hive-lite 0.1.0

package/src/lib/change.js

@@ -0,0 +1,642 @@
+const cp = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const { createHash } = require('crypto');
+const { createId } = require('./id');
+const { ensureDir, exists, readJson, writeJson, writeText } = require('./fsx');
+const { changedFiles, commitAll, currentBranch, currentHead, diffFromHead, repoRoot } = require('./git');
+const { firstPatternMatch, matchesPattern } = require('./glob');
+const { hiveDir, loadProjectMap, saveAreas } = require('./map');
+const { evaluateChangeRisk, validationStatus } = require('./risk');
+const { evaluateEvidencePolicy, inferRole } = require('./evidence');
+const { itemPattern, normalizeAreaScope, normalizePatternList, patternDisplay } = require('./scope');
+const { parseYaml, stringifyYaml } = require('./yaml');
+
+function sha256(value) {
+  return createHash('sha256').update(value || '').digest('hex');
+}
+
+function changeDir(root, id) {
+  return path.join(hiveDir(root), 'changes', id);
+}
+
+function changeFile(root, id) {
+  return path.join(changeDir(root, id), 'change.json');
+}
+
+function latestFile(root) {
+  return path.join(hiveDir(root), 'changes', 'latest');
+}
+
+function contextPath(root, id) {
+  return path.join(hiveDir(root), 'context', `${id}.json`);
+}
+
+function loadContext(root, id) {
+  if (!id) return null;
+  const file = contextPath(root, id);
+  if (!exists(file)) throw new Error(`context packet not found: ${id}`);
+  return readJson(file);
+}
+
+function loadChange(root, id) {
+  const file = changeFile(root, id);
+  if (!exists(file)) throw new Error(`change not found: ${id}`);
+  return readJson(file);
+}
+
+function latestChangeId(root) {
+  if (!exists(latestFile(root))) return null;
+  return fs.readFileSync(latestFile(root), 'utf8').trim() || null;
+}
+
+function saveChange(root, change) {
+  const dir = changeDir(root, change.id);
+  ensureDir(dir);
+  writeJson(path.join(dir, 'change.json'), change);
+  if (change.diff && change.diff.text !== undefined) {
+    writeText(path.join(dir, 'diff.patch'), change.diff.text || '');
+    change.diff.patchPath = path.relative(root, path.join(dir, 'diff.patch')).replace(/\\/g, '/');
+    writeJson(path.join(dir, 'change.json'), change);
+  }
+  writeText(latestFile(root), `${change.id}\n`);
+}
+
+function loadSplitNote(root, splitId) {
+  if (!splitId) return null;
+  const file = path.join(hiveDir(root), 'context', 'splits', `${splitId}.json`);
+  if (!exists(file)) return null;
+  return readJson(file);
+}
+
+function acceptedPhasesForSplit(root, splitId) {
+  const dir = path.join(hiveDir(root), 'changes');
+  if (!exists(dir)) return new Map();
+  const accepted = new Map();
+  for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+    if (!entry.isDirectory() || !entry.name.startsWith('chg_')) continue;
+    const file = path.join(dir, entry.name, 'change.json');
+    if (!exists(file)) continue;
+    try {
+      const item = readJson(file);
+      const origin = item.originSplit || {};
+      if (origin.splitId !== splitId || !origin.phaseId) continue;
+      if (!item.humanDecision || item.humanDecision.status !== 'accepted') continue;
+      const current = accepted.get(origin.phaseId) || [];
+      current.push({
+        changeId: item.id,
+        commit: item.humanDecision.commit || null,
+      });
+      accepted.set(origin.phaseId, current);
+    } catch {
+      // Ignore malformed historical change records.
+    }
+  }
+  return accepted;
+}
+
+function phaseReadiness(phase, accepted) {
+  const required = ((phase.preconditions || {}).requiredAcceptedPhases || []);
+  const missing = required.filter((phaseId) => !accepted.has(phaseId));
+  return {
+    phaseId: phase.id,
+    title: phase.title,
+    areaId: phase.primaryAreaId,
+    findIntent: phase.findIntent,
+    dependencyStatus: missing.length ? `waiting_on:${missing.join(',')}` : 'ready',
+    missingRequiredAcceptedPhases: missing,
+  };
+}
+
+function splitPostAcceptHint(root, change) {
+  const origin = change.originSplit;
+  if (!origin || !origin.splitId) return null;
+  const note = loadSplitNote(root, origin.splitId);
+  if (!note || !Array.isArray(note.phases)) return null;
+  const accepted = acceptedPhasesForSplit(root, origin.splitId);
+  const remaining = note.phases
+    .filter((phase) => phase.id !== origin.phaseId)
+    .filter((phase) => !accepted.has(phase.id))
+    .sort((a, b) => (a.order || 0) - (b.order || 0))
+    .map((phase) => phaseReadiness(phase, accepted));
+  const ready = remaining.filter((phase) => phase.dependencyStatus === 'ready');
+  const waiting = remaining.filter((phase) => phase.dependencyStatus !== 'ready');
+  return {
+    kind: 'split_remaining_phases',
+    splitId: origin.splitId,
+    completedPhaseId: origin.phaseId || null,
+    remainingPhases: remaining,
+    readyPhases: ready,
+    waitingPhases: waiting,
+    message: remaining.length
+      ? `This accepted change belongs to ${origin.splitId}. Remaining phase seeds are available.`
+      : `This accepted change belongs to ${origin.splitId}. No other phase seeds were recorded.`,
+    suggestedNextPhase: ready[0] || null,
+  };
+}
+
+function inferAreaFromFiles(root, map, files) {
+  const matches = [];
+  for (const area of map.areas) {
+    let count = 0;
+    const scope = normalizeAreaScope(root, area);
+    const patterns = [
+      ...scope.writableDirect,
+      ...scope.writableConditional.map(itemPattern),
+      ...scope.writableBroadFallback.map(itemPattern),
+      ...scope.readable,
+      ...((area.entrypoints || []).map((entry) => entry.path).filter(Boolean)),
+    ].filter(Boolean);
+    for (const file of files) {
+      if (patterns.some((pattern) => matchesPattern(file, pattern))) count += 1;
+    }
+    if (count > 0) matches.push({ area, count });
+  }
+  matches.sort((a, b) => b.count - a.count);
+  return matches;
+}
+
+function qualityFor(scope) {
+  if (scope.quality) return scope.quality;
+  if (scope.writableBroadFallback.length > 0 && scope.writableDirect.length === 0) return 'broad';
+  if (scope.writableConditional.length > 0 && scope.writableDirect.length === 0) return 'conditional';
+  if (scope.writableDirect.length > 0 && (scope.writableConditional.length > 0 || scope.writableBroadFallback.length > 0)) return 'mixed';
+  if (scope.writableDirect.length > 0) return 'narrow';
+  return 'unknown';
+}
+
+function scopeFromContext(root, context) {
+  if (!context || !context.scope) {
+    return normalizeAreaScope(root, {
+      readable_scope: context ? context.readableScope || [] : [],
+      writable_scope: context ? context.writableScope || [] : [],
+      do_not_touch: context ? context.doNotTouch || [] : [],
+    });
+  }
+  const scope = context.scope;
+  return {
+    readable: (scope.readable || []).slice(),
+    writableDirect: (scope.writableDirect || []).map(itemPattern).filter(Boolean),
+    writableConditional: normalizePatternList(scope.writableConditional || [], { requiresReview: true }),
+    writableBroadFallback: normalizePatternList(scope.writableBroadFallback || [], { requiresReview: true }),
+    forbidden: (scope.forbidden || []).slice(),
+    quality: scope.quality || 'unknown',
+  };
+}
+
+function firstItemMatch(file, items) {
+  return (items || []).find((item) => matchesPattern(file, itemPattern(item)));
+}
+
+function scopeCheck(root, files, context, map) {
+  const filePaths = files.map((item) => item.path || item);
+  const matchedAreas = [];
+  let scope = {
+    readable: [],
+    writableDirect: [],
+    writableConditional: [],
+    writableBroadFallback: [],
+    forbidden: [],
+    quality: 'unknown',
+  };
+  let source = 'none';
+
+  if (context) {
+    scope = scopeFromContext(root, context);
+    if (context.area && context.area.id) matchedAreas.push(context.area.id);
+    source = 'context_packet';
+  } else {
+    const inferred = inferAreaFromFiles(root, map, filePaths);
+    if (inferred.length > 0 && inferred[0].count > 0) {
+      const top = inferred[0].area;
+      scope = normalizeAreaScope(root, top);
+      matchedAreas.push(...inferred.filter((item) => item.count > 0).map((item) => item.area.id));
+      source = inferred.length === 1 || inferred[0].count > (inferred[1] ? inferred[1].count : 0) ? 'project_map_inferred' : 'project_map_ambiguous';
+    }
+  }
+
+  const violations = [];
+  const review = [];
+  const reviewDetails = [];
+  const matchedTiers = {
+    direct: [],
+    conditional: [],
+    broad: [],
+    unmatched: [],
+  };
+  const allWritable = [
+    ...scope.writableDirect,
+    ...scope.writableConditional.map(itemPattern),
+    ...scope.writableBroadFallback.map(itemPattern),
+  ].filter(Boolean);
+
+  for (const file of filePaths) {
+    const forbidden = firstPatternMatch(file, scope.forbidden);
+    if (forbidden) {
+      violations.push(`${file} matched doNotTouch ${forbidden}`);
+      continue;
+    }
+    const direct = firstItemMatch(file, scope.writableDirect);
+    if (direct) {
+      matchedTiers.direct.push(file);
+      continue;
+    }
+    const conditional = firstItemMatch(file, scope.writableConditional);
+    if (conditional) {
+      matchedTiers.conditional.push(file);
+      review.push(file);
+      reviewDetails.push(`${file} matched conditional writable scope ${patternDisplay(conditional)}`);
+      continue;
+    }
+    const broad = firstItemMatch(file, scope.writableBroadFallback);
+    if (broad) {
+      matchedTiers.broad.push(file);
+      review.push(file);
+      reviewDetails.push(`${file} matched broad fallback scope ${patternDisplay(broad)}`);
+      continue;
+    }
+    if (allWritable.length > 0) {
+      matchedTiers.unmatched.push(file);
+      review.push(file);
+      reviewDetails.push(`${file} did not match direct writable scope`);
+    }
+  }
+
+  let status = 'clean';
+  if (violations.length > 0) status = 'violation';
+  else if (allWritable.length === 0) status = 'unknown';
+  else if (review.length > 0) status = 'needs_review';
+
+  return {
+    status,
+    source,
+    writable: scope.writableDirect,
+    writableDirect: scope.writableDirect,
+    writableConditional: scope.writableConditional,
+    writableBroadFallback: scope.writableBroadFallback,
+    doNotTouch: scope.forbidden,
+    quality: qualityFor(scope),
+    matchedAreas,
+    violations,
+    review: [...new Set(review)],
+    reviewDetails: [...new Set(reviewDetails)],
+    matchedTiers,
+  };
+}
+
+function validationPlanFromContextOrMap(context, map) {
+  if (context && Array.isArray(context.validationPlan) && context.validationPlan.length > 0) {
+    return context.validationPlan;
+  }
+  const fallback = map.project.defaults && map.project.defaults.validation_cmd;
+  return fallback ? [{
+    profile: 'baseline',
+    command: fallback,
+    type: 'command',
+    required: true,
+    description: 'Baseline project validation.',
+  }] : [];
+}
+
+function createOrUpdateChange(cwd, options = {}) {
+  const root = repoRoot(cwd);
+  const map = loadProjectMap(root);
+  const files = changedFiles(root);
+  if (files.length === 0) return { root, change: null, clean: true };
+
+  const diffText = diffFromHead(root);
+  const id = options.changeId || createId('chg');
+  const existing = options.changeId && exists(changeFile(root, options.changeId))
+    ? loadChange(root, options.changeId)
+    : null;
+  const contextId = options.context || (existing && existing.source ? existing.source.contextPacketId : null);
+  const context = loadContext(root, contextId);
+  const intent = context ? context.intent : (existing ? existing.intent : { raw: '', summary: '' });
+  const change = {
+    version: 1,
+    id,
+    createdAt: existing ? existing.createdAt : new Date().toISOString(),
+    updatedAt: new Date().toISOString(),
+    repo: {
+      root,
+      branch: currentBranch(root),
+      baselineCommit: currentHead(root),
+    },
+    source: {
+      kind: 'working_tree',
+      agent: 'unknown',
+      contextPacketId: context ? context.id : (existing && existing.source ? existing.source.contextPacketId : null),
+    },
+    originSplit: context && context.originSplit ? context.originSplit : (existing ? existing.originSplit || null : null),
+    intent: {
+      raw: intent.raw || '',
+      summary: intent.summary || intent.raw || '',
+    },
+    diff: {
+      patchPath: null,
+      diffHash: `sha256:${sha256(diffText)}`,
+      changedFiles: files,
+      text: diffText,
+    },
+    scope: scopeCheck(root, files, context, map),
+    validation: {
+      status: existing && existing.validation ? existing.validation.status : 'not_run',
+      plan: validationPlanFromContextOrMap(context, map),
+      results: existing && existing.validation ? existing.validation.results || [] : [],
+    },
+    risk: null,
+    nextActions: [],
+    humanDecision: existing ? existing.humanDecision || null : null,
+  };
+
+  change.validation.status = validationStatus(change);
+  change.risk = evaluateChangeRisk(change, map);
+  change.evidencePolicy = evaluateEvidencePolicy(change, map);
+  change.nextActions = nextActions(change);
+  saveChange(root, change);
+  return { root, change, clean: false };
+}
+
+function nextActions(change) {
+  const verdict = change.evidencePolicy ? change.evidencePolicy.verdict : change.risk.verdict;
+  if (verdict === 'blocked') return ['fix_blockers', 'check_again'];
+  if (verdict === 'needs_validation') return ['validate'];
+  if (verdict === 'needs_manual_verification') return ['manual_validate', 'accept_with_review_reason'];
+  if (verdict === 'needs_review_reason') return ['accept_with_review_reason', 'check_again'];
+  if (verdict === 'evidence_insufficient') return ['add_focused_evidence', 'accept_with_review_reason'];
+  if (change.risk.verdict === 'needs_review') return ['accept_after_review', 'check_again'];
+  return ['accept', 'accept_with_commit'];
+}
+
+function findValidationCommand(change, map, options = {}) {
+  if (options.cmd) return { profile: options.profile || 'custom', command: options.cmd };
+  const plan = change.validation.plan || [];
+  if (options.profile) {
+    const match = plan.find((item) => item.profile === options.profile);
+    if (!match) throw new Error(`validation profile not in change plan: ${options.profile}`);
+    if (!match.command) throw new Error(`validation profile is manual or has no command: ${options.profile}`);
+    return match;
+  }
+  const first = plan.find((item) => item.command);
+  if (first) return first;
+  const fallback = map.project.defaults && map.project.defaults.validation_cmd;
+  if (fallback) return { profile: 'baseline', command: fallback };
+  throw new Error('no validation command configured; use --cmd or add .hive/map/validation.yaml');
+}
+
+function validateChange(cwd, id, options = {}) {
+  const root = repoRoot(cwd);
+  const changeId = id || latestChangeId(root);
+  if (!changeId) throw new Error('no change id provided and no latest change exists');
+  const map = loadProjectMap(root);
+  const change = loadChange(root, changeId);
+  ensureDir(path.join(changeDir(root, change.id), 'validation'));
+
+  let result;
+  if (options.manual) {
+    if (options.manual === true) throw new Error('manual validation requires a profile id');
+    const status = options.result || 'passed';
+    if (!['passed', 'failed', 'not_applicable'].includes(status)) {
+      throw new Error('manual validation --result must be passed, failed, or not_applicable');
+    }
+    if (!options.note || options.note === true || !String(options.note).trim()) {
+      throw new Error('manual validation requires --note "..."');
+    }
+    result = {
+      id: createId('val'),
+      changeId: change.id,
+      profile: options.manual,
+      command: null,
+      type: 'manual',
+      startedAt: new Date().toISOString(),
+      endedAt: new Date().toISOString(),
+      exitCode: status === 'failed' ? 1 : 0,
+      status,
+      result: status,
+      note: String(options.note),
+    };
+  } else {
+    const selected = findValidationCommand(change, map, options);
+    const idVal = createId('val');
+    const startedAt = new Date().toISOString();
+    if (typeof options.onStart === 'function') {
+      options.onStart({
+        changeId: change.id,
+        profile: selected.profile || 'custom',
+        command: selected.command,
+      });
+    }
+    const execResult = cp.spawnSync(selected.command, {
+      cwd: root,
+      shell: true,
+      encoding: 'utf8',
+      maxBuffer: 10 * 1024 * 1024,
+    });
+    const endedAt = new Date().toISOString();
+    const stdoutPath = path.join(changeDir(root, change.id), 'validation', `${idVal}.stdout.log`);
+    const stderrPath = path.join(changeDir(root, change.id), 'validation', `${idVal}.stderr.log`);
+    writeText(stdoutPath, execResult.stdout || '');
+    writeText(stderrPath, execResult.stderr || '');
+    result = {
+      id: idVal,
+      changeId: change.id,
+      profile: selected.profile || 'custom',
+      command: selected.command,
+      type: 'command',
+      startedAt,
+      endedAt,
+      exitCode: execResult.status == null ? 1 : execResult.status,
+      status: execResult.status === 0 ? 'passed' : 'failed',
+      stdoutPath: path.relative(root, stdoutPath).replace(/\\/g, '/'),
+      stderrPath: path.relative(root, stderrPath).replace(/\\/g, '/'),
+    };
+  }
+
+  change.validation.results.push(result);
+  change.validation.status = validationStatus(change);
+  change.risk = evaluateChangeRisk(change, map);
+  change.evidencePolicy = evaluateEvidencePolicy(change, map);
+  change.nextActions = nextActions(change);
+  change.updatedAt = new Date().toISOString();
+  saveChange(root, change);
+  return { root, change, result };
+}
+
+function createMapDelta(root, change, commit) {
+  const context = loadContext(root, change.source.contextPacketId);
+  if (!context || !context.area || !context.area.id) return null;
+  const map = loadProjectMap(root);
+  const area = map.areas.find((item) => item.id === context.area.id);
+  if (!area) return null;
+  const entrypointPaths = new Set((area.entrypoints || []).map((entry) => entry.path));
+  const scope = normalizeAreaScope(root, area);
+  const candidate = (change.diff.changedFiles || []).find((file) => {
+    if (entrypointPaths.has(file.path)) return false;
+    if (scope.writableDirect.some((pattern) => matchesPattern(file.path, pattern))) return false;
+    return true;
+  });
+  if (!candidate) return null;
+
+  const delta = {
+    version: 1,
+    id: createId('delta'),
+    createdAt: new Date().toISOString(),
+    source: {
+      changeId: change.id,
+      commit: commit || null,
+      contextPacketId: context.id,
+    },
+    status: 'draft',
+    type: 'area_file_mapping',
+    claim: {
+      text: `${context.area.id} is related to ${candidate.path}.`,
+      durability: 'medium',
+      confidence: 'medium',
+    },
+    target: {
+      areaId: context.area.id,
+    },
+    proposedPatch: {
+      file: '.hive/map/areas.yaml',
+      operation: 'add_entrypoint',
+      value: {
+        path: candidate.path,
+        role: inferRole(candidate.path),
+        source: 'accepted_change',
+        confidence: 'medium',
+        sourceChangeId: change.id,
+        sourceCommit: commit || null,
+      },
+    },
+    review: {
+      required: true,
+      reason: 'Durable Project Map updates require human approval.',
+    },
+  };
+
+  const yaml = stringifyYaml(delta);
+  const deltaFile = path.join(hiveDir(root), 'deltas', `${delta.id}.yaml`);
+  const changeDeltaDir = path.join(changeDir(root, change.id), 'map-delta');
+  ensureDir(changeDeltaDir);
+  writeText(deltaFile, yaml);
+  writeText(path.join(changeDeltaDir, `${delta.id}.yaml`), yaml);
+  return delta;
+}
+
+function acceptChange(cwd, id, options = {}) {
+  const root = repoRoot(cwd);
+  const changeId = id || latestChangeId(root);
+  if (!changeId) throw new Error('no change id provided and no latest change exists');
+  const map = loadProjectMap(root);
+  const change = loadChange(root, changeId);
+  change.risk = evaluateChangeRisk(change, map);
+  change.evidencePolicy = evaluateEvidencePolicy(change, map);
+  const verdict = change.evidencePolicy.verdict;
+
+  if (options.acceptRisk && (!options.reason || options.reason === true)) {
+    throw new Error('accept-risk requires --reason "..."');
+  }
+  if (options.skipValidation && (!options.reason || options.reason === true)) {
+    throw new Error('skip-validation requires --reason "..."');
+  }
+
+  if (verdict === 'blocked' && !options.force) {
+    const reasons = (change.evidencePolicy.reasons || []).join('; ') || (change.risk.blockingReasons || []).join('; ');
+    throw new Error(`change is blocked: ${reasons}`);
+  }
+  if (verdict === 'needs_validation' && !options.skipValidation && !options.reviewed && !options.acceptRisk) {
+    throw new Error('change needs validation; run hive validate or pass --skip-validation --reason "..."');
+  }
+  if (verdict === 'needs_manual_verification' && !options.reviewed && !options.reason && !options.acceptRisk) {
+    throw new Error('change needs manual verification; run hive validate --manual <profile> --result passed --note "..." or accept with --reviewed --reason "..."');
+  }
+  if ((verdict === 'needs_review_reason' || verdict === 'evidence_insufficient') && !options.reviewed && !options.reason && !options.acceptRisk) {
+    throw new Error('change needs a review reason; pass --reviewed --reason "..." or --accept-risk --reason "..."');
+  }
+  if ((options.reviewed || options.reason) && (!options.reason || options.reason === true) && verdict !== 'acceptable') {
+    throw new Error('reviewed acceptance requires --reason "..."');
+  }
+
+  let commit = null;
+  if (options.commit) {
+    commit = commitAll(root, options.message || change.intent.summary || `Accept ${change.id}`);
+  }
+
+  change.humanDecision = {
+    status: 'accepted',
+    mode: options.acceptRisk ? 'accepted_risk'
+      : options.reviewed || options.reason ? 'reviewed_with_reason'
+        : options.skipValidation ? 'skipped_validation'
+          : 'normal',
+    decidedAt: new Date().toISOString(),
+    reason: options.reason || null,
+    reviewed: Boolean(options.reviewed),
+    acceptedRisk: Boolean(options.acceptRisk),
+    skippedValidation: Boolean(options.skipValidation),
+    evidencePolicyVerdictBeforeAccept: verdict,
+    commit,
+  };
+  change.updatedAt = new Date().toISOString();
+  writeJson(path.join(changeDir(root, change.id), 'evidence.json'), change);
+  saveChange(root, change);
+  const delta = createMapDelta(root, change, commit);
+  return { root, change, commit, delta, postAcceptHint: splitPostAcceptHint(root, change) };
+}
+
+function readDeltaFile(file) {
+  return parseYaml(fs.readFileSync(file, 'utf8'));
+}
+
+function allDeltas(root) {
+  const dir = path.join(hiveDir(root), 'deltas');
+  if (!exists(dir)) return [];
+  return fs.readdirSync(dir)
+    .filter((file) => file.endsWith('.yaml') || file.endsWith('.yml'))
+    .map((file) => readDeltaFile(path.join(dir, file)));
+}
+
+function applyDelta(cwd, id) {
+  const root = repoRoot(cwd);
+  const deltaFile = path.join(hiveDir(root), 'deltas', `${id}.yaml`);
+  if (!exists(deltaFile)) throw new Error(`delta not found: ${id}`);
+  const delta = readDeltaFile(deltaFile);
+  if (delta.status === 'applied') return { root, delta, changed: false };
+  if (delta.type !== 'area_file_mapping') throw new Error(`unsupported delta type: ${delta.type}`);
+
+  const map = loadProjectMap(root);
+  const area = map.areasDoc.areas.find((item) => item.id === delta.target.areaId);
+  if (!area) throw new Error(`target area not found: ${delta.target.areaId}`);
+  area.entrypoints = area.entrypoints || [];
+  const value = delta.proposedPatch.value;
+  const existsAlready = area.entrypoints.some((entry) => entry.path === value.path);
+  if (!existsAlready) area.entrypoints.push(value);
+  saveAreas(root, map.areasDoc);
+  delta.status = 'applied';
+  delta.appliedAt = new Date().toISOString();
+  fs.writeFileSync(deltaFile, stringifyYaml(delta));
+  return { root, delta, changed: !existsAlready };
+}
+
+function rejectDelta(cwd, id, reason) {
+  const root = repoRoot(cwd);
+  const deltaFile = path.join(hiveDir(root), 'deltas', `${id}.yaml`);
+  if (!exists(deltaFile)) throw new Error(`delta not found: ${id}`);
+  const delta = readDeltaFile(deltaFile);
+  delta.status = 'rejected';
+  delta.rejectedAt = new Date().toISOString();
+  delta.rejectionReason = reason || '';
+  fs.writeFileSync(deltaFile, stringifyYaml(delta));
+  return { root, delta };
+}
+
+module.exports = {
+  acceptChange,
+  allDeltas,
+  applyDelta,
+  changeDir,
+  createOrUpdateChange,
+  latestChangeId,
+  loadChange,
+  rejectDelta,
+  validateChange,
+};