mindforge-cc 11.3.1 → 11.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (475) hide show
  1. package/.agent/CLAUDE.md +13 -0
  2. package/.agent/hooks/lib/hook-flags.js +78 -0
  3. package/.agent/hooks/lib/pretooluse-visible-output.js +46 -0
  4. package/.agent/hooks/mindforge-block-no-verify.js +552 -0
  5. package/.agent/hooks/mindforge-config-protection.js +144 -0
  6. package/.agent/hooks/run-with-flags.js +207 -0
  7. package/.agent/mindforge/checkpoint.md +76 -0
  8. package/.agent/mindforge/harness-audit.md +59 -0
  9. package/.agent/mindforge/instinct.md +46 -0
  10. package/.agent/mindforge/orch-add-feature.md +43 -0
  11. package/.agent/mindforge/orch-build-mvp.md +48 -0
  12. package/.agent/mindforge/orch-change-feature.md +45 -0
  13. package/.agent/mindforge/orch-fix-defect.md +43 -0
  14. package/.agent/mindforge/orch-refine-code.md +43 -0
  15. package/.agent/skills/mindforge-add-backlog/SKILL.md +2 -2
  16. package/.agent/skills/mindforge-add-phase/SKILL.md +2 -2
  17. package/.agent/skills/mindforge-add-tests/SKILL.md +2 -2
  18. package/.agent/skills/mindforge-add-todo/SKILL.md +2 -2
  19. package/.agent/skills/mindforge-audit-milestone/SKILL.md +2 -2
  20. package/.agent/skills/mindforge-audit-uat/SKILL.md +2 -2
  21. package/.agent/skills/mindforge-autonomous/SKILL.md +2 -2
  22. package/.agent/skills/mindforge-brainstorming/SKILL.md +1 -1
  23. package/.agent/skills/mindforge-check-todos/SKILL.md +2 -2
  24. package/.agent/skills/mindforge-cleanup/SKILL.md +2 -2
  25. package/.agent/skills/mindforge-complete-milestone/SKILL.md +2 -2
  26. package/.agent/skills/mindforge-debug/SKILL.md +2 -2
  27. package/.agent/skills/mindforge-debug_extended/SKILL.md +2 -2
  28. package/.agent/skills/mindforge-discuss-phase/SKILL.md +2 -2
  29. package/.agent/skills/mindforge-do/SKILL.md +2 -2
  30. package/.agent/skills/mindforge-execute-phase/SKILL.md +2 -2
  31. package/.agent/skills/mindforge-execute-phase_extended/SKILL.md +2 -2
  32. package/.agent/skills/mindforge-fast/SKILL.md +2 -2
  33. package/.agent/skills/mindforge-forensics/SKILL.md +2 -2
  34. package/.agent/skills/mindforge-health/SKILL.md +2 -2
  35. package/.agent/skills/mindforge-help/SKILL.md +2 -2
  36. package/.agent/skills/mindforge-insert-phase/SKILL.md +2 -2
  37. package/.agent/skills/mindforge-join-discord/SKILL.md +2 -2
  38. package/.agent/skills/mindforge-list-phase-assumptions/SKILL.md +2 -2
  39. package/.agent/skills/mindforge-list-workspaces/SKILL.md +2 -2
  40. package/.agent/skills/mindforge-manager/SKILL.md +2 -2
  41. package/.agent/skills/mindforge-map-codebase/SKILL.md +2 -2
  42. package/.agent/skills/mindforge-milestone-summary/SKILL.md +2 -2
  43. package/.agent/skills/mindforge-neural-orchestrator/SKILL.md +2 -2
  44. package/.agent/skills/mindforge-new-milestone/SKILL.md +2 -2
  45. package/.agent/skills/mindforge-new-project/SKILL.md +2 -2
  46. package/.agent/skills/mindforge-new-workspace/SKILL.md +2 -2
  47. package/.agent/skills/mindforge-next/SKILL.md +2 -2
  48. package/.agent/skills/mindforge-note/SKILL.md +2 -2
  49. package/.agent/skills/mindforge-parallel-mesh_extended/SKILL.md +2 -2
  50. package/.agent/skills/mindforge-pause-work/SKILL.md +2 -2
  51. package/.agent/skills/mindforge-plan-milestone-gaps/SKILL.md +2 -2
  52. package/.agent/skills/mindforge-plan-phase/SKILL.md +2 -2
  53. package/.agent/skills/mindforge-plan-phase_extended/SKILL.md +2 -2
  54. package/.agent/skills/mindforge-plant-seed/SKILL.md +2 -2
  55. package/.agent/skills/mindforge-pr-branch/SKILL.md +2 -2
  56. package/.agent/skills/mindforge-profile-user/SKILL.md +2 -2
  57. package/.agent/skills/mindforge-progress/SKILL.md +2 -2
  58. package/.agent/skills/mindforge-quick/SKILL.md +2 -2
  59. package/.agent/skills/mindforge-reapply-patches/SKILL.md +2 -2
  60. package/.agent/skills/mindforge-remove-phase/SKILL.md +2 -2
  61. package/.agent/skills/mindforge-remove-workspace/SKILL.md +2 -2
  62. package/.agent/skills/mindforge-research-phase/SKILL.md +2 -2
  63. package/.agent/skills/mindforge-resume-work/SKILL.md +2 -2
  64. package/.agent/skills/mindforge-review/SKILL.md +2 -2
  65. package/.agent/skills/mindforge-review-backlog/SKILL.md +2 -2
  66. package/.agent/skills/mindforge-review-inbound/SKILL.md +2 -2
  67. package/.agent/skills/mindforge-review-request/SKILL.md +2 -2
  68. package/.agent/skills/mindforge-session-report/SKILL.md +2 -2
  69. package/.agent/skills/mindforge-set-profile/SKILL.md +2 -2
  70. package/.agent/skills/mindforge-settings/SKILL.md +2 -2
  71. package/.agent/skills/mindforge-ship/SKILL.md +2 -2
  72. package/.agent/skills/mindforge-ship_extended/SKILL.md +2 -2
  73. package/.agent/skills/mindforge-skill-creation/SKILL.md +2 -2
  74. package/.agent/skills/mindforge-stats/SKILL.md +2 -2
  75. package/.agent/skills/mindforge-swarm-execution/SKILL.md +2 -2
  76. package/.agent/skills/mindforge-system-architecture/SKILL.md +2 -2
  77. package/.agent/skills/mindforge-tdd/SKILL.md +2 -2
  78. package/.agent/skills/mindforge-tdd_extended/SKILL.md +2 -2
  79. package/.agent/skills/mindforge-thread/SKILL.md +2 -2
  80. package/.agent/skills/mindforge-ui-phase/SKILL.md +2 -2
  81. package/.agent/skills/mindforge-ui-review/SKILL.md +2 -2
  82. package/.agent/skills/mindforge-update/SKILL.md +2 -2
  83. package/.agent/skills/mindforge-validate-phase/SKILL.md +2 -2
  84. package/.agent/skills/mindforge-verify-work/SKILL.md +2 -2
  85. package/.agent/skills/mindforge-verify-work_extended/SKILL.md +2 -2
  86. package/.agent/skills/mindforge-workspace-isolated/SKILL.md +2 -2
  87. package/.agent/skills/mindforge-workstreams/SKILL.md +2 -2
  88. package/.claude/CLAUDE.md +13 -0
  89. package/.claude/commands/mindforge/add-backlog.md +2 -2
  90. package/.claude/commands/mindforge/agent-deploy.md +1 -1
  91. package/.claude/commands/mindforge/agent-design.md +1 -1
  92. package/.claude/commands/mindforge/agent.md +2 -2
  93. package/.claude/commands/mindforge/ai-cost.md +1 -1
  94. package/.claude/commands/mindforge/ai-safety.md +1 -1
  95. package/.claude/commands/mindforge/approve.md +1 -1
  96. package/.claude/commands/mindforge/audit.md +1 -1
  97. package/.claude/commands/mindforge/auto.md +1 -1
  98. package/.claude/commands/mindforge/benchmark.md +1 -1
  99. package/.claude/commands/mindforge/browse.md +1 -1
  100. package/.claude/commands/mindforge/build-opt.md +1 -1
  101. package/.claude/commands/mindforge/cache.md +1 -1
  102. package/.claude/commands/mindforge/causal.md +1 -1
  103. package/.claude/commands/mindforge/cdn.md +1 -1
  104. package/.claude/commands/mindforge/change.md +1 -1
  105. package/.claude/commands/mindforge/checkpoint.md +76 -0
  106. package/.claude/commands/mindforge/cli.md +1 -1
  107. package/.claude/commands/mindforge/cluster-instincts.md +1 -1
  108. package/.claude/commands/mindforge/communicate.md +1 -1
  109. package/.claude/commands/mindforge/complete-milestone.md +1 -1
  110. package/.claude/commands/mindforge/compliance.md +1 -1
  111. package/.claude/commands/mindforge/consult.md +1 -1
  112. package/.claude/commands/mindforge/contract-test.md +1 -1
  113. package/.claude/commands/mindforge/cost-report.md +1 -1
  114. package/.claude/commands/mindforge/costs.md +1 -1
  115. package/.claude/commands/mindforge/council.md +1 -1
  116. package/.claude/commands/mindforge/create-skill.md +1 -1
  117. package/.claude/commands/mindforge/cross-review.md +1 -1
  118. package/.claude/commands/mindforge/dashboard.md +1 -1
  119. package/.claude/commands/mindforge/data-mesh.md +1 -1
  120. package/.claude/commands/mindforge/data-pipeline.md +1 -1
  121. package/.claude/commands/mindforge/de-slop.md +1 -1
  122. package/.claude/commands/mindforge/debug.md +1 -1
  123. package/.claude/commands/mindforge/degrade.md +1 -1
  124. package/.claude/commands/mindforge/delegate.md +1 -1
  125. package/.claude/commands/mindforge/deploy.md +1 -1
  126. package/.claude/commands/mindforge/discuss-phase.md +1 -1
  127. package/.claude/commands/mindforge/dmux.md +1 -1
  128. package/.claude/commands/mindforge/do.md +2 -2
  129. package/.claude/commands/mindforge/ecommerce.md +1 -1
  130. package/.claude/commands/mindforge/edge.md +1 -1
  131. package/.claude/commands/mindforge/edtech.md +1 -1
  132. package/.claude/commands/mindforge/embeddings.md +1 -1
  133. package/.claude/commands/mindforge/environments.md +1 -1
  134. package/.claude/commands/mindforge/eval.md +1 -1
  135. package/.claude/commands/mindforge/events.md +1 -1
  136. package/.claude/commands/mindforge/evolve-skills.md +1 -1
  137. package/.claude/commands/mindforge/execute-phase.md +48 -7
  138. package/.claude/commands/mindforge/feature-flags.md +1 -1
  139. package/.claude/commands/mindforge/feature-store.md +1 -1
  140. package/.claude/commands/mindforge/finops.md +1 -1
  141. package/.claude/commands/mindforge/fintech.md +1 -1
  142. package/.claude/commands/mindforge/flutter.md +1 -1
  143. package/.claude/commands/mindforge/gaming.md +1 -1
  144. package/.claude/commands/mindforge/graphql.md +1 -1
  145. package/.claude/commands/mindforge/harness-audit.md +59 -0
  146. package/.claude/commands/mindforge/health.md +1 -1
  147. package/.claude/commands/mindforge/healthcare.md +1 -1
  148. package/.claude/commands/mindforge/help.md +1 -1
  149. package/.claude/commands/mindforge/hire.md +1 -1
  150. package/.claude/commands/mindforge/i18n.md +1 -1
  151. package/.claude/commands/mindforge/idempotent.md +1 -1
  152. package/.claude/commands/mindforge/init-org.md +1 -1
  153. package/.claude/commands/mindforge/init-project.md +1 -1
  154. package/.claude/commands/mindforge/install-skill.md +1 -1
  155. package/.claude/commands/mindforge/instinct.md +46 -0
  156. package/.claude/commands/mindforge/introspect.md +1 -1
  157. package/.claude/commands/mindforge/iot.md +1 -1
  158. package/.claude/commands/mindforge/knowledge-graph.md +1 -1
  159. package/.claude/commands/mindforge/lakehouse.md +1 -1
  160. package/.claude/commands/mindforge/lead.md +1 -1
  161. package/.claude/commands/mindforge/learn-instinct.md +1 -1
  162. package/.claude/commands/mindforge/learn.md +1 -1
  163. package/.claude/commands/mindforge/learning.md +1 -1
  164. package/.claude/commands/mindforge/llm-route.md +1 -1
  165. package/.claude/commands/mindforge/load-test.md +1 -1
  166. package/.claude/commands/mindforge/logistics.md +1 -1
  167. package/.claude/commands/mindforge/map-codebase.md +1 -1
  168. package/.claude/commands/mindforge/marketplace.md +1 -1
  169. package/.claude/commands/mindforge/meeting-design.md +1 -1
  170. package/.claude/commands/mindforge/metrics.md +1 -1
  171. package/.claude/commands/mindforge/migrate.md +1 -1
  172. package/.claude/commands/mindforge/migration-mgmt.md +1 -1
  173. package/.claude/commands/mindforge/milestone.md +1 -1
  174. package/.claude/commands/mindforge/mobile.md +1 -1
  175. package/.claude/commands/mindforge/monorepo.md +1 -1
  176. package/.claude/commands/mindforge/multi-tenant.md +1 -1
  177. package/.claude/commands/mindforge/multimodal.md +1 -1
  178. package/.claude/commands/mindforge/new-runtime.md +1 -1
  179. package/.claude/commands/mindforge/next.md +1 -1
  180. package/.claude/commands/mindforge/note.md +2 -2
  181. package/.claude/commands/mindforge/observability-platform.md +1 -1
  182. package/.claude/commands/mindforge/offline.md +1 -1
  183. package/.claude/commands/mindforge/onboard.md +1 -1
  184. package/.claude/commands/mindforge/orch-add-feature.md +43 -0
  185. package/.claude/commands/mindforge/orch-build-mvp.md +48 -0
  186. package/.claude/commands/mindforge/orch-change-feature.md +45 -0
  187. package/.claude/commands/mindforge/orch-fix-defect.md +43 -0
  188. package/.claude/commands/mindforge/orch-refine-code.md +43 -0
  189. package/.claude/commands/mindforge/plan-phase.md +1 -1
  190. package/.claude/commands/mindforge/plan-write.md +11 -0
  191. package/.claude/commands/mindforge/plant-seed.md +2 -2
  192. package/.claude/commands/mindforge/platform.md +1 -1
  193. package/.claude/commands/mindforge/plugins.md +1 -1
  194. package/.claude/commands/mindforge/pr-review.md +1 -1
  195. package/.claude/commands/mindforge/privacy-eng.md +1 -1
  196. package/.claude/commands/mindforge/product-spec.md +76 -0
  197. package/.claude/commands/mindforge/profile-team.md +1 -1
  198. package/.claude/commands/mindforge/publish-skill.md +1 -1
  199. package/.claude/commands/mindforge/push-notify.md +1 -1
  200. package/.claude/commands/mindforge/pwa.md +1 -1
  201. package/.claude/commands/mindforge/qa.md +1 -1
  202. package/.claude/commands/mindforge/quality-audit.md +1 -1
  203. package/.claude/commands/mindforge/queue.md +1 -1
  204. package/.claude/commands/mindforge/quick.md +1 -1
  205. package/.claude/commands/mindforge/rag.md +1 -1
  206. package/.claude/commands/mindforge/rate-limit.md +1 -1
  207. package/.claude/commands/mindforge/react-native.md +1 -1
  208. package/.claude/commands/mindforge/realtime-analytics.md +1 -1
  209. package/.claude/commands/mindforge/record-learning.md +1 -1
  210. package/.claude/commands/mindforge/release.md +1 -1
  211. package/.claude/commands/mindforge/remember.md +1 -1
  212. package/.claude/commands/mindforge/research.md +1 -1
  213. package/.claude/commands/mindforge/retrospective.md +1 -1
  214. package/.claude/commands/mindforge/review-backlog.md +2 -2
  215. package/.claude/commands/mindforge/review.md +1 -1
  216. package/.claude/commands/mindforge/rfc.md +1 -1
  217. package/.claude/commands/mindforge/santa.md +1 -1
  218. package/.claude/commands/mindforge/secrets-mgmt.md +1 -1
  219. package/.claude/commands/mindforge/secrets.md +1 -1
  220. package/.claude/commands/mindforge/security-scan.md +1 -1
  221. package/.claude/commands/mindforge/serverless.md +1 -1
  222. package/.claude/commands/mindforge/session-report.md +2 -2
  223. package/.claude/commands/mindforge/ship.md +1 -1
  224. package/.claude/commands/mindforge/skills.md +1 -1
  225. package/.claude/commands/mindforge/status.md +1 -1
  226. package/.claude/commands/mindforge/steer.md +1 -1
  227. package/.claude/commands/mindforge/stream.md +1 -1
  228. package/.claude/commands/mindforge/sync-confluence.md +1 -1
  229. package/.claude/commands/mindforge/sync-jira.md +1 -1
  230. package/.claude/commands/mindforge/tech-debt.md +1 -1
  231. package/.claude/commands/mindforge/threat-model.md +1 -1
  232. package/.claude/commands/mindforge/tokens.md +1 -1
  233. package/.claude/commands/mindforge/ui-phase.md +2 -2
  234. package/.claude/commands/mindforge/ui-review.md +2 -2
  235. package/.claude/commands/mindforge/update.md +1 -1
  236. package/.claude/commands/mindforge/validate-phase.md +2 -2
  237. package/.claude/commands/mindforge/verify-loop.md +1 -1
  238. package/.claude/commands/mindforge/verify-phase.md +1 -1
  239. package/.claude/commands/mindforge/vibe-check.md +1 -1
  240. package/.claude/commands/mindforge/workspace.md +1 -1
  241. package/.claude/commands/mindforge/workstreams.md +2 -2
  242. package/.claude/commands/mindforge/zero-trust.md +1 -1
  243. package/.mindforge/config.json +2 -2
  244. package/.mindforge/engine/instincts/instinct-schema.md +17 -9
  245. package/.mindforge/imported-agents.jsonl +10 -0
  246. package/.mindforge/manifests/install-components.json +36 -0
  247. package/.mindforge/manifests/install-modules.json +193 -0
  248. package/.mindforge/manifests/install-profiles.json +57 -0
  249. package/.mindforge/memory/sync-manifest.json +1 -1
  250. package/.mindforge/personas/gan-evaluator.md +226 -0
  251. package/.mindforge/personas/gan-generator.md +151 -0
  252. package/.mindforge/personas/gan-planner.md +118 -0
  253. package/.mindforge/personas/harness-optimizer.md +55 -0
  254. package/.mindforge/personas/loop-operator.md +58 -0
  255. package/.mindforge/schemas/hooks.schema.json +199 -0
  256. package/.mindforge/schemas/install-modules.schema.json +44 -0
  257. package/.mindforge/schemas/install-state.schema.json +95 -0
  258. package/.mindforge/schemas/plugin.schema.json +75 -0
  259. package/.mindforge/schemas/provenance.schema.json +31 -0
  260. package/.mindforge/skills/agent-architecture-audit/SKILL.md +272 -0
  261. package/.mindforge/skills/continuous-learning/SKILL.md +16 -0
  262. package/.mindforge/skills/orch-pipeline/SKILL.md +284 -0
  263. package/.mindforge/skills/writing-plans/SKILL.md +76 -0
  264. package/CHANGELOG.md +111 -0
  265. package/MINDFORGE.md +3 -3
  266. package/README.md +25 -3
  267. package/RELEASENOTES.md +131 -1
  268. package/SECURITY.md +16 -0
  269. package/bin/autonomous/auto-runner.js +46 -5
  270. package/bin/autonomous/handoff-schema.js +114 -0
  271. package/bin/autonomous/session-guardian.sh +138 -0
  272. package/bin/autonomous/supervisor.js +98 -0
  273. package/bin/change-classifier.js +19 -5
  274. package/bin/governance/approve.js +61 -28
  275. package/bin/governance/config-manager.js +3 -1
  276. package/bin/governance/rbac-manager.js +14 -6
  277. package/bin/harness-audit.js +520 -0
  278. package/bin/hooks/instinct-capture-hook.js +16 -1
  279. package/bin/hooks/lib/detect-project.js +72 -0
  280. package/bin/installer/harness-adapter-compliance.js +321 -0
  281. package/bin/installer/install-manifests.js +200 -0
  282. package/bin/installer/install-state.js +243 -0
  283. package/bin/installer-core.js +1 -1
  284. package/bin/learning/instinct-cli.js +359 -0
  285. package/bin/learning/lib/ssrf-guard.js +252 -0
  286. package/bin/memory/eis-client.js +31 -10
  287. package/bin/models/llm-errors.js +79 -0
  288. package/bin/models/model-client.js +39 -4
  289. package/bin/models/ollama-provider.js +115 -0
  290. package/bin/models/openai-provider.js +40 -9
  291. package/bin/models/profiles-loader.js +147 -0
  292. package/bin/models/provider-registry.js +59 -0
  293. package/bin/revops/market-evaluator.js +23 -2
  294. package/bin/revops/router-steering-v2.js +17 -2
  295. package/bin/security/trust-boundaries.js +15 -3
  296. package/bin/utils/readiness-gate.js +169 -0
  297. package/bin/worktree/engine.js +497 -0
  298. package/docs/getting-started.md +1 -1
  299. package/docs/troubleshooting.md +1 -1
  300. package/docs/user-guide.md +1 -1
  301. package/package.json +8 -2
  302. package/subagents/categories/01-core-development/.claude-plugin/plugin.json +2 -2
  303. package/subagents/categories/01-core-development/api-designer-cc.md +1 -1
  304. package/subagents/categories/01-core-development/backend-developer.md +1 -1
  305. package/subagents/categories/01-core-development/design-bridge.md +1 -1
  306. package/subagents/categories/01-core-development/electron-pro.md +1 -1
  307. package/subagents/categories/01-core-development/frontend-developer.md +1 -1
  308. package/subagents/categories/01-core-development/fullstack-developer.md +1 -1
  309. package/subagents/categories/01-core-development/graphql-architect.md +1 -1
  310. package/subagents/categories/01-core-development/microservices-architect.md +1 -1
  311. package/subagents/categories/01-core-development/mobile-developer.md +1 -1
  312. package/subagents/categories/01-core-development/ui-designer.md +1 -1
  313. package/subagents/categories/01-core-development/websocket-engineer.md +1 -1
  314. package/subagents/categories/02-language-specialists/.claude-plugin/plugin.json +2 -2
  315. package/subagents/categories/02-language-specialists/angular-architect.md +1 -1
  316. package/subagents/categories/02-language-specialists/cpp-pro.md +1 -1
  317. package/subagents/categories/02-language-specialists/csharp-developer.md +1 -1
  318. package/subagents/categories/02-language-specialists/django-developer.md +1 -1
  319. package/subagents/categories/02-language-specialists/dotnet-core-expert.md +1 -1
  320. package/subagents/categories/02-language-specialists/dotnet-framework-48-expert.md +1 -1
  321. package/subagents/categories/02-language-specialists/elixir-expert.md +1 -1
  322. package/subagents/categories/02-language-specialists/expo-react-native-expert.md +1 -1
  323. package/subagents/categories/02-language-specialists/fastapi-developer.md +1 -1
  324. package/subagents/categories/02-language-specialists/flutter-expert.md +1 -1
  325. package/subagents/categories/02-language-specialists/golang-pro.md +1 -1
  326. package/subagents/categories/02-language-specialists/java-architect.md +1 -1
  327. package/subagents/categories/02-language-specialists/javascript-pro.md +1 -1
  328. package/subagents/categories/02-language-specialists/kotlin-specialist.md +1 -1
  329. package/subagents/categories/02-language-specialists/laravel-specialist.md +1 -1
  330. package/subagents/categories/02-language-specialists/nextjs-developer.md +1 -1
  331. package/subagents/categories/02-language-specialists/node-specialist.md +1 -1
  332. package/subagents/categories/02-language-specialists/php-pro.md +1 -1
  333. package/subagents/categories/02-language-specialists/powershell-51-expert.md +1 -1
  334. package/subagents/categories/02-language-specialists/powershell-7-expert.md +1 -1
  335. package/subagents/categories/02-language-specialists/python-pro.md +1 -1
  336. package/subagents/categories/02-language-specialists/rails-expert.md +1 -1
  337. package/subagents/categories/02-language-specialists/react-specialist-cc.md +1 -1
  338. package/subagents/categories/02-language-specialists/rust-engineer.md +1 -1
  339. package/subagents/categories/02-language-specialists/spring-boot-engineer.md +1 -1
  340. package/subagents/categories/02-language-specialists/sql-pro.md +1 -1
  341. package/subagents/categories/02-language-specialists/swift-expert.md +1 -1
  342. package/subagents/categories/02-language-specialists/symfony-specialist.md +1 -1
  343. package/subagents/categories/02-language-specialists/typescript-pro.md +1 -1
  344. package/subagents/categories/02-language-specialists/vue-expert.md +1 -1
  345. package/subagents/categories/03-infrastructure/.claude-plugin/plugin.json +5 -5
  346. package/subagents/categories/03-infrastructure/azure-infra-engineer.md +1 -1
  347. package/subagents/categories/03-infrastructure/cloud-architect-cc.md +1 -1
  348. package/subagents/categories/03-infrastructure/database-administrator.md +1 -1
  349. package/subagents/categories/03-infrastructure/deployment-engineer.md +1 -1
  350. package/subagents/categories/03-infrastructure/devops-engineer-cc.md +1 -1
  351. package/subagents/categories/03-infrastructure/devops-incident-responder.md +1 -1
  352. package/subagents/categories/03-infrastructure/docker-expert.md +1 -1
  353. package/subagents/categories/03-infrastructure/incident-responder.md +1 -1
  354. package/subagents/categories/03-infrastructure/kubernetes-specialist.md +1 -1
  355. package/subagents/categories/03-infrastructure/network-engineer.md +1 -1
  356. package/subagents/categories/03-infrastructure/platform-engineer-cc.md +1 -1
  357. package/subagents/categories/03-infrastructure/security-engineer.md +1 -1
  358. package/subagents/categories/03-infrastructure/sre-engineer.md +1 -1
  359. package/subagents/categories/03-infrastructure/terraform-engineer.md +1 -1
  360. package/subagents/categories/03-infrastructure/terragrunt-expert.md +2 -2
  361. package/subagents/categories/03-infrastructure/windows-infra-admin.md +1 -1
  362. package/subagents/categories/04-quality-security/.claude-plugin/plugin.json +15 -5
  363. package/subagents/categories/04-quality-security/accessibility-tester-cc.md +1 -1
  364. package/subagents/categories/04-quality-security/ad-security-reviewer.md +1 -1
  365. package/subagents/categories/04-quality-security/ai-writing-auditor.md +1 -1
  366. package/subagents/categories/04-quality-security/architect-reviewer.md +1 -1
  367. package/subagents/categories/04-quality-security/chaos-engineer-cc.md +1 -1
  368. package/subagents/categories/04-quality-security/code-reviewer.md +1 -1
  369. package/subagents/categories/04-quality-security/compliance-auditor-cc.md +1 -1
  370. package/subagents/categories/04-quality-security/debugger-cc.md +1 -1
  371. package/subagents/categories/04-quality-security/error-detective.md +1 -1
  372. package/subagents/categories/04-quality-security/gdpr-ccpa-compliance.md +2 -2
  373. package/subagents/categories/04-quality-security/go-build-resolver.md +105 -0
  374. package/subagents/categories/04-quality-security/go-reviewer.md +87 -0
  375. package/subagents/categories/04-quality-security/penetration-tester.md +1 -1
  376. package/subagents/categories/04-quality-security/performance-engineer.md +1 -1
  377. package/subagents/categories/04-quality-security/powershell-security-hardening.md +1 -1
  378. package/subagents/categories/04-quality-security/python-reviewer.md +109 -0
  379. package/subagents/categories/04-quality-security/qa-expert.md +1 -1
  380. package/subagents/categories/04-quality-security/react-build-resolver.md +215 -0
  381. package/subagents/categories/04-quality-security/react-reviewer.md +167 -0
  382. package/subagents/categories/04-quality-security/rust-build-resolver.md +159 -0
  383. package/subagents/categories/04-quality-security/rust-reviewer.md +105 -0
  384. package/subagents/categories/04-quality-security/security-auditor.md +1 -1
  385. package/subagents/categories/04-quality-security/silent-failure-hunter.md +67 -0
  386. package/subagents/categories/04-quality-security/test-automator.md +1 -1
  387. package/subagents/categories/04-quality-security/type-design-analyzer.md +58 -0
  388. package/subagents/categories/04-quality-security/typescript-reviewer.md +126 -0
  389. package/subagents/categories/04-quality-security/ui-ux-tester.md +1 -1
  390. package/subagents/categories/05-data-ai/.claude-plugin/plugin.json +4 -4
  391. package/subagents/categories/05-data-ai/ai-engineer.md +1 -1
  392. package/subagents/categories/05-data-ai/data-analyst.md +1 -1
  393. package/subagents/categories/05-data-ai/data-engineer-cc.md +1 -1
  394. package/subagents/categories/05-data-ai/data-scientist.md +1 -1
  395. package/subagents/categories/05-data-ai/database-optimizer.md +1 -1
  396. package/subagents/categories/05-data-ai/llm-architect.md +1 -1
  397. package/subagents/categories/05-data-ai/machine-learning-engineer.md +1 -1
  398. package/subagents/categories/05-data-ai/ml-engineer-cc.md +1 -1
  399. package/subagents/categories/05-data-ai/mlops-engineer.md +1 -1
  400. package/subagents/categories/05-data-ai/nlp-engineer.md +1 -1
  401. package/subagents/categories/05-data-ai/postgres-pro.md +1 -1
  402. package/subagents/categories/05-data-ai/prompt-engineer-cc.md +1 -1
  403. package/subagents/categories/05-data-ai/reinforcement-learning-engineer.md +1 -1
  404. package/subagents/categories/06-developer-experience/.claude-plugin/plugin.json +2 -2
  405. package/subagents/categories/06-developer-experience/build-engineer-cc.md +1 -1
  406. package/subagents/categories/06-developer-experience/cli-developer.md +1 -1
  407. package/subagents/categories/06-developer-experience/dependency-manager.md +1 -1
  408. package/subagents/categories/06-developer-experience/documentation-engineer.md +1 -1
  409. package/subagents/categories/06-developer-experience/dx-optimizer.md +1 -1
  410. package/subagents/categories/06-developer-experience/git-workflow-manager.md +1 -1
  411. package/subagents/categories/06-developer-experience/legacy-modernizer.md +1 -1
  412. package/subagents/categories/06-developer-experience/mcp-developer.md +1 -1
  413. package/subagents/categories/06-developer-experience/powershell-module-architect.md +1 -1
  414. package/subagents/categories/06-developer-experience/powershell-ui-architect.md +1 -1
  415. package/subagents/categories/06-developer-experience/readme-generator.md +1 -1
  416. package/subagents/categories/06-developer-experience/refactoring-specialist.md +1 -1
  417. package/subagents/categories/06-developer-experience/slack-expert.md +1 -1
  418. package/subagents/categories/06-developer-experience/tooling-engineer.md +1 -1
  419. package/subagents/categories/06-developer-experience/visual-asset-generator.md +1 -1
  420. package/subagents/categories/07-specialized-domains/.claude-plugin/plugin.json +2 -2
  421. package/subagents/categories/07-specialized-domains/api-documenter.md +1 -1
  422. package/subagents/categories/07-specialized-domains/blockchain-developer.md +1 -1
  423. package/subagents/categories/07-specialized-domains/embedded-systems.md +1 -1
  424. package/subagents/categories/07-specialized-domains/fintech-engineer.md +1 -1
  425. package/subagents/categories/07-specialized-domains/game-developer.md +1 -1
  426. package/subagents/categories/07-specialized-domains/healthcare-admin.md +1 -1
  427. package/subagents/categories/07-specialized-domains/hipaa-compliance.md +2 -2
  428. package/subagents/categories/07-specialized-domains/iot-engineer.md +1 -1
  429. package/subagents/categories/07-specialized-domains/m365-admin.md +1 -1
  430. package/subagents/categories/07-specialized-domains/mobile-app-developer.md +1 -1
  431. package/subagents/categories/07-specialized-domains/payment-integration.md +1 -1
  432. package/subagents/categories/07-specialized-domains/quant-analyst.md +1 -1
  433. package/subagents/categories/07-specialized-domains/risk-manager.md +1 -1
  434. package/subagents/categories/07-specialized-domains/seo-specialist-cc.md +1 -1
  435. package/subagents/categories/08-business-product/.claude-plugin/plugin.json +3 -3
  436. package/subagents/categories/08-business-product/assumption-mapping.md +2 -2
  437. package/subagents/categories/08-business-product/backlog-grooming.md +2 -2
  438. package/subagents/categories/08-business-product/business-analyst-cc.md +1 -1
  439. package/subagents/categories/08-business-product/content-marketer.md +1 -1
  440. package/subagents/categories/08-business-product/content-quality-editor.md +1 -1
  441. package/subagents/categories/08-business-product/customer-success-manager.md +1 -1
  442. package/subagents/categories/08-business-product/growth-loops.md +2 -2
  443. package/subagents/categories/08-business-product/legal-advisor.md +1 -1
  444. package/subagents/categories/08-business-product/license-engineer.md +1 -1
  445. package/subagents/categories/08-business-product/product-manager-cc.md +1 -1
  446. package/subagents/categories/08-business-product/project-manager.md +1 -1
  447. package/subagents/categories/08-business-product/sales-engineer.md +1 -1
  448. package/subagents/categories/08-business-product/scrum-master.md +1 -1
  449. package/subagents/categories/08-business-product/technical-writer.md +1 -1
  450. package/subagents/categories/08-business-product/ux-researcher.md +1 -1
  451. package/subagents/categories/08-business-product/wordpress-master.md +1 -1
  452. package/subagents/categories/09-meta-orchestration/.claude-plugin/plugin.json +1 -1
  453. package/subagents/categories/09-meta-orchestration/agent-installer.md +1 -1
  454. package/subagents/categories/09-meta-orchestration/agent-organizer.md +1 -1
  455. package/subagents/categories/09-meta-orchestration/codebase-orchestrator.md +1 -1
  456. package/subagents/categories/09-meta-orchestration/context-manager.md +1 -1
  457. package/subagents/categories/09-meta-orchestration/error-coordinator.md +1 -1
  458. package/subagents/categories/09-meta-orchestration/it-ops-orchestrator.md +1 -1
  459. package/subagents/categories/09-meta-orchestration/knowledge-synthesizer.md +1 -1
  460. package/subagents/categories/09-meta-orchestration/multi-agent-coordinator.md +1 -1
  461. package/subagents/categories/09-meta-orchestration/performance-monitor.md +1 -1
  462. package/subagents/categories/09-meta-orchestration/task-distributor.md +1 -1
  463. package/subagents/categories/09-meta-orchestration/workflow-orchestrator.md +1 -1
  464. package/subagents/categories/10-research-analysis/.claude-plugin/plugin.json +1 -1
  465. package/subagents/categories/10-research-analysis/ab-test-analysis.md +2 -2
  466. package/subagents/categories/10-research-analysis/cohort-analysis.md +2 -2
  467. package/subagents/categories/10-research-analysis/competitive-analyst.md +1 -1
  468. package/subagents/categories/10-research-analysis/data-researcher.md +1 -1
  469. package/subagents/categories/10-research-analysis/first-principles-thinking.md +2 -2
  470. package/subagents/categories/10-research-analysis/market-researcher.md +1 -1
  471. package/subagents/categories/10-research-analysis/project-idea-validator.md +1 -1
  472. package/subagents/categories/10-research-analysis/research-analyst.md +1 -1
  473. package/subagents/categories/10-research-analysis/scientific-literature-researcher.md +1 -1
  474. package/subagents/categories/10-research-analysis/search-specialist.md +1 -1
  475. package/subagents/categories/10-research-analysis/trend-analyst.md +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,116 @@
1
1
  # Changelog
2
2
 
3
+ ## [11.5.0] - 2026-06-11 — Governance hardening + autonomous-engine repair (Waves 4–7)
4
+
5
+ This release bundles four waves of work: orchestration primitives, an **inert** manifest
6
+ engine + the new instinct CLI + GAN harness personas, governance/security hardening, and a
7
+ repair that makes the autonomous engine (`/mindforge:auto`) actually functional. Several
8
+ items ship deliberately **inert** (scaffolding present, not wired into any live path) and
9
+ are flagged as such below — they introduce **no behavior change yet**.
10
+
11
+ ### Added
12
+
13
+ - **Instinct CLI** (`/mindforge:instinct`, `bin/learning/instinct-cli.js`) — deterministic,
14
+ no-LLM management of the JSONL instinct store: `list`, `export`, `import`,
15
+ `promote-candidates` (list + flag), and `prune`.
16
+ - **Typed Inter-Agent Message Protocol** (`bin/autonomous/handoff-schema.js`) — five message
17
+ kinds (`task_handoff`, `query`, `response`, `completed`, `conflict`) with priority levels
18
+ (`low`/`normal`/`high`/`critical`) and message validation. Internal orchestration primitive.
19
+ - **Manifest-driven install resolver** (`bin/installer/install-manifests.js`,
20
+ `.mindforge/manifests/install-*.json`) — profile-to-module expansion and dependency
21
+ detection. Ships **INERT**: the adapter wiring it into `bin/installer-core.js`'s live
22
+ `install()` path is deferred to a future PR. No behavior change.
23
+ - **GAN-style harness personas** (`.mindforge/personas/gan-evaluator.md`, `gan-generator.md`,
24
+ `gan-planner.md`) — fully scoped and documented. Ships **INERT**: not wired to any live
25
+ command or automated workflow. No behavior change.
26
+ - **Governance test coverage** — `tests/trust-verifier.test.js` (7 tests) and
27
+ `tests/rbac-manager.test.js` (8 tests) lock the fail-closed contracts for future
28
+ safety-critical governance changes.
29
+
30
+ ### Fixed
31
+
32
+ - **SSRF import-URL guard** (`bin/learning/lib/ssrf-guard.js`) — closed an IPv6 link-local
33
+ bypass (`fe81`–`fe8f` reachable via string-prefix check) and a symlink path-traversal
34
+ bypass, using numeric bitmask validation and canonical-path checking before system-dir
35
+ validation.
36
+ - **Federated EIS sync** (`bin/memory/eis-client.js`) — `getAuthHeader` no longer throws on
37
+ every call; it now registers a node identity via `ZTAI.registerAgent` and signs with
38
+ `ZTAI.signData`, restoring sync to non-localhost EIS endpoints.
39
+ - **RBAC tier elevation** (`bin/governance/rbac-manager.js`) — `getRolesByTier` now fails
40
+ safely for unregistered agents (no thrown exception) and resolves agent tier via the
41
+ correct ZTAI API.
42
+ - **Autonomous engine — wave crash** (`bin/autonomous/auto-runner.js`) — replaced ZTAI
43
+ singleton misuse (`getIdentity()`, non-existent) with `_getRunnerIdentity()` using the
44
+ real `registerAgent` API; `/mindforge:auto` no longer crashes on every wave.
45
+ - **Autonomous policy gate — fail-open** (`bin/autonomous/auto-runner.js`) — the async
46
+ policy verdict is now `await`ed (`this.policyEngine.evaluate(intent)`); the per-wave gate
47
+ previously always allowed.
48
+ - **Autonomous engine — fail-closed identity** (`bin/autonomous/auto-runner.js`) — if runner
49
+ identity cannot be established, the policy gate now denies and audits (`auto_mode_denied`)
50
+ instead of proceeding ungoverned.
51
+
52
+ ### Changed
53
+
54
+ - **Instinct store schema** (`.mindforge/engine/instincts/instinct-schema.md`) — added
55
+ `project_id` (stable scope key) and `source` (`auto-capture`/`manual`/`imported`/
56
+ `observer`), plus origin-based confidence scoring: auto-capture starts at `0.3`, manual
57
+ at `0.7`.
58
+ - **Cost-routing shadow mode** (`bin/revops/router-steering-v2.js`) — arbitrage steering now
59
+ respects `cost_routing.shadow_mode` (default `true`); in observe-only mode `steer()`
60
+ returns `{ shadow, authoritative: false }` with SHADOW vs LIVE logging.
61
+
62
+ ### Security
63
+
64
+ - **Tier-3 approvals now fail closed** (`bin/governance/approve.js`) — approvals require GPG
65
+ verification and **throw before writing any record** when no GPG key is configured, unless
66
+ `MINDFORGE_ALLOW_UNVERIFIED_APPROVAL=1` is set; unverified approvals are marked
67
+ `verified: false`.
68
+ - **Persona supply-chain scan** (`scripts/ci/validate-assets.js`) — persona asset validation
69
+ now detects dangerous invisible unicode (zero-width, bidi overrides, Unicode tags) across
70
+ `.mindforge/personas` to prevent ASCII-smuggling injection.
71
+ - **Destructive-command detector** (`bin/security/trust-boundaries.js`) — `normalizeShell`
72
+ now strips bare `#` tokens after quote-stripping, blocking quoted-hash evasion (e.g.
73
+ `rm "#" -rf /`).
74
+ - **Instinct import port allowlist** (`bin/learning/lib/ssrf-guard.js`) — `validateImportUrl`
75
+ enforces an `ALLOWED_IMPORT_PORTS` allowlist (`{'', '443'}`), blocking attempts to reach
76
+ internal services (Redis `:6379`, Mongo `:27017`, etc.) on otherwise-allowed public hosts.
77
+
78
+ ## [11.4.0] - 2026-06-06 — Claude Code plugin distribution
79
+
80
+ MindForge is now installable as a native **Claude Code plugin** from a marketplace, in
81
+ addition to the `npx mindforge-cc` installer. This release ships the plugin tooling so
82
+ both the GitHub plugin channel and the npm tarball stay coherent.
83
+
84
+ ### Added
85
+
86
+ - **Plugin marketplace** (`.claude-plugin/marketplace.json` at the repo root) — users run
87
+ `/plugin marketplace add sairam0424/MindForge` then `/plugin install mindforge@mindforge`.
88
+ Lists 11 plugins: the comprehensive `mindforge` plugin + 10 à-la-carte subagent packs.
89
+ - **Comprehensive `mindforge` plugin** (`plugins/mindforge/`) bundling the full surface:
90
+ 174 commands, 154 subagents, 73 skills + a synthesized `mindforge-protocol` skill (the
91
+ CLAUDE.md operating directive, since a plugin-root CLAUDE.md isn't loaded as context),
92
+ and governance hooks (translated to Claude `PreToolUse`/`PostToolUse` events with
93
+ `${CLAUDE_PLUGIN_ROOT}`-relative paths).
94
+ - **Bundled MindForge MCP server** — a self-contained esbuild single-file build
95
+ (`mcp/dist/index.js`, all deps inlined, no runtime `node_modules`) exposing 7 tools over
96
+ stdio: `mindforge_health`, `mindforge_status`, `mindforge_memory_query`,
97
+ `mindforge_memory_stats`, `mindforge_memory_find_related`, `mindforge_audit_log`
98
+ (read-only), and append-only `mindforge_memory_remember`. Scoped to the user's project
99
+ via `${CLAUDE_PROJECT_DIR}`; degrades gracefully when MindForge isn't set up.
100
+ - **Generators** (single source of truth, drift-guarded): `build-plugin-marketplace.js`,
101
+ `build-subagent-plugins.js`, `build-mindforge-plugin.js`, `vendor-sdk-into-mcp.js`,
102
+ `fix-command-frontmatter.js`; new `mcp-server/` package with esbuild build.
103
+ - **`tests/plugin-packaging.test.js`** (in `npm test`) — guards the generated plugin tree,
104
+ frontmatter validity, and MCP-bundle self-containment.
105
+
106
+ ### Fixed
107
+
108
+ - Quoted YAML-unsafe `name`/`description` frontmatter across commands/agents/skills that
109
+ the plugin validator flagged (leading `-`/`@`, embedded `: `, trailing `:`) — these
110
+ silently loaded empty metadata. The npx installer inherits the fix.
111
+ - Per-category subagent `plugin.json` `agents[]` now derived from on-disk files, fixing
112
+ stale bare names for the 16 collision-renamed (`-cc`) agents.
113
+
3
114
  ## [11.3.1] - 2026-06-05 — Packaging hotfix (commands, skills & framework now ship)
4
115
 
5
116
  Critical fix for v11.3.0, where a too-narrow npm `files` allowlist silently dropped
package/MINDFORGE.md CHANGED
@@ -1,12 +1,12 @@
1
- # MINDFORGE.md — Parameter Registry (v11.3.1)
1
+ # MINDFORGE.md — Parameter Registry (v11.5.0)
2
2
 
3
3
  ## 1. IDENTITY & VERSIONING
4
4
 
5
5
  [NAME] = MindForge
6
- [VERSION] = 11.3.1
6
+ [VERSION] = 11.5.0
7
7
  [STABLE] = true
8
8
  [MODE] = "Platform Sovereign"
9
- [REQUIRED_CORE_VERSION] = 11.3.1
9
+ [REQUIRED_CORE_VERSION] = 11.5.0
10
10
  [SOVEREIGN_IDENTITY] = true
11
11
  [SRE_LAYER_ENABLED] = true
12
12
 
package/README.md CHANGED
@@ -4,6 +4,13 @@
4
4
 
5
5
  ---
6
6
 
7
+ ## Latest: v11.3.1
8
+
9
+ - **v11.3.1 — Packaging hotfix.** Restores the full published payload: every `npx mindforge-cc` install now delivers all 174 slash commands, 73 skills, 154 subagents, and the complete `.mindforge/` framework. (v11.3.0 shipped a too-narrow npm allowlist that silently dropped commands and skills — fixed here, with a tarball regression test so it cannot recur.)
10
+ - **v11.3.0 — "Legion".** Imports 154 specialized Claude-Code-native subagents across 10 categories into `.claude/agents/`, fully rebranded and collision-safe. Additive and backward-compatible.
11
+
12
+ See [CHANGELOG.md](./CHANGELOG.md) for full release history.
13
+
7
14
  ## v11.0.0 — Sovereign Stability
8
15
 
9
16
  MindForge v11.0.0 "Sovereign Stability" is a production-hardening release focused on reliability, performance, and real-world deployment readiness. Key highlights:
@@ -15,14 +22,29 @@ MindForge v11.0.0 "Sovereign Stability" is a production-hardening release focuse
15
22
  - **Production observability** — `/api/v1/system` health endpoint, P95 latency tracking, heap health monitoring, and real EIS client with retry logic.
16
23
  - **Graduated intelligence** — Adaptive tier escalation (+1/+2/MAX) with cost-awareness, 3-tier stuck detection, and adaptive context windows.
17
24
 
18
- This release ships 200+ skills, 400+ personas, 154 specialized subagents, 18 pillars, and 49 swarm templates across 12 engineering domains.
25
+ This release ships 211 personas, 73 skills, 154 specialized subagents, 174 commands, 18 pillars, and 49 swarm templates across 12 engineering domains.
19
26
 
20
27
 
21
28
  ## Installation & Setup
22
29
 
23
- ### 🚀 Quick Start (No Install)
30
+ ### 🔌 Claude Code Plugin (fastest)
31
+
32
+ Install MindForge's commands, subagents, and skills directly from the marketplace —
33
+ no project files written:
34
+
35
+ ```bash
36
+ /plugin marketplace add sairam0424/MindForge
37
+ /plugin install mindforge@mindforge
38
+ ```
39
+
40
+ Prefer just a slice (e.g. Python agents)? Install a focused pack like
41
+ `mindforge-lang@mindforge` instead. See [docs/plugin-installation.md](docs/plugin-installation.md)
42
+ for all 11 plugins, token-budget guidance, and team setup.
43
+
44
+ ### 🚀 Quick Start (npx — full framework engine)
24
45
 
25
- Run MindForge immediately for a specific runtime without a permanent installation:
46
+ The npx installer also writes the complete `.mindforge/` engine (governance, memory,
47
+ planning) into your project:
26
48
 
27
49
  ```bash
28
50
  # For Claude Code
package/RELEASENOTES.md CHANGED
@@ -1,4 +1,134 @@
1
- # Release Notes — v11.0.0 "Sovereign Stability"
1
+ # Release Notes
2
+
3
+ ## v11.5.0 — Governance hardening + autonomous-engine repair
4
+
5
+ **Release Date**: 2026-06-11
6
+ **Type**: Minor (one behavior change — see "Heads-up" below)
7
+ **Upgrade Path**: `npx mindforge-cc@latest`
8
+
9
+ This release consolidates four waves of work into a single minor: new orchestration and
10
+ learning primitives, a broad governance/security hardening pass, and — most importantly —
11
+ a repair that takes the autonomous engine from "crashes on every wave" to actually
12
+ functional. Some new pieces ship deliberately **inert** (present but not wired in); those
13
+ are called out so you know not to expect new behavior from them yet.
14
+
15
+ ### Heads-up — Tier-3 approvals now fail closed (the one behavior change)
16
+
17
+ `bin/governance/approve.js` no longer rubber-stamps approvals. Tier-3 approvals now
18
+ **require GPG verification** and will **fail before writing any record** if no GPG key is
19
+ configured. If you relied on the old, unverified path, you have two choices:
20
+
21
+ - Configure a GPG key (recommended), or
22
+ - Set `MINDFORGE_ALLOW_UNVERIFIED_APPROVAL=1` to keep the old behavior — in which case the
23
+ approval record is written with `verified: false` so the gap is auditable.
24
+
25
+ This is the only item in v11.5.0 that can change an existing workflow's outcome.
26
+
27
+ ### The autonomous engine is functional again
28
+
29
+ `/mindforge:auto` was effectively broken. Three fixes in `bin/autonomous/auto-runner.js`
30
+ bring it back:
31
+
32
+ - **No more per-wave crash.** The runner was calling a non-existent `getIdentity()` on the
33
+ ZTAI singleton and dying on every wave. It now establishes identity through the real
34
+ `registerAgent` API (`_getRunnerIdentity()`).
35
+ - **The policy gate actually enforces now.** The async policy verdict was never `await`ed,
36
+ so the gate silently allowed everything. It now awaits `policyEngine.evaluate(intent)` on
37
+ every wave.
38
+ - **It fails closed.** If runner identity can't be established, the gate now **denies and
39
+ audits** (`auto_mode_denied`) rather than running ungoverned.
40
+
41
+ ### Security & governance hardening
42
+
43
+ - **SSRF guard hardened (twice).** The import-URL guard now closes an IPv6 link-local
44
+ bypass and a symlink path-traversal bypass via numeric bitmask + canonical-path checks.
45
+ Separately, remote instinct imports now enforce a port allowlist (`443`/none only), so an
46
+ attacker can no longer pivot through an allowed public host to reach internal services
47
+ like Redis (`:6379`) or Mongo (`:27017`).
48
+ - **Persona supply-chain scan.** Persona asset validation now flags dangerous invisible
49
+ unicode (zero-width, bidi overrides, Unicode tags) across `.mindforge/personas`, closing
50
+ an ASCII-smuggling injection vector.
51
+ - **Destructive-command detector closed an evasion.** Quoted-hash tricks like
52
+ `rm "#" -rf /` are now caught.
53
+ - **Federated memory sync works again.** `eis-client`'s `getAuthHeader` was throwing on
54
+ every call; it now correctly registers a node identity and signs requests, so sync to
55
+ non-localhost EIS endpoints functions.
56
+ - **RBAC fails safe.** Tier elevation no longer throws for unregistered agents and resolves
57
+ tiers through the correct ZTAI API.
58
+ - **Fail-closed contracts are now tested.** New `trust-verifier` and `rbac-manager` test
59
+ suites lock in identity-verification and tier-authorization behavior so future governance
60
+ changes can't quietly regress them.
61
+
62
+ ### Learning & cost routing
63
+
64
+ - **New instinct CLI** — `/mindforge:instinct` manages the JSONL instinct store
65
+ deterministically (no LLM spawn): `list`, `export`, `import`, `promote-candidates`, and
66
+ `prune`.
67
+ - **Instinct store schema** gains `project_id` (stable scoping) and a `source` field
68
+ (`auto-capture`/`manual`/`imported`/`observer`), with origin-weighted confidence —
69
+ auto-captured instincts start at `0.3`, manually added ones at `0.7`.
70
+ - **Cost-routing shadow mode is now real.** Arbitrage steering respects
71
+ `cost_routing.shadow_mode` (default on); in observe-only mode, selections are returned as
72
+ `authoritative: false` and logged as SHADOW, so you can watch the router's
73
+ recommendations without it taking the wheel.
74
+
75
+ ### Shipped inert (no behavior change yet)
76
+
77
+ These landed as scaffolding and are **not** wired into any live path — they do nothing
78
+ until a follow-up enables them:
79
+
80
+ - **Manifest-driven install resolver** (`install-manifests.js`) — profile-to-module
81
+ expansion and dependency detection are implemented, but the adapter into the installer's
82
+ live `install()` path is deferred.
83
+ - **GAN-style harness personas** (`gan-evaluator`, `gan-generator`, `gan-planner`) — fully
84
+ scoped and documented, not yet attached to any command or workflow.
85
+ - **Typed Inter-Agent Message Protocol** (`handoff-schema.js`) — an internal orchestration
86
+ primitive (five message kinds, four priority levels, validation) for upcoming
87
+ agent-handoff work.
88
+
89
+ ## v11.3.1 — Packaging hotfix
90
+
91
+ **Release Date**: 2026-06-05
92
+ **Type**: Patch (no API changes)
93
+ **Upgrade Path**: `npm install -g mindforge-cc@latest` (or `npx mindforge-cc@latest`)
94
+
95
+ Fixes a critical packaging regression in v11.3.0, where a too-narrow npm `files`
96
+ allowlist silently dropped most of the product from the published tarball. Users who
97
+ installed v11.3.0 received only hooks, personas, subagents, and three `.mindforge/`
98
+ folders — **no slash commands, no skills, and an incomplete framework** — with no error,
99
+ because the installer skips any source absent from the tarball.
100
+
101
+ - **Restored payload** — every install now delivers all **174 slash commands**, **73 skills**,
102
+ **154 subagents**, the entry `CLAUDE.md`, and the full `.mindforge/` framework
103
+ (`governance`, `integrations`, `intelligence`, `memory`, `metrics`, `models`, `org`,
104
+ `plugins`, `team`). Runtime state (`celestial.db`, telemetry `.jsonl`) is explicitly excluded.
105
+ - **`.planning/` scaffolding** now ships from a clean generic source (never the framework's
106
+ own dev state) so the autonomous engine has its templates.
107
+ - **docs/References + docs/Templates** case-sensitivity fixed (worked on macOS, silently
108
+ missed on Linux/npm — they now install correctly).
109
+ - **Regression test** (`tests/packaging-allowlist.test.js`) packs the real tarball and
110
+ asserts the full payload ships — proven to fail under the broken v11.3.0 allowlist.
111
+
112
+ > v11.3.0 is deprecated on npm. Upgrade to v11.3.1.
113
+
114
+ ## v11.3.0 — "Legion" (154-subagent expansion)
115
+
116
+ **Release Date**: 2026-06-04
117
+ **Type**: Minor (additive, backward-compatible)
118
+
119
+ Imports 154 specialized Claude-Code-native subagents across 10 categories
120
+ (`01-core-development` … `10-research-analysis`) into `.claude/agents/`, fully rebranded
121
+ and collision-safe (16 names that clashed with existing personas were suffixed `-cc`).
122
+ Adds `bin/spawn-agent.js subagent <name>` with a hardened name allowlist and path-traversal
123
+ guards, plus a generated `.mindforge/imported-agents.jsonl` index. No existing persona,
124
+ skill, or command changed behavior.
125
+
126
+ > Note: the v11.3.0 npm artifact was affected by the packaging regression fixed in v11.3.1.
127
+ > Install v11.3.1 to get the subagents and the rest of the payload.
128
+
129
+ ---
130
+
131
+ # v11.0.0 "Sovereign Stability"
2
132
 
3
133
  **Release Date**: 2026-05-28
4
134
  **Type**: Major (breaking changes)
package/SECURITY.md CHANGED
@@ -108,6 +108,22 @@ Before submitting code that touches security-sensitive paths:
108
108
 
109
109
  ---
110
110
 
111
+ ## Agentic-Harness Threat Model
112
+
113
+ This document covers application/code vulnerabilities. The **outward** harness threat
114
+ model — prompt injection, poisoned project config / hooks / MCP, supply-chain risk in
115
+ skills/agents, the lethal trifecta, sandboxing, and the autonomous-agent minimum-bar
116
+ checklist — lives in **[MINDFORGE-AGENTIC-SECURITY.md](./MINDFORGE-AGENTIC-SECURITY.md)**.
117
+ Both are required reading before running MindForge autonomously.
118
+
119
+ Minimum bar (see that doc for detail): separate agent identities · short-lived scoped
120
+ creds · sandbox untrusted work · deny egress by default · `permissions.deny` on
121
+ secret-bearing paths · sanitize foreign content · human approval for shell/egress/deploy
122
+ (TrustGate + Tier-3) · log tool calls (AUDIT.jsonl) · process-group kill + heartbeat ·
123
+ narrow disposable memory · scan skills/hooks/MCP/agents as supply-chain artifacts.
124
+
125
+ ---
126
+
111
127
  ## Known Mitigations & Limitations
112
128
 
113
129
  - **ZK-proofs are simulated** — The Dilithium-5 / ZK-proof layer uses cryptographic simulation, not hardware-backed TEEs. It provides logical governance enforcement, not hardware-grade isolation.
@@ -687,12 +687,53 @@ class AutoRunner {
687
687
  fs.writeFileSync(this.statePath, JSON.stringify(state, null, 2));
688
688
  }
689
689
 
690
+ /**
691
+ * Lazily registers (once) the autonomous runner's own ZTAI identity and
692
+ * returns { did, tier }. ztai-manager is a SINGLETON (not a constructor) and
693
+ * exposes no getIdentity() — the runner must register a DID to obtain one.
694
+ * Cached on the instance so every wave evaluates under one stable identity.
695
+ * Tier 3: autonomous phase processing is a high-trust operation; the policy
696
+ * engine still runs its own blast-radius analysis on top, so this is an INPUT
697
+ * to evaluation, not a self-granted bypass.
698
+ */
699
+ async _getRunnerIdentity() {
700
+ if (!this._runnerIdentity) {
701
+ _ZTAIManager = lazyRequire(_ZTAIManager, '../governance/ztai-manager');
702
+ const did = await _ZTAIManager.registerAgent(
703
+ `auto-runner:${process.env.MF_PROJECT_ID || 'MF-ALPHA'}:phase-${this.phase}`,
704
+ 3,
705
+ this._sessionId
706
+ );
707
+ const agent = _ZTAIManager.getAgent(did);
708
+ this._runnerIdentity = { did, tier: agent && typeof agent.tier === 'number' ? agent.tier : 3 };
709
+ }
710
+ return this._runnerIdentity;
711
+ }
712
+
690
713
  async evaluateWavePolicy() {
691
- _ZTAIManager = lazyRequire(_ZTAIManager, '../governance/ztai-manager');
692
- const manager = _ZTAIManager;
693
- const identity = await manager.getIdentity();
694
- const intent = { did: identity.did, action: 'process_phase_wave', resource: `projects/${process.env.MF_PROJECT_ID || 'MF-ALPHA'}/phases/${this.phase}/*`, tier: identity.tier || 1, metadata: { engine: 'Nimbus-S4', mode: 'autonomous', wave_timestamp: new Date().toISOString() } };
695
- const result = this.policyEngine.evaluate(intent);
714
+ let identity;
715
+ try {
716
+ identity = await this._getRunnerIdentity();
717
+ } catch (err) {
718
+ // Fail CLOSED: if the runner cannot establish a verifiable identity, deny
719
+ // the wave rather than proceeding ungoverned.
720
+ console.warn(`[APO-DENY] Could not establish runner identity: ${err.message}`);
721
+ this.writeAudit({ event: 'auto_mode_denied', reason: `identity unavailable: ${err.message}`, phase: this.phase });
722
+ return false;
723
+ }
724
+
725
+ const intent = {
726
+ did: identity.did,
727
+ action: 'process_phase_wave',
728
+ resource: `projects/${process.env.MF_PROJECT_ID || 'MF-ALPHA'}/phases/${this.phase}/*`,
729
+ tier: identity.tier,
730
+ sessionId: this._sessionId,
731
+ metadata: { engine: 'Nimbus-S4', mode: 'autonomous', wave_timestamp: new Date().toISOString() }
732
+ };
733
+
734
+ // policyEngine.evaluate is ASYNC — must be awaited, or `result` is a Promise
735
+ // and `result.verdict === 'DENY'` is always false (the gate never fires).
736
+ const result = await this.policyEngine.evaluate(intent);
696
737
  if (result.verdict === 'DENY') { console.warn(`[APO-DENY] ${result.reason}`); return false; }
697
738
  return true;
698
739
  }
@@ -0,0 +1,114 @@
1
+ 'use strict';
2
+
3
+ /**
4
+ * MindForge — Typed inter-agent message protocol.
5
+ *
6
+ * Ports ECC's ecc2/src/comms/mod.rs MessageType + TaskPriority as a JSON-schema
7
+ * validator. Complements state-manager.js validateHandoff (which validates the
8
+ * HANDOFF.json envelope) by typing the individual messages agents exchange:
9
+ *
10
+ * kinds: task_handoff | query | response | completed | conflict
11
+ * priority: low | normal | high | critical (default normal; legacy fallback)
12
+ *
13
+ * The Conflict kind pairs with the worktree engine's merge-readiness output
14
+ * (bin/worktree/engine.js). This is discipline/typing, not new runtime behavior.
15
+ */
16
+
17
+ const MESSAGE_KINDS = ['task_handoff', 'query', 'response', 'completed', 'conflict'];
18
+ const PRIORITIES = ['low', 'normal', 'high', 'critical'];
19
+ const DEFAULT_PRIORITY = 'normal';
20
+
21
+ // Required fields per kind (mirrors ECC's MessageType variants).
22
+ const REQUIRED_FIELDS = {
23
+ task_handoff: ['task', 'context'],
24
+ query: ['question'],
25
+ response: ['answer'],
26
+ completed: ['summary'], // files_changed optional, defaults []
27
+ conflict: ['file', 'description'],
28
+ };
29
+
30
+ /**
31
+ * Validate a typed message object. Returns { valid, warnings }.
32
+ * Fail-open style (matches validateHandoff): collects warnings, never throws.
33
+ */
34
+ function validateMessage(msg) {
35
+ const warnings = [];
36
+ if (!msg || typeof msg !== 'object' || Array.isArray(msg)) {
37
+ return { valid: false, warnings: ['message is not an object'] };
38
+ }
39
+ if (!MESSAGE_KINDS.includes(msg.kind)) {
40
+ warnings.push(`invalid kind: "${msg.kind}". Expected one of: ${MESSAGE_KINDS.join(', ')}`);
41
+ return { valid: false, warnings };
42
+ }
43
+ for (const field of REQUIRED_FIELDS[msg.kind]) {
44
+ if (typeof msg[field] !== 'string' || msg[field].length === 0) {
45
+ warnings.push(`${msg.kind} missing required string field: ${field}`);
46
+ }
47
+ }
48
+ if (msg.kind === 'completed' && msg.files_changed !== undefined && !Array.isArray(msg.files_changed)) {
49
+ warnings.push('completed.files_changed must be an array');
50
+ }
51
+ if (msg.kind === 'task_handoff' && msg.priority !== undefined && !PRIORITIES.includes(msg.priority)) {
52
+ warnings.push(`invalid priority: "${msg.priority}". Expected one of: ${PRIORITIES.join(', ')}`);
53
+ }
54
+ return { valid: warnings.length === 0, warnings };
55
+ }
56
+
57
+ /**
58
+ * Resolve a handoff message's priority, defaulting to "normal" and tolerating
59
+ * legacy entries that lack a typed priority (ECC's legacy fallback).
60
+ */
61
+ function handoffPriority(msg) {
62
+ if (!msg || typeof msg !== 'object') return DEFAULT_PRIORITY;
63
+ const p = msg.priority;
64
+ return PRIORITIES.includes(p) ? p : DEFAULT_PRIORITY;
65
+ }
66
+
67
+ /**
68
+ * One-line human preview of a typed message (for status/log surfaces).
69
+ */
70
+ function preview(msg) {
71
+ const trunc = (s, n) => {
72
+ const t = String(s || '').trim();
73
+ return t.length <= n ? t : `${t.slice(0, n - 1)}…`;
74
+ };
75
+ switch (msg && msg.kind) {
76
+ case 'task_handoff': {
77
+ const p = handoffPriority(msg);
78
+ return p === DEFAULT_PRIORITY
79
+ ? `handoff ${trunc(msg.task, 56)}`
80
+ : `handoff [${p}] ${trunc(msg.task, 48)}`;
81
+ }
82
+ case 'query': return `query ${trunc(msg.question, 56)}`;
83
+ case 'response': return `response ${trunc(msg.answer, 56)}`;
84
+ case 'completed': {
85
+ const n = Array.isArray(msg.files_changed) ? msg.files_changed.length : 0;
86
+ return n === 0 ? `completed ${trunc(msg.summary, 48)}` : `completed ${trunc(msg.summary, 40)} | ${n} files`;
87
+ }
88
+ case 'conflict': return `conflict ${msg.file} | ${trunc(msg.description, 40)}`;
89
+ default: return `unknown ${trunc(JSON.stringify(msg), 56)}`;
90
+ }
91
+ }
92
+
93
+ /**
94
+ * Build a well-formed message of a given kind (convenience + normalization).
95
+ * Throws if the result fails validation, so callers can't emit a bad message.
96
+ */
97
+ function makeMessage(kind, fields = {}) {
98
+ const msg = Object.assign({ kind }, fields);
99
+ if (kind === 'task_handoff' && msg.priority === undefined) msg.priority = DEFAULT_PRIORITY;
100
+ if (kind === 'completed' && msg.files_changed === undefined) msg.files_changed = [];
101
+ const { valid, warnings } = validateMessage(msg);
102
+ if (!valid) throw new Error(`invalid ${kind} message: ${warnings.join('; ')}`);
103
+ return msg;
104
+ }
105
+
106
+ module.exports = {
107
+ MESSAGE_KINDS,
108
+ PRIORITIES,
109
+ DEFAULT_PRIORITY,
110
+ validateMessage,
111
+ handoffPriority,
112
+ preview,
113
+ makeMessage,
114
+ };
@@ -0,0 +1,138 @@
1
+ #!/usr/bin/env bash
2
+ # session-guardian.sh — Autonomous-loop session guard (MindForge)
3
+ # Exit 0 = proceed. Exit 1 = skip this loop cycle.
4
+ # Called by any bin/autonomous loop (and the deferred background observer)
5
+ # BEFORE spawning a model session, so the loop cannot burn tokens overnight,
6
+ # AFK, or faster than its cooldown.
7
+ #
8
+ # Ported near-verbatim from ECC (continuous-learning-v2/agents/session-guardian.sh).
9
+ # Env defaults map to a new instincts.observer config block (default-off posture):
10
+ # OBSERVER_INTERVAL_SECONDS default: 300 (per-project cooldown)
11
+ # OBSERVER_LAST_RUN_LOG default: ~/.mindforge/observer-last-run.log
12
+ # OBSERVER_ACTIVE_HOURS_START default: 800 (8:00 AM local, 0 to disable)
13
+ # OBSERVER_ACTIVE_HOURS_END default: 2300 (11:00 PM local, 0 to disable)
14
+ # OBSERVER_MAX_IDLE_SECONDS default: 1800 (30 min; 0 to disable)
15
+ #
16
+ # Gate order (cheapest first):
17
+ # Gate 1: Time window check (~0ms)
18
+ # Gate 2: Project cooldown log (~1ms, mkdir lock)
19
+ # Gate 3: Idle detection (~5-50ms, OS syscall; fail open)
20
+
21
+ set -euo pipefail
22
+
23
+ INTERVAL="${OBSERVER_INTERVAL_SECONDS:-300}"
24
+ LOG_PATH="${OBSERVER_LAST_RUN_LOG:-$HOME/.mindforge/observer-last-run.log}"
25
+ ACTIVE_START="${OBSERVER_ACTIVE_HOURS_START:-800}"
26
+ ACTIVE_END="${OBSERVER_ACTIVE_HOURS_END:-2300}"
27
+ MAX_IDLE="${OBSERVER_MAX_IDLE_SECONDS:-1800}"
28
+
29
+ # ── Gate 1: Time Window ───────────────────────────────────────────────────────
30
+ if [ "$ACTIVE_START" -ne 0 ] || [ "$ACTIVE_END" -ne 0 ]; then
31
+ current_hhmm=$(date +%k%M | tr -d ' ')
32
+ current_hhmm_num=$(( 10#${current_hhmm:-0} ))
33
+ active_start_num=$(( 10#${ACTIVE_START:-800} ))
34
+ active_end_num=$(( 10#${ACTIVE_END:-2300} ))
35
+
36
+ within_active_hours=0
37
+ if [ "$active_start_num" -lt "$active_end_num" ]; then
38
+ if [ "$current_hhmm_num" -ge "$active_start_num" ] && [ "$current_hhmm_num" -lt "$active_end_num" ]; then
39
+ within_active_hours=1
40
+ fi
41
+ else
42
+ if [ "$current_hhmm_num" -ge "$active_start_num" ] || [ "$current_hhmm_num" -lt "$active_end_num" ]; then
43
+ within_active_hours=1
44
+ fi
45
+ fi
46
+
47
+ if [ "$within_active_hours" -ne 1 ]; then
48
+ echo "session-guardian: outside active hours (${current_hhmm}, window ${ACTIVE_START}-${ACTIVE_END})" >&2
49
+ exit 1
50
+ fi
51
+ fi
52
+
53
+ # ── Gate 2: Project Cooldown Log ─────────────────────────────────────────────
54
+ project_root="${PROJECT_DIR:-}"
55
+ if [ -z "$project_root" ] || [ ! -d "$project_root" ]; then
56
+ project_root="$(git rev-parse --show-toplevel 2>/dev/null || echo "$PWD")"
57
+ fi
58
+ project_name="$(basename "$project_root")"
59
+ now="$(date +%s)"
60
+
61
+ mkdir -p "$(dirname "$LOG_PATH")" || {
62
+ echo "session-guardian: cannot create log dir, proceeding" >&2
63
+ exit 0
64
+ }
65
+
66
+ _lock_dir="${LOG_PATH}.lock"
67
+ if ! mkdir "$_lock_dir" 2>/dev/null; then
68
+ echo "session-guardian: log locked by concurrent process, skipping cycle" >&2
69
+ exit 1
70
+ else
71
+ trap 'rm -rf "$_lock_dir"' EXIT INT TERM
72
+
73
+ last_spawn=0
74
+ last_spawn=$(awk -F '\t' -v key="$project_root" '$1 == key { value = $2 } END { if (value != "") print value }' "$LOG_PATH" 2>/dev/null) || true
75
+ last_spawn="${last_spawn:-0}"
76
+ [[ "$last_spawn" =~ ^[0-9]+$ ]] || last_spawn=0
77
+
78
+ elapsed=$(( now - last_spawn ))
79
+ if [ "$elapsed" -lt "$INTERVAL" ]; then
80
+ rm -rf "$_lock_dir"
81
+ trap - EXIT INT TERM
82
+ echo "session-guardian: cooldown active for '${project_name}' (last spawn ${elapsed}s ago, interval ${INTERVAL}s)" >&2
83
+ exit 1
84
+ fi
85
+
86
+ tmp_log="$(mktemp "$(dirname "$LOG_PATH")/observer-last-run.XXXXXX")"
87
+ awk -F '\t' -v key="$project_root" '$1 != key' "$LOG_PATH" > "$tmp_log" 2>/dev/null || true
88
+ printf '%s\t%s\n' "$project_root" "$now" >> "$tmp_log"
89
+ mv "$tmp_log" "$LOG_PATH"
90
+
91
+ rm -rf "$_lock_dir"
92
+ trap - EXIT INT TERM
93
+ fi
94
+
95
+ # ── Gate 3: Idle Detection ────────────────────────────────────────────────────
96
+ get_idle_seconds() {
97
+ local _raw
98
+ case "$(uname -s)" in
99
+ Darwin)
100
+ _raw=$( { /usr/sbin/ioreg -c IOHIDSystem \
101
+ | /usr/bin/awk '/HIDIdleTime/ {print int($NF/1000000000); exit}'; } \
102
+ 2>/dev/null ) || true
103
+ printf '%s\n' "${_raw:-0}" | head -n1
104
+ ;;
105
+ Linux)
106
+ if command -v xprintidle >/dev/null 2>&1; then
107
+ _raw=$(xprintidle 2>/dev/null) || true
108
+ echo $(( ${_raw:-0} / 1000 ))
109
+ else
110
+ echo 0 # fail open: xprintidle not installed
111
+ fi
112
+ ;;
113
+ *MINGW*|*MSYS*|*CYGWIN*)
114
+ _raw=$(powershell.exe -NoProfile -NonInteractive -Command \
115
+ "try { \
116
+ Add-Type -MemberDefinition '[DllImport(\"user32.dll\")] public static extern bool GetLastInputInfo(ref LASTINPUTINFO p); [StructLayout(LayoutKind.Sequential)] public struct LASTINPUTINFO { public uint cbSize; public int dwTime; }' -Name WinAPI -Namespace PInvoke; \
117
+ \$l = New-Object PInvoke.WinAPI+LASTINPUTINFO; \$l.cbSize = 8; \
118
+ [PInvoke.WinAPI]::GetLastInputInfo([ref]\$l) | Out-Null; \
119
+ [int][Math]::Max(0, [long]([Environment]::TickCount - [long]\$l.dwTime) / 1000) \
120
+ } catch { 0 }" \
121
+ 2>/dev/null | tr -d '\r') || true
122
+ printf '%s\n' "${_raw:-0}" | head -n1
123
+ ;;
124
+ *)
125
+ echo 0 # fail open: unknown platform
126
+ ;;
127
+ esac
128
+ }
129
+
130
+ if [ "$MAX_IDLE" -gt 0 ]; then
131
+ idle_seconds=$(get_idle_seconds)
132
+ if [ "$idle_seconds" -gt "$MAX_IDLE" ]; then
133
+ echo "session-guardian: user idle ${idle_seconds}s (threshold ${MAX_IDLE}s), skipping" >&2
134
+ exit 1
135
+ fi
136
+ fi
137
+
138
+ exit 0