memorylink 1.0.0

package/dist/commands/doctor.js

@@ -0,0 +1,1272 @@
+"use strict";
+/**
+ * MemoryLink - Doctor Command
+ * System health check and troubleshooting
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.doctorCommand = doctorCommand;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const child_process_1 = require("child_process");
+const utils_js_1 = require("../utils.js");
+const types_js_1 = require("../types.js");
+const observability_js_1 = require("../utils/observability.js");
+const lock_js_1 = require("./lock.js");
+// Secret patterns to detect (HIGH PRIORITY - All 7 AIs require this)
+const SECRET_PATTERNS = [
+    // API Keys
+    { name: 'OpenAI API Key', pattern: /sk-[a-zA-Z0-9]{20,}/g },
+    { name: 'Anthropic API Key', pattern: /sk-ant-[a-zA-Z0-9-]{20,}/g },
+    { name: 'Stripe Secret Key', pattern: /sk_live_[a-zA-Z0-9]{20,}/g },
+    { name: 'Stripe Test Key', pattern: /sk_test_[a-zA-Z0-9]{20,}/g },
+    { name: 'AWS Access Key', pattern: /AKIA[0-9A-Z]{16}/g },
+    { name: 'AWS Secret Key', pattern: /[a-zA-Z0-9/+=]{40}/g },
+    { name: 'GitHub Token', pattern: /ghp_[a-zA-Z0-9]{36}/g },
+    { name: 'GitHub Token (old)', pattern: /github_pat_[a-zA-Z0-9_]{22,}/g },
+    { name: 'Google API Key', pattern: /AIza[0-9A-Za-z-_]{35}/g },
+    { name: 'Slack Token', pattern: /xox[baprs]-[0-9]{10,13}-[a-zA-Z0-9-]+/g },
+    { name: 'Discord Token', pattern: /[MN][A-Za-z\d]{23,}\.[\w-]{6}\.[\w-]{27}/g },
+    // Generic patterns
+    { name: 'Generic API Key', pattern: /api[_-]?key["\s]*[:=]["\s]*[a-zA-Z0-9_-]{16,}/gi },
+    { name: 'Generic Secret', pattern: /secret["\s]*[:=]["\s]*[a-zA-Z0-9_-]{16,}/gi },
+    { name: 'Generic Token', pattern: /token["\s]*[:=]["\s]*[a-zA-Z0-9_-]{16,}/gi },
+    { name: 'Password', pattern: /password["\s]*[:=]["\s]*[^\s"]{8,}/gi },
+    { name: 'Private Key', pattern: /-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g },
+    { name: 'Bearer Token', pattern: /bearer\s+[a-zA-Z0-9_-]{20,}/gi },
+];
+/**
+ * Detect Git merge conflict markers in log files
+ */
+function detectGitConflicts(root) {
+    const conflicts = [];
+    const filesToScan = ['MEMORY', 'LEARNINGS', 'CHANGES'];
+    for (const fileKey of filesToScan) {
+        const filePath = (0, utils_js_1.getFilePath)(fileKey, root);
+        if (!fs.existsSync(filePath))
+            continue;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Check for Git merge conflict markers
+            if (line.trim().startsWith('<<<<<<<') ||
+                line.trim().startsWith('=======') ||
+                line.trim().startsWith('>>>>>>>')) {
+                conflicts.push({
+                    file: types_js_1.FILES[fileKey],
+                    line: i + 1,
+                });
+            }
+        }
+    }
+    return conflicts;
+}
+function scanForSecrets(root) {
+    const matches = [];
+    const filesToScan = ['MEMORY', 'LEARNINGS', 'CHANGES'];
+    for (const fileKey of filesToScan) {
+        const filePath = (0, utils_js_1.getFilePath)(fileKey, root);
+        if (!fs.existsSync(filePath))
+            continue;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            for (const secretPattern of SECRET_PATTERNS) {
+                const regex = new RegExp(secretPattern.pattern);
+                if (regex.test(line)) {
+                    // Create a safe preview (mask most of the secret)
+                    const preview = line.length > 60
+                        ? line.substring(0, 30) + '...' + line.substring(line.length - 10)
+                        : line;
+                    matches.push({
+                        file: types_js_1.FILES[fileKey],
+                        line: i + 1,
+                        pattern: secretPattern.name,
+                        preview: preview.replace(/([a-zA-Z0-9_-]{8})[a-zA-Z0-9_-]{8,}([a-zA-Z0-9_-]{4})/g, '$1****$2'),
+                    });
+                    break; // Only report once per line
+                }
+            }
+        }
+    }
+    return matches;
+}
+/**
+ * Normalize text for comparison (lowercase, trim, remove extra spaces)
+ */
+function normalizeText(text) {
+    return text.toLowerCase().trim().replace(/\s+/g, ' ');
+}
+/**
+ * Detect duplicate and conflicting memories
+ */
+function detectMemoryConflicts(root) {
+    const conflicts = [];
+    const memoryPath = (0, utils_js_1.getFilePath)('MEMORY', root);
+    if (!fs.existsSync(memoryPath) || !(0, utils_js_1.isJsonlFormat)(memoryPath)) {
+        return conflicts;
+    }
+    const memories = (0, utils_js_1.readJsonlEntries)(memoryPath)
+        .filter(e => e.status === 'ACTIVE');
+    // Group by normalized details (exact duplicates)
+    const detailsMap = new Map();
+    for (const mem of memories) {
+        const normalized = normalizeText(mem.details);
+        if (!detailsMap.has(normalized)) {
+            detailsMap.set(normalized, []);
+        }
+        detailsMap.get(normalized).push(mem);
+    }
+    // Find duplicates
+    for (const [normalized, entries] of detailsMap) {
+        if (entries.length > 1) {
+            const preview = entries[0].details.length > 60
+                ? entries[0].details.substring(0, 60) + '...'
+                : entries[0].details;
+            conflicts.push({
+                type: 'duplicate',
+                entries: entries.map(e => e.id),
+                message: `Duplicate memory: "${preview}"`,
+                suggestion: `Consider deprecating older entries or merging them`,
+            });
+        }
+    }
+    // Find conflicting rules/decisions (same topic, contradictory)
+    const rules = memories.filter(m => m.type === 'rule' || m.type === 'decision');
+    const rulesByTopic = new Map();
+    for (const rule of rules) {
+        // Extract topic from details (first few words)
+        const topic = normalizeText(rule.details).split(' ').slice(0, 3).join(' ');
+        if (!rulesByTopic.has(topic)) {
+            rulesByTopic.set(topic, []);
+        }
+        rulesByTopic.get(topic).push(rule);
+    }
+    // Check for potential conflicts (same topic, different details)
+    for (const [topic, entries] of rulesByTopic) {
+        if (entries.length > 1) {
+            const uniqueDetails = new Set(entries.map(e => normalizeText(e.details)));
+            if (uniqueDetails.size > 1) {
+                conflicts.push({
+                    type: 'conflict',
+                    entries: entries.map(e => e.id),
+                    message: `Conflicting ${entries[0].type}s about: "${topic}..."`,
+                    suggestion: `Review and resolve contradictions`,
+                });
+            }
+        }
+    }
+    return conflicts;
+}
+/**
+ * Detect duplicate learnings
+ */
+function detectLearningConflicts(root) {
+    const conflicts = [];
+    const learningsPath = (0, utils_js_1.getFilePath)('LEARNINGS', root);
+    if (!fs.existsSync(learningsPath) || !(0, utils_js_1.isJsonlFormat)(learningsPath)) {
+        return conflicts;
+    }
+    const learnings = (0, utils_js_1.readJsonlEntries)(learningsPath)
+        .filter(e => e.status === 'ACTIVE');
+    // Group by normalized problem + solution (exact duplicates)
+    const problemSolutionMap = new Map();
+    for (const learning of learnings) {
+        const key = `${normalizeText(learning.problem)}|${normalizeText(learning.solution)}`;
+        if (!problemSolutionMap.has(key)) {
+            problemSolutionMap.set(key, []);
+        }
+        problemSolutionMap.get(key).push(learning);
+    }
+    // Find duplicates
+    for (const [key, entries] of problemSolutionMap) {
+        if (entries.length > 1) {
+            const preview = entries[0].problem.length > 50
+                ? entries[0].problem.substring(0, 50) + '...'
+                : entries[0].problem;
+            conflicts.push({
+                type: 'duplicate',
+                entries: entries.map(e => e.id),
+                message: `Duplicate learning: "${preview}"`,
+                suggestion: `Keep the most recent entry, deprecate others`,
+            });
+        }
+    }
+    return conflicts;
+}
+async function doctorCommand(options = {}) {
+    const { verbose, scanSecrets, autoFix = false, preflight = false, postflight = false, changed = false, fix = false, json = false, for: agentId, pr: prNumber, branch: branchName, } = options;
+    // TODO v1.6: Record telemetry event (command start)
+    // await recordEvent({
+    //   command: 'doctor',
+    //   result: 'success', // Will be updated to 'error' if command fails
+    //   flags: { preflight, postflight, json, scanSecrets },
+    //   isGitRepo: checkIsGitRepo(),
+    //   hasConfig: checkHasConfig(),
+    // });
+    // v1.4: Handle preflight/postflight
+    if (preflight) {
+        const root = (0, utils_js_1.findRoot)();
+        let report = await runPreflightCheck(options);
+        // Handle override if RED status
+        if (report.status === 'RED' && !json) {
+            report = await handleOverride(report, root, options);
+        }
+        // Log to observability
+        if (root) {
+            (0, observability_js_1.logBuddyCheckRun)(report, root);
+        }
+        if (json) {
+            // For JSON output, use safeLog to handle EPIPE
+            (0, utils_js_1.safeLog)(JSON.stringify(report, null, 2));
+        }
+        else {
+            printBuddyReport(report);
+        }
+        // Write to file
+        if (root) {
+            const reportPath = path.join(root, types_js_1.MEMORYLINK_DIR, 'preflight.json');
+            fs.writeFileSync(reportPath, JSON.stringify(report, null, 2));
+            if (!json) {
+                (0, utils_js_1.info)(`Report saved to: ${reportPath}`);
+            }
+            // Log override to overrides.log if present
+            if (report.override) {
+                logOverride(report.override, 'preflight', root);
+            }
+        }
+        // Exit with error code only if RED and not overridden
+        if (report.status === 'RED' && !report.override) {
+            process.exit(1);
+        }
+        return;
+    }
+    if (postflight) {
+        const root = (0, utils_js_1.findRoot)();
+        let report = await runPostflightCheck(options);
+        // Handle override if RED status
+        if (report.status === 'RED' && !json) {
+            report = await handleOverride(report, root, options);
+        }
+        // Log to observability
+        if (root) {
+            (0, observability_js_1.logBuddyCheckRun)(report, root);
+        }
+        if (json) {
+            // For JSON output, use safeLog to handle EPIPE
+            (0, utils_js_1.safeLog)(JSON.stringify(report, null, 2));
+        }
+        else {
+            printBuddyReport(report);
+        }
+        // Write to file
+        if (root) {
+            const reportPath = path.join(root, types_js_1.MEMORYLINK_DIR, 'postflight.json');
+            fs.writeFileSync(reportPath, JSON.stringify(report, null, 2));
+            if (!json) {
+                (0, utils_js_1.info)(`Report saved to: ${reportPath}`);
+            }
+            // Log override to overrides.log if present
+            if (report.override) {
+                logOverride(report.override, 'postflight', root);
+            }
+        }
+        // Exit with error code only if RED and not overridden
+        if (report.status === 'RED' && !report.override) {
+            process.exit(1);
+        }
+        return;
+    }
+    // Original doctor command (v1.3)
+    (0, utils_js_1.log)('Running health checks', verbose);
+    console.log('');
+    console.log('\x1b[1m🩺 MemoryLink Doctor\x1b[0m');
+    console.log('');
+    const checks = [];
+    // Check 1: MemoryLink initialized
+    const root = (0, utils_js_1.findRoot)();
+    const initialized = root && (0, utils_js_1.isInitialized)(root);
+    checks.push({
+        name: 'MemoryLink initialized',
+        status: initialized ? 'pass' : 'fail',
+        message: initialized
+            ? `Found .memorylink/ in ${root}`
+            : 'Run: memorylink init',
+        suggestion: initialized ? undefined : 'Run: memorylink init',
+    });
+    if (!initialized) {
+        printChecks(checks);
+        return;
+    }
+    // Check 2: All required files exist
+    const requiredFiles = ['PROTECTED', 'MEMORY', 'CHANGES', 'LEARNINGS', 'CONFIG'];
+    let allFilesExist = true;
+    const missingFiles = [];
+    for (const fileKey of requiredFiles) {
+        const filePath = (0, utils_js_1.getFilePath)(fileKey, root);
+        if (!fs.existsSync(filePath)) {
+            allFilesExist = false;
+            missingFiles.push(types_js_1.FILES[fileKey]);
+        }
+    }
+    checks.push({
+        name: 'Required files exist',
+        status: allFilesExist ? 'pass' : 'fail',
+        message: allFilesExist
+            ? 'All 5 files present'
+            : `Missing: ${missingFiles.join(', ')}`,
+    });
+    // Check 3: Config file valid
+    const config = (0, utils_js_1.readConfig)(root);
+    checks.push({
+        name: 'Config file valid',
+        status: config ? 'pass' : 'fail',
+        message: config
+            ? `Version ${config.version}, initialized ${new Date(config.initialized).toLocaleDateString()}`
+            : 'Config file is corrupted or invalid',
+        suggestion: config ? undefined : 'Run: memorylink init (will recreate config)',
+    });
+    // Check 4: Files are readable/writable
+    let filesWritable = true;
+    try {
+        const testFile = path.join(root, types_js_1.MEMORYLINK_DIR, '.doctor-test');
+        fs.writeFileSync(testFile, 'test');
+        fs.unlinkSync(testFile);
+    }
+    catch {
+        filesWritable = false;
+    }
+    checks.push({
+        name: 'Files are writable',
+        status: filesWritable ? 'pass' : 'fail',
+        message: filesWritable
+            ? 'Read/write access confirmed'
+            : 'Permission denied - check file permissions',
+    });
+    // Check 5: Git repository
+    let isGitRepo = false;
+    let gitTracked = false;
+    try {
+        (0, child_process_1.execSync)('git rev-parse --git-dir', { cwd: root, stdio: 'pipe' });
+        isGitRepo = true;
+        // Check if .memorylink is tracked
+        try {
+            const gitStatus = (0, child_process_1.execSync)(`git ls-files ${types_js_1.MEMORYLINK_DIR}`, { cwd: root, stdio: 'pipe' }).toString();
+            gitTracked = gitStatus.trim().length > 0;
+        }
+        catch {
+            gitTracked = false;
+        }
+    }
+    catch {
+        isGitRepo = false;
+    }
+    checks.push({
+        name: 'Git repository',
+        status: isGitRepo ? 'pass' : 'warn',
+        message: isGitRepo
+            ? gitTracked
+                ? '.memorylink/ is tracked in Git (team sharing enabled)'
+                : '.memorylink/ exists but not tracked in Git'
+            : 'Not a Git repository - team sharing disabled',
+    });
+    // Check 6: Git hooks
+    let hooksInstalled = false;
+    if (isGitRepo && root) {
+        const preCommitPath = path.join(root, '.git', 'hooks', 'pre-commit');
+        if (fs.existsSync(preCommitPath)) {
+            const hookContent = fs.readFileSync(preCommitPath, 'utf-8');
+            hooksInstalled = hookContent.includes('memorylink');
+        }
+    }
+    checks.push({
+        name: 'Git hooks installed',
+        status: hooksInstalled ? 'pass' : 'warn',
+        message: hooksInstalled
+            ? 'Pre-commit hook protects files'
+            : 'Run: memorylink hooks install',
+    });
+    // Check 7: Node.js version
+    const nodeVersion = process.version;
+    const majorVersion = parseInt(nodeVersion.slice(1).split('.')[0], 10);
+    checks.push({
+        name: 'Node.js version',
+        status: majorVersion >= 18 ? 'pass' : 'warn',
+        message: `${nodeVersion} ${majorVersion >= 18 ? '(supported)' : '(recommend v18+)'}`,
+    });
+    // Check 8: Protected files exist
+    const protectedPath = (0, utils_js_1.getFilePath)('PROTECTED', root);
+    const protectedFiles = fs.readFileSync(protectedPath, 'utf-8')
+        .split('\n')
+        .filter(l => l.trim() && !l.startsWith('#'))
+        .map(l => l.split('#')[0].trim());
+    let allProtectedExist = true;
+    const missingProtected = [];
+    for (const file of protectedFiles) {
+        const fullPath = path.join(root, file);
+        if (!fs.existsSync(fullPath)) {
+            allProtectedExist = false;
+            missingProtected.push(file);
+        }
+    }
+    if (protectedFiles.length > 0) {
+        checks.push({
+            name: 'Protected files exist',
+            status: allProtectedExist ? 'pass' : 'warn',
+            message: allProtectedExist
+                ? `All ${protectedFiles.length} protected files found`
+                : `Missing: ${missingProtected.slice(0, 3).join(', ')}${missingProtected.length > 3 ? '...' : ''}`,
+        });
+    }
+    // Check 9: SECRET SCANNING (Critical - All 7 AIs require this)
+    const secretMatches = scanForSecrets(root);
+    checks.push({
+        name: 'Secret scanning',
+        status: secretMatches.length === 0 ? 'pass' : 'fail',
+        message: secretMatches.length === 0
+            ? 'No potential secrets detected in logs'
+            : `⚠️  ${secretMatches.length} potential secret(s) detected!`,
+        suggestion: secretMatches.length === 0 ? undefined : 'Review detected secrets and remove them from logs',
+    });
+    // Check 10: Common sensitive files protection
+    const sensitiveFiles = ['.env', '.env.local', '.env.production', 'secrets.json', '*.pem', 'id_rsa'];
+    const unprotectedSensitive = [];
+    for (const sensitive of sensitiveFiles) {
+        // Check if file exists and is not protected
+        if (sensitive.includes('*'))
+            continue; // Skip glob patterns for now
+        const sensitivePath = path.join(root, sensitive);
+        if (fs.existsSync(sensitivePath) && !protectedFiles.includes(sensitive)) {
+            unprotectedSensitive.push(sensitive);
+        }
+    }
+    if (unprotectedSensitive.length > 0) {
+        checks.push({
+            name: 'Sensitive files protected',
+            status: 'warn',
+            message: `Unprotected: ${unprotectedSensitive.join(', ')} - Run: memorylink protect <file>`,
+            suggestion: `Run: memorylink protect ${unprotectedSensitive[0]}`,
+        });
+    }
+    // Check 11: Git merge conflict detection
+    const gitConflicts = detectGitConflicts(root);
+    checks.push({
+        name: 'Git merge conflicts',
+        status: gitConflicts.length === 0 ? 'pass' : 'fail',
+        message: gitConflicts.length === 0
+            ? 'No Git merge conflicts found'
+            : `${gitConflicts.length} Git merge conflict(s) detected in log files`,
+    });
+    // Check 12: Conflict/duplicate detection
+    const memoryConflicts = detectMemoryConflicts(root);
+    const learningConflicts = detectLearningConflicts(root);
+    const allConflicts = [...memoryConflicts, ...learningConflicts];
+    checks.push({
+        name: 'Conflict/duplicate detection',
+        status: allConflicts.length === 0 ? 'pass' : 'warn',
+        message: allConflicts.length === 0
+            ? 'No duplicates or conflicts found'
+            : `${allConflicts.length} conflict(s) detected (see details below)`,
+    });
+    // Check 13: Code structure graph freshness (v1.2)
+    const graphFile = path.join(root, '.memorylink', 'code-graph.json');
+    if (fs.existsSync(graphFile)) {
+        const stats = fs.statSync(graphFile);
+        const age = Date.now() - stats.mtimeMs;
+        const oneWeek = 7 * 24 * 60 * 60 * 1000;
+        checks.push({
+            name: 'Code structure graph',
+            status: age < oneWeek ? 'pass' : 'warn',
+            message: age < oneWeek
+                ? `Graph is ${Math.floor(age / (24 * 60 * 60 * 1000))} day(s) old`
+                : 'Graph is older than 7 days - Run: memorylink graph build --rebuild',
+            suggestion: age >= oneWeek ? 'Run: memorylink graph build --rebuild' : undefined,
+        });
+    }
+    else {
+        checks.push({
+            name: 'Code structure graph',
+            status: 'warn',
+            message: 'No code structure graph found',
+            suggestion: 'Run: memorylink graph build to enable code structure memory',
+        });
+    }
+    printChecks(checks);
+    // If secrets were found, print detailed report
+    if (secretMatches.length > 0) {
+        console.log('');
+        console.log('\x1b[31m\x1b[1m🚨 SECURITY WARNING: Potential Secrets Detected!\x1b[0m');
+        console.log('');
+        console.log('\x1b[33mThe following entries may contain sensitive data:\x1b[0m');
+        console.log('');
+        for (const match of secretMatches) {
+            console.log(`   \x1b[31m•\x1b[0m ${match.file}:${match.line}`);
+            console.log(`     \x1b[90mType: ${match.pattern}\x1b[0m`);
+            console.log(`     \x1b[90mPreview: ${match.preview}\x1b[0m`);
+            console.log('');
+        }
+        console.log('\x1b[33m⚠️  ACTION REQUIRED:\x1b[0m');
+        console.log('   1. Remove secrets from MemoryLink logs immediately');
+        console.log('   2. Rotate any exposed credentials');
+        console.log('   3. Use environment variables instead of storing secrets');
+        console.log('   4. Add sensitive files to protected.txt');
+        console.log('');
+        console.log('\x1b[90mTip: Never store API keys, passwords, or tokens in MemoryLink logs.\x1b[0m');
+        console.log('\x1b[90mUse: memorylink protect .env\x1b[0m');
+        console.log('');
+    }
+    // Auto-fix suggestions
+    const failCount = checks.filter(c => c.status === 'fail').length;
+    if (autoFix && failCount > 0) {
+        const fixableChecks = checks.filter(c => c.status === 'fail' && c.suggestion);
+        if (fixableChecks.length > 0) {
+            console.log('');
+            (0, utils_js_1.info)('🔧 Auto-fix suggestions:');
+            console.log('');
+            for (const check of fixableChecks) {
+                if (check.suggestion) {
+                    console.log(`   ${check.name}:`);
+                    console.log(`   → ${check.suggestion}`);
+                    console.log('');
+                }
+            }
+        }
+    }
+    // If conflicts were found, print detailed report
+    if (allConflicts.length > 0) {
+        console.log('');
+        console.log('\x1b[33m\x1b[1m⚠️  CONFLICTS & DUPLICATES DETECTED\x1b[0m');
+        console.log('');
+        console.log('\x1b[33mThe following entries may need attention:\x1b[0m');
+        console.log('');
+        for (const conflict of allConflicts) {
+            const icon = conflict.type === 'duplicate' ? '📋' : '⚠️';
+            const color = conflict.type === 'duplicate' ? '\x1b[33m' : '\x1b[31m';
+            console.log(`   ${icon} ${color}${conflict.message}\x1b[0m`);
+            console.log(`     \x1b[90mEntry IDs: ${conflict.entries.slice(0, 3).join(', ')}${conflict.entries.length > 3 ? ` (+${conflict.entries.length - 3} more)` : ''}\x1b[0m`);
+            if (conflict.suggestion) {
+                console.log(`     \x1b[90mSuggestion: ${conflict.suggestion}\x1b[0m`);
+            }
+            console.log('');
+        }
+        console.log('\x1b[33m💡 TIPS:\x1b[0m');
+        console.log('   • Review duplicate entries and keep the most relevant');
+        console.log('   • Resolve conflicting rules/decisions');
+        console.log('   • Use memorylink search to find entries by ID');
+        console.log('   • Consider deprecating outdated entries');
+        console.log('');
+    }
+    // Print all checks
+    printChecks(checks);
+    // Summary
+    console.log('');
+    const passCount = checks.filter(c => c.status === 'pass').length;
+    const warnCount = checks.filter(c => c.status === 'warn').length;
+    if (failCount > 0) {
+        (0, utils_js_1.error)(`${failCount} issue(s) need attention`);
+        if (!autoFix) {
+            (0, utils_js_1.info)('   Run with --auto-fix to see fix suggestions');
+        }
+    }
+    else if (warnCount > 0) {
+        (0, utils_js_1.warn)(`${warnCount} warning(s), ${passCount} passed`);
+    }
+    else {
+        (0, utils_js_1.success)(`All ${passCount} checks passed! MemoryLink is healthy.`);
+    }
+    console.log('');
+}
+function printChecks(checks) {
+    for (const check of checks) {
+        let icon;
+        let color;
+        switch (check.status) {
+            case 'pass':
+                icon = '✓';
+                color = '\x1b[32m';
+                break;
+            case 'warn':
+                icon = '⚠';
+                color = '\x1b[33m';
+                break;
+            case 'fail':
+                icon = '✗';
+                color = '\x1b[31m';
+                break;
+        }
+        console.log(`   ${color}${icon}\x1b[0m ${check.name}`);
+        console.log(`     \x1b[90m${check.message}\x1b[0m`);
+    }
+}
+// ============================================
+// V1.4 BUDDY-CHECK: PREFLIGHT & POSTFLIGHT
+// ============================================
+/**
+ * Run preflight check before AI agent operations
+ */
+async function runPreflightCheck(options) {
+    const startTime = Date.now();
+    const root = (0, utils_js_1.findRoot)();
+    if (!root || !(0, utils_js_1.isInitialized)(root)) {
+        return {
+            status: 'RED',
+            summary: 'MemoryLink not initialized',
+            issues: [{
+                    type: 'INIT',
+                    severity: 'error',
+                    message: 'MemoryLink is not initialized. Run: memorylink init',
+                }],
+            timestamp: new Date().toISOString(),
+            runType: 'preflight',
+            durationMs: Date.now() - startTime,
+        };
+    }
+    const issues = [];
+    // Check 0: Agent locking (v1.5)
+    const lockStatus = (0, lock_js_1.checkLock)(root);
+    if (lockStatus.locked) {
+        issues.push({
+            type: 'LOCK',
+            severity: 'warning',
+            message: `Agent lock active: ${lockStatus.agentId} (expires ${lockStatus.expiresAt?.toLocaleString()})`,
+            projectPath: root,
+            suggestion: 'Wait for lock to expire or release with: memorylink lock release',
+        });
+    }
+    const memoryEntries = (0, utils_js_1.readJsonlEntries)((0, utils_js_1.getFilePath)('MEMORY', root));
+    // Check 1: Schema validation
+    const schemaIssues = validateSchema(memoryEntries, root);
+    issues.push(...schemaIssues);
+    // Check 2: Referential integrity
+    const refIssues = validateReferentialIntegrity(memoryEntries, root);
+    issues.push(...refIssues);
+    // Check 3: Security checks (secrets, PII)
+    const securityIssues = validateSecurity(memoryEntries, root);
+    issues.push(...securityIssues);
+    // Check 4: Staleness detection
+    const stalenessIssues = detectStaleness(memoryEntries, root);
+    issues.push(...stalenessIssues);
+    // Check 5: Policy validation
+    const policyIssues = validatePolicies(memoryEntries, root);
+    issues.push(...policyIssues);
+    // Calculate status
+    const status = calculateBuddyStatus(issues);
+    // Count trust levels
+    const trustCounts = countTrustLevels(memoryEntries);
+    const duration = Date.now() - startTime;
+    return {
+        status,
+        summary: generateSummary(status, issues.length, memoryEntries.length),
+        issues,
+        timestamp: new Date().toISOString(),
+        runType: 'preflight',
+        agentId: options.for,
+        branch: options.branch,
+        recordsUsed: memoryEntries.length,
+        highTrust: trustCounts.high,
+        mediumTrust: trustCounts.medium,
+        lowTrust: trustCounts.low,
+        staleCount: stalenessIssues.length,
+        durationMs: duration,
+    };
+}
+/**
+ * Run postflight check after AI agent operations
+ */
+async function runPostflightCheck(options) {
+    const startTime = Date.now();
+    const root = (0, utils_js_1.findRoot)();
+    if (!root || !(0, utils_js_1.isInitialized)(root)) {
+        return {
+            status: 'RED',
+            summary: 'MemoryLink not initialized',
+            issues: [{
+                    type: 'INIT',
+                    severity: 'error',
+                    message: 'MemoryLink is not initialized. Run: memorylink init',
+                }],
+            timestamp: new Date().toISOString(),
+            runType: 'postflight',
+            durationMs: Date.now() - startTime,
+        };
+    }
+    const issues = [];
+    // Get changed files if --changed flag is set
+    // TODO v1.6: Use `git diff` to detect changed files instead of file watching
+    // This will enable detection of:
+    // - Protected file modifications (via git diff --name-only + protected.txt check)
+    // - File deletions (via git diff --diff-filter=D)
+    // - Large-scale changes (via git diff --stat line count)
+    const changedFiles = options.changed ? getChangedFiles(root) : [];
+    // Read memory entries (filter to changed if needed)
+    let memoryEntries = (0, utils_js_1.readJsonlEntries)((0, utils_js_1.getFilePath)('MEMORY', root));
+    if (options.changed && changedFiles.length > 0) {
+        // Filter entries related to changed files
+        memoryEntries = memoryEntries.filter(entry => {
+            if (entry.file && changedFiles.includes(entry.file))
+                return true;
+            if (entry.path && changedFiles.includes(entry.path))
+                return true;
+            // Check if entry was created/updated recently (last 5 minutes)
+            const entryTime = new Date(entry.ts).getTime();
+            const fiveMinutesAgo = Date.now() - 5 * 60 * 1000;
+            return entryTime > fiveMinutesAgo;
+        });
+    }
+    // Run same checks as preflight
+    const schemaIssues = validateSchema(memoryEntries, root);
+    issues.push(...schemaIssues);
+    const refIssues = validateReferentialIntegrity(memoryEntries, root);
+    issues.push(...refIssues);
+    const securityIssues = validateSecurity(memoryEntries, root);
+    issues.push(...securityIssues);
+    const stalenessIssues = detectStaleness(memoryEntries, root);
+    issues.push(...stalenessIssues);
+    const policyIssues = validatePolicies(memoryEntries, root);
+    issues.push(...policyIssues);
+    // Additional postflight checks
+    const consistencyIssues = validateConsistency(memoryEntries, root, changedFiles);
+    issues.push(...consistencyIssues);
+    // Mark new agent records as DRAFT
+    if (options.fix) {
+        await markAgentRecordsAsDraft(memoryEntries, root);
+    }
+    // Calculate status
+    const status = calculateBuddyStatus(issues);
+    const trustCounts = countTrustLevels(memoryEntries);
+    const duration = Date.now() - startTime;
+    return {
+        status,
+        summary: generateSummary(status, issues.length, memoryEntries.length),
+        issues,
+        timestamp: new Date().toISOString(),
+        runType: 'postflight',
+        recordsUsed: memoryEntries.length,
+        highTrust: trustCounts.high,
+        mediumTrust: trustCounts.medium,
+        lowTrust: trustCounts.low,
+        staleCount: stalenessIssues.length,
+        durationMs: duration,
+    };
+}
+/**
+ * Validate schema and required fields
+ */
+function validateSchema(entries, root) {
+    const issues = [];
+    for (const entry of entries) {
+        // Check required fields
+        if (!entry.id) {
+            issues.push({
+                id: entry.id,
+                type: 'SCHEMA',
+                severity: 'error',
+                message: 'Missing required field: id',
+                projectPath: root,
+            });
+        }
+        if (!entry.ts) {
+            issues.push({
+                id: entry.id,
+                type: 'SCHEMA',
+                severity: 'error',
+                message: 'Missing required field: ts (timestamp)',
+                projectPath: root,
+            });
+        }
+        if (!entry.type) {
+            issues.push({
+                id: entry.id,
+                type: 'SCHEMA',
+                severity: 'error',
+                message: 'Missing required field: type',
+                projectPath: root,
+            });
+        }
+        // v1.4: Check schema version if present
+        if (entry.schemaVersion && entry.schemaVersion !== '1.4.0' && entry.schemaVersion !== '1.3.0') {
+            issues.push({
+                id: entry.id,
+                type: 'SCHEMA',
+                severity: 'warning',
+                message: `Unknown schema version: ${entry.schemaVersion}`,
+                projectPath: root,
+            });
+        }
+    }
+    return issues;
+}
+/**
+ * Validate referential integrity (files exist, lines in range, commits exist)
+ */
+function validateReferentialIntegrity(entries, root) {
+    const issues = [];
+    for (const entry of entries) {
+        // Check file references
+        if (entry.file) {
+            const filePath = path.join(root, entry.file);
+            if (!fs.existsSync(filePath)) {
+                issues.push({
+                    id: entry.id,
+                    type: 'BROKEN_REF',
+                    severity: 'warning',
+                    message: `Referenced file does not exist: ${entry.file}`,
+                    projectPath: root,
+                });
+            }
+            else if (entry.lines) {
+                // Check line numbers are in range
+                const lineRange = parseLineRange(entry.lines);
+                if (lineRange) {
+                    const fileContent = fs.readFileSync(filePath, 'utf-8');
+                    const totalLines = fileContent.split('\n').length;
+                    if (lineRange.end > totalLines) {
+                        issues.push({
+                            id: entry.id,
+                            type: 'BROKEN_REF',
+                            severity: 'warning',
+                            message: `Line range ${entry.lines} exceeds file length (${totalLines} lines)`,
+                            projectPath: root,
+                        });
+                    }
+                }
+            }
+        }
+        // Check commit OID if location.commit is present (v1.4)
+        if (entry.location?.commit) {
+            try {
+                (0, child_process_1.execSync)(`git cat-file -e ${entry.location.commit}`, {
+                    cwd: root,
+                    stdio: 'ignore'
+                });
+            }
+            catch {
+                issues.push({
+                    id: entry.id,
+                    type: 'BROKEN_REF',
+                    severity: 'warning',
+                    message: `Referenced commit does not exist: ${entry.location.commit}`,
+                    projectPath: root,
+                });
+            }
+        }
+    }
+    return issues;
+}
+/**
+ * Validate security (secrets, PII)
+ *
+ * TODO v1.6: Enhanced pattern matching
+ * - Add credit card patterns (Luhn algorithm validation)
+ * - Add CVV patterns (3-4 digits)
+ * - Add SSN patterns (XXX-XX-XXXX)
+ * - Add API key patterns (common formats)
+ * - Add file-based logging detection (console.log with sensitive data)
+ * - See: src/utils/v1.6-patterns.ts (commented out for v1.6)
+ */
+function validateSecurity(entries, root) {
+    const issues = [];
+    for (const entry of entries) {
+        const content = entry.details || entry.code || '';
+        // Check for secrets
+        for (const pattern of SECRET_PATTERNS) {
+            const matches = content.match(pattern.pattern);
+            if (matches) {
+                // RED if agent-origin, YELLOW if human
+                const severity = entry.sourceType === 'agent' ? 'error' : 'warning';
+                issues.push({
+                    id: entry.id,
+                    type: 'SECRET',
+                    severity,
+                    message: `Potential secret detected (${pattern.name}): ${matches[0].substring(0, 20)}...`,
+                    projectPath: root,
+                    suggestion: 'Remove secret from memory entry',
+                });
+            }
+        }
+        // Check for PII (emails, IDs)
+        const emailPattern = /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g;
+        const emailMatches = content.match(emailPattern);
+        if (emailMatches && entry.sourceType === 'agent') {
+            issues.push({
+                id: entry.id,
+                type: 'PII',
+                severity: 'error',
+                message: `PII detected (email): ${emailMatches[0]}`,
+                projectPath: root,
+                suggestion: 'Remove PII from memory entry',
+            });
+        }
+        // TODO v1.6: Enhanced patterns (see src/utils/v1.6-patterns.ts)
+        // - Credit card: /(?:\d{4}[-\s]?){3}\d{4}/g + Luhn validation
+        // - CVV: /\b\d{3,4}\b/g (context-dependent)
+        // - SSN: /\b\d{3}-\d{2}-\d{4}\b/g
+        // - API keys: Common formats (AWS, Google, etc.)
+        // - File logging: console.log/logger.* with sensitive patterns
+    }
+    return issues;
+}
+/**
+ * Detect stale records (file changed since commit)
+ */
+function detectStaleness(entries, root) {
+    const issues = [];
+    for (const entry of entries) {
+        if (entry.location?.commit && entry.file) {
+            try {
+                // Check if file has changed since commit
+                const filePath = path.join(root, entry.file);
+                if (fs.existsSync(filePath)) {
+                    const currentCommit = (0, child_process_1.execSync)('git rev-parse HEAD', {
+                        cwd: root,
+                        encoding: 'utf-8'
+                    }).trim();
+                    if (currentCommit !== entry.location.commit) {
+                        // File has changed - mark as stale
+                        issues.push({
+                            id: entry.id,
+                            type: 'STALE',
+                            severity: 'warning',
+                            message: `File changed since commit ${entry.location.commit.substring(0, 8)}`,
+                            projectPath: root,
+                            suggestion: 'Update memory entry or rebuild graph',
+                        });
+                    }
+                }
+            }
+            catch {
+                // Git not available or file doesn't exist - skip
+            }
+        }
+    }
+    return issues;
+}
+/**
+ * Validate policy rules
+ *
+ * TODO v1.6: Add Git-based protected file detection
+ * - Use `git diff --name-only HEAD` to get changed files
+ * - Cross-reference with protected.txt
+ * - Detect protected file modifications (RED status)
+ * - Detect file deletions (via `git diff --diff-filter=D`)
+ * - Detect large-scale changes (via `git diff --stat` line count > threshold)
+ */
+function validatePolicies(entries, root) {
+    const issues = [];
+    // Policy: "Prefer fresh code over memory"
+    // Policy: "No secrets in memory"
+    // (Already checked in validateSecurity)
+    // TODO v1.6: Protected file detection via Git diff
+    // const protectedFiles = readLines(getFilePath('PROTECTED', root));
+    // const changedFiles = getChangedFiles(root);
+    // for (const file of changedFiles) {
+    //   if (protectedFiles.includes(file)) {
+    //     issues.push({
+    //       type: 'PROTECTED_FILE',
+    //       severity: 'error',
+    //       message: `Protected file modified: ${file}`,
+    //       projectPath: root,
+    //       suggestion: 'Review changes or remove from protected.txt',
+    //     });
+    //   }
+    // }
+    // Policy: "Agent records should be DRAFT until verified"
+    for (const entry of entries) {
+        if (entry.sourceType === 'agent' && entry.memoryStatus !== 'DRAFT') {
+            issues.push({
+                id: entry.id,
+                type: 'POLICY',
+                severity: 'info',
+                message: 'Agent-origin record should be DRAFT until verified',
+                projectPath: root,
+                suggestion: 'Mark as DRAFT or promote to VERIFIED after review',
+            });
+        }
+    }
+    return issues;
+}
+/**
+ * Validate consistency (code + memory changes)
+ */
+function validateConsistency(entries, root, changedFiles) {
+    const issues = [];
+    // Check if memory entries match changed files
+    for (const entry of entries) {
+        if (entry.file && changedFiles.length > 0 && !changedFiles.includes(entry.file)) {
+            // Entry references file that wasn't changed - might be inconsistent
+            issues.push({
+                id: entry.id,
+                type: 'CONFLICT',
+                severity: 'info',
+                message: `Memory entry references unchanged file: ${entry.file}`,
+                projectPath: root,
+            });
+        }
+    }
+    return issues;
+}
+/**
+ * Calculate Buddy-Check status from issues
+ */
+function calculateBuddyStatus(issues) {
+    // RED: Any error-level issues
+    if (issues.some(i => i.severity === 'error')) {
+        return 'RED';
+    }
+    // YELLOW: Any warnings
+    if (issues.some(i => i.severity === 'warning')) {
+        return 'YELLOW';
+    }
+    // GREEN: No errors or warnings
+    return 'GREEN';
+}
+/**
+ * Generate summary text
+ */
+function generateSummary(status, issueCount, recordCount) {
+    if (status === 'RED') {
+        return `RED: ${issueCount} critical issue(s) found in ${recordCount} records`;
+    }
+    else if (status === 'YELLOW') {
+        return `YELLOW: ${issueCount} warning(s) found in ${recordCount} records`;
+    }
+    else {
+        return `GREEN: All checks passed for ${recordCount} records`;
+    }
+}
+/**
+ * Count trust levels in entries
+ */
+function countTrustLevels(entries) {
+    let high = 0;
+    let medium = 0;
+    let low = 0;
+    for (const entry of entries) {
+        const trust = entry.trustLevel || 'medium';
+        if (trust === 'high')
+            high++;
+        else if (trust === 'low')
+            low++;
+        else
+            medium++;
+    }
+    return { high, medium, low };
+}
+/**
+ * Get changed files from Git
+ */
+function getChangedFiles(root) {
+    try {
+        const output = (0, child_process_1.execSync)('git diff --name-only HEAD', {
+            cwd: root,
+            encoding: 'utf-8'
+        });
+        return output.split('\n').filter(f => f.trim()).map(f => f.trim());
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Parse line range (e.g., "42-50" or "42")
+ */
+function parseLineRange(lines) {
+    if (lines.includes('-')) {
+        const [start, end] = lines.split('-').map(n => parseInt(n, 10));
+        if (!isNaN(start) && !isNaN(end)) {
+            return { start, end };
+        }
+    }
+    else {
+        const line = parseInt(lines, 10);
+        if (!isNaN(line)) {
+            return { start: line, end: line };
+        }
+    }
+    return null;
+}
+/**
+ * Mark agent records as DRAFT (for postflight --fix)
+ */
+async function markAgentRecordsAsDraft(entries, root) {
+    const memoryPath = (0, utils_js_1.getFilePath)('MEMORY', root);
+    const updatedEntries = [];
+    let updated = false;
+    for (const entry of entries) {
+        if (entry.sourceType === 'agent' && entry.memoryStatus !== 'DRAFT') {
+            updatedEntries.push({
+                ...entry,
+                memoryStatus: 'DRAFT',
+                recordVersion: (entry.recordVersion || 1) + 1,
+            });
+            updated = true;
+        }
+        else {
+            updatedEntries.push(entry);
+        }
+    }
+    if (updated) {
+        // Write updated entries back
+        const jsonl = updatedEntries.map(e => JSON.stringify(e)).join('\n') + '\n';
+        fs.writeFileSync(memoryPath, jsonl);
+        (0, utils_js_1.info)('Marked agent records as DRAFT');
+    }
+}
+/**
+ * Handle human override for RED status
+ */
+async function handleOverride(report, root, options) {
+    if (!root) {
+        return report;
+    }
+    // Check if in strict mode (would require override)
+    const config = (0, utils_js_1.readConfig)(root);
+    const isStrict = config?.strict === true || config?.mode === 'enterprise';
+    if (!isStrict) {
+        // Developer mode: allow override but don't require it
+        return report;
+    }
+    // In strict mode, prompt for override
+    console.log('');
+    (0, utils_js_1.warn)('⚠️  RED status detected - override required in strict mode');
+    console.log('');
+    // For now, we'll just return the report without override
+    // In a full implementation, this would prompt for:
+    // - approvedBy (user name/ID)
+    // - reason (why override is needed)
+    // For CLI, we can use environment variables or flags
+    const overrideBy = process.env.MEMORYLINK_OVERRIDE_BY || options.for || 'unknown';
+    const overrideReason = process.env.MEMORYLINK_OVERRIDE_REASON || 'Manual override via CLI';
+    if (overrideBy !== 'unknown' || overrideReason !== 'Manual override via CLI') {
+        const override = {
+            approvedBy: overrideBy,
+            reason: overrideReason,
+            timestamp: new Date().toISOString(),
+        };
+        return {
+            ...report,
+            override,
+        };
+    }
+    return report;
+}
+/**
+ * Log override to overrides.log (JSONL)
+ *
+ * TODO v1.6: Enhanced override logging
+ * - Add report ID reference
+ * - Add issue IDs that were overridden
+ * - Add context (branch, PR, agent)
+ * - Add audit trail fields (who, when, why, what)
+ * - Format: { approvedBy, reason, timestamp, runType, reportId, issueIds[], context: { branch, pr, agent } }
+ */
+function logOverride(override, runType, root) {
+    try {
+        const overridesPath = path.join(root, types_js_1.MEMORYLINK_DIR, 'overrides.log');
+        const entry = {
+            ...override,
+            runType,
+            // TODO v1.6: Add reportId, issueIds[], context
+        };
+        const jsonlLine = JSON.stringify(entry) + '\n';
+        fs.appendFileSync(overridesPath, jsonlLine, 'utf-8');
+    }
+    catch (err) {
+        // Silently fail - override logging should not break the main flow
+    }
+}
+/**
+ * Print Buddy-Check report
+ */
+function printBuddyReport(report) {
+    // Check if stdout is writable before printing
+    if (!(0, utils_js_1.isStdoutWritable)()) {
+        return; // Silently return if stdout is closed
+    }
+    (0, utils_js_1.safeLog)('');
+    (0, utils_js_1.safeLog)('\x1b[1m🔍 Buddy-Check Report\x1b[0m');
+    (0, utils_js_1.safeLog)('');
+    // Status indicator
+    let statusColor = '\x1b[32m'; // GREEN
+    let statusIcon = '●';
+    if (report.status === 'YELLOW') {
+        statusColor = '\x1b[33m'; // YELLOW
+    }
+    else if (report.status === 'RED') {
+        statusColor = '\x1b[31m'; // RED
+    }
+    (0, utils_js_1.safeLog)(`   Status: ${statusColor}${statusIcon} ${report.status}\x1b[0m`);
+    (0, utils_js_1.safeLog)(`   ${report.summary}`);
+    (0, utils_js_1.safeLog)('');
+    if (report.issues.length > 0) {
+        (0, utils_js_1.safeLog)(`   Issues (${report.issues.length}):`);
+        for (const issue of report.issues.slice(0, 10)) {
+            const severityColor = issue.severity === 'error' ? '\x1b[31m' :
+                issue.severity === 'warning' ? '\x1b[33m' : '\x1b[36m';
+            (0, utils_js_1.safeLog)(`   ${severityColor}${issue.severity.toUpperCase()}\x1b[0m [${issue.type}] ${issue.message}`);
+            if (issue.suggestion) {
+                (0, utils_js_1.safeLog)(`     💡 ${issue.suggestion}`);
+            }
+        }
+        if (report.issues.length > 10) {
+            (0, utils_js_1.safeLog)(`   ... and ${report.issues.length - 10} more`);
+        }
+    }
+    else {
+        (0, utils_js_1.safeLog)('   ✓ No issues found');
+    }
+    if (report.recordsUsed !== undefined) {
+        (0, utils_js_1.safeLog)('');
+        (0, utils_js_1.safeLog)(`   Records: ${report.recordsUsed} checked`);
+        if (report.highTrust !== undefined) {
+            (0, utils_js_1.safeLog)(`   Trust: ${report.highTrust} high, ${report.mediumTrust} medium, ${report.lowTrust} low`);
+        }
+        if (report.staleCount !== undefined && report.staleCount > 0) {
+            (0, utils_js_1.safeLog)(`   Stale: ${report.staleCount}`);
+        }
+    }
+    if (report.durationMs !== undefined) {
+        (0, utils_js_1.safeLog)(`   Duration: ${report.durationMs}ms`);
+    }
+    if (report.override) {
+        (0, utils_js_1.safeLog)('');
+        (0, utils_js_1.warn)(`⚠️  Override: Approved by ${report.override.approvedBy}`);
+        (0, utils_js_1.safeLog)(`   Reason: ${report.override.reason}`);
+    }
+    (0, utils_js_1.safeLog)('');
+}
+//# sourceMappingURL=doctor.js.map