neurain 0.1.0-alpha.2 → 0.1.0-alpha.3

package/CHANGELOG.md

@@ -4,6 +4,16 @@
 
 - No unreleased changes recorded.
 
+## 0.1.0-alpha.3
+
+- Destination resolver (`resolve_target.mjs`): `capture` and `compile` now derive one canonical target path from area, write intent, and sensitivity instead of leaving placement to the caller. Private, multi-area, and decision-required items still gate on the `<N>건 저장 진행` confirmation and are never auto-filed.
+
+- Janitor (`neurain tidy`): read-only detection of provably-junk residue only (empty Obsidian `Untitled*.canvas/.base`, zero-byte daily notes, stray empty top-level directories); quarantine is recoverable (30-day trash). Registered areas, archives, and structural directories are never touched.
+- Auto-filer (`neurain file`): finds loose durable markdown outside any canonical home and, gated by confirmation, relocates it recoverably and secret-gated; also surfaces read-only `raw/_inbox` routing proposals. Registered area roots and root-contract files are excluded.
+- Structure audit (`neurain structure-audit`): advisory flags for area-adapter gaps, the `output/` vs `outputs/` split, and `sources_map` drift; composed into `lint`. Never writes and never fails a build.
+- New-user organize (`neurain organize`): turns an unknown folder into a searchable area. Reuses the adopt scan, decides a per-file disposition, and on a gated apply scaffolds the area in copy mode (originals are never moved or deleted) and reindexes; hash-keyed receipt with `--rollback`. Secrets and already-structured KBs are protected.
+- Organize and adopt preserve non-ASCII (for example Korean) folder names as area slugs.
+
 ## 0.1.0-alpha.2
 
 - Documentation currency gate: README and development-status version strings are asserted against package.json in readiness; volatile metric snapshots de-hardcoded (verified green in CI, not pinned in docs).

package/README.md

@@ -176,6 +176,22 @@ Neurain scans first and recommends one of three modes:
 
 Writes require an explicit confirmation phrase shown by the scan.
 
+## Keeping the Vault Tidy
+
+Neurain keeps a working vault organized through read-only detection plus gated, recoverable writes. Nothing here moves or deletes a file without an explicit confirmation phrase, and registered areas, archives, and root-contract files are never touched.
+
+```bash
+npx neurain tidy ~/NeurainDemo                 # report provably-junk residue (read-only)
+npx neurain structure-audit ~/NeurainDemo      # advisory structure flags (read-only)
+npx neurain file ~/NeurainDemo                 # propose homes for loose docs (read-only)
+npx neurain organize ~/SomeUnknownFolder --dry-run   # turn an unknown folder into a searchable area
+```
+
+- `tidy` detects only provably-junk residue (empty Obsidian `Untitled*` canvas/base files, zero-byte daily notes, stray empty top-level directories) and quarantines recoverably.
+- `structure-audit` is advisory only: it flags area-adapter gaps, the `output/` vs `outputs/` split, and `sources_map` drift, and never fails a build.
+- `file` relocates loose durable markdown into its canonical home behind a confirmation gate, and surfaces `raw/_inbox` routing proposals.
+- `organize` turns an unknown folder into a searchable area in copy mode (originals are never moved or deleted), with a hash-keyed receipt and `--rollback`. Secrets and already-structured knowledge bases are protected.
+
 ## MCP
 
 The alpha MCP server is stdio-only:
@@ -188,7 +204,7 @@ It exposes read/capture/scan/preview tools only. It does not silently compile, p
 
 ## Status
 
-This is `0.1.0-alpha.2`. It is not a public SaaS GA release. The alpha exists to prove installability, local-first onboarding, Codex, Claude, Gemini, and Runtime connectivity, plus safety receipts.
+This is `0.1.0-alpha.3`. It is not a public SaaS GA release. The alpha exists to prove installability, local-first onboarding, Codex, Claude, Gemini, and Runtime connectivity, plus safety receipts.
 
 Alpha publish command:
 

package/docs/development-status.en.md

@@ -1,9 +1,9 @@
 # Development Status
 
 Version: v0.1
-Last updated: 2026-06-14 KST
-Package: `neurain@0.1.0-alpha.2`
-Latest documented commit: `66016ba docs(dev-status): note unified reindex + adopt auto-reindex in the command surface`
+Last updated: 2026-06-19 KST
+Package: `neurain@0.1.0-alpha.3`
+Latest documented commit: `f3d3849 docs: document auto-organization wave (E27) for alpha.3`
 
 This document is the canonical product development snapshot for the public package. It tracks what is shipped, what has evidence, and what must not be claimed yet.
 
@@ -91,7 +91,7 @@ Status: shipped as publish-ready alpha.
 - README, quickstart, safety, privacy, support, pricing, troubleshooting, and release checklist exist.
 - CI workflow, issue templates, PR template, license, and security doc exist.
 - Full readiness verifies npm audit, pack dry-run, and temporary tarball install smoke.
-- Honest scope: npm publish or package name reservation still requires an explicit release action.
+- Status: npm publish is done. `neurain@0.1.0-alpha.3` is published under the `alpha` tag and the package name is secured.
 
 ### E26: Thin MCP Connector
 
@@ -104,6 +104,18 @@ Status: shipped.
 - MCP server exposes bounded alpha tools for status, search, scan, recall, eval, live-case scaffold, lesson preview, scheduler preview, lifecycle report/eval, and wrap preview.
 - MCP does not expose silent durable wiki writes, lifecycle emit, daemon run/stop, curator write, recall rebuild write, or lesson promotion.
 
+### E27: Auto-Organization System
+
+Status: shipped.
+
+- CLI: `neurain tidy`, `neurain file`, `neurain structure-audit`, `neurain organize`.
+- Destination resolver: `capture` and `compile` derive one canonical target path from area, write intent, and sensitivity. Private, multi-area, and decision-required items still gate on the `<N>건 저장 진행` confirmation and are never auto-filed.
+- Janitor (`tidy`) detects provably-junk residue only (empty Obsidian canvas/base files, zero-byte daily notes, stray empty top-level directories). Read-only; quarantine is recoverable. Registered areas, archives, and structural directories are never touched.
+- Auto-filer (`file`) relocates loose durable markdown into its canonical home behind a confirmation gate, recoverably and secret-gated, and surfaces read-only `raw/_inbox` routing proposals.
+- Structure audit (`structure-audit`) is advisory: it flags area-adapter gaps, the `output/` vs `outputs/` split, and `sources_map` drift, and composes into `lint` without ever writing or failing a build.
+- New-user organize (`organize`) turns an unknown folder into a searchable area in copy mode (originals are never moved or deleted), with a hash-keyed receipt and `--rollback`. Secrets and already-structured KBs are protected. Non-ASCII (for example Korean) folder names are preserved as area slugs.
+- Honest scope: these are vault-hygiene helpers. Detection is read-only and every relocation is gated and recoverable; Neurain does not autonomously reorganize a user's folder.
+
 ## Current Connector Truth Table
 
 | Host | MCP connection | Lifecycle hook preview | Notes |
@@ -119,7 +131,6 @@ Status: shipped.
 - Non-developer GUI.
 - Hosted control plane.
 - Public Trust Center and status page.
-- npm publish or package name reservation.
 - Public GitHub publication if the repo is intentionally kept private during beta.
 
 ## Documentation Maintenance Rule

package/docs/development-status.kr.md

@@ -1,9 +1,9 @@
 # 개발 진행 상태
 
 Version: v0.1
-Last updated: 2026-06-14 KST
-Package: `neurain@0.1.0-alpha.2`
-Latest documented commit: `66016ba docs(dev-status): note unified reindex + adopt auto-reindex in the command surface`
+Last updated: 2026-06-19 KST
+Package: `neurain@0.1.0-alpha.3`
+Latest documented commit: `f3d3849 docs: document auto-organization wave (E27) for alpha.3`
 
 이 문서는 public package 기준의 canonical 개발 상태 스냅샷입니다. 무엇이 shipped인지, 어떤 증거가 있는지, 아직 주장하면 안 되는 것이 무엇인지 함께 기록합니다.
 
@@ -91,7 +91,7 @@ Status: publish-ready alpha로 shipped.
 - README, quickstart, safety, privacy, support, pricing, troubleshooting, release checklist가 존재합니다.
 - CI workflow, issue template, PR template, license, security doc이 존재합니다.
 - full readiness가 npm audit, pack dry-run, temporary tarball install smoke를 검증합니다.
-- 정직한 범위: npm publish 또는 package name reservation은 별도 release action이 필요합니다.
+- 상태: npm publish 완료. `neurain@0.1.0-alpha.3`가 `alpha` 태그로 발행됐고 패키지 이름도 선점됨.
 
 ### E26: Thin MCP Connector
 
@@ -104,6 +104,18 @@ Status: shipped.
 - MCP server는 status, search, scan, recall, eval, live-case scaffold, lesson preview, scheduler preview, lifecycle report/eval, wrap preview용 bounded alpha tool을 노출합니다.
 - MCP는 silent durable wiki write, lifecycle emit, daemon run/stop, curator write, recall rebuild write, lesson promotion을 노출하지 않습니다.
 
+### E27: 자동 정리 시스템
+
+Status: shipped.
+
+- CLI: `neurain tidy`, `neurain file`, `neurain structure-audit`, `neurain organize`.
+- 목적지 리졸버: `capture`·`compile`이 영역·쓰기의도·민감도로부터 단일 canonical 목적지 경로를 도출합니다. private·다중영역·결정필요 항목은 여전히 `<N>건 저장 진행` 확인을 거치며 절대 자동 파일링되지 않습니다.
+- Janitor(`tidy`)는 증명 가능한 잔여물만 탐지합니다(빈 Obsidian canvas/base 파일, 0바이트 데일리노트, 빈 최상위 디렉터리). 읽기전용이고 격리는 복구 가능하며, 등록된 영역·아카이브·구조 디렉터리는 건드리지 않습니다.
+- Auto-filer(`file`)는 떠도는 durable 마크다운을 확인 게이트 뒤에서 복구 가능·시크릿 게이트로 canonical 위치로 옮기고, `raw/_inbox` 라우팅 제안을 읽기전용으로 보여줍니다.
+- 구조 점검(`structure-audit`)은 권고용입니다: 영역 어댑터 결손, `output/` 대 `outputs/` 분리, `sources_map` 드리프트를 표시하고 `lint`에 합성되며, 쓰기나 빌드 실패를 일으키지 않습니다.
+- 신규 사용자 organize(`organize`)는 미지의 폴더를 검색 가능한 영역으로 COPY 모드로 전환합니다(원본은 절대 이동·삭제 안 함). 해시 키 receipt + `--rollback`. 시크릿과 이미 구조화된 KB는 보호됩니다. 비ASCII(예: 한글) 폴더명은 영역 슬러그로 보존됩니다.
+- 정직한 범위: 이들은 vault 위생 도구입니다. 탐지는 읽기전용이고 모든 재배치는 게이트·복구 가능하며, Neurain이 사용자 폴더를 자율적으로 재편하지 않습니다.
+
 ## 현재 connector truth table
 
 | Host | MCP connection | Lifecycle hook preview | Notes |
@@ -119,7 +131,6 @@ Status: shipped.
 - non-developer GUI.
 - hosted control plane.
 - public Trust Center 및 status page.
-- npm publish 또는 package name reservation.
 - beta 동안 repo를 private으로 유지한다면 public GitHub publication.
 
 ## 문서 유지관리 규칙

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "neurain",
-  "version": "0.1.0-alpha.2",
+  "version": "0.1.0-alpha.3",
   "description": "Local-first Neurain Knowledge OS CLI and MCP connector.",
   "type": "module",
   "license": "Apache-2.0",

package/src/cli.mjs

@@ -38,6 +38,10 @@ import { hubsCommand } from './core/hubs.mjs';
 import { areaIndexCommand } from './core/area_index.mjs';
 import { reindexCommand } from './core/reindex.mjs';
 import { lintCommand } from './core/lint.mjs';
+import { tidyCommand } from './core/tidy.mjs';
+import { structureAuditCommand } from './core/structure_audit.mjs';
+import { fileCommand } from './core/file_loose.mjs';
+import { organizeCommand } from './core/organize.mjs';
 import { sessionPulseCommand } from './core/session_pulse.mjs';
 import { syncCommand } from './core/sync.mjs';
 import { healthCommand } from './core/health.mjs';
@@ -105,6 +109,10 @@ export async function runCli(argv) {
   if (command === 'hubs') return render(await hubsCommand(args));
   if (command === 'area-index') return render(await areaIndexCommand(args));
   if (command === 'lint') return render(await lintCommand(args));
+  if (command === 'tidy') return render(await tidyCommand(args));
+  if (command === 'structure-audit') return render(await structureAuditCommand(args));
+  if (command === 'file') return render(await fileCommand(args));
+  if (command === 'organize') return render(await organizeCommand(args));
   if (command === 'session-pulse') return render(await sessionPulseCommand(args));
   if (command === 'sync') return render(await syncCommand(args));
   if (command === 'health') return render(await healthCommand(args));
@@ -184,6 +192,8 @@ Usage:
   neurain onboard <folder> [--lang ko|en] [--host codex|claude|gemini|runtime] [--json]
   neurain adopt <folder> [--dry-run] [--apply --confirm "<N>건 저장 진행"] [--no-reindex]
   neurain adopt --rollback <receipt> [--root <folder>]
+  neurain organize <folder> [--apply --confirm "<N>건 저장 진행"] [--allow-secret] [--no-reindex] [--json]
+  neurain organize --rollback <receipt> --root <folder> [--json]
   neurain reindex <folder> [--dry-run] [--json]
   neurain doctor <folder> [--json]
   neurain search <folder> <query> [--top 10] [--json]
@@ -240,6 +250,9 @@ Usage:
   neurain hubs <folder> [--check | --apply] [--area name] [--json]
   neurain area-index <folder> [--build area | --refresh area | --register-curated area [--sensitivity private] | --detect [--fix] [--restamp-curated]] [--force] [--dry-run] [--json]
   neurain lint <folder> [--json]
+  neurain tidy <folder> [--json]
+  neurain structure-audit <folder> [--json]
+  neurain file <folder> [--apply --confirm "<N>건 저장 진행"] [--allow-secret] [--json]
   neurain session-pulse <folder> --session-id id --summary "..." [--focus t] [--next t] [--max-notes 8] [--no-area-brief] [--queue ...] [--now ts] [--dry-run] [--allow-secret] [--json]
   neurain sync <folder> --session-id id [--summary "..."] [--level light|standard|full] [--no-pulse] [--no-area-brief] [--queue ...] [--now ts] [--dry-run] [--json]
   neurain health <folder> [--fix] [--now ts] [--json]

package/src/core/adopt.mjs

@@ -1,9 +1,10 @@
 import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
-import { absPath, compactStamp, ensureDir, exists, generatedPath, isTextFile, relPath, safeResolve, sha256, slug, timestamp, writeFileNoOverwrite } from './fs.mjs';
+import { absPath, compactStamp, ensureDir, exists, generatedPath, isTextFile, relPath, safeResolve, sha256, timestamp, writeFileNoOverwrite } from './fs.mjs';
 import { inferSensitivityFromPath, secretLike } from './safety.mjs';
 import { reindexCommand } from './reindex.mjs';
+import { slugify } from './envelope.mjs';
 
 const maxFileBytes = 20 * 1024 * 1024;
 const maxFiles = 5000;
@@ -119,7 +120,10 @@ export function scanAdoption(root, { dryRun = true } = {}) {
     : generatedRatio > 0.35
       ? 'hybrid'
       : 'in-place';
-  const areaSlug = slug(path.basename(root), 'adopted-area');
+  // Hangul-preserving slug so a Korean folder name (e.g. 내폴더) becomes the area
+  // name `_내폴더` instead of being stripped to the generic `_adopted-area`. Area
+  // ids flow through `[^/]+` matchers and dir-listing discovery, so non-ASCII is safe.
+  const areaSlug = slugify(path.basename(root), 'adopted-area');
   const fingerprint = sha256(Buffer.from(files.map((file) => `${file.rel}:${file.sha256}`).sort().join('\n')));
   const required = [
     `10_areas/_${areaSlug}/_area.md`,

package/src/core/capture_durable.mjs

@@ -18,6 +18,7 @@ import path from 'node:path';
 import { absPath, ensureDir, timestamp } from './fs.mjs';
 import { vaultConfig } from './config.mjs';
 import { firstLineTitle, inferFlushLevelFromEnvelope, inferTargetLayerFromIntent } from './classify.mjs';
+import { resolveCanonicalPath } from './resolve_target.mjs';
 import { folderForSourceType, makeEnvelope, readArgInput, renderCaptureMarkdown, slugify } from './envelope.mjs';
 import { withFileLock, atomicWriteJson } from './durable.mjs';
 import { stageAndPromote } from './stage.mjs';
@@ -151,7 +152,7 @@ export async function captureCommand(args) {
     const { envelope, assetPath, numericConflicts } = buildFullEnvelope(`raw-${timestamp().slice(0, 10).replace(/-/g, '')}-DRYRUN`, 'planned');
     const flushLevel = args['flush-level'] || inferFlushLevelFromEnvelope(envelope);
     const targetLayer = args['target-layer'] || inferTargetLayerFromIntent(envelope.write_intent);
-    const queueItem = buildQueueItem(envelope, { sourceId: envelope.source_id, rawPath: envelope.raw_path, assetPath, title, numericConflictCount: numericConflicts.length, session, sessionId, flushLevel, targetLayer, targetPath: args['target-path'] || '', conflictPolicy: args['conflict-policy'] || 'queue_first', handoffPath: handoffPathFor(vaultCfg, sessionId, session) });
+    const queueItem = buildQueueItem(envelope, { sourceId: envelope.source_id, rawPath: envelope.raw_path, assetPath, title, numericConflictCount: numericConflicts.length, session, sessionId, flushLevel, targetLayer, targetPath: args['target-path'] || resolveCanonicalPath(root, vaultCfg, { area_candidates: envelope.area_candidates, write_intent: envelope.write_intent, sensitivity: envelope.sensitivity, title: envelope.title, target_layer: targetLayer, requires_user_decision: envelope.requires_user_decision }).target_path, conflictPolicy: args['conflict-policy'] || 'queue_first', handoffPath: handoffPathFor(vaultCfg, sessionId, session) });
     return done(args, {
       ok: true, command: 'capture', durable_write: false, dry_run: true,
       envelope, queue_item: queueItem, duplicate_of: duplicateOf || undefined,
@@ -202,7 +203,7 @@ export async function captureCommand(args) {
 
     const flushLevel = args['flush-level'] || inferFlushLevelFromEnvelope(envelope);
     const targetLayer = args['target-layer'] || inferTargetLayerFromIntent(envelope.write_intent);
-    const queueItem = buildQueueItem(envelope, { sourceId, rawPath, assetPath, title, numericConflictCount: numericConflicts.length, session, sessionId, flushLevel, targetLayer, targetPath: args['target-path'] || '', conflictPolicy: args['conflict-policy'] || 'queue_first', handoffPath: handoffPathFor(vaultCfg, sessionId, session) });
+    const queueItem = buildQueueItem(envelope, { sourceId, rawPath, assetPath, title, numericConflictCount: numericConflicts.length, session, sessionId, flushLevel, targetLayer, targetPath: args['target-path'] || resolveCanonicalPath(root, vaultCfg, { area_candidates: envelope.area_candidates, write_intent: envelope.write_intent, sensitivity: envelope.sensitivity, title: envelope.title, target_layer: targetLayer, requires_user_decision: envelope.requires_user_decision }).target_path, conflictPolicy: args['conflict-policy'] || 'queue_first', handoffPath: handoffPathFor(vaultCfg, sessionId, session) });
     fs.appendFileSync(queueAbs, `${JSON.stringify(queueItem)}\n`); // direct: already holding the queue lock
     const pendingCount = pendingCountForSession(root, vaultCfg, sessionId); // after append
     return { refused: false, sourceId, envelope, rawPath, assetPath, pendingCount };

package/src/core/compile_desk.mjs

@@ -8,6 +8,7 @@
 import path from 'node:path';
 import { absPath, timestamp } from './fs.mjs';
 import { vaultConfig } from './config.mjs';
+import { resolveCanonicalPath } from './resolve_target.mjs';
 import { readJsonSafe, readJsonl } from './vault_state.mjs';
 
 function manifestEntries(value) {
@@ -51,13 +52,29 @@ function reviewReasons(item) {
   return [...new Set(reasons)];
 }
 
-function summarizeQueueItem(item, reasons = []) {
+function summarizeQueueItem(item, reasons = [], ctx = null) {
+  // Fill the canonical destination the pipeline historically left blank: when the
+  // queue row carries no explicit target_path, derive it deterministically from
+  // area + write_intent + sensitivity so every candidate shows a real save target
+  // instead of an empty string (the wiki/area/output drift fix). ctx carries the
+  // root + vaultCfg needed to build the path; without it we keep the old behavior.
+  let targetPath = item.target_path || '';
+  if (!targetPath && ctx && ctx.root && ctx.vaultCfg) {
+    targetPath = resolveCanonicalPath(ctx.root, ctx.vaultCfg, {
+      area_candidates: item.area_candidates,
+      write_intent: item.write_intent,
+      sensitivity: item.sensitivity,
+      title: item.title,
+      target_layer: item.target_layer,
+      requires_user_decision: item.requires_user_decision,
+    }).target_path;
+  }
   return {
     source_id: item.source_id || '',
     title: item.title || '',
     raw_path: item.raw_path || '',
     target_layer: item.target_layer || inferTargetLayer(item),
-    target_path: item.target_path || '',
+    target_path: targetPath,
     sensitivity: item.sensitivity || 'internal',
     flush_level: item.flush_level || inferFlushLevel(item),
     reasons,
@@ -127,13 +144,13 @@ function summarizeManifestTarget(entry, selectedBy) {
   };
 }
 
-function selectTarget(query, value, queueItems, rawDir) {
+function selectTarget(query, value, queueItems, rawDir, ctx = null) {
   const lower = String(query || '').toLowerCase();
   const sourceIdMatch = String(query || '').match(/\b(?:raw-\d{8}-\d{3}|clipper-\d{8}-\d{6})\b/);
   if (sourceIdMatch) {
     const sourceId = sourceIdMatch[0];
     const queueMatch = queueItems.find((item) => item.source_id === sourceId);
-    if (queueMatch) return { kind: 'queue_item', ...summarizeQueueItem(queueMatch, reviewReasons(queueMatch)) };
+    if (queueMatch) return { kind: 'queue_item', ...summarizeQueueItem(queueMatch, reviewReasons(queueMatch), ctx) };
     const manifestMatch = manifestEntries(value).find((entry) => entry.source_id === sourceId);
     if (manifestMatch) return summarizeManifestTarget(manifestMatch, 'source_id');
   }
@@ -156,10 +173,10 @@ function selectTarget(query, value, queueItems, rawDir) {
   return null;
 }
 
-function selectAutoTarget({ safe: safeItems, needsConfirmation: confirmationItems, manifest: value, sessionId: targetSessionId }) {
+function selectAutoTarget({ safe: safeItems, needsConfirmation: confirmationItems, manifest: value, sessionId: targetSessionId, ctx = null }) {
   if (safeItems.length > 0) {
     const item = safeItems[0];
-    return { auto_selected: true, selected_by: 'safe_queue', kind: 'queue_item', ...summarizeQueueItem(item, []) };
+    return { auto_selected: true, selected_by: 'safe_queue', kind: 'queue_item', ...summarizeQueueItem(item, [], ctx) };
   }
   if (confirmationItems.length > 0) return null;
 
@@ -217,7 +234,7 @@ export async function compileCommand(args) {
   const needsConfirmation = pending
     .filter((item) => reviewReasons(item).length > 0)
     .map((item) => {
-      const s = summarizeQueueItem(item, reviewReasons(item));
+      const s = summarizeQueueItem(item, reviewReasons(item), { root, vaultCfg });
       // Never expose a private item's file paths in output (R3-#1).
       if (s.sensitivity === 'private') { s.raw_path = '[redacted:private]'; s.target_path = ''; }
       return s;
@@ -236,10 +253,10 @@ export async function compileCommand(args) {
   const wantAuto = Boolean(args.auto);
   const deskOnly = Boolean(args.desk || args['no-auto-select']) || wantList || (!detail && !wantAuto);
   const selected = detail
-    ? selectTarget(detail, manifest, pending, rawDir)
+    ? selectTarget(detail, manifest, pending, rawDir, { root, vaultCfg })
     : deskOnly
       ? null
-      : selectAutoTarget({ safe, needsConfirmation, manifest, sessionId });
+      : selectAutoTarget({ safe, needsConfirmation, manifest, sessionId, ctx: { root, vaultCfg } });
   const mode = selected
     ? (selected.auto_selected ? 'auto_selected_compile_plan' : 'selected_compile_plan')
     : deskOnly
@@ -267,7 +284,7 @@ export async function compileCommand(args) {
       pending_count: pending.length,
       safe_count: safe.length,
       needs_confirmation_count: needsConfirmation.length,
-      safe: safe.slice(0, top).map((item) => summarizeQueueItem(item, [])),
+      safe: safe.slice(0, top).map((item) => summarizeQueueItem(item, [], { root, vaultCfg })),
       needs_confirmation: needsConfirmation.slice(0, top),
     },
     source_digest: {

package/src/core/file_loose.mjs

@@ -0,0 +1,204 @@
+// `file` command (auto-filer, W-B/W-C). Closes the loop the resolver opened: it
+// finds LOOSE durable markdown sitting outside any canonical home and, on a gated
+// --apply, relocates each to the canonical path the resolver computes (recoverable
+// move: secret-gated write of the new copy, then the old path into _trash). It also
+// surfaces a read-only routing PROPOSAL for the raw/_inbox backlog (those are raw
+// evidence whose durable write is a compile/agent step, never an auto-move here).
+//
+// Safety rails: registered area roots and every structural dir (raw/output/wiki/
+// 00_system/90_archive/_trash/_archive) are EXCLUDED from the loose sweep, so a
+// mature KB (e.g. a registered area) is never swept; the root contract files (index/log/AGENTS/
+// CLAUDE/README) are never moved; private/multi-area/requires-decision items are
+// proposal-only and never auto-filed. All moves are recoverable via neurain-trash.
+import fs from 'node:fs';
+import path from 'node:path';
+import { absPath, ensureDir, exists, readText, relPath, sha256, timestamp } from './fs.mjs';
+import { vaultConfig } from './config.mjs';
+import { classifyText, firstLineTitle } from './classify.mjs';
+import { resolveCanonicalPath } from './resolve_target.mjs';
+import { stageAndPromote } from './stage.mjs';
+import { rebuildRecall } from './recall.mjs';
+
+const CONTRACT_FILES = new Set(['index.md', 'log.md', 'AGENTS.md', 'CLAUDE.md', 'README.md']);
+const PRUNE_DIR_NAMES = new Set(['.git', 'node_modules', '.next', 'out', '.vercel', '.cache', '.neurain-staging', '.DS_Store', '.obsidian', '.claude', '.agents', '_trash', '_archive']);
+
+// Top-level dirs whose contents are already in a canonical home and must never be
+// treated as "loose": areas (user-organized / registered), raw capture, output,
+// wiki (compiled layer), system, archive, hubs.
+function structuralTopDirs(vaultCfg) {
+  return new Set([
+    vaultCfg.areas_dir, vaultCfg.raw_dir, vaultCfg.output_dir, vaultCfg.wiki_dir,
+    vaultCfg.system_dir, vaultCfg.archive_dir, vaultCfg.hubs_dir, 'outputs', '_trash',
+  ].filter(Boolean));
+}
+
+// Loose = a .md knowledge file sitting outside every canonical home (effectively
+// the vault root or a stray non-structural top-level dir), not a root-contract file.
+export function findLooseFiles(root, vaultCfg = vaultConfig(root), { maxFiles = 5000 } = {}) {
+  const structural = structuralTopDirs(vaultCfg);
+  const out = [];
+  const walk = (dir, depth) => {
+    if (out.length >= maxFiles) return;
+    let entries = [];
+    try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+    for (const e of entries) {
+      if (out.length >= maxFiles) return;
+      const abs = path.join(dir, e.name);
+      const rel = relPath(root, abs);
+      if (e.isSymbolicLink()) continue;
+      if (e.isDirectory()) {
+        if (e.name.startsWith('.') || PRUNE_DIR_NAMES.has(e.name)) continue;
+        if (depth === 0 && structural.has(e.name)) continue; // skip canonical top dirs
+        walk(abs, depth + 1);
+        continue;
+      }
+      if (!e.isFile() || !e.name.endsWith('.md')) continue;
+      if (depth === 0 && CONTRACT_FILES.has(e.name)) continue; // root contract files stay
+      out.push(rel);
+    }
+  };
+  walk(root, 0);
+
+  return out.map((rel) => {
+    const head = readText(path.join(root, rel), '').slice(0, 4000);
+    const route = classifyText(root, head, {}, { vaultCfg });
+    const title = firstLineTitle(head, path.basename(rel, '.md'));
+    const resolved = resolveCanonicalPath(root, vaultCfg, {
+      area_candidates: route.area_candidates,
+      write_intent: route.write_intent,
+      sensitivity: route.sensitivity,
+      title,
+      requires_user_decision: route.requires_user_decision,
+    });
+    return {
+      rel,
+      title,
+      area_candidates: route.area_candidates,
+      target_path: resolved.target_path,
+      requires_confirmation: resolved.requires_confirmation,
+      reasons: resolved.reasons,
+      auto_fileable: Boolean(resolved.target_path) && !resolved.requires_confirmation && resolved.target_path !== rel,
+    };
+  }).filter((p) => p.target_path && p.target_path !== p.rel);
+}
+
+// Read-only routing proposals for the raw/_inbox backlog. These are NOT auto-filed
+// (raw -> durable is a compile/agent step); the list just shows where each pending
+// capture would route, so the inbox stops being an opaque tomb.
+export function inboxProposals(root, vaultCfg = vaultConfig(root), { limit = 20 } = {}) {
+  const inboxDir = path.join(root, vaultCfg.raw_inbox_dir || 'raw/_inbox');
+  let files = [];
+  try { files = fs.readdirSync(inboxDir).filter((f) => f.endsWith('.json')); } catch { return { pending: 0, examples: [] }; }
+  const pending = [];
+  for (const f of files) {
+    let env;
+    try { env = JSON.parse(fs.readFileSync(path.join(inboxDir, f), 'utf8')); } catch { continue; }
+    if (env.status && env.status !== 'pending' && env.status !== 'planned') continue;
+    const resolved = resolveCanonicalPath(root, vaultCfg, {
+      area_candidates: env.area_candidates,
+      write_intent: env.write_intent,
+      sensitivity: env.sensitivity,
+      title: env.title,
+      requires_user_decision: env.requires_user_decision,
+    });
+    pending.push({
+      source_id: env.source_id || f.replace(/\.json$/, ''),
+      title: env.title || '',
+      proposed_target: resolved.target_path,
+      requires_confirmation: resolved.requires_confirmation,
+    });
+  }
+  return { pending: pending.length, examples: pending.slice(0, limit) };
+}
+
+// Recoverable move into _trash, byte-faithful to neurain-trash's manifest format so
+// `neurain-trash --restore <from>` round-trips an engine-filed relocation.
+function recoverableTrash(root, rel) {
+  const date = timestamp().slice(0, 10);
+  let destRel = path.join('_trash', date, rel).split(path.sep).join('/');
+  let destAbs = path.join(root, destRel);
+  for (let i = 1; exists(destAbs) && i < 100; i += 1) {
+    destRel = path.join('_trash', date, `${rel}-${i}`).split(path.sep).join('/');
+    destAbs = path.join(root, destRel);
+  }
+  const srcAbs = path.join(root, rel);
+  const content = readText(srcAbs, '');
+  const entry = { ts: timestamp(), type: 'file', from: rel, to: destRel, size: Buffer.byteLength(content, 'utf8'), sha256: sha256(content) };
+  ensureDir(path.dirname(destAbs));
+  fs.renameSync(srcAbs, destAbs);
+  // The move already succeeded; the file is physically recoverable from _trash even
+  // if the manifest row fails to write, so the append is best-effort (--restore is
+  // the only thing that needs the row).
+  try {
+    const manifestAbs = path.join(root, '_trash', 'manifest.jsonl');
+    ensureDir(path.dirname(manifestAbs));
+    fs.appendFileSync(manifestAbs, `${JSON.stringify(entry)}\n`);
+  } catch { /* recoverable from _trash without the row */ }
+  return entry;
+}
+
+// Relocate ONE loose file to its canonical path: secret-gated write of the new copy
+// (stage), then recoverable-trash the old path. Fully reversible.
+export function fileOneLoose(root, vaultCfg, { rel, target_path, allowSecret = false }) {
+  const srcAbs = path.join(root, rel);
+  if (!exists(srcAbs)) return { ok: false, rel, error: 'source missing' };
+  if (exists(path.join(root, target_path))) return { ok: false, rel, target_path, error: 'target exists' };
+  const content = readText(srcAbs, null);
+  if (content == null) return { ok: false, rel, error: 'unreadable' };
+  const promo = stageAndPromote(root, target_path, content, { allowSecret });
+  if (!promo.promoted) return { ok: false, rel, target_path, blocked: promo.blocked || 'secret' };
+  const trashed = recoverableTrash(root, rel);
+  return { ok: true, rel, target_path, trashed_to: trashed.to };
+}
+
+function confirmOk(args, n) {
+  if (n === 0) return true; // nothing to file -> no confirmation needed
+  return String(args.confirm || '').trim() === `${n}건 저장 진행`;
+}
+
+export async function fileCommand(args) {
+  const root = absPath(args._[0] || args.root || process.cwd());
+  const vaultCfg = vaultConfig(root);
+  const apply = Boolean(args.apply);
+  const allowSecret = Boolean(args['allow-secret']);
+
+  const loose = findLooseFiles(root, vaultCfg);
+  const autoFileable = loose.filter((p) => p.auto_fileable);
+  const inbox = inboxProposals(root, vaultCfg);
+
+  if (!apply) {
+    const payload = {
+      ok: true, command: 'file', durable_write: false, mode: 'plan',
+      loose_total: loose.length, auto_fileable: autoFileable.length,
+      needs_confirmation: loose.filter((p) => p.requires_confirmation).map((p) => ({ rel: p.rel, target_path: p.target_path, reasons: p.reasons })),
+      proposals: autoFileable, inbox,
+    };
+    if (args.json) return { json: true, payload };
+    const lines = ['# Neurain File (자동 파일링, 미리보기)'];
+    if (!autoFileable.length) lines.push('- 자동 재배치할 떠도는 문서 없음.');
+    else { lines.push(`- 떠도는 문서 ${autoFileable.length}건 → 제안 경로:`); for (const p of autoFileable) lines.push(`  - ${p.rel} → ${p.target_path}`); }
+    lines.push(`- inbox 대기 ${inbox.pending}건 (라우팅 제안만; 실제 정리는 !compile)`);
+    return { text: lines.join('\n') };
+  }
+
+  if (!confirmOk(args, autoFileable.length)) {
+    return { json: Boolean(args.json), ...(args.json
+      ? { payload: { ok: false, command: 'file', durable_write: false, error: 'confirmation required', need: `${autoFileable.length}건 저장 진행` } }
+      : {}), text: args.json ? undefined : `확인 문구가 필요합니다: "${autoFileable.length}건 저장 진행"` };
+  }
+
+  const results = [];
+  for (const p of autoFileable) results.push(fileOneLoose(root, vaultCfg, { rel: p.rel, target_path: p.target_path, allowSecret }));
+  const moved = results.filter((r) => r.ok);
+  if (moved.length) { try { await rebuildRecall(root, {}); } catch { /* reindex best-effort */ } }
+
+  const payload = {
+    ok: true, command: 'file', durable_write: moved.length > 0, mode: 'apply',
+    moved: moved.length, results, inbox,
+  };
+  if (args.json) return { json: true, payload };
+  const lines = [`# Neurain File - 적용 (${moved.length}건 재배치)`];
+  for (const r of results) lines.push(r.ok ? `  - ${r.rel} → ${r.target_path} (이전 위치는 휴지통)` : `  - 건너뜀 ${r.rel}: ${r.error || r.blocked}`);
+  lines.push('복구: node 00_system/tools/neurain-trash.mjs --restore <경로>');
+  return { text: lines.join('\n') };
+}

package/src/core/lint.mjs

@@ -9,6 +9,7 @@ import { absPath } from './fs.mjs';
 import { linkCheckCommand } from './link_check.mjs';
 import { sessionLintCommand } from './session_lint.mjs';
 import { orphansCommand } from './orphans.mjs';
+import { auditStructure } from './structure_audit.mjs';
 
 export async function lintCommand(args) {
   const root = absPath(args._[0] || args.root || process.cwd());
@@ -16,6 +17,7 @@ export async function lintCommand(args) {
   const lc = (await linkCheckCommand({ _: [root], json: true })).payload;
   const sl = (await sessionLintCommand({ _: [root], json: true, now: args.now })).payload;
   const orph = (await orphansCommand({ _: [root], json: true })).payload;
+  const sa = auditStructure(root);
 
   const checks = [
     { name: 'links', ok: lc.ok, broken_markdown_links: lc.broken_markdown_links_count, unresolved_wikilinks: lc.unresolved_wiki_links_count },
@@ -23,6 +25,8 @@ export async function lintCommand(args) {
     // orphans are advisory (graph hygiene), never an error that fails the lint;
     // queue rows are validated by the session check (queue-reference integrity).
     { name: 'orphans', ok: true, advisory: true, orphans: orph.grand.orphans, actionable_has_entities: orph.grand.has_entities },
+    // structure is advisory too: adapter gaps, output/outputs split, sources_map drift.
+    { name: 'structure', ok: true, advisory: true, findings: sa.findings, adapter_gaps: sa.adapter_gaps.length, deliverable_split: sa.deliverable_split ? 1 : 0, sources_map_drift: sa.sources_map_drift.length },
   ];
   const ok = checks.filter((c) => !c.advisory).every((c) => c.ok);
 

package/src/core/onboard.mjs

@@ -77,9 +77,9 @@ function nextSteps({ root, lang, host, folderExists, isDirectory, initialized, a
     const mode = adoption?.recommended_mode || 'copy';
     return [
       {
-        title: text(lang, 'Scan before connecting', '연결 전에 먼저 스캔하기'),
-        why: text(lang, `This reads the folder and recommends ${mode} mode before any write.`, `쓰기 전에 폴더를 읽기 전용으로 확인하고 ${mode} 모드를 추천합니다.`),
-        command: `npx neurain adopt "${root}" --dry-run`,
+        title: text(lang, 'Preview how this folder would be organized', '이 폴더가 어떻게 정리될지 미리보기'),
+        why: text(lang, `Read-only: scans the folder, detects structure, and shows which files become docs, stay native, or are quarantined (${mode} mode). Nothing is written. (Lower-level "adopt --dry-run" scaffolds adapters only.)`, `읽기 전용: 폴더를 스캔해 구조를 감지하고 어떤 파일이 문서로 정리/원본유지/격리될지 보여줍니다(${mode} 모드). 아무것도 쓰지 않습니다. (하위 명령 "adopt --dry-run"은 어댑터만 만듭니다.)`),
+        command: `npx neurain organize "${root}" --dry-run`,
       },
       {
         title: text(lang, 'Create a clean starter vault if this is a new Neurain folder', '새 Neurain 폴더라면 starter vault 만들기'),

package/src/core/organize.mjs

@@ -0,0 +1,297 @@
+// `organize` command (new-user first-organize). Points at an UNKNOWN folder and
+// turns it into an organized, searchable Neurain area: it reuses the adopt scan
+// (inventory + secret detection + mode), decides a per-file disposition (durable
+// doc / keep native / quarantine), and on a gated --apply scaffolds the adapters,
+// copies durable notes into docs/, and reindexes so the area earns recall boosts.
+//
+// Safety: COPY mode only in this slice (originals are never moved or deleted, so
+// the source folder is untouched and the whole thing is reversible). Private/secret
+// files are quarantined logical-only and never copied into the indexed tree. A
+// detected mature/native KB (Obsidian vault, git/code project, deep docs tree) is
+// kept native and merely mapped, never restructured. Every write is recorded in a
+// hash-keyed receipt with a one-command rollback.
+import fs from 'node:fs';
+import path from 'node:path';
+import {
+  absPath, compactStamp, ensureDir, exists, readText, relPath, safeResolve, sha256, timestamp,
+} from './fs.mjs';
+import { scanAdoption, applyAdoption } from './adopt.mjs';
+import { reindexCommand } from './reindex.mjs';
+import { slugify } from './envelope.mjs';
+import { secretLike } from './safety.mjs';
+
+const SCRATCH_NAME = /(^|\/)(untitled|temp|tmp|~\$)[^/]*$/i;
+const NATIVE_PATH = /(^|\/)(web|scripts|src|dist|build|\.obsidian|\.github)(\/|$)/i;
+const BUILD_FILE = /(^|\/)(package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|tsconfig[^/]*\.json|\.env[^/]*|Cargo\.(toml|lock)|go\.(mod|sum)|requirements\.txt|Gemfile(\.lock)?)$/i;
+
+// Read-only structure detector: is this an already-structured KB (keep native) or
+// a loose pile (impose docs/)? Scores the inventory scanAdoption already produced.
+export function detectStructure(scan) {
+  const rels = scan.files.map((f) => f.rel);
+  const excludedRels = (scan.excluded || []).map((e) => e.rel);
+  const signals = [];
+  let structured = 0;
+  if (rels.some((r) => r.startsWith('.obsidian/'))) { structured += 2; signals.push('Obsidian vault'); }
+  if (excludedRels.some((r) => r === '.git' || r.startsWith('.git/'))) { structured += 1; signals.push('git repo'); }
+  const codeRatio = scan.files.filter((f) => f.kind === 'code').length / Math.max(1, scan.files.length);
+  if (codeRatio > 0.2) { structured += 1; signals.push('code project'); }
+  if (rels.some((r) => /(^|\/)docs\//.test(r))) { structured += 1; signals.push('docs tree'); }
+  const dirDepth = rels.length ? Math.max(...rels.map((r) => r.split('/').length - 1)) : 0;
+  if (dirDepth >= 2) structured += 1;
+  const rootNotes = rels.filter((r) => !r.includes('/') && /\.(md|txt)$/i.test(r)).length;
+  const looseLean = rootNotes >= 3 && dirDepth < 2 && structured < 2;
+
+  let shape = structured >= 2 ? 'structured' : looseLean ? 'loose' : 'mixed';
+  // Safety bias: a large/dense folder looks like a real KB -> never aggressively
+  // restructure; downgrade a "loose" verdict to "mixed" (keep-native dominant).
+  if (scan.summary.scanned_files > 300 && shape === 'loose') shape = 'mixed';
+  return { shape, structured_score: structured, signals, dir_depth: dirDepth };
+}
+
+// Per-file disposition (first match wins). Biased toward keep_native: the only files
+// that ever get COPIED are durable notes; nothing is moved or deleted in copy mode.
+export function decideDisposition(file, structure) {
+  const rel = file.rel;
+  // Secret detection covers BOTH the body (scan set file.sensitivity) AND the
+  // filename itself (a credential-shaped name would otherwise slip through
+  // with an innocent body and get copied into the indexed tree).
+  if (file.sensitivity === 'private' || secretLike(rel)) return { disposition: 'quarantine', reason: 'private/secret', risk: 'high' };
+  if (file.kind === 'code' || NATIVE_PATH.test(rel) || BUILD_FILE.test(rel)) return { disposition: 'keep_native', reason: 'code/project file' };
+  if (file.bytes === 0 || SCRATCH_NAME.test(rel)) return { disposition: 'quarantine', reason: 'empty/scratch' };
+  // structured KB -> preserve everything native. mixed -> keep NESTED content native
+  // (it likely carries its own structure); only root-level loose notes become docs.
+  // loose -> notes become docs.
+  if (structure.shape === 'structured') return { disposition: 'keep_native', reason: 'structured KB preserved' };
+  if (structure.shape === 'mixed' && rel.includes('/')) return { disposition: 'keep_native', reason: 'nested content kept native' };
+  if ((file.kind === 'source_or_note' || file.kind === 'text') && file.bytes >= 40) return { disposition: 'durable_doc', reason: 'note -> docs' };
+  if (file.kind === 'config_or_data') return { disposition: 'keep_native', reason: 'reference data' };
+  if (file.kind === 'binary_or_asset') return { disposition: 'keep_native', reason: 'asset' };
+  if (/\.(md|txt)$/i.test(rel)) return { disposition: 'durable_doc', reason: 'short note -> docs' };
+  return { disposition: 'keep_native', reason: 'unsorted (kept)' };
+}
+
+function buildDispositions(scan, structure) {
+  const used = new Set();
+  return scan.files.map((f) => {
+    const d = decideDisposition(f, structure);
+    let targetPath = '';
+    if (d.disposition === 'durable_doc') {
+      let base = slugify(path.basename(f.rel).replace(/\.[^.]+$/, '')) || 'note';
+      let candidate = `10_areas/${scan.proposed_area}/docs/${base}.md`;
+      for (let i = 1; used.has(candidate); i += 1) candidate = `10_areas/${scan.proposed_area}/docs/${base}-${i}.md`;
+      used.add(candidate);
+      targetPath = candidate;
+    }
+    return { rel: f.rel, kind: f.kind, bytes: f.bytes, sensitivity: f.sensitivity, ...d, target_path: targetPath };
+  });
+}
+
+function tally(dispositions) {
+  const counts = { durable_doc: 0, keep_native: 0, quarantine: 0 };
+  for (const x of dispositions) counts[x.disposition] += 1;
+  return counts;
+}
+
+// adapters written by apply: 4 required + 1 area brief (we suppress the empty
+// entities/domain stubs so reindex can derive real ones). Plus N durable copies.
+function confirmationFor(durableCount) {
+  return `${5 + durableCount}건 저장 진행`;
+}
+
+export function planOrganize(target) {
+  const scan = scanAdoption(target, { dryRun: true });
+  const structure = detectStructure(scan);
+  const dispositions = buildDispositions(scan, structure);
+  const counts = tally(dispositions);
+  return {
+    ok: true,
+    command: 'organize',
+    durable_write: false,
+    mode: 'plan',
+    target: scan.target,
+    proposed_area: scan.proposed_area,
+    shape: structure.shape,
+    structure_signals: structure.signals,
+    recommended_mode: scan.summary.recommended_mode,
+    scanned_files: scan.summary.scanned_files,
+    dispositioned: dispositions.length,
+    truncated: scan.summary.scanned_files > dispositions.length,
+    private_or_secret: scan.summary.private_or_secret_files,
+    counts,
+    dispositions: dispositions.slice(0, 200),
+    confirmation_required: confirmationFor(counts.durable_doc),
+    rollback_hint: 'neurain organize --rollback <receipt> --root "<folder>"',
+  };
+}
+
+export function applyOrganize(target, { confirm = '', allowSecret = false } = {}) {
+  const scan = scanAdoption(target, { dryRun: false });
+  const structure = detectStructure(scan);
+  const dispositions = buildDispositions(scan, structure);
+  const counts = tally(dispositions);
+  const expected = confirmationFor(counts.durable_doc);
+  if (String(confirm) !== expected) {
+    return { ok: false, command: 'organize', durable_write: false, error: 'confirmation required', need: expected };
+  }
+
+  // Refuse to write if the scan flagged a high-severity symlink / external / path-
+  // traversal risk: a symlinked area dir could let an adapter/doc write escape the
+  // target root. The user resolves the symlink first, then re-runs.
+  const symlinkRisk = (scan.risks || []).some((r) => r.severity === 'high' && /symlink|external|traversal/i.test(r.reason || ''));
+  if (symlinkRisk) {
+    return { ok: false, command: 'organize', durable_write: false, error: 'high-severity symlink/external risk; refusing to write. Resolve the symlink(s) first.' };
+  }
+
+  // 1. Scaffold adapters, but suppress the empty entities.json/domain-routing.json
+  //    stubs so reindex -> buildArea can derive real ones from the copied docs.
+  const trimmedScan = {
+    ...scan,
+    write_plan_preview: {
+      ...scan.write_plan_preview,
+      optional_writes: scan.write_plan_preview.optional_writes.filter((r) => !/entities\.json$|domain-routing\.json$/.test(r)),
+    },
+  };
+  const adopt = applyAdoption(trimmedScan, { root: target });
+  if (!adopt.ok) return { ok: false, command: 'organize', durable_write: false, error: 'adapter scaffold failed', detail: adopt };
+
+  // 2. Copy durable notes into docs/ (COPY mode: originals untouched). Defense in
+  //    depth: re-scan each copied body for secrets and skip if it trips the gate.
+  const copied = [];
+  const skipped = [];
+  for (const d of dispositions.filter((x) => x.disposition === 'durable_doc')) {
+    // Each copy is independent: a single failing copy must not abort the loop and
+    // orphan the already-copied files without a receipt. Record and continue.
+    try {
+      const srcAbs = safeResolve(target, d.rel);
+      const dstAbs = safeResolve(target, d.target_path);
+      if (exists(dstAbs)) { skipped.push({ rel: d.rel, reason: 'target exists' }); continue; }
+      const content = readText(srcAbs, null);
+      if (content == null) { skipped.push({ rel: d.rel, reason: 'unreadable' }); continue; }
+      if (!allowSecret && secretLike(content)) { skipped.push({ rel: d.rel, reason: 'secret-like (kept native)' }); continue; }
+      ensureDir(path.dirname(dstAbs));
+      fs.writeFileSync(dstAbs, content);
+      copied.push({ from: d.rel, to: d.target_path, sha256: sha256(Buffer.from(content)) });
+    } catch (e) {
+      skipped.push({ rel: d.rel, reason: `copy failed: ${(e && e.message) || e}` });
+    }
+  }
+
+  // 3. Organize receipt (adapters + copies) with hash-keyed rollback.
+  const stamp = compactStamp();
+  const areaSlug = scan.proposed_area.replace(/^_+/, '');
+  const receiptRel = `output/receipts/organize/${stamp}-${areaSlug}.json`;
+  const receipt = {
+    ok: true,
+    tool: 'neurain-organize',
+    generated_at: timestamp(),
+    receipt_version: 1,
+    mode: 'copy',
+    target: scan.target,
+    proposed_area: scan.proposed_area,
+    shape: structure.shape,
+    adapter_files: adopt.created_files || [],
+    adapter_file_hashes: adopt.created_file_hashes || {},
+    copied_files: copied,
+    skipped_files: skipped,
+    counts,
+    rollback_command: `neurain organize --rollback ${receiptRel} --root "${target}"`,
+  };
+  ensureDir(safeResolve(target, 'output/receipts/organize'));
+  fs.writeFileSync(safeResolve(target, receiptRel), `${JSON.stringify(receipt, null, 2)}\n`);
+
+  return { ...receipt, receipt_path: receiptRel, adopt_receipt: adopt.receipt_path };
+}
+
+export function rollbackOrganize(target, receiptRel) {
+  const receiptAbs = safeResolve(target, receiptRel);
+  if (!exists(receiptAbs)) throw new Error(`Receipt does not exist: ${receiptRel}`);
+  const receipt = JSON.parse(fs.readFileSync(receiptAbs, 'utf8'));
+  if (receipt.tool !== 'neurain-organize') throw new Error(`Not an organize receipt: ${receiptRel}`);
+  // The receipt records the folder it was applied to. Refuse to remove files from a
+  // different folder than that recorded target, so a stray --rollback in the wrong
+  // cwd can never delete from an unintended directory.
+  try {
+    if (exists(receipt.target) && fs.realpathSync(receipt.target) !== fs.realpathSync(target)) {
+      throw new Error(`receipt target does not match --root: ${receipt.target} != ${target}`);
+    }
+  } catch (e) {
+    if (/receipt target does not match/.test(e.message || '')) throw e;
+    // realpath failure on a missing path is non-fatal: the receipt was still loaded
+    // from inside `target` via safeResolve, so it belongs to this folder.
+  }
+  const removed = [];
+  const kept = [];
+  // Remove copies (originals are untouched in copy mode) then adapters, hash-guarded.
+  for (const c of receipt.copied_files || []) {
+    const abs = safeResolve(target, c.to);
+    if (exists(abs) && sha256(fs.readFileSync(abs)) === c.sha256) { fs.rmSync(abs); removed.push(c.to); }
+    else kept.push(c.to);
+  }
+  for (const rel of receipt.adapter_files || []) {
+    const abs = safeResolve(target, rel);
+    const expected = receipt.adapter_file_hashes?.[rel];
+    if (exists(abs) && expected && sha256(fs.readFileSync(abs)) === expected) { fs.rmSync(abs); removed.push(rel); }
+    else if (exists(abs)) kept.push(rel);
+  }
+  return { ok: kept.length === 0, tool: 'neurain-organize-rollback', removed_files: removed, kept_files: kept };
+}
+
+export async function organizeCommand(args) {
+  // --rollback passes the folder via --root (no positional), the same convention as
+  // adopt rollback; preview/apply pass it positionally. Accept either.
+  const target = absPath(args._[0] || args.folder || args.root || process.cwd());
+
+  if (args.rollback) {
+    // Rollback deletes files, so the folder must be named explicitly (never the cwd):
+    // require --root or a positional, so a stray rollback can't target the wrong dir.
+    if (!args.root && !args._[0] && !args.folder) {
+      const msg = 'organize --rollback requires --root "<folder>" (the folder the receipt was applied to).';
+      if (args.json) return { json: true, payload: { ok: false, command: 'organize', error: msg } };
+      return { text: `# Neurain organize rollback\n\n- ${msg}` };
+    }
+    const out = rollbackOrganize(target, String(args.rollback));
+    if (args.json) return { json: true, payload: out };
+    return { text: `# Neurain organize rollback\n\n- OK: ${out.ok ? 'yes' : 'no'}\n- Removed: ${out.removed_files.length}\n- Kept (changed/missing): ${out.kept_files.length}` };
+  }
+
+  if (args.apply) {
+    const out = applyOrganize(target, { confirm: args.confirm, allowSecret: Boolean(args['allow-secret']) });
+    let reindex = null;
+    if (out.ok && !args['no-reindex']) {
+      try { reindex = (await reindexCommand({ _: [target], json: true })).payload || null; } catch (e) { reindex = { ok: false, error: String((e && e.message) || e) }; }
+    }
+    const payload = { ...out, reindex };
+    if (args.json) return { json: true, payload };
+    if (!out.ok) return { text: `# Neurain organize\n\n- 진행 불가: ${out.error}${out.need ? ` (확인 문구: "${out.need}")` : ''}` };
+    return {
+      text: [
+        '# Neurain organize - 적용 (copy 모드)',
+        '',
+        `- 영역 생성: ${out.proposed_area}`,
+        `- 문서로 정리: ${out.copied_files.length}건 (원본은 그대로)`,
+        `- 격리/원본유지: 건드리지 않음`,
+        reindex ? `- 색인: ${reindex.ok ? '등록 + 검색 준비됨' : '건너뜀 (' + (reindex.error || 'n/a') + ')'}` : '',
+        `- 되돌리기: ${out.rollback_command}`,
+      ].filter(Boolean).join('\n'),
+    };
+  }
+
+  // default: read-only preview
+  const plan = planOrganize(target);
+  if (args.json) return { json: true, payload: plan };
+  return {
+    text: [
+      '# Neurain organize - 미리보기 (쓰기 없음)',
+      '',
+      `- 대상 폴더: ${plan.target}`,
+      `- 찾은 파일: ${plan.scanned_files}개${plan.truncated ? ` (분석은 ${plan.dispositioned}개까지)` : ''}`,
+      `- 구조 판정: ${plan.shape === 'structured' ? '이미 구조화됨 (원본 유지)' : plan.shape === 'loose' ? '느슨한 더미 (정리 권장)' : '혼합'}${plan.structure_signals.length ? ` [${plan.structure_signals.join(', ')}]` : ''}`,
+      `- 문서로 정리: ${plan.counts.durable_doc}개 · 원본 유지+매핑: ${plan.counts.keep_native}개 · 격리(비밀/빈파일): ${plan.counts.quarantine}개`,
+      `- 비밀/민감 파일: ${plan.private_or_secret}개 → copy 모드, 색인 제외`,
+      `- 새 영역: ${plan.proposed_area}`,
+      '',
+      `진행하려면: neurain organize "${plan.target}" --apply --confirm "${plan.confirmation_required}"`,
+      `모두 되돌릴 수 있습니다 (${plan.rollback_hint}).`,
+    ].join('\n'),
+  };
+}

package/src/core/resolve_target.mjs

@@ -0,0 +1,92 @@
+// Destination resolver (W-B keystone). Turns a classify/route result (area +
+// write_intent + sensitivity) into ONE concrete canonical target path, closing the
+// long-standing gap where the queue/compile pipeline inferred a target LAYER but
+// left `target_path` an empty string for the agent to fill by hand (the source of
+// wiki/ vs 10_areas/<area> vs output/ drift). Pure: builds path strings only, no
+// writes and no fs reads beyond the timestamp.
+//
+// Layer/path contract (deterministic):
+//   update_current  -> 10_areas/<area>/current/<slug>.md        (no area -> wiki/current/)
+//   create_task     -> 10_areas/<area>/memory_layer/02_task-memory/<slug>.md
+//   output_request  -> output/<YYYY>/<slug>.md                  (ONE canonical deliverable sink)
+//   remember (durable concept) -> 10_areas/<area>/docs/<slug>.md (no area -> wiki/concepts/)
+//   evidence_only   -> '' (capture already files the raw source; nothing to relocate)
+//
+// `output/` is the engine-canonical deliverable dir (config.mjs output_dir); a
+// second `outputs/` sink is drift the resolver never writes to. requires_confirmation
+// mirrors compile_desk.reviewReasons exactly so the existing save-gate semantics
+// carry through unchanged (private / requires-user-decision / official-memory-layer
+// / multi-area never auto-file).
+import { slugify } from './envelope.mjs';
+import { timestamp } from './fs.mjs';
+
+export function inferTargetLayer(intent) {
+  if (intent === 'update_current') return 'current';
+  if (intent === 'create_task') return 'task_memory';
+  if (intent === 'output_request') return 'output';
+  if (intent === 'evidence_only') return 'raw';
+  return 'wiki';
+}
+
+function singleArea(area, areaCandidates) {
+  if (area) return String(area);
+  if (Array.isArray(areaCandidates) && areaCandidates.length === 1) return String(areaCandidates[0]);
+  return '';
+}
+
+export function resolveCanonicalPath(root, vaultCfg, input = {}) {
+  const {
+    area = '',
+    area_candidates = [],
+    write_intent = 'evidence_only',
+    sensitivity = 'internal',
+    title = '',
+    slug: slugIn = '',
+    target_layer: explicitLayer = '',
+    requires_user_decision = false,
+  } = input;
+
+  const areasDir = vaultCfg.areas_dir || '10_areas';
+  const wikiDir = vaultCfg.wiki_dir || 'wiki';
+  const outputDir = vaultCfg.output_dir || 'output';
+
+  const intent = String(write_intent || 'evidence_only');
+  const layer = explicitLayer || inferTargetLayer(intent);
+  // Always run through slugify (idempotent) so an explicit slug can never carry a
+  // path-traversal payload (e.g. '../') into the canonical path.
+  const slug = slugify(slugIn || title || 'untitled');
+  const year = timestamp().slice(0, 4);
+
+  const multiArea = Array.isArray(area_candidates) && area_candidates.length > 1;
+  const resolvedArea = singleArea(area, area_candidates);
+  const areaResolved = Boolean(resolvedArea) && !multiArea;
+
+  let targetPath = '';
+  if (layer === 'raw' || intent === 'evidence_only') {
+    targetPath = ''; // capture_durable already wrote raw/<type>/<YYYY>/<MM>/...
+  } else if (layer === 'current') {
+    targetPath = areaResolved ? `${areasDir}/${resolvedArea}/current/${slug}.md` : `${wikiDir}/current/${slug}.md`;
+  } else if (layer === 'task_memory') {
+    targetPath = areaResolved ? `${areasDir}/${resolvedArea}/memory_layer/02_task-memory/${slug}.md` : `${wikiDir}/current/${slug}.md`;
+  } else if (layer === 'output') {
+    targetPath = `${outputDir}/${year}/${slug}.md`;
+  } else {
+    // durable concept (remember / default wiki)
+    targetPath = areaResolved ? `${areasDir}/${resolvedArea}/docs/${slug}.md` : `${wikiDir}/concepts/${slug}.md`;
+  }
+
+  // Mirror compile_desk.reviewReasons so the save-gate fires on exactly the same conditions.
+  const reasons = [];
+  if (requires_user_decision) reasons.push('requires user decision');
+  if (String(sensitivity) === 'private') reasons.push('private source');
+  if (['current', 'fact_ledger', 'task_memory'].includes(layer)) reasons.push('official memory layer');
+  if (multiArea) reasons.push('multiple area candidates');
+
+  return {
+    target_path: targetPath,
+    target_layer: layer,
+    area_resolved: areaResolved,
+    requires_confirmation: reasons.length > 0,
+    reasons,
+  };
+}

package/src/core/structure_audit.mjs

@@ -0,0 +1,107 @@
+// `structure-audit` (W-C, read-only ADVISORY). Flags the structural drift that
+// lets a knowledge vault decay over time: area adapter gaps (a missing required
+// _area.md/index.md/log.md/sources_map.md), the output/ vs outputs/ deliverable
+// split (a second sink the resolver never writes to), and sources_map drift
+// (native/project subdirs of an area not mentioned in its sources_map.md). Every
+// finding is advisory with an offered one-liner fix — like orphans, it never fails
+// a build and never writes. Composed into `lint` and surfaced in status/wrap.
+import fs from 'node:fs';
+import path from 'node:path';
+import { absPath, exists, readText } from './fs.mjs';
+import { vaultConfig } from './config.mjs';
+import { discoverAreas } from './label_intel.mjs';
+
+const REQUIRED_ADAPTERS = ['_area.md', 'index.md', 'log.md', 'sources_map.md'];
+
+// A subdir counts as "mapped" only when its name appears as a delimited path token
+// in sources_map.md (backticked, quoted, or as a path segment), not as an incidental
+// substring of prose — so a common name like `src` in a sentence is not a false match.
+function mappedInSourcesMap(sm, dir) {
+  const e = dir.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+  return new RegExp('(^|[\\s`"\'(\\[/])' + e + '([\\s`"\').,:\\]]|/|$)', 'm').test(sm);
+}
+// Structural layer dirs are implicitly understood by the area standard; only
+// NATIVE/project subdirs that aren't one of these need an explicit sources_map row.
+const KNOWN_LAYER_DIRS = new Set([
+  'current', 'docs', 'memory_layer', 'search-index', 'decisions', 'qa', 'reviews', '_entities',
+]);
+
+export function auditStructure(root, vaultCfg = vaultConfig(root)) {
+  const areasDir = vaultCfg.areas_dir || '10_areas';
+  const areas = discoverAreas(root);
+
+  // 1) Adapter completeness: each area should carry the four required adapter files.
+  const adapterGaps = [];
+  for (const area of areas) {
+    const areaAbs = path.join(root, areasDir, area);
+    const missing = REQUIRED_ADAPTERS.filter((f) => !exists(path.join(areaAbs, f)));
+    if (missing.length) adapterGaps.push({ area, missing });
+  }
+
+  // 2) Deliverable split: the engine-canonical output dir alongside a second sink.
+  const outputDir = vaultCfg.output_dir || 'output';
+  const altOutput = outputDir === 'output' ? 'outputs' : 'output';
+  const deliverableSplit = exists(path.join(root, outputDir)) && exists(path.join(root, altOutput))
+    ? { canonical: outputDir, drift: altOutput }
+    : null;
+
+  // 3) sources_map drift: native/project subdirs not referenced in sources_map.md.
+  const sourcesMapDrift = [];
+  for (const area of areas) {
+    const areaAbs = path.join(root, areasDir, area);
+    const smPath = path.join(areaAbs, 'sources_map.md');
+    if (!exists(smPath)) continue; // a missing sources_map is already an adapter gap
+    const sm = readText(smPath, '');
+    let subdirs = [];
+    try {
+      subdirs = fs.readdirSync(areaAbs, { withFileTypes: true })
+        .filter((d) => d.isDirectory() && !d.name.startsWith('.') && !KNOWN_LAYER_DIRS.has(d.name))
+        .map((d) => d.name);
+    } catch { subdirs = []; }
+    const unmapped = subdirs.filter((d) => !mappedInSourcesMap(sm, d));
+    if (unmapped.length) sourcesMapDrift.push({ area, unmapped });
+  }
+
+  return {
+    areas: areas.length,
+    adapter_gaps: adapterGaps,
+    deliverable_split: deliverableSplit,
+    sources_map_drift: sourcesMapDrift,
+    findings:
+      adapterGaps.length + (deliverableSplit ? 1 : 0) + sourcesMapDrift.length,
+  };
+}
+
+// One-line offered fixes (never auto-applied — advisory).
+function fixHints(audit) {
+  const hints = [];
+  for (const g of audit.adapter_gaps) hints.push(`${g.area}: 어댑터 ${g.missing.join(', ')} 누락 → neurain adopt --area ${g.area} 로 보강`);
+  if (audit.deliverable_split) hints.push(`산출물 폴더 분리: ${audit.deliverable_split.drift}/ 가 ${audit.deliverable_split.canonical}/ 와 공존 → 참조 확인 후 ${audit.deliverable_split.canonical}/ 로 통합`);
+  for (const d of audit.sources_map_drift) hints.push(`${d.area}: sources_map 미기재 폴더 ${d.unmapped.join(', ')} → sources_map.md 에 매핑 추가`);
+  return hints;
+}
+
+export async function structureAuditCommand(args) {
+  const root = absPath(args._[0] || args.root || process.cwd());
+  const audit = auditStructure(root);
+  const hints = fixHints(audit);
+
+  const payload = {
+    ok: true,
+    command: 'structure-audit',
+    durable_write: false,
+    advisory: true,
+    ...audit,
+    fix_hints: hints,
+  };
+  if (args.json) return { json: true, payload };
+
+  const lines = ['# Neurain Structure Audit (구조 점검, advisory)'];
+  if (!audit.findings) {
+    lines.push('- 구조 이슈 없음. 모든 영역이 어댑터를 갖췄고 산출물 싱크/매핑이 정합합니다.');
+    return { text: lines.join('\n') };
+  }
+  lines.push(`- 점검 영역 ${audit.areas}개 · 발견 ${audit.findings}건 (모두 권고, 자동 수정 안 함)`);
+  for (const h of hints) lines.push(`  - ${h}`);
+  return { text: lines.join('\n') };
+}

package/src/core/tidy.mjs

@@ -0,0 +1,167 @@
+// `tidy` command (Janitor, read-only). Detects PROVABLY-junk vault residue that
+// no other tool cleans: empty Obsidian scratch files (Untitled*.canvas/.base/.md),
+// zero-byte dated daily notes, and stray empty top-level directories (e.g. a
+// leftover `08_20260423_memory_layer/` fragment or an empty `node_modules/`).
+//
+// It WRITES NOTHING. It returns a quarantine plan (a list of vault-relative paths
+// with reason codes) that the vault `neurain-tidy` shuttle feeds to the existing
+// recoverable-delete tool (`neurain-trash.mjs`, 30-day recoverable). Detection is
+// byte-exact, not heuristic: a candidate is only ever an empty/template-only file
+// or a recursively-empty directory, so a real canvas the user drew on, a non-empty
+// note, or a structural scaffolding folder is never a candidate.
+//
+// Safety rails: GENERATED/dotfile dirs and `_trash` are pruned; empty-directory
+// detection runs only at the vault TOP LEVEL and never flags a known structural
+// dir (00_system, 10_areas, raw, output, wiki, ...), so registered areas and
+// valid-empty layer folders are untouched.
+import fs from 'node:fs';
+import path from 'node:path';
+import { absPath, GENERATED_NAMES, generatedPath, relPath } from './fs.mjs';
+import { vaultConfig } from './config.mjs';
+
+const SCRATCH_CANVAS_RE = /^Untitled.*\.canvas$/i;
+const SCRATCH_BASE_RE = /^Untitled.*\.base$/i;
+const SCRATCH_MD_RE = /^Untitled.*\.md$/i;
+const DAILY_NOTE_RE = /^\d{4}-\d{2}-\d{2}\.md$/;
+const NUMBERED_FRAGMENT_RE = /^\d{2}_\d{8}_/;
+
+// Directories we never descend into for scratch detection: config/runtime (not
+// knowledge), the trash itself, and `_archive` (deliberate frozen snapshots must
+// stay byte-for-byte, even if they contain empty files — preserving an archive is
+// the whole point of it).
+const PRUNE_DIR_NAMES = new Set([...GENERATED_NAMES, '.obsidian', '.claude', '.agents', '_trash', '_archive']);
+
+// Structural top-level dirs that are ALLOWED to be empty (valid scaffolding) and
+// must never be flagged as a stray fragment. Derived from the vault config so a
+// re-pathed layout works identically.
+function knownTopDirs(vaultCfg) {
+  return new Set([
+    vaultCfg.system_dir, vaultCfg.areas_dir, vaultCfg.hubs_dir, vaultCfg.archive_dir,
+    vaultCfg.output_dir, vaultCfg.raw_dir, vaultCfg.wiki_dir,
+    'outputs', '_trash', '_archive', '.obsidian', '.claude', '.git', '.agents', '.neurain-staging',
+  ].filter(Boolean));
+}
+
+function classifyScratchFile(absFile, name) {
+  let size = 0;
+  try { size = fs.statSync(absFile).size; } catch { return null; }
+  if (SCRATCH_CANVAS_RE.test(name)) {
+    if (size <= 5) return { reason: 'empty_scratch_canvas', kind: 'file', bytes: size };
+    let body = '';
+    try { body = fs.readFileSync(absFile, 'utf8').trim(); } catch { return null; }
+    if (body === '' || body === '{}' || body === '[]') return { reason: 'empty_scratch_canvas', kind: 'file', bytes: size };
+    return null;
+  }
+  if (SCRATCH_BASE_RE.test(name)) {
+    // Only an EMPTY body or the DEFAULT Obsidian base stub (a single unconfigured
+    // table view, no user filters/formulas/properties) counts as accidental junk.
+    // A byte threshold alone could flag a real small base, so match the content.
+    if (size === 0) return { reason: 'empty_scratch_base', kind: 'file', bytes: 0 };
+    if (size > 256) return null;
+    let body = '';
+    try { body = fs.readFileSync(absFile, 'utf8').trim(); } catch { return null; }
+    if (body === '' || /^views:\s*\n\s*-\s*type:\s*table\s*\n\s*name:\s*table\s*$/i.test(body)) {
+      return { reason: 'empty_scratch_base', kind: 'file', bytes: size };
+    }
+    return null;
+  }
+  if (SCRATCH_MD_RE.test(name) && size === 0) return { reason: 'empty_scratch_md', kind: 'file', bytes: 0 };
+  if (DAILY_NOTE_RE.test(name) && size === 0) return { reason: 'empty_daily_note', kind: 'file', bytes: 0 };
+  return null;
+}
+
+// True if the directory subtree contains at least one regular file or symlink
+// (a `.DS_Store` is ignored — its own removal is handled elsewhere). An empty
+// subdirectory chain (dirs but no files) counts as empty.
+function subtreeHasContent(absDir) {
+  let entries = [];
+  try { entries = fs.readdirSync(absDir, { withFileTypes: true }); } catch { return true; }
+  for (const e of entries) {
+    if (e.name === '.DS_Store') continue;
+    if (e.isSymbolicLink()) return true;
+    if (e.isFile()) return true;
+    if (e.isDirectory() && subtreeHasContent(path.join(absDir, e.name))) return true;
+  }
+  return false;
+}
+
+export function detectJunk(root, vaultCfg = vaultConfig(root), { maxFiles = 20000 } = {}) {
+  const candidates = [];
+
+  // 1) Scratch files anywhere (byte-exact empty/template-only).
+  const walk = (dir) => {
+    if (candidates.length >= maxFiles) return;
+    let entries = [];
+    try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+    for (const e of entries) {
+      if (candidates.length >= maxFiles) return;
+      const abs = path.join(dir, e.name);
+      const rel = relPath(root, abs);
+      if (e.isSymbolicLink()) continue;
+      if (e.isDirectory()) {
+        if (PRUNE_DIR_NAMES.has(e.name) || generatedPath(rel)) continue;
+        walk(abs);
+        continue;
+      }
+      if (!e.isFile()) continue;
+      const hit = classifyScratchFile(abs, e.name);
+      if (hit) candidates.push({ rel, ...hit });
+    }
+  };
+  walk(root);
+
+  // 2) Stray empty directories at the vault TOP LEVEL only (never inside areas).
+  const known = knownTopDirs(vaultCfg);
+  let topEntries = [];
+  try { topEntries = fs.readdirSync(root, { withFileTypes: true }); } catch { topEntries = []; }
+  for (const e of topEntries) {
+    if (!e.isDirectory() || e.isSymbolicLink()) continue;
+    if (known.has(e.name) || e.name.startsWith('.')) continue;
+    const abs = path.join(root, e.name);
+    if (subtreeHasContent(abs)) continue;
+    const reason = NUMBERED_FRAGMENT_RE.test(e.name) ? 'stray_root_fragment' : 'orphan_empty_dir';
+    candidates.push({ rel: e.name, reason, kind: 'dir', bytes: 0 });
+  }
+
+  return candidates.sort((a, b) => a.rel.localeCompare(b.rel));
+}
+
+const REASON_LABEL = {
+  empty_scratch_canvas: '빈 Obsidian 캔버스',
+  empty_scratch_base: '빈 Obsidian base',
+  empty_scratch_md: '빈 Untitled 노트',
+  empty_daily_note: '빈 일일노트',
+  orphan_empty_dir: '빈 폴더',
+  stray_root_fragment: '빈 잔여 폴더',
+};
+
+export async function tidyCommand(args) {
+  const root = absPath(args._[0] || args.root || process.cwd());
+  const vaultCfg = vaultConfig(root);
+  const candidates = detectJunk(root, vaultCfg);
+
+  const byReason = {};
+  for (const c of candidates) byReason[c.reason] = (byReason[c.reason] || 0) + 1;
+
+  const payload = {
+    ok: true,
+    command: 'tidy',
+    durable_write: false,
+    total: candidates.length,
+    by_reason: byReason,
+    files: candidates.filter((c) => c.kind === 'file').map((c) => c.rel),
+    dirs: candidates.filter((c) => c.kind === 'dir').map((c) => c.rel),
+    candidates,
+  };
+  if (args.json) return { json: true, payload };
+
+  const lines = ['# neurain tidy  (정리 후보 = 복구가능 휴지통 이동 대상)'];
+  if (!candidates.length) {
+    lines.push('- 정리할 잡파일이 없습니다. 깨끗합니다.');
+    return { text: lines.join('\n') };
+  }
+  lines.push(`- 총 ${candidates.length}건 (${Object.entries(byReason).map(([k, v]) => `${REASON_LABEL[k] || k} ${v}`).join(', ')})`);
+  lines.push('- 전부 휴지통으로 안전 이동(30일 복구 가능). 내용 있는 파일은 후보에서 자동 제외됩니다.');
+  for (const c of candidates) lines.push(`  - ${c.rel}  (${REASON_LABEL[c.reason] || c.reason})`);
+  return { text: lines.join('\n') };
+}