_adapter_golden.py +198 -0
  653. package/.claude/hooks/tests/test_adequacy_gate.py +86 -0
  654. package/.claude/hooks/tests/test_adr_052_role_to_model_coverage.py +112 -0
  655. package/.claude/hooks/tests/test_adr_058_brainstorm_structure.py +280 -0
  656. package/.claude/hooks/tests/test_adversary_rules_live.py +400 -0
  657. package/.claude/hooks/tests/test_agent_frontmatter.py +377 -0
  658. package/.claude/hooks/tests/test_anti_ceo_overhead.py +591 -0
  659. package/.claude/hooks/tests/test_audit_emit.py +1707 -0
  660. package/.claude/hooks/tests/test_audit_emit_api_contract.py +693 -0
  661. package/.claude/hooks/tests/test_audit_emit_async_flush.py +563 -0
  662. package/.claude/hooks/tests/test_audit_emit_backpressure.py +138 -0
  663. package/.claude/hooks/tests/test_audit_emit_callsite_coverage_matrix.py +101 -0
  664. package/.claude/hooks/tests/test_audit_emit_chain_length.py +357 -0
  665. package/.claude/hooks/tests/test_audit_emit_coverage.py +2679 -0
  666. package/.claude/hooks/tests/test_audit_emit_ghost_action_guard.py +447 -0
  667. package/.claude/hooks/tests/test_audit_emit_plan088_canonical13.py +323 -0
  668. package/.claude/hooks/tests/test_audit_emit_rotation.py +218 -0
  669. package/.claude/hooks/tests/test_audit_emit_veto_v214.py +202 -0
  670. package/.claude/hooks/tests/test_audit_emit_wire_audit.py +699 -0
  671. package/.claude/hooks/tests/test_audit_hmac.py +334 -0
  672. package/.claude/hooks/tests/test_audit_hmac_branch_coverage.py +212 -0
  673. package/.claude/hooks/tests/test_audit_hmac_chain_monotonicity_property.py +136 -0
  674. package/.claude/hooks/tests/test_audit_hmac_coverage_v214.py +358 -0
  675. package/.claude/hooks/tests/test_audit_hmac_hardening.py +302 -0
  676. package/.claude/hooks/tests/test_audit_hmac_rotation_scenarios.py +231 -0
  677. package/.claude/hooks/tests/test_audit_hmac_verify_chain.py +443 -0
  678. package/.claude/hooks/tests/test_audit_log.py +280 -0
  679. package/.claude/hooks/tests/test_audit_log_coverage.py +173 -0
  680. package/.claude/hooks/tests/test_audit_log_path_d.py +516 -0
  681. package/.claude/hooks/tests/test_audit_log_phase1.py +358 -0
  682. package/.claude/hooks/tests/test_audit_log_schema_consistency.py +97 -0
  683. package/.claude/hooks/tests/test_audit_log_security.py +289 -0
  684. package/.claude/hooks/tests/test_audit_log_tokens.py +92 -0
  685. package/.claude/hooks/tests/test_audit_log_v2_7.py +378 -0
  686. package/.claude/hooks/tests/test_audit_log_v2_8_model.py +201 -0
  687. package/.claude/hooks/tests/test_audit_rotation.py +158 -0
  688. package/.claude/hooks/tests/test_audit_stream_verbose_protection.py +86 -0
  689. package/.claude/hooks/tests/test_audit_tokens_content_ban.py +512 -0
  690. package/.claude/hooks/tests/test_auto_boot.py +28 -0
  691. package/.claude/hooks/tests/test_available_models_mirror.py +226 -0
  692. package/.claude/hooks/tests/test_bash_canonical_forensic.py +74 -0
  693. package/.claude/hooks/tests/test_bash_canonical_interceptor.py +79 -0
  694. package/.claude/hooks/tests/test_brotli_passthrough.py +145 -0
  695. package/.claude/hooks/tests/test_byte_identity_fuzzer.py +185 -0
  696. package/.claude/hooks/tests/test_byte_identity_harness.py +953 -0
  697. package/.claude/hooks/tests/test_canonical_guard_typed_exceptions.py +117 -0
  698. package/.claude/hooks/tests/test_canonical_json.py +153 -0
  699. package/.claude/hooks/tests/test_chain_invariants_property.py +132 -0
  700. package/.claude/hooks/tests/test_check_adversary_live.py +149 -0
  701. package/.claude/hooks/tests/test_check_agent_spawn.py +1084 -0
  702. package/.claude/hooks/tests/test_check_agent_spawn_coverage.py +277 -0
  703. package/.claude/hooks/tests/test_check_agent_spawn_effort_token.py +74 -0
  704. package/.claude/hooks/tests/test_check_agent_spawn_import_isolation.py +82 -0
  705. package/.claude/hooks/tests/test_check_agent_spawn_model_routing_mode.py +245 -0
  706. package/.claude/hooks/tests/test_check_agent_spawn_reference_bypass.py +385 -0
  707. package/.claude/hooks/tests/test_check_agent_spawn_routing_promotion.py +302 -0
  708. package/.claude/hooks/tests/test_check_agent_spawn_skill_reference.py +336 -0
  709. package/.claude/hooks/tests/test_check_arbitration_kernel.py +472 -0
  710. package/.claude/hooks/tests/test_check_arbitration_kernel_v214.py +157 -0
  711. package/.claude/hooks/tests/test_check_bash_safety.py +546 -0
  712. package/.claude/hooks/tests/test_check_bash_safety_canonical_matrix.py +336 -0
  713. package/.claude/hooks/tests/test_check_bash_safety_cp_chaining.py +120 -0
  714. package/.claude/hooks/tests/test_check_bash_safety_h5_rewrite.py +462 -0
  715. package/.claude/hooks/tests/test_check_budget.py +580 -0
  716. package/.claude/hooks/tests/test_check_budget_max_tokens.py +397 -0
  717. package/.claude/hooks/tests/test_check_budget_quota_hint.py +115 -0
  718. package/.claude/hooks/tests/test_check_canonical_edit.py +302 -0
  719. package/.claude/hooks/tests/test_check_canonical_edit_coverage.py +370 -0
  720. package/.claude/hooks/tests/test_check_canonical_edit_kernel_v2.py +401 -0
  721. package/.claude/hooks/tests/test_check_canonical_edit_markers.py +473 -0
  722. package/.claude/hooks/tests/test_check_canonical_edit_mcp.py +401 -0
  723. package/.claude/hooks/tests/test_check_canonical_edit_session67_format.py +245 -0
  724. package/.claude/hooks/tests/test_check_codex_filewrite.py +964 -0
  725. package/.claude/hooks/tests/test_check_codex_response.py +419 -0
  726. package/.claude/hooks/tests/test_check_compaction_continuity.py +450 -0
  727. package/.claude/hooks/tests/test_check_confidence_gate.py +326 -0
  728. package/.claude/hooks/tests/test_check_config_change.py +369 -0
  729. package/.claude/hooks/tests/test_check_config_protection.py +364 -0
  730. package/.claude/hooks/tests/test_check_fluency_nudge.py +321 -0
  731. package/.claude/hooks/tests/test_check_mcp_response.py +261 -0
  732. package/.claude/hooks/tests/test_check_output_safety.py +314 -0
  733. package/.claude/hooks/tests/test_check_output_secrets.py +488 -0
  734. package/.claude/hooks/tests/test_check_output_secrets_coverage.py +321 -0
  735. package/.claude/hooks/tests/test_check_pair_rail.py +897 -0
  736. package/.claude/hooks/tests/test_check_pair_rail_decide_canonical.py +297 -0
  737. package/.claude/hooks/tests/test_check_pair_rail_golden.py +362 -0
  738. package/.claude/hooks/tests/test_check_pair_rail_hook_integration.py +120 -0
  739. package/.claude/hooks/tests/test_check_pair_rail_matrix.py +1077 -0
  740. package/.claude/hooks/tests/test_check_plan_edit.py +679 -0
  741. package/.claude/hooks/tests/test_check_plan_edit_stranded.py +310 -0
  742. package/.claude/hooks/tests/test_check_protocol_semver_cascade.py +141 -0
  743. package/.claude/hooks/tests/test_check_protocol_semver_cascade_settings_wired.py +297 -0
  744. package/.claude/hooks/tests/test_check_protocol_semver_cascade_synccascade.py +365 -0
  745. package/.claude/hooks/tests/test_check_read_injection.py +143 -0
  746. package/.claude/hooks/tests/test_check_read_injection_coverage.py +237 -0
  747. package/.claude/hooks/tests/test_check_read_injection_pathbound.py +153 -0
  748. package/.claude/hooks/tests/test_check_scratchpad_access.py +244 -0
  749. package/.claude/hooks/tests/test_check_skill_bootstrap_post.py +256 -0
  750. package/.claude/hooks/tests/test_check_skill_patch_sentinel.py +439 -0
  751. package/.claude/hooks/tests/test_check_skill_reference_read.py +170 -0
  752. package/.claude/hooks/tests/test_check_skill_reference_read_v2.py +388 -0
  753. package/.claude/hooks/tests/test_check_subagent_fabrication.py +54 -0
  754. package/.claude/hooks/tests/test_check_subagent_start.py +505 -0
  755. package/.claude/hooks/tests/test_check_tier_policy.py +48 -0
  756. package/.claude/hooks/tests/test_check_tier_policy_misrouting_24h.py +294 -0
  757. package/.claude/hooks/tests/test_check_webfetch_injection.py +49 -0
  758. package/.claude/hooks/tests/test_claim_producer_pair_end_to_end_loop_perf.py +227 -0
  759. package/.claude/hooks/tests/test_claude_adapter_thinking.py +731 -0
  760. package/.claude/hooks/tests/test_claude_batch_adapter.py +672 -0
  761. package/.claude/hooks/tests/test_closeout_guard.py +184 -0
  762. package/.claude/hooks/tests/test_codex_adapter.py +777 -0
  763. package/.claude/hooks/tests/test_codex_cli_shape.py +217 -0
  764. package/.claude/hooks/tests/test_codex_egress_proof_telemetry.py +214 -0
  765. package/.claude/hooks/tests/test_codex_egress_redact.py +342 -0
  766. package/.claude/hooks/tests/test_codex_egress_redact_outgoing.py +236 -0
  767. package/.claude/hooks/tests/test_codex_reply_multi_turn.py +72 -0
  768. package/.claude/hooks/tests/test_codex_review_user_code.py +44 -0
  769. package/.claude/hooks/tests/test_codex_strict_json.py +123 -0
  770. package/.claude/hooks/tests/test_confidence_gate_producer_pair.py +522 -0
  771. package/.claude/hooks/tests/test_confidence_labels.py +362 -0
  772. package/.claude/hooks/tests/test_contract.py +237 -0
  773. package/.claude/hooks/tests/test_cookbook_advisor_hook.py +208 -0
  774. package/.claude/hooks/tests/test_credentials.py +195 -0
  775. package/.claude/hooks/tests/test_detect_repo_profile_branches.py +116 -0
  776. package/.claude/hooks/tests/test_e2e_hook_chain.py +184 -0
  777. package/.claude/hooks/tests/test_effective_config.py +648 -0
  778. package/.claude/hooks/tests/test_emit_architect_outcome.py +175 -0
  779. package/.claude/hooks/tests/test_env_persist_allowlist.py +365 -0
  780. package/.claude/hooks/tests/test_escalation_signals.py +357 -0
  781. package/.claude/hooks/tests/test_estimation_bayesian_pipeline.py +140 -0
  782. package/.claude/hooks/tests/test_execution_context_deferral.py +222 -0
  783. package/.claude/hooks/tests/test_fail_open_contract.py +118 -0
  784. package/.claude/hooks/tests/test_file_walker.py +332 -0
  785. package/.claude/hooks/tests/test_filelock.py +131 -0
  786. package/.claude/hooks/tests/test_filelock_contract.py +172 -0
  787. package/.claude/hooks/tests/test_find_sentinels_pattern_matrix.py +114 -0
  788. package/.claude/hooks/tests/test_flip_closures.py +219 -0
  789. package/.claude/hooks/tests/test_frontmatter.py +139 -0
  790. package/.claude/hooks/tests/test_git_bypass_guard.py +1095 -0
  791. package/.claude/hooks/tests/test_gpg_verify.py +578 -0
  792. package/.claude/hooks/tests/test_hook_byte_fidelity.py +113 -0
  793. package/.claude/hooks/tests/test_hook_latency.py +245 -0
  794. package/.claude/hooks/tests/test_hook_latency_import.py +178 -0
  795. package/.claude/hooks/tests/test_injection_patterns.py +276 -0
  796. package/.claude/hooks/tests/test_injection_patterns_bypass.py +276 -0
  797. package/.claude/hooks/tests/test_injection_salt.py +191 -0
  798. package/.claude/hooks/tests/test_kernel_subsumes_security_critical_lib.py +88 -0
  799. package/.claude/hooks/tests/test_kill_switch_godmode_enforcing.py +101 -0
  800. package/.claude/hooks/tests/test_latency_report.py +28 -0
  801. package/.claude/hooks/tests/test_lib_canonical_import.py +355 -0
  802. package/.claude/hooks/tests/test_lifecycle_edge_cases.py +565 -0
  803. package/.claude/hooks/tests/test_live_adapters.py +463 -0
  804. package/.claude/hooks/tests/test_live_audit_isolation.py +357 -0
  805. package/.claude/hooks/tests/test_mcp_bearer_friction_buffer.py +276 -0
  806. package/.claude/hooks/tests/test_mcp_bearer_friction_emit.py +117 -0
  807. package/.claude/hooks/tests/test_mcp_canonical_guard.py +1989 -0
  808. package/.claude/hooks/tests/test_mcp_injection_repro_harness.py +437 -0
  809. package/.claude/hooks/tests/test_mcp_injection_scan.py +228 -0
  810. package/.claude/hooks/tests/test_mcp_routing_resolve.py +246 -0
  811. package/.claude/hooks/tests/test_memory_shared.py +412 -0
  812. package/.claude/hooks/tests/test_metrics.py +115 -0
  813. package/.claude/hooks/tests/test_migrated_hooks_fixtures.py +121 -0
  814. package/.claude/hooks/tests/test_model_routing.py +175 -0
  815. package/.claude/hooks/tests/test_model_routing_resolve.py +97 -0
  816. package/.claude/hooks/tests/test_model_routing_resolve_full.py +318 -0
  817. package/.claude/hooks/tests/test_otel_bounded_exporter.py +521 -0
  818. package/.claude/hooks/tests/test_otel_emit.py +243 -0
  819. package/.claude/hooks/tests/test_otel_queue.py +334 -0
  820. package/.claude/hooks/tests/test_otel_wire_defaultoff.py +392 -0
  821. package/.claude/hooks/tests/test_output_scan.py +1119 -0
  822. package/.claude/hooks/tests/test_output_scan_dedup.py +329 -0
  823. package/.claude/hooks/tests/test_output_scan_fixtures.py +136 -0
  824. package/.claude/hooks/tests/test_pair_rail_decide.py +141 -0
  825. package/.claude/hooks/tests/test_payload.py +89 -0
  826. package/.claude/hooks/tests/test_persona_coverage_wire.py +376 -0
  827. package/.claude/hooks/tests/test_persona_routing_enforcing.py +119 -0
  828. package/.claude/hooks/tests/test_phase_c_advisory_audit.py +75 -0
  829. package/.claude/hooks/tests/test_pii_patterns.py +558 -0
  830. package/.claude/hooks/tests/test_plan114_wires.py +468 -0
  831. package/.claude/hooks/tests/test_plan128_emit_wiring.py +74 -0
  832. package/.claude/hooks/tests/test_plan132_codex_review_observe.py +99 -0
  833. package/.claude/hooks/tests/test_plan133_a1_env_guard.py +221 -0
  834. package/.claude/hooks/tests/test_plan133_a2_canonical_skill_unicode.py +359 -0
  835. package/.claude/hooks/tests/test_plan133_a2_invisible_unicode.py +239 -0
  836. package/.claude/hooks/tests/test_plan133_a3_egress_taxonomy.py +221 -0
  837. package/.claude/hooks/tests/test_plan133_e1_adversary.py +360 -0
  838. package/.claude/hooks/tests/test_plan_085_wave_c_callsites_preserved.py +147 -0
  839. package/.claude/hooks/tests/test_plan_091_expected_callsites.py +206 -0
  840. package/.claude/hooks/tests/test_plan_frontmatter.py +217 -0
  841. package/.claude/hooks/tests/test_policy_coverage_residual_session73.py +597 -0
  842. package/.claude/hooks/tests/test_policy_coverage_v214.py +1099 -0
  843. package/.claude/hooks/tests/test_policy_dispatch.py +454 -0
  844. package/.claude/hooks/tests/test_policy_engine.py +791 -0
  845. package/.claude/hooks/tests/test_policy_fuzz_bomb.py +356 -0
  846. package/.claude/hooks/tests/test_policy_golden_error_kinds.py +287 -0
  847. package/.claude/hooks/tests/test_policy_mutations.py +359 -0
  848. package/.claude/hooks/tests/test_policy_preprocessors.py +514 -0
  849. package/.claude/hooks/tests/test_policy_redos_guards.py +393 -0
  850. package/.claude/hooks/tests/test_rag_bridge.py +675 -0
  851. package/.claude/hooks/tests/test_rag_events.py +202 -0
  852. package/.claude/hooks/tests/test_red_team_fixtures.py +427 -0
  853. package/.claude/hooks/tests/test_redact.py +506 -0
  854. package/.claude/hooks/tests/test_redact_redos.py +254 -0
  855. package/.claude/hooks/tests/test_redact_secrets_parity.py +334 -0
  856. package/.claude/hooks/tests/test_replay_determinism.py +263 -0
  857. package/.claude/hooks/tests/test_review_loop.py +28 -0
  858. package/.claude/hooks/tests/test_review_loop_wiring.py +206 -0
  859. package/.claude/hooks/tests/test_route.py +36 -0
  860. package/.claude/hooks/tests/test_rubric_catalogue.py +359 -0
  861. package/.claude/hooks/tests/test_scratchpad_lib.py +259 -0
  862. package/.claude/hooks/tests/test_secret_patterns.py +680 -0
  863. package/.claude/hooks/tests/test_secret_patterns_provenance.py +82 -0
  864. package/.claude/hooks/tests/test_sentinel_session_cache.py +324 -0
  865. package/.claude/hooks/tests/test_sentinel_session_cache_tier1.py +205 -0
  866. package/.claude/hooks/tests/test_sentinel_signers.py +641 -0
  867. package/.claude/hooks/tests/test_session_75_kernel_findings.py +180 -0
  868. package/.claude/hooks/tests/test_session_76_audit_v3_findings.py +493 -0
  869. package/.claude/hooks/tests/test_session_77_audit_v3_backlog_findings.py +644 -0
  870. package/.claude/hooks/tests/test_session_77_round_2_findings.py +135 -0
  871. package/.claude/hooks/tests/test_session_77_round_3_findings.py +159 -0
  872. package/.claude/hooks/tests/test_session_77_round_4_findings.py +120 -0
  873. package/.claude/hooks/tests/test_session_end.py +113 -0
  874. package/.claude/hooks/tests/test_session_start.py +293 -0
  875. package/.claude/hooks/tests/test_skill_unknown_ratio_path_d.py +249 -0
  876. package/.claude/hooks/tests/test_smart_loading_resolver_caching.py +140 -0
  877. package/.claude/hooks/tests/test_spec_context_sanitizer.py +179 -0
  878. package/.claude/hooks/tests/test_spool_drain_contended_skip.py +249 -0
  879. package/.claude/hooks/tests/test_spool_drain_rotation_property_b.py +227 -0
  880. package/.claude/hooks/tests/test_spool_drain_rotation_race.py +395 -0
  881. package/.claude/hooks/tests/test_spool_writer_cache.py +463 -0
  882. package/.claude/hooks/tests/test_state_store.py +302 -0
  883. package/.claude/hooks/tests/test_stop.py +133 -0
  884. package/.claude/hooks/tests/test_streaming_rate_cap.py +108 -0
  885. package/.claude/hooks/tests/test_subagent_dispatch.py +248 -0
  886. package/.claude/hooks/tests/test_subagent_model_override_removed.py +108 -0
  887. package/.claude/hooks/tests/test_team.py +95 -0
  888. package/.claude/hooks/tests/test_template_dogfood_parity.py +106 -0
  889. package/.claude/hooks/tests/test_terminal_compress.py +135 -0
  890. package/.claude/hooks/tests/test_test_env_context_agent_binding.py +140 -0
  891. package/.claude/hooks/tests/test_testing_helper.py +53 -0
  892. package/.claude/hooks/tests/test_thinking_budget_command.py +229 -0
  893. package/.claude/hooks/tests/test_tier_policy_agent_frontmatter.py +421 -0
  894. package/.claude/hooks/tests/test_tier_policy_agent_frontmatter_disposition.py +175 -0
  895. package/.claude/hooks/tests/test_tier_policy_constants.py +336 -0
  896. package/.claude/hooks/tests/test_tier_policy_loader.py +544 -0
  897. package/.claude/hooks/tests/test_tier_policy_loader_fallback_observed.py +169 -0
  898. package/.claude/hooks/tests/test_tier_policy_types.py +270 -0
  899. package/.claude/hooks/tests/test_tokens_lib.py +118 -0
  900. package/.claude/hooks/tests/test_tool_lifecycle.py +598 -0
  901. package/.claude/hooks/tests/test_tool_lifecycle_perf.py +110 -0
  902. package/.claude/hooks/tests/test_turbo_profile.py +28 -0
  903. package/.claude/hooks/tests/test_turbo_sessionstart.py +79 -0
  904. package/.claude/hooks/tests/test_two_writer_chain.py +175 -0
  905. package/.claude/hooks/tests/test_upgrade_retry.py +346 -0
  906. package/.claude/hooks/tests/test_user_prompt_submit.py +254 -0
  907. package/.claude/hooks/tests/test_user_prompt_submit_salt.py +204 -0
  908. package/.claude/hooks/tests/test_verify_after_edit.py +100 -0
  909. package/.claude/hooks/tests/test_veto_floor_bijection.py +174 -0
  910. package/.claude/hooks/tests/test_w5_cookbook_remediation.py +712 -0
  911. package/.claude/hooks/tests/test_w5_scrub_enforcement.py +371 -0
  912. package/.claude/hooks/tests/test_webfetch_injection.py +280 -0
  913. package/.claude/hooks/tests/test_wiredeadmod_estimation_wiring.py +283 -0
  914. package/.claude/hooks/tests/test_wiredeadmod_spawn_wiring.py +303 -0
  915. package/.claude/hooks/tests/test_worktree_writer.py +509 -0
  916. package/.claude/hooks/turbo_profile.py +554 -0
  917. package/.claude/hooks/turbo_sessionstart.py +472 -0
  918. package/.claude/hooks/verify_after_edit.py +281 -0
  919. package/.claude/pitfalls-catalog.yaml +150 -0
  920. package/.claude/plans/AUDIT-LOG-SCHEMA.md +548 -0
  921. package/.claude/plans/DEBATE-SCHEMA.md +539 -0
  922. package/.claude/plans/PLAN-128/AB-PROTOCOL.md +121 -0
  923. package/.claude/plans/PLAN-128/measure-state.sh +101 -0
  924. package/.claude/plans/PLAN-139-canonical-invariants-and-debt-ledger.md +253 -0
  925. package/.claude/plans/PLAN-140/architect/round-1/approved.md +40 -0
  926. package/.claude/plans/PLAN-140-compaction-hook-origin-dropfix.md +95 -0
  927. package/.claude/plans/PLAN-141/architect/round-1/approved.md +28 -0
  928. package/.claude/plans/PLAN-141-mcp-smoke-staging-ruff-tolerance.md +72 -0
  929. package/.claude/plans/PLAN-142/architect/round-1/anonymization-map.md +11 -0
  930. package/.claude/plans/PLAN-142/architect/round-1/consensus.md +95 -0
  931. package/.claude/plans/PLAN-142/architect/round-1/devops-engineer.md +57 -0
  932. package/.claude/plans/PLAN-142/architect/round-1/proposal.md +57 -0
  933. package/.claude/plans/PLAN-142/architect/round-1/security-engineer.md +55 -0
  934. package/.claude/plans/PLAN-142/architect/round-1/vp-engineering.md +58 -0
  935. package/.claude/plans/PLAN-142/architect/round-2/anonymization-map.md +11 -0
  936. package/.claude/plans/PLAN-142/architect/round-2/approved.md +65 -0
  937. package/.claude/plans/PLAN-142/architect/round-2/consensus.md +78 -0
  938. package/.claude/plans/PLAN-142/architect/round-2/devops-engineer.md +58 -0
  939. package/.claude/plans/PLAN-142/architect/round-2/security-engineer.md +56 -0
  940. package/.claude/plans/PLAN-142/architect/round-2/vp-engineering.md +54 -0
  941. package/.claude/plans/PLAN-142/staging/EXECUTION-RUNBOOK.md +74 -0
  942. package/.claude/plans/PLAN-142/staging/STAGING-NOTES.md +63 -0
  943. package/.claude/plans/PLAN-142/staging/check_pair_rail__invoke_and_consume.py.txt +644 -0
  944. package/.claude/plans/PLAN-142/staging/codex_adapter_parsers.py.txt +677 -0
  945. package/.claude/plans/PLAN-142/staging/codex_cli_shape.py +433 -0
  946. package/.claude/plans/PLAN-142-codex-cli-0139-adapter-migration.md +224 -0
  947. package/.claude/plans/PLAN-143/architect/round-1/anonymization-map.md +22 -0
  948. package/.claude/plans/PLAN-143/architect/round-1/consensus.md +108 -0
  949. package/.claude/plans/PLAN-143/architect/round-1/devops-engineer.md +228 -0
  950. package/.claude/plans/PLAN-143/architect/round-1/proposal.md +48 -0
  951. package/.claude/plans/PLAN-143/architect/round-1/security-engineer.md +224 -0
  952. package/.claude/plans/PLAN-143/architect/round-1/vp-engineering.md +166 -0
  953. package/.claude/plans/PLAN-143/patches/PLAN143-item1-env-inventory.NOTE.md +106 -0
  954. package/.claude/plans/PLAN-143/patches/PLAN143-item2-spool-writer-rotate-guard.patch +41 -0
  955. package/.claude/plans/PLAN-143/patches/PLAN143-item3-audit-emit-exit-code.patch +32 -0
  956. package/.claude/plans/PLAN-143-repo-hygiene-debt.md +201 -0
  957. package/.claude/plans/PLAN-SCHEMA.md +870 -0
  958. package/.claude/plans/README.md +208 -0
  959. package/.claude/plans/examples/debate-round-1/consensus.md +166 -0
  960. package/.claude/plans/examples/debate-round-1/devops-engineer.md +133 -0
  961. package/.claude/plans/examples/debate-round-1/proposal.md +66 -0
  962. package/.claude/plans/examples/debate-round-1/security-engineer.md +109 -0
  963. package/.claude/plans/examples/debate-round-1/vp-engineering.md +110 -0
  964. package/.claude/policies/.drift-manifest.json +16 -0
  965. package/.claude/policies/bash-safety.policy.yaml +37 -0
  966. package/.claude/policies/fixtures/.gitkeep +0 -0
  967. package/.claude/policies/fixtures/bash-safety.fixtures.jsonl +46 -0
  968. package/.claude/policies/fixtures/plan-edit.fixtures.jsonl +36 -0
  969. package/.claude/policies/grandfather-cap.policy.yaml +85 -0
  970. package/.claude/policies/plan-edit.policy.yaml +152 -0
  971. package/.claude/policies/rubric-violation-catalogue.yaml +187 -0
  972. package/.claude/policies/schemas/repo-profile-skill-binding.schema.json +126 -0
  973. package/.claude/policies/schemas/repo-profile.schema.json +83 -0
  974. package/.claude/policies/schemas/squad-bundle-frontmatter.schema.json +152 -0
  975. package/.claude/policies/secret-patterns-exchange.yaml +368 -0
  976. package/.claude/policies/smart-loading-cap-table.yaml +34 -0
  977. package/.claude/proposals/.gitkeep +0 -0
  978. package/.claude/proposals/README.md +42 -0
  979. package/.claude/proposals/SP-001-code-review-checklist-2026-04-20.md +65 -0
  980. package/.claude/proposals/SP-001-code-review-checklist-2026-04-20.md.asc +8 -0
  981. package/.claude/proposals/SP-002-security-and-auth-2026-04-20.md +74 -0
  982. package/.claude/proposals/SP-002-security-and-auth-2026-04-20.md.asc +8 -0
  983. package/.claude/proposals/SP-003-design-system-and-components-2026-04-20.md +67 -0
  984. package/.claude/proposals/SP-003-design-system-and-components-2026-04-20.md.asc +8 -0
  985. package/.claude/proposals/SP-004-accessibility-and-wcag-2026-04-20.md +68 -0
  986. package/.claude/proposals/SP-004-accessibility-and-wcag-2026-04-20.md.asc +8 -0
  987. package/.claude/proposals/SP-005-ux-and-user-journeys-2026-04-20.md +63 -0
  988. package/.claude/proposals/SP-005-ux-and-user-journeys-2026-04-20.md.asc +8 -0
  989. package/.claude/proposals/SP-006-chaos-and-resilience-2026-04-20.md +79 -0
  990. package/.claude/proposals/SP-006-chaos-and-resilience-2026-04-20.md.asc +8 -0
  991. package/.claude/proposals/SP-007-ai-llm-orchestration-2026-04-20.md +76 -0
  992. package/.claude/proposals/SP-007-ai-llm-orchestration-2026-04-20.md.asc +8 -0
  993. package/.claude/proposals/SP-008-performance-engineering-2026-04-20.md +82 -0
  994. package/.claude/proposals/SP-008-performance-engineering-2026-04-20.md.asc +8 -0
  995. package/.claude/proposals/SP-009-code-review-checklist-2026-04-20.md +76 -0
  996. package/.claude/proposals/SP-009-code-review-checklist-2026-04-20.md.asc +8 -0
  997. package/.claude/proposals/SP-010-accessibility-and-wcag-adopter-note-2026-04-20.md +77 -0
  998. package/.claude/proposals/SP-010-accessibility-and-wcag-adopter-note-2026-04-20.md.asc +8 -0
  999. package/.claude/proposals/SP-011-design-system-and-components-adopter-note-2026-04-20.md +79 -0
  1000. package/.claude/proposals/SP-011-design-system-and-components-adopter-note-2026-04-20.md.asc +8 -0
  1001. package/.claude/proposals/SP-012-ux-and-user-journeys-adopter-note-2026-04-20.md +83 -0
  1002. package/.claude/proposals/SP-012-ux-and-user-journeys-adopter-note-2026-04-20.md.asc +8 -0
  1003. package/.claude/proposals/SP-013-frontend-performance-optimization-2026-04-20.md +82 -0
  1004. package/.claude/proposals/SP-013-frontend-performance-optimization-2026-04-20.md.asc +8 -0
  1005. package/.claude/proposals/SP-014-observability-and-ops-2026-04-20.md +80 -0
  1006. package/.claude/proposals/SP-014-observability-and-ops-2026-04-20.md.asc +8 -0
  1007. package/.claude/proposals/SP-015-testing-strategy-2026-04-20.md +87 -0
  1008. package/.claude/proposals/SP-015-testing-strategy-2026-04-20.md.asc +8 -0
  1009. package/.claude/proposals/SP-016-code-review-checklist-fluency-rubric-2026-04-28.md +111 -0
  1010. package/.claude/proposals/SP-016-code-review-checklist-fluency-rubric-2026-04-28.md.asc +8 -0
  1011. package/.claude/proposals/SP-017-chaos-and-resilience-adopter-note-2026-04-28.md +87 -0
  1012. package/.claude/proposals/SP-017-chaos-and-resilience-adopter-note-2026-04-28.md.asc +8 -0
  1013. package/.claude/proposals/SP-018-ceo-orchestration-inventory-regen-2026-04-21.md +64 -0
  1014. package/.claude/proposals/SP-018-ceo-orchestration-inventory-regen-2026-04-21.md.asc +8 -0
  1015. package/.claude/proposals/SP-019-terse-mode-2026-04-21.md +107 -0
  1016. package/.claude/proposals/SP-019-terse-mode-2026-04-21.md.asc +8 -0
  1017. package/.claude/proposals/SP-020-ceo-orchestration-audit-tokens-2026-04-21.md +74 -0
  1018. package/.claude/proposals/SP-020-ceo-orchestration-audit-tokens-2026-04-21.md.asc +8 -0
  1019. package/.claude/proposals/SP-021-ceo-orchestration-autonomous-loop-2026-04-21.md +71 -0
  1020. package/.claude/proposals/SP-021-ceo-orchestration-autonomous-loop-2026-04-21.md.asc +8 -0
  1021. package/.claude/rag/_index_core.py +344 -0
  1022. package/.claude/rag/indexignore +101 -0
  1023. package/.claude/rag/install-sidecar.sh +275 -0
  1024. package/.claude/rag/models.manifest.json +19 -0
  1025. package/.claude/rag/requirements.lock +40 -0
  1026. package/.claude/rag/sidecar-config.template.json +53 -0
  1027. package/.claude/rag/tests/test_index_core.py +262 -0
  1028. package/.claude/rag/tests/test_install_sidecar.sh +132 -0
  1029. package/.claude/scripts/.known_actions_floor.lock +0 -0
  1030. package/.claude/scripts/admin-invite.py +199 -0
  1031. package/.claude/scripts/adopter-metrics.py +712 -0
  1032. package/.claude/scripts/aek-calibration-c2.py +253 -0
  1033. package/.claude/scripts/aek-calibration-c3.py +382 -0
  1034. package/.claude/scripts/aggregate-changesets.py +350 -0
  1035. package/.claude/scripts/architect-bundle-validate.py +227 -0
  1036. package/.claude/scripts/audit-dashboard.py +1320 -0
  1037. package/.claude/scripts/audit-log-labels.jsonl +0 -0
  1038. package/.claude/scripts/audit-log-retain.py +404 -0
  1039. package/.claude/scripts/audit-query.py +3333 -0
  1040. package/.claude/scripts/audit-telemetry.py +337 -0
  1041. package/.claude/scripts/audit-tokens.py +502 -0
  1042. package/.claude/scripts/audit-verify-chain.py +537 -0
  1043. package/.claude/scripts/backup-audit.py +247 -0
  1044. package/.claude/scripts/benchmark/plan-071-import-floor/README.md +194 -0
  1045. package/.claude/scripts/benchmark/plan-071-import-floor/fixtures/baseline.json +1 -0
  1046. package/.claude/scripts/benchmark/plan-071-import-floor/fixtures/expected_quantiles.json +11 -0
  1047. package/.claude/scripts/benchmark/plan-071-import-floor/import_floor_bench.py +791 -0
  1048. package/.claude/scripts/benchmark/plan-071-import-floor/run_bench.sh +180 -0
  1049. package/.claude/scripts/benchmark-fallback-scorer.py +254 -0
  1050. package/.claude/scripts/benchmark-judge.py +621 -0
  1051. package/.claude/scripts/budget-summary.py +946 -0
  1052. package/.claude/scripts/build-canonical-models.py +645 -0
  1053. package/.claude/scripts/calibration-kappa.py +262 -0
  1054. package/.claude/scripts/cc-analytics-pull.py +393 -0
  1055. package/.claude/scripts/ceo-backup.sh +307 -0
  1056. package/.claude/scripts/ceo-boot.py +3017 -0
  1057. package/.claude/scripts/ceo-cost.py +1116 -0
  1058. package/.claude/scripts/ceo-diagnose.py +486 -0
  1059. package/.claude/scripts/ceo-escalation-detector.py +743 -0
  1060. package/.claude/scripts/ceo-health.py +584 -0
  1061. package/.claude/scripts/ceo-info.py +1001 -0
  1062. package/.claude/scripts/ceo-restore.sh +215 -0
  1063. package/.claude/scripts/chaos-inject.py +439 -0
  1064. package/.claude/scripts/check-action-sha-drift.py +275 -0
  1065. package/.claude/scripts/check-active-hooks-executable.py +119 -0
  1066. package/.claude/scripts/check-adr-chain.py +617 -0
  1067. package/.claude/scripts/check-audit-action-name-convention.py +221 -0
  1068. package/.claude/scripts/check-audit-hmac-null.py +253 -0
  1069. package/.claude/scripts/check-audit-read-api-stable.py +239 -0
  1070. package/.claude/scripts/check-audit-registry-coverage.py +999 -0
  1071. package/.claude/scripts/check-auto-activation-flags.py +180 -0
  1072. package/.claude/scripts/check-canonical-doc-freshness.py +222 -0
  1073. package/.claude/scripts/check-claude-md-claims.py +346 -0
  1074. package/.claude/scripts/check-confidence-gate-drift.py +295 -0
  1075. package/.claude/scripts/check-conformance-harness-mapping.py +503 -0
  1076. package/.claude/scripts/check-contamination.sh +25 -0
  1077. package/.claude/scripts/check-creative-rewrite.py +596 -0
  1078. package/.claude/scripts/check-debate-round-lifecycle.py +185 -0
  1079. package/.claude/scripts/check-debt-ledger.py +305 -0
  1080. package/.claude/scripts/check-docs-drift.py +259 -0
  1081. package/.claude/scripts/check-docs-freshness.py +487 -0
  1082. package/.claude/scripts/check-flip-criteria-drift.py +426 -0
  1083. package/.claude/scripts/check-flip-release-gate-consistency.py +134 -0
  1084. package/.claude/scripts/check-framework-updates.sh +239 -0
  1085. package/.claude/scripts/check-function-length.py +426 -0
  1086. package/.claude/scripts/check-model-deprecations.py +377 -0
  1087. package/.claude/scripts/check-originator-residue.py +248 -0
  1088. package/.claude/scripts/check-pitfall-regression.sh +153 -0
  1089. package/.claude/scripts/check-policy-drift.py +74 -0
  1090. package/.claude/scripts/check-roadmap-binding.py +170 -0
  1091. package/.claude/scripts/check-rule-invariants.py +385 -0
  1092. package/.claude/scripts/check-sdk-compat.sh +76 -0
  1093. package/.claude/scripts/check-secret-pattern-coverage.py +175 -0
  1094. package/.claude/scripts/check-sidecar-manifest.py +493 -0
  1095. package/.claude/scripts/check-skill-activation-mode.py +41 -0
  1096. package/.claude/scripts/check-skill-health.sh +179 -0
  1097. package/.claude/scripts/check-spec-drift.py +147 -0
  1098. package/.claude/scripts/check-staleness.py +506 -0
  1099. package/.claude/scripts/check-stdlib-only.py +373 -0
  1100. package/.claude/scripts/check-substrate-watch.py +285 -0
  1101. package/.claude/scripts/check-swarm-harness-mapping.py +380 -0
  1102. package/.claude/scripts/check-test-audit-isolation.py +622 -0
  1103. package/.claude/scripts/check-test-env-hygiene.py +509 -0
  1104. package/.claude/scripts/check-threat-model-freshness.py +313 -0
  1105. package/.claude/scripts/check-tier-boundaries.py +233 -0
  1106. package/.claude/scripts/check-tla-schema-drift.py +272 -0
  1107. package/.claude/scripts/check_atlas_fpr.py +595 -0
  1108. package/.claude/scripts/check_contamination.py +337 -0
  1109. package/.claude/scripts/check_known_actions_floor.py +155 -0
  1110. package/.claude/scripts/check_threat_model_coverage.py +214 -0
  1111. package/.claude/scripts/check_translations_drift.py +199 -0
  1112. package/.claude/scripts/codex_invoke.py +436 -0
  1113. package/.claude/scripts/compare-adopters.py +549 -0
  1114. package/.claude/scripts/confidence-gate-backfill.py +261 -0
  1115. package/.claude/scripts/confidence_gate.py +736 -0
  1116. package/.claude/scripts/context-budget.py +1887 -0
  1117. package/.claude/scripts/contextual-recommender.py +815 -0
  1118. package/.claude/scripts/cost-table.yaml +99 -0
  1119. package/.claude/scripts/debate-converge.py +335 -0
  1120. package/.claude/scripts/debate-emit.py +132 -0
  1121. package/.claude/scripts/debate-orchestrate.py +972 -0
  1122. package/.claude/scripts/detect-repo-profile.py +1280 -0
  1123. package/.claude/scripts/detectors/__init__.py +19 -0
  1124. package/.claude/scripts/detectors/looping.py +127 -0
  1125. package/.claude/scripts/detectors/overpowered.py +96 -0
  1126. package/.claude/scripts/detectors/retry_churn.py +119 -0
  1127. package/.claude/scripts/detectors/schema.py +94 -0
  1128. package/.claude/scripts/detectors/tests/__init__.py +0 -0
  1129. package/.claude/scripts/detectors/tests/fixtures.py +420 -0
  1130. package/.claude/scripts/detectors/tests/test_looping.py +124 -0
  1131. package/.claude/scripts/detectors/tests/test_overpowered.py +114 -0
  1132. package/.claude/scripts/detectors/tests/test_retry_churn.py +101 -0
  1133. package/.claude/scripts/detectors/tests/test_schema.py +109 -0
  1134. package/.claude/scripts/detectors/tests/test_tool_cascade.py +131 -0
  1135. package/.claude/scripts/detectors/tests/test_wasteful_thinking.py +112 -0
  1136. package/.claude/scripts/detectors/tests/test_weak_model.py +104 -0
  1137. package/.claude/scripts/detectors/tool_cascade.py +127 -0
  1138. package/.claude/scripts/detectors/wasteful_thinking.py +99 -0
  1139. package/.claude/scripts/detectors/weak_model.py +92 -0
  1140. package/.claude/scripts/env-inventory-check.py +268 -0
  1141. package/.claude/scripts/env-inventory.json +3305 -0
  1142. package/.claude/scripts/extract-skill.py +456 -0
  1143. package/.claude/scripts/fan-plan-parser.py +370 -0
  1144. package/.claude/scripts/find-orphan-sentinels.py +89 -0
  1145. package/.claude/scripts/first-run-wizard.py +1151 -0
  1146. package/.claude/scripts/fixtures/cloned-trading-repo/.env.example +1 -0
  1147. package/.claude/scripts/fixtures/cloned-trading-repo/exchanges/binance.py +3 -0
  1148. package/.claude/scripts/fixtures/cloned-trading-repo/exchanges/coinbase.py +3 -0
  1149. package/.claude/scripts/fixtures/cloned-trading-repo/package.json +5 -0
  1150. package/.claude/scripts/fixtures/cloned-trading-repo/strategies/grid.py +3 -0
  1151. package/.claude/scripts/fixtures/cloned-trading-repo/strategies/pairs.py +3 -0
  1152. package/.claude/scripts/fixtures/missing-package-manifest/README.md +3 -0
  1153. package/.claude/scripts/fixtures/missing-package-manifest/src/main.py +1 -0
  1154. package/.claude/scripts/fixtures/mixed-frontend-backend/package.json +9 -0
  1155. package/.claude/scripts/fixtures/mixed-frontend-backend/requirements.txt +2 -0
  1156. package/.claude/scripts/fixtures/mixed-frontend-backend/src/api/handler.py +2 -0
  1157. package/.claude/scripts/fixtures/mixed-frontend-backend/src/pages/index.tsx +1 -0
  1158. package/.claude/scripts/fixtures/monorepo/apps/app-a/README.md +1 -0
  1159. package/.claude/scripts/fixtures/monorepo/apps/app-b/index.ts +1 -0
  1160. package/.claude/scripts/fixtures/monorepo/package.json +5 -0
  1161. package/.claude/scripts/fixtures/monorepo/packages/lib-a/index.js +1 -0
  1162. package/.claude/scripts/fixtures/monorepo/packages/lib-b/index.js +1 -0
  1163. package/.claude/scripts/fixtures/monorepo/pnpm-workspace.yaml +3 -0
  1164. package/.claude/scripts/fixtures/persona-coverage-expected-thresholds.yaml +20 -0
  1165. package/.claude/scripts/flip-criteria-drift-allowlist.txt +31 -0
  1166. package/.claude/scripts/generate-adr-index.py +339 -0
  1167. package/.claude/scripts/generate-available-models.py +280 -0
  1168. package/.claude/scripts/generate-dispatch.py +430 -0
  1169. package/.claude/scripts/generate-sbom.py +287 -0
  1170. package/.claude/scripts/generate-skill-inventory.sh +193 -0
  1171. package/.claude/scripts/github-api-client.py +297 -0
  1172. package/.claude/scripts/goap-planner.py +742 -0
  1173. package/.claude/scripts/hook-profiler.py +671 -0
  1174. package/.claude/scripts/import-skill.py +569 -0
  1175. package/.claude/scripts/import_ui_ux_pro_max.py +137 -0
  1176. package/.claude/scripts/inject-agent-context.sh +948 -0
  1177. package/.claude/scripts/k-calibration.py +456 -0
  1178. package/.claude/scripts/key-hygiene.py +511 -0
  1179. package/.claude/scripts/lesson-restore.py +171 -0
  1180. package/.claude/scripts/lesson_ranker.py +100 -0
  1181. package/.claude/scripts/lessons.py +883 -0
  1182. package/.claude/scripts/lint-skills.py +555 -0
  1183. package/.claude/scripts/local/README.md +280 -0
  1184. package/.claude/scripts/local/check-doc-skill-paths.sh +124 -0
  1185. package/.claude/scripts/local/dependency-graph.py +684 -0
  1186. package/.claude/scripts/local/estimate-calibrator.py +240 -0
  1187. package/.claude/scripts/local/findings-pretty-print.py +78 -0
  1188. package/.claude/scripts/local/generate-ceremony.sh +558 -0
  1189. package/.claude/scripts/local/pair-rail-gate.sh +156 -0
  1190. package/.claude/scripts/local/release-dry-run.py +853 -0
  1191. package/.claude/scripts/local/tests/test_dependency_graph.py +364 -0
  1192. package/.claude/scripts/local/tests/test_generate_ceremony.sh +144 -0
  1193. package/.claude/scripts/local/tests/test_release_dry_run.py +743 -0
  1194. package/.claude/scripts/local/validate-findings.py +168 -0
  1195. package/.claude/scripts/local/validate-saved-workflows.js +69 -0
  1196. package/.claude/scripts/local/verify-counts.sh +420 -0
  1197. package/.claude/scripts/local/verify-scope-coverage.py +205 -0
  1198. package/.claude/scripts/local/verify-staging-manifest.py +188 -0
  1199. package/.claude/scripts/local/wave-readonly-monitor.py +271 -0
  1200. package/.claude/scripts/log-friction.sh +290 -0
  1201. package/.claude/scripts/mcp/code_nav_bridge.py +259 -0
  1202. package/.claude/scripts/mcp-server/__init__.py +16 -0
  1203. package/.claude/scripts/mcp-server/auth.py +333 -0
  1204. package/.claude/scripts/mcp-server/cost.py +108 -0
  1205. package/.claude/scripts/mcp-server/dispatch.py +853 -0
  1206. package/.claude/scripts/mcp-server/handlers/__init__.py +16 -0
  1207. package/.claude/scripts/mcp-server/handlers/audit_query.py +384 -0
  1208. package/.claude/scripts/mcp-server/handlers/get_audit_log.py +163 -0
  1209. package/.claude/scripts/mcp-server/handlers/get_cost_budget.py +130 -0
  1210. package/.claude/scripts/mcp-server/handlers/get_debate_state.py +207 -0
  1211. package/.claude/scripts/mcp-server/handlers/get_skill.py +199 -0
  1212. package/.claude/scripts/mcp-server/handlers/list_agents.py +236 -0
  1213. package/.claude/scripts/mcp-server/handlers/list_pitfalls.py +192 -0
  1214. package/.claude/scripts/mcp-server/handlers/list_skills.py +197 -0
  1215. package/.claude/scripts/mcp-server/handlers/plan_status.py +489 -0
  1216. package/.claude/scripts/mcp-server/handlers/server_capabilities.py +127 -0
  1217. package/.claude/scripts/mcp-server/handlers/spawn_agent.py +274 -0
  1218. package/.claude/scripts/mcp-server/http_transport.py +373 -0
  1219. package/.claude/scripts/mcp-server/rate_limit.py +345 -0
  1220. package/.claude/scripts/mcp-server/server.py +212 -0
  1221. package/.claude/scripts/mcp-server/start-mcp-server.sh +111 -0
  1222. package/.claude/scripts/mcp-server/stdio_transport.py +150 -0
  1223. package/.claude/scripts/mcp-server/tests/__init__.py +1 -0
  1224. package/.claude/scripts/mcp-server/tests/test_auth.py +454 -0
  1225. package/.claude/scripts/mcp-server/tests/test_cost.py +122 -0
  1226. package/.claude/scripts/mcp-server/tests/test_dispatch.py +448 -0
  1227. package/.claude/scripts/mcp-server/tests/test_dispatch_bearer_replay_wire.py +358 -0
  1228. package/.claude/scripts/mcp-server/tests/test_handlers_get_audit_log.py +107 -0
  1229. package/.claude/scripts/mcp-server/tests/test_handlers_get_skill.py +108 -0
  1230. package/.claude/scripts/mcp-server/tests/test_handlers_list_agents.py +92 -0
  1231. package/.claude/scripts/mcp-server/tests/test_handlers_list_pitfalls.py +103 -0
  1232. package/.claude/scripts/mcp-server/tests/test_handlers_list_skills.py +121 -0
  1233. package/.claude/scripts/mcp-server/tests/test_handlers_server_capabilities.py +128 -0
  1234. package/.claude/scripts/mcp-server/tests/test_handlers_spawn_agent.py +275 -0
  1235. package/.claude/scripts/mcp-server/tests/test_http_transport.py +418 -0
  1236. package/.claude/scripts/mcp-server/tests/test_rate_limit.py +239 -0
  1237. package/.claude/scripts/mcp-server/tests/test_server.py +125 -0
  1238. package/.claude/scripts/mcp-server/tests/test_stdio_transport.py +196 -0
  1239. package/.claude/scripts/mcp-soak-monitor.py +224 -0
  1240. package/.claude/scripts/memory-prioritize.py +516 -0
  1241. package/.claude/scripts/migrate-grandfather-to-sha256.py +384 -0
  1242. package/.claude/scripts/model-deprecations.json +165 -0
  1243. package/.claude/scripts/morning-ceremony.py +266 -0
  1244. package/.claude/scripts/morning_ledger.py +446 -0
  1245. package/.claude/scripts/mutation-floors.yaml +51 -0
  1246. package/.claude/scripts/mutation-test.py +506 -0
  1247. package/.claude/scripts/nightly-proposals.py +210 -0
  1248. package/.claude/scripts/optimizer/__init__.py +46 -0
  1249. package/.claude/scripts/optimizer/_codex_redaction.py +101 -0
  1250. package/.claude/scripts/optimizer/_skeleton.py +137 -0
  1251. package/.claude/scripts/optimizer/codex_phase_gate.py +257 -0
  1252. package/.claude/scripts/optimizer/complexity_gate.py +208 -0
  1253. package/.claude/scripts/optimizer/fanout.py +249 -0
  1254. package/.claude/scripts/optimizer/model_choice.py +151 -0
  1255. package/.claude/scripts/optimizer/model_normalize.py +118 -0
  1256. package/.claude/scripts/optimizer/rag_recommender.py +110 -0
  1257. package/.claude/scripts/optimizer/recommender.py +213 -0
  1258. package/.claude/scripts/optimizer/tests/__init__.py +0 -0
  1259. package/.claude/scripts/optimizer/tests/test_codex_phase_gate.py +314 -0
  1260. package/.claude/scripts/optimizer/tests/test_codex_review_invoked_emission.py +225 -0
  1261. package/.claude/scripts/optimizer/tests/test_optimizer_complexity_gate.py +122 -0
  1262. package/.claude/scripts/optimizer/tests/test_optimizer_fanout.py +134 -0
  1263. package/.claude/scripts/optimizer/tests/test_optimizer_model_choice.py +124 -0
  1264. package/.claude/scripts/optimizer/tests/test_optimizer_model_normalize.py +155 -0
  1265. package/.claude/scripts/optimizer/tests/test_optimizer_rag_recommender.py +190 -0
  1266. package/.claude/scripts/optimizer/tests/test_optimizer_recommender.py +131 -0
  1267. package/.claude/scripts/optimizer/tests/test_optimizer_skeleton.py +117 -0
  1268. package/.claude/scripts/optimizer/tests/test_optimizer_types.py +53 -0
  1269. package/.claude/scripts/optimizer/types.py +122 -0
  1270. package/.claude/scripts/osv_check.py +559 -0
  1271. package/.claude/scripts/otel-export.py +329 -0
  1272. package/.claude/scripts/otel-local-sink.py +470 -0
  1273. package/.claude/scripts/persona_demand_resolver.py +658 -0
  1274. package/.claude/scripts/persona_demand_scan.py +382 -0
  1275. package/.claude/scripts/persona_waive_parser.py +127 -0
  1276. package/.claude/scripts/pitfall-query.py +218 -0
  1277. package/.claude/scripts/plan-tokens.py +843 -0
  1278. package/.claude/scripts/policy-shadow-runner.py +445 -0
  1279. package/.claude/scripts/predict-budget/predict-plan-cost.py +581 -0
  1280. package/.claude/scripts/predict-budget/tests/test_predict_plan_cost.py +375 -0
  1281. package/.claude/scripts/profile-opus-4-7.py +557 -0
  1282. package/.claude/scripts/prune-lessons.py +453 -0
  1283. package/.claude/scripts/rate-card-calibrate.py +283 -0
  1284. package/.claude/scripts/rate-card-fixtures.json +18 -0
  1285. package/.claude/scripts/reality-ledger.py +2175 -0
  1286. package/.claude/scripts/red-team-corpus/.byte-identity-check.txt +86 -0
  1287. package/.claude/scripts/red-team-corpus/README.md +132 -0
  1288. package/.claude/scripts/red-team-corpus/external/EXT-001-prompt-inject.md +24 -0
  1289. package/.claude/scripts/red-team-corpus/external/EXT-002-hackaprompt.md +25 -0
  1290. package/.claude/scripts/red-team-corpus/external/EXT-003-gcg.md +31 -0
  1291. package/.claude/scripts/red-team-corpus/external/EXT-004-tap.md +23 -0
  1292. package/.claude/scripts/red-team-corpus/external/EXT-005-cybersecurity-eval.md +30 -0
  1293. package/.claude/scripts/red-team-corpus/external/EXT-006-anthropic-samples.md +26 -0
  1294. package/.claude/scripts/red-team-corpus/external/EXT-007-trojan-source.md +26 -0
  1295. package/.claude/scripts/red-team-corpus/external/EXT-008-owasp-llm-top10.md +33 -0
  1296. package/.claude/scripts/red-team-corpus/external/EXT-009-jailbreak-bench.md +24 -0
  1297. package/.claude/scripts/red-team-corpus/external/EXT-010-advbench.md +22 -0
  1298. package/.claude/scripts/red-team-corpus/external/EXT-011-mitre-atlas.md +25 -0
  1299. package/.claude/scripts/red-team-corpus/external/EXT-012-npm-typosquat.md +23 -0
  1300. package/.claude/scripts/red-team-corpus/external/EXT-013-log-tamper-poc.md +25 -0
  1301. package/.claude/scripts/red-team-corpus/external/EXT-014-cwe-798-credentials.md +24 -0
  1302. package/.claude/scripts/red-team-corpus/external/EXT-015-garak.md +28 -0
  1303. package/.claude/scripts/red-team-corpus/external/EXT-016-skill-content-injection-via-markdown.jsonl +1 -0
  1304. package/.claude/scripts/red-team-corpus/external/EXT-017-persona-impersonation-ceo.jsonl +1 -0
  1305. package/.claude/scripts/red-team-corpus/external/EXT-018-file-assignment-wildcard-escape.jsonl +1 -0
  1306. package/.claude/scripts/red-team-corpus/external/EXT-019-veto-bypass-force-proceed.jsonl +1 -0
  1307. package/.claude/scripts/red-team-corpus/external/EXT-020-canonical-edit-circumvent-settings.jsonl +1 -0
  1308. package/.claude/scripts/red-team-corpus/external/EXT-021-spawn-without-agent-profile.jsonl +1 -0
  1309. package/.claude/scripts/red-team-corpus/external/EXT-022-hidden-unicode-in-skill-name.jsonl +1 -0
  1310. package/.claude/scripts/red-team-corpus/external/EXT-023-mcp-spawn-governance-bypass.jsonl +1 -0
  1311. package/.claude/scripts/red-team-corpus/external/EXT-024-adapter-credential-in-error-trace.jsonl +1 -0
  1312. package/.claude/scripts/red-team-corpus/external/EXT-025-sandbox-escape-nested-subshell.jsonl +1 -0
  1313. package/.claude/scripts/red-team-corpus/external/EXT-026-plan-edit-without-debate.jsonl +1 -0
  1314. package/.claude/scripts/red-team-corpus/external/EXT-027-audit-log-rotation-race.jsonl +1 -0
  1315. package/.claude/scripts/red-team-corpus/external/EXT-028-npm-dependency-confusion.jsonl +1 -0
  1316. package/.claude/scripts/red-team-corpus/external/EXT-029-output-safety-unicode-confusable.jsonl +1 -0
  1317. package/.claude/scripts/red-team-corpus/external/EXT-030-adapter-retry-storm-dos.jsonl +1 -0
  1318. package/.claude/scripts/red-team-corpus/external/EXT-031-team-md-direct-edit.jsonl +1 -0
  1319. package/.claude/scripts/red-team-corpus/external/EXT-032-sandbox-env-var-exfil.jsonl +1 -0
  1320. package/.claude/scripts/red-team-corpus/external/EXT-033-mcp-rate-limit-bypass-headers.jsonl +1 -0
  1321. package/.claude/scripts/red-team-corpus/external/EXT-034-otel-span-attribute-leak.jsonl +1 -0
  1322. package/.claude/scripts/red-team-corpus/external/EXT-035-skill-patch-polyglot-payload.jsonl +1 -0
  1323. package/.claude/scripts/red-team-corpus/external/EXT-036-output-safety-base64-triple-wrap.jsonl +1 -0
  1324. package/.claude/scripts/red-team-corpus/external/EXT-037-plan-id-cross-plan-memory-read.jsonl +1 -0
  1325. package/.claude/scripts/red-team-corpus/external/EXT-038-npm-slsa-provenance-strip.jsonl +1 -0
  1326. package/.claude/scripts/red-team-corpus/external/EXT-039-adapter-exfil-streaming-chunk.jsonl +1 -0
  1327. package/.claude/scripts/red-team-corpus/external/EXT-040-sandbox-symlink-to-secrets.jsonl +1 -0
  1328. package/.claude/scripts/red-team-corpus/external/README.md +63 -0
  1329. package/.claude/scripts/red-team-corpus/flake-budget.yaml +244 -0
  1330. package/.claude/scripts/red-team-corpus/provenance.md +74 -0
  1331. package/.claude/scripts/red-team-corpus/regression/REG-001-s3-audit-emission-gap.jsonl +1 -0
  1332. package/.claude/scripts/red-team-corpus/regression/REG-002-audit-registry-miss.jsonl +1 -0
  1333. package/.claude/scripts/red-team-corpus/regression/REG-003-breaker-provider-kwarg-missing.jsonl +1 -0
  1334. package/.claude/scripts/red-team-corpus/regression/REG-004-canonical-edit-conftest-block.jsonl +1 -0
  1335. package/.claude/scripts/red-team-corpus/regression/REG-005-mcp-dispatch-oversized-handler.jsonl +1 -0
  1336. package/.claude/scripts/red-team-corpus/regression/REG-006-audit-registry-false-orphan.jsonl +1 -0
  1337. package/.claude/scripts/red-team-corpus/regression/REG-007-spec-count-undercount.jsonl +1 -0
  1338. package/.claude/scripts/red-team-corpus/regression/REG-008-adr-reserved-slot-phantom.jsonl +1 -0
  1339. package/.claude/scripts/red-team-corpus/regression/REG-009-tlc-pending-placeholder.jsonl +1 -0
  1340. package/.claude/scripts/red-team-corpus/regression/REG-010-mutation-kill-rate-fake.jsonl +1 -0
  1341. package/.claude/scripts/red-team-corpus/regression/REG-011-byte-identity-governance-persona.jsonl +1 -0
  1342. package/.claude/scripts/red-team-corpus/regression/REG-012-conformance-mapping-partial-path.jsonl +1 -0
  1343. package/.claude/scripts/red-team-corpus/regression/REG-013-l1-fairness-lazy-fire.jsonl +1 -0
  1344. package/.claude/scripts/red-team-corpus/regression/REG-014-mcp-path-traversal-skill.jsonl +1 -0
  1345. package/.claude/scripts/red-team-corpus/regression/REG-015-mcp-hmac-timestamp-skew.jsonl +1 -0
  1346. package/.claude/scripts/red-team-corpus/synthetic/SYN-001-skill-patch-bidi-trojan.jsonl +1 -0
  1347. package/.claude/scripts/red-team-corpus/synthetic/SYN-002-skill-patch-zero-width-smuggle.jsonl +1 -0
  1348. package/.claude/scripts/red-team-corpus/synthetic/SYN-003-skill-patch-exec-smuggled-fence.jsonl +1 -0
  1349. package/.claude/scripts/red-team-corpus/synthetic/SYN-004-skill-patch-oversized-diff.jsonl +1 -0
  1350. package/.claude/scripts/red-team-corpus/synthetic/SYN-005-audit-log-byte-rewrite.jsonl +1 -0
  1351. package/.claude/scripts/red-team-corpus/synthetic/SYN-006-audit-log-truncation.jsonl +1 -0
  1352. package/.claude/scripts/red-team-corpus/synthetic/SYN-007-audit-log-lock-race.jsonl +1 -0
  1353. package/.claude/scripts/red-team-corpus/synthetic/SYN-008-plan-id-env-spoof.jsonl +1 -0
  1354. package/.claude/scripts/red-team-corpus/synthetic/SYN-009-plan-id-frontmatter-hijack.jsonl +1 -0
  1355. package/.claude/scripts/red-team-corpus/synthetic/SYN-010-plan-id-cross-plan-read.jsonl +1 -0
  1356. package/.claude/scripts/red-team-corpus/synthetic/SYN-011-sandbox-escape-curl-exfil.jsonl +1 -0
  1357. package/.claude/scripts/red-team-corpus/synthetic/SYN-012-sandbox-escape-env-dump.jsonl +1 -0
  1358. package/.claude/scripts/red-team-corpus/synthetic/SYN-013-sandbox-escape-symlink-plant.jsonl +1 -0
  1359. package/.claude/scripts/red-team-corpus/synthetic/SYN-014-mcp-handler-governance-bypass.jsonl +1 -0
  1360. package/.claude/scripts/red-team-corpus/synthetic/SYN-015-mcp-handler-acl-enumeration.jsonl +1 -0
  1361. package/.claude/scripts/red-team-corpus/synthetic/SYN-016-mcp-handler-rate-limit-evasion.jsonl +1 -0
  1362. package/.claude/scripts/red-team-corpus/synthetic/SYN-017-adapter-exfil-via-error-message.jsonl +1 -0
  1363. package/.claude/scripts/red-team-corpus/synthetic/SYN-018-adapter-exfil-otel-attr.jsonl +1 -0
  1364. package/.claude/scripts/red-team-corpus/synthetic/SYN-019-adapter-exfil-retry-replay.jsonl +1 -0
  1365. package/.claude/scripts/red-team-corpus/synthetic/SYN-020-output-safety-nfkc-bypass.jsonl +1 -0
  1366. package/.claude/scripts/red-team-corpus/synthetic/SYN-021-output-safety-base64-double-wrap.jsonl +1 -0
  1367. package/.claude/scripts/red-team-corpus/synthetic/SYN-022-output-safety-entropy-below-threshold.jsonl +1 -0
  1368. package/.claude/scripts/red-team-corpus/synthetic/SYN-023-output-safety-regex-obfuscation.jsonl +1 -0
  1369. package/.claude/scripts/red-team-corpus/synthetic/SYN-024-output-safety-luhn-partial.jsonl +1 -0
  1370. package/.claude/scripts/red-team-corpus/synthetic/SYN-025-npm-tamper-supply-chain.jsonl +1 -0
  1371. package/.claude/scripts/red-team-corpus/synthetic/SYN-026-npm-tamper-typo-squat.jsonl +1 -0
  1372. package/.claude/scripts/red-team-corpus/synthetic/SYN-027-npm-tamper-unsigned-slsa.jsonl +1 -0
  1373. package/.claude/scripts/red-team-corpus/v1/fixtures.jsonl +67 -0
  1374. package/.claude/scripts/red-team-corpus/v1/fixtures.jsonl.sha256 +1 -0
  1375. package/.claude/scripts/red-team-corpus/v1/labels.json +88 -0
  1376. package/.claude/scripts/red-team-eval.py +1099 -0
  1377. package/.claude/scripts/registry.py +438 -0
  1378. package/.claude/scripts/replay/__init__.py +0 -0
  1379. package/.claude/scripts/replay/replay-session.py +1232 -0
  1380. package/.claude/scripts/replay/tests/__init__.py +0 -0
  1381. package/.claude/scripts/replay/tests/fixtures/api-key-01-positive.jsonl +1 -0
  1382. package/.claude/scripts/replay/tests/fixtures/api-key-02-positive.jsonl +1 -0
  1383. package/.claude/scripts/replay/tests/fixtures/api-key-03-positive.jsonl +1 -0
  1384. package/.claude/scripts/replay/tests/fixtures/api-key-04-positive.jsonl +1 -0
  1385. package/.claude/scripts/replay/tests/fixtures/api-key-05-negative.jsonl +1 -0
  1386. package/.claude/scripts/replay/tests/fixtures/api-key-06-negative.jsonl +1 -0
  1387. package/.claude/scripts/replay/tests/fixtures/api-key-07-negative.jsonl +1 -0
  1388. package/.claude/scripts/replay/tests/fixtures/api-key-08-negative.jsonl +1 -0
  1389. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-01-positive.jsonl +1 -0
  1390. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-02-positive.jsonl +1 -0
  1391. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-03-positive.jsonl +1 -0
  1392. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-04-positive.jsonl +1 -0
  1393. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-05-negative.jsonl +1 -0
  1394. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-06-negative.jsonl +1 -0
  1395. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-07-negative.jsonl +1 -0
  1396. package/.claude/scripts/replay/tests/fixtures/cpf-cnpj-08-negative.jsonl +1 -0
  1397. package/.claude/scripts/replay/tests/fixtures/email-in-log-01-positive.jsonl +1 -0
  1398. package/.claude/scripts/replay/tests/fixtures/email-in-log-02-positive.jsonl +1 -0
  1399. package/.claude/scripts/replay/tests/fixtures/email-in-log-03-positive.jsonl +1 -0
  1400. package/.claude/scripts/replay/tests/fixtures/email-in-log-04-positive.jsonl +1 -0
  1401. package/.claude/scripts/replay/tests/fixtures/email-in-log-05-negative.jsonl +1 -0
  1402. package/.claude/scripts/replay/tests/fixtures/email-in-log-06-negative.jsonl +1 -0
  1403. package/.claude/scripts/replay/tests/fixtures/email-in-log-07-negative.jsonl +1 -0
  1404. package/.claude/scripts/replay/tests/fixtures/email-in-log-08-negative.jsonl +1 -0
  1405. package/.claude/scripts/replay/tests/fixtures/homoglyph-01-positive.jsonl +1 -0
  1406. package/.claude/scripts/replay/tests/fixtures/homoglyph-02-positive.jsonl +1 -0
  1407. package/.claude/scripts/replay/tests/fixtures/homoglyph-03-positive.jsonl +1 -0
  1408. package/.claude/scripts/replay/tests/fixtures/homoglyph-04-positive.jsonl +1 -0
  1409. package/.claude/scripts/replay/tests/fixtures/homoglyph-05-negative.jsonl +1 -0
  1410. package/.claude/scripts/replay/tests/fixtures/homoglyph-06-negative.jsonl +1 -0
  1411. package/.claude/scripts/replay/tests/fixtures/homoglyph-07-negative.jsonl +1 -0
  1412. package/.claude/scripts/replay/tests/fixtures/homoglyph-08-negative.jsonl +1 -0
  1413. package/.claude/scripts/replay/tests/fixtures/jwt-01-positive.jsonl +1 -0
  1414. package/.claude/scripts/replay/tests/fixtures/jwt-02-positive.jsonl +1 -0
  1415. package/.claude/scripts/replay/tests/fixtures/jwt-03-positive.jsonl +1 -0
  1416. package/.claude/scripts/replay/tests/fixtures/jwt-04-positive.jsonl +1 -0
  1417. package/.claude/scripts/replay/tests/fixtures/jwt-05-negative.jsonl +1 -0
  1418. package/.claude/scripts/replay/tests/fixtures/jwt-06-negative.jsonl +1 -0
  1419. package/.claude/scripts/replay/tests/fixtures/jwt-07-negative.jsonl +1 -0
  1420. package/.claude/scripts/replay/tests/fixtures/jwt-08-negative.jsonl +1 -0
  1421. package/.claude/scripts/replay/tests/fixtures/os-path-01-positive.jsonl +1 -0
  1422. package/.claude/scripts/replay/tests/fixtures/os-path-02-positive.jsonl +1 -0
  1423. package/.claude/scripts/replay/tests/fixtures/os-path-03-positive.jsonl +1 -0
  1424. package/.claude/scripts/replay/tests/fixtures/os-path-04-positive.jsonl +1 -0
  1425. package/.claude/scripts/replay/tests/fixtures/os-path-05-negative.jsonl +1 -0
  1426. package/.claude/scripts/replay/tests/fixtures/os-path-06-negative.jsonl +1 -0
  1427. package/.claude/scripts/replay/tests/fixtures/os-path-07-negative.jsonl +1 -0
  1428. package/.claude/scripts/replay/tests/fixtures/os-path-08-negative.jsonl +1 -0
  1429. package/.claude/scripts/replay/tests/fixtures/pan-01-positive.jsonl +1 -0
  1430. package/.claude/scripts/replay/tests/fixtures/pan-02-positive.jsonl +1 -0
  1431. package/.claude/scripts/replay/tests/fixtures/pan-03-positive.jsonl +1 -0
  1432. package/.claude/scripts/replay/tests/fixtures/pan-04-positive.jsonl +1 -0
  1433. package/.claude/scripts/replay/tests/fixtures/pan-05-negative.jsonl +1 -0
  1434. package/.claude/scripts/replay/tests/fixtures/pan-06-negative.jsonl +1 -0
  1435. package/.claude/scripts/replay/tests/fixtures/pan-07-negative.jsonl +1 -0
  1436. package/.claude/scripts/replay/tests/fixtures/pan-08-negative.jsonl +1 -0
  1437. package/.claude/scripts/replay/tests/test_replay_redact_lib.py +971 -0
  1438. package/.claude/scripts/replay/tests/test_replay_session.py +396 -0
  1439. package/.claude/scripts/replay/tests/test_replay_session_capture.py +522 -0
  1440. package/.claude/scripts/repo-profile.schema.json +83 -0
  1441. package/.claude/scripts/run-promotion-gate.py +631 -0
  1442. package/.claude/scripts/run-skill-benchmark.py +1276 -0
  1443. package/.claude/scripts/scan-injection-strict.sh +162 -0
  1444. package/.claude/scripts/scan-injection.py +305 -0
  1445. package/.claude/scripts/scan-upstream-injection.py +663 -0
  1446. package/.claude/scripts/scratchpad.py +427 -0
  1447. package/.claude/scripts/self_test.py +602 -0
  1448. package/.claude/scripts/session-graph-build.py +728 -0
  1449. package/.claude/scripts/session-resume.py +363 -0
  1450. package/.claude/scripts/set-quality-profile.sh +229 -0
  1451. package/.claude/scripts/skill-budget-generator.py +599 -0
  1452. package/.claude/scripts/skill-import-rubric.py +368 -0
  1453. package/.claude/scripts/skill-index-build.py +534 -0
  1454. package/.claude/scripts/skill-patch-apply.py +1088 -0
  1455. package/.claude/scripts/skill-patch-propose.py +690 -0
  1456. package/.claude/scripts/skill-retrieve.py +522 -0
  1457. package/.claude/scripts/skill_grandfather_parser.py +295 -0
  1458. package/.claude/scripts/smart-loading-resolver.py +994 -0
  1459. package/.claude/scripts/spot-check-findings.py +211 -0
  1460. package/.claude/scripts/squad-export.py +437 -0
  1461. package/.claude/scripts/squad-import.py +741 -0
  1462. package/.claude/scripts/status.py +315 -0
  1463. package/.claude/scripts/statusline-ceo.py +597 -0
  1464. package/.claude/scripts/substrate-watch.json +54 -0
  1465. package/.claude/scripts/success-receipt.py +1038 -0
  1466. package/.claude/scripts/swarm/__init__.py +42 -0
  1467. package/.claude/scripts/swarm/_benchmark_replay.py +259 -0
  1468. package/.claude/scripts/swarm/_child_isolation.py +113 -0
  1469. package/.claude/scripts/swarm/_coordinator_sim.py +293 -0
  1470. package/.claude/scripts/swarm/_governors.py +277 -0
  1471. package/.claude/scripts/swarm/_integration.py +547 -0
  1472. package/.claude/scripts/swarm/_parent_death.py +176 -0
  1473. package/.claude/scripts/swarm/_process_group.py +250 -0
  1474. package/.claude/scripts/swarm/_replay_tournament.py +214 -0
  1475. package/.claude/scripts/swarm/_spawn_gate.py +292 -0
  1476. package/.claude/scripts/swarm/_subagent_fabrication.py +444 -0
  1477. package/.claude/scripts/swarm/_worktree_pool.py +276 -0
  1478. package/.claude/scripts/swarm/coordinator.py +543 -0
  1479. package/.claude/scripts/swarm/file_assignment.py +111 -0
  1480. package/.claude/scripts/swarm/fixtures/mcp_corpus.json +111 -0
  1481. package/.claude/scripts/swarm/kill_switch.py +260 -0
  1482. package/.claude/scripts/swarm/loop_runner.py +486 -0
  1483. package/.claude/scripts/swarm/recovery.py +178 -0
  1484. package/.claude/scripts/swarm/test_mcp_injection_repro.py +518 -0
  1485. package/.claude/scripts/swarm/test_rail_anomaly_repro.py +586 -0
  1486. package/.claude/scripts/swarm/tests/__init__.py +1 -0
  1487. package/.claude/scripts/swarm/tests/test_benchmark_manifest_schema.py +227 -0
  1488. package/.claude/scripts/swarm/tests/test_benchmark_replay.py +248 -0
  1489. package/.claude/scripts/swarm/tests/test_child_isolation.py +138 -0
  1490. package/.claude/scripts/swarm/tests/test_coordinator.py +289 -0
  1491. package/.claude/scripts/swarm/tests/test_coordinator_production_integration.py +434 -0
  1492. package/.claude/scripts/swarm/tests/test_coordinator_sim.py +192 -0
  1493. package/.claude/scripts/swarm/tests/test_coordinator_tick.py +165 -0
  1494. package/.claude/scripts/swarm/tests/test_file_assignment.py +100 -0
  1495. package/.claude/scripts/swarm/tests/test_governors.py +269 -0
  1496. package/.claude/scripts/swarm/tests/test_integration.py +344 -0
  1497. package/.claude/scripts/swarm/tests/test_kill_switch.py +307 -0
  1498. package/.claude/scripts/swarm/tests/test_loop_runner.py +168 -0
  1499. package/.claude/scripts/swarm/tests/test_loop_runner_circuit_breaker.py +555 -0
  1500. package/.claude/scripts/swarm/tests/test_loop_runner_gate_enforcement.py +304 -0
  1501. package/.claude/scripts/swarm/tests/test_loop_runner_gate_kill_switch.py +147 -0
  1502. package/.claude/scripts/swarm/tests/test_loop_runner_sentinel_revocation_slo.py +112 -0
  1503. package/.claude/scripts/swarm/tests/test_optimizer_killswitch.py +205 -0
  1504. package/.claude/scripts/swarm/tests/test_parent_death.py +128 -0
  1505. package/.claude/scripts/swarm/tests/test_parent_death_integration.py +305 -0
  1506. package/.claude/scripts/swarm/tests/test_process_group.py +132 -0
  1507. package/.claude/scripts/swarm/tests/test_process_group_reap.py +212 -0
  1508. package/.claude/scripts/swarm/tests/test_rail_anomaly_repro.py +516 -0
  1509. package/.claude/scripts/swarm/tests/test_recovery.py +165 -0
  1510. package/.claude/scripts/swarm/tests/test_replay_tournament.py +284 -0
  1511. package/.claude/scripts/swarm/tests/test_spawn_gate.py +265 -0
  1512. package/.claude/scripts/swarm/tests/test_subagent_fabrication.py +824 -0
  1513. package/.claude/scripts/swarm/tests/test_swarm_activation_smoke.py +112 -0
  1514. package/.claude/scripts/swarm/tests/test_tournament.py +195 -0
  1515. package/.claude/scripts/swarm/tests/test_worktree_pool.py +252 -0
  1516. package/.claude/scripts/swarm/tournament.py +261 -0
  1517. package/.claude/scripts/task-route.py +807 -0
  1518. package/.claude/scripts/test-env-hygiene-allowlist.yaml +1093 -0
  1519. package/.claude/scripts/tests/DEFERRED.md +99 -0
  1520. package/.claude/scripts/tests/conftest.py +42 -0
  1521. package/.claude/scripts/tests/fixtures/aggregate-changesets/bad-type.md +4 -0
  1522. package/.claude/scripts/tests/fixtures/aggregate-changesets/missing-frontmatter.md +1 -0
  1523. package/.claude/scripts/tests/fixtures/aggregate-changesets/multidoc.md +6 -0
  1524. package/.claude/scripts/tests/fixtures/aggregate-changesets/sample-CHANGELOG.md +29 -0
  1525. package/.claude/scripts/tests/fixtures/aggregate-changesets/second-minor.md +4 -0
  1526. package/.claude/scripts/tests/fixtures/aggregate-changesets/single-patch.md +4 -0
  1527. package/.claude/scripts/tests/fixtures/aggregate-changesets/third-major.md +4 -0
  1528. package/.claude/scripts/tests/fixtures/aggregate-changesets/unknown-key.md +6 -0
  1529. package/.claude/scripts/tests/fixtures/bad_lessons/bidi_override.md +12 -0
  1530. package/.claude/scripts/tests/fixtures/bad_lessons/fenced_python.md +19 -0
  1531. package/.claude/scripts/tests/fixtures/bad_lessons/homoglyph.md +11 -0
  1532. package/.claude/scripts/tests/fixtures/bad_lessons/injection.md +11 -0
  1533. package/.claude/scripts/tests/fixtures/bad_lessons/long_line.md +9 -0
  1534. package/.claude/scripts/tests/fixtures/bad_lessons/oversized.md +261 -0
  1535. package/.claude/scripts/tests/fixtures/bad_lessons/zero_width.md +11 -0
  1536. package/.claude/scripts/tests/fixtures/budget_summary/generate_fixtures.py +368 -0
  1537. package/.claude/scripts/tests/fixtures/claims/README.md +21 -0
  1538. package/.claude/scripts/tests/fixtures/claims/function_exists/neg-missing.txt +1 -0
  1539. package/.claude/scripts/tests/fixtures/claims/function_exists/neg-no-file.txt +1 -0
  1540. package/.claude/scripts/tests/fixtures/claims/function_exists/pos-extract.txt +1 -0
  1541. package/.claude/scripts/tests/fixtures/claims/function_exists/pos-main.txt +1 -0
  1542. package/.claude/scripts/tests/fixtures/claims/function_exists/pos-verify.txt +1 -0
  1543. package/.claude/scripts/tests/fixtures/claims/function_exists/quoted-colon-path.txt +1 -0
  1544. package/.claude/scripts/tests/fixtures/claims/import_resolves/codeblock-skipped.txt +8 -0
  1545. package/.claude/scripts/tests/fixtures/claims/import_resolves/neg-blocked-os.txt +6 -0
  1546. package/.claude/scripts/tests/fixtures/claims/import_resolves/neg-relative.txt +5 -0
  1547. package/.claude/scripts/tests/fixtures/claims/import_resolves/pos-dotted.txt +6 -0
  1548. package/.claude/scripts/tests/fixtures/claims/import_resolves/pos-stdlib-like.txt +5 -0
  1549. package/.claude/scripts/tests/fixtures/claims/line_range/neg-missing-file.txt +1 -0
  1550. package/.claude/scripts/tests/fixtures/claims/line_range/neg-too-long.txt +1 -0
  1551. package/.claude/scripts/tests/fixtures/claims/line_range/pos-large.txt +1 -0
  1552. package/.claude/scripts/tests/fixtures/claims/line_range/pos-small.txt +1 -0
  1553. package/.claude/scripts/tests/fixtures/claims/line_range/quoted-path.txt +1 -0
  1554. package/.claude/scripts/tests/fixtures/claims/path_exists/codeblock-skipped.txt +7 -0
  1555. package/.claude/scripts/tests/fixtures/claims/path_exists/neg-absolute-outside.txt +6 -0
  1556. package/.claude/scripts/tests/fixtures/claims/path_exists/neg-dotdot-escape.txt +7 -0
  1557. package/.claude/scripts/tests/fixtures/claims/path_exists/neg-imaginary.txt +1 -0
  1558. package/.claude/scripts/tests/fixtures/claims/path_exists/neg-proc-self.txt +6 -0
  1559. package/.claude/scripts/tests/fixtures/claims/path_exists/neg-symlink-escape.txt +8 -0
  1560. package/.claude/scripts/tests/fixtures/claims/path_exists/neg-typo.txt +1 -0
  1561. package/.claude/scripts/tests/fixtures/claims/path_exists/pos-claude.txt +1 -0
  1562. package/.claude/scripts/tests/fixtures/claims/path_exists/pos-readme.txt +1 -0
  1563. package/.claude/scripts/tests/fixtures/claims/path_exists/pos-self.txt +1 -0
  1564. package/.claude/scripts/tests/fixtures/claims/sha_exists/neg-fake.txt +1 -0
  1565. package/.claude/scripts/tests/fixtures/claims/sha_exists/neg-not-sha.txt +1 -0
  1566. package/.claude/scripts/tests/fixtures/claims/sha_exists/pos-head.txt +4 -0
  1567. package/.claude/scripts/tests/fixtures/claims/sha_exists/pos-root.txt +1 -0
  1568. package/.claude/scripts/tests/fixtures/claims/sha_exists/pos-short.txt +1 -0
  1569. package/.claude/scripts/tests/fixtures/claims/test_passes/neg-missing-file.txt +1 -0
  1570. package/.claude/scripts/tests/fixtures/claims/test_passes/neg-wrong-test.txt +1 -0
  1571. package/.claude/scripts/tests/fixtures/claims/test_passes/pos-audit-emit.txt +1 -0
  1572. package/.claude/scripts/tests/fixtures/claims/test_passes/pos-extra.txt +1 -0
  1573. package/.claude/scripts/tests/fixtures/claims/test_passes/pos-file.txt +1 -0
  1574. package/.claude/scripts/tests/fixtures/claims/test_passes/quoted-pytest-selector.txt +1 -0
  1575. package/.claude/scripts/tests/fixtures/debate_convergence/converged-pair-1/round-1/a.md +39 -0
  1576. package/.claude/scripts/tests/fixtures/debate_convergence/converged-pair-1/round-1/b.md +36 -0
  1577. package/.claude/scripts/tests/fixtures/debate_convergence/converged-pair-1/round-2/a.md +36 -0
  1578. package/.claude/scripts/tests/fixtures/debate_convergence/converged-pair-1/round-2/b.md +36 -0
  1579. package/.claude/scripts/tests/fixtures/debate_convergence/not-converged-pair-1/round-1/a.md +35 -0
  1580. package/.claude/scripts/tests/fixtures/debate_convergence/not-converged-pair-1/round-1/b.md +34 -0
  1581. package/.claude/scripts/tests/fixtures/debate_convergence/not-converged-pair-1/round-2/a.md +35 -0
  1582. package/.claude/scripts/tests/fixtures/debate_convergence/not-converged-pair-1/round-2/b.md +34 -0
  1583. package/.claude/scripts/tests/fixtures/debate_convergence/partial-overlap/round-1/a.md +35 -0
  1584. package/.claude/scripts/tests/fixtures/debate_convergence/partial-overlap/round-2/a.md +36 -0
  1585. package/.claude/scripts/tests/fixtures/debate_convergence/with-secret/round-1/a.md +36 -0
  1586. package/.claude/scripts/tests/fixtures/debate_convergence/with-secret/round-1/b.md +33 -0
  1587. package/.claude/scripts/tests/fixtures/debate_convergence/with-secret/round-2/a.md +34 -0
  1588. package/.claude/scripts/tests/fixtures/docs_freshness/link_anchor_only.md +10 -0
  1589. package/.claude/scripts/tests/fixtures/docs_freshness/link_broken.md +5 -0
  1590. package/.claude/scripts/tests/fixtures/docs_freshness/link_external_url.md +9 -0
  1591. package/.claude/scripts/tests/fixtures/docs_freshness/link_in_fenced_code.md +18 -0
  1592. package/.claude/scripts/tests/fixtures/docs_freshness/link_in_frontmatter.md +10 -0
  1593. package/.claude/scripts/tests/fixtures/docs_freshness/link_in_html_comment.md +10 -0
  1594. package/.claude/scripts/tests/fixtures/docs_freshness/link_in_inline_code.md +7 -0
  1595. package/.claude/scripts/tests/fixtures/docs_freshness/link_in_table.md +6 -0
  1596. package/.claude/scripts/tests/fixtures/docs_freshness/link_relative_parent.md +7 -0
  1597. package/.claude/scripts/tests/fixtures/docs_freshness/link_url_encoded.md +5 -0
  1598. package/.claude/scripts/tests/fixtures/docs_freshness/real_target.md +3 -0
  1599. package/.claude/scripts/tests/fixtures/docs_freshness/sub/dir.md +3 -0
  1600. package/.claude/scripts/tests/fixtures/docs_freshness/with%20space.md +3 -0
  1601. package/.claude/scripts/tests/fixtures/good_lessons/clean_auth.md +11 -0
  1602. package/.claude/scripts/tests/fixtures/good_lessons/clean_logging.md +11 -0
  1603. package/.claude/scripts/tests/fixtures/good_lessons/clean_retry.md +11 -0
  1604. package/.claude/scripts/tests/fixtures/gpg-keyring-fixture.py +209 -0
  1605. package/.claude/scripts/tests/fixtures/injection/benign-01.txt +8 -0
  1606. package/.claude/scripts/tests/fixtures/injection/benign-02.txt +5 -0
  1607. package/.claude/scripts/tests/fixtures/injection/benign-03.txt +7 -0
  1608. package/.claude/scripts/tests/fixtures/injection/benign-04.txt +9 -0
  1609. package/.claude/scripts/tests/fixtures/injection/benign-05.txt +7 -0
  1610. package/.claude/scripts/tests/fixtures/injection/benign-06.txt +7 -0
  1611. package/.claude/scripts/tests/fixtures/injection/benign-07.txt +11 -0
  1612. package/.claude/scripts/tests/fixtures/injection/benign-08.txt +4 -0
  1613. package/.claude/scripts/tests/fixtures/injection/malicious-01.txt +4 -0
  1614. package/.claude/scripts/tests/fixtures/injection/malicious-02.txt +2 -0
  1615. package/.claude/scripts/tests/fixtures/injection/malicious-03.txt +4 -0
  1616. package/.claude/scripts/tests/fixtures/injection/malicious-04.txt +2 -0
  1617. package/.claude/scripts/tests/fixtures/injection/malicious-05.txt +2 -0
  1618. package/.claude/scripts/tests/fixtures/injection/malicious-06.txt +5 -0
  1619. package/.claude/scripts/tests/fixtures/injection/malicious-07.txt +5 -0
  1620. package/.claude/scripts/tests/fixtures/injection/malicious-08.txt +2 -0
  1621. package/.claude/scripts/tests/fixtures/injection/malicious-09.txt +3 -0
  1622. package/.claude/scripts/tests/fixtures/injection/malicious-10.txt +2 -0
  1623. package/.claude/scripts/tests/fixtures/injection/malicious-11.txt +3 -0
  1624. package/.claude/scripts/tests/fixtures/injection/malicious-12.txt +5 -0
  1625. package/.claude/scripts/tests/fixtures/plan-tokens-calibration/manifest.json +49 -0
  1626. package/.claude/scripts/tests/fixtures/plan-tokens-calibration/plan-051.md +36 -0
  1627. package/.claude/scripts/tests/fixtures/plan-tokens-calibration/plan-052.md +32 -0
  1628. package/.claude/scripts/tests/fixtures/plan-tokens-calibration/plan-058.md +31 -0
  1629. package/.claude/scripts/tests/fixtures/reality-ledger/detector-1-boundary/docs/SAMPLE.md +8 -0
  1630. package/.claude/scripts/tests/fixtures/reality-ledger/detector-1-negative/.claude/scripts/sample.py +12 -0
  1631. package/.claude/scripts/tests/fixtures/reality-ledger/detector-1-negative/docs/SAMPLE.md +4 -0
  1632. package/.claude/scripts/tests/fixtures/reality-ledger/detector-1-positive/.claude/scripts/sample.py +12 -0
  1633. package/.claude/scripts/tests/fixtures/reality-ledger/detector-1-positive/docs/SAMPLE.md +9 -0
  1634. package/.claude/scripts/tests/fixtures/reality-ledger/detector-2-boundary/README.md +4 -0
  1635. package/.claude/scripts/tests/fixtures/reality-ledger/detector-2-negative/.claude/rag/requirements.lock +4 -0
  1636. package/.claude/scripts/tests/fixtures/reality-ledger/detector-2-positive/.claude/rag/requirements.lock +2 -0
  1637. package/.claude/scripts/tests/fixtures/reality-ledger/detector-3-boundary/.claude/agents/devops.md +8 -0
  1638. package/.claude/scripts/tests/fixtures/reality-ledger/detector-3-negative/.claude/agents/devops.md +5 -0
  1639. package/.claude/scripts/tests/fixtures/reality-ledger/detector-3-negative/audit-log.jsonl +2 -0
  1640. package/.claude/scripts/tests/fixtures/reality-ledger/detector-3-positive/.claude/agents/devops.md +7 -0
  1641. package/.claude/scripts/tests/fixtures/reality-ledger/detector-3-positive/audit-log.jsonl +4 -0
  1642. package/.claude/scripts/tests/fixtures/reality-ledger/detector-4-boundary/.claude/adr/ADR-997-fixture-superseded.md +8 -0
  1643. package/.claude/scripts/tests/fixtures/reality-ledger/detector-4-negative/.claude/adr/ADR-998-fixture-negative.md +16 -0
  1644. package/.claude/scripts/tests/fixtures/reality-ledger/detector-4-positive/.claude/adr/ADR-999-fixture-positive.md +15 -0
  1645. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-boundary/.claude/hooks/_lib/.do-not-import-from-here +15 -0
  1646. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-boundary/.claude/hooks/_lib/audit_emit.py +8 -0
  1647. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-boundary/.claude/scripts/dynamic_action.py +12 -0
  1648. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-negative/.claude/hooks/_lib/.do-not-import-from-here +15 -0
  1649. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-negative/.claude/hooks/_lib/audit_emit.py +11 -0
  1650. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-negative/.claude/scripts/registered_emitter.py +8 -0
  1651. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-positive/.claude/hooks/_lib/.do-not-import-from-here +15 -0
  1652. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-positive/.claude/hooks/_lib/audit_emit.py +12 -0
  1653. package/.claude/scripts/tests/fixtures/reality-ledger/detector-6-positive/.claude/scripts/phantom_emitter.py +13 -0
  1654. package/.claude/scripts/tests/fixtures/reality-ledger/issue-body-template.md +47 -0
  1655. package/.claude/scripts/tests/fixtures/reality-ledger/redaction/_test_corpus.py +7 -0
  1656. package/.claude/scripts/tests/fixtures/repo_profile/cloned-trading-repo/.env.example +5 -0
  1657. package/.claude/scripts/tests/fixtures/repo_profile/cloned-trading-repo/Cargo.toml +9 -0
  1658. package/.claude/scripts/tests/fixtures/repo_profile/cloned-trading-repo/README.md +6 -0
  1659. package/.claude/scripts/tests/fixtures/repo_profile/cloned-trading-repo/exchanges/binance.py +6 -0
  1660. package/.claude/scripts/tests/fixtures/repo_profile/cloned-trading-repo/strategies/triangular.py +4 -0
  1661. package/.claude/scripts/tests/fixtures/repo_profile/missing-package-manifest/README.md +7 -0
  1662. package/.claude/scripts/tests/fixtures/repo_profile/missing-package-manifest/notes.md +1 -0
  1663. package/.claude/scripts/tests/fixtures/repo_profile/mixed-frontend-backend/README.md +6 -0
  1664. package/.claude/scripts/tests/fixtures/repo_profile/mixed-frontend-backend/api/server.js +4 -0
  1665. package/.claude/scripts/tests/fixtures/repo_profile/mixed-frontend-backend/package.json +15 -0
  1666. package/.claude/scripts/tests/fixtures/repo_profile/mixed-frontend-backend/pages/index.tsx +3 -0
  1667. package/.claude/scripts/tests/fixtures/repo_profile/monorepo/README.md +6 -0
  1668. package/.claude/scripts/tests/fixtures/repo_profile/monorepo/apps/backend/.gitkeep +0 -0
  1669. package/.claude/scripts/tests/fixtures/repo_profile/monorepo/apps/frontend/.gitkeep +0 -0
  1670. package/.claude/scripts/tests/fixtures/repo_profile/monorepo/package.json +5 -0
  1671. package/.claude/scripts/tests/fixtures/repo_profile/monorepo/packages/shared/.gitkeep +0 -0
  1672. package/.claude/scripts/tests/fixtures/sample_audit_log.jsonl +50 -0
  1673. package/.claude/scripts/tests/fixtures/siem/.gitkeep +0 -0
  1674. package/.claude/scripts/tests/fixtures/smart_loading/profile-engine.yaml +8 -0
  1675. package/.claude/scripts/tests/fixtures/smart_loading/profile-fail-closed.yaml +7 -0
  1676. package/.claude/scripts/tests/fixtures/smart_loading/profile-fintech.yaml +9 -0
  1677. package/.claude/scripts/tests/fixtures/smart_loading/profile-frontend.yaml +9 -0
  1678. package/.claude/scripts/tests/fixtures/smart_loading/profile-generic.yaml +8 -0
  1679. package/.claude/scripts/tests/fixtures/smart_loading/profile-trading-readonly.yaml +9 -0
  1680. package/.claude/scripts/tests/fixtures/smart_loading/synthetic-skill-catalog.yaml +186 -0
  1681. package/.claude/scripts/tests/fixtures/squad_marketplace/.gitkeep +4 -0
  1682. package/.claude/scripts/tests/fixtures/task-route/calibration-holdout.json +49 -0
  1683. package/.claude/scripts/tests/fixtures/task-route/calibration-train.json +174 -0
  1684. package/.claude/scripts/tests/perf/__init__.py +3 -0
  1685. package/.claude/scripts/tests/perf/perf_utils.py +134 -0
  1686. package/.claude/scripts/tests/perf/test_kernel_hard_deny_microbench.py +149 -0
  1687. package/.claude/scripts/tests/perf/test_optimizer_complexity_gate_p99.py +145 -0
  1688. package/.claude/scripts/tests/perf/test_wave_c_canonical_json.py +132 -0
  1689. package/.claude/scripts/tests/perf/test_wave_c_filelock_mkdir.py +71 -0
  1690. package/.claude/scripts/tests/perf/test_wave_c_plan_glob_cache.py +84 -0
  1691. package/.claude/scripts/tests/perf/test_wave_c_preview_collapse.py +98 -0
  1692. package/.claude/scripts/tests/perf/test_wave_c_sys_modules.py +104 -0
  1693. package/.claude/scripts/tests/test_a4_pricing_doctrine.py +127 -0
  1694. package/.claude/scripts/tests/test_admin_invite.py +173 -0
  1695. package/.claude/scripts/tests/test_adopter_metrics.py +723 -0
  1696. package/.claude/scripts/tests/test_aek_calibration_c2.py +107 -0
  1697. package/.claude/scripts/tests/test_aek_calibration_c3.py +192 -0
  1698. package/.claude/scripts/tests/test_aek_state_machine.py +385 -0
  1699. package/.claude/scripts/tests/test_aggregate_changesets.py +646 -0
  1700. package/.claude/scripts/tests/test_architect_bundle_validate.py +159 -0
  1701. package/.claude/scripts/tests/test_audit_dashboard.py +822 -0
  1702. package/.claude/scripts/tests/test_audit_log_dispatch_hint.py +91 -0
  1703. package/.claude/scripts/tests/test_audit_log_retain.py +394 -0
  1704. package/.claude/scripts/tests/test_audit_query.py +1177 -0
  1705. package/.claude/scripts/tests/test_audit_query_by_domain.py +576 -0
  1706. package/.claude/scripts/tests/test_audit_query_claims.py +92 -0
  1707. package/.claude/scripts/tests/test_audit_query_critical.py +267 -0
  1708. package/.claude/scripts/tests/test_audit_query_tokens.py +106 -0
  1709. package/.claude/scripts/tests/test_audit_telemetry.py +214 -0
  1710. package/.claude/scripts/tests/test_audit_tokens.py +255 -0
  1711. package/.claude/scripts/tests/test_audit_verify_chain.py +189 -0
  1712. package/.claude/scripts/tests/test_backup_audit.py +295 -0
  1713. package/.claude/scripts/tests/test_benchmark_fallback_scorer.py +299 -0
  1714. package/.claude/scripts/tests/test_benchmark_judge.py +569 -0
  1715. package/.claude/scripts/tests/test_benchmarks_replay.py +313 -0
  1716. package/.claude/scripts/tests/test_budget_summary.py +628 -0
  1717. package/.claude/scripts/tests/test_build_canonical_models.py +349 -0
  1718. package/.claude/scripts/tests/test_calibration_kappa.py +234 -0
  1719. package/.claude/scripts/tests/test_cc_analytics_pull.py +296 -0
  1720. package/.claude/scripts/tests/test_ceo_backup.py +318 -0
  1721. package/.claude/scripts/tests/test_ceo_boot.py +643 -0
  1722. package/.claude/scripts/tests/test_ceo_boot_audit_emit.py +484 -0
  1723. package/.claude/scripts/tests/test_ceo_boot_enhanced.py +706 -0
  1724. package/.claude/scripts/tests/test_ceo_boot_persona_cadence.py +392 -0
  1725. package/.claude/scripts/tests/test_ceo_boot_plan_082.py +365 -0
  1726. package/.claude/scripts/tests/test_ceo_boot_tamper_tripwires.py +556 -0
  1727. package/.claude/scripts/tests/test_ceo_boot_task_candidate.py +868 -0
  1728. package/.claude/scripts/tests/test_ceo_cost.py +221 -0
  1729. package/.claude/scripts/tests/test_ceo_cost_stream.py +1076 -0
  1730. package/.claude/scripts/tests/test_ceo_diagnose.py +314 -0
  1731. package/.claude/scripts/tests/test_ceo_escalation_detector.py +591 -0
  1732. package/.claude/scripts/tests/test_ceo_health.py +202 -0
  1733. package/.claude/scripts/tests/test_ceo_info.py +542 -0
  1734. package/.claude/scripts/tests/test_chaos_inject_lockdown.py +384 -0
  1735. package/.claude/scripts/tests/test_check_action_sha_drift.py +174 -0
  1736. package/.claude/scripts/tests/test_check_active_hooks_executable.py +79 -0
  1737. package/.claude/scripts/tests/test_check_adr_chain.py +665 -0
  1738. package/.claude/scripts/tests/test_check_audit_hmac_null.py +178 -0
  1739. package/.claude/scripts/tests/test_check_audit_read_api_stable.py +176 -0
  1740. package/.claude/scripts/tests/test_check_audit_registry_coverage.py +744 -0
  1741. package/.claude/scripts/tests/test_check_auto_activation_flags.py +140 -0
  1742. package/.claude/scripts/tests/test_check_canonical_doc_freshness.py +149 -0
  1743. package/.claude/scripts/tests/test_check_claude_md_claims.py +223 -0
  1744. package/.claude/scripts/tests/test_check_conformance_harness_mapping.py +243 -0
  1745. package/.claude/scripts/tests/test_check_contamination.py +161 -0
  1746. package/.claude/scripts/tests/test_check_creative_rewrite.py +183 -0
  1747. package/.claude/scripts/tests/test_check_debate_round_lifecycle.py +162 -0
  1748. package/.claude/scripts/tests/test_check_debt_ledger.py +227 -0
  1749. package/.claude/scripts/tests/test_check_doc_skill_paths.py +99 -0
  1750. package/.claude/scripts/tests/test_check_docs_freshness.py +224 -0
  1751. package/.claude/scripts/tests/test_check_flip_criteria_drift.py +343 -0
  1752. package/.claude/scripts/tests/test_check_flip_release_gate_consistency.py +195 -0
  1753. package/.claude/scripts/tests/test_check_function_length.py +519 -0
  1754. package/.claude/scripts/tests/test_check_model_deprecations.py +368 -0
  1755. package/.claude/scripts/tests/test_check_originator_residue.py +165 -0
  1756. package/.claude/scripts/tests/test_check_rule_invariants.py +327 -0
  1757. package/.claude/scripts/tests/test_check_sdk_compat.py +88 -0
  1758. package/.claude/scripts/tests/test_check_sidecar_manifest_sbom_sync.py +177 -0
  1759. package/.claude/scripts/tests/test_check_spec_drift.py +358 -0
  1760. package/.claude/scripts/tests/test_check_staleness.py +128 -0
  1761. package/.claude/scripts/tests/test_check_stdlib_only_exceptions.py +91 -0
  1762. package/.claude/scripts/tests/test_check_substrate_watch.py +234 -0
  1763. package/.claude/scripts/tests/test_check_test_audit_isolation.py +322 -0
  1764. package/.claude/scripts/tests/test_check_test_env_hygiene.py +432 -0
  1765. package/.claude/scripts/tests/test_check_threat_model_coverage.py +251 -0
  1766. package/.claude/scripts/tests/test_check_threat_model_freshness.py +235 -0
  1767. package/.claude/scripts/tests/test_check_tier_boundaries.py +225 -0
  1768. package/.claude/scripts/tests/test_check_tla_schema_drift.py +246 -0
  1769. package/.claude/scripts/tests/test_check_translations_drift.py +262 -0
  1770. package/.claude/scripts/tests/test_code_nav_bridge.py +192 -0
  1771. package/.claude/scripts/tests/test_compaction_template.py +163 -0
  1772. package/.claude/scripts/tests/test_compare_adopters.py +646 -0
  1773. package/.claude/scripts/tests/test_confidence_gate.py +611 -0
  1774. package/.claude/scripts/tests/test_confidence_gate_backfill.py +212 -0
  1775. package/.claude/scripts/tests/test_context_budget.py +1400 -0
  1776. package/.claude/scripts/tests/test_contextual_recommender.py +723 -0
  1777. package/.claude/scripts/tests/test_coverage_audit_marker.py +109 -0
  1778. package/.claude/scripts/tests/test_debate_converge.py +399 -0
  1779. package/.claude/scripts/tests/test_debate_emit_cli.py +153 -0
  1780. package/.claude/scripts/tests/test_debate_orchestrate.py +575 -0
  1781. package/.claude/scripts/tests/test_detect_repo_profile.py +434 -0
  1782. package/.claude/scripts/tests/test_discover_foreign_context.py +208 -0
  1783. package/.claude/scripts/tests/test_dispatch_archetype_hint.py +429 -0
  1784. package/.claude/scripts/tests/test_dispatch_frontmatter_validation.py +274 -0
  1785. package/.claude/scripts/tests/test_drift_wire.py +259 -0
  1786. package/.claude/scripts/tests/test_embeddings.py +249 -0
  1787. package/.claude/scripts/tests/test_env_inventory_check.py +197 -0
  1788. package/.claude/scripts/tests/test_eval_c3.py +474 -0
  1789. package/.claude/scripts/tests/test_extract_skill.py +572 -0
  1790. package/.claude/scripts/tests/test_fan_plan_parser.py +213 -0
  1791. package/.claude/scripts/tests/test_find_orphan_sentinels.py +62 -0
  1792. package/.claude/scripts/tests/test_first_run_wizard.py +634 -0
  1793. package/.claude/scripts/tests/test_generate_adr_index.py +146 -0
  1794. package/.claude/scripts/tests/test_generate_available_models.py +209 -0
  1795. package/.claude/scripts/tests/test_generate_dispatch.py +90 -0
  1796. package/.claude/scripts/tests/test_generate_skill_inventory.py +76 -0
  1797. package/.claude/scripts/tests/test_github_api_client.py +146 -0
  1798. package/.claude/scripts/tests/test_governance_waivers_gate.py +176 -0
  1799. package/.claude/scripts/tests/test_hook_profiler.py +426 -0
  1800. package/.claude/scripts/tests/test_import_skill.py +927 -0
  1801. package/.claude/scripts/tests/test_import_skill_skip_rubric_auth.py +198 -0
  1802. package/.claude/scripts/tests/test_inject_agent_context_mitigated_dispatch.py +266 -0
  1803. package/.claude/scripts/tests/test_inject_agent_context_reference_mode.py +105 -0
  1804. package/.claude/scripts/tests/test_inspired_by_validator.py +307 -0
  1805. package/.claude/scripts/tests/test_install_dispatcher_present_maintainer.py +76 -0
  1806. package/.claude/scripts/tests/test_install_maintainer_unchanged.py +86 -0
  1807. package/.claude/scripts/tests/test_install_npm_sha256.py +113 -0
  1808. package/.claude/scripts/tests/test_install_sh_placeholders.py +268 -0
  1809. package/.claude/scripts/tests/test_install_sh_self_sha.py +244 -0
  1810. package/.claude/scripts/tests/test_install_sh_session_75_flags.py +147 -0
  1811. package/.claude/scripts/tests/test_install_user_dispatcher_present.py +75 -0
  1812. package/.claude/scripts/tests/test_install_user_no_writes_outside_claude.py +75 -0
  1813. package/.claude/scripts/tests/test_install_user_passes_validate_governance.py +73 -0
  1814. package/.claude/scripts/tests/test_install_user_preserves_existing_repo.py +135 -0
  1815. package/.claude/scripts/tests/test_install_user_skips_governance_hooks.py +102 -0
  1816. package/.claude/scripts/tests/test_k_calibration.py +415 -0
  1817. package/.claude/scripts/tests/test_key_hygiene.py +372 -0
  1818. package/.claude/scripts/tests/test_lesson_ranker.py +82 -0
  1819. package/.claude/scripts/tests/test_lesson_restore.py +91 -0
  1820. package/.claude/scripts/tests/test_lessons.py +278 -0
  1821. package/.claude/scripts/tests/test_lessons_concurrency.py +118 -0
  1822. package/.claude/scripts/tests/test_lessons_emit.py +114 -0
  1823. package/.claude/scripts/tests/test_lessons_inject.py +144 -0
  1824. package/.claude/scripts/tests/test_lessons_v2.py +264 -0
  1825. package/.claude/scripts/tests/test_lint_skills.py +525 -0
  1826. package/.claude/scripts/tests/test_log_friction.py +436 -0
  1827. package/.claude/scripts/tests/test_memory_prioritize.py +315 -0
  1828. package/.claude/scripts/tests/test_morning_ledger.py +415 -0
  1829. package/.claude/scripts/tests/test_mutation_test.py +144 -0
  1830. package/.claude/scripts/tests/test_npm_rebuild.py +154 -0
  1831. package/.claude/scripts/tests/test_osv_check.py +411 -0
  1832. package/.claude/scripts/tests/test_otel_export.py +613 -0
  1833. package/.claude/scripts/tests/test_otel_local_sink.py +262 -0
  1834. package/.claude/scripts/tests/test_owasp_llm_top_10_benchmark.py +235 -0
  1835. package/.claude/scripts/tests/test_parse_coverage_tier1.py +107 -0
  1836. package/.claude/scripts/tests/test_pitfall_query.py +148 -0
  1837. package/.claude/scripts/tests/test_plan_frontmatter_status.py +217 -0
  1838. package/.claude/scripts/tests/test_plan_id_uniqueness.py +133 -0
  1839. package/.claude/scripts/tests/test_plan_schema_enforcement.py +251 -0
  1840. package/.claude/scripts/tests/test_plan_tokens.py +513 -0
  1841. package/.claude/scripts/tests/test_plan_vcheck_gate.py +257 -0
  1842. package/.claude/scripts/tests/test_policy_shadow_runner.py +312 -0
  1843. package/.claude/scripts/tests/test_prune_lessons.py +341 -0
  1844. package/.claude/scripts/tests/test_quality_profile.py +392 -0
  1845. package/.claude/scripts/tests/test_rate_card_calibrate.py +185 -0
  1846. package/.claude/scripts/tests/test_reality_ledger.py +1723 -0
  1847. package/.claude/scripts/tests/test_red_team_eval.py +566 -0
  1848. package/.claude/scripts/tests/test_red_team_eval_sha.py +260 -0
  1849. package/.claude/scripts/tests/test_registry.py +290 -0
  1850. package/.claude/scripts/tests/test_run_benchmark.py +639 -0
  1851. package/.claude/scripts/tests/test_run_skill_benchmark_emit.py +195 -0
  1852. package/.claude/scripts/tests/test_run_skill_benchmark_judge_mode.py +306 -0
  1853. package/.claude/scripts/tests/test_scan_injection.py +191 -0
  1854. package/.claude/scripts/tests/test_scan_injection_strict.sh +201 -0
  1855. package/.claude/scripts/tests/test_scratchpad_cli.py +317 -0
  1856. package/.claude/scripts/tests/test_self_test.py +369 -0
  1857. package/.claude/scripts/tests/test_session_graph.py +511 -0
  1858. package/.claude/scripts/tests/test_session_resume.py +306 -0
  1859. package/.claude/scripts/tests/test_siem_rule_fixtures_have_paired_positive_negative.py +112 -0
  1860. package/.claude/scripts/tests/test_skill_budget_generator.py +329 -0
  1861. package/.claude/scripts/tests/test_skill_grandfather_parser.py +314 -0
  1862. package/.claude/scripts/tests/test_skill_import_rubric.py +497 -0
  1863. package/.claude/scripts/tests/test_skill_patch_apply_create_new_skill.py +459 -0
  1864. package/.claude/scripts/tests/test_skill_patch_propose.py +294 -0
  1865. package/.claude/scripts/tests/test_skill_patch_shadow_race.py +271 -0
  1866. package/.claude/scripts/tests/test_skill_retrieval.py +486 -0
  1867. package/.claude/scripts/tests/test_skill_retrieve_rag_wire.py +747 -0
  1868. package/.claude/scripts/tests/test_smart_loading_resolver.py +808 -0
  1869. package/.claude/scripts/tests/test_squad_export.py +265 -0
  1870. package/.claude/scripts/tests/test_squad_grandfather_cap.py +434 -0
  1871. package/.claude/scripts/tests/test_squad_import.py +905 -0
  1872. package/.claude/scripts/tests/test_statusline_ceo.py +543 -0
  1873. package/.claude/scripts/tests/test_success_receipt.py +448 -0
  1874. package/.claude/scripts/tests/test_task_route.py +456 -0
  1875. package/.claude/scripts/tests/test_token_budget_guard.py +418 -0
  1876. package/.claude/scripts/tests/test_token_estimator.py +395 -0
  1877. package/.claude/scripts/tests/test_trading_readonly.py +705 -0
  1878. package/.claude/scripts/tests/test_ui_ux_imports.py +223 -0
  1879. package/.claude/scripts/tests/test_validate_skill_frontmatter_pii_core.py +630 -0
  1880. package/.claude/scripts/tests/test_validate_spec_context.py +128 -0
  1881. package/.claude/scripts/tests/test_validate_squad_contract.py +221 -0
  1882. package/.claude/scripts/tests/test_value_dashboard.py +593 -0
  1883. package/.claude/scripts/tests/test_verify_adr_118_rationale.py +183 -0
  1884. package/.claude/scripts/tests/test_verify_atlas_binding.py +159 -0
  1885. package/.claude/scripts/tests/test_verify_counts.py +138 -0
  1886. package/.claude/scripts/tests/test_verify_counts_remediation.py +258 -0
  1887. package/.claude/scripts/tests/test_verify_persona_coverage.py +576 -0
  1888. package/.claude/scripts/tests/test_veto_check.py +171 -0
  1889. package/.claude/scripts/tests/test_workflow_devops_p2.py +229 -0
  1890. package/.claude/scripts/tier_policy_cli/__init__.py +43 -0
  1891. package/.claude/scripts/tier_policy_cli/_agent_frontmatter.py +196 -0
  1892. package/.claude/scripts/tier_policy_cli/_constants.py +92 -0
  1893. package/.claude/scripts/tier_policy_cli/_types.py +228 -0
  1894. package/.claude/scripts/tier_policy_cli/apply.py +1139 -0
  1895. package/.claude/scripts/tier_policy_cli/cli.py +795 -0
  1896. package/.claude/scripts/tier_policy_cli/learn.py +846 -0
  1897. package/.claude/scripts/tier_policy_cli/loader.py +535 -0
  1898. package/.claude/scripts/tier_policy_cli/setup.py +33 -0
  1899. package/.claude/scripts/tier_policy_cli/tests/__init__.py +0 -0
  1900. package/.claude/scripts/tier_policy_cli/tests/test_adversarial.py +605 -0
  1901. package/.claude/scripts/tier_policy_cli/tests/test_agent_frontmatter.py +231 -0
  1902. package/.claude/scripts/tier_policy_cli/tests/test_apply.py +698 -0
  1903. package/.claude/scripts/tier_policy_cli/tests/test_check_tier_policy_hook.py +187 -0
  1904. package/.claude/scripts/tier_policy_cli/tests/test_cli.py +434 -0
  1905. package/.claude/scripts/tier_policy_cli/tests/test_constants.py +113 -0
  1906. package/.claude/scripts/tier_policy_cli/tests/test_learn.py +1380 -0
  1907. package/.claude/scripts/tier_policy_cli/tests/test_learn_mutation.py +549 -0
  1908. package/.claude/scripts/tier_policy_cli/tests/test_loader.py +368 -0
  1909. package/.claude/scripts/tier_policy_cli/tests/test_types.py +152 -0
  1910. package/.claude/scripts/token-budget-guard.py +657 -0
  1911. package/.claude/scripts/token-estimator.py +957 -0
  1912. package/.claude/scripts/tournament/__init__.py +22 -0
  1913. package/.claude/scripts/tournament/check_fixture.py +271 -0
  1914. package/.claude/scripts/tournament/fixtures/CORPUS_SHA256.txt +10 -0
  1915. package/.claude/scripts/tournament/fixtures/code-review.jsonl +10 -0
  1916. package/.claude/scripts/tournament/fixtures/docs-writing.jsonl +10 -0
  1917. package/.claude/scripts/tournament/fixtures/performance-triage.jsonl +10 -0
  1918. package/.claude/scripts/tournament/fixtures/security-review.jsonl +10 -0
  1919. package/.claude/scripts/tournament/fixtures/test-design.jsonl +10 -0
  1920. package/.claude/scripts/tournament/judge.py +269 -0
  1921. package/.claude/scripts/tournament/loader.py +262 -0
  1922. package/.claude/scripts/tournament/regen_corpus_sha.py +93 -0
  1923. package/.claude/scripts/tournament/reporter.py +328 -0
  1924. package/.claude/scripts/tournament/runner.py +707 -0
  1925. package/.claude/scripts/tournament/scorer.py +118 -0
  1926. package/.claude/scripts/tournament/tests/__init__.py +0 -0
  1927. package/.claude/scripts/tournament/tests/_fake_dispatcher.py +233 -0
  1928. package/.claude/scripts/tournament/tests/golden/strict_report_seed42.jsonl +6 -0
  1929. package/.claude/scripts/tournament/tests/test_fixture_envelope.py +106 -0
  1930. package/.claude/scripts/tournament/tests/test_fixture_security.py +227 -0
  1931. package/.claude/scripts/tournament/tests/test_judge.py +299 -0
  1932. package/.claude/scripts/tournament/tests/test_loader.py +223 -0
  1933. package/.claude/scripts/tournament/tests/test_model_id_parity.py +136 -0
  1934. package/.claude/scripts/tournament/tests/test_reporter.py +450 -0
  1935. package/.claude/scripts/tournament/tests/test_reporter_golden.py +182 -0
  1936. package/.claude/scripts/tournament/tests/test_runner.py +313 -0
  1937. package/.claude/scripts/tournament/tests/test_runner_fail_open.py +204 -0
  1938. package/.claude/scripts/tournament/tests/test_scorer.py +138 -0
  1939. package/.claude/scripts/tournament/tests/test_tournament_e2e_smoke.py +147 -0
  1940. package/.claude/scripts/tournament/tests/test_tournament_properties.py +181 -0
  1941. package/.claude/scripts/trading-readonly-escape-hatch.sh +244 -0
  1942. package/.claude/scripts/trading-readonly-guardrails.py +1136 -0
  1943. package/.claude/scripts/translations-pairs.yaml +60 -0
  1944. package/.claude/scripts/validate-findings.py +243 -0
  1945. package/.claude/scripts/validate-governance.sh +1238 -0
  1946. package/.claude/scripts/validate-skill-frontmatter.py +679 -0
  1947. package/.claude/scripts/validate-spec-context.py +146 -0
  1948. package/.claude/scripts/validate-squad-contract.py +318 -0
  1949. package/.claude/scripts/validate_governance_fast.py +555 -0
  1950. package/.claude/scripts/value-dashboard.py +851 -0
  1951. package/.claude/scripts/verify-adr-118-rationale.py +285 -0
  1952. package/.claude/scripts/verify-atlas-binding.py +331 -0
  1953. package/.claude/scripts/verify-persona-coverage.py +531 -0
  1954. package/.claude/scripts/verify-sprint3-invariants.sh +133 -0
  1955. package/.claude/scripts/veto-check.py +218 -0
  1956. package/.claude/security/README.md +200 -0
  1957. package/.claude/security/sentinel-signers-registry.yaml +60 -0
  1958. package/.claude/sentinel-signers.txt +24 -0
  1959. package/.claude/settings.json +786 -0
  1960. package/.claude/sidecars/c1-crypto/cryptography-mvp/README.md +89 -0
  1961. package/.claude/sidecars/c1-crypto/cryptography-mvp/boundary_test.py +114 -0
  1962. package/.claude/sidecars/c1-crypto/cryptography-mvp/install.sh +45 -0
  1963. package/.claude/sidecars/c1-crypto/cryptography-mvp/manifest.json +52 -0
  1964. package/.claude/sidecars/c1-crypto/cryptography-mvp/sidecar_code/cert_inspector.py +775 -0
  1965. package/.claude/sidecars/c1-crypto/stdlib-ssl-mvp/boundary_test.py +318 -0
  1966. package/.claude/sidecars/c1-crypto/stdlib-ssl-mvp/install.sh +57 -0
  1967. package/.claude/sidecars/c1-crypto/stdlib-ssl-mvp/manifest.json +48 -0
  1968. package/.claude/sidecars/c2-vector-memory/lightrag-mvp/README.md +88 -0
  1969. package/.claude/sidecars/c2-vector-memory/lightrag-mvp/boundary_test.py +221 -0
  1970. package/.claude/sidecars/c2-vector-memory/lightrag-mvp/install.sh +33 -0
  1971. package/.claude/sidecars/c2-vector-memory/lightrag-mvp/manifest.json +59 -0
  1972. package/.claude/sidecars/c5-dev-tools/hypothesis/boundary_test.py +142 -0
  1973. package/.claude/sidecars/c5-dev-tools/hypothesis/install.sh +46 -0
  1974. package/.claude/sidecars/c5-dev-tools/hypothesis/manifest.json +52 -0
  1975. package/.claude/sidecars/c5-dev-tools/hypothesis/tests/__init__.py +0 -0
  1976. package/.claude/sidecars/c5-dev-tools/hypothesis/tests/test_audit_emit_known_actions_property.py +123 -0
  1977. package/.claude/sidecars/c5-dev-tools/hypothesis/tests/test_canonical_guard_symmetry_property.py +67 -0
  1978. package/.claude/sidecars/c5-dev-tools/hypothesis/tests/test_payload_roundtrip_property.py +73 -0
  1979. package/.claude/sidecars/c5-dev-tools/hypothesis/tests/test_redact_idempotence_property.py +68 -0
  1980. package/.claude/skill-governance-grandfather.yaml +39 -0
  1981. package/.claude/skill-patch-signers.txt +19 -0
  1982. package/.claude/skills/core/agent-architect/SKILL.md +126 -0
  1983. package/.claude/skills/core/ai-llm-orchestration/SKILL.md +620 -0
  1984. package/.claude/skills/core/ai-llm-orchestration/SKILL.md.shadow.md +121 -0
  1985. package/.claude/skills/core/architecture-decisions/SKILL.md +364 -0
  1986. package/.claude/skills/core/architecture-decisions/benchmarks/architecture-decisions.yaml +257 -0
  1987. package/.claude/skills/core/ceo-orchestration/SKILL-frontend.md +117 -0
  1988. package/.claude/skills/core/ceo-orchestration/SKILL.md +700 -0
  1989. package/.claude/skills/core/chaos-and-resilience/SKILL.md +568 -0
  1990. package/.claude/skills/core/chaos-and-resilience/SKILL.md.shadow.md +553 -0
  1991. package/.claude/skills/core/code-intelligence-lsp/SKILL.md +375 -0
  1992. package/.claude/skills/core/code-review-checklist/SKILL.md +675 -0
  1993. package/.claude/skills/core/code-review-checklist/SKILL.md.shadow.md +337 -0
  1994. package/.claude/skills/core/code-review-checklist/benchmarks/code-review-checklist.yaml +444 -0
  1995. package/.claude/skills/core/codebase-onboarding/SKILL.md +515 -0
  1996. package/.claude/skills/core/compliance-lgpd/SKILL-frontend.md +513 -0
  1997. package/.claude/skills/core/compliance-lgpd/SKILL.md +817 -0
  1998. package/.claude/skills/core/consent-lifecycle/SKILL.md +149 -0
  1999. package/.claude/skills/core/cookbook-advisor/SKILL.md +191 -0
  2000. package/.claude/skills/core/coverage-audit/SKILL.md +116 -0
  2001. package/.claude/skills/core/cross-llm-pair-review/SKILL.md +212 -0
  2002. package/.claude/skills/core/data-schema-design/SKILL.md +933 -0
  2003. package/.claude/skills/core/devops-ci-cd/SKILL.md +659 -0
  2004. package/.claude/skills/core/dpo-reporting/SKILL.md +187 -0
  2005. package/.claude/skills/core/evidence-based-qa/SKILL.md +565 -0
  2006. package/.claude/skills/core/git-workflow-discipline/SKILL.md +600 -0
  2007. package/.claude/skills/core/growth-and-launch/SKILL-frontend.md +800 -0
  2008. package/.claude/skills/core/growth-and-launch/SKILL.md +903 -0
  2009. package/.claude/skills/core/help-me/SKILL.md +177 -0
  2010. package/.claude/skills/core/help-me/tests/test_help_me_skill.py +490 -0
  2011. package/.claude/skills/core/identity-and-trust-architecture/SKILL.md +1062 -0
  2012. package/.claude/skills/core/incident-management/SKILL.md +421 -0
  2013. package/.claude/skills/core/incremental-refactoring/SKILL-frontend.md +210 -0
  2014. package/.claude/skills/core/incremental-refactoring/SKILL.md +226 -0
  2015. package/.claude/skills/core/llm-routing-and-finops/SKILL.md +828 -0
  2016. package/.claude/skills/core/mcp-server-authoring/SKILL.md +685 -0
  2017. package/.claude/skills/core/minimal-change-discipline/SKILL.md +545 -0
  2018. package/.claude/skills/core/monetization-and-billing/SKILL-frontend.md +562 -0
  2019. package/.claude/skills/core/monetization-and-billing/SKILL.md +585 -0
  2020. package/.claude/skills/core/observability-and-ops/SKILL-frontend.md +290 -0
  2021. package/.claude/skills/core/observability-and-ops/SKILL.md +612 -0
  2022. package/.claude/skills/core/observability-and-ops/SKILL.md.shadow.md +324 -0
  2023. package/.claude/skills/core/parallelization-by-default/SKILL.md +176 -0
  2024. package/.claude/skills/core/parallelization-by-default/tests/test_parallelization_skill.py +490 -0
  2025. package/.claude/skills/core/performance-engineering/SKILL.md +219 -0
  2026. package/.claude/skills/core/performance-engineering/SKILL.md.shadow.md +204 -0
  2027. package/.claude/skills/core/pii-data-flow/SKILL.md +166 -0
  2028. package/.claude/skills/core/pre-plan-brainstorm/CHECKLIST.md +87 -0
  2029. package/.claude/skills/core/pre-plan-brainstorm/SKILL.md +186 -0
  2030. package/.claude/skills/core/product-conversion-readiness/SKILL-frontend.md +668 -0
  2031. package/.claude/skills/core/product-conversion-readiness/SKILL.md +941 -0
  2032. package/.claude/skills/core/public-api-design/SKILL.md +603 -0
  2033. package/.claude/skills/core/public-api-design/benchmarks/public-api-design.yaml +261 -0
  2034. package/.claude/skills/core/receiving-review/SKILL.md +131 -0
  2035. package/.claude/skills/core/receiving-review/benchmarks/receiving-review.yaml +254 -0
  2036. package/.claude/skills/core/requirement-quality-checklist/SKILL.md +97 -0
  2037. package/.claude/skills/core/security-and-auth/SKILL.md +868 -0
  2038. package/.claude/skills/core/security-and-auth/SKILL.md.shadow.md +500 -0
  2039. package/.claude/skills/core/security-and-auth/benchmarks/owasp-basics.yaml +491 -0
  2040. package/.claude/skills/core/security-and-auth/benchmarks/owasp-llm-top-10.yaml +769 -0
  2041. package/.claude/skills/core/spec-clarify/SKILL.md +120 -0
  2042. package/.claude/skills/core/state-machines-and-invariants/SKILL.md +288 -0
  2043. package/.claude/skills/core/technical-writing/SKILL.md +432 -0
  2044. package/.claude/skills/core/terse-mode/SKILL.md +80 -0
  2045. package/.claude/skills/core/terse-mode/SKILL.md.shadow.md +65 -0
  2046. package/.claude/skills/core/testing-strategy/SKILL.md +1026 -0
  2047. package/.claude/skills/core/testing-strategy/SKILL.md.shadow.md +983 -0
  2048. package/.claude/skills/domains/academic-humanities/examples/PLAN-EXAMPLE-ACH.md +126 -0
  2049. package/.claude/skills/domains/academic-humanities/pitfalls.yaml +68 -0
  2050. package/.claude/skills/domains/academic-humanities/skills/anthropologist/SKILL.md +394 -0
  2051. package/.claude/skills/domains/academic-humanities/skills/geographer/SKILL.md +453 -0
  2052. package/.claude/skills/domains/academic-humanities/skills/historian/SKILL.md +255 -0
  2053. package/.claude/skills/domains/academic-humanities/skills/narratologist/SKILL.md +398 -0
  2054. package/.claude/skills/domains/academic-humanities/skills/psychologist/SKILL.md +271 -0
  2055. package/.claude/skills/domains/academic-humanities/task-chains.yaml +125 -0
  2056. package/.claude/skills/domains/academic-humanities/team-personas.md +278 -0
  2057. package/.claude/skills/domains/business-support/examples/PLAN-EXAMPLE-BSP.md +115 -0
  2058. package/.claude/skills/domains/business-support/pitfalls.yaml +69 -0
  2059. package/.claude/skills/domains/business-support/skills/analytics-reporter/SKILL.md +339 -0
  2060. package/.claude/skills/domains/business-support/skills/executive-summary/SKILL.md +268 -0
  2061. package/.claude/skills/domains/business-support/skills/finance-tracker/SKILL.md +321 -0
  2062. package/.claude/skills/domains/business-support/skills/support-responder/SKILL.md +341 -0
  2063. package/.claude/skills/domains/business-support/task-chains.yaml +118 -0
  2064. package/.claude/skills/domains/business-support/team-personas.md +259 -0
  2065. package/.claude/skills/domains/civil-engineering/skills/civil-engineer/SKILL.md +275 -0
  2066. package/.claude/skills/domains/community/NOTICE.md +83 -0
  2067. package/.claude/skills/domains/community/skills/advanced-evaluation/SKILL.md +463 -0
  2068. package/.claude/skills/domains/community/skills/agent-evaluation/SKILL.md +400 -0
  2069. package/.claude/skills/domains/community/skills/agentic-actions-auditor/SKILL.md +410 -0
  2070. package/.claude/skills/domains/community/team-personas.md +41 -0
  2071. package/.claude/skills/domains/devrel/examples/api-deprecation-comms.md +180 -0
  2072. package/.claude/skills/domains/devrel/pitfalls.yaml +74 -0
  2073. package/.claude/skills/domains/devrel/skills/developer-advocate/SKILL.md +382 -0
  2074. package/.claude/skills/domains/devrel/task-chains.yaml +129 -0
  2075. package/.claude/skills/domains/devrel/team-personas.md +260 -0
  2076. package/.claude/skills/domains/edtech/examples/PLAN-EXAMPLE.md +89 -0
  2077. package/.claude/skills/domains/edtech/pitfalls.yaml +98 -0
  2078. package/.claude/skills/domains/edtech/skills/assessment-integrity/SKILL.md +208 -0
  2079. package/.claude/skills/domains/edtech/skills/learning-analytics/SKILL.md +212 -0
  2080. package/.claude/skills/domains/edtech/skills/student-data-privacy/SKILL.md +197 -0
  2081. package/.claude/skills/domains/edtech/skills/study-abroad-advisory/SKILL.md +582 -0
  2082. package/.claude/skills/domains/edtech/task-chains.yaml +122 -0
  2083. package/.claude/skills/domains/edtech/team-personas.md +252 -0
  2084. package/.claude/skills/domains/embedded/skills/embedded-firmware/SKILL.md +471 -0
  2085. package/.claude/skills/domains/finance-accounting/examples/new-subscription-revenue.md +135 -0
  2086. package/.claude/skills/domains/finance-accounting/pitfalls.yaml +74 -0
  2087. package/.claude/skills/domains/finance-accounting/skills/bookkeeper-controller/SKILL.md +427 -0
  2088. package/.claude/skills/domains/finance-accounting/skills/financial-analyst/SKILL.md +348 -0
  2089. package/.claude/skills/domains/finance-accounting/skills/fpa-analyst/SKILL.md +366 -0
  2090. package/.claude/skills/domains/finance-accounting/skills/tax-strategist/SKILL.md +358 -0
  2091. package/.claude/skills/domains/finance-accounting/task-chains.yaml +90 -0
  2092. package/.claude/skills/domains/finance-accounting/team-personas.md +281 -0
  2093. package/.claude/skills/domains/fintech/ORG_CHART.md +167 -0
  2094. package/.claude/skills/domains/fintech/commands/audit-ai.md +124 -0
  2095. package/.claude/skills/domains/fintech/commands/deploy.md +15 -0
  2096. package/.claude/skills/domains/fintech/commands/status.md +13 -0
  2097. package/.claude/skills/domains/fintech/frontend-team-personas.md +503 -0
  2098. package/.claude/skills/domains/fintech/pitfalls.yaml +58 -0
  2099. package/.claude/skills/domains/fintech/scripts/check-pitfall-regression.sh +80 -0
  2100. package/.claude/skills/domains/fintech/scripts/check-type-sync.sh +110 -0
  2101. package/.claude/skills/domains/fintech/skills/blockchain-security-audit/SKILL.md +492 -0
  2102. package/.claude/skills/domains/fintech/skills/equity-research/SKILL.md +459 -0
  2103. package/.claude/skills/domains/fintech/skills/exchange-api-integration/SKILL.md +315 -0
  2104. package/.claude/skills/domains/fintech/skills/exchange-onboarding-playbook/SKILL.md +527 -0
  2105. package/.claude/skills/domains/fintech/skills/financial-correctness-and-math/SKILL-frontend.md +308 -0
  2106. package/.claude/skills/domains/fintech/skills/financial-correctness-and-math/SKILL.md +340 -0
  2107. package/.claude/skills/domains/fintech/skills/financial-display/SKILL.md +193 -0
  2108. package/.claude/skills/domains/fintech/skills/frontend-data-layer/SKILL.md +206 -0
  2109. package/.claude/skills/domains/fintech/skills/frontend-patterns/SKILL.md +387 -0
  2110. package/.claude/skills/domains/fintech/skills/prediction-markets/SKILL.md +139 -0
  2111. package/.claude/skills/domains/fintech/skills/real-time-market-systems/SKILL.md +315 -0
  2112. package/.claude/skills/domains/fintech/skills/solidity-smart-contracts/SKILL.md +356 -0
  2113. package/.claude/skills/domains/fintech/skills/trading-execution/SKILL.md +126 -0
  2114. package/.claude/skills/domains/fintech/task-chains.yaml +46 -0
  2115. package/.claude/skills/domains/fintech/team-personas.md +773 -0
  2116. package/.claude/skills/domains/government/examples/PLAN-EXAMPLE.md +158 -0
  2117. package/.claude/skills/domains/government/pitfalls.yaml +114 -0
  2118. package/.claude/skills/domains/government/skills/accessibility-section-508/SKILL.md +183 -0
  2119. package/.claude/skills/domains/government/skills/digital-presales/SKILL.md +359 -0
  2120. package/.claude/skills/domains/government/skills/foia-and-records/SKILL.md +211 -0
  2121. package/.claude/skills/domains/government/skills/public-procurement/SKILL.md +264 -0
  2122. package/.claude/skills/domains/government/task-chains.yaml +88 -0
  2123. package/.claude/skills/domains/government/team-personas.md +296 -0
  2124. package/.claude/skills/domains/healthcare/examples/patient-portal-symptom-checker.md +130 -0
  2125. package/.claude/skills/domains/healthcare/pitfalls.yaml +74 -0
  2126. package/.claude/skills/domains/healthcare/skills/healthcare-customer-service/SKILL.md +369 -0
  2127. package/.claude/skills/domains/healthcare/skills/marketing-compliance/SKILL.md +367 -0
  2128. package/.claude/skills/domains/healthcare/task-chains.yaml +87 -0
  2129. package/.claude/skills/domains/healthcare/team-personas.md +273 -0
  2130. package/.claude/skills/domains/hospitality/skills/guest-services/SKILL.md +417 -0
  2131. package/.claude/skills/domains/hr/examples/attrition-model-launch.md +128 -0
  2132. package/.claude/skills/domains/hr/pitfalls.yaml +74 -0
  2133. package/.claude/skills/domains/hr/skills/hr-onboarding/SKILL.md +435 -0
  2134. package/.claude/skills/domains/hr/skills/recruitment-specialist/SKILL.md +400 -0
  2135. package/.claude/skills/domains/hr/task-chains.yaml +91 -0
  2136. package/.claude/skills/domains/hr/team-personas.md +251 -0
  2137. package/.claude/skills/domains/i18n-business/examples/PLAN-EXAMPLE-I18N.md +115 -0
  2138. package/.claude/skills/domains/i18n-business/pitfalls.yaml +68 -0
  2139. package/.claude/skills/domains/i18n-business/skills/cultural-intelligence/SKILL.md +448 -0
  2140. package/.claude/skills/domains/i18n-business/skills/french-consulting/SKILL.md +347 -0
  2141. package/.claude/skills/domains/i18n-business/skills/korean-business/SKILL.md +360 -0
  2142. package/.claude/skills/domains/i18n-business/skills/language-translator/SKILL.md +389 -0
  2143. package/.claude/skills/domains/i18n-business/task-chains.yaml +117 -0
  2144. package/.claude/skills/domains/i18n-business/team-personas.md +258 -0
  2145. package/.claude/skills/domains/identity-systems/examples/passkey-rollout.md +137 -0
  2146. package/.claude/skills/domains/identity-systems/pitfalls.yaml +74 -0
  2147. package/.claude/skills/domains/identity-systems/skills/identity-graph-operator/SKILL.md +353 -0
  2148. package/.claude/skills/domains/identity-systems/task-chains.yaml +90 -0
  2149. package/.claude/skills/domains/identity-systems/team-personas.md +233 -0
  2150. package/.claude/skills/domains/legal/examples/client-intake-pii-flow.md +177 -0
  2151. package/.claude/skills/domains/legal/pitfalls.yaml +77 -0
  2152. package/.claude/skills/domains/legal/skills/client-intake/SKILL.md +407 -0
  2153. package/.claude/skills/domains/legal/skills/document-review/SKILL.md +373 -0
  2154. package/.claude/skills/domains/legal/skills/legal-billing/SKILL.md +331 -0
  2155. package/.claude/skills/domains/legal/task-chains.yaml +131 -0
  2156. package/.claude/skills/domains/legal/team-personas.md +260 -0
  2157. package/.claude/skills/domains/lgpd-heavy-saas/examples/PLAN-EXAMPLE.md +120 -0
  2158. package/.claude/skills/domains/lgpd-heavy-saas/pitfalls.yaml +90 -0
  2159. package/.claude/skills/domains/lgpd-heavy-saas/task-chains.yaml +83 -0
  2160. package/.claude/skills/domains/lgpd-heavy-saas/team-personas.md +159 -0
  2161. package/.claude/skills/domains/marketing-global/skills/agentic-search-optimizer/SKILL.md +391 -0
  2162. package/.claude/skills/domains/marketing-global/skills/ai-citation-strategist/SKILL.md +343 -0
  2163. package/.claude/skills/domains/marketing-global/skills/app-store-optimizer/SKILL.md +495 -0
  2164. package/.claude/skills/domains/marketing-global/skills/book-co-author/SKILL.md +220 -0
  2165. package/.claude/skills/domains/marketing-global/skills/carousel-growth-engine/SKILL.md +393 -0
  2166. package/.claude/skills/domains/marketing-global/skills/content-creator/SKILL.md +416 -0
  2167. package/.claude/skills/domains/marketing-global/skills/growth-hacker/SKILL.md +495 -0
  2168. package/.claude/skills/domains/marketing-global/skills/instagram-curator/SKILL.md +419 -0
  2169. package/.claude/skills/domains/marketing-global/skills/linkedin-content-creator/SKILL.md +291 -0
  2170. package/.claude/skills/domains/marketing-global/skills/podcast-strategist/SKILL.md +408 -0
  2171. package/.claude/skills/domains/marketing-global/skills/reddit-community-builder/SKILL.md +295 -0
  2172. package/.claude/skills/domains/marketing-global/skills/seo-specialist/SKILL.md +352 -0
  2173. package/.claude/skills/domains/marketing-global/skills/social-media-strategist/SKILL.md +349 -0
  2174. package/.claude/skills/domains/marketing-global/skills/tiktok-strategist/SKILL.md +329 -0
  2175. package/.claude/skills/domains/marketing-global/skills/twitter-engager/SKILL.md +382 -0
  2176. package/.claude/skills/domains/marketing-global/skills/video-optimization-specialist/SKILL.md +386 -0
  2177. package/.claude/skills/domains/mobile/examples/PLAN-EXAMPLE-MOB.md +129 -0
  2178. package/.claude/skills/domains/mobile/pitfalls.yaml +69 -0
  2179. package/.claude/skills/domains/mobile/skills/mobile-app-builder/SKILL.md +446 -0
  2180. package/.claude/skills/domains/mobile/task-chains.yaml +126 -0
  2181. package/.claude/skills/domains/mobile/team-personas.md +292 -0
  2182. package/.claude/skills/domains/paid-media/examples/new-channel-launch.md +122 -0
  2183. package/.claude/skills/domains/paid-media/pitfalls.yaml +79 -0
  2184. package/.claude/skills/domains/paid-media/skills/auditor/SKILL.md +362 -0
  2185. package/.claude/skills/domains/paid-media/skills/creative-strategist/SKILL.md +457 -0
  2186. package/.claude/skills/domains/paid-media/skills/paid-social-strategist/SKILL.md +493 -0
  2187. package/.claude/skills/domains/paid-media/skills/ppc-strategist/SKILL.md +450 -0
  2188. package/.claude/skills/domains/paid-media/skills/programmatic-buyer/SKILL.md +396 -0
  2189. package/.claude/skills/domains/paid-media/skills/search-query-analyst/SKILL.md +336 -0
  2190. package/.claude/skills/domains/paid-media/skills/tracking-specialist/SKILL.md +457 -0
  2191. package/.claude/skills/domains/paid-media/task-chains.yaml +121 -0
  2192. package/.claude/skills/domains/paid-media/team-personas.md +251 -0
  2193. package/.claude/skills/domains/project-management/examples/PLAN-EXAMPLE-PMG.md +117 -0
  2194. package/.claude/skills/domains/project-management/pitfalls.yaml +68 -0
  2195. package/.claude/skills/domains/project-management/skills/experiment-tracker/SKILL.md +293 -0
  2196. package/.claude/skills/domains/project-management/skills/project-shepherd/SKILL.md +312 -0
  2197. package/.claude/skills/domains/project-management/skills/studio-operations/SKILL.md +333 -0
  2198. package/.claude/skills/domains/project-management/skills/studio-producer/SKILL.md +329 -0
  2199. package/.claude/skills/domains/project-management/task-chains.yaml +118 -0
  2200. package/.claude/skills/domains/project-management/team-personas.md +264 -0
  2201. package/.claude/skills/domains/real-estate-finance/examples/PLAN-EXAMPLE-REF.md +129 -0
  2202. package/.claude/skills/domains/real-estate-finance/pitfalls.yaml +68 -0
  2203. package/.claude/skills/domains/real-estate-finance/skills/buyer-seller-agent/SKILL.md +410 -0
  2204. package/.claude/skills/domains/real-estate-finance/skills/loan-officer-assistant/SKILL.md +415 -0
  2205. package/.claude/skills/domains/real-estate-finance/task-chains.yaml +123 -0
  2206. package/.claude/skills/domains/real-estate-finance/team-personas.md +287 -0
  2207. package/.claude/skills/domains/retail/skills/customer-returns/SKILL.md +363 -0
  2208. package/.claude/skills/domains/saas-platforms/examples/enterprise-tier-isolation.md +147 -0
  2209. package/.claude/skills/domains/saas-platforms/pitfalls.yaml +74 -0
  2210. package/.claude/skills/domains/saas-platforms/skills/cms-developer/SKILL.md +377 -0
  2211. package/.claude/skills/domains/saas-platforms/skills/filament-specialist/SKILL.md +316 -0
  2212. package/.claude/skills/domains/saas-platforms/skills/salesforce-architect/SKILL.md +369 -0
  2213. package/.claude/skills/domains/saas-platforms/task-chains.yaml +90 -0
  2214. package/.claude/skills/domains/saas-platforms/team-personas.md +283 -0
  2215. package/.claude/skills/domains/sales/examples/qbr-revenue-forecast.md +158 -0
  2216. package/.claude/skills/domains/sales/pitfalls.yaml +73 -0
  2217. package/.claude/skills/domains/sales/skills/account-strategist/SKILL.md +408 -0
  2218. package/.claude/skills/domains/sales/skills/deal-strategist/SKILL.md +292 -0
  2219. package/.claude/skills/domains/sales/skills/discovery-coach/SKILL.md +257 -0
  2220. package/.claude/skills/domains/sales/skills/outbound-strategist/SKILL.md +262 -0
  2221. package/.claude/skills/domains/sales/skills/pipeline-analyst/SKILL.md +317 -0
  2222. package/.claude/skills/domains/sales/skills/proposal-strategist/SKILL.md +288 -0
  2223. package/.claude/skills/domains/sales/skills/sales-coach/SKILL.md +306 -0
  2224. package/.claude/skills/domains/sales/skills/sales-engineer/SKILL.md +272 -0
  2225. package/.claude/skills/domains/sales/skills/sales-outreach/SKILL.md +338 -0
  2226. package/.claude/skills/domains/sales/task-chains.yaml +123 -0
  2227. package/.claude/skills/domains/sales/team-personas.md +249 -0
  2228. package/.claude/skills/domains/supply-chain/skills/supply-chain-strategist/SKILL.md +340 -0
  2229. package/.claude/skills/domains/trading-hft/examples/PLAN-EXAMPLE.md +145 -0
  2230. package/.claude/skills/domains/trading-hft/pitfalls.yaml +99 -0
  2231. package/.claude/skills/domains/trading-hft/skills/kill-switches/SKILL.md +128 -0
  2232. package/.claude/skills/domains/trading-hft/skills/latency-budgets/SKILL.md +117 -0
  2233. package/.claude/skills/domains/trading-hft/skills/order-routing/SKILL.md +97 -0
  2234. package/.claude/skills/domains/trading-hft/task-chains.yaml +97 -0
  2235. package/.claude/skills/domains/trading-hft/team-personas.md +155 -0
  2236. package/.claude/skills/domains/training-l-and-d/skills/corporate-training-designer/SKILL.md +268 -0
  2237. package/.claude/skills/domains/voice-ai/skills/voice-ai-integration/SKILL.md +405 -0
  2238. package/.claude/skills/frontend/NOTICE.md +80 -0
  2239. package/.claude/skills/frontend/accessibility-and-wcag/SKILL.md +395 -0
  2240. package/.claude/skills/frontend/accessibility-and-wcag/SKILL.md.shadow.md +181 -0
  2241. package/.claude/skills/frontend/accessibility-and-wcag/benchmarks/accessibility-and-wcag.yaml +420 -0
  2242. package/.claude/skills/frontend/accessibility-and-wcag/reference/charts-accessibility.yaml +357 -0
  2243. package/.claude/skills/frontend/code-quality-and-typescript/SKILL.md +167 -0
  2244. package/.claude/skills/frontend/design-system-and-components/SKILL.md +155 -0
  2245. package/.claude/skills/frontend/design-system-and-components/SKILL.md.shadow.md +138 -0
  2246. package/.claude/skills/frontend/design-system-and-components/reference/fonts.yaml +811 -0
  2247. package/.claude/skills/frontend/design-system-and-components/reference/palettes.yaml +3066 -0
  2248. package/.claude/skills/frontend/frontend-accessibility/SKILL.md +213 -0
  2249. package/.claude/skills/frontend/frontend-data-layer/SKILL.md +310 -0
  2250. package/.claude/skills/frontend/frontend-patterns/SKILL.md +771 -0
  2251. package/.claude/skills/frontend/frontend-performance-optimization/SKILL.md +228 -0
  2252. package/.claude/skills/frontend/frontend-performance-optimization/SKILL.md.shadow.md +213 -0
  2253. package/.claude/skills/frontend/ux-and-user-journeys/SKILL.md +153 -0
  2254. package/.claude/skills/frontend/ux-and-user-journeys/SKILL.md.shadow.md +138 -0
  2255. package/.claude/skills/frontend/ux-and-user-journeys/reference/guidelines.yaml +997 -0
  2256. package/.claude/squad-revocations.jsonl +5 -0
  2257. package/.claude/task-chains.yaml +151 -0
  2258. package/.claude/team.md +825 -0
  2259. package/.claude/templates/squad-bundle/README.md +208 -0
  2260. package/.claude/templates/squad-bundle/conftest.py +27 -0
  2261. package/.claude/templates/squad-bundle/examples/template-example.md.template +94 -0
  2262. package/.claude/templates/squad-bundle/pitfalls.yaml.template +88 -0
  2263. package/.claude/templates/squad-bundle/task-chains.yaml.template +92 -0
  2264. package/.claude/templates/squad-bundle/team-personas.md.template +161 -0
  2265. package/.claude/trust/README.md +89 -0
  2266. package/.claude/trust/owner.asc +11 -0
  2267. package/.claude/workflows/README.md +124 -0
  2268. package/.claude/workflows/audit-fanout.js +204 -0
  2269. package/.claude/workflows/eval-baseline-n20.js +330 -0
  2270. package/.claude/workflows/nightly-hygiene.js +176 -0
  2271. package/LICENSE +21 -0
  2272. package/PROTOCOL.md +597 -0
  2273. package/README.md +167 -0
  2274. package/SPEC/v1/README.md +181 -0
  2275. package/SPEC/v1/adapters.schema.md +272 -0
  2276. package/SPEC/v1/audit-log.schema.md +1514 -0
  2277. package/SPEC/v1/audit-query.schema.md +152 -0
  2278. package/SPEC/v1/benchmarks.schema.md +166 -0
  2279. package/SPEC/v1/claude-sdk-compat.md +123 -0
  2280. package/SPEC/v1/debate.schema.md +35 -0
  2281. package/SPEC/v1/hook-io.schema.md +94 -0
  2282. package/SPEC/v1/install-cli.md +234 -0
  2283. package/SPEC/v1/judge-payload.schema.md +98 -0
  2284. package/SPEC/v1/live-adapters-policy.schema.md +118 -0
  2285. package/SPEC/v1/mcp-server.schema.md +558 -0
  2286. package/SPEC/v1/memory-shared.schema.md +365 -0
  2287. package/SPEC/v1/normalized_envelope.schema.md +183 -0
  2288. package/SPEC/v1/npm-shim.md +95 -0
  2289. package/SPEC/v1/plan.schema.md +34 -0
  2290. package/SPEC/v1/policy-dsl.schema.md +466 -0
  2291. package/SPEC/v1/predict-budget.schema.md +289 -0
  2292. package/SPEC/v1/rag-sidecar.schema.md +222 -0
  2293. package/SPEC/v1/red-team-corpus.schema.md +186 -0
  2294. package/SPEC/v1/replay.schema.md +272 -0
  2295. package/SPEC/v1/scratchpad.schema.md +172 -0
  2296. package/SPEC/v1/sentinel-format.schema.md +306 -0
  2297. package/SPEC/v1/session-graph.schema.md +236 -0
  2298. package/SPEC/v1/skill-frontmatter.schema.md +83 -0
  2299. package/SPEC/v1/skill-index.schema.md +197 -0
  2300. package/SPEC/v1/skill-proposals.schema.md +175 -0
  2301. package/SPEC/v1/soc2-control-map.schema.md +797 -0
  2302. package/SPEC/v1/squad-manifest.schema.md +157 -0
  2303. package/SPEC/v1/state-stores.schema.md +146 -0
  2304. package/SPEC/v1/tier-policy.schema.md +264 -0
  2305. package/SPEC/v1/tournament-report.schema.md +156 -0
  2306. package/VERSION +1 -0
  2307. package/bin/ceo-orch-init.js +55 -0
  2308. package/package.json +42 -0
  2309. package/scripts/_framework_manifest_set.sh +237 -0
  2310. package/scripts/_hash_lib.sh +92 -0
  2311. package/scripts/build-plugin.py +351 -0
  2312. package/scripts/discover_foreign_context.py +151 -0
  2313. package/scripts/install-accelerators.sh +166 -0
  2314. package/scripts/install-npm.sh +254 -0
  2315. package/scripts/install.sh +1932 -0
  2316. package/scripts/local/OWNER-CEREMONY-PLAN-094-WAVE-A.sh +648 -0
  2317. package/scripts/local/OWNER-CEREMONY-S82-V1120.sh +169 -0
  2318. package/scripts/local/plan-093-apply-kernel-edits.py +496 -0
  2319. package/scripts/local/plan-093-execute-ceremony.sh +118 -0
  2320. package/scripts/local/plan-093-kernel-override-restart.sh +115 -0
  2321. package/scripts/local/plan-093-ship-v1.26.0.sh +226 -0
  2322. package/scripts/local/plan-094-apply-wave-a-c-e.py +398 -0
  2323. package/scripts/local/smoke-install-parity.sh +168 -0
  2324. package/scripts/local/trading-readonly-escape-hatch.sh +244 -0
  2325. package/scripts/measure-repo-size.sh +98 -0
  2326. package/scripts/npm-rebuild.sh +172 -0
  2327. package/scripts/publish-plugin.sh +144 -0
  2328. package/scripts/tests/smoke-install.sh +260 -0
  2329. package/scripts/tests/test-install-sandbox-merge.sh +137 -0
  2330. package/scripts/tests/test_install_baseline_manifest.sh +392 -0
  2331. package/scripts/uninstall.sh +282 -0
  2332. package/scripts/upgrade.sh +1260 -0
  2333. package/templates/.claude/tier-policy.json +35 -0
  2334. package/templates/.claude/tier-policy.json.sigchain +1 -0
  2335. package/templates/.env.example +134 -0
  2336. package/templates/.github/CODEOWNERS.template +33 -0
  2337. package/templates/.github/workflows/benchmarks.yml.template +145 -0
  2338. package/templates/.github/workflows/validate.yml.template +226 -0
  2339. package/templates/.mcp.json +13 -0
  2340. package/templates/CLAUDE.md +125 -0
  2341. package/templates/MEMORY.md +36 -0
  2342. package/templates/README.md +46 -0
  2343. package/templates/compaction.md +130 -0
  2344. package/templates/docs/BRANCH-PROTECTION.md +203 -0
  2345. package/templates/docs/rotation-log.md +18 -0
  2346. package/templates/oidc-proxy/README.md +141 -0
  2347. package/templates/oidc-proxy/broker.config.example.json +29 -0
  2348. package/templates/oidc-proxy/oidc_key_broker.py +361 -0
  2349. package/templates/oidc-proxy/tests/test_oidc_key_broker.py +361 -0
  2350. package/templates/scripts/statusline-ceo.py +597 -0
  2351. package/templates/settings/settings.base.json +708 -0
  2352. package/templates/settings/settings.stack.node.json +19 -0
  2353. package/templates/settings/settings.stack.otel.json +25 -0
  2354. package/templates/settings/settings.stack.sandbox.json +57 -0
  2355. package/templates/settings/settings.user.json +265 -0
  2356. package/templates/team-personas-reference.md +269 -0
@@ -0,0 +1,1514 @@
1
+ # SPEC v1 — audit-log.schema
2
+
3
+ > **Normative source:** `.claude/plans/AUDIT-LOG-SCHEMA.md`
4
+ > **Spec version:** 1.0.0-rc.1
5
+
6
+ ## Summary (normative)
7
+
8
+ Append-only JSONL event stream at (out-of-repo):
9
+
10
+ ```
11
+ ${CEO_AUDIT_LOG_PATH:-$HOME/.claude/projects/ceo-orchestration/audit-log.jsonl}
12
+ ```
13
+
14
+ ### Schema versions
15
+
16
+ - **v1:** one action `agent_spawn`. Emitted by `audit_log.py` PostToolUse
17
+ Agent hook. No `event_schema` field (absence IS the v1 marker).
18
+ - **v2:** six known actions (`agent_spawn`, `debate_event`,
19
+ `plan_transition`, `veto_triggered`, `benchmark_run`, `lesson_write`).
20
+ All v2 events carry `event_schema: "v2"` + `ts` + nullable
21
+ `tokens_in` / `tokens_out` / `tokens_total`.
22
+ - **v2.1:** adds one action `injection_flag` (advisory; ADR-011). The
23
+ `event_schema` value remains `v2` — consumers tolerating unknown
24
+ actions are unaffected.
25
+ - **v2.2 (PLAN-008, Sprint 8):** adds four actions — `confidence_gate`
26
+ (ADR-018), `lesson_read`, `lesson_archived`, `lesson_restored`
27
+ (ADR-017 amendment). Plus `lesson_outcome` (ADR-015, Sprint 6) is
28
+ formally registered. `event_schema` value remains `v2` (additive).
29
+ - **v2.2.1 (PLAN-009 Phase 1 C1.0, Sprint 9):** additive fields on
30
+ `confidence_gate` — `raw_claim_count` (int) and `truncated` (bool).
31
+ Populated when the input exceeded `CEO_CONFIDENCE_MAX_CLAIMS` (default
32
+ 200). `event_schema` remains `v2` (MINOR bump within v1).
33
+ - **v2.2.2 (PLAN-009 Phase 3 P3.5, Sprint 9):** `lesson_outcome` gains
34
+ closed-enum `consumer` field (`"benchmark" | "architect"`) plus
35
+ `inference_mode`, `window_duration_seconds`, `session_end_reason`.
36
+ Pre-Sprint-9 events missing `consumer` MUST be parsed as
37
+ `"benchmark"` (A23 back-compat).
38
+ - **v2.3 (PLAN-009 Phase 3 P3.3, Sprint 9):** new action
39
+ `lesson_outcome_undone` — admin-facing escape hatch for reversing a
40
+ bad Architect attribution. `event_schema` remains `v2`.
41
+ - **v2.4 (PLAN-011 Phase 0, Sprint 11):** three new actions —
42
+ `state_store_write`, `state_store_read`, `state_store_pruned`
43
+ (ADR-027). `event_schema` remains `v2` (additive). See
44
+ `SPEC/v1/state-stores.schema.md` for the unified state-backend
45
+ envelope these events describe. **Consolidation policy (consensus
46
+ H11):** all PLAN-011 audit additions (`state_store_*`,
47
+ `budget_exceeded`, `budget_bypass_used`, `otel_export_dropped`,
48
+ `output_safety_flag`, `skill_patch_applied`, `squad_imported`) land
49
+ in a single v2.4 bump — this entry will be amended during Phase 13
50
+ closeout to enumerate the final set.
51
+ - **v2.5 (PLAN-013 Phase A.0 + Phase A, Sprint 13):** ten new actions —
52
+ **Six live-adapter / breaker / credential events** (Gap #3 fix per
53
+ PLAN-013 progress-log.md Session 20 — events emitted by
54
+ `_lib/adapters/live/_transport.py` on_audit callback + planned
55
+ `_breaker.py` + `_credentials` wiring but not registered in
56
+ `_KNOWN_ACTIONS`): `live_adapter_call_started`,
57
+ `live_adapter_call_succeeded`, `live_adapter_call_failed`,
58
+ `breaker_opened`, `breaker_closed`, `credential_rotation_due` (ADR-040
59
+ §2/§4/§7). **Four MCP server events** (ADR-042): `mcp_handler_invoked`
60
+ (§Auth — entry audit), `mcp_handler_denied` (§Auth.5 — deny-path
61
+ audit), `mcp_server_started` (§Cost.4 — startup observability),
62
+ `mcp_server_disabled_by_kill_switch` (§Cost.4 — CEO_SOTA_DISABLE
63
+ short-circuit). `event_schema` remains `v2` (additive).
64
+ - **v2.9 (PLAN-023 Phase B, Sprint 23 — ADR-055):** two **additive**
65
+ nullable fields for HMAC chain tamper detection:
66
+ - `hmac` (string|null) — 64 hex chars (SHA-256). Null if chain
67
+ disabled (`CEO_AUDIT_HMAC_DISABLE=1`), pre-v2.9 emitter, or
68
+ key-read failure (in which case `hmac_error` is set).
69
+ - `hmac_error` (string|null) — Python exception class name on
70
+ compute failure; null otherwise.
71
+ Chain formula: `hmac = hmac_sha256(key, prev_hmac ||
72
+ canonical_json(entry_sans_hmac))` where canonical_json is
73
+ `_lib/canonical_json.py::encode` (pinned kwargs, NFC strings, no
74
+ floats). Sidecar `audit-log.last-hmac` holds the last digest
75
+ (best-effort; reconstructible from log tail). Key at
76
+ `~/.claude/projects/<slug>/audit-key` (0600, 32 random bytes,
77
+ auto-generated). Transition-entry rule is one-way (hmac-less after
78
+ hmac-bearing = tamper). Chain resets on log rotation (per-file).
79
+ `event_schema` remains `v2` (additive). Verifier:
80
+ `.claude/scripts/audit-verify-chain.py`; exit 0/1/2/3/4 contract.
81
+ Defends: forgery / reorder / interior deletion / transition
82
+ violation. Does NOT defend: tail truncation / key theft / rollback
83
+ / log+key co-deletion. See ADR-055 §Threat Model §Out-of-scope for
84
+ the complete residual list.
85
+ - **v2.6 (PLAN-014 Phase 0.6, Sprint 14):** twelve new actions per
86
+ ADJ-010 (registered BEFORE Phase A/F spawns to prevent mid-flight
87
+ agent divergence on event names):
88
+ **Three policy-engine events** (ADR-045 + SPEC/v1/policy-dsl.schema.md):
89
+ `policy_evaluated`, `policy_denied`, `policy_error`.
90
+ **Three replay events** (ADR-046 + SPEC/v1/replay.schema.md):
91
+ `replay_started`, `replay_completed`, `replay_diff_produced`.
92
+ **One predict-budget event** (ADR-047 + SPEC/v1/predict-budget.schema.md):
93
+ `prediction_queried`.
94
+ **Three cross-plan-memory events** (ADR-048 + SPEC/v1/memory-shared.schema.md):
95
+ `pattern_stored`, `pattern_queried`, `pattern_evicted`.
96
+ **Two threat-model governance events**: `threat_model_promoted`,
97
+ `threat_model_freshness_breach`. `event_schema` remains `v2` (additive).
98
+ - **v2.41 (PLAN-133, Goose-harvest):** nineteen new actions —
99
+ `env_var_hijack_blocked`, `invisible_unicode_blocked`,
100
+ `egress_destination_detected`, `quota_exhausted`, `eval_task_completed`,
101
+ `context_auto_compacted`, `context_auto_compact_suppressed`,
102
+ `context_middle_out_degraded`, `context_middle_out_degrade_failed`,
103
+ `adversary_review_flagged`, `supply_chain_advisory_emitted`,
104
+ `spawn_tool_scope_violation`, `spawn_depth_or_overlap_blocked`,
105
+ `spawn_file_assignment_recorded`, `action_required_held`,
106
+ `action_required_resumed`, `action_required_rejected`,
107
+ `persistent_instructions_blocked`, `hint_provenance_recorded`. Each is a
108
+ closed-enum / hash / bucketed-int breadcrumb routed through a dedicated
109
+ deny-by-default per-action allowlist in `audit_emit.py` (NEVER
110
+ `_EMIT_GENERIC_PASSTHROUGH`); an out-of-enum value is COERCED to a safe
111
+ sentinel before emit (S172 doctrine, never echoed). `event_schema`
112
+ remains `v2`. Additive per SPEC/v1 rules.
113
+ - **v2.42 (PLAN-135 W1 S3, anthropic-surface-harvest):** one new action —
114
+ `settings_tamper_detected`, the `/ceo-boot` Tier-S settings/env
115
+ tamper-tripwire breadcrumb (one emit per tamper class detected on the
116
+ RESOLVED multi-layer settings + import-time env snapshot). Closed-enum
117
+ `tamper_class` (mirrors `_lib/effective_config.TAMPER_CLASSES`) +
118
+ closed-enum `layer` + clamped-int `finding_count`; dedicated
119
+ deny-by-default allowlist `_SETTINGS_TAMPER_DETECTED_ALLOWLIST` (NEVER
120
+ `_EMIT_GENERIC_PASSTHROUGH`); the finding detail / env values are never
121
+ persisted. `event_schema` remains `v2`. Additive per SPEC/v1 rules.
122
+ - **v2.43 (PLAN-135 W2, anthropic-surface-harvest hook wave):** new actions
123
+ for the W2 new-event hooks — H2 contributes the ConfigChange-guard pair
124
+ `config_change_observed` + `config_change_forbidden_key`
125
+ (`check_config_change.py`: audit + advisory-block of out-of-band
126
+ settings edits, the S197 class; forbidden-keys single source =
127
+ `_lib/effective_config.FORBIDDEN_KEYS`, shared with W1 S3). Closed-enum
128
+ `layer` (settings file surfaces only: `user` / `project` / `local` /
129
+ `managed` / `other`) on both; the forbidden-key event adds closed-enum
130
+ `tamper_class` (mirrors `_lib/effective_config.TAMPER_CLASSES`) +
131
+ clamped-int `finding_count`. Dedicated deny-by-default allowlists
132
+ `_CONFIG_CHANGE_OBSERVED_ALLOWLIST` /
133
+ `_CONFIG_CHANGE_FORBIDDEN_KEY_ALLOWLIST` (NEVER
134
+ `_EMIT_GENERIC_PASSTHROUGH`); the changed file's path/body and any key
135
+ VALUE are never persisted. H5 (ADR-154 single-rewriter) contributes
136
+ `bash_input_rewritten` — `check_bash_safety.py` rewrote a `git push
137
+ --force`/`-f` Bash input to `--force-with-lease` via the PreToolUse
138
+ `updatedInput` channel (surfaced as an `ask`, never a silent allow); the
139
+ ONLY caller fields are closed-enum `rewrite_class` + the before/after
140
+ sha256 hash PAIR (TYPED wrapper `emit_bash_input_rewritten`, dedicated
141
+ `_BASH_INPUT_REWRITTEN_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`); the
142
+ command bytes are never persisted (the hash pair proves audited-cmd ==
143
+ executed-cmd). H1 (ADR-153) contributes the compaction-continuity pair
144
+ `compaction_continuity_snapshot` + `compaction_context_reinjected`. H3
145
+ contributes `subagent_lifecycle_observed` — emitted ONCE per returning
146
+ sub-agent by `check_fluency_nudge.py` (the SubagentStop H3 extension) after
147
+ consuming the SubagentStart sidecar (`check_subagent_start.py`) + the
148
+ harness `agent_transcript_path`: per-agent wall-time + token + claim
149
+ bracket (the S227 `modelUsage` forensic reconstruction becomes a live hook
150
+ emit; feeds the persona-ledger). EVERY wire field is a closed enum or
151
+ coarse bucket — `agent_archetype` (persona-ledger archetype) + `wall_bucket`
152
+ + `wall_source` + `token_bucket` + `claim_bucket`; the RAW token counts, RAW
153
+ wall seconds, transcript path/body, marker snippets and raw agent_id are
154
+ never persisted (TYPED wrapper `emit_subagent_lifecycle_observed`, dedicated
155
+ `_SUBAGENT_LIFECYCLE_OBSERVED_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`).
156
+ Sibling W2 units' actions fold into this same v2.43 bump at the
157
+ arc-verify wave. `event_schema` remains `v2`. Additive per SPEC/v1 rules.
158
+ - **v2.44 (PLAN-135 ARC, anthropic-surface-harvest W5 ops fold):** three new
159
+ actions for the W5 ops surfaces, consolidated in the arc layer — `admin_key_lifecycle_event`
160
+ (o9; `.claude/scripts/key-hygiene.py` Anthropic Admin API key-lifecycle
161
+ breadcrumb), `statusline_sidecar_write` (o4; `.claude/scripts/statusline-ceo.py`
162
+ statusLine sidecar-write breadcrumb), `model_refusal_observed` (o7;
163
+ `.claude/hooks/_lib/adapters/live/claude.py` `_on_response` model-refusal
164
+ breadcrumb). All three are TRUSTED first-party / adapter-library producers
165
+ that PRE-REDACT at the emit site: `key-hygiene.py` `_redact()`s free text + emits
166
+ only ids/counts/closed-enums (NEVER key material); `statusline-ceo.py` emits
167
+ only numbers + enum-ish ids + a 12-char digest (NEVER the raw statusLine
168
+ stdin); `claude.py` forwards ONLY the closed `stop_details.category` vocabulary
169
+ (≤64) + provider/model slugs + status/duration ints and DROPS
170
+ `stop_details.explanation` (model free text) at the emit site. `event_schema`
171
+ remains `v2`. Additive per SPEC/v1 rules.
172
+ _(Hardened in v2.45 — see below: these three no longer rely on producer-side
173
+ pre-redaction alone; each now routes through a dedicated `_scrub_*` branch.)_
174
+ - **v2.45 (PLAN-135-FOLLOWUP, Codex R5 P1-2/P1-3):** no new actions, no new
175
+ fields, `event_schema` remains `v2`. (1) **P1-2:** the three W5 actions
176
+ (`admin_key_lifecycle_event`, `statusline_sidecar_write`, `model_refusal_observed`)
177
+ move OFF `_EMIT_GENERIC_PASSTHROUGH` into dedicated deny-by-default `_scrub_*`
178
+ branches (`_ADMIN_KEY_LIFECYCLE_EVENT_ALLOWLIST` / `_STATUSLINE_SIDECAR_WRITE_ALLOWLIST`
179
+ / `_MODEL_REFUSAL_OBSERVED_ALLOWLIST`) with field-allowlist + enum/int VALUE
180
+ coercion, so the Sec MF-3 boundary holds against a direct/future `emit_generic`
181
+ caller that bypasses the trusted producer — producer-side pre-redaction is now
182
+ defense-in-depth, not the sole line. (2) **P1-3:** one new closed-enum
183
+ tamper-class member `settings_tamper_sidecar_redirect` (added to
184
+ `settings_tamper_detected` + `config_change_forbidden_key`, mirroring
185
+ `_lib/effective_config.TAMPER_CLASSES`) — a settings-LAYER `env` block setting
186
+ `CEO_STATUSLINE_SIDECAR` to steer the always-on statusLine sidecar writer out of
187
+ the audit/state dir (output/exfil-path steer; detected only in settings layers,
188
+ the Owner launch-env override is legitimate). Additive per SPEC/v1 rules.
189
+
190
+ ### Required fields per v2 action
191
+
192
+ | action | required fields |
193
+ |---|---|
194
+ | `agent_spawn` (v1) | `ts`, `action`, `session_id`, `project`, `tool`, `subagent_type`, `desc_preview`, `desc_hash`, `skill`, `has_profile`, `has_file_assignment`, `prompt_len_bucket`, `response_kind`, `hook_duration_ms` |
195
+ | `debate_event` | `action`, `plan_id`, `round`, `phase`, `agent`, `event_schema`, `ts` |
196
+ | `plan_transition` | `action`, `plan_id`, `from_status`, `to_status`, `editor_tool`, `file_path`, `transition_legal`, `event_schema`, `ts` |
197
+ | `veto_triggered` | `action`, `hook`, `reason_code`, `reason_preview` (redacted ≤120 chars), `blocked_tool`, `session_id` (str, v2.14), `caller` (str, v2.14 — optional, populated for kernel events), `event_schema`, `ts` |
198
+ | `benchmark_run` | `action`, `benchmark_id`, `skill`, `pass_count`, `fail_count`, `pass_rate_bps` (int 0..1000 — pass_rate × 1000; canonical_json no-float), `median_score_bps` (int 0..1000 — median_score × 1000), `floor_bps` (int 0..1000 — floor × 1000), `cost_usd_cents` (int ≥0 — cost × 100), `duration_ms` (int ≥0 — duration_s × 1000), `event_schema`, `ts` |
199
+ | `lesson_write` | `action`, `lesson_id`, `archetype`, `scope_tags` (list), `trigger`, `source_event_id`, `event_schema`, `ts` |
200
+ | `injection_flag` (v2.1) | `action`, `source`, `family_counts` (object), `match_count`, `bytes_scanned`, `truncated`, `triggered_by_tool`, `event_schema`, `ts` |
201
+ | `lesson_outcome` (v2) | `action`, `lesson_id`, `archetype`, `hit` (bool), `hit_count`, `miss_count`, `consumer` (enum `{benchmark, architect}`, v2.2.2), `inference_mode` (str, v2.2.2), `window_duration_seconds` (int, v2.2.2), `session_end_reason` (str, v2.2.2), `event_schema`, `ts` |
202
+ | `lesson_outcome_undone` (v2.3) | `action`, `lesson_id`, `archetype`, `consumer`, `undone_kind` (enum `{hit, miss}`), `hit_count`, `miss_count`, `event_schema`, `ts` |
203
+ | `confidence_gate` (v2.2) | `action`, `claim_count`, `pass_count`, `fail_count`, `verifier_kind_counts` (object: kind→count), `agent_name`, `source`, `raw_claim_count` (int, v2.2.1), `truncated` (bool, v2.2.1), `event_schema`, `ts` |
204
+ | `lesson_read` (v2.2) | `action`, `lesson_ids` (list), `lesson_count`, `archetype`, `keywords` (list), `k`, `consumer`, `event_schema`, `ts` |
205
+ | `lesson_archived` (v2.2) | `action`, `lesson_id`, `archetype`, `hit_count`, `miss_count`, `hit_rate_bps` (int 0..1000 — hit_rate × 1000; canonical_json no-float invariant), `archive_path`, `reason`, `event_schema`, `ts` |
206
+ | `lesson_restored` (v2.2) | `action`, `lesson_id`, `archetype`, `restored_from`, `restored_to`, `event_schema`, `ts` |
207
+ | `state_store_write` (v2.4) | `action`, `store_name`, `plan_id_hash` (16-char sha256 prefix), `key_hash` (16-char sha256 prefix), `value_bytes` (int), `ttl_seconds` (nullable int), `redaction_applied` (bool), `event_schema`, `ts` |
208
+ | `state_store_read` (v2.4) | `action`, `store_name`, `plan_id_hash`, `key_hash`, `found` (bool), `event_schema`, `ts` |
209
+ | `state_store_pruned` (v2.4) | `action`, `store_name`, `plan_id_hash`, `keys_pruned_count` (int), `event_schema`, `ts` |
210
+ | `budget_exceeded` (v2.4) | `action`, `plan_id`, `spawn_id`, `tokens_used` (int), `cap` (int), `scope` (enum `{spawn,plan}`), `event_schema`, `ts` |
211
+ | `budget_bypass_used` (v2.4) | `action`, `plan_id`, `caller_pid` (int), `reason_preview` (redacted ≤120 chars), `event_schema`, `ts` |
212
+ | `otel_export_dropped` (v2.4) | `action`, `fields_dropped_count` (int), `endpoint_host`, `reason`, `event_schema`, `ts` |
213
+ | `output_safety_flag` (v2.4) | `action`, `source`, `family_counts` (object), `match_count` (int), `bytes_scanned` (int), `redaction_applied` (bool), `triggered_by_tool`, `snippet_preview` (redacted ≤200 chars), `truncated` (bool), `event_schema`, `ts` |
214
+ | `skill_patch_applied` (v2.4) | `action`, `proposal_id`, `skill_slug`, `commit_sha`, `signer_fingerprint`, `shadow_mode` (bool), `event_schema`, `ts` |
215
+ | `squad_imported` (v2.4) | `action`, `squad_name`, `manifest_sha256`, `signer_fingerprint`, `source`, `event_schema`, `ts` |
216
+ | `live_adapter_call_started` (v2.5) | `action`, `provider`, `url` (query-scrubbed), `attempt` (int ≥1), `event_schema`, `ts` |
217
+ | `live_adapter_call_succeeded` (v2.5) | `action`, `provider`, `url` (query-scrubbed), `status` (int 2xx), `duration_ms` (int), `retried` (bool), `event_schema`, `ts` |
218
+ | `live_adapter_call_failed` (v2.5) | `action`, `provider`, `failure_mode` (enum per SPEC/v1/live-adapters-policy §3), `http_status` (nullable int), `duration_ms` (int), `retry_count` (int), `event_schema`, `ts` |
219
+ | `breaker_opened` (v2.5) | `action`, `provider`, `failures_in_window` (int), `threshold` (int), `reason` (enum from live-adapters-policy §3), `event_schema`, `ts` |
220
+ | `breaker_closed` (v2.5) | `action`, `provider`, `from_state` (enum `{open, half_open, reset}`), `event_schema`, `ts` |
221
+ | `credential_rotation_due` (v2.5) | `action`, `provider`, `age_days` (int), `warn_threshold_days` (int), `max_threshold_days` (int), `event_schema`, `ts` |
222
+ | `mcp_handler_invoked` (v2.5) | `action`, `handler` (enum from ADR-042 §Auth.2 ACL), `client_id` (hex16), `transport` (enum `{http, stdio}`), `duration_ms` (int), `event_schema`, `ts` |
223
+ | `mcp_handler_denied` (v2.5) | `action`, `handler`, `client_id` (hex16), `transport`, `reason` (enum per ADR-042 §Auth.5 + §Cost.1), `event_schema`, `ts` |
224
+ | `mcp_server_started` (v2.5) | `action`, `transport`, `host`, `port` (int; 0 for stdio), `version`, `handlers_count` (int), `event_schema`, `ts` |
225
+ | `mcp_server_disabled_by_kill_switch` (v2.5) | `action`, `reason`, `event_schema`, `ts` |
226
+ | `policy_evaluated` (v2.6) | `action`, `policy_id`, `rule_id`, `decision` (enum `{allow, deny, block}`), `duration_ms` (int), `event_schema`, `ts` |
227
+ | `policy_denied` (v2.6) | `action`, `policy_id`, `rule_id`, `reason` (closed-enum per SPEC/v1/policy-dsl.schema.md §Error-model), `event_schema`, `ts` |
228
+ | `policy_error` (v2.6) | `action`, `policy_id`, `error_kind` (enum `{parse_error, predicate_missing, import_failure, depth_limit, size_limit, alias_rejected, tag_rejected}`), `detail` (redacted ≤200 chars), `event_schema`, `ts` |
229
+ | `replay_started` (v2.6) | `action`, `original_session_id`, `mode` (enum `{dry_run, execute}`), `redacted_fragments_count` (int), `as_user`, `event_schema`, `ts` |
230
+ | `replay_completed` (v2.6) | `action`, `original_session_id`, `mode`, `duration_ms` (int), `spawn_count` (int), `diff_summary`, `event_schema`, `ts` |
231
+ | `replay_diff_produced` (v2.6) | `action`, `original_session_id`, `spawn_ordinal` (int), `divergence_kind` (enum `{output_mismatch, spawn_missing, extra_spawn, env_mismatch, audit_payload_mismatch}`), `artifact_path`, `event_schema`, `ts` |
232
+ | `prediction_queried` (v2.6) | `action`, `plan_id`, `bucket_range` (bucketed string; NO raw dollar figures per ADJ-038), `confidence` (enum `{high, medium, low, cold_start}`), `training_window_plans` (int), `event_schema`, `ts` |
233
+ | `pattern_stored` (v2.6) | `action`, `topic` (Unicode NFC + lowercase + dash-separated), `content_hash` (sha256), `size_bytes` (int; ≤4096 per SPEC cap), `event_schema`, `ts` |
234
+ | `pattern_queried` (v2.6) | `action`, `topic`, `k` (int 1..10 clamped), `match_count` (int), `event_schema`, `ts` |
235
+ | `pattern_evicted` (v2.6) | `action`, `topic`, `content_hash`, `reason` (enum `{admin_request, size_cap_breach, redact_violation}`), `event_schema`, `ts` |
236
+ | `threat_model_promoted` (v2.6) | `action`, `from_status` (enum `{draft, accepted, stale}`), `to_status`, `accepted_by`, `commit_sha`, `event_schema`, `ts` |
237
+ | `threat_model_freshness_breach` (v2.6) | `action`, `new_adr_count_since_review` (int), `threshold` (int; default 2 per ADJ-021), `event_schema`, `ts` |
238
+ | `session_start` (v2.7) | `action`, `session_id`, `ts`, `event_schema`. PLAN-028 Wave A ADR-056 — session-lifecycle observability. |
239
+ | `session_end` (v2.7) | `action`, `session_id`, `ts`, `event_schema`. PLAN-028 Wave A ADR-056. |
240
+ | `prompt_submitted` (v2.7) | `action`, `session_id`, `ts`, `event_schema`. PLAN-028 Wave A ADR-056. |
241
+ | `session_stop` (v2.7) | `action`, `session_id`, `ts`, `event_schema`. PLAN-028 Wave A ADR-056. |
242
+ | `output_scan_finding` (v2.7) | `action`, `source`, `family_counts` (object), `redaction_applied` (bool), `event_schema`, `ts`. PLAN-029 Wave A ADR-057 — output-scan redaction. |
243
+ | `rag_query_issued` (v2.8) | `action`, `query_hash` (sha256), `top_k` (int), `duration_ms` (int), `event_schema`, `ts`. PLAN-041 Wave A+ ADR-062. |
244
+ | `rag_query_returned` (v2.8) | `action`, `query_hash`, `chunk_keys` (list[str]), `chunks_count` (int), `event_schema`, `ts`. PLAN-041 Wave A+ ADR-062. |
245
+ | `rag_query_fallback` (v2.8) | `action`, `reason` (enum), `event_schema`, `ts`. PLAN-041 Wave A+ ADR-062. |
246
+ | `rag_query_redacted` (v2.8) | `action`, `query_hash`, `chunk_keys`, `family_counts` (object), `event_schema`, `ts`. PLAN-041 Wave A+ ADR-062. |
247
+ | `rag_index_redacted` (v2.8) | `action`, `file_path`, `reason`, `family_counts` (object), `indexer_version`, `event_schema`, `ts`. PLAN-041 Wave A+ ADR-062. |
248
+ | `tier_policy_derived` (v2.9) | `action`, `role`, `task_type`, `derived_tier` (enum `{opus, sonnet, haiku}`), `n_samples` (int), `gap_pp` (float), `event_schema`, `ts`. PLAN-043 Wave B ADR-064 — dynamic tier-policy learned dispatch (learn.py). |
249
+ | `tier_policy_promote_applied` (v2.9) | `action`, `role`, `previous_tier`, `new_tier`, `policy_sha` (sha256), `event_schema`, `ts`. PLAN-043 Wave B ADR-064 (apply.py). |
250
+ | `tier_policy_promote_cost_gated` (v2.9) | `action`, `agent_slug`, `from_tier`, `to_tier`, `projected_delta_usd_cents` (int, nullable — projected monthly cost delta × 100; canonical_json no-float invariant), `threshold_usd_cents` (int — cost gate threshold × 100), `event_schema`, `ts`. PLAN-043 Wave B ADR-064 (apply.py C-P0-4 3-way gate). |
251
+ | `tier_policy_demote_requested` (v2.9) | `action`, `role`, `from_tier`, `to_tier`, `owner_signed` (bool), `event_schema`, `ts`. PLAN-043 Wave B ADR-064 — Owner-signed demote path. |
252
+ | `tier_policy_rejected` (v2.9) | `action`, `role`, `reason` (enum `{veto_floor, cost_gated, cooldown, killswitch, hmac_fail, statistical_floor, fixture_corpus_mismatch}`), `event_schema`, `ts`. PLAN-043 Wave B ADR-064. `fixture_corpus_mismatch` added in PLAN-045 F-10-06 — learner fail-CLOSED on tournament fixture content-integrity drift. |
253
+ | `tier_policy_hmac_verify_failed` (v2.9) | `action`, `report_path`, `reason` (enum), `event_schema`, `ts`. PLAN-043 Wave B ADR-064 — supply-chain tamper detection. |
254
+ | `tier_policy_killswitch_triggered` (v2.9) | `action`, `factor_env` (bool), `factor_sentinel` (bool), `event_schema`, `ts`. PLAN-043 Wave B ADR-064 — two-factor kill-switch. |
255
+ | `tier_policy_adopter_override_respected` (v2.9) | `action`, `role`, `adopter_tier`, `learned_tier`, `event_schema`, `ts`. PLAN-043 Wave B ADR-064 — adopter quality-profile takes precedence. |
256
+ | `tier_policy_dry_run_complete` (v2.9) | `action`, `changes_count` (int), `diff_sha` (sha256), `event_schema`, `ts`. PLAN-043 Wave B ADR-064 — CLI dry-run preview. |
257
+ | `tournament_run_started` (v2.9) | `action`, `tournament_id`, `event_schema`, `ts`. PLAN-032 Wave B ADR-063 — agent-eval tournament start. |
258
+ | `tournament_task_scored` (v2.9) | `action`, `swarm_id`, `loop_id`, `score_bps` (int 0..1000 — score × 1000; canonical_json no-float), `tests_passed` (int), `tests_failed` (int), `event_schema`, `ts`. PLAN-032 Wave B ADR-063. |
259
+ | `tournament_run_completed` (v2.9) | `action`, `swarm_id`, `winner_loop_id`, `rejected_count` (int), `decisive` (bool), `event_schema`, `ts`. PLAN-032 Wave B ADR-063. |
260
+ | `tournament_budget_projected` (v2.9) | `action`, `swarm_id`, `projected_cost_cents` (int ≥0 — USD × 100; canonical_json no-float), `candidate_count` (int), `event_schema`, `ts`. PLAN-032 Wave B ADR-063 — pre-run cost estimate. |
261
+ | `tournament_budget_exceeded` (v2.9) | `action`, `swarm_id`, `actual_cost_cents` (int ≥0 — USD × 100; canonical_json no-float), `cap_cents` (int ≥0 — USD × 100), `event_schema`, `ts`. PLAN-032 Wave B ADR-063 — runtime cost-gate trip. |
262
+ | `tournament_aborted` (v2.9) | `action`, `tournament_id`, `reason` (enum), `event_schema`, `ts`. PLAN-032 Wave B ADR-063 — kill-switch / budget / error abort. |
263
+ | `tournament_fixture_rejected` (v2.9) | `action`, `fixture_path`, `family` (enum), `event_schema`, `ts`. PLAN-032 Wave B ADR-063 — check_fixture.py rejects bidi / zero-width / homoglyph / oversize / jwt / llm01 shapes. |
264
+ | `tournament_judge_hijack_suspected` (v2.9) | `action`, `swarm_id`, `loop_id`, `indicator` (str ≤64 — adversarial signal label; no float), `event_schema`, `ts`. PLAN-032 Wave B ADR-063 — judge-response adversarial indicator hardening. |
265
+ | `fluency_nudge` (v2.10) | `action`, `session_id`, `project`, `marker_count` (int), `threshold_crossed` (int), `markers_matched` (list[str]), `output_length` (int), `event_schema`, `ts`. PLAN-045 Wave 5 P0-09 (b) — Artifact Paradox SubagentStop advisory. Kill-switch `CEO_FLUENCY_NUDGE=0`. |
266
+ | `skill_reference_read_mismatch` (v2.10) | `action`, `session_id`, `project`, `skill_path` (rel), `claimed_sha` (sha256), `read_sha` (sha256), `spawn_ts` (ISO-8601), `read_ts` (ISO-8601), `event_schema`, `ts`. PLAN-045 Wave 5 F-10-07 v2 — TOCTOU between spawn SKILL REFERENCE sha pin and sub-agent Read-time hash. Kill-switch `CEO_SKILL_READ_V2=0`. |
267
+ | `skill_reference_read_stale` (v2.10) | `action`, `session_id`, `project`, `skill_path` (rel), `claimed_sha`, `read_sha`, `spawn_ts`, `read_ts`, `delta_seconds` (int), `event_schema`, `ts`. PLAN-045 Wave 5 F-10-07 v2 — spawn event more than 5 minutes older than the sub-agent Read (TOCTOU plausibility window). Kill-switch `CEO_SKILL_READ_V2=0`. |
268
+ | `skill_reference_never_read` (v2.10) | `action`, `session_id`, `project`, `skill_path` (rel), `claimed_sha`, `spawn_ts`, `event_schema`, `ts`. PLAN-045 Wave 5 F-10-07 v2 — sub-agent spawned with `## SKILL REFERENCE` but never issued a Read on the declared file. Emit site deferred to SessionEnd hook (future iteration). |
269
+ | `swarm_started` (v2.11) | `action`, `swarm_id`, `n_loops` (int), `budget_tokens` (int), `event_schema`, `ts`. PLAN-017 Phase 4 — autonomous-loop swarm coordinator dispatch start. |
270
+ | `swarm_iteration` (v2.11) | `action`, `swarm_id`, `loop_id`, `iteration` (int), `event_schema`, `ts`. PLAN-017 Phase 4 — per-loop iteration progress. |
271
+ | `swarm_halted_budget` (v2.11) | `action`, `swarm_id`, `tokens_consumed` (int), `event_schema`, `ts`. PLAN-017 Phase 4 — budget ceiling triggered halt. |
272
+ | `swarm_halted_convergence` (v2.11) | `action`, `swarm_id`, `jaccard` (float), `event_schema`, `ts`. PLAN-017 Phase 4 — inter-loop output Jaccard similarity ≥ threshold. |
273
+ | `swarm_halted_kill` (v2.11) | `action`, `swarm_id`, `source` (enum `{env, file, cli}`), `event_schema`, `ts`. PLAN-017 Phase 4 — kill-switch layers 1-3 fired. |
274
+ | `swarm_aborted_error` (v2.11) | `action`, `swarm_id`, `error` (str), `event_schema`, `ts`. PLAN-017 Phase 4 — unrecoverable error aborted swarm. |
275
+ | `swarm_killed` (v2.11) | `action`, `swarm_id`, `layer` (int 1-6), `event_schema`, `ts`. PLAN-017 Phase 4 — SIGKILL/watchdog escalation path. |
276
+ | `swarm_tournament_selected` (v2.11) | `action`, `swarm_id`, `winner_loop`, `event_schema`, `ts`. PLAN-017 Phase 4 — tournament scorer selected best-of-N loop. |
277
+ | `swarm_finalize_grouped` (v2.11) | `action`, `swarm_id`, `groups` (int), `event_schema`, `ts`. PLAN-017 Phase 4 — finalizer groups winner outputs into commit bundles. |
278
+ | `swarm_finalize_committed` (v2.11) | `action`, `swarm_id`, `commit` (sha7), `event_schema`, `ts`. PLAN-017 Phase 4 — winner output committed to main branch. |
279
+ | `escalation_detected` (v2.11) | `action`, `signal` (enum), `severity` (enum `{low, medium, high}`), `event_schema`, `ts`. PLAN-048 Phase 2 — CEO model escalation signal emitted by detector. |
280
+ | `escalation_dispatched` (v2.11) | `action`, `from_model`, `to_model`, `event_schema`, `ts`. PLAN-048 Phase 2 — runtime re-dispatch from Sonnet default to Opus. |
281
+ | `escalation_suppressed` (v2.11) | `action`, `reason` (enum `{cooldown_active, kill_switch, baseline_mode}`), `event_schema`, `ts`. PLAN-048 Phase 2 — escalation skipped per suppression rule. |
282
+ | `escalation_baseline_recorded` (v2.11) | `action`, `session_tag` (str), `spawn_count` (int), `event_schema`, `ts`. PLAN-048 Phase 2 — observe-only arm session aggregate. |
283
+ | `audit_tokens_emitted` (v2.12) | `action`, `session_id`, `timestamp` (ISO-8601), `window_seconds` (int), `events_scanned` (int), `tokens_in_total` (int), `tokens_out_total` (int), `cost_cents` (int), `tier_id_distribution` (dict<str,int>), `detector_findings_count` (dict<str,int>), `hook_duration_ms` (int), `project`. PLAN-060 Phase B / SEC-P0-04 — counts-only audit-tokens stub event emitted by SessionEnd hook via `audit-tokens.py --content-ban=strict`. Allowlist enforced by `scrub_audit_tokens_event()` (defense-in-depth on top of CLI flag). Total payload < 2 KiB. Opt-in via `CEO_AUDIT_TOKENS_AUTO=1`. |
284
+ | `audit_tokens_timeout` (v2.12) | `action`, `session_id`, `timeout_ms` (int — timeout budget in milliseconds; canonical_json no-float invariant; e.g. 50ms default → timeout_ms=50), `project`. PLAN-060 Phase B / SEC-P0-04 §Performance budget — fired when `audit-tokens.py` subprocess exceeds the 50ms wall budget. Replaces the `audit_tokens_emitted` that would have fired on success; SessionEnd hook does not block on slow detectors. |
285
+ | `audit_tokens_key_dropped` (v2.12) | `action`, `session_id`, `dropped_keys` (list<str>, capped at 50), `dropped_count` (int), `project`. PLAN-060 Phase B / SEC-P0-04 §Defense-in-depth — emitted by `scrub_audit_tokens_event()` when forbidden keys are stripped from an audit-tokens event. Event itself never carries dropped VALUES (only keys), so hostile keys with payload-like names do not leak content. Signals allowlist drift OR injection attempt. |
286
+ | `mcp_injection_finding` (v2.13) | `action`, `server_id`, `mcp_tool_name`, `source_kind` (enum `{tool_result, resource_fetch, instructions}`), `family_counts` (dict<str,int>), `match_count` (int), `bytes_scanned` (int), `severity` (enum `{low, medium, high}`), `snippet_preview` (str, redacted ≤200), `scanner_action` (enum `{advisory, stripped, blocked}`), `session_id`, `project`, `event_schema`, `ts`. PLAN-052 / ADR-083 — MCP injection scanner finding. Emitted by `check_mcp_response.py` PostToolUse hook when an MCP tool result contains harness-mimicry or directive-prose markup (reused from `_lib/injection_patterns.py`). STRICT mode opt-in via `CEO_MCP_SCANNER_MODE=strict` (Session 73 wired); when active and severity=high, hook emits `scanner_action="blocked"` and returns `decision: block` to the harness. Otherwise `scanner_action="advisory"` (log-only). `emit_mcp_injection_finding` shipped in `_lib/audit_emit.py` (Wave B audit-v2 C1-P0-03 fix). |
287
+ | `skill_bootstrap_used` (v2.15) | `action`, `skill_slug`, `env_set` (bool), `project`, `event_schema`, `ts`. Session 76 audit-v3 / Codex DIM-04 #1 — emitted by `check_skill_patch_sentinel.py:251` when the bootstrap env var is detected on a SKILL.md edit. Pre-Session-76 was dropped by `_write_event` because the action was unregistered (silent observability gap). |
288
+ | `skill_bootstrap_post_hash` (v2.15) | `action`, `skill_slug`, `sha256` (64-hex of post-write content), `file_size` (int), `bootstrap_event_correlated` (bool), `bootstrap_ts_s` (int — epoch-seconds of bootstrap event; canonical_json no-float invariant), `suspicious_delay_ms` (int — delay in ms between bootstrap_used and PostToolUse; -1 when not applicable), `anomaly` (bool), `hook_version`, `project`, `event_schema`, `ts`. Session 76 audit-v3 / Codex DIM-04 #1 — emitted by `check_skill_bootstrap_post.py:196` after the SKILL.md write completes; correlates the prior `skill_bootstrap_used` event via timestamp delta. Pre-Session-76 was dropped silently. |
289
+ | `replay_capture_started` (v2.16) | `action`, `original_session_id`, `redacted_fragments_count` (int), `as_user`, `session_id`, `project`, `event_schema`, `ts`. PLAN-069 Phase 1 / ADR-101 — emitted by `replay-session.py:_emit_started` when `mode == "capture"`. Distinct from `replay_started` because capture mode produces a redacted JSONL fixture (not a dry_run/execute artifact). |
290
+ | `replay_capture_completed` (v2.16) | `action`, `original_session_id`, `duration_ms` (int), `event_count` (int), `fixture_path` (str), `session_id`, `project`, `event_schema`, `ts`. PLAN-069 Phase 1 / ADR-101 — emitted by `replay-session.py:_emit_completed` when `mode == "capture"`. ``event_count`` is total redacted events written to the fixture; ``fixture_path`` is $CLAUDE_PROJECT_DIR-relative resolved out path. |
291
+ | `claim_emitted` (v2.19) | `action`, `claim_id` (composite `<claim_type>:<12-hex>`; `<claim_type>` MUST match KNOWN_KINDS grammar `^[a-z_]{1,32}$`, otherwise rehashed to `unknown:<12-hex>` via `_safe_claim_id_hash`), `claim_type` (str ≤32 chars; KNOWN_KINDS recommended), `severity` (closed enum `{info, warn, critical}`; invalid → `info`), `verifier_kind` (str ≤32), `payload_hash` (bare 12-hex; defensive rehash if non-hex), `kind_supported` (bool; FP signal — `True` means kind in KNOWN_KINDS, `False` is extraction-FP), `line_num` (int), `agent_name` (str ≤64), `source` (str ≤32), `session_id`, `project`, `event_schema`, `ts`, `tokens_*`, `hmac`, `hmac_error`. PLAN-090-FOLLOWUP Wave A — per-claim event producer (S138 R2 ACCEPT). Sec MF-3 allowlist `_CLAIM_EMITTED_ALLOWLIST` enforced; emit_generic dispatch wired (Codex iter-1 P0-3+P0-4). LLM06 hold: raw claim body NEVER persisted. Kill-switch `CEO_CONFIDENCE_GATE_PRODUCER_PAIR_DISABLED=1`. |
292
+ | `confidence_gate_verdict` (v2.19) | `action`, `claim_id` (defensive rehash via `_safe_claim_id_hash`), `verdict` (closed enum `{pass, fail, refuted}`; invalid → `fail` NOT `refuted` per P1-1 fold — `refuted` is the FP signal in backfill line 134 and a parser sentinel must NOT pollute the FPR numerator), `was_false_positive` (bool; FP signal — `was_false_positive = (NOT kind_supported)` per Wave B.6 contract), `kind_supported` (bool; paired with claim_emitted), `verifier_kind` (str ≤32), `verifier_outcome` (PII-redacted + ≥8-char overlap-scrubbed against claim_args + NFKC + ≤64 chars; security iter-1 P1-B fold), `agent_name` (str ≤64), `source` (str ≤32), `session_id`, `project`, `event_schema`, `ts`, `tokens_*`, `hmac`, `hmac_error`. PLAN-090-FOLLOWUP Wave A. Sec MF-3 allowlist `_CONFIDENCE_GATE_VERDICT_ALLOWLIST` enforced. |
293
+ | `persona_demand_opened` (v2.18) | `action`, `demand_id` (str ≤16), `demand_event_type` (enum `{branch_ahead, auth_edit, test_edit, detect_edit}`), `expected_persona` (enum `{code-reviewer, security-engineer, qa-architect, threat-detection-engineer}`), `target_ref_hash` (sha256 truncated 12-hex; raw value NEVER persisted — LLM06 hold), `match_window_hours` (int, default 24), `session_id`, `project`, `event_schema`, `ts`. PLAN-104 Wave A — persona-demand ledger Phase 2 (S134 R2 ACCEPT). Sec MF-3 allowlist `_PERSONA_DEMAND_OPENED_ALLOWLIST` enforced; emit_generic dispatch wired (Codex iter-1 P0 #4). Kill-switch `CEO_PERSONA_DEMAND_LEDGER_DISABLED=1`. |
294
+ | `persona_demand_matched` (v2.18) | `action`, `demand_id`, `demand_event_type`, `expected_persona`, `actual_persona` (strict-match: `actual_persona == expected_persona` ALWAYS holds — incl. the codex modality, which sets it to `code-reviewer`), `latency_ms` (int), `match_modality` (enum `{native_spawn, codex_review}`; default `native_spawn`; `codex_review` recognized for `code-reviewer` demands ONLY per PLAN-132 / ADR-145), `session_id`, `project`, `event_schema`, `ts`. PLAN-104 Wave A; PLAN-132 v2.40. Sec MF-3 allowlist `_PERSONA_DEMAND_MATCHED_ALLOWLIST`. |
295
+ | `persona_demand_unmet` (v2.18) | `action`, `demand_id`, `demand_event_type`, `expected_persona`, `target_ref_hash`, `window_expired_at` (ISO8601 UTC), `session_id`, `project`, `event_schema`, `ts`. PLAN-104 Wave A — idempotent at most ONE per demand_id (dedup at resolver scan time). Sec MF-3 allowlist `_PERSONA_DEMAND_UNMET_ALLOWLIST`. |
296
+ | `persona_demand_waived` (v2.18) | `action`, `demand_id`, `demand_event_type`, `expected_persona`, `waive_reason` (closed enum `{docs-only, generated-or-vendored, emergency-hotfix, explicit-skip}`; free-text replaced with `invalid-enum` forensic sentinel per Codex iter-1 P2 #1), `session_id`, `project`, `event_schema`, `ts`. PLAN-104 Wave A. Sec MF-3 allowlist `_PERSONA_DEMAND_WAIVED_ALLOWLIST`. |
297
+ | `ceo_boot_emitted` (v2.17) | `action`, `gate_pass` (bool), `duration_ms` (int), `checks_total` (int), `checks_failed` (int), `cache_hit` (bool), `session_id`, `project`, `event_schema`, `ts`. PLAN-065 Phase 2 / ADR-098 (S82 ceremony lote, 2026-05-04) — emitted by `.claude/scripts/ceo-boot.py:main` once per session-boot autopilot invocation. Sec MF-3 field allowlist enforced via `_scrub_ceo_boot_event`: DENIED fields include `tokens`, `cost_usd`, `prompt`, `paths`, `SKILL` content, `env` values (LLM06 side-channel guard). Closes Reality-Ledger fixture #4 (declared-but-not-wired pattern from PLAN-071 Phase 0 baseline detector D4). |
298
+ | `ceo_boot_check_skipped` (v2.17) | `action`, `check_name` (str), `timeout_ms` (int), `session_id`, `project`, `event_schema`, `ts`. PLAN-065 Phase 2 / ADR-098 (S82 ceremony lote, 2026-05-04) — emitted by `.claude/scripts/ceo-boot.py:dispatch_parallel` per Tier-S check that exceeds the aggregate timeout budget (CR-MF6 forensic traceability — silently dropped events block forensic reconstruction). Sec MF-3 field allowlist enforced via `_scrub_ceo_boot_event`. |
299
+ | `mcp_canonical_guard_allowed` (v2.18) | `action`, `tool_name` (str — `mcp__*`), `target_path` (str — repo-relative), `reason` (str — sentinel resolver / non-canonical / etc.), `session_id`, `project`, `event_schema`, `ts`. PLAN-070 / ADR-102 (S85 Layer B ceremony, 2026-05-05) — emitted by `.claude/hooks/_lib/mcp/canonical_guard.py:check_mcp_call` on every ALLOW decision for a tool whose name matches `mcp__*`. Sec MF-3 field allowlist (R6-01 tightened) enforced via `_MCP_CANONICAL_GUARD_ALLOWED_ALLOWLIST` in `audit_emit.py`. Closes ADR-095 §gate-#6 NG-06 (custom MCP tools previously bypassed `check_canonical_edit` because the hook only filtered `Edit/Write/MultiEdit/NotebookEdit`). |
300
+ | `mcp_canonical_guard_blocked` (v2.18) | `action`, `tool_name` (str — `mcp__*`), `target_path` (str — repo-relative), `reason` (str — stable enum: `canonical_no_sentinel` / `path_escapes_repo_root_fail_closed` / `blob_authoritative_parse_failed_fail_closed` / `middleware_fault:<ExcName>`), `session_id`, `project`, `event_schema`, `ts`. PLAN-070 / ADR-102 (S85 Layer B ceremony, 2026-05-05) — emitted on every BLOCK decision. Same allowlist as `mcp_canonical_guard_allowed`. Closes ADR-095 §gate-#6 NG-06. |
301
+ | `task_route_advised` (v2.19) | `action`, `contract_id` (str — uuid4), `classification` (str — `S`/`M`/`L`/`XL`), `task_description_hmac` (hex str OR null when salt unavailable per ADR-079), `duration_ms` (int — `time.perf_counter()` measured `classify()` wall-clock), `session_id`, `project`, `event_schema`, `ts`. PLAN-071 / ADR-104 (S87 v1.14.0 ceremony, 2026-05-05) — emitted by `.claude/scripts/task-route.py:main` per advisory invocation (rate-limited 1/10s OR session_end flush per R-SEC U4). Sec MF-3 field allowlist enforced via `_TASK_ROUTE_ADVISED_ALLOWLIST` + `_scrub_ceo_boot_event` helper (allowlist-agnostic). DENIED fields: task description literal, file paths, recommendation text body, environment values, token counts. |
302
+ | `task_route_key_dropped` (v2.19) | `action`, `dropped_keys` (list[str]), `session_id`, `project`, `event_schema`, `ts`. PLAN-071 / ADR-104 — defense-in-depth breadcrumb when `_scrub_ceo_boot_event` strips forbidden caller fields from a `task_route_advised` payload. Anti-allowlist-drift signal (matches `audit_tokens_key_dropped` precedent per ADR-080). |
303
+ | `reality_ledger_finding` (v2.19) | `action`, `detector` (str — closed enum: `runtime_read_missing` / `installable_claim_drift` / `model_assignment_divergence` / `enforcement_commit_unpopulated` / `audit_action_phantom`), `severity` (str — `low`/`medium`/`high`), `confidence_bps` (int 0..1000 — confidence × 1000; canonical_json no-float invariant; recover float via confidence_bps / 1000), `claim_source_sha256` (hex str — sha256 of the claim source content), `finding_count_in_run` (int), `session_id`, `project`, `event_schema`, `ts`. PLAN-071 / ADR-104 — emitted by `.claude/scripts/reality-ledger.py` per detected finding (severity ≥ medium per Phase 4 CI workflow filter). Sec MF-3 field allowlist enforced via `_REALITY_LEDGER_FINDING_ALLOWLIST`. **R-SEC2 contract**: `claim_source_path` is NEVER emitted to audit-log (audit-log + GH issue body use `claim_source_sha256` ONLY; `claim_source_path` is local-stdout-only via `--format markdown` for triage). |
304
+ | `reality_ledger_key_dropped` (v2.19) | `action`, `dropped_keys` (list[str]), `session_id`, `project`, `event_schema`, `ts`. PLAN-071 / ADR-104 — defense-in-depth breadcrumb when `_scrub_ceo_boot_event` strips forbidden caller fields (e.g. `claim_source_path` leak attempt) from a `reality_ledger_finding` payload. |
305
+ | `optimizer_route_recommended` (PLAN-122 WS12) | `action`, `route` (str — closed enum: `passthrough`/`single_agent`/`fanout`), `complexity_bucket` (str), `parallelizable` (int 0/1), `suggested_width` (int 1..8), `prompt_len_bucket` (int 0..3), `kill_switch_state` (str), `session_id`, `project`, `event_schema`, `ts`, plus baseline `tokens_in`/`tokens_out`/`tokens_total`/`hmac`/`hmac_error`. Emitted by `optimizer/recommender.py` via `_skeleton.safe_emit`. Sec MF-3 allowlist `_OPTIMIZER_ALLOWLISTS["optimizer_route_recommended"]`. DENIED: prompt body, file paths, env values. |
306
+ | `fanout_recommended` (PLAN-122 WS12) | `action`, `subtask_count` (int), `suggested_width` (int 1..8), `width_capped` (int 0/1), `budget_governed` (int 0/1), `rate_backoff_applied` (int 0/1), `models_basis` (str ≤200), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC fields. Sec MF-3 allowlist `_OPTIMIZER_ALLOWLISTS["fanout_recommended"]`. |
307
+ | `model_choice_recommended` (PLAN-122 WS12) | `action`, `subtask_index` (int ≥0 — NOT the prompt-derived label; Sec MF-3), `model_recommended` (str — closed model-slug set), `confidence_basis_points` (int 0..1000), `cost_governed` (int 0/1), `fell_back_to_static` (int 0/1), `session_id`, plus baseline `event_schema`/`ts`/`tokens_*`/`hmac`/`hmac_error` added by `_write_event`. Sec MF-3 allowlist `_OPTIMIZER_ALLOWLISTS["model_choice_recommended"]`. |
308
+ | `rag_context_recommended` (PLAN-122 WS12) | `action`, `router_decision` (str), `chunks_returned` (int ≥0), `kill_switch_state` (str), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC fields. Sec MF-3 allowlist `_OPTIMIZER_ALLOWLISTS["rag_context_recommended"]`. |
309
+ | `codex_review_disabled` (PLAN-122 WS12) | `action`, `reason` (str), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC fields. Emitted by the WS-3 Codex phase-gate driver (separate WS) when `CEO_CODEX_REVIEW` is OFF. Sec MF-3 allowlist `_OPTIMIZER_ALLOWLISTS["codex_review_disabled"]`. |
310
+ | `codex_review_invoked` (PLAN-122 WS3) | `action`, `phase_number` (int ≥0), `review_status` (str — closed enum: `passed`/`failed`/`deferred`), `summary_hash` (str — 16-hex sha256 prefix or `none`; NEVER raw Codex summary), `thread_id_redacted` (str — 16-hex sha256 prefix or `none`; NEVER raw thread id), `codex_model` (str slug, e.g. `gpt-5-codex`), `duration_ms` (int ≥0), `violations_found_count` (int 0..9999), `session_id`, `project`, `event_schema`, `ts`, plus baseline `tokens_in`/`tokens_out`/`tokens_total`/`hmac`/`hmac_error` added by `_write_event` AFTER the scrub. PLAN-122 WS3 — per-phase Codex review event (complement of `codex_review_disabled`): emitted once when a Codex review actually RAN (any verdict), via `optimizer.codex_phase_gate.review_phase` → `_skeleton.safe_emit` from `check_pair_rail.py`. Sec MF-3 allowlist `_OPTIMIZER_ALLOWLISTS["codex_review_invoked"]` — caller-supplied fields ONLY. DENIED: raw Codex thread id / summary / prompt / diff, `tokens_*` side channel, the `review_disabled_signal` bool. |
311
+ | `model_routing_advised` (v2.20) | `action`, `archetype` (str), `task_type` (str), `model_recommended` (str), `confidence_basis_points` (int 0..1000 — float-confidence × 1000 normalized at emit time per Codex W1+W2 fix-pack #2), `applied_or_skipped` (str — closed enum: `applied` / `skipped_classify_frontmatter_authoritative` / `skipped_classify_exception` / `advisory_only_no_recommendation` / `advisory_only_classification_emitted`), `override_reason` (str), `session_id`, `project`, `event_schema`, `ts`, plus baseline `tokens_in` / `tokens_out` / `tokens_total` / `hmac` / `hmac_error` per HMAC-chain invariant. PLAN-078 Wave 1 (S89 Fase 1 commit 2cb1472, registered S92 Wave 1b ceremony 2026-05-07) — emitted by `.claude/hooks/check_agent_spawn.py:_emit_model_routing_advisory` per Agent-tool dispatch. Sec MF-3 field allowlist enforced via `_MODEL_ROUTING_ADVISED_ALLOWLIST` in `audit_emit.py`. DENIED fields: raw task description, file paths, prompt body, env values, token counts. |
312
+ | `estimate_drift_detected` (v2.20) | `action`, `plan_id` (str — Owner-visible per ADR-033 §plan-budget precedent), `drift_factor_compute_basis_points` (int — multiplier × 1000; `1234` ≡ 1.234×; floats forbidden by canonical_json invariant per Codex W1+W2 fix-pack #2), `drift_factor_owner_basis_points` (int), `severity` (str — closed enum: `low` / `medium` / `high`), `plan_count_in_run` (int), `systematic_bias_direction` (str — closed enum: `""` / `underestimate` (overrun, factor>1.2) / `overestimate` (underrun, factor<0.83); per Codex W1+W2 fix-pack #3 bidirectional detection), `session_id`, `project`, `event_schema`, `ts`, plus baseline `tokens_in` / `tokens_out` / `tokens_total` / `hmac` / `hmac_error` per HMAC-chain invariant. PLAN-078 Wave 2 / Reality Ledger detector #7 — emitted per per-plan drift detection. Sec MF-3 enforced via `_ESTIMATE_DRIFT_DETECTED_ALLOWLIST` in `audit_emit.py`. DENIED fields: raw commit SHAs, file paths, plan body text, CSV row body. |
313
+ | `estimate_drift_systematic_bias` (v2.20) | `action`, `bias_direction` (str — closed enum: `underestimate` / `overestimate`; defaults to `underestimate` if caller value not in enum), `plans_affected_count` (int), `avg_drift_factor_compute_basis_points` (int — basis-points form, see `estimate_drift_detected`), `avg_drift_factor_owner_basis_points` (int), `session_id`, `project`, `event_schema`, `ts`, plus baseline `tokens_in` / `tokens_out` / `tokens_total` / `hmac` / `hmac_error` per HMAC-chain invariant. PLAN-078 Wave 2 — emitted per cross-plan systematic bias recommendation (cohort-level). Sec MF-3 enforced via `_ESTIMATE_DRIFT_SYSTEMATIC_BIAS_ALLOWLIST` in `audit_emit.py`. Strict 4-caller-field contract. |
314
+ | `ceo_boot_task_candidate_emitted` (v2.21) | `action`, `rank` (int — 1-based ordinal of marker in the boot run; clamped to `[1, 3]`; out-of-range falls back to `0` sentinel), `severity` (str — closed enum: `low` / `medium` / `high`; unknown values become `""` per typed-wrapper input validation), `subject_hash` (str — 12-hex-char prefix of `sha256(NFKC(visible Subject text))`; non-hex chars stripped, length-bounded), `awaiting_confirm` (bool — reserved future flag for "Owner-must-confirm" escape; default `false`; persisted as bool literal), `session_id`, `project`, `event_schema`, `ts`, plus baseline `tokens_in` / `tokens_out` / `tokens_total` / `hmac` / `hmac_error` per HMAC-chain invariant. PLAN-078 Wave 5 (S95 ceremony 2026-05-08) — emitted by `.claude/scripts/ceo-boot.py:_emit_task_candidate_safe` per `<!-- TASKCREATE-CANDIDATE -->` marker block written to stdout when `gate_pass=False AND severity≥medium`. Top-3 max per invocation; dedup via 24h TTL state file under `_lib/filelock`. Sec MF-3 field allowlist enforced via `_CEO_BOOT_TASK_CANDIDATE_EMITTED_ALLOWLIST` in `audit_emit.py`. DENIED fields: subject text body, recommendation body, check name, check stderr/detail, env values, file paths. The orchestrator (Claude running `/ceo-boot`) reconstructs `subject_hash` independently from the visible `Subject:` line via `sha256(NFKC(subject))[:12]` for dedup against the live task list. |
315
+ | `pair_rail_review_passed` (v2.22) | `action`, `target_path` (str ≤300 — repo-relative path of the tool's target), `tool_name` (str ≤50 — `Edit` / `Write` / `MultiEdit`), `codex_duration_ms` (int — wall-clock of Codex MCP invoke), `codex_response_sha256` (str ≤64 — SHA-256 of Codex stdout for forensic trace), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-075 v1.13.x patch (S96-cont-2 ceremony 2026-05-09) / ADR-106 + ADR-110 — emitted by `.claude/hooks/check_pair_rail.py` PreToolUse on Edit\|Write\|MultiEdit against L3+ canonical-guarded paths when Codex MCP returns a clean read-only review (no write-shaped patches). Allow decision granted. Registered with `KERNEL_OVERRIDE` bypass since `audit_emit.py` is in `_KERNEL_PATHS`. |
316
+ | `pair_rail_codex_unavailable` (v2.22) | `action`, `target_path` (str ≤300), `tool_name` (str ≤50), `reason` (str ≤64 — closed enum: `binary_missing` / `connect_timeout` / `spawn_error` / `disabled_via_killswitch`), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-075 v1.13.x patch / ADR-106 — emitted by `.claude/hooks/check_pair_rail.py` when Codex MCP is unavailable. Hook fail-OPENs (allow decision); this breadcrumb provides forensic trace for fail-open paths. |
317
+ | `pair_rail_codex_violation` (v2.22) | `action`, `target_path` (str ≤300), `tool_name` (str ≤50), `violation_type` (str ≤64 — closed enum: `unified_diff_detected` / `apply_patch_envelope` / `json_patch_rfc6902` / `mcp_write_tool_call`), `codex_response_sha256` (str ≤64), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-075 v1.13.x patch / ADR-106 + ADR-110 — emitted by `.claude/hooks/check_pair_rail.py` when Codex MCP review returned a write-shaped patch (Codex is read-only by contract). Hook BLOCKs the tool call. |
318
+ | `pair_rail_sentinel_bypass` (v2.22) | `action`, `target_path` (str ≤300), `tool_name` (str ≤50), `sentinel_path` (str ≤300 — path to the sentinel that granted access), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-075 v1.13.x patch / ADR-106 — emitted by `.claude/hooks/check_pair_rail.py` when an Owner-signed sentinel (verified by `check_canonical_edit.py` upstream) grants the L3+ path. Pair-rail review short-circuited; allow decision granted without invoking Codex. |
319
+ | `pair_rail_codex_injection_detected` (v2.23) | `action`, `tool_name` (str ≤50 — `mcp__codex__codex` or `mcp__codex__codex-reply`), `family_ids` (list[str] — sorted unique subset of `harness_mimicry`, `xml_system_tag`, `tool_use_forgery`), `match_count` (int ≥0), `first_offset_bucket` (str — closed enum `0-100` / `100-1k` / `1k-10k` / `10k-100k` / `100k+`), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-081 Phase 1-full / R1 S-Sec-5 (S99 ceremony 2026-05-09) — emitted by `.claude/hooks/check_codex_response.py` PostToolUse on Codex MCP tool responses when ingress sanitization detects prompt-injection patterns. ADVISORY only per ADR-106 (PostToolUse cannot block). Sec MF-3 invariant: NEVER persist raw matched content nor raw offset values — `first_offset_bucket` is the bucketed forensic surface. Registered with `KERNEL_OVERRIDE` bypass since `audit_emit.py` is in `_KERNEL_PATHS`. |
320
+ | `dispatcher_route` (v2.23) | `action`, `archetype` (str ≤64), `rail` (str — closed enum: `pair_rail` / `fallback_claude_only` / `fallback_codex_only`), `reason_code` (str ≤80 — `ok` / `predicate_<id>_fired` / `matrix_sha_mismatch` / `health_prereq_unmet_<u-id>` / `override_coder_<provider>` / `override_reviewer_<provider>` / `invalid_coder_override_<sanitized>` / `invalid_reviewer_override_<sanitized>`), `coder` (str ≤32 — closed enum: `claude` / `codex`), `reviewer` (str ≤32 — closed enum: `claude` / `codex` / empty when fallback), `coder_model` (str ≤32 or null), `reviewer_sandbox` (str ≤32 — closed enum: `read-only` / `workspace-write` / `danger-full-access`), `fallback_provider` (str ≤32), `matrix_sha256_prefix` (str — 16-hex prefix only; raw digest forbidden), `matrix_sha256_match` (bool — true iff CEO_PAIR_RAIL_MATRIX_SHA256 env set AND matched loaded matrix), `wall_clock_ms` (int ≥0 — Codex iter 1 P0-1: integer milliseconds, NOT float seconds; canonical_json no-float invariant), `retry_at_timeout_ms` (int ≥0 OPTIONAL — present when codex.py classifier escalated simple→audit), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-081 Phase 2 (S100 ceremony 2026-05-10) — emitted by `.claude/scripts/inject-agent-context.sh --pair-mode` per archetype dispatch via `routing-matrix.yaml`. Source action for `codex_latency_p95_s` predicate aggregator (divide `wall_clock_ms` by 1000 to recover seconds). T-4 archetype-spoofing forensic trail (`dispatcher-routes-summary` Phase 6 audit-query.py sub-command). Sec MF-3 invariant: NEVER persist task description / archetype profile body / skill content / raw file paths. Registered with `KERNEL_OVERRIDE` bypass since `audit_emit.py` is in `_KERNEL_PATHS`. |
321
+ | `pair_rail_case` (v2.23) | `action`, `case` (str — closed enum: `A` / `B` / `C` / `D` / `E` / `F` per spec.md §11 asymmetric matrix), `claude_verdict` (str — closed enum: `PASS` / `BLOCK`), `codex_verdict` (str — closed enum: `PASS` / `BLOCK` / `ADVISORY` / `TIMEOUT` / `MALFORMED`), `tool_name` (str ≤32 — closed enum: `Edit` / `Write` / `MultiEdit` / `NotebookEdit` / `unknown`), `file_path_hash_prefix` (str — 16-hex SHA-256 prefix of target file path; raw path forbidden per LLM06 side-channel guard), `precondition_met` (bool — Case-B requires file:line cited + rubric_violation_id ∈ catalogue + severity ∈ {P0, P1}), `rubric_violation_id` (str ≤64 — enumerated ID from `.claude/policies/rubric-violation-catalogue.yaml` or empty when not Case-B; free-form rubric IDs are sanitized to `unknown_rubric_id`), `severity` (str — closed enum: `P0` / `P1` / empty), `jaccard_similarity_bucket` (str — closed enum: `<=0.3` / `0.3-0.5` / `0.5-0.8` / `>0.8` / empty; raw float forbidden per Sec MF-3), `human_triage_grace_h` (int ≥0 — hours remaining in 24h grace window per R1 S-TDE-4; 0 = grace expired = closes-as-advisory; CEO_PAIR_RAIL_HUMAN_TRIAGE_HOURS env override), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-081 Phase 3 (S100 ceremony 2026-05-10) — emitted by `.claude/hooks/check_pair_rail.py:_decide_with_matrix()` once per Pair-Rail PreToolUse evaluation that reaches the matrix arm (write tool + L3+ path + no sentinel bypass). Source action for `fp_rate_30d` and `disagreement_rate_30d` predicate aggregators. ADR-107 + ADR-108 ACCEPTED gate. Sec MF-3 invariant: NEVER persist raw Codex review body / proposed-content / file path. Registered with `KERNEL_OVERRIDE` bypass since `audit_emit.py` is in `_KERNEL_PATHS`. |
322
+ | `pair_rail_promotion` (v2.23) | `action`, `run_id` (str ≤36 — UUID hex), `verdict` (str — closed enum: `PASS` / `PASS_AFTER_RETRY` / `TRIAGE` / `FAIL`), `corpus_n` (int ≥0), `corpus_manifest_sha` (str — 16-hex prefix), `catch_rate_num` (int ≥0), `catch_rate_den` (int ≥1), `fp_rate_bucket` (str — closed enum: `<=15%` / `15-30%` / `>30%` / empty), `schema_adherence_pct_bucket` (str — closed enum: `100%` / `95-99%` / `<95%` / empty), `rubric_gap_pp_bucket` (str — closed enum: `<=0pp` / `0-5pp` / `5-10pp` / `>10pp` / empty), `codex_cli_version` (str ≤32), `python_version` (str ≤16), `git_head_sha_prefix` (str — 12-hex prefix), `pass_2_retry_used` (bool), `manual_triage` (bool), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. PLAN-081 Phase 4 (S100 ceremony 2026-05-10) — emitted by `.claude/scripts/run-promotion-gate.py` at end of each locked-corpus promotion-gate run. Source for `u7_rubric_gap_pp` predicate aggregator. ADR-111 ACCEPTED gate. Sec MF-3 invariant: NEVER persist raw fixture content / Codex review body / proposed-content. Registered with `KERNEL_OVERRIDE` bypass. |
323
+ | `token_budget_guard_paused` (v2.24) | `action`, `plan_id` (str — `^PLAN-[0-9]{3}$`), `estimate_tokens` (int ≥0), `actual_tokens` (int ≥0), `ratio_basis_points` (int ≥0 — actual/estimate×1000, canonical_json no-float invariant), `threshold_basis_points` (int ≥0), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/scripts/token-budget-guard.py` when cumulative plan tokens cross threshold × estimate from sub-agent 0.2 token-estimator. Volume cap ≤10/hr sliding window per AC5c. Sec MF-3 invariant: NEVER persist token TEXT content, prompt body, file paths, estimator metadata, env values. PLAN-083 Wave 0b sub-agent 0.4 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
324
+ | `anti_ceo_overhead_block` (v2.24) | `action`, `anti_pattern_id` (str — closed enum from P1-P5 predicate set), `count_in_window` (int ≥0 — events in 5-min sliding window), `override_recommended_subagent_type` (str ≤64 — suggested archetype to delegate to), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/hooks/check_anti_ceo_overhead.py` PreToolUse when CEO-overhead anti-pattern detected (P1 sequential SKILL.md reads / P2 unrelated edits / P3 serial schema authoring / P4 grep-find spam / P5 cross-module tests). Emit budget ≤20/day. Sec MF-3 invariant: NEVER persist tool input content / file paths. PLAN-083 Wave 0a sub-agent 0.5 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
325
+ | `anti_ceo_overhead_override_used` (v2.24) | `action`, `anti_pattern_id` (str), `override_justification_sha` (str — sha256 of justification, raw justification forbidden), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/hooks/check_anti_ceo_overhead.py` when `CEO_OVERHEAD_ACK=1` env override bypasses a block. Forensic trail of bypass usage. PLAN-083 Wave 0a sub-agent 0.5 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
326
+ | `smart_loading_resolved` (v2.24) | `action`, `profile` (str — closed enum: `frontend` / `engine` / `fintech` / `trading-readonly` / `generic`), `active_count` (int ≥0 — skills active after resolver), `suppressed_count` (int ≥0 — dormant/cap-dropped skills), `context_total_tokens` (int ≥0 — sum of context_budget_tokens across active set), `arbitration_dropped_count` (int ≥0 — duplicate-trigger losers), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/scripts/smart-loading-resolver.py` per resolution. Sec MF-3 invariant: NEVER persist skill names / paths / content. PLAN-083 Wave 0b sub-agent 0.7d (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
327
+ | `first_run_wizard_completed` (v2.24) | `action`, `profile` (str — closed enum from `smart_loading_resolved`), `recommendation_count` (int ≥0 — top-3 recommendations rendered), `user_action` (str — closed enum: `Y` / `n` / `customize` / `--no-interactive`), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/scripts/first-run-wizard.py` at end of 4-step detect→explain→recommend→ask flow. Sec MF-3 invariant: NEVER persist skill names / paths / user choices verbatim. PLAN-083 Wave 2 sub-agent 2.1 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
328
+ | `contextual_recommendation_emitted` (v2.24) | `action`, `profile` (str), `recommendation_count` (int ≥0 — strict top-3 cap), `top_score` (int ≥0 — score of #1 recommendation), `suppressed_count` (int ≥0 — dormant filtered + cap-dropped), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/scripts/contextual-recommender.py` per `recommend()` call. Reuses smart-loading-resolver active set + confidence_labels classifier. Sec MF-3 invariant: NEVER persist skill names / file context / user query. PLAN-083 Wave 2 sub-agent 2.2 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
329
+ | `value_dashboard_summarized` (v2.24) | `action`, `period_days` (int ≥1 — rollup window), `cost_usd_int_cents` (int ≥0 — total USD × 100; canonical_json no-float), `bugs_count` (int ≥0 — aggregated across 6 governance actions), `dispatches_count` (int ≥0), `plans_count` (int ≥0 — distinct plan_ids), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/scripts/value-dashboard.py` per `rollup_value()`. Hours-saved estimate framed as ESTIMATE not actual per Codex P1. Sec MF-3 invariant: NEVER persist audit content / file paths / raw cost calculations. PLAN-083 Wave 2 sub-agent 2.4 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
330
+ | `trading_write_override_used` (v2.24) | `action`, `allowed` (bool — true if override granted), `reason` (str ≤32 — closed enum: `ok` / `not_in_trading_profile` / `env_var_missing` / `justification_too_short` / `justification_too_long` / `justification_missing` / `target_path_invalid` / `target_path_is_glob` / `profile_missing` / `profile_malformed` / `risk_class_missing` / `risk_class_unknown` / `kill_switch_status_check`), `target_path_sha256_prefix` (str — 16-hex sha256 prefix of target file path; raw path FORBIDDEN per Sec MF-3 / Codex P0), `justification_sha256_prefix` (str — 16-hex sha256 prefix of Owner-supplied justification; raw justification body NEVER persisted), `justification_length` (int ≥0 — bounded length only, no content), `err_preview` (str ≤80 OPTIONAL — exception preview on path resolution failure; NO raw paths), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/scripts/trading-readonly-guardrails.py` when `check_write_override()` accepts an override. Volume cap ≤5/day per AC5c. Atomic register per S100 L6. PLAN-083 Wave 2 sub-agent 2.7 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
331
+ | `trading_kill_switch_invoked` (v2.24) | `action`, `reason` (str — closed enum: `missing_repo_profile_yaml` / `unknown_needs_confirmation` / `malformed_yaml`), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `.claude/scripts/trading-readonly-guardrails.py` on every `kill_switch_disabled()` read. FAIL-CLOSED invariant: missing repo-profile.yaml DISABLES framework trading actions entirely, does NOT downgrade to generic. Sec MF-3 invariant: NEVER persist file paths / profile content. PLAN-083 Wave 2 sub-agent 2.7 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
332
+ | `trading_kill_switch_disabled` (v2.24) | `action`, `justification_sha256_prefix` (str — 16-hex sha256 prefix of escape-hatch justification.md content; raw body NEVER persisted), `signer_fingerprint_prefix` (str — 16-hex prefix of Owner GPG fingerprint), `signed_new` (bool — true if .asc freshly created, false if reused via idempotency check), `justification_length` (int ≥0 — bounded length), `session_id`, `project`, `event_schema`, `ts`, plus baseline HMAC-chain invariant. Emitted by `scripts/local/trading-readonly-escape-hatch.sh` ceremony only — explicit Owner ceremony to escape FAIL-CLOSED kill-switch. Idempotent (.asc verify → reuse). Sec MF-3 invariant: NEVER persist justification body content. PLAN-083 Wave 2 sub-agent 2.7 (S106 2026-05-11). Atomic 4-source registration per S100 L6 lesson. |
333
+
334
+ | `live_adapter_blocked` (v2.25) | `action`, `provider`, `reason` (enum `{not_in_allowlist, allowlist_unreadable, empty_allowlist}`), `atlas_technique` (str `AML.T0049`), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave C.1 (S111 2026-05-12) — ADR-040 §6.3 live_adapter_allowlist runtime gate. ATLAS mapping: AML.T0049 (Exploit Public-Facing Application). |
335
+ | `credential_blocked_due_to_age` (v2.25) | `action`, `provider`, `age_days` (int ≥0), `max_age_days` (int ≥0), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave C.2 (S111 2026-05-12) — ADR-040 §4 + ADR-040-AMEND-2 credential lifecycle blocking. Paired with raising `CredentialExpired` from `_lib.exceptions`. |
336
+ | `credential_emergency_override_used` (v2.25) | `action`, `provider`, `ticket_id` (str ≤64 — Owner-supplied ops ticket correlation key; raw credential value NEVER persisted), `age_days` (int ≥0), `max_age_days` (int ≥0), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave C.2 (S111 2026-05-12) — ADR-040-AMEND-2 §emergency-override 24h window. As of PLAN-117 WS-A (S176) the override `ticket_id` is sourced SOLELY from the trust-root snapshot and matches `^[A-Z][A-Z0-9]*-\d+$` (letter-led project prefix, e.g. `INC-1234` / `SEV1-42`). |
337
+ | `credential_override_late_set_ignored` (v2.35) | `action`, `provider`, `attempted_var_name` (str — FORCED by the emit_generic dispatch gate to the constant env-var name; NOT caller-supplied, so the rejected override VALUE can never be smuggled through this field), `provenance_hint` (str — closed enum, persisted values: `late_os_environ_set` / `spawn_payload_env` / `subprocess_inherited` / `unspecified`; a caller-supplied value outside the first three is COERCED to `unspecified` at the dispatch gate — the rejected value is never echoed; the Layer-1 consumer only ever emits `late_os_environ_set`, `spawn_payload_env` + `subprocess_inherited` are forward-reserved for Layers 2-3, and `unspecified` is the defensive coercion sentinel), `session_id`, `project`, `event_schema`, `ts`. PLAN-117 WS-A (S176 2026-05-27) — ADR-040-AMEND-2 §Layer-1 forensic: an emergency-override value present in LIVE env but ABSENT from the import-time trust-root snapshot (set post-anchor) was IGNORED, not honored. Live `os.environ` is NOT the override source (snapshot-as-SOLE-source). Constant breadcrumb — rejected value never echoed. |
338
+ | `mcp_bearer_replay_rejected` (v2.25) | `action`, `reason` (enum `{stale_iat, nonce_reused, stale_iat_and_nonce_reused}`), `nonce_prefix` (str ≤8 — 8-hex prefix for correlation; full nonce NEVER persisted), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave C.3 (S111 2026-05-12) — MCP bearer-token replay defense (loopback-only, 60s skew). |
339
+ | `mcp_non_loopback_rejected` (v2.25) | `action`, `remote_addr_family` (enum `{ipv4, ipv6, other}`), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave C.3 (S111 2026-05-12) — handler-entry fail-CLOSED for non-loopback bearer-token requests. Raw remote_addr NEVER logged. |
340
+ | `prompt_injection_detected` (v2.25) | `action`, `atlas_technique` (str `AML.T0051`), `signal` (str ≤64), `family` (str ≤64), `snippet_preview` (str ≤200, redacted), `match_count` (int ≥0), `bytes_scanned` (int ≥0), `triggered_by_tool` (str ≤50), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave G.1b (S111 2026-05-12). ATLAS mapping: AML.T0051 (LLM Prompt Injection). |
341
+ | `secret_leak_detected` (v2.25) | `action`, `atlas_technique` (str `AML.T0024.001`), `signal` (str ≤64), `family` (str ≤64), `snippet_preview` (str ≤200, redacted), `match_count` (int ≥0), `bytes_scanned` (int ≥0), `triggered_by_tool` (str ≤50), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave G.1b (S111 2026-05-12). ATLAS mapping: AML.T0024.001 (Data Exfiltration: LLM Data Leakage). |
342
+ | `pii_redacted_outgoing` (v2.25) | `action`, `atlas_technique` (str `AML.T0048.004`), `signal` (str ≤64), `family` (str ≤64), `match_count` (int ≥0), `bytes_scanned` (int ≥0), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave G.1b (S111 2026-05-12). ATLAS mapping: AML.T0048.004 (Erode ML Model Integrity: User-Injected Information). |
343
+ | `codex_egress_redacted` (v2.25) | `action`, `atlas_technique` (str `AML.T0054`), `signal` (str ≤64), `family` (str ≤64), `match_count` (int ≥0), `bytes_scanned` (int ≥0), `callsite` (str ≤200), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave G.1b (S111 2026-05-12). ATLAS mapping: AML.T0054 (LLM Jailbreak). Composition with Wave B.4 `compute_redaction_inputs` fail-CLOSED inversion. |
344
+ | `canonical_edit_completed` (v2.25) | `action`, `path` (str ≤300 — canonical guard path mutation observed via Bash write-shape operator), `sentinel_hint` (str ≤64 — `unsigned` or `sentinel-active:<N>`), `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave E.4 (S111 2026-05-12) — PostToolUse Bash forensic advisory; emitted by `check_bash_canonical_forensic.py`. NEVER blocks (forensic trail only). |
345
+
346
+ | `canonical_edit_attempted` | `action`, `path` (str ≤300), `sentinel_path` (str ≤300, nullable), `result` (enum `{allowed, blocked}`), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.5 (S107 ceremony). Emitted at canonical-edit hook entry. |
347
+ | `canonical_edit_blocked` | `action`, `path` (str ≤300), `reason` (str ≤120), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.5 (S107 ceremony). |
348
+ | `gpg_signed` | `action`, `signed_path` (str ≤300), `signature_path` (str ≤300), `fingerprint_prefix` (str ≤16), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.5 (S107 ceremony). |
349
+ | `gpg_verified` | `action`, `verified_path` (str ≤300), `fingerprint_prefix` (str ≤16), `result` (enum `{good, bad, no_signers, no_signature}`), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.5 (S107 ceremony). |
350
+ | `sentinel_created` | `action`, `sentinel_path` (str ≤300), `plan_id` (str ≤16), `round_or_wave` (str ≤32), `scope_path_count` (int ≥0), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.5 (S107 ceremony). |
351
+ | `sentinel_verified` | `action`, `sentinel_path` (str ≤300), `fingerprint_prefix` (str ≤16), `target_path` (str ≤300), `result` (enum `{granted, denied, no_scope_match, bad_signature}`), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.5 (S107 ceremony). |
352
+ | `wave_artifact_written` | `action`, `plan_id` (str ≤16), `wave_label` (str ≤32), `artifact_path` (str ≤300), `bytes_written` (int ≥0), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.10 (S107 ceremony) — R2-iter-2 CODEX-P0-2 staging artifact integrity. |
353
+ | `wave_readonly_violation` | `action`, `plan_id` (str ≤16), `wave_label` (str ≤32), `target_path` (str ≤300), `attempted_operation` (str ≤64), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.10. Read-only night discipline. |
354
+ | `pair_rail_outgoing_redaction_applied` | `action`, `tool_name` (str ≤50), `family_ids` (list[str]), `match_count` (int ≥0), `first_offset_bucket` (str closed-enum per pair_rail_codex_injection_detected schema), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 Wave 0.5 (S107) — R1 Sec-P0-2 mirror of pair_rail_codex_injection_detected for outgoing direction. |
355
+ | `estimate_refined` | `action`, `plan_id` (str ≤16), `phase_label` (str ≤32), `prior_estimate_tokens` (int ≥0), `posterior_estimate_tokens` (int ≥0), `delta_pct` (int — can be negative), `session_id`, `project`, `event_schema`, `ts`. PLAN-084 AC12d — Bayesian-ish estimate refinement per phase milestone. |
356
+ | `anthropic_429_observed` (v2.26) | `action`, `model` (str ≤32), `retry_after_s` (int ≥0), `breaker_state` (str — closed enum: `closed` / `open` / `half_open`), `provider` (str ≤16), `session_id`, `project`, `event_schema`, `ts`. PLAN-086 Wave B (S112 2026-05-12) — Anthropic API 429 rate-limit observation by live adapter; advisory (the adapter does its own back-off + breaker bookkeeping). |
357
+ | `codex-reply` (v2.26) | `action`, `session_id` (str ≤36), `chain_step` (int ≥0), `prior_action` (str ≤64), `project`, `event_schema`, `ts`. PLAN-086 Wave C (S112 2026-05-12) — Codex reply session-id chain integrity advisory; emitted when a `mcp__codex__codex-reply` invocation references a session prior emit reported. |
358
+ | `codex_invoke_dispatched` (v2.26) | `action`, `session_id` (str ≤36), `task_class` (str ≤32), `model_advised` (str ≤32), `phase` (str ≤16), `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13). ATLAS: AML.T0050 (LLM Plugin / supply-chain signal). |
359
+ | `git_index_lock_retry` (v2.26) | `action`, `attempt` (int ≥0), `wait_ms` (int ≥0), `outcome` (str — closed enum: `acquired` / `timeout` / `aborted`), `session_id`, `project`, `event_schema`, `ts`. PLAN-086 Wave G (S112 2026-05-12) — git index.lock retry breadcrumb (advisory). |
360
+ | `mcp_canonical_guard_internal_error` (v2.26) | `action`, `tool_name` (str ≤50), `error_class` (str ≤64), `error_brief` (str ≤200 — bounded preview; raw traceback FORBIDDEN), `session_id`, `project`, `event_schema`, `ts`. PLAN-086 Wave D (S112 2026-05-12) — MCP canonical-guard internal-error breadcrumb (fail-open invariant). |
361
+ | `mcp_route_advised` (v2.26) | `action`, `session_id` (str ≤36), `task_class` (str ≤32), `suggested_servers` (str ≤128 — comma-joined bundle of MCP server names), `kill_switch_overrides` (str ≤128), `signal_source` (str — closed enum: `mcp_task_class` / `specialization_promoted` per PLAN-088 R2 iter-2 strict-13 discriminator), `project`, `event_schema`, `ts`. PLAN-086 Wave D (S112 2026-05-12) — MCP routing advisory emitted by `_lib/mcp_routing.resolve()`. PLAN-088 R2 iter-2 single canonical action covers both AUTO-06 MCP routing AND AUTO-10 general→specialized promotion via `signal_source` discriminator. ATLAS: AML.T0050. |
362
+ | `repo_profile_confirmed` (v2.26) | `action`, `profile_slug` (str ≤32), `confidence_basis_points` (int — 0-1000), `caller` (str ≤64), `session_id`, `project`, `event_schema`, `ts`. PLAN-086 Wave H (S112 2026-05-12) — repo-profile detector confirmation breadcrumb. |
363
+ | `subagent_findings_partial_drop` (v2.26) | `action`, `subagent_type` (str ≤64), `expected_count` (int ≥0), `actual_count` (int ≥0), `truncation_reason` (str — closed enum: `token_cap` / `time_cap` / `pipe_break`), `session_id`, `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13) — sub-agent dispatch returned partial findings. ATLAS: AML.T0048. |
364
+ | `thinking_budget_set` (v2.26) | `action`, `model` (str ≤32), `budget_tokens` (int ≥0), `rationale` (str — closed enum: `task_class_default` / `effort_override` / `opted_out_thinking_auto_disable` / `opted_out_multi_model_manual`), `source` (str — closed enum: `caller_kwarg` / `effort_env` / `task_class_default`), `session_id`, `project`, `event_schema`, `ts`. PLAN-086 Wave A R-013 (S112 2026-05-12) — extended-thinking budget configured for live adapter call. |
365
+ | `batch_dispatched` (v2.26) | `action`, `session_id` (str ≤36), `batch_size` (int ≥1), `model` (str ≤32), `policy` (str ≤64), `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13) — batch live-adapter dispatch breadcrumb; reserved for `BatchClaudeLiveAdapter` (PLAN-090 W4.2 production wire). |
366
+ | `cache_discipline_alerted` (v2.26) | `action`, `file_path` (str ≤300), `gate_tier` (str — closed enum: `gate_1` / `gate_2` / `gate_3`), `cost_estimate_basis_points` (int ≥0 — cost-of-invalidation × 1000), `session_id`, `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13) — cache-discipline alert breadcrumb; reserved for cache-tier observation when a Gate-1 file edit invalidates the prompt cache mid-session. |
367
+ | `cookbook_pattern_advised` (v2.26) | `action`, `pattern_slug` (str ≤64), `recommendation_origin` (str — closed enum: `auto_detector` / `manual_invocation` / `audit_query`), `applied` (str — closed enum: `advisory_only` / `applied` / `dismissed`), `session_id`, `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13) — cookbook pattern advisory (SEMI-11; real wire deferred to PLAN-092). |
368
+ | `estimate_calibrator_pipeline_run` (v2.26) | `action`, `plan_id` (str — `^PLAN-[0-9]{3}$`), `iters` (int ≥0), `posterior_mean_ms` (int ≥0), `posterior_p95_ms` (int ≥0), `session_id`, `project`, `event_schema`, `ts`. PLAN-088 Wave 6 (S114 2026-05-13) — Bayesian estimate-calibrator pipeline run; emitted by `_lib/estimation/pipeline.py`. |
369
+ | `first_run_wizard_dispatched` (v2.26) | `action`, `repo_profile` (str ≤32), `wizard_step` (str — closed enum: `detect` / `explain` / `recommend` / `ask`), `applied` (str — closed enum: `Y` / `n` / `customize` / `--no-interactive`), `session_id`, `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13) — first-run wizard dispatch breadcrumb; reserved for SessionStart auto-spawn callsite (PLAN-093 production wire). |
370
+ | `pair_rail_phase_advanced` (v2.26) | `action`, `prior_phase` (str — closed enum: `DISABLED` / `SHADOW` / `DRY_RUN`), `new_phase` (str — closed enum: `DISABLED` / `SHADOW` / `DRY_RUN`), `trigger` (str — closed enum: `env_override` / `sample_threshold` / `manual`), `samples_observed` (int ≥0), `session_id`, `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13) — Pair-Rail phase transition breadcrumb. ACTIVE phase deferred to PLAN-090. ATLAS: AML.T0050. |
371
+ | `tier_policy_misrouting_advised` (v2.26) | `action`, `task_class` (str ≤32), `expected_model` (str ≤32), `actual_model` (str ≤32), `ratio_basis_points` (int ≥0 — misrouting ratio × 1000), `session_id`, `project`, `event_schema`, `ts`. PLAN-088 Wave 1 canonical-13 (S114 2026-05-13) — tier-policy misrouting advisory breadcrumb. PLAN-091 A.1 16th Tier-S check `check_tier_policy_misrouting_24h` queries the 24h audit window for events of this kind. ATLAS: AML.T0048. |
372
+ | `tier_policy_loader_fallback_observed` (v2.34) | `action`, `reason_code` (str — closed enum: `advisory_safety_net` / `bad_mode` / `depth_limit` / `key_count` / `missing` / `not_object` / `open_failed` / `oversize` / `parse_error` / `read_failed` / `schema_mismatch` / `stat_error` / `type_mismatch` / `unknown_model`), `session_id`, `project`, `event_schema`, `ts`. PLAN-116 (S172 2026-05-27) — tier-policy loader advisory-only fallback telemetry. Replaces the PLAN-093 Wave C.3 `tier_policy_misrouting_advised` piggyback (which dropped a free-text `reason` field on every emit → audit-log.errors noise). NO ATLAS technique (loader telemetry, not a detection signal — distinct from `tier_policy_misrouting_advised`'s AML.T0048). |
373
+ | `audit_producer_path_pollution_detected` (v2.36) | `action`, `chokepoint` (str — closed enum: `chain_reset_marker` / `spool_drain`), `reason_code` (str — closed enum: `audit_emit_path_pollution` / `canonical_json_path_pollution` / `audit_hmac_path_pollution`), `path_sha256_prefix` (str — exactly 8 hex chars; sha256 prefix of the resolved non-canonical path), `expected_canonical_prefix` (str — exactly 8 hex chars; sha256 prefix of the canonical `_lib/` dir), `session_id`, `project`, `event_schema`, `ts`. PLAN-118 AC-B5 (S179 2026-05-28) — producer-side fail-CLOSED forensic breadcrumb. Emitted when `audit_hmac._ensure_canonical_lib_modules()` (invoked at chokepoints 1/3/4/5 per PLAN-118 §Producer runtime fail-CLOSED layer) detects that any of `_lib.audit_emit` / `_lib.canonical_json` / `_lib.audit_hmac` resolves to a non-canonical `_lib/` parent on disk (i.e. a stale `_lib` copy has been injected onto `sys.path`). The producer refuses to compute HMAC (fail-CLOSED for the chain — no signed bytes leak under stale canonicalization); the host hook line is written with `hmac:null` + `hmac_error=producer_path_pollution_detected` (fail-OPEN — user session NEVER blocked). NO `__file__` raw echo per [[feedback-closed-enum-breadcrumb-must-not-echo-rejected-value]] (S172) — only sha256[:8] prefixes. NO ATLAS technique (defensive integrity guard, not an attack signal). Registered via kernel-override sentinel `PLAN-118-WS-B-CHOKEPOINTS`. |
374
+ | `tool_call_lifecycle_recorded` (v2.37) | `action`, `session_id`, `project`, `tool_name_enum` (str — CLOSED enum: `Agent` / `Task` / `Bash` / `Edit` / `MultiEdit` / `Write` / `Read` / `Glob` / `Grep` / `WebFetch` / `WebSearch` / `NotebookEdit` / `TodoWrite` / `mcp_other` / `other`; ALL `mcp__<server>__<tool>` collapse to `mcp_other` — the raw MCP tool string is FORBIDDEN on the wire, MF-SEC-1; unknown → `other`), `duration_bucket` (str — CLOSED enum: `lt_100ms` / `b_100ms_1s` / `b_1_10s` / `b_10_60s` / `gt_60s`; the raw `duration_ms` integer is FORBIDDEN — timing side-channel, MF-SEC-3), `success` (bool — `PostToolUseFailure` → false; no marker scan), `orphan` (bool — bounded sweeper sets true when no Post/Failure arrives within T=30s, MF-PERF-3), `event_schema`, `ts`, plus the baseline HMAC chain. PLAN-125 WS-1 (kooky-harvest, S20x) — per-tool-call lifecycle telemetry. Emitted via `emit_tool_call_lifecycle_recorded` on PostToolUse / PostToolUseFailure (success / failure) + the bounded orphan sweeper. Routes through the dedicated `_scrub_*` branch + `_TOOL_CALL_LIFECYCLE_RECORDED_ALLOWLIST` frozenset, NEVER `_EMIT_GENERIC_PASSTHROUGH` (MF-SEC-2). The PreToolUse pairing record is written to a 0600 per-session file and emits NO audit-chain event (MF-SEC-5). DENIED on the wire: raw tool name, raw duration, prompt / command / path / output bodies. NO ATLAS technique (observability telemetry, not a detection signal). |
375
+ | `git_hook_bypass_blocked` (v2.38) | `action`, `session_id`, `project`, `flag_class` (str — CLOSED enum: `no_verify_commit` / `no_verify_other_subcmd` / `hookspath_inline` / `hookspath_config_write` / `git_config_env_channel` / `git_dir_redirect` / `alias_abuse` / `parse_failure` / `escape_hatch_used`; the matched COMMAND BYTES are FORBIDDEN on the wire, MF-G — a flag value such as `-c http.extraHeader="Bearer <secret>"` is a secret; an unrecognized value is COERCED to `parse_failure`), `event_schema`, `ts`, plus the baseline HMAC chain. PLAN-124 WS-1 (ECC value-harvest, S20x) — git hook-bypass guard breadcrumb. Emitted by `check_bash_safety.py` (PreToolUse Bash) via `emit_git_hook_bypass_blocked` when the `_lib/git_bypass.py` tokenizer blocks a `--no-verify` (6 subcommands: commit/push/merge/cherry-pick/rebase/am; `-n` counts only for commit, push `-n` is `--dry-run` and PASSES) / inline `-c core.hooksPath=` / `git config` core.hooksPath WRITE (split attack) / `GIT_CONFIG_COUNT`+`GIT_CONFIG_KEY_<n>` env channel / `--git-dir`/`-C` redirect / `-c alias.X=` smuggle, AND when the proven dual-auth escape hatch (`CEO_GIT_BYPASS_ALLOW` + `_ACK=I-ACCEPT` + ticket regex, read from the import-time `trusted_env` snapshot per ADR-040-AMEND-2 §Layer-1) ALLOWS one (`flag_class=escape_hatch_used`). An unparseable command that clearly invokes git is fail-CLOSED blocked (`parse_failure`, MF-L). Routes through the dedicated `_scrub_*` branch + `_GIT_HOOK_BYPASS_BLOCKED_ALLOWLIST` frozenset, NEVER `_EMIT_GENERIC_PASSTHROUGH` ([[feedback-closed-enum-breadcrumb-must-not-echo-rejected-value]]). DENIED on the wire: the matched flag value, command / message / path bodies. NO ATLAS technique (governance breadcrumb, not a detection signal). |
376
+ | `verify_after_edit_finding` (v2.39) | `action`, `session_id`, `checker` (str — CLOSED enum: `py_compile` / `ruff` / `eslint` / `node_check` / `go_build` / `other`; unrecognized value COERCED to `other`, never echoed), `lang` (str — CLOSED enum: `python` / `js_ts` / `go` / `other`), `finding_count` (int 0..99 — clamped), `project`, `event_schema`, `ts`, plus baseline `tokens_in`/`tokens_out`/`tokens_total`/`hmac`/`hmac_error` added by `_write_event` AFTER the scrub. PLAN-128 §7 (S217) — accelerator catch telemetry. Emitted fail-open by `verify_after_edit.py` (PostToolUse via `accel_dispatch.py`) once per dispatch when ≥1 real finding surfaces. Routes through the dedicated dispatch-gate branch + `_VERIFY_AFTER_EDIT_FINDING_ALLOWLIST` (enum coercion + 0..99 clamp; [[feedback-closed-enum-breadcrumb-must-not-echo-rejected-value]]). DENIED on the wire: file paths, source / diff bodies, checker error text, `tokens_*` side channel. NO ATLAS technique (developer-productivity telemetry, not a detection signal). |
377
+ | `adequacy_gate_flag` (v2.39) | `action`, `session_id`, `flag_reason` (str — CLOSED enum: `no_test_delta` / `weak_assertion` / `uncovered_change` / `other`; unrecognized → `other`), `lang` (str — CLOSED enum: `python` / `js_ts` / `go` / `other`), `flag_count` (int 0..99 — clamped), `project`, `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error` added by `_write_event` AFTER the scrub. PLAN-128 §7 (S217) — accelerator test-adequacy telemetry. Emitted fail-open by `adequacy_gate.py` (opt-in `CEO_ADEQUACY_GATE=1`) when a change's tests weakly constrain it (mutation-kill rate below threshold). Routes through the dedicated dispatch-gate branch + `_ADEQUACY_GATE_FLAG_ALLOWLIST` (enum coercion + 0..99 clamp). DENIED on the wire: file paths, source / AST bodies, `tokens_*` side channel. NO ATLAS technique (developer-productivity telemetry, not a detection signal). |
378
+ | `audit_flush_dropped_count` (v2.27) | `action`, `begin_no_commit`, `commit_no_drained`, `recovered`, `truly_lost`, `tamper_rejected`, `intentionally_deleted`, `event_schema`, `ts`. PLAN-094 / ADR-055-AMEND-1 — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
379
+ | `audit_spool_duplicate_tuple_rejected` (v2.27) | `action`, `spool_uuid`, `record_id`, `ordinal`, `drain_epoch`, `event_schema`, `ts`. PLAN-094 / ADR-055-AMEND-1 — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
380
+ | `audit_spool_intentionally_deleted` (v2.27) | `action`, `spool_uuid`, `spool_pid`, `drain_epoch`, `event_schema`, `ts`. PLAN-094 / ADR-055-AMEND-1 — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
381
+ | `audit_spool_partial_line_discarded` (v2.27) | `action`, `spool_uuid`, `spool_pid`, `drain_epoch`, `byte_offset`, `event_schema`, `ts`. PLAN-094 / ADR-055-AMEND-1 — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
382
+ | `audit_spool_stale_recovered` (v2.27) | `action`, `spool_uuid`, `spool_pid`, `age_seconds`, `events_recovered`, `drain_epoch`, `event_schema`, `ts`. PLAN-094 / ADR-055-AMEND-1 — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
383
+ | `audit_spool_tamper_detected` (v2.27) | `action`, `mismatch_kind`, `spool_uuid`, `spool_pid`, `drain_epoch`, `corrupt_path`, `event_schema`, `ts`. PLAN-094 / ADR-055-AMEND-1 — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
384
+ | `audit_spool_unexpected_skip` (v2.27) | `action`, `spool_uuid`, `spool_pid`, `drain_epoch`, `severity`, `drain_in_recovery_mode`, `event_schema`, `ts`. PLAN-094 / ADR-055-AMEND-1 — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
385
+ | `bash_canonical_bypass_invoked` (v2.27; P1-fix S163) | `action`, `token_hash_prefix`, `target_path_hash`, `ticket_expires_in_s`, `atlas_technique`, `event_schema`, `ts`. PLAN-085 Wave E (S111) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). Sec MF-3 P1 fix (PLAN-113 Codex): `target_path_preview` (raw filesystem path) replaced by `target_path_hash` (12-hex sha256 prefix of the normalized target; no path body persisted). |
386
+ | `capability_rollout_complete` (v2.27) | `action`, `ac_pass_count`, `auto_primitives_enforcing`, `hmac`, `hmac_error`, `project`, `semi_primitives_advisory`, `session_id`, `tag`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099 Federation (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
387
+ | `ceo_boot_persona_coverage_score` (v2.27) | `action`, `score_x100`, `cells_covered`, `total_cells`, `session_id`, `project`, `event_schema`, `ts`. PLAN-091 16th Tier-S check (S115) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
388
+ | `confidence_gate_baseline_emitted` (v2.27) | `action`, `distinct_classes`, `hmac`, `hmac_error`, `insufficient_data_classes`, `project`, `rows_total`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-100 confidence-gate per-class (S139) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
389
+ | `confidence_gate_blocked` (v2.27) | `action`, `_drain_epoch`, `_drain_sha256`, `agent_name`, `blocking_classes`, `fail_count`, `hmac`, `hmac_error`, `ordinal_within_file`, `pid`, `project`, `record_id`, `session_id`, `source`, `spool_uuid`, `tokens_in`, `tokens_out`, `tokens_total`, `wall_ns`, `event_schema`, `ts`. PLAN-100 confidence-gate per-class (S139) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
390
+ | `confidence_gate_fp_drift_detected` (v2.27) | `action`, `_drain_epoch`, `_drain_sha256`, `agent_name`, `auto_demote_at`, `drift_class`, `fpr_bps`, `hmac`, `hmac_error`, `ordinal_within_file`, `pid`, `project`, `record_id`, `sample_n`, `session_id`, `source`, `spool_uuid`, `threshold_bps`, `tokens_in`, `tokens_out`, `tokens_total`, `wall_ns`, `window_days`, `event_schema`, `ts`. PLAN-100 confidence-gate per-class (S139) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
391
+ | `cost_envelope_capped` (v2.27) | `action`, `cap_cents`, `class_tier`, `current_cents`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `window_breached`, `event_schema`, `ts`. PLAN-102 autonomous-loop opt-in (S142) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
392
+ | `execution_context_signed` (v2.27) | `action`, `context_hash`, `hmac`, `hmac_error`, `iteration`, `key_id`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-102 autonomous-loop opt-in (S142) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). **RESERVED — zero producers; cross-process wiring DEFERRED per PLAN-112-FOLLOWUP-execution-context-wire (S154, finding F-1.2-execution_context). Re-wire needs coordinator-exits-scaffold + ADR-133-AMEND-1.** |
393
+ | `execution_context_validation_failed` (v2.27) | `action`, `context_hash`, `failure_reason`, `hmac`, `hmac_error`, `iteration`, `key_id`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-102 autonomous-loop opt-in (S142) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). **RESERVED — zero producers; cross-process wiring DEFERRED per PLAN-112-FOLLOWUP-execution-context-wire (S154, finding F-1.2-execution_context). Re-wire needs coordinator-exits-scaffold + ADR-133-AMEND-1.** |
394
+ | `federation_autonomous_call_blocked` (v2.27) | `action`, `call_site`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
395
+ | `federation_cert_expiry_warned` (v2.27) | `action`, `peer_id`, `days_remaining`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
396
+ | `federation_cert_revoked` (v2.27) | `action`, `peer_id`, `reason`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
397
+ | `federation_cert_rotated` (v2.27) | `action`, `peer_id`, `old_fingerprint_prefix`, `new_fingerprint_prefix`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
398
+ | `federation_connection_accepted` (v2.27) | `action`, `peer_id`, `client_ip`, `fed_correlation_id`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
399
+ | `federation_connection_rejected` (v2.27) | `action`, `reason`, `peer_id_cert_fingerprint`, `client_ip`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
400
+ | `federation_connection_replay_suspected` (v2.27) | `action`, `peer_id`, `reason`, `client_ip`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
401
+ | `federation_enable_sentinel_invalid` (v2.27) | `action`, `sentinel_kind`, `reason`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
402
+ | `federation_lan_bind_denied` (v2.27) | `action`, `bind_host`, `resolved_ip`, `reason`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
403
+ | `federation_write_attempt_blocked` (v2.27) | `action`, `method`, `path`, `peer_id_cert_fingerprint`, `client_ip`, `fed_correlation_id`, `session_id`, `project`, `event_schema`, `ts`. PLAN-099 Federation MVP / ADR-129 / ADR-135 (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
404
+ | `goap_cycle_detected` (v2.27) | `action`, `state_hash`, `explored`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
405
+ | `goap_depth_exceeded` (v2.27) | `action`, `state_hash`, `depth`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
406
+ | `goap_disabled_by_env` (v2.27) | `action`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
407
+ | `goap_edge_explored` (v2.27) | `action`, `from_state_hash`, `action_id`, `cost`, `frontier_size`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
408
+ | `goap_recommendation_accepted` (v2.27) | `action`, `plan_id`, `action_id`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
409
+ | `goap_recommendation_overridden` (v2.27) | `action`, `plan_id`, `original_action_id`, `dispatched_action_id`, `override_type`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
410
+ | `goap_recommendation_rendered` (v2.27) | `action`, `plan_id`, `action_ids_csv`, `actions_rendered_count`, `goal_verb`, `goal_text_hash`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
411
+ | `goap_replan_exhausted` (v2.27) | `action`, `attempt`, `session_id`, `project`, `plan_id`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
412
+ | `goap_replan_triggered` (v2.27) | `action`, `attempt`, `state_hash`, `session_id`, `project`, `plan_id`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
413
+ | `goap_search_aborted` (v2.27) | `action`, `reason`, `explored`, `elapsed_ms`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
414
+ | `goap_search_summary` (v2.27) | `action`, `explored`, `cycles_rejected`, `terminus`, `elapsed_ms`, `plan_depth`, `session_id`, `project`, `event_schema`, `ts`. PLAN-098 GOAP A* planner / ADR-132 (S132) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
415
+ | `kernel_extension_landed` (v2.27) | `action`, `plan_id`, `wave`, `entries_added`, `cardinality_after`, `ceremony_sha`, `atlas_technique`, `event_schema`, `ts`. PLAN-106 burndown sweep (S143) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
416
+ | `kill_switch_invoked` (v2.27) | `action`, `env_value`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099 Federation Tier-C kill-switch (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
417
+ | `mcp_bearer_friction_observed` (v2.27) | `action`, `failure_reason`, `hmac`, `hmac_error`, `mcp_server`, `project`, `replay_suspected`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-085 Wave C.3 (S111) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
418
+ | `mcp_cross_tenant_denied` (v2.27) | `action`, `handler`, `caller_client_id_hash`, `target_client_id_hash`, `transport`, `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave C.3 (S111) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
419
+ | `mcp_soak_fpr_breach` (v2.27, amended S163) | `action`, `window_days`, `fpr_observed_bps`, `threshold_bps`, `top_deny_reason`, `session_id`, `project`, `event_schema`, `ts`. PLAN-085 Wave G.1b (S111) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). Float fields re-encoded as int (×10000 bps) per canonical_json no-float invariant (S163 PLAN-113 Phase B). |
420
+ | `output_scan_finding_suppressed` (v2.27) | `action`, `command_sha`, `family`, `hmac`, `hmac_error`, `pattern_id`, `project`, `repo_path_hash`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `ttl_hours_remaining`, `event_schema`, `ts`. PLAN-106 Wave H output_scan_dedup (S143) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
421
+ | `persona_auto_decision_emitted` (v2.27) | `action`, `atlas_technique`, `decision`, `decision_rationale`, `hmac`, `hmac_error`, `persona`, `primitive`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-105 GOAP instrumentation (S135) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
422
+ | `persona_auto_rate_capped` (v2.27) | `action`, `dropped_count`, `hmac`, `hmac_error`, `persona`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-105 GOAP instrumentation (S135) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
423
+ | `persona_coverage_synthesized` (v2.27) | `action`, `archetype`, `cell_id`, `hmac`, `hmac_error`, `project`, `session_id`, `source`, `task_type`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-106 Wave C persona_coverage wire-up (S143) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
424
+ | `phase_c_enforcing_flipped` (v2.27) | `action`, `hmac`, `hmac_error`, `migration_phase`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `ts_unix`, `event_schema`, `ts`. PLAN-104 persona-demand ledger Phase 2 (S136) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
425
+ | `rag_auto_wire_skipped_sidecar_down` (v2.27) | `action`, `reason`, `session_id`, `project`, `event_schema`, `ts`. PLAN-097 RAG + first C2 vector-memory sidecar (S131) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
426
+ | `rag_false_large_demoted` (v2.27) | `action`, `false_large_rate_x100`, `window_days`, `session_id`, `project`, `event_schema`, `ts`. PLAN-097 RAG + first C2 vector-memory sidecar (S131) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
427
+ | `rag_hit_rate_degraded` (v2.27) | `action`, `hit_rate_x100`, `window_days`, `session_id`, `project`, `event_schema`, `ts`. PLAN-097 RAG + first C2 vector-memory sidecar (S131) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
428
+ | `rag_profile_recommended` (v2.27) | `action`, `profile`, `decision`, `session_id`, `project`, `event_schema`, `ts`. PLAN-097 RAG + first C2 vector-memory sidecar (S131) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
429
+ | `rag_query_routed` (v2.27) | `action`, `query_class`, `result`, `latency_ms_p50`, `session_id`, `project`, `event_schema`, `ts`. PLAN-097 RAG + first C2 vector-memory sidecar (S131) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
430
+ | `sentinel_signer_expiry_warned` (v2.27) | `action`, `key_id`, `days_remaining`, `expires_at_iso`, `atlas_technique`, `event_schema`, `ts`. PLAN-099 Federation (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
431
+ | `sentinel_signer_quorum_attempted` (v2.27) | `action`, `distinct_signers`, `threshold_required`, `outcome`, `source`, `atlas_technique`, `event_schema`, `ts`. PLAN-099 Federation (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
432
+ | `sentinel_signer_quorum_failed` (v2.27) | `action`, `key_id`, `reason`, `source`, `distinct_signers`, `threshold_required`, `atlas_technique`, `event_schema`, `ts`. PLAN-099 Federation (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
433
+ | `sentinel_signer_revoked` (v2.27) | `action`, `key_id`, `key_type`, `revoked_by`, `reason`, `atlas_technique`, `event_schema`, `ts`. PLAN-099 Federation (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
434
+ | `sentinel_signer_rotated` (v2.27) | `action`, `key_id`, `key_type`, `rotated_from_key_id`, `rotated_by`, `atlas_technique`, `event_schema`, `ts`. PLAN-099 Federation (S134) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
435
+ | `skill_cache_stats` (v2.27) | `action`, `hits`, `misses`, `evictions`, `size_bytes`, `duration_ms`, `event_schema`, `ts`. PLAN-094 Wave B.6 / R2 P1-8 (S121) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
436
+ | `streaming_rate_capped` (v2.27) | `action`, `dropped_count`, `hmac`, `hmac_error`, `persona`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-086 Wave A streaming primitives (S112) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
437
+ | `streaming_token_yielded` (v2.27) | `action`, `atlas_technique`, `hmac`, `hmac_error`, `persona`, `project`, `session_id`, `token_length`, `token_preview`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-086 Wave A streaming primitives (S112) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
438
+ | `stdlib_violation` (v2.28) | `action`, `violation_count`, `event_schema`, `ts`. PLAN-107 v1.38.0 Wave B.4 (S145 2026-05-19) — orphan emit register via kernel-override sentinel `PLAN-107-WAVE-B-ORPHAN-REGISTER`. Tracks `.claude/scripts/check-stdlib-only.py` invocations that detect stdlib violations; previously silently dropped via fail-open before `_KNOWN_ACTIONS` registration. |
439
+ | `swarm_layer_3_4_blocked` (v2.23) | `action`, `class_tier`, `reason_code`, `loop_id`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-102-FOLLOWUP v1.38.2 Wave B (S145 2026-05-19) — Layer 3+4 gate block emit via kernel-override sentinel `PLAN-102-FOLLOWUP-WAVE-A-AUDIT-EMIT-EXTENSION`. Emitted by `_emit_swarm_layer_3_4_blocked` in `swarm/loop_runner.py` when `is_class_enabled(class_tier)` returns `(False, <reason>)` AND `CEO_SWARM=1` (Layer-1 swarm-on env). 6-layer kill-switch chain per ADR-133 §Part 1 §6. LLM06 producer-boundary: `loop_id` charset `^[A-Za-z0-9_-]+$`, ≤64 chars, fail-open drop on invalid. |
440
+ | `swarm_paused_owner_absent` (v2.27) | `action`, `hmac`, `hmac_error`, `last_owner_read_iso`, `loop_duration_hours`, `project`, `session_id`, `swarm_pid`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-102 autonomous-loop weekend-burn (S142) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
441
+ | `swarm_runaway_suspected` (v2.27) | `action`, `hmac`, `hmac_error`, `iteration_count_24h`, `project`, `session_id`, `threshold`, `tokens_in`, `tokens_out`, `tokens_total`, `triggering_class`, `event_schema`, `ts`. PLAN-102 autonomous-loop opt-in (S142) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
442
+ | `task_route_ground_truth_label` (v2.27) | `action`, `contract_id`, `ground_truth_class`, `ground_truth_source`, `annotation_confidence_bps`, `session_id`, `project`, `event_schema`, `ts`. PLAN-101 Wave B / ADR-104-AMEND-1 §E (S141) — registered via PLAN-107 v1.38.0 SPEC v1 backfill (S145). |
443
+ | `federation_audit_event_pushed` (v2.29) | `action`, `peer_id`, `event_action`, `hmac_ok`, `origin_overwritten`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.3 / ADR-135-AMEND-1 §6 — federation write-mode `/audit-event` ingest success path. ATT&CK T1565 (Data Manipulation). Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
444
+ | `federation_audit_event_pushed_batch` (v2.29) | `action`, `peer_id`, `batch_size`, `accepted_count`, `rejected_count`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.3 / ADR-135-AMEND-1 §6 — federation write-mode `/audit-event` batch-ingest aggregate counts (per-event details still emitted as `federation_audit_event_pushed` or `federation_event_action_blocked`). Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
445
+ | `federation_audit_log_backpressure` (v2.29) | `action`, `p99_latency_ms`, `window_seconds`, `action_taken`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.1 / ADR-135-AMEND-1 §6 — federation audit-log append-latency backpressure signal (server emits 503 + throttles writes when p99 > 100ms over 30s window). ATT&CK T1499 (Endpoint DoS). `action_taken` closed enum {`throttled_503`, `queue_paused`, `recovered`}. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
446
+ | `federation_cert_rotated` (v2.29) | `action`, `peer_id`, `old_der_sha256_prefix`, `new_der_sha256_prefix`, `spki_preserved`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-135-AMEND-1 §3 — supersedes the v2.27 MVP shape at line 293. Field renames: `old_fingerprint_prefix` -> `old_der_sha256_prefix`; `new_fingerprint_prefix` -> `new_der_sha256_prefix`. NEW caller field `spki_preserved` (bool) carries the rotation-integrity invariant (SPKI preserved across cert rotation per ADR-135-AMEND-1 §3; `spki_preserved=False` is a red flag — emit `federation_spki_fingerprint_mismatch` alongside). Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
447
+ | `federation_cert_validity_window_too_large` (v2.29) | `action`, `peer_id`, `not_before_iso`, `not_after_iso`, `duration_days`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-135-AMEND-1 §3 — advisory emit when peer cert validity window exceeds the policy ceiling (default 90 days). Does NOT block cert pinning. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
448
+ | `federation_event_action_blocked` (v2.29) | `action`, `peer_id`, `event_action`, `reason_code`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.3 / ADR-135-AMEND-1 §6 — peer-submitted event carries `action` not in `peers.yaml: audit_event_push_allowlist`. ATT&CK T1565 (Data Manipulation). `reason_code` closed enum {`action_not_allowed`, `action_unknown`, `action_kernel_only`}. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
449
+ | `federation_hmac_secret_rotated` (v2.29) | `action`, `peer_id`, `rotation_reason_code`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-135-AMEND-1 §6 — peer HMAC secret rotated via Owner-co-sign sentinel. `rotation_reason_code` closed enum {`scheduled`, `compromise_suspected`, `owner_initiated`, `key_floor_floor_raise`}. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
450
+ | `federation_key_floor_rejected` (v2.29) | `action`, `peer_id`, `key_type`, `key_bits`, `curve_name`, `reason_code`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-129-AMEND-1 §3 — peer cert or key fails key-floor policy (minimum RSA 2048 / ECDSA P-256 / Ed25519). ATT&CK T1573 (Encrypted Channel). `key_bits` populated for RSA/DSA; `curve_name` populated for ECDSA. `reason_code` closed enum {`key_too_small`, `curve_not_allowed`, `key_type_not_allowed`, `sig_alg_weak`}. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
451
+ | `federation_key_floor_stale` (v2.29) | `action`, `peer_id`, `key_floor_verified_at_iso`, `advisory_only`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-129-AMEND-1 §4 — peer's key-floor compliance last verified > 30 days ago. `advisory_only=True` during grace-period (per ADR-129-AMEND-1 §4 lift schedule); flips to `False` post-lift. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
452
+ | `federation_message_storm_detected` (v2.29) | `action`, `peer_id`, `route`, `ip_prefix`, `hits_in_window`, `window_seconds`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.1 / ADR-135-AMEND-1 §2.4 — peer exceeded rate limit ≥3 times within 5 minutes; server auto-revokes `audit_event_push` scope for 15 minutes. ATT&CK T1499 (Endpoint DoS). `ip_prefix` is /24 prefix (NOT full IP — LLM06 + GDPR hold). Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
453
+ | `federation_peer_invalid_no_fingerprint` (v2.29) | `action`, `peer_id`, `source_path`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.4 / ADR-135-AMEND-1 §6 — `peers.yaml` loader rejects peer entry lacking required `spki_fingerprint` field (post-lift hard-fail; pre-lift was advisory). Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
454
+ | `federation_peer_registered` (v2.29) | `action`, `peer_id`, `route`, `scopes_count`, `spki_fingerprint_prefix`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.2 / ADR-135-AMEND-1 §2.5 — successful `/peer-register` (Owner co-sign sentinel verified at gate #10). `spki_fingerprint_prefix` is first 16 hex chars of new peer's SPKI (LLM06: full fingerprint NOT logged). Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
455
+ | `federation_peer_registered_collision` (v2.29) | `action`, `peer_id`, `attempted_by_origin_peer_id`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.2 / ADR-135-AMEND-1 §2.5 — `/peer-register` attempted with existing `peer_id`. ATT&CK T1485 (Data Destruction). Append-only registry per attack-rebinding §2.2 mitigation #3. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
456
+ | `federation_peer_revoked_remote` (v2.29) | `action`, `peer_id`, `revoked_by_origin_peer_id`, `reason_code`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.2 / ADR-135-AMEND-1 §2.5 — successful `/peer-revoke` (Owner co-sign sentinel verified). ATT&CK T1485 (Data Destruction). `revoked_by_origin_peer_id` carries the AUTHENTICATED peer-id (server overwrites pre-emit; peer-side claim discarded). `reason_code` closed enum {`compromise_suspected`, `key_floor_violation`, `owner_directive`, `scheduled_decommission`}. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
457
+ | `federation_pin_legacy_used` (v2.29) | `action`, `peer_id`, `route`, `der_fingerprint_prefix`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-135-AMEND-1 §3 — peer connection succeeded via legacy DER-fingerprint pinning (`peers.yaml: pin: <der-sha256>`) rather than preferred SPKI path. ATT&CK T1071.001 (App Layer Protocol — Web Protocols). Advisory; pre-lift deprecation of legacy pin column. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
458
+ | `federation_scope_denied` (v2.29) | `action`, `peer_id`, `route`, `required_scope`, `peer_scopes_count`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.3 / ADR-135-AMEND-1 §2.3 — authenticated peer attempted route requiring scope absent from `peers.yaml: scopes`. `peer_scopes_count` is count only (list itself NOT logged — LLM06 side-channel hold). Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
459
+ | `federation_spki_fingerprint_mismatch` (v2.29) | `action`, `peer_id`, `expected_prefix`, `presented_prefix`, `route`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-135-AMEND-1 §3 — peer's presented SPKI fingerprint does NOT match expected pin in `peers.yaml`. ATT&CK T1556 (Modify Authentication Process). Both `*_prefix` fields are first-16-hex-char prefixes (LLM06: full SPKI not logged). Per attack-rebinding §2.3 mitigation #1. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
460
+ | `federation_tamper_detected` (v2.29) | `action`, `peer_id`, `route`, `tamper_type`, `prev_hash_prefix`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.3 / ADR-135-AMEND-1 §6 — HMAC-mismatch / origin-tag-replay / audit-chain hash break. ATT&CK T1565 (Data Manipulation). `tamper_type` closed enum {`hmac_mismatch`, `origin_tag_replay`, `chain_hash_break`, `canonical_form_drift`}. `prev_hash_prefix` is SHA-256 prefix of previous audit-chain anchor that failed to match. Per attack-rebinding §2.3 mitigation #1 + #4. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
461
+ | `federation_write_disabled_sentinel_invalid` (v2.29) | `action`, `reason_code`, `sentinel_path`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave F.2 / ADR-135-AMEND-1 §5 — server startup detects `write-enabled.md.asc` sentinel present but failing GPG verification or co-sign quorum. Server starts READ-ONLY regardless of `--write-mode` flag. `reason_code` closed enum {`gpg_verify_failed`, `signer_not_authorized`, `quorum_not_met`, `sentinel_corrupt`}. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
462
+ | `federation_write_endpoint_denied` (v2.29) | `action`, `peer_id`, `route`, `gate_failed`, `reason_code`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-099-FOLLOWUP Wave E.2 / ADR-135-AMEND-1 §2 — authenticated peer attempted write-mode endpoint (e.g. `/audit-event`, `/peer-register`, `/peer-revoke`, `/hmac-secret-rotate`) and failed ANY of gates #1-#11. ATT&CK T1485 (Data Destruction). `gate_failed` is integer 1..11 identifying the failing gate; `reason_code` is gate-specific failure code per ADR-135-AMEND-1 §2 table. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION` at v1.39.1. |
463
+ | `protocol_edit_missing_amend_paired` (v2.30) | `action`, `protocol_path`, `amend_present`, `hook_origin`, `class_tier`, `reason_code`, `loop_id`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-110 v1.39.0 Wave D (S147) — advisory emit from `check_protocol_semver_cascade.py` PreToolUse hook when a PROTOCOL.md edit lands without a paired ADR-AMEND-N artifact. Fail-OPEN (never blocks the session). Registered via kernel-override sentinel `PLAN-110-WAVE-D-AUDIT-EMIT-EXTENSION` at v1.39.0. |
464
+ | `chain_reset_marker` (v2.31) | `action`, `previous_archive_path`, `previous_archive_last_hmac`, `rotation_ts`, `rotation_trigger`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-112-FOLLOWUP-hmac-tamper-fix v1.39.4 Wave B.3 (S152) — synthetic genesis entry written as line 1 of every rotation-created fresh audit-log.jsonl per ADR-055-AMEND-2. HMAC anchored at `GENESIS_PREV`. Producer emits atomically under canonical FileLock + writes `audit-log.rotation-manifest.json` sidecar in same lock window. Verifier reads sidecar from log's directory (NOT `_audit_dir_from_env`); sidecar present + line 1 not chain_reset_marker = STATUS_TAMPER `reason: "marker_required_but_absent: audit-log.rotation-manifest.json present but line 1 action is not chain_reset_marker per ADR-055-AMEND-2"`. `rotation_trigger` closed enum {`size_threshold`, `manual`, `owner_rotation`, `quarantine_pre_fix`}; defaults to `size_threshold`. `previous_archive_last_hmac` is forensic metadata (NOT chain link; verifier does NOT walk archives — preserves ADR-055 §Non-goals "log = source of truth"). `previous_archive_last_hmac=""` if recovery fails (best-effort). Registered via kernel-override sentinel `PLAN-112-FOLLOWUP-WAVE-B3-AUDIT-EMIT-EXTENSION` at v1.39.4. |
465
+ | `model_routing_enforced` (v2.32) | `action`, `archetype`, `mode`, `recommended_model`, `killswitch_armed`, `decision`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-112-FOLLOWUP-persona-routing-wire v1.42.0 W1+W2 (S158) — forensic telemetry of the god-mode (persona × primitive) routing-matrix consult in `check_agent_spawn._consult_model_routing_mode()`, emitted AFTER VETO-floor enforcement. CONSULT+AUDIT ONLY — the model-tier BLOCK is DEFERRED (the Agent hook payload exposes no requested-model signal; `metadata.get("model")` is the agent-frontmatter model, not a spawn input). `mode` closed enum {`enforcing`, `advisory`, `disabled`} read off the AUTHORITATIVE `subagent_type`-derived archetype only (NEVER the prompt-regex archetype). `decision` closed enum {`enforce_telemetry`, `advisory`, `eval_error`} — NO `block` value (block deferred per ADR-118; future enable governed by observed-violation volume + FPR, NOT calendar — ADR-095). `killswitch_armed` bool reflects `CEO_GODMODE_ENFORCING=0`; `get_mode()` demotes an enforcing cell to advisory under the kill-switch. `recommended_model` is the best-effort agent-frontmatter model (≤64). NO prompt/description/frontmatter-path content persisted. Sec MF-3 allowlist `_MODEL_ROUTING_ENFORCED_ALLOWLIST` + dispatch-gate scrub. Registered via kernel-override sentinel `PLAN-112-FOLLOWUP-S158-AUDIT-EMIT-EXTENSION`. |
466
+ | `model_routing_eval_error` (v2.32) | `action`, `archetype`, `reason_code`, `decision`, `hmac`, `hmac_error`, `project`, `session_id`, `tokens_in`, `tokens_out`, `tokens_total`, `event_schema`, `ts`. PLAN-112-FOLLOWUP-persona-routing-wire v1.42.0 W1+W2 (S158) — fail-OPEN infra branch of the matrix consult: emitted when `persona_routing` import is unavailable OR `get_mode()`/`is_enforcing()` raises. The spawn is ALLOWED regardless (fail-open per CLAUDE.md §5). `reason_code` carries a short failure tag (e.g. `persona_routing_eval_failed`). `decision` is the constant `eval_error` — the third value of the shared closed enum {`enforce_telemetry`, `advisory`, `eval_error`}, kept consistent with `model_routing_enforced` per AC5 (NO `block` value). NO prompt/description content. Sec MF-3 allowlist `_MODEL_ROUTING_EVAL_ERROR_ALLOWLIST` + dispatch-gate scrub. Registered via kernel-override sentinel `PLAN-112-FOLLOWUP-S158-AUDIT-EMIT-EXTENSION`. |
467
+ | `federation_peer_list_reloaded` (v2.33) | `action`, `peer_count`, `reload_reason`, `source_path`, `hmac`, `hmac_error`, `event_schema`, `ts`. PLAN-112-FOLLOWUP-federation-wire PHASE2 v1.43.0 (S159) — peer-list reload marker so the <60s revocation-propagation SLO (P0-1) is forensically observable (ADR-135-AMEND-2; write-mode ACTIVATION default-OFF). `reload_reason` closed enum {`content_changed`, `parse_error_kept_last_good`}. Registered via kernel-override sentinel `PLAN-112-FOLLOWUP-FEDERATION-WIRE-AUDIT-EMIT-EXTENSION`. NOTE: `emit_generic` does NOT auto-inject `session_id`/`project` (S153 R9 residual — audit-attribution wart, not chain-integrity). |
468
+ | `spec_context_sanitized` (v2.34; P2-fix S163) | `action`, `original_bytes`, `cleaned_bytes`, `truncated`, `sentinel_violations`, `control_chars_stripped`, `bidi_zw_chars_stripped`, `header_escape_count`, `hmac`, `hmac_error`, `event_schema`, `ts`. PLAN-113 Phase B WIRE-DEADMOD v1.45.x (S163) — advisory telemetry from `check_agent_spawn._maybe_sanitize_spec_context()` when a `## SPEC CONTEXT` block is present in the spawn prompt. Kill-switch `CEO_SPEC_CTX_SANITIZER_ENABLED=0`. ADVISORY ONLY — never blocks spawn. `truncated` is int (0 or 1). `sentinel_violations` is the count of sentinel-pattern hits in the block. No prompt content persisted. Sec MF-3 P2 fix (PLAN-113 Codex): removed from `_EMIT_GENERIC_PASSTHROUGH`; routed through explicit `_SPEC_CONTEXT_SANITIZED_ALLOWLIST` scrub branch in `emit_generic`. |
469
+ | `spawn_confidence_advisory` (v2.34; P2-fix S163) | `action`, `action_type`, `confidence_level`, `confidence_marker`, `reason_code`, `is_named_spawn`, `hmac`, `hmac_error`, `event_schema`, `ts`. PLAN-113 Phase B WIRE-DEADMOD v1.45.x (S163) — advisory telemetry from `check_agent_spawn._emit_spawn_confidence_advisory()` classifying the spawn action type via `confidence_labels.classify()`. Kill-switch `CEO_SPAWN_CONFIDENCE_ENABLED=0`. ADVISORY ONLY — never blocks spawn. `action_type` ≤32 chars, `confidence_level` ≤32, `confidence_marker` ≤32 (emoji-free), `reason_code` ≤64. `is_named_spawn` is int (0 or 1). No prompt/description content persisted. Sec MF-3 P2 fix (PLAN-113 Codex): removed from `_EMIT_GENERIC_PASSTHROUGH`; routed through explicit `_SPAWN_CONFIDENCE_ADVISORY_ALLOWLIST` scrub branch in `emit_generic`. |
470
+ | `env_var_hijack_blocked` (v2.41) | `action`, `session_id`, `project`, `hijack_class` (str — CLOSED enum: `linker_preload` / `linker_path` / `runtime_hook` / `linker_other` / `parse_failure`; unrecognized value COERCED to `parse_failure`, never echoed), `event_schema`, `ts`, plus baseline `tokens_in`/`tokens_out`/`tokens_total`/`hmac`/`hmac_error`. PLAN-133 A1 (Goose-harvest) — env-var hijack guard breadcrumb (`LD_PRELOAD`/`DYLD_*`/`LD_LIBRARY_PATH` and kin blocked on Bash). Routes through the dedicated `_scrub_*` branch + `_ENV_VAR_HIJACK_BLOCKED_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the var name, the value, the command bytes. NO ATLAS technique (governance breadcrumb, not a detection signal). |
471
+ | `invisible_unicode_blocked` (v2.41) | `action`, `session_id`, `project`, `surface` (str — CLOSED enum), `unicode_class` (str — CLOSED enum mirroring `spec_context_sanitizer.INVISIBLE_UNICODE_CLASSES`; coerced), `char_count` (int — bounded), `enforced` (bool), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 A2 (Goose-harvest) — invisible/bidi/zero-width Unicode guard breadcrumb on prompt/skill surfaces. Routes through the dedicated `_scrub_*` branch + `_INVISIBLE_UNICODE_BLOCKED_ALLOWLIST` (built on `_FEDERATION_ENVELOPE`). DENIED on the wire: prompt/skill text, the matched characters, any var/value. NO ATLAS technique (governance breadcrumb, not a detection signal). |
472
+ | `egress_destination_detected` (v2.41) | `action`, `session_id`, `project`, `egress_class` (str — CLOSED enum: `network_http` / `ssh_remote` / `cloud_store` / `container_push` / `package_publish` / `raw_socket` / `pair_rail` / `unknown`; coerced to `unknown`), `destination` (str — BARE HOST only; scheme/userinfo/port/path/query re-truncated off before write, ≤253 chars), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 A3 (Goose-harvest) — egress-destination taxonomy telemetry. Routes through the dedicated `_scrub_*` branch + `_EGRESS_DESTINATION_DETECTED_ALLOWLIST`. DENIED on the wire: full URL, path, query, inline credentials. NO ATLAS technique (observability telemetry, not a detection signal). |
473
+ | `quota_exhausted` (v2.41) | `action`, `session_id`, `error_class` (str — CLOSED enum; coerced to `unknown`), `source` (str — CLOSED enum: `subscription_main_loop` / `metered_api` / `subprocess` / `unknown`; coerced), `http_status` (int — bare status, no body), `retryable` (bool), `metered_api_only` (bool), `attempt` (int 0..99 — clamped), `project`, `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 B1 (Goose-harvest) — provider quota/credits-exhaustion telemetry. Routes through the dedicated dispatch-gate branch + `_QUOTA_EXHAUSTED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: `retry_delay`/`Retry-After`/body/header values. NO ATLAS technique (developer-productivity telemetry, not a detection signal). |
474
+ | `eval_task_completed` (v2.41) | `action`, `task_id`, `reward_bps` (int 0..1000 — reward × 1000; canonical_json no-float), `status` (str), `attempts` (int), `flaky` (bool), `tokens` (int), `turns` (int), `event_schema`, `ts`. PLAN-133 C3 (Goose-harvest) — real-task reward-benchmark result for the eval harness (ADR-147). Routes through the dedicated dispatch-gate branch + `_EVAL_TASK_COMPLETED_ALLOWLIST`. NO ATLAS technique (eval telemetry, not a detection signal). |
475
+ | `context_auto_compacted` (v2.41) | `action`, `session_id`, `reason` (str — CLOSED enum mirroring `context-budget.py` REASON_*; coerced), `usage_pct` (int 0..100 — clamped), `reclaim_pct` (int 0..100 — clamped), `turns_since_last` (int), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 D1 (Goose-harvest) — a proactive auto-compaction WAS performed (high/low-water hysteresis). Routes through the dedicated dispatch-gate branch + `_CONTEXT_AUTO_COMPACTED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: raw bytes/tokens/transcript text (only bucketed percentages). NO ATLAS technique (developer-productivity telemetry, not a detection signal). |
476
+ | `context_auto_compact_suppressed` (v2.41) | `action`, `session_id`, `suppress_reason` (str — CLOSED enum: `cooldown` / `reclaim_floor` / `other`; coerced), `usage_pct` (int 0..100 — clamped), `reclaim_pct` (int 0..100 — clamped), `turns_since_last` (int), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 D1 (Goose-harvest) — a would-be auto-compaction was SKIPPED by a gate. Routes through the dedicated dispatch-gate branch + `_CONTEXT_AUTO_COMPACT_SUPPRESSED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: raw bytes/tokens/transcript text. NO ATLAS technique (developer-productivity telemetry, not a detection signal). |
477
+ | `context_middle_out_degraded` (v2.41) | `action`, `session_id`, `reason` (str — CLOSED enum mirroring `context-budget.py` MO_REASON_*; coerced), `rung` (int 0..99 — clamped), `degraded_count` (int), `total_count` (int), `protect_last` (int), `reclaim_bucket` (str — coarse reclaim-tokens bucket), `fits_after` (bool), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 D5 (Goose-harvest) — a middle-out degradation pass elided ≥1 message's middle to fit the context budget. Routes through the dedicated dispatch-gate branch + `_CONTEXT_MIDDLE_OUT_DEGRADED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: message text, tool/agent identity, file paths, raw token totals. NO ATLAS technique (developer-productivity telemetry, not a detection signal). |
478
+ | `context_middle_out_degrade_failed` (v2.41) | `action`, `session_id`, `reason` (str — CLOSED enum mirroring `context-budget.py` MO_REASON_*; coerced), `rung` (int 0..99 — clamped), `degraded_count` (int), `total_count` (int), `protect_last` (int), `reclaim_bucket` (str — coarse reclaim-tokens bucket), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 D5 (Goose-harvest) — the middle-out ladder was exhausted (or no eligible message) and the context STILL overflows; caller must summarize/compact/fail upstream. Routes through the dedicated dispatch-gate branch + `_CONTEXT_MIDDLE_OUT_DEGRADE_FAILED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: message text, tool/agent identity, file paths, raw token totals. NO ATLAS technique (developer-productivity telemetry, not a detection signal). |
479
+ | `adversary_review_flagged` (v2.41) | `action`, `session_id`, `project`, `decision` (str — CLOSED enum: `deny` / `ask` / `advisory` / `allow`; coerced to `advisory`), `rule_class` (str — CLOSED enum: `destructive` / `exfiltration` / `privilege` / `tampering` / `other`; coerced to `other`), `rule_id` (str — author-controlled config token; carries no command bytes), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E1 (Goose-harvest) — adversary-review rule engine breadcrumb (ADR-146; local-rules-only, default-OFF). Routes through the dedicated `_scrub_*` branch + `_ADVERSARY_REVIEW_FLAGGED_ALLOWLIST`. DENIED on the wire: the matched command text, the matched substring, the rule `match`/`regex` source. NO ATLAS technique (governance breadcrumb, not a detection signal). |
480
+ | `supply_chain_advisory_emitted` (v2.41) | `action`, `session_id`, `verdict` (str — CLOSED enum: `BLOCK` / `ALLOW` / `SKIP`), `reason` (str — CLOSED enum: `mal_advisory_present` / `clean` / `unknown` / `malformed_response` / `network_timeout` / `network_error` / `offline` / `disabled` / `no_package`), `ecosystem` (str — CLOSED enum: `npm` / `PyPI` / `other`; coerced to `other`), `package` (str — PUBLIC package identifier), `advisory_count` (int 0..99 — clamped), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E2 (Goose-harvest) — supply-chain (OSV/advisory) gate telemetry. Routes through the dedicated dispatch-gate branch + `_SUPPLY_CHAIN_ADVISORY_EMITTED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: paths, commands, env, error bodies (only public pkg name + published OSV id). NO ATLAS technique (governance telemetry, not a detection signal). |
481
+ | `spawn_tool_scope_violation` (v2.41) | `action`, `session_id`, `rail` (str — CLOSED enum: `tool_scope` / `depth` / `overlap` / `other`), `enforced` (int 0/1 — coerced), `detail` (str — tool-NAMES + counts only; paths are 12-hex sha256 prefixes), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E3 (Goose-harvest) — spawn-rail tool-scope violation breadcrumb. Routes through the dedicated dispatch-gate branch + `_SPAWN_TOOL_SCOPE_VIOLATION_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: raw path / prompt / tool-arg bodies. NO ATLAS technique (governance breadcrumb, not a detection signal). |
482
+ | `spawn_depth_or_overlap_blocked` (v2.41) | `action`, `session_id`, `rail` (str — CLOSED enum: `tool_scope` / `depth` / `overlap` / `other`), `enforced` (int 0/1 — coerced), `count` (int — depth/overlap count), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E3 (Goose-harvest) — spawn-rail depth/overlap block breadcrumb. Routes through the dedicated dispatch-gate branch + `_SPAWN_DEPTH_OR_OVERLAP_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: raw path / prompt / tool-arg bodies. NO ATLAS technique (governance breadcrumb, not a detection signal). |
483
+ | `spawn_file_assignment_recorded` (v2.41) | `action`, `session_id`, `path_hashes` (str — comma-joined 12-hex sha256 prefixes only; any non-hex token silently dropped, ≤512 chars), `path_count` (int), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E3 (Goose-harvest) — spawn `## FILE ASSIGNMENT` provenance breadcrumb (hashed). Routes through the dedicated dispatch-gate branch + `_SPAWN_FILE_ASSIGNMENT_RECORDED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: raw file paths (only 12-hex prefixes). NO ATLAS technique (governance breadcrumb, not a detection signal). |
484
+ | `action_required_held` (v2.41) | `action`, `session_id`, `action_id` (str), `kind` (str — CLOSED enum: `bash_command` / `file_write` / `file_delete` / `spend_over_cap` / `spawn` / `network_egress` / `other`; coerced), `token_sha256` (str — 64-hex confirmation-token hash, else `''` fail-closed), `expires_at` (int/str — expiry), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E6 (Goose-harvest) — HITL confirmation-rail: an action was HELD pending Owner confirmation. Routes through the dedicated dispatch-gate branch + `_ACTION_REQUIRED_HELD_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: the raw command/path/token (only its 64-hex hash). NO ATLAS technique (governance breadcrumb, not a detection signal). |
485
+ | `action_required_resumed` (v2.41) | `action`, `session_id`, `action_id` (str), `token_sha256` (str — 64-hex confirmation-token hash, else `''` fail-closed), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E6 (Goose-harvest) — HITL confirmation-rail: a held action was RESUMED after a valid confirmation. Routes through the dedicated dispatch-gate branch + `_ACTION_REQUIRED_RESUMED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: the raw command/path/token. NO ATLAS technique (governance breadcrumb, not a detection signal). |
486
+ | `action_required_rejected` (v2.41) | `action`, `session_id`, `action_id` (str), `token_sha256` (str — 64-hex confirmation-token hash, else `''` fail-closed), `reject_reason` (str — CLOSED enum: `unknown_token` / `replayed` / `expired` / `session_mismatch` / `action_id_mismatch` / `malformed_request` / `infra_error` / `other`; coerced), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 E6 (Goose-harvest) — HITL confirmation-rail: a resume attempt was REJECTED (bad/replayed/expired token). Routes through the dedicated dispatch-gate branch + `_ACTION_REQUIRED_REJECTED_ALLOWLIST` (built on `_OPTIMIZER_ENVELOPE`). DENIED on the wire: the raw command/path/token. NO ATLAS technique (governance breadcrumb, not a detection signal). |
487
+ | `persistent_instructions_blocked` (v2.41) | `action`, `session_id`, `project`, `reason` (str — CLOSED enum: `ok` / `injection_pattern` / `oversize` / `outside_project_dir` / `other`; coerced to `other`), `family_hits` (int), `bytes_scanned` (int), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 G1 (Goose-harvest) — persistent-instructions guardrail breadcrumb (a `.goosehints`/persistent-instruction file was blocked). Routes through the dedicated `_scrub_*` branch + `_PERSISTENT_INSTRUCTIONS_BLOCKED_ALLOWLIST`. DENIED on the wire: the instruction-file body, the matched line, the resolved path, any env value (no-value-echo). NO ATLAS technique (governance breadcrumb, not a detection signal). |
488
+ | `hint_provenance_recorded` (v2.41) | `action`, `session_id`, `project`, `reason` (str — CLOSED enum: `loaded` / `blocked_injection` / `blocked_oversize` / `read_error` / `other`; coerced to `other`), `rel_dir_depth` (int — directory depth below the repo root ONLY), `family_hits` (int), `bytes_scanned` (int), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-133 G3 (Goose-harvest) — hint-file provenance breadcrumb. Routes through the dedicated `_scrub_*` branch + `_HINT_PROVENANCE_RECORDED_ALLOWLIST`. DENIED on the wire: the hint-file body, the matched line, the path text (absolute OR relative; only the integer depth is persisted). NO ATLAS technique (governance breadcrumb, not a detection signal). |
489
+ | `settings_tamper_detected` (v2.42) | `action`, `session_id`, `project`, `tamper_class` (str — CLOSED enum mirroring `_lib/effective_config.TAMPER_CLASSES`: `settings_tamper_disable_all_hooks` / `settings_tamper_model_remap` / `settings_tamper_endpoint_remap` / `settings_tamper_permission_bypass` / `settings_tamper_hook_count_mismatch` / `settings_tamper_sidecar_redirect` / `other`; coerced to `other`), `layer` (str — CLOSED enum: `user` / `project` / `local` / `managed` / `env` / `disk` / `other`; coerced to `other`), `finding_count` (int — clamped 0..99), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-135 W1 S3 (anthropic-surface-harvest) — `/ceo-boot` Tier-S tamper-tripwire breadcrumb: ONE emit per tamper class detected on the RESOLVED multi-layer settings (incl. the gitignored, sentinel-blind `settings.local.json`) + the import-time env snapshot (trusted_env pattern). Producer: `.claude/scripts/ceo-boot.py` `check_settings_tamper_tripwires` via `emit_generic` (no public typed wrapper — `persona_coverage_synthesized` precedent, S142 R2 iter-1 P1 #3). Routes through the dedicated `_scrub_*` branch + `_SETTINGS_TAMPER_DETECTED_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the finding DETAIL string (endpoint URL / model id / apiKeyHelper path / flag value), any env VALUE (`ANTHROPIC_AUTH_TOKEN` is additionally redacted producer-side). Threat model: PLAN-135/research/THREAT-MODEL-WORKSHEET.md §2 (ADR-003 Path C compensating control). NO ATLAS technique (governance breadcrumb, not a detection signal). |
490
+ | `config_change_observed` (v2.43) | `action`, `session_id`, `project`, `layer` (str — CLOSED enum, settings file surfaces only: `user` / `project` / `local` / `managed` / `other`; coerced to `other`), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-135 W2 H2 (anthropic-surface-harvest) — ConfigChange-guard ALLOW path: a settings-surface config change fired the harness `ConfigChange` event and NO `_lib/effective_config.FORBIDDEN_KEYS` finding was scoped to it (closes the S197 out-of-band-settings-edit observability gap). Producer: `.claude/hooks/check_config_change.py` via `emit_generic` (no public typed wrapper — `settings_tamper_detected` precedent). Routes through the dedicated `_scrub_*` branch + `_CONFIG_CHANGE_OBSERVED_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the changed file's PATH text and BODY, any settings key or value. Honest coverage boundary: H2 is itself a hook — disarmed by the very `disableAllHooks` it polices and blind to edits made outside the harness; compensators = S3 boot tripwires + W5 O10 OTEL hook-execution witness (ADR-153 §H2 coverage boundary). NO ATLAS technique (governance breadcrumb, not a detection signal). |
491
+ | `config_change_forbidden_key` (v2.43) | `action`, `session_id`, `project`, `tamper_class` (str — CLOSED enum mirroring `_lib/effective_config.TAMPER_CLASSES`: `settings_tamper_disable_all_hooks` / `settings_tamper_model_remap` / `settings_tamper_endpoint_remap` / `settings_tamper_permission_bypass` / `settings_tamper_hook_count_mismatch` / `settings_tamper_sidecar_redirect` / `other`; coerced to `other`; the census class never reaches this event in practice — census findings are observe-only by producer design), `layer` (str — CLOSED enum: `user` / `project` / `local` / `managed` / `other`; coerced to `other`), `finding_count` (int — clamped 0..99), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-135 W2 H2 (anthropic-surface-harvest) — ConfigChange-guard ADVISORY-BLOCK path: ONE emit per forbidden-key tamper class scoped to the changed settings layer (`_emit_settings_tamper_detected_safe` shape precedent). Producer: `.claude/hooks/check_config_change.py` via `emit_generic` (no public typed wrapper). Routes through the dedicated `_scrub_*` branch + `_CONFIG_CHANGE_FORBIDDEN_KEY_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the forbidden key's VALUE (endpoint URL / model id / apiKeyHelper path / dangerously-flag value), the effective_config finding DETAIL string, the changed file's path/body. Forbidden-keys single source: `_lib/effective_config.FORBIDDEN_KEYS` (THREAT-MODEL-WORKSHEET §2). NO ATLAS technique (governance breadcrumb, not a detection signal). |
492
+ | `bash_input_rewritten` (v2.43) | `action`, `session_id`, `project`, `rewrite_class` (str — CLOSED enum: `git_push_force_to_lease` / `other`; coerced to `other`), `before_sha256` (str — 64-hex lowercase sha256 of the ORIGINAL command, else `''` fail-closed), `after_sha256` (str — 64-hex lowercase sha256 of the REWRITTEN command, else `''` fail-closed), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-135 W2 H5 (anthropic-surface-harvest; ADR-154 single-rewriter) — corrective `updatedInput` rewrite breadcrumb: `check_bash_safety.py` rewrote a single-subcommand `git push --force`/`-f` command to `git push --force-with-lease` via the PreToolUse `updatedInput` channel and surfaced it as a permission prompt (`permissionDecision: "ask"`, NEVER a silent allow — the corrective rewrite may never degrade an existing BLOCK into an allow, Doctrine 1 corollary). Producer: `.claude/hooks/check_bash_safety.py` via the TYPED wrapper `emit_bash_input_rewritten`. Routes through the dedicated `_scrub_*` branch + `_BASH_INPUT_REWRITTEN_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the command STRING (before OR after the rewrite), the remote URL / refspec, any inline credential — only the closed-enum `rewrite_class` + the before/after sha256 hash PAIR travel (the pair proves audited-cmd == executed-cmd without exposing either; ADR-154 §2). Kill-switch: `CEO_BASH_FORCE_PUSH_REWRITE=0` restores the legacy BLOCK. Single-rewriter invariant (ADR-154 §1): at most ONE rewriting hook per tool-call; downstream hooks see the post-rewrite input. Threat model: PLAN-135/research/THREAT-MODEL-WORKSHEET.md §1. NO ATLAS technique (governance breadcrumb, not a detection signal). |
493
+ | `subagent_lifecycle_observed` (v2.43) | `action`, `session_id`, `project`, `agent_archetype` (str — CLOSED enum, persona-ledger archetype: `code-reviewer` / `security-engineer` / `qa-architect` / `threat-detection-engineer` / `other` / `unknown`; coerced to `other`), `wall_bucket` (str — CLOSED bucket enum: `none` / `low` / `medium` / `high` / `very_high` / `unknown`; coerced to `unknown`), `wall_source` (str — CLOSED enum: `bracketed` / `unknown`; coerced to `unknown`), `token_bucket` (str — same CLOSED bucket enum; coerced to `unknown`), `claim_bucket` (str — same CLOSED bucket enum; coerced to `unknown`), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-135 W2 H3 (anthropic-surface-harvest) — per-agent SubagentStop lifecycle bracket: emitted ONCE per returning sub-agent by `check_fluency_nudge.py` (the SubagentStop H3 extension) after consuming the SubagentStart sidecar written by `check_subagent_start.py` (keyed `sha256(agent_id)[:16]`, popped on read) + the harness-supplied `agent_transcript_path` (line/byte/wall-bounded; only integer usage fields read; realpath-under-`$HOME/.claude` containment). The S227 `modelUsage` forensic reconstruction becomes a live hook emit; feeds the persona-ledger (PLAN-104) via `agent_archetype`. `wall_bucket` is the stop-instant minus the recorded `start_ts` (bracketed; `wall_source=unknown` when the start was never recorded). `token_bucket` brackets the SUM of `input_tokens + output_tokens + cache_creation_input_tokens + cache_read_input_tokens` across the transcript. `claim_bucket` brackets the confidence-marker count the hook already computes. Producer: `.claude/hooks/check_fluency_nudge.py` via the TYPED wrapper `emit_subagent_lifecycle_observed`. Routes through the dedicated `_scrub_*` branch + `_SUBAGENT_LIFECYCLE_OBSERVED_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the RAW token counts, the RAW wall-time seconds, the transcript path/body, the confidence-marker snippets and the raw agent_id — only the closed-enum archetype + the four coarse brackets travel (the bracket is the audit signal; the raw counts stay forensic-private). Kill-switch: `CEO_SUBAGENT_LIFECYCLE=0` (shared by the SubagentStart recorder + this SubagentStop consumer). NO ATLAS technique (governance/accounting breadcrumb, not a detection signal). |
494
+ | `compaction_continuity_snapshot` (v2.43) | `action`, `session_id`, `project`, `trigger` (str — CLOSED enum: `manual` / `auto` / `other`; coerced to `other`), `plan_id` (str — strict `PLAN-NNN` shape, else `unknown`), `chain_length` (int — clamped 0..99999999), `snapshot_outcome` (str — CLOSED enum: `written` / `scratchpad_unavailable` / `error` / `other`; coerced to `other`), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-135 W2 H1 (anthropic-surface-harvest; ADR-153 compaction-continuity) — PreCompact governance snapshot: before the harness compacts a long session (manual `/compact` or auto context-window threshold), `check_precompact_continuity.py` snapshotted plan-id + execution-unit position + pending-ceremony flags to the plan-scoped scratchpad + read the audit HMAC-chain anchor (last-hmac prefix + chain-length). ONE emit per compaction event. Producer: `.claude/hooks/check_precompact_continuity.py` via `emit_generic` (no public typed wrapper — `settings_tamper_detected` precedent). Routes through the dedicated `_scrub_*` branch + `_COMPACTION_CONTINUITY_SNAPSHOT_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the snapshot BODY — the plan path text, the execution-unit checkbox label, the ceremony script paths, the full last-hmac hex (the snapshot lives in the plan-scoped, secrets-redacted scratchpad; the wire carries closed enums + the chain_length counter only). Honest coverage boundary: ADR-153 §H2 (a hook is disarmed by `disableAllHooks`; S3 boot tripwires + W5 O10 OTEL witness are the named compensators). NO ATLAS technique (governance breadcrumb, not a detection signal). |
495
+ | `compaction_context_reinjected` (v2.43) | `action`, `session_id`, `project`, `plan_id` (str — strict `PLAN-NNN` shape, else `unknown`), `snapshot_found` (bool — coerced to `false`), `snapshot_age_s` (int — clamped 0..9999999), `pointer_count` (int — clamped 0..9), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. PLAN-135 W2 H1 (anthropic-surface-harvest; ADR-153 compaction-continuity) — PostCompact governance reinjection: after compaction, `check_postcompact_reinject.py` read the PreCompact snapshot from the plan scratchpad and reinjected governance POINTERS (active PLAN, execution-unit position, Gate-1 re-read reminder, pending ceremonies, HMAC anchor) via `hookSpecificOutput.additionalContext`. POINTERS ONLY — never file CONTENTS (the Option-A prompt-injection surface, ADR-153 §Decision). ONE emit per PostCompact event. Producer: `.claude/hooks/check_postcompact_reinject.py` via `emit_generic` (no public typed wrapper). Routes through the dedicated `_scrub_*` branch + `_COMPACTION_CONTEXT_REINJECTED_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. DENIED on the wire: the reinjected pointer TEXT, the plan path/label, the ceremony paths, the scratchpad body (only the closed enums + counters persist). NO ATLAS technique (governance breadcrumb, not a detection signal). |
496
+ | `admin_key_lifecycle_event` (v2.44) | `action`, `operation` (str — CLOSED enum: `list` / `deactivate` / `incident` / `other` — out-of-enum direct-caller value coerced to `other`, S172), `key_count` (int — optional; on `list` = inventory size, on `incident` = # deactivated), `key_id` (str — optional, `deactivate` only; the `apikey_…` id, NEVER key material), `reason` (str — optional, mutations only; CLOSED enum: `compromise` / `suspicion` / `scheduled` / `other` — out-of-enum coerced to `other`, S172), `rotation_log_appended` (bool — optional, mutations only; true iff the audit-pair `docs/rotation-log.md` row was written), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. All fields OPTIONAL except `action` + `operation`. PLAN-135 W5 o9 (anthropic-surface-harvest; ADR-054-AMEND-1 Anthropic Admin-key tier) — Anthropic Admin API key-lifecycle breadcrumb. Producer: `.claude/scripts/key-hygiene.py` (`_audit_emit` → `emit_generic`); a TRUSTED first-party Owner-run script that pre-redacts every field via `_redact()` before emit. Routed through the dedicated `_ADMIN_KEY_LIFECYCLE_EVENT_ALLOWLIST` scrub branch (Codex R5 P1-2 / PLAN-135-FOLLOWUP; NEVER `_EMIT_GENERIC_PASSTHROUGH`) — `operation`/`reason` enum-coerced (else `other`), `key_id` str-bounded, `key_count` int-clamped. DENIED on the wire: any key MATERIAL (only `apikey_…` ids + counts + closed enums travel). Secondary tamper-evident breadcrumb; the load-bearing audit-pair is the append-only `docs/rotation-log.md` row (written regardless). NO ATLAS technique (governance breadcrumb, not a detection signal). |
497
+ | `statusline_sidecar_write` (v2.44) | `action`, `sidecar_path` (str — abs path of the snapshot just written, never key material), `plan_id` (str\|null — active `PLAN-NNN` derived from `.claude/plans/`, or `+N` multi-marker), `context_pct_bps` (int\|null — context-window used %, integer basis-points 0..10000; HMAC-covered so NEVER float, S181/ADR-055-AMEND-2), `bucket_count` (int — number of `rate_limits` buckets present), `buckets_used_pct_max_bps` (int\|null — highest bucket used %, integer basis-points 0..99900; rate-limit used_pct is capped at 999% upstream so an over-quota burst is preserved, not floored at 100%), `session_id` (str — the statusLine `session_id`), `digest` (str — 12-char material-digest prefix; the debounce key), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. All fields OPTIONAL except `action` (the renderer fires best-effort; any field may be absent when stdin lacked it — e.g. `context_pct_bps`/`rate_limits` null early in a session or on free-tier where `rate_limits` is absent). PLAN-135 W5 o4 (anthropic-surface-harvest) — statusLine sidecar-write breadcrumb. Producer: `.claude/scripts/statusline-ceo.py` (`maybe_emit` → `emit_generic`); a TRUSTED first-party Owner-configured renderer that passes only numbers + enum-ish ids + a digest prefix (the raw statusLine stdin free text is never echoed; the sidecar build drops `transcript_path` and unknown string fields). Routed through the dedicated `_STATUSLINE_SIDECAR_WRITE_ALLOWLIST` scrub branch (Codex R5 P1-2 / PLAN-135-FOLLOWUP; NEVER `_EMIT_GENERIC_PASSTHROUGH`) — `sidecar_path` length-capped (512), numeric/id fields type-bounded. DEBOUNCED: `maybe_emit` fires only when the MATERIAL digest changes AND ≥ `CEO_STATUSLINE_EMIT_INTERVAL_S` (default 300s) elapsed. The load-bearing artifact is the atomic sidecar JSON (always written); this event is a secondary tamper-evident breadcrumb. NO ATLAS technique (observability breadcrumb, not a detection signal). |
498
+ | `model_refusal_observed` (v2.44) | `action`, `provider` (str — e.g. `anthropic`), `model` (str — the request model slug, ≤128 chars), `stop_reason` (const `refusal`), `stop_category` (str — ONLY the closed provider `stop_details.category` vocabulary — e.g. `cyber` / `bio` / `reasoning_extraction` / `frontier_llm` / `""` when absent; ≤64 chars), `http_status` (int — the 2xx the refusal arrived on), `duration_ms` (int), `event_schema`, `ts`, plus baseline `tokens_*`/`hmac`/`hmac_error`. All fields OPTIONAL except `action` + `stop_reason` (the adapter populates `stop_category` only when `stop_details.category` is a string, else `""`). PLAN-135 W5 o7 (anthropic-surface-harvest) — model-refusal observability breadcrumb. Producer: `.claude/hooks/_lib/adapters/live/claude.py` (`_on_response` → `emit_generic` on `stop_reason == "refusal"`); the adapter library itself, routed through the dedicated `_MODEL_REFUSAL_OBSERVED_ALLOWLIST` scrub branch (Codex R5 P1-2 / PLAN-135-FOLLOWUP; NEVER `_EMIT_GENERIC_PASSTHROUGH`) — `stop_reason` const-coerced, `stop_category` ≤64, `http_status`/`duration_ms` int-bounded. DENIED on the wire: `stop_details.explanation` (model free text) is dropped AT THE EMIT SITE and can NEVER reach the audit log — only the closed `stop_details.category` provider vocabulary (truncated ≤64) + provider/model slugs + status/duration ints travel. NO ATLAS technique (observability breadcrumb, not a detection signal). |
499
+ <!-- PLAN-135 W2 H1 — 2 NEW v2.43 actions (compaction_continuity_snapshot + compaction_context_reinjected) registered via the staged PLAN-135 W2 bundle (Owner ceremony); ADR-153 compaction-continuity. Per-action SAFE allowlists _COMPACTION_CONTINUITY_SNAPSHOT_ALLOWLIST / _COMPACTION_CONTEXT_REINJECTED_ALLOWLIST in audit_emit.py; closed-enum trigger/snapshot_outcome + strict PLAN-NNN plan_id + clamped ints + bool only (snapshot body + reinjected pointer text NEVER persisted); deny-by-default scrub; S172 coerce-invalid-to-safe-sentinel. Both via emit_generic (no typed wrapper). Additive per SPEC/v1 rules. -->
500
+ <!-- PLAN-135 W2 H5 — 1 NEW v2.43 action (bash_input_rewritten) registered via the staged PLAN-135 W2 bundle (Owner ceremony); ADR-154 single-rewriter. Per-action SAFE allowlist _BASH_INPUT_REWRITTEN_ALLOWLIST in audit_emit.py; closed-enum rewrite_class + 64-hex hash pair only (command bytes NEVER persisted); deny-by-default scrub; S172 coerce-invalid-to-safe-sentinel. TYPED wrapper emit_bash_input_rewritten. Additive per SPEC/v1 rules. -->
501
+ <!-- PLAN-135 W2 H3 — 1 NEW v2.43 action (subagent_lifecycle_observed) registered via the staged PLAN-135 W2 bundle (Owner ceremony). Per-agent SubagentStop lifecycle bracket; per-action SAFE allowlist _SUBAGENT_LIFECYCLE_OBSERVED_ALLOWLIST in audit_emit.py; closed-enum archetype + 4 coarse buckets only (raw token/wall counts + transcript path/body + agent_id NEVER persisted); deny-by-default scrub; S172 coerce-invalid-to-safe-sentinel. TYPED wrapper emit_subagent_lifecycle_observed. SubagentStart half = check_subagent_start.py (sidecar recorder, NO audit action). Additive per SPEC/v1 rules. -->
502
+ <!-- PLAN-135 W1 S3 — 1 NEW v2.42 action (settings_tamper_detected) registered via the staged PLAN-135 W1 bundle (Owner kernel ceremony). Per-action SAFE allowlist in audit_emit.py; closed-enum + clamped-int only; deny-by-default scrub; S172 coerce-invalid-to-safe-sentinel. Additive per SPEC/v1 rules. -->
503
+ <!-- PLAN-133 (Goose-harvest) — 19 NEW v2.41 actions (env_var_hijack_blocked + invisible_unicode_blocked + egress_destination_detected + quota_exhausted + eval_task_completed + context_auto_compacted + context_auto_compact_suppressed + context_middle_out_degraded + context_middle_out_degrade_failed + adversary_review_flagged + supply_chain_advisory_emitted + spawn_tool_scope_violation + spawn_depth_or_overlap_blocked + spawn_file_assignment_recorded + action_required_held + action_required_resumed + action_required_rejected + persistent_instructions_blocked + hint_provenance_recorded) registered via the staged PLAN-133 bundle. Per-action SAFE allowlists in audit_emit.py; closed-enum / hash / bucketed-int only; deny-by-default scrub; S172 coerce-invalid-to-safe-sentinel. Additive per SPEC/v1 rules. -->
504
+ <!-- PLAN-113 Phase B WIRE-DEADMOD — 2 NEW v2.34 actions (spec_context_sanitized + spawn_confidence_advisory) registered S163 v1.45.x (ADVISORY-ONLY; spawn-prompt telemetry; emitted via emit_generic; kill-switch per action). -->
505
+ <!-- PLAN-112-FOLLOWUP-persona-routing-wire W2 — 2 NEW v2.32 actions (model_routing_enforced + model_routing_eval_error) registered S158 (Tier-2; god-mode matrix consult CONSULT+AUDIT, block deferred). Kernel-override sentinel PLAN-112-FOLLOWUP-S158-AUDIT-EMIT-EXTENSION. -->
506
+ <!-- PLAN-112-FOLLOWUP-hmac-tamper-fix Wave B.3 — 1 NEW v2.31 action (chain_reset_marker) registered S152 (Tier-A; HMAC chain rotation defense-in-depth per ADR-055-AMEND-2). -->
507
+ <!-- PLAN-110 Wave D — 1 NEW v2.30 action (protocol_edit_missing_amend_paired) registered S147 (Tier-A advisory; PROTOCOL.md semver-cascade). -->
508
+ <!-- PLAN-099-FOLLOWUP Wave F.2 — 19 NEW v2.29 actions + 1 in-place field-shape supersede (federation_cert_rotated) registered S148 (Tier-C; first federation write-mode plan). ADR-135-AMEND-1 + ADR-129-AMEND-1. -->
509
+ <!-- PLAN-107 SPEC v1 backfill — 63 NEW v2.27 actions registered S145 (Tier-A); closes residual gaps S107-S128 + S134-S143. -->
510
+ <!-- PLAN-086 v1.20.0 + PLAN-088 v1.22.0 canonical-13 — 16 NEW v2.26 actions backfilled in PLAN-091 v1.22.1 (S115 2026-05-13). -->
511
+ <!-- PLAN-085 Wave C credential lifecycle + Wave G.1b ATLAS + Wave E.4 forensic — 10 NEW v2.25 actions. -->
512
+
513
+ ### Version-label disambiguation (P0-06 fix)
514
+
515
+ The SPEC file tracks **action** additions; `.claude/plans/AUDIT-LOG-SCHEMA.md` §13/14/15 track **field** additions on the existing `agent_spawn` action. Both dimensions evolve independently and can share the same "v2.N" label on different changes. Cross-reference:
516
+
517
+ | Version bump | SPEC (this file — actions) | Internal (AUDIT-LOG-SCHEMA — fields) |
518
+ |---|---|---|
519
+ | v2.7 | session_start / session_end / prompt_submitted / session_stop / output_scan_finding | cache-header + rail (§13) |
520
+ | v2.8 | rag_query_* + rag_index_redacted | model discriminator (§14) |
521
+ | v2.9 | tier_policy_* (9 actions) + tournament_* (8 actions) | hmac chain (§15) |
522
+ | v2.10 | fluency_nudge + skill_reference_read_{mismatch,stale,never_read} | *(no new fields)* |
523
+ | v2.11 | swarm_* (10 actions) + escalation_* (4 actions) | *(no new fields)* |
524
+ | v2.12 | audit_tokens_emitted + audit_tokens_timeout + audit_tokens_key_dropped (PLAN-060 Phase B / SEC-P0-04) | *(no new fields)* |
525
+ | v2.13 | mcp_injection_finding (PLAN-052 / ADR-083) | *(no new fields)* |
526
+ | v2.14 | *(no new actions)* | veto_triggered: `caller` + `session_id` (PLAN-044 audit-v2 P1 #6 — kernel override forensic traceability) |
527
+ | v2.15 | skill_bootstrap_used + skill_bootstrap_post_hash (Session 76 audit-v3 / Codex DIM-04 #1) | *(no new fields)* |
528
+ | v2.16 | replay_capture_started + replay_capture_completed (PLAN-069 Phase 1 / ADR-101) | *(no new fields)* |
529
+ | v2.17 | ceo_boot_emitted + ceo_boot_check_skipped (PLAN-065 Phase 2 / ADR-098 — S82 ceremony lote 2026-05-04) | *(no new fields)* |
530
+ | v2.18 | mcp_canonical_guard_allowed + mcp_canonical_guard_blocked (PLAN-070 / ADR-102 — S85 Layer B ceremony 2026-05-05) | *(no new fields)* |
531
+ | v2.19 | task_route_advised + task_route_key_dropped + reality_ledger_finding + reality_ledger_key_dropped (PLAN-071 / ADR-104 — S87 v1.14.0 ceremony 2026-05-05) | *(no new fields; field allowlists in audit_emit.py)* |
532
+ | v2.20 | model_routing_advised + estimate_drift_detected + estimate_drift_systematic_bias (PLAN-078 Wave 1+W2 / S89 Fase 1 commit 2cb1472, registered S92 Wave 1b ceremony 2026-05-07) | *(no new fields; field allowlists in audit_emit.py)* |
533
+ | v2.21 | ceo_boot_task_candidate_emitted (PLAN-078 Wave 5 / S95 ceremony 2026-05-08 — TaskCreate-candidate orchestration) | *(no new fields; field allowlist `_CEO_BOOT_TASK_CANDIDATE_EMITTED_ALLOWLIST` in audit_emit.py)* |
534
+ | v2.40 | PLAN-132 / ADR-145 (S221) — cross-model Codex review as a recognized `code-reviewer` persona-demand satisfaction modality. NO new actions; adds fields `review_source` (enum `{phase_gate, user_code_auto, adhoc_mcp}`) + `target_ref_hash` (12-hex branch binding) to `codex_review_invoked`, and `match_modality` (enum `{native_spawn, codex_review}`, default `native_spawn`) to `persona_demand_matched`. code-reviewer ONLY; branch-bound (R1) + tight review-intent gate (R2); fail-closed on missing binding. Registered via canonical sentinel + Owner GPG. | `review_source`, `target_ref_hash` (codex_review_invoked); `match_modality` (persona_demand_matched). All closed-enum / hash, S172 coerce-invalid-to-safe-sentinel. |
535
+ | v2.41 | PLAN-133 (Goose-harvest) — 19 NEW actions across the harvested security/finops/eval/context/guardrail waves: A1 `env_var_hijack_blocked`, A2 `invisible_unicode_blocked`, A3 `egress_destination_detected`, B1 `quota_exhausted`, C3 `eval_task_completed`, D1 `context_auto_compacted` + `context_auto_compact_suppressed`, D5 `context_middle_out_degraded` + `context_middle_out_degrade_failed`, E1 `adversary_review_flagged` (ADR-146; local-rules-only default-OFF), E2 `supply_chain_advisory_emitted`, E3 `spawn_tool_scope_violation` + `spawn_depth_or_overlap_blocked` + `spawn_file_assignment_recorded`, E6 `action_required_held` + `action_required_resumed` + `action_required_rejected` (HITL confirmation-rail), G1 `persistent_instructions_blocked`, G3 `hint_provenance_recorded`. Each routes through a dedicated deny-by-default per-action allowlist in `audit_emit.py` (NEVER `_EMIT_GENERIC_PASSTHROUGH`); closed-enum / 64-hex-token-hash / 12-hex-path-prefix / bucketed-int payloads only; out-of-enum values COERCED to a safe sentinel before emit (S172 doctrine, never echoed). ADRs 146/147/148 (PROPOSED). | *(no new fields on existing actions; per-action allowlists `_ENV_VAR_HIJACK_BLOCKED_ALLOWLIST`, `_INVISIBLE_UNICODE_BLOCKED_ALLOWLIST`, `_EGRESS_DESTINATION_DETECTED_ALLOWLIST`, `_QUOTA_EXHAUSTED_ALLOWLIST`, `_EVAL_TASK_COMPLETED_ALLOWLIST`, `_CONTEXT_AUTO_COMPACTED_ALLOWLIST`, `_CONTEXT_AUTO_COMPACT_SUPPRESSED_ALLOWLIST`, `_CONTEXT_MIDDLE_OUT_DEGRADED_ALLOWLIST`, `_CONTEXT_MIDDLE_OUT_DEGRADE_FAILED_ALLOWLIST`, `_ADVERSARY_REVIEW_FLAGGED_ALLOWLIST`, `_SUPPLY_CHAIN_ADVISORY_EMITTED_ALLOWLIST`, `_SPAWN_TOOL_SCOPE_VIOLATION_ALLOWLIST`, `_SPAWN_DEPTH_OR_OVERLAP_ALLOWLIST`, `_SPAWN_FILE_ASSIGNMENT_RECORDED_ALLOWLIST`, `_ACTION_REQUIRED_HELD_ALLOWLIST`, `_ACTION_REQUIRED_RESUMED_ALLOWLIST`, `_ACTION_REQUIRED_REJECTED_ALLOWLIST`, `_PERSISTENT_INSTRUCTIONS_BLOCKED_ALLOWLIST`, `_HINT_PROVENANCE_RECORDED_ALLOWLIST` in `audit_emit.py`)* |
536
+ | v2.42 | PLAN-135 W1 S3 (anthropic-surface-harvest, S231) — 1 NEW action `settings_tamper_detected` (`/ceo-boot` Tier-S settings/env tamper-tripwire breadcrumb; one emit per detected class). Producer: `check_settings_tamper_tripwires` (21st Tier-S check) scanning the RESOLVED multi-layer settings via the shared `_lib/effective_config.py` (user/project/local/managed — incl. the gitignored, sentinel-blind `settings.local.json`) + the import-time env snapshot (trusted_env pattern, check_bash_safety.py precedent). Tamper classes (a)-(e) per PLAN-135/research/THREAT-MODEL-WORKSHEET.md §2: `disableAllHooks`, model remap outside the ADR-149 allowlist, `ANTHROPIC_BASE_URL`/`ANTHROPIC_AUTH_TOKEN`/`apiKeyHelper` endpoint remap, `bypassPermissions`/dangerously-skip flags, registered-vs-on-disk hook census. Advisory fail-open; emitted via `emit_generic` (no public typed wrapper — `persona_coverage_synthesized` precedent). Registered via the PLAN-135 W1 Owner kernel ceremony. | *(no new fields on existing actions; per-action allowlist `_SETTINGS_TAMPER_DETECTED_ALLOWLIST` + closed enums `_SETTINGS_TAMPER_CLASSES` / `_SETTINGS_TAMPER_LAYERS` in `audit_emit.py`)* |
537
+ | v2.43 | PLAN-135 W2 (anthropic-surface-harvest hook wave) — NEW actions for the W2 new-event hooks. H2 ConfigChange guard contributes 2: `config_change_observed` (allow+audit path) + `config_change_forbidden_key` (advisory-block path; one emit per forbidden-key tamper class scoped to the changed settings layer). Producer `check_config_change.py` (ConfigChange event, dual-registered dogfood + template) scanning the RESOLVED multi-layer settings via the shared `_lib/effective_config.py` (forbidden-keys SINGLE SOURCE with W1 S3, THREAT-MODEL-WORKSHEET §2); blocks ONLY on forbidden-key findings (disableAllHooks / endpoint remap / permission bypass / model remap), allows+audits everything else; hook-census findings observe-only. Advisory fail-open §5; kill-switch `CEO_CONFIG_CHANGE_GUARD=0`. Honest coverage boundary in ADR-153 §H2 (itself a hook; S3 tripwires + O10 OTEL witness are the named compensators). H5 (ADR-154 single-rewriter) contributes `bash_input_rewritten` — `check_bash_safety.py` rewrote a single-subcommand `git push --force`/`-f` to `--force-with-lease` via the PreToolUse `updatedInput` channel, surfaced as `permissionDecision: "ask"` (never a silent allow; the rewrite NEVER degrades the legacy BLOCK into an allow — Doctrine 1 corollary); TYPED wrapper `emit_bash_input_rewritten`; closed-enum `rewrite_class` + before/after sha256 hash pair only (command bytes never persisted; kill-switch `CEO_BASH_FORCE_PUSH_REWRITE=0`). H1 (ADR-153) contributes the compaction-continuity pair (`compaction_continuity_snapshot` + `compaction_context_reinjected`). H3 contributes `subagent_lifecycle_observed` — per-agent SubagentStop lifecycle bracket emitted by `check_fluency_nudge.py` (H3 extension) after consuming the SubagentStart sidecar (`check_subagent_start.py`, new SubagentStart event dual-registered) + the harness `agent_transcript_path`; closed-enum `agent_archetype` + four coarse buckets (`wall_bucket`/`wall_source`/`token_bucket`/`claim_bucket`) only; raw token/wall counts + transcript path/body + agent_id never persisted; TYPED wrapper `emit_subagent_lifecycle_observed`; kill-switch `CEO_SUBAGENT_LIFECYCLE=0`. Sibling W2 units' actions consolidate into this row at arc-verify. Registered via the PLAN-135 W2 Owner ceremony. | *(no new fields on existing actions; per-action allowlists `_CONFIG_CHANGE_OBSERVED_ALLOWLIST` / `_CONFIG_CHANGE_FORBIDDEN_KEY_ALLOWLIST` + closed enum `_CONFIG_CHANGE_LAYERS`; H5 `_BASH_INPUT_REWRITTEN_ALLOWLIST` + closed enum `_BASH_REWRITE_CLASSES`; H3 `_SUBAGENT_LIFECYCLE_OBSERVED_ALLOWLIST` + closed enums `_SUBAGENT_LIFECYCLE_ARCHETYPES` / `_SUBAGENT_LIFECYCLE_BUCKETS` / `_SUBAGENT_LIFECYCLE_WALL_SOURCES`; in `audit_emit.py`; `tamper_class` reuses `_SETTINGS_TAMPER_CLASSES`)* |
538
+ | v2.44 | PLAN-135 ARC (anthropic-surface-harvest W5 ops fold) — 3 NEW actions consolidated in the arc layer: `admin_key_lifecycle_event` (o9; `.claude/scripts/key-hygiene.py` Anthropic Admin API key-lifecycle breadcrumb — closed-enum `operation`/`reason` + ids/counts; key material never reaches the emit via producer `_redact()`; load-bearing audit-pair is the append-only `docs/rotation-log.md` row), `statusline_sidecar_write` (o4; `.claude/scripts/statusline-ceo.py` debounced statusLine sidecar-write breadcrumb — numbers + enum-ish ids + 12-char digest only, never the raw stdin), `model_refusal_observed` (o7; `.claude/hooks/_lib/adapters/live/claude.py` `_on_response` model-refusal breadcrumb — closed `stop_details.category` vocabulary ≤64 + provider/model slugs + status/duration ints only; `stop_details.explanation` dropped at the emit site). All three are TRUSTED first-party / adapter-library producers that PRE-REDACT. Registered via the PLAN-135 arc Owner ceremony. **(Hardened in v2.45, Codex R5 P1-2 — moved OFF `_EMIT_GENERIC_PASSTHROUGH` into dedicated per-action `_scrub_*` allowlist branches; see the v2.45 row.)** | *(no new fields on existing actions; as of v2.45 the 3 actions route through dedicated per-action allowlists, not passthrough)* |
539
+ | v2.45 | PLAN-135-FOLLOWUP (Codex R5 P1-2/P1-3, S233) — no new actions, no new fields, `event_schema` stays `v2`. **P1-2:** the 3 W5 arc actions (`admin_key_lifecycle_event`, `statusline_sidecar_write`, `model_refusal_observed`) move OFF `_EMIT_GENERIC_PASSTHROUGH` into dedicated deny-by-default per-action `_scrub_*` allowlist branches in `emit_generic` (`_ADMIN_KEY_LIFECYCLE_EVENT_ALLOWLIST` / `_STATUSLINE_SIDECAR_WRITE_ALLOWLIST` / `_MODEL_REFUSAL_OBSERVED_ALLOWLIST`) with field-allowlist + enum/int VALUE coercion (invisible_unicode_blocked precedent) — the Sec MF-3 boundary now holds against a direct/future `emit_generic` caller, not just the trusted producer. **P1-3:** 1 new closed-enum tamper-class member `settings_tamper_sidecar_redirect` on `settings_tamper_detected` + `config_change_forbidden_key`, mirroring `_lib/effective_config.TAMPER_CLASSES` — a settings-LAYER `CEO_STATUSLINE_SIDECAR` write-path steer (output/exfil-path; detected only in settings layers, not the legitimate Owner launch-env override; the always-on writer also rejects symlink/`..` targets at resolution). Registered via the PLAN-135-FOLLOWUP Owner ceremony. | *(no new fields; the 3 actions gain dedicated allowlists; `_SETTINGS_TAMPER_CLASSES` gains `settings_tamper_sidecar_redirect`)* |
540
+ | v2.46 | PLAN-135-FOLLOWUP-2 (S234) — no new action, no new fields, `event_schema` stays `v2`, `_KNOWN_ACTIONS` unchanged. **HMAC-integrity fix:** the `statusline_sidecar_write` (o4) percentage fields `context_pct` / `buckets_used_pct_max` are RENAMED to `context_pct_bps` / `buckets_used_pct_max_bps` and re-typed `float`->**integer basis-points** (pct*100), mirroring `fpr_observed_bps`/`pass_rate_bps`/`confidence_bps`. RATIONALE: the canonical encoder (`_lib/canonical_json._validate_no_floats`) forbids any float in an HMAC-covered payload (S181 / ADR-055-AMEND-2); the float form failed `sha compute` on EVERY emit since v2.44 and was written with `hmac=null` + `hmac_error` (and a breadcrumb to `audit-log.errors`) — present in the jsonl but EXCLUDED from the verifiable chain (the action had never once entered the signed chain). **Ranges DIFFER (Sec MF-3 input contract):** `context_pct_bps` 0..10000 (source 0..100%); `buckets_used_pct_max_bps` 0..99900 (source `used_pct` capped at 999% upstream — NO 100% ceiling, so an over-quota burst is not silently floored). The PRODUCER (`.claude/scripts/statusline-ceo.py`, NOT canonical-guarded) owns the `*100` pct->bps scaling and emits finished `_bps` ints; the `_STATUSLINE_SIDECAR_WRITE_ALLOWLIST` scrub branch is the authoritative boundary that int-coerces + clamps (catching `OverflowError` for `float('inf')`) but does NOT re-scale — a direct/future caller is contracted to pass basis-points, not a raw percentage. MIGRATION: zero legacy — no float datum ever entered the verifiable chain and no consumer reads the field (the only reader, `measure_multiplier.py`, reads the separate non-HMAC `statusline-sidecar/v1` JSON FILE, which keeps its float `context_pct` and is NOT renamed). Regression coverage added: every W5 scrub action's emitted event is carried through `canonical_json.encode` and asserted HMAC-encodable — the test gap that hid the born-broken action. | *(field rename + re-type on `statusline_sidecar_write`: `context_pct`->`context_pct_bps` int 0..10000, `buckets_used_pct_max`->`buckets_used_pct_max_bps` int 0..99900; `_STATUSLINE_SIDECAR_WRITE_ALLOWLIST` updated; NO new action — `_KNOWN_ACTIONS` unchanged)* |
541
+ | v2.27 | PLAN-107 v1.38.0 SPEC v1 backfill (S145) — 62 actions registered closing residual S107-S128 + S134-S143 gaps. Includes: audit_spool_* + audit_flush_dropped_count + skill_cache_stats (PLAN-094); bash_canonical_bypass_invoked (PLAN-085); ceo_boot_persona_coverage_score (PLAN-091); confidence_gate_* (PLAN-100); cost_envelope_capped + execution_context_* + swarm_paused_owner_absent + swarm_runaway_suspected (PLAN-102); federation_* (PLAN-099); goap_* (PLAN-098); kernel_extension_landed + output_scan_finding_suppressed + persona_coverage_synthesized (PLAN-106); persona_auto_* (PLAN-105); phase_c_enforcing_flipped (PLAN-104); rag_* (PLAN-097); sentinel_signer_* (PLAN-099); streaming_* (PLAN-086); mcp_bearer_friction_observed + mcp_cross_tenant_denied + mcp_soak_fpr_breach (PLAN-085); capability_rollout_complete + kill_switch_invoked (PLAN-099). | *(no new fields; per-action allowlists in `audit_emit.py` + spool_writer.py forensic emits)* |
542
+ | v2.28 | PLAN-107 v1.38.0 Wave B.4 — orphan `stdlib_violation` register via kernel-override sentinel `PLAN-107-WAVE-B-ORPHAN-REGISTER` (S145 2026-05-19). | *(no new fields)* |
543
+ | v2.30 | PLAN-110 v1.39.0 Wave D (S147 2026-05-20) — 1 NEW action `protocol_edit_missing_amend_paired` for PROTOCOL.md semver-cascade advisory emit (Tier-A; fail-OPEN). Registered via kernel-override sentinel `PLAN-110-WAVE-D-AUDIT-EMIT-EXTENSION`. | *(no new fields; per-action allowlist `_PROTOCOL_EDIT_MISSING_AMEND_PAIRED_ALLOWLIST` in `audit_emit.py`)* |
544
+ | v2.31 | PLAN-112-FOLLOWUP-hmac-tamper-fix v1.39.4 Wave B.3 (S152 2026-05-21) — 1 NEW action `chain_reset_marker` per ADR-055-AMEND-2 (PROPOSED). Synthetic genesis entry on rotation boundary; line 1 of every rotation-created fresh audit-log.jsonl; HMAC anchored at GENESIS_PREV. Producer also writes `audit-log.rotation-manifest.json` sidecar (NEW); verifier marker-enforcement scoped via local sidecar (NO archive walking). Closes F-7.7 STATUS_TAMPER on production audit chain (PLAN-112 D3 confirmed). Registered via kernel-override sentinel `PLAN-112-FOLLOWUP-WAVE-B3-AUDIT-EMIT-EXTENSION`. | *(no new fields on existing actions; new sidecar `audit-log.rotation-manifest.json` per ADR-055-AMEND-2)* |
545
+ | v2.32 | PLAN-112-FOLLOWUP-persona-routing-wire v1.42.0 W2 (S158) — 2 NEW actions `model_routing_enforced` + `model_routing_eval_error` for the god-mode routing-matrix consult in check_agent_spawn (CONSULT+AUDIT; block deferred). Registered via kernel-override sentinel `PLAN-112-FOLLOWUP-S158-AUDIT-EMIT-EXTENSION`. | *(no new fields on existing actions; per-action allowlists `_MODEL_ROUTING_ENFORCED_ALLOWLIST` + `_MODEL_ROUTING_EVAL_ERROR_ALLOWLIST` in `audit_emit.py`)* |
546
+ | v2.33 | PLAN-112-FOLLOWUP-federation-wire-or-delete PHASE2 v1.43.0 (S159) — 1 NEW action `federation_peer_list_reloaded` so the <60s revocation-propagation SLO (P0-1) is forensically observable on every peers.yaml reload. Write-mode ACTIVATION (default-OFF) per ADR-135-AMEND-2. Registered via kernel-override sentinel `PLAN-112-FOLLOWUP-FEDERATION-WIRE-AUDIT-EMIT-EXTENSION`. | `peer_count` (int), `reload_reason` (str enum {content_changed, parse_error_kept_last_good}), `source_path` (str<=128), + chain envelope (`hmac`, `hmac_error`, `event_schema`, `ts`). NOTE: `emit_generic` does NOT auto-inject `session_id`/`project` (S153 R9 residual — audit-attribution wart, not chain-integrity). |
547
+ | v2.34 | PLAN-113 Phase B WIRE-DEADMOD v1.45.x (S163) — 2 NEW actions `spec_context_sanitized` + `spawn_confidence_advisory` (spawn-prompt advisory telemetry emitted via `emit_generic` from `check_agent_spawn.py`). ADVISORY ONLY; each has an individual kill-switch (`CEO_SPEC_CTX_SANITIZER_ENABLED` / `CEO_SPAWN_CONFIDENCE_ENABLED`). No prompt/description content persisted. | `original_bytes`, `cleaned_bytes`, `truncated`, `sentinel_violations`, `control_chars_stripped`, `bidi_zw_chars_stripped`, `header_escape_count` (spec_context_sanitized); `action_type`, `confidence_level`, `confidence_marker`, `reason_code`, `is_named_spawn` (spawn_confidence_advisory). |
548
+ | v2.35 | PLAN-117 WS-A (S176 2026-05-27) — 1 NEW action `credential_override_late_set_ignored` (ADR-040-AMEND-2 §Layer-1 forensic). Closes an ACCEPTED-ADR contract violation: the live Claude adapter (`_lib/adapters/live/claude.py`) now sources the credential emergency-override SOLELY from the import-time trust-root snapshot (`_lib/trusted_env`), validates ticket-id `^[A-Z][A-Z0-9]*-\d+$` fail-CLOSED, and emits this action when a late-set (post-anchor) override is ignored instead of honored. 24h-window control (§3.3c) carved out as a tracked follow-up (needs cross-process state; not a regression). Registered under canonical sentinel `PLAN-117/architect/round-3` (Owner GPG) + `CEO_KERNEL_OVERRIDE`. | *(no new fields on existing actions; per-action allowlist `_CREDENTIAL_OVERRIDE_LATE_SET_IGNORED_ALLOWLIST` in `audit_emit.py`)* |
549
+ | v2.36 | PLAN-118 AC-B5 (S179 2026-05-28) — 1 NEW action `audit_producer_path_pollution_detected` (producer-side fail-CLOSED forensic breadcrumb). Closes the post-PLAN-117 WS-B `ADR-055-AMEND-2` evidence-red defer: 2 live `chain_reset_marker` lines verified `mismatched-recompute` were produced by a stale `_lib` copy whose canonicalization differs from canonical; this action's chokepoint payload distinguishes the marker vs spool-drain origin AND identifies which of the trio (`audit_emit`/`canonical_json`/`audit_hmac`) drifted, via sha256[:8] prefixes (NO raw path echo). Registered via kernel-override sentinel `PLAN-118-WS-B-CHOKEPOINTS`. Defense-in-depth at chokepoints 1 (audit_emit._emit_chain_reset_marker_under_lock) + 2 (audit_emit._write_event HMAC path) + 3 (audit_hmac.compute_entry_hmac entry) + 4 (audit_emit.emit_generic HMAC-bearing dispatch) + 5 (spool_writer._phase4_build_batch drain-path). Recursion-safety per PLAN-118 §Producer runtime fail-CLOSED layer: chokepoint 1 + 5 write the breadcrumb via fast-path / typed wrapper; chokepoints 2/3/4 route through the existing `hmac:null` + `hmac_error` channel with closed-enum value `producer_path_pollution_detected`. | *(no new fields on existing actions; per-action allowlist `_AUDIT_PRODUCER_PATH_POLLUTION_DETECTED_ALLOWLIST` in `audit_emit.py`)* |
550
+ | v2.29 | PLAN-099-FOLLOWUP v1.39.1 Wave F.2 — federation write-mode audit surface (S148 2026-05-20) — 19 NEW actions + 1 in-place field-shape supersede (`federation_cert_rotated`). Includes: `federation_audit_event_pushed{,_batch}`, `federation_audit_log_backpressure`, `federation_cert_validity_window_too_large`, `federation_event_action_blocked`, `federation_hmac_secret_rotated`, `federation_key_floor_{rejected,stale}`, `federation_message_storm_detected`, `federation_peer_invalid_no_fingerprint`, `federation_peer_{registered,registered_collision,revoked_remote}`, `federation_pin_legacy_used`, `federation_scope_denied`, `federation_spki_fingerprint_mismatch`, `federation_tamper_detected`, `federation_write_{disabled_sentinel_invalid,endpoint_denied}`. ATT&CK bindings T1499 + T1485 + T1565 + T1556 + T1071.001 + T1573 per `.claude/plans/PLAN-099-FOLLOWUP/attack-rebinding.md` §2. Registered via kernel-override sentinel `PLAN-099-FOLLOWUP-WAVE-F-AUDIT-EMIT-EXTENSION`. | *(no new fields; per-action allowlists in `audit_emit.py` `_FEDERATION_*_ALLOWLIST` frozensets)* |
551
+
552
+ | v2.38 | PLAN-124 WS-1 (ECC value-harvest, S20x) — 1 NEW action `git_hook_bypass_blocked` (git hook-bypass guard breadcrumb). Emitted by `check_bash_safety.py` via the `_lib/git_bypass.py` tokenizer (clean-room stdlib re-impl crediting `affaan-m/ECC` `scripts/hooks/block-no-verify.js`, MIT) when a `--no-verify`/`core.hooksPath`/env-channel/`git config`-write/`--git-dir`/`-C`/alias bypass is blocked, plus the proven dual-auth escape hatch (`CEO_GIT_BYPASS_ALLOW` via the import-time `trusted_env` snapshot, ADR-040-AMEND-2 §Layer-1) which ALLOWS + emits `escape_hatch_used`. Bounded fail-CLOSED `parse_failure` (MF-L). The ONLY caller-supplied field is the closed-enum `flag_class`; the matched command bytes are NEVER persisted (MF-G — a flag value can carry a secret). Dedicated scrub branch + `_GIT_HOOK_BYPASS_BLOCKED_ALLOWLIST`, NEVER `_EMIT_GENERIC_PASSTHROUGH`. ADR-143 (PROPOSED). | *(no new fields on existing actions; per-action allowlist `_GIT_HOOK_BYPASS_BLOCKED_ALLOWLIST` + closed-enum `_GIT_HOOK_BYPASS_FLAG_CLASSES` in `audit_emit.py`)* |
553
+
554
+ When grepping for "v2.N" to understand a change, consult BOTH files.
555
+
556
+ ### Additivity
557
+
558
+ - Adding a field to an existing action → MINOR bump of SPEC
559
+ - Removing / renaming a field → MAJOR bump (forbidden within v1 SPEC)
560
+ - Adding a new action literal → MINOR bump + new ADR
561
+
562
+ ### Consumer contract
563
+
564
+ Consumers MUST:
565
+ - Tolerate unknown fields (forward-compat)
566
+ - Treat absence of `event_schema` as v1
567
+ - Handle nullable `tokens_*` fields
568
+
569
+ ### `tokens_*` field semantics (PLAN-006 ADR-016, amended PLAN-045)
570
+
571
+ `tokens_in`, `tokens_out`, `tokens_total` are **optional, nullable,
572
+ always-present when the emitter supports the field**. The field takes
573
+ one of two canonical states + one legacy-compatibility state:
574
+
575
+ | State | Value shape | Producer | Meaning |
576
+ |---|---|---|---|
577
+ | A | Key **absent** from record | Non-canonical producer OR pre-ADR-016 data import | "Producer does not track tokens at all." Consumer-visible in legacy logs (`event_schema < v2`) only. |
578
+ | B | Key **present**, value `null` | Canonical producer (every hook through `audit_emit`) | "Producer tracks the field but cannot extract a count for this entry (e.g. non-LLM action, tool-use envelope missing usage block)." |
579
+ | C | Key **present**, value int `>= 0` | Canonical producer | "Producer extracted this count." |
580
+
581
+ **Canonical producer invariant:** every `audit_emit.*` path sets the
582
+ three keys via `setdefault` in `_write_event` (at import-stable line
583
+ ~290 of `audit_emit.py`). State A therefore **never** appears in a
584
+ log written by this framework's reference implementation — it is
585
+ reserved for non-canonical producers or pre-ADR-016 historical data.
586
+
587
+ **Consumer tolerance matrix** (enforced by `audit-query.py tokens`):
588
+
589
+ | Case | Consumer MUST |
590
+ |---|---|
591
+ | Key absent (State A) | Treat as "unknown" — do NOT default to 0. Counted under `spawns_without_tokens`. |
592
+ | Key present, null (State B) | Treat as "unknown". Counted under `spawns_without_tokens`. |
593
+ | Key present, int (State C) | Use as the extracted count. Summed into totals + per-skill / per-subagent_type / per-day. |
594
+ | Key present, non-int (malformed) | Reject the entry (upstream producer bug). Treated as null (never summed). |
595
+
596
+ **Why two-canonical-states + one-legacy-state** (2026-04-20
597
+ amendment): the original three-state contract (ADR-016, PLAN-006)
598
+ was written before the reference emitter landed in Sprint 6. Once
599
+ `audit_emit._write_event` became the sole canonical producer, its
600
+ `setdefault(None)` semantics collapsed the "absent-from-canonical"
601
+ case. The SPEC is aligned here to match the reference producer's
602
+ observable behavior; non-canonical third-party producers are still
603
+ permitted to emit State A entries and consumers must tolerate all
604
+ three.
605
+
606
+ Event stream version unchanged by this amendment — `event_schema`
607
+ value stays `"v2"` (additive field semantics per §Additivity).
608
+
609
+ ### Rotation
610
+
611
+ Log rotates at 10 MB or 30 days (whichever first). Archived to
612
+ `audit-log-YYYY-MM.jsonl`. Consumers supporting multi-file read use
613
+ `--include-rotated`.
614
+
615
+ ### Redaction
616
+
617
+ `desc_preview` and `reason_preview` are passed through a best-effort
618
+ regex secret redactor. `desc_hash` (SHA-256 of raw pre-redaction text)
619
+ allows correlation without storing plaintext. See authoritative
620
+ `.claude/plans/AUDIT-LOG-SCHEMA.md` §3 for the redaction pattern list.
621
+
622
+ ## Version history
623
+
624
+ | SPEC version | Source commit | Notes |
625
+ |---|---|---|
626
+ | 1.0.0-rc.1 | Sprint 4 opening | v1 agent_spawn + v2 five new actions |
627
+ | 1.0.0-rc.1 (revised) | Sprint 5 Phase 5 | v2.1 adds `injection_flag` action (ADR-011) |
628
+ | 1.0.0-rc.1 (revised) | Sprint 13 Phase A.0 | v2.5 adds 10 new actions — 6 live-adapter/breaker/credential (Gap #3 fix per ADR-040) + 4 MCP server (per ADR-042) |
629
+ | 1.0.0-rc.1 (revised) | PLAN-028 Wave A | v2.7 adds 5 lifecycle + output-scan actions (ADR-056 + ADR-057) |
630
+ | 1.0.0-rc.1 (revised) | PLAN-041 Wave A+ | v2.8 adds 5 RAG sidecar actions (ADR-062) |
631
+ | 1.0.0-rc.1 (revised) | PLAN-043 Wave B | v2.9 adds 9 dynamic tier-policy actions (ADR-064) |
632
+ | 1.0.0-rc.1 (revised) | PLAN-060 Phase B | v2.12 adds 3 audit-tokens actions (SEC-P0-04: audit_tokens_emitted + audit_tokens_timeout + audit_tokens_key_dropped) |
633
+ | 1.0.0-rc.1 (revised) | PLAN-052 (Session 67) | v2.13 adds 1 MCP scanner action (ADR-083: mcp_injection_finding) |
634
+ | 1.0.0-rc.1 (revised) | PLAN-044 audit-v2 (Session 71 D-4) | v2.14 adds 2 optional fields on veto_triggered (caller + session_id) for kernel override forensic traceability (P1 #6) |
635
+ | 1.0.0-rc.1 (revised) | PLAN-044 audit-v3 (Session 76) | v2.15 registers 2 skill bootstrap actions (skill_bootstrap_used + skill_bootstrap_post_hash) that were emitted by hooks but dropped silently by `_write_event`. Codex DIM-04 #1 closure. |
636
+ | 1.0.0-rc.1 (revised) | PLAN-069 Phase 1 (Session 81) | v2.16 adds 2 capture-mode lifecycle actions (replay_capture_started + replay_capture_completed) per ADR-101. Replaces `replay_started:capture` / `replay_completed:capture` reuse with mode-distinct actions. R9 LIVE LGPD leak closure ships in same Wave D ceremony. |
637
+ | 1.0.0-rc.1 (revised) | PLAN-065 Phase 2 (Session 82) | v2.17 adds 2 /ceo-boot autopilot lifecycle actions (ceo_boot_emitted + ceo_boot_check_skipped) per ADR-098. Sec MF-3 enforced via `_scrub_ceo_boot_event`. Closes Reality-Ledger fixture #4 (declared-but-not-wired pattern). |
638
+ | 1.0.0-rc.1 (revised) | PLAN-070 (Session 85) | v2.18 adds 2 MCP canonical-guard middleware actions (mcp_canonical_guard_allowed + mcp_canonical_guard_blocked) per ADR-102. Layer B server-side middleware closes ADR-095 §gate-#6 NG-06. |
639
+ | 1.0.0-rc.1 (revised) | PLAN-071 (Session 87) | v2.19 adds 4 Adaptive Execution Kernel + Reality Ledger advisory actions (task_route_advised + task_route_key_dropped + reality_ledger_finding + reality_ledger_key_dropped) per ADR-104. Sec MF-3 enforced via dedicated allowlists. |
640
+ | 1.0.0-rc.1 (revised) | PLAN-078 Wave 1+2 (Session 92) | v2.20 adds 3 Reality Ledger advisory actions (model_routing_advised + estimate_drift_detected + estimate_drift_systematic_bias). Wave 1 ships in S89 Fase 1 commit 2cb1472; registered S92 Wave 1b ceremony 2026-05-07. |
641
+ | 1.0.0-rc.1 (revised) | PLAN-078 Wave 5 (Session 95) | v2.21 adds 1 TaskCreate-candidate orchestration action (ceo_boot_task_candidate_emitted). Emitted by `.claude/scripts/ceo-boot.py` per `<!-- TASKCREATE-CANDIDATE -->` marker block written when gate_pass=False AND severity≥medium. Top-3 cap, 24h TTL dedup. Sec MF-3 enforced via `_CEO_BOOT_TASK_CANDIDATE_EMITTED_ALLOWLIST`. |
642
+
643
+ ---
644
+
645
+ ## Action: `mcp_canonical_guard_allowed` (PLAN-070 v1.13.0+)
646
+
647
+ Emitted by `.claude/hooks/_lib/mcp/canonical_guard.py:check_mcp_call`
648
+ on every Layer B middleware ALLOW decision for a tool whose name
649
+ matches `mcp__*`. Sec MF-3 allowlist (R6-01 tightened): caller-side
650
+ fields restricted to `tool_name`, `target_path`, `reason`.
651
+ Auto-baseline: `action`, `ts`, `session_id`, `project`, `event_schema`,
652
+ `tokens_*`, `hmac`, `hmac_error`.
653
+
654
+ ```json
655
+ {
656
+ "action": "mcp_canonical_guard_allowed",
657
+ "ts": "2026-05-05T12:34:56.789Z",
658
+ "session_id": "session-xxx",
659
+ "project": "ceo-orchestration",
660
+ "event_schema": "v2",
661
+ "tool_name": "mcp__codex__codex",
662
+ "target_path": "PROTOCOL.md",
663
+ "reason": "sentinel:.claude/plans/PLAN-070/architect/round-4/approved.md",
664
+ "tokens_in": null, "tokens_out": null, "tokens_total": null,
665
+ "hmac": null, "hmac_error": null
666
+ }
667
+ ```
668
+
669
+ ## Action: `mcp_canonical_guard_blocked` (PLAN-070 v1.13.0+)
670
+
671
+ Emitted on every Layer B middleware BLOCK decision. Same allowlist
672
+ as `mcp_canonical_guard_allowed`. The `reason` field encodes a stable
673
+ enum (e.g. `canonical_no_sentinel`, `path_escapes_repo_root_fail_closed`,
674
+ `blob_authoritative_parse_failed_fail_closed`, `middleware_fault:<ExcName>`).
675
+
676
+ ```json
677
+ {
678
+ "action": "mcp_canonical_guard_blocked",
679
+ "ts": "2026-05-05T12:34:56.789Z",
680
+ "session_id": "session-xxx",
681
+ "project": "ceo-orchestration",
682
+ "event_schema": "v2",
683
+ "tool_name": "mcp__codex__apply_patch",
684
+ "target_path": "PROTOCOL.md",
685
+ "reason": "canonical_no_sentinel",
686
+ "tokens_in": null, "tokens_out": null, "tokens_total": null,
687
+ "hmac": null, "hmac_error": null
688
+ }
689
+ ```
690
+
691
+ ## Action: `model_routing_advised` (PLAN-078 v1.15.0+)
692
+
693
+ Advisory-emit-only telemetry. Emitted by `check_agent_spawn.py`
694
+ post-VETO-check when an agent spawn is observed; reads agent payload
695
+ archetype + frontmatter `model:` field; if absent, in-process
696
+ `task_route.classify()` returns recommendation. Field allowlist
697
+ restricted to 6 caller fields:
698
+
699
+ - `archetype` — string, agent archetype slug
700
+ - `task_type` — string, classified task type
701
+ - `model_recommended` — string, model id (e.g. `claude-fable-5`)
702
+ - `confidence_basis_points` — int 0..1000 (recommendation confidence ×
703
+ 1000; `confidence_basis_points / 1000` recovers float ratio).
704
+ Codex S89 W1+W2 fix-pack #2: int basis-points NOT float, because
705
+ `canonical_json.encode()` forbids floats in HMAC-covered events
706
+ (`hmac=null` + `hmac_error=CanonicalJsonError` breadcrumb otherwise).
707
+ - `applied_or_skipped` — string enum (`applied` | `skipped_*`)
708
+ - `override_reason` — string, why classify was skipped (e.g.
709
+ `frontmatter_model_present`)
710
+
711
+ Auto-baseline: `action`, `ts`, `session_id`, `project`, `event_schema`,
712
+ `tokens_*`, `hmac`, `hmac_error`.
713
+
714
+ Bypass: `CEO_MODEL_ROUTING=0` (registered in `docs/GOVERNANCE.md`
715
+ Kill switches).
716
+
717
+ ```json
718
+ {
719
+ "action": "model_routing_advised",
720
+ "ts": "2026-05-06T12:34:56.789Z",
721
+ "session_id": "session-xxx",
722
+ "project": "ceo-orchestration",
723
+ "event_schema": "v2",
724
+ "archetype": "code-reviewer",
725
+ "task_type": "frontmatter",
726
+ "model_recommended": "claude-fable-5",
727
+ "confidence_basis_points": 875,
728
+ "applied_or_skipped": "skipped_classify_frontmatter_authoritative",
729
+ "override_reason": "frontmatter_model_present",
730
+ "tokens_in": null, "tokens_out": null, "tokens_total": null,
731
+ "hmac": null, "hmac_error": null
732
+ }
733
+ ```
734
+
735
+ ## Action: `estimate_drift_detected` (PLAN-078 v1.15.0+)
736
+
737
+ Reality Ledger detector #7 emits this per-plan when on `status: done`
738
+ transition the actual compute span vs estimate exceeds drift threshold
739
+ (symmetric `max(f, 1/f) > 1.2` per Codex S89 W1+W2 fix-pack #3 —
740
+ bidirectional: overrun OR underrun). Field allowlist restricted to 6
741
+ caller fields:
742
+
743
+ - `plan_id` — string (e.g. `PLAN-070`); Owner-visible per ADR-033
744
+ - `drift_factor_compute_basis_points` — int (multiplier × 1000); 1.234×
745
+ → 1234. Float forbidden (HMAC chain integrity).
746
+ - `drift_factor_owner_basis_points` — int; computed from
747
+ GPG-signed-commit count; gated on `actual_owner_min > 0` (skipped
748
+ otherwise to avoid false-positive on plans with no GPG ceremonies).
749
+ - `severity` — string enum (`low` | `medium` | `high`)
750
+ - `plan_count_in_run` — int, total plans evaluated in this detector run
751
+ - `systematic_bias_direction` — string enum (`""` | `underestimate` |
752
+ `overestimate`); empty when threshold not crossed.
753
+ `underestimate` = actual span exceeded estimated upper bound (overrun,
754
+ factor > 1.2; we under-estimated).
755
+ `overestimate` = actual span below estimated lower bound (underrun,
756
+ factor < 0.83 = 1/1.2; we over-estimated).
757
+
758
+ Bypass: `CEO_REALITY_LEDGER_DETECTOR_07=0`.
759
+
760
+ ```json
761
+ {
762
+ "action": "estimate_drift_detected",
763
+ "ts": "2026-05-06T12:34:56.789Z",
764
+ "session_id": "session-xxx",
765
+ "project": "ceo-orchestration",
766
+ "event_schema": "v2",
767
+ "plan_id": "PLAN-070",
768
+ "drift_factor_compute_basis_points": 12700,
769
+ "drift_factor_owner_basis_points": 0,
770
+ "severity": "high",
771
+ "plan_count_in_run": 5,
772
+ "systematic_bias_direction": "underestimate",
773
+ "tokens_in": null, "tokens_out": null, "tokens_total": null,
774
+ "hmac": null, "hmac_error": null
775
+ }
776
+ ```
777
+
778
+ ## Action: `estimate_drift_systematic_bias` (PLAN-078 v1.15.0+)
779
+
780
+ Reality Ledger detector #7 emits this recommendation event after
781
+ N=5 plans in same drift direction. Strict 4-caller-field contract:
782
+
783
+ - `bias_direction` — string enum (`underestimate` | `overestimate`).
784
+ Same semantics as `systematic_bias_direction` field above.
785
+ - `plans_affected_count` — int, plans count satisfying threshold
786
+ - `avg_drift_factor_compute_basis_points` — int (avg × 1000)
787
+ - `avg_drift_factor_owner_basis_points` — int (avg × 1000)
788
+
789
+ ```json
790
+ {
791
+ "action": "estimate_drift_systematic_bias",
792
+ "ts": "2026-05-06T12:34:56.789Z",
793
+ "session_id": "session-xxx",
794
+ "project": "ceo-orchestration",
795
+ "event_schema": "v2",
796
+ "bias_direction": "underestimate",
797
+ "plans_affected_count": 5,
798
+ "avg_drift_factor_compute_basis_points": 8500,
799
+ "avg_drift_factor_owner_basis_points": 0,
800
+ "tokens_in": null, "tokens_out": null, "tokens_total": null,
801
+ "hmac": null, "hmac_error": null
802
+ }
803
+ ```
804
+
805
+ ## Action: `ceo_boot_task_candidate_emitted` (PLAN-078 Wave 5 / v1.15.0+)
806
+
807
+ `/ceo-boot` writes a `<!-- TASKCREATE-CANDIDATE -->` marker block to
808
+ stdout for each top-3 high/medium recommendation when `gate_pass=False`
809
+ (skipped under `--short`, `--cached`, `--json`, or env
810
+ `CEO_BOOT_AUTO_TASK=0`). The Claude orchestrator running the slash
811
+ command reads the marker blocks and invokes `TaskCreate`. This audit
812
+ event records each emitted marker (Sec MF-3 field allowlist; subject
813
+ text NEVER persisted).
814
+
815
+ Field allowlist restricted to 4 caller fields:
816
+
817
+ - `rank` — int 1..3 (ordinal of marker in the boot run); out-of-range
818
+ values fall back to `0` (drift sentinel).
819
+ - `severity` — string enum (`low` | `medium` | `high`); unknown values
820
+ become `""` per typed-wrapper input validation.
821
+ - `subject_hash` — string; 12-hex-char prefix of
822
+ `sha256(NFKC(visible Subject text))`. Non-hex chars stripped,
823
+ length-bounded. The orchestrator reconstructs the same digest from
824
+ the visible `Subject:` line for dedup against the live task list.
825
+ - `awaiting_confirm` — bool; reserved future flag for an
826
+ "Owner-must-confirm" escape. Default `false`; the v1.15.0 baseline
827
+ always auto-creates without confirmation.
828
+
829
+ Bypass: `CEO_BOOT_AUTO_TASK=0` (operator opt-out).
830
+ State file: `~/.claude/projects/<project>/state/ceo-boot-tasks-emitted.json`
831
+ (24h TTL, filelock-guarded, bounded ≤256 entries; override via env
832
+ `CEO_BOOT_TASK_STATE_PATH`).
833
+
834
+ ```json
835
+ {
836
+ "action": "ceo_boot_task_candidate_emitted",
837
+ "ts": "2026-05-08T12:34:56.789Z",
838
+ "session_id": "session-xxx",
839
+ "project": "ceo-orchestration",
840
+ "event_schema": "v2",
841
+ "rank": 1,
842
+ "severity": "high",
843
+ "subject_hash": "840915797aa1",
844
+ "awaiting_confirm": false,
845
+ "tokens_in": null, "tokens_out": null, "tokens_total": null,
846
+ "hmac": null, "hmac_error": null
847
+ }
848
+ ```
849
+
850
+ ## Pair-Rail Multi-LLM events (PLAN-075 v1.13.x patch — ADR-106 + ADR-110)
851
+
852
+ Wired by `check_pair_rail.py` PreToolUse hook on Edit|Write|MultiEdit
853
+ against L3+ canonical-guarded paths. SPEC v2.22 introduces 4 new
854
+ actions registered in `_lib/audit_emit.py:_KNOWN_ACTIONS` via
855
+ `KERNEL_OVERRIDE` ceremony (audit_emit.py is in `_KERNEL_PATHS`).
856
+
857
+ ### `pair_rail_review_passed`
858
+
859
+ Codex MCP read-only review of an L3+ tool call returned a clean
860
+ response (no write-shaped patches). Hook ALLOWED the tool call.
861
+
862
+ | Field | Type | Notes |
863
+ |---|---|---|
864
+ | `target_path` | string ≤300 | repo-relative path of the tool's target |
865
+ | `tool_name` | string ≤50 | Edit \| Write \| MultiEdit |
866
+ | `codex_duration_ms` | int | wall-clock of the Codex invoke |
867
+ | `codex_response_sha256` | string ≤64 | SHA-256 of Codex stdout (forensic trace) |
868
+
869
+ ### `pair_rail_codex_unavailable`
870
+
871
+ Codex MCP unavailable (binary missing, connect timeout, spawn error,
872
+ or kill-switch). Hook fail-OPENed (allow). Forensic breadcrumb.
873
+
874
+ | Field | Type | Notes |
875
+ |---|---|---|
876
+ | `target_path` | string ≤300 | |
877
+ | `tool_name` | string ≤50 | |
878
+ | `reason` | string ≤64 | `binary_missing` \| `connect_timeout` \| `spawn_error` \| `disabled_via_killswitch` |
879
+
880
+ ### `pair_rail_codex_violation`
881
+
882
+ Codex MCP review returned a write-shaped patch. Codex is read-only by
883
+ contract — write-shaped response is a contract violation. Hook BLOCKED.
884
+
885
+ | Field | Type | Notes |
886
+ |---|---|---|
887
+ | `target_path` | string ≤300 | |
888
+ | `tool_name` | string ≤50 | |
889
+ | `violation_type` | string ≤64 | `unified_diff_detected` \| `apply_patch_envelope` \| `json_patch_rfc6902` \| `mcp_write_tool_call` |
890
+ | `codex_response_sha256` | string ≤64 | |
891
+
892
+ ### `pair_rail_sentinel_bypass`
893
+
894
+ Owner-signed sentinel (verified by `check_canonical_edit.py` upstream)
895
+ grants the L3+ path. Pair-rail review short-circuited.
896
+
897
+ | Field | Type | Notes |
898
+ |---|---|---|
899
+ | `target_path` | string ≤300 | |
900
+ | `tool_name` | string ≤50 | |
901
+ | `sentinel_path` | string ≤300 | path to the sentinel that granted access |
902
+
903
+ ### `pair_rail_codex_injection_detected`
904
+
905
+ PLAN-081 Phase 1-full / R1 S-Sec-5. Emitted by `check_codex_response.py`
906
+ PostToolUse hook on Codex MCP tool responses when ingress sanitization
907
+ detects prompt-injection patterns. ADVISORY only per ADR-106 (PostToolUse
908
+ hooks cannot block). Forensic surface for SOC alerting via
909
+ `audit-query.py codex-injection-summary`.
910
+
911
+ | Field | Type | Notes |
912
+ |---|---|---|
913
+ | `tool_name` | string ≤50 | `mcp__codex__codex` or `mcp__codex__codex-reply` |
914
+ | `family_ids` | list[string] | sorted unique subset of `harness_mimicry` / `xml_system_tag` / `tool_use_forgery` |
915
+ | `match_count` | int ≥0 | total match count across all families |
916
+ | `first_offset_bucket` | string | closed enum: `0-100` / `100-1k` / `1k-10k` / `10k-100k` / `100k+` (raw offset is FORBIDDEN per LLM06 side-channel guard) |
917
+
918
+
919
+ ### `token_budget_guard_paused` — PLAN-083 Wave 0b sub-agent 0.4 (S106 2026-05-11)
920
+
921
+ Fired by token-budget-guard.py when cumulative plan tokens cross threshold × estimate. Volume cap ≤10/hr.
922
+
923
+ **Caller fields:** `plan_id` / `estimate_tokens` / `actual_tokens` / `ratio_basis_points` / `threshold_basis_points`
924
+
925
+ **Baseline fields:** action, ts, session_id, project, event_schema, tokens_in, tokens_out, tokens_total, hmac, hmac_error.
926
+
927
+ **Sec MF-3 allowlist:** `_TOKEN_BUDGET_GUARD_PAUSED_ALLOWLIST` in `.claude/hooks/_lib/audit_emit.py`. Deny-by-default; dispatch-gate in `emit_generic` enforces field whitelist; forbidden fields stripped + breadcrumb emitted.
928
+
929
+ ### `anti_ceo_overhead_block` — PLAN-083 Wave 0b sub-agent 0.5 (S106 2026-05-11)
930
+
931
+ Fired by check_anti_ceo_overhead.py PreToolUse hook when CEO-overhead anti-pattern detected. Emit budget ≤20/day sliding window.
932
+
933
+ **Caller fields:** `anti_pattern_id` / `count_in_window` / `override_recommended_subagent_type`
934
+
935
+ **Baseline fields:** action, ts, session_id, project, event_schema, tokens_in, tokens_out, tokens_total, hmac, hmac_error.
936
+
937
+ **Sec MF-3 allowlist:** `_ANTI_CEO_OVERHEAD_BLOCK_ALLOWLIST` in `.claude/hooks/_lib/audit_emit.py`. Deny-by-default; dispatch-gate in `emit_generic` enforces field whitelist; forbidden fields stripped + breadcrumb emitted.
938
+
939
+ ### `anti_ceo_overhead_override_used` — PLAN-083 Wave 0b sub-agent 0.5 (S106 2026-05-11)
940
+
941
+ Fired by check_anti_ceo_overhead.py when CEO_OVERHEAD_ACK=1 env override bypasses a block.
942
+
943
+ **Caller fields:** `anti_pattern_id` / `override_justification_sha`
944
+
945
+ **Baseline fields:** action, ts, session_id, project, event_schema, tokens_in, tokens_out, tokens_total, hmac, hmac_error.
946
+
947
+ **Sec MF-3 allowlist:** `_ANTI_CEO_OVERHEAD_OVERRIDE_USED_ALLOWLIST` in `.claude/hooks/_lib/audit_emit.py`. Deny-by-default; dispatch-gate in `emit_generic` enforces field whitelist; forbidden fields stripped + breadcrumb emitted.
948
+
949
+ ### `smart_loading_resolved` — PLAN-083 Wave 0b sub-agent 0.7d (S106 2026-05-11)
950
+
951
+ Fired by smart-loading-resolver.py per resolution. Carries profile + active/suppressed counts + context budget total + arbitration dropped count.
952
+
953
+ **Caller fields:** `profile` / `active_count` / `suppressed_count` / `context_total_tokens` / `arbitration_dropped_count`
954
+
955
+ **Baseline fields:** action, ts, session_id, project, event_schema, tokens_in, tokens_out, tokens_total, hmac, hmac_error.
956
+
957
+ **Sec MF-3 allowlist:** `_SMART_LOADING_RESOLVED_ALLOWLIST` in `.claude/hooks/_lib/audit_emit.py`. Deny-by-default; dispatch-gate in `emit_generic` enforces field whitelist; forbidden fields stripped + breadcrumb emitted.
958
+
959
+
960
+ ### `first_run_wizard_completed` — PLAN-083 Wave 2 sub-agent 2.1 (S106 2026-05-11)
961
+
962
+ Wizard completion event.
963
+
964
+ **Caller fields:** `profile` / `recommendation_count` / `user_action`
965
+
966
+ **Sec MF-3 allowlist:** `_FIRST_RUN_WIZARD_COMPLETED_ALLOWLIST` in audit_emit.py.
967
+
968
+ ### `contextual_recommendation_emitted` — PLAN-083 Wave 2 sub-agent 2.2 (S106 2026-05-11)
969
+
970
+ Contextual recommender emit.
971
+
972
+ **Caller fields:** `profile` / `recommendation_count` / `top_score` / `suppressed_count`
973
+
974
+ **Sec MF-3 allowlist:** `_CONTEXTUAL_RECOMMENDATION_EMITTED_ALLOWLIST` in audit_emit.py.
975
+
976
+ ### `value_dashboard_summarized` — PLAN-083 Wave 2 sub-agent 2.4 (S106 2026-05-11)
977
+
978
+ Weekly value dashboard rollup.
979
+
980
+ **Caller fields:** `period_days` / `cost_usd_int_cents` / `bugs_count` / `dispatches_count` / `plans_count`
981
+
982
+ **Sec MF-3 allowlist:** `_VALUE_DASHBOARD_SUMMARIZED_ALLOWLIST` in audit_emit.py.
983
+
984
+ ### `trading_write_override_used` — PLAN-083 Wave 2 sub-agent 2.7 (S106 2026-05-11)
985
+
986
+ Trading-readonly write override invoked.
987
+
988
+ **Caller fields:** `allowed` / `reason` / `target_path_sha256_prefix` / `justification_sha256_prefix` / `justification_length` / `err_preview` (OPTIONAL on path resolution failure)
989
+
990
+ **Sec MF-3 allowlist:** `_TRADING_WRITE_OVERRIDE_USED_ALLOWLIST` in audit_emit.py.
991
+
992
+ ### `trading_kill_switch_invoked` — PLAN-083 Wave 2 sub-agent 2.7 (S106 2026-05-11)
993
+
994
+ Trading kill-switch read (missing repo-profile.yaml).
995
+
996
+ **Caller fields:** `reason`
997
+
998
+ **Sec MF-3 allowlist:** `_TRADING_KILL_SWITCH_INVOKED_ALLOWLIST` in audit_emit.py.
999
+
1000
+ ### `trading_kill_switch_disabled` — PLAN-083 Wave 2 sub-agent 2.7 (S106 2026-05-11)
1001
+
1002
+ Trading kill-switch disabled via escape-hatch ceremony.
1003
+
1004
+ **Caller fields:** `justification_sha256_prefix` / `signer_fingerprint_prefix` / `signed_new` / `justification_length`
1005
+
1006
+ **Sec MF-3 allowlist:** `_TRADING_KILL_SWITCH_DISABLED_ALLOWLIST` in audit_emit.py.
1007
+
1008
+ ### `anthropic_429_observed` — PLAN-086 Wave B (S112 2026-05-12)
1009
+
1010
+ Anthropic API 429 rate-limit response observed by live adapter. Advisory only; the adapter performs its own back-off + breaker bookkeeping.
1011
+
1012
+ **Caller fields:** `model` / `retry_after_s` / `breaker_state` / `provider`
1013
+
1014
+ **Sec MF-3 allowlist:** `_ANTHROPIC_429_OBSERVED_ALLOWLIST` in audit_emit.py.
1015
+
1016
+ ### `codex-reply` — PLAN-086 Wave C (S112 2026-05-12)
1017
+
1018
+ Codex reply session-id chain integrity advisory; emitted when a `mcp__codex__codex-reply` invocation references a session prior emit reported.
1019
+
1020
+ **Caller fields:** `session_id` / `chain_step` / `prior_action`
1021
+
1022
+ **Sec MF-3 allowlist:** `_CODEX_REPLY_ALLOWLIST` in audit_emit.py.
1023
+
1024
+ ### `codex_invoke_dispatched` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1025
+
1026
+ Codex MCP invocation dispatched. ATLAS: AML.T0050 (LLM Plugin / supply-chain signal).
1027
+
1028
+ **Caller fields:** `session_id` / `task_class` / `model_advised` / `phase`
1029
+
1030
+ **Sec MF-3 allowlist:** `_CODEX_INVOKE_DISPATCHED_ALLOWLIST` in audit_emit.py.
1031
+
1032
+ ### `git_index_lock_retry` — PLAN-086 Wave G (S112 2026-05-12)
1033
+
1034
+ Git index.lock retry breadcrumb (advisory; emitted by hooks that detected `.git/index.lock` and retried).
1035
+
1036
+ **Caller fields:** `attempt` / `wait_ms` / `outcome`
1037
+
1038
+ **Sec MF-3 allowlist:** `_GIT_INDEX_LOCK_RETRY_ALLOWLIST` in audit_emit.py.
1039
+
1040
+ ### `mcp_canonical_guard_internal_error` — PLAN-086 Wave D (S112 2026-05-12)
1041
+
1042
+ MCP canonical-guard internal-error breadcrumb. Fail-open invariant: never blocks the user session on its own bug.
1043
+
1044
+ **Caller fields:** `tool_name` / `error_class` / `error_brief`
1045
+
1046
+ **Sec MF-3 allowlist:** `_MCP_CANONICAL_GUARD_INTERNAL_ERROR_ALLOWLIST` in audit_emit.py.
1047
+
1048
+ ### `mcp_route_advised` — PLAN-086 Wave D (S112 2026-05-12)
1049
+
1050
+ MCP routing advisory emitted by `_lib/mcp_routing.resolve()`. PLAN-088 R2 iter-2 strict-13 cardinality: `signal_source ∈ {mcp_task_class, specialization_promoted}` discriminator covers both AUTO-06 MCP routing AND AUTO-10 general→specialized promotion via a SINGLE canonical action. ATLAS: AML.T0050.
1051
+
1052
+ **Caller fields:** `session_id` / `task_class` / `suggested_servers` / `kill_switch_overrides` / `signal_source`
1053
+
1054
+ **Sec MF-3 allowlist:** `_MCP_ROUTE_ADVISED_ALLOWLIST` in audit_emit.py.
1055
+
1056
+ ### `repo_profile_confirmed` — PLAN-086 Wave H (S112 2026-05-12)
1057
+
1058
+ Repo-profile detector confirmation breadcrumb. Emitted on first-run-wizard + smart-loading entry points.
1059
+
1060
+ **Caller fields:** `profile_slug` / `confidence_basis_points` / `caller`
1061
+
1062
+ **Sec MF-3 allowlist:** `_REPO_PROFILE_CONFIRMED_ALLOWLIST` in audit_emit.py.
1063
+
1064
+ ### `subagent_findings_partial_drop` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1065
+
1066
+ Sub-agent dispatch returned partial findings (truncated by token cap / time cap). Advisory only. ATLAS: AML.T0048 (subagent supply-chain).
1067
+
1068
+ **Caller fields:** `subagent_type` / `expected_count` / `actual_count` / `truncation_reason`
1069
+
1070
+ **Sec MF-3 allowlist:** `_SUBAGENT_FINDINGS_PARTIAL_DROP_ALLOWLIST` in audit_emit.py.
1071
+
1072
+ ### `thinking_budget_set` — PLAN-086 Wave A R-013 (S112 2026-05-12)
1073
+
1074
+ Extended-thinking budget configured for the live adapter call. Advisory; the kill switch `CEO_THINKING_AUTO_DISABLE=1` is honored at the callsite.
1075
+
1076
+ **Caller fields:** `model` / `budget_tokens` / `rationale` / `source`
1077
+
1078
+ **Sec MF-3 allowlist:** `_THINKING_BUDGET_SET_ALLOWLIST` in audit_emit.py.
1079
+
1080
+ ### `batch_dispatched` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1081
+
1082
+ Batch live-adapter dispatch breadcrumb. Reserved for `BatchClaudeLiveAdapter` (PLAN-090 W4.2 production wire).
1083
+
1084
+ **Caller fields:** `session_id` / `batch_size` / `model` / `policy`
1085
+
1086
+ **Sec MF-3 allowlist:** `_BATCH_DISPATCHED_ALLOWLIST` in audit_emit.py.
1087
+
1088
+ ### `cache_discipline_alerted` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1089
+
1090
+ Cache-discipline alert breadcrumb. Reserved for cache-tier observation when a Gate-1 file edit invalidates the prompt cache mid-session.
1091
+
1092
+ **Caller fields:** `file_path` / `gate_tier` / `cost_estimate_basis_points`
1093
+
1094
+ **Sec MF-3 allowlist:** `_CACHE_DISCIPLINE_ALERTED_ALLOWLIST` in audit_emit.py.
1095
+
1096
+ ### `cookbook_pattern_advised` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1097
+
1098
+ Cookbook pattern advisory breadcrumb. SEMI-11 — Owner-facing recommendation, never auto-applied. Real wire deferred to PLAN-092.
1099
+
1100
+ **Caller fields:** `pattern_slug` / `recommendation_origin` / `applied`
1101
+
1102
+ **Sec MF-3 allowlist:** `_COOKBOOK_PATTERN_ADVISED_ALLOWLIST` in audit_emit.py.
1103
+
1104
+ ### `estimate_calibrator_pipeline_run` — PLAN-088 Wave 6 (S114 2026-05-13)
1105
+
1106
+ Bayesian estimate-calibrator pipeline run breadcrumb. Emitted by `_lib/estimation/pipeline.py`.
1107
+
1108
+ **Caller fields:** `plan_id` / `iters` / `posterior_mean_ms` / `posterior_p95_ms`
1109
+
1110
+ **Sec MF-3 allowlist:** `_ESTIMATE_CALIBRATOR_PIPELINE_RUN_ALLOWLIST` in audit_emit.py.
1111
+
1112
+ ### `first_run_wizard_dispatched` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1113
+
1114
+ First-run wizard dispatch breadcrumb. Reserved for SessionStart auto-spawn callsite (PLAN-093 production wire).
1115
+
1116
+ **Caller fields:** `repo_profile` / `wizard_step` / `applied`
1117
+
1118
+ **Sec MF-3 allowlist:** `_FIRST_RUN_WIZARD_DISPATCHED_ALLOWLIST` in audit_emit.py.
1119
+
1120
+ ### `pair_rail_phase_advanced` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1121
+
1122
+ Pair-Rail phase transition breadcrumb (SHADOW → DRY_RUN → DISABLED). ACTIVE phase deferred to PLAN-090. ATLAS: AML.T0050.
1123
+
1124
+ **Caller fields:** `prior_phase` / `new_phase` / `trigger` / `samples_observed`
1125
+
1126
+ **Sec MF-3 allowlist:** `_PAIR_RAIL_PHASE_ADVANCED_ALLOWLIST` in audit_emit.py.
1127
+
1128
+ ### `tier_policy_misrouting_advised` — PLAN-088 Wave 1 canonical-13 (S114 2026-05-13)
1129
+
1130
+ Tier-policy misrouting advisory breadcrumb. PLAN-091 A.1 16th Tier-S check `check_tier_policy_misrouting_24h` queries the 24h audit window for events of this kind. ATLAS: AML.T0048.
1131
+
1132
+ **Caller fields:** `task_class` / `expected_model` / `actual_model` / `ratio_basis_points`
1133
+
1134
+ **Sec MF-3 allowlist:** `_TIER_POLICY_MISROUTING_ADVISED_ALLOWLIST` in audit_emit.py.
1135
+
1136
+ ### `persona_demand_opened` (PLAN-104 Wave A — S134 R2 ACCEPT)
1137
+
1138
+ Emitted by `.claude/scripts/persona_demand_scan.py` when a new demand
1139
+ event is detected within the 168h scan horizon (bounded local-git
1140
+ introspection). Demand sources:
1141
+
1142
+ | `demand_event_type` | Expected persona | Detection |
1143
+ | ------------------- | --------------------------- | -------------------------------------------- |
1144
+ | `branch_ahead` | `code-reviewer` | Non-trunk branch >=1 commit ahead of `origin/main` |
1145
+ | `auth_edit` | `security-engineer` | File edit matching auth path patterns |
1146
+ | `test_edit` | `qa-architect` | New test file OR mutation-testing config |
1147
+ | `detect_edit` | `threat-detection-engineer` | SIEM rule / detection-as-code change |
1148
+
1149
+ | Field | Type | Required | Notes |
1150
+ | -------------------- | ------ | -------- | ------------------------------------------------------ |
1151
+ | `demand_id` | string | yes | `sha256(NFKC(preimage))[:16]`; preimage per demand type |
1152
+ | `demand_event_type` | enum | yes | `branch_ahead` / `auth_edit` / `test_edit` / `detect_edit` |
1153
+ | `expected_persona` | enum | yes | code-reviewer / security-engineer / qa-architect / threat-detection-engineer |
1154
+ | `target_ref_hash` | string | yes | `sha256(NFKC(target_ref))[:12]`; raw value NEVER persisted |
1155
+ | `match_window_hours` | int | yes | 24 (uniform across types per S134 R2 Q3) |
1156
+ | `session_id` | string | optional | propagated from caller |
1157
+ | `project` | string | optional | repo identifier |
1158
+
1159
+ ### `persona_demand_matched` (PLAN-104 Wave A; PLAN-132 / ADR-145)
1160
+
1161
+ Emitted by `.claude/scripts/persona_demand_resolver.py` when a demand is
1162
+ satisfied within the `match_window_hours` window after `persona_demand_opened`,
1163
+ by EITHER of two modalities:
1164
+
1165
+ - `native_spawn` (default): an `agent_spawn` of `expected_persona` fires
1166
+ in-window. Strict-match: `actual_persona == expected_persona` (S134 R2 Q4 fold;
1167
+ no peer substitution).
1168
+ - `codex_review` (PLAN-132 / ADR-145): a branch-bound, in-window cross-model
1169
+ Codex review (`codex_review_invoked` with `review_source` in
1170
+ `{adhoc_mcp, user_code_auto}` AND a non-empty `target_ref_hash` equal to the
1171
+ demand's `target_ref_hash`) satisfies a `code-reviewer` demand ONLY. The other
1172
+ three demand types (`security-engineer`, `qa-architect`,
1173
+ `threat-detection-engineer`) keep strict native-spawn match. For this modality
1174
+ the emitter sets `actual_persona = "code-reviewer"`, so the invariant
1175
+ `actual_persona == expected_persona` STILL HOLDS. Extending `codex_review`
1176
+ recognition to any other persona requires a fresh ADR (a code change to the
1177
+ resolver's literal guard, not a config toggle).
1178
+
1179
+ | Field | Type | Required | Notes |
1180
+ | ------------------- | ------ | -------- | ------------------------------------------------ |
1181
+ | `demand_id` | string | yes | matches the opener's demand_id |
1182
+ | `demand_event_type` | enum | yes | same as opener |
1183
+ | `expected_persona` | enum | yes | same as opener |
1184
+ | `actual_persona` | enum | yes | satisfying persona (== expected; "code-reviewer" for codex_review) |
1185
+ | `latency_ms` | int | yes | satisfaction_ts - opened_ts (milliseconds) |
1186
+ | `match_modality` | enum | yes | `native_spawn` (default) or `codex_review` |
1187
+
1188
+ ### `persona_demand_unmet` (PLAN-104 Wave A)
1189
+
1190
+ Emitted by `.claude/scripts/persona_demand_resolver.py` when the
1191
+ match window expires with no matching dispatch and no waive. Exactly
1192
+ ONE per `demand_id` (idempotent via terminal-event index lookup).
1193
+
1194
+ | Field | Type | Required | Notes |
1195
+ | -------------------- | ------ | -------- | ---------------------------------------------- |
1196
+ | `demand_id` | string | yes | matches the opener's demand_id |
1197
+ | `demand_event_type` | enum | yes | same as opener |
1198
+ | `expected_persona` | enum | yes | same as opener |
1199
+ | `target_ref_hash` | string | yes | re-emitted for forensic stitching |
1200
+ | `window_expired_at` | string | yes | ISO8601 UTC; `opened_ts + match_window_hours` |
1201
+
1202
+ ### `persona_demand_waived` (PLAN-104 Wave A — S134 R2 P1 #1 fold)
1203
+
1204
+ Emitted by ceremony / `/ceo-boot` flow when an operator commit
1205
+ trailer or in-body annotation parses successfully. Closed enum for
1206
+ `waive_reason`; free-text values rejected pre-emit (replaced with
1207
+ `invalid-enum` sentinel for forensic trace without enum surface
1208
+ pollution).
1209
+
1210
+ | Field | Type | Required | Notes |
1211
+ | ------------------- | ------ | -------- | ---------------------------------------------------- |
1212
+ | `demand_id` | string | yes | matches the opener's demand_id |
1213
+ | `demand_event_type` | enum | yes | same as opener |
1214
+ | `expected_persona` | enum | yes | same as opener |
1215
+ | `waive_reason` | enum | yes | `docs-only` / `generated-or-vendored` / `emergency-hotfix` / `explicit-skip` |
1216
+
1217
+ ### `claim_emitted` (PLAN-090-FOLLOWUP Wave A — S138 R2 ACCEPT)
1218
+
1219
+ Emitted by `.claude/hooks/check_confidence_gate.py` once per CLAIM
1220
+ token the gate evaluates (PostToolUse Agent hook). Per-claim audit
1221
+ surface unblocking PLAN-100 Wave 0.5 empirical FPR baseline. Aggregate
1222
+ `confidence_gate` event retained for backwards compatibility.
1223
+
1224
+ | Field | Type | Required | Notes |
1225
+ | --------------- | ------ | -------- | ------------------------------------------------------------------ |
1226
+ | `claim_id` | string | yes | `<claim_type>:<12-hex>`; defensive rehash via `_safe_claim_id_hash` |
1227
+ | `claim_type` | string | yes | KNOWN_KINDS member preferred; truncated to 32 chars |
1228
+ | `severity` | enum | yes | `info` / `warn` / `critical` (ADR-018); invalid → `info` |
1229
+ | `verifier_kind` | string | yes | same as `claim_type` for KNOWN_KINDS |
1230
+ | `payload_hash` | string | yes | bare 12-hex `sha256(NFKC(claim_args))[:12]` |
1231
+ | `kind_supported`| bool | yes | extraction-FP signal (P0-1 fold); `False` → was_false_positive |
1232
+ | `line_num` | int | yes | 1-based line in agent_text |
1233
+ | `agent_name` | string | optional | truncated to 64 chars |
1234
+ | `source` | string | optional | `post_tool_use` / `stdin` / `<file path>` truncated to 32 chars |
1235
+
1236
+ LLM06 hold: raw claim body NEVER persisted. Kill-switch
1237
+ `CEO_CONFIDENCE_GATE_PRODUCER_PAIR_DISABLED=1` suppresses emission
1238
+ (reverts to PLAN-090 v1.24.0 audit-log shape; AC11 byte-identical
1239
+ diff invariant).
1240
+
1241
+ ### `confidence_gate_verdict` (PLAN-090-FOLLOWUP Wave A)
1242
+
1243
+ Emitted by `.claude/hooks/check_confidence_gate.py` once per claim
1244
+ verdict, paired with the prior `claim_emitted` via `claim_id`.
1245
+
1246
+ | Field | Type | Required | Notes |
1247
+ | ------------------- | ------ | -------- | ----------------------------------------------------------------------- |
1248
+ | `claim_id` | string | yes | matches the paired `claim_emitted` event |
1249
+ | `verdict` | enum | yes | `pass` / `fail` / `refuted`; invalid → `fail` (P1-1 fold) |
1250
+ | `was_false_positive`| bool | yes | PLAN-100 baseline FPR signal; v1.33.1 shipped semantic: `NOT kind_supported` |
1251
+ | `kind_supported` | bool | yes | paired field for backfill FP join |
1252
+ | `verifier_kind` | string | optional | empty when verifier could not run |
1253
+ | `verifier_outcome` | string | optional | PII-redacted + overlap-scrubbed + NFKC + ≤64 chars (security P1-B fold) |
1254
+ | `agent_name` | string | optional | truncated to 64 chars |
1255
+ | `source` | string | optional | `post_tool_use` (PostToolUse hook only) |
1256
+
1257
+ Pair invariant: same loop iteration emits `claim_emitted` BEFORE its
1258
+ paired `confidence_gate_verdict` in audit-log line order (backfill
1259
+ reader does not require strict line-order pairing but the ordering
1260
+ simplifies future PLAN-100 Wave B.3 drift-detector logic).
1261
+ ### `task_route_ground_truth_label` (PLAN-101 Wave B — S141 R2 ACCEPT)
1262
+
1263
+ Emitted by `.claude/plans/PLAN-101/synthesize-corpus.py` (synth path)
1264
+ or future Stage-2 manual-review tooling. Append-only ground-truth
1265
+ join key for AEK Calibration C3 FPR matrix; pairs with prior
1266
+ `task_route_advised` event via `contract_id`. Per ADR-104-AMEND-1
1267
+ §E, NOT a backfill of the original advised row (audit-log append-only
1268
+ invariant per ADR-018).
1269
+
1270
+ | Field | Type | Required | Notes |
1271
+ | --------------------------- | ------ | -------- | ----------------------------------------------------------- |
1272
+ | `contract_id` | string | yes | opaque join key — matches `task_route_advised.contract_id` (UUID4 in production, 16-hex sha256 in synth) |
1273
+ | `ground_truth_class` | enum | yes | `S` / `M` / `L` / `XL` |
1274
+ | `ground_truth_source` | enum | yes | `heuristic_auto` / `manual_review` |
1275
+ | `annotation_confidence_bps` | int | yes | 0..10000 basis-points; 7000 = 70% threshold for Stage 2 |
1276
+
1277
+ LLM06 hold: raw task descriptions NEVER persisted. Sec MF-3 deny-by-
1278
+ default via `_TASK_ROUTE_GROUND_TRUTH_LABEL_ALLOWLIST`. Kill-switch
1279
+ `CEO_AEK_CALIBRATION_ENABLED=0` suppresses synth-corpus emit (reverts
1280
+ to pre-PLAN-101 v1.34.0 audit-log shape; AC16 byte-identical diff
1281
+ invariant).
1282
+
1283
+ ### PLAN-102 Wave A + Wave B — autonomous-loop opt-in capability (v2.21 — S142 2026-05-18)
1284
+
1285
+ Per ADR-133 (PROPOSED at v1.36.0): five new audit-action rows + one
1286
+ schema extension on the existing `swarm_iteration` row. ALL FIVE
1287
+ actions ship under the same kernel-override token
1288
+ `CEO_KERNEL_OVERRIDE=PLAN-102-WAVE-A-AUDIT-EMIT-EXTENSION` per the
1289
+ atomic kernel-extension pattern (S141 PLAN-101 precedent). Reversal
1290
+ contract: byte-identical revert per ADR-133 §Reversal — remove the
1291
+ 5 entries from `_KNOWN_ACTIONS`, remove the 5 allowlists, remove the
1292
+ 5 dispatch-gate branches, restore contract gate baseline. Default-OFF
1293
+ posture preserved (PLAN-017 anti-goal #1 unchanged; ADR-115 §3
1294
+ instrumentation-without-policy-change exception).
1295
+
1296
+ #### `cost_envelope_capped`
1297
+
1298
+ Emitted by `.claude/hooks/check_cost_envelope.py` on HARD CAP breach
1299
+ (PreToolUse gate; class-tier × window matrix per ADR-133 §A). Sec
1300
+ MF-3 deny-by-default; raw project paths + user IDs + plan body +
1301
+ command text NEVER persisted via this row.
1302
+
1303
+ | Field | Type | Required | Notes |
1304
+ | ----------------- | ------ | -------- | ----------------------------------------------------- |
1305
+ | `class_tier` | enum | yes | `vibecoder` / `CTO` / `team` |
1306
+ | `window_breached` | enum | yes | `daily` / `weekly` / `monthly` / `per_plan` |
1307
+ | `cap_cents` | int | yes | cents; canonical_json no-float invariant |
1308
+ | `current_cents` | int | yes | cents; cumulative usage at breach time |
1309
+
1310
+ #### `swarm_runaway_suspected`
1311
+
1312
+ Emitted by `.claude/hooks/_lib/swarm_circuit_breaker.py` when iteration
1313
+ count over a 24h rolling window exceeds the configured threshold per
1314
+ ADR-133 §B. Advisory signal — the audit-log carries the trigger; the
1315
+ SIGTERM escalation lives downstream in `kill_switch.py`.
1316
+
1317
+ | Field | Type | Required | Notes |
1318
+ | ---------------------- | ---- | -------- | -------------------------------------------- |
1319
+ | `iteration_count_24h` | int | yes | rolling iterations in last 24h |
1320
+ | `threshold` | int | yes | per-class threshold (`vibecoder=10`, etc.) |
1321
+ | `triggering_class` | enum | yes | `vibecoder` / `CTO` / `team` |
1322
+
1323
+ #### `swarm_paused_owner_absent`
1324
+
1325
+ Emitted by the weekend-burn detector (ADR-133 §C) when a long swarm
1326
+ loop runs without Owner Read activity. `loop_duration_hours` is
1327
+ bucketed (>=1h granularity) to avoid wallclock side-channel leakage.
1328
+
1329
+ | Field | Type | Required | Notes |
1330
+ | ---------------------- | ------ | -------- | ---------------------------------------------- |
1331
+ | `loop_duration_hours` | int | yes | bucketed (>=1h granularity) |
1332
+ | `last_owner_read_iso` | string | yes | ISO-8601 UTC datetime |
1333
+ | `swarm_pid` | int | yes | Owner-readable process id; not secret |
1334
+
1335
+ #### `execution_context_signed`
1336
+
1337
+ Emitted by `.claude/hooks/_lib/execution_context.py` whenever an HMAC
1338
+ is computed against an autonomous-loop iteration's execution context
1339
+ (ADR-133 §D tamper-evidence). NO command text, NO plan body.
1340
+
1341
+ > **RESERVED (zero producers).** Cross-process sign->validate is infeasible
1342
+ > (per-process in-memory key). Wiring DEFERRED — PLAN-112-FOLLOWUP-execution-
1343
+ > context-wire (S154, finding F-1.2). Schema kept for a future rebind.
1344
+
1345
+ | Field | Type | Required | Notes |
1346
+ | --------------- | ------ | -------- | ------------------------------------------- |
1347
+ | `context_hash` | string | yes | sha256 hex of canonical context envelope |
1348
+ | `key_id` | string | yes | coordinator-process-owned key fingerprint |
1349
+ | `iteration` | int | yes | per-loop monotonic counter |
1350
+
1351
+ #### `execution_context_validation_failed`
1352
+
1353
+ Emitted when execution_context HMAC verification fails (tamper signal).
1354
+ Forbid raw context body via Sec MF-3 deny-by-default.
1355
+
1356
+ > **RESERVED (zero producers).** Cross-process sign->validate is infeasible
1357
+ > (per-process in-memory key). Wiring DEFERRED — PLAN-112-FOLLOWUP-execution-
1358
+ > context-wire (S154, finding F-1.2). Schema kept for a future rebind.
1359
+
1360
+ | Field | Type | Required | Notes |
1361
+ | ----------------- | ------ | -------- | ------------------------------------------------------ |
1362
+ | `context_hash` | string | yes | sha256 hex of the failing canonical context envelope |
1363
+ | `key_id` | string | yes | coordinator-process-owned key fingerprint |
1364
+ | `iteration` | int | yes | per-loop monotonic counter |
1365
+ | `failure_reason` | enum | yes | `hmac_mismatch` / `key_unknown` / `schema_invalid` |
1366
+
1367
+ #### `swarm_iteration` schema extension (v2.21 — opt-in field)
1368
+
1369
+ The existing `swarm_iteration` action (PLAN-017 Phase 4 / v2.11)
1370
+ optionally carries `cumulative_usd_cents` (int, cents; canonical_json
1371
+ no-float invariant). Opt-in field — call-sites may omit; consumers
1372
+ treat absence as "untracked". No `_SWARM_ITERATION_ALLOWLIST` exists
1373
+ today (action emitted via `emit_generic` direct); the new field is
1374
+ documented here for the schema-as-spec contract.
1375
+
1376
+ LLM06 hold preserved across all six rows: NO raw task descriptions,
1377
+ NO command text, NO plan bodies persisted. Kill-switch chain
1378
+ (`CEO_SWARM=0`, `CEO_AUTONOMOUS_LOOPS_DISABLE=1`, per-class
1379
+ `.claude/data/swarm/<class>-enabled.md.asc` removal, GPG sentinel
1380
+ revocation, etc. — see ADR-133 §Reversal) suppresses emit paths and
1381
+ reverts to pre-PLAN-102 v1.35.0 audit-log shape (byte-identical
1382
+ diff invariant when all five layers are tripped).
1383
+
1384
+ ### PLAN-102-FOLLOWUP — swarm_layer_3_4_blocked (v2.23 — 2026-05+ tentative)
1385
+
1386
+ #### `swarm_layer_3_4_blocked`
1387
+
1388
+ Emitted by `.claude/scripts/swarm/loop_runner.py:LoopRunner.step()` when
1389
+ `is_class_enabled()` denies Layer 3 (GPG sentinel) OR Layer 4 (env flag).
1390
+ Distinct from `swarm_paused_owner_absent` (weekend-burn detector) — this
1391
+ is the per-iteration runtime gate enforcement event (ADR-133 §Part 1 §6,
1392
+ Layers 3+4 of the 6-layer chain).
1393
+
1394
+ Side-channel collapse: 6 internal reason codes from
1395
+ `swarm_enable_gate.is_class_enabled()` collapse to 4 emit reasons at the
1396
+ boundary (security H1 fold from S144 R1 debate). Full detail remains in
1397
+ `IterationResult.error` (local to caller, NOT persisted to audit log).
1398
+
1399
+ | Field | Type | Required | Notes |
1400
+ | ------------- | ------ | -------- | ---------------------------------------------------------------- |
1401
+ | `class_tier` | enum | yes | `vibecoder` / `CTO` / `team` (matches PLAN-102 cost_envelope) |
1402
+ | `reason_code` | enum | yes | `layer_3_unavailable` / `layer_4_unset` / `kill_switch` / `unknown` |
1403
+ | `loop_id` | string | yes | LoopRunner.loop_id; ≤64 chars; charset `[A-Za-z0-9_-]+` enforced at producer boundary |
1404
+
1405
+ LLM06 hold: NO command text, NO sentinel body, NO env var values, NO
1406
+ file paths, NO error stack traces. Defense-in-depth: even with
1407
+ CEO_AUTONOMOUS_LOOPS_DISABLE=1 the action remains registered (kernel
1408
+ surface stable); only the emit path is suppressed by the kill-switch
1409
+ chain.
1410
+
1411
+ ## PLAN-106 Wave C — persona_coverage_synthesized
1412
+
1413
+ ### v2.22 — PLAN-106 v1.37.0 (2026-05-19+ tentative)
1414
+
1415
+ Action `persona_coverage_synthesized` emitted by
1416
+ `check_agent_spawn.py` (source=`dispatch`) and
1417
+ `check_canonical_edit.py` (source=`canonical_edit`) at allow paths.
1418
+ Fields (closed-enum allowlist at
1419
+ `_lib/audit_emit._PERSONA_COVERAGE_SYNTHESIZED_ALLOWLIST`):
1420
+
1421
+ | Field | Type | Notes |
1422
+ |---|---|---|
1423
+ | `action` | "persona_coverage_synthesized (PLAN-106 Wave C)" | Constant |
1424
+ | `archetype` | str | Closed-enum `_PERSONA_COVERAGE_ARCHETYPES` |
1425
+ | `task_type` | str | Closed-enum `_PERSONA_COVERAGE_TASK_TYPES` |
1426
+ | `cell_id` | str | sha256[:8] of `archetype:task_type` |
1427
+ | `source` | str | Closed-enum `_PERSONA_COVERAGE_SOURCES` |
1428
+
1429
+ ## PLAN-106 Wave H — output_scan per-pattern + suppression events
1430
+
1431
+ ### v2.22 — PLAN-106 v1.37.0 (2026-05-19+ tentative)
1432
+
1433
+ Wave H of PLAN-106 absorbs PLAN-095-FOLLOWUP and refactors the
1434
+ existing `output_scan_finding` action from aggregate-per-invocation
1435
+ shape to per-pattern shape, and adds a paired
1436
+ `output_scan_finding_suppressed` action for 24h-TTL dedup hits.
1437
+
1438
+ #### Action: `output_scan_finding` — UPDATED shape
1439
+
1440
+ Pre-v2.22 (legacy aggregate shape):
1441
+ - `total_findings` (int): N findings in this invocation
1442
+ - `family_counts` (dict[str, int]): family → count map
1443
+ - `kill_switched` (dict[str, bool]): per-family kill-switch state
1444
+
1445
+ Post-v2.22 (per-pattern shape):
1446
+ - `family` (str, closed-enum LLM01..LLM10 + LLM03_2025)
1447
+ - `pattern_id` (str, closed-enum at `_lib/output_scan._PATTERN_IDS`)
1448
+ - `repo_path_hash` (str, sha256 64-hex digest of `$CLAUDE_PROJECT_DIR`)
1449
+ - `command_sha` (str, sha256 64-hex digest of tool-input snippet)
1450
+ - `total_findings` = 1 (per-pattern); kept for backward-compat read
1451
+ - `family_counts` = `{family: 1}` (per-pattern); kept for back-compat
1452
+
1453
+ **Backward-compat sidecar.** During the 24h deprecation window
1454
+ (PLAN-095-FOLLOWUP §B.5 / AC15b), `check_output_secrets.py` ALSO
1455
+ emits a single aggregate-shape `output_scan_finding` per invocation
1456
+ WITH the legacy `total_findings=N` + `family_counts={...}` fields and
1457
+ WITHOUT a `pattern_id` field. Audit-query consumers can distinguish
1458
+ the two by presence of `pattern_id`.
1459
+
1460
+ The aggregate sidecar will be REMOVED in a follow-on plan past the
1461
+ 24h window.
1462
+
1463
+ #### Action: `output_scan_finding_suppressed` — NEW
1464
+
1465
+ Fires when `check_output_secrets.py` calls
1466
+ `_lib.output_scan_dedup.check_and_record()` and the composite key
1467
+ `(repo_path_hash, command_sha, pattern_id)` has already fired within
1468
+ the rolling 24h TTL window.
1469
+
1470
+ Fields (closed-enum allowlist at
1471
+ `_lib/audit_emit._OUTPUT_SCAN_FINDING_SUPPRESSED_ALLOWLIST`):
1472
+
1473
+ | Field | Type | Notes |
1474
+ |---|---|---|
1475
+ | `action` | "output_scan_finding_suppressed" | Constant |
1476
+ | `ts` | int (ms epoch) | Standard base field |
1477
+ | `session_id` | str | Standard base field |
1478
+ | `project` | str | Standard base field; truncated if oversized |
1479
+ | `repo_path_hash` | str (64-hex) | sha256 of `$CLAUDE_PROJECT_DIR` |
1480
+ | `command_sha` | str (64-hex) | sha256 of tool-input snippet |
1481
+ | `pattern_id` | str | Closed-enum at `_lib/output_scan._PATTERN_IDS` |
1482
+ | `family` | str | Closed-enum LLM01..LLM10 + 2025 variants |
1483
+ | `ttl_hours_remaining` | int | Integer hours until first_seen_ts + 24h |
1484
+
1485
+ **Sec MF-3 invariant.** NO raw matched-content / regex source /
1486
+ context preview / tool-input body persists on this event. The
1487
+ composite-key fields are opaque hashes; `pattern_id` + `family` are
1488
+ both producer-validated closed enums.
1489
+
1490
+ #### Meta-hunt integration
1491
+
1492
+ `docs/hunting/llm03-supply-chain.md` §4 (post-Wave H.3.b patch)
1493
+ uses the SUPPRESSION RATE rather than the finding rate as a
1494
+ tuning signal:
1495
+
1496
+ ```
1497
+ suppression_rate := count(output_scan_finding_suppressed) /
1498
+ (count(output_scan_finding[pattern_id present]) +
1499
+ count(output_scan_finding_suppressed))
1500
+ ```
1501
+
1502
+ Thresholds (advisory, NOT blocking):
1503
+ - `suppression_rate < 5%` over a 7d window → patterns are too narrow
1504
+ (consider adding a new pattern; few hits in production).
1505
+ - `suppression_rate > 30%` over a 7d window → patterns are too noisy
1506
+ (consider tightening the regex; many repeat fires within 24h).
1507
+ - `5% ≤ suppression_rate ≤ 30%` → healthy detection volume.
1508
+
1509
+ #### Migration notes for consumers
1510
+
1511
+ Audit-query parsers SHOULD switch from "count of
1512
+ `output_scan_finding` events" to "count of
1513
+ `output_scan_finding` events WHERE `pattern_id` field is present".
1514
+ The aggregate sidecar (`pattern_id` absent) is transitional.