harnessed 1.0.0

package/dist/cli.mjs

@@ -0,0 +1,4653 @@
+#!/usr/bin/env node
+import { spawnSync, spawn } from 'child_process';
+import { writeFileSync, existsSync, readFileSync, mkdirSync, appendFileSync, readdirSync } from 'fs';
+import { resolve, join, dirname, relative } from 'path';
+import { Type } from '@sinclair/typebox';
+import { Value } from '@sinclair/typebox/value';
+import { LineCounter, parseDocument, parse, isSeq, isScalar } from 'yaml';
+import { homedir } from 'os';
+import { readFile, readdir, unlink, writeFile, stat, rm, access, mkdir, rename } from 'fs/promises';
+import lockfile from 'proper-lockfile';
+import { Command } from 'commander';
+import { Ajv } from 'ajv';
+import * as ajvFormatsNs from 'ajv-formats';
+import { createHash } from 'crypto';
+import { query } from '@anthropic-ai/claude-agent-sdk';
+import * as p from '@clack/prompts';
+import { createPatch } from 'diff';
+import pc from 'picocolors';
+import { stdout, stdin } from 'process';
+import * as readline from 'readline/promises';
+
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/cli/lib/origin-check.ts
+var origin_check_exports = {};
+__export(origin_check_exports, {
+  checkOrigin: () => checkOrigin
+});
+function normalizeUrl(s) {
+  return s.trim().replace(/^(https?:\/\/|git@github\.com:|ssh:\/\/git@github\.com\/)/, "").replace(/\.git$/, "").replace(":", "/").replace(/\/$/, "").toLowerCase();
+}
+function checkOrigin(cwd = process.cwd(), opts = {}) {
+  const allowFork = opts.allowFork ?? true;
+  let expected = null;
+  try {
+    const pkg = JSON.parse(readFileSync(join(cwd, "package.json"), "utf8"));
+    expected = typeof pkg.repository === "string" ? pkg.repository : pkg.repository?.url ?? null;
+  } catch {
+  }
+  if (!expected) {
+    return {
+      status: "warn",
+      detail: "package.json has no repository.url field",
+      fix: "add `repository` field to package.json"
+    };
+  }
+  const r = spawnSync("git", ["config", "--get", "remote.origin.url"], {
+    cwd,
+    encoding: "utf8"
+  });
+  if (r.status !== 0) {
+    return {
+      status: "warn",
+      detail: "no git remote origin (detached / non-clone)",
+      fix: "git remote add origin <expected-url>"
+    };
+  }
+  const actual = r.stdout.trim();
+  if (normalizeUrl(actual) === normalizeUrl(expected)) {
+    return { status: "pass", detail: actual };
+  }
+  return {
+    status: allowFork ? "warn" : "fail",
+    detail: `origin '${actual}' \u2260 expected '${expected}'`,
+    fix: allowFork ? "verify intentional fork; if not, `git remote set-url origin <expected>`" : "origin URL drift \u2014 possible tamper, `git remote set-url origin <expected>` to restore"
+  };
+}
+var init_origin_check = __esm({
+  "src/cli/lib/origin-check.ts"() {
+  }
+});
+
+// src/cli/lib/probe-gstack.ts
+var probe_gstack_exports = {};
+__export(probe_gstack_exports, {
+  probeGstackPrefix: () => probeGstackPrefix
+});
+function probeOne(cmd) {
+  const finder = process.platform === "win32" ? "where" : "which";
+  const r = spawnSync(finder, [cmd], { encoding: "utf8" });
+  return r.status === 0 && (r.stdout?.trim().length ?? 0) > 0;
+}
+function probeGstackPrefix() {
+  const hasGstack = probeOne("gstack-office-hours");
+  const hasBare = probeOne("office-hours");
+  if (hasGstack && !hasBare) {
+    return { status: "pass", prefix: "gstack-", detail: "gstack-office-hours found" };
+  }
+  if (!hasGstack && hasBare) {
+    return { status: "pass", prefix: "", detail: "office-hours found (--no-prefix mode)" };
+  }
+  if (hasGstack && hasBare) {
+    return {
+      status: "fail",
+      detail: "both gstack-office-hours AND office-hours found \u2014 ambiguous",
+      fix: `edit .harnessed/config.json manually: '{"gstack_prefix":"gstack-"}' OR '{"gstack_prefix":""}'`
+    };
+  }
+  return {
+    status: "fail",
+    detail: "neither gstack-office-hours nor office-hours found in PATH",
+    fix: "install gstack: `npm i -g @gstack/cli` (or your preferred install method)"
+  };
+}
+var init_probe_gstack = __esm({
+  "src/cli/lib/probe-gstack.ts"() {
+  }
+});
+
+// src/manifest/lib/path-guard.ts
+function checkPathSafe(input) {
+  for (const re of PATH_TRAVERSAL_PATTERNS) {
+    if (re.test(input)) throw new PathTraversalError();
+  }
+}
+var PATH_TRAVERSAL_PATTERNS, PathTraversalError;
+var init_path_guard = __esm({
+  "src/manifest/lib/path-guard.ts"() {
+    PATH_TRAVERSAL_PATTERNS = [
+      /\.\.\//,
+      // (1) Unix dot-dot-slash: ../../etc/passwd
+      /\.\.\\/,
+      // (2) Windows backslash: ..\windows\system32
+      // biome-ignore lint/suspicious/noControlCharactersInRegex: intentional null-byte injection detection (R10.4 D-03 OWASP A1 vector 3)
+      /\x00/,
+      // (3) Null byte injection: path\x00attack
+      /%2[eE]%2[eE]/,
+      // (4) URL-encoded dot-dot: %2e%2e%2fetc
+      /%25[2][eE]%25[2][eE]/
+      // (5) Double-encoded: %252e%252e%252f
+    ];
+    PathTraversalError = class _PathTraversalError extends Error {
+      constructor() {
+        super("path traversal attempt detected");
+        this.name = "PathTraversalError";
+        Object.setPrototypeOf(this, _PathTraversalError.prototype);
+      }
+    };
+  }
+});
+function branchOnSchemaVersion(v, handlers) {
+  const isKnownV1 = Object.values(SCHEMA_VERSIONS).includes(v);
+  return isKnownV1 ? handlers.v1() : handlers.unknown();
+}
+var SCHEMA_VERSIONS;
+var init_schemaVersion = __esm({
+  "src/types/schemaVersion.ts"() {
+    SCHEMA_VERSIONS = {
+      routingSnapshot: "harnessed.routing-snapshot.v1",
+      handoffDoc: "harnessed.handoff-doc.v1",
+      phasesYaml: "harnessed.phases-yaml.v1",
+      manifestState: "harnessed.manifest-state.v1",
+      installerState: "harnessed.installer-state.v1",
+      routeDecisionLog: "harnessed.route-decision-log.v1",
+      checkpoint: "harnessed.checkpoint.v1",
+      currentWorkflow: "harnessed.current-workflow.v1",
+      // ← Phase 3.1 W1 T1.1 ADD 8th surface (D-02 KARPATHY 3-state)
+      config: "harnessed.config.v1",
+      // ← Phase 3.2 W1 T1.1 ADD 9th surface (D-01 PROBE gstack_prefix store)
+      governance: "harnessed.governance.v1",
+      // ← Phase 3.2 W1 T1.1 ADD 10th surface (D-04 PUSH veto status)
+      planFeature: "harnessed.plan-feature.v1",
+      // ← Phase 3.3 W0 T0.5 BACKFILL 11th surface (sister Phase 3.2 W2 T2.2 b875e21 commit msg claim "11th surface" was LATENT STALE — never registered; T0.5 surgical fix per sister Phase 3.2 W2 T2.6 latent W1 c37ee29 Rule 1 pattern)
+      aliases: "harnessed.aliases.v1",
+      // ← Phase 3.3 W1 T1.1 ADD 12th surface (D-01 RICH manifests/aliases.yaml upstream rename redirect + metadata)
+      knownGood: "harnessed.known-good.v1"
+      // ← Phase 3.3 W1 T1.1 ADD 13th surface (D-03 YAML versions/<harnessed-ver>-known-good.yaml per-version lock)
+    };
+    Type.Union([
+      Type.Literal(SCHEMA_VERSIONS.routingSnapshot),
+      Type.Literal(SCHEMA_VERSIONS.handoffDoc),
+      Type.Literal(SCHEMA_VERSIONS.phasesYaml),
+      Type.Literal(SCHEMA_VERSIONS.manifestState),
+      Type.Literal(SCHEMA_VERSIONS.installerState),
+      Type.Literal(SCHEMA_VERSIONS.routeDecisionLog),
+      Type.Literal(SCHEMA_VERSIONS.checkpoint),
+      Type.Literal(SCHEMA_VERSIONS.currentWorkflow),
+      // ← Phase 3.1 W1 T1.1 ADD 8th surface
+      Type.Literal(SCHEMA_VERSIONS.config),
+      // ← Phase 3.2 W1 T1.1 ADD 9th surface
+      Type.Literal(SCHEMA_VERSIONS.governance),
+      // ← Phase 3.2 W1 T1.1 ADD 10th surface
+      Type.Literal(SCHEMA_VERSIONS.planFeature),
+      // ← Phase 3.3 W0 T0.5 BACKFILL 11th surface
+      Type.Literal(SCHEMA_VERSIONS.aliases),
+      // ← Phase 3.3 W1 T1.1 ADD 12th surface
+      Type.Literal(SCHEMA_VERSIONS.knownGood)
+      // ← Phase 3.3 W1 T1.1 ADD 13th surface
+    ]);
+  }
+});
+var AliasEntryV1, AliasesV1;
+var init_aliases_v1 = __esm({
+  "src/manifest/schema/aliases.v1.ts"() {
+    init_schemaVersion();
+    AliasEntryV1 = Type.Object(
+      {
+        redirect: Type.String({ minLength: 1 }),
+        reason: Type.String({ minLength: 1, maxLength: 500 }),
+        // DOS cap sister governance.ts
+        since_version: Type.String({ pattern: "^\\d+\\.\\d+\\.\\d+$" }),
+        // semver strict
+        deprecation_date: Type.String({ pattern: "^\\d{4}-\\d{2}-\\d{2}$" }),
+        // ISO-date Phase 3.2 W2 Rule 1
+        removal_date: Type.Optional(Type.String({ pattern: "^\\d{4}-\\d{2}-\\d{2}$" }))
+        // optional long-tail window
+      },
+      { additionalProperties: false }
+    );
+    AliasesV1 = Type.Object(
+      {
+        schemaVersion: Type.Literal(SCHEMA_VERSIONS.aliases),
+        // 'harnessed.aliases.v1'
+        aliases: Type.Record(Type.String({ minLength: 1 }), AliasEntryV1)
+      },
+      { additionalProperties: false }
+    );
+  }
+});
+
+// src/manifest/aliases.ts
+var aliases_exports = {};
+__export(aliases_exports, {
+  listDeprecations: () => listDeprecations,
+  loadAliases: () => loadAliases,
+  resolveAlias: () => resolveAlias
+});
+function loadAliases() {
+  if (_cached) return _cached;
+  if (!existsSync(ALIASES_PATH)) return null;
+  const raw = readFileSync(ALIASES_PATH, "utf8");
+  const parsed = parse(raw);
+  if (!Value.Check(AliasesV1, parsed)) {
+    const errs = [...Value.Errors(AliasesV1, parsed)].slice(0, 3);
+    throw new Error(
+      `aliases.yaml schema invalid: ${errs.map((e) => `${e.path} ${e.message}`).join("; ")}`
+    );
+  }
+  _cached = parsed;
+  return parsed;
+}
+function resolveAlias(name) {
+  checkPathSafe(name);
+  return loadAliases()?.aliases?.[name]?.redirect ?? null;
+}
+function listDeprecations() {
+  const a = loadAliases();
+  return a ? Object.entries(a.aliases).map(([old, entry]) => ({ old, entry })) : [];
+}
+var ALIASES_PATH, _cached;
+var init_aliases = __esm({
+  "src/manifest/aliases.ts"() {
+    init_path_guard();
+    init_aliases_v1();
+    ALIASES_PATH = join(process.cwd(), "manifests", "aliases.yaml");
+    _cached = null;
+  }
+});
+
+// src/cli/lib/check-deprecations.ts
+var check_deprecations_exports = {};
+__export(check_deprecations_exports, {
+  checkDeprecations: () => checkDeprecations
+});
+function checkDeprecations() {
+  try {
+    const deprecations = listDeprecations();
+    if (deprecations.length === 0) {
+      return { name: "deprecated manifests", status: "pass", message: "no deprecated manifests" };
+    }
+    const lines = deprecations.map(({ old, entry }) => {
+      const removal = entry.removal_date ? `, removes ${entry.removal_date}` : "";
+      return `  '${old}' \u2192 '${entry.redirect}' (since ${entry.since_version}, ${entry.deprecation_date}${removal}; ${entry.reason})`;
+    });
+    return {
+      name: "deprecated manifests",
+      status: "warn",
+      message: `${deprecations.length} deprecated manifest(s):
+${lines.join("\n")}`,
+      fix: "install paths auto-redirect; consider migrating manifest references to new names"
+    };
+  } catch (e) {
+    return {
+      name: "deprecated manifests",
+      status: "fail",
+      message: `aliases.yaml load error: ${e.message}`,
+      fix: "verify manifests/aliases.yaml schema (see docs/PROJECT-SPEC.md)"
+    };
+  }
+}
+var init_check_deprecations = __esm({
+  "src/cli/lib/check-deprecations.ts"() {
+    init_aliases();
+  }
+});
+var CheckpointStatus, CheckpointV1;
+var init_checkpoint_v1 = __esm({
+  "src/checkpoint/schema/checkpoint.v1.ts"() {
+    init_schemaVersion();
+    CheckpointStatus = Type.Union([
+      Type.Literal("active"),
+      Type.Literal("paused"),
+      Type.Literal("complete")
+    ]);
+    CheckpointV1 = Type.Object(
+      {
+        schemaVersion: Type.Literal(SCHEMA_VERSIONS.checkpoint),
+        phase: Type.String({ minLength: 1 }),
+        status: CheckpointStatus,
+        last_task: Type.String(),
+        key_decisions: Type.Array(Type.String()),
+        canonical_refs: Type.Array(Type.String()),
+        /** D-04 WIRE-IN: optional SDK session_id captured via `sdkSpawn`
+         *  `onSessionId` callback (CD-4 closure-ready) for future `--resume`. */
+        session_id: Type.Optional(Type.String()),
+        /** RESEARCH § 1.3 critical constraint — SDK session resume requires cwd
+         *  match; we capture and validate at restore time. */
+        cwd: Type.String({ minLength: 1 }),
+        timestamp: Type.String({ minLength: 1 }),
+        // ISO-8601 by convention (TypeBox `format` requires Ajv-style format registry; we keep shape-check only — drift caught in writeCheckpoint path)
+        archive_path: Type.String({ minLength: 1 })
+      },
+      { additionalProperties: false }
+    );
+  }
+});
+var WorkflowStatus, CurrentWorkflowV1;
+var init_currentWorkflow_v1 = __esm({
+  "src/checkpoint/schema/currentWorkflow.v1.ts"() {
+    init_schemaVersion();
+    WorkflowStatus = Type.Union([
+      Type.Literal("active"),
+      Type.Literal("paused"),
+      Type.Literal("complete")
+    ]);
+    CurrentWorkflowV1 = Type.Object(
+      {
+        schemaVersion: Type.Literal(SCHEMA_VERSIONS.currentWorkflow),
+        phase: Type.String({ minLength: 1 }),
+        status: WorkflowStatus,
+        last_checkpoint_path: Type.Union([Type.String(), Type.Null()]),
+        // ISO-8601 by convention (TypeBox `format` requires Ajv-style registry; shape-check only here, drift surfaces in state.ts writer).
+        started_at: Type.String({ minLength: 1 }),
+        paused_at: Type.Optional(Type.String({ minLength: 1 })),
+        completed_at: Type.Optional(Type.String({ minLength: 1 }))
+      },
+      { additionalProperties: false }
+    );
+  }
+});
+
+// src/checkpoint/schema/index.ts
+var init_schema = __esm({
+  "src/checkpoint/schema/index.ts"() {
+    init_checkpoint_v1();
+    init_currentWorkflow_v1();
+  }
+});
+function estimateTokens(s) {
+  return Math.ceil(Buffer.byteLength(s, "utf8") / 4);
+}
+function enforceBudget(c, budget = BUDGET_TOKEN) {
+  let candidate = c;
+  let tokens = estimateTokens(JSON.stringify(candidate));
+  if (tokens <= budget) return candidate;
+  candidate = { ...candidate, last_task: candidate.last_task.slice(0, 200) };
+  tokens = estimateTokens(JSON.stringify(candidate));
+  if (tokens <= budget) return candidate;
+  candidate = { ...candidate, key_decisions: candidate.key_decisions.slice(0, 5) };
+  tokens = estimateTokens(JSON.stringify(candidate));
+  if (tokens <= budget) return candidate;
+  throw new CheckpointTooLargeError(
+    `Checkpoint exceeds ${budget}-token budget even after truncation (estimated ${tokens})`
+  );
+}
+function writeCheckpoint(c, customPath) {
+  if (!Value.Check(CheckpointV1, c)) {
+    const errs = [...Value.Errors(CheckpointV1, c)].map((e) => e.message).join("; ");
+    throw new CheckpointWriteError(`Schema validation failed: ${errs}`);
+  }
+  const enforced = enforceBudget(c);
+  const path = `.harnessed/checkpoints/${enforced.phase}.json`;
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, JSON.stringify(enforced, null, 2), "utf8");
+  return path;
+}
+var BUDGET_TOKEN, CheckpointTooLargeError, CheckpointWriteError;
+var init_template = __esm({
+  "src/checkpoint/template.ts"() {
+    init_schema();
+    BUDGET_TOKEN = 1e3;
+    CheckpointTooLargeError = class extends Error {
+      constructor(message) {
+        super(message);
+        this.name = "CheckpointTooLargeError";
+      }
+    };
+    CheckpointWriteError = class extends Error {
+      constructor(message) {
+        super(message);
+        this.name = "CheckpointWriteError";
+      }
+    };
+  }
+});
+
+// src/cli/lib/check-token-budget.ts
+var check_token_budget_exports = {};
+__export(check_token_budget_exports, {
+  checkTokenBudget: () => checkTokenBudget
+});
+function scanSkillsDir(root) {
+  if (!existsSync(root)) return [];
+  return readdirSync(root).flatMap((name) => {
+    const md = join(root, name, "SKILL.md");
+    if (!existsSync(md)) return [];
+    const fm = readFileSync(md, "utf8").match(/^---\n([\s\S]*?)\n---/)?.[1] ?? "";
+    const desc = fm.match(/^description:\s*(.+)$/m)?.[1] ?? "";
+    return [{ name, tokens: estimateTokens(desc) }];
+  });
+}
+function checkTokenBudget() {
+  const roots = [join(homedir(), ".claude", "skills"), join(process.cwd(), "skills")];
+  const items = roots.flatMap(scanSkillsDir);
+  const total = items.reduce((s, i) => s + i.tokens, 0);
+  const over = items.filter((i) => i.tokens > PER_SKILL_THRESHOLD).length;
+  if (total <= TOTAL_THRESHOLD && over === 0) {
+    const msg = `${items.length} skill(s) total ${total} tokens (under 1% / 2000 threshold)`;
+    return { name: "token budget", status: "pass", message: msg };
+  }
+  const top = [...items].sort((a, b) => b.tokens - a.tokens).slice(0, 3).map((t) => `${t.name}:${t.tokens}`).join(", ");
+  const pct = (total / CONTEXT_WINDOW_TOKENS * 100).toFixed(2);
+  const message = `${items.length} skill(s) total ${total} tokens (${pct}% of 200000) \u2014 top: ${top}`;
+  return {
+    name: "token budget",
+    status: "warn",
+    message,
+    fix: "shorten verbose skill descriptions OR review per-skill > 5000 tokens"
+  };
+}
+var CONTEXT_WINDOW_TOKENS, TOTAL_THRESHOLD, PER_SKILL_THRESHOLD;
+var init_check_token_budget = __esm({
+  "src/cli/lib/check-token-budget.ts"() {
+    init_template();
+    CONTEXT_WINDOW_TOKENS = 2e5;
+    TOTAL_THRESHOLD = 2e3;
+    PER_SKILL_THRESHOLD = 5e3;
+  }
+});
+async function withLock(fn) {
+  let release;
+  try {
+    release = await lockfile.lock(LOCK_TARGET, LOCK_OPTS);
+  } catch (e) {
+    if (e.code === "ELOCKED") throw new LockHeldError();
+    throw e;
+  }
+  try {
+    return await fn();
+  } finally {
+    await release?.();
+  }
+}
+async function readCurrentWorkflow() {
+  let raw;
+  try {
+    raw = await readFile(STATE_PATH, "utf8");
+  } catch {
+    return null;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return null;
+  }
+  const v = parsed.schemaVersion ?? "";
+  return branchOnSchemaVersion(v, {
+    v1: () => Value.Check(CurrentWorkflowV1, parsed) ? parsed : null,
+    unknown: () => null
+  });
+}
+async function writeCurrentWorkflow(s) {
+  if (!Value.Check(CurrentWorkflowV1, s)) {
+    const errs = [...Value.Errors(CurrentWorkflowV1, s)].map((e) => e.message).join("; ");
+    throw new WorkflowStateError(`current-workflow schema validation failed: ${errs}`);
+  }
+  await mkdir(dirname(STATE_PATH), { recursive: true });
+  await withLock(async () => {
+    await writeFile(STATE_PATH, JSON.stringify(s, null, 2), "utf8");
+  });
+}
+async function activate(phase, checkpointPath = null) {
+  await writeCurrentWorkflow({
+    schemaVersion: SCHEMA_VERSIONS.currentWorkflow,
+    phase,
+    status: "active",
+    last_checkpoint_path: checkpointPath,
+    started_at: (/* @__PURE__ */ new Date()).toISOString()
+  });
+}
+async function complete() {
+  const s = await readCurrentWorkflow();
+  if (!s) return;
+  await writeCurrentWorkflow({ ...s, status: "complete", completed_at: (/* @__PURE__ */ new Date()).toISOString() });
+}
+var STATE_PATH, LOCK_TARGET, LOCK_OPTS, WorkflowStateError, LockHeldError;
+var init_state = __esm({
+  "src/checkpoint/state.ts"() {
+    init_schemaVersion();
+    init_schema();
+    STATE_PATH = ".harnessed/current-workflow.json";
+    LOCK_TARGET = ".harnessed";
+    LOCK_OPTS = {
+      stale: 1e4,
+      retries: { retries: 3, factor: 2, minTimeout: 100 },
+      lockfilePath: ".harnessed/.lock"
+    };
+    WorkflowStateError = class extends Error {
+      constructor(message) {
+        super(message);
+        this.name = "WorkflowStateError";
+      }
+    };
+    LockHeldError = class _LockHeldError extends Error {
+      constructor() {
+        super(
+          "another harnessed process holds the lock at .harnessed/.lock \u2014 wait or kill stale process (try: harnessed status)"
+        );
+        this.name = "LockHeldError";
+        Object.setPrototypeOf(this, _LockHeldError.prototype);
+      }
+    };
+  }
+});
+var PinnedUpstream, KnownGoodV1;
+var init_known_good_v1 = __esm({
+  "src/manifest/schema/known-good.v1.ts"() {
+    init_schemaVersion();
+    PinnedUpstream = Type.Object(
+      {
+        name: Type.String({ minLength: 1 }),
+        version: Type.String({ minLength: 1 }),
+        install_method: Type.String({ minLength: 1 })
+        // npm-cli / mcp-stdio-add / etc per Phase 2.X
+      },
+      { additionalProperties: false }
+    );
+    KnownGoodV1 = Type.Object(
+      {
+        schemaVersion: Type.Literal(SCHEMA_VERSIONS.knownGood),
+        // 'harnessed.known-good.v1'
+        harnessed_version: Type.String({ pattern: "^\\d+\\.\\d+\\.\\d+$" }),
+        // semver strict
+        e2e_verified_at: Type.String({ pattern: "^\\d{4}-\\d{2}-\\d{2}$" }),
+        // ISO date pattern
+        upstreams: Type.Array(PinnedUpstream)
+      },
+      { additionalProperties: false }
+    );
+  }
+});
+
+// src/manifest/knownGood.ts
+var knownGood_exports = {};
+__export(knownGood_exports, {
+  getPinnedVersion: () => getPinnedVersion,
+  loadKnownGood: () => loadKnownGood
+});
+function loadKnownGood(harnessedVer) {
+  if (_cache.has(harnessedVer)) return _cache.get(harnessedVer) ?? null;
+  const path = join(versionsDir(), `${harnessedVer}-known-good.yaml`);
+  if (!existsSync(path)) {
+    _cache.set(harnessedVer, null);
+    return null;
+  }
+  const raw = readFileSync(path, "utf8");
+  const parsed = parse(raw);
+  if (!Value.Check(KnownGoodV1, parsed)) {
+    const errs = [...Value.Errors(KnownGoodV1, parsed)].slice(0, 3);
+    throw new Error(
+      `${path} schema invalid: ${errs.map((e) => `${e.path} ${e.message}`).join("; ")}`
+    );
+  }
+  _cache.set(harnessedVer, parsed);
+  return parsed;
+}
+function getPinnedVersion(upstreamName, harnessedVer) {
+  const kg = loadKnownGood(harnessedVer);
+  if (!kg) return null;
+  const entry = kg.upstreams.find((u) => u.name === upstreamName);
+  return entry?.version ?? null;
+}
+var versionsDir, _cache;
+var init_knownGood = __esm({
+  "src/manifest/knownGood.ts"() {
+    init_known_good_v1();
+    versionsDir = () => join(process.cwd(), "versions");
+    _cache = /* @__PURE__ */ new Map();
+  }
+});
+
+// src/checkpoint/resume.ts
+var resume_exports = {};
+__export(resume_exports, {
+  runResume: () => runResume
+});
+async function runResume() {
+  const current = await readCurrentWorkflow();
+  if (!current) {
+    return { status: "no-paused-phase", error: "no .harnessed/current-workflow.json found" };
+  }
+  if (current.status !== "paused") {
+    return {
+      status: "no-paused-phase",
+      error: `workflow status is '${current.status}', not 'paused'`
+    };
+  }
+  if (!current.last_checkpoint_path) {
+    return { status: "corrupt", error: "last_checkpoint_path missing", path: "" };
+  }
+  const path = current.last_checkpoint_path;
+  let raw;
+  try {
+    raw = await readFile(path, "utf8");
+  } catch (e) {
+    return { status: "corrupt", error: `checkpoint missing: ${e.message}`, path };
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (e) {
+    return {
+      status: "corrupt",
+      error: `checkpoint JSON parse failed: ${e.message}`,
+      path
+    };
+  }
+  const v = parsed.schemaVersion ?? "";
+  const validated = branchOnSchemaVersion(v, {
+    v1: () => Value.Check(CheckpointV1, parsed) ? parsed : null,
+    unknown: () => null
+  });
+  if (!validated) {
+    const errs = [...Value.Errors(CheckpointV1, parsed)].map((e) => e.message).join("; ");
+    return { status: "corrupt", error: `checkpoint schema validation failed: ${errs}`, path };
+  }
+  const cwd = process.cwd();
+  const cwdWarn = validated.cwd !== cwd ? `\u26A0 checkpoint cwd '${validated.cwd}' \u2260 current cwd '${cwd}' \u2014 SDK session resume may fail (\xA7 1.3); fresh-session fallback` : void 0;
+  const sidHint = validated.session_id ? ` (session_id: ${validated.session_id} \u2014 SDK will redirect to original session)` : " (fresh session \u2014 context reloaded from checkpoint)";
+  const resumeHint = `\u2192 in Claude Code: /gsd-execute-phase ${validated.phase}${sidHint}`;
+  return { status: "ok", checkpoint: validated, ...cwdWarn ? { cwdWarn } : {}, resumeHint };
+}
+var init_resume = __esm({
+  "src/checkpoint/resume.ts"() {
+    init_schemaVersion();
+    init_schema();
+    init_state();
+  }
+});
+
+// package.json
+var package_default = {
+  version: "1.0.0"};
+
+// src/manifest/errors.ts
+function instancePathToKeyPath(instancePath) {
+  if (!instancePath || instancePath === "/") return [];
+  return instancePath.split("/").filter(Boolean).map((seg) => {
+    const n = Number(seg);
+    return Number.isInteger(n) && String(n) === seg ? n : seg;
+  });
+}
+function locateLineFromDoc(doc, lineCounter, instancePath) {
+  const path = instancePathToKeyPath(instancePath);
+  let node;
+  if (path.length === 0) {
+    node = doc.contents;
+  } else {
+    node = doc.getIn(path, true);
+  }
+  if (!node || typeof node !== "object") return { line: null, column: null };
+  const range = node.range;
+  if (!range) return { line: null, column: null };
+  const offset = range[0];
+  const pos = lineCounter.linePos(offset);
+  return { line: pos.line, column: pos.col };
+}
+function ajvErrorToFriendly(err2, file, doc, lineCounter) {
+  let path = err2.instancePath || "/";
+  const params = err2.params;
+  if (err2.keyword === "additionalProperties" && params && typeof params.additionalProperty === "string") {
+    path = `${path}/${params.additionalProperty}`;
+  } else if (err2.keyword === "required" && params && typeof params.missingProperty === "string") {
+    path = `${path}/${params.missingProperty}`;
+  }
+  let line = null;
+  let column = null;
+  if (doc && lineCounter) {
+    const lookupPath = err2.keyword === "required" ? err2.instancePath || "/" : path;
+    const loc = locateLineFromDoc(doc, lineCounter, lookupPath);
+    line = loc.line;
+    column = loc.column;
+  }
+  return {
+    file,
+    path,
+    message: err2.message ?? "unknown error",
+    line,
+    column,
+    keyword: err2.keyword
+  };
+}
+function yamlParseErrorToFriendly(err2, file) {
+  return {
+    file,
+    path: "/",
+    message: err2.message,
+    line: err2.linePos?.[0]?.line ?? null,
+    column: err2.linePos?.[0]?.col ?? null,
+    keyword: "yaml-parse"
+  };
+}
+var ApiVersion = Type.Literal("harnessed/v1");
+var Kind = Type.Literal("Manifest");
+var SpdxLicense = Type.Union([
+  Type.Literal("MIT"),
+  Type.Literal("Apache-2.0"),
+  Type.Literal("BSD-3-Clause"),
+  Type.Literal("ISC"),
+  Type.Literal("0BSD"),
+  Type.Literal("MIT-0"),
+  Type.Literal("anthropics-official")
+]);
+var LicenseSource = Type.Union([
+  Type.Literal("README"),
+  Type.Literal("registry"),
+  Type.Literal("none"),
+  Type.Literal("anthropics-official")
+]);
+var Upstream = Type.Object(
+  {
+    source: Type.String({ minLength: 1 }),
+    homepage: Type.String({ format: "uri" }),
+    repository: Type.String({ format: "uri" }),
+    license: SpdxLicense,
+    license_source: Type.Optional(LicenseSource),
+    notice: Type.String({ minLength: 1, maxLength: 500 })
+  },
+  { additionalProperties: false }
+);
+var MetadataSchema = Type.Object(
+  {
+    name: Type.String({ pattern: "^[a-z0-9][a-z0-9-]*$", minLength: 1 }),
+    display_name: Type.Optional(Type.String()),
+    description: Type.String({ minLength: 1, maxLength: 120 }),
+    upstream: Upstream
+  },
+  { additionalProperties: false }
+);
+var HookEvent = Type.Union([
+  Type.Literal("SessionStart"),
+  Type.Literal("UserPromptSubmit"),
+  Type.Literal("PreToolUse"),
+  Type.Literal("PostToolUse")
+]);
+var CcHookAdd = Type.Object(
+  {
+    method: Type.Literal("cc-hook-add"),
+    cmd: Type.String({ minLength: 1 }),
+    // audit-trail (the bash invocation registered)
+    // cwd/env required by lib/spawn.ts discriminated-union access (sister 6 method
+    // shape parity — even though cc-hook-add does not spawn, generic spawn helper
+    // expects these fields on the install union).
+    cwd: Type.Optional(Type.String()),
+    env: Type.Optional(Type.Record(Type.String(), Type.String())),
+    hook_event: HookEvent,
+    hook_matcher: Type.Optional(Type.String()),
+    hook_command: Type.String({ minLength: 1 }),
+    idempotent_check: Type.String({ minLength: 1 })
+  },
+  { additionalProperties: false }
+);
+var GIT_REF_PATTERN = "^([a-f0-9]{7,40}|v?\\d+\\.\\d+\\.\\d+([.-][\\w.-]+)?)$";
+var REPO_PATTERN = "^[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+$";
+var CcPluginMarketplace = Type.Object(
+  {
+    method: Type.Literal("cc-plugin-marketplace"),
+    cmd: Type.String({ minLength: 1 }),
+    cwd: Type.Optional(Type.String()),
+    env: Type.Optional(Type.Record(Type.String(), Type.String())),
+    args: Type.Optional(Type.Record(Type.String(), Type.Unknown())),
+    git_ref: Type.String({ minLength: 1, pattern: GIT_REF_PATTERN }),
+    idempotent_check: Type.String({ minLength: 1 }),
+    // ADR 0005 — third-party marketplace structured metadata (optional).
+    marketplace_source: Type.Optional(
+      Type.Object(
+        {
+          source: Type.Literal("github"),
+          repo: Type.String({ pattern: REPO_PATTERN, minLength: 3 })
+        },
+        { additionalProperties: false }
+      )
+    )
+  },
+  { additionalProperties: false }
+);
+var GIT_REF_PATTERN2 = "^([a-f0-9]{7,40}|v?\\d+\\.\\d+\\.\\d+([.-][\\w.-]+)?)$";
+var GitCloneWithSetup = Type.Object(
+  {
+    method: Type.Literal("git-clone-with-setup"),
+    cmd: Type.String({ minLength: 1 }),
+    cwd: Type.Optional(Type.String()),
+    env: Type.Optional(Type.Record(Type.String(), Type.String())),
+    args: Type.Optional(Type.Record(Type.String(), Type.Unknown())),
+    git_ref: Type.String({ minLength: 1, pattern: GIT_REF_PATTERN2 }),
+    idempotent_check: Type.String({ minLength: 1 })
+  },
+  { additionalProperties: false }
+);
+var McpHttpAdd = Type.Object(
+  {
+    method: Type.Literal("mcp-http-add"),
+    cmd: Type.String({ minLength: 1 }),
+    cwd: Type.Optional(Type.String()),
+    env: Type.Optional(Type.Record(Type.String(), Type.String())),
+    args: Type.Optional(Type.Record(Type.String(), Type.Unknown())),
+    npm_version: Type.String({ minLength: 1 }),
+    idempotent_check: Type.String({ minLength: 1 })
+  },
+  { additionalProperties: false }
+);
+var McpStdioAdd = Type.Object(
+  {
+    method: Type.Literal("mcp-stdio-add"),
+    cmd: Type.String({ minLength: 1 }),
+    cwd: Type.Optional(Type.String()),
+    env: Type.Optional(Type.Record(Type.String(), Type.String())),
+    args: Type.Optional(Type.Record(Type.String(), Type.Unknown())),
+    npm_version: Type.String({ minLength: 1 }),
+    idempotent_check: Type.String({ minLength: 1 })
+  },
+  { additionalProperties: false }
+);
+var NpmCli = Type.Object(
+  {
+    method: Type.Literal("npm-cli"),
+    cmd: Type.String({ minLength: 1 }),
+    cwd: Type.Optional(Type.String()),
+    env: Type.Optional(Type.Record(Type.String(), Type.String())),
+    args: Type.Optional(Type.Record(Type.String(), Type.Unknown())),
+    npm_version: Type.String({ minLength: 1 }),
+    idempotent_check: Type.String({ minLength: 1 })
+  },
+  { additionalProperties: false }
+);
+var NpxSkillInstaller = Type.Object(
+  {
+    method: Type.Literal("npx-skill-installer"),
+    cmd: Type.String({ minLength: 1 }),
+    cwd: Type.Optional(Type.String()),
+    env: Type.Optional(Type.Record(Type.String(), Type.String())),
+    args: Type.Optional(Type.Record(Type.String(), Type.Unknown())),
+    npm_version: Type.String({ minLength: 1 }),
+    idempotent_check: Type.String({ minLength: 1 })
+  },
+  { additionalProperties: false }
+);
+
+// src/manifest/schema/installMethods/index.ts
+var branches = [
+  CcPluginMarketplace,
+  GitCloneWithSetup,
+  NpxSkillInstaller,
+  NpmCli,
+  McpStdioAdd,
+  McpHttpAdd,
+  CcHookAdd
+];
+var InstallSchema = {
+  type: "object",
+  discriminator: { propertyName: "method" },
+  required: ["method"],
+  properties: {
+    method: { type: "string" }
+  },
+  oneOf: branches
+};
+Type.Union([...branches]);
+
+// src/manifest/schema/spec.ts
+var TypeEnum = Type.Union([
+  Type.Literal("cc-plugin"),
+  Type.Literal("cc-skill-pack"),
+  Type.Literal("mcp-npm"),
+  Type.Literal("cli-npm"),
+  // Phase 2.4 W3 T3.1 (D-04 § 3.1 + R2.4.4 + B-22) — 5th type, 1:1 with install_type:'hook'.
+  // Lifecycle hooks registered to ~/.claude/settings.json (SessionStart / UserPromptSubmit /
+  // PreToolUse / PostToolUse) via the cc-hook-add install method.
+  Type.Literal("cc-hook")
+]);
+var ComponentType = Type.Union([
+  Type.Literal("command"),
+  Type.Literal("behavior-rule"),
+  Type.Literal("mcp-tool"),
+  Type.Literal("cli-binary")
+]);
+var Verify = Type.Object(
+  {
+    cmd: Type.String({ minLength: 1 }),
+    timeout_ms: Type.Optional(Type.Integer({ minimum: 100, maximum: 6e4 })),
+    expected_exit_code: Type.Optional(Type.Integer())
+  },
+  { additionalProperties: false }
+);
+var Uninstall = Type.Object(
+  {
+    cmd: Type.String({ minLength: 1 }),
+    cleanup_paths: Type.Optional(Type.Array(Type.String()))
+  },
+  { additionalProperties: false }
+);
+var Stability = Type.Union([
+  Type.Literal("stable"),
+  Type.Literal("beta"),
+  Type.Literal("unstable"),
+  Type.Literal("archived")
+]);
+var FallbackAction = Type.Union([
+  Type.Literal("warn"),
+  Type.Literal("block"),
+  Type.Literal("use_alternative")
+]);
+var UpstreamHealth = Type.Object(
+  {
+    stability: Stability,
+    last_check: Type.String({ format: "date" }),
+    last_known_good_version: Type.String({ minLength: 1 }),
+    fallback_action: FallbackAction,
+    alternative: Type.Optional(Type.String())
+  },
+  { additionalProperties: false }
+);
+var Platform = Type.Union([Type.Literal("linux"), Type.Literal("darwin"), Type.Literal("win32")]);
+var Signature = Type.Object(
+  { sigstore_bundle: Type.String({ format: "uri" }) },
+  { additionalProperties: false }
+);
+var TestedWithVersions = Type.Object(
+  {
+    cc_versions: Type.Optional(Type.Array(Type.String())),
+    node_versions: Type.Optional(Type.Array(Type.String()))
+  },
+  { additionalProperties: false }
+);
+var Category = Type.Union([
+  Type.Literal("meta"),
+  Type.Literal("engineering"),
+  Type.Literal("design"),
+  Type.Literal("content"),
+  Type.Literal("testing"),
+  Type.Literal("search")
+]);
+var InstallType = Type.Union([
+  Type.Literal("skill"),
+  Type.Literal("mcp"),
+  Type.Literal("npm"),
+  Type.Literal("git"),
+  // Phase 2.4 W3 T3.1 (D-04 § 3.1 + R2.4.4 + B-22) — 5th install_type, 1:1 with TypeEnum:'cc-hook'.
+  Type.Literal("hook")
+]);
+var DecisionRules = Type.Object(
+  {
+    trigger: Type.Optional(Type.String({ minLength: 1 })),
+    default_expert: Type.Optional(Type.String({ minLength: 1 })),
+    arbitration_rule: Type.Optional(Type.String({ minLength: 1 })),
+    override_signals: Type.Optional(
+      Type.Array(
+        Type.Object(
+          {
+            phrase: Type.String({ minLength: 1 }),
+            use: Type.String({ minLength: 1 })
+          },
+          { additionalProperties: false }
+        )
+      )
+    ),
+    // Phase 2.3 W2 T2.5 — CD-3 negative-space hint mirror (B-17 per-manifest hint
+    // redundant guard layer; SSOT remains routing/decision_rules.yaml — D-04 lead).
+    // Additive optional; existing manifests unchanged (A7 守恒).
+    do_not_use_when: Type.Optional(Type.Array(Type.String({ minLength: 1 }), { minItems: 1 })),
+    if_rejected_use: Type.Optional(Type.String({ minLength: 1 }))
+  },
+  { additionalProperties: false }
+);
+var Phase = Type.Union([
+  Type.Literal("discuss"),
+  Type.Literal("plan"),
+  Type.Literal("execute"),
+  Type.Literal("verify")
+]);
+var Triggers = Type.Object(
+  {
+    complexity_threshold: Type.Optional(Type.Integer({ minimum: 1 })),
+    tdd_required: Type.Optional(Type.Boolean()),
+    brainstorming_required: Type.Optional(Type.Boolean())
+  },
+  { additionalProperties: false }
+);
+var ProvidedUnit = Type.Object(
+  {
+    id: Type.String({ minLength: 1 }),
+    // routing-addressable, <org>-<repo>-<unit>
+    component_type: ComponentType
+    // reuse existing union
+  },
+  { additionalProperties: false }
+);
+var SpecSchema = Type.Object(
+  {
+    type: TypeEnum,
+    component_type: ComponentType,
+    install: Type.Unsafe(InstallSchema),
+    verify: Verify,
+    uninstall: Uninstall,
+    upstream_health: UpstreamHealth,
+    signed_by: Type.String({ pattern: "^[a-zA-Z0-9-]+$", minLength: 1 }),
+    signature: Type.Optional(Signature),
+    platforms: Type.Array(Platform, { minItems: 1, uniqueItems: true }),
+    tested_with_versions: Type.Optional(TestedWithVersions),
+    mutually_exclusive_with: Type.Optional(Type.Array(Type.String())),
+    category: Category,
+    install_type: InstallType,
+    decision_rules: Type.Optional(DecisionRules),
+    // ADR 0009 errata (phase 1.5 T5.5) — mattpocock phase routing schema.
+    phase: Type.Optional(Phase),
+    triggers: Type.Optional(Triggers),
+    // ADR 0010 errata (phase 2.1 T1.3) — bundle-install `provides` field.
+    provides: Type.Optional(Type.Array(ProvidedUnit, { minItems: 2, uniqueItems: true }))
+  },
+  { additionalProperties: false }
+);
+
+// src/manifest/schema/index.ts
+var ManifestBase = Type.Object(
+  {
+    apiVersion: ApiVersion,
+    kind: Kind,
+    metadata: MetadataSchema,
+    spec: SpecSchema
+  },
+  { additionalProperties: false }
+);
+var matrix = {
+  "cc-plugin": ["cc-plugin-marketplace"],
+  "cc-skill-pack": ["cc-plugin-marketplace", "git-clone-with-setup", "npx-skill-installer"],
+  "mcp-npm": ["mcp-stdio-add", "mcp-http-add"],
+  "cli-npm": ["npm-cli"]
+};
+var matrixConstraints = Object.entries(matrix).map(([typeValue, allowedMethods]) => ({
+  if: {
+    type: "object",
+    properties: {
+      spec: {
+        type: "object",
+        properties: { type: { const: typeValue } },
+        required: ["type"]
+      }
+    },
+    required: ["spec"]
+  },
+  // biome-ignore lint/suspicious/noThenProperty: JSON Schema `then` keyword (conditional schemas), not a thenable.
+  then: {
+    type: "object",
+    properties: {
+      spec: {
+        type: "object",
+        properties: {
+          install: {
+            type: "object",
+            properties: { method: { enum: allowedMethods } },
+            required: ["method"]
+          }
+        },
+        required: ["install"]
+      }
+    },
+    required: ["spec"]
+  }
+}));
+var ManifestSchema = {
+  ...ManifestBase,
+  $id: "https://harnessed.dev/schemas/manifest.v1.schema.json",
+  title: "harnessed Manifest v1",
+  description: "Per ADR 0001. Strict mode (additionalProperties: false everywhere).",
+  allOf: matrixConstraints
+};
+var PATTERNS = [
+  {
+    label: "$(...)",
+    hint: "POSIX command substitution",
+    test: (s) => /\$\(/.test(s)
+  },
+  {
+    // biome-ignore lint/suspicious/noTemplateCurlyInString: literal pattern label, not a JS template
+    label: "${...}",
+    // biome-ignore lint/suspicious/noTemplateCurlyInString: literal example in user-facing message
+    hint: "variable expansion (v0.2 will whitelist `${secret:KEY}`)",
+    test: (s) => /\$\{/.test(s)
+  },
+  {
+    label: "backtick",
+    hint: "old-style command substitution",
+    test: (s) => /`/.test(s)
+  }
+];
+function lineOf(node, lineCounter) {
+  if (!node?.range) return null;
+  const offset = node.range[0];
+  return lineCounter.linePos(offset).line;
+}
+function checkCmdString(cmd) {
+  for (const pat of PATTERNS) {
+    if (pat.test(cmd)) return { label: pat.label, hint: pat.hint };
+  }
+  return null;
+}
+function checkScalarCmd(doc, lineCounter, path, filename) {
+  const node = doc.getIn(path, true);
+  if (!node || !isScalar(node)) return null;
+  const value = node.value;
+  if (typeof value !== "string") return null;
+  for (const pat of PATTERNS) {
+    if (pat.test(value)) {
+      return {
+        file: filename,
+        path: `/${path.join("/")}`,
+        message: `shell escape detected: '${pat.label}' (${pat.hint}) at ${path.join(".")} \u2014 v0.1 forbids dynamic shell evaluation; v0.2 will use \`requires_secret\` + \`\${secret:KEY}\` for env placeholders`,
+        line: lineOf(node, lineCounter),
+        column: null,
+        keyword: "security"
+      };
+    }
+  }
+  return null;
+}
+function checkSecurityViolations(doc, filename, lineCounter) {
+  const errors = [];
+  const cmdPaths = [
+    ["spec", "install", "cmd"],
+    ["spec", "verify", "cmd"],
+    ["spec", "uninstall", "cmd"]
+  ];
+  for (const p4 of cmdPaths) {
+    const err2 = checkScalarCmd(doc, lineCounter, p4, filename);
+    if (err2) errors.push(err2);
+  }
+  const cleanupNode = doc.getIn(["spec", "uninstall", "cleanup_paths"], true);
+  if (cleanupNode && isSeq(cleanupNode)) {
+    cleanupNode.items.forEach((item, idx) => {
+      if (!isScalar(item)) return;
+      const value = item.value;
+      if (typeof value !== "string") return;
+      for (const pat of PATTERNS) {
+        if (pat.test(value)) {
+          errors.push({
+            file: filename,
+            path: `/spec/uninstall/cleanup_paths/${idx}`,
+            message: `shell escape detected: '${pat.label}' (${pat.hint}) at spec.uninstall.cleanup_paths[${idx}] \u2014 v0.1 forbids dynamic shell evaluation`,
+            line: lineOf(item, lineCounter),
+            column: null,
+            keyword: "security"
+          });
+          break;
+        }
+      }
+    });
+  }
+  return errors;
+}
+
+// src/manifest/validate.ts
+var addFormats = ajvFormatsNs.default;
+var ajv = addFormats(
+  new Ajv({
+    strict: true,
+    strictSchema: true,
+    strictTypes: true,
+    strictRequired: true,
+    allErrors: true,
+    discriminator: true,
+    allowUnionTypes: false
+  })
+);
+var _compiled = null;
+function getValidator() {
+  if (!_compiled) {
+    _compiled = ajv.compile(ManifestSchema);
+  }
+  return _compiled;
+}
+var INSTALL_TYPE_METHODS = {
+  npm: ["npm-cli"],
+  mcp: ["mcp-stdio-add", "mcp-http-add"],
+  git: ["git-clone-with-setup"],
+  skill: ["cc-plugin-marketplace", "npx-skill-installer"]
+};
+function checkInstallTypeMismatch(manifest, filename) {
+  const spec = manifest.spec;
+  const installType = spec.install_type;
+  const method = spec.install?.method;
+  if (!installType || !method) return [];
+  const allowed = INSTALL_TYPE_METHODS[installType];
+  if (!allowed || allowed.includes(method)) return [];
+  return [
+    {
+      file: filename,
+      path: "spec.install.method",
+      message: `install_type '${installType}' is not compatible with install.method '${method}' (ADR 0007 1:N closure \u2014 expected one of: ${allowed.join(", ")})`,
+      line: null,
+      column: null,
+      keyword: "install-type-mismatch"
+    }
+  ];
+}
+function validateManifestFile(yamlSource, filename) {
+  const lineCounter = new LineCounter();
+  const doc = parseDocument(yamlSource, { lineCounter });
+  if (doc.errors.length > 0) {
+    return {
+      ok: false,
+      errors: doc.errors.map((e) => yamlParseErrorToFriendly(e, filename))
+    };
+  }
+  const securityErrors = checkSecurityViolations(doc, filename, lineCounter);
+  if (securityErrors.length > 0) {
+    return { ok: false, errors: securityErrors };
+  }
+  const data = doc.toJS();
+  const validate = getValidator();
+  if (!validate(data)) {
+    const errs = validate.errors ?? [];
+    return {
+      ok: false,
+      errors: errs.map((err2) => ajvErrorToFriendly(err2, filename, doc, lineCounter))
+    };
+  }
+  const manifest = data;
+  const crossFieldErrors = checkInstallTypeMismatch(manifest, filename);
+  if (crossFieldErrors.length > 0) {
+    return { ok: false, errors: crossFieldErrors };
+  }
+  return { ok: true, manifest };
+}
+
+// src/cli/lib/audit-helpers.ts
+init_origin_check();
+var SHELL_EVAL_MARKERS = /\$\(|\$\{|`/;
+var NPM_PKG_RE = /npm(?:\s+install\b|\s+i\b)(?:\s+(?:-g|--global))?\s+(\S+)/;
+var finding = (manifest, level, field, detail) => ({ manifest, level, field, detail });
+function auditOriginIntegrity(cwd) {
+  const r = checkOrigin(cwd, { allowFork: false });
+  if (r.status === "pass") return [];
+  return [
+    finding("project", r.status === "fail" ? "error" : "warn", "/git/remote/origin", r.detail)
+  ];
+}
+function auditInstallCmdIntegrity(m) {
+  const out = [];
+  const cmd = m.spec.install.cmd ?? "";
+  if (SHELL_EVAL_MARKERS.test(cmd)) {
+    out.push(
+      finding(
+        m.metadata.name,
+        "error",
+        "/spec/install/cmd",
+        "install.cmd contains shell-eval marker $(/${/backtick (injection risk)"
+      )
+    );
+  }
+  const upstream = m.metadata.upstream?.repository ?? "";
+  const npmMatch = cmd.match(NPM_PKG_RE);
+  if (npmMatch?.[1] && upstream.includes("github.com/")) {
+    const declared = upstream.split("/").pop()?.replace(".git", "");
+    if (declared && npmMatch[1] !== declared) {
+      out.push(
+        finding(
+          m.metadata.name,
+          "warn",
+          "/spec/install/cmd",
+          `install.cmd npm pkg '${npmMatch[1]}' \u2260 upstream '${declared}'`
+        )
+      );
+    }
+  }
+  return out;
+}
+function auditProvenance() {
+  const r = spawnSync("node", ["scripts/check-provenance.mjs"], { encoding: "utf8" });
+  if (r.status === 0) return [];
+  const detail = (r.stderr || r.stdout || "").trim().slice(0, 200);
+  return [finding("project", "error", "/.harnessed/provenance", detail)];
+}
+
+// src/cli/audit.ts
+var REPO_URL_PATTERN = /^https:\/\/[^\s]+\.git$/;
+var SIGNED_BY_PLACEHOLDERS = /* @__PURE__ */ new Set(["unsigned", "todo", "placeholder", "tbd", "unknown"]);
+var FORBIDDEN_GIT_REFS = /* @__PURE__ */ new Set(["HEAD", "main", "master"]);
+async function auditOne(yamlPath, preReadSrc) {
+  const findings = [];
+  const src = preReadSrc ?? await readFile(yamlPath, "utf8");
+  const v = validateManifestFile(src, yamlPath);
+  if (!v.ok) {
+    return v.errors.map((e) => ({
+      manifest: yamlPath,
+      level: "error",
+      field: e.path,
+      detail: e.message
+    }));
+  }
+  const m = v.manifest;
+  const repo = m.metadata.upstream.repository;
+  if (!REPO_URL_PATTERN.test(repo)) {
+    findings.push({
+      manifest: yamlPath,
+      level: "warn",
+      field: "/metadata/upstream/repository",
+      detail: `repository '${repo}' should be https://...git`
+    });
+  }
+  const sig = m.spec.signed_by;
+  if (SIGNED_BY_PLACEHOLDERS.has(sig.toLowerCase())) {
+    findings.push({
+      manifest: yamlPath,
+      level: "warn",
+      field: "/spec/signed_by",
+      detail: `signed_by '${sig}' looks like a placeholder`
+    });
+  }
+  const install = m.spec.install;
+  if ("git_ref" in install && typeof install.git_ref === "string") {
+    if (FORBIDDEN_GIT_REFS.has(install.git_ref)) {
+      findings.push({
+        manifest: yamlPath,
+        level: "error",
+        field: "/spec/install/git_ref",
+        detail: `git_ref '${install.git_ref}' is a moving ref (HEAD/main/master) \u2014 pin to SHA or tag`
+      });
+    }
+  }
+  return findings;
+}
+function registerAudit(program2) {
+  program2.command("audit").description("Second-line manifest self-consistency audit (manifest + runtime layers)").option(
+    "--skip-runtime",
+    "skip runtime-layer checks (origin tamper / provenance) \u2014 manifest only"
+  ).action(async (opts) => {
+    const root = process.cwd();
+    const dirs = ["manifests/tools", "manifests/skill-packs"];
+    const yamls = [];
+    for (const d of dirs) {
+      try {
+        const entries = await readdir(join(root, d));
+        for (const f of entries) if (f.endsWith(".yaml")) yamls.push(resolve(root, d, f));
+      } catch {
+      }
+    }
+    yamls.sort();
+    const findings = [];
+    const validManifests = [];
+    for (const y of yamls) {
+      const src = await readFile(y, "utf8");
+      const v = validateManifestFile(src, y);
+      if (v.ok) validManifests.push({ path: y, m: v.manifest });
+      findings.push(...await auditOne(y, src));
+    }
+    if (!opts.skipRuntime) {
+      findings.push(...auditOriginIntegrity(root));
+      for (const { m } of validManifests) findings.push(...auditInstallCmdIntegrity(m));
+      findings.push(...auditProvenance());
+    }
+    const byManifest = /* @__PURE__ */ new Map();
+    for (const f of findings) {
+      const arr = byManifest.get(f.manifest) ?? [];
+      arr.push(f);
+      byManifest.set(f.manifest, arr);
+    }
+    let errorCount = 0;
+    for (const y of yamls) {
+      const fs = byManifest.get(y) ?? [];
+      if (fs.length === 0) {
+        console.log(`\u2713 ${y}`);
+      } else {
+        for (const f of fs) {
+          const mark = f.level === "error" ? "\u2717" : "\u26A0";
+          console.log(`${mark} ${y}
+    ${f.field}: ${f.detail}`);
+          if (f.level === "error") errorCount++;
+        }
+      }
+    }
+    for (const [mname, fs] of byManifest) {
+      if (yamls.includes(mname)) continue;
+      for (const f of fs) {
+        const mark = f.level === "error" ? "\u2717" : "\u26A0";
+        console.log(`${mark} [${mname}] ${f.field}: ${f.detail}`);
+        if (f.level === "error") errorCount++;
+      }
+    }
+    console.log(
+      `
+audited ${yamls.length} manifest${yamls.length === 1 ? "" : "s"} \u2014 ${findings.length} finding${findings.length === 1 ? "" : "s"} (${errorCount} error${errorCount === 1 ? "" : "s"})`
+    );
+    process.exit(errorCount > 0 ? 1 : 0);
+  });
+}
+var AUDIT_PATH = ".harnessed/audit.log";
+var REDACT_PATTERNS = [
+  [/api[_-]?key\s*[:=]\s*\S+/gi, "api_key=[REDACTED]"],
+  [/\btoken\s*[:=]\s*\S+/gi, "token=[REDACTED]"],
+  [/\bpassword\s*[:=]\s*\S+/gi, "password=[REDACTED]"],
+  [/Authorization:\s*Bearer\s+\S+/gi, "Authorization: Bearer [REDACTED]"],
+  [/\b(sk-|pk-|gh_|ghp_|ya29\.|AIza)[A-Za-z0-9_\-.]{4,}/g, "[REDACTED]"]
+];
+function redact(s) {
+  return REDACT_PATTERNS.reduce((acc, [re, rep]) => acc.replace(re, rep), s);
+}
+function redactRecord(r) {
+  return { ...r, task_excerpt: redact(r.task_excerpt) };
+}
+function renderHumanTable(records) {
+  const header = `${"ts".padEnd(19)} | ${"phase".padEnd(6)} | ${"category".padEnd(11)} | ${"matched_rule_id".padEnd(20)} | outcome`;
+  const sep = `${"-".repeat(19)}-+-${"-".repeat(6)}-+-${"-".repeat(11)}-+-${"-".repeat(20)}-+--------`;
+  console.log(header);
+  console.log(sep);
+  for (const r of records) {
+    const ts = r.ts.slice(0, 19);
+    const phase = r.phase.padEnd(6);
+    const cat = r.category.padEnd(11);
+    const rule = (r.matched_rule_id ?? "null").padEnd(20);
+    console.log(`${ts} | ${phase} | ${cat} | ${rule} | ${r.outcome}`);
+  }
+}
+function pipeToJq(filterExpr, lines) {
+  return new Promise((resolve8, reject) => {
+    const child = spawn("jq", [filterExpr], {
+      stdio: ["pipe", "inherit", "inherit"],
+      windowsHide: true
+    });
+    child.on("error", (err2) => {
+      const e = err2;
+      if (e.code === "ENOENT") {
+        console.error("\u2717 jq not found in PATH \u2014 run: harnessed doctor");
+        resolve8(1);
+      } else {
+        reject(err2);
+      }
+    });
+    child.on("close", (code) => resolve8(code ?? 0));
+    child.stdin.write(lines.join("\n"));
+    child.stdin.end();
+  });
+}
+function registerAuditLog(program2) {
+  program2.command("audit-log").description("Query routing audit log (.harnessed/audit.log) with optional jq filter (R10.1)").option("--filter <expr>", `jq filter expression (e.g. '.category=="engineering"')`).option("--tail <n>", "show N most recent records (default 50)", "50").option("--head <n>", "show N oldest records (--head takes priority over --tail)").option("--reverse", "flip output order").option("--json", "output full 12-field JSON instead of human table").action(
+    async (opts) => {
+      const tailN = opts.tail !== void 0 ? Number(opts.tail) : 50;
+      if (Number.isNaN(tailN) || tailN < 1) {
+        console.error("\u2717 --tail must be a positive integer");
+        process.exit(2);
+      }
+      const headN = opts.head !== void 0 ? Number(opts.head) : void 0;
+      if (headN !== void 0 && (Number.isNaN(headN) || headN < 1)) {
+        console.error("\u2717 --head must be a positive integer");
+        process.exit(2);
+      }
+      if (!existsSync(AUDIT_PATH)) {
+        console.log("no audit records found (.harnessed/audit.log does not exist)");
+        process.exit(0);
+      }
+      const raw = readFileSync(AUDIT_PATH, "utf8");
+      const lines = raw.split("\n").map((l) => l.trim()).filter((l) => l.length > 0);
+      if (lines.length === 0) {
+        console.log("no audit records found (audit.log is empty)");
+        process.exit(0);
+      }
+      let records = [];
+      for (const line of lines) {
+        try {
+          records.push(JSON.parse(line));
+        } catch {
+        }
+      }
+      if (headN !== void 0) {
+        records = records.slice(0, headN);
+      } else {
+        records = records.slice(-tailN);
+      }
+      if (opts.reverse) records = records.reverse();
+      records = records.map(redactRecord);
+      if (opts.filter) {
+        const redactedLines = records.map((r) => JSON.stringify(r));
+        const exitCode = await pipeToJq(opts.filter, redactedLines);
+        process.exit(exitCode);
+      }
+      if (opts.json) {
+        for (const r of records) {
+          console.log(JSON.stringify(r, null, 2));
+        }
+      } else {
+        renderHumanTable(records);
+      }
+      process.exit(0);
+    }
+  );
+}
+function registerBackupList(program2) {
+  const backup2 = program2.command("backup").description("Backup snapshot operations");
+  backup2.command("list").description("List backup snapshots under .harnessed-backup/").action(async () => {
+    const root = resolve(process.cwd(), ".harnessed-backup");
+    let dirs;
+    try {
+      dirs = (await readdir(root, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name).sort();
+    } catch {
+      console.log("no backups found (.harnessed-backup/ absent)");
+      return;
+    }
+    if (dirs.length === 0) {
+      console.log("no backups found (.harnessed-backup/ empty)");
+      return;
+    }
+    for (const ts of dirs) {
+      try {
+        const meta = JSON.parse(
+          await readFile(join(root, ts, "metadata.json"), "utf8")
+        );
+        console.log(
+          `${ts}  ${meta.manifest}  (${meta.files.length} file${meta.files.length === 1 ? "" : "s"})`
+        );
+      } catch {
+        console.log(`${ts}  (metadata.json missing or unreadable)`);
+      }
+    }
+    console.log(`
+${dirs.length} snapshot${dirs.length === 1 ? "" : "s"} total`);
+  });
+}
+function checkNodeVersion() {
+  const v = process.versions.node;
+  const major = Number.parseInt(v.split(".")[0] ?? "0", 10);
+  return major >= 22 ? { name: "node \u2265 22", status: "pass", message: `node ${v}` } : {
+    name: "node \u2265 22",
+    status: "fail",
+    message: `node ${v} (need \u2265 22)`,
+    fix: "nvm install 22 && nvm use 22"
+  };
+}
+async function checkMcpScope() {
+  const projectMcp = join(process.cwd(), ".mcp.json");
+  const userClaude = join(homedir(), ".claude.json");
+  let projectExists = false;
+  try {
+    await readFile(projectMcp, "utf8");
+    projectExists = true;
+  } catch {
+  }
+  let userHasMcp = false;
+  try {
+    const raw = await readFile(userClaude, "utf8");
+    const parsed = JSON.parse(raw);
+    userHasMcp = !!parsed.mcpServers && Object.keys(parsed.mcpServers).length > 0;
+  } catch {
+  }
+  if (userHasMcp) {
+    return {
+      name: "mcp scope = project",
+      status: "fail",
+      message: `~/.claude.json has user-scope mcpServers (CC #54803 risk)`,
+      fix: "remove user-scope entries; re-add via `claude mcp add --scope project ...`"
+    };
+  }
+  return {
+    name: "mcp scope = project",
+    status: "pass",
+    message: projectExists ? "project .mcp.json present" : "no MCP servers installed"
+  };
+}
+function checkJq() {
+  const finder = process.platform === "win32" ? "where" : "which";
+  const r = spawnSync(finder, ["jq"], { encoding: "utf8" });
+  if (r.status === 0 && r.stdout.trim().length > 0) {
+    return {
+      name: "jq present",
+      status: "pass",
+      message: r.stdout.split(/\r?\n/)[0]?.trim() ?? "jq found"
+    };
+  }
+  const fix = process.platform === "win32" ? "winget install jqlang.jq  (or: scoop install jq)" : process.platform === "darwin" ? "brew install jq" : "apt-get install jq  (or: dnf install jq)";
+  return { name: "jq present", status: "fail", message: "jq not found in PATH", fix };
+}
+function checkWinBash() {
+  if (process.platform !== "win32") {
+    return { name: "bash flavor (win)", status: "pass", message: "skipped (non-Windows)" };
+  }
+  const where = spawnSync("where", ["bash"], { encoding: "utf8" });
+  const firstBash = (where.stdout ?? "").split(/\r?\n/)[0]?.trim() ?? "(not found)";
+  if (where.status !== 0 || !firstBash || firstBash === "(not found)") {
+    return {
+      name: "bash flavor (win)",
+      status: "fail",
+      message: "no bash on PATH",
+      fix: "install Git for Windows (Git Bash) and ensure it is on PATH"
+    };
+  }
+  const probe = spawnSync("bash", ["-c", "echo $WSL_DISTRO_NAME"], { encoding: "utf8" });
+  const distro = (probe.stdout ?? "").trim();
+  if (distro.length > 0) {
+    return {
+      name: "bash flavor (win)",
+      status: "fail",
+      message: `WSL bash (${distro}) \u2014 ralph-loop subagent fork breaks under WSL`,
+      fix: "reorder PATH so Git Bash precedes WSL bash.exe (Settings \u2192 System \u2192 Environment Variables)"
+    };
+  }
+  return { name: "bash flavor (win)", status: "pass", message: `${firstBash} (Git Bash / native)` };
+}
+async function checkOriginUrl() {
+  const { checkOrigin: checkOrigin2 } = await Promise.resolve().then(() => (init_origin_check(), origin_check_exports));
+  const r = checkOrigin2(process.cwd(), { allowFork: true });
+  return { name: "origin URL", status: r.status, message: r.detail, fix: r.fix };
+}
+async function checkGstackPrefix() {
+  const { probeGstackPrefix: probeGstackPrefix2 } = await Promise.resolve().then(() => (init_probe_gstack(), probe_gstack_exports));
+  const r = probeGstackPrefix2();
+  return { name: "gstack prefix", status: r.status, message: r.detail, fix: r.fix };
+}
+async function checkDeprecations2() {
+  return (await Promise.resolve().then(() => (init_check_deprecations(), check_deprecations_exports))).checkDeprecations();
+}
+async function checkTokenBudget2() {
+  return (await Promise.resolve().then(() => (init_check_token_budget(), check_token_budget_exports))).checkTokenBudget();
+}
+function registerDoctor(program2) {
+  program2.command("doctor").description(
+    "Preflight checks (Node / MCP scope / jq / Win bash / origin URL / gstack prefix / deprecations / token budget)"
+  ).option("--json", "output JSON instead of human-readable").action(async (opts) => {
+    const [mcpScope, originUrl, gstackPrefix, deprecations, tokenBudget] = await Promise.all([
+      checkMcpScope(),
+      checkOriginUrl(),
+      checkGstackPrefix(),
+      // ← Phase 3.2 W1 T1.5 ADD 6th check (D-01 PROBE)
+      checkDeprecations2(),
+      // ← Phase 3.3 W1 T1.7 ADD 7th check (D-02 DOCTOR-ONLY-WARN)
+      checkTokenBudget2()
+      // ← Phase 3.4 W1 T1.2 ADD 8th check (D-03 + D-04 DOCTOR WARN)
+    ]);
+    const results = [
+      checkNodeVersion(),
+      mcpScope,
+      checkJq(),
+      checkWinBash(),
+      originUrl,
+      gstackPrefix,
+      deprecations,
+      tokenBudget
+    ];
+    const hasFail = results.some((r) => r.status === "fail");
+    const hasWarn = results.some((r) => r.status === "warn");
+    if (opts.json) {
+      console.log(
+        JSON.stringify(
+          { checks: results, summary: hasFail ? "fail" : hasWarn ? "warn" : "pass" },
+          null,
+          2
+        )
+      );
+    } else {
+      for (const r of results) {
+        const mark = r.status === "pass" ? "\u2713" : r.status === "warn" ? "\u26A0" : "\u2717";
+        console.log(`${mark} ${r.name} \u2014 ${r.message}`);
+        if (r.status !== "pass" && r.fix) console.log(`    fix: ${r.fix}`);
+      }
+      console.log(
+        hasFail ? "\nsome checks failed (see fix hints above)" : hasWarn ? "\nall checks ok (with warnings \u2014 see hints above)" : "\nall checks passed"
+      );
+    }
+    process.exit(hasFail ? 1 : 0);
+  });
+}
+
+// src/routing/completionSchema.ts
+var COMPLETION_SCHEMA = {
+  type: "object",
+  properties: {
+    status: { type: "string", enum: ["COMPLETE", "PARTIAL", "BLOCKED"] },
+    phase: { type: "string", enum: ["01-clarify", "02-code", "03-test", "04-deliver"] },
+    summary: { type: "string" },
+    blockers: { type: "array", items: { type: "string" } }
+  },
+  required: ["status", "phase"]
+};
+
+// src/routing/systemPrompt.ts
+`## RULE: subagent COMPLETE marker
+When you spawn a subagent and it returns a final message:
+1. **DO NOT summarize, paraphrase, or interpret the subagent's final message**
+2. **DO NOT skip or omit the COMPLETE marker**
+3. The subagent will emit \`<promise>COMPLETE</promise>\` (exact verbatim XML wrapper) when done
+4. You MUST verbatim grep \`<promise>COMPLETE</promise>\` from final message \u2192 if present, treat task as done
+5. If \`<promise>COMPLETE</promise>\` absent \u2192 re-spawn subagent (max 20 iterations); after max, throw VerbatimCompleteFailError
+
+## skills fail-fast handling
+- SkillNotInstalledError \u2192 print user-friendly fix command (e.g., "Run: harnessed install <name>")
+- RestartRequiredError \u2192 print "\u8BF7 exit + restart Claude Code \u8BA9 plugin \u751F\u6548"
+
+## \u515C\u5E95 max-iterations
+- max-iterations 20 (external ralph-loop) \xD7 maxTurns 50 (internal AgentDefinition) = 1000 round-trips worst case
+
+## Completion signal (dual-signal \u2014 emit BOTH)
+If \`outputFormat: { type: 'json_schema' }\` is set on this query, emit a final-turn output conforming to the schema (status/phase/summary/blockers \u2014 keys: ${Object.keys(COMPLETION_SCHEMA.properties).join(", ")}).
+AND emit \`<promise>COMPLETE</promise>\` (FALLBACK signal \u2014 required regardless of structured output presence, for inner-layer subagent completion detection per RESEARCH \xA7 1.3).
+`;
+var COMPLETE_INSTRUCTION = `## CRITICAL RULE: COMPLETE marker
+When your task is done, emit the exact verbatim XML wrapper
+\`<promise>COMPLETE</promise>\` on its own line and nothing else after it. Do
+NOT emit any other variant \u2014 not "completed", not "DONE", not bare \`COMPLETE\`,
+not "\u2705". The parent agent will verbatim grep \`<promise>COMPLETE</promise>\` \u2014
+any deviation fails the round-trip and forces a re-spawn (max 20 iterations).
+`;
+
+// src/routing/agentDefinition.ts
+var SkillNotInstalledError = class extends Error {
+  constructor(skill) {
+    super(`Skill not installed: ${skill}. Run: harnessed install ${skill} --apply`);
+    this.skill = skill;
+    this.name = "SkillNotInstalledError";
+  }
+  skill;
+};
+var InvalidDecisionError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "InvalidDecisionError";
+  }
+};
+var MissingSkillsError = class extends Error {
+  constructor(missing) {
+    super(`Required skills missing: ${missing.join(", ")}`);
+    this.missing = missing;
+    this.name = "MissingSkillsError";
+  }
+  missing;
+};
+var RestartRequiredError = class extends Error {
+  constructor(hint) {
+    super(hint);
+    this.hint = hint;
+    this.name = "RestartRequiredError";
+  }
+  hint;
+};
+var KARPATHY_BASELINE = `## \u5FC3\u6CD5 (always-on baseline)
+- Think Before Coding: read, plan, then write \u2014 never write before understanding.
+- Simplicity First: minimum effective code; avoid unnecessary abstraction.
+- Surgical Changes: small atomic edits; keep history clean.
+- Goal-Driven Execution: each step earns its place by satisfying a goal.
+`;
+async function createAgent(task, decision, opts = {}) {
+  if (!decision.primary_expert) {
+    throw new InvalidDecisionError("decision.primary_expert is required (got null)");
+  }
+  const skillsRoot = opts.skillsRoot ?? join(homedir(), ".claude", "skills");
+  const requested = decision.required_skills ?? (decision.primary_expert ? [decision.primary_expert] : []);
+  const isInstalled2 = (name) => existsSync(join(skillsRoot, name, "SKILL.md"));
+  const missing = requested.filter((s) => !isInstalled2(s));
+  if (missing.length === requested.length && requested.length > 0) {
+    throw new MissingSkillsError(missing);
+  }
+  if (missing.length > 0) {
+    throw new SkillNotInstalledError(missing[0]);
+  }
+  const promptBody = `${KARPATHY_BASELINE}
+## \u4EFB\u52A1
+${task.task}
+
+${COMPLETE_INSTRUCTION}`;
+  return {
+    description: `Routing-engine spawned subagent (${decision.category}) \u2014 primary: ${decision.primary_expert}`,
+    prompt: promptBody,
+    tools: ["Read", "Grep", "Glob", "Bash", "Edit", "Write"],
+    disallowedTools: decision.forbidden_skills?.map((s) => `Skill(${s})`),
+    model: opts.modelOverride ?? process.env.HARNESSED_AGENT_MODEL ?? "inherit",
+    skills: requested,
+    mcpServers: void 0,
+    memory: "project",
+    maxTurns: opts.maxTurnsOverride ?? 50,
+    background: false,
+    effort: opts.effortOverride ?? "medium",
+    permissionMode: opts.permissionModeOverride ?? "default",
+    // v1.1 errata (ADR 0009 § Decision Errata 1) — `initialPrompt` carries the
+    // task body for the plugin-main-thread upgrade path;
+    // `criticalSystemReminder_EXPERIMENTAL` re-asserts the verbatim
+    // <promise>COMPLETE</promise> contract at the system-prompt layer.
+    initialPrompt: task.task,
+    criticalSystemReminder_EXPERIMENTAL: COMPLETE_INSTRUCTION
+  };
+}
+
+// src/routing/dag.ts
+function resolveDag(nodes) {
+  const ids = new Set(nodes.map((n) => n.id));
+  const adj = /* @__PURE__ */ new Map();
+  const indegree = /* @__PURE__ */ new Map();
+  for (const id of ids) {
+    adj.set(id, []);
+    indegree.set(id, 0);
+  }
+  for (const node of nodes) {
+    for (const dep of node.deps) {
+      if (!ids.has(dep)) continue;
+      adj.get(dep)?.push(node.id);
+      indegree.set(node.id, (indegree.get(node.id) ?? 0) + 1);
+    }
+  }
+  const queue = [];
+  for (const [id, deg] of indegree) {
+    if (deg === 0) queue.push(id);
+  }
+  queue.sort();
+  const order = [];
+  while (queue.length > 0) {
+    const id = queue.shift();
+    order.push(id);
+    let exposed = false;
+    for (const dependent of adj.get(id) ?? []) {
+      const next = (indegree.get(dependent) ?? 0) - 1;
+      indegree.set(dependent, next);
+      if (next === 0) {
+        queue.push(dependent);
+        exposed = true;
+      }
+    }
+    if (exposed) queue.sort();
+  }
+  if (order.length !== ids.size) {
+    const cycle = [];
+    for (const [id, deg] of indegree) {
+      if (deg > 0) cycle.push(id);
+    }
+    cycle.sort();
+    return { ok: false, cycle };
+  }
+  return { ok: true, order };
+}
+var Domain = Type.Union([
+  Type.Literal("meta"),
+  Type.Literal("engineering"),
+  Type.Literal("design"),
+  Type.Literal("content"),
+  Type.Literal("testing"),
+  Type.Literal("search")
+]);
+var HitPolicy = Type.Union([Type.Literal("P"), Type.Literal("F"), Type.Literal("U")]);
+var Str1 = Type.String({ minLength: 1 });
+var ObjStrict = (p4) => Type.Object(p4, { additionalProperties: false });
+var RuleSchema = ObjStrict({
+  id: Str1,
+  priority: Type.Integer({ minimum: 0 }),
+  domain: Domain,
+  when: Type.Record(Type.String(), Type.Unknown()),
+  decision: Type.Record(Type.String(), Type.Unknown())
+});
+var PhaseEntrySchema = ObjStrict({
+  skills: Type.Array(Str1, { minItems: 1 }),
+  triggers: Type.Array(Str1, { minItems: 1 })
+});
+var MattpocockPhasesSchema = ObjStrict({
+  discuss: PhaseEntrySchema,
+  plan: PhaseEntrySchema,
+  execute: PhaseEntrySchema,
+  verify: PhaseEntrySchema
+});
+var DecisionRulesFileSchema = ObjStrict({
+  // v2 additive (D1.5-10): accept v1 OR v2 — schema stays backward compatible.
+  version: Type.Union([Type.Literal(1), Type.Literal(2)]),
+  hit_policy: HitPolicy,
+  rules: Type.Array(RuleSchema, { minItems: 1 }),
+  // v2 — optional mattpocock_phases map; absent in v1 files.
+  mattpocock_phases: Type.Optional(MattpocockPhasesSchema),
+  fallback_supervisor: Type.Optional(ObjStrict({ trigger: Str1, llm: Str1 })),
+  deprecated: Type.Optional(Type.Array(ObjStrict({ id: Str1, reason: Str1, fallback: Str1 })))
+});
+var ajv2 = new Ajv({ strict: true, allErrors: true, allowUnionTypes: false });
+var _compiled2 = null;
+function getValidator2() {
+  if (!_compiled2) _compiled2 = ajv2.compile(DecisionRulesFileSchema);
+  return _compiled2;
+}
+function scanShellInjection(node, path = "") {
+  if (typeof node === "string") {
+    const hit = checkCmdString(node);
+    return hit ? `${path || "<root>"}: ${hit.label} (${hit.hint})` : null;
+  }
+  if (Array.isArray(node)) {
+    for (let i = 0; i < node.length; i++) {
+      const v = scanShellInjection(node[i], `${path}[${i}]`);
+      if (v) return v;
+    }
+    return null;
+  }
+  if (node && typeof node === "object") {
+    for (const [k, v] of Object.entries(node)) {
+      const hit = scanShellInjection(v, path ? `${path}.${k}` : k);
+      if (hit) return hit;
+    }
+  }
+  return null;
+}
+function loadDecisionRules(yamlPath) {
+  const doc = parseDocument(readFileSync(yamlPath, "utf8"));
+  if (doc.errors.length > 0) {
+    throw new Error(`decision_rules yaml parse error: ${doc.errors[0]?.message}`);
+  }
+  const data = doc.toJS();
+  const validate = getValidator2();
+  if (!validate(data)) {
+    const e = validate.errors?.[0];
+    throw new Error(`decision_rules schema invalid: ${e?.instancePath || "/"} ${e?.message}`);
+  }
+  const inj = scanShellInjection(data);
+  if (inj) throw new Error(`decision_rules security violation: ${inj}`);
+  return data;
+}
+function arbitrate(rules, task) {
+  const matches = rules.filter((r) => matchesWhen(r.when, task));
+  const [top, second] = [...matches].sort((a, b) => b.priority - a.priority);
+  if (!top) return null;
+  if (second && second.priority === top.priority) return null;
+  return top;
+}
+var ARRAY_TRIGGER_FIELDS = /* @__PURE__ */ new Set(["keywords", "signals", "override_keywords"]);
+function taskHas(task, needle, extraKey) {
+  const n = needle.toLowerCase();
+  const prompt = typeof task.prompt === "string" ? task.prompt.toLowerCase() : "";
+  if (prompt.includes(n)) return true;
+  const sources = [];
+  if (Array.isArray(task.signals)) sources.push(...task.signals);
+  if (extraKey && extraKey !== "signals" && Array.isArray(task[extraKey])) {
+    sources.push(...task[extraKey]);
+  }
+  return sources.some((s) => typeof s === "string" && s.toLowerCase().includes(n));
+}
+function matchesWhen(when, task) {
+  for (const [k, v] of Object.entries(when)) {
+    if (ARRAY_TRIGGER_FIELDS.has(k) && Array.isArray(v)) {
+      if (!v.some((kw) => typeof kw === "string" && taskHas(task, kw, k))) return false;
+      continue;
+    }
+    if (Array.isArray(v)) {
+      if (!v.includes(task[k])) return false;
+      continue;
+    }
+    if (task[k] !== v) return false;
+  }
+  return true;
+}
+var AUDIT_PATH2 = ".harnessed/audit.log";
+Type.Object(
+  {
+    ts: Type.String(),
+    phase: Type.String(),
+    task_excerpt: Type.String(),
+    task_sha1: Type.String(),
+    matched_rule_id: Type.Union([Type.String(), Type.Null()]),
+    primary_expert: Type.Union([Type.String(), Type.Null()]),
+    secondary_expert: Type.Union([Type.String(), Type.Null()]),
+    category: Type.String(),
+    route_layer: Type.String(),
+    outcome: Type.String(),
+    session_id: Type.Union([Type.String(), Type.Null()]),
+    iter_count: Type.Union([Type.Number(), Type.Null()])
+  },
+  { additionalProperties: false }
+);
+function buildAuditRecord(task, decision, matched, ctx) {
+  return {
+    ts: (/* @__PURE__ */ new Date()).toISOString(),
+    phase: task.phaseId ?? "unknown",
+    task_excerpt: task.task.slice(0, 200),
+    task_sha1: createHash("sha1").update(task.task).digest("hex"),
+    matched_rule_id: matched?.id ?? null,
+    primary_expert: decision.primary_expert ?? null,
+    secondary_expert: decision.secondary_expert ?? null,
+    category: decision.category,
+    route_layer: ctx.routeLayer,
+    outcome: ctx.outcome,
+    session_id: ctx.sessionId ?? null,
+    iter_count: ctx.iterCount
+  };
+}
+function emitAuditRecord(record) {
+  mkdirSync(dirname(AUDIT_PATH2), { recursive: true });
+  appendFileSync(AUDIT_PATH2, `${JSON.stringify(record)}
+`);
+}
+
+// src/audit/hook.ts
+function emitAudit(task, decision, matched, outcome, sessionId) {
+  emitAuditRecord(
+    buildAuditRecord(task, decision, matched, {
+      outcome,
+      routeLayer: matched ? "L1-keyword" : "L3-fallback",
+      sessionId,
+      iterCount: null
+      // Phase 4.3 YAGNI (ralphLoopWrap returns string only; defer v0.5+ per RESEARCH § 7 Q2)
+    })
+  );
+}
+
+// src/checkpoint/engineHook.ts
+init_schemaVersion();
+init_state();
+init_template();
+async function activatePhase(phaseId) {
+  const checkpointPath = `.harnessed/checkpoints/${phaseId}.json`;
+  await activate(phaseId, checkpointPath);
+  return { checkpointPath };
+}
+async function completePhase(ctx) {
+  if (ctx.phaseId === "unknown") {
+    console.error(
+      '[harnessed] WARN engineHook: phaseId="unknown" \u2014 checkpoint paths fall back to .harnessed/checkpoints/unknown.json (Karpathy fail-loud non-blocking; W-04 mitigation)'
+    );
+  }
+  writeCheckpoint({
+    schemaVersion: SCHEMA_VERSIONS.checkpoint,
+    phase: ctx.phaseId,
+    status: "complete",
+    last_task: ctx.lastTask ?? "engine.runRouting complete",
+    key_decisions: ctx.keyDecisions ?? [],
+    canonical_refs: ctx.canonicalRefs ?? [],
+    ...ctx.sessionId ? { session_id: ctx.sessionId } : {},
+    cwd: process.cwd(),
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    archive_path: `.harnessed/archive/phase-${ctx.phaseId}/`
+  });
+  await complete();
+}
+
+// src/routing/lib/promiseExtract.ts
+var PROMISE_PATTERN = /<promise>([^<]+)<\/promise>/;
+function extractPromise(text) {
+  const match2 = text.match(PROMISE_PATTERN);
+  return match2 ? match2[1] : null;
+}
+
+// src/routing/lib/ralphLoop.ts
+function isComplete(output) {
+  try {
+    const env = JSON.parse(output);
+    if (env.subtype === "success" && env.structured_output?.status === "COMPLETE") return true;
+    if (extractPromise(env.text ?? env.result ?? "") === "COMPLETE") return true;
+    return false;
+  } catch {
+    return extractPromise(output) === "COMPLETE";
+  }
+}
+var MaxIterationsExceededError = class extends Error {
+  constructor(iterations) {
+    super(`ralph-loop max-iterations exceeded after ${iterations} attempts`);
+    this.iterations = iterations;
+    this.name = "MaxIterationsExceededError";
+  }
+  iterations;
+};
+var VerbatimCompleteFailError = class extends Error {
+  constructor(lastMessage) {
+    super("subagent final message lacked verbatim <promise>COMPLETE</promise> (F33 P1 mitigation)");
+    this.lastMessage = lastMessage;
+    this.name = "VerbatimCompleteFailError";
+  }
+  lastMessage;
+};
+async function ralphLoopWrap(spawn9, maxIter) {
+  let last = "";
+  let sessionId;
+  for (let i = 0; i < maxIter; i++) {
+    last = await spawn9(sessionId, (id) => {
+      sessionId = id;
+    });
+    if (isComplete(last)) return last;
+  }
+  throw new MaxIterationsExceededError(maxIter);
+}
+
+// src/routing/lib/sdkReconcile.ts
+function toSdkAgentDefinition(def) {
+  return {
+    description: def.description,
+    prompt: def.prompt,
+    ...def.tools ? { tools: def.tools } : {},
+    ...def.disallowedTools ? { disallowedTools: def.disallowedTools } : {},
+    ...def.model ? { model: def.model } : {}
+  };
+}
+function injectFactoryInternalFields(def, basePrompt) {
+  const parts = [basePrompt];
+  if (def.skills?.length) parts.push(`## Available skills
+- ${def.skills.join("\n- ")}`);
+  if (def.mcpServers && Object.keys(def.mcpServers).length) {
+    parts.push(`## MCP servers
+${Object.keys(def.mcpServers).join(", ")}`);
+  }
+  if (def.memory) parts.push(`## Memory
+${def.memory}`);
+  if (def.maxTurns) parts.push(`## Turn budget
+${def.maxTurns} turns max.`);
+  if (def.background) parts.push(`## Background
+fire-and-forget`);
+  if (def.effort) parts.push(`## Effort
+${def.effort}`);
+  if (def.permissionMode) parts.push(`## Permission mode
+${def.permissionMode}`);
+  if (def.initialPrompt) parts.push(`## Initial prompt
+${def.initialPrompt}`);
+  if (def.criticalSystemReminder_EXPERIMENTAL) {
+    parts.push(`## CRITICAL
+${def.criticalSystemReminder_EXPERIMENTAL}`);
+  }
+  return parts.join("\n\n");
+}
+
+// src/routing/lib/sdkSpawn.ts
+var SpawnFailError = class extends Error {
+  constructor(lastMessage) {
+    super("sdkSpawn produced no result message");
+    this.lastMessage = lastMessage;
+    this.name = "SpawnFailError";
+  }
+  lastMessage;
+};
+async function sdkSpawn(def, opts) {
+  const sdkDef = toSdkAgentDefinition(def);
+  const injectedPrompt = injectFactoryInternalFields(def, def.initialPrompt ?? def.prompt);
+  const queryOptions = {
+    allowedTools: ["Read", "Edit", "Write", "Grep", "Glob", "Bash", "Task"],
+    agents: { [opts.expertName]: sdkDef },
+    // PRIMARY signal (B-02 / B-07 SC3) — structured output via json_schema.
+    outputFormat: { type: "json_schema", schema: COMPLETION_SCHEMA }
+  };
+  if (opts.resumeSessionId) queryOptions.resume = opts.resumeSessionId;
+  const q = query({ prompt: injectedPrompt, options: queryOptions });
+  let result;
+  for await (const msg of q) {
+    if (msg.type === "system" && msg.subtype === "init") {
+      opts.onSessionId?.(msg.session_id);
+    }
+    if (msg.type === "result") {
+      result = msg;
+    }
+  }
+  if (!result) throw new SpawnFailError();
+  const structuredOutput = "structured_output" in result ? result.structured_output : void 0;
+  const subtype = result.subtype;
+  const text = "result" in result ? result.result : void 0;
+  const envelope = {
+    subtype,
+    ...structuredOutput ? { structured_output: structuredOutput } : {},
+    ...text != null ? { text, result: text } : {}
+  };
+  return JSON.stringify(envelope);
+}
+function isInstalled(skill, root) {
+  return existsSync(join(root, skill, "SKILL.md"));
+}
+var sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+async function ensureSkillsInstalled(required, skillsRoot) {
+  for (const name of required) {
+    if (isInstalled(name, skillsRoot)) continue;
+    await sleep(500);
+    let retries = 3;
+    while (retries-- > 0 && !isInstalled(name, skillsRoot)) await sleep(300);
+    if (!isInstalled(name, skillsRoot)) {
+      throw new RestartRequiredError(
+        `Skill ${name} still missing after retry \u2014 please exit + restart Claude Code so the plugin takes effect.`
+      );
+    }
+  }
+}
+
+// src/routing/semanticRouter.ts
+var DEFAULT_SEMANTIC_THRESHOLD = 0.85;
+async function match(prompt, threshold = DEFAULT_SEMANTIC_THRESHOLD) {
+  return { matched: false, rule: null, confidence: 0 };
+}
+
+// src/routing/engine.ts
+var defaultSpawn = (def, ctx) => sdkSpawn(def, ctx);
+function buildDecision(matched) {
+  if (!matched) {
+    return {
+      matched_rule_id: null,
+      primary_expert: null,
+      secondary_expert: null,
+      category: "meta"
+    };
+  }
+  return {
+    matched_rule_id: matched.id,
+    primary_expert: matched.decision.primary_expert ?? null,
+    secondary_expert: matched.decision.secondary_expert ?? null,
+    category: matched.domain,
+    forbidden_skills: matched.decision.forbidden,
+    required_skills: matched.decision.required_skills
+  };
+}
+async function runRouting(task, opts = {}) {
+  const rulesPath = opts.rulesPath ?? join("routing", "decision_rules.yaml");
+  const skillsRoot = opts.skillsRoot ?? join(homedir(), ".claude", "skills");
+  const maxIter = opts.maxIterations ?? 20;
+  const userSpawn = opts.spawn;
+  if (opts.dagNodes && opts.dagNodes.length > 0) {
+    const dag = resolveDag(opts.dagNodes);
+    if (!dag.ok) {
+      const error = new InvalidDecisionError(
+        `skill dependency cycle: ${dag.cycle.join(" \u2192 ")} (see ADR 0009 \xA7 DAG resolver)`
+      );
+      return { ok: false, phase: "arbitrate", error };
+    }
+  }
+  let rules;
+  try {
+    rules = loadDecisionRules(rulesPath).rules;
+  } catch (error) {
+    return { ok: false, phase: "arbitrate", error };
+  }
+  const taskCtx = {
+    task_type: task.task_type,
+    ...task.override_keywords ? { override_keywords: task.override_keywords } : {}
+  };
+  const matched = arbitrate(rules, taskCtx);
+  const decision = buildDecision(matched);
+  if (!matched) {
+    const semantic = await match(task.task, opts.semanticThreshold);
+    void semantic.rule;
+    if (opts.fallbackSupervisor) {
+      const result = await opts.fallbackSupervisor(task);
+      return { ok: true, result, matchedRule: null };
+    }
+    return {
+      ok: false,
+      phase: "arbitrate",
+      error: new InvalidDecisionError("no rule matched and no fallbackSupervisor provided")
+    };
+  }
+  try {
+    await ensureSkillsInstalled(decision.required_skills ?? [], skillsRoot);
+  } catch (error) {
+    if (error instanceof RestartRequiredError || error instanceof SkillNotInstalledError || error instanceof MissingSkillsError) {
+      return { ok: false, phase: "install", error };
+    }
+    return { ok: false, phase: "install", error };
+  }
+  let agentDef;
+  try {
+    agentDef = await createAgent(task, decision, { ...opts.agentOpts, skillsRoot });
+  } catch (error) {
+    if (error instanceof SkillNotInstalledError || error instanceof MissingSkillsError) {
+      return { ok: false, phase: "install", error };
+    }
+    if (error instanceof InvalidDecisionError) {
+      return { ok: false, phase: "arbitrate", error };
+    }
+    return { ok: false, phase: "spawn", error };
+  }
+  const phaseId = task.phaseId ?? "unknown";
+  await activatePhase(phaseId);
+  const expertName = matched.decision.primary_expert ?? "unknown";
+  let capturedSessionId;
+  const wrappedSpawn = async (resumeSessionId, onSessionIdInner) => userSpawn ? userSpawn(agentDef) : defaultSpawn(agentDef, {
+    expertName,
+    ...resumeSessionId ? { resumeSessionId } : {},
+    onSessionId: (id) => {
+      capturedSessionId = id;
+      onSessionIdInner?.(id);
+    }
+  });
+  try {
+    const result = await ralphLoopWrap(wrappedSpawn, maxIter);
+    await completePhase({ phaseId, sessionId: capturedSessionId, status: "complete" });
+    emitAudit(task, decision, matched, "complete", capturedSessionId);
+    return { ok: true, result, matchedRule: matched };
+  } catch (error) {
+    if (error instanceof MaxIterationsExceededError) {
+      emitAudit(task, decision, matched, "max-iter", capturedSessionId);
+      return { aborted: true, reason: error.message };
+    }
+    if (error instanceof VerbatimCompleteFailError) {
+      emitAudit(task, decision, matched, "verbatim-fail", capturedSessionId);
+      return { ok: false, phase: "verbatim", error };
+    }
+    emitAudit(task, decision, matched, "spawn-err", capturedSessionId);
+    return { ok: false, phase: "spawn", error };
+  }
+}
+var ModelTier = Type.Union([
+  Type.Literal("haiku"),
+  Type.Literal("sonnet"),
+  Type.Literal("opus"),
+  Type.Literal("inherit")
+  // B-10 override 逃生口
+]);
+var PhaseEntry = Type.Object(
+  {
+    id: Type.String({ minLength: 1 }),
+    // e.g. '01-clarify'
+    name: Type.String({ minLength: 1 }),
+    upstream: Type.String({ minLength: 1 }),
+    // e.g. 'superpowers brainstorming'
+    model: ModelTier,
+    // 必填 (B-08)
+    skills: Type.Optional(Type.Array(Type.String())),
+    max_iterations: Type.Optional(Type.Integer({ minimum: 1, maximum: 100 })),
+    // Phase 3.2 W1 T1.7 — JINJA-templated invokes string (D-02, W-02 orchestrator fix unconditional extend).
+    invokes: Type.Optional(Type.String())
+  },
+  { additionalProperties: false }
+);
+var PhasesSchema = Type.Object(
+  {
+    workflow: Type.String({ minLength: 1 }),
+    // e.g. 'execute-task'
+    phases: Type.Array(PhaseEntry, { minItems: 1 }),
+    // Phase 3.2 W1 T1.7 — CEO veto halt directive (D-04 PUSH, W-02 orchestrator fix unconditional extend).
+    on_veto: Type.Optional(Type.String({ pattern: "^halt_workflow$" }))
+  },
+  { additionalProperties: false }
+);
+
+// src/workflow/loadPhases.ts
+var PhasesValidationError = class extends Error {
+  constructor(errors) {
+    super(`phases.yaml validation failed (${errors.length} error${errors.length === 1 ? "" : "s"})`);
+    this.errors = errors;
+    this.name = "PhasesValidationError";
+  }
+  errors;
+};
+function loadPhases(yamlPath, vars) {
+  const raw = readFileSync(yamlPath, "utf8");
+  const parsed = parse(raw);
+  if (!Value.Check(PhasesSchema, parsed)) {
+    throw new PhasesValidationError([...Value.Errors(PhasesSchema, parsed)]);
+  }
+  return parsed;
+}
+
+// src/cli/lib/validateFlags.ts
+function validateNonInteractiveFlags(raw, cmdName) {
+  if (raw.nonInteractive && !raw.apply && !raw.dryRun) {
+    console.error(
+      `error: --non-interactive requires --apply or --dry-run
+  fix:  'harnessed ${cmdName} --non-interactive --dry-run' or '--apply'`
+    );
+    process.exit(2);
+  }
+}
+
+// src/cli/execute-task.ts
+function registerExecuteTask(program2) {
+  program2.command("execute-task").description("Run execute-task workflow (4-phase chain \u2192 ralph-loop COMPLETE)").requiredOption("--task <text>", "task description (required)").option("--workflow <name>", "workflow name", "execute-task").option("--apply", "execute the spawn (default: dry-run preview)").option("--dry-run", "force dry-run (overrides --apply if both set)").option("--non-interactive", "CI / scripts \u2014 requires --apply or --dry-run").option("--model <model>", "subagent model: 'haiku' | 'sonnet' | 'opus'").option("--model-tier <tier>", "override: 'inherit' bypasses per-phase phase.model (B-10)").option("--max-iterations <n>", "ralph-loop max iter (default 20)", (v) => parseInt(v, 10)).action(async (raw) => {
+    validateNonInteractiveFlags(raw, "execute-task --task <text>");
+    if (!raw.task) {
+      console.error("error: --task <text> is required");
+      process.exit(2);
+    }
+    const workflowName = raw.workflow ?? "execute-task";
+    let phases;
+    try {
+      phases = loadPhases(`workflows/${workflowName}/phases.yaml`);
+    } catch (error) {
+      console.error(
+        `error: failed to load workflows/${workflowName}/phases.yaml \u2014 ${error.message}`
+      );
+      process.exit(2);
+    }
+    if (raw.modelTier === "inherit") {
+      phases = {
+        ...phases,
+        phases: phases.phases.map((p4) => ({ ...p4, model: "inherit" }))
+      };
+    }
+    const taskCtx = { task: raw.task, task_type: "execute-task" };
+    const isDryRun = raw.dryRun === true || !raw.apply && !raw.nonInteractive;
+    if (isDryRun) {
+      console.log(
+        JSON.stringify({ workflow: phases.workflow, phases: phases.phases, taskCtx }, null, 2)
+      );
+      process.exit(0);
+    }
+    const result = await runRouting(taskCtx, {
+      maxIterations: raw.maxIterations ?? 20,
+      ...raw.model ? { agentOpts: { modelOverride: raw.model } } : {}
+    });
+    if ("aborted" in result) {
+      console.error(`aborted: ${result.reason}`);
+      process.exit(2);
+    }
+    if ("ok" in result && result.ok === false) {
+      console.error(`error: ${result.phase} \u2014 ${result.error.message}`);
+      process.exit(1);
+    }
+    console.log(result.result);
+    process.exit(0);
+  });
+}
+var DURATION_RE = /^(\d+)([dhmw])$/;
+function parseDuration(s) {
+  const m = DURATION_RE.exec(s);
+  if (!m) return null;
+  const n = Number.parseInt(m[1] ?? "0", 10);
+  const unit = m[2];
+  const ms = unit === "d" ? 864e5 : unit === "h" ? 36e5 : unit === "m" ? 6e4 : 6048e5;
+  return n * ms;
+}
+async function dirSizeKb(dir) {
+  let total = 0;
+  const stack = [dir];
+  while (stack.length > 0) {
+    const cur = stack.pop();
+    if (!cur) break;
+    const entries = await readdir(cur, { withFileTypes: true });
+    for (const e of entries) {
+      const p4 = join(cur, e.name);
+      if (e.isDirectory()) stack.push(p4);
+      else if (e.isFile()) {
+        const st = await stat(p4);
+        total += st.size;
+      }
+    }
+  }
+  return Math.round(total / 1024);
+}
+function registerGc(program2) {
+  program2.command("gc").description("Garbage-collect old backup snapshots (dry-run by default)").option("--older-than <duration>", "delete snapshots older than (e.g. 30d / 24h / 4w)", "30d").option("--keep-last <N>", "always keep the most recent N snapshots", "0").option("--apply", "actually delete (default: dry-run preview only)").option("--dry-run", "force dry-run (overrides --apply)").action(async (opts) => {
+    const dryRun = opts.dryRun === true || opts.apply !== true;
+    const olderMs = parseDuration(opts.olderThan ?? "30d");
+    if (olderMs == null) {
+      console.error(
+        `error: invalid --older-than '${opts.olderThan}'
+  fix:  use format <N>{d|h|m|w} e.g. 30d / 24h / 60m / 4w`
+      );
+      process.exit(1);
+      return;
+    }
+    const keepLast = Number.parseInt(opts.keepLast ?? "0", 10);
+    const root = resolve(process.cwd(), ".harnessed-backup");
+    let dirs;
+    try {
+      dirs = (await readdir(root, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name).sort();
+    } catch {
+      console.log("no backups found (.harnessed-backup/ absent) \u2014 nothing to gc");
+      return;
+    }
+    const cutoff = Date.now() - olderMs;
+    const kept = new Set(dirs.slice(-keepLast));
+    const candidates = [];
+    for (const ts of dirs) {
+      if (kept.has(ts)) continue;
+      const path = join(root, ts);
+      const iso = ts.replace(/T(\d{2})-(\d{2})-(\d{2})/, "T$1:$2:$3");
+      const t = Date.parse(iso);
+      if (Number.isNaN(t) || t > cutoff) continue;
+      let manifest = "(unknown)";
+      try {
+        const meta = JSON.parse(
+          await readFile(join(path, "metadata.json"), "utf8")
+        );
+        manifest = meta.manifest;
+      } catch {
+      }
+      const sizeKb = await dirSizeKb(path);
+      candidates.push({ ts, path, manifest, sizeKb });
+    }
+    if (candidates.length === 0) {
+      console.log(`no snapshots older than ${opts.olderThan} (kept ${kept.size} most-recent)`);
+      return;
+    }
+    const totalKb = candidates.reduce((a, c) => a + c.sizeKb, 0);
+    const verb = dryRun ? "would delete" : "deleting";
+    console.log(`${verb} ${candidates.length} snapshot(s), ~${totalKb} KB total:`);
+    for (const c of candidates) {
+      console.log(`  ${c.ts}  ${c.manifest}  (${c.sizeKb} KB)`);
+      if (!dryRun) await rm(c.path, { recursive: true, force: true });
+    }
+    if (dryRun) console.log("\n(dry-run \u2014 re-run with --apply to actually delete)");
+  });
+}
+var HOME_DIR = process.env.HOME ?? process.env.USERPROFILE ?? "";
+function mirrorPath(target, scope, backupDir) {
+  const root = scope === "HOME" ? HOME_DIR : ".";
+  const rel = root ? relative(root, target) : target;
+  if (!rel || rel.startsWith("..")) {
+    const flat = createHash("sha1").update(target).digest("hex").slice(0, 16);
+    return join(backupDir, scope, flat);
+  }
+  return join(backupDir, scope, rel);
+}
+function detectEol(buf) {
+  return buf.includes("\r\n") ? "crlf" : "lf";
+}
+async function backup(plan, ctx) {
+  const filename = ctx.manifest.metadata.name;
+  const backupId = (/* @__PURE__ */ new Date()).toISOString().replace(/:/g, "-");
+  const backupDir = join(ctx.cwd, ".harnessed-backup", backupId);
+  try {
+    await mkdir(backupDir, { recursive: true });
+  } catch (err2) {
+    return {
+      ok: false,
+      error: {
+        file: filename,
+        path: "/",
+        message: `failed to create backup dir ${backupDir}: ${err2.message}`,
+        line: null,
+        column: null,
+        keyword: "backup-mkdir-failed"
+      }
+    };
+  }
+  const entries = [];
+  for (const file of plan.files) {
+    let buf;
+    try {
+      buf = await readFile(file.target);
+    } catch (err2) {
+      const code = err2.code;
+      if (code === "ENOENT" && file.oldText === "") {
+        entries.push({
+          target: file.target,
+          backup: "",
+          // sentinel: no backup written; rollback should unlink target
+          sha1: "",
+          eol: "lf"
+          // moot for non-existent file; default to lf
+        });
+        continue;
+      }
+      return {
+        ok: false,
+        error: {
+          file: filename,
+          path: file.target,
+          message: `failed to read original file for backup: ${err2.message}`,
+          line: null,
+          column: null,
+          keyword: "backup-read-failed"
+        }
+      };
+    }
+    const sha1 = createHash("sha1").update(buf).digest("hex");
+    const eol = detectEol(buf);
+    const dest = mirrorPath(file.target, file.scope, backupDir);
+    try {
+      await mkdir(dirname(dest), { recursive: true });
+      await writeFile(dest, buf);
+    } catch (err2) {
+      return {
+        ok: false,
+        error: {
+          file: filename,
+          path: dest,
+          message: `failed to write backup copy: ${err2.message}`,
+          line: null,
+          column: null,
+          keyword: "backup-write-failed"
+        }
+      };
+    }
+    entries.push({ target: file.target, backup: dest, sha1, eol });
+  }
+  const metadata = {
+    installer: filename,
+    manifest: filename,
+    timestamp: backupId,
+    files: entries
+  };
+  const metadataPath = join(backupDir, "metadata.json");
+  try {
+    await writeFile(metadataPath, `${JSON.stringify(metadata, null, 2)}
+`, "utf8");
+  } catch (err2) {
+    return {
+      ok: false,
+      error: {
+        file: filename,
+        path: metadataPath,
+        message: `failed to write metadata.json: ${err2.message}`,
+        line: null,
+        column: null,
+        keyword: "backup-metadata-failed"
+      }
+    };
+  }
+  return { ok: true, backupId, backupDir };
+}
+async function confirmAt(level, ctx) {
+  if (level === "L4" && !ctx.opts.system) {
+    if (!ctx.opts.nonInteractive) {
+      p.note(
+        "this method requires --system flag (e.g. global npm install affects machine PATH); pass --system to opt in.",
+        "L4 system-wide install"
+      );
+    }
+    return { proceed: false, reason: "flag-missing" };
+  }
+  if (ctx.opts.nonInteractive) {
+    return { proceed: ctx.opts.apply };
+  }
+  if (level === "L1") {
+    p.note("will write project-local files only (safe scope).", "L1 confirm");
+    return { proceed: true };
+  }
+  if (level === "L2") {
+    const ans2 = await p.confirm({ message: "Proceed with install?", initialValue: false });
+    if (p.isCancel(ans2)) return { proceed: false, reason: "user-cancel" };
+    return { proceed: ans2 === true };
+  }
+  if (level === "L3") {
+    const first = await p.confirm({ message: "Proceed with install?", initialValue: false });
+    if (p.isCancel(first)) return { proceed: false, reason: "user-cancel" };
+    if (first !== true) return { proceed: false };
+    const second = await p.confirm({
+      message: "This affects other plugins (e.g. ~/.claude.json is shared user-scope state). Confirm again?",
+      initialValue: false
+    });
+    if (p.isCancel(second)) return { proceed: false, reason: "user-cancel" };
+    return { proceed: second === true };
+  }
+  const ans = await p.confirm({
+    message: "System-wide install will modify global PATH. Proceed?",
+    initialValue: false
+  });
+  if (p.isCancel(ans)) return { proceed: false, reason: "user-cancel" };
+  return { proceed: ans === true };
+}
+var FOLD_THRESHOLD = 200;
+var FOLD_HEAD = 100;
+function colorize(line) {
+  if (!pc.isColorSupported) return line;
+  if (line.startsWith("+") && !line.startsWith("+++")) return pc.green(line);
+  if (line.startsWith("-") && !line.startsWith("---")) return pc.red(line);
+  if (line.startsWith("@@")) return pc.cyan(line);
+  return line;
+}
+function diffOneFile(file) {
+  const patch = createPatch(file.target, file.oldText, file.newText, "", "", {
+    stripTrailingCr: true
+  });
+  const lines = patch.split("\n");
+  let added = 0;
+  let removed = 0;
+  for (const ln of lines) {
+    if (ln.startsWith("+") && !ln.startsWith("+++")) added++;
+    else if (ln.startsWith("-") && !ln.startsWith("---")) removed++;
+  }
+  return { lines, added, removed };
+}
+function renderDiff(plan, ctx) {
+  if (plan.files.length === 0) return "(no file changes)\n";
+  const out = [];
+  let totalAdded = 0;
+  let totalRemoved = 0;
+  for (const file of plan.files) {
+    const { lines, added, removed } = diffOneFile(file);
+    totalAdded += added;
+    totalRemoved += removed;
+    const folded = !ctx.opts.fullDiff && lines.length > FOLD_THRESHOLD;
+    const visible = folded ? lines.slice(0, FOLD_HEAD) : lines;
+    for (const ln of visible) out.push(colorize(ln));
+    if (folded) {
+      const more = lines.length - FOLD_HEAD;
+      out.push(pc.dim(`... ${more} more lines (use --full-diff to expand)`));
+    }
+  }
+  const summary = `will modify ${plan.files.length} file${plan.files.length === 1 ? "" : "s"} (${totalAdded} added, ${totalRemoved} removed)`;
+  out.push("");
+  out.push(pc.bold(summary));
+  return `${out.join("\n")}
+`;
+}
+
+// src/installers/lib/err.ts
+function err(ctx, path, message, keyword) {
+  return { file: ctx.manifest.metadata.name, path, message, line: null, column: null, keyword };
+}
+
+// src/installers/lib/preflight.ts
+var GIT_REF_SHAPE = /^([a-f0-9]{7,40}|v?\d+\.\d+\.\d+([.-][\w.-]+)?)$/;
+function preflight(ctx) {
+  const errors = [];
+  const filename = ctx.manifest.metadata.name;
+  const spec = ctx.manifest.spec;
+  const install = spec.install;
+  const current = process.platform;
+  if (!spec.platforms.includes(current)) {
+    errors.push({
+      file: filename,
+      path: "/spec/platforms",
+      message: `current platform '${current}' not in supported list [${spec.platforms.join(", ")}]; manifest declares it does not run here.`,
+      line: null,
+      column: null,
+      keyword: "platform-mismatch",
+      suggest: `add '${current}' to spec.platforms in upstream manifest if the installer is known to work there`
+    });
+    return { ok: false, errors, abortReason: "platform-mismatch" };
+  }
+  if ("git_ref" in install && typeof install.git_ref === "string") {
+    if (!GIT_REF_SHAPE.test(install.git_ref)) {
+      errors.push({
+        file: filename,
+        path: "/spec/install/git_ref",
+        message: `git_ref '${install.git_ref}' does not match SHA(7-40 hex) or SemVer shape; schema should have caught this \u2014 preflight backstop.`,
+        line: null,
+        column: null,
+        keyword: "git-ref-shape",
+        suggest: "pin to a SHA (40 hex) or SemVer tag (e.g. v1.2.3); branch names like main/HEAD are forbidden"
+      });
+    }
+  }
+  if (typeof install.idempotent_check !== "string" || install.idempotent_check.trim().length === 0) {
+    errors.push({
+      file: filename,
+      path: "/spec/install/idempotent_check",
+      message: "idempotent_check missing or empty; ADR 0004 contract 1 requires a check command for re-install detection",
+      line: null,
+      column: null,
+      keyword: "idempotent-check-missing",
+      suggest: "add a shell cmd that exits 0 iff the package is already installed (e.g. `npm ls -g <pkg>`)"
+    });
+  }
+  return { ok: errors.length === 0, errors };
+}
+var DEFAULT_STATE = { version: "1", installed: {} };
+function statePath(cwd) {
+  return join(cwd, ".harnessed", "state.json");
+}
+async function readState(cwd) {
+  const path = statePath(cwd);
+  let raw;
+  try {
+    raw = await readFile(path, "utf8");
+  } catch (err2) {
+    if (err2.code === "ENOENT") {
+      return { ...DEFAULT_STATE, installed: {} };
+    }
+    throw err2;
+  }
+  try {
+    const parsed = JSON.parse(raw);
+    if (parsed.version !== "1" || typeof parsed.installed !== "object") {
+      return { ...DEFAULT_STATE, installed: {} };
+    }
+    return parsed;
+  } catch {
+    return { ...DEFAULT_STATE, installed: {} };
+  }
+}
+async function writeState(cwd, state) {
+  const path = statePath(cwd);
+  const tmp = `${path}.tmp`;
+  await mkdir(dirname(path), { recursive: true });
+  await writeFile(tmp, `${JSON.stringify(state, null, 2)}
+`, "utf8");
+  await rename(tmp, path);
+}
+async function updateInstalled(cwd, name, version, manifestSha1) {
+  const state = await readState(cwd);
+  state.installed[name] = {
+    version,
+    installedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    manifestSha1
+  };
+  await writeState(cwd, state);
+}
+
+// src/installers/ccHookAdd.ts
+var installCcHookAdd = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "cc-hook-add") {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/method",
+        `dispatch bug: ${install.method}`,
+        "dispatch-mismatch"
+      )
+    };
+  }
+  const pre = preflight(ctx);
+  if (!pre.ok) {
+    if (pre.abortReason === "platform-mismatch")
+      return { aborted: true, reason: "platform-mismatch" };
+    const e = pre.errors[0] ?? err(ctx, "/", "preflight failed", "preflight");
+    return { ok: false, phase: "preflight", error: e };
+  }
+  const settingsPath = join(homedir(), ".claude", "settings.json");
+  let existing;
+  try {
+    existing = await readFile(settingsPath, "utf8");
+  } catch {
+    existing = null;
+  }
+  let settings;
+  try {
+    settings = JSON.parse(existing ?? "{}");
+  } catch (e) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/",
+        `malformed settings.json: ${e.message.slice(0, 200)}`,
+        "settings-json-malformed"
+      )
+    };
+  }
+  settings.hooks = settings.hooks ?? {};
+  const ev = install.hook_event;
+  const matcher = install.hook_matcher;
+  const cmd = install.hook_command;
+  settings.hooks[ev] = settings.hooks[ev] ?? [];
+  if (settings.hooks[ev].some((h) => h.command === cmd && h.matcher === matcher)) {
+    return { ok: true, backupId: "idempotent-skip", appliedFiles: [] };
+  }
+  settings.hooks[ev].push({ matcher, command: cmd });
+  const newText = `${JSON.stringify(settings, null, 2)}
+`;
+  const plan = {
+    files: [{ target: settingsPath, scope: "HOME", oldText: existing ?? "", newText }]
+  };
+  process.stdout.write(renderDiff(plan, ctx));
+  const conf = await confirmAt("L3", { ...ctx});
+  if (!conf.proceed) {
+    const reason = conf.reason === "flag-missing" ? "level-flag-missing" : "user-cancel";
+    return { aborted: true, reason };
+  }
+  if (ctx.opts.dryRun) return { aborted: true, reason: "user-cancel" };
+  const bk = await backup(plan, ctx);
+  if (!bk.ok) return { ok: false, phase: "preflight", error: bk.error };
+  await writeFile(settingsPath, newText);
+  let verify;
+  try {
+    verify = JSON.parse(await readFile(settingsPath, "utf8"));
+  } catch (e) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/hook_command",
+        `verify re-read fail: ${e.message.slice(0, 200)}`,
+        "verify-failed"
+      )
+    };
+  }
+  if (!verify.hooks?.[ev]?.some((h) => h.command === cmd)) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/hook_command",
+        `hook '${cmd.slice(0, 80)}' missing in hooks.${ev}[] after write`,
+        "verify-failed"
+      )
+    };
+  }
+  await updateInstalled(ctx.cwd, ctx.manifest.metadata.name, "", "");
+  return { ok: true, backupId: bk.backupId, appliedFiles: [settingsPath] };
+};
+function runArgs(claudeArgs, cwd, timeoutMs = 15e3) {
+  return new Promise((resolve8) => {
+    const isWin = process.platform === "win32";
+    const child = isWin ? spawn("cmd.exe", ["/c", "claude", ...claudeArgs], { cwd, windowsHide: true }) : spawn("claude", claudeArgs, { cwd, shell: false });
+    let stderr = "";
+    child.stderr?.setEncoding("utf8").on("data", (c) => {
+      stderr += c;
+    });
+    const timer = setTimeout(() => {
+      child.kill("SIGKILL");
+      resolve8({ exitCode: -1, stderr: `${stderr}[timeout after ${timeoutMs}ms]` });
+    }, timeoutMs);
+    child.on("error", (e) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: -1, stderr: `${stderr}${e.message}` });
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: code ?? -1, stderr });
+    });
+  });
+}
+
+// src/installers/ccPluginMarketplace.ts
+function parseCmd(cmd) {
+  const mktMatch = cmd.match(/(?:\/?plugin)\s+marketplace\s+add\s+(\S+)/i);
+  const pluginMatch = cmd.match(/(?:\/?plugin)\s+install\s+(\S+)/i);
+  if (!pluginMatch || pluginMatch[1] === void 0) return null;
+  const pluginAtMkt = pluginMatch[1].replace(/[;&]+$/, "");
+  if (!pluginAtMkt.includes("@")) return null;
+  const mktRef = mktMatch && mktMatch[1] !== void 0 ? mktMatch[1] : null;
+  return {
+    marketplaceRef: mktRef,
+    pluginAtMkt
+  };
+}
+var installCcPluginMarketplace = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "cc-plugin-marketplace") {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/method",
+        `installCcPluginMarketplace received non-cc-plugin-marketplace method '${install.method}' (dispatch bug)`,
+        "dispatch-mismatch"
+      )
+    };
+  }
+  const pre = preflight(ctx);
+  if (!pre.ok) {
+    if (pre.abortReason === "platform-mismatch")
+      return { aborted: true, reason: "platform-mismatch" };
+    const e = pre.errors[0] ?? err(ctx, "/", "preflight failed (no detail)", "preflight");
+    return { ok: false, phase: "preflight", error: e };
+  }
+  const parsed = parseCmd(install.cmd);
+  if (!parsed) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: {
+        ...err(
+          ctx,
+          "/spec/install/cmd",
+          `cc-plugin-marketplace cmd must contain \`plugin install <plugin>@<marketplace>\` (parsed from: '${install.cmd.slice(0, 100)}')`,
+          "cc-plugin-shape"
+        ),
+        suggest: "see manifests/tools/ralph-loop.yaml or manifests/tools/superpowers.yaml for shape"
+      }
+    };
+  }
+  const pluginName = parsed.pluginAtMkt.split("@")[0];
+  const installArgs = ["plugin", "install", parsed.pluginAtMkt, "--scope", "project"];
+  const allArgs = [];
+  if (parsed.marketplaceRef !== null) {
+    allArgs.push(["plugin", "marketplace", "add", parsed.marketplaceRef]);
+  }
+  allArgs.push(installArgs);
+  for (const argSet of allArgs) {
+    for (const a of argSet) {
+      const violation2 = checkCmdString(a);
+      if (violation2) {
+        return {
+          ok: false,
+          phase: "preflight",
+          error: err(
+            ctx,
+            "/spec/install/cmd",
+            `shell escape detected in constructed cc-plugin arg '${a.slice(0, 60)}': ${violation2.label} (${violation2.hint})`,
+            "security-gate-bypass"
+          )
+        };
+      }
+    }
+  }
+  const settingsFile = `${ctx.cwd}/.claude/settings.json`;
+  const newEntry = JSON.stringify({ enabledPlugins: { [parsed.pluginAtMkt]: true } }, null, 2);
+  const plan = {
+    files: [
+      {
+        target: settingsFile,
+        scope: "PROJECT",
+        oldText: "",
+        newText: `// will be merged into .claude/settings.json enabledPlugins map by \`claude plugin install\`:
+${newEntry}
+`
+      }
+    ]
+  };
+  process.stdout.write(renderDiff(plan, ctx));
+  const conf = await confirmAt("L3", { ...ctx});
+  if (!conf.proceed) {
+    const reason = conf.reason === "flag-missing" ? "level-flag-missing" : "user-cancel";
+    return { aborted: true, reason };
+  }
+  if (ctx.opts.dryRun) return { aborted: true, reason: "user-cancel" };
+  const bk = await backup(plan, ctx);
+  if (!bk.ok) return { ok: false, phase: "preflight", error: bk.error };
+  let stepOneStderr = "";
+  if (parsed.marketplaceRef !== null) {
+    const r1 = await runArgs(
+      ["plugin", "marketplace", "add", parsed.marketplaceRef],
+      install.cwd ?? ctx.cwd
+    );
+    stepOneStderr = r1.stderr;
+  }
+  const r2 = await runArgs(installArgs, install.cwd ?? ctx.cwd);
+  if (r2.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/cmd",
+        `claude plugin install exited ${r2.exitCode}: ${r2.stderr.slice(0, 200)}${stepOneStderr ? ` | marketplace-add stderr: ${stepOneStderr.slice(0, 100)}` : ""}`,
+        "install-failed"
+      )
+    };
+  }
+  const verifyShell = process.platform === "win32" ? "cmd.exe" : "/bin/sh";
+  const verifyFlag = process.platform === "win32" ? "/c" : "-c";
+  const verifyLine = `claude plugin list --json | grep -q ${pluginName}`;
+  const violation = checkCmdString(verifyLine);
+  if (violation) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify shell escape: ${violation.label}`,
+        "security-gate-bypass"
+      )
+    };
+  }
+  const vr = await new Promise((resolve8) => {
+    const child = spawn(verifyShell, [verifyFlag, verifyLine], { cwd: ctx.cwd, windowsHide: true });
+    let stderr = "";
+    child.stderr?.setEncoding("utf8").on("data", (c) => {
+      stderr += c;
+    });
+    const timer = setTimeout(() => {
+      child.kill("SIGKILL");
+      resolve8({ exitCode: -1, stderr: `${stderr}[timeout]` });
+    }, 15e3);
+    child.on("error", (e) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: -1, stderr: e.message });
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: code ?? -1, stderr });
+    });
+  });
+  if (vr.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify exit ${vr.exitCode}: ${vr.stderr.slice(0, 200)}`,
+        "verify-failed"
+      )
+    };
+  }
+  await updateInstalled(ctx.cwd, ctx.manifest.metadata.name, install.git_ref, "");
+  return { ok: true, backupId: bk.backupId, appliedFiles: [settingsFile] };
+};
+var DEFAULT_TIMEOUT_MS = 15e3;
+async function spawnCmd(ctx, cmd, args) {
+  const violation = checkCmdString(cmd);
+  if (violation) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: {
+        file: ctx.manifest.metadata.name,
+        path: "/spec/install/cmd",
+        message: `shell escape detected at spawn boundary: '${violation.label}' (${violation.hint}) \u2014 refusing to execute. v0.1 forbids dynamic shell evaluation; this is a defense-in-depth gate after schema validation.`,
+        line: null,
+        column: null,
+        keyword: "security-gate-bypass"
+      }
+    };
+  }
+  const installCfg = ctx.manifest.spec.install;
+  const verifyCfg = ctx.manifest.spec.verify;
+  const timeoutMs = verifyCfg.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  const env = { ...process.env, ...installCfg.env ?? {} };
+  const cwd = installCfg.cwd ?? ctx.cwd;
+  let child;
+  if (process.platform === "win32") {
+    child = spawn("cmd.exe", ["/c", cmd, ...args], { cwd, env, windowsHide: true });
+  } else {
+    const joined = args.length > 0 ? `${cmd} ${args.join(" ")}` : cmd;
+    child = spawn("/bin/sh", ["-c", joined], { cwd, env });
+  }
+  let stdout2 = "";
+  let stderr = "";
+  child.stdout?.setEncoding("utf8").on("data", (chunk) => {
+    stdout2 += chunk;
+  });
+  child.stderr?.setEncoding("utf8").on("data", (chunk) => {
+    stderr += chunk;
+  });
+  return await new Promise((resolve8) => {
+    const timer = setTimeout(() => {
+      child.kill("SIGKILL");
+      resolve8({
+        ok: false,
+        phase: "spawn",
+        error: {
+          file: ctx.manifest.metadata.name,
+          path: "/spec/install/cmd",
+          message: `spawn timed out after ${timeoutMs}ms (cmd: ${cmd}); partial stderr: ${stderr.slice(0, 200)}`,
+          line: null,
+          column: null,
+          keyword: "spawn-timeout"
+        }
+      });
+    }, timeoutMs);
+    child.on("error", (err2) => {
+      clearTimeout(timer);
+      resolve8({
+        ok: false,
+        phase: "spawn",
+        error: {
+          file: ctx.manifest.metadata.name,
+          path: "/spec/install/cmd",
+          message: `spawn failed: ${err2.message}`,
+          line: null,
+          column: null,
+          keyword: "spawn-error"
+        }
+      });
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve8({ ok: true, exitCode: code ?? -1, stdout: stdout2, stderr });
+    });
+  });
+}
+
+// src/installers/gitCloneWithSetup.ts
+function gitRevParseHead(cwd, timeoutMs = 1e4) {
+  return new Promise((resolve8) => {
+    const isWin = process.platform === "win32";
+    const child = isWin ? spawn("cmd.exe", ["/c", "git", "rev-parse", "HEAD"], { cwd, windowsHide: true }) : spawn("git", ["rev-parse", "HEAD"], { cwd, shell: false });
+    let stdout2 = "";
+    child.stdout?.setEncoding("utf8").on("data", (c) => {
+      stdout2 += c;
+    });
+    const timer = setTimeout(() => {
+      child.kill("SIGKILL");
+      resolve8({ sha: "", exit: -1 });
+    }, timeoutMs);
+    child.on("error", () => {
+      clearTimeout(timer);
+      resolve8({ sha: "", exit: -1 });
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve8({ sha: stdout2.trim(), exit: code ?? -1 });
+    });
+  });
+}
+function extractCloneTarget(cmd) {
+  const idx = cmd.indexOf("git clone");
+  if (idx < 0) return null;
+  const tail = cmd.slice(idx + "git clone".length).trim();
+  const tokens = tail.split(/\s+/);
+  let i = 0;
+  while (i < tokens.length) {
+    const t = tokens[i];
+    if (t === void 0 || !t.startsWith("-")) break;
+    if (t === "--depth" || t === "--branch" || t === "-b") {
+      i += 2;
+    } else if (t.includes("=")) {
+      i += 1;
+    } else {
+      i += 2;
+    }
+  }
+  const dest = tokens[i + 1];
+  if (!dest || dest === "&&" || dest === ";" || dest === "|") return null;
+  if (dest.startsWith("~/")) {
+    const home = process.env.HOME ?? process.env.USERPROFILE;
+    if (!home) return null;
+    return `${home}${dest.slice(1)}`;
+  }
+  return dest;
+}
+var installGitCloneWithSetup = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "git-clone-with-setup") {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/method",
+        `installGitCloneWithSetup received non-git-clone-with-setup method '${install.method}' (dispatch bug)`,
+        "dispatch-mismatch"
+      )
+    };
+  }
+  const pre = preflight(ctx);
+  if (!pre.ok) {
+    if (pre.abortReason === "platform-mismatch")
+      return { aborted: true, reason: "platform-mismatch" };
+    const e = pre.errors[0] ?? err(ctx, "/", "preflight failed (no detail)", "preflight");
+    return { ok: false, phase: "preflight", error: e };
+  }
+  if (!/^[a-f0-9]{7,40}$/.test(install.git_ref)) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: {
+        ...err(
+          ctx,
+          "/spec/install/git_ref",
+          `git-clone-with-setup requires a full SHA git_ref (7-40 hex), got '${install.git_ref}' (ADR 0001 reproducibility \u2014 SHA is the only stable authority for git_rev-parse HEAD verification)`,
+          "sha-required"
+        ),
+        suggest: `pin git_ref to a 40-hex commit SHA from the upstream repo (e.g. \`git rev-parse <tag-or-branch>\` in the source)`
+      }
+    };
+  }
+  const cloneTarget = extractCloneTarget(install.cmd);
+  if (!cloneTarget) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: {
+        ...err(
+          ctx,
+          "/spec/install/cmd",
+          `git-clone-with-setup cmd does not contain a parseable \`git clone <url> <dest>\` invocation; D-15 SHA-verify requires an explicit destination directory`,
+          "git-clone-shape"
+        ),
+        suggest: "use `git clone [flags] <url> <dest>` with an explicit destination directory"
+      }
+    };
+  }
+  const name = ctx.manifest.metadata.name;
+  const plan = {
+    files: [
+      {
+        target: cloneTarget,
+        scope: "HOME",
+        oldText: "",
+        newText: `// new directory created by: ${install.cmd}
+// pinned at git_ref ${install.git_ref}
+`
+      }
+    ]
+  };
+  process.stdout.write(renderDiff(plan, ctx));
+  const conf = await confirmAt("L2", { ...ctx});
+  if (!conf.proceed) {
+    const reason = conf.reason === "flag-missing" ? "level-flag-missing" : "user-cancel";
+    return { aborted: true, reason };
+  }
+  if (ctx.opts.dryRun) return { aborted: true, reason: "user-cancel" };
+  const bk = await backup(plan, ctx);
+  if (!bk.ok) return { ok: false, phase: "preflight", error: bk.error };
+  const sp = await spawnCmd(ctx, install.cmd, []);
+  if (!("exitCode" in sp)) return { ...sp, backupId: bk.backupId };
+  if (sp.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/cmd",
+        `git-clone-with-setup cmd exited ${sp.exitCode}: ${sp.stderr.slice(0, 200)}`,
+        "install-failed"
+      )
+    };
+  }
+  const rp = await gitRevParseHead(cloneTarget);
+  if (rp.exit !== 0 || !rp.sha) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/git_ref",
+        `git rev-parse HEAD failed in ${cloneTarget} (exit ${rp.exit}); cannot verify SHA pin '${install.git_ref}'`,
+        "sha-mismatch"
+      )
+    };
+  }
+  if (!rp.sha.startsWith(install.git_ref)) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/git_ref",
+        `git_ref SHA mismatch: manifest pinned '${install.git_ref}' but HEAD is '${rp.sha}' in ${cloneTarget}`,
+        "sha-mismatch"
+      )
+    };
+  }
+  const vr = await spawnCmd(ctx, ctx.manifest.spec.verify.cmd, []);
+  if (!("exitCode" in vr)) return { ...vr, backupId: bk.backupId };
+  const expected = ctx.manifest.spec.verify.expected_exit_code ?? 0;
+  if (vr.exitCode !== expected) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify exit ${vr.exitCode} \u2260 expected ${expected}: ${vr.stderr.slice(0, 200)}`,
+        "verify-failed"
+      )
+    };
+  }
+  await updateInstalled(ctx.cwd, name, install.git_ref, "");
+  return { ok: true, backupId: bk.backupId, appliedFiles: [cloneTarget] };
+};
+function resolveEnvVars(value) {
+  const pattern = /\$\{([A-Z_][A-Z0-9_]*)\}/g;
+  let resolved = value;
+  let match2;
+  pattern.lastIndex = 0;
+  while ((match2 = pattern.exec(value)) !== null) {
+    const name = match2[1];
+    if (name === void 0) continue;
+    const v = process.env[name];
+    if (v === void 0 || v === "") {
+      return { ok: false, missing: name };
+    }
+    resolved = resolved.replace(match2[0], v);
+  }
+  return { ok: true, resolved };
+}
+function resolveHeaders(cmd) {
+  const flat = [];
+  const re = /--header\s+(?:"([^"]+)"|'([^']+)'|(\S+))/g;
+  let m;
+  while ((m = re.exec(cmd)) !== null) {
+    const raw = m[1] ?? m[2] ?? m[3];
+    if (raw === void 0 || raw.length === 0) continue;
+    const res = resolveEnvVars(raw);
+    if (!res.ok) return { ok: false, missing: res.missing };
+    flat.push("--header", res.resolved);
+  }
+  return { ok: true, flat };
+}
+function extractUrl(cmd) {
+  const m = cmd.match(/\bhttps?:\/\/\S+/);
+  return m ? m[0] : null;
+}
+var installMcpHttpAdd = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "mcp-http-add") {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/method",
+        `installMcpHttpAdd received non-mcp-http-add method '${install.method}' (dispatch bug)`,
+        "dispatch-mismatch"
+      )
+    };
+  }
+  const pre = preflight(ctx);
+  if (!pre.ok) {
+    if (pre.abortReason === "platform-mismatch")
+      return { aborted: true, reason: "platform-mismatch" };
+    const e = pre.errors[0] ?? err(ctx, "/", "preflight failed (no detail)", "preflight");
+    return { ok: false, phase: "preflight", error: e };
+  }
+  const name = ctx.manifest.metadata.name;
+  const url = extractUrl(install.cmd);
+  if (!url) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/cmd",
+        `mcp-http-add cmd missing http(s):// URL token (parsed from install.cmd: '${install.cmd.slice(0, 80)}')`,
+        "http-url-missing"
+      )
+    };
+  }
+  const hdr = resolveHeaders(install.cmd);
+  if (!hdr.ok) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: {
+        ...err(
+          ctx,
+          "/spec/install/cmd",
+          `mcp-http-add --header references unset env var '${hdr.missing}'; set it (export ${hdr.missing}=...) or remove the header from the manifest`,
+          "env-unset"
+        ),
+        suggest: `export ${hdr.missing}=<value> && harnessed install <name>`
+      }
+    };
+  }
+  const addArgs = [
+    "mcp",
+    "add",
+    "--scope",
+    "project",
+    "--transport",
+    "http",
+    ...hdr.flat,
+    name,
+    url
+  ];
+  for (const a of addArgs) {
+    const violation2 = checkCmdString(a);
+    if (violation2) {
+      return {
+        ok: false,
+        phase: "preflight",
+        error: err(
+          ctx,
+          "/spec/install/cmd",
+          `shell escape detected in constructed mcp-http-add arg '${a.slice(0, 60)}': ${violation2.label} (${violation2.hint})`,
+          "security-gate-bypass"
+        )
+      };
+    }
+  }
+  const mcpFile = `${ctx.cwd}/.mcp.json`;
+  const headersObj = {};
+  for (let i = 0; i < hdr.flat.length; i += 2) {
+    const kv = hdr.flat[i + 1];
+    if (!kv) continue;
+    const ci = kv.indexOf(":");
+    if (ci > 0) headersObj[kv.slice(0, ci).trim()] = kv.slice(ci + 1).trim();
+  }
+  const entry = Object.keys(headersObj).length > 0 ? { [name]: { type: "http", url, headers: headersObj } } : { [name]: { type: "http", url } };
+  const newEntry = JSON.stringify(entry, null, 2);
+  const plan = {
+    files: [
+      {
+        target: mcpFile,
+        scope: "PROJECT",
+        oldText: "",
+        newText: `// will be merged into .mcp.json mcpServers map by \`claude mcp add\`:
+${newEntry}
+`
+      }
+    ]
+  };
+  process.stdout.write(renderDiff(plan, ctx));
+  const conf = await confirmAt("L3", { ...ctx});
+  if (!conf.proceed) {
+    const reason = conf.reason === "flag-missing" ? "level-flag-missing" : "user-cancel";
+    return { aborted: true, reason };
+  }
+  if (ctx.opts.dryRun) return { aborted: true, reason: "user-cancel" };
+  const bk = await backup(plan, ctx);
+  if (!bk.ok) return { ok: false, phase: "preflight", error: bk.error };
+  const r = await runArgs(addArgs, install.cwd ?? ctx.cwd);
+  if (r.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/cmd",
+        `claude mcp add (http) exited ${r.exitCode}: ${r.stderr.slice(0, 200)}`,
+        "install-failed"
+      )
+    };
+  }
+  const verifyShell = process.platform === "win32" ? "cmd.exe" : "/bin/sh";
+  const verifyFlag = process.platform === "win32" ? "/c" : "-c";
+  const verifyLine = `claude mcp list | grep -q ${name}`;
+  const violation = checkCmdString(verifyLine);
+  if (violation) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify shell escape: ${violation.label}`,
+        "security-gate-bypass"
+      )
+    };
+  }
+  const vr = await new Promise((resolve8) => {
+    const child = spawn(verifyShell, [verifyFlag, verifyLine], { cwd: ctx.cwd, windowsHide: true });
+    let stderr = "";
+    child.stderr?.setEncoding("utf8").on("data", (c) => {
+      stderr += c;
+    });
+    const timer = setTimeout(() => {
+      child.kill("SIGKILL");
+      resolve8({ exitCode: -1, stderr: `${stderr}[timeout]` });
+    }, 15e3);
+    child.on("error", (e) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: -1, stderr: e.message });
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: code ?? -1, stderr });
+    });
+  });
+  if (vr.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify exit ${vr.exitCode}: ${vr.stderr.slice(0, 200)}`,
+        "verify-failed"
+      )
+    };
+  }
+  await updateInstalled(ctx.cwd, name, install.npm_version, "");
+  return { ok: true, backupId: bk.backupId, appliedFiles: [mcpFile] };
+};
+var installMcpStdioAdd = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "mcp-stdio-add") {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/method",
+        `installMcpStdioAdd received non-mcp-stdio-add method '${install.method}' (dispatch bug)`,
+        "dispatch-mismatch"
+      )
+    };
+  }
+  const pre = preflight(ctx);
+  if (!pre.ok) {
+    if (pre.abortReason === "platform-mismatch")
+      return { aborted: true, reason: "platform-mismatch" };
+    const e = pre.errors[0] ?? err(ctx, "/", "preflight failed (no detail)", "preflight");
+    return { ok: false, phase: "preflight", error: e };
+  }
+  const name = ctx.manifest.metadata.name;
+  const pkg = ctx.manifest.metadata.upstream.source;
+  const ver = install.npm_version;
+  const addArgs = [
+    "mcp",
+    "add",
+    "--scope",
+    "project",
+    "--transport",
+    "stdio",
+    name,
+    "--",
+    "npx",
+    "--yes",
+    `${pkg}@${ver}`
+  ];
+  for (const a of addArgs) {
+    const violation2 = checkCmdString(a);
+    if (violation2) {
+      return {
+        ok: false,
+        phase: "preflight",
+        error: err(
+          ctx,
+          "/spec/install/cmd",
+          `shell escape detected in constructed mcp-add arg '${a.slice(0, 60)}': ${violation2.label} (${violation2.hint})`,
+          "security-gate-bypass"
+        )
+      };
+    }
+  }
+  const mcpFile = `${ctx.cwd}/.mcp.json`;
+  const newEntry = JSON.stringify(
+    { [name]: { type: "stdio", command: "npx", args: ["--yes", `${pkg}@${ver}`] } },
+    null,
+    2
+  );
+  const plan = {
+    files: [
+      {
+        target: mcpFile,
+        scope: "PROJECT",
+        oldText: "",
+        newText: `// will be merged into .mcp.json mcpServers map by \`claude mcp add\`:
+${newEntry}
+`
+      }
+    ]
+  };
+  process.stdout.write(renderDiff(plan, ctx));
+  const conf = await confirmAt("L3", { ...ctx});
+  if (!conf.proceed) {
+    const reason = conf.reason === "flag-missing" ? "level-flag-missing" : "user-cancel";
+    return { aborted: true, reason };
+  }
+  if (ctx.opts.dryRun) return { aborted: true, reason: "user-cancel" };
+  const bk = await backup(plan, ctx);
+  if (!bk.ok) return { ok: false, phase: "preflight", error: bk.error };
+  const r = await runArgs(addArgs, install.cwd ?? ctx.cwd);
+  if (r.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/cmd",
+        `claude mcp add exited ${r.exitCode}: ${r.stderr.slice(0, 200)}`,
+        "install-failed"
+      )
+    };
+  }
+  const verifyShell = process.platform === "win32" ? "cmd.exe" : "/bin/sh";
+  const verifyFlag = process.platform === "win32" ? "/c" : "-c";
+  const verifyLine = `claude mcp list | grep -q ${name}`;
+  const violation = checkCmdString(verifyLine);
+  if (violation) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify shell escape: ${violation.label}`,
+        "security-gate-bypass"
+      )
+    };
+  }
+  const vr = await new Promise((resolve8) => {
+    const child = spawn(verifyShell, [verifyFlag, verifyLine], { cwd: ctx.cwd, windowsHide: true });
+    let stderr = "";
+    child.stderr?.setEncoding("utf8").on("data", (c) => {
+      stderr += c;
+    });
+    const timer = setTimeout(() => {
+      child.kill("SIGKILL");
+      resolve8({ exitCode: -1, stderr: `${stderr}[timeout]` });
+    }, 15e3);
+    child.on("error", (e) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: -1, stderr: e.message });
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: code ?? -1, stderr });
+    });
+  });
+  if (vr.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify exit ${vr.exitCode}: ${vr.stderr.slice(0, 200)}`,
+        "verify-failed"
+      )
+    };
+  }
+  await updateInstalled(ctx.cwd, name, ver, "");
+  return { ok: true, backupId: bk.backupId, appliedFiles: [mcpFile] };
+};
+function detectLevel(cmd) {
+  if (/\bnpm\s+install\s+-g\b/.test(cmd)) return "L4";
+  if (/\bnpx\b/.test(cmd)) return "L1";
+  return "L4";
+}
+var installNpmCli = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "npm-cli") {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/method",
+        `installNpmCli received non-npm-cli method '${install.method}' (dispatch bug)`,
+        "dispatch-mismatch"
+      )
+    };
+  }
+  const pre = preflight(ctx);
+  if (!pre.ok) {
+    if (pre.abortReason === "platform-mismatch")
+      return { aborted: true, reason: "platform-mismatch" };
+    const e = pre.errors[0] ?? err(ctx, "/", "preflight failed (no detail)", "preflight");
+    return { ok: false, phase: "preflight", error: e };
+  }
+  let level = detectLevel(install.cmd);
+  let cmd = install.cmd;
+  const plan = { files: [] };
+  process.stdout.write(renderDiff(plan, ctx));
+  if (level === "L4")
+    process.stdout.write("  (L4 system install \u2014 global PATH change; see cmd above)\n");
+  const conf = await confirmAt(level, { ...ctx});
+  if (!conf.proceed) {
+    if (level === "L4" && conf.reason === "flag-missing" && !ctx.opts.nonInteractive) {
+      const choice = await p.select({
+        message: "L4 install requires --system. Choose:",
+        options: [
+          { value: "retry", label: "Retry with --system flag (re-run command)" },
+          { value: "npx", label: "Downgrade to L1 npx ephemeral install (no global)" },
+          { value: "abort", label: "Abort install" }
+        ],
+        initialValue: "abort"
+      });
+      if (p.isCancel(choice) || choice === "abort") return { aborted: true, reason: "user-cancel" };
+      if (choice === "retry") return { aborted: true, reason: "level-flag-missing" };
+      cmd = `npx --yes ${ctx.manifest.metadata.upstream.source}@${install.npm_version}`;
+      level = "L1";
+      const conf2 = await confirmAt("L1", { ...ctx});
+      if (!conf2.proceed) return { aborted: true, reason: "user-cancel" };
+    } else {
+      const reason = conf.reason === "flag-missing" ? "level-flag-missing" : "user-cancel";
+      return { aborted: true, reason };
+    }
+  }
+  if (ctx.opts.dryRun) return { aborted: true, reason: "user-cancel" };
+  const bk = await backup(plan, ctx);
+  if (!bk.ok) return { ok: false, phase: "preflight", error: bk.error };
+  const sp = await spawnCmd(ctx, cmd, []);
+  if (!("exitCode" in sp)) return { ...sp, backupId: bk.backupId };
+  if (sp.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/cmd",
+        `install cmd exited ${sp.exitCode}: ${sp.stderr.slice(0, 200)}`,
+        "install-failed"
+      )
+    };
+  }
+  const vr = await spawnCmd(ctx, ctx.manifest.spec.verify.cmd, []);
+  if (!("exitCode" in vr)) return { ...vr, backupId: bk.backupId };
+  const expected = ctx.manifest.spec.verify.expected_exit_code ?? 0;
+  if (vr.exitCode !== expected) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `verify exit ${vr.exitCode} \u2260 expected ${expected}`,
+        "verify-failed"
+      )
+    };
+  }
+  await updateInstalled(ctx.cwd, ctx.manifest.metadata.name, install.npm_version, "");
+  return { ok: true, backupId: bk.backupId, appliedFiles: [] };
+};
+function extractSkillName(cmd, fallback) {
+  const m = cmd.match(/\bskills(?:@\S+)?\s+add\s+(\S+)/i);
+  if (!m || m[1] === void 0) return fallback;
+  const ref = m[1];
+  const seg = ref.split("/");
+  return seg[seg.length - 1] ?? fallback;
+}
+var installNpxSkillInstaller = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "npx-skill-installer") {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: err(
+        ctx,
+        "/spec/install/method",
+        `installNpxSkillInstaller received non-npx-skill-installer method '${install.method}' (dispatch bug)`,
+        "dispatch-mismatch"
+      )
+    };
+  }
+  const pre = preflight(ctx);
+  if (!pre.ok) {
+    if (pre.abortReason === "platform-mismatch")
+      return { aborted: true, reason: "platform-mismatch" };
+    const e = pre.errors[0] ?? err(ctx, "/", "preflight failed (no detail)", "preflight");
+    return { ok: false, phase: "preflight", error: e };
+  }
+  if (!/\bskills@(?!latest\b)\S+/.test(install.cmd)) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: {
+        ...err(
+          ctx,
+          "/spec/install/cmd",
+          `npx-skill-installer cmd must reference a pinned skills@<version> (got: '${install.cmd.slice(0, 100)}'); @latest is forbidden for reproducibility (ADR 0001)`,
+          "skills-pin-required"
+        ),
+        suggest: "change `skills@latest` \u2192 `skills@1.5.7` (current research-pinned stable)"
+      }
+    };
+  }
+  if (!/\B--copy\b/.test(install.cmd) || !/\B--global\b/.test(install.cmd)) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: {
+        ...err(
+          ctx,
+          "/spec/install/cmd",
+          `npx-skill-installer cmd must include both \`--copy\` and \`--global\` flags (D2.1-5)`,
+          "skills-flags-required"
+        ),
+        suggest: "`--copy` materializes files (Windows symlink-safe); `--global` targets ~/.claude/skills/ (user scope)"
+      }
+    };
+  }
+  const name = ctx.manifest.metadata.name;
+  const skillSegment = extractSkillName(install.cmd, name);
+  const skillDir = join(homedir(), ".claude", "skills", skillSegment);
+  const skillMdPath = join(skillDir, "SKILL.md");
+  const plan = {
+    files: [
+      {
+        target: skillMdPath,
+        scope: "HOME",
+        oldText: "",
+        newText: `// new SKILL.md created by: ${install.cmd}
+`
+      }
+    ]
+  };
+  process.stdout.write(renderDiff(plan, ctx));
+  const conf = await confirmAt("L2", { ...ctx});
+  if (!conf.proceed) {
+    const reason = conf.reason === "flag-missing" ? "level-flag-missing" : "user-cancel";
+    return { aborted: true, reason };
+  }
+  if (ctx.opts.dryRun) return { aborted: true, reason: "user-cancel" };
+  const bk = await backup(plan, ctx);
+  if (!bk.ok) return { ok: false, phase: "preflight", error: bk.error };
+  const sp = await spawnCmd(ctx, install.cmd, []);
+  if (!("exitCode" in sp)) return { ...sp, backupId: bk.backupId };
+  if (sp.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/install/cmd",
+        `npx skills add exited ${sp.exitCode}: ${sp.stderr.slice(0, 200)}`,
+        "install-failed"
+      )
+    };
+  }
+  try {
+    await access(skillMdPath);
+  } catch {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: {
+        ...err(
+          ctx,
+          "/spec/verify/cmd",
+          `npx skills add reported success but SKILL.md is missing at ${skillMdPath}; the skills CLI may have written to ~/.agents/ instead (D-02 bridge limitation) or the npm prefix is misconfigured`,
+          "verify-failed"
+        ),
+        suggest: `check if SKILL.md exists at ~/.agents/${skillSegment}/SKILL.md (skills CLI default on some systems); if so, copy or symlink it into ~/.claude/skills/${skillSegment}/`
+      }
+    };
+  }
+  const vr = await spawnCmd(ctx, ctx.manifest.spec.verify.cmd, []);
+  if (!("exitCode" in vr)) return { ...vr, backupId: bk.backupId };
+  const expected = ctx.manifest.spec.verify.expected_exit_code ?? 0;
+  if (vr.exitCode !== expected) {
+    return {
+      ok: false,
+      phase: "verify",
+      backupId: bk.backupId,
+      error: err(
+        ctx,
+        "/spec/verify/cmd",
+        `manifest verify cmd exit ${vr.exitCode} \u2260 expected ${expected}: ${vr.stderr.slice(0, 200)}`,
+        "verify-failed"
+      )
+    };
+  }
+  await updateInstalled(ctx.cwd, name, install.npm_version, "");
+  return { ok: true, backupId: bk.backupId, appliedFiles: [skillMdPath] };
+};
+
+// src/installers/index.ts
+var installers = {
+  "npm-cli": installNpmCli,
+  "mcp-stdio-add": installMcpStdioAdd,
+  "cc-plugin-marketplace": installCcPluginMarketplace,
+  "git-clone-with-setup": installGitCloneWithSetup,
+  "npx-skill-installer": installNpxSkillInstaller,
+  "mcp-http-add": installMcpHttpAdd,
+  // Phase 2.4 W3 T3.1 (D-04 § 3.1) — 7th installer.
+  "cc-hook-add": installCcHookAdd
+};
+function levelOf(manifest) {
+  const method = manifest.spec.install.method;
+  switch (method) {
+    case "mcp-stdio-add":
+    case "mcp-http-add":
+    case "cc-plugin-marketplace":
+    case "cc-hook-add":
+      return "L3";
+    case "git-clone-with-setup":
+    case "npx-skill-installer":
+      return "L2";
+    case "npm-cli":
+      return "L4";
+  }
+}
+async function runInstall(manifest, opts) {
+  const installer = installers[manifest.spec.install.method];
+  return installer({ manifest, opts, level: levelOf(manifest), cwd: process.cwd() });
+}
+
+// src/cli/install.ts
+init_path_guard();
+function formatError(e) {
+  const head = `error: ${e.message}`;
+  const where = e.path && e.path !== "/" ? `
+  at ${e.path}` : "";
+  const tip = e.suggest ? `
+  fix:  ${e.suggest}` : "";
+  return `${head}${where}${tip}`;
+}
+function registerInstall(program2) {
+  program2.command("install <name>").description("Install an upstream (dry-run by default \u2014 pass --apply to execute)").option("--apply", "execute the install (default: dry-run preview only)").option("--dry-run", "force dry-run (overrides --apply if both are set)").option("--system", "allow L4 system-wide install (e.g. global npm install)").option("--non-interactive", "skip all prompts (CI / scripts) \u2014 requires --apply or --dry-run").option("--full-diff", "expand diffs longer than 200 lines").option("--no-color", "disable ANSI colors (auto-detected when piped)").option(
+    "--known-good",
+    "use known-good version lock from versions/<harnessed-ver>-known-good.yaml"
+  ).action(async (name, raw) => {
+    validateNonInteractiveFlags(raw, "install <name>");
+    const { resolveAlias: resolveAlias2 } = await Promise.resolve().then(() => (init_aliases(), aliases_exports));
+    const resolvedName = resolveAlias2(name) ?? name;
+    checkPathSafe(resolvedName);
+    const manifestPath = resolve(process.cwd(), `manifests/tools/${resolvedName}.yaml`);
+    const skillPackPath = resolve(process.cwd(), `manifests/skill-packs/${resolvedName}.yaml`);
+    let yamlSrc;
+    let chosenPath = manifestPath;
+    try {
+      yamlSrc = await readFile(manifestPath, "utf8");
+    } catch {
+      try {
+        yamlSrc = await readFile(skillPackPath, "utf8");
+        chosenPath = skillPackPath;
+      } catch {
+        console.error(
+          `error: manifest '${resolvedName}' not found
+  fix:  ensure manifests/tools/${resolvedName}.yaml or manifests/skill-packs/${resolvedName}.yaml exists`
+        );
+        process.exit(1);
+      }
+    }
+    const v = validateManifestFile(yamlSrc, chosenPath);
+    if (!v.ok) {
+      for (const e of v.errors) console.error(`error: ${e.message} at ${e.path}`);
+      console.error(`  fix:  run 'harnessed audit' to inspect manifest issues`);
+      process.exit(1);
+    }
+    const opts = {
+      apply: raw.apply === true,
+      dryRun: raw.dryRun === true,
+      system: raw.system === true,
+      nonInteractive: raw.nonInteractive === true,
+      fullDiff: raw.fullDiff === true,
+      color: raw.color === false ? false : "auto"
+    };
+    if (raw.knownGood) {
+      const { getPinnedVersion: getPinnedVersion2 } = await Promise.resolve().then(() => (init_knownGood(), knownGood_exports));
+      const harnessedVer = package_default.version;
+      const pinned = getPinnedVersion2(v.manifest.metadata.name, harnessedVer);
+      if (pinned && v.manifest.spec.install.method === "npm-cli") {
+        v.manifest.spec.install.npm_version = pinned;
+      }
+    }
+    const result = await runInstall(v.manifest, opts);
+    if ("aborted" in result) {
+      console.error(`aborted: ${result.reason}`);
+      process.exit(2);
+    }
+    if (result.ok) {
+      const version = v.manifest.spec.install.method === "npm-cli" && "npm_version" in v.manifest.spec.install ? v.manifest.spec.install.npm_version : "";
+      console.log(`installed ${v.manifest.metadata.name}${version ? `@${version}` : ""}`);
+      process.exit(0);
+    }
+    console.error(formatError(result.error));
+    process.exit(1);
+  });
+}
+var PHASE_21 = /* @__PURE__ */ new Set([
+  "cc-plugin-marketplace",
+  "git-clone-with-setup",
+  "npx-skill-installer",
+  "mcp-http-add"
+]);
+async function listBaseManifests(cwd) {
+  const out = [];
+  for (const d of ["manifests/tools", "manifests/skill-packs"]) {
+    try {
+      const entries = await readdir(resolve(cwd, d));
+      for (const f of entries.sort()) if (f.endsWith(".yaml")) out.push(resolve(cwd, d, f));
+    } catch {
+    }
+  }
+  return out;
+}
+function registerInstallBase(program2) {
+  program2.command("install-base").description("Install the phase 1.3 base profile (auto-glob manifests; dry-run by default)").option("--apply", "execute the install (default: dry-run preview only)").option("--dry-run", "force dry-run (overrides --apply if both are set)").option("--non-interactive", "skip all prompts (CI / scripts) \u2014 requires --apply or --dry-run").action(async (raw) => {
+    validateNonInteractiveFlags(raw, "install-base");
+    const opts = {
+      apply: raw.apply === true,
+      dryRun: raw.dryRun === true,
+      system: false,
+      nonInteractive: raw.nonInteractive === true,
+      fullDiff: false,
+      color: "auto"
+    };
+    const installed = [];
+    const skipped = [];
+    const failed = [];
+    for (const path of await listBaseManifests(process.cwd())) {
+      let yamlSrc;
+      try {
+        yamlSrc = await readFile(path, "utf8");
+      } catch (e) {
+        failed.push({ name: path, reason: `read: ${e.message}` });
+        continue;
+      }
+      const v = validateManifestFile(yamlSrc, path);
+      if (!v.ok) {
+        failed.push({ name: path, reason: `validate: ${v.errors[0]?.message ?? "unknown"}` });
+        continue;
+      }
+      const name = v.manifest.metadata.name;
+      const method = v.manifest.spec.install.method;
+      if (PHASE_21.has(method)) {
+        skipped.push({ name, reason: `deferred phase 2.1 (${method})` });
+        continue;
+      }
+      const r = await runInstall(v.manifest, opts);
+      if ("aborted" in r) skipped.push({ name, reason: `aborted: ${r.reason}` });
+      else if (r.ok) installed.push(name);
+      else failed.push({ name, reason: r.error.message });
+    }
+    console.log(
+      `
+  installed: ${installed.length} / skipped (deferred phase 2.1): ${skipped.length} / failed: ${failed.length}`
+    );
+    for (const i of installed) console.log(`  installed  ${i}`);
+    for (const s of skipped) console.log(`  skipped    ${s.name} \u2014 ${s.reason}`);
+    for (const f of failed) console.error(`  failed     ${f.name} \u2014 ${f.reason}`);
+    if (failed.length > 0) process.exit(1);
+    if (installed.length === 0) process.exit(2);
+    process.exit(0);
+  });
+}
+var QA = [
+  { q: "\u2460 \u662F\u771F reusable surface \u8FD8\u662F\u4E34\u65F6 wrapper?", f: "q1_reusable_surface" },
+  { q: "\u2461 \u4E0A\u6E38\u540D\u5B57 fit \u9879\u76EE shape \u5417? \u6709\u73B0\u6709\u547D\u540D\u51B2\u7A81\u5417?", f: "q2_name_fit" },
+  { q: "\u2462 \u4E0E\u5DF2\u88C5\u914D\u7EC4\u4EF6\u6709 overlap surface \u5417?", f: "q3_overlap" },
+  { q: "\u2463 \u662F import \u6982\u5FF5 (\u53EF\u63A7) \u8FD8\u662F import \u522B\u4EBA\u4EA7\u54C1\u8EAB\u4EFD (\u9AD8\u8026\u5408)?", f: "q4_concept_vs_identity" },
+  { q: "\u2464 user \u4E0D\u77E5 upstream \u8FD8\u80FD\u7406\u89E3\u8BE5\u88C5\u914D\u5417?", f: "q5_user_understanding" }
+];
+function basename(upstream) {
+  return (upstream.split("/").pop() ?? upstream).replace(/\.git$/, "");
+}
+function registerManifestAdd(program2) {
+  program2.command("manifest-add <upstream>").description("Add a new upstream adapter (EE-5 5-question merge gate, D-03 BOTH dry-run/apply)").option("--category <cat>", "manifest category (skill-packs | tools)", "skill-packs").option("--name <name>", "short adapter name (defaults to <upstream> basename)").option("--apply", "persist EE-5 answers (default: dry-run preview)").option("--dry-run", "force dry-run (overrides --apply if both set)").option("--non-interactive", "CI/scripts \u2014 requires --apply or --dry-run; WARN-only dry-run").action(async (upstream, raw) => {
+    validateNonInteractiveFlags(raw, "manifest-add <upstream>");
+    const name = raw.name ?? basename(upstream);
+    const category = raw.category ?? "skill-packs";
+    const outPath = `manifests/${category}/${name}.ee5-answers.json`;
+    if (raw.nonInteractive) {
+      console.warn(
+        "[ee-5-gate] WARN: --non-interactive skips 5-question prompt (D-03 dry-run-only). plan-phase hard reject still applies."
+      );
+      console.log(`[manifest-add] dry-run preview for upstream: ${upstream} \u2192 ${outPath}`);
+      process.exit(0);
+    }
+    const rl = readline.createInterface({ input: stdin, output: stdout });
+    const payload = {
+      upstream,
+      created_at: (/* @__PURE__ */ new Date()).toISOString(),
+      author: process.env.USER ?? process.env.USERNAME ?? "unknown"
+    };
+    for (const { q, f } of QA) {
+      const a = (await rl.question(`${q}
+> `)).trim();
+      if (!a) {
+        console.error("error: EE-5 gate requires non-empty answer");
+        rl.close();
+        process.exit(1);
+      }
+      payload[f] = a;
+    }
+    rl.close();
+    if (raw.apply) {
+      writeFileSync(outPath, `${JSON.stringify(payload, null, 2)}
+`, "utf8");
+      console.log(`[manifest-add] EE-5 gate passed; wrote ${outPath}`);
+    } else {
+      console.log(`[manifest-add] EE-5 gate passed (dry-run); would write ${outPath}`);
+      console.log(JSON.stringify(payload, null, 2));
+    }
+    process.exit(0);
+  });
+}
+
+// src/cli/research.ts
+function registerResearch(program2) {
+  program2.command("research").description("Run research workflow (search category sub-routing \u2192 spawn \u2192 verbatim COMPLETE)").requiredOption("--query <text>", "research prompt (required)").option("--apply", "execute the spawn (default: dry-run preview only)").option("--dry-run", "force dry-run (overrides --apply if both are set)").option("--non-interactive", "skip all prompts (CI / scripts) \u2014 requires --apply or --dry-run").option("--model <model>", "subagent model: 'haiku' | 'sonnet' | 'opus'").action(async (raw) => {
+    validateNonInteractiveFlags(raw, "research --query <text>");
+    if (!raw.query) {
+      console.error("error: --query <text> is required");
+      process.exit(2);
+    }
+    const taskCtx = { task: raw.query, task_type: "search" };
+    if (raw.dryRun === true || !raw.apply && !raw.nonInteractive) {
+      const preview = await runRouting(taskCtx, {
+        skillsRoot: void 0,
+        // Stub spawn — dry-run never reaches it; explicit COMPLETE keeps shape happy.
+        spawn: async () => "dry-run preview\nCOMPLETE",
+        maxIterations: 1,
+        ...raw.model ? { agentOpts: { modelOverride: raw.model } } : {}
+      });
+      if ("aborted" in preview) {
+        console.error(`aborted: ${preview.reason}`);
+        process.exit(2);
+      }
+      if ("ok" in preview && preview.ok === false) {
+        console.error(`error: ${preview.phase} \u2014 ${preview.error.message}`);
+        process.exit(1);
+      }
+      console.log(`[dry-run] matched_rule: ${preview.matchedRule?.id ?? "(fallback supervisor)"}`);
+      console.log(`[dry-run] query: ${raw.query}`);
+      console.log("  (use --apply to spawn the subagent and emit verbatim COMPLETE round-trip)");
+      process.exit(0);
+    }
+    const result = await runRouting(taskCtx, {
+      ...raw.model ? { agentOpts: { modelOverride: raw.model } } : {}
+    });
+    if ("aborted" in result) {
+      console.error(`aborted: ${result.reason}`);
+      process.exit(2);
+    }
+    if ("ok" in result && result.ok === false) {
+      console.error(`error: ${result.phase} \u2014 ${result.error.message}`);
+      if (result.phase === "install") {
+        console.error(`  fix:  'harnessed install <skill> --apply' (see error above)`);
+      }
+      process.exit(1);
+    }
+    console.log(result.result);
+    process.exit(0);
+  });
+}
+
+// src/cli/resume.ts
+function registerResume(program2) {
+  program2.command("resume").description(
+    "Reload checkpoint from paused workflow + print resume hint (D-03 \u2014 user invokes phase command manually)"
+  ).option("--json", "output JSON instead of human-readable").action(async (opts) => {
+    const { runResume: runResume2 } = await Promise.resolve().then(() => (init_resume(), resume_exports));
+    const r = await runResume2();
+    if (opts.json) {
+      console.log(JSON.stringify(r, null, 2));
+      process.exit(r.status === "ok" ? 0 : 1);
+      return;
+    }
+    if (r.status === "no-paused-phase") {
+      console.error(`\u2717 ${r.error}`);
+      process.exit(1);
+    }
+    if (r.status === "corrupt") {
+      console.error(`\u2717 ${r.error}
+    path: ${r.path}`);
+      process.exit(1);
+    }
+    if (r.cwdWarn) console.error(r.cwdWarn);
+    console.log(`phase: ${r.checkpoint.phase}`);
+    console.log(`last_task: ${r.checkpoint.last_task}`);
+    if (r.checkpoint.key_decisions.length) {
+      console.log(`key_decisions: ${r.checkpoint.key_decisions.slice(0, 5).join(", ")}`);
+    }
+    if (r.checkpoint.canonical_refs.length) {
+      console.log(`canonical_refs: ${r.checkpoint.canonical_refs.slice(0, 3).join(", ")}`);
+    }
+    console.log(r.resumeHint);
+    process.exit(0);
+  });
+}
+function normalizeEol(buf, eol) {
+  const lf = buf.toString("utf8").replace(/\r\n/g, "\n");
+  return Buffer.from(eol === "crlf" ? lf.replace(/\n/g, "\r\n") : lf, "utf8");
+}
+function registerRollback(program2) {
+  program2.command("rollback <timestamp>").description("Restore files from a backup snapshot (preserves original LF/CRLF)").action(async (timestamp) => {
+    const dir = resolve(process.cwd(), ".harnessed-backup", timestamp);
+    const metaPath = join(dir, "metadata.json");
+    let meta;
+    try {
+      meta = JSON.parse(await readFile(metaPath, "utf8"));
+    } catch (err2) {
+      console.error(
+        `error: cannot read ${metaPath}: ${err2.message}
+  fix:  run 'harnessed backup list' to see available timestamps`
+      );
+      process.exit(1);
+      return;
+    }
+    for (const entry of [...meta.files].reverse()) {
+      if (entry.backup === "") {
+        try {
+          await unlink(entry.target);
+        } catch (err2) {
+          const code = err2.code;
+          if (code !== "ENOENT") {
+            console.error(`error: cannot unlink ${entry.target}: ${err2.message}`);
+            process.exit(1);
+            return;
+          }
+        }
+        continue;
+      }
+      const buf = await readFile(entry.backup);
+      const sha1 = createHash("sha1").update(buf).digest("hex");
+      if (sha1 !== entry.sha1) {
+        console.error(
+          `error: backup checksum mismatch for ${entry.target} (expected ${entry.sha1.slice(0, 12)}, got ${sha1.slice(0, 12)})`
+        );
+        process.exit(1);
+        return;
+      }
+      await writeFile(entry.target, normalizeEol(buf, entry.eol));
+    }
+    console.log(`restored ${meta.files.length} file(s) from ${timestamp}`);
+  });
+}
+function registerStatus(program2) {
+  program2.command("status").description("Show installed upstreams (from .harnessed/state.json)").action(async () => {
+    const state = await readState(process.cwd());
+    const names = Object.keys(state.installed).sort();
+    if (names.length === 0) {
+      console.log("no installs recorded (.harnessed/state.json absent or empty)");
+    } else {
+      for (const n of names) {
+        const e = state.installed[n];
+        if (!e) continue;
+        console.log(`${n} @ ${e.version}  (installed ${e.installedAt})`);
+      }
+      console.log(`
+${names.length} install${names.length === 1 ? "" : "s"} recorded`);
+    }
+    try {
+      const isLocked = await lockfile.check(".harnessed", {
+        lockfilePath: ".harnessed/.lock",
+        stale: 1e4
+      });
+      if (isLocked) {
+        const s = await stat(".harnessed/.lock");
+        const ageMs = Date.now() - s.mtime.getTime();
+        const stale = ageMs > 1e4;
+        console.log(`
+lock: held (since ${s.mtime.toISOString()})${stale ? " \u2014 STALE" : ""}`);
+        console.log("  to release: wait for process to finish or delete .harnessed/.lock");
+      } else {
+        console.log("\nlock: free");
+      }
+    } catch {
+    }
+  });
+}
+
+// src/cli/uninstall.ts
+init_path_guard();
+
+// src/uninstallers/lib/runOrPreview.ts
+function dryRunGate(ctx) {
+  if (ctx.opts.dryRun) return { aborted: true, reason: "dry-run" };
+  return null;
+}
+
+// src/uninstallers/ccHookAdd.ts
+var uninstallCcHookAdd = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "cc-hook-add") {
+    return { ok: false, phase: "preflight", error: `dispatch bug: ${install.method}` };
+  }
+  const abort = dryRunGate(ctx);
+  if (abort) return abort;
+  const settingsPath = join(homedir(), ".claude", "settings.json");
+  let existing;
+  try {
+    existing = await readFile(settingsPath, "utf8");
+  } catch {
+    return { ok: true, removedPaths: [] };
+  }
+  let settings;
+  try {
+    settings = JSON.parse(existing);
+  } catch (e) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: `malformed settings.json: ${e.message.slice(0, 200)}`
+    };
+  }
+  const ev = install.hook_event;
+  const cmd = install.hook_command;
+  const matcher = install.hook_matcher;
+  if (!settings.hooks?.[ev]) {
+    return { ok: true, removedPaths: [] };
+  }
+  const before = settings.hooks[ev].length;
+  settings.hooks[ev] = settings.hooks[ev].filter(
+    (h) => !(h.command === cmd && h.matcher === matcher)
+  );
+  if (settings.hooks[ev].length === 0) delete settings.hooks[ev];
+  if (Object.keys(settings.hooks).length === 0) delete settings.hooks;
+  if (settings.hooks?.[ev]?.length === before || before === settings.hooks?.[ev]?.length) ;
+  const newText = `${JSON.stringify(settings, null, 2)}
+`;
+  await writeFile(settingsPath, newText);
+  return { ok: true, removedPaths: [settingsPath] };
+};
+
+// src/uninstallers/ccPluginMarketplace.ts
+function extractPluginAtMkt(cmd) {
+  const m = cmd.match(/(?:\/?plugin)\s+install\s+(\S+)/i);
+  if (!m || m[1] === void 0) return null;
+  const pluginAtMkt = m[1].replace(/[;&]+$/, "");
+  return pluginAtMkt.includes("@") ? pluginAtMkt : null;
+}
+var uninstallCcPluginMarketplace = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "cc-plugin-marketplace") {
+    return { ok: false, phase: "preflight", error: `dispatch bug: ${install.method}` };
+  }
+  const abort = dryRunGate(ctx);
+  if (abort) return abort;
+  const pluginAtMkt = extractPluginAtMkt(install.cmd);
+  if (!pluginAtMkt) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: `cc-plugin-marketplace cmd missing plugin install <plugin>@<marketplace>: '${install.cmd.slice(0, 80)}'`
+    };
+  }
+  const r = await runArgs(["plugin", "uninstall", pluginAtMkt], ctx.cwd);
+  if (r.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      error: `claude plugin uninstall exited ${r.exitCode}: ${r.stderr.slice(0, 200)}`
+    };
+  }
+  return { ok: true, removedPaths: [pluginAtMkt] };
+};
+function extractCloneTarget2(cmd) {
+  const idx = cmd.indexOf("git clone");
+  if (idx < 0) return null;
+  const tail = cmd.slice(idx + "git clone".length).trim();
+  const tokens = tail.split(/\s+/);
+  let i = 0;
+  while (i < tokens.length) {
+    const t = tokens[i];
+    if (t === void 0 || !t.startsWith("-")) break;
+    if (t === "--depth" || t === "--branch" || t === "-b") {
+      i += 2;
+    } else if (t.includes("=")) {
+      i += 1;
+    } else {
+      i += 2;
+    }
+  }
+  const dest = tokens[i + 1];
+  if (!dest || dest === "&&" || dest === ";" || dest === "|") return null;
+  if (dest.startsWith("~/")) {
+    const home = process.env.HOME ?? process.env.USERPROFILE;
+    if (!home) return null;
+    return `${home}${dest.slice(1)}`;
+  }
+  return dest;
+}
+var uninstallGitCloneWithSetup = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "git-clone-with-setup") {
+    return { ok: false, phase: "preflight", error: `dispatch bug: ${install.method}` };
+  }
+  const abort = dryRunGate(ctx);
+  if (abort) return abort;
+  const cloneTarget = extractCloneTarget2(install.cmd);
+  if (!cloneTarget) {
+    return {
+      ok: false,
+      phase: "preflight",
+      error: `git-clone-with-setup cmd missing parseable 'git clone <url> <dest>': '${install.cmd.slice(0, 80)}'`
+    };
+  }
+  await rm(cloneTarget, { recursive: true, force: true, maxRetries: 3 });
+  return { ok: true, removedPaths: [cloneTarget] };
+};
+
+// src/uninstallers/mcpHttpAdd.ts
+var uninstallMcpHttpAdd = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "mcp-http-add") {
+    return { ok: false, phase: "preflight", error: `dispatch bug: ${install.method}` };
+  }
+  const abort = dryRunGate(ctx);
+  if (abort) return abort;
+  const name = ctx.manifest.metadata.name;
+  const r = await runArgs(["mcp", "remove", name], ctx.cwd);
+  if (r.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      error: `claude mcp remove exited ${r.exitCode}: ${r.stderr.slice(0, 200)}`
+    };
+  }
+  return { ok: true, removedPaths: [name] };
+};
+
+// src/uninstallers/mcpStdioAdd.ts
+var uninstallMcpStdioAdd = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "mcp-stdio-add") {
+    return { ok: false, phase: "preflight", error: `dispatch bug: ${install.method}` };
+  }
+  const abort = dryRunGate(ctx);
+  if (abort) return abort;
+  const name = ctx.manifest.metadata.name;
+  const r = await runArgs(["mcp", "remove", name], ctx.cwd);
+  if (r.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      error: `claude mcp remove exited ${r.exitCode}: ${r.stderr.slice(0, 200)}`
+    };
+  }
+  return { ok: true, removedPaths: [name] };
+};
+var uninstallNpmCli = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "npm-cli") {
+    return { ok: false, phase: "preflight", error: `dispatch bug: ${install.method}` };
+  }
+  if (/\bnpx\s+(--yes|-y)\b/.test(install.cmd)) {
+    const name = ctx.manifest.metadata.name;
+    console.warn(
+      `ephemeral install: nothing to uninstall ('${name}' uses 'npx --yes' runtime-only invocation; no persistent install to remove)`
+    );
+    return { ok: true, removedPaths: [] };
+  }
+  const abort = dryRunGate(ctx);
+  if (abort) return abort;
+  const m = install.cmd.match(/npm\s+(?:install|i)\s+(?:-g\s+)?(\S+)/);
+  const pkg = m?.[1] ?? ctx.manifest.metadata.upstream.source;
+  const isWin = process.platform === "win32";
+  const result = await new Promise((resolve8) => {
+    const child = isWin ? spawn("cmd.exe", ["/c", "npm", "uninstall", "-g", pkg], { windowsHide: true }) : spawn("npm", ["uninstall", "-g", pkg], { shell: false });
+    let stderr = "";
+    child.stderr?.setEncoding("utf8").on("data", (c) => {
+      stderr += c;
+    });
+    const timer = setTimeout(() => {
+      child.kill("SIGKILL");
+      resolve8({ exitCode: -1, stderr: `${stderr}[timeout]` });
+    }, 3e4);
+    child.on("error", (e) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: -1, stderr: e.message });
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve8({ exitCode: code ?? -1, stderr });
+    });
+  });
+  if (result.exitCode !== 0) {
+    return {
+      ok: false,
+      phase: "spawn",
+      error: `npm uninstall exited ${result.exitCode}: ${result.stderr.slice(0, 200)}`
+    };
+  }
+  return { ok: true, removedPaths: [pkg] };
+};
+function extractSkillName2(cmd, fallback) {
+  const m = cmd.match(/\bskills(?:@\S+)?\s+add\s+(\S+)/i);
+  if (!m || m[1] === void 0) return fallback;
+  const ref = m[1];
+  const seg = ref.split("/");
+  return seg[seg.length - 1] ?? fallback;
+}
+var uninstallNpxSkillInstaller = async (ctx) => {
+  const install = ctx.manifest.spec.install;
+  if (install.method !== "npx-skill-installer") {
+    return { ok: false, phase: "preflight", error: `dispatch bug: ${install.method}` };
+  }
+  const abort = dryRunGate(ctx);
+  if (abort) return abort;
+  const name = ctx.manifest.metadata.name;
+  const skillName = extractSkillName2(install.cmd, name);
+  const skillDir = join(homedir(), ".claude", "skills", skillName);
+  await rm(skillDir, { recursive: true, force: true, maxRetries: 3 });
+  return { ok: true, removedPaths: [skillDir] };
+};
+
+// src/uninstallers/index.ts
+var uninstallers = {
+  "npm-cli": uninstallNpmCli,
+  "mcp-stdio-add": uninstallMcpStdioAdd,
+  "mcp-http-add": uninstallMcpHttpAdd,
+  "cc-plugin-marketplace": uninstallCcPluginMarketplace,
+  "git-clone-with-setup": uninstallGitCloneWithSetup,
+  "npx-skill-installer": uninstallNpxSkillInstaller,
+  "cc-hook-add": uninstallCcHookAdd
+};
+async function runUninstall(manifest, opts) {
+  const uninstaller = uninstallers[manifest.spec.install.method];
+  return uninstaller({ manifest, opts, cwd: process.cwd() });
+}
+
+// src/cli/uninstall.ts
+function registerUninstall(program2) {
+  program2.command("uninstall <name>").description("Uninstall an upstream (dry-run by default \u2014 pass --apply to execute)").option("--apply", "execute the uninstall (default: dry-run preview only)").option("--dry-run", "force dry-run (overrides --apply if both are set)").option("--yes", "skip interactive confirm \u2014 requires --apply (CI / scripts)").option("--non-interactive", "alias for --yes (CI compat)").action(async (name, raw) => {
+    const yes = raw.yes === true || raw.nonInteractive === true;
+    if (yes && !raw.apply) {
+      console.error(
+        `error: --yes requires --apply to execute
+  fix:  harnessed uninstall ${name} --yes --apply`
+      );
+      process.exit(2);
+    }
+    const { resolveAlias: resolveAlias2 } = await Promise.resolve().then(() => (init_aliases(), aliases_exports));
+    const resolvedName = resolveAlias2(name) ?? name;
+    checkPathSafe(resolvedName);
+    const manifestPath = resolve(process.cwd(), `manifests/tools/${resolvedName}.yaml`);
+    const skillPackPath = resolve(process.cwd(), `manifests/skill-packs/${resolvedName}.yaml`);
+    let yamlSrc;
+    let chosenPath = manifestPath;
+    try {
+      yamlSrc = await readFile(manifestPath, "utf8");
+    } catch {
+      try {
+        yamlSrc = await readFile(skillPackPath, "utf8");
+        chosenPath = skillPackPath;
+      } catch {
+        console.error(
+          `error: manifest '${resolvedName}' not found
+  fix:  ensure manifests/tools/${resolvedName}.yaml or manifests/skill-packs/${resolvedName}.yaml exists`
+        );
+        process.exit(1);
+      }
+    }
+    const v = validateManifestFile(yamlSrc, chosenPath);
+    if (!v.ok) {
+      for (const e of v.errors) console.error(`error: ${e.message} at ${e.path}`);
+      process.exit(1);
+    }
+    const method = v.manifest.spec.install.method;
+    const dryRun = raw.dryRun === true || !raw.apply;
+    if (dryRun) {
+      console.log(`[dry-run] would uninstall '${resolvedName}' via method '${method}'`);
+      console.log(`  run with --apply to execute`);
+      process.exit(2);
+    }
+    if (!yes) {
+      const answer = await p.confirm({
+        message: `Uninstall '${resolvedName}'? This cannot be undone.`,
+        initialValue: false
+      });
+      if (p.isCancel(answer) || answer === false) {
+        console.error(`aborted: user cancelled`);
+        process.exit(2);
+      }
+    }
+    const opts = { apply: true, dryRun: false, yes };
+    const result = await runUninstall(v.manifest, opts);
+    if ("aborted" in result) {
+      console.error(`aborted: ${result.reason}`);
+      process.exit(2);
+    }
+    if (result.ok) {
+      console.log(`uninstalled ${resolvedName}`);
+      process.exit(0);
+    }
+    console.error(`error: ${result.error}`);
+    process.exit(1);
+  });
+}
+
+// src/cli.ts
+var program = new Command();
+program.name("harnessed").description("AI coding harness package manager + composition orchestrator").version(package_default.version);
+registerInstall(program);
+registerInstallBase(program);
+registerResearch(program);
+registerExecuteTask(program);
+registerManifestAdd(program);
+registerDoctor(program);
+registerAudit(program);
+registerAuditLog(program);
+registerRollback(program);
+registerStatus(program);
+registerBackupList(program);
+registerGc(program);
+registerResume(program);
+registerUninstall(program);
+program.parse(process.argv);
+//# sourceMappingURL=cli.mjs.map
+//# sourceMappingURL=cli.mjs.map