peaks-cli 1.4.2 → 2.0.0

package/dist/src/services/audit/enforcers/lint-workflow-shape.js

@@ -0,0 +1,141 @@
+/**
+ * P2-a Theme F - workflow-bound shape enforcers.
+ *
+ * Static pattern scans of openspec/changes/STAR/proposal.md, the
+ * rd/tech-doc.md template, and the request-artifact-writing skills
+ * for canonical shape (acceptance bullets, spec reference,
+ * red-line scope, peaks-doctor acknowledgement).
+ */
+import { existsSync, lstatSync, readdirSync, readFileSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+const AC_BULLET_PATTERN = /^\s*-\s+\S/m;
+const SPEC_REFERENCE_HEADING = /^##\s+Spec reference(?:\s+\(canonical\))?\s*$/im;
+const RED_LINE_SCOPE_HEADING = /^##\s+Red-line scope\s*$/im;
+const IMPL_EVIDENCE_HEADING = /^##\s+Implementation evidence\s*$/im;
+const PEAKS_DOCTOR_PATTERN = /\bpeaks[- ]doctor\b/i;
+export function lintOpenSpecAcceptanceBullets(projectRoot) {
+    const openspecDir = join(projectRoot, 'openspec', 'changes');
+    if (!existsSync(openspecDir))
+        return [];
+    const hits = [];
+    for (const entry of readdirSync(openspecDir)) {
+        const stat = statSync(join(openspecDir, entry));
+        if (!stat.isDirectory())
+            continue;
+        const proposal = join(openspecDir, entry, 'proposal.md');
+        if (!existsSync(proposal))
+            continue;
+        const body = readFileSync(proposal, 'utf8');
+        // Slice ## Acceptance Criteria heading.
+        const acMatch = /##\s+Acceptance Criteria\s*$/im.exec(body);
+        if (acMatch === null) {
+            hits.push({
+                catalogId: 'rl-openspec-proposal-has-acceptance-bullets-001',
+                rule: 'openspec proposal has non-empty Acceptance Criteria bullets',
+                file: proposal,
+                line: 1,
+                matchedText: '(missing ## Acceptance Criteria heading)'
+            });
+            continue;
+        }
+        // Capture everything from ## Acceptance Criteria up to the next ## heading.
+        const tail = body.slice(acMatch.index + acMatch[0].length);
+        const nextHeading = tail.search(/^##\s/m);
+        const acBlock = nextHeading === -1 ? tail : tail.slice(0, nextHeading);
+        if (!AC_BULLET_PATTERN.test(acBlock)) {
+            hits.push({
+                catalogId: 'rl-openspec-proposal-has-acceptance-bullets-001',
+                rule: 'openspec proposal has non-empty Acceptance Criteria bullets',
+                file: proposal,
+                line: 1,
+                matchedText: '(no `- ` bullet under ## Acceptance Criteria)'
+            });
+        }
+    }
+    return hits;
+}
+export function lintOpenSpecSpecReference(projectRoot) {
+    const openspecDir = join(projectRoot, 'openspec', 'changes');
+    if (!existsSync(openspecDir))
+        return [];
+    const hits = [];
+    for (const entry of readdirSync(openspecDir)) {
+        const stat = statSync(join(openspecDir, entry));
+        if (!stat.isDirectory())
+            continue;
+        const proposal = join(openspecDir, entry, 'proposal.md');
+        if (!existsSync(proposal))
+            continue;
+        const body = readFileSync(proposal, 'utf8');
+        if (!SPEC_REFERENCE_HEADING.test(body)) {
+            hits.push({
+                catalogId: 'rl-openspec-proposal-has-spec-changes-001',
+                rule: 'openspec proposal has Spec reference (canonical) link',
+                file: proposal,
+                line: 1,
+                matchedText: '(missing ## Spec reference (canonical) heading)'
+            });
+        }
+    }
+    return hits;
+}
+export function lintTechDocPresenceShape(projectRoot) {
+    // Scan every session's rd/tech-doc.md for the two required
+    // sections. The session dir is .peaks/_runtime/<sid>/.
+    // .peaks/_runtime/ also contains marker files like
+    // `active-skill.json`, `classify-audit.jsonl`, and a
+    // `current-change` symlink (per slice 2026-06-12-postinstall-
+    // 1x-detector-tdd, the current-change symlink can be broken
+    // across major session boundaries). Use lstatSync (does not
+    // follow symlinks) + isSymbolicLink guard so broken symlinks
+    // and marker files are skipped, not crashed on.
+    const runtimeDir = join(projectRoot, '.peaks', '_runtime');
+    if (!existsSync(runtimeDir))
+        return [];
+    const hits = [];
+    for (const sessionEntry of readdirSync(runtimeDir)) {
+        const sessionDir = join(runtimeDir, sessionEntry);
+        let stat;
+        try {
+            stat = lstatSync(sessionDir);
+        }
+        catch {
+            // broken symlink or unreadable entry — skip
+            continue;
+        }
+        if (stat.isSymbolicLink() || !stat.isDirectory())
+            continue;
+        const techDoc = join(sessionDir, 'rd', 'tech-doc.md');
+        if (!existsSync(techDoc))
+            continue;
+        const body = readFileSync(techDoc, 'utf8');
+        if (!RED_LINE_SCOPE_HEADING.test(body) || !IMPL_EVIDENCE_HEADING.test(body)) {
+            hits.push({
+                catalogId: 'rl-tech-doc-presence-pre-rd-001',
+                rule: 'rd/tech-doc.md has Red-line scope + Implementation evidence',
+                file: techDoc,
+                line: 1,
+                matchedText: '(missing ## Red-line scope or ## Implementation evidence)'
+            });
+        }
+    }
+    return hits;
+}
+export function lintPeaksDoctorAcknowledged(skill) {
+    // The enforcer fires only for skills that write a request
+    // artifact (rd / qa / prd / ui / sc / txt) — detected by the
+    // presence of `peaks request init` or `peaks request show` in
+    // the body.
+    const writesRequestArtifact = /\bpeaks\s+request\s+(init|show|transition)\b/.test(skill.body);
+    if (!writesRequestArtifact)
+        return [];
+    if (PEAKS_DOCTOR_PATTERN.test(skill.body))
+        return [];
+    return [{
+            catalogId: 'rl-peaks-doctor-skill-acknowledged-001',
+            rule: 'skill that writes a request artifact acknowledges peaks doctor',
+            file: skill.path,
+            line: 1,
+            matchedText: '(no peaks doctor / peaks-doctor mention in skill body)'
+        }];
+}

package/dist/src/services/audit/enforcers/login-gate.d.ts

@@ -0,0 +1,23 @@
+/**
+ * login-gate enforcer (L2.2 P1) — verifies destructive / auth-required
+ * paths require explicit user confirmation.
+ *
+ * Two red lines:
+ *   - rl-login-gate-001: destructive paths (uninstall, drop, force-push) must
+ *     require user confirmation
+ *   - rl-login-gate-002: protected paths (auth-required) must check session
+ *
+ * This is a static-check enforcer: the actual runtime gate is in
+ * `peaks mode-enforcement` (the requireUserConfirmation function). The
+ * catalog entry points to this file; the audit flags it as cli-backed
+ * when the integration is wired (L2.2 ships the wiring).
+ */
+export interface LoginGateInput {
+    readonly command: string;
+}
+export interface LoginGateResult {
+    readonly destructive: boolean;
+    readonly protected: boolean;
+    readonly matchedPattern: string | null;
+}
+export declare function checkLoginGate(input: LoginGateInput): LoginGateResult;

package/dist/src/services/audit/enforcers/login-gate.js

@@ -0,0 +1,40 @@
+/**
+ * login-gate enforcer (L2.2 P1) — verifies destructive / auth-required
+ * paths require explicit user confirmation.
+ *
+ * Two red lines:
+ *   - rl-login-gate-001: destructive paths (uninstall, drop, force-push) must
+ *     require user confirmation
+ *   - rl-login-gate-002: protected paths (auth-required) must check session
+ *
+ * This is a static-check enforcer: the actual runtime gate is in
+ * `peaks mode-enforcement` (the requireUserConfirmation function). The
+ * catalog entry points to this file; the audit flags it as cli-backed
+ * when the integration is wired (L2.2 ships the wiring).
+ */
+const DESTRUCTIVE_PATH_PATTERNS = [
+    /uninstall/i,
+    /\bdrop\b/i,
+    /force-push/i,
+    /--force\b/,
+    /--hard\b/,
+    /rm\s+-rf?\b/,
+];
+const PROTECTED_PATH_PATTERNS = [
+    /auth/i,
+    /login/i,
+    /session/i,
+];
+export function checkLoginGate(input) {
+    for (const pattern of DESTRUCTIVE_PATH_PATTERNS) {
+        if (pattern.test(input.command)) {
+            return { destructive: true, protected: false, matchedPattern: pattern.source };
+        }
+    }
+    for (const pattern of PROTECTED_PATH_PATTERNS) {
+        if (pattern.test(input.command)) {
+            return { destructive: false, protected: true, matchedPattern: pattern.source };
+        }
+    }
+    return { destructive: false, protected: false, matchedPattern: null };
+}

package/dist/src/services/audit/enforcers/mock-placement.d.ts

@@ -0,0 +1,25 @@
+/**
+ * mock-placement enforcer — scans changed files for inline mock-data
+ * patterns and fails the slice check if any changed file under `src/` or
+ * `skills/` contains `mockData: { ... }`, `fixtures = { ... }`, or a
+ * multi-line `const fooMock = { ... }` literal.
+ *
+ * Per L2 redesign §5.4. Mocks belong in `tests/fixtures/`, not inline.
+ * Per `references/mock-data-placement.md` from peaks-rd: framework-aware
+ * mock placement. peaks-cli has no UI framework, but the rule still
+ * applies for non-fixture files.
+ */
+export interface MockPlacementCheckInput {
+    readonly filePath: string;
+    readonly content: string;
+}
+export interface MockPlacementViolation {
+    readonly filePath: string;
+    readonly pattern: string;
+    readonly snippet: string;
+}
+export declare function hasInlineMock(content: string): MockPlacementViolation | null;
+export declare function findMockViolations(changedFiles: readonly {
+    filePath: string;
+    content: string;
+}[]): readonly MockPlacementViolation[];

package/dist/src/services/audit/enforcers/mock-placement.js

@@ -0,0 +1,48 @@
+/**
+ * mock-placement enforcer — scans changed files for inline mock-data
+ * patterns and fails the slice check if any changed file under `src/` or
+ * `skills/` contains `mockData: { ... }`, `fixtures = { ... }`, or a
+ * multi-line `const fooMock = { ... }` literal.
+ *
+ * Per L2 redesign §5.4. Mocks belong in `tests/fixtures/`, not inline.
+ * Per `references/mock-data-placement.md` from peaks-rd: framework-aware
+ * mock placement. peaks-cli has no UI framework, but the rule still
+ * applies for non-fixture files.
+ */
+const MOCK_PATTERNS = [
+    /\bmockData\s*[:=]\s*\{/,
+    /\bfixtures?\s*=\s*\{/,
+    /const\s+\w*[Mm]ock\w*\s*=\s*\{[\s\S]{20,}/,
+];
+export function hasInlineMock(content) {
+    for (const pattern of MOCK_PATTERNS) {
+        const match = pattern.exec(content);
+        if (match) {
+            return {
+                filePath: '',
+                pattern: pattern.source,
+                snippet: match[0].slice(0, 80),
+            };
+        }
+    }
+    return null;
+}
+export function findMockViolations(changedFiles) {
+    const violations = [];
+    for (const { filePath, content } of changedFiles) {
+        // Mocks are allowed in tests/fixtures/. The slice check is invoked
+        // with the diff-vs-scope output, which already filters out
+        // test/fixture paths; this guard is a safety net.
+        if (filePath.includes('tests/fixtures/'))
+            continue;
+        if (filePath.includes('__fixtures__'))
+            continue;
+        if (!filePath.startsWith('src/') && !filePath.startsWith('skills/'))
+            continue;
+        const violation = hasInlineMock(content);
+        if (violation) {
+            violations.push({ ...violation, filePath });
+        }
+    }
+    return violations;
+}

package/dist/src/services/audit/enforcers/no-root-pollution.d.ts

@@ -0,0 +1,21 @@
+/**
+ * no-root-pollution enforcer — PreToolUse Write/Edit guard.
+ *
+ * Per L2 redesign §5.4. Deny writes to <project>/root for files NOT in
+ * the documented allowlist. The allowlist is hand-maintained for v1; a
+ * follow-up slice can expose it via `peaks standards`.
+ *
+ * Trust red line: this hook MUST fail-open on registry / FS errors. The
+ * LLM is never bricked by a peaks bug.
+ */
+export interface RootWriteCheckInput {
+    readonly projectRoot: string;
+    readonly filePath: string;
+}
+export interface RootWriteCheckResult {
+    readonly isRoot: boolean;
+    readonly allowed: boolean;
+    readonly topSegment: string;
+    readonly denyReason: string;
+}
+export declare function isRootWrite(input: RootWriteCheckInput): RootWriteCheckResult;

package/dist/src/services/audit/enforcers/no-root-pollution.js

@@ -0,0 +1,56 @@
+/**
+ * no-root-pollution enforcer — PreToolUse Write/Edit guard.
+ *
+ * Per L2 redesign §5.4. Deny writes to <project>/root for files NOT in
+ * the documented allowlist. The allowlist is hand-maintained for v1; a
+ * follow-up slice can expose it via `peaks standards`.
+ *
+ * Trust red line: this hook MUST fail-open on registry / FS errors. The
+ * LLM is never bricked by a peaks bug.
+ */
+import { resolve } from 'node:path';
+const ROOT_FILE_ALLOWLIST = new Set([
+    // Top-level docs
+    'README.md', 'README-en.md', 'LICENSE', 'LICENSE.md', 'NOTICE', 'CONTRIBUTING.md',
+    'CHANGELOG.md', 'AUTHORS', 'CONTRIBUTORS',
+    // Build / package manifests
+    'package.json', 'pnpm-lock.yaml', 'pnpm-workspace.yaml', 'tsconfig.json',
+    'tsconfig.*.json', 'vitest.config.ts', 'vite.config.ts', '.npmrc', '.nvmrc',
+    // VCS / editor
+    '.gitignore', '.gitattributes', '.editorconfig', '.gitkeep',
+    // Project-local config dirs (peaks-cli convention)
+    'openspec', '.peaks', '.claude', '.peaksrc',
+    // Source dirs (writes into them are normal)
+    'src', 'tests', 'bin', 'scripts', 'schemas', 'output-styles', 'docs',
+    // Skills are allowed at root
+    'skills',
+    // Generated / ignored
+    'dist', 'node_modules', 'coverage', '.nyc_output',
+]);
+export function isRootWrite(input) {
+    const projectRoot = resolve(input.projectRoot);
+    const filePath = resolve(input.filePath);
+    const rel = filePath.startsWith(projectRoot)
+        ? filePath.slice(projectRoot.length).replace(/^[\\/]+/, '')
+        : filePath;
+    const topSegment = rel.split(/[\\/]/)[0] ?? '';
+    // If file is NOT at root (e.g. src/foo/bar.ts), the top segment is "src"
+    // which is in the allowlist. This handler only flags FILES AT THE ROOT
+    // (top-level), so check whether the file is exactly at root depth.
+    const segments = rel.split(/[\\/]/).filter(Boolean);
+    const isAtRoot = segments.length === 1;
+    if (!isAtRoot) {
+        return { isRoot: false, allowed: true, topSegment, denyReason: '' };
+    }
+    if (ROOT_FILE_ALLOWLIST.has(topSegment)) {
+        return { isRoot: true, allowed: true, topSegment, denyReason: '' };
+    }
+    return {
+        isRoot: true,
+        allowed: false,
+        topSegment,
+        denyReason: `no-root-pollution: file "${rel}" is not in the root allowlist. ` +
+            `Move it under docs/, tests/, skills/, or another documented directory, ` +
+            `or add it to ROOT_FILE_ALLOWLIST in src/services/audit/enforcers/no-root-pollution.ts.`,
+    };
+}

package/dist/src/services/audit/enforcers/pre-rd-scan.d.ts

@@ -0,0 +1,22 @@
+/**
+ * pre-rd-scan enforcer (L2.2 P1) — verifies the project has been scanned
+ * before the rd implementation phase begins.
+ *
+ * Two red lines:
+ *   - rl-pre-rd-scan-001: peaks scan archetype must have been run
+ *   - rl-pre-rd-scan-002: peaks standards preflight must have been run
+ *
+ * Detected by checking for the project-scan.md and standards reports in
+ * the session dir. Both are produced by the pre-RD workflow.
+ */
+export interface PreRdScanInput {
+    readonly projectRoot: string;
+    readonly sessionId: string;
+}
+export interface PreRdScanResult {
+    readonly archetypeScanned: boolean;
+    readonly archetypeReportPath: string;
+    readonly standardsPreflightDone: boolean;
+    readonly standardsReportPath: string;
+}
+export declare function checkPreRdScan(input: PreRdScanInput): PreRdScanResult;

package/dist/src/services/audit/enforcers/pre-rd-scan.js

@@ -0,0 +1,23 @@
+/**
+ * pre-rd-scan enforcer (L2.2 P1) — verifies the project has been scanned
+ * before the rd implementation phase begins.
+ *
+ * Two red lines:
+ *   - rl-pre-rd-scan-001: peaks scan archetype must have been run
+ *   - rl-pre-rd-scan-002: peaks standards preflight must have been run
+ *
+ * Detected by checking for the project-scan.md and standards reports in
+ * the session dir. Both are produced by the pre-RD workflow.
+ */
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+export function checkPreRdScan(input) {
+    const archetypeReportPath = join(input.projectRoot, '.peaks/_runtime', input.sessionId, 'rd/project-scan.md');
+    const standardsReportPath = join(input.projectRoot, '.peaks/_runtime', input.sessionId, 'standards-preflight.json');
+    return {
+        archetypeScanned: existsSync(archetypeReportPath),
+        archetypeReportPath,
+        standardsPreflightDone: existsSync(standardsReportPath),
+        standardsReportPath,
+    };
+}

package/dist/src/services/audit/enforcers/prototype-fidelity.d.ts

@@ -0,0 +1,25 @@
+/**
+ * prototype-fidelity enforcer (L2.2 P1) — verifies a prototype is
+ * functional (not a stub).
+ *
+ * Two red lines:
+ *   - rl-prototype-fidelity-001: prototype files must not contain TODO/FIXME/XXX
+ *   - rl-prototype-fidelity-002: prototype must have at least 1 passing test
+ *
+ * (L2.2 ships the source-level check; deeper test-running integration is
+ * deferred to a follow-up slice.)
+ */
+export interface PrototypeFidelityInput {
+    readonly projectRoot: string;
+    readonly filePaths: readonly string[];
+}
+export interface PrototypeFidelityResult {
+    readonly stubMarkers: readonly {
+        filePath: string;
+        pattern: string;
+        snippet: string;
+    }[];
+    readonly testFiles: readonly string[];
+}
+export declare function findStubMarkers(input: PrototypeFidelityInput): PrototypeFidelityResult;
+export declare function findTestFiles(projectRoot: string, sourceDir: string): readonly string[];

package/dist/src/services/audit/enforcers/prototype-fidelity.js

@@ -0,0 +1,75 @@
+/**
+ * prototype-fidelity enforcer (L2.2 P1) — verifies a prototype is
+ * functional (not a stub).
+ *
+ * Two red lines:
+ *   - rl-prototype-fidelity-001: prototype files must not contain TODO/FIXME/XXX
+ *   - rl-prototype-fidelity-002: prototype must have at least 1 passing test
+ *
+ * (L2.2 ships the source-level check; deeper test-running integration is
+ * deferred to a follow-up slice.)
+ */
+import { existsSync, readdirSync, readFileSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+const STUB_MARKER_PATTERNS = [
+    /\bTODO\b/,
+    /\bFIXME\b/,
+    /\bXXX\b/,
+    /\bHACK\b/,
+    /\bstub\b\s*[:=]/i,
+    /\bnot implemented\b/i,
+];
+export function findStubMarkers(input) {
+    const markers = [];
+    for (const filePath of input.filePaths) {
+        const abs = join(input.projectRoot, filePath);
+        let content;
+        try {
+            content = readFileSync(abs, 'utf8');
+        }
+        catch {
+            continue;
+        }
+        for (const pattern of STUB_MARKER_PATTERNS) {
+            const match = pattern.exec(content);
+            if (match !== null) {
+                markers.push({ filePath, pattern: pattern.source, snippet: match[0] });
+            }
+        }
+    }
+    return { stubMarkers: markers, testFiles: [] };
+}
+export function findTestFiles(projectRoot, sourceDir) {
+    const testsDir = join(projectRoot, sourceDir.replace(/^src\//, 'tests/'));
+    if (!existsSync(testsDir))
+        return [];
+    try {
+        const stat = statSync(testsDir);
+        if (!stat.isDirectory())
+            return [];
+    }
+    catch {
+        return [];
+    }
+    const result = [];
+    const walk = (dir) => {
+        let entries;
+        try {
+            entries = readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            const full = join(dir, entry.name);
+            if (entry.isDirectory()) {
+                walk(full);
+            }
+            else if (entry.isFile() && /\.(test|spec)\.ts$/.test(entry.name)) {
+                result.push(full);
+            }
+        }
+    };
+    walk(testsDir);
+    return result;
+}

package/dist/src/services/audit/enforcers/resume-detection.d.ts

@@ -0,0 +1,21 @@
+/**
+ * resume-detection enforcer (L2.2 P1) — verifies a slice can be resumed
+ * before the LLM continues work on it.
+ *
+ * Two red lines:
+ *   - rl-resume-detection-001: session-binding file must exist
+ *   - rl-resume-detection-002: existing rd request state must be in
+ *     {spec-locked, implemented, qa-handoff} (resumable states)
+ */
+export interface ResumeDetectionInput {
+    readonly projectRoot: string;
+    readonly sessionId: string;
+}
+export interface ResumeDetectionResult {
+    readonly sessionBindingExists: boolean;
+    readonly sessionBindingPath: string;
+    readonly requestState: string | null;
+    readonly requestStatePath: string;
+    readonly canResume: boolean;
+}
+export declare function checkResume(input: ResumeDetectionInput): ResumeDetectionResult;

package/dist/src/services/audit/enforcers/resume-detection.js

@@ -0,0 +1,52 @@
+/**
+ * resume-detection enforcer (L2.2 P1) — verifies a slice can be resumed
+ * before the LLM continues work on it.
+ *
+ * Two red lines:
+ *   - rl-resume-detection-001: session-binding file must exist
+ *   - rl-resume-detection-002: existing rd request state must be in
+ *     {spec-locked, implemented, qa-handoff} (resumable states)
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+const RESUMABLE_STATES = new Set(['spec-locked', 'implemented', 'qa-handoff']);
+export function checkResume(input) {
+    const sessionBindingPath = join(input.projectRoot, '.peaks/_runtime', input.sessionId, 'session.json');
+    const sessionBindingExists = existsSync(sessionBindingPath);
+    // The rd request artifact lives under .peaks/_runtime/<sid>/rd/requests/<rid>.md
+    // (canonical session layout per `src-services-session-canonical-workspace-resolver.md`).
+    // We look at the most-recent rd request to detect state. The full request-artifact
+    // service is the authoritative source; this is a lightweight check for the audit
+    // scanner.
+    const rdDir = join(input.projectRoot, '.peaks/_runtime', input.sessionId, 'rd/requests');
+    let requestState = null;
+    let requestStatePath = '';
+    if (existsSync(rdDir)) {
+        try {
+            const files = require('node:fs').readdirSync(rdDir);
+            for (const file of files) {
+                if (!file.endsWith('.md'))
+                    continue;
+                const path = join(rdDir, file);
+                const content = readFileSync(path, 'utf8');
+                const match = /state:\s*([a-z0-9-]+)/i.exec(content);
+                if (match !== null) {
+                    requestState = match[1] ?? null;
+                    requestStatePath = path;
+                    break;
+                }
+            }
+        }
+        catch {
+            // ignore read errors
+        }
+    }
+    const canResume = sessionBindingExists && requestState !== null && RESUMABLE_STATES.has(requestState);
+    return {
+        sessionBindingExists,
+        sessionBindingPath,
+        requestState,
+        requestStatePath,
+        canResume,
+    };
+}

package/dist/src/services/audit/enforcers/solo-code-ban.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Solo-code-ban enforcer — PreToolUse Bash guard.
+ *
+ * Per L2 redesign §5.4. Deny `git commit` or `git apply` invocations from
+ * a peaks-* skill. The Solo Code-Change Red Line says peaks-solo / peaks-rd
+ * are orchestrators, not implementers; the actual `git commit` step must
+ * go through `peaks request transition`, which itself enforces spec-locked
+ * + tech-doc-presence.
+ *
+ * Trust red line (per `gate-enforcement-hook.md`): if the registry or
+ * manifest read fails, the hook must fail-OPEN (warn + allow). The LLM is
+ * never bricked by a peaks bug.
+ */
+export interface SoloCodeBanInput {
+    readonly skill: string;
+    readonly command: string;
+}
+export interface SoloCodeBanResult {
+    readonly denied: boolean;
+    readonly reason: string;
+}
+export declare function isSoloCodeCommit(skill: string, command: string): boolean;
+export declare function evaluateSoloCodeBan(input: SoloCodeBanInput): SoloCodeBanResult;

package/dist/src/services/audit/enforcers/solo-code-ban.js

@@ -0,0 +1,27 @@
+/**
+ * Solo-code-ban enforcer — PreToolUse Bash guard.
+ *
+ * Per L2 redesign §5.4. Deny `git commit` or `git apply` invocations from
+ * a peaks-* skill. The Solo Code-Change Red Line says peaks-solo / peaks-rd
+ * are orchestrators, not implementers; the actual `git commit` step must
+ * go through `peaks request transition`, which itself enforces spec-locked
+ * + tech-doc-presence.
+ *
+ * Trust red line (per `gate-enforcement-hook.md`): if the registry or
+ * manifest read fails, the hook must fail-OPEN (warn + allow). The LLM is
+ * never bricked by a peaks bug.
+ */
+const COMMIT_APPLY_PATTERN = /^\s*git\s+(commit|apply)\b/;
+const DENY_REASON = 'Solo Code-Change Red Line: peaks-* skills must go through peaks-solo / peaks-rd. ' +
+    'Use `peaks request transition` instead of `git commit` / `git apply` directly.';
+export function isSoloCodeCommit(skill, command) {
+    if (!skill.startsWith('peaks-'))
+        return false;
+    return COMMIT_APPLY_PATTERN.test(command);
+}
+export function evaluateSoloCodeBan(input) {
+    if (isSoloCodeCommit(input.skill, input.command)) {
+        return { denied: true, reason: DENY_REASON };
+    }
+    return { denied: false, reason: '' };
+}

package/dist/src/services/audit/enforcers/sub-agent-sid.d.ts

@@ -0,0 +1,25 @@
+/**
+ * sub-agent-sid enforcer — dogfood of Slice 0.5 sid-naming-guard.
+ *
+ * Per L2 redesign §5.4, "sub-agent-sid" is one of the 5 P0 red lines.
+ * Slice 0.5 (Task 7) shipped `isValidSessionId` in
+ * `src/services/workspace/sid-naming-guard.ts`. This enforcer exposes the
+ * same check to the red-line audit framework, so any invalid sid under
+ * `.peaks/_sub_agents/` shows up as a backable red line in the audit.
+ */
+export interface SubAgentSidCheckResult {
+    readonly invalid: readonly string[];
+    readonly valid: readonly string[];
+    readonly scanned: boolean;
+}
+/**
+ * Find sids under `.peaks/_sub_agents/<sid>/` that fail `isValidSessionId`.
+ * Bare forms (sid-3, unknown-sid) and date-mismatched sids all fail.
+ */
+export declare function findInvalidSubAgentSids(projectRoot: string): SubAgentSidCheckResult;
+/**
+ * Same check, for `.peaks/_runtime/<sid>/`. Slice 0.5's clean-service
+ * already handles the sub-agents dir; the audit framework also wants to
+ * know about invalid runtime sids (which would be a different failure mode).
+ */
+export declare function findInvalidRuntimeSids(projectRoot: string): SubAgentSidCheckResult;