peaks-cli 1.4.2 → 2.0.0

package/dist/src/services/audit/classifier.js

@@ -0,0 +1,127 @@
+/**
+ * Red-line classifier — turns raw markdown lines into RedLineEntry.
+ *
+ * Algorithm: for each MarkdownLine, check whether the line text contains one
+ * of the four red-line markers (MANDATORY / BLOCKING / MUST NOT / RED LINE).
+ * On a hit, extract the surrounding ±2 lines as context, look up the red
+ * line in the catalog, and emit a RedLineEntry. Lines that contain a marker
+ * but match no catalog entry still produce a RedLineEntry (with backing =
+ * prose-only and enforcerRef = null) — those are the "discovered but not yet
+ * enforced" red lines the L2 redesign is working to eliminate.
+ */
+import { findCatalogEntry } from './red-line-catalog.js';
+const MARKER_PATTERN = /\b(MANDATORY|BLOCKING|MUST NOT|RED LINE)\b/;
+const CONTEXT_LINES_BEFORE = 2;
+const CONTEXT_LINES_AFTER = 2;
+function isMarker(s) {
+    return s === 'MANDATORY' || s === 'BLOCKING' || s === 'MUST NOT' || s === 'RED LINE';
+}
+function extractContext(allLines, hitLine) {
+    const start = Math.max(0, hitLine - CONTEXT_LINES_BEFORE);
+    const end = Math.min(allLines.length, hitLine + 1 + CONTEXT_LINES_AFTER);
+    return allLines.slice(start, end).join('\n');
+}
+/**
+ * Detect markers in a single line of markdown. Returns the marker text found
+ * (uppercased), or null when no marker is present.
+ */
+/**
+ * Case-insensitive marker pattern (used only by detectMarker so callers can
+ * write `MANDATORY` / `mandatory` / `Mandatory` interchangeably in prose).
+ * deriveRuleName uses the all-caps MARKER_PATTERN so it doesn't strip a
+ * mid-sentence "Red Line" reference.
+ */
+const MARKER_PATTERN_CI = /\b(MANDATORY|BLOCKING|MUST NOT|RED LINE)\b/i;
+export function detectMarker(lineText) {
+    const match = MARKER_PATTERN_CI.exec(lineText);
+    if (!match)
+        return null;
+    const raw = (match[1] ?? '').toUpperCase();
+    if (raw === 'MUST') {
+        // "MUST NOT" is two tokens in the regex; the match group only captures
+        // "MUST". Re-verify by checking the next character.
+        const after = lineText[match.index + match[0].length];
+        if (after === undefined || /\s/.test(after)) {
+            return 'MUST NOT';
+        }
+        return isMarker(raw) ? raw : null;
+    }
+    return isMarker(raw) ? raw : null;
+}
+/**
+ * Derive a human-readable rule name from the marker line. Heuristic: take
+ * the first 8 words of the line, lowercase, trimmed. Catalog matching is
+ * the source of truth for the canonical rule name; this is the fallback
+ * when no catalog entry matches.
+ */
+export function deriveRuleName(lineText) {
+    const cleaned = lineText
+        .replace(MARKER_PATTERN, '')
+        .replace(/^[*_`#>:]+/, '')
+        .replace(/[*_`#>]/g, '')
+        .trim();
+    const words = cleaned.split(/\s+/).filter(Boolean).slice(0, 8);
+    return words.length > 0 ? words.join(' ').toLowerCase() : 'unspecified red line';
+}
+/**
+ * Classify a single markdown file. Returns 0+ RedLineEntry; one entry per
+ * marker hit. Marker hits that appear multiple times on the same line are
+ * counted once.
+ */
+export function classifyFile(input) {
+    const entries = [];
+    const warnings = [];
+    const seen = new Set();
+    for (let idx = 0; idx < input.lines.length; idx++) {
+        const lineText = input.lines[idx] ?? '';
+        if (seen.has(idx + 1))
+            continue;
+        const marker = detectMarker(lineText);
+        if (marker === null)
+            continue;
+        seen.add(idx + 1);
+        const context = extractContext(input.lines, idx);
+        const ruleName = deriveRuleName(lineText);
+        const markers = [marker];
+        const catalog = findCatalogEntry(ruleName, markers);
+        const source = {
+            file: input.file,
+            line: idx + 1,
+            marker,
+            context,
+        };
+        if (catalog) {
+            entries.push({
+                id: catalog.id,
+                rule: catalog.rule,
+                source,
+                backing: catalog.enforcerRef === null ? 'prose-only' : 'cli-backed',
+                enforcerRef: catalog.enforcerRef,
+            });
+        }
+        else {
+            // Marker hit but no catalog match: discovered, not yet enforced.
+            entries.push({
+                id: `rl-discovered-${input.file.replace(/[^a-z0-9]+/gi, '-').toLowerCase()}-${idx + 1}`,
+                rule: ruleName,
+                source,
+                backing: 'prose-only',
+                enforcerRef: null,
+            });
+        }
+    }
+    return { entries, warnings };
+}
+/**
+ * Batch wrapper — classify each input file and flatten the entries.
+ */
+export function classifyFiles(inputs) {
+    const allEntries = [];
+    const allWarnings = [];
+    for (const input of inputs) {
+        const result = classifyFile(input);
+        allEntries.push(...result.entries);
+        allWarnings.push(...result.warnings);
+    }
+    return { entries: allEntries, warnings: allWarnings };
+}

package/dist/src/services/audit/enforcers/active-skill-resolver.d.ts

@@ -0,0 +1,29 @@
+/**
+ * active-skill-resolver — utility for hook enforcers.
+ *
+ * Resolves the active peak skill name for the current session, so hook
+ * enforcers (e.g. solo-code-ban) can decide whether to fire.
+ *
+ * Per `src/services/session/caller-id-types.ts`: the active-skill file is
+ * at `.peaks/_runtime/<peakSessionId>/active-skill-<callerId>.json`.
+ *
+ * Resolution order (graceful degradation — never throws):
+ *   1. PEAKS_ACTIVE_SKILL env var (explicit override, used by tests)
+ *   2. .peaks/_runtime/<sid>/active-skill-<callerId>.json for each caller
+ *      bound to the current peak session
+ *   3. null (caller did not set a skill; enforcers can decide to skip)
+ */
+export interface ActiveSkillResolution {
+    readonly skill: string | null;
+    readonly callerId: string | null;
+    readonly sessionId: string | null;
+    readonly source: 'env' | 'file' | 'none';
+}
+/**
+ * Resolve the active peak skill for the current hook invocation.
+ *
+ * Reads PEAKS_ACTIVE_SKILL first (test override), then walks
+ * `.peaks/_runtime/<sid>/` for any `active-skill-*.json` file. Returns
+ * the first match.
+ */
+export declare function resolveActiveSkillForCaller(projectRoot: string): ActiveSkillResolution;

package/dist/src/services/audit/enforcers/active-skill-resolver.js

@@ -0,0 +1,71 @@
+/**
+ * active-skill-resolver — utility for hook enforcers.
+ *
+ * Resolves the active peak skill name for the current session, so hook
+ * enforcers (e.g. solo-code-ban) can decide whether to fire.
+ *
+ * Per `src/services/session/caller-id-types.ts`: the active-skill file is
+ * at `.peaks/_runtime/<peakSessionId>/active-skill-<callerId>.json`.
+ *
+ * Resolution order (graceful degradation — never throws):
+ *   1. PEAKS_ACTIVE_SKILL env var (explicit override, used by tests)
+ *   2. .peaks/_runtime/<sid>/active-skill-<callerId>.json for each caller
+ *      bound to the current peak session
+ *   3. null (caller did not set a skill; enforcers can decide to skip)
+ */
+import { existsSync, readdirSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { getSessionIdCanonical } from '../../session/session-manager.js';
+import { getSessionDir } from '../../session/getSessionDir.js';
+const ACTIVE_SKILL_PREFIX = 'active-skill-';
+/**
+ * Resolve the active peak skill for the current hook invocation.
+ *
+ * Reads PEAKS_ACTIVE_SKILL first (test override), then walks
+ * `.peaks/_runtime/<sid>/` for any `active-skill-*.json` file. Returns
+ * the first match.
+ */
+export function resolveActiveSkillForCaller(projectRoot) {
+    const envOverride = process.env.PEAKS_ACTIVE_SKILL;
+    if (typeof envOverride === 'string' && envOverride.length > 0) {
+        return { skill: envOverride, callerId: null, sessionId: null, source: 'env' };
+    }
+    let sessionId = null;
+    try {
+        sessionId = getSessionIdCanonical(projectRoot);
+    }
+    catch {
+        return { skill: null, callerId: null, sessionId: null, source: 'none' };
+    }
+    if (sessionId === null) {
+        return { skill: null, callerId: null, sessionId: null, source: 'none' };
+    }
+    const sessionDir = getSessionDir(projectRoot, sessionId);
+    if (!existsSync(sessionDir)) {
+        return { skill: null, callerId: null, sessionId: sessionId, source: 'none' };
+    }
+    let entries;
+    try {
+        entries = readdirSync(sessionDir);
+    }
+    catch {
+        return { skill: null, callerId: null, sessionId: sessionId, source: 'none' };
+    }
+    for (const entry of entries) {
+        if (!entry.startsWith(ACTIVE_SKILL_PREFIX) || !entry.endsWith('.json'))
+            continue;
+        const callerId = entry.slice(ACTIVE_SKILL_PREFIX.length, -'.json'.length);
+        const filePath = join(sessionDir, entry);
+        try {
+            const raw = readFileSync(filePath, 'utf8');
+            const parsed = JSON.parse(raw);
+            if (typeof parsed.skill === 'string' && parsed.skill.length > 0) {
+                return { skill: parsed.skill, callerId, sessionId, source: 'file' };
+            }
+        }
+        catch {
+            // skip malformed file
+        }
+    }
+    return { skill: null, callerId: null, sessionId, source: 'none' };
+}

package/dist/src/services/audit/enforcers/design-draft-confirm.d.ts

@@ -0,0 +1,25 @@
+/**
+ * design-draft-confirm enforcer (L2.2 P1) — verifies a design draft exists
+ * and has been confirmed before the rd implementation phase begins.
+ *
+ * Two red lines:
+ *   - rl-design-draft-confirm-001: design-draft.md must exist before spec-locked
+ *   - rl-design-draft-confirm-002: design-draft must have a 'confirmed' marker
+ *
+ * The state-machine check is wired into peaks request transition (the
+ * spec-locked transition requires both files to exist + design to be
+ * confirmed). The catalog flags the entry as cli-backed when the
+ * enforcer file exists.
+ */
+export interface DesignDraftConfirmInput {
+    readonly projectRoot: string;
+    readonly sessionId: string;
+    readonly changeId: string;
+}
+export interface DesignDraftConfirmResult {
+    readonly draftExists: boolean;
+    readonly draftPath: string;
+    readonly confirmed: boolean;
+    readonly confirmationPath: string;
+}
+export declare function checkDesignDraftConfirmation(input: DesignDraftConfirmInput): DesignDraftConfirmResult;

package/dist/src/services/audit/enforcers/design-draft-confirm.js

@@ -0,0 +1,54 @@
+/**
+ * design-draft-confirm enforcer (L2.2 P1) — verifies a design draft exists
+ * and has been confirmed before the rd implementation phase begins.
+ *
+ * Two red lines:
+ *   - rl-design-draft-confirm-001: design-draft.md must exist before spec-locked
+ *   - rl-design-draft-confirm-002: design-draft must have a 'confirmed' marker
+ *
+ * The state-machine check is wired into peaks request transition (the
+ * spec-locked transition requires both files to exist + design to be
+ * confirmed). The catalog flags the entry as cli-backed when the
+ * enforcer file exists.
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+const CONFIRMATION_MARKERS = [
+    /\bconfirmed\b\s*[:=]\s*true/i,
+    /\bstatus:\s*confirmed-by-user/i,
+    /^#\s*confirmed\b/im,
+];
+export function checkDesignDraftConfirmation(input) {
+    // Design drafts live at .peaks/<changeId>/ui/design-draft.md (UI role) or
+    // .peaks/<changeId>/prd/requests/<rid>.md (PRD). For L2.2 the canonical
+    // location is the UI design-draft.
+    const draftPath = join(input.projectRoot, '.peaks', input.changeId, 'ui/design-draft.md');
+    const draftExists = existsSync(draftPath);
+    if (!draftExists) {
+        return {
+            draftExists: false,
+            draftPath,
+            confirmed: false,
+            confirmationPath: '',
+        };
+    }
+    let content;
+    try {
+        content = readFileSync(draftPath, 'utf8');
+    }
+    catch {
+        return {
+            draftExists: true,
+            draftPath,
+            confirmed: false,
+            confirmationPath: draftPath,
+        };
+    }
+    const confirmed = CONFIRMATION_MARKERS.some((p) => p.test(content));
+    return {
+        draftExists: true,
+        draftPath,
+        confirmed,
+        confirmationPath: draftPath,
+    };
+}

package/dist/src/services/audit/enforcers/lint-audit-regression.d.ts

@@ -0,0 +1,21 @@
+import type { LintHit } from './lint-style.js';
+export declare const CATALOG_STABILITY_GROWTH_CAP = 0.2;
+export declare const CATALOG_STABILITY_WINDOW_DAYS = 90;
+export declare const RUNTIME_BUDGET_MS = 2000;
+export interface CatalogStabilityInput {
+    /** Current catalog size (entries.length). */
+    readonly currentSize: number;
+    /** Catalog size 90 days ago, or null if no history available. */
+    readonly sizeNinetyDaysAgo: number | null;
+}
+export declare function lintCatalogStability(input: CatalogStabilityInput): readonly LintHit[];
+export declare function lintNoOrphanEnforcer(projectRoot: string): readonly LintHit[];
+export declare function lintNoOrphanCatalog(): readonly LintHit[];
+export declare function lintRuntimeBudget(projectRoot: string, observedMs: number): readonly LintHit[];
+/**
+ * Read the catalog-stability history file (if it exists). The
+ * file is a small JSON document maintained by the release
+ * pipeline; absent → null. We do not invent the historical
+ * data; absent data means "soft pass".
+ */
+export declare function readCatalogHistory(projectRoot: string): number | null;

package/dist/src/services/audit/enforcers/lint-audit-regression.js

@@ -0,0 +1,86 @@
+/**
+ * P2-b Theme L — Audit regression enforcers.
+ *
+ * Slice #7 L2.4. These four enforcers run during the audit
+ * and check the audit framework's own integrity. They are
+ * the "gating" layer that `peaks slice check`'s new
+ * audit-regression stage asserts.
+ *
+ * Four checks:
+ *   1. catalog-stability       — catalog size has not grown >20% in 90 days
+ *   2. no-orphan-enforcer      — every enforcerRef points to a real file
+ *   3. no-orphan-catalog       — every catalog entry has a non-null enforcerRef
+ *   4. runtime-budget          — audit completes in < 2s on a 100-reference project
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { RED_LINE_CATALOG } from '../red-line-catalog.js';
+export const CATALOG_STABILITY_GROWTH_CAP = 0.20;
+export const CATALOG_STABILITY_WINDOW_DAYS = 90;
+export const RUNTIME_BUDGET_MS = 2000;
+const fakeCatalogPath = 'src/services/audit/red-line-catalog.ts';
+function syntheticHit(catalogId, rule, detail) {
+    return {
+        catalogId,
+        rule,
+        file: fakeCatalogPath,
+        line: 1,
+        matchedText: detail,
+    };
+}
+export function lintCatalogStability(input) {
+    if (input.sizeNinetyDaysAgo === null || input.sizeNinetyDaysAgo === 0) {
+        // No historical data — can't check stability. Treat as a
+        // soft pass (the catalog-stability enforcer is
+        // non-blocking when the data is missing).
+        return [];
+    }
+    const growth = (input.currentSize - input.sizeNinetyDaysAgo) / input.sizeNinetyDaysAgo;
+    if (growth <= CATALOG_STABILITY_GROWTH_CAP)
+        return [];
+    return [syntheticHit('rl-audit-catalog-stability-001', 'catalog size has not grown > 20% in the last 90 days', `(growth ${(growth * 100).toFixed(1)}% over 90 days; currentSize=${input.currentSize}, priorSize=${input.sizeNinetyDaysAgo})`)];
+}
+export function lintNoOrphanEnforcer(projectRoot) {
+    const hits = [];
+    for (const entry of RED_LINE_CATALOG) {
+        if (!entry.enforcerRef)
+            continue;
+        const absPath = join(projectRoot, entry.enforcerRef);
+        if (!existsSync(absPath)) {
+            hits.push(syntheticHit('rl-audit-no-orphan-enforcer-001', 'every enforcerRef points to a real file', `(enforcerRef "${entry.enforcerRef}" for ${entry.id} does not exist on disk)`));
+        }
+    }
+    return hits;
+}
+export function lintNoOrphanCatalog() {
+    const hits = [];
+    for (const entry of RED_LINE_CATALOG) {
+        if (entry.enforcerRef === null) {
+            hits.push(syntheticHit('rl-audit-no-orphan-catalog-001', 'every catalog entry has a non-null enforcerRef (or a documented reason)', `(catalog entry ${entry.id} has enforcerRef: null)`));
+        }
+    }
+    return hits;
+}
+export function lintRuntimeBudget(projectRoot, observedMs) {
+    if (observedMs <= RUNTIME_BUDGET_MS)
+        return [];
+    return [syntheticHit('rl-audit-runtime-budget-001', `peaks audit red-lines completes in < ${RUNTIME_BUDGET_MS}ms on a 100-reference project`, `(observed ${observedMs}ms > budget ${RUNTIME_BUDGET_MS}ms)`)];
+}
+/**
+ * Read the catalog-stability history file (if it exists). The
+ * file is a small JSON document maintained by the release
+ * pipeline; absent → null. We do not invent the historical
+ * data; absent data means "soft pass".
+ */
+export function readCatalogHistory(projectRoot) {
+    const path = join(projectRoot, '.peaks', 'audit-catalog-history.json');
+    if (!existsSync(path))
+        return null;
+    try {
+        const raw = JSON.parse(readFileSync(path, 'utf8'));
+        return typeof raw.sizeNinetyDaysAgo === 'number' ? raw.sizeNinetyDaysAgo : null;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/src/services/audit/enforcers/lint-catalog-governance.d.ts

@@ -0,0 +1,27 @@
+/**
+ * P2-a Theme G — catalog governance.
+ *
+ * Two enforcers: catalog size must grow to ≥ 40 (the P2-a target),
+ * and the prose-only ratio must stay ≤ 5% (per spec §10.2 L2
+ * acceptance). Both fire on the catalog's static state — no file
+ * scan, just the catalog itself.
+ */
+import type { LintHit } from './lint-style.js';
+export declare const CATALOG_SIZE_TARGET = 40;
+export declare const PROSE_ONLY_RATIO_TARGET = 0.05;
+export interface CatalogSize {
+    readonly size: number;
+    readonly target: number;
+}
+export interface CatalogProseOnlyRatio {
+    readonly ratio: number;
+    readonly target: number;
+}
+export declare function lintCatalogSize(actualSize: number): readonly LintHit[];
+/**
+ * Prose-only ratio: count catalog entries whose `enforcerRef` is
+ * null (i.e. not backed by a CLI surface) divided by the total
+ * catalog size. Per spec §10.2, the L2 acceptance is ≤ 10% at
+ * P2-a; this slice tightens to ≤ 5%.
+ */
+export declare function lintCatalogProseOnlyRatio(catalogSize: number, proseOnlyCount: number): readonly LintHit[];

package/dist/src/services/audit/enforcers/lint-catalog-governance.js

@@ -0,0 +1,38 @@
+export const CATALOG_SIZE_TARGET = 40;
+export const PROSE_ONLY_RATIO_TARGET = 0.05;
+function syntheticHit(catalogId, rule, matched) {
+    // No specific file to point at — return a synthetic hit against
+    // the catalog source file so the audit report can render a row.
+    const fake = {
+        name: 'catalog',
+        path: 'src/services/audit/red-line-catalog.ts',
+        body: '',
+        lines: [],
+    };
+    return {
+        catalogId,
+        rule,
+        file: fake.path,
+        line: 1,
+        matchedText: matched,
+    };
+}
+export function lintCatalogSize(actualSize) {
+    if (actualSize >= CATALOG_SIZE_TARGET)
+        return [];
+    return [syntheticHit('rl-catalog-total-001', 'Catalog governance: catalog size must grow to ≥ 40 (L2.3 P2-a target)', `(catalog size ${actualSize} < target ${CATALOG_SIZE_TARGET})`)];
+}
+/**
+ * Prose-only ratio: count catalog entries whose `enforcerRef` is
+ * null (i.e. not backed by a CLI surface) divided by the total
+ * catalog size. Per spec §10.2, the L2 acceptance is ≤ 10% at
+ * P2-a; this slice tightens to ≤ 5%.
+ */
+export function lintCatalogProseOnlyRatio(catalogSize, proseOnlyCount) {
+    if (catalogSize === 0)
+        return [];
+    const ratio = proseOnlyCount / catalogSize;
+    if (ratio <= PROSE_ONLY_RATIO_TARGET)
+        return [];
+    return [syntheticHit('rl-catalog-prose-only-ratio-001', 'Catalog governance: prose-only ratio must stay ≤ 5% (per §10.2 L2 acceptance)', `(prose-only ratio ${(ratio * 100).toFixed(1)}% > target ${PROSE_ONLY_RATIO_TARGET * 100}%; ${proseOnlyCount}/${catalogSize})`)];
+}

package/dist/src/services/audit/enforcers/lint-cli-back.d.ts

@@ -0,0 +1,16 @@
+/**
+ * P2-a Theme D — CLI-back gaps enforcers.
+ *
+ * A red line that says "BLOCKING" / "MANDATORY" / "MUST NOT" / "MUST"
+ * / "REQUIRED" must point at a `peaks *` enforcer in the
+ * surrounding ±2 lines, or it stays as `prose-only` (per §5.2).
+ *
+ * The enforcer walks each skill body, locates every
+ * `MANDATORY` / `BLOCKING` / `MUST NOT` marker, and reports an
+ * orphan-hit when the surrounding text does NOT name a peaks CLI
+ * command.
+ */
+import type { LintHit, SkillFile } from './lint-style.js';
+export declare function lintCliBackMandatorText(skill: SkillFile): readonly LintHit[];
+export declare function lintCliBackNoOrphanBlocking(skill: SkillFile): readonly LintHit[];
+export declare function lintCliBackNoOrphanMustNot(skill: SkillFile): readonly LintHit[];

package/dist/src/services/audit/enforcers/lint-cli-back.js

@@ -0,0 +1,35 @@
+const MANDATORY_PATTERN = /\bMANDATORY\b/;
+const BLOCKING_PATTERN = /\bBLOCKING\b/;
+const MUST_NOT_PATTERN = /\bMUST NOT\b/;
+const PEAKS_CLI_PATTERN = /\bpeaks\s+[a-z][a-z0-9-]*/;
+function findOrphans(skill, pattern, catalogId, rule) {
+    const hits = [];
+    for (let i = 0; i < skill.lines.length; i += 1) {
+        const line = skill.lines[i] ?? '';
+        if (!pattern.test(line))
+            continue;
+        // Look at ±2 lines for a `peaks *` reference
+        const ctx = skill.lines
+            .slice(Math.max(0, i - 2), Math.min(skill.lines.length, i + 3))
+            .join('\n');
+        if (!PEAKS_CLI_PATTERN.test(ctx)) {
+            hits.push({
+                catalogId,
+                rule,
+                file: skill.path,
+                line: i + 1,
+                matchedText: line.trim()
+            });
+        }
+    }
+    return hits;
+}
+export function lintCliBackMandatorText(skill) {
+    return findOrphans(skill, MANDATORY_PATTERN, 'rl-cli-back-mandatory-text-001', 'MANDATORY text has peaks * enforcer in the surrounding ±2 lines');
+}
+export function lintCliBackNoOrphanBlocking(skill) {
+    return findOrphans(skill, BLOCKING_PATTERN, 'rl-cli-back-no-orphan-blocking-001', 'no orphan BLOCKING marker without a peaks * enforcer');
+}
+export function lintCliBackNoOrphanMustNot(skill) {
+    return findOrphans(skill, MUST_NOT_PATTERN, 'rl-cli-back-no-orphan-must-not-001', 'no orphan MUST NOT marker without a peaks * enforcer');
+}

package/dist/src/services/audit/enforcers/lint-output-style.d.ts

@@ -0,0 +1,11 @@
+import type { LintHit, SkillFile } from './lint-style.js';
+export declare function lintNoFluff(skill: SkillFile): readonly LintHit[];
+export declare function lintNoClosingPrompt(skill: SkillFile): readonly LintHit[];
+/**
+ * Status header detection: scan the most-recent session log for the
+ * canonical header line. The session log is read from the project's
+ * `.peaks/_runtime/<sid>/session.log` (or the audit's per-test
+ * fixture). For static analysis (no session), the lint returns an
+ * empty array (the runtime check is elsewhere).
+ */
+export declare function lintStatusHeader(projectRoot: string, sessionId: string): readonly LintHit[];

package/dist/src/services/audit/enforcers/lint-output-style.js

@@ -0,0 +1,94 @@
+/**
+ * P2-a Theme C — output style enforcers.
+ *
+ * The peaks-cli dogfood rule: every skill response carries a status
+ * header (`Peaks-Cli Skill: <name> | Peaks-Cli Gate: <gate> | Next:
+ * <action>`), the SKILL.md body has no greeting/closing-prompt
+ * flattery, and the status header is detectable in the recent
+ * session transcript (test-only fixture).
+ *
+ * The status-header detection is a real check on the fixture's
+ * most-recent session file; the no-fluff and no-closing-prompt
+ * checks are static pattern scans of the skill's SKILL.md.
+ */
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+const FLUFF_GREETINGS = [
+    /\b你好[！!。，,.]?\s*$/m,
+    /^\s*你好[！!。，,.]?\s*$/m,
+    /\bHello[,，]?\s*I am\b/i,
+    /\bI am (an? )?(helpful )?assistant\b/i,
+    /\b作为一个 AI\b/,
+    /\b我是 (一个 )?AI\b/,
+    /\b作为一个\b/,
+    /\b我是(助手|模型|AI)/i
+];
+const CLOSING_PROMPTS = [
+    /\bLet me know if you need\b/i,
+    /\b如有(任何)?需要\b/,
+    /\b如有需要\b/,
+    /\bfeel free to ask\b/i,
+    /\bdo not hesitate to\b/i,
+    /\b随时(欢迎)?(联系|提问)/i,
+    /\b随时 (欢迎 )?(联系|提问)/i
+];
+const STATUS_HEADER_PATTERN = /Peaks-Cli Skill:\s*peaks-[a-z0-9-]+\s*\|\s*Peaks-Cli Gate:\s*[A-Za-z0-9_.-]+\s*\|\s*Next:\s*\S/;
+export function lintNoFluff(skill) {
+    const hits = [];
+    for (const pattern of FLUFF_GREETINGS) {
+        const lineIdx = skill.lines.findIndex((l) => pattern.test(l));
+        if (lineIdx !== -1) {
+            hits.push({
+                catalogId: 'rl-output-style-no-fluff-001',
+                rule: 'no greeting / persona fluff in SKILL.md',
+                file: skill.path,
+                line: lineIdx + 1,
+                matchedText: (skill.lines[lineIdx] ?? '').trim()
+            });
+        }
+    }
+    return hits;
+}
+export function lintNoClosingPrompt(skill) {
+    const hits = [];
+    for (const pattern of CLOSING_PROMPTS) {
+        const lineIdx = skill.lines.findIndex((l) => pattern.test(l));
+        if (lineIdx !== -1) {
+            hits.push({
+                catalogId: 'rl-output-style-no-closing-prompt-001',
+                rule: 'no closing-prompt flattery',
+                file: skill.path,
+                line: lineIdx + 1,
+                matchedText: (skill.lines[lineIdx] ?? '').trim()
+            });
+        }
+    }
+    return hits;
+}
+/**
+ * Status header detection: scan the most-recent session log for the
+ * canonical header line. The session log is read from the project's
+ * `.peaks/_runtime/<sid>/session.log` (or the audit's per-test
+ * fixture). For static analysis (no session), the lint returns an
+ * empty array (the runtime check is elsewhere).
+ */
+export function lintStatusHeader(projectRoot, sessionId) {
+    const logPath = join(projectRoot, '.peaks', '_runtime', sessionId, 'session.log');
+    let body;
+    try {
+        body = readFileSync(logPath, 'utf8');
+    }
+    catch {
+        return [];
+    }
+    if (!STATUS_HEADER_PATTERN.test(body)) {
+        return [{
+                catalogId: 'rl-output-style-status-header-001',
+                rule: 'Peaks-Cli status header on every response',
+                file: logPath,
+                line: 1,
+                matchedText: '(no Peaks-Cli Skill / Gate / Next header found in session.log)'
+            }];
+    }
+    return [];
+}

package/dist/src/services/audit/enforcers/lint-reference-integrity.d.ts

@@ -0,0 +1,6 @@
+import type { LintHit, SkillFile } from './lint-style.js';
+/** Theme E — reference integrity. */
+export declare function lintRefPathResolves(skillsRoot: string, name: string, refs: readonly string[]): readonly LintHit[];
+export declare function lintNoBrokenMkdir(skill: SkillFile): readonly LintHit[];
+export declare function lintNoPwdSymlinkJumps(skill: SkillFile): readonly LintHit[];
+export declare function lintNoRelativeArchivePaths(skill: SkillFile): readonly LintHit[];