dual-brain 4.2.0 → 4.5.0

package/hooks/enforce-tier.mjs

@@ -2,16 +2,50 @@
 import { readFileSync, writeFileSync, appendFileSync } from 'fs';
 import { dirname, resolve, join } from 'path';
 import { fileURLToPath } from 'url';
-import { classifyRisk, extractPaths } from './risk-classifier.mjs';
+import { classifyRisk, classifyRiskEnhanced, extractPaths } from './risk-classifier.mjs';
 import { computePromptHash, checkFailureLoop, recordFailure } from './failure-detector.mjs';
 import { getOutcomeStats } from './decision-ledger.mjs';
 import { atomicWriteJSON } from './atomic-write.mjs';
+import { logHookError } from './error-channel.mjs';
+import { loadAndValidateConfig } from './config-validator.mjs';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const CONFIG_FILE = resolve(__dirname, '..', 'orchestrator.json');
 const PROFILE_FILE = resolve(__dirname, '..', 'dual-brain.profile.json');
 const DRIFT_STATE = resolve(__dirname, '.drift-warned');
 const BURST_FILE = resolve(__dirname, '.burst-state');
+const COOLDOWN_FILE = resolve(__dirname, '.recommendation-cooldowns');
+
+// Cooldown durations per recommendation type (in milliseconds)
+const COOLDOWN_MS = {
+  balance_hint: 15 * 60 * 1000,    // 15 minutes — most wallpaper-prone
+  tier_warning: 5 * 60 * 1000,     // 5 minutes
+  outcome_advisory: 5 * 60 * 1000, // 5 minutes
+  duplicate_warning: 5 * 60 * 1000, // 5 minutes
+};
+
+/**
+ * Check if a recommendation type is on cooldown.
+ * Returns true if the recommendation should be suppressed.
+ * If not on cooldown, records the emission and returns false.
+ */
+function isOnCooldown(type) {
+  const now = Date.now();
+  let state = {};
+  try { state = JSON.parse(readFileSync(COOLDOWN_FILE, 'utf8')); } catch {}
+
+  const lastEmit = state[type] ? Date.parse(state[type]) : 0;
+  const cooldownDuration = COOLDOWN_MS[type] || 5 * 60 * 1000;
+
+  if (now - lastEmit < cooldownDuration) {
+    return true; // suppress
+  }
+
+  // Record this emission
+  state[type] = new Date(now).toISOString();
+  try { atomicWriteJSON(COOLDOWN_FILE, state); } catch (e) { logHookError('enforce-tier', 'cooldown state write', e); }
+  return false;
+}
 
 function detectBurst() {
   const now = Date.now();
@@ -19,7 +53,7 @@ function detectBurst() {
   try { state = JSON.parse(readFileSync(BURST_FILE, 'utf8')); } catch {}
   if (now - state.window_start > 90_000) state = { count: 0, window_start: now };
   state.count++;
-  try { atomicWriteJSON(BURST_FILE, state); } catch {}
+  try { atomicWriteJSON(BURST_FILE, state); } catch (e) { logHookError('enforce-tier', 'burst state write', e); }
   return state.count >= 3;
 }
 
@@ -31,12 +65,110 @@ function loadProfile() {
 }
 
 const PROFILE_SETTINGS = {
-  auto:            { demote_think: false, promote_execute: false, bias: 0 },
-  balanced:        { demote_think: false, promote_execute: false, bias: 0 },
-  'cost-saver':    { demote_think: true,  promote_execute: false, bias: -20 },
-  'quality-first': { demote_think: false, promote_execute: true,  bias: 10 },
+  auto:            { demote_think: false, promote_execute: false, bias: 0,   mismatch_tolerance: 'strict' },
+  balanced:        { demote_think: false, promote_execute: false, bias: 0,   mismatch_tolerance: 'strict' },
+  'cost-saver':    { demote_think: true,  promote_execute: false, bias: -20, mismatch_tolerance: 'lenient' },
+  'quality-first': { demote_think: false, promote_execute: true,  bias: 10,  mismatch_tolerance: 'paranoid' },
 };
 
+/**
+ * Classify how severe a model/tier mismatch is.
+ *
+ * @param {string} detectedTier  - 'search' | 'execute' | 'think'
+ * @param {string} actualModel   - lowercase model string from tool_input.model
+ * @returns {{ severity: 'none'|'minor'|'major', reason: string, suggestedModel: string }}
+ */
+function classifyMismatchSeverity(detectedTier, actualModel) {
+  const model = (actualModel || '').toLowerCase();
+
+  // Canonical tier membership helpers
+  const isSearchModel  = model.includes('haiku') || model.includes('gpt-4.1-mini') || model.includes('4.1-mini');
+  const isExecuteModel = model.includes('sonnet') || model.includes('gpt-5.4') || model.includes('5.4');
+  const isThinkModel   = model.includes('opus') || model.includes('gpt-5.5') || model.includes('5.5') ||
+                         model.includes('o1') || model.includes('o3') || model.includes('o4');
+
+  const suggestedByTier = {
+    search:  'haiku (Claude) or gpt-4.1-mini (OpenAI)',
+    execute: 'sonnet (Claude) or gpt-5.4 (OpenAI)',
+    think:   'opus (Claude) or gpt-5.5 (OpenAI)',
+  };
+  const suggested = suggestedByTier[detectedTier] || 'sonnet';
+
+  // Empty/unset model — no mismatch to classify
+  if (!model || model === 'main-session') {
+    return { severity: 'none', reason: 'model not specified', suggestedModel: suggested };
+  }
+
+  if (detectedTier === 'think') {
+    if (isThinkModel) return { severity: 'none', reason: 'model matches think tier', suggestedModel: suggested };
+    if (isExecuteModel) return {
+      severity: 'minor',
+      reason: `${model} is capable but not optimal for think-tier work (architecture/review/planning)`,
+      suggestedModel: suggested,
+    };
+    // search-class model (haiku, gpt-4.1-mini) on think work → MAJOR
+    return {
+      severity: 'major',
+      reason: `${model} is too weak for think-tier tasks (architecture decisions, security review, complex planning)`,
+      suggestedModel: suggested,
+    };
+  }
+
+  if (detectedTier === 'execute') {
+    if (isExecuteModel) return { severity: 'none', reason: 'model matches execute tier', suggestedModel: suggested };
+    if (isThinkModel) return {
+      severity: 'minor',
+      reason: `${model} is overkill for execute-tier work — wastes budget`,
+      suggestedModel: suggested,
+    };
+    if (isSearchModel) return {
+      severity: 'minor',
+      reason: `${model} may lack capability for complex execution tasks`,
+      suggestedModel: suggested,
+    };
+    return { severity: 'none', reason: 'model tier unclear', suggestedModel: suggested };
+  }
+
+  if (detectedTier === 'search') {
+    if (isSearchModel) return { severity: 'none', reason: 'model matches search tier', suggestedModel: suggested };
+    if (isExecuteModel) return {
+      severity: 'minor',
+      reason: `${model} is more capable than needed for search/explore tasks — consider haiku for cost savings`,
+      suggestedModel: suggested,
+    };
+    if (isThinkModel) return {
+      severity: 'major',
+      reason: `${model} is massive overkill for search/grep/explore tasks — burns budget unnecessarily`,
+      suggestedModel: suggested,
+    };
+    return { severity: 'none', reason: 'model tier unclear', suggestedModel: suggested };
+  }
+
+  return { severity: 'none', reason: 'unknown tier', suggestedModel: suggested };
+}
+
+/**
+ * Given a mismatch severity and the active profile tolerance, decide whether
+ * to block, warn, or allow the call.
+ *
+ * @param {'none'|'minor'|'major'} severity
+ * @param {'lenient'|'strict'|'paranoid'} tolerance
+ * @returns {'block'|'warn'|'allow'}
+ */
+function decideAction(severity, tolerance) {
+  if (severity === 'none') return 'allow';
+  if (tolerance === 'lenient') {
+    // cost-saver: warn on major, ignore minor
+    return severity === 'major' ? 'warn' : 'allow';
+  }
+  if (tolerance === 'paranoid') {
+    // quality-first: block on both minor and major
+    return 'block';
+  }
+  // strict (auto, balanced): block on major, warn on minor
+  return severity === 'major' ? 'block' : 'warn';
+}
+
 function checkPricingDrift(config) {
   const verified = config.pricing_verified;
   if (!verified) return null;
@@ -53,7 +185,7 @@ function checkPricingDrift(config) {
 
   try {
     writeFileSync(DRIFT_STATE, new Date().toISOString().slice(0, 10));
-  } catch {}
+  } catch (e) { logHookError('enforce-tier', 'drift state write', e); }
 
   return `**[Drift Warning]** Pricing was last verified ${age} days ago. Run \`node .claude/hooks/setup-wizard.mjs\` to update.`;
 }
@@ -88,12 +220,12 @@ function logRecommendation(event) {
     if (event.promptHash) {
       summary.recent_hashes = summary.recent_hashes || [];
       summary.recent_hashes.push({ hash: event.promptHash, ts: entryObj.timestamp });
-      const tenMinAgo = Date.now() - 10 * 60 * 1000;
-      summary.recent_hashes = summary.recent_hashes.filter(h => Date.parse(h.ts) >= tenMinAgo);
+      const threeMinAgo = Date.now() - 3 * 60 * 1000;
+      summary.recent_hashes = summary.recent_hashes.filter(h => Date.parse(h.ts) >= threeMinAgo);
     }
     summary.updated_at = new Date().toISOString();
     atomicWriteJSON(summaryFile, summary);
-  } catch {}
+  } catch (e) { logHookError('enforce-tier', 'summary update', e); }
 
   // Sync ledger write (append-only, fast)
   try {
@@ -111,7 +243,7 @@ function logRecommendation(event) {
       prompt_hash: event.promptHash,
     });
     appendFileSync(join(__dirname, 'decision-ledger.jsonl'), ledgerEntry + '\n');
-  } catch {}
+  } catch (e) { logHookError('enforce-tier', 'decision ledger append', e); }
 }
 
 function checkDuplicate(promptHash) {
@@ -119,9 +251,9 @@ function checkDuplicate(promptHash) {
   try {
     const summaryPath = join(__dirname, `usage-summary-${new Date().toISOString().slice(0, 10)}.json`);
     const summary = JSON.parse(readFileSync(summaryPath, 'utf8'));
-    const tenMinAgo = Date.now() - 10 * 60 * 1000;
+    const threeMinAgo = Date.now() - 3 * 60 * 1000;
     const match = (summary.recent_hashes || []).find(
-      h => h.hash === promptHash && Date.parse(h.ts) >= tenMinAgo
+      h => h.hash === promptHash && Date.parse(h.ts) >= threeMinAgo
     );
     if (match) return { timestamp: match.ts, prompt_hash: promptHash };
   } catch {}
@@ -130,13 +262,13 @@ function checkDuplicate(promptHash) {
   const logFile = join(__dirname, `usage-${new Date().toISOString().slice(0, 10)}.jsonl`);
   try {
     const lines = readFileSync(logFile, 'utf8').split('\n').filter(Boolean);
-    const tenMinAgo = Date.now() - 10 * 60 * 1000;
+    const threeMinAgo = Date.now() - 3 * 60 * 1000;
     for (const line of lines) {
       try {
         const entry = JSON.parse(line);
         if (entry.type === 'tier_recommendation' &&
             entry.prompt_hash === promptHash &&
-            Date.parse(entry.timestamp) > tenMinAgo) {
+            Date.parse(entry.timestamp) > threeMinAgo) {
           return entry;
         }
       } catch {}
@@ -221,7 +353,7 @@ try {
   // Check for duplicate agent dispatch before tier classification
   const duplicate = checkDuplicate(promptHash);
   let duplicateWarning = null;
-  if (duplicate) {
+  if (duplicate && !isOnCooldown('duplicate_warning')) {
     const minutesAgo = Math.round((Date.now() - Date.parse(duplicate.timestamp)) / 60000);
     if (burstMode) {
       // In burst mode, only warn on exact hash matches (same description+prompt)
@@ -236,7 +368,8 @@ try {
 
   let config;
   try {
-    config = JSON.parse(readFileSync(CONFIG_FILE, 'utf8'));
+    const result = loadAndValidateConfig(CONFIG_FILE);
+    config = result.config;
   } catch {
     process.stdout.write('{}');
     process.exit(0);
@@ -244,7 +377,13 @@ try {
 
   const driftWarning = checkPricingDrift(config);
 
-  const intelligence = config.model_intelligence || {};
+  // Build flat model intelligence lookup from subscriptions (merged in v4.2.0)
+  const intelligence = {};
+  for (const provider of Object.values(config.subscriptions || {})) {
+    for (const [name, meta] of Object.entries(provider.models || {})) {
+      intelligence[name] = meta;
+    }
+  }
   const defaults = config.routing_rules?.subagent_defaults || {};
   let tier = null;
 
@@ -304,16 +443,42 @@ try {
   }
 
   // Risk classification from file paths in description
+  // Use enhanced classifier (git churn + history) when a single file path is available,
+  // fall back to static classifier for multi-path or missing cases.
   const filePaths = extractPaths(ti.description || '');
-  const riskResult = classifyRisk(filePaths);
+  let riskResult;
+  let riskEscalationReason = null;
+
+  if (filePaths.length === 1) {
+    try {
+      const enhanced = classifyRiskEnhanced(filePaths[0]);
+      riskResult = { level: enhanced.risk, reason: filePaths[0] };
+      // Build human-readable escalation reason if empirical data bumped the risk
+      if (enhanced.basis === 'churn' || enhanced.basis === 'churn+history') {
+        riskEscalationReason = `Risk escalated: high git churn (${enhanced.details.churn_commits} commits in 30 days)`;
+      }
+      if (enhanced.basis === 'history' || enhanced.basis === 'churn+history') {
+        const historyNote = `${enhanced.details.history_success_rate}% failure rate on this file path`;
+        riskEscalationReason = riskEscalationReason
+          ? `${riskEscalationReason}; ${historyNote}`
+          : `Risk escalated: ${historyNote}`;
+      }
+    } catch {
+      riskResult = classifyRisk(filePaths);
+    }
+  } else {
+    riskResult = classifyRisk(filePaths);
+  }
+
   let autoStatus = null;
 
   // Bias high/critical risk toward think tier
   if ((riskResult.level === 'critical' || riskResult.level === 'high') && tier !== 'think') {
     tier = 'think';
-    autoStatus = riskResult.level === 'critical'
-      ? `This touches ${riskResult.reason.split(':')[0].toLowerCase()} — recommending dual-brain review for safety.`
-      : `Promoting to think tier — this is ${riskResult.reason.split(':')[0].toLowerCase()}.`;
+    const baseMsg = riskResult.level === 'critical'
+      ? `This touches ${String(riskResult.reason).split(':')[0].toLowerCase()} — recommending dual-brain review for safety.`
+      : `Promoting to think tier — this is ${String(riskResult.reason).split(':')[0].toLowerCase()}.`;
+    autoStatus = riskEscalationReason ? `${baseMsg} ${riskEscalationReason}.` : baseMsg;
   }
 
   // Failure loop detection
@@ -339,7 +504,8 @@ try {
 
   // Compute balance hint now that tier is resolved
   // In burst mode, skip balance hints — one hint per wave is enough
-  if (!burstMode) {
+  // Balance hints have a 15-minute cooldown (most wallpaper-prone)
+  if (!burstMode && !isOnCooldown('balance_hint')) {
     const currentProvider = detectProvider(currentModel);
     if (currentProvider === 'claude') {
       const balance = quickPressureCheck(tier);
@@ -351,8 +517,8 @@ try {
     }
   }
 
-  // Outcome stats advisory — best-effort, suppressed in burst mode
-  if (!burstMode) {
+  // Outcome stats advisory — best-effort, suppressed in burst mode and on cooldown
+  if (!burstMode && !isOnCooldown('outcome_advisory')) {
     try {
       const stats = getOutcomeStats();
       const tierIssue = stats.underperforming.find(u => u.tier === tier);
@@ -364,71 +530,64 @@ try {
 
   const expected = preferredModel(config, tier);
 
-  if (tier === 'think') {
-    const thinkModels = ['opus', 'gpt-5.5', 'o1', 'o3'];
-    const isThink = !currentModel || thinkModels.some(m => currentModel.includes(m));
-    if (isThink) {
-      logRecommendation({
-        tier,
-        recommended: expected,
-        actual: currentModel,
-        promptHash,
-        followed: true,
-        profile: profileName,
-      });
-      const onlyWarnings = [duplicateWarning, driftWarning, failureMessage, autoStatus, balanceHint, outcomeAdvisory].filter(Boolean).join('\n\n');
-      if (onlyWarnings) {
-        process.stdout.write(JSON.stringify({ systemMessage: onlyWarnings }));
-      } else {
-        process.stdout.write('{}');
-      }
-      process.exit(0);
+  // ── Mismatch severity classification (v4.5.0) ──────────────────────────────
+  const mismatch = classifyMismatchSeverity(tier, currentModel);
+  const tolerance = profileSettings.mismatch_tolerance || 'strict';
+  const action = decideAction(mismatch.severity, tolerance);
+
+  const followed = action === 'allow';
+  logRecommendation({
+    tier,
+    recommended: expected,
+    actual: currentModel,
+    promptHash,
+    followed,
+    profile: profileName,
+  });
+
+  if (action === 'allow') {
+    // Model is fine — emit only ambient warnings (duplicate, drift, failure, balance, outcome)
+    const onlyWarnings = [duplicateWarning, driftWarning, failureMessage, autoStatus, balanceHint, outcomeAdvisory].filter(Boolean).join('\n\n');
+    if (onlyWarnings) {
+      process.stdout.write(JSON.stringify({ systemMessage: onlyWarnings }));
+    } else {
+      process.stdout.write('{}');
     }
-    // If we get here, a non-think model is being used for think work
-    const thinkBestFor = intelligence[expected || 'opus']?.best_for;
-    const thinkBestForSuffix = thinkBestFor ? ` (best for: ${thinkBestFor})` : '';
-    const msg = `This looks like think-level work (architecture/review/planning) — better kept on the main session (${expected || 'opus'}${thinkBestForSuffix}) rather than delegated to ${currentModel}.`;
-    logRecommendation({
-      tier,
-      recommended: expected,
-      actual: currentModel,
-      promptHash,
-      followed: false,
-      profile: profileName,
-    });
-    process.stdout.write(JSON.stringify({ systemMessage: prependWarnings(msg) }));
+    process.exit(0);
+  }
+
+  // On cooldown — emit only ambient warnings (don't repeat tier advice)
+  if (isOnCooldown('tier_warning')) {
+    const onlyWarnings = [duplicateWarning, driftWarning, failureMessage, autoStatus, balanceHint, outcomeAdvisory].filter(Boolean).join('\n\n');
+    process.stdout.write(JSON.stringify(onlyWarnings ? { systemMessage: onlyWarnings } : {}));
+    process.exit(0);
+  }
+
+  // Build the tier advice message, calibrated to severity
+  const bestFor = intelligence[expected]?.best_for;
+  const bestForSuffix = bestFor ? ` (best for: ${bestFor})` : '';
+
+  let tierMsg;
+  if (action === 'block') {
+    // Strongest available signal — Claude Code PreToolUse hooks use systemMessage
+    // (no formal "block" key in the hook contract), so we make the message impossible to ignore.
+    tierMsg =
+      `⛔ BLOCKED: ${mismatch.reason}.\n` +
+      `Resubmit with model: '${mismatch.suggestedModel}'.\n` +
+      `This ${tier}-tier task requires at least ${tier === 'think' ? 'execute' : 'search'}-tier capability or higher.\n` +
+      `Correct model${bestForSuffix}: ${expected || mismatch.suggestedModel}`;
   } else {
-    if (!expected || currentModel.includes(expected)) {
-      logRecommendation({
-        tier,
-        recommended: expected,
-        actual: currentModel,
-        promptHash,
-        followed: true,
-        profile: profileName,
-      });
-      const onlyWarnings = [duplicateWarning, driftWarning, failureMessage, autoStatus, balanceHint, outcomeAdvisory].filter(Boolean).join('\n\n');
-      if (onlyWarnings) {
-        process.stdout.write(JSON.stringify({ systemMessage: onlyWarnings }));
-      } else {
-        process.stdout.write('{}');
-      }
-      process.exit(0);
-    }
-    const savings = tier === 'search' ? 'Haiku is 19x cheaper than Opus for read-only lookups.' : 'Sonnet is 5x cheaper than Opus for implementation work.';
-    const bestFor = intelligence[expected]?.best_for;
-    const bestForSuffix = bestFor ? ` (best for: ${bestFor})` : '';
-    const msg = `This looks like ${tier} work — use ${expected}${bestForSuffix} instead of ${currentModel || 'opus (inherited)'}. ${savings}`;
-    logRecommendation({
-      tier,
-      recommended: expected,
-      actual: currentModel,
-      promptHash,
-      followed: false,
-      profile: profileName,
-    });
-    process.stdout.write(JSON.stringify({ systemMessage: prependWarnings(msg) }));
+    // warn
+    const savingsHint =
+      tier === 'search' ? 'Haiku is 19x cheaper than Opus for read-only lookups.' :
+      tier === 'execute' ? 'Sonnet is 5x cheaper than Opus for implementation work.' :
+      `${expected || 'opus'} is the recommended model for think-tier work.`;
+    tierMsg =
+      `⚠️ Model mismatch (${mismatch.severity}): ${mismatch.reason}. ` +
+      `Suggested: ${mismatch.suggestedModel}${bestForSuffix}. ${savingsHint}`;
   }
+
+  process.stdout.write(JSON.stringify({ systemMessage: prependWarnings(tierMsg) }));
 } catch (err) {
   process.stdout.write(JSON.stringify({
     systemMessage: `[Tier Enforcer] Config error: ${err?.message?.slice(0, 100) || 'unknown'}. Falling back to main-session judgment.`

package/hooks/error-channel.mjs

@@ -0,0 +1,68 @@
+/**
+ * error-channel.mjs — Lightweight error logger for dual-brain hooks.
+ *
+ * Exports:
+ *   logHookError(hookName, operation, error, context?)  → append to errors.jsonl
+ *   getRecentErrors(hours?)                             → array of recent error entries
+ */
+
+import { appendFileSync, readFileSync, writeFileSync } from 'fs';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const ERROR_FILE = join(__dirname, 'errors.jsonl');
+
+const PRUNE_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+const PRUNE_INTERVAL_MS = 60 * 1000; // 1 minute
+let lastPruneCheck = 0;
+
+function maybePrune() {
+  const now = Date.now();
+  if (now - lastPruneCheck < PRUNE_INTERVAL_MS) return;
+  lastPruneCheck = now;
+
+  try {
+    const raw = readFileSync(ERROR_FILE, 'utf8');
+    const cutoff = now - PRUNE_MAX_AGE_MS;
+    const kept = raw.split('\n').filter(line => {
+      if (!line) return false;
+      try {
+        const entry = JSON.parse(line);
+        return Date.parse(entry.timestamp) >= cutoff;
+      } catch { return true; } // keep unparseable lines
+    });
+    writeFileSync(ERROR_FILE, kept.length > 0 ? kept.join('\n') + '\n' : '');
+  } catch {
+    // File doesn't exist or can't be read — nothing to prune
+  }
+}
+
+export function logHookError(hookName, operation, error, context = {}) {
+  const entry = JSON.stringify({
+    timestamp: new Date().toISOString(),
+    hook: hookName,
+    operation,
+    error: error?.message || String(error),
+    stack: error?.stack || null,
+    context,
+  });
+  try {
+    appendFileSync(ERROR_FILE, entry + '\n');
+  } catch {
+    // Last resort — can't even log. Silently drop.
+  }
+  maybePrune();
+}
+
+export function getRecentErrors(hours = 24) {
+  const cutoff = Date.now() - hours * 60 * 60 * 1000;
+  try {
+    const raw = readFileSync(ERROR_FILE, 'utf8');
+    return raw.split('\n').filter(Boolean).map(line => {
+      try { return JSON.parse(line); } catch { return null; }
+    }).filter(e => e && Date.parse(e.timestamp) >= cutoff);
+  } catch {
+    return [];
+  }
+}

package/hooks/failure-detector.mjs

@@ -13,6 +13,7 @@ import { readFileSync, appendFileSync, writeFileSync, renameSync, unlinkSync } f
 import { dirname, join } from 'path';
 import { fileURLToPath } from 'url';
 import { atomicWriteJSON } from './atomic-write.mjs';
+import { logHookError } from './error-channel.mjs';
 
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -91,7 +92,7 @@ function recordFailure(promptHash, tier, reason) {
   });
   try {
     appendFileSync(LEDGER_FILE, entry + '\n');
-  } catch {}
+  } catch (e) { logHookError('failure-detector', 'recordFailure append', e); }
 }
 
 /**

package/hooks/health-check.mjs

@@ -11,7 +11,7 @@
  * Checks:
  *   1. orchestrator.json    — exists and parses as valid JSON
  *   2. pricing_verified     — exists, warn if >30 days, fail if >90 days
- *   3. model_intelligence   — exists and covers all subscription models
+ *   3. model_intelligence   — inline in subscriptions, covers all models
  *   4. hook scripts         — enforce-tier, cost-logger, quality-gate, dual-brain-review readable
  *   5. usage.jsonl active   — recent entries (last 15 min) indicate PostToolUse hook is wired
  *   6. codex CLI            — found on PATH or known locations; auth status checked
@@ -94,7 +94,7 @@ function checkPricingVerified() {
   return check("pricing_verified", STATUS.pass, `${ageDays} days ago`);
 }
 
-/** 3. model_intelligence — exists and has entries for at least the subscription models */
+/** 3. model_intelligence — merged into subscriptions; validate inline fields */
 function checkModelIntelligence() {
   let config;
   try {
@@ -103,31 +103,30 @@ function checkModelIntelligence() {
     return check("model_intelligence", STATUS.fail, "cannot read config");
   }
 
-  const mi = config.model_intelligence;
-  if (!mi || typeof mi !== "object") {
-    return check("model_intelligence", STATUS.fail, "key missing from config");
-  }
-
-  // Collect model keys from subscriptions
-  const subscriptionModels = new Set();
-  for (const provider of Object.values(config.subscriptions || {})) {
-    for (const key of Object.keys(provider.models || {})) {
-      subscriptionModels.add(key);
+  // Collect all models from subscriptions and check for intelligence fields
+  let entryCount = 0;
+  const missing = [];
+  for (const [providerName, provider] of Object.entries(config.subscriptions || {})) {
+    for (const [modelName, meta] of Object.entries(provider.models || {})) {
+      entryCount++;
+      if (!meta.best_for && !meta.model_id) {
+        missing.push(modelName);
+      }
     }
   }
 
-  const miKeys     = Object.keys(mi);
-  const missing    = [...subscriptionModels].filter((m) => !mi[m]);
-  const entryCount = miKeys.length;
+  if (entryCount === 0) {
+    return check("model_intelligence", STATUS.fail, "no models in subscriptions");
+  }
 
   if (missing.length > 0) {
     return check(
       "model_intelligence",
       STATUS.warn,
-      `${entryCount} models, missing: ${missing.join(", ")}`
+      `${entryCount} models, missing intelligence: ${missing.join(", ")}`
     );
   }
-  return check("model_intelligence", STATUS.pass, `${entryCount} models`);
+  return check("model_intelligence", STATUS.pass, `${entryCount} models (inline)`);
 }
 
 /** 4. Hook scripts readable */