oxe-cc 1.0.0 → 1.3.0

package/commands/oxe/session.md

@@ -1,7 +1,7 @@
 ---
 name: oxe:session
-description: "Gerir sessões OXE: new, list, switch, resume, status, close, migrate"
-argument-hint: "[new <nome> | list | switch <id> | resume <id> | status | close | migrate <nome>]"
+description: "Gerir sessões, milestones e workstreams OXE (absorve /oxe-project, /oxe-milestone, /oxe-workstream)"
+argument-hint: "[new <nome> | list | switch <id> | close | migrate <nome> | milestone new|status|audit | workstream new|switch|list]"
 allowed-tools:
   - Read
   - Bash
@@ -17,7 +17,7 @@ oxe_tool_profile: write_bounded
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 4a7e893fe47767a3
+oxe_semantics_hash: df52e7982aeabf21
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 4a7e893fe47767a3
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `4a7e893fe47767a3`
+- **Checksum semântico:** `df52e7982aeabf21`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/session.md` e `.oxe/context/packs/session.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow session --json`

package/commands/oxe/ship.md

@@ -0,0 +1,49 @@
+---
+name: oxe:ship
+description: "OXE — Entregar: cria commit local com mensagem gerada de SPEC+PLAN+VERIFY. Flags: --message, --amend, --verify-first, --dry-run"
+argument-hint: "[--message 'mensagem'] [--amend] [--verify-first] [--no-checks] [--dry-run]"
+allowed-tools:
+  - Read
+  - Bash
+  - Glob
+  - Grep
+  - Write
+  - Task
+oxe_workflow_slug: ship
+oxe_reasoning_mode: execution
+oxe_question_policy: ask_high_impact_only
+oxe_output_contract: execution
+oxe_tool_profile: write_bounded
+oxe_confidence_policy: explicit
+oxe_context_tier: standard
+oxe_contract_version: 2.0.0
+oxe_semantics_hash: 4a5d304e6ca781fc
+---
+
+<!-- oxe-reasoning-contract:start -->
+
+**Contrato de raciocínio OXE deste comando**
+- **Workflow:** ship
+- **Modo:** execução
+- **Perguntas:** perguntar só alto impacto
+- **Saída esperada:** execução
+- **Perfil de ferramentas:** mutação limitada
+- **Política de confiança:** explícita
+- **Tier de contexto padrão:** padrão
+- **Versão do contrato:** 2.0.0
+- **Checksum semântico:** `4a5d304e6ca781fc`
+- **Entrada de contexto prioritária:** `.oxe/context/packs/ship.md` e `.oxe/context/packs/ship.json`
+- **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
+- **Inspeção estruturada:** `oxe-cc context inspect --workflow ship --json`
+- Fazer reconhecimento curto antes de editar ou executar mutações.
+- Trabalhar no menor write set viável e validar após cada fatia relevante.
+- Parar e explicitar o bloqueio quando houver hipótese crítica não verificada.
+- **Seções esperadas:** Contexto lido · Alvo da mudança · Validação executada · Resultado · Próximo passo
+- **Bloqueios formais:** missing:verify_without_override · missing:tracked_changes
+- **Referência canónica:** `oxe/workflows/references/reasoning-execution.md`
+
+<!-- oxe-reasoning-contract:end -->
+
+**Workflow canônico:** `oxe/workflows/ship.md`
+
+Execute integralmente esse ficheiro na raiz do repositório em que estás a trabalhar. Usa `$ARGUMENTS` como flags de entrega (`--message`, `--amend`, `--verify-first`, `--no-checks`, `--dry-run`).

package/commands/oxe/skill.md

@@ -17,7 +17,7 @@ oxe_tool_profile: write_bounded
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 64cec6f03fc7cfe6
+oxe_semantics_hash: 3cfb16d4930b8a59
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 64cec6f03fc7cfe6
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `64cec6f03fc7cfe6`
+- **Checksum semântico:** `3cfb16d4930b8a59`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/skill.md` e `.oxe/context/packs/skill.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow skill --json`

package/commands/oxe/spec.md

@@ -1,7 +1,7 @@
 ---
 name: oxe:spec
-description: "Spec em 5 fases: perguntas → pesquisa → requisitos R-ID (v1/v2/fora) → roteiro ROADMAP.md → aprovação → plan"
-argument-hint: "[descrição da feature, ideia ou @arquivo.md com PRD]"
+description: "Spec em 5 fases. Flags: --refresh (scan incremental), --full (scan completo), --research (spike), --ui (gera UI-SPEC)"
+argument-hint: "[descrição da feature | --refresh | --full | --research | --ui]"
 allowed-tools:
   - Read
   - Write
@@ -15,7 +15,7 @@ oxe_tool_profile: read_heavy
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 598fcdce72e894c8
+oxe_semantics_hash: eea8766eab635c97
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -29,7 +29,7 @@ oxe_semantics_hash: 598fcdce72e894c8
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `598fcdce72e894c8`
+- **Checksum semântico:** `eea8766eab635c97`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/spec.md` e `.oxe/context/packs/spec.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow spec --json`

package/commands/oxe/ui-review.md

@@ -1,6 +1,6 @@
 ---
 name: oxe:ui-review
-description: OXE — Auditoria UI (.oxe/UI-REVIEW.md)
+description: "[DEPRECATED v1.1.0] Incorporado por /oxe-verify. Use: /oxe-verify --ui"
 argument-hint: "[paths ou Tn opcional]"
 allowed-tools:
   - Read
@@ -17,7 +17,7 @@ oxe_tool_profile: review_heavy
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 94c1695de8d9ec7d
+oxe_semantics_hash: 262a73b77bf68d6d
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 94c1695de8d9ec7d
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `94c1695de8d9ec7d`
+- **Checksum semântico:** `262a73b77bf68d6d`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/ui-review.md` e `.oxe/context/packs/ui-review.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow ui-review --json`

package/commands/oxe/ui-spec.md

@@ -1,6 +1,6 @@
 ---
 name: oxe:ui-spec
-description: OXE — Contrato UI (.oxe/UI-SPEC.md) a partir da SPEC
+description: "[DEPRECATED v1.1.0] Incorporado por /oxe-spec. Use: /oxe-spec --ui para gerar contrato UI/UX"
 argument-hint: "[âmbito UI opcional]"
 allowed-tools:
   - Read
@@ -17,7 +17,7 @@ oxe_tool_profile: mixed
 oxe_confidence_policy: rubric
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 76ba6d1e0e2f02e6
+oxe_semantics_hash: 5c8a7668f0a9fca1
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 76ba6d1e0e2f02e6
 - **Política de confiança:** rubrica
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `76ba6d1e0e2f02e6`
+- **Checksum semântico:** `5c8a7668f0a9fca1`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/ui-spec.md` e `.oxe/context/packs/ui-spec.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow ui-spec --json`

package/commands/oxe/update.md

@@ -17,7 +17,7 @@ oxe_tool_profile: write_bounded
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 49332cbd409f2ac6
+oxe_semantics_hash: afa0ff72a118df58
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 49332cbd409f2ac6
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `49332cbd409f2ac6`
+- **Checksum semântico:** `afa0ff72a118df58`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/update.md` e `.oxe/context/packs/update.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow update --json`

package/commands/oxe/validate-gaps.md

@@ -1,6 +1,6 @@
 ---
 name: oxe:validate-gaps
-description: OXE — Auditoria Nyquist-lite (.oxe/VALIDATION-GAPS.md) após verify
+description: "[DEPRECATED v1.1.0] Incorporado por /oxe-verify. Use: /oxe-verify --gaps"
 argument-hint: "[opcional: Tn ou A*]"
 allowed-tools:
   - Read
@@ -17,7 +17,7 @@ oxe_tool_profile: review_heavy
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 27d51ac144da4c1c
+oxe_semantics_hash: 69e3f79ec51160e1
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 27d51ac144da4c1c
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `27d51ac144da4c1c`
+- **Checksum semântico:** `69e3f79ec51160e1`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/validate-gaps.md` e `.oxe/context/packs/validate-gaps.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow validate-gaps --json`

package/commands/oxe/verify.md

@@ -1,7 +1,7 @@
 ---
 name: oxe:verify
-description: Valida implementação contra SPEC e PLAN; produz checklist e gaps
-argument-hint: "[Tn opcional — focar uma tarefa]"
+description: "Valida e fecha o ciclo (retro automática). Flags: --gaps, --security, --ui, --pr, --diff, --skip-retro"
+argument-hint: "[Tn | --gaps | --security | --ui | --pr | --diff branchA...branchB | --skip-retro]"
 allowed-tools:
   - Read
   - Write
@@ -16,7 +16,7 @@ oxe_tool_profile: review_heavy
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 442bb4594208d058
+oxe_semantics_hash: 8b47625394eec62a
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -30,7 +30,7 @@ oxe_semantics_hash: 442bb4594208d058
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `442bb4594208d058`
+- **Checksum semântico:** `8b47625394eec62a`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/verify.md` e `.oxe/context/packs/verify.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow verify --json`
@@ -39,6 +39,9 @@ oxe_semantics_hash: 442bb4594208d058
 - Se não houver findings, declarar isso explicitamente e listar riscos residuais.
 - **Seções esperadas:** Findings · Perguntas abertas · Riscos residuais · Resumo
 - **Bloqueios formais:** missing:state
+- **Caminho runtime padrão:** `oxe-cc runtime verify --dir <projeto>` → `oxe-cc runtime project --dir <projeto>`
+- **Artefatos canónicos primários:** `.oxe/runs/<run_id>/verification-manifest.json` · `.oxe/runs/<run_id>/residual-risk-ledger.json` · `.oxe/runs/<run_id>/evidence-coverage.json` · `VERIFY.md projetado`
+- **Fallback runtime:** Se runtime verify não estiver disponível, declarar fallback explícito para a verificação manual; se retornar partial, usar os gaps explícitos como backlog da revisão.
 - **Referência canónica:** `oxe/workflows/references/reasoning-review.md`
 
 <!-- oxe-reasoning-contract:end -->

package/commands/oxe/workstream.md

@@ -1,6 +1,6 @@
 ---
 name: oxe:workstream
-description: "Trilhas paralelas — list, new <nome>, switch <nome>, status, close <nome> — artefatos independentes em .oxe/workstreams/<nome>/"
+description: "[DEPRECATED v1.1.0] Incorporado por /oxe-session. Use: /oxe-session workstream list|new|switch|close"
 argument-hint: "list | new <nome> | switch <nome> | status | close <nome>"
 allowed-tools:
   - Read
@@ -17,7 +17,7 @@ oxe_tool_profile: write_bounded
 oxe_confidence_policy: explicit
 oxe_context_tier: standard
 oxe_contract_version: 2.0.0
-oxe_semantics_hash: 82d171363381cc0d
+oxe_semantics_hash: 380bd0a3f3620845
 ---
 
 <!-- oxe-reasoning-contract:start -->
@@ -31,7 +31,7 @@ oxe_semantics_hash: 82d171363381cc0d
 - **Política de confiança:** explícita
 - **Tier de contexto padrão:** padrão
 - **Versão do contrato:** 2.0.0
-- **Checksum semântico:** `82d171363381cc0d`
+- **Checksum semântico:** `380bd0a3f3620845`
 - **Entrada de contexto prioritária:** `.oxe/context/packs/workstream.md` e `.oxe/context/packs/workstream.json`
 - **Regra pack-first:** ler o context pack primeiro; se estiver stale, incompleto ou ausente, cair para leitura direta com fallback explícito.
 - **Inspeção estruturada:** `oxe-cc context inspect --workflow workstream --json`

package/lib/runtime/audit/audit-trail.d.ts

@@ -0,0 +1,71 @@
+export interface AuditQueryFilter {
+    action?: AuditAction;
+    severity?: AuditSeverity;
+    runId?: string;
+    since?: string;
+}
+export interface RemoteAuditSink {
+    write(entry: AuditEntry): Promise<void>;
+    query(filter: AuditQueryFilter): Promise<AuditEntry[]>;
+}
+export interface AuditMetrics {
+    total_entries: number;
+    critical_count: number;
+    warn_count: number;
+    by_action: Partial<Record<AuditAction, number>>;
+    actors: string[];
+    oldest: string | null;
+    newest: string | null;
+}
+export type AuditAction = 'run_started' | 'run_completed' | 'run_paused' | 'run_recovered' | 'gate_requested' | 'gate_resolved' | 'policy_denied' | 'plugin_registered' | 'plugin_invoked' | 'secret_accessed' | 'infra_mutation' | 'pr_created' | 'merge_approved' | 'merge_blocked';
+export type AuditSeverity = 'info' | 'warn' | 'critical';
+export interface AuditEntry {
+    audit_id: string;
+    action: AuditAction;
+    severity: AuditSeverity;
+    run_id: string | null;
+    work_item_id: string | null;
+    actor: string;
+    resource: string | null;
+    detail: Record<string, unknown>;
+    timestamp: string;
+}
+export interface RunQuota {
+    run_id: string;
+    max_work_items: number;
+    max_mutations: number;
+    max_retries_total: number;
+    consumed_work_items: number;
+    consumed_mutations: number;
+    consumed_retries: number;
+}
+export interface QuotaViolation {
+    quota_type: 'work_items' | 'mutations' | 'retries';
+    limit: number;
+    consumed: number;
+}
+export declare class AuditTrail {
+    private readonly projectRoot;
+    private readonly remoteSink?;
+    constructor(projectRoot: string, remoteSink?: RemoteAuditSink | undefined);
+    record(action: AuditAction, actor: string, options?: {
+        runId?: string;
+        workItemId?: string;
+        resource?: string;
+        detail?: Record<string, unknown>;
+    }): AuditEntry;
+    query(filter?: {
+        action?: AuditAction;
+        severity?: AuditSeverity;
+        runId?: string;
+        since?: string;
+    }): AuditEntry[];
+    critical(): AuditEntry[];
+    metrics(): AuditMetrics;
+    private append;
+    private load;
+    private trailPath;
+}
+export declare function createQuota(runId: string, limits?: Partial<Omit<RunQuota, 'run_id' | 'consumed_work_items' | 'consumed_mutations' | 'consumed_retries'>>): RunQuota;
+export declare function checkQuota(quota: RunQuota): QuotaViolation | null;
+export declare function consumeQuota(quota: RunQuota, type: QuotaViolation['quota_type'], amount?: number): RunQuota;

package/lib/runtime/audit/audit-trail.js

@@ -0,0 +1,154 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditTrail = void 0;
+exports.createQuota = createQuota;
+exports.checkQuota = checkQuota;
+exports.consumeQuota = consumeQuota;
+const crypto_1 = __importDefault(require("crypto"));
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+const ACTION_SEVERITY = {
+    run_started: 'info',
+    run_completed: 'info',
+    run_paused: 'info',
+    run_recovered: 'warn',
+    gate_requested: 'warn',
+    gate_resolved: 'info',
+    policy_denied: 'warn',
+    plugin_registered: 'info',
+    plugin_invoked: 'info',
+    secret_accessed: 'critical',
+    infra_mutation: 'critical',
+    pr_created: 'info',
+    merge_approved: 'warn',
+    merge_blocked: 'warn',
+};
+class AuditTrail {
+    constructor(projectRoot, remoteSink) {
+        this.projectRoot = projectRoot;
+        this.remoteSink = remoteSink;
+    }
+    record(action, actor, options = {}) {
+        const entry = {
+            audit_id: `aud-${crypto_1.default.randomBytes(4).toString('hex')}`,
+            action,
+            severity: ACTION_SEVERITY[action],
+            run_id: options.runId ?? null,
+            work_item_id: options.workItemId ?? null,
+            actor,
+            resource: options.resource ?? null,
+            detail: options.detail ?? {},
+            timestamp: new Date().toISOString(),
+        };
+        this.append(entry);
+        return entry;
+    }
+    query(filter = {}) {
+        return this.load().filter((e) => {
+            if (filter.action && e.action !== filter.action)
+                return false;
+            if (filter.severity && e.severity !== filter.severity)
+                return false;
+            if (filter.runId && e.run_id !== filter.runId)
+                return false;
+            if (filter.since && e.timestamp < filter.since)
+                return false;
+            return true;
+        });
+    }
+    critical() {
+        return this.query({ severity: 'critical' });
+    }
+    metrics() {
+        const entries = this.load();
+        const by_action = {};
+        const actorSet = new Set();
+        let oldest = null;
+        let newest = null;
+        let critical_count = 0;
+        let warn_count = 0;
+        for (const e of entries) {
+            by_action[e.action] = (by_action[e.action] ?? 0) + 1;
+            actorSet.add(e.actor);
+            if (e.severity === 'critical')
+                critical_count++;
+            if (e.severity === 'warn')
+                warn_count++;
+            if (!oldest || e.timestamp < oldest)
+                oldest = e.timestamp;
+            if (!newest || e.timestamp > newest)
+                newest = e.timestamp;
+        }
+        return {
+            total_entries: entries.length,
+            critical_count,
+            warn_count,
+            by_action,
+            actors: [...actorSet],
+            oldest,
+            newest,
+        };
+    }
+    append(entry) {
+        const p = this.trailPath();
+        fs_1.default.mkdirSync(path_1.default.dirname(p), { recursive: true });
+        fs_1.default.appendFileSync(p, JSON.stringify(entry) + '\n', 'utf8');
+        // Fire-and-forget remote sink (failures are non-fatal)
+        if (this.remoteSink) {
+            this.remoteSink.write(entry).catch(() => { });
+        }
+    }
+    load() {
+        const p = this.trailPath();
+        if (!fs_1.default.existsSync(p))
+            return [];
+        try {
+            return fs_1.default
+                .readFileSync(p, 'utf8')
+                .split('\n')
+                .filter(Boolean)
+                .map((line) => JSON.parse(line));
+        }
+        catch {
+            return [];
+        }
+    }
+    trailPath() {
+        return path_1.default.join(this.projectRoot, '.oxe', 'AUDIT-TRAIL.ndjson');
+    }
+}
+exports.AuditTrail = AuditTrail;
+// ─── RunQuota ─────────────────────────────────────────────────────────────────
+function createQuota(runId, limits = {}) {
+    return {
+        run_id: runId,
+        max_work_items: limits.max_work_items ?? Infinity,
+        max_mutations: limits.max_mutations ?? Infinity,
+        max_retries_total: limits.max_retries_total ?? Infinity,
+        consumed_work_items: 0,
+        consumed_mutations: 0,
+        consumed_retries: 0,
+    };
+}
+function checkQuota(quota) {
+    if (quota.consumed_work_items > quota.max_work_items) {
+        return { quota_type: 'work_items', limit: quota.max_work_items, consumed: quota.consumed_work_items };
+    }
+    if (quota.consumed_mutations > quota.max_mutations) {
+        return { quota_type: 'mutations', limit: quota.max_mutations, consumed: quota.consumed_mutations };
+    }
+    if (quota.consumed_retries > quota.max_retries_total) {
+        return { quota_type: 'retries', limit: quota.max_retries_total, consumed: quota.consumed_retries };
+    }
+    return null;
+}
+function consumeQuota(quota, type, amount = 1) {
+    switch (type) {
+        case 'work_items': return { ...quota, consumed_work_items: quota.consumed_work_items + amount };
+        case 'mutations': return { ...quota, consumed_mutations: quota.consumed_mutations + amount };
+        case 'retries': return { ...quota, consumed_retries: quota.consumed_retries + amount };
+    }
+}

package/lib/runtime/audit/index.d.ts

@@ -0,0 +1,2 @@
+export * from './audit-trail';
+export * from './policy-pack';

package/lib/runtime/audit/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./audit-trail"), exports);
+__exportStar(require("./policy-pack"), exports);

package/lib/runtime/audit/policy-pack.d.ts

@@ -0,0 +1,15 @@
+import type { PolicyRule, EnvironmentGuardrail } from '../policy/policy-engine';
+import { PolicyEngine } from '../policy/policy-engine';
+export interface PolicyPack {
+    pack_id: string;
+    org_id: string;
+    name: string;
+    version: string;
+    policies: PolicyRule[];
+    guardrail: EnvironmentGuardrail;
+    created_at: string;
+}
+export declare function savePolicyPack(projectRoot: string, pack: PolicyPack): void;
+export declare function loadPolicyPack(projectRoot: string, packId: string): PolicyPack | null;
+export declare function listPolicyPacks(projectRoot: string): PolicyPack[];
+export declare function applyPolicyPack(engine: PolicyEngine, pack: PolicyPack): PolicyEngine;

package/lib/runtime/audit/policy-pack.js

@@ -0,0 +1,57 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.savePolicyPack = savePolicyPack;
+exports.loadPolicyPack = loadPolicyPack;
+exports.listPolicyPacks = listPolicyPacks;
+exports.applyPolicyPack = applyPolicyPack;
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+function packDir(projectRoot) {
+    return path_1.default.join(projectRoot, '.oxe', 'policy-packs');
+}
+function packFilePath(projectRoot, packId) {
+    return path_1.default.join(packDir(projectRoot), `${packId}.json`);
+}
+function savePolicyPack(projectRoot, pack) {
+    const dir = packDir(projectRoot);
+    fs_1.default.mkdirSync(dir, { recursive: true });
+    fs_1.default.writeFileSync(packFilePath(projectRoot, pack.pack_id), JSON.stringify(pack, null, 2), 'utf8');
+}
+function loadPolicyPack(projectRoot, packId) {
+    const p = packFilePath(projectRoot, packId);
+    if (!fs_1.default.existsSync(p))
+        return null;
+    try {
+        return JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+function listPolicyPacks(projectRoot) {
+    const dir = packDir(projectRoot);
+    if (!fs_1.default.existsSync(dir))
+        return [];
+    return fs_1.default
+        .readdirSync(dir)
+        .filter((f) => f.endsWith('.json'))
+        .map((f) => {
+        try {
+            return JSON.parse(fs_1.default.readFileSync(path_1.default.join(dir, f), 'utf8'));
+        }
+        catch {
+            return null;
+        }
+    })
+        .filter((p) => p !== null);
+}
+function applyPolicyPack(engine, pack) {
+    let result = engine.withGuardrail(pack.guardrail);
+    for (const rule of pack.policies) {
+        result = result.withRule(rule);
+    }
+    return result;
+}

package/lib/runtime/context/context-pack-builder.d.ts

@@ -1,6 +1,8 @@
 import type { WorkItem } from '../models/work-item';
 import type { Evidence } from '../models/evidence';
 import type { RunState } from '../reducers/run-state-reducer';
+import type { ContextProfile } from './context-profiles';
+import type { AutonomyTier } from '../policy/policy-engine';
 export interface ContextArtifact {
     id: string;
     kind: 'evidence' | 'lesson' | 'file' | 'summary';
@@ -27,10 +29,23 @@ export interface ContextPack {
     redundancy_removed: number;
     built_at: string;
 }
+export interface ContextQualityScore {
+    completeness: number;
+    relevance_mean: number;
+    redundancy: number;
+    recency_score: number;
+    overall: number;
+}
+export declare function scorePackQuality(pack: ContextPack, profile: ContextProfile): ContextQualityScore;
 export declare class ContextPackBuilder {
     private readonly opts;
     constructor(opts?: ContextPackOptions);
     build(workItem: WorkItem, state: RunState, evidenceItems: Evidence[], evidenceContents: Map<string, string>, lessons: LessonMetric[]): ContextPack;
     /** Convenience: build with no evidence, just lessons and state summary */
     buildLightweight(workItem: WorkItem, state: RunState, lessons: LessonMetric[]): ContextPack;
+    /**
+     * Filter artifacts to those whose path-like tags are within mutation_scope.
+     * L0/L1 tiers apply the filter; L2/L3 skip it (full access).
+     */
+    filterByMutationScope(artifacts: ContextArtifact[], mutationScope: string[], autonomyTier: AutonomyTier): ContextArtifact[];
 }