code-ai-installer 4.3.0 → 4.3.2

package/README.md

@@ -157,8 +157,10 @@ Depending on `--target`, `code-ai` restructures your project:
 
 ## 🧬 Versions & migration
 
-`code-ai-installer` is on **v4.3.0**.
+`code-ai-installer` is on **v4.3.2**.
 
+- **v4.3.2** — the Auditor now sees **`/bugfix`** runs. A run scorecard is recorded when a run reaches its mode's final gate (full / hotfix → RG, bugfix → TEST) instead of only at RG, so bugfix work counts toward the ≥3-run audit threshold rather than staying invisible. Reads each domain's `pipeline.yaml` (no hardcoded gate); existing ledger entries are unaffected and only runs completed after the update are recorded.
+- **v4.3.1** — the `code-ai-mcp` registration is now **pinned** to the installed version (`npx -p code-ai-installer@<version>`) and re-pinned on every reinstall, so an updated server actually takes effect instead of an unpinned `npx` silently reusing a stale global/cache copy. The server also logs `code-ai-mcp v<version> · domain=<domain>` to stderr at startup, so the live build is visible in Claude's MCP logs.
 - **v4.3.0** — `render_diff` MCP tool (unified diff → a standalone HTML review page); MCP gate-flow + stop-at-user-gate sections added to the content / analytics / product conductors; Auditor trigger — a `/audit` command plus a Release-Gate nudge that surfaces after every 3rd completed run (development pilot).
 - **v4.1.0** — MCP servers now register in your **global (user-scope)** config via a direct, idempotent `~/.claude.json` merge (no dependency on the `claude` CLI); the conductor halts at each user gate — one at a time, no batching, no auto-pass on green.
 - **v4.0.0** — consolidated the previously separate `code-ai-mcp` and types packages into this single package with **two bins** (`code-ai` + `code-ai-mcp`). Installing the CLI now also delivers the MCP server; for Claude it is auto-registered in your global (user-scope) MCP config. Existing 3.x CLI behavior is unchanged.

package/dist/index.js

@@ -1,5 +1,4 @@
 #!/usr/bin/env node
-import { createRequire } from "node:module";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 import prompts from "prompts";
@@ -13,10 +12,9 @@ import { setupMcp, teardownMcp } from "./mcp_setup.js";
 import { getPlatformAdapters } from "./platforms/adapters.js";
 import { resolveSourceRoot } from "./sourceResolver.js";
 import { printBanner } from "./banner.js";
+import { readInstallerVersion } from "./version.js";
 const program = new Command();
 const packageRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
-const requireJson = createRequire(import.meta.url);
-const pkg = requireJson("../package.json");
 const WIZARD_TEXT = {
     en: {
         cancelled: "Installation cancelled.",
@@ -76,7 +74,7 @@ const WIZARD_TEXT = {
 program
     .name("code-ai")
     .description("Install code-ai agents and skills for AI coding assistants")
-    .version(pkg.version);
+    .version(readInstallerVersion());
 program
     .command("targets")
     .description("List supported AI targets")
@@ -228,7 +226,7 @@ program
             });
             for (const notice of report.notices)
                 info(`  ${notice}`);
-            info(`  MCP (${report.registration}): registered [${report.serversRegistered.join(", ") || "—"}], already present [${report.serversAlreadyPresent.join(", ") || "—"}]`);
+            info(`  MCP (${report.registration}): registered [${report.serversRegistered.join(", ") || "—"}], re-pinned [${report.serversUpdated.join(", ") || "—"}], already present [${report.serversAlreadyPresent.join(", ") || "—"}]`);
             info(`  .code-ai/config.json: written at ${report.configPath} (decision_store=${report.mempalaceUsed ? "mempalace" : "jsonl"})`);
         }
         if (dryRun) {
@@ -494,7 +492,7 @@ async function runInteractiveWizard() {
             });
             for (const notice of report.notices)
                 info(`  ${notice}`);
-            info(`  MCP (${report.registration}): registered [${report.serversRegistered.join(", ") || "—"}], already present [${report.serversAlreadyPresent.join(", ") || "—"}]`);
+            info(`  MCP (${report.registration}): registered [${report.serversRegistered.join(", ") || "—"}], re-pinned [${report.serversUpdated.join(", ") || "—"}], already present [${report.serversAlreadyPresent.join(", ") || "—"}]`);
             info(`  .code-ai/config.json: written at ${report.configPath} (decision_store=${report.mempalaceUsed ? "mempalace" : "jsonl"})`);
         }
         success("Install completed.");

package/dist/mcp/audit_ledger.d.ts

@@ -1,15 +1,17 @@
 import { RunScorecard } from "./scorecard.js";
 import type { TaskState } from "./task_state.js";
+import type { GateName } from "../shared/index.js";
 /** Append one scorecard as a JSON line to the run ledger (creates dir if needed). */
 export declare function appendScorecard(card: RunScorecard): Promise<void>;
 /** Read all scorecards from the ledger. Malformed / partial lines are skipped. */
 export declare function readLedger(): Promise<RunScorecard[]>;
 /**
- * Build + append a scorecard for a completed run. Called from sign_off when RG
- * is signed. Best-effort by contract: callers MUST NOT let a ledger failure
- * break a sign-off (telemetry is never load-bearing for the gate).
+ * Build + append a scorecard for a completed run. Called from sign_off when the
+ * mode's terminal gate is signed (full/hotfix → RG, bugfix → TEST). Best-effort
+ * by contract: callers MUST NOT let a ledger failure break a sign-off (telemetry
+ * is never load-bearing for the gate).
  */
-export declare function recordRunScorecard(state: TaskState): Promise<void>;
+export declare function recordRunScorecard(state: TaskState, terminalGate: GateName): Promise<void>;
 /** Number of COMPLETED (RG-signed) runs in the ledger. */
 export declare function countCompletedRuns(): Promise<number>;
 /**

package/dist/mcp/audit_ledger.js

@@ -72,13 +72,14 @@ async function readSideCounts(taskId) {
     };
 }
 /**
- * Build + append a scorecard for a completed run. Called from sign_off when RG
- * is signed. Best-effort by contract: callers MUST NOT let a ledger failure
- * break a sign-off (telemetry is never load-bearing for the gate).
+ * Build + append a scorecard for a completed run. Called from sign_off when the
+ * mode's terminal gate is signed (full/hotfix → RG, bugfix → TEST). Best-effort
+ * by contract: callers MUST NOT let a ledger failure break a sign-off (telemetry
+ * is never load-bearing for the gate).
  */
-export async function recordRunScorecard(state) {
+export async function recordRunScorecard(state, terminalGate) {
     const extras = await readSideCounts(state.task_id);
-    await appendScorecard(buildScorecard(state, extras));
+    await appendScorecard(buildScorecard(state, extras, terminalGate));
 }
 /** Number of COMPLETED (RG-signed) runs in the ledger. */
 export async function countCompletedRuns() {

package/dist/mcp/cli.d.ts

@@ -11,6 +11,10 @@
  */
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { type ToolName } from "../shared/index.js";
+declare const SERVER_INFO: {
+    name: string;
+    version: string;
+};
 /**
  * One-line description per tool. Not stored in the shared types module (src/shared) because the
  * registry there is pure I/O contracts; descriptions live with the transport
@@ -18,4 +22,4 @@ import { type ToolName } from "../shared/index.js";
  */
 declare const TOOL_DESCRIPTIONS: Record<ToolName, string>;
 declare function buildServer(): McpServer;
-export { buildServer, TOOL_DESCRIPTIONS };
+export { buildServer, TOOL_DESCRIPTIONS, SERVER_INFO };

package/dist/mcp/cli.js

@@ -14,9 +14,11 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { TOOL_REGISTRY } from "../shared/index.js";
 import { CodeAiMcpServer } from "./server.js";
 import { NotImplementedError } from "./tools/stubs.js";
+import { readInstallerVersion } from "../version.js";
+import { resolveActiveDomain } from "./config.js";
 const SERVER_INFO = {
     name: "code-ai-mcp",
-    version: "0.0.0",
+    version: readInstallerVersion(),
 };
 /**
  * One-line description per tool. Not stored in the shared types module (src/shared) because the
@@ -108,6 +110,11 @@ async function main() {
     const mcp = buildServer();
     const transport = new StdioServerTransport();
     await mcp.connect(transport);
+    // Startup banner to STDERR — never stdout, which carries the JSON-RPC stream.
+    // Makes the live build + active domain visible in Claude's MCP logs, so a
+    // stale-server mismatch is obvious instead of silent.
+    const domain = await resolveActiveDomain();
+    console.error(`code-ai-mcp v${SERVER_INFO.version} · domain=${domain}`);
 }
 // Allow importing buildServer in tests without starting the stdio loop.
 const isDirectRun = (() => {
@@ -125,4 +132,4 @@ if (isDirectRun) {
         process.exit(1);
     });
 }
-export { buildServer, TOOL_DESCRIPTIONS };
+export { buildServer, TOOL_DESCRIPTIONS, SERVER_INFO };

package/dist/mcp/scorecard.d.ts

@@ -1,10 +1,12 @@
 import { z } from "zod";
+import { GateName } from "../shared/index.js";
 import type { TaskState } from "./task_state.js";
 /**
  * Run scorecard — a compact, per-pipeline-run summary derived ENTIRELY from
  * telemetry the MCP state machine already persists (task state + jsonl side
  * logs). One scorecard is appended to the run ledger when a run completes
- * (RG signed). The Auditor's aggregation tool crunches >=3 of these.
+ * (its mode's terminal gate is signed — RG for full/hotfix, TEST for bugfix).
+ * The Auditor's aggregation tool crunches >=3 of these.
  *
  * Deliberately records raw signals, not judgments — interpretation belongs to
  * the aggregator (numbers) and, later, the Auditor agent (findings).
@@ -137,4 +139,4 @@ export type ScorecardExtras = {
  * Build a run scorecard from a task's persisted state plus side-log counts.
  * Pure + synchronous: deterministic and unit-testable on synthetic state.
  */
-export declare function buildScorecard(state: TaskState, extras: ScorecardExtras): RunScorecard;
+export declare function buildScorecard(state: TaskState, extras: ScorecardExtras, terminalGate?: GateName): RunScorecard;

package/dist/mcp/scorecard.js

@@ -4,7 +4,8 @@ import { ClassificationOutcome, GateName, PipelineMode, Signer, } from "../share
  * Run scorecard — a compact, per-pipeline-run summary derived ENTIRELY from
  * telemetry the MCP state machine already persists (task state + jsonl side
  * logs). One scorecard is appended to the run ledger when a run completes
- * (RG signed). The Auditor's aggregation tool crunches >=3 of these.
+ * (its mode's terminal gate is signed — RG for full/hotfix, TEST for bugfix).
+ * The Auditor's aggregation tool crunches >=3 of these.
  *
  * Deliberately records raw signals, not judgments — interpretation belongs to
  * the aggregator (numbers) and, later, the Auditor agent (findings).
@@ -35,10 +36,10 @@ export const RunScorecard = z.object({
     schema_version: z.literal(SCORECARD_SCHEMA_VERSION),
     task_id: z.string().min(1),
     mode: PipelineMode,
-    /** True when an RG sign-off exists (the state machine does not set completed_at). */
+    /** True when the mode's terminal gate has been signed (RG for full/hotfix, TEST for bugfix). */
     completed: z.boolean(),
     created_at: z.string(),
-    /** Timestamp of the RG sign-off, or null if not completed. */
+    /** Timestamp of the terminal-gate sign-off, or null if not completed. */
     completed_at: z.string().nullable(),
     gates: z.array(GateScore),
     dev_rollback_count: z.number().int().nonnegative(),
@@ -52,7 +53,7 @@ export const RunScorecard = z.object({
  * Build a run scorecard from a task's persisted state plus side-log counts.
  * Pure + synchronous: deterministic and unit-testable on synthetic state.
  */
-export function buildScorecard(state, extras) {
+export function buildScorecard(state, extras, terminalGate = "RG") {
     // Group sign-offs by gate: count + last signer (last in chronological array).
     const signoffCount = new Map();
     const lastSigner = new Map();
@@ -73,9 +74,13 @@ export function buildScorecard(state, extras) {
         classification: lastClass.get(gate) ?? null,
         exceptions_count: extras.exceptions_by_gate[gate] ?? 0,
     }));
-    const rgSignoffs = state.signoffs.filter((s) => s.gate === "RG");
-    const completed = rgSignoffs.length > 0;
-    const completed_at = completed ? rgSignoffs[rgSignoffs.length - 1].timestamp : null;
+    // A run is complete when its mode's TERMINAL gate is signed (full/hotfix → RG,
+    // bugfix → TEST). The terminal gate is supplied by the caller (sign_off knows it
+    // from pipeline.yaml); defaults to "RG" so the full-mode path and standalone
+    // callers are unchanged.
+    const terminalSignoffs = state.signoffs.filter((s) => s.gate === terminalGate);
+    const completed = terminalSignoffs.length > 0;
+    const completed_at = completed ? terminalSignoffs[terminalSignoffs.length - 1].timestamp : null;
     const exceptions_count = Object.values(extras.exceptions_by_gate).reduce((a, b) => a + (b ?? 0), 0);
     // Group skill invocations by skill + gate into counts.
     const skillAgg = new Map();

package/dist/mcp/tools/aggregate_run_metrics.d.ts

@@ -6,7 +6,8 @@ import type { AggregateRunMetricsInput, AggregateRunMetricsOutput } from "../../
  * the Auditor agent's job (a later ADR).
  *
  * Attribution: per-AGENT via gate→produced_by[0] from pipeline.yaml (single
- * source); per-WORKFLOW via mode. Only COMPLETED runs (RG signed) are
+ * source); per-WORKFLOW via mode. Only COMPLETED runs (the mode's terminal gate
+ * signed — RG for full/hotfix, TEST for bugfix) are
  * aggregated; `min_runs` (default 3) is the design's small-sample guard — below
  * it `met_threshold=false` and the Auditor should stay silent.
  *
@@ -14,6 +15,6 @@ import type { AggregateRunMetricsInput, AggregateRunMetricsOutput } from "../../
  * per_skill (incl. the gates a skill was pulled at) via get_skill instrumentation
  * (ADR-DEV-121) — the remaining gap is trigger_accuracy (relevant-vs-invoked),
  * which needs a relevance oracle; no explicit human-rejection signal; completed =
- * RG signed (completed_at unset).
+ * the mode's terminal gate signed (RG for full/hotfix, TEST for bugfix).
  */
 export declare function aggregateRunMetrics(input: AggregateRunMetricsInput): Promise<AggregateRunMetricsOutput>;

package/dist/mcp/tools/aggregate_run_metrics.js

@@ -8,7 +8,8 @@ import { resolveActiveDomain } from "../config.js";
  * the Auditor agent's job (a later ADR).
  *
  * Attribution: per-AGENT via gate→produced_by[0] from pipeline.yaml (single
- * source); per-WORKFLOW via mode. Only COMPLETED runs (RG signed) are
+ * source); per-WORKFLOW via mode. Only COMPLETED runs (the mode's terminal gate
+ * signed — RG for full/hotfix, TEST for bugfix) are
  * aggregated; `min_runs` (default 3) is the design's small-sample guard — below
  * it `met_threshold=false` and the Auditor should stay silent.
  *
@@ -16,7 +17,7 @@ import { resolveActiveDomain } from "../config.js";
  * per_skill (incl. the gates a skill was pulled at) via get_skill instrumentation
  * (ADR-DEV-121) — the remaining gap is trigger_accuracy (relevant-vs-invoked),
  * which needs a relevance oracle; no explicit human-rejection signal; completed =
- * RG signed (completed_at unset).
+ * the mode's terminal gate signed (RG for full/hotfix, TEST for bugfix).
  */
 export async function aggregateRunMetrics(input) {
     const minRuns = input.min_runs;
@@ -117,7 +118,7 @@ export async function aggregateRunMetrics(input) {
         gates: [...a.gates].sort(),
     }));
     const notes = [
-        "completed = RG sign-off present (state machine does not populate completed_at).",
+        "completed = the mode's terminal gate is signed (RG for full/hotfix, TEST for bugfix).",
         "Skill invocations ARE captured (get_skill instrumentation, ADR-DEV-121): per_skill carries invocation counts + the gates each skill was pulled at, so skill.gates can be tuned to observed usage. The remaining gap is trigger_accuracy (relevant-vs-invoked), which needs a relevance oracle — not this data layer.",
         "No explicit human gate-rejection signal; rejections manifest as rollbacks/exceptions.",
         "Per-agent attribution uses gate→produced_by[0] from the active domain's pipeline.yaml.",

package/dist/mcp/tools/sign_off.js

@@ -1,4 +1,4 @@
-import { getGateConfig, loadPipeline } from "../pipeline.js";
+import { getGateConfig, getNextGate, loadPipeline } from "../pipeline.js";
 import { readTaskState, writeTaskState } from "../task_state.js";
 import { recordRunScorecard, countCompletedRuns, auditNudgeFor } from "../audit_ledger.js";
 import { resolveActiveDomain } from "../config.js";
@@ -57,14 +57,14 @@ export async function signOff(input) {
         evidence: input.evidence,
     });
     await writeTaskState(state);
-    // Auditor telemetry: when the terminal gate is signed, the run is complete —
-    // append a scorecard to the local ledger, then compute the /audit nudge.
-    // Best-effort: a ledger failure (or nudge failure) must NEVER break a
-    // sign-off (telemetry is not load-bearing for the gate).
+    // Auditor telemetry: when the run reaches its mode's TERMINAL gate (full/hotfix
+    // → RG, bugfix → TEST), the run is complete — append a scorecard to the local
+    // ledger, then compute the /audit nudge. Best-effort: a ledger failure (or nudge
+    // failure) must NEVER break a sign-off (telemetry is not load-bearing for the gate).
     let audit_nudge;
-    if (input.gate === "RG") {
+    if (getNextGate(pipeline, state.mode, input.gate) === null) {
         try {
-            await recordRunScorecard(state);
+            await recordRunScorecard(state, input.gate);
             audit_nudge = auditNudgeFor(await countCompletedRuns());
         }
         catch {

package/dist/mcp_setup.d.ts

@@ -69,6 +69,8 @@ export interface McpSetupReport {
     registration: "user-scope" | "manual-fallback";
     /** Server names freshly added to the user config this run. */
     serversRegistered: string[];
+    /** Installer-owned server names whose entry was refreshed (e.g. re-pinned to a new version). */
+    serversUpdated: string[];
     /** Server names already present in the user config (left untouched). */
     serversAlreadyPresent: string[];
     /** Server names whose registration failed (config unwritable). */
@@ -128,13 +130,16 @@ export declare function userConfigPath(): string;
 export declare function createUserConfigIO(configPath: string): UserConfigIO;
 /**
  * Idempotently merge `servers` into the config's top-level `mcpServers`. Pure —
- * returns a new config object plus which names were freshly added vs already
- * present. An existing key is NEVER overwritten (so a pre-existing global
- * `mempalace` is preserved untouched). Exported for unit testing.
+ * returns a new config object plus which names were added / updated / already
+ * present. A FOREIGN existing key is never overwritten (so a pre-existing global
+ * `mempalace` is preserved). An OWNED server (named in `ownedServers`) whose
+ * entry differs is refreshed in place — that is how a reinstall re-pins
+ * `code-ai-mcp` to the new version. Exported for unit testing.
  */
-export declare function mergeUserScopeServers(config: Record<string, unknown>, servers: Record<string, McpServerEntry>): {
+export declare function mergeUserScopeServers(config: Record<string, unknown>, servers: Record<string, McpServerEntry>, ownedServers?: readonly string[]): {
     config: Record<string, unknown>;
     registered: string[];
+    updated: string[];
     alreadyPresent: string[];
 };
 /**

package/dist/mcp_setup.js

@@ -2,6 +2,7 @@ import { spawn } from "node:child_process";
 import { copyFile, mkdir, readFile, rename, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import { join } from "node:path";
+import { readInstallerVersion } from "./version.js";
 /**
  * Try `mempalace-mcp --help` — the dedicated MCP-server bin, which is exactly
  * what we register. Resolves true on exit code 0, false otherwise (including
@@ -120,25 +121,38 @@ function readMcpServers(config) {
 }
 /**
  * Idempotently merge `servers` into the config's top-level `mcpServers`. Pure —
- * returns a new config object plus which names were freshly added vs already
- * present. An existing key is NEVER overwritten (so a pre-existing global
- * `mempalace` is preserved untouched). Exported for unit testing.
+ * returns a new config object plus which names were added / updated / already
+ * present. A FOREIGN existing key is never overwritten (so a pre-existing global
+ * `mempalace` is preserved). An OWNED server (named in `ownedServers`) whose
+ * entry differs is refreshed in place — that is how a reinstall re-pins
+ * `code-ai-mcp` to the new version. Exported for unit testing.
  */
-export function mergeUserScopeServers(config, servers) {
+export function mergeUserScopeServers(config, servers, ownedServers = []) {
     const next = { ...config };
     const mcpServers = readMcpServers(config);
+    const owned = new Set(ownedServers);
     const registered = [];
+    const updated = [];
     const alreadyPresent = [];
     for (const [name, entry] of Object.entries(servers)) {
+        const desired = toUserScopeEntry(entry);
         if (Object.prototype.hasOwnProperty.call(mcpServers, name)) {
-            alreadyPresent.push(name);
+            // Refresh ONLY our own servers (e.g. re-pin to a new version). A foreign
+            // server we also register (mempalace) is never overwritten.
+            if (owned.has(name) && JSON.stringify(mcpServers[name]) !== JSON.stringify(desired)) {
+                mcpServers[name] = desired;
+                updated.push(name);
+            }
+            else {
+                alreadyPresent.push(name);
+            }
             continue;
         }
-        mcpServers[name] = toUserScopeEntry(entry);
+        mcpServers[name] = desired;
         registered.push(name);
     }
     next.mcpServers = mcpServers;
-    return { config: next, registered, alreadyPresent };
+    return { config: next, registered, updated, alreadyPresent };
 }
 /**
  * Idempotently remove `names` from the config's `mcpServers`. Pure — returns a
@@ -184,10 +198,14 @@ function buildServerEntries(mempalaceUsed) {
     // DEV-100 consolidation: the code-ai-mcp bin lives inside the
     // `code-ai-installer` npm package. `npx -p <package> <bin>` tells npm to
     // install that package and run the named bin from it.
+    // Pin to THIS installer's version so the spawned server is explicit and
+    // reproducible. An unpinned `npx` silently runs whatever global/cache copy
+    // exists — that is how a stale, pre-fix server kept running after a reinstall.
+    // A reinstall re-pins this (mergeUserScopeServers refreshes owned servers).
     const servers = {
         "code-ai-mcp": {
             command: "npx",
-            args: ["-y", "-p", "code-ai-installer", "code-ai-mcp"],
+            args: ["-y", "-p", `code-ai-installer@${readInstallerVersion()}`, "code-ai-mcp"],
         },
     };
     if (mempalaceUsed) {
@@ -249,6 +267,7 @@ export async function setupMcp(opts, io = defaultUserConfigIO) {
     }
     const servers = buildServerEntries(mempalaceUsed);
     const serversRegistered = [];
+    const serversUpdated = [];
     const serversAlreadyPresent = [];
     const serversFailed = [];
     let registration;
@@ -268,12 +287,13 @@ export async function setupMcp(opts, io = defaultUserConfigIO) {
                 notices.push(manualEntryLine(name, entry));
         }
         else {
-            const merged = mergeUserScopeServers(read.data, servers);
+            const merged = mergeUserScopeServers(read.data, servers, INSTALLER_OWNED_SERVERS);
             serversAlreadyPresent.push(...merged.alreadyPresent);
             for (const name of merged.alreadyPresent) {
                 notices.push(`MCP server '${name}' already in user config — left untouched.`);
             }
-            if (merged.registered.length === 0) {
+            const changed = [...merged.registered, ...merged.updated];
+            if (changed.length === 0) {
                 registration = "user-scope";
             }
             else {
@@ -281,16 +301,22 @@ export async function setupMcp(opts, io = defaultUserConfigIO) {
                 if (written.ok) {
                     registration = "user-scope";
                     serversRegistered.push(...merged.registered);
-                    notices.push(`Registered MCP server(s) [${merged.registered.join(", ")}] in Claude user config ${io.configPath}` +
+                    serversUpdated.push(...merged.updated);
+                    const parts = [];
+                    if (merged.registered.length)
+                        parts.push(`registered [${merged.registered.join(", ")}]`);
+                    if (merged.updated.length)
+                        parts.push(`re-pinned [${merged.updated.join(", ")}]`);
+                    notices.push(`MCP server(s) ${parts.join(", ")} in Claude user config ${io.configPath}` +
                         (written.backupPath ? ` (backup: ${written.backupPath})` : "") +
                         ". Restart your Claude Code session to load them.");
                 }
                 else {
                     registration = "manual-fallback";
-                    serversFailed.push(...merged.registered);
+                    serversFailed.push(...changed);
                     notices.push(`Failed to write Claude user config at ${io.configPath} (${written.error ?? "unknown error"}). ` +
                         `No changes made — add these entries to its "mcpServers" object by hand:`);
-                    for (const name of merged.registered)
+                    for (const name of changed)
                         notices.push(manualEntryLine(name, servers[name]));
                 }
             }
@@ -308,6 +334,7 @@ export async function setupMcp(opts, io = defaultUserConfigIO) {
         userConfigPath: io.configPath,
         registration,
         serversRegistered,
+        serversUpdated,
         serversAlreadyPresent,
         serversFailed,
         configPath: cfg.path,

package/dist/version.d.ts

@@ -0,0 +1,8 @@
+/**
+ * The installed `code-ai-installer` package version — the single source for the
+ * CLI `--version`, the MCP server registration pin, and the server startup
+ * banner. Resolves `package.json` relative to THIS module (dist/version.js →
+ * ../package.json = package root), so every caller gets the right path
+ * regardless of its own depth in the tree.
+ */
+export declare function readInstallerVersion(): string;

package/dist/version.js

@@ -0,0 +1,13 @@
+import { createRequire } from "node:module";
+/**
+ * The installed `code-ai-installer` package version — the single source for the
+ * CLI `--version`, the MCP server registration pin, and the server startup
+ * banner. Resolves `package.json` relative to THIS module (dist/version.js →
+ * ../package.json = package root), so every caller gets the right path
+ * regardless of its own depth in the tree.
+ */
+export function readInstallerVersion() {
+    const requireJson = createRequire(import.meta.url);
+    const pkg = requireJson("../package.json");
+    return pkg.version;
+}

package/domains/development/agents/auditor.md

@@ -22,7 +22,7 @@ schema_version: 1
 - НЕ на каждом гейте и НЕ в фоне. Один проход, когда накопилось **≥3 завершённых прогона** (порог настраивается).
 - Ниже порога — молчит. На n=1 выводов не делает (малая выборка).
 - Per-gate телеметрию уже пишет стейт-машина; Аудитор делает один проход по накопленным данным.
-- Запуск прохода: команда `/audit` (вручную) или подсказка `audit_nudge`, которую `sign_off` возвращает после RG.
+- Запуск прохода: команда `/audit` (вручную) или подсказка `audit_nudge`, которую `sign_off` возвращает после завершения прогона (подписан финальный гейт режима — RG для full/hotfix, TEST для bugfix).
 
 ---
 
@@ -57,7 +57,7 @@ schema_version: 1
   - **Через человека даже в автономии:** разрушительное по существующему (удаление, крупная переписка, снятие возможностей).
   - **Всегда:** обязательный отчёт после любого автономного действия. Ничего невидимого.
   - **Дедуп при добавлении:** перед авто-добавлением скила — проверка пересечения (`related` + контролируемый словарь); отчёт перечисляет добавления для последующей чистки.
-- Механизм предложение→одобрение и тумблер автономии уже реализованы (`propose_change` → `review_proposal`: матрица рисков + дедуп). Проход запускается командой `/audit` или подсказкой после RG.
+- Механизм предложение→одобрение и тумблер автономии уже реализованы (`propose_change` → `review_proposal`: матрица рисков + дедуп). Проход запускается командой `/audit` или подсказкой после завершения прогона.
 
 ---
 

package/domains/development/locales/en/agents/auditor.md

@@ -22,7 +22,7 @@ Close the self-improvement loop: build → run → measure → improve. Once rea
 - NOT at every gate and NOT in the background. One pass, once **≥3 completed runs** have accumulated (threshold configurable).
 - Below the threshold — silent. It draws no conclusions from n=1 (small sample).
 - Per-gate telemetry is already persisted by the state machine; the Auditor makes one pass over the accumulated data.
-- Triggering a pass: the `/audit` command (manual) or the `audit_nudge` that `sign_off` returns after RG.
+- Triggering a pass: the `/audit` command (manual) or the `audit_nudge` that `sign_off` returns when a run completes (its mode's terminal gate is signed — RG for full/hotfix, TEST for bugfix).
 
 ---
 
@@ -57,7 +57,7 @@ Close the self-improvement loop: build → run → measure → improve. Once rea
   - **Human-gated even under autonomy:** destructive changes to existing assets (delete, major rewrite, capability removal).
   - **Always:** a mandatory report after any autonomous action. Nothing invisible.
   - **Additive dedup:** before auto-adding a skill — an overlap check (`related` + controlled vocab); the report lists additions for later pruning.
-- The propose→approve mechanism and the autonomy toggle already exist (`propose_change` → `review_proposal`: risk matrix + dedup). A pass is triggered by `/audit` or the post-RG nudge.
+- The propose→approve mechanism and the autonomy toggle already exist (`propose_change` → `review_proposal`: risk matrix + dedup). A pass is triggered by `/audit` or the post-completion nudge.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "code-ai-installer",
-  "version": "4.3.0",
+  "version": "4.3.2",
   "description": "Production-ready CLI to install code-ai agents and skills for multiple AI coding assistants. Bundles the code-ai-mcp MCP server for Claude Code.",
   "license": "MIT",
   "author": "Denish1209",