neurain 0.1.0-alpha.0 → 0.1.0-alpha.2

package/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 ## Unreleased
 
+- No unreleased changes recorded.
+
+## 0.1.0-alpha.2
+
+- Documentation currency gate: README and development-status version strings are asserted against package.json in readiness; volatile metric snapshots de-hardcoded (verified green in CI, not pinned in docs).
+
+
+## 0.1.0-alpha.1
+
+- Capture: file/asset capture + R2/R4/R6 enrichment (overlap candidates, numeric conflicts, sha256 duplicate detection) ported to the engine.
+- Memory-write: completed the generic ledger-primitive set (appendLine/enqueue/setQueueStatus/appendBlock/writeFileGuarded) so a consumer can forward every fact/task primitive to the engine.
+- Release automation: tag-triggered npm publish via Trusted Publishing (OIDC), a push-CI gate (fast readiness + `npm publish --dry-run`), and a prerelease-never-`latest` dist-tag guard.
 - Expanded the recall markdown corpus to the general area knowledge class (`10_areas/<area>/**`, hubs, area registry), with config-extensible include/exclude (`recall.include`/`recall.exclude`).
 - Added label-based privacy gating (`labels.mjs`): per-file frontmatter `sensitivity`, area baseline from `_area.md`, and boundary-aware path markers exclude private content at index time. Fixes a substring marker that could exclude a whole legitimate folder.
 - Added a routed lexical recall branch (`recall_lexical.mjs`): BM25 + structural/layer/entity/domain/fact-ledger boosts, unioned ahead of exact-token and semantic in hybrid search. Auto-enabled when a search index registry has areas or `--area` is set; off by default on a bare vault.

package/README.md

@@ -126,7 +126,7 @@ The canonical product development snapshot is maintained in:
 - `docs/development-status.en.md`
 - `docs/development-status.kr.md`
 
-As of 2026-06-09 KST, the package is a publish-ready alpha for private beta or alpha user tests. It is not public SaaS GA. The current verified gates are `npm test` 37/37, `node scripts/readiness.mjs --json` score 100, and `npm run readiness -- --json` score 100.
+The package is a publish-ready alpha for private beta or alpha user tests, not public SaaS GA. All gates (`npm test`, the readiness leakage/secret/pack/tarball-install checks, and `npm audit`) run green in CI on every release — see `.github/workflows/release.yml`. The live score is `node scripts/readiness.mjs --json`.
 
 Watch reports are also read-only. They do not start a daemon and do not write durable knowledge. They observe recent text files, event journal entries, recap hints, and lesson candidates so a future review worker can decide what deserves attention.
 
@@ -159,7 +159,7 @@ For multi-area vaults, preview commands do not scan every area by default. Use `
 See also:
 
 - `docs/knowledge-os.en.md`
-- `docs/self-improve-90-roadmap.en.md`
+- `docs/self-improvement-90-roadmap.en.md`
 - `docs/connect-runtime.en.md`
 
 ## Existing Folder Adoption
@@ -188,7 +188,7 @@ It exposes read/capture/scan/preview tools only. It does not silently compile, p
 
 ## Status
 
-This is `0.1.0-alpha.0`. It is not a public SaaS GA release. The alpha exists to prove installability, local-first onboarding, Codex, Claude, Gemini, and Runtime connectivity, plus safety receipts.
+This is `0.1.0-alpha.2`. It is not a public SaaS GA release. The alpha exists to prove installability, local-first onboarding, Codex, Claude, Gemini, and Runtime connectivity, plus safety receipts.
 
 Alpha publish command:
 

package/docs/connect-runtime.en.md

@@ -45,7 +45,7 @@ Safety boundary:
 - Durable Neurain writes still require explicit CLI confirmation.
 - The alpha snippet does not support paths containing newline or control bytes.
 - Scheduler access is read-only and cannot install background jobs or start daemons.
-- Scheduler eval access is read-only and checks trigger precision, trigger recall, no-recursion, private-boundary handling, case-file size limits, and target-root non-write snapshots.
+- Scheduler eval access is read-only and checks trigger precision, trigger recall, no-recursion, private-boundary handling, case-file size limits, temp cleanup, and target-root non-write snapshots.
 - Lifecycle access is read-only through MCP. The runtime can inspect session lineage, while deeper lifecycle event emission uses the separate host-proxy contract below.
 
 ## Lifecycle Boundary

package/docs/connect-runtime.kr.md

@@ -45,7 +45,7 @@ Safety boundary:
 - Durable Neurain write는 여전히 explicit CLI confirmation이 필요합니다.
 - Alpha snippet은 newline 또는 control byte가 포함된 path를 지원하지 않습니다.
 - Scheduler access는 read-only이며 background job을 설치하거나 daemon을 시작할 수 없습니다.
-- Scheduler eval access도 read-only이며 trigger precision, trigger recall, no-recursion, private-boundary handling, case-file size limit, target-root non-write snapshot을 확인합니다.
+- Scheduler eval access도 read-only이며 trigger precision, trigger recall, no-recursion, private-boundary handling, case-file size limit, temp cleanup, target-root non-write snapshot을 확인합니다.
 - Lifecycle access는 MCP에서 read-only입니다. Runtime은 session lineage를 읽을 수 있고, 더 깊은 lifecycle event emission은 아래 host-proxy contract를 사용합니다.
 
 ## Lifecycle Boundary

package/docs/development-status.en.md

@@ -1,9 +1,9 @@
 # Development Status
 
 Version: v0.1
-Last updated: 2026-06-09 KST
-Package: `neurain@0.1.0-alpha.0`
-Latest documented commit: `3496262 Add E24 onboarding and Gemini MCP connector`
+Last updated: 2026-06-14 KST
+Package: `neurain@0.1.0-alpha.2`
+Latest documented commit: `66016ba docs(dev-status): note unified reindex + adopt auto-reindex in the command surface`
 
 This document is the canonical product development snapshot for the public package. It tracks what is shipped, what has evidence, and what must not be claimed yet.
 
@@ -11,16 +11,9 @@ This document is the canonical product development snapshot for the public packa
 
 Neurain is a publish-ready alpha CLI and MCP package. It is ready for private beta or alpha user tests, not public SaaS GA.
 
-Current verified score:
+Current verification: every gate runs green in CI on each release — `npm test`, the full `npm run readiness` suite (leakage/secret scan, `npm audit`, `npm pack --dry-run`, and a temporary tarball-install smoke), and `node scripts/readiness.mjs --json` for the live score. See `.github/workflows/release.yml`.
 
-| Gate | Result |
-|---|---:|
-| `npm test` | 37/37 pass |
-| `node scripts/readiness.mjs --json` | `ok:true`, score `100`, 35 checks |
-| `npm run readiness -- --json` | `ok:true`, score `100` |
-| `npm audit` | 0 vulnerabilities |
-| `npm pack --dry-run` | pass |
-| Temporary tarball install smoke | pass |
+Volatile metrics (exact test counts, readiness scores, check counts) are intentionally NOT pinned in this document — they are verified green in CI, not hand-copied, so this snapshot cannot silently drift from the suite.
 
 ## Shipped Development
 
@@ -28,6 +21,7 @@ Current verified score:
 
 - Starter vault initialization with `neurain init`.
 - Existing folder adoption scan, apply, receipt, and rollback.
+- Unified `reindex` (register areas + per-area index refresh + recall rebuild in one pass; curated indexes are never auto-overwritten); `adopt --apply` auto-reindexes so an adopted folder is registered and searchable in one command.
 - Local doctor, search, capabilities, recap, and wrap preview.
 - Event journal add/list/verify with explicit confirmation.
 - Lesson list, candidates, eval, promotion, and rollback.

package/docs/development-status.kr.md

@@ -1,9 +1,9 @@
 # 개발 진행 상태
 
 Version: v0.1
-Last updated: 2026-06-09 KST
-Package: `neurain@0.1.0-alpha.0`
-Latest documented commit: `3496262 Add E24 onboarding and Gemini MCP connector`
+Last updated: 2026-06-14 KST
+Package: `neurain@0.1.0-alpha.2`
+Latest documented commit: `66016ba docs(dev-status): note unified reindex + adopt auto-reindex in the command surface`
 
 이 문서는 public package 기준의 canonical 개발 상태 스냅샷입니다. 무엇이 shipped인지, 어떤 증거가 있는지, 아직 주장하면 안 되는 것이 무엇인지 함께 기록합니다.
 
@@ -11,16 +11,9 @@ Latest documented commit: `3496262 Add E24 onboarding and Gemini MCP connector`
 
 Neurain은 publish-ready alpha CLI 및 MCP package입니다. private beta 또는 alpha user test에는 들어갈 수 있지만 public SaaS GA는 아닙니다.
 
-현재 검증된 상태:
+현재 검증: 매 릴리스마다 모든 게이트가 CI에서 green으로 통과합니다 — `npm test`, 전체 `npm run readiness`(leakage/secret 스캔, `npm audit`, `npm pack --dry-run`, 임시 tarball-install smoke), 라이브 점수는 `node scripts/readiness.mjs --json`. `.github/workflows/release.yml` 참조.
 
-| Gate | Result |
-|---|---:|
-| `npm test` | 37/37 pass |
-| `node scripts/readiness.mjs --json` | `ok:true`, score `100`, 35 checks |
-| `npm run readiness -- --json` | `ok:true`, score `100` |
-| `npm audit` | 0 vulnerabilities |
-| `npm pack --dry-run` | pass |
-| Temporary tarball install smoke | pass |
+휘발성 지표(정확한 테스트 수·readiness 점수·check 수)는 의도적으로 이 문서에 박지 않습니다 — CI에서 green으로 검증되며 손으로 복사하지 않으므로, 이 스냅샷이 suite와 조용히 어긋나지 않습니다.
 
 ## shipped 개발 범위
 
@@ -28,6 +21,7 @@ Neurain은 publish-ready alpha CLI 및 MCP package입니다. private beta 또는
 
 - `neurain init` starter vault initialization.
 - 기존 폴더 adoption scan, apply, receipt, rollback.
+- 통합 `reindex`(영역 등록 + per-area 색인 새로고침 + recall rebuild를 한 번에; 큐레이티드 색인은 자동 덮어쓰기 안 함); `adopt --apply`가 자동 reindex하여 채택한 폴더가 한 명령으로 등록·검색 가능.
 - local doctor, search, capabilities, recap, wrap preview.
 - 명시적 confirmation이 필요한 event journal add/list/verify.
 - lesson list, candidates, eval, promotion, rollback.

package/docs/release-checklist.en.md

@@ -2,7 +2,40 @@
 
 Use this checklist before publishing an alpha release.
 
-## Local Checks
+## Automated Release (preferred)
+
+Releases are automated. You only decide WHEN to ship:
+
+```bash
+npm version prerelease --preid=alpha   # 0.1.0-alpha.0 -> 0.1.0-alpha.1 (commits + tags)
+git push origin main --follow-tags     # push the commit AND the new tag
+```
+
+The tag push triggers `.github/workflows/release.yml`, which runs the full
+readiness gate and then `npm publish --tag alpha` via npm Trusted Publishing
+(OIDC) — no stored token, no interactive 2FA. Every push (untagged) is gated by
+`.github/workflows/test.yml` (tests + fast readiness + `npm publish --dry-run`).
+
+One-time setup: on npmjs.com, the package -> Settings -> Trusted Publisher ->
+GitHub Actions, with this repo's owner/name and workflow `release.yml`.
+
+## Versioning policy
+
+- Pre-1.0 alpha: increment with `npm version prerelease --preid=alpha`
+  (`-alpha.0 -> -alpha.1 -> ...`). Publish ALWAYS with `--tag alpha`; never move
+  the `latest` dist-tag to a prerelease. Only a deliberate stable (>= the first
+  non-prerelease) should ever hold `latest`.
+
+## Rollback / yank
+
+- A published version cannot be overwritten and cannot be unpublished after 72h.
+  To pull a bad alpha: `npm deprecate neurain@<bad> "broken, use <good>"` and ship
+  a fixed `-alpha.<next>`.
+- To roll the consuming vault back to a prior engine: point `NEURAIN_ENGINE_BIN`
+  at the previous tag's checkout (or pin the previous npm version), or set
+  `NEURAIN_LEGACY=1` to fall back to the vault's preserved implementations.
+
+## Local Checks (manual fallback)
 
 ```bash
 npm ci

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "neurain",
-  "version": "0.1.0-alpha.0",
+  "version": "0.1.0-alpha.2",
   "description": "Local-first Neurain Knowledge OS CLI and MCP connector.",
   "type": "module",
   "license": "Apache-2.0",
@@ -27,7 +27,10 @@
   "scripts": {
     "test": "node --test",
     "pack:dry-run": "npm pack --dry-run",
-    "readiness": "node scripts/readiness.mjs --full"
+    "readiness": "node scripts/readiness.mjs --full",
+    "docs:check": "node scripts/sync-docs.mjs --check",
+    "docs:fix": "node scripts/sync-docs.mjs --write",
+    "version": "node scripts/sync-docs.mjs --write && git add -u README.md CHANGELOG.md docs/development-status.en.md docs/development-status.kr.md"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.17.5"

package/src/cli.mjs

@@ -31,6 +31,21 @@ import { queueArchiveCommand } from './core/queue_archive.mjs';
 import { captureCommand } from './core/capture_durable.mjs';
 import { completeCommand } from './core/complete.mjs';
 import { linkCheckCommand } from './core/link_check.mjs';
+import { sessionLintCommand } from './core/session_lint.mjs';
+import { labelCommand } from './core/label.mjs';
+import { orphansCommand } from './core/orphans.mjs';
+import { hubsCommand } from './core/hubs.mjs';
+import { areaIndexCommand } from './core/area_index.mjs';
+import { reindexCommand } from './core/reindex.mjs';
+import { lintCommand } from './core/lint.mjs';
+import { sessionPulseCommand } from './core/session_pulse.mjs';
+import { syncCommand } from './core/sync.mjs';
+import { healthCommand } from './core/health.mjs';
+import { memoryCommand } from './core/memory.mjs';
+import { retentionCommand } from './core/retention.mjs';
+import { freezeCommand } from './core/freeze.mjs';
+import { memoryWriteCommand } from './core/memory_write_cli.mjs';
+import { backupCommand } from './core/backup.mjs';
 import { schedulerCommand } from './core/scheduler.mjs';
 import { searchCommand } from './core/search.mjs';
 import { watchCommand } from './core/watch.mjs';
@@ -67,6 +82,7 @@ export async function runCli(argv) {
   if (command === 'curator') return render(await curatorCommand(args));
   if (command === 'daemon') return render(await daemonCommand(args));
   if (command === 'recall') return render(await recallCommand(args));
+  if (command === 'reindex') return render(await reindexCommand(args));
   if (command === 'status') return render(await statusCommand(args));
   if (command === 'digest') return render(await digestCommand(args));
   if (command === 'queue') return render(await queueCommand(args));
@@ -83,6 +99,20 @@ export async function runCli(argv) {
   if (command === 'capture') return render(await captureCommand(args));
   if (command === 'complete') return render(await completeCommand(args));
   if (command === 'link-check') return render(await linkCheckCommand(args));
+  if (command === 'session-lint') return render(await sessionLintCommand(args));
+  if (command === 'label') return render(await labelCommand(args));
+  if (command === 'orphans') return render(await orphansCommand(args));
+  if (command === 'hubs') return render(await hubsCommand(args));
+  if (command === 'area-index') return render(await areaIndexCommand(args));
+  if (command === 'lint') return render(await lintCommand(args));
+  if (command === 'session-pulse') return render(await sessionPulseCommand(args));
+  if (command === 'sync') return render(await syncCommand(args));
+  if (command === 'health') return render(await healthCommand(args));
+  if (command === 'memory') return render(await memoryCommand(args));
+  if (command === 'retention') return render(await retentionCommand(args));
+  if (command === 'freeze') return render(await freezeCommand(args));
+  if (command === 'memory-write') return render(await memoryWriteCommand(args));
+  if (command === 'backup') return render(await backupCommand(args));
   if (command === 'capabilities') return render(await capabilitiesCommand(args));
   if (command === 'recap') return render(await recapCommand(args));
   if (command === 'watch') return render(await watchCommand(args));
@@ -152,8 +182,9 @@ function helpText() {
 Usage:
   neurain init <folder> [--area general] [--lang ko|en] [--dry-run]
   neurain onboard <folder> [--lang ko|en] [--host codex|claude|gemini|runtime] [--json]
-  neurain adopt <folder> [--dry-run] [--apply --confirm "<N>건 저장 진행"]
+  neurain adopt <folder> [--dry-run] [--apply --confirm "<N>건 저장 진행"] [--no-reindex]
   neurain adopt --rollback <receipt> [--root <folder>]
+  neurain reindex <folder> [--dry-run] [--json]
   neurain doctor <folder> [--json]
   neurain search <folder> <query> [--top 10] [--json]
   neurain journal list <folder> [--type type] [--top 20] [--json]
@@ -203,6 +234,20 @@ Usage:
   neurain capture <folder> [--text "..." | <text> | --file rel] [--session-id id] [--type memo] [--title t] [--area name] [--sensitivity s] [--intent i] [--allow-secret] [--dry-run] [--json]
   neurain complete <folder> --source-id id --compiled-to "a.md,b.md" [--status compiled] [--completed-at ts] [--dry-run] [--json]
   neurain link-check <folder> [--scope .] [--top 20] [--include-raw] [--include-archive] [--include-output] [--json]
+  neurain session-lint <folder> [--stale-days 7] [--now ms] [--json]
+  neurain label <folder> [--check | --apply] [--area name | --all] [--glob substr] [--limit N] [--json]
+  neurain orphans <folder> [--area name] [--fix] [--json]
+  neurain hubs <folder> [--check | --apply] [--area name] [--json]
+  neurain area-index <folder> [--build area | --refresh area | --register-curated area [--sensitivity private] | --detect [--fix] [--restamp-curated]] [--force] [--dry-run] [--json]
+  neurain lint <folder> [--json]
+  neurain session-pulse <folder> --session-id id --summary "..." [--focus t] [--next t] [--max-notes 8] [--no-area-brief] [--queue ...] [--now ts] [--dry-run] [--allow-secret] [--json]
+  neurain sync <folder> --session-id id [--summary "..."] [--level light|standard|full] [--no-pulse] [--no-area-brief] [--queue ...] [--now ts] [--dry-run] [--json]
+  neurain health <folder> [--fix] [--now ts] [--json]
+  neurain memory <folder> [--facts q | --tasks q | --conflicts | --verify | --stats] [--area name] [--top 10] [--json]
+  neurain retention <folder> [--area name] [--stale-days 120] [--write] [--now ms] [--json]
+  neurain freeze <folder> <acquire|release|status> [--owner name] [--json]
+  neurain memory-write <folder> --area name --file ledger.md --op add-fact|add-task|set-status|append-event [--fields json] [--changes json] [--event json] [--fact-id id] [--id id] [--apply] [--json]
+  neurain backup <folder> --target <dir> [--label name] | --verify <name> | --restore <name> [--to <dir>] | --drill <name> [--target <dir>] | --list [--json]
   neurain recap <folder> [--area name] [--json]
   neurain watch <folder> [--area name] [--since-minutes 1440] [--top 10] [--poll-once] [--json]
   neurain review <folder> [--area name] [--since-minutes 1440] [--top 10] [--json]
@@ -249,7 +294,16 @@ Alpha principles:
   - Source-digest and plan-receipt are W-B writers that touch only their own non-canonical artifacts: source-digest writes the rebuildable source-digest manifest (dry by default, --write to update) and plan-receipt writes an optional receipt under output/receipts/. Every durable write goes through an atomic temp+fsync+rename plus a cross-process lock, and the manifest's path sensitivity is decided by the label resolver, never hardcoded area names.
   - Stage is the secret gate: content lands in .neurain-staging (excluded from every walk), is scanned fail-closed for high-confidence secret shapes, mnemonics, context-aware hex keys, and high-entropy tokens, and is promoted to its canonical target by an atomic rename ONLY if clean; a hit holds the content in staging, leaves the target untouched, and exits 2. Queue-archive moves terminal queue rows into an append-only archive under one lock (archive appended before the hot-queue rewrite, so a crash never loses a row).
   - Capture and complete are the durable pipeline writers. They write raw markdown (capture, routed through the stage secret gate), the _inbox envelope, the writeback queue (capture appends, complete rewrites - both under a lock), and a wiki/log line, but they NEVER write session-state, handoff, or area-brief files: those stay W-D-owned, returned as an unapplied session_state_delta whose pending_count is advisory (the future vault shuttle recomputes at apply time). Capture is text-only in this increment; file capture and overlap/numeric enrichment are the documented flip gate.
-  - Link-check (W-C) is a read-only graph validator: it resolves every markdown link and wikilink against the vault and reports unresolved targets by file and area, writing nothing. Area buckets use the configured structural dirs, not hardcoded area names.
+  - Link-check and session-lint (W-C) are read-only validators that write nothing. Link-check resolves every markdown link and wikilink against the vault and reports unresolved targets by file and area. Session-lint validates the session layer: required paths, session-state vs handoff consistency, pending-count drift vs the queue, handoff frontmatter, and queue rows referencing known sessions. Both use the configured structural dirs, not hardcoded area names.
+  - Label (W-C) is the label-system CLI: --check (default, read-only) proposes the managed label block (type/areas/entities/domains/sensitivity/tags) per knowledge file and reports private leaks; --apply writes it additively and idempotently, atomic per file, refusing symlinks. The label brain (label_intel) hard-codes nothing vault-specific — vocabulary comes from each area's entity dictionary and tuning from an optional label-config.json. A private/published file never gets entity/domain tags.
+  - Backup (W-E) is the local snapshot + EXACT restore + restore-drill: the manifest records files (sha256+size) and dirs, symlinks/special files are refused, and restore reconstructs the target byte-exactly (and proves it) via stage-verify-rename-aside-reverify, so a no-git vault still has a verifiable rollback. The macOS/iCloud encrypted external backup stays vault-side.
+  - Memory-write (W-E) is the registry-driven fact/task ledger writer: schemas, ID templates, mandatory/dash columns and paths come from memory-write-registry.json, so every area is handled by the same code. It appends rows or edits a fact's lifecycle columns while keeping every other row byte-identical, under an O_EXCL lock with a sha256 compare-and-swap (concurrent modification aborts) + fsync. Default dry-run; a live write needs the area's write_enabled:true, a realpath inside area_root, a fail-closed secret scan, and the freeze lock not held.
+  - Memory and retention (W-E, read-only) query the per-area fact/task ledgers via a config-driven reader that maps heterogeneous table schemas by column name. Memory does status-aware fact/task lookup, conflicts, and verify; retention flags active facts for human review (contradicted / unverified / stale / low-confidence / missing-metadata) and never deletes (optional --write emits a report). Neither touches the ledgers.
+  - Health (W-D) composes doctor + lint into one verdict and reconciles session-state drift: pending_count's source of truth is the writeback queue and last_pulse's is the handoff frontmatter, so a session can drift. Read-only without --fix; with --fix it repairs drift via the locked session-state path and runs the W-C maintenance fixers (orphans, label, area-index) before a final lint.
+  - Session-pulse (W-D) is the session working-memory writer: it pulses one durable note into the handoff, optionally the area brief and a queue row, then advances session-state. Hardened per cross-review: markdown is written first and the authoritative session-state.json last (a crash leaves the markdown ahead but state recoverable), every write is atomic, the area brief is rendered + labelled in memory and written once, and the note is secret-scanned fail-closed. session-state writes are this wave's (W-D) responsibility; W-B's capture/complete only returned a delta for it to apply.
+  - Lint (W-C) is a read-only STRUCTURAL aggregator: it composes the ported validators (link-check, session-lint, advisory orphans) into one health verdict. It deliberately does NOT re-implement the vault's documentation-governance checks (master version, clipper templates, instruction lengths, progressive disclosure) — those stay vault-side.
+  - Area-index (W-C) generates a per-area search index from the area's own signals (wiki/entities pages, frontmatter entity_candidates, area-tagged raw envelopes, salience-gated content terms), registers it, detects staleness via a file signature, and refreshes drifted generated indexes. Curated indexes are never auto-overwritten; --detect is read-only, writes happen only with --build/--refresh/--register-curated/--detect --fix.
+  - Orphans and hubs (W-C) are the graph connection layer. Orphans reports knowledge files with no inbound and no outbound wikilink, classified (structural / has-entities / no-entities); --fix adds one additive per-area graph-backlog page (source files untouched). Hubs generates per-entity hub pages linking member notes (dry-run by default, --apply writes and prunes only its own hub_generated pages); private areas and private files are excluded, member files are never modified.
   - Live-cases scaffold creates a redacted E23 reviewed-case pack scaffold with hash-only source refs. It does not claim human evidence and stores no raw source text or absolute paths.
   - Onboard is a read-only first-run guide for non-developers. It explains the next command without creating files or calling a model.
   - Answer eval checks faithfulness, citation accuracy, conflict surfacing, abstention, private boundaries, and stale-source handling without model calls or writes.

package/src/core/adopt.mjs

@@ -3,6 +3,7 @@ import os from 'node:os';
 import path from 'node:path';
 import { absPath, compactStamp, ensureDir, exists, generatedPath, isTextFile, relPath, safeResolve, sha256, slug, timestamp, writeFileNoOverwrite } from './fs.mjs';
 import { inferSensitivityFromPath, secretLike } from './safety.mjs';
+import { reindexCommand } from './reindex.mjs';
 
 const maxFileBytes = 20 * 1024 * 1024;
 const maxFiles = 5000;
@@ -17,6 +18,17 @@ export async function adoptCommand(args) {
       throw new Error(`Apply requires --confirm "${expected}".`);
     }
     scan.apply = applyAdoption(scan, { root: target });
+    // Once the adapters land, register the area and rebuild search in one pass so the
+    // adopted folder is immediately searchable. Best-effort: a reindex hiccup must
+    // never fail the adoption itself, and --no-reindex opts out.
+    if (scan.apply?.ok && !args['no-reindex']) {
+      try {
+        const r = await reindexCommand({ _: [target], json: true });
+        scan.reindex = r.payload || null;
+      } catch (error) {
+        scan.reindex = { ok: false, error: String((error && error.message) || error) };
+      }
+    }
   }
   if (args.json) return { json: true, payload: scan };
   return {
@@ -32,6 +44,7 @@ export async function adoptCommand(args) {
       `- Risks: ${scan.summary.risk_count}`,
       `- Confirmation required: ${scan.confirmation_required}`,
       scan.apply ? `- Apply receipt: ${scan.apply.receipt_path}` : '',
+      scan.reindex ? `- Reindex: ${scan.reindex.ok ? 'registered + searchable' : 'skipped (' + (scan.reindex.error || 'n/a') + ')'}` : '',
     ].filter(Boolean).join('\n'),
   };
 }