mustflow 1.31.0 → 2.16.0

package/dist/core/repeated-failure.js

@@ -0,0 +1,179 @@
+import { createHash } from 'node:crypto';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import path from 'node:path';
+export const REPEATED_FAILURE_STATE_PATH = '.mustflow/state/repeated-failures.json';
+export const REPEATED_FAILURE_STATE_LIMIT = 50;
+const UNRESOLVED_VERIFY_STATUSES = new Set(['failed', 'blocked', 'partial']);
+function sha256Json(value) {
+    return `sha256:${createHash('sha256').update(JSON.stringify(value)).digest('hex')}`;
+}
+function normalizeStrings(values) {
+    return [...new Set(values.map((value) => value.trim()).filter((value) => value.length > 0))].sort((left, right) => left.localeCompare(right));
+}
+function hashStrings(values) {
+    return sha256Json(normalizeStrings(values));
+}
+function hashBooleans(values) {
+    return sha256Json([...new Set(values)].sort((left, right) => Number(left) - Number(right)));
+}
+function isString(value) {
+    return typeof value === 'string' && value.length > 0;
+}
+function isRepeatedFailureSummary(value) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        return false;
+    }
+    const record = value;
+    return (record.schema_version === '1' &&
+        isString(record.fingerprint) &&
+        isString(record.verification_plan_id) &&
+        isString(record.status) &&
+        isString(record.failed_intents_hash) &&
+        isString(record.risk_codes_hash) &&
+        isString(record.affected_surfaces_hash) &&
+        isString(record.first_seen_at) &&
+        isString(record.last_seen_at) &&
+        typeof record.seen_count === 'number' &&
+        Number.isInteger(record.seen_count) &&
+        record.seen_count > 0 &&
+        typeof record.requires_new_evidence === 'boolean');
+}
+function repeatedFailureStatePath(projectRoot) {
+    return path.join(projectRoot, ...REPEATED_FAILURE_STATE_PATH.split('/'));
+}
+function readRepeatedFailureState(projectRoot) {
+    const statePath = repeatedFailureStatePath(projectRoot);
+    if (!existsSync(statePath)) {
+        return { schema_version: '1', fingerprints: [] };
+    }
+    try {
+        const parsed = JSON.parse(readFileSync(statePath, 'utf8'));
+        const fingerprints = Array.isArray(parsed.fingerprints)
+            ? parsed.fingerprints.filter(isRepeatedFailureSummary)
+            : [];
+        return { schema_version: '1', fingerprints };
+    }
+    catch {
+        return { schema_version: '1', fingerprints: [] };
+    }
+}
+function writeRepeatedFailureState(projectRoot, state) {
+    const statePath = repeatedFailureStatePath(projectRoot);
+    mkdirSync(path.dirname(statePath), { recursive: true });
+    writeFileSync(statePath, `${JSON.stringify(state, null, 2)}\n`, 'utf8');
+}
+export function createVerificationFailureFingerprint(input) {
+    const failedIntents = normalizeStrings(input.failedIntents);
+    const riskCodes = normalizeStrings(input.riskCodes);
+    if (failedIntents.length === 0 && riskCodes.length === 0) {
+        return null;
+    }
+    const exitCodeClasses = normalizeStrings(input.exitCodeClasses);
+    const timeoutFlags = [...new Set(input.timeoutFlags)].sort((left, right) => Number(left) - Number(right));
+    const errorKinds = normalizeStrings(input.errorKinds);
+    const affectedSurfaces = normalizeStrings(input.affectedSurfaces);
+    const commandFingerprints = normalizeStrings(input.commandFingerprints);
+    const diagnosticSignals = {
+        exit_code_classes: exitCodeClasses,
+        timeout_flags: timeoutFlags,
+        error_kinds: errorKinds,
+    };
+    const fingerprintSource = {
+        schema_version: '1',
+        verification_plan_id: input.verificationPlanId,
+        failed_intents: failedIntents,
+        diagnostic_signals: diagnosticSignals,
+        risk_codes: riskCodes,
+        affected_surfaces: affectedSurfaces,
+        command_fingerprints: commandFingerprints,
+    };
+    return {
+        schema_version: '1',
+        fingerprint: sha256Json(fingerprintSource),
+        verification_plan_id: input.verificationPlanId,
+        failed_intents_hash: hashStrings(failedIntents),
+        exit_code_classes_hash: hashStrings(exitCodeClasses),
+        timeout_flags_hash: hashBooleans(timeoutFlags),
+        error_kinds_hash: hashStrings(errorKinds),
+        diagnostic_hash: sha256Json(diagnosticSignals),
+        risk_codes_hash: hashStrings(riskCodes),
+        affected_surfaces_hash: hashStrings(affectedSurfaces),
+        command_fingerprints_hash: hashStrings(commandFingerprints),
+    };
+}
+export function updateRepeatedFailureState(input) {
+    const failureFingerprint = input.failureFingerprint;
+    if (!failureFingerprint) {
+        return null;
+    }
+    const state = readRepeatedFailureState(input.projectRoot);
+    const observedAt = (input.observedAt ?? new Date()).toISOString();
+    const existing = state.fingerprints.find((entry) => entry.fingerprint === failureFingerprint.fingerprint);
+    const seenCount = (existing?.seen_count ?? 0) + 1;
+    const summary = {
+        schema_version: '1',
+        fingerprint: failureFingerprint.fingerprint,
+        verification_plan_id: failureFingerprint.verification_plan_id,
+        status: input.status,
+        failed_intents_hash: failureFingerprint.failed_intents_hash,
+        risk_codes_hash: failureFingerprint.risk_codes_hash,
+        affected_surfaces_hash: failureFingerprint.affected_surfaces_hash,
+        first_seen_at: existing?.first_seen_at ?? observedAt,
+        last_seen_at: observedAt,
+        seen_count: seenCount,
+        requires_new_evidence: UNRESOLVED_VERIFY_STATUSES.has(input.status) && seenCount >= 2,
+    };
+    const nextFingerprints = [summary, ...state.fingerprints.filter((entry) => entry.fingerprint !== summary.fingerprint)]
+        .sort((left, right) => right.last_seen_at.localeCompare(left.last_seen_at))
+        .slice(0, REPEATED_FAILURE_STATE_LIMIT);
+    writeRepeatedFailureState(input.projectRoot, {
+        schema_version: '1',
+        fingerprints: nextFingerprints,
+    });
+    return summary;
+}
+function createRepeatedFailureRisk(code, currentFingerprint, previousStatus) {
+    const detail = code === 'repeated_verification_failure'
+        ? 'The previous verify summary has the same failure fingerprint and an unresolved status; provide new evidence or a narrower hypothesis before marking the task complete.'
+        : code === 'no_new_evidence_since_previous_failure'
+            ? 'The previous verify summary has the same plan, failed-intent hash, and affected-surface hash; provide new source or reproduction evidence before treating the next completion claim as verifiable.'
+            : 'The same unresolved failure fingerprint has repeated three or more times; new evidence is required before another completion claim can be treated as verifiable.';
+    return {
+        code,
+        severity: 'high',
+        verdict_effect: code === 'repeated_verification_failure' ? 'contradiction' : 'blocker',
+        previous_status: previousStatus,
+        verification_plan_id: currentFingerprint.verification_plan_id,
+        failure_fingerprint: currentFingerprint.fingerprint,
+        failed_intents_hash: currentFingerprint.failed_intents_hash,
+        risk_codes_hash: currentFingerprint.risk_codes_hash,
+        affected_surfaces_hash: currentFingerprint.affected_surfaces_hash,
+        detail,
+    };
+}
+export function createRepeatedFailureRisks(input) {
+    const currentFingerprint = input.currentFailureFingerprint;
+    if (input.previousFailureFingerprint === null ||
+        input.previousStatus === null ||
+        currentFingerprint === null ||
+        !UNRESOLVED_VERIFY_STATUSES.has(input.previousStatus) ||
+        !UNRESOLVED_VERIFY_STATUSES.has(input.currentStatus)) {
+        return [];
+    }
+    const risks = [];
+    const previousFingerprint = input.previousFailureFingerprint;
+    const sameFingerprint = previousFingerprint.fingerprint === currentFingerprint.fingerprint;
+    const samePlanAndNoNewSourceEvidence = previousFingerprint.verification_plan_id === currentFingerprint.verification_plan_id &&
+        previousFingerprint.failed_intents_hash === currentFingerprint.failed_intents_hash &&
+        previousFingerprint.affected_surfaces_hash === currentFingerprint.affected_surfaces_hash;
+    if (sameFingerprint) {
+        risks.push(createRepeatedFailureRisk('repeated_verification_failure', currentFingerprint, input.previousStatus));
+    }
+    if (samePlanAndNoNewSourceEvidence && !sameFingerprint) {
+        risks.push(createRepeatedFailureRisk('no_new_evidence_since_previous_failure', currentFingerprint, input.previousStatus));
+    }
+    if ((input.currentSummary?.seen_count ?? 0) >= 3 && input.currentSummary?.requires_new_evidence === true) {
+        risks.push(createRepeatedFailureRisk('repeated_failure_requires_new_evidence', currentFingerprint, input.previousStatus));
+    }
+    return risks;
+}

package/dist/core/repro-evidence.js

@@ -0,0 +1,134 @@
+const TEXT_FIELD_LABELS = {
+    reported_symptom: 'reported symptom',
+    expected_behavior: 'expected behavior',
+    observed_behavior: 'observed behavior',
+};
+function pushRisk(risks, detail, verdictEffect = 'partial') {
+    risks.push({
+        code: 'repro_evidence_missing',
+        severity: verdictEffect === 'contradicted' ? 'critical' : 'high',
+        detail,
+        verdict_effect: verdictEffect,
+    });
+}
+function collectReceiptBindingRisks(phaseLabel, evidence, options, risks) {
+    if (!evidence.receipt_path || !evidence.receipt_sha256 || !evidence.verification_plan_id) {
+        pushRisk(risks, `Bug-fix repro evidence ${phaseLabel} observation is not bound to receipt_path, receipt_sha256, and verification_plan_id.`);
+        return;
+    }
+    if (options.verificationPlanId && evidence.verification_plan_id !== options.verificationPlanId) {
+        pushRisk(risks, `Bug-fix repro evidence ${phaseLabel} receipt is stale for the current verification plan.`);
+    }
+}
+function collectBeforeFixRisks(report, options, risks) {
+    if (report.before_fix.status === 'missing') {
+        pushRisk(risks, 'Bug-fix repro evidence is missing before-fix reproduction; reproduce the original failure or mark it unavailable before claiming verification.');
+        return;
+    }
+    if (report.before_fix.status === 'unavailable') {
+        pushRisk(risks, report.before_fix.reason
+            ? 'Bug-fix repro evidence marks before-fix reproduction unavailable; the result cannot be verified without the original failure being observed.'
+            : 'Bug-fix repro evidence marks before-fix reproduction unavailable without explaining why.');
+        return;
+    }
+    if (!report.before_fix.summary) {
+        pushRisk(risks, 'Bug-fix repro evidence reproduced the before-fix failure but does not summarize the evidence.');
+    }
+    if (report.before_fix.outcome !== 'failed_as_expected') {
+        pushRisk(risks, 'Bug-fix repro evidence reproduced the before-fix path without outcome failed_as_expected.');
+    }
+    collectReceiptBindingRisks('before-fix', report.before_fix, options, risks);
+}
+function collectRouteIdentityRisks(report, risks) {
+    if (!report.reproduction_route.route_id) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.route_id.', 'unverified');
+    }
+    if (!report.reproduction_route.route_kind) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.route_kind.');
+    }
+    if (!report.reproduction_route.route_digest) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.route_digest.', 'unverified');
+    }
+    if (!report.reproduction_route.failure_oracle_hash) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.failure_oracle_hash.');
+    }
+    if (report.reproduction_route.steps.length === 0) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing bounded reproduction route steps.', 'unverified');
+    }
+}
+function collectAfterFixRisks(report, options, risks) {
+    if (report.after_fix.status === 'missing') {
+        pushRisk(risks, 'Bug-fix repro evidence is missing after-fix same-route evidence; rerun the original route after the fix before claiming verification.', 'unverified');
+        return;
+    }
+    if (report.after_fix.status === 'unavailable') {
+        pushRisk(risks, report.after_fix.reason
+            ? 'Bug-fix repro evidence marks after-fix same-route evidence unavailable; the result cannot be verified without a post-fix pass.'
+            : 'Bug-fix repro evidence marks after-fix same-route evidence unavailable without explaining why.', 'unverified');
+        return;
+    }
+    if (report.after_fix.status === 'failed') {
+        pushRisk(risks, 'Bug-fix repro evidence says the after-fix route still failed.', 'contradicted');
+        return;
+    }
+    if (!report.after_fix.summary) {
+        pushRisk(risks, 'Bug-fix repro evidence marks after-fix evidence passed but does not summarize the evidence.');
+    }
+    if (report.after_fix.outcome !== 'passed_expected_behavior') {
+        pushRisk(risks, 'Bug-fix repro evidence marks after-fix evidence passed without outcome passed_expected_behavior.', 'unverified');
+    }
+    if (!report.after_fix.same_route_as) {
+        pushRisk(risks, 'Bug-fix repro evidence marks after-fix evidence passed without same_route_as.', 'unverified');
+    }
+    if (report.reproduction_route.route_id &&
+        report.after_fix.same_route_as &&
+        report.after_fix.same_route_as !== report.reproduction_route.route_id) {
+        pushRisk(risks, 'Bug-fix repro evidence after_fix.same_route_as does not match reproduction_route.route_id.');
+    }
+    collectReceiptBindingRisks('after-fix', report.after_fix, options, risks);
+}
+function collectRegressionGuardRisks(report, options, risks) {
+    if (report.regression_guard.status === 'missing') {
+        pushRisk(risks, 'Bug-fix repro evidence is missing a regression guard; add or identify the guard before claiming verification.');
+        return;
+    }
+    if (report.regression_guard.status === 'unavailable') {
+        pushRisk(risks, report.regression_guard.reason
+            ? 'Bug-fix repro evidence marks the regression guard unavailable; the result cannot be verified without a guard or explicit limitation.'
+            : 'Bug-fix repro evidence marks the regression guard unavailable without explaining why.');
+        return;
+    }
+    if (report.regression_guard.status === 'failed') {
+        pushRisk(risks, 'Bug-fix repro evidence says the regression guard failed.', 'contradicted');
+        return;
+    }
+    if (!report.regression_guard.summary) {
+        pushRisk(risks, 'Bug-fix repro evidence marks the regression guard passed but does not summarize the evidence.');
+    }
+    if (!report.regression_guard.intent && !report.regression_guard.test_path) {
+        pushRisk(risks, 'Bug-fix repro evidence marks the regression guard passed without an intent or test path.');
+    }
+    collectReceiptBindingRisks('regression-guard', report.regression_guard, options, risks);
+}
+export function createReproEvidenceRisks(report, options = {}) {
+    if (!report) {
+        return [];
+    }
+    const risks = [];
+    for (const [field, label] of Object.entries(TEXT_FIELD_LABELS)) {
+        if (!report[field]) {
+            pushRisk(risks, `Bug-fix repro evidence is missing ${label}; do not mark the task verified from command receipts alone.`);
+        }
+    }
+    collectRouteIdentityRisks(report, risks);
+    collectBeforeFixRisks(report, options, risks);
+    collectAfterFixRisks(report, options, risks);
+    collectRegressionGuardRisks(report, options, risks);
+    return risks;
+}
+export function countReproEvidenceVerdictEffects(risks) {
+    return {
+        contradicted: risks.filter((risk) => risk.verdict_effect === 'contradicted').length,
+        unverified: risks.filter((risk) => risk.verdict_effect === 'unverified').length,
+    };
+}

package/dist/core/scope-risk.js

@@ -0,0 +1,64 @@
+export const SCOPE_DIFF_BUDGET_DEFAULTS = {
+    maxChangedFiles: 8,
+    maxPublicSurfaces: 4,
+    maxChangeKindFamilies: 3,
+    maxPathsPerRisk: 8,
+};
+const CHANGE_KIND_FAMILY_BY_KIND = {
+    documentation: 'documentation',
+    example: 'documentation',
+    translation: 'documentation',
+    workflow: 'workflow',
+    host_instruction: 'workflow',
+    installed_template: 'template',
+    package_metadata: 'release',
+    schema: 'contract',
+    test: 'test',
+    test_fixture: 'test',
+    implementation: 'implementation',
+    unknown: 'unknown',
+};
+function uniqueSorted(values) {
+    return [...new Set(values)].sort((left, right) => left.localeCompare(right));
+}
+function changeKindFamily(kind) {
+    return CHANGE_KIND_FAMILY_BY_KIND[kind] ?? kind;
+}
+function firstPaths(paths) {
+    return paths.slice(0, SCOPE_DIFF_BUDGET_DEFAULTS.maxPathsPerRisk);
+}
+export function createScopeDiffRisks(report) {
+    const risks = [];
+    if (report.summary.fileCount > SCOPE_DIFF_BUDGET_DEFAULTS.maxChangedFiles) {
+        risks.push({
+            code: 'diff_budget_exceeded',
+            severity: 'high',
+            detail: `Changed file count ${report.summary.fileCount} exceeds the conservative completion budget of ${SCOPE_DIFF_BUDGET_DEFAULTS.maxChangedFiles}.`,
+            count: report.summary.fileCount,
+            limit: SCOPE_DIFF_BUDGET_DEFAULTS.maxChangedFiles,
+            paths: firstPaths(report.files),
+        });
+    }
+    if (report.summary.publicSurfaceCount > SCOPE_DIFF_BUDGET_DEFAULTS.maxPublicSurfaces) {
+        risks.push({
+            code: 'public_surface_budget_exceeded',
+            severity: 'high',
+            detail: `Public surface count ${report.summary.publicSurfaceCount} exceeds the conservative completion budget of ${SCOPE_DIFF_BUDGET_DEFAULTS.maxPublicSurfaces}.`,
+            count: report.summary.publicSurfaceCount,
+            limit: SCOPE_DIFF_BUDGET_DEFAULTS.maxPublicSurfaces,
+            paths: firstPaths(report.classifications.filter((classification) => classification.surface.isPublicSurface).map((classification) => classification.path)),
+        });
+    }
+    const changeKindFamilies = uniqueSorted(report.summary.changeKinds.map(changeKindFamily));
+    if (changeKindFamilies.length > SCOPE_DIFF_BUDGET_DEFAULTS.maxChangeKindFamilies) {
+        risks.push({
+            code: 'mixed_change_kind_budget_exceeded',
+            severity: 'medium',
+            detail: `Change kind family count ${changeKindFamilies.length} exceeds the conservative completion budget of ${SCOPE_DIFF_BUDGET_DEFAULTS.maxChangeKindFamilies}: ${changeKindFamilies.join(', ')}.`,
+            count: changeKindFamilies.length,
+            limit: SCOPE_DIFF_BUDGET_DEFAULTS.maxChangeKindFamilies,
+            paths: firstPaths(report.files),
+        });
+    }
+    return risks;
+}

package/dist/core/skill-route-alignment.js

@@ -1,5 +1,6 @@
 const SKILL_ROUTE_SOURCE_FILES = [
     '.mustflow/skills/INDEX.md',
+    '.mustflow/skills/routes.toml',
     '.mustflow/skills/*/SKILL.md',
     '.mustflow/config/commands.toml',
     '.mustflow/docs/agent-workflow.md',
@@ -20,6 +21,18 @@ export const SKILL_INDEX_ROUTE_COLUMN_COUNT = 7;
 export const SKILL_INDEX_SKILL_PATH_COLUMN_INDEX = 1;
 export const SKILL_INDEX_VERIFICATION_INTENTS_COLUMN_INDEX = 5;
 export const SKILL_INDEX_ROUTE_COLUMNS = 'Trigger, Skill Document, Required Input, Edit Scope, Risk, Verification Intents, Expected Output';
+export const SKILL_ROUTE_CATEGORY_LABELS = {
+    bug_failure: 'Bug and Failure',
+    general_code: 'General Code Change',
+    tests: 'Tests and Regression',
+    docs_release: 'Documentation and Release',
+    security_privacy: 'Security and Privacy',
+    data_external: 'Data and External Systems',
+    ui_assets: 'UI and Assets',
+    architecture_patterns: 'Architecture Patterns',
+    workflow_contracts: 'Workflow and Contract Maintenance',
+};
+const SKILL_ROUTE_CATEGORY_BY_HEADING = new Map(Object.entries(SKILL_ROUTE_CATEGORY_LABELS).map(([category, label]) => [label, category]));
 function splitMarkdownTableRow(line) {
     return line
         .trim()
@@ -39,7 +52,13 @@ export function findSkillIndexRoutePathColumn(cells) {
 }
 export function parseSkillIndexRoutes(content) {
     const routes = [];
+    let currentCategory;
     for (const line of content.split(/\r?\n/u)) {
+        const categoryHeading = /^###\s+(.+?)\s*$/u.exec(line.trim())?.[1];
+        if (categoryHeading) {
+            currentCategory = SKILL_ROUTE_CATEGORY_BY_HEADING.get(categoryHeading);
+            continue;
+        }
         if (!line.trim().startsWith('|')) {
             continue;
         }
@@ -63,6 +82,7 @@ export function parseSkillIndexRoutes(content) {
             risk: cells[4] ?? '',
             commandIntents: readBacktickValues(cells[SKILL_INDEX_VERIFICATION_INTENTS_COLUMN_INDEX] ?? ''),
             expectedOutput: cells[6] ?? '',
+            category: currentCategory,
         });
     }
     return routes;

package/dist/core/source-anchor-status.js

@@ -19,6 +19,9 @@ const HIGH_RISK_SOURCE_ANCHOR_TAGS = new Set([
     'ssrf',
     'xss',
 ]);
+export function hasHighRiskSourceAnchorRiskTags(risk) {
+    return risk.some((tag) => HIGH_RISK_SOURCE_ANCHOR_TAGS.has(tag));
+}
 function sha256(value) {
     return `sha256:${createHash('sha256').update(value).digest('hex')}`;
 }
@@ -62,7 +65,7 @@ function currentAnchorSignals(risk) {
     };
 }
 function hasHighRisk(risk) {
-    return risk.some((tag) => HIGH_RISK_SOURCE_ANCHOR_TAGS.has(tag));
+    return hasHighRiskSourceAnchorRiskTags(risk);
 }
 function sameSymbolIdentity(left, right) {
     return left.kind === right.kind && left.name !== null && left.name === right.name;

package/dist/core/test-selection.js

@@ -3,6 +3,7 @@ import { isRecord, readStringArray, resolveMustflowConfigPath, } from './config-
 import { readTomlFile } from './toml.js';
 import { classifyVerificationCandidate, } from './verification-plan.js';
 export const TEST_SELECTION_CONFIG_RELATIVE_PATH = '.mustflow/config/test-selection.toml';
+const STALE_OR_MISSING_RULES_NOTE = 'Project-declared test selection rules did not cover the current changed files; review .mustflow/config/test-selection.toml for stale or missing rules.';
 function uniqueSorted(values) {
     return [...new Set(values)].sort((left, right) => left.localeCompare(right));
 }
@@ -203,7 +204,9 @@ export function createProjectTestSelectionPlan(projectRoot, classificationReport
         matches.length > 0
             ? 'Matched project-declared test selection rules are treated as a minimum selected set.'
             : 'No project-declared test selection rules matched the current changed files.',
+        ...(matches.length > 0 ? [] : [STALE_OR_MISSING_RULES_NOTE]),
         'Local index data and performance history may add suggestions later, but must not remove manifest-selected tests.',
+        'Absence of historical failures is not evidence that a test can be omitted.',
         'Test targets are passed only when the selected command intent declares selection.accepts_test_targets = true.',
     ];
     return {

package/dist/core/validation-ratchet.js

@@ -0,0 +1,196 @@
+import { spawnSync } from 'node:child_process';
+import { existsSync, readFileSync } from 'node:fs';
+import path from 'node:path';
+const TEST_CHANGE_KINDS = new Set(['test', 'test_fixture']);
+const SKIP_OR_ONLY_MARKER = /\b(?:describe|it|test)\s*\.\s*(?:skip|only)\s*\(/u;
+const TODO_OR_PENDING_MARKER = /\b(?:describe|it|test)\s*\.\s*(?:todo|pending)\s*\(/u;
+const ASSERTION_CALL = /\b(?:assert(?:\.\w+)?|expect)\s*\(/u;
+const STRONG_ASSERTION = /\b(?:assert\.(?:equal|deepEqual|strictEqual|throws|rejects)|to(?:Equal|StrictEqual|Be|Throw)|throws|rejects)\b/u;
+const WEAK_ASSERTION = /\b(?:assert\.ok|toBeDefined|toBeTruthy|toBeFalsy)\b/u;
+const NEGATIVE_ASSERTION = /\b(?:notEqual|notDeepEqual|doesNotMatch|doesNotThrow|\.not\.)\b/u;
+const EXCEPTION_ASSERTION = /\b(?:assert\.(?:throws|rejects|doesNotThrow|doesNotReject)|toThrow|rejects|throws)\b/u;
+const SNAPSHOT_PATH = /(?:^|\/)(?:__snapshots__\/|snapshots\/)|\.snap$/u;
+const GOLDEN_PATH = /(?:^|\/)(?:golden|fixtures|expected)(?:\/|-)|(?:\.golden\.|\.expected\.)/u;
+const JAVASCRIPT_TEST_PATH = /(?:^|\/)[^/]+\.(?:test|spec)\.[cm]?[jt]sx?$/u;
+const COMMAND_CONTRACT_PATH = '.mustflow/config/commands.toml';
+const TEST_SELECTION_PATTERN = /(?:--(?:grep|testNamePattern|testPathPattern|runTestsByPath|test-name-pattern)|\bgrep\s*=|\btestNamePattern\b|\btestPathPattern\b)/u;
+const COMMAND_ALLOWS_NO_TESTS_PATTERN = /(?:passWithNoTests|--pass-with-no-tests|--passWithNoTests)/u;
+const COMMAND_FORCES_SNAPSHOT_UPDATE_PATTERN = /(?:updateSnapshot|--update-snapshot|--updateSnapshot|\s-u(?:\s|"))/u;
+const COMMAND_HIDES_FAILURE_PATTERN = /(?:\|\|\s*true|;\s*true\b|&&\s*true\b|\bexit\s+0\b)/u;
+const CRITICAL_RATCHET_CODES = new Set([
+    'success_exit_codes_widened',
+    'command_allows_no_tests',
+    'command_hides_failure',
+]);
+function isTestClassification(classification) {
+    return classification.surface.category === 'test' || classification.changeKinds.some((kind) => TEST_CHANGE_KINDS.has(kind));
+}
+function isJavaScriptTestPath(relativePath) {
+    return JAVASCRIPT_TEST_PATH.test(relativePath);
+}
+function resolveInsideRoot(projectRoot, relativePath) {
+    const resolvedPath = path.resolve(projectRoot, relativePath);
+    const relative = path.relative(projectRoot, resolvedPath);
+    if (relative.startsWith('..') || path.isAbsolute(relative)) {
+        return null;
+    }
+    return resolvedPath;
+}
+function fileTextIfReadable(projectRoot, relativePath) {
+    const resolvedPath = resolveInsideRoot(projectRoot, relativePath);
+    if (resolvedPath === null || !existsSync(resolvedPath)) {
+        return null;
+    }
+    try {
+        return readFileSync(resolvedPath, 'utf8');
+    }
+    catch {
+        return null;
+    }
+}
+function gitDiffLines(projectRoot, relativePath) {
+    const result = spawnSync('git', ['diff', '--no-ext-diff', '--unified=0', '--', relativePath], {
+        cwd: projectRoot,
+        encoding: 'utf8',
+        windowsHide: true,
+    });
+    if (result.status !== 0 || typeof result.stdout !== 'string' || result.stdout.length === 0) {
+        return { added: [], removed: [] };
+    }
+    const added = [];
+    const removed = [];
+    for (const line of result.stdout.split(/\r?\n/u)) {
+        if (line.startsWith('+++') || line.startsWith('---')) {
+            continue;
+        }
+        if (line.startsWith('+')) {
+            added.push(line.slice(1));
+        }
+        else if (line.startsWith('-')) {
+            removed.push(line.slice(1));
+        }
+    }
+    return { added, removed };
+}
+function countMatching(lines, pattern) {
+    return lines.filter((line) => pattern.test(line)).length;
+}
+function hasAny(lines, pattern) {
+    return lines.some((line) => pattern.test(line));
+}
+function extractCoverageNumbers(lines) {
+    return lines
+        .filter((line) => /\b(?:coverage|threshold|branches|functions|lines|statements)\b/iu.test(line))
+        .flatMap((line) => [...line.matchAll(/\b\d+(?:\.\d+)?\b/gu)].map((match) => Number(match[0])))
+        .filter((value) => Number.isFinite(value));
+}
+function isCommandContractPath(relativePath) {
+    return relativePath === COMMAND_CONTRACT_PATH;
+}
+function isValidationConfigPath(relativePath) {
+    return (isCommandContractPath(relativePath) ||
+        /(?:^|\/)(?:package\.json|jest\.config\.[cm]?[jt]s|vitest\.config\.[cm]?[jt]s|nyc\.config\.[cm]?[jt]s)$/u.test(relativePath) ||
+        /\bcoverage\b/u.test(relativePath));
+}
+function riskDetail(pathText, message) {
+    return `Changed validation path ${pathText} ${message}`;
+}
+export function countValidationRatchetVerdictEffects(risks) {
+    return {
+        contradicted: risks.filter((risk) => risk.severity === 'critical' && CRITICAL_RATCHET_CODES.has(risk.code)).length,
+    };
+}
+export function createValidationRatchetRisks(report, projectRoot) {
+    const risks = [];
+    const seenRisks = new Set();
+    function addRisk(code, severity, pathText, detail) {
+        const key = `${pathText}\0${code}`;
+        if (seenRisks.has(key)) {
+            return;
+        }
+        seenRisks.add(key);
+        risks.push({ code, severity, path: pathText, detail });
+    }
+    for (const classification of report.classifications) {
+        const resolvedPath = resolveInsideRoot(projectRoot, classification.path);
+        const diff = report.source === 'changed' ? gitDiffLines(projectRoot, classification.path) : { added: [], removed: [] };
+        const addedText = diff.added.join('\n');
+        if (isTestClassification(classification)) {
+            if (report.source === 'changed' && (resolvedPath === null || !existsSync(resolvedPath))) {
+                addRisk('related_test_deleted', 'high', classification.path, `Changed test path ${classification.path} is absent; deleted related tests require review before marking the task verified.`);
+                continue;
+            }
+            if (isJavaScriptTestPath(classification.path)) {
+                const fileText = fileTextIfReadable(projectRoot, classification.path);
+                if (fileText !== null && SKIP_OR_ONLY_MARKER.test(fileText)) {
+                    addRisk('skip_or_only_marker_present', 'medium', classification.path, `Changed test path ${classification.path} contains a .skip or .only marker; review whether validation was weakened before marking the task verified.`);
+                }
+                if ((fileText !== null && TODO_OR_PENDING_MARKER.test(fileText)) || TODO_OR_PENDING_MARKER.test(addedText)) {
+                    addRisk('todo_or_pending_marker_added', 'medium', classification.path, `Changed test path ${classification.path} contains a todo or pending marker; review whether validation was deferred before marking the task verified.`);
+                }
+                const removedAssertionCount = countMatching(diff.removed, ASSERTION_CALL);
+                const addedAssertionCount = countMatching(diff.added, ASSERTION_CALL);
+                if (removedAssertionCount > addedAssertionCount) {
+                    addRisk('assertion_count_decreased', 'high', classification.path, riskDetail(classification.path, `removes ${removedAssertionCount} assertion line(s) and adds ${addedAssertionCount}; review whether validation strength decreased.`));
+                }
+                if (hasAny(diff.removed, STRONG_ASSERTION) && hasAny(diff.added, WEAK_ASSERTION)) {
+                    addRisk('assertion_matcher_weakened', 'high', classification.path, riskDetail(classification.path, 'replaces a stronger assertion with a weaker presence or truthiness assertion.'));
+                }
+                if (hasAny(diff.removed, NEGATIVE_ASSERTION)) {
+                    addRisk('negative_assertion_removed', 'high', classification.path, riskDetail(classification.path, 'removes a negative assertion; confirm the denied behavior is still covered.'));
+                }
+                if (hasAny(diff.removed, EXCEPTION_ASSERTION)) {
+                    addRisk('exception_assertion_removed', 'high', classification.path, riskDetail(classification.path, 'removes an exception assertion; confirm failure behavior is still covered.'));
+                }
+            }
+            if (SNAPSHOT_PATH.test(classification.path) && diff.added.length + diff.removed.length >= 20) {
+                addRisk('snapshot_mass_updated', 'medium', classification.path, riskDetail(classification.path, 'changes a large snapshot region; review that the update does not hide a regression.'));
+            }
+            if (GOLDEN_PATH.test(`${classification.path} `) && diff.added.length + diff.removed.length >= 20) {
+                addRisk('golden_output_replaced', 'medium', classification.path, riskDetail(classification.path, 'replaces a broad golden or expected-output region; review the behavioral reason.'));
+            }
+        }
+        if (isCommandContractPath(classification.path)) {
+            if (hasAny(diff.added, /\bstatus\s*=\s*"(?:manual_only|disabled|unknown)"/u)) {
+                addRisk('verification_intent_disabled', 'high', classification.path, riskDetail(classification.path, 'adds a non-runnable verification intent status.'));
+            }
+            if (hasAny(diff.removed, /\brequired_after\s*=/u) && !hasAny(diff.added, /\brequired_after\s*=/u)) {
+                addRisk('verification_required_after_removed', 'high', classification.path, riskDetail(classification.path, 'removes a required_after mapping from the command contract.'));
+            }
+            if (hasAny(diff.added, /\bsuccess_exit_codes\s*=\s*\[[^\]]*(?:[1-9]\d*|true)[^\]]*\]/u)) {
+                addRisk('success_exit_codes_widened', 'critical', classification.path, riskDetail(classification.path, 'widens success exit codes beyond the normal zero-exit contract.'));
+            }
+            if (hasAny(diff.added, COMMAND_ALLOWS_NO_TESTS_PATTERN)) {
+                addRisk('command_allows_no_tests', 'critical', classification.path, riskDetail(classification.path, 'allows a test command to pass when no tests run.'));
+            }
+            if (hasAny(diff.added, COMMAND_FORCES_SNAPSHOT_UPDATE_PATTERN)) {
+                addRisk('command_forces_snapshot_update', 'medium', classification.path, riskDetail(classification.path, 'adds snapshot update behavior to a verification command.'));
+            }
+            if (hasAny(diff.added, COMMAND_HIDES_FAILURE_PATTERN)) {
+                addRisk('command_hides_failure', 'critical', classification.path, riskDetail(classification.path, 'adds shell behavior that can hide command failure.'));
+            }
+        }
+        if (isValidationConfigPath(classification.path)) {
+            const removedCoverageNumbers = extractCoverageNumbers(diff.removed);
+            const addedCoverageNumbers = extractCoverageNumbers(diff.added);
+            if (removedCoverageNumbers.length > 0 &&
+                addedCoverageNumbers.length > 0 &&
+                Math.min(...addedCoverageNumbers) < Math.max(...removedCoverageNumbers)) {
+                addRisk('coverage_threshold_lowered', 'medium', classification.path, riskDetail(classification.path, 'lowers a coverage-related numeric threshold.'));
+            }
+            if (hasAny(diff.added, COMMAND_ALLOWS_NO_TESTS_PATTERN)) {
+                addRisk('command_allows_no_tests', 'critical', classification.path, riskDetail(classification.path, 'allows a validation script to pass when no tests run.'));
+            }
+            if (hasAny(diff.added, COMMAND_FORCES_SNAPSHOT_UPDATE_PATTERN)) {
+                addRisk('command_forces_snapshot_update', 'medium', classification.path, riskDetail(classification.path, 'adds snapshot update behavior to a validation script.'));
+            }
+            if (hasAny(diff.added, COMMAND_HIDES_FAILURE_PATTERN)) {
+                addRisk('command_hides_failure', 'critical', classification.path, riskDetail(classification.path, 'adds shell behavior that can hide validation failure.'));
+            }
+            if (hasAny(diff.added, TEST_SELECTION_PATTERN)) {
+                addRisk('test_selection_narrowed', 'medium', classification.path, riskDetail(classification.path, 'adds a test-selection filter; confirm coverage still matches the change.'));
+            }
+        }
+    }
+    return risks;
+}