mindforge-cc 2.0.0-alpha.4 → 2.0.0-alpha.7

package/bin/dashboard/metrics-aggregator.js

@@ -0,0 +1,296 @@
+/**
+ * MindForge v2 — Metrics Aggregator
+ * Reads .mindforge/metrics/ and .planning/ files and produces
+ * structured metrics for the dashboard API.
+ */
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+
+// Paths are resolved lazily to support testing in temp directories
+const getPaths = () => ({
+  quality:   path.join(process.cwd(), '.mindforge', 'metrics', 'session-quality.jsonl'),
+  usage:     path.join(process.cwd(), '.mindforge', 'metrics', 'token-usage.jsonl'),
+  audit:     path.join(process.cwd(), '.planning', 'AUDIT.jsonl'),
+  handoff:   path.join(process.cwd(), '.planning', 'HANDOFF.json'),
+  auto:      path.join(process.cwd(), '.planning', 'auto-state.json'),
+  approvals: path.join(process.cwd(), '.planning', 'approvals'),
+  team:      path.join(process.cwd(), '.planning', 'TEAM-STATE.jsonl'),
+  kb:        path.join(process.cwd(), '.mindforge', 'memory', 'knowledge-base.jsonl'),
+  project:   path.join(process.cwd(), '.planning', 'PROJECT.md'),
+});
+
+function readJSONL(filePath, limit = 500) {
+  if (!fs.existsSync(filePath)) return [];
+  return fs.readFileSync(filePath, 'utf8')
+    .split('\n').filter(Boolean).slice(-limit)
+    .map(l => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+}
+
+function readJSON(filePath) {
+  if (!fs.existsSync(filePath)) return null;
+  try { return JSON.parse(fs.readFileSync(filePath, 'utf8')); } catch { return null; }
+}
+
+// ── Status ────────────────────────────────────────────────────────────────────
+function getStatus() {
+  const paths     = getPaths();
+  const handoff   = readJSON(paths.handoff);
+  const autoState = readJSON(paths.auto);
+
+  // Read project name from PROJECT.md
+  let projectName = 'MindForge Project';
+  const projectMd = paths.project;
+  if (fs.existsSync(projectMd)) {
+    const m = fs.readFileSync(projectMd, 'utf8').match(/^# (.+)/m);
+    if (m) projectName = m[1].trim();
+  }
+
+  return {
+    project_name:      projectName,
+    phase:             handoff?.current_phase ?? null,
+    phase_description: handoff?.phase_description ?? null,
+    auto_mode:         autoState?.auto_mode_active ?? false,
+    auto_status:       autoState?.status ?? 'idle',
+    current_task:      autoState?.current_task ?? handoff?.next_task ?? null,
+    wave_current:      autoState?.wave_current ?? null,
+    wave_total:        autoState?.wave_total ?? null,
+    tasks_completed:   autoState?.tasks_completed ?? null,
+    tasks_total:       autoState?.tasks_total ?? null,
+    elapsed_ms:        autoState?.elapsed_ms ?? null,
+    node_repairs:      autoState?.node_repairs ?? 0,
+    escalations:       autoState?.escalations ?? 0,
+    last_commit:       autoState?.last_commit ?? null,
+    last_event_at:     handoff?.last_updated ?? null,
+    schema_version:    handoff?.schema_version ?? null,
+  };
+}
+
+// ── Audit ─────────────────────────────────────────────────────────────────────
+function getAuditEntries(limit = 50, offset = 0, eventFilter = null) {
+  const paths = getPaths();
+  const all   = readJSONL(paths.audit, 1000);
+  const reversed = all.reverse(); // Newest first
+
+  const filtered = eventFilter
+    ? reversed.filter(e => e.event === eventFilter)
+    : reversed;
+
+  return {
+    entries: filtered.slice(offset, offset + limit),
+    total:   filtered.length,
+    limit,
+    offset,
+  };
+}
+
+// ── Metrics ───────────────────────────────────────────────────────────────────
+function getMetrics() {
+  const paths          = getPaths();
+  const qualityEntries = readJSONL(paths.quality, 20);
+  const usageEntries   = readJSONL(paths.usage, 200);
+  const auditEntries   = readJSONL(paths.audit, 500);
+
+  // Quality scores (last 20 sessions)
+  const sessions = qualityEntries.map(e => ({
+    id:               e.session_id,
+    timestamp:        e.timestamp,
+    quality_score:    e.quality_score ?? 0,
+    verify_pass_rate: e.verify_pass_rate ?? 0,
+    cost_usd:         e.total_cost_usd ?? 0,
+    node_repairs:     e.node_repairs ?? 0,
+  }));
+
+  const avg_quality    = sessions.length
+    ? sessions.reduce((s, e) => s + e.quality_score, 0) / sessions.length : 0;
+  const avg_cost_usd   = sessions.length
+    ? sessions.reduce((s, e) => s + e.cost_usd, 0) / sessions.length : 0;
+
+  // Security findings from AUDIT
+  const securityFindings = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
+  auditEntries
+    .filter(e => e.event === 'security_finding')
+    .forEach(e => {
+      const sev = e.severity || 'LOW';
+      securityFindings[sev] = (securityFindings[sev] || 0) + 1;
+    });
+
+  // Node repair rate
+  const taskEvents   = auditEntries.filter(e => e.event === 'task_completed' || e.event === 'task_failed');
+  const repairEvents = auditEntries.filter(e => e.event === 'node_repair');
+  const node_repair_rate = taskEvents.length
+    ? repairEvents.length / taskEvents.length : 0;
+
+  return {
+    sessions,
+    avg_quality:        Math.round(avg_quality * 100) / 100,
+    avg_cost_usd:       Math.round(avg_cost_usd * 10000) / 10000,
+    security_findings:  securityFindings,
+    node_repair_rate:   Math.round(node_repair_rate * 100) / 100,
+    total_tasks:        taskEvents.filter(e => e.event === 'task_completed').length,
+  };
+}
+
+// ── Approvals ─────────────────────────────────────────────────────────────────
+function getApprovals() {
+  const paths = getPaths();
+  if (!fs.existsSync(paths.approvals)) return { pending: [], approved: [], rejected: [], expired: [] };
+
+  const now   = Date.now();
+  const files = fs.readdirSync(paths.approvals)
+    .filter(f => f.startsWith('APPROVAL-') && f.endsWith('.json'))
+    .sort();
+
+  const pending  = [];
+  const approved = [];
+  const rejected = [];
+  const expired  = [];
+
+  for (const f of files) {
+    try {
+      const data    = JSON.parse(fs.readFileSync(path.join(paths.approvals, f), 'utf8'));
+      const expiry  = data.expires_at ? new Date(data.expires_at).getTime() : Infinity;
+      const hoursRemaining = expiry === Infinity ? null : (expiry - now) / 3_600_000;
+
+      const enriched = { ...data, hours_remaining: hoursRemaining };
+
+      if (data.status === 'approved')        approved.push(enriched);
+      else if (data.status === 'rejected')   rejected.push(enriched);
+      else if (expiry < now)                 expired.push({ ...enriched, status: 'expired' });
+      else                                   pending.push(enriched);
+    } catch { /* skip corrupt files */ }
+  }
+
+  return { pending, approved, rejected, expired };
+}
+
+// ── Team activity ─────────────────────────────────────────────────────────────
+function getTeamActivity() {
+  const paths        = getPaths();
+  const auditEntries = readJSONL(paths.audit, 200);
+
+  // Group by author (git email from session_id or authored_by field)
+  const byAuthor = {};
+  for (const entry of auditEntries) {
+    const author = entry.authored_by || entry.session_id || 'unknown';
+    if (!byAuthor[author] || entry.timestamp > byAuthor[author].last_seen) {
+      byAuthor[author] = {
+        email:        author,
+        last_seen:    entry.timestamp,
+        current_task: entry.plan ? `Plan ${entry.phase}-${entry.plan}` : null,
+        event:        entry.event,
+      };
+    }
+  }
+
+  const now    = Date.now();
+  const active = Object.values(byAuthor)
+    .map(a => ({
+      ...a,
+      last_seen_mins: Math.round((now - new Date(a.last_seen).getTime()) / 60_000),
+    }))
+    .filter(a => a.last_seen_mins < 120) // Active in last 2 hours
+    .sort((a, b) => a.last_seen_mins - b.last_seen_mins);
+
+  // Conflict detection — two authors recently touching same file
+  const conflicts = detectFileConflicts(auditEntries);
+
+  return { active, conflicts };
+}
+
+function detectFileConflicts(auditEntries) {
+  const fileToAuthors = {};
+
+  for (const entry of auditEntries.slice(-100)) {
+    if (!entry.files_modified) continue;
+    const author = entry.authored_by || entry.session_id;
+    if (!author) continue;
+
+    const files = Array.isArray(entry.files_modified) ? entry.files_modified : [entry.files_modified];
+    for (const f of files) {
+      if (!fileToAuthors[f]) fileToAuthors[f] = new Set();
+      fileToAuthors[f].add(author);
+    }
+  }
+
+  return Object.entries(fileToAuthors)
+    .filter(([, authors]) => authors.size > 1)
+    .map(([file, authors]) => ({ file, developers: [...authors] }));
+}
+
+// ── Memory ────────────────────────────────────────────────────────────────────
+function getMemory(query = '', limit = 20) {
+  const paths = getPaths();
+  if (!fs.existsSync(paths.kb)) return { entries: [], total: 0 };
+
+  const lines  = fs.readFileSync(paths.kb, 'utf8').split('\n').filter(Boolean);
+  const byId   = new Map();
+  for (const l of lines) {
+    try { const e = JSON.parse(l); byId.set(e.id, e); } catch { /* skip */ }
+  }
+
+  let entries = [...byId.values()].filter(e => !e.deprecated);
+
+  if (query) {
+    const q = query.toLowerCase();
+    entries = entries.filter(e =>
+      e.topic.toLowerCase().includes(q) ||
+      e.content.toLowerCase().includes(q) ||
+      (e.tags || []).some(t => t.toLowerCase().includes(q))
+    );
+  }
+
+  entries.sort((a, b) => b.confidence - a.confidence);
+
+  return { entries: entries.slice(0, limit), total: entries.length };
+}
+
+// ── Costs ─────────────────────────────────────────────────────────────────────
+function getCosts(windowDays = 7) {
+  const paths      = getPaths();
+  const entries    = readJSONL(paths.usage, 1000);
+  const cutoff     = new Date(Date.now() - windowDays * 86_400_000).toISOString().slice(0, 10);
+  const today      = new Date().toISOString().slice(0, 10);
+
+  const stats = {
+    total_usd:     0,
+    today_usd:     0,
+    by_model:      {},
+    daily_limit:   10.00, // Default for viz
+  };
+
+  for (const e of entries) {
+    if (e.timestamp < cutoff) continue;
+    
+    const cost = e.total_cost_usd || 0;
+    stats.total_usd += cost;
+    
+    if (e.timestamp && e.timestamp.startsWith(today)) {
+      stats.today_usd += cost;
+    }
+
+    const model = e.model || 'unknown';
+    stats.by_model[model] = (stats.by_model[model] || 0) + cost;
+  }
+
+  // Cleanup numbers
+  stats.total_usd = Math.round(stats.total_usd * 100) / 100;
+  stats.today_usd = Math.round(stats.today_usd * 100) / 100;
+  for (const m in stats.by_model) {
+    stats.by_model[m] = Math.round(stats.by_model[m] * 100) / 100;
+  }
+
+  return stats;
+}
+
+module.exports = {
+  getStatus,
+  getAuditEntries,
+  getMetrics,
+  getApprovals,
+  getTeamActivity,
+  getMemory,
+  getCosts
+};

package/bin/dashboard/server.js

@@ -0,0 +1,135 @@
+#!/usr/bin/env node
+/**
+ * MindForge v2 — Dashboard Server
+ * Real-time web observability at localhost:7339.
+ *
+ * Usage:
+ *   node bin/dashboard/server.js [--port 7339] [--open]
+ *   /mindforge:dashboard [--port 7339] [--open] [--stop]
+ *
+ * Security: binds to 127.0.0.1 only (ADR-017 policy).
+ * No authentication — localhost-only access is the security model.
+ */
+'use strict';
+
+const http   = require('http');
+const path   = require('path');
+const fs     = require('fs');
+const ARGS   = process.argv.slice(2);
+
+const PORT     = parseInt(ARGS.find((_, i, a) => a[i-1] === '--port') || '7339', 10);
+const OPEN_BROWSER = ARGS.includes('--open');
+const PID_FILE = path.join(process.cwd(), '.planning', 'dashboard-server.pid');
+const FRONTEND = path.join(__dirname, 'frontend', 'index.html');
+
+// ── Load dependencies gracefully ──────────────────────────────────────────────
+let express;
+try {
+  express = require('express');
+} catch {
+  console.error('[dashboard] express not installed. Run: npm install express');
+  process.exit(1);
+}
+
+const SSE    = require('./sse-bridge');
+const API    = require('./api-router');
+
+// ── Express app ───────────────────────────────────────────────────────────────
+const app = express();
+
+// Security middleware
+app.use((req, res, next) => {
+  const addr = req.socket.remoteAddress;
+  const isLocal = addr === '127.0.0.1' || addr === '::1' || addr === '::ffff:127.0.0.1';
+  if (!isLocal) {
+    return res.status(403).json({ error: 'Dashboard is localhost-only' });
+  }
+  next();
+});
+
+// CORS — only allow requests from localhost origins
+app.use((req, res, next) => {
+  const origin = req.headers.origin;
+
+  if (origin && /^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/.test(origin)) {
+    // Explicit localhost origin — set CORS headers
+    res.setHeader('Access-Control-Allow-Origin', origin);
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+    res.setHeader('Vary', 'Origin'); // Important: vary by origin for caching
+  }
+  // No origin header (same-origin/curl/postman): don't set CORS headers
+  // This is correct — same-origin requests don't need CORS headers
+  if (req.method === 'OPTIONS') return res.status(204).end();
+  next();
+});
+
+app.use(express.json({ limit: '64kb' })); // Limit request body size
+
+// Security headers
+app.use((req, res, next) => {
+  res.setHeader('X-Content-Type-Options', 'nosniff');
+  res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+  res.setHeader('Cache-Control', 'no-store'); // Never cache dashboard responses
+  next();
+});
+
+// ── Static frontend ───────────────────────────────────────────────────────────
+app.get('/', (req, res) => {
+  if (!fs.existsSync(FRONTEND)) {
+    return res.status(503).send('<h1>Dashboard frontend not found</h1><p>Run: npm run build:dashboard</p>');
+  }
+  res.sendFile(FRONTEND);
+});
+
+// ── Register API routes ───────────────────────────────────────────────────────
+API.register(app);
+
+// ── Start SSE bridge ──────────────────────────────────────────────────────────
+SSE.start();
+
+// ── HTTP server ───────────────────────────────────────────────────────────────
+const server = http.createServer(app);
+
+server.listen(PORT, '127.0.0.1', () => {
+  fs.mkdirSync(path.dirname(PID_FILE), { recursive: true });
+  fs.writeFileSync(PID_FILE, String(process.pid));
+
+  console.log(`\n⚡  MindForge Dashboard`);
+  console.log(`    URL:     http://localhost:${PORT}`);
+  console.log(`    Status:  http://localhost:${PORT}/api/status`);
+  console.log(`    Events:  http://localhost:${PORT}/events`);
+  console.log(`    PID:     ${process.pid}`);
+  console.log(`\n    Press CTRL+C to stop\n`);
+
+  if (OPEN_BROWSER) {
+    const open = process.platform === 'darwin' ? 'open'
+      : process.platform === 'win32' ? 'start'
+      : 'xdg-open';
+    const { spawn } = require('child_process');
+    spawn(open, [`http://localhost:${PORT}`], { detached: true, stdio: 'ignore' });
+  }
+});
+
+server.on('error', err => {
+  if (err.code === 'EADDRINUSE') {
+    console.error(`[dashboard] Port ${PORT} already in use.`);
+    console.error(`[dashboard] Stop it: /mindforge:dashboard --stop`);
+    console.error(`[dashboard] Or use a different port: /mindforge:dashboard --port 7340`);
+  }
+  process.exit(1);
+});
+
+// ── Graceful shutdown ─────────────────────────────────────────────────────────
+function shutdown(signal) {
+  console.log(`\n[dashboard] ${signal} received — shutting down`);
+  SSE.stop();
+  server.close(() => {
+    if (fs.existsSync(PID_FILE)) fs.unlinkSync(PID_FILE);
+    process.exit(0);
+  });
+  setTimeout(() => process.exit(0), 3000);
+}
+
+process.on('SIGTERM', () => shutdown('SIGTERM'));
+process.on('SIGINT',  () => shutdown('SIGINT'));

package/bin/dashboard/sse-bridge.js

@@ -0,0 +1,178 @@
+/**
+ * MindForge v2 — SSE Event Bridge
+ * Tails AUDIT.jsonl and auto-state.json and pushes changes
+ * to all connected SSE clients.
+ *
+ * Design:
+ * - Uses fs.watchFile() for cross-platform file watching (not fs.watch)
+ * - Each connected client gets a Response object stored in a Set
+ * - Events are broadcast to ALL connected clients on every file change
+ * - Keepalive ping every 15 seconds to detect disconnected clients
+ */
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+
+const AUDIT_PATH      = path.join(process.cwd(), '.planning', 'AUDIT.jsonl');
+const AUTO_STATE_PATH = path.join(process.cwd(), '.planning', 'auto-state.json');
+const APPROVAL_DIR    = path.join(process.cwd(), '.planning', 'approvals');
+
+const clients = new Set(); // Connected SSE response objects
+
+let _lastAuditSize  = 0;
+let _auditInode     = 0; // Track file inode for rotation detection
+let _lastAutoState  = '';
+let _lastApprovals  = '';
+
+// ── Client management ─────────────────────────────────────────────────────────
+
+function addClient(res) {
+  clients.add(res);
+  res.on('close', () => {
+    clients.delete(res);
+  });
+}
+
+function broadcast(eventName, data) {
+  const message = `event: ${eventName}\ndata: ${JSON.stringify(data)}\n\n`;
+  const toRemove = [];
+
+  for (const res of clients) {
+    try {
+      res.write(message);
+    } catch (err) {
+      // Connection died ungracefully (EPIPE, ECONNRESET, etc.)
+      toRemove.push(res);
+    }
+  }
+
+  // Remove dead clients outside iteration
+  for (const res of toRemove) {
+    clients.delete(res);
+  }
+}
+
+function broadcastRaw(message) {
+  for (const res of clients) {
+    try {
+      res.write(message);
+    } catch {
+      clients.delete(res);
+    }
+  }
+}
+
+// ── File tail: AUDIT.jsonl ────────────────────────────────────────────────────
+
+function pollAuditLog() {
+  if (!fs.existsSync(AUDIT_PATH)) return;
+
+  try {
+    const stat     = fs.statSync(AUDIT_PATH);
+    const newSize  = stat.size;
+    const newIno   = stat.ino;
+
+    // File rotation detected: inode changed or new file is smaller
+    if (newIno !== _auditInode && _auditInode !== 0) {
+      process.stderr.write(`[sse-bridge] AUDIT.jsonl rotation detected (old ino: ${_auditInode}, new ino: ${newIno})\n`);
+      _lastAuditSize = 0;
+    }
+    _auditInode = newIno;
+
+    if (newSize <= _lastAuditSize) return; // No new data
+
+    // Read only the new bytes appended since last poll
+    const fd   = fs.openSync(AUDIT_PATH, 'r');
+    const chunk = Buffer.alloc(newSize - _lastAuditSize);
+    fs.readSync(fd, chunk, 0, chunk.length, _lastAuditSize);
+    fs.closeSync(fd);
+    _lastAuditSize = newSize;
+
+    // Parse new lines
+    const newLines = chunk.toString().split('\n').filter(Boolean);
+    for (const line of newLines) {
+      try {
+        const entry = JSON.parse(line);
+        broadcast('audit:new', entry);
+      } catch { /* skip malformed */ }
+    }
+  } catch { /* ignore read errors — file may be locked */ }
+}
+
+// ── File poll: auto-state.json ────────────────────────────────────────────────
+
+function pollAutoState() {
+  if (!fs.existsSync(AUTO_STATE_PATH)) return;
+
+  try {
+    const raw = fs.readFileSync(AUTO_STATE_PATH, 'utf8');
+    if (raw === _lastAutoState) return;
+    _lastAutoState = raw;
+    const state = JSON.parse(raw);
+    broadcast('status:update', state);
+  } catch { /* ignore */ }
+}
+
+// ── File poll: approval directory ─────────────────────────────────────────────
+
+function pollApprovals() {
+  if (!fs.existsSync(APPROVAL_DIR)) return;
+
+  try {
+    const files  = fs.readdirSync(APPROVAL_DIR)
+      .filter(f => f.startsWith('APPROVAL-') && f.endsWith('.json'))
+      .sort();
+    const key = files.join(',');
+    if (key === _lastApprovals) return;
+    _lastApprovals = key;
+
+    // Find new pending approvals
+    for (const f of files) {
+      try {
+        const data = JSON.parse(fs.readFileSync(path.join(APPROVAL_DIR, f), 'utf8'));
+        if (data.status === 'pending') {
+          broadcast('approval:new', data);
+        }
+      } catch { /* skip */ }
+    }
+  } catch { /* ignore */ }
+}
+
+// ── Keepalive ─────────────────────────────────────────────────────────────────
+
+let _pollInterval  = null;
+let _pingInterval  = null;
+
+function start() {
+  // Initialize AUDIT position
+  if (fs.existsSync(AUDIT_PATH)) {
+    const stat = fs.statSync(AUDIT_PATH);
+    _lastAuditSize = stat.size;
+    _auditInode    = stat.ino;
+  }
+
+  // Poll every 2 seconds
+  _pollInterval = setInterval(() => {
+    pollAuditLog();
+    pollAutoState();
+    pollApprovals();
+  }, 2000);
+
+  // Keepalive ping every 15 seconds
+  _pingInterval = setInterval(() => {
+    broadcastRaw(`: ping\n\n`);
+  }, 15_000);
+
+  _pollInterval.unref();
+  _pingInterval.unref();
+}
+
+function stop() {
+  if (_pollInterval) { clearInterval(_pollInterval); _pollInterval = null; }
+  if (_pingInterval) { clearInterval(_pingInterval); _pingInterval = null; }
+}
+
+function getClientCount() { return clients.size; }
+
+module.exports = { addClient, broadcast, start, stop, getClientCount };

package/bin/governance/approve.js

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+/**
+ * MindForge Governance — Approval Signature Generator
+ * Usage: node bin/governance/approve.js "Reason for approval"
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+const REASON = process.argv[2] || 'Manual approval for sensitive changes.';
+const ROOT = path.resolve(__dirname, '../../');
+const APPROVALS_DIR = path.join(ROOT, '.planning/approvals');
+
+if (!fs.existsSync(APPROVALS_DIR)) {
+  fs.mkdirSync(APPROVALS_DIR, { recursive: true });
+}
+
+async function approve() {
+  const pkgPath = path.join(ROOT, 'package.json');
+  const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+
+  const id = `MF-AUTH-${Date.now().toString(36).toUpperCase()}`;
+  const timestamp = new Date().toISOString();
+  
+  // Calculate a mock signature based on current state (can be hardened with real crypto sign later)
+  const signature = crypto.createHash('sha256')
+    .update(`${id}:${REASON}:${timestamp}:${os.hostname()}`)
+    .digest('hex');
+
+  const record = {
+    id,
+    project: pkg.name,
+    version: pkg.version,
+    tier: 3,
+    approved_by: process.env.USER || 'MindForge User',
+    timestamp,
+    reason: REASON,
+    signature: `sha256:${signature}`
+  };
+
+  const filename = `approval-${id.toLowerCase()}.json`;
+  const filePath = path.join(APPROVALS_DIR, filename);
+
+  fs.writeFileSync(filePath, JSON.stringify(record, null, 2));
+  
+  console.log(`\n✅ Governance approval generated!\n`);
+  console.log(`ID:       ${id}`);
+  console.log(`Reason:   ${REASON}`);
+  console.log(`File:     .planning/approvals/${filename}`);
+  console.log(`\nCommit this file to unblock Tier 3 gates in CI.\n`);
+}
+
+approve().catch(err => {
+  console.error(`❌ Approval failed: ${err.message}`);
+  process.exit(1);
+});