pluribus-context 0.3.35 → 0.3.37

package/examples/loaded-resource-boundary/loaded-resource-boundary.json

@@ -0,0 +1,69 @@
+{
+  "receipt_type": "pluribus.loaded_resource_boundary.v1",
+  "scenario": "custom-agent skill parity across chat and ACP/Zed",
+  "expected_resources": [
+    {
+      "id": "skill:pr-review",
+      "kind": "skill",
+      "scope": "project",
+      "source_ref": ".kiro/skills/pr-review/SKILL.md",
+      "source_hash": "sha256:7fb8c53b1b1f9b0e0f5a6fdab315b748c64c8b926fdff3d1d6fe6b3f5c8c6a01",
+      "required": true
+    },
+    {
+      "id": "skill:release-notes",
+      "kind": "skill",
+      "scope": "project",
+      "source_ref": ".kiro/skills/release-notes/SKILL.md",
+      "source_hash": "sha256:290d6bbf8d43b5b3f9134718ce9f7b6d08cc25f1a0e9255f5b8ceadcab4e6c18",
+      "required": false
+    }
+  ],
+  "sessions": [
+    {
+      "session_id": "chat-reviewer-2026-06-03",
+      "runtime": "chat",
+      "client": "kiro-desktop",
+      "client_version": "2.5.1",
+      "agent": "reviewer",
+      "task_hash": "sha256:9ed0fd91ef88f64a7de10e7fbab4e979ec6b13701d8a7569e3d4ad4ed9932a9a",
+      "discovered_resources": ["skill:pr-review", "skill:release-notes"],
+      "attached_resources": ["skill:pr-review", "skill:release-notes"],
+      "injected_resources": ["skill:pr-review"],
+      "readable_resources": ["skill:pr-review"],
+      "skipped_resources": [
+        {
+          "id": "skill:release-notes",
+          "stage": "injected",
+          "reason": "trigger_not_matched"
+        }
+      ]
+    },
+    {
+      "session_id": "acp-zed-reviewer-2026-06-03",
+      "runtime": "acp",
+      "client": "zed",
+      "client_version": "2.5.1",
+      "agent": "reviewer",
+      "task_hash": "sha256:9ed0fd91ef88f64a7de10e7fbab4e979ec6b13701d8a7569e3d4ad4ed9932a9a",
+      "discovered_resources": ["skill:pr-review", "skill:release-notes"],
+      "attached_resources": ["skill:pr-review", "skill:release-notes"],
+      "injected_resources": [],
+      "readable_resources": [],
+      "skipped_resources": [
+        {
+          "id": "skill:pr-review",
+          "stage": "injected",
+          "reason": "runtime_does_not_inject_resources"
+        },
+        {
+          "id": "skill:release-notes",
+          "stage": "injected",
+          "reason": "trigger_not_matched"
+        }
+      ]
+    }
+  ],
+  "safe_to_continue": false,
+  "next_action": "file a host/runtime bug with stage-level evidence; do not fix this with stronger prompt wording alone"
+}

package/examples/mcp-runtime-config-receipts/README.md

@@ -0,0 +1,15 @@
+# MCP runtime config receipts
+
+This example validates the live-vs-template boundary for MCP config review.
+
+```bash
+node check-mcp-runtime-config-receipt.mjs mcp-runtime-config-receipt.json
+```
+
+Expected output:
+
+```text
+mcp runtime config receipt ok: 3 configs checked, 1 runtime alert, 0 review-noise warnings
+```
+
+The alert is intentional: the live `.mcp.json` changes what Claude Code can load. The template and disabled config are quiet by default because they are not runtime-active.

package/examples/mcp-runtime-config-receipts/check-mcp-runtime-config-receipt.mjs

@@ -0,0 +1,127 @@
+#!/usr/bin/env node
+import fs from 'node:fs'
+import path from 'node:path'
+
+const receiptPath = process.argv[2] || path.join(import.meta.dirname, 'mcp-runtime-config-receipt.json')
+const receipt = JSON.parse(fs.readFileSync(receiptPath, 'utf8'))
+const errors = []
+const warnings = []
+let runtimeAlerts = 0
+
+function fieldName(prefix, field) {
+  return prefix ? `${prefix}.${field}` : field
+}
+
+function requireString(value, field) {
+  if (typeof value !== 'string' || value.trim() === '') {
+    errors.push(`${field} must be a non-empty string`)
+  }
+}
+
+function requireBoolean(value, field) {
+  if (typeof value !== 'boolean') {
+    errors.push(`${field} must be boolean`)
+  }
+}
+
+function requireArray(value, field) {
+  if (!Array.isArray(value)) {
+    errors.push(`${field} must be an array`)
+  }
+}
+
+function requireStringArray(value, field) {
+  requireArray(value, field)
+  for (const [index, item] of (value || []).entries()) {
+    if (typeof item !== 'string' || item.trim() === '') {
+      errors.push(`${field}[${index}] must be a non-empty string`)
+    }
+  }
+}
+
+const runtimeKinds = new Set(['runtime_config'])
+const inactiveKinds = new Set(['sample_config', 'disabled_config', 'catalog_example'])
+const allowedKinds = new Set([...runtimeKinds, ...inactiveKinds])
+const allowedChanges = new Set(['server_added', 'server_removed', 'command_changed', 'env_changed', 'tools_changed', 'unchanged'])
+
+if (receipt.schema !== 'pluribus.mcp_runtime_config_receipt.v1') {
+  errors.push('schema must be pluribus.mcp_runtime_config_receipt.v1')
+}
+
+requireString(receipt.run_id, 'run_id')
+requireString(receipt.generated_at, 'generated_at')
+requireString(receipt.repository_ref, 'repository_ref')
+
+if (!Array.isArray(receipt.configs) || receipt.configs.length === 0) {
+  errors.push('configs must be a non-empty array')
+}
+
+for (const [index, config] of (receipt.configs || []).entries()) {
+  const prefix = `configs[${index}]`
+  requireString(config.path, fieldName(prefix, 'path'))
+  requireString(config.client, fieldName(prefix, 'client'))
+  requireString(config.source_kind, fieldName(prefix, 'source_kind'))
+  requireString(config.change_kind, fieldName(prefix, 'change_kind'))
+  requireBoolean(config.runtime_active, fieldName(prefix, 'runtime_active'))
+  requireBoolean(config.permission_surface_changed, fieldName(prefix, 'permission_surface_changed'))
+  requireBoolean(config.sample_config_review, fieldName(prefix, 'sample_config_review'))
+  requireBoolean(config.should_alert, fieldName(prefix, 'should_alert'))
+  requireStringArray(config.loaded_by, fieldName(prefix, 'loaded_by'))
+
+  if (!allowedKinds.has(config.source_kind)) {
+    errors.push(`${prefix}.source_kind must be one of ${[...allowedKinds].join(', ')}`)
+  }
+
+  if (!allowedChanges.has(config.change_kind)) {
+    errors.push(`${prefix}.change_kind must be one of ${[...allowedChanges].join(', ')}`)
+  }
+
+  if (runtimeKinds.has(config.source_kind) && config.runtime_active !== true) {
+    errors.push(`${prefix}.runtime_active must be true for runtime_config`)
+  }
+
+  if (inactiveKinds.has(config.source_kind) && config.runtime_active !== false) {
+    errors.push(`${prefix}.runtime_active must be false for ${config.source_kind}`)
+  }
+
+  if (config.runtime_active && (!Array.isArray(config.loaded_by) || config.loaded_by.length === 0)) {
+    errors.push(`${prefix}.loaded_by must name at least one client when runtime_active is true`)
+  }
+
+  if (config.runtime_active && config.permission_surface_changed && config.change_kind !== 'unchanged') {
+    runtimeAlerts += 1
+    if (config.should_alert !== true) {
+      errors.push(`${prefix}.should_alert must be true when an active runtime permission surface changed`)
+    }
+  }
+
+  if (!config.runtime_active && config.should_alert && !config.sample_config_review) {
+    warnings.push(`${config.path || prefix} alerts even though it is not runtime-active; use sample_config_review or suppress as template noise`)
+  }
+
+  if (!Array.isArray(config.evidence) || config.evidence.length === 0) {
+    errors.push(`${prefix}.evidence must include at least one privacy-safe evidence ref`)
+  }
+
+  for (const [evidenceIndex, evidence] of (config.evidence || []).entries()) {
+    const evidencePrefix = `${prefix}.evidence[${evidenceIndex}]`
+    requireString(evidence.kind, fieldName(evidencePrefix, 'kind'))
+    requireString(evidence.ref, fieldName(evidencePrefix, 'ref'))
+  }
+
+  const envKeys = config.redacted_env_keys || {}
+  requireStringArray(envKeys.required, fieldName(prefix, 'redacted_env_keys.required'))
+  requireStringArray(envKeys.present, fieldName(prefix, 'redacted_env_keys.present'))
+  requireStringArray(envKeys.missing, fieldName(prefix, 'redacted_env_keys.missing'))
+}
+
+if (errors.length > 0) {
+  console.error('mcp runtime config receipt invalid:')
+  for (const error of errors) console.error(`- ${error}`)
+  process.exit(1)
+}
+
+const warningLabel = warnings.length === 1 ? 'warning' : 'warnings'
+const alertLabel = runtimeAlerts === 1 ? 'alert' : 'alerts'
+console.log(`mcp runtime config receipt ok: ${receipt.configs.length} configs checked, ${runtimeAlerts} runtime ${alertLabel}, ${warnings.length} review-noise ${warningLabel}`)
+for (const warning of warnings) console.log(`- ${warning}`)

package/examples/mcp-runtime-config-receipts/mcp-runtime-config-receipt.json

@@ -0,0 +1,82 @@
+{
+  "schema": "pluribus.mcp_runtime_config_receipt.v1",
+  "run_id": "mcp-config-review-2026-06-05T23:00Z",
+  "generated_at": "2026-06-05T23:00:00Z",
+  "repository_ref": "github:example/app@pull/123",
+  "configs": [
+    {
+      "path": ".mcp.json",
+      "client": "claude-code",
+      "source_kind": "runtime_config",
+      "runtime_active": true,
+      "loaded_by": ["claude-code"],
+      "change_kind": "server_added",
+      "permission_surface_changed": true,
+      "sample_config_review": false,
+      "should_alert": true,
+      "evidence": [
+        {
+          "kind": "config_digest",
+          "ref": "sha256:9a1c4b7d4f1a"
+        },
+        {
+          "kind": "client_discovery_rule",
+          "ref": "claude-code:.mcp.json"
+        }
+      ],
+      "redacted_env_keys": {
+        "required": ["GITHUB_TOKEN"],
+        "present": [],
+        "missing": ["GITHUB_TOKEN"]
+      }
+    },
+    {
+      "path": ".mcp.json.template",
+      "client": "claude-code",
+      "source_kind": "sample_config",
+      "runtime_active": false,
+      "loaded_by": [],
+      "change_kind": "server_added",
+      "permission_surface_changed": true,
+      "sample_config_review": false,
+      "should_alert": false,
+      "evidence": [
+        {
+          "kind": "config_digest",
+          "ref": "sha256:2e76a9c103ab"
+        }
+      ],
+      "redacted_env_keys": {
+        "required": ["EXAMPLE_API_KEY"],
+        "present": [],
+        "missing": ["EXAMPLE_API_KEY"]
+      }
+    },
+    {
+      "path": ".cursor/mcp.disabled.json",
+      "client": "cursor",
+      "source_kind": "disabled_config",
+      "runtime_active": false,
+      "loaded_by": [],
+      "change_kind": "command_changed",
+      "permission_surface_changed": true,
+      "sample_config_review": false,
+      "should_alert": false,
+      "evidence": [
+        {
+          "kind": "config_digest",
+          "ref": "sha256:66f3ec00a12b"
+        },
+        {
+          "kind": "disabled_profile_marker",
+          "ref": "filename:mcp.disabled.json"
+        }
+      ],
+      "redacted_env_keys": {
+        "required": [],
+        "present": [],
+        "missing": []
+      }
+    }
+  ]
+}

package/examples/memory-write-policy/README.md

@@ -0,0 +1,28 @@
+# Memory write policy receipt gate
+
+Shared memory systems are useful when many agents can read the same durable facts. They become risky when every run can also write to that memory without review.
+
+This example treats a memory write like a code change:
+
+1. the agent proposes a memory diff;
+2. the diff is scoped to a repo/project/org/user boundary;
+3. the source is hashed instead of copied;
+4. stale facts get an expiry or review date;
+5. future sessions can see what memory was injected;
+6. private/sensitive writes are quarantined until a human or external policy approves them.
+
+Run the passing fixture:
+
+```bash
+node examples/memory-write-policy/check-memory-update.mjs \
+  examples/memory-write-policy/approved-memory-update.json
+```
+
+Run the failing fixture:
+
+```bash
+node examples/memory-write-policy/check-memory-update.mjs \
+  examples/memory-write-policy/quarantined-memory-update.json
+```
+
+Use this shape when evaluating cross-agent memory MCPs, knowledge graphs, or shared `CLAUDE.md`/`AGENTS.md` update flows. The point is not to store the memory body in the receipt. The point is to prove that a durable memory update had source, scope, lifecycle, visibility, approval, and privacy checks before it could teach every harness the same fact.

package/examples/memory-write-policy/approved-memory-update.json

@@ -0,0 +1,48 @@
+{
+  "type": "agent.memory_update_receipt.v1",
+  "update_id": "memupd_2026_06_01_001",
+  "run_id": "agent_run_8742",
+  "source": {
+    "kind": "claude-code-session",
+    "ref": "repo:acme/shop#issue-4812",
+    "content_hash": "sha256:4df7b1b9d6f4a2c51ad3e1ce761a8f0f918c9a0f4d26c4c8fd9f1e21ad1a19f4"
+  },
+  "scope": {
+    "kind": "repo",
+    "id": "acme/shop",
+    "path_prefix": "apps/checkout"
+  },
+  "proposed_diff": {
+    "adds": [
+      {
+        "memory_ref": "memory:checkout:idempotency-key-policy",
+        "summary_hash": "sha256:dad59f7764d0a6dd8db8f2d6f23d9dd30b3e6b1e1197d5478c05f9d093bc5fed",
+        "reason": "captured repo-local invariant after failing duplicate-charge test"
+      }
+    ],
+    "updates": [],
+    "supersedes": [],
+    "expires": []
+  },
+  "write_policy": {
+    "status": "approved",
+    "policy_ref": "repo-memory-policy:v2",
+    "approved_by": "maintainer:checkout-platform",
+    "approval_channel": "pull-request-review",
+    "private_or_sensitive_detected": false
+  },
+  "lifecycle": {
+    "review_after": "2026-07-01T00:00:00Z",
+    "supersedes_required": false
+  },
+  "injection_visibility": {
+    "next_session_visible": true,
+    "preview_path": ".pluribus/memory-previews/checkout-idempotency-key-policy.md"
+  },
+  "privacy": {
+    "raw_memory_text_logged": false,
+    "raw_prompts_logged": false,
+    "raw_tool_output_logged": false,
+    "secrets_logged": false
+  }
+}

package/examples/memory-write-policy/check-memory-update.mjs

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+import { readFileSync } from 'node:fs'
+
+const [file] = process.argv.slice(2)
+
+if (!file) {
+  console.error('Usage: node check-memory-update.mjs <memory-update-receipt.json>')
+  process.exit(2)
+}
+
+let receipt
+try {
+  receipt = JSON.parse(readFileSync(file, 'utf8'))
+} catch (error) {
+  console.error(JSON.stringify({ ok: false, file, errors: [`invalid JSON: ${error.message}`] }, null, 2))
+  process.exit(2)
+}
+
+const errors = []
+const warnings = []
+
+if (receipt.type !== 'agent.memory_update_receipt.v1') {
+  errors.push('type must be agent.memory_update_receipt.v1')
+}
+
+for (const key of ['update_id', 'run_id']) {
+  if (!receipt[key] || typeof receipt[key] !== 'string') {
+    errors.push(`${key} is required`)
+  }
+}
+
+const source = receipt.source || {}
+if (!source.kind || typeof source.kind !== 'string') {
+  errors.push('source.kind is required')
+}
+if (!source.ref || typeof source.ref !== 'string') {
+  errors.push('source.ref is required')
+}
+if (!source.content_hash || typeof source.content_hash !== 'string') {
+  errors.push('source.content_hash is required; do not rely on raw memory text')
+}
+
+const scope = receipt.scope || {}
+if (!scope.kind || !['repo', 'project', 'org', 'user'].includes(scope.kind)) {
+  errors.push('scope.kind must be repo, project, org, or user')
+}
+if (!scope.id || typeof scope.id !== 'string') {
+  errors.push('scope.id is required so a memory write cannot silently become global')
+}
+if (scope.kind === 'user') {
+  warnings.push('user-scoped durable memory is broad; prefer repo/project scope when possible')
+}
+
+const diff = receipt.proposed_diff || {}
+const changed = ['adds', 'updates', 'supersedes', 'expires'].flatMap((key) => Array.isArray(diff[key]) ? diff[key] : [])
+if (changed.length === 0) {
+  errors.push('proposed_diff must include at least one add, update, supersede, or expire entry')
+}
+for (const [index, item] of changed.entries()) {
+  if (!item.memory_ref || typeof item.memory_ref !== 'string') {
+    errors.push(`proposed_diff item ${index} is missing memory_ref`)
+  }
+  if (!item.summary_hash || typeof item.summary_hash !== 'string') {
+    errors.push(`proposed_diff item ${index} is missing summary_hash; log hashes, not raw memory bodies`)
+  }
+  if (item.raw_text) {
+    errors.push(`proposed_diff item ${index} must not include raw_text`)
+  }
+}
+
+const policy = receipt.write_policy || {}
+if (policy.status !== 'approved') {
+  errors.push(`write_policy.status is ${policy.status || 'missing'}; shared memory write must remain proposed/quarantined until approved`)
+}
+if (!policy.policy_ref || typeof policy.policy_ref !== 'string') {
+  errors.push('write_policy.policy_ref is required')
+}
+if (!policy.approved_by || typeof policy.approved_by !== 'string') {
+  errors.push('write_policy.approved_by is required for durable writes')
+}
+if (policy.private_or_sensitive_detected !== false) {
+  errors.push('write_policy.private_or_sensitive_detected must be false before merge')
+}
+
+const lifecycle = receipt.lifecycle || {}
+if (!lifecycle.expires_at && !lifecycle.review_after) {
+  errors.push('lifecycle.expires_at or lifecycle.review_after is required to avoid immortal stale facts')
+}
+if (lifecycle.supersedes_required === true && (!Array.isArray(diff.supersedes) || diff.supersedes.length === 0)) {
+  errors.push('lifecycle.supersedes_required is true but proposed_diff.supersedes is empty')
+}
+
+const visibility = receipt.injection_visibility || {}
+if (visibility.next_session_visible !== true) {
+  errors.push('injection_visibility.next_session_visible must be true so future agents can see what memory was injected')
+}
+if (!visibility.preview_path || typeof visibility.preview_path !== 'string') {
+  warnings.push('injection_visibility.preview_path is recommended for human review')
+}
+
+const privacy = receipt.privacy || {}
+for (const key of ['raw_memory_text_logged', 'raw_prompts_logged', 'raw_tool_output_logged', 'secrets_logged']) {
+  if (privacy[key] !== false) {
+    errors.push(`privacy.${key} must be false for this gate`)
+  }
+}
+
+const result = {
+  ok: errors.length === 0,
+  file,
+  update_id: receipt.update_id,
+  run_id: receipt.run_id,
+  scope: scope.kind && scope.id ? `${scope.kind}:${scope.id}` : undefined,
+  write_status: policy.status,
+  errors,
+  warnings
+}
+
+console.log(JSON.stringify(result, null, 2))
+process.exit(result.ok ? 0 : 1)

package/examples/memory-write-policy/quarantined-memory-update.json

@@ -0,0 +1,43 @@
+{
+  "type": "agent.memory_update_receipt.v1",
+  "update_id": "memupd_2026_06_01_002",
+  "run_id": "agent_run_8743",
+  "source": {
+    "kind": "claude-code-session",
+    "ref": "repo:acme/shop#debug-chat",
+    "content_hash": "sha256:6d4fa2a2114f83fd8bd9d6eb3c632ff6f20252f978bc9deec0b9d85694e02d4b"
+  },
+  "scope": {
+    "kind": "user",
+    "id": "developer-laptop"
+  },
+  "proposed_diff": {
+    "adds": [
+      {
+        "memory_ref": "memory:global:production-debug-shortcut",
+        "summary_hash": "sha256:5ee95af43fd2fb8b90908ef8cc4a5e6f050a8f52c97c7c93fd7f37bd1dcf3c2a",
+        "raw_text": "do not store raw memory bodies here"
+      }
+    ],
+    "updates": [],
+    "supersedes": [],
+    "expires": []
+  },
+  "write_policy": {
+    "status": "quarantined",
+    "policy_ref": "repo-memory-policy:v2",
+    "private_or_sensitive_detected": true
+  },
+  "lifecycle": {
+    "supersedes_required": false
+  },
+  "injection_visibility": {
+    "next_session_visible": false
+  },
+  "privacy": {
+    "raw_memory_text_logged": true,
+    "raw_prompts_logged": false,
+    "raw_tool_output_logged": false,
+    "secrets_logged": false
+  }
+}

package/examples/parallel-session-review-ledger/README.md

@@ -0,0 +1,13 @@
+# Parallel session review ledger example
+
+This example is a copyable receipt for teams running multiple agent sessions at once. It is designed for the review bottleneck: deciding whether each session can be trusted, continued, or rejected without reading an entire transcript.
+
+```bash
+node examples/parallel-session-review-ledger/check-parallel-session-review-ledger.mjs examples/parallel-session-review-ledger/parallel-session-review-ledger.json
+```
+
+Expected output:
+
+```text
+parallel session review ledger ok: 3 sessions checked
+```

package/examples/parallel-session-review-ledger/check-parallel-session-review-ledger.mjs

@@ -0,0 +1,69 @@
+#!/usr/bin/env node
+import fs from 'node:fs';
+import path from 'node:path';
+
+const file = process.argv[2] || path.join('examples', 'parallel-session-review-ledger', 'parallel-session-review-ledger.json');
+const receipt = JSON.parse(fs.readFileSync(file, 'utf8'));
+const errors = [];
+
+const allowedStates = new Set(['complete', 'partial', 'blocked', 'unsafe_to_resume']);
+const allowedNextActions = new Set([
+  'review_diff',
+  'run_missing_check',
+  'continue_same_scope',
+  'ask_human',
+  'stop_manual_review'
+]);
+
+function add(condition, message) {
+  if (!condition) errors.push(message);
+}
+
+function globPrefix(pattern) {
+  return pattern.replace(/\*\*.*$/, '').replace(/\*.*$/, '');
+}
+
+add(receipt.schema === 'pluribus.parallel_session_review_ledger.v1', 'schema must be pluribus.parallel_session_review_ledger.v1');
+add(Array.isArray(receipt.sessions) && receipt.sessions.length > 0, 'sessions must be a non-empty array');
+
+for (const session of receipt.sessions || []) {
+  const label = session.id || '<missing-id>';
+  add(Boolean(session.id), 'session id is required');
+  add(Boolean(session.assignment), `${label}: assignment is required`);
+  add(Boolean(session.branch), `${label}: branch is required`);
+  add(Boolean(session.allowed_scope), `${label}: allowed_scope is required`);
+  add(Array.isArray(session.allowed_scope?.files) && session.allowed_scope.files.length > 0, `${label}: allowed_scope.files must be non-empty`);
+  add(allowedStates.has(session.state), `${label}: invalid state ${session.state}`);
+  add(allowedNextActions.has(session.safe_next_action), `${label}: invalid safe_next_action ${session.safe_next_action}`);
+
+  const evidence = session.evidence || [];
+  const missingChecks = session.missing_checks || [];
+  const privacyFlags = session.privacy_flags || [];
+
+  if (session.state === 'complete') {
+    add(evidence.length > 0, `${label}: complete sessions need evidence`);
+    add(missingChecks.length === 0, `${label}: complete sessions cannot have missing_checks`);
+    add(privacyFlags.length === 0, `${label}: complete sessions cannot have privacy_flags`);
+  }
+
+  if (session.state === 'partial') {
+    add(missingChecks.length > 0, `${label}: partial sessions must name missing_checks`);
+  }
+
+  if (session.state === 'unsafe_to_resume') {
+    add(session.safe_next_action === 'stop_manual_review', `${label}: unsafe_to_resume must use stop_manual_review`);
+  }
+
+  const allowedPrefixes = (session.allowed_scope?.files || []).map(globPrefix);
+  for (const touched of session.touched_files || []) {
+    add(allowedPrefixes.some((prefix) => touched.startsWith(prefix)), `${label}: touched file outside allowed scope: ${touched}`);
+  }
+}
+
+if (errors.length > 0) {
+  console.error('parallel session review ledger invalid:');
+  for (const error of errors) console.error(`- ${error}`);
+  process.exit(1);
+}
+
+console.log(`parallel session review ledger ok: ${receipt.sessions.length} sessions checked`);