contextdevkit 1.8.0

package/tools/integration-test-guards.mjs

@@ -0,0 +1,269 @@
+#!/usr/bin/env node
+/**
+ * ContextDevKit integration test — GUARDS (git hooks + config robustness + installer).
+ *
+ * Covers the safety nets that REJECT bad input rather than produce features —
+ * the parts most dangerous to leave untested:
+ *   - commit-msg.mjs   Conventional-Commits validator (enforces rule 5)
+ *   - pre-push.mjs     conflict block / warn / allow + the audited bypass
+ *   - load.mjs         zero-dep loader: deep-merge + BOM + malformed-JSON fallback
+ *   - uninstall.mjs    --uninstall / --purge (destructive — keeps memory)
+ *   - concurrency-guard external-edit branch; gh-alerts mappers; malformed-settings
+ *
+ * Shared harness: it-helpers.mjs. Run: node tools/integration-test-guards.mjs
+ */
+import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, utimesSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { KIT, run, git, readJson, reporter, installFixture } from './it-helpers.mjs';
+
+const rep = reporter();
+const { ok, bad } = rep;
+console.log('\n🌀 ContextDevKit integration test — guards\n');
+
+const importKit = (rel) => import('file://' + join(KIT, rel).replaceAll('\\', '/'));
+const tmp = (tag) => mkdtempSync(join(tmpdir(), `contextkit-${tag}-`));
+const seedConfig = (root, obj, { bom = false } = {}) => {
+  mkdirSync(join(root, 'contextkit'), { recursive: true });
+  writeFileSync(join(root, 'contextkit', 'config.json'), (bom ? '' : '') + (typeof obj === 'string' ? obj : JSON.stringify(obj)));
+};
+
+/** 017 — the zero-dep config loader's defensive behaviours (deep-merge / BOM / malformed). */
+async function testConfigLoader() {
+  const { loadConfigSync } = await importKit('templates/contextkit/runtime/config/load.mjs');
+
+  const partial = tmp('cfg-a');
+  seedConfig(partial, { level: 3, ledger: { important: ['only/'] } });
+  const merged = loadConfigSync(partial);
+  merged.level === 3 && merged.ledger.important.join() === 'only/' && merged.l5 && typeof merged.l5 === 'object'
+    ? ok('loadConfigSync deep-merges a partial override over defaults') : bad(`deepMerge wrong: ${JSON.stringify(merged.ledger)}`);
+
+  const bom = tmp('cfg-b');
+  seedConfig(bom, { level: 4 }, { bom: true });
+  loadConfigSync(bom).level === 4 ? ok('loadConfigSync strips a UTF-8 BOM before parse') : bad('BOM not stripped');
+
+  const broken = tmp('cfg-c');
+  seedConfig(broken, '{ not: valid json,,');
+  const empty = tmp('cfg-d');
+  JSON.stringify(loadConfigSync(broken)) === JSON.stringify(loadConfigSync(empty))
+    ? ok('loadConfigSync falls back to defaults on malformed JSON (never throws)') : bad('malformed JSON did not fall back to defaults');
+
+  for (const d of [partial, bom, broken, empty]) rmSync(d, { recursive: true, force: true });
+}
+
+/** 018 — gh-alerts pure mappers (GitHub alert shape → finding). */
+async function testGhAlertMappers() {
+  const gha = await importKit('templates/contextkit/tools/scripts/gh-alerts.mjs');
+  const dep = gha.mapDependabotAlert({ security_advisory: { severity: 'high', summary: 'XSS', ghsa_id: 'GHSA-x' }, dependency: { package: { name: 'lodash' }, manifest_path: 'package.json' } });
+  dep.kind === 'dependabot' && dep.severity === 4 && dep.path === 'package.json' && dep.message.includes('lodash') && dep.source === 'gh:dependabot:package.json'
+    ? ok('mapDependabotAlert shapes a finding (severity + source)') : bad(`mapDependabotAlert wrong: ${JSON.stringify(dep)}`);
+  const cs = gha.mapCodeScanningAlert({ rule: { id: 'js/xss', security_severity_level: 'critical', description: 'desc' }, most_recent_instance: { location: { path: 'src/a.js' } } });
+  cs.kind === 'code-scanning' && cs.severity === 5 && cs.path === 'src/a.js'
+    ? ok('mapCodeScanningAlert shapes a finding') : bad(`mapCodeScanningAlert wrong: ${JSON.stringify(cs)}`);
+  gha.mapDependabotAlert({}).severity === 2 && gha.mapCodeScanningAlert({}).severity === 2
+    ? ok('gh-alerts mappers default unknown severity to a safe floor') : bad('gh-alerts severity floor missing');
+}
+
+/** 015 — commit-msg Conventional-Commits validator (exit 0 allow / 1 block). */
+function testCommitMsg(proj) {
+  const hook = join(proj, 'contextkit', 'runtime', 'git-hooks', 'commit-msg.mjs');
+  const check = (msg) => {
+    const f = join(proj, '_msg.txt');
+    writeFileSync(f, msg + '\n');
+    return run([hook, f], { cwd: proj }).status;
+  };
+  const cases = [
+    ['feat(api): add endpoint', 0, 'valid type(scope)'],
+    ['fix: correct thing', 0, 'valid no-scope'],
+    ['added a thing', 1, 'missing type → blocked'],
+    ['fix: trailing period.', 1, 'trailing period → blocked'],
+    ["Merge branch 'x'", 0, 'merge commit allowed'],
+    ['wip: messy [skip-cc]', 0, '[skip-cc] bypass allowed'],
+  ];
+  for (const [msg, want, label] of cases) {
+    check(msg) === want ? ok(`commit-msg ${label}`) : bad(`commit-msg "${label}" expected exit ${want}`);
+  }
+}
+
+/** 018 — concurrency-guard branch 2: the file changed on disk since we last wrote it. */
+function testConcurrencyExternalEdit(proj) {
+  const hook = (name, payload) => run([join(proj, 'contextkit', 'runtime', 'hooks', name)], { cwd: proj, input: JSON.stringify(payload) });
+  const rel = 'src/ext.js';
+  const abs = join(proj, rel);
+  mkdirSync(join(proj, 'src'), { recursive: true });
+  writeFileSync(abs, 'v1\n');
+  hook('track-edits.mjs', { session_id: 'extsess', tool_name: 'Write', tool_input: { file_path: rel } });
+  // Force a strictly-newer mtime to simulate an external edit after we recorded ours.
+  const future = new Date(Date.now() + 10_000);
+  utimesSync(abs, future, future);
+  const out = hook('concurrency-guard.mjs', { session_id: 'extsess', tool_name: 'Write', tool_input: { file_path: rel } }).stdout || '';
+  out.includes('changed on disk') ? ok('concurrency-guard warns on an external on-disk edit') : bad(`concurrency-guard external-edit branch silent: ${out}`);
+}
+
+/** 018 — installer recreates a malformed .claude/settings.json instead of crashing. */
+function testMalformedSettingsRecovery(proj) {
+  const settings = join(proj, '.claude', 'settings.json');
+  writeFileSync(settings, '{ this is : not json ,,');
+  const res = run([join(KIT, 'install.mjs'), '--target', proj, '--update']);
+  let parsed = null;
+  try {
+    parsed = readJson(settings);
+  } catch {
+    /* stays null */
+  }
+  res.status === 0 && parsed && parsed.hooks
+    ? ok('installer recovers from a malformed settings.json (--update)') : bad(`malformed-settings recovery failed (status ${res.status})`);
+}
+
+/** 016 — pre-push conflict gate: allow disjoint, warn on auto-merge, block real conflict, bypass. */
+function testPrePush() {
+  const fx = installFixture(rep);
+  const { proj } = fx;
+  const remote = tmp('remote');
+  const clone = tmp('clone');
+  const hook = join(proj, 'contextkit', 'runtime', 'git-hooks', 'pre-push.mjs');
+  const pp = (env) => run([hook], { cwd: proj, env: { ...process.env, ...env } });
+  const commit = (cwd, m) => {
+    git(['add', '-A'], cwd);
+    git(['commit', '-m', m, '--no-verify'], cwd);
+  };
+  try {
+    writeFileSync(join(proj, 'shared.txt'), 'a\nb\nc\nd\ne\n');
+    writeFileSync(join(proj, 'mergeable.txt'), '1\n2\n3\n4\n5\n');
+    writeFileSync(join(proj, 'other.txt'), 'x\n');
+    commit(proj, 'feat: base');
+    git(['init', '--bare', '-b', 'main', remote]);
+    git(['remote', 'add', 'origin', remote], proj);
+    git(['push', '-u', 'origin', 'main'], proj);
+    // Origin diverges (via a clone): change shared.txt line c + mergeable.txt line 1.
+    git(['clone', remote, clone]);
+    git(['config', 'user.email', 'it@example.com'], clone);
+    git(['config', 'user.name', 'IT'], clone);
+    writeFileSync(join(clone, 'shared.txt'), 'a\nb\nREMOTE_C\nd\ne\n');
+    writeFileSync(join(clone, 'mergeable.txt'), 'REMOTE_1\n2\n3\n4\n5\n');
+    commit(clone, 'feat: remote change');
+    git(['push', 'origin', 'main'], clone);
+
+    // allow: local touches only other.txt → no overlap with origin.
+    writeFileSync(join(proj, 'other.txt'), 'y\n');
+    commit(proj, 'feat: local disjoint');
+    const allow = pp();
+    allow.status === 0 && !/both changed|BLOCKED/.test(allow.stderr || '') ? ok('pre-push ALLOWS a disjoint push') : bad(`pre-push didn't allow disjoint (status ${allow.status})`);
+
+    // warn: local edits mergeable.txt line 5 (origin edited line 1) → auto-merge → exit 0 + notice.
+    writeFileSync(join(proj, 'mergeable.txt'), '1\n2\n3\n4\nLOCAL_5\n');
+    commit(proj, 'feat: local mergeable');
+    const warn = pp();
+    warn.status === 0 && /both changed/.test(warn.stderr || '') ? ok('pre-push WARNS on an auto-mergeable overlap') : bad(`pre-push warn case wrong (status ${warn.status})`);
+
+    // block: local edits shared.txt line c (origin made it REMOTE_C) → real conflict.
+    writeFileSync(join(proj, 'shared.txt'), 'a\nb\nLOCAL_C\nd\ne\n');
+    commit(proj, 'feat: local conflict');
+    pp().status === 1 ? ok('pre-push BLOCKS a real conflict') : bad('pre-push did not block a real conflict');
+
+    // bypass: same conflicting state, audited override.
+    pp({ CONTEXT_ALLOW_CONFLICT_PUSH: '1' }).status === 0 ? ok('pre-push bypass (CONTEXT_ALLOW_CONFLICT_PUSH) allows') : bad('pre-push bypass did not allow');
+  } catch (err) {
+    bad(`pre-push setup crashed: ${err?.message ?? err}`);
+  } finally {
+    fx.cleanup();
+    rmSync(remote, { recursive: true, force: true });
+    rmSync(clone, { recursive: true, force: true });
+  }
+}
+
+/** 014 — uninstall removes wiring (keeps memory); purge removes engine (keeps memory + CLAUDE.md). */
+function testUninstall() {
+  const fx1 = installFixture(rep);
+  try {
+    run([join(KIT, 'install.mjs'), '--target', fx1.proj, '--uninstall']);
+    const settings = readJson(join(fx1.proj, '.claude', 'settings.json'));
+    const wired = Object.values(settings.hooks || {}).some((groups) => (groups || []).some((g) => (g.hooks || []).some((h) => String(h.command).includes('contextkit/runtime/hooks'))));
+    !wired ? ok('uninstall strips ContextDevKit hook wiring from settings.json') : bad('uninstall left hook wiring behind');
+    !existsSync(join(fx1.proj, '.git', 'hooks', 'pre-push')) ? ok('uninstall removes the git hooks') : bad('uninstall left git hooks');
+    existsSync(join(fx1.proj, 'contextkit', 'runtime')) && existsSync(join(fx1.proj, 'CLAUDE.md')) ? ok('uninstall keeps the engine + CLAUDE.md (non-purge)') : bad('uninstall wrongly removed engine/CLAUDE.md');
+  } finally {
+    fx1.cleanup();
+  }
+  const fx2 = installFixture(rep);
+  try {
+    run([join(KIT, 'install.mjs'), '--target', fx2.proj, '--uninstall', '--purge']);
+    !existsSync(join(fx2.proj, 'contextkit', 'runtime')) && !existsSync(join(fx2.proj, '.claude', 'commands'))
+      ? ok('purge removes the engine + commands') : bad('purge left engine/commands');
+    existsSync(join(fx2.proj, 'contextkit', 'memory')) && existsSync(join(fx2.proj, 'CLAUDE.md'))
+      ? ok('purge KEEPS memory + CLAUDE.md (no data loss)') : bad('purge destroyed memory/CLAUDE.md');
+  } finally {
+    fx2.cleanup();
+  }
+}
+
+/** 038 — installer follows .git pointer in worktrees (`.git` is a file, not a dir).
+ *  Simulates the worktree layout by writing a `.git` file with `gitdir: <path>`
+ *  and asserting hooks land in the pointed-at directory, not at `<target>/.git/hooks/`. */
+function testInstallerWorktreeGitPointer() {
+  const target = tmp('wtgit');
+  const gitdir = tmp('wtgit-gitdir');
+  mkdirSync(join(gitdir, 'hooks'), { recursive: true });
+  // Write the `.git` file pointer that git itself writes in a worktree.
+  writeFileSync(join(target, '.git'), `gitdir: ${gitdir.replaceAll('\\', '/')}\n`);
+  // The installer needs a package.json / minimal project to run cleanly.
+  writeFileSync(join(target, 'package.json'), '{"name":"wt-fixture"}');
+  try {
+    const r = run([join(KIT, 'install.mjs'), '--target', target, '--level', '3', '--name', 'Worktree', '--yes']);
+    r.status === 0 ? ok('installer succeeds against a worktree-shaped .git (bug 038 fixed)') : bad(`installer failed in worktree: ${r.stderr || r.stdout}`);
+    existsSync(join(gitdir, 'hooks', 'pre-commit'))
+      ? ok('installer writes hooks into the resolved gitdir, not into `<target>/.git/hooks/`') : bad('hooks not found in resolved gitdir');
+    const installed = existsSync(join(gitdir, 'hooks', 'pre-commit')) ? readFileSync(join(gitdir, 'hooks', 'pre-commit'), 'utf-8') : '';
+    installed.includes('contextkit/runtime/git-hooks')
+      ? ok('installed hook in worktree points at contextkit/runtime') : bad(`hook body wrong: ${installed}`);
+  } finally {
+    rmSync(target, { recursive: true, force: true });
+    rmSync(gitdir, { recursive: true, force: true });
+  }
+}
+
+// Compozy follow-through lifecycle tests (workflow/041, distill-detect/043,
+// resume/046) live in the sibling `integration-test-compozy.mjs`.
+
+/** 021 — installer backs up a pre-existing non-ours git hook instead of clobbering it. */
+function testInstallerHookBackup() {
+  const proj = tmp('hookbk');
+  git(['init', '-b', 'main'], proj);
+  git(['config', 'user.email', 'it@example.com'], proj);
+  git(['config', 'user.name', 'IT'], proj);
+  const hooksDir = join(proj, '.git', 'hooks');
+  mkdirSync(hooksDir, { recursive: true });
+  writeFileSync(join(hooksDir, 'pre-commit'), '#!/bin/sh\necho "my custom hook"\n');
+  try {
+    run([join(KIT, 'install.mjs'), '--target', proj, '--level', '3', '--name', 'HookBak', '--yes']);
+    const installed = readFileSync(join(hooksDir, 'pre-commit'), 'utf-8');
+    const backup = existsSync(join(hooksDir, 'pre-commit.bak')) ? readFileSync(join(hooksDir, 'pre-commit.bak'), 'utf-8') : '';
+    installed.includes('contextkit/runtime/git-hooks') && backup.includes('my custom hook')
+      ? ok('installer backs up an existing non-ours git hook (.bak)') : bad(`installer hook backup failed: backup="${backup.trim()}"`);
+  } finally {
+    rmSync(proj, { recursive: true, force: true });
+  }
+}
+
+async function main() {
+  await testConfigLoader();
+  await testGhAlertMappers();
+  testInstallerHookBackup();
+  testInstallerWorktreeGitPointer();
+  const fx = installFixture(rep);
+  try {
+    testCommitMsg(fx.proj);
+    testConcurrencyExternalEdit(fx.proj);
+    testMalformedSettingsRecovery(fx.proj);
+  } finally {
+    fx.cleanup();
+  }
+  testPrePush();
+  testUninstall();
+  rep.finish('Integration (guards)');
+}
+
+main().catch((err) => {
+  bad(`guards crashed: ${err?.stack || err}`);
+  rep.finish('Integration (guards)');
+});

package/tools/integration-test-tooling-agent-forge.mjs

@@ -0,0 +1,189 @@
+#!/usr/bin/env node
+/**
+ * ContextDevKit integration test — TOOLING / agent-forge.
+ *
+ * Sibling of `integration-test-tooling.mjs`. Extracted as a responsibility
+ * seam (the split the parent file's cohesion note anticipated when budget
+ * pressure returned — Fase 6 was the trigger). agent-forge is the longest
+ * single subsystem in the tooling matrix: install round-trip + APF
+ * structure assertions (yaml-available branch) + pure-JS fallback
+ * (no-yaml branch) + Fase 6 pipeline DSL — together they crossed the
+ * 308-line hard limit when Fase 6 landed.
+ *
+ * Each sibling installs its own fixture — the cost is one extra install;
+ * the benefit is a focused, under-budget file per subsystem. Mirrors the
+ * ADR-0016 H1 split that produced `integration-test-tooling-pipeline.mjs`.
+ *
+ * Run:  node tools/integration-test-tooling-agent-forge.mjs   (exit 0 = healthy)
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { reporter, installFixture } from './it-helpers.mjs';
+
+const rep = reporter();
+const { ok, bad } = rep;
+console.log('\n🌀 ContextDevKit integration test — tooling / agent-forge\n');
+const fx = installFixture(rep);
+const { proj } = fx;
+
+try {
+  // agent-forge — installed at L>=4 + /forge-new round-trip: the architect/router/packager
+  // pipeline writes a complete APF (yaml dep available) or proves the pure-JS half of the
+  // pipeline (assembleManifest + router + generators) when yaml is absent (CI default).
+  existsSync(join(proj, 'contextkit', 'squads', 'agent-forge', 'lib', 'router.mjs'))
+    ? ok('agent-forge squad installed at L>=4 (contextkit/squads/agent-forge)')
+    : bad('agent-forge squad missing from L5 install');
+  const forgeBase = join(proj, 'contextkit', 'squads', 'agent-forge').replaceAll('\\', '/');
+  const blueprint = {
+    agent_name: 'intake-classifier',
+    role_one_line: 'You classify intake forms by department.',
+    intent: { category: 'classification', complexity: 'low' },
+    privacy: { allow_cloud_providers: true, data_residency: 'br-or-eu' },
+    capabilities: { tools: false, structured_output: true },
+    runtime_adapters: ['node', 'python'],
+  };
+  let yamlAvail = false;
+  try { await import('yaml'); yamlAvail = true; } catch { /* optional dep — ADR-0013 */ }
+  if (yamlAvail) {
+    const { forgeNew } = await import('file://' + join(forgeBase, 'cli', 'forge-new.mjs').replaceAll('\\', '/'));
+    const result = await forgeNew(blueprint, join(proj, 'agent-packages'), { now: '2026-05-26T12:00:00Z' });
+    const apf = result.summary.targetDir;
+    const expected = ['manifest.yaml', 'README.md', 'prompts/system.canonical.md',
+      'prompts/system.anthropic.md', 'prompts/system.openai.md',
+      'prompts/system.google.md', 'prompts/system.deepseek.md', 'prompts/system.ollama.md',
+      'tools/schemas.canonical.json',
+      'tools/adapters/anthropic.tools.json', 'tools/adapters/openai.tools.json',
+      'tools/adapters/google.tools.json', 'tools/adapters/deepseek.tools.json', 'tools/adapters/ollama.tools.json',
+      'evals/golden.jsonl', 'governance/cost.policy.yaml', 'adapters/node/index.js'];
+    const missing = expected.filter((f) => !existsSync(join(apf, f)));
+    missing.length === 0 ? ok(`forge-new writes a complete APF (${expected.length} files)`) : bad(`APF missing: ${missing.join(', ')}`);
+    const manifest = readFileSync(join(apf, 'manifest.yaml'), 'utf-8');
+    manifest.includes(result.summary.provenance.blueprint_hash)
+      ? ok('forge-new stamps provenance.blueprint_hash into manifest.yaml') : bad('blueprint_hash not stamped');
+    manifest.includes('provider: ' + result.decision.primary.split('/')[0])
+      ? ok('forge-new stamps the routed primary provider into manifest.yaml') : bad('primary provider not in manifest');
+    readFileSync(join(apf, 'prompts/system.anthropic.md'), 'utf-8').includes('<role>')
+      ? ok('forge-new emits the Anthropic XML system prompt') : bad('Anthropic XML prompt missing');
+    readFileSync(join(apf, 'prompts/system.deepseek.md'), 'utf-8').includes('Think step by step')
+      ? ok('forge-new emits the DeepSeek prompt with explicit CoT cue (Fase 2)') : bad('DeepSeek CoT cue missing');
+    readFileSync(join(apf, 'prompts/system.google.md'), 'utf-8').includes('systemInstruction')
+      ? ok('forge-new emits the Gemini prompt with safetySettings note (Fase 2)') : bad('Gemini systemInstruction note missing');
+    JSON.parse(readFileSync(join(apf, 'tools/adapters/openai.tools.json'), 'utf-8')).tools.every((t) => t.type === 'function')
+      ? ok('forge-new emits OpenAI function-format tool adapters') : bad('OpenAI adapter malformed');
+    const googleAdapter = JSON.parse(readFileSync(join(apf, 'tools/adapters/google.tools.json'), 'utf-8'));
+    Array.isArray(googleAdapter.functionDeclarations) && googleAdapter.functionDeclarations.every((decl) => !('additionalProperties' in (decl.parameters || {})))
+      ? ok('forge-new emits Gemini functionDeclarations (additionalProperties stripped) (Fase 2)') : bad('Gemini adapter malformed or kept stripped fields');
+    JSON.parse(readFileSync(join(apf, 'tools/adapters/deepseek.tools.json'), 'utf-8')).tools.every((t) => t.type === 'function')
+      ? ok('forge-new emits DeepSeek tool adapter (OpenAI-compat) (Fase 2)') : bad('DeepSeek adapter malformed');
+    readFileSync(join(apf, 'adapters/node/index.js'), 'utf-8').length > 0
+      ? ok('forge-new ships the Node runtime adapter (round-trip ready)') : bad('Node adapter missing');
+    const pyproject = readFileSync(join(apf, 'adapters/python/pyproject.toml'), 'utf-8');
+    pyproject.includes(blueprint.agent_name) && !pyproject.includes('{{AGENT_NAME}}')
+      ? ok('forge-new ships the Python runtime adapter with name stamped (Fase 2)') : bad('Python adapter not stamped (pyproject.toml)');
+    readFileSync(join(apf, 'manifest.yaml'), 'utf-8').includes('python')
+      ? ok('forge-new stamps runtime_adapters: [..., python] into manifest.yaml (Fase 2)') : bad('python missing from manifest runtime_adapters');
+    const costPolicy = readFileSync(join(apf, 'governance/cost.policy.yaml'), 'utf-8');
+    !costPolicy.includes('{{') && costPolicy.includes('budgets:')
+      ? ok('forge-new writes a POPULATED cost.policy.yaml (no {{TOKEN}}, Fase 3)') : bad('cost.policy still carries placeholders or no budgets');
+    const qualityPolicy = readFileSync(join(apf, 'governance/quality.policy.yaml'), 'utf-8');
+    qualityPolicy.includes('eval_gates:') && qualityPolicy.includes('fallback_chain:')
+      ? ok('forge-new writes a populated quality.policy.yaml (Fase 3)') : bad('quality.policy missing required sections');
+    const fallbackChain = readFileSync(join(apf, 'governance/fallback-chain.yaml'), 'utf-8');
+    fallbackChain.includes('primary:') && fallbackChain.includes('on_safety_block: do_not_fallback')
+      ? ok('forge-new writes a fallback-chain.yaml built from the router decision (Fase 3)') : bad('fallback-chain missing primary or safety_block rule');
+    readFileSync(join(apf, 'evals/thresholds.yaml'), 'utf-8').includes('release_gate:')
+      ? ok('forge-new writes a populated evals/thresholds.yaml (Fase 3)') : bad('evals/thresholds.yaml not populated');
+    /eval_passed_at:\s*null/.test(readFileSync(join(apf, 'manifest.yaml'), 'utf-8'))
+      ? ok('forge-new leaves eval_passed_at null without runEval (Fase 3 gate)') : bad('eval_passed_at not null without runEval');
+    const gated = await forgeNew(blueprint, join(proj, 'agent-packages-gated'), {
+      now: '2026-05-26T12:00:00Z',
+      runEval: { provider: (input) => (input.text ? { redacted: '[ok]' } : { y: 'ok' }) },
+    });
+    gated.evalResult?.verdict === 'pass' && readFileSync(join(gated.summary.targetDir, 'manifest.yaml'), 'utf-8').includes('eval_passed_at: \'2026-05-26')
+      ? ok('forge-new with runEval (passing mock) stamps eval_passed_at into manifest.yaml (Fase 3)') : bad(`runEval gate failed: verdict=${gated.evalResult?.verdict}`);
+    const ragBlueprint = { agent_name: 'contract-qa', role_one_line: 'You answer questions about contracts from the knowledge base.', intent: { category: 'rag-answer', complexity: 'high', domain: 'legal-pt-br' }, privacy: { allow_cloud_providers: true, data_residency: 'br-or-eu' }, capabilities: { tools: false, rag: true }, runtime_adapters: ['node', 'go'] };
+    const ragResult = await forgeNew(ragBlueprint, join(proj, 'agent-packages-rag'), { now: '2026-05-26T12:00:00Z' });
+    const ragApf = ragResult.summary.targetDir;
+    const ragConfig = readFileSync(join(ragApf, 'rag/config.yaml'), 'utf-8');
+    !ragConfig.includes('{{') && /backend:\s*qdrant/.test(ragConfig)
+      ? ok('forge-new writes a populated rag/config.yaml (qdrant backend for cloud-OK, Fase 5)') : bad('rag/config.yaml not populated or wrong backend');
+    /multilingual-e5/.test(ragConfig)
+      ? ok('forge-new picks multilingual-e5 for non-`-en` domain (Fase 5)') : bad('embedding model wrong for multilingual domain');
+    const goMod = readFileSync(join(ragApf, 'adapters/go/go.mod'), 'utf-8');
+    goMod.includes('contract-qa') && !goMod.includes('{{')
+      ? ok('forge-new stamps Go adapter go.mod when runtime_adapters includes go (Fase 5)') : bad(`go.mod not stamped: ${goMod}`);
+  } else {
+    const { validateBlueprint, fillDefaults } = await import('file://' + join(forgeBase, 'lib', 'architect.mjs').replaceAll('\\', '/'));
+    const { routeAgent } = await import('file://' + join(forgeBase, 'lib', 'router.mjs').replaceAll('\\', '/'));
+    const { assembleManifest } = await import('file://' + join(forgeBase, 'lib', 'packager.mjs').replaceAll('\\', '/'));
+    const { generatePrompts } = await import('file://' + join(forgeBase, 'lib', 'prompt-gen.mjs').replaceAll('\\', '/'));
+    const { generateAdapters } = await import('file://' + join(forgeBase, 'lib', 'tool-gen.mjs').replaceAll('\\', '/'));
+    validateBlueprint(blueprint).ok ? ok('forge-new (no-yaml): blueprint validates') : bad('blueprint invalid');
+    !validateBlueprint({ ...blueprint, runtime_adapters: ['rust'] }).ok
+      ? ok('forge-new (no-yaml): validateBlueprint rejects unknown runtime_adapters (Fase 2)') : bad('validateBlueprint accepted bogus runtime');
+    const filled = fillDefaults(blueprint);
+    Array.isArray(filled.runtime_adapters) && filled.runtime_adapters[0] === 'node'
+      ? ok('forge-new (no-yaml): fillDefaults sets runtime_adapters default [node] (Fase 2)') : bad('runtime_adapters default missing');
+    const decision = await routeAgent(filled);
+    const manifest = assembleManifest(filled, decision, { now: '2026-05-26T12:00:00Z' });
+    manifest.metadata.name === blueprint.agent_name && manifest.spec.model_selection.primary.provider === decision.primary.split('/')[0]
+      ? ok('forge-new (no-yaml): assembleManifest stamps name + routed primary') : bad('assembleManifest mismatch');
+    const pyManifest = assembleManifest({ ...filled, runtime_adapters: ['node', 'python'] }, decision, { now: '2026-05-26T12:00:00Z' });
+    pyManifest.spec.runtime_adapters.includes('python')
+      ? ok('forge-new (no-yaml): blueprint.runtime_adapters flows into manifest.spec.runtime_adapters (Fase 2)') : bad('runtime_adapters did not flow through');
+    /^[a-f0-9]{64}$/.test(manifest.metadata.provenance.blueprint_hash)
+      ? ok('forge-new (no-yaml): provenance.blueprint_hash is SHA-256') : bad('blueprint_hash malformed');
+    const prompts = generatePrompts('# Role\nYou classify.\n\n# Context\nClinic.\n\n# Rules\n- JSON.\n\n# Output\nJSON.\n');
+    prompts.anthropic.includes('<role>') && prompts.openai.includes('# Role')
+      ? ok('forge-new (no-yaml): prompt-gen renders Anthropic XML + OpenAI Markdown') : bad('prompt-gen output wrong');
+    prompts.google?.includes('systemInstruction') && prompts.deepseek?.includes('Think step by step') && prompts.ollama?.includes('chat_template')
+      ? ok('forge-new (no-yaml): prompt-gen renders Gemini + DeepSeek (CoT) + Ollama (chat_template) (Fase 2)') : bad('Fase 2 prompts missing or malformed');
+    const adapters = generateAdapters({ classify: { description: 'Classify text', input_schema: { type: 'object', additionalProperties: false, properties: { text: { type: 'string' } }, required: ['text'] } } });
+    adapters.anthropic.tools[0].name === 'classify' && adapters.openai.tools[0].type === 'function'
+      ? ok('forge-new (no-yaml): tool-gen renders Anthropic + OpenAI adapters') : bad('tool-gen output wrong');
+    const geminiDecl = adapters.google?.functionDeclarations?.[0];
+    geminiDecl?.name === 'classify' && !('additionalProperties' in (geminiDecl.parameters || {}))
+      ? ok('forge-new (no-yaml): tool-gen Gemini strips JSON-Schema fields not in the subset (Fase 2)') : bad('Gemini down-conversion wrong');
+    adapters.deepseek?.tools?.[0]?.type === 'function' && adapters.ollama?.tools?.[0]?.type === 'function'
+      ? ok('forge-new (no-yaml): tool-gen DeepSeek + Ollama mirror OpenAI shape (Fase 2)') : bad('DeepSeek/Ollama adapters wrong');
+    console.log('  ⓘ yaml dep not installed — full file-write round-trip skipped (install: npm i yaml).');
+  }
+
+  // Fase 6 — squad-pipeline DSL: pipeline.yaml ships, validates, dry-run is non-empty.
+  // (ADR-0015 Part A; full grammar in docs/SQUAD-PIPELINE-FORMAT.md.)
+  existsSync(join(proj, 'contextkit', 'squads', 'agent-forge', 'pipeline.yaml'))
+    ? ok('agent-forge ships pipeline.yaml (Fase 6)')
+    : bad('agent-forge pipeline.yaml missing from install');
+  const pipelineEngineUrl = 'file://' + join(proj, 'contextkit', 'tools', 'scripts', 'squad-pipeline.mjs').replaceAll('\\', '/');
+  const { loadAndValidate, plan } = await import(pipelineEngineUrl);
+  const lv = await loadAndValidate('agent-forge').catch((err) => ({ error: err }));
+  if (yamlAvail) {
+    if (lv.error) {
+      bad(`Fase 6: loadAndValidate threw with yaml available: ${lv.error.message}`);
+    } else {
+      lv.pipeline?.squad === 'agent-forge' && lv.pipeline.steps.length >= 8
+        ? ok(`Fase 6: agent-forge pipeline validates (${lv.pipeline.steps.length} steps)`)
+        : bad(`Fase 6: pipeline shape wrong: ${JSON.stringify({ squad: lv.pipeline?.squad, steps: lv.pipeline?.steps?.length })}`);
+      const rows = plan(lv.pipeline, { blueprint: { tools: ['x'] }, capabilities: { rag: false } });
+      rows.find((r) => r.id === 'generate-tools')?.marker === '↺' || rows.find((r) => r.id === 'generate-tools')?.marker === '✓'
+        ? ok('Fase 6: dry-run runs generate-tools when blueprint.tools.length > 0')
+        : bad(`Fase 6: generate-tools marker wrong: ${rows.find((r) => r.id === 'generate-tools')?.marker}`);
+      rows.find((r) => r.id === 'generate-rag')?.marker === '⊘'
+        ? ok('Fase 6: dry-run skips generate-rag when capabilities.rag == false (⊘)')
+        : bad(`Fase 6: generate-rag marker wrong under rag=false: ${rows.find((r) => r.id === 'generate-rag')?.marker}`);
+      rows.find((r) => r.id === 'eval-gate')?.marker === '↺'
+        ? ok('Fase 6: dry-run marks eval-gate retry loop (↺, max_cycles: 3)')
+        : bad(`Fase 6: eval-gate marker wrong: ${rows.find((r) => r.id === 'eval-gate')?.marker}`);
+    }
+  } else {
+    lv.yamlAbsent === true
+      ? ok('Fase 6: squad-pipeline takes the yaml-absent informative path (opt-in, not hot-path)')
+      : bad(`Fase 6: expected { yamlAbsent: true } when yaml is missing, got ${JSON.stringify(lv)}`);
+  }
+} catch (err) {
+  bad(`crashed: ${err?.stack || err}`);
+} finally {
+  fx.cleanup();
+}
+
+rep.finish('Integration (tooling — agent-forge)');

package/tools/integration-test-tooling-pipeline.mjs

@@ -0,0 +1,164 @@
+#!/usr/bin/env node
+/**
+ * ContextDevKit integration test — TOOLING / DevPipeline.
+ *
+ * Sibling of `integration-test-tooling.mjs`. Extracted as a responsibility
+ * seam (ADR-0016 H1 fix) because the DevPipeline test chain is internally
+ * coupled (add → ingest → idempotent → prioritize → wsjf → bugs share fixture
+ * state) and was the natural unit to split out when the tooling file crossed
+ * the line-budget RED zone. Each sibling installs its own fixture — the cost
+ * is one extra install; the benefit is a focused, under-budget file per
+ * responsibility.
+ *
+ * Run:  node tools/integration-test-tooling-pipeline.mjs   (exit 0 = healthy)
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { KIT, run, reporter, installFixture } from './it-helpers.mjs';
+
+const rep = reporter();
+const { ok, bad } = rep;
+console.log('\n🌀 ContextDevKit integration test — tooling / DevPipeline\n');
+const fx = installFixture(rep);
+const { proj, script } = fx;
+
+try {
+  // DevPipeline: add → move → sync reflects in devpipeline.md.
+  script('pipeline.mjs', 'add', '--type', 'bug', '--priority', 'P1', '--title', 'login crash');
+  const board1 = readFileSync(join(proj, 'contextkit', 'pipeline', 'devpipeline.md'), 'utf-8');
+  board1.includes('login crash') && /Backlog \*\*1\*\*/.test(board1) ? ok('pipeline add → backlog on board') : bad('pipeline add not reflected');
+  script('pipeline.mjs', 'move', '001', 'testing');
+  const board2 = readFileSync(join(proj, 'contextkit', 'pipeline', 'devpipeline.md'), 'utf-8');
+  /Testing \*\*1\*\*/.test(board2) ? ok('pipeline move → testing on board') : bad('pipeline move not reflected');
+
+  // DevPipeline ingest: analysis findings flow into the backlog, auto-prioritized.
+  writeFileSync(join(proj, 'findings.json'), JSON.stringify({ findings: [
+    { kind: 'line-budget', severity: 5, path: 'src/big.js', line: 400, message: 'too big' },
+    { kind: 'todo-marker', severity: 1, path: 'src/x.js', line: 3, message: 'leftover TODO' },
+  ] }));
+  script('pipeline.mjs', 'ingest', 'findings.json', '--type', 'chore');
+  const ingested = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]')
+    .filter((t) => /^line-budget|^todo-marker/.test(t.source || ''));
+  ingested.length === 2 && ingested.some((t) => t.priority === 'P1') && ingested.some((t) => t.priority === 'P3')
+    ? ok('pipeline ingest creates auto-prioritized tasks from findings') : bad(`ingest failed: ${JSON.stringify(ingested)}`);
+  /Ingested 0 finding/.test(script('pipeline.mjs', 'ingest', 'findings.json', '--type', 'chore').stdout || '')
+    ? ok('pipeline ingest is idempotent (no duplicates)') : bad('ingest re-added duplicates');
+  const lb = ingested.find((t) => /^line-budget/.test(t.source));
+  script('pipeline.mjs', 'prioritize', lb.id, 'P0');
+  JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]').find((t) => t.id === lb.id)?.priority === 'P0'
+    ? ok('pipeline prioritize overrides the auto priority (user-editable)') : bad('prioritize did not change priority');
+
+  // WSJF (SAFe) → priority + bug severity (S1-S4) → priority + SLA due date.
+  script('pipeline.mjs', 'add', '--type', 'feature', '--title', 'wsjf item', '--wsjf', '8,9,5,3');
+  script('pipeline.mjs', 'add', '--type', 'bug', '--title', 'sev bug', '--severity', 'S1');
+  const prio = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]');
+  const wsjfT = prio.find((t) => t.title === 'wsjf item');
+  const sevT = prio.find((t) => t.title === 'sev bug');
+  wsjfT?.priority === 'P1' && Number(wsjfT.wsjf) > 0 && sevT?.priority === 'P0' && sevT?.sla
+    ? ok('pipeline WSJF→priority, bug severity→priority, SLA due date') : bad(`WSJF/severity failed: ${JSON.stringify({ wsjfT, sevT })}`);
+
+  // Known-bugs map: bug tasks grouped + a map file generated.
+  script('pipeline.mjs', 'bugs');
+  existsSync(join(proj, 'contextkit', 'pipeline', 'known-bugs.md')) &&
+    readFileSync(join(proj, 'contextkit', 'pipeline', 'known-bugs.md'), 'utf-8').includes('sev bug')
+    ? ok('known-bugs map generated + groups bug tasks') : bad('known-bugs map missing/empty');
+
+  // ─ Ticket 040: task metadata v2 (DAG dependencies + complexity + spike/docs) ─
+  script('pipeline.mjs', 'add', '--type', 'spike', '--title', 'spike-test', '--complexity', 'L', '--depends-on', '[001, 002]');
+  const meta = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]').find((t) => t.title === 'spike-test');
+  meta?.type === 'spike' && meta?.complexity === 'L' && Array.isArray(meta?.dependencies) && meta.dependencies.length === 2
+    ? ok('pipeline add accepts --type spike + --complexity + --depends-on (ticket 040)') : bad(`metadata v2 wrong: ${JSON.stringify(meta)}`);
+  const boardV2 = readFileSync(join(proj, 'contextkit', 'pipeline', 'devpipeline.md'), 'utf-8');
+  boardV2.includes('blocked by') ? ok('board renders "blocked by N" hint when dependencies are open (ticket 040)') : bad('blocked-by hint missing from board');
+  // validate command: clean graph passes.
+  const validClean = script('pipeline.mjs', 'validate');
+  validClean.status === 0 ? ok('pipeline validate exits 0 on acyclic graph') : bad(`validate failed clean: ${validClean.stdout}${validClean.stderr}`);
+  // Manually inject a cycle and prove validate refuses.
+  const spikeFile = join(proj, 'contextkit', 'pipeline', 'backlog', `${meta.id}-spike-test.md`);
+  writeFileSync(spikeFile, readFileSync(spikeFile, 'utf-8').replace(/^dependencies:.*$/m, `dependencies: [${meta.id}]`));
+  const validCycle = script('pipeline.mjs', 'validate');
+  validCycle.status !== 0 && /cycle/i.test(validCycle.stdout + validCycle.stderr)
+    ? ok('pipeline validate refuses on dependency cycle (ticket 040)') : bad(`validate did not refuse cycle: status=${validCycle.status}`);
+
+  // ─ ADR-0015 §B: working/ stage + tasks[] in workspace record + stale eviction ─
+  existsSync(join(proj, 'contextkit', 'pipeline', 'working'))
+    ? ok('working/ folder seeded post-install (ADR-0015 §B)')
+    : bad('working/ folder missing');
+  // Add a fresh task to start from a known state.
+  script('pipeline.mjs', 'add', '--type', 'chore', '--title', 'wip-test');
+  const wipTask = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]').find((t) => t.title === 'wip-test');
+  // Bootstrap the session pointer so claim.mjs can identify "this session".
+  mkdirSync(join(proj, '.claude', '.sessions'), { recursive: true });
+  writeFileSync(join(proj, '.claude', '.sessions', '.last-touched'), JSON.stringify({ sessionId: 'it-039', at: Date.now() }));
+  // /pipeline start → moves to working/ + attaches to workspace.
+  script('pipeline.mjs', 'start', wipTask.id);
+  const afterStart = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]').find((t) => t.id === wipTask.id);
+  afterStart?.stage === 'working' ? ok('pipeline start → task moves to working/') : bad(`task stage after start = ${afterStart?.stage}`);
+  const wsFile = join(proj, '.claude', '.workspace', 'it-039.json');
+  const ws = existsSync(wsFile) ? JSON.parse(readFileSync(wsFile, 'utf-8')) : {};
+  Array.isArray(ws.tasks) && ws.tasks.some((t) => t.id === wipTask.id)
+    ? ok('claim.attachTask appends task to workspace tasks[]') : bad(`workspace tasks[] wrong: ${JSON.stringify(ws.tasks)}`);
+  const workingBoard = readFileSync(join(proj, 'contextkit', 'pipeline', 'devpipeline.md'), 'utf-8');
+  /Working \*\*\d+\*\*/.test(workingBoard) && /## 🔵 Working/.test(workingBoard)
+    ? ok('pipeline-board renders Working count + section') : bad('working stage missing from board');
+  // /pipeline stop → moves BACK to backlog (not testing), detaches.
+  script('pipeline.mjs', 'stop', wipTask.id);
+  const afterStop = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]').find((t) => t.id === wipTask.id);
+  afterStop?.stage === 'backlog' ? ok('pipeline stop → task moves BACK to backlog (not testing)') : bad(`task stage after stop = ${afterStop?.stage}`);
+  const wsAfter = JSON.parse(readFileSync(wsFile, 'utf-8'));
+  !wsAfter.tasks?.some((t) => t.id === wipTask.id) ? ok('claim.detachTask removes task from workspace tasks[]') : bad('task still attached after stop');
+  // Stale eviction: artificially age a task's heartbeat past the configured threshold.
+  script('pipeline.mjs', 'start', wipTask.id);
+  const wsStale = JSON.parse(readFileSync(wsFile, 'utf-8'));
+  wsStale.tasks[0].lastHeartbeat = Date.now() - (91 * 60 * 1000);
+  wsStale.lastHeartbeat = Date.now(); // session itself stays alive
+  writeFileSync(wsFile, JSON.stringify(wsStale, null, 2));
+  script('workspace-sync.mjs');
+  const afterEvict = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]').find((t) => t.id === wipTask.id);
+  afterEvict?.stage === 'backlog' ? ok('workspace-sync auto-evicts stale task back to backlog/') : bad(`stale evict failed: stage=${afterEvict?.stage}`);
+
+  // ─ ADR-0015 §C: canonical state.json substrate (per-task + per-pipeline-run) ─
+  script('pipeline.mjs', 'add', '--type', 'chore', '--title', 'state-test');
+  const stTask = JSON.parse(script('pipeline.mjs', 'list', '--json').stdout || '[]').find((t) => t.title === 'state-test');
+  script('pipeline.mjs', 'start', stTask.id);
+  const stateFile = join(proj, 'contextkit', 'pipeline', stTask.id, 'state.json');
+  existsSync(stateFile) ? ok('start writes state.json (ADR-0015 §C)') : bad('state.json not written on start');
+  const state1 = existsSync(stateFile) ? JSON.parse(readFileSync(stateFile, 'utf-8')) : {};
+  state1.kind === 'task' && state1.status === 'working' && typeof state1.startedAt === 'number'
+    ? ok('state.json shape correct (kind=task, status=working, timestamps)') : bad(`state shape wrong: ${JSON.stringify(state1)}`);
+  script('pipeline.mjs', 'stop', stTask.id);
+  const state2 = JSON.parse(readFileSync(stateFile, 'utf-8'));
+  state2.status === 'backlog' && typeof state2.endedAt === 'number'
+    ? ok('stop stamps endedAt + flips status to backlog') : bad(`stop did not update state: ${JSON.stringify(state2)}`);
+  script('pipeline.mjs', 'start', stTask.id);
+  script('pipeline.mjs', 'move', stTask.id, 'conclusion');
+  // The move's state.json mirror is fire-and-forget; poll briefly.
+  const deadline = Date.now() + 2000;
+  while (Date.now() < deadline && JSON.parse(readFileSync(stateFile, 'utf-8')).status !== 'done') { /* spin */ }
+  const state3 = JSON.parse(readFileSync(stateFile, 'utf-8'));
+  state3.status === 'done' && typeof state3.endedAt === 'number'
+    ? ok('move conclusion mirrors into state.json (status=done, endedAt set)') : bad(`conclusion state wrong: ${JSON.stringify(state3)}`);
+
+  // ─ ADR-0015 §C follow-up: /runs command reads state.json substrate ─
+  const runsOut = script('runs.mjs').stdout || '';
+  runsOut.includes('tasks') && runsOut.includes(stTask.id)
+    ? ok('/runs lists tasks from state.json') : bad(`/runs output missing tasks: ${runsOut.slice(0, 200)}`);
+  const runsJson = JSON.parse(script('runs.mjs', '--json').stdout || '{}');
+  Array.isArray(runsJson.states) && runsJson.total >= 1
+    ? ok('/runs --json returns machine-readable shape') : bad(`/runs --json shape wrong: ${JSON.stringify(runsJson).slice(0, 200)}`);
+  const runsKindTask = JSON.parse(script('runs.mjs', '--json', '--kind', 'task').stdout || '{}');
+  runsKindTask.states?.every((s) => s.kind === 'task')
+    ? ok('/runs --kind task filters correctly') : bad('/runs --kind task did not filter');
+  // No-state refusal: run from a sibling dir that has no contextkit/pipeline/*/state.json.
+  const emptyDir = join(proj, 'apps', 'web');
+  mkdirSync(emptyDir, { recursive: true });
+  const noStateOut = run([join(KIT, 'templates/contextkit/tools/scripts/runs.mjs')], { cwd: emptyDir });
+  String(noStateOut?.stdout || '').includes('No runs yet')
+    ? ok('/runs prints clean refusal when no state files exist') : bad(`/runs no-state output: ${noStateOut?.stdout || noStateOut?.stderr}`);
+} catch (err) {
+  bad(`crashed: ${err?.stack || err}`);
+} finally {
+  fx.cleanup();
+}
+
+rep.finish('Integration (tooling — DevPipeline)');