create-yonderclaw 1.0.0

package/installer/modules/core/src/db.ts.txt

@@ -0,0 +1,277 @@
+/**
+ * Core Database — universal state management for any Claw
+ * Auto-generated by MetaClaw Installer
+ */
+
+import Database from "better-sqlite3";
+import path from "path";
+import fs from "fs";
+import { fileURLToPath } from "url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const DB_PATH = path.join(__dirname, "..", "data", "claw.db");
+
+let _db: Database.Database | null = null;
+
+export function getDb(): Database.Database {
+  if (_db) return _db;
+  const dir = path.dirname(DB_PATH);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  _db = new Database(DB_PATH);
+  _db.pragma("journal_mode = WAL");
+  _db.pragma("busy_timeout = 5000");
+  initSchema(_db);
+  return _db;
+}
+
+function initSchema(db: Database.Database) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS action_log (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      action_type TEXT NOT NULL,
+      target TEXT,
+      status TEXT DEFAULT 'pending',
+      details TEXT,
+      cost_usd REAL DEFAULT 0,
+      tokens_used INTEGER DEFAULT 0,
+      duration_ms INTEGER DEFAULT 0,
+      created_at TEXT DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS daily_metrics (
+      date TEXT PRIMARY KEY,
+      actions_taken INTEGER DEFAULT 0,
+      actions_succeeded INTEGER DEFAULT 0,
+      actions_failed INTEGER DEFAULT 0,
+      total_cost_usd REAL DEFAULT 0,
+      total_tokens INTEGER DEFAULT 0
+    );
+
+    CREATE TABLE IF NOT EXISTS circuit_breaker (
+      name TEXT PRIMARY KEY,
+      state TEXT DEFAULT 'closed',
+      failure_count INTEGER DEFAULT 0,
+      last_failure_at TEXT,
+      opens_at TEXT,
+      reason TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS prompt_versions (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      prompt_type TEXT NOT NULL,
+      version INTEGER NOT NULL,
+      content TEXT NOT NULL,
+      is_active INTEGER DEFAULT 1,
+      traffic_pct REAL DEFAULT 1.0,
+      total_runs INTEGER DEFAULT 0,
+      avg_score REAL DEFAULT 0,
+      created_at TEXT DEFAULT (datetime('now')),
+      created_by TEXT DEFAULT 'installer'
+    );
+
+    CREATE TABLE IF NOT EXISTS suppression_list (
+      target TEXT PRIMARY KEY,
+      reason TEXT,
+      added_at TEXT DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS config (
+      key TEXT PRIMARY KEY,
+      value TEXT,
+      updated_at TEXT DEFAULT (datetime('now'))
+    );
+
+    -- Contacts (for outreach/support claws, universal schema)
+    CREATE TABLE IF NOT EXISTS contacts (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      email TEXT UNIQUE,
+      name TEXT NOT NULL,
+      company TEXT,
+      role TEXT,
+      status TEXT DEFAULT 'new',
+      research_notes TEXT,
+      score INTEGER DEFAULT 0,
+      created_at TEXT DEFAULT (datetime('now')),
+      updated_at TEXT DEFAULT (datetime('now'))
+    );
+
+    -- Conversation history (tracks all inbound/outbound per contact)
+    CREATE TABLE IF NOT EXISTS conversation_history (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      contact_email TEXT NOT NULL,
+      direction TEXT NOT NULL,
+      subject TEXT,
+      body TEXT,
+      timestamp TEXT DEFAULT (datetime('now'))
+    );
+
+    -- Processed emails dedup (Gmail markAsRead unreliable)
+    CREATE TABLE IF NOT EXISTS processed_emails (
+      uid TEXT PRIMARY KEY,
+      from_email TEXT,
+      subject TEXT,
+      action_taken TEXT,
+      processed_at TEXT DEFAULT (datetime('now'))
+    );
+
+    -- Person-based dedup (same person at different email addresses)
+    CREATE TABLE IF NOT EXISTS person_emails (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      person_name TEXT NOT NULL,
+      email TEXT UNIQUE NOT NULL,
+      added_at TEXT DEFAULT (datetime('now'))
+    );
+
+    -- Send history (every outbound email)
+    CREATE TABLE IF NOT EXISTS send_history (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      contact_id INTEGER REFERENCES contacts(id),
+      email_to TEXT NOT NULL,
+      subject TEXT NOT NULL,
+      body TEXT NOT NULL,
+      mailbox_from TEXT,
+      status TEXT DEFAULT 'drafted',
+      sent_at TEXT,
+      created_at TEXT DEFAULT (datetime('now'))
+    );
+  `);
+
+  db.prepare("INSERT OR IGNORE INTO circuit_breaker (name) VALUES ('main')").run();
+  db.prepare("INSERT OR IGNORE INTO circuit_breaker (name) VALUES ('external_api')").run();
+  db.prepare("INSERT OR IGNORE INTO circuit_breaker (name) VALUES ('email_send')").run();
+}
+
+export function recordAction(type: string, target: string, status: string, details?: string, cost?: number, tokens?: number, duration?: number) {
+  const db = getDb();
+  db.prepare(
+    "INSERT INTO action_log (action_type, target, status, details, cost_usd, tokens_used, duration_ms) VALUES (?, ?, ?, ?, ?, ?, ?)"
+  ).run(type, target, status, details || null, cost || 0, tokens || 0, duration || 0);
+
+  const today = new Date().toISOString().slice(0, 10);
+  const succeeded = status === "success" ? 1 : 0;
+  const failed = status === "error" ? 1 : 0;
+  db.prepare(
+    `INSERT INTO daily_metrics (date, actions_taken, actions_succeeded, actions_failed, total_cost_usd, total_tokens)
+     VALUES (?, 1, ?, ?, ?, ?)
+     ON CONFLICT(date) DO UPDATE SET
+       actions_taken = actions_taken + 1,
+       actions_succeeded = actions_succeeded + ?,
+       actions_failed = actions_failed + ?,
+       total_cost_usd = total_cost_usd + ?,
+       total_tokens = total_tokens + ?`
+  ).run(today, succeeded, failed, cost || 0, tokens || 0, succeeded, failed, cost || 0, tokens || 0);
+}
+
+export function getCircuitBreaker(name: string) {
+  return getDb().prepare("SELECT * FROM circuit_breaker WHERE name = ?").get(name) as any;
+}
+
+export function tripCircuitBreaker(name: string, reason: string) {
+  getDb().prepare(
+    "UPDATE circuit_breaker SET state = 'open', failure_count = failure_count + 1, last_failure_at = datetime('now'), opens_at = datetime('now', '+15 minutes'), reason = ? WHERE name = ?"
+  ).run(reason, name);
+}
+
+export function resetCircuitBreaker(name: string) {
+  getDb().prepare("UPDATE circuit_breaker SET state = 'closed', failure_count = 0, reason = NULL WHERE name = ?").run(name);
+}
+
+export function isSuppressed(target: string): boolean {
+  return !!getDb().prepare("SELECT 1 FROM suppression_list WHERE target = ?").get(target);
+}
+
+export function getConfig(key: string): string | null {
+  const row = getDb().prepare("SELECT value FROM config WHERE key = ?").get(key) as any;
+  return row?.value || null;
+}
+
+export function setConfig(key: string, value: string) {
+  getDb().prepare("INSERT OR REPLACE INTO config (key, value, updated_at) VALUES (?, ?, datetime('now'))").run(key, value);
+}
+
+export function getTodayMetrics() {
+  const today = new Date().toISOString().slice(0, 10);
+  return getDb().prepare("SELECT * FROM daily_metrics WHERE date = ?").get(today) as any;
+}
+
+// --- Contact helpers ---
+
+export function upsertContact(email: string, name: string, company?: string, role?: string) {
+  getDb().prepare(
+    `INSERT INTO contacts (email, name, company, role, updated_at)
+     VALUES (?, ?, ?, ?, datetime('now'))
+     ON CONFLICT(email) DO UPDATE SET
+       name = excluded.name, company = excluded.company,
+       role = excluded.role, updated_at = datetime('now')`
+  ).run(email, name, company || null, role || null);
+}
+
+export function getContact(email: string) {
+  return getDb().prepare("SELECT * FROM contacts WHERE email = ?").get(email) as any;
+}
+
+export function updateContactStatus(email: string, status: string) {
+  getDb().prepare("UPDATE contacts SET status = ?, updated_at = datetime('now') WHERE email = ?").run(status, email);
+}
+
+// --- Person-based dedup (prevents emailing same person at different addresses) ---
+
+export function isPersonSuppressed(name: string): boolean {
+  const normalized = name.replace(/^(Dr\.?|Prof\.?|Mr\.?|Mrs\.?|Ms\.?)\s+/i, "").trim().toLowerCase();
+  const row = getDb().prepare(
+    "SELECT 1 FROM person_emails pe JOIN suppression_list sl ON pe.email = sl.target WHERE LOWER(pe.person_name) = ?"
+  ).get(normalized);
+  return !!row;
+}
+
+export function registerPersonEmail(name: string, email: string) {
+  const normalized = name.replace(/^(Dr\.?|Prof\.?|Mr\.?|Mrs\.?|Ms\.?)\s+/i, "").trim();
+  getDb().prepare("INSERT OR IGNORE INTO person_emails (person_name, email) VALUES (?, ?)").run(normalized, email);
+}
+
+// --- Conversation history ---
+
+export function addConversation(email: string, direction: "inbound" | "outbound", subject: string, body: string) {
+  getDb().prepare(
+    "INSERT INTO conversation_history (contact_email, direction, subject, body) VALUES (?, ?, ?, ?)"
+  ).run(email.toLowerCase(), direction, subject, body?.substring(0, 2000) || "");
+}
+
+export function getConversationHistory(email: string): any[] {
+  return getDb().prepare(
+    "SELECT direction, subject, body, timestamp FROM conversation_history WHERE LOWER(contact_email) = ? ORDER BY timestamp ASC"
+  ).all(email.toLowerCase()) as any[];
+}
+
+// --- Processed email dedup (inbox) ---
+
+export function isEmailProcessed(uid: string): boolean {
+  return !!getDb().prepare("SELECT 1 FROM processed_emails WHERE uid = ?").get(uid);
+}
+
+export function markEmailProcessed(uid: string, fromEmail: string, subject: string, action: string) {
+  getDb().prepare(
+    "INSERT OR IGNORE INTO processed_emails (uid, from_email, subject, action_taken) VALUES (?, ?, ?, ?)"
+  ).run(uid, fromEmail, subject, action);
+}
+
+// --- Send history ---
+
+export function recordSend(emailTo: string, subject: string, body: string, mailboxFrom?: string, contactId?: number) {
+  return getDb().prepare(
+    "INSERT INTO send_history (contact_id, email_to, subject, body, mailbox_from, status, sent_at) VALUES (?, ?, ?, ?, ?, 'sent', datetime('now'))"
+  ).run(contactId || null, emailTo, subject, body, mailboxFrom || null);
+}
+
+export function isDuplicate(email: string, windowHours: number = 72): boolean {
+  const row = getDb().prepare(
+    "SELECT COUNT(*) as cnt FROM send_history WHERE email_to = ? AND status = 'sent' AND sent_at > datetime('now', ?)"
+  ).get(email, `-${windowHours} hours`) as any;
+  return row.cnt > 0;
+}
+
+// --- Add to suppression list ---
+
+export function addToSuppressionList(target: string, reason: string) {
+  getDb().prepare("INSERT OR IGNORE INTO suppression_list (target, reason) VALUES (?, ?)").run(target, reason);
+}

package/installer/modules/core/src/health-check.ts.txt

@@ -0,0 +1,128 @@
+/**
+ * MetaClaw Health Check — system health monitoring
+ * Auto-generated by MetaClaw Installer
+ *
+ * Checks:
+ * - Circuit breaker status
+ * - Error rate (last 24h)
+ * - Disk space for logs/data
+ * - Database integrity
+ * - Cron task status
+ * - Token/cost budget
+ */
+
+import fs from "fs";
+import path from "path";
+import { fileURLToPath } from "url";
+import { getDb, getCircuitBreaker, resetCircuitBreaker, getTodayMetrics, getConfig, setConfig } from "./db.js";
+import { log } from "./observability.js";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const PROJECT_DIR = path.join(__dirname, "..");
+
+export type HealthStatus = {
+  overall: "healthy" | "warning" | "critical";
+  checks: Array<{ name: string; status: "ok" | "warn" | "fail"; detail: string }>;
+  timestamp: string;
+};
+
+export function runHealthCheck(): HealthStatus {
+  const checks: HealthStatus["checks"] = [];
+
+  // 1. Circuit breaker
+  const cb = getCircuitBreaker("main");
+  if (cb?.state === "open") {
+    // Check if enough time has passed to try half-open
+    if (cb.opens_at && new Date(cb.opens_at) < new Date()) {
+      resetCircuitBreaker("main");
+      checks.push({ name: "Circuit Breaker", status: "warn", detail: "Was OPEN, auto-reset to CLOSED (cooldown expired)" });
+    } else {
+      checks.push({ name: "Circuit Breaker", status: "fail", detail: "OPEN: " + (cb.reason || "unknown") });
+    }
+  } else {
+    checks.push({ name: "Circuit Breaker", status: "ok", detail: "CLOSED" });
+  }
+
+  // 2. Error rate
+  const metrics = getTodayMetrics();
+  if (metrics && metrics.actions_taken > 0) {
+    const errorRate = metrics.actions_failed / metrics.actions_taken;
+    if (errorRate > 0.2) {
+      checks.push({ name: "Error Rate", status: "fail", detail: `${(errorRate * 100).toFixed(0)}% failures today (${metrics.actions_failed}/${metrics.actions_taken})` });
+    } else if (errorRate > 0.05) {
+      checks.push({ name: "Error Rate", status: "warn", detail: `${(errorRate * 100).toFixed(0)}% failures today` });
+    } else {
+      checks.push({ name: "Error Rate", status: "ok", detail: `${(errorRate * 100).toFixed(1)}% failure rate` });
+    }
+  } else {
+    checks.push({ name: "Error Rate", status: "ok", detail: "No actions today" });
+  }
+
+  // 3. Data directory size
+  const dataDir = path.join(PROJECT_DIR, "data");
+  if (fs.existsSync(dataDir)) {
+    let totalSize = 0;
+    const countFiles = (dir: string) => {
+      for (const f of fs.readdirSync(dir)) {
+        const fp = path.join(dir, f);
+        const stat = fs.statSync(fp);
+        if (stat.isDirectory()) countFiles(fp);
+        else totalSize += stat.size;
+      }
+    };
+    countFiles(dataDir);
+    const sizeMB = totalSize / 1024 / 1024;
+    if (sizeMB > 500) {
+      checks.push({ name: "Disk Usage", status: "warn", detail: `${sizeMB.toFixed(0)}MB in data/ — consider cleanup` });
+    } else {
+      checks.push({ name: "Disk Usage", status: "ok", detail: `${sizeMB.toFixed(1)}MB` });
+    }
+  }
+
+  // 4. Database integrity
+  try {
+    const db = getDb();
+    const result = db.pragma("integrity_check") as any[];
+    if (result[0]?.integrity_check === "ok") {
+      checks.push({ name: "Database", status: "ok", detail: "Integrity OK" });
+    } else {
+      checks.push({ name: "Database", status: "fail", detail: "Integrity check failed" });
+    }
+  } catch (err) {
+    checks.push({ name: "Database", status: "fail", detail: "Cannot open database" });
+  }
+
+  // 5. Cost budget
+  if (metrics) {
+    const dailyCost = metrics.total_cost_usd || 0;
+    if (dailyCost > 10) {
+      checks.push({ name: "Cost", status: "warn", detail: `$${dailyCost.toFixed(2)} today — high spend` });
+    } else {
+      checks.push({ name: "Cost", status: "ok", detail: `$${dailyCost.toFixed(2)} today` });
+    }
+  }
+
+  // Overall
+  const hasFail = checks.some(c => c.status === "fail");
+  const hasWarn = checks.some(c => c.status === "warn");
+  const overall = hasFail ? "critical" : hasWarn ? "warning" : "healthy";
+
+  const result: HealthStatus = { overall, checks, timestamp: new Date().toISOString() };
+
+  // Save to config for dashboard
+  setConfig("last_health_check", JSON.stringify(result));
+  log("info", "health_check.complete", { overall, checks: checks.length });
+
+  return result;
+}
+
+// CLI
+if (process.argv[1]?.includes("health-check")) {
+  getDb();
+  const result = runHealthCheck();
+  console.log(`Health: ${result.overall.toUpperCase()}\n`);
+  for (const c of result.checks) {
+    const icon = c.status === "ok" ? "+" : c.status === "warn" ? "!" : "X";
+    console.log(`  [${icon}] ${c.name}: ${c.detail}`);
+  }
+}

package/installer/modules/core/src/observability.ts.txt

@@ -0,0 +1,20 @@
+/**
+ * Core Observability — structured JSONL logging for all Claws
+ * Auto-generated by MetaClaw Installer
+ */
+
+import fs from "fs";
+import path from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const LOG_DIR = path.join(__dirname, "..", "data", "logs");
+if (!fs.existsSync(LOG_DIR)) fs.mkdirSync(LOG_DIR, { recursive: true });
+
+const LOG_FILE = path.join(LOG_DIR, "agent-" + new Date().toISOString().slice(0, 10) + ".jsonl");
+
+export function log(level: string, event: string, data?: Record<string, unknown>) {
+  const entry = { timestamp: new Date().toISOString(), level, event, ...data };
+  fs.appendFileSync(LOG_FILE, JSON.stringify(entry) + "\n");
+  if (level === "error" || level === "warn") console.error("[" + level.toUpperCase() + "] " + event, data || "");
+}

package/installer/modules/core/src/safety.ts.txt

@@ -0,0 +1,26 @@
+/**
+ * Core Safety Layer — universal for all Claws
+ * Auto-generated by MetaClaw Installer
+ */
+
+import { getCircuitBreaker, tripCircuitBreaker, isSuppressed, getTodayMetrics } from "./db.js";
+
+export const SAFETY_CONFIG = __SAFETY_CONFIG__;
+
+export function checkCanAct(target?: string, isConversation: boolean = false): { allowed: boolean; reason?: string } {
+  const breaker = getCircuitBreaker("main");
+  if (breaker?.state === "open") {
+    return { allowed: false, reason: "Circuit breaker OPEN: " + breaker.reason };
+  }
+
+  if (target && isSuppressed(target)) {
+    return { allowed: false, reason: target + " is suppressed" };
+  }
+
+  const metrics = getTodayMetrics();
+  if (metrics && metrics.actions_taken >= SAFETY_CONFIG.maxActionsPerDay) {
+    return { allowed: false, reason: "Daily limit reached (" + metrics.actions_taken + "/" + SAFETY_CONFIG.maxActionsPerDay + ")" };
+  }
+
+  return { allowed: true };
+}

package/installer/modules/core/src/scan-capabilities.ts.txt

@@ -0,0 +1,196 @@
+/**
+ * MetaClaw — Capability Scanner
+ *
+ * Deterministic, NON-LLM scan of what this agent can actually do.
+ * Runs in cron pre-flight before the agent starts thinking.
+ * Writes raw inventory to memory/capabilities/_auto.md.
+ *
+ * The agent diffs this against memory/capabilities/tools.md to detect drift.
+ * Guarantee: the agent cannot forget capabilities that exist on disk.
+ */
+
+import fs from "fs";
+import path from "path";
+
+const PROJECT_ROOT = process.cwd();
+const OUTPUT = path.join(PROJECT_ROOT, "memory", "capabilities", "_auto.md");
+
+interface Inventory {
+  scripts: string[];
+  srcFiles: string[];
+  npmScripts: string[];
+  dependencies: string[];
+  allowedTools: string[];
+  mcpServers: string[];
+  envVars: string[];
+  dataFiles: string[];
+  modules: any[];
+  boardroom: boolean;
+  swarm: boolean;
+  timestamp: string;
+}
+
+function scan(): Inventory {
+  const inv: Inventory = {
+    scripts: [],
+    srcFiles: [],
+    npmScripts: [],
+    dependencies: [],
+    allowedTools: [],
+    mcpServers: [],
+    envVars: [],
+    dataFiles: [],
+    modules: [],
+    boardroom: false,
+    swarm: false,
+    timestamp: new Date().toISOString(),
+  };
+
+  // scripts/ directory
+  try {
+    const scriptsDir = path.join(PROJECT_ROOT, "scripts");
+    if (fs.existsSync(scriptsDir)) {
+      inv.scripts = fs.readdirSync(scriptsDir).filter(f => !f.startsWith("."));
+    }
+  } catch {}
+
+  // src/ directory
+  try {
+    const srcDir = path.join(PROJECT_ROOT, "src");
+    if (fs.existsSync(srcDir)) {
+      inv.srcFiles = fs.readdirSync(srcDir).filter(f => f.endsWith(".ts"));
+    }
+  } catch {}
+
+  // package.json scripts + deps
+  try {
+    const pkg = JSON.parse(fs.readFileSync(path.join(PROJECT_ROOT, "package.json"), "utf-8"));
+    inv.npmScripts = Object.keys(pkg.scripts || {});
+    inv.dependencies = Object.keys(pkg.dependencies || {});
+  } catch {}
+
+  // .claude/settings.json allowed tools
+  try {
+    const settings = JSON.parse(fs.readFileSync(path.join(PROJECT_ROOT, ".claude", "settings.json"), "utf-8"));
+    inv.allowedTools = settings.permissions?.allow || [];
+  } catch {}
+
+  // .mcp.json MCP servers
+  try {
+    const mcp = JSON.parse(fs.readFileSync(path.join(PROJECT_ROOT, ".mcp.json"), "utf-8"));
+    inv.mcpServers = Object.keys(mcp.mcpServers || {});
+  } catch {}
+
+  // Env vars (names only, no values) matching API_KEY/TOKEN/SECRET
+  try {
+    const envPath = path.join(PROJECT_ROOT, ".env");
+    if (fs.existsSync(envPath)) {
+      const envContent = fs.readFileSync(envPath, "utf-8");
+      const matches = envContent.match(/^([A-Z_]+(?:API_KEY|TOKEN|SECRET|PASS|USER|HOST|URL))=/gm) || [];
+      inv.envVars = matches.map(m => m.replace(/=$/, ""));
+    }
+  } catch {}
+
+  // data/ files
+  try {
+    const dataDir = path.join(PROJECT_ROOT, "data");
+    if (fs.existsSync(dataDir)) {
+      inv.dataFiles = fs.readdirSync(dataDir).filter(f => !f.startsWith(".") && !f.includes("-wal") && !f.includes("-shm"));
+    }
+  } catch {}
+
+  // Modules installed
+  try {
+    const modulesJson = JSON.parse(fs.readFileSync(path.join(PROJECT_ROOT, "data", "modules.json"), "utf-8"));
+    inv.modules = modulesJson.modules || [];
+  } catch {}
+
+  // Feature detection
+  inv.boardroom = fs.existsSync(path.join(PROJECT_ROOT, "boardroom", "client.ts"));
+  inv.swarm = fs.existsSync(path.join(PROJECT_ROOT, "swarm", "swarm-client.ts"));
+
+  return inv;
+}
+
+function format(inv: Inventory): string {
+  const lines: string[] = [];
+  lines.push("# Auto-Generated Capability Inventory");
+  lines.push(`**Generated:** ${inv.timestamp}`);
+  lines.push("**Source:** Deterministic scan (not LLM — cannot hallucinate)");
+  lines.push("");
+  lines.push("If something in CAPABILITIES.md disagrees with this file, THIS FILE IS RIGHT.");
+  lines.push("This is a forensic inventory of what actually exists on disk.");
+  lines.push("");
+
+  lines.push("## Installed Modules");
+  if (inv.modules.length > 0) {
+    for (const m of inv.modules) lines.push(`- ${m.name} (${m.category}) v${m.version}`);
+  } else {
+    lines.push("- (none detected — data/modules.json missing)");
+  }
+  lines.push("");
+
+  lines.push("## NPM Scripts (runnable commands)");
+  if (inv.npmScripts.length > 0) {
+    for (const s of inv.npmScripts) lines.push(`- \`npm run ${s}\``);
+  }
+  lines.push("");
+
+  lines.push("## Source Files (src/)");
+  for (const f of inv.srcFiles) lines.push(`- src/${f}`);
+  lines.push("");
+
+  lines.push("## Scripts (scripts/)");
+  for (const s of inv.scripts) lines.push(`- scripts/${s}`);
+  lines.push("");
+
+  lines.push("## Dependencies (npm)");
+  for (const d of inv.dependencies) lines.push(`- ${d}`);
+  lines.push("");
+
+  lines.push("## Data Files (data/)");
+  for (const d of inv.dataFiles) lines.push(`- data/${d}`);
+  lines.push("");
+
+  lines.push("## Allowed Tools (.claude/settings.json)");
+  if (inv.allowedTools.length > 0) {
+    for (const t of inv.allowedTools) lines.push(`- ${t}`);
+  } else {
+    lines.push("- (none detected — permissions may not be configured)");
+  }
+  lines.push("");
+
+  lines.push("## MCP Servers");
+  if (inv.mcpServers.length > 0) {
+    for (const s of inv.mcpServers) lines.push(`- ${s}`);
+  } else {
+    lines.push("- (none — no .mcp.json)");
+  }
+  lines.push("");
+
+  lines.push("## Environment Variables (names only — values never logged)");
+  if (inv.envVars.length > 0) {
+    for (const v of inv.envVars) lines.push(`- ${v}`);
+  } else {
+    lines.push("- (none detected)");
+  }
+  lines.push("");
+
+  lines.push("## Features Available");
+  lines.push(`- Boardroom: ${inv.boardroom ? "YES" : "no"}`);
+  lines.push(`- Swarm/QIS: ${inv.swarm ? "YES" : "no"}`);
+  lines.push("");
+
+  lines.push("---");
+  lines.push("**Meta-rule:** If you need a capability, check this file first. If it's here, use it. If it's not here but you need it, see memory/CAPABILITIES.md for the self-extension checklist.");
+
+  return lines.join("\n");
+}
+
+// Run
+const inv = scan();
+const output = format(inv);
+fs.mkdirSync(path.dirname(OUTPUT), { recursive: true });
+fs.writeFileSync(OUTPUT, output);
+
+console.log(`Capability scan complete: ${inv.scripts.length + inv.srcFiles.length} files, ${inv.npmScripts.length} commands, ${inv.allowedTools.length} tools allowed. Written to ${OUTPUT}`);