company-skill 4.3.0 → 4.5.0

package/hooks/session-restore.js

@@ -1,30 +1,54 @@
 #!/usr/bin/env node
 
-// Restore company state after compaction. Reads the checkpoint with reasoning + state.
+// Restore company state after compaction and drive the /company restart handoff.
+// PreCompact cannot make the model emit a prompt (shell-only, no model turn before
+// compaction), so the reliable trigger is here: right after compaction the model is
+// instructed to run /company restart (its mandatory verify and debate procedure)
+// and emit the handoff.
+//
+// SessionStart context must go through hookSpecificOutput.additionalContext.
+// That field reaches the model. systemMessage is a user-facing display only and
+// never enters the model's context.
 
 const fs = require('fs');
 const path = require('path');
 
-const companyDir = path.join(process.cwd(), '.company');
+const companyDir = process.env.COMPANY_DIR || path.join(process.cwd(), '.company');
 if (!fs.existsSync(companyDir)) process.exit(0);
 
-const checkpointMd = path.join(companyDir, '.checkpoint.md');
-const checkpointJson = path.join(companyDir, '.checkpoint.json');
-
-let msg = null;
+// Only sessions that own the run are acted on. A foreign session that merely
+// shares the directory must not be redirected or have state written on its
+// behalf. Missing or empty OWNER is legacy state and keeps the old behavior.
+try {
+  const hookInput = JSON.parse(fs.readFileSync(0, 'utf8'));
+  if (hookInput && typeof hookInput.session_id === 'string') {
+    const owners = fs.readFileSync(path.join(companyDir, 'OWNER'), 'utf8')
+      .split('\n').map(function (l) { return l.trim(); }).filter(Boolean);
+    if (owners.length > 0 && owners.indexOf(hookInput.session_id) === -1) process.exit(0);
+  }
+} catch (e) {}
 
+const checkpointMd = path.join(companyDir, '.checkpoint.md');
+let state = '';
 if (fs.existsSync(checkpointMd)) {
-  msg = fs.readFileSync(checkpointMd, 'utf8').substring(0, 2000);
-} else if (fs.existsSync(checkpointJson)) {
-  try {
-    const cp = JSON.parse(fs.readFileSync(checkpointJson, 'utf8'));
-    msg = "[COMPANY RESTORED] Goal: " + (cp.goal || "unknown") +
-      ", Cycle: " + (cp.cycle || 0) +
-      ", Criteria: " + (cp.passing || 0) + "/" + (cp.total || 0) +
-      ". Read .company/criteria.json and continue.";
-  } catch (e) {}
+  state = fs.readFileSync(checkpointMd, 'utf8').substring(0, 2000);
 }
 
-if (msg) {
-  console.log(JSON.stringify({ systemMessage: msg }));
-}
+// The post-compaction directive: run the restart procedure, do not just "continue".
+const directive =
+  '[COMPANY] Context was compacted, so prior turn-by-turn state is gone. Before doing ' +
+  'anything else, run the /company restart procedure from the skill: refresh ' +
+  '.company/criteria.json, .company/STATUS.md and .company/NEXT.md, run the mandatory ' +
+  "Source-Verifier + Devil's-Advocate + Completeness debate to re-derive every claim " +
+  'live (trust nothing the checkpoint asserts), then emit ONLY the single ' +
+  'self-contained handoff prompt block with no trailing commentary. The ' +
+  'pre-compaction checkpoint and the pending backlog are in .company/.checkpoint.md ' +
+  'and .company/NEXT.md. Read them first.';
+
+const msg = state ? directive + '\n\n--- pre-compaction checkpoint ---\n' + state : directive;
+console.log(JSON.stringify({
+  hookSpecificOutput: {
+    hookEventName: 'SessionStart',
+    additionalContext: msg
+  }
+}));

package/hooks/stop-guard.js

@@ -1,64 +1,154 @@
 #!/usr/bin/env node
 
+// Stop gate for /company runs: blocks the stop while any criterion fails
+// or lacks evidence. Fail closed on bad input (unparseable or wrong-shape
+// criteria.json blocks). The cancel file is the HUMAN's exit and block
+// reasons never name it. criteria.lock pins the id set: deleting a hard
+// criterion blocks instead of unlocking. Staleness is surfaced, never a
+// free pass. A harness force-stop leaves the run visibly failed.
+
 const fs = require('fs');
 const path = require('path');
 
-const cwd = process.cwd();
-const companyDir = path.join(cwd, '.company');
+const companyDir = process.env.COMPANY_DIR || path.join(process.cwd(), '.company');
 const criteriaPath = path.join(companyDir, 'criteria.json');
 const goalPath = path.join(companyDir, 'GOAL.md');
 const cancelPath = path.join(companyDir, 'CANCEL');
-const lockPath = path.join(companyDir, '.stop-lock');
+const ownerPath = path.join(companyDir, 'OWNER');
 
-// No company running
-if (!fs.existsSync(goalPath) && !fs.existsSync(criteriaPath)) process.exit(0);
+// Session scoping: only sessions listed in .company/OWNER are gated.
+// Missing or empty OWNER = legacy state, every session gated (fail closed).
+// Manual escape for legacy: ~/.claude/hooks/company-guard-exempt.txt.
+let sessionId = null;
+try {
+  const input = JSON.parse(fs.readFileSync(0, 'utf8'));
+  if (input && typeof input.session_id === 'string') sessionId = input.session_id;
+} catch (e) {}
+if (sessionId) {
+  try {
+    const exempt = fs.readFileSync(path.join(
+      process.env.HOME || '', '.claude', 'hooks', 'company-guard-exempt.txt'), 'utf8');
+    if (exempt.split('\n').some(function (l) { return l.trim() === sessionId; })) process.exit(0);
+  } catch (e) {}
+  try {
+    const rawOwners = fs.readFileSync(ownerPath, 'utf8')
+      .split('\n').map(function (l) { return l.trim(); }).filter(Boolean);
+    // Garbled OWNER fails closed: only a clean id list frees a foreign session.
+    const valid = rawOwners.filter(function (l) { return /^[A-Za-z0-9][A-Za-z0-9._-]{7,}$/.test(l); });
+    if (rawOwners.length > 0 && valid.length === rawOwners.length &&
+        valid.indexOf(sessionId) === -1) process.exit(0);
+  } catch (e) {}
+}
 
-// Cancel signal
-if (fs.existsSync(cancelPath)) {
-  try { fs.unlinkSync(cancelPath); } catch (e) {}
-  try { fs.unlinkSync(lockPath); } catch (e) {}
+const STALE_MS = 24 * 60 * 60 * 1000;
+
+function block(reason) {
+  // Tag the session id so a wrongly gated session can be exempted exactly.
+  const tag = sessionId ? ' [session ' + sessionId + ']' : '';
+  console.log(JSON.stringify({ decision: 'block', reason: '[COMPANY] ' + reason + tag }));
   process.exit(0);
 }
 
-// If lock file exists and is recent (< 60s), this is a repeat stop. Allow it.
-if (fs.existsSync(lockPath)) {
+// Returns a warning suffix for the block reason when the file is stale,
+// otherwise an empty string. Never used to allow a stop.
+function staleNote(p) {
   try {
-    const age = Date.now() - fs.statSync(lockPath).mtimeMs;
-    if (age < 60000) {
-      fs.unlinkSync(lockPath);
-      process.exit(0);
+    const ms = Date.now() - fs.statSync(p).mtimeMs;
+    if (ms > STALE_MS) {
+      return ' NOTE: this state file has been untouched for ' +
+        Math.round(ms / 3600000) + ' hours. If it is a leftover from an old ' +
+        'run, a human operator can cancel it (see the README)';
     }
   } catch (e) {}
+  return '';
+}
+
+// No company running
+if (!fs.existsSync(goalPath) && !fs.existsSync(criteriaPath)) process.exit(0);
+
+// Cancel signal: the only escape hatch
+if (fs.existsSync(cancelPath)) {
+  try { fs.unlinkSync(cancelPath); } catch (e) {}
+  process.exit(0);
 }
 
-// Check criteria
 if (fs.existsSync(criteriaPath)) {
+  const stale = staleNote(criteriaPath);
+
+  let data;
   try {
-    const data = JSON.parse(fs.readFileSync(criteriaPath, 'utf8'));
-    const all = data.criteria || [];
-    const failing = all.filter(c => !c.passes || !c.evidence);
+    data = JSON.parse(fs.readFileSync(criteriaPath, 'utf8'));
+  } catch (e) {
+    // Fail closed: broken JSON is not a free pass out of the gate.
+    block('criteria.json is unparseable. Repair the JSON so the criteria can be ' +
+      'checked honestly.' + stale);
+  }
 
-    if (all.length > 0 && failing.length === 0) {
-      try { fs.unlinkSync(lockPath); } catch (e) {}
-      process.exit(0);
-    }
+  // Fail closed on the wrong shape too: a parseable file whose criteria
+  // field is not an array would otherwise throw below and let the stop slip.
+  if (!data || typeof data !== 'object' || !Array.isArray(data.criteria)) {
+    block('criteria.json has the wrong shape: "criteria" must be an array of ' +
+      '{id, description, passes, evidence} objects. Repair it so the criteria ' +
+      'can be checked honestly.' + stale);
+  }
 
-    // Write lock, block this stop
-    fs.writeFileSync(lockPath, String(Date.now()));
-    const failList = failing.map(c => c.description).join(', ');
-    console.log(JSON.stringify({
-      decision: "block",
-      reason: "[COMPANY] " + failing.length + "/" + all.length + " criteria not met: " + failList + ". Continue THINK > EXECUTE > VERIFY."
-    }));
-    process.exit(0);
-  } catch (e) {
-    process.exit(0);
+  const all = data.criteria;
+
+  if (all.length === 0) {
+    block('criteria.json has zero criteria. Write real yes/no checkable criteria ' +
+      'for the goal.' + stale);
+  }
+
+  // criteria.lock: first sight snapshots ids, removal blocks, additions extend.
+  const lockPath = path.join(companyDir, 'criteria.lock');
+  const currentIds = all
+    .filter(function (c) { return c && typeof c === 'object' && c.id !== undefined && c.id !== null; })
+    .map(function (c) { return String(c.id); });
+  let lockedIds = null;
+  try {
+    lockedIds = fs.readFileSync(lockPath, 'utf8')
+      .split('\n').map(function (l) { return l.trim(); }).filter(Boolean);
+  } catch (e) {}
+  if (lockedIds === null) {
+    try { fs.writeFileSync(lockPath, currentIds.join('\n') + '\n'); } catch (e) {}
+  } else {
+    const missing = lockedIds.filter(function (id) { return currentIds.indexOf(id) === -1; });
+    if (missing.length > 0) {
+      block('locked criterion id(s) removed from criteria.json: ' + missing.join(', ') +
+        '. Criteria are never deleted to satisfy the gate; restore them and meet them.' +
+        stale);
+    }
+    const added = currentIds.filter(function (id) { return lockedIds.indexOf(id) === -1; });
+    if (added.length > 0) {
+      try { fs.writeFileSync(lockPath, lockedIds.concat(added).join('\n') + '\n'); } catch (e) {}
+    }
   }
+
+  // passes:true requires non-null evidence. The VERIFY phase writes the
+  // reproduced evidence string when it flips a criterion to passing.
+  // A null or non-object entry counts as failing, never as a crash.
+  const failing = all.filter(c => !c || typeof c !== 'object' || !c.passes || !c.evidence);
+
+  if (failing.length === 0) process.exit(0);
+
+  // Surface the reviewer's note per failing criterion so the block reason is
+  // actionable feedback, not just a name list.
+  const failList = failing.map(c => {
+    if (!c || typeof c !== 'object') return '(malformed entry)';
+    const note = typeof c.note === 'string' && c.note.trim() ? ' [' + c.note.trim().slice(0, 120) + ']' : '';
+    return (c.description || '(no description)') + note;
+  }).join(', ');
+  let goalLine = '';
+  try {
+    goalLine = fs.readFileSync(goalPath, 'utf8').split('\n').find(function (l) { return l.trim(); }) || '';
+    if (goalLine) goalLine = 'GOAL: ' + goalLine.trim().slice(0, 100) + ' | ';
+  } catch (e) {}
+  block(goalLine + failing.length + '/' + all.length + ' criteria not met: ' + failList +
+    '. Continue THINK > EXECUTE > VERIFY. passes:true counts only with non-null ' +
+    'evidence reproduced by the reviewer.' + stale);
 }
 
-// No criteria but goal exists — block once
-fs.writeFileSync(lockPath, String(Date.now()));
-console.log(JSON.stringify({
-  decision: "block",
-  reason: "[COMPANY] Goal not achieved. Create criteria.json and start THINK > EXECUTE > VERIFY."
-}));
+// Goal exists but criteria.json was never written
+block('Goal not achieved. Create .company/criteria.json and start ' +
+  'THINK > EXECUTE > VERIFY.' +
+  staleNote(goalPath));

package/install.sh

@@ -1,37 +1,102 @@
 #!/bin/bash
+# Installs the /company skill, commands, agents, AND hooks. Idempotent:
+# re-running overwrites the copied files and never duplicates hook entries.
 set -e
 
 REPO="https://raw.githubusercontent.com/jagmarques/company-skill/main"
 
-# Install skill globally
+fetch() {
+  curl -fsSL "$1" -o "$2" 2>/dev/null || wget -q "$1" -O "$2" 2>/dev/null
+}
+
+command -v curl >/dev/null 2>&1 || command -v wget >/dev/null 2>&1 || {
+  echo "Error: curl or wget required"
+  exit 1
+}
+
+# Skill
 mkdir -p "$HOME/.claude/skills/company"
-curl -sL "$REPO/skill/SKILL.md" -o "$HOME/.claude/skills/company/SKILL.md" 2>/dev/null || \
-  wget -q "$REPO/skill/SKILL.md" -O "$HOME/.claude/skills/company/SKILL.md" 2>/dev/null || \
-  { echo "Error: curl or wget required"; exit 1; }
+fetch "$REPO/skill/SKILL.md" "$HOME/.claude/skills/company/SKILL.md" || {
+  echo "Error: could not download SKILL.md"
+  exit 1
+}
 
-# Install commands globally
+# Commands
 mkdir -p "$HOME/.claude/commands/company"
 for cmd in run status resume; do
-  curl -sL "$REPO/commands/$cmd.md" -o "$HOME/.claude/commands/company/$cmd.md" 2>/dev/null || true
+  fetch "$REPO/commands/$cmd.md" "$HOME/.claude/commands/company/$cmd.md" || echo "Warning: failed to download command $cmd"
 done
 
-# Install agents globally
+# Agents
 mkdir -p "$HOME/.claude/agents"
 for agent in lead worker reviewer critic digest; do
-  curl -sL "$REPO/agents/company-$agent.md" -o "$HOME/.claude/agents/company-$agent.md" 2>/dev/null || true
+  fetch "$REPO/agents/company-$agent.md" "$HOME/.claude/agents/company-$agent.md" || echo "Warning: failed to download agent company-$agent"
 done
 
+# Hooks (the stop gate and the compaction machinery live here)
+mkdir -p "$HOME/.claude/hooks"
+for pair in "stop-guard company-stop-guard" "precompact company-precompact" "session-restore company-session-restore"; do
+  src="${pair%% *}"
+  dest="${pair##* }"
+  fetch "$REPO/hooks/$src.js" "$HOME/.claude/hooks/$dest.js" || echo "Warning: failed to download hook $src"
+done
+
+# Register hooks in ~/.claude/settings.json. JSON editing from shell is not
+# safe without a JSON tool, so use node when available and print exact manual
+# steps otherwise. The merge is idempotent: existing entries are kept.
+if command -v node >/dev/null 2>&1; then
+  node <<'EOF'
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const home = os.homedir();
+const hooksDir = path.join(home, '.claude', 'hooks');
+const settingsPath = path.join(home, '.claude', 'settings.json');
+let settings = {};
+try { settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8')); } catch (e) {}
+if (!settings.hooks) settings.hooks = {};
+function ensure(event, marker, entry) {
+  if (!settings.hooks[event]) settings.hooks[event] = [];
+  const present = settings.hooks[event].some(h => (h.hooks || []).some(hh => (hh.command || '').includes(marker)));
+  if (!present) settings.hooks[event].push(entry);
+}
+ensure('Stop', 'company-stop-guard', { hooks: [{ type: 'command', command: `node "${path.join(hooksDir, 'company-stop-guard.js')}"`, timeout: 10 }] });
+ensure('PreCompact', 'company-precompact', { hooks: [{ type: 'command', command: `node "${path.join(hooksDir, 'company-precompact.js')}"`, timeout: 10 }] });
+ensure('SessionStart', 'company-session-restore', { matcher: 'compact', hooks: [{ type: 'command', command: `node "${path.join(hooksDir, 'company-session-restore.js')}"`, timeout: 10 }] });
+fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
+const tmp = settingsPath + '.tmp';
+fs.writeFileSync(tmp, JSON.stringify(settings, null, 2));
+fs.renameSync(tmp, settingsPath);
+console.log('Hooks registered in ' + settingsPath);
+EOF
+else
+  cat <<EOF
+
+node was not found, so the hook files were copied but NOT registered.
+The hooks need node at runtime anyway, so install node, then add this to
+the "hooks" section of ~/.claude/settings.json (merge with what is there):
+
+  "Stop": [{ "hooks": [{ "type": "command", "command": "node \"$HOME/.claude/hooks/company-stop-guard.js\"", "timeout": 10 }] }],
+  "PreCompact": [{ "hooks": [{ "type": "command", "command": "node \"$HOME/.claude/hooks/company-precompact.js\"", "timeout": 10 }] }],
+  "SessionStart": [{ "matcher": "compact", "hooks": [{ "type": "command", "command": "node \"$HOME/.claude/hooks/company-session-restore.js\"", "timeout": 10 }] }]
+
+EOF
+fi
+
 # Create COMPANY.md template in current directory if missing
 if [ ! -f "COMPANY.md" ]; then
-  curl -sL "$REPO/COMPANY.md.template" -o "COMPANY.md" 2>/dev/null || true
+  fetch "$REPO/COMPANY.md.template" "COMPANY.md" || true
   [ -f "COMPANY.md" ] && echo "Created COMPANY.md template. Edit it with your team."
 fi
 
-# Gitignore .company/
-grep -q "^\.company/" .gitignore 2>/dev/null || echo ".company/" >> .gitignore 2>/dev/null || true
+# Gitignore .company/ (only inside a git repo)
+if [ -d ".git" ]; then
+  grep -q "^\.company/" .gitignore 2>/dev/null || echo ".company/" >> .gitignore
+fi
 
-echo "Installed globally. Available commands:"
+echo "Installed. Available commands:"
 echo "  /company           Main skill"
 echo "  /company:run       Run with a goal"
 echo "  /company:status    Check status"
 echo "  /company:resume    Continue from last session"
+echo "Cancel a run: touch .company/CANCEL"

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "company-skill",
-  "version": "4.3.0",
+  "version": "4.5.0",
   "description": "Goal-driven multi-employee company for Claude Code. Give it a goal, it runs until done.",
   "bin": {
     "company-skill": "./bin/install.js"
   },
-  "keywords": ["claude-code", "skill", "multi-agent", "company", "orchestration"],
+  "keywords": ["claude-code", "skill", "multi-agent", "company", "orchestration", "model-agnostic", "autonomous-agents", "stop-hook", "agent-orchestration", "ai-agents", "fable", "claude-fable"],
   "author": "jagmarques",
   "license": "MIT",
   "repository": {

package/scripts/check-contracts.js

@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+// Mechanical gate for delegation contracts: every TASK block must carry all
+// seven fields and a non-empty VERIFY-WITH. Run before EXECUTE:
+//   node scripts/check-contracts.js .company/cycles/cycle-N-tasks.md
+// Exit 1 lists each defective contract. No fields, no task.
+const fs = require('fs');
+const file = process.argv[2];
+if (!file || !fs.existsSync(file)) { console.error('usage: check-contracts.js <tasks-file>'); process.exit(2); }
+const text = fs.readFileSync(file, 'utf8');
+const blocks = text.split(/\n(?=TASK:)/).filter(b => b.trim().startsWith('TASK:'));
+if (blocks.length === 0) { console.error('no TASK blocks found'); process.exit(1); }
+const FIELDS = ['TASK:', 'EMPLOYEE:', 'SKILL:', 'INPUTS:', 'OUTPUT:', 'DONE-WHEN:', 'VERIFY-WITH:', 'OUT-OF-SCOPE:'];
+// DEPENDS-ON is optional. When present it must name existing task numbers
+// and the dependency graph must be acyclic.
+function checkDeps(blocks) {
+  const errs = [];
+  const deps = blocks.map((b, i) => {
+    const m = b.match(/DEPENDS-ON:\s*(.+)/);
+    if (!m) return [];
+    const v = m[1].trim();
+    if (/^none$/i.test(v)) return [];
+    if (!/^\d+(\s*(,|and)\s*\d+)*$/i.test(v)) {
+      errs.push('contract ' + (i + 1) + ': DEPENDS-ON must be "none" or task numbers, got: ' + v.slice(0, 40));
+      return [];
+    }
+    return v.match(/\d+/g).map(Number);
+  });
+  deps.forEach((ds, i) => ds.forEach(d => {
+    if (d < 1 || d > blocks.length) errs.push('contract ' + (i + 1) + ': DEPENDS-ON names missing task ' + d);
+    if (d === i + 1) errs.push('contract ' + (i + 1) + ': depends on itself');
+  }));
+  const state = new Array(blocks.length).fill(0);
+  function visit(i, trail) {
+    if (state[i] === 1) { errs.push('dependency cycle: ' + trail.concat(i + 1).join(' -> ')); return; }
+    if (state[i] === 2) return;
+    state[i] = 1;
+    deps[i].forEach(d => { if (d >= 1 && d <= blocks.length) visit(d - 1, trail.concat(i + 1)); });
+    state[i] = 2;
+  }
+  for (let i = 0; i < blocks.length; i++) visit(i, []);
+  return errs;
+}
+let bad = 0;
+blocks.forEach((b, i) => {
+  const missing = FIELDS.filter(f => !b.includes(f));
+  const vw = (b.split('VERIFY-WITH:')[1] || '').split('\n')[0].trim();
+  const errs = [];
+  if (missing.length) errs.push('missing ' + missing.join(' '));
+  if (b.includes('VERIFY-WITH:') && vw.length < 8) errs.push('VERIFY-WITH is empty or vacuous');
+  if (errs.length) { bad += 1; console.error('contract ' + (i + 1) + ': ' + errs.join(', ')); }
+});
+const depErrs = checkDeps(blocks);
+depErrs.forEach(e => console.error(e));
+if (bad || depErrs.length) { console.error((bad + depErrs.length) + ' defects across ' + blocks.length + ' contracts'); process.exit(1); }
+console.log(blocks.length + ' contracts well-formed');

package/scripts/check-findings.js

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+// Mechanical gate for findings files: every FINDING line must be followed by
+// a SOURCE line (or NOVEL marker) before the next FINDING. Run at VERIFY:
+//   node scripts/check-findings.js .company/<dept>/<employee>.md [...]
+// Exit 1 names each unsourced finding. A claim without a source is unverifiable.
+const fs = require('fs');
+const files = process.argv.slice(2);
+if (!files.length) { console.error('usage: check-findings.js <findings-file...>'); process.exit(2); }
+let bad = 0, total = 0;
+files.forEach(file => {
+  if (!fs.existsSync(file)) { console.error(file + ': missing'); bad += 1; return; }
+  const lines = fs.readFileSync(file, 'utf8').split('\n');
+  lines.forEach((l, i) => {
+    if (!/^FINDING:/.test(l)) return;
+    total += 1;
+    for (let j = i + 1; j < lines.length; j++) {
+      if (/^FINDING:/.test(lines[j])) break;
+      if (/^SOURCE:|NOVEL - needs validation/.test(lines[j])) return;
+    }
+    bad += 1;
+    console.error(file + ':' + (i + 1) + ' FINDING without SOURCE: ' + l.slice(0, 70));
+  });
+});
+if (bad) { console.error(bad + ' unsourced findings'); process.exit(1); }
+console.log(total + ' findings all sourced');

package/scripts/check.sh

@@ -0,0 +1,125 @@
+#!/bin/bash
+# Quality floor for this repo. Run from anywhere: bash scripts/check.sh
+# Checks that every shipped JS file parses, the skill and agent files have
+# frontmatter, and no private or banned content leaks into the public files.
+set -u
+
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+fail=0
+
+note_fail() {
+  echo "FAIL: $1"
+  fail=1
+}
+
+# 1. Every hook and the installer must parse as valid JS
+for f in hooks/*.js bin/install.js; do
+  if node --check "$f" 2>/dev/null; then
+    echo "ok: node --check $f"
+  else
+    node --check "$f" || true
+    note_fail "$f does not parse"
+  fi
+done
+
+# 2. install.sh must parse as valid shell
+if bash -n install.sh 2>/dev/null; then
+  echo "ok: bash -n install.sh"
+else
+  note_fail "install.sh does not parse"
+fi
+
+# 3. SKILL.md frontmatter exists and names the skill
+if [ "$(head -1 skill/SKILL.md)" = "---" ] && grep -q '^name: company$' skill/SKILL.md; then
+  echo "ok: SKILL.md frontmatter"
+else
+  note_fail "skill/SKILL.md frontmatter missing or name field absent"
+fi
+
+# 4. Every agent file has frontmatter with name and model fields
+for f in agents/*.md; do
+  if [ "$(head -1 "$f")" = "---" ] && grep -q '^name: ' "$f" && grep -q '^model: ' "$f"; then
+    echo "ok: frontmatter $f"
+  else
+    note_fail "$f missing frontmatter, name, or model field"
+  fi
+done
+
+# 5. package.json parses
+if node -e "JSON.parse(require('fs').readFileSync('package.json','utf8'))" 2>/dev/null; then
+  echo "ok: package.json parses"
+else
+  note_fail "package.json is invalid JSON"
+fi
+
+# 6. No private rule-number references (e.g. references to a numbered rule
+#    in someone's personal CLAUDE.md) in shipped files
+if grep -rnE 'CLAUDE\.md +(rule +)?[0-9]+\.[0-9]+|\(CLAUDE\.md +[0-9]' \
+    --include='*.md' --include='*.js' --include='*.sh' --include='*.template' \
+    --exclude-dir=.git --exclude-dir=node_modules --exclude=check.sh .; then
+  note_fail "private rule-number reference found"
+else
+  echo "ok: no private rule references"
+fi
+
+# 7. No bare rule-number references either ("rule 1.2" without naming a
+#    file is still a leak from someone's private rule set)
+if grep -rinE 'rule [0-9]+\.[0-9]+' \
+    --include='*.md' --include='*.js' --include='*.sh' --include='*.template' \
+    --exclude-dir=.git --exclude-dir=node_modules --exclude=check.sh .; then
+  note_fail "bare rule-number reference found"
+else
+  echo "ok: no bare rule references"
+fi
+
+# 8. No hardcoded IP addresses (loopback and wildcard excepted)
+if grep -rnE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' \
+    --include='*.md' --include='*.js' --include='*.sh' --include='*.template' \
+    --exclude-dir=.git --exclude-dir=node_modules --exclude=check.sh . \
+    | grep -vE '127\.0\.0\.1|0\.0\.0\.0'; then
+  note_fail "hardcoded IP address found"
+else
+  echo "ok: no hardcoded IPs"
+fi
+
+# 9. No em dashes in shipped files
+EMDASH=$(printf '\342\200\224')
+if grep -rn "$EMDASH" \
+    --include='*.md' --include='*.js' --include='*.sh' --include='*.template' \
+    --exclude-dir=.git --exclude-dir=node_modules --exclude=check.sh .; then
+  note_fail "em dash found"
+else
+  echo "ok: no em dashes"
+fi
+
+# 10. No leaked operator brand names anywhere in the tree. This is a generic
+#     public tool and must never name the company of whoever maintains it.
+#     check.sh is excluded only because the banned word list lives here.
+if grep -rin 'asqav' --exclude-dir=.git --exclude-dir=node_modules \
+    --exclude=check.sh .; then
+  note_fail "leaked brand name found"
+else
+  echo "ok: no leaked brand names"
+fi
+
+# 11. Stop-guard decision-logic matrix: the fail-closed behavior is load-bearing
+#     and must not regress silently behind a green parse check.
+if node tests/stop-guard.test.js; then
+  echo "ok: stop-guard decision matrix"
+else
+  note_fail "stop-guard decision matrix failed"
+fi
+
+# 12. Contract checker matrix: field and DEPENDS-ON validation must hold.
+if node tests/check-contracts.test.js; then
+  echo "ok: contract checker matrix"
+else
+  note_fail "contract checker matrix failed"
+fi
+
+if [ "$fail" -ne 0 ]; then
+  echo "CHECKS FAILED"
+  exit 1
+fi
+echo "ALL CHECKS PASSED"