nubos-pilot 1.2.0 → 1.2.1

package/lib/install/claude-hooks.cjs

@@ -16,8 +16,21 @@ const { atomicWriteFileSync, NubosPilotError, withFileLock } = require('../core.
 
 const STATUSLINE_REL = '.claude/nubos-pilot/hooks/np-statusline.cjs';
 const CTX_MONITOR_REL = '.claude/nubos-pilot/hooks/np-ctx-monitor.cjs';
+const SECURITY_HOOK_REL = '.claude/nubos-pilot/hooks/np-security-hook.cjs';
 const NP_STATUSLINE_MARKER = 'np-statusline.';
 const NP_CTX_MONITOR_MARKER = 'np-ctx-monitor.';
+const NP_SECURITY_MARKER = 'np-security-hook.';
+
+// ADR-0020: in-session security review layer. One DRY hook script, registered
+// against five Claude Code lifecycle events, differentiated by a trailing verb.
+const SECURITY_HOOKS = Object.freeze([
+  { verb: 'session-start', event: 'SessionStart',    matcher: undefined },
+  { verb: 'baseline',      event: 'UserPromptSubmit', matcher: undefined },
+  { verb: 'scan',          event: 'PostToolUse',      matcher: 'Edit|Write|MultiEdit|NotebookEdit' },
+  { verb: 'review',        event: 'Stop',             matcher: undefined },
+  { verb: 'commit',        event: 'PostToolUse',      matcher: 'Bash' },
+]);
+const SECURITY_EVENTS = Object.freeze(['SessionStart', 'UserPromptSubmit', 'Stop', 'PostToolUse']);
 
 function _settingsPath(scope, projectRoot) {
   if (scope === 'global') return path.join(os.homedir(), '.claude', 'settings.json');
@@ -101,6 +114,64 @@ function _installPostToolUse(settings, cmd) {
   return { action: 'installed' };
 }
 
+function _verbOf(command) {
+  const m = String(command).match(/"\s+([a-z-]+)\s*$/);
+  return m ? m[1] : null;
+}
+
+function _installVerbHook(settings, eventName, matcher, cmd, verb) {
+  if (!settings.hooks || typeof settings.hooks !== 'object') settings.hooks = {};
+  if (!Array.isArray(settings.hooks[eventName])) settings.hooks[eventName] = [];
+  const list = settings.hooks[eventName];
+  for (const entry of list) {
+    const hooks = Array.isArray(entry.hooks) ? entry.hooks : [];
+    for (const h of hooks) {
+      if (h && typeof h.command === 'string' && h.command.includes(NP_SECURITY_MARKER) && _verbOf(h.command) === verb) {
+        h.command = cmd;
+        h.type = 'command';
+        if (matcher !== undefined) entry.matcher = matcher;
+        return { action: 'updated' };
+      }
+    }
+  }
+  const entry = matcher !== undefined
+    ? { matcher, hooks: [{ type: 'command', command: cmd }] }
+    : { hooks: [{ type: 'command', command: cmd }] };
+  list.push(entry);
+  return { action: 'installed' };
+}
+
+function _installSecurity(settings, scope, projectRoot) {
+  const base = _hookCommand(SECURITY_HOOK_REL, scope, projectRoot);
+  const results = {};
+  for (const h of SECURITY_HOOKS) {
+    results[h.verb] = _installVerbHook(settings, h.event, h.matcher, base + ' ' + h.verb, h.verb);
+  }
+  return results;
+}
+
+function _removeSecurity(settings) {
+  if (!settings.hooks || typeof settings.hooks !== 'object') return { action: 'absent' };
+  let removed = 0;
+  for (const eventName of SECURITY_EVENTS) {
+    if (!Array.isArray(settings.hooks[eventName])) continue;
+    const filtered = [];
+    for (const entry of settings.hooks[eventName]) {
+      const hooks = Array.isArray(entry.hooks) ? entry.hooks : [];
+      const kept = hooks.filter((h) => !(h && typeof h.command === 'string' && h.command.includes(NP_SECURITY_MARKER)));
+      if (kept.length > 0) {
+        filtered.push(kept.length === hooks.length ? entry : Object.assign({}, entry, { hooks: kept }));
+      } else {
+        removed++;
+      }
+    }
+    settings.hooks[eventName] = filtered;
+    if (filtered.length === 0) delete settings.hooks[eventName];
+  }
+  if (settings.hooks && Object.keys(settings.hooks).length === 0) delete settings.hooks;
+  return { action: removed > 0 ? 'removed' : 'absent' };
+}
+
 function _removeStatusLine(settings) {
   const existing = settings.statusLine;
   if (existing && typeof existing === 'object'
@@ -140,13 +211,19 @@ function installClaudeHooks(opts) {
   const which = o.which || 'both';
   const settingsPath = _settingsPath(scope, projectRoot);
 
+  const wantStatusline = which === 'statusline' || which === 'both' || which === 'all';
+  const wantCtxMonitor = which === 'ctx-monitor' || which === 'both' || which === 'all';
+  const wantSecurity = which === 'security' || which === 'all';
+
   const statuslineCmd = _hookCommand(STATUSLINE_REL, scope, projectRoot);
   const ctxMonitorCmd = _hookCommand(CTX_MONITOR_REL, scope, projectRoot);
 
-  const statuslineAbs = path.join(scope === 'global' ? os.homedir() : projectRoot, STATUSLINE_REL);
-  const ctxMonitorAbs = path.join(scope === 'global' ? os.homedir() : projectRoot, CTX_MONITOR_REL);
+  const base = scope === 'global' ? os.homedir() : projectRoot;
+  const statuslineAbs = path.join(base, STATUSLINE_REL);
+  const ctxMonitorAbs = path.join(base, CTX_MONITOR_REL);
+  const securityAbs = path.join(base, SECURITY_HOOK_REL);
 
-  if (which === 'statusline' || which === 'both') {
+  if (wantStatusline) {
     if (!fs.existsSync(statuslineAbs)) {
       throw new NubosPilotError(
         'claude-hooks-script-missing',
@@ -155,7 +232,7 @@ function installClaudeHooks(opts) {
       );
     }
   }
-  if (which === 'ctx-monitor' || which === 'both') {
+  if (wantCtxMonitor) {
     if (!fs.existsSync(ctxMonitorAbs)) {
       throw new NubosPilotError(
         'claude-hooks-script-missing',
@@ -164,6 +241,15 @@ function installClaudeHooks(opts) {
       );
     }
   }
+  if (wantSecurity) {
+    if (!fs.existsSync(securityAbs)) {
+      throw new NubosPilotError(
+        'claude-hooks-script-missing',
+        'Security hook script not found: ' + securityAbs,
+        { script: securityAbs },
+      );
+    }
+  }
 
   fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
 
@@ -171,12 +257,15 @@ function installClaudeHooks(opts) {
     const settings = _readJsonSafe(settingsPath);
     const results = {};
 
-    if (which === 'statusline' || which === 'both') {
+    if (wantStatusline) {
       results.statusline = _installStatusLine(settings, statuslineCmd, force);
     }
-    if (which === 'ctx-monitor' || which === 'both') {
+    if (wantCtxMonitor) {
       results.ctxMonitor = _installPostToolUse(settings, ctxMonitorCmd);
     }
+    if (wantSecurity) {
+      results.security = _installSecurity(settings, scope, projectRoot);
+    }
 
     if (o.dryRun) return { dryRun: true, path: settingsPath, results, settings };
 
@@ -190,13 +279,14 @@ function uninstallClaudeHooks(opts) {
   const projectRoot = o.projectRoot || process.cwd();
   const scope = o.scope === 'global' ? 'global' : 'local';
   const settingsPath = _settingsPath(scope, projectRoot);
-  if (!fs.existsSync(settingsPath)) return { path: settingsPath, results: { statusline: { action: 'absent' }, ctxMonitor: { action: 'absent' } } };
+  if (!fs.existsSync(settingsPath)) return { path: settingsPath, results: { statusline: { action: 'absent' }, ctxMonitor: { action: 'absent' }, security: { action: 'absent' } } };
 
   return withFileLock(settingsPath, () => {
     const settings = _readJsonSafe(settingsPath);
     const results = {
       statusline: _removeStatusLine(settings),
       ctxMonitor: _removePostToolUse(settings),
+      security: _removeSecurity(settings),
     };
     if (o.dryRun) return { dryRun: true, path: settingsPath, results, settings };
     atomicWriteFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
@@ -209,8 +299,11 @@ module.exports = {
   uninstallClaudeHooks,
   STATUSLINE_REL,
   CTX_MONITOR_REL,
+  SECURITY_HOOK_REL,
   NP_STATUSLINE_MARKER,
   NP_CTX_MONITOR_MARKER,
+  NP_SECURITY_MARKER,
+  SECURITY_HOOKS,
   _settingsPath,
   _hookCommand,
 };

package/lib/install/claude-hooks.test.cjs

@@ -225,3 +225,99 @@ test('claude-hooks: settings file with only whitespace is treated as empty', ()
     fs.rmSync(dir, { recursive: true, force: true });
   }
 });
+
+function _mkSandboxAll() {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'np-claude-hooks-all-'));
+  const hooksDir = path.join(dir, '.claude', 'nubos-pilot', 'hooks');
+  fs.mkdirSync(hooksDir, { recursive: true });
+  for (const f of ['np-statusline.cjs', 'np-ctx-monitor.cjs', 'np-security-hook.cjs']) {
+    fs.writeFileSync(path.join(hooksDir, f), '// stub\n');
+  }
+  return dir;
+}
+
+test('claude-hooks SEC: which=all registers all five security lifecycle hooks', () => {
+  const dir = _mkSandboxAll();
+  try {
+    const res = mod.installClaudeHooks({ projectRoot: dir, scope: 'local', which: 'all' });
+    const r = res.results.security;
+    assert.equal(r['session-start'].action, 'installed');
+    assert.equal(r.baseline.action, 'installed');
+    assert.equal(r.scan.action, 'installed');
+    assert.equal(r.review.action, 'installed');
+    assert.equal(r.commit.action, 'installed');
+    const s = JSON.parse(fs.readFileSync(res.path, 'utf-8'));
+    assert.equal(s.hooks.SessionStart[0].hooks[0].command.replace(/.*np-security-hook\.cjs"\s*/, '').trim(), 'session-start');
+    assert.equal(s.hooks.UserPromptSubmit[0].hooks[0].command.trim().endsWith('baseline'), true);
+    assert.equal(s.hooks.Stop[0].hooks[0].command.trim().endsWith('review'), true);
+    const ptu = s.hooks.PostToolUse;
+    const scan = ptu.find((e) => e.matcher === 'Edit|Write|MultiEdit|NotebookEdit');
+    const commit = ptu.find((e) => e.matcher === 'Bash');
+    assert.ok(scan && scan.hooks[0].command.trim().endsWith('scan'));
+    assert.ok(commit && commit.hooks[0].command.trim().endsWith('commit'));
+    assert.ok(ptu.find((e) => e.matcher === '.*'), 'ctx-monitor still present under all');
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('claude-hooks SEC: re-install is idempotent (no duplicate entries)', () => {
+  const dir = _mkSandboxAll();
+  try {
+    mod.installClaudeHooks({ projectRoot: dir, scope: 'local', which: 'all' });
+    const res2 = mod.installClaudeHooks({ projectRoot: dir, scope: 'local', which: 'all' });
+    assert.equal(res2.results.security.scan.action, 'updated');
+    const s = JSON.parse(fs.readFileSync(res2.path, 'utf-8'));
+    assert.equal(s.hooks.SessionStart.length, 1);
+    assert.equal(s.hooks.Stop.length, 1);
+    assert.equal(s.hooks.PostToolUse.filter((e) => e.hooks[0].command.includes('np-security-hook.')).length, 2);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('claude-hooks SEC: which=both does NOT install security hooks (legacy unchanged)', () => {
+  const dir = _mkSandboxAll();
+  try {
+    const res = mod.installClaudeHooks({ projectRoot: dir, scope: 'local', which: 'both' });
+    assert.equal(res.results.security, undefined);
+    const s = JSON.parse(fs.readFileSync(res.path, 'utf-8'));
+    assert.ok(!s.hooks.SessionStart);
+    assert.ok(!s.hooks.Stop);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('claude-hooks SEC: uninstall removes security hooks but preserves foreign ones', () => {
+  const dir = _mkSandboxAll();
+  try {
+    const settingsPath = path.join(dir, '.claude', 'settings.local.json');
+    fs.writeFileSync(settingsPath, JSON.stringify({
+      hooks: { Stop: [{ hooks: [{ type: 'command', command: 'echo foreign-stop' }] }] },
+    }));
+    mod.installClaudeHooks({ projectRoot: dir, scope: 'local', which: 'all' });
+    const res = mod.uninstallClaudeHooks({ projectRoot: dir, scope: 'local' });
+    assert.equal(res.results.security.action, 'removed');
+    const s = JSON.parse(fs.readFileSync(res.path, 'utf-8'));
+    assert.equal(s.hooks.Stop.length, 1);
+    assert.equal(s.hooks.Stop[0].hooks[0].command, 'echo foreign-stop');
+    assert.ok(!s.hooks.SessionStart, 'our SessionStart removed');
+    assert.ok(!s.hooks.PostToolUse || !s.hooks.PostToolUse.some((e) => e.hooks[0].command.includes('np-security-hook.')));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('claude-hooks SEC: which=security missing script throws structured error', () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'np-claude-hooks-nosec-'));
+  fs.mkdirSync(path.join(dir, '.claude', 'nubos-pilot', 'hooks'), { recursive: true });
+  try {
+    assert.throws(
+      () => mod.installClaudeHooks({ projectRoot: dir, scope: 'local', which: 'security' }),
+      (err) => err && err.code === 'claude-hooks-script-missing',
+    );
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});

package/lib/security/ledger.cjs

@@ -0,0 +1,203 @@
+'use strict';
+
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+
+const { withFileLock, atomicWriteFileSync } = require('../core.cjs');
+
+const LEDGER_VERSION = 1;
+const RISK_SEVERITIES = new Set(['risk', 'high', 'critical', 'fail']);
+
+function sanitizeSid(sid) {
+  return String(sid || '').replace(/[^a-zA-Z0-9._-]/g, '_');
+}
+
+function ledgerPath(sid) {
+  return path.join(os.tmpdir(), 'claude-sec-' + sanitizeSid(sid) + '.json');
+}
+
+function _skeleton(sid) {
+  return {
+    session_id: String(sid || ''),
+    version: LEDGER_VERSION,
+    created_at: Date.now(),
+    baseline: null,
+    seen_scan: {},
+    findings: [],
+    review_in_flight: null,
+    stop_streak: 0,
+    commit_review_times: [],
+  };
+}
+
+function _read(sid) {
+  const p = ledgerPath(sid);
+  let raw;
+  try { raw = fs.readFileSync(p, 'utf-8'); }
+  catch { return _skeleton(sid); }
+  if (!raw || raw.trim() === '') return _skeleton(sid);
+  let parsed;
+  try { parsed = JSON.parse(raw); }
+  catch { return _skeleton(sid); }
+  if (!parsed || typeof parsed !== 'object') return _skeleton(sid);
+  return Object.assign(_skeleton(sid), parsed);
+}
+
+function _isPidAlive(pid) {
+  if (!Number.isInteger(pid)) return false;
+  try { process.kill(pid, 0); return true; }
+  catch (err) { return !!(err && err.code === 'EPERM'); }
+}
+
+function withLedger(sid, fn) {
+  const p = ledgerPath(sid);
+  return withFileLock(p, () => {
+    const ledger = _read(sid);
+    const result = fn(ledger);
+    atomicWriteFileSync(p, JSON.stringify(ledger), 'utf-8', 0o600);
+    return result;
+  });
+}
+
+function readLedger(sid) {
+  return _read(sid);
+}
+
+function initSession(sid) {
+  return withLedger(sid, (l) => { l.created_at = l.created_at || Date.now(); return { session_id: l.session_id }; });
+}
+
+function setBaseline(sid, baseline) {
+  return withLedger(sid, (l) => {
+    l.baseline = Object.assign({ captured_at: Date.now() }, baseline || {});
+    return l.baseline;
+  });
+}
+
+function _scanKey(f) {
+  return String(f.file) + '::' + String(f.rule_name);
+}
+
+function markScanReported(sid, findings) {
+  const list = Array.isArray(findings) ? findings : [];
+  return withLedger(sid, (l) => {
+    const fresh = [];
+    for (const f of list) {
+      const key = _scanKey(f);
+      if (l.seen_scan[key]) continue;
+      l.seen_scan[key] = true;
+      fresh.push(f);
+    }
+    return fresh;
+  });
+}
+
+function _fingerprint(f) {
+  return [
+    String(f.file || ''),
+    String(f.line == null ? '' : f.line),
+    String(f.category || ''),
+    String(f.rule_name || f.title || ''),
+  ].join('|');
+}
+
+function addReviewFindings(sid, findings, layer) {
+  const list = Array.isArray(findings) ? findings : [];
+  return withLedger(sid, (l) => {
+    const existing = new Set(l.findings.map((f) => f.fp));
+    let added = 0;
+    for (const f of list) {
+      const fp = _fingerprint(f);
+      if (existing.has(fp)) continue;
+      existing.add(fp);
+      l.findings.push({
+        fp,
+        file: f.file || null,
+        line: f.line == null ? null : f.line,
+        category: f.category || null,
+        severity: f.severity || 'risk',
+        title: f.title || f.rule_name || null,
+        mitigation_hint: f.mitigation_hint || f.reminder || null,
+        layer: layer || null,
+        surfaced: false,
+        addressed: false,
+        created_at: Date.now(),
+      });
+      added++;
+    }
+    return { added };
+  });
+}
+
+function takeUnsurfacedRisks(sid, opts) {
+  const maxStreak = opts && Number.isFinite(opts.maxStreak) ? opts.maxStreak : 3;
+  return withLedger(sid, (l) => {
+    const unsurfaced = l.findings.filter((f) => !f.surfaced && RISK_SEVERITIES.has(String(f.severity)));
+    if (unsurfaced.length === 0) {
+      l.stop_streak = 0;
+      return { findings: [], yielded: false };
+    }
+    if (l.stop_streak >= maxStreak) {
+      for (const f of unsurfaced) f.surfaced = true;
+      l.stop_streak = 0;
+      return { findings: [], yielded: true };
+    }
+    for (const f of unsurfaced) f.surfaced = true;
+    l.stop_streak += 1;
+    return { findings: unsurfaced.map((f) => ({ ...f })), yielded: false };
+  });
+}
+
+function tryBeginReview(sid, opts) {
+  const staleMs = opts && Number.isFinite(opts.staleMs) ? opts.staleMs : 5 * 60 * 1000;
+  return withLedger(sid, (l) => {
+    const cur = l.review_in_flight;
+    if (cur && typeof cur === 'object') {
+      const age = Date.now() - Number(cur.started_at || 0);
+      const stale = age > staleMs || !_isPidAlive(Number(cur.pid));
+      if (!stale) return { began: false, reason: 'in-flight' };
+    }
+    l.review_in_flight = { pid: process.pid, started_at: Date.now() };
+    return { began: true };
+  });
+}
+
+function endReview(sid) {
+  return withLedger(sid, (l) => { l.review_in_flight = null; return { ok: true }; });
+}
+
+function tryRecordCommitReview(sid, opts) {
+  const maxPerHour = opts && Number.isFinite(opts.maxPerHour) ? opts.maxPerHour : 20;
+  const windowMs = 60 * 60 * 1000;
+  return withLedger(sid, (l) => {
+    const now = Date.now();
+    l.commit_review_times = (l.commit_review_times || []).filter((t) => now - t < windowMs);
+    if (l.commit_review_times.length >= maxPerHour) return { allowed: false, count: l.commit_review_times.length };
+    l.commit_review_times.push(now);
+    return { allowed: true, count: l.commit_review_times.length };
+  });
+}
+
+function removeLedger(sid) {
+  try { fs.unlinkSync(ledgerPath(sid)); } catch {}
+}
+
+module.exports = {
+  LEDGER_VERSION,
+  RISK_SEVERITIES,
+  sanitizeSid,
+  ledgerPath,
+  withLedger,
+  readLedger,
+  initSession,
+  setBaseline,
+  markScanReported,
+  addReviewFindings,
+  takeUnsurfacedRisks,
+  tryBeginReview,
+  endReview,
+  tryRecordCommitReview,
+  removeLedger,
+  _fingerprint,
+};

package/lib/security/ledger.test.cjs

@@ -0,0 +1,139 @@
+'use strict';
+
+const { test } = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('node:fs');
+
+const ledger = require('./ledger.cjs');
+
+let _sidCounter = 0;
+function freshSid() {
+  _sidCounter += 1;
+  return 'test-sec-' + process.pid + '-' + _sidCounter;
+}
+function cleanup(sid) {
+  ledger.removeLedger(sid);
+  try { fs.unlinkSync(ledger.ledgerPath(sid) + '.lock'); } catch {}
+}
+
+test('LED-1 scan report-once: same pattern+file reported only once per session', () => {
+  const sid = freshSid();
+  try {
+    const f = [{ file: 'a.js', rule_name: 'eval_call' }];
+    const first = ledger.markScanReported(sid, f);
+    const second = ledger.markScanReported(sid, f);
+    assert.equal(first.length, 1);
+    assert.equal(second.length, 0);
+  } finally { cleanup(sid); }
+});
+
+test('LED-2 scan dedup is per-file: same rule on a different file is fresh', () => {
+  const sid = freshSid();
+  try {
+    ledger.markScanReported(sid, [{ file: 'a.js', rule_name: 'eval_call' }]);
+    const other = ledger.markScanReported(sid, [{ file: 'b.js', rule_name: 'eval_call' }]);
+    assert.equal(other.length, 1);
+  } finally { cleanup(sid); }
+});
+
+test('LED-3 review findings dedup by fingerprint (cross-layer)', () => {
+  const sid = freshSid();
+  try {
+    const finding = { file: 'x.js', line: 10, category: 'injection', severity: 'risk', title: 'SQLi' };
+    const a = ledger.addReviewFindings(sid, [finding], 'stop');
+    const b = ledger.addReviewFindings(sid, [finding], 'commit');
+    assert.equal(a.added, 1);
+    assert.equal(b.added, 0);
+  } finally { cleanup(sid); }
+});
+
+test('LED-4 takeUnsurfacedRisks surfaces once, then nothing', () => {
+  const sid = freshSid();
+  try {
+    ledger.addReviewFindings(sid, [{ file: 'x.js', line: 1, category: 'authz', severity: 'risk', title: 'bypass' }], 'stop');
+    const first = ledger.takeUnsurfacedRisks(sid, { maxStreak: 3 });
+    const second = ledger.takeUnsurfacedRisks(sid, { maxStreak: 3 });
+    assert.equal(first.findings.length, 1);
+    assert.equal(second.findings.length, 0);
+  } finally { cleanup(sid); }
+});
+
+test('LED-5 only risk-class severities surface; warn does not block', () => {
+  const sid = freshSid();
+  try {
+    ledger.addReviewFindings(sid, [{ file: 'x.js', line: 2, category: 'style', severity: 'warn', title: 'nit' }], 'stop');
+    const r = ledger.takeUnsurfacedRisks(sid, {});
+    assert.equal(r.findings.length, 0);
+  } finally { cleanup(sid); }
+});
+
+test('LED-6 a single surfacing drains all currently-unsurfaced risks at once', () => {
+  const sid = freshSid();
+  try {
+    for (let i = 0; i < 5; i++) {
+      ledger.addReviewFindings(sid, [{ file: 'f' + i + '.js', line: i, category: 'injection', severity: 'risk', title: 't' + i }], 'stop');
+    }
+    const r1 = ledger.takeUnsurfacedRisks(sid, { maxStreak: 3 });
+    const r2 = ledger.takeUnsurfacedRisks(sid, { maxStreak: 3 });
+    assert.equal(r1.findings.length, 5);
+    assert.equal(r2.findings.length, 0);
+  } finally { cleanup(sid); }
+});
+
+test('LED-6b once streak hits max with leftovers, it yields back to the user', () => {
+  const sid = freshSid();
+  try {
+    let streak = 0;
+    let yielded = false;
+    for (let turn = 0; turn < 10; turn++) {
+      ledger.addReviewFindings(sid, [{ file: 'g' + turn + '.js', line: turn, category: 'injection', severity: 'risk', title: 'g' + turn }], 'stop');
+      const r = ledger.takeUnsurfacedRisks(sid, { maxStreak: 3 });
+      if (r.yielded) { yielded = true; break; }
+      streak++;
+    }
+    assert.ok(yielded, 'should yield within a few turns');
+    assert.ok(streak <= 3, 'never more than maxStreak consecutive blocks');
+  } finally { cleanup(sid); }
+});
+
+test('LED-7 concurrency guard: second begin while in-flight is rejected', () => {
+  const sid = freshSid();
+  try {
+    const a = ledger.tryBeginReview(sid, {});
+    const b = ledger.tryBeginReview(sid, {});
+    assert.equal(a.began, true);
+    assert.equal(b.began, false);
+    ledger.endReview(sid);
+    const c = ledger.tryBeginReview(sid, {});
+    assert.equal(c.began, true);
+  } finally { cleanup(sid); }
+});
+
+test('LED-7b stale in-flight (old timestamp) is reclaimed', () => {
+  const sid = freshSid();
+  try {
+    ledger.tryBeginReview(sid, {});
+    ledger.withLedger(sid, (l) => { l.review_in_flight.started_at = Date.now() - 10 * 60 * 1000; });
+    const c = ledger.tryBeginReview(sid, { staleMs: 5 * 60 * 1000 });
+    assert.equal(c.began, true);
+  } finally { cleanup(sid); }
+});
+
+test('LED-8 commit rolling-hour cap enforced', () => {
+  const sid = freshSid();
+  try {
+    let lastAllowed = true;
+    for (let i = 0; i < 20; i++) lastAllowed = ledger.tryRecordCommitReview(sid, { maxPerHour: 20 }).allowed;
+    assert.equal(lastAllowed, true);
+    const over = ledger.tryRecordCommitReview(sid, { maxPerHour: 20 });
+    assert.equal(over.allowed, false);
+  } finally { cleanup(sid); }
+});
+
+test('LED-9 baseline round-trips', () => {
+  const sid = freshSid();
+  try {
+    ledger.setBaseline(sid, { head: 'abc123' });
+    assert.equal(ledger.readLedger(sid).baseline.head, 'abc123');
+  } finally { cleanup(sid); }
+});