framein 0.0.5 → 0.0.6

package/dist/anomaly.js

@@ -1,39 +1,39 @@
-// Audit cadence (ADR-0005, F-AUDIT-3): detect "thrash" signals from the task ledger so a
-// reviewer can be pulled in only when an agent is going in circles — not on every turn.
-// Pure function over ledger entries; thresholds are tunable (PRD §11.8).
-export function detectThrash(entries, opts = {}) {
-    const editThreshold = opts.repeatedEdits ?? 3;
-    const failThreshold = opts.repeatedFailures ?? 2;
-    const noProgress = opts.noProgressTurns ?? 5;
-    const signals = [];
-    const editCounts = new Map();
-    const failCounts = new Map();
-    for (const e of entries) {
-        if (e.kind === 'edit' && e.target)
-            editCounts.set(e.target, (editCounts.get(e.target) ?? 0) + 1);
-        if (e.kind === 'test-fail' && e.target)
-            failCounts.set(e.target, (failCounts.get(e.target) ?? 0) + 1);
-    }
-    for (const [target, count] of editCounts) {
-        if (count >= editThreshold)
-            signals.push({ kind: 'repeated-edits', target, count, message: `'${target}' edited ${count}× — possible thrash loop` });
-    }
-    for (const [target, count] of failCounts) {
-        if (count >= failThreshold)
-            signals.push({ kind: 'repeated-failure', target, count, message: `'${target}' failed ${count}× — stuck on the same test` });
-    }
-    // turns accumulated since the last real progress (edit/commit). Other events (ask,
-    // test-fail) are neither progress nor turns — they're skipped, not counted.
-    let trailingTurns = 0;
-    for (let i = entries.length - 1; i >= 0; i--) {
-        const k = entries[i].kind;
-        if (k === 'edit' || k === 'commit')
-            break;
-        if (k === 'turn')
-            trailingTurns++;
-    }
-    if (trailingTurns >= noProgress) {
-        signals.push({ kind: 'no-progress', count: trailingTurns, message: `${trailingTurns} turns without an edit/commit — may be going in circles` });
-    }
-    return signals;
-}
+// Audit cadence (ADR-0005, F-AUDIT-3): detect "thrash" signals from the task ledger so a
+// reviewer can be pulled in only when an agent is going in circles — not on every turn.
+// Pure function over ledger entries; thresholds are tunable (PRD §11.8).
+export function detectThrash(entries, opts = {}) {
+    const editThreshold = opts.repeatedEdits ?? 3;
+    const failThreshold = opts.repeatedFailures ?? 2;
+    const noProgress = opts.noProgressTurns ?? 5;
+    const signals = [];
+    const editCounts = new Map();
+    const failCounts = new Map();
+    for (const e of entries) {
+        if (e.kind === 'edit' && e.target)
+            editCounts.set(e.target, (editCounts.get(e.target) ?? 0) + 1);
+        if (e.kind === 'test-fail' && e.target)
+            failCounts.set(e.target, (failCounts.get(e.target) ?? 0) + 1);
+    }
+    for (const [target, count] of editCounts) {
+        if (count >= editThreshold)
+            signals.push({ kind: 'repeated-edits', target, count, message: `'${target}' edited ${count}× — possible thrash loop` });
+    }
+    for (const [target, count] of failCounts) {
+        if (count >= failThreshold)
+            signals.push({ kind: 'repeated-failure', target, count, message: `'${target}' failed ${count}× — stuck on the same test` });
+    }
+    // turns accumulated since the last real progress (edit/commit). Other events (ask,
+    // test-fail) are neither progress nor turns — they're skipped, not counted.
+    let trailingTurns = 0;
+    for (let i = entries.length - 1; i >= 0; i--) {
+        const k = entries[i].kind;
+        if (k === 'edit' || k === 'commit')
+            break;
+        if (k === 'turn')
+            trailingTurns++;
+    }
+    if (trailingTurns >= noProgress) {
+        signals.push({ kind: 'no-progress', count: trailingTurns, message: `${trailingTurns} turns without an edit/commit — may be going in circles` });
+    }
+    return signals;
+}

package/dist/bin.js

@@ -1,27 +1,27 @@
-#!/usr/bin/env node
-// framein installed-bin entry. The node:sqlite ExperimentalWarning (and any other Node warning) is
-// printed at module-LOAD time, before any in-process filter can run — the only reliable suppression is
-// Node's own `--no-warnings`. So this tiny entry, which imports NOTHING that loads node:sqlite, re-execs
-// the CLI once under `--no-warnings`. stdio:'inherit' keeps stdin/stdout/stderr byte-exact (MCP serve
-// NDJSON, `ask --interactive` / shell `/go` hand-overs all pass straight through) and the child's exit
-// code is propagated. FRAMEIN_NOWARN guards against a re-exec loop; running `node dist/cli.js` directly
-// (dev/tests) bypasses this entirely.
-//
-// EXCEPTION: `mcp serve` is machine-facing — MCP clients read NDJSON on stdout and ignore stderr, so the
-// SQLite warning is harmless there. We skip the re-exec for it to avoid adding any startup latency to the
-// server an agent just spawned (a slow handshake can make a client cancel the first tool call).
-import { spawnSync } from 'node:child_process';
-const argv = process.argv.slice(2);
-const isMcpServe = argv[0] === 'mcp' && argv[1] === 'serve';
-if (process.env.FRAMEIN_NOWARN === undefined && !isMcpServe && typeof process.argv[1] === 'string') {
-    const res = spawnSync(process.execPath, ['--no-warnings', process.argv[1], ...process.argv.slice(2)], {
-        stdio: 'inherit',
-        env: { ...process.env, FRAMEIN_NOWARN: '1' },
-    });
-    if (res.error) {
-        console.error(res.error.message);
-        process.exit(1);
-    }
-    process.exit(res.status ?? 1);
-}
-await import('./cli.js');
+#!/usr/bin/env node
+// framein installed-bin entry. The node:sqlite ExperimentalWarning (and any other Node warning) is
+// printed at module-LOAD time, before any in-process filter can run — the only reliable suppression is
+// Node's own `--no-warnings`. So this tiny entry, which imports NOTHING that loads node:sqlite, re-execs
+// the CLI once under `--no-warnings`. stdio:'inherit' keeps stdin/stdout/stderr byte-exact (MCP serve
+// NDJSON, `ask --interactive` / shell `/go` hand-overs all pass straight through) and the child's exit
+// code is propagated. FRAMEIN_NOWARN guards against a re-exec loop; running `node dist/cli.js` directly
+// (dev/tests) bypasses this entirely.
+//
+// EXCEPTION: `mcp serve` is machine-facing — MCP clients read NDJSON on stdout and ignore stderr, so the
+// SQLite warning is harmless there. We skip the re-exec for it to avoid adding any startup latency to the
+// server an agent just spawned (a slow handshake can make a client cancel the first tool call).
+import { spawnSync } from 'node:child_process';
+const argv = process.argv.slice(2);
+const isMcpServe = argv[0] === 'mcp' && argv[1] === 'serve';
+if (process.env.FRAMEIN_NOWARN === undefined && !isMcpServe && typeof process.argv[1] === 'string') {
+    const res = spawnSync(process.execPath, ['--no-warnings', process.argv[1], ...process.argv.slice(2)], {
+        stdio: 'inherit',
+        env: { ...process.env, FRAMEIN_NOWARN: '1' },
+    });
+    if (res.error) {
+        console.error(res.error.message);
+        process.exit(1);
+    }
+    process.exit(res.status ?? 1);
+}
+await import('./cli.js');

package/dist/blast.js

@@ -1,51 +1,51 @@
-// Blast Radius Guard (F-LOOP-6, ADR-0008): detect when a change touches sensitive code and raise
-// the required gates — but only when risk actually changes, matching the audit cadence (ADR-0005:
-// not every task). Pure: map changed file paths to a risk level + required gates. Reading the
-// changed files (git) and acting on the gate live in cli.ts.
-import { PLAIN } from './ui/theme.js';
-// Order matters only for readability; each file is matched against every rule.
-const RULES = [
-    { category: 'secrets', level: 'high', pattern: /(^|\/)\.env(\.|$)|secret|credential|\.pem$|\.key$/i, gate: 'secret scan / rotation validation' },
-    { category: 'auth', level: 'high', pattern: /auth|login|session|oauth|permission|rbac|password/i, gate: 'security review' },
-    { category: 'payment', level: 'high', pattern: /payment|billing|stripe|checkout|invoice|charge/i, gate: 'security review (payments)' },
-    { category: 'migration', level: 'high', pattern: /migrat|\.sql$|schema\.|prisma\/migrations|alembic/i, gate: 'migration rollback validation' },
-    { category: 'deploy', level: 'high', pattern: /dockerfile|docker-compose|\.tf$|terraform|fly\.toml|vercel\.json|(^|\/)k8s\/|\.github\/workflows/i, gate: 'deploy rollback plan' },
-    { category: 'deps', level: 'medium', pattern: /(^|\/)package\.json$|package-lock\.json|yarn\.lock|pnpm-lock\.yaml/i, gate: 'dependency justification' },
-    { category: 'config', level: 'medium', pattern: /(^|\/)config\/|\.env\.example$|settings\.(json|py|ts)|\.config\./i, gate: 'config review' },
-];
-const RANK = { low: 0, medium: 1, high: 2 };
-export function riskRank(level) { return RANK[level]; }
-export function assessBlastRadius(changedFiles) {
-    const hits = [];
-    const gates = new Set();
-    let level = 'low';
-    for (const file of changedFiles) {
-        for (const rule of RULES) {
-            if (rule.pattern.test(file)) {
-                hits.push({ category: rule.category, file });
-                gates.add(rule.gate);
-                if (RANK[rule.level] > RANK[level])
-                    level = rule.level;
-            }
-        }
-    }
-    return { level, hits, requiredGates: [...gates] };
-}
-/** A message when risk INCREASED vs the previous assessment (cadence: only speak on change). */
-export function riskTransition(prev, curr) {
-    if (prev === undefined || RANK[curr] <= RANK[prev])
-        return undefined;
-    return `Risk level changed: ${prev.toUpperCase()} → ${curr.toUpperCase()}`;
-}
-export function renderBlast(a, ui = PLAIN) {
-    if (a.level === 'low')
-        return `Risk level: ${ui.tone('LOW', 'success')} (no sensitive files touched)`;
-    const tone = a.level === 'high' ? 'danger' : 'warning';
-    const lines = [`Risk level: ${ui.tone(a.level.toUpperCase(), tone)}`, 'Reason:'];
-    for (const h of a.hits)
-        lines.push(`  - ${h.category}: ${h.file}`);
-    lines.push('Required before ship:');
-    for (const g of a.requiredGates)
-        lines.push(`  - ${g}`);
-    return lines.join('\n');
-}
+// Blast Radius Guard (F-LOOP-6, ADR-0008): detect when a change touches sensitive code and raise
+// the required gates — but only when risk actually changes, matching the audit cadence (ADR-0005:
+// not every task). Pure: map changed file paths to a risk level + required gates. Reading the
+// changed files (git) and acting on the gate live in cli.ts.
+import { PLAIN } from './ui/theme.js';
+// Order matters only for readability; each file is matched against every rule.
+const RULES = [
+    { category: 'secrets', level: 'high', pattern: /(^|\/)\.env(\.|$)|secret|credential|\.pem$|\.key$/i, gate: 'secret scan / rotation validation' },
+    { category: 'auth', level: 'high', pattern: /auth|login|session|oauth|permission|rbac|password/i, gate: 'security review' },
+    { category: 'payment', level: 'high', pattern: /payment|billing|stripe|checkout|invoice|charge/i, gate: 'security review (payments)' },
+    { category: 'migration', level: 'high', pattern: /migrat|\.sql$|schema\.|prisma\/migrations|alembic/i, gate: 'migration rollback validation' },
+    { category: 'deploy', level: 'high', pattern: /dockerfile|docker-compose|\.tf$|terraform|fly\.toml|vercel\.json|(^|\/)k8s\/|\.github\/workflows/i, gate: 'deploy rollback plan' },
+    { category: 'deps', level: 'medium', pattern: /(^|\/)package\.json$|package-lock\.json|yarn\.lock|pnpm-lock\.yaml/i, gate: 'dependency justification' },
+    { category: 'config', level: 'medium', pattern: /(^|\/)config\/|\.env\.example$|settings\.(json|py|ts)|\.config\./i, gate: 'config review' },
+];
+const RANK = { low: 0, medium: 1, high: 2 };
+export function riskRank(level) { return RANK[level]; }
+export function assessBlastRadius(changedFiles) {
+    const hits = [];
+    const gates = new Set();
+    let level = 'low';
+    for (const file of changedFiles) {
+        for (const rule of RULES) {
+            if (rule.pattern.test(file)) {
+                hits.push({ category: rule.category, file });
+                gates.add(rule.gate);
+                if (RANK[rule.level] > RANK[level])
+                    level = rule.level;
+            }
+        }
+    }
+    return { level, hits, requiredGates: [...gates] };
+}
+/** A message when risk INCREASED vs the previous assessment (cadence: only speak on change). */
+export function riskTransition(prev, curr) {
+    if (prev === undefined || RANK[curr] <= RANK[prev])
+        return undefined;
+    return `Risk level changed: ${prev.toUpperCase()} → ${curr.toUpperCase()}`;
+}
+export function renderBlast(a, ui = PLAIN) {
+    if (a.level === 'low')
+        return `Risk level: ${ui.tone('LOW', 'success')} (no sensitive files touched)`;
+    const tone = a.level === 'high' ? 'danger' : 'warning';
+    const lines = [`Risk level: ${ui.tone(a.level.toUpperCase(), tone)}`, 'Reason:'];
+    for (const h of a.hits)
+        lines.push(`  - ${h.category}: ${h.file}`);
+    lines.push('Required before ship:');
+    for (const g of a.requiredGates)
+        lines.push(`  - ${g}`);
+    return lines.join('\n');
+}

package/dist/brief.js

@@ -1,21 +1,21 @@
-// Ownership Brief (F-LOOP-10, ADR-0008): make the explainer produce a doc the user can take
-// OWNERSHIP of — not just a friendly recap. Pure: render the brief skeleton, filling the facts
-// framein already knows (changed files, how to test, how to roll back) and leaving the narrative
-// sections for the live explainer role. Gathering the facts lives in cli.ts.
-const TBD = '  (for the explainer role to fill)';
-export function ownershipBrief(input) {
-    const changed = input.changedFiles?.length
-        ? input.changedFiles.map((f) => `  - ${f}`).join('\n')
-        : '  (no changed files detected)';
-    const sections = [
-        ['What changed', changed],
-        ['How to test it', input.testCommand ? `  ${input.testCommand}` : '  (no test command found)'],
-        ['How to roll it back', input.lastGreen ? `  git reset --hard ${input.lastGreen.slice(0, 7)}  (last green checkpoint)` : '  (no checkpoint recorded — run `frame checkpoint`)'],
-        ['How requests flow', TBD],
-        ['Where configuration lives', TBD],
-        ['Known limitations', TBD],
-        ['What will likely break next', TBD],
-    ];
-    const head = `Ownership brief${input.goal ? `: ${input.goal}` : ''}`;
-    return [head, '', ...sections.map(([h, b]) => `## ${h}\n${b}`)].join('\n');
-}
+// Ownership Brief (F-LOOP-10, ADR-0008): make the explainer produce a doc the user can take
+// OWNERSHIP of — not just a friendly recap. Pure: render the brief skeleton, filling the facts
+// framein already knows (changed files, how to test, how to roll back) and leaving the narrative
+// sections for the live explainer role. Gathering the facts lives in cli.ts.
+const TBD = '  (for the explainer role to fill)';
+export function ownershipBrief(input) {
+    const changed = input.changedFiles?.length
+        ? input.changedFiles.map((f) => `  - ${f}`).join('\n')
+        : '  (no changed files detected)';
+    const sections = [
+        ['What changed', changed],
+        ['How to test it', input.testCommand ? `  ${input.testCommand}` : '  (no test command found)'],
+        ['How to roll it back', input.lastGreen ? `  git reset --hard ${input.lastGreen.slice(0, 7)}  (last green checkpoint)` : '  (no checkpoint recorded — run `frame checkpoint`)'],
+        ['How requests flow', TBD],
+        ['Where configuration lives', TBD],
+        ['Known limitations', TBD],
+        ['What will likely break next', TBD],
+    ];
+    const head = `Ownership brief${input.goal ? `: ${input.goal}` : ''}`;
+    return [head, '', ...sections.map(([h, b]) => `## ${h}\n${b}`)].join('\n');
+}

package/dist/cli.js

@@ -1545,7 +1545,7 @@ function cmdShell() {
         // below it and ERASES itself on choice (clearOnExit), so what remains is a single lobby screen —
         // not a stacked [pick]+[welcome] two-stage view.
         if (interactive) {
-            const ver = readVersion().replace(/^framein /, 'v'); // e.g. v0.0.5
+            const ver = readVersion().replace(/^framein /, 'v'); // e.g. v0.0.6
             console.log(renderFrame('FRAMEIN', [`Framein by Frameout · ${ver}`, 'Intent in · Validation in · Drift out'], { ui, unicode: caps.unicode, columns: caps.columns }));
             console.log('');
         }

package/dist/db.js

@@ -1,7 +1,7 @@
-// Thin typed facade over the experimental built-in node:sqlite.
-// Declaring our own minimal surface decouples us from @types/node version drift.
-// @ts-ignore - node:sqlite is experimental; type defs may be absent.
-import { DatabaseSync } from 'node:sqlite';
-export function openDb(path) {
-    return new DatabaseSync(path);
-}
+// Thin typed facade over the experimental built-in node:sqlite.
+// Declaring our own minimal surface decouples us from @types/node version drift.
+// @ts-ignore - node:sqlite is experimental; type defs may be absent.
+import { DatabaseSync } from 'node:sqlite';
+export function openDb(path) {
+    return new DatabaseSync(path);
+}

package/dist/debt.js

@@ -1,42 +1,42 @@
-// Vibe Debt Delta (F-LOOP-9, ADR-0008): show the debt THIS change added — not the codebase's
-// hundreds of pre-existing warnings. Pure: parse a unified git diff into a small delta. Heuristic
-// by design (a hint, not a linter); reading the diff (git) lives in cli.ts.
-import { PLAIN } from './ui/theme.js';
-export function parseDiffDebt(diff) {
-    let addedLines = 0, removedLines = 0, todos = 0;
-    const addedDeps = [];
-    let curFile = '';
-    for (const line of (diff ?? '').split('\n')) {
-        if (line.startsWith('+++ ')) {
-            curFile = line.replace(/^\+\+\+ (b\/)?/, '').trim();
-            continue;
-        }
-        if (line.startsWith('--- ') || line.startsWith('@@') || line.startsWith('diff '))
-            continue;
-        if (line.startsWith('+')) {
-            addedLines++;
-            if (/\b(TODO|FIXME|HACK|XXX)\b/.test(line))
-                todos++;
-            if (/package\.json$/.test(curFile)) {
-                const m = line.match(/^\+\s*"([^"]+)":\s*"[~^]?\d/); // "pkg": "^1.2.3" style additions
-                if (m)
-                    addedDeps.push(m[1]);
-            }
-        }
-        else if (line.startsWith('-')) {
-            removedLines++;
-        }
-    }
-    return { addedLines, removedLines, addedDeps, todos };
-}
-export function renderDebt(d, ui = PLAIN) {
-    const lines = [ui.tone('Debt delta (this change only):', 'muted')];
-    if (d.addedDeps.length)
-        lines.push(ui.tone(`  + ${d.addedDeps.length} runtime dependency${d.addedDeps.length > 1 ? '(ies)' : ''}: ${d.addedDeps.join(', ')}`, 'warning'));
-    if (d.todos)
-        lines.push(ui.tone(`  + ${d.todos} TODO/FIXME`, 'warning'));
-    lines.push(`  ~ ${d.addedLines} added / ${d.removedLines} removed lines`);
-    if (!d.addedDeps.length && !d.todos)
-        lines.push(ui.tone('  (no new deps or TODOs)', 'success'));
-    return lines.join('\n');
-}
+// Vibe Debt Delta (F-LOOP-9, ADR-0008): show the debt THIS change added — not the codebase's
+// hundreds of pre-existing warnings. Pure: parse a unified git diff into a small delta. Heuristic
+// by design (a hint, not a linter); reading the diff (git) lives in cli.ts.
+import { PLAIN } from './ui/theme.js';
+export function parseDiffDebt(diff) {
+    let addedLines = 0, removedLines = 0, todos = 0;
+    const addedDeps = [];
+    let curFile = '';
+    for (const line of (diff ?? '').split('\n')) {
+        if (line.startsWith('+++ ')) {
+            curFile = line.replace(/^\+\+\+ (b\/)?/, '').trim();
+            continue;
+        }
+        if (line.startsWith('--- ') || line.startsWith('@@') || line.startsWith('diff '))
+            continue;
+        if (line.startsWith('+')) {
+            addedLines++;
+            if (/\b(TODO|FIXME|HACK|XXX)\b/.test(line))
+                todos++;
+            if (/package\.json$/.test(curFile)) {
+                const m = line.match(/^\+\s*"([^"]+)":\s*"[~^]?\d/); // "pkg": "^1.2.3" style additions
+                if (m)
+                    addedDeps.push(m[1]);
+            }
+        }
+        else if (line.startsWith('-')) {
+            removedLines++;
+        }
+    }
+    return { addedLines, removedLines, addedDeps, todos };
+}
+export function renderDebt(d, ui = PLAIN) {
+    const lines = [ui.tone('Debt delta (this change only):', 'muted')];
+    if (d.addedDeps.length)
+        lines.push(ui.tone(`  + ${d.addedDeps.length} runtime dependency${d.addedDeps.length > 1 ? '(ies)' : ''}: ${d.addedDeps.join(', ')}`, 'warning'));
+    if (d.todos)
+        lines.push(ui.tone(`  + ${d.todos} TODO/FIXME`, 'warning'));
+    lines.push(`  ~ ${d.addedLines} added / ${d.removedLines} removed lines`);
+    if (!d.addedDeps.length && !d.todos)
+        lines.push(ui.tone('  (no new deps or TODOs)', 'success'));
+    return lines.join('\n');
+}

package/dist/detect.js

@@ -1,118 +1,118 @@
-// Reuse-first (ADR-0002/0004): DETECT each agent's existing MCP servers and skills and
-// surface them; never proxy or reimplement them. Parsers are pure (fixture-testable);
-// the disk layer is best-effort and swallows missing/malformed files.
-import { existsSync, readFileSync, readdirSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { join } from 'node:path';
-// --- pure parsers (one per CLI's config format) ---
-/** Claude project `.mcp.json`: { "mcpServers": { name: { command, args } } } */
-export function parseClaudeMcpJson(text) {
-    const servers = (JSON.parse(text)?.mcpServers ?? {});
-    return Object.entries(servers).map(([name, def]) => ({ agent: 'claude', name, command: def?.command ?? '' }));
-}
-/** Gemini `settings.json`: { "mcpServers": { name: { command, args } } } */
-export function parseGeminiMcpJson(text) {
-    const servers = (JSON.parse(text)?.mcpServers ?? {});
-    return Object.entries(servers).map(([name, def]) => ({ agent: 'gemini', name, command: def?.command ?? '' }));
-}
-/**
- * Codex `~/.codex/config.toml`: top-level `[mcp_servers.<name>]` tables (sub-tables like
- * `[mcp_servers.<name>.env]` are NOT servers). Minimal line-based reader (zero-dep).
- */
-export function parseCodexMcpToml(text) {
-    const out = [];
-    let cur = null;
-    for (const raw of text.split('\n')) {
-        // strip a trailing ` # comment` (best effort: not quote-aware, but tolerates the common case)
-        const line = raw.replace(/\s+#.*$/, '').trim();
-        const sec = line.match(/^\[mcp_servers\.([^.\]]+)\]$/);
-        if (sec) {
-            cur = { agent: 'codex', name: sec[1], command: '' };
-            out.push(cur);
-            continue;
-        }
-        if (line.startsWith('[')) {
-            cur = null;
-            continue;
-        } // any other section ends the current server
-        if (cur) {
-            const m = line.match(/^command\s*=\s*['"](.*?)['"]\s*$/);
-            if (m)
-                cur.command = m[1];
-        }
-    }
-    return out;
-}
-/** Server names configured for more than one agent (surfaced, not auto-resolved). */
-export function findConflicts(servers) {
-    const byName = new Map();
-    for (const s of servers) {
-        if (!byName.has(s.name))
-            byName.set(s.name, new Set());
-        byName.get(s.name).add(s.agent);
-    }
-    return [...byName.entries()].filter(([, agents]) => agents.size > 1).map(([name]) => name).sort();
-}
-/**
- * The config patches that would register framein's OWN MCP server into each CLI. Generated
- * for the user to apply after approval (§6.3) — framein does not write them automatically.
- */
-export function frameinMcpRegistration(command = 'framein', args = ['mcp', 'serve']) {
-    const json = JSON.stringify({ mcpServers: { framein: { command, args } } }, null, 2);
-    const codex = `[mcp_servers.framein]\ncommand = ${JSON.stringify(command)}\nargs = [${args.map((a) => JSON.stringify(a)).join(', ')}]`;
-    return { claude: json, codex, gemini: json };
-}
-export const FRAMEIN_SKILLS = [
-    { source: 'framein', name: 'adr-flow', description: 'record a decision as an ADR and re-sync all agents' },
-    { source: 'framein', name: 'delegate', description: 'hand a task to another role; it reads the shared store' },
-    { source: 'framein', name: 'cross-review', description: 'ask the reviewer role to audit the current change' },
-];
-/** Parse the `name`/`description` from a SKILL.md YAML-ish frontmatter block. */
-export function parseSkillFrontmatter(md) {
-    const fm = md.match(/^---\r?\n([\s\S]*?)\r?\n---/);
-    if (!fm)
-        return {};
-    const name = fm[1].match(/^name:\s*(.+)$/m)?.[1]?.trim();
-    const description = fm[1].match(/^description:\s*(.+)$/m)?.[1]?.trim();
-    return { name, description };
-}
-// --- best-effort disk layer ---
-function tryParse(path, parse, into) {
-    try {
-        if (existsSync(path))
-            into.push(...parse(readFileSync(path, 'utf8')));
-    }
-    catch { /* ignore malformed/missing */ }
-}
-export function detectMcpFromDisk(opts = {}) {
-    const cwd = opts.cwd ?? process.cwd();
-    const home = opts.home ?? homedir();
-    const servers = [];
-    tryParse(join(cwd, '.mcp.json'), parseClaudeMcpJson, servers);
-    tryParse(join(home, '.codex', 'config.toml'), parseCodexMcpToml, servers);
-    tryParse(join(home, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
-    tryParse(join(cwd, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
-    return servers;
-}
-export function detectSkillsFromDisk(opts = {}) {
-    const cwd = opts.cwd ?? process.cwd();
-    const home = opts.home ?? homedir();
-    const out = [];
-    for (const base of [join(cwd, '.claude', 'skills'), join(home, '.claude', 'skills')]) {
-        try {
-            if (!existsSync(base))
-                continue;
-            for (const entry of readdirSync(base, { withFileTypes: true })) {
-                if (!entry.isDirectory())
-                    continue;
-                const md = join(base, entry.name, 'SKILL.md');
-                if (!existsSync(md))
-                    continue;
-                const { name, description } = parseSkillFrontmatter(readFileSync(md, 'utf8'));
-                out.push({ source: 'claude', name: name ?? entry.name, description: description ?? '' });
-            }
-        }
-        catch { /* ignore */ }
-    }
-    return out;
-}
+// Reuse-first (ADR-0002/0004): DETECT each agent's existing MCP servers and skills and
+// surface them; never proxy or reimplement them. Parsers are pure (fixture-testable);
+// the disk layer is best-effort and swallows missing/malformed files.
+import { existsSync, readFileSync, readdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+// --- pure parsers (one per CLI's config format) ---
+/** Claude project `.mcp.json`: { "mcpServers": { name: { command, args } } } */
+export function parseClaudeMcpJson(text) {
+    const servers = (JSON.parse(text)?.mcpServers ?? {});
+    return Object.entries(servers).map(([name, def]) => ({ agent: 'claude', name, command: def?.command ?? '' }));
+}
+/** Gemini `settings.json`: { "mcpServers": { name: { command, args } } } */
+export function parseGeminiMcpJson(text) {
+    const servers = (JSON.parse(text)?.mcpServers ?? {});
+    return Object.entries(servers).map(([name, def]) => ({ agent: 'gemini', name, command: def?.command ?? '' }));
+}
+/**
+ * Codex `~/.codex/config.toml`: top-level `[mcp_servers.<name>]` tables (sub-tables like
+ * `[mcp_servers.<name>.env]` are NOT servers). Minimal line-based reader (zero-dep).
+ */
+export function parseCodexMcpToml(text) {
+    const out = [];
+    let cur = null;
+    for (const raw of text.split('\n')) {
+        // strip a trailing ` # comment` (best effort: not quote-aware, but tolerates the common case)
+        const line = raw.replace(/\s+#.*$/, '').trim();
+        const sec = line.match(/^\[mcp_servers\.([^.\]]+)\]$/);
+        if (sec) {
+            cur = { agent: 'codex', name: sec[1], command: '' };
+            out.push(cur);
+            continue;
+        }
+        if (line.startsWith('[')) {
+            cur = null;
+            continue;
+        } // any other section ends the current server
+        if (cur) {
+            const m = line.match(/^command\s*=\s*['"](.*?)['"]\s*$/);
+            if (m)
+                cur.command = m[1];
+        }
+    }
+    return out;
+}
+/** Server names configured for more than one agent (surfaced, not auto-resolved). */
+export function findConflicts(servers) {
+    const byName = new Map();
+    for (const s of servers) {
+        if (!byName.has(s.name))
+            byName.set(s.name, new Set());
+        byName.get(s.name).add(s.agent);
+    }
+    return [...byName.entries()].filter(([, agents]) => agents.size > 1).map(([name]) => name).sort();
+}
+/**
+ * The config patches that would register framein's OWN MCP server into each CLI. Generated
+ * for the user to apply after approval (§6.3) — framein does not write them automatically.
+ */
+export function frameinMcpRegistration(command = 'framein', args = ['mcp', 'serve']) {
+    const json = JSON.stringify({ mcpServers: { framein: { command, args } } }, null, 2);
+    const codex = `[mcp_servers.framein]\ncommand = ${JSON.stringify(command)}\nargs = [${args.map((a) => JSON.stringify(a)).join(', ')}]`;
+    return { claude: json, codex, gemini: json };
+}
+export const FRAMEIN_SKILLS = [
+    { source: 'framein', name: 'adr-flow', description: 'record a decision as an ADR and re-sync all agents' },
+    { source: 'framein', name: 'delegate', description: 'hand a task to another role; it reads the shared store' },
+    { source: 'framein', name: 'cross-review', description: 'ask the reviewer role to audit the current change' },
+];
+/** Parse the `name`/`description` from a SKILL.md YAML-ish frontmatter block. */
+export function parseSkillFrontmatter(md) {
+    const fm = md.match(/^---\r?\n([\s\S]*?)\r?\n---/);
+    if (!fm)
+        return {};
+    const name = fm[1].match(/^name:\s*(.+)$/m)?.[1]?.trim();
+    const description = fm[1].match(/^description:\s*(.+)$/m)?.[1]?.trim();
+    return { name, description };
+}
+// --- best-effort disk layer ---
+function tryParse(path, parse, into) {
+    try {
+        if (existsSync(path))
+            into.push(...parse(readFileSync(path, 'utf8')));
+    }
+    catch { /* ignore malformed/missing */ }
+}
+export function detectMcpFromDisk(opts = {}) {
+    const cwd = opts.cwd ?? process.cwd();
+    const home = opts.home ?? homedir();
+    const servers = [];
+    tryParse(join(cwd, '.mcp.json'), parseClaudeMcpJson, servers);
+    tryParse(join(home, '.codex', 'config.toml'), parseCodexMcpToml, servers);
+    tryParse(join(home, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
+    tryParse(join(cwd, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
+    return servers;
+}
+export function detectSkillsFromDisk(opts = {}) {
+    const cwd = opts.cwd ?? process.cwd();
+    const home = opts.home ?? homedir();
+    const out = [];
+    for (const base of [join(cwd, '.claude', 'skills'), join(home, '.claude', 'skills')]) {
+        try {
+            if (!existsSync(base))
+                continue;
+            for (const entry of readdirSync(base, { withFileTypes: true })) {
+                if (!entry.isDirectory())
+                    continue;
+                const md = join(base, entry.name, 'SKILL.md');
+                if (!existsSync(md))
+                    continue;
+                const { name, description } = parseSkillFrontmatter(readFileSync(md, 'utf8'));
+                out.push({ source: 'claude', name: name ?? entry.name, description: description ?? '' });
+            }
+        }
+        catch { /* ignore */ }
+    }
+    return out;
+}