openhermes 2.6.1 → 4.0.0

package/harness/rules/runtime-guards.md

@@ -1,196 +0,0 @@
-# Runtime Guards — Prevent Stale Assumptions and Silent Failures
-
-## Problem Statement
-OpenHermes agents often operate on cached assumptions that become stale:
-- "npm install is available" → but npm registry is down or rate-limited
-- "git fetch works" → but remote repository was deleted or moved  
-- "Python 3.10 exists" → but path changed to Python 3.12
-- "Provider endpoint reachable" → but load balancer rotated certificates
-
-These stale assumptions cause:
-- Silent failures (agent retries indefinitely)
-- Wasted compute (re-running commands that will fail anyway) 
-- Incorrect behavior based on outdated information
-
-## Guard Enforcement
-
-### 1. Session Initialization Constraint
-At session start, create active constraint with `enforcement: hard`:
-```json
-{
-  "id": "runtime-guards-session",
-  "class": "constraint",
-  "project": "current-project",
-  "summary": "Runtime guards for stale assumption prevention",
-  "constraints": [
-    {
-      "name": "never_cache_tool_state",
-      "description": "Every tool call → fresh verification, no cache lookup",
-      "enforcement": "hard"
-    },
-    {
-      "name": "environment_fingerprint_required", 
-      "description": "Record OS, shell, cwd, provider, model at session start",
-      "enforcement": "hard" 
-    }
-  ]
-}
-```
-
-### 2. Pre-Tool-Call Check (Mandatory)
-Before any tool invocation:
-```javascript
-// In agent execution loop
-function beforeToolCall(toolName, args) {
-  // Verify environment matches session fingerprint
-  const envMatch = verifyEnvironmentFingerprint()
-  if (!envMatch) {
-    // Environment changed mid-session → hard fail or restart
-    throw new Error('Runtime guard: environment mismatch detected')
-  }
-  
-  // Never trust cached tool results across sessions
-  return { allow: true, fingerprint: generateFingerprint() }
-}
-```
-
-### 3. Compression Guard (Critical)
-Before adding verification receipts to compress buffer:
-```javascript
-function filterReceiptForCompression(receipt) {
-  // Check if receipt contains stale environment markers
-  const hasStaleEnv = /\b(node_version|python_path|npm_registry)\b/.test(receipt.result_detail)
-  
-  // Redact or remove stale artifacts before compression
-  if (hasStaleEnv) {
-    report.warn(`Excluding stale artifact from compress buffer: ${receipt.id}`)
-    return false
-  }
-  
-  return true
-}
-```
-
-### 4. State Drift Detection (Post-Compression)
-After each `compress` operation:
-```javascript
-function detectStateDrift(compressedBuffer) {
-  const fingerprints = computeFingerprints(compressedBuffer.receipts)
-  
-  // Check for new environment markers that weren't in last fingerprint
-  const driftMarkers = [
-    /\b(node_version:.*?)(?!\b)/,
-    /\b(python_path:.*?)(?!\b)/, 
-    /\b(npm_registry:.*?)(?!\b)/
-  ]
-  
-  for (const marker of driftMarkers) {
-    const matches = marker.exec(compressedBuffer.receipts)
-    if (matches && !lastFingerprint.includes(matches[0])) {
-      report.error(`State drift detected: ${matches[0]}`)
-      // Either revert compression or flag for manual review
-      return { drifted: true, marker: matches[0] }
-    }
-  }
-  
-  lastFingerprint = fingerprints
-  return { drifted: false }
-}
-```
-
-## Enforcement Points
-
-### Memory Write (ohc_save)
-```javascript
-// In openhermes-memory MCP server
-function putMemoryObject(obj) {
-  // Check for stale environment markers before persisting
-  if (hasStaleEnvironmentMarker(obj.content)) {
-    obj.content = redactStaleMarkers(obj.content)
-    obj.stale = true
-  }
-}
-```
-
-### Compress Event
-```javascript
-// In OpenHermes's built-in dynamic-context-pruning plugin
-function onCompress() {
-  const compressBuffer = buildSummary()
-  // Filter out stale artifacts before adding to buffer
-  const filteredBuffer = compressBuffer.filter(receipt => 
-    !hasStaleEnvironmentMarker(receipt.result_detail)
-  )
-  return filteredBuffer
-}
-```
-
-### Session Resume (Recovery) 
-On session resume or checkpoint recovery:
-```javascript
-// Load all active memory objects
-const loadedObjects = loadMemory()
-// Immediately re-verify environment fingerprint for each receipt
-const safeObjects = loadedObjects.map(obj => ({
-  ...obj,
-  summary: redactStaleEnvironmentFromSummary(obj.summary)
-}))
-```
-
-## Fail-Safe Mechanisms
-
-### 1. Pattern Mismatch / False Negatives
-**What if a new stale marker pattern emerges?**
-- Add to `staleMarkers` array immediately (no deployment cycle needed)
-- Run retrospective scan on last 30 days of memory objects
-- Flag affected objects for manual review + redaction
-
-### 2. Over-Redaction / False Positives  
-**What if legitimate data gets blocked?**
-- Allow explicit bypass via constraint: `enforce_runtime_guards: false` (rare use case)
-- Log all rejections to audit trail for review
-- Provide CLI command: `/openhermes-audit` for staleness checks
-
-### 3. Memory Corruption During Redaction
-**What if redaction process itself fails?**
-- Fall back to raw receipts (`opencode.db`) with full pattern matching
-- Never silently skip redaction — always log and fail-closed
-
-## Configuration & Overrides
-
-| Config | Default | Override |
-|--------|---------|----------|
-| `enforce_runtime_guards` | true | Constraint or environment variable |
-| `stale_marker_patterns_path` | rules/state-drift.md | Custom JSON/YAML file |
-| `retrospective_scan_days` | 30 | 7-90 |
-| `allow_bypass_paths` | [] (empty) | List of paths always excluded from filtering |
-
-## Compliance & Audit
-
-Every redacted memory object must include:
-```json
-{
-  "redacted_at": "2026-05-09T07:30:00Z",
-  "redaction_version": "1.0.0",
-  "patterns_applied": ["node_version", "python_path", ...],
-  "original_checksum": "sha256(original_content)"
-}
-```
-
-This allows:
-- Forensic reconstruction of what was redacted
-- Verification that no legitimate data was accidentally blocked
-- Audit trail for compliance requirements (SOC2, HIPAA, PCI)
-
-## Integration with Other Rules
-
-- `rules/verification.md`: Add "stale: true" to verification receipt schema  
-- `rules/state-drift.md`: Hash computation must exclude stale markers
-- `commands/doctor.md`: Include fingerprint and staleness checks in the doctor workflow
-
----
-
-**Status**: Active (enforcement: hard)  
-**Scope**: Global  
-**Created**: 2026-05-09T07:31:00Z  
-**Author**: agent (auto-generated via gap analysis)

package/harness/rules/self-heal.md

@@ -1,79 +0,0 @@
-# Self-Heal — Escalating Tier Model
-
-Self-correction escalates through structured tiers. There is no self-termination. The system recovers by reducing risk, narrowing behavior, and preserving receipts.
-
-## Tier 0 — Observe & Correct
-
-**Trigger**: Any single mistake or unexpected outcome.
-
-**Actions**:
-1. Observe the issue — note what happened vs. what was expected.
-2. Log a structured mistake record to `memory\mistakes\mistakes.jsonl` with root cause, fix, and prevention.
-3. Attempt the smallest safe correction (one-line fix preferred, one-function max).
-4. Verify the correction resolved the issue.
-
-**Outcome**: Issue resolved. Mistake logged for future parity checks.
-
-## Tier 1 — Add Prevention
-
-**Trigger**: Same mistake type repeats within 7 days, or correction at T0 failed.
-
-**Actions**:
-1. Review the existing mistake record(s) for the type.
-2. Add or refine a prevention rule — either a constraint record or a documented guard.
-3. Run targeted verification against the original failure scenario.
-4. If prevention rule already existed and failed → escalate to T2.
-
-**Outcome**: Prevention rule active. Targeted verification passed.
-
-## Tier 2 — Diagnosis & Review
-
-**Trigger**: Prevention failed, systemic issue suspected, repeated uncertainty, or conflicting constraints.
-
-**Actions**:
-1. Delegate to specialist subagent for diagnosis:
-   - Build failure → `build-error-resolver`
-   - Logic/scope/other → `diagnose` skill + `code-reviewer`
-   - Security → `security-reviewer`
-    - Config/tool → `harness-optimizer` + openhermes audit
-2. If structural (affects openhermes behavior across projects), generate a backlog item.
-3. Run an openhermes audit to check for broken references, stale constraints, or provenance gaps.
-4. Document findings and updated prevention rules.
-
-**Outcome**: Root cause identified. Prevention rules hardened. Backlog item created if structural.
-
-## Tier 3 — Constrained Safe Mode
-
-**Trigger**: Repeated T2 escalation without resolution, or cascading failures across domains.
-
-**Actions**:
-1. Enter constrained safe mode:
-   - Narrow claims: only claim what is verified.
-   - Narrow actions: single-step operations only, no multi-file changes.
-   - Preserve receipts: log every action with provenance.
-2. Produce a handoff-with-report:
-   - What happened (timeline of failures)
-   - What was attempted (T0, T1, T2 actions + results)
-   - Current state (what works, what doesn't)
-   - Recommended next action (human decision required)
-   - All mistake records and audit results attached
-3. Do NOT continue autonomous work. Wait for human intervention or explicit override.
-
-**Outcome**: Clean handoff state. System preserved. Human can resume without forensic reconstruction.
-
-## Self-Heal Principles
-
-- **Recover by reducing risk**: Narrow scope, add constraints, reduce ambition. Never widen scope to fix a problem.
-- **No grandstanding**: Don't re-litigate decisions, don't blame tools, don't produce essay-length explanations. Terse, factual reports.
-- **Preserve receipts**: Every tier escalation must be backed by logged evidence (mistake records, audit results, verification outputs).
-- **No self-termination**: The session may be paused, constrained, or handed off, but never unilaterally terminated.
-
-## Self-Edit Authority (Repeated for Reference)
-
-| Tier | Allowed |
-|------|---------|
-| Unconditional | Append memory entries, mistake records, checkpoints, audit receipts |
-| Conditional | Patch openhermes docs, schemas, templates, non-core rules; repair stale references in approved openhermes zones |
-| Human approval required | Core AGENTS.md changes, model routing, permissions, major config, protected user-owned settings |
-
-Full authority matrix is also in AGENTS.md.

package/harness/rules/session-start.md

@@ -1,34 +0,0 @@
-# Session-Start Checklist
-
-Run this at the start of every new session and every resume before substantive work.
-
-## Checklist
-
-1. Read `%USERPROFILE%\.config\opencode\AGENTS.md` and keep it active as the router.
-2. Load openhermes status from `%USERPROFILE%\.config\opencode\ohc.json` if rule paths or memory locations are needed.
-3. **Read autorecall cache**: If `openhermes\memory\recall\cache.json` exists, load it — it contains active checkpoint, constraints, decisions, and mistakes from the prior session. The autorecall plugin writes this at session start. Use this context before probing MCP tools.
-4. Check only the smallest relevant curated memory slice in `openhermes\memory\`:
-   - latest checkpoint via `ohc_latest`
-   - active decisions via `ohc_latest` or a narrow `ohc_search`
-   - active constraints via `ohc_latest` or a narrow `ohc_search`
-   - recent same-type mistakes only if the task matches a known pattern
-   - do not read whole memory indexes unless the task is explicitly about index auditing or repair
-5. If no relevant memory exists, proceed fresh without pretending there is prior state.
-6. If last openhermes audit is missing or older than 7 days, flag `/harness-audit` as due.
-7. Before substantial work, choose the smallest correct path:
-   - native read/grep/glob for search/gather
-   - `explore` subagent for multi-file analysis
-   - specialist subagent for substantive implementation, review, or diagnosis
-
-## User Entry Points
-
-- `/openhermes`: bootstrap openhermes state, summarize current readiness, and surface due actions.
-- `/harness-audit`: run an openhermes audit workflow and return findings.
-
-## Output Contract
-
-Keep session-start output terse:
-- current openhermes state
-- memory found or not found
-- audit freshness
-- immediate next action

package/harness/rules/skills-management.md

@@ -1,165 +0,0 @@
-# Skills Management — SKILL.md Format, Progressive Disclosure, Agent-Managed Lifecycle
-
-Sources: Hermes Agent SKILL.md frontmatter standard, progressive disclosure (L0/L1/L2), agent-managed skill lifecycle.
-
-## SKILL.md Frontmatter Format
-
-Every skill MUST have YAML frontmatter with these fields:
-
-```yaml
----
-name: my-skill
-description: One-line description of what this skill does
-version: 1.0.0
-author: agent            # "agent" if auto-created, "user" if hand-authored
-tags: [testing, python]  # Search/discovery tags
-category: development    # Category grouping in skills directory
-trigger:                 # Keywords that trigger loading this skill
-  - test
-  - tdd
-  - coverage
-requires_tools:          # Toolsets this skill needs to function
-  - terminal
-config:                  # Optional config settings
-  - key: my.setting
-    description: What this controls
-    default: "value"
----
-```
-
-### Field Reference
-
-| Field | Required | Type | Description |
-|-------|----------|------|-------------|
-| `name` | yes | string | Unique skill name, used as directory name |
-| `description` | yes | string | One-line description shown in skill index |
-| `version` | no | string | Semver for curated skills |
-| `author` | no | string | "agent", "user", or origin identifier |
-| `tags` | no | string[] | Search/discovery tags |
-| `category` | no | string | Grouping category |
-| `trigger` | no | string[] | Keywords that trigger progressive load (Tier 0→Tier 1) |
-| `requires_tools` | no | string[] | Toolsets that must be present; skill is hidden when absent |
-| `fallback_for` | no | string[] | Show this skill ONLY when listed toolsets are unavailable |
-| `config` | no | object[] | Declared config settings injected on load |
-
-### Platform Restriction
-
-Skills can restrict themselves to specific OS platforms:
-
-```yaml
-platforms: [windows]        # Windows only
-platforms: [windows, linux] # Windows and Linux
-```
-
-When set, the skill is hidden on incompatible platforms. If omitted, loads on all platforms.
-
-### Conditional Activation (Fallback Skills)
-
-Skills can auto-show/hide based on available tools:
-
-```yaml
-fallback_for: [web]        # Show ONLY when web tools are unavailable
-requires_tools: [terminal] # Show ONLY when terminal tools are available
-```
-
-Example: A `web-search` skill with `fallback_for: [web]` stays hidden when web_search tool is available. When the tool is missing (no API key), the skill automatically appears as an alternative.
-
-## Progressive Disclosure Loading
-
-Skills use a token-efficient loading pattern inspired by Hermes:
-
-```
-Tier 0: Skill directory listing → names, descriptions, categories, tags (from frontmatter)
-         Do: read skills/<name>/SKILL.md frontmatter on demand
-         Cost: ~200 tokens for 11 skills
-
-Tier 1: Full SKILL.md content → load the markdown body when:
-         - User triggers a trigger keyword (matching `trigger` field)
-         - User explicitly names the skill or runs `/skill-name`
-         - A subtask or command references it
-         Cost: Varies by skill (1-5K tokens)
-
-Tier 2: Reference files → load scripts/, templates/, references/ only when:
-         - Executing the skill's procedure
-         - The skill instructs you to read a specific file
-         Cost: Varies
-```
-
-### Trigger-Table Lazy Loading
-
-Instead of preloading all skills at session start, use the trigger table:
-
-| Trigger keyword | Skill to load | Condition |
-|----------------|---------------|-----------|
-| "test", "tdd", "coverage" | tdd-workflow | User mentions testing |
-| "security", "auth", "xss" | security-review | Security-related work |
-| "verify", "build", "lint" | verification-loop | Build/before-PR context |
-
-### Duplicate Instruction Prevention
-
-Before loading a skill, check if its instructions are already covered by:
-- AGENTS.md rules already in context
-- Another skill already loaded this session
-
-If overlap is detected, skip loading to avoid context bloat.
-
-## Agent-Managed Skill Lifecycle
-
-The agent can create, update, and delete skills during sessions. This is the skill system's self-improvement loop.
-
-### When to Create a Skill
-
-- After completing a complex task (5+ tool calls) successfully
-- When you hit errors/dead ends and found the working path
-- When the user corrected your approach
-- When you discovered a non-trivial workflow
-
-### Skill Management Operations
-
-| Operation | Method | Use for |
-|-----------|--------|---------|
-| **Create** | Write `skills/<name>/SKILL.md` | New skill from scratch |
-| **Patch** | Edit specific text in `skills/<name>/SKILL.md` | Targeted fixes (preferred over full rewrite) |
-| **Edit** | Full rewrite of `skills/<name>/SKILL.md` | Major structural changes |
-| **Delete** | Remove `skills/<name>/` | Remove a skill (only if superseded; prefer archival) |
-| **Add reference** | Write `skills/<name>/references/<file>` | Supporting documentation |
-| **Add template** | Write `skills/<name>/templates/<file>` | Output format templates |
-| **Add script** | Write `skills/<name>/scripts/<file>` | Helper scripts |
-
-### Minimum Threshold for Creation
-
-- Never create a skill from a single data point.
-- Minimum: 3 verified successes or 3 same-type mistakes in 7 days.
-- Check existing skills via `ohc_search` before creating to avoid duplicates.
-
-### Skill Quality Gates
-
-Every skill must have:
-1. Complete frontmatter with name, description, tags, trigger keywords
-2. A "When to Use" section with clear trigger conditions
-3. A "Procedure" section with step-by-step instructions
-4. A "Verification" section describing how to confirm it works
-5. A "Pitfalls" section noting known failure modes
-
-## Skill Directory Structure
-
-```
-skills/
-├── <name>/
-│   ├── SKILL.md               ← required
-│   ├── references/            ← additional docs
-│   ├── templates/             ← output formats
-│   └── scripts/               ← helper scripts
-```
-
-Skills live in three locations (discovered by OpenCode):
-- Project: `.opencode/skills/<name>/SKILL.md`
-- Global opencode: `~/.config/opencode/skills/<name>/SKILL.md`
-- Global agents: `~/.agents/skills/<name>/SKILL.md`
-
-## Verification
-
-After creating or updating a skill:
-1. Run the workflow defined in the SKILL.md.
-2. Verify it produces the expected outcome.
-3. Write a verification receipt via `ohc_save` with class `verification_receipt`.

package/harness/rules/state-drift.md

@@ -1,192 +0,0 @@
-# State Drift Detection — Hash-Based Environment Fingerprinting
-
-## Problem Statement 
-Compression accumulates verification receipts across sessions. Without drift detection, the same receipt content gets compressed repeatedly even when:
-- Environment changed (node 18 → node 20, Python 3.9 → 3.11)  
-- File system state drifted (git commit hash changed)
-- Provider credentials rotated (API key in verification detail)
-
-This creates "phantom" compressed data that references stale environments.
-
-## Solution: Hash-Based Fingerprinting
-
-### Environment Fingerprint Schema
-```json
-{
-  "fingerprint": {
-    "cwd": "C:/path/to/project",
-    "harness_root": "C:/Users/nathan/.config/opencode",
-    "project_root": "C:/path/to/project",
-    "project": "my-project",
-    "session_id": "session-123",
-    "os": "win32",
-    "release": "10.0.26100",
-    "arch": "x64",
-    "shell": "cmd.exe",
-    "provider": "lmstudio",
-    "model": "openhermes-1.x",
-    "sha256": "..."
-  }
-}
-```
-
-### Fingerprint Generation (Pre-Compression)
-```javascript
-function generateEnvironmentFingerprint() {
-  const cwd = process.cwd()
-  const provider = process.env.OPENCODE_PROVIDER || 'lmstudio'
-  const model = process.env.OPENCODE_MODEL || null
-
-  return hash(
-    `${cwd}${provider}${model || ''}`
-  )
-}
-```
-
-### Hash-Based Drift Detection (Post-Compression)
-```javascript
-function detectHashDrift(compressedSummary, lastFingerprint) {
-  const currentFingerprint = generateEnvironmentFingerprint()
-  
-  if (!lastFingerprint || currentFingerprint !== lastFingerprint) {
-    // Environment changed since last compression
-    return { drift: true, oldFp: lastFingerprint, newFp: currentFingerprint }
-  }
-  
-  return { drift: false }
-}
-```
-
-## Enforcement Points
-
-### Compress Event (Primary Guard)
-```javascript
-// In OpenHermes's built-in dynamic-context-pruning plugin
-function onCompress() {
-  // Generate fresh fingerprint before compressing
-  const currentFp = generateEnvironmentFingerprint()
-  
-  if (!lastFp || currentFp !== lastFp) {
-    // Drift detected → abort compression or truncate buffer
-    report.warn(`State drift: environment changed from ${lastFp} to ${currentFp}`)
-    return { truncated: true, reason: 'environment_drift' }
-  }
-  
-  lastFp = currentFp
-}
-```
-
-### Memory Write (Secondary Guard)  
-```javascript
-// In openhermes-memory MCP server  
-funtion putMemoryObject(obj) {
-  // Attach fingerprint to all new memory objects
-  obj.fingerprint = generateEnvironmentFingerprint()
-  
-  // Compare against last compressed buffer's fingerprint
-  if (!lastCompressedFp || obj.fingerprint !== lastCompressedFp) {
-    // New environment → flag for review or redact stale content
-    obj.stale_content_redacted = true
-  }
-}
-```
-
-### Session Resume (Recovery)
-```javascript
-// On session resume / checkpoint recovery 
-function recoverFromCheckpoint(checkpointData) {
-  const lastFp = checkpointData.lastCompressedFingerprint
-  const currentFp = generateEnvironmentFingerprint()
-  
-  if (!lastFp || currentFp !== lastFp) {
-    // Environment changed since checkpoint was created
-    report.warn(`Resume from checkpoint with environment drift: ${lastFp} → ${currentFp}`)
-    // Redact any compressed summaries that reference stale environments
-    redactStaleCompressedSummaries()
-  }
-}
-```
-
-## Hash Algorithm Selection
-
-### Recommended: SHA-256 (cryptographically strong, fast enough) ```javascript
-const fingerprint = sha256(
-  `${os.family}${os.version}${cwd}${gitState?.commit_hash}`
-).substring(0, 16) // Truncate to 16 hex chars for readability
-```
-
-### Alternatives (if performance needed)
-- **MD5**: Faster but weaker collision resistance. Use only if fingerprint is never displayed.
-- **CRC32**: Extremely fast, but collisions possible. Not recommended unless hash space is tiny.
-
-### Hash Space Considerations  
-- With SHA-256 truncated to 16 hex chars → 4^16 = ~4.3 billion unique fingerprints
-- Collision probability after N compressions ≈ N² / (8 × 2³¹) via birthday paradox
-- For typical sessions (<100,000 compresses), collision risk < 1e-5
-
-## Performance Characteristics
-
-| Operation | Time | Notes |
-|-----------|------|-------|
-| Generate fingerprint | ~5ms | Dominated by filesystem stat calls |
-| SHA-256 hash computation | ~0.5ms | Negligible compared to I/O |
-| Store in memory object | <1ms | Just a string assignment |
-
-## Fail-Safe Mechanisms
-
-### 1. Hash Collision (Extremely Rare)
-**What if two different environments produce same fingerprint?**
-- Use full SHA-256 for audit logging, truncated value for quick comparison
-- Log collision event with both hashes and manual review required
-- Store in `memory/audits/collision-events.json`
-
-### 2. Fingerprint Computation Failure  
-**What if filesystem stat fails (permission denied)?**
-- Fall back to previous valid fingerprint
-- Log error but continue operation
-- Schedule full drift check on next checkpoint
-
-### 3. Hash Algorithm Change
-**What if we upgrade from SHA-256 to SHA-3?**
-- Include hash algorithm identifier in fingerprint metadata
-- Parse both old and new format during resume
-- Migrate gracefully without data loss
-
-## Configuration & Overrides
-
-| Config | Default | Override |
-|--------|---------|----------|
-| `fingerprint_hash_algo` | "sha256" | "md5", "crc32" (performance mode only) |
-| `truncated_fingerprint_len` | 16 | 8, 4, 0 (full hash) |
-| `allow_drift_bypass` | false | Set to true for testing or known-good drift scenarios |
-
-## Compliance & Audit
-
-Every compressed summary must include:
-```json
-{
-  "fingerprint_at_compression": "fp_abc123def456",
-  "hash_algorithm": "sha256",
-  "truncated_length": 16,
-  "drift_detected": false,
-  "redaction_applied": false
-}
-```
-
-This allows:
-- Forensic reconstruction of environment at compression time
-- Verification that no phantom data exists in compressed buffer
-- Audit trail for compliance requirements (NIST, SOC2)
-
-## Integration with Other Rules
-
-- `rules/verification.md`: Fingerprint must be attached to all verification receipts  
-- `rules/runtime-guards.md`: Hash-based drift detection prevents credential exposure  
-- `commands/doctor.md`: Include fingerprint checks in the doctor workflow
-
----
-
-**Status**: Active (enforcement: hard)  
-**Scope**: Global  
-**Created**: 2026-05-09T07:31:00Z  
-**Author**: agent (auto-generated via gap analysis)