pumuki 6.3.32 → 6.3.34

package/docs/CONFIGURATION.md

@@ -104,6 +104,9 @@ Structured telemetry output is disabled by default and can be enabled with envir
 - `PUMUKI_TELEMETRY_JSONL_PATH`:
   - JSONL file path for `telemetry_event_v1` records.
   - Accepts absolute path or repo-relative path.
+- `PUMUKI_TELEMETRY_JSONL_MAX_BYTES`:
+  - Optional max size for JSONL file growth.
+  - When current file size plus next event exceeds this value, current file rotates to `<path>.1` before append.
 - `PUMUKI_TELEMETRY_OTEL_ENDPOINT`:
   - OTLP HTTP logs endpoint (`/v1/logs`).
 - `PUMUKI_TELEMETRY_OTEL_SERVICE_NAME`:
@@ -116,6 +119,21 @@ Notes:
 - You can enable JSONL only, OTel only, or both.
 - If unset, no telemetry export is attempted.
 - Gate execution remains deterministic even when OTel endpoint is unavailable (best-effort dispatch).
+- Rotation is opt-in; without `PUMUKI_TELEMETRY_JSONL_MAX_BYTES`, append behavior remains unchanged.
+
+Quick verification (JSONL):
+
+```bash
+PUMUKI_TELEMETRY_JSONL_PATH=.pumuki/artifacts/gate-telemetry.jsonl \
+  npx --yes --package pumuki@latest pumuki-pre-commit
+```
+
+Expected JSONL keys for enterprise audit ingestion:
+
+- `schema=telemetry_event_v1` with `schema_version=1.0`
+- `stage`, `gate_outcome`, `severity_counts`
+- `policy.bundle`, `policy.hash`, `policy.version`, `policy.signature`, `policy.policy_source`
+- `policy.validation_status`, `policy.validation_code` (when policy-as-code validation is available)
 
 ## Heuristic pilot flag
 

package/docs/RELEASE_NOTES.md

@@ -3,6 +3,22 @@
 This file tracks the active deterministic framework line used in this repository.
 Detailed commit history remains available through Git history (`git log` / `git show`).
 
+## 2026-03 (enterprise hardening updates)
+
+### 2026-03-04 (v6.3.33)
+
+- Runtime hardening shipped for enterprise diagnosis:
+  - `pumuki doctor --deep --json` now includes explicit compatibility contract payload under `deep.contract`.
+  - New deep check id `compatibility-contract` validates the active contract for `pumuki/openspec/hooks/adapter`.
+- Traceability:
+  - implementation PR: `#563`
+  - release PR: `#567`
+- Consumer quick verification:
+  - `npx --yes --package pumuki@latest pumuki doctor --deep --json`
+  - expected signal in JSON:
+    - `deep.checks` contains an item with `id=compatibility-contract`
+    - `deep.contract.overall` resolves to `compatible` or `incompatible` deterministically
+
 ## 2026-02 (enterprise-refactor updates)
 
 ### 2026-02-27 (v6.3.24)

package/docs/registro-maestro-de-seguimiento.md

@@ -7,7 +7,7 @@
 ## Estado actual
 - Plan activo: `docs/seguimiento-completo-validacion-ruralgo-03-03-2026.md`
 - Estado del plan: EN CURSO
-- Task activa (`🚧`): `P12.F2.T53` (publicar patch release con la ampliación de suite contractual `#557` y dejar disponibilidad inmediata para consumers).
+- Task activa (`🚧`): `P12.F2.T60` (release patch con mejoras de telemetría, issue `#578`).
 
 ## Historial resumido
 - No se mantienen MDs históricos de seguimiento en este repositorio.

package/docs/seguimiento-completo-validacion-ruralgo-03-03-2026.md

@@ -1757,11 +1757,92 @@ Criterio de salida F5:
     - `npm run -s validation:contract-suite:enterprise -- --json`
     - `npm run -s validation:tracking-single-active`
 
-- 🚧 `P12.F2.T53` Publicar patch release con la ampliación de suite contractual (`#557`) y dejar disponibilidad inmediata para consumidores.
+- ✅ `P12.F2.T53` Publicar patch release con la ampliación de suite contractual (`#557`) y dejar disponibilidad inmediata para consumidores.
+  - cierre ejecutado:
+    - rama release creada y mergeada: `release/6.3.32` -> `#560` (`https://github.com/SwiftEnProfundidad/ast-intelligence-hooks/pull/560`).
+    - publicación npm completada: `pumuki@6.3.32`.
+  - evidencia:
+    - `npx --yes tsx@4.21.0 --test scripts/__tests__/enterprise-contract-suite-contract.test.ts scripts/__tests__/enterprise-contract-suite-args-lib.test.ts scripts/__tests__/enterprise-contract-suite-report-lib.test.ts`
+    - `npm run -s typecheck`
+    - `npm run -s validation:contract-suite:enterprise -- --json`
+    - `npm run -s validation:package-manifest`
+    - `npm publish --access public`
+    - `npm view pumuki version` => `6.3.32`
+
+- ✅ `P12.F2.T54` Ejecutar siguiente mejora estratégica: contrato explícito de compatibilidad (pumuki/openspec/hooks/adapters) con validación automática en `doctor`.
+  - cierre ejecutado:
+    - issue creada y cerrada: `#562`.
+    - rama técnica creada y mergeada: `feature/562-doctor-deep-compatibility-contract` -> `#563` (`https://github.com/SwiftEnProfundidad/ast-intelligence-hooks/pull/563`).
+    - commit de merge en `develop`: `a1df815`.
+  - evidencia:
+    - `npx --yes tsx@4.21.0 --test integrations/lifecycle/__tests__/doctor.test.ts integrations/lifecycle/__tests__/cli.test.ts`
+    - `npm run -s typecheck`
+    - `npm run -s validation:contract-suite:enterprise -- --json`
+    - `npm run -s validation:tracking-single-active`
+
+- ✅ `P12.F2.T55` Publicar patch release con el contrato de compatibilidad de `doctor --deep` ya mergeado en `#563`.
+  - cierre ejecutado:
+    - issue creada y cerrada: `#565`.
+    - rama release creada y mergeada: `release/6.3.33` -> `#567` (`https://github.com/SwiftEnProfundidad/ast-intelligence-hooks/pull/567`).
+    - publicación npm completada: `pumuki@6.3.33`.
+    - commit de merge en `develop`: `6f36830`.
+  - evidencia:
+    - `npx --yes tsx@4.21.0 --test integrations/lifecycle/__tests__/doctor.test.ts integrations/lifecycle/__tests__/cli.test.ts`
+    - `npm run -s typecheck`
+    - `npm run -s validation:contract-suite:enterprise -- --json`
+    - `npm run -s validation:package-manifest`
+    - `npm publish --access public`
+    - `npm view pumuki version` => `6.3.33`
+
+- ✅ `P12.F2.T56` Publicar documentación de adopción de `6.3.33` (release notes + verificación operativa rápida).
+  - cierre ejecutado:
+    - issue documental creada: `#568`.
+    - release notes actualizadas con sección `2026-03-04 (v6.3.33)` y comandos de verificación para consumidores.
+    - documentación operativa alineada con el release publicado `6.3.33`.
+  - evidencia:
+    - `docs/RELEASE_NOTES.md` incluye delta funcional de `doctor --deep` para `compatibility-contract`.
+    - `npm view pumuki version` => `6.3.33`
+    - `npm run -s validation:tracking-single-active`
+
+- ✅ `P12.F2.T57` Ejecutar siguiente mejora estratégica: export de telemetría de gates en JSONL determinista para auditoría enterprise.
+  - cierre ejecutado:
+    - issue creada y cerrada: `#569`.
+    - rama técnica creada y mergeada: `feature/569-telemetry-jsonl-audit-hardening` -> `#571` (`https://github.com/SwiftEnProfundidad/ast-intelligence-hooks/pull/571`).
+    - commit de merge en `develop`: `b98ef25`.
+  - evidencia:
+    - `npx --yes tsx@4.21.0 --test integrations/telemetry/__tests__/gateTelemetry.test.ts`
+    - `npm run -s typecheck`
+    - `npm run -s validation:tracking-single-active`
+    - `docs/CONFIGURATION.md` actualizado con verificación operativa JSONL y claves esperadas.
+
+- ✅ `P12.F2.T58` Ejecutar siguiente mejora estratégica: rotación/guard de tamaño para telemetría JSONL en repos enterprise de larga duración.
+  - cierre ejecutado:
+    - issue creada y cerrada: `#572`.
+    - rama técnica creada y mergeada: `feature/572-telemetry-jsonl-rotation-guard` -> `#574` (`https://github.com/SwiftEnProfundidad/ast-intelligence-hooks/pull/574`).
+    - commit de merge en `develop`: `b3a5b27`.
+  - evidencia:
+    - `npx --yes tsx@4.21.0 --test integrations/telemetry/__tests__/gateTelemetry.test.ts`
+    - `npm run -s typecheck`
+    - `npm run -s validation:tracking-single-active`
+    - `docs/CONFIGURATION.md` actualizado con `PUMUKI_TELEMETRY_JSONL_MAX_BYTES`.
+
+- ✅ `P12.F2.T59` Ejecutar siguiente mejora estratégica: cubrir la rotación JSONL en la suite contractual enterprise.
+  - cierre ejecutado:
+    - issue creada y cerrada: `#575`.
+    - rama técnica creada y mergeada: `feature/575-contract-suite-telemetry-rotation` -> `#577` (`https://github.com/SwiftEnProfundidad/ast-intelligence-hooks/pull/577`).
+    - commit de merge en `develop`: `89e2045`.
+  - evidencia:
+    - `npx --yes tsx@4.21.0 --test scripts/__tests__/enterprise-contract-suite-contract.test.ts scripts/__tests__/enterprise-contract-suite-report-lib.test.ts scripts/__tests__/enterprise-contract-suite-args-lib.test.ts integrations/telemetry/__tests__/gateTelemetry.test.ts`
+    - `npm run -s typecheck`
+    - `npm run -s validation:contract-suite:enterprise -- --json`
+    - `npm run -s validation:tracking-single-active`
+    - `docs/validation/README.md` actualizado con perfiles activos de la suite contractual.
+
+- 🚧 `P12.F2.T60` Publicar patch release con mejoras de telemetría (`#574`, `#577`) para disponibilidad inmediata en npm.
   - salida esperada:
-    - versión npm publicada con el perfil adicional `minimal-repeat`.
-    - PR de release mergeada en `develop` con evidencias de validación.
-    - seguimiento maestro apuntando a esta task como única activa.
+    - issue de release creada con alcance/doD verificable (`#578`).
+    - nueva versión npm publicada con rotación JSONL + profile contractual `telemetry-rotation`.
+    - trazabilidad cerrada en plan activo + registro maestro.
 
 Criterio de salida F6:
 - veredicto final trazable y cierre administrativo completo.

package/docs/validation/README.md

@@ -16,6 +16,11 @@ Este directorio contiene solo documentación oficial y estable de validación pa
 - Master de seguimiento: `docs/registro-maestro-de-seguimiento.md`.
 - Plan activo: `docs/seguimiento-completo-validacion-ruralgo-03-03-2026.md`.
 - Suite contractual enterprise (MVP): `npm run -s validation:contract-suite:enterprise`.
+  - Perfiles activos del reporte JSON:
+    - `minimal`
+    - `block`
+    - `minimal-repeat`
+    - `telemetry-rotation`
 
 ## Política de higiene
 

package/integrations/lifecycle/doctor.ts

@@ -6,6 +6,11 @@ import { getPumukiHooksStatus } from './hookManager';
 import { LifecycleGitService, type ILifecycleGitService } from './gitService';
 import { getCurrentPumukiVersion } from './packageInfo';
 import { readLifecycleState, type LifecycleState } from './state';
+import {
+  detectOpenSpecInstallation,
+  evaluateOpenSpecCompatibility,
+  isOpenSpecProjectInitialized,
+} from '../sdd/openSpecCli';
 
 export type DoctorIssueSeverity = 'warning' | 'error';
 
@@ -18,7 +23,8 @@ export type DoctorDeepCheckId =
   | 'upstream-readiness'
   | 'adapter-wiring'
   | 'policy-drift'
-  | 'evidence-source-drift';
+  | 'evidence-source-drift'
+  | 'compatibility-contract';
 
 export type DoctorDeepCheck = {
   id: DoctorDeepCheckId;
@@ -33,6 +39,30 @@ export type DoctorDeepReport = {
   enabled: true;
   checks: ReadonlyArray<DoctorDeepCheck>;
   blocking: boolean;
+  contract: DoctorCompatibilityContract;
+};
+
+export type DoctorCompatibilityContract = {
+  overall: 'compatible' | 'incompatible';
+  pumuki: {
+    installed: boolean;
+    version: string;
+  };
+  openspec: {
+    required: boolean;
+    installed: boolean;
+    version: string | null;
+    minimumVersion: string;
+    compatible: boolean;
+  };
+  hooks: {
+    managed: boolean;
+    managedCount: number;
+    totalCount: number;
+  };
+  adapter: {
+    valid: boolean;
+  };
 };
 
 export type LifecycleDoctorReport = {
@@ -457,21 +487,128 @@ const evaluateEvidenceSourceDriftCheck = (params: {
   });
 };
 
+const buildCompatibilityContract = (params: {
+  repoRoot: string;
+  lifecycleState: LifecycleState;
+  hookStatus: ReturnType<typeof getPumukiHooksStatus>;
+  adapterCheck: DoctorDeepCheck;
+}): DoctorCompatibilityContract => {
+  const hooks = Object.values(params.hookStatus);
+  const managedCount = hooks.filter((entry) => entry.managedBlockPresent).length;
+  const totalCount = hooks.length;
+  const hooksManaged = totalCount > 0 && managedCount === totalCount;
+
+  const openSpecRequired = isOpenSpecProjectInitialized(params.repoRoot);
+  const openSpecInstalled = detectOpenSpecInstallation(params.repoRoot);
+  const openSpecCompatibility = evaluateOpenSpecCompatibility(openSpecInstalled);
+  const openSpecCompatible = openSpecRequired ? openSpecCompatibility.compatible : true;
+
+  const adapterValid = params.adapterCheck.status === 'pass';
+  const pumukiInstalled = params.lifecycleState.installed === 'true';
+  const overallCompatible =
+    pumukiInstalled && hooksManaged && adapterValid && openSpecCompatible;
+
+  return {
+    overall: overallCompatible ? 'compatible' : 'incompatible',
+    pumuki: {
+      installed: pumukiInstalled,
+      version: getCurrentPumukiVersion(),
+    },
+    openspec: {
+      required: openSpecRequired,
+      installed: openSpecInstalled.installed,
+      version: openSpecInstalled.version ?? null,
+      minimumVersion: openSpecCompatibility.minimumVersion,
+      compatible: openSpecCompatible,
+    },
+    hooks: {
+      managed: hooksManaged,
+      managedCount,
+      totalCount,
+    },
+    adapter: {
+      valid: adapterValid,
+    },
+  };
+};
+
+const evaluateCompatibilityContractCheck = (
+  contract: DoctorCompatibilityContract
+): DoctorDeepCheck => {
+  if (contract.overall === 'compatible') {
+    return buildDeepCheck({
+      id: 'compatibility-contract',
+      status: 'pass',
+      severity: 'info',
+      message: 'Compatibility contract is satisfied for pumuki/openspec/hooks/adapter.',
+      metadata: {
+        pumuki_installed: contract.pumuki.installed,
+        openspec_required: contract.openspec.required,
+        openspec_compatible: contract.openspec.compatible,
+        hooks_managed: contract.hooks.managed,
+        adapter_valid: contract.adapter.valid,
+      },
+    });
+  }
+
+  const remediation: string[] = [];
+  if (!contract.pumuki.installed) {
+    remediation.push('Run "pumuki install" to restore lifecycle state.');
+  }
+  if (!contract.hooks.managed) {
+    remediation.push('Regenerate managed hooks with "pumuki install".');
+  }
+  if (!contract.adapter.valid) {
+    remediation.push('Repair adapter wiring with "pumuki adapter install --agent=codex".');
+  }
+  if (contract.openspec.required && !contract.openspec.compatible) {
+    remediation.push(
+      `Install or upgrade OpenSpec to >= ${contract.openspec.minimumVersion} before enterprise validation.`
+    );
+  }
+
+  return buildDeepCheck({
+    id: 'compatibility-contract',
+    status: 'fail',
+    severity: 'warning',
+    message: 'Compatibility contract is not satisfied for one or more required components.',
+    remediation: remediation.join(' '),
+    metadata: {
+      pumuki_installed: contract.pumuki.installed,
+      openspec_required: contract.openspec.required,
+      openspec_compatible: contract.openspec.compatible,
+      hooks_managed: contract.hooks.managed,
+      adapter_valid: contract.adapter.valid,
+    },
+  });
+};
+
 const buildDoctorDeepReport = (params: {
   git: ILifecycleGitService;
   repoRoot: string;
+  lifecycleState: LifecycleState;
+  hookStatus: ReturnType<typeof getPumukiHooksStatus>;
 }): DoctorDeepReport => {
+  const adapterCheck = evaluateAdapterWiringCheck(params.repoRoot);
+  const compatibilityContract = buildCompatibilityContract({
+    repoRoot: params.repoRoot,
+    lifecycleState: params.lifecycleState,
+    hookStatus: params.hookStatus,
+    adapterCheck,
+  });
+
   const checks: DoctorDeepCheck[] = [
     evaluateUpstreamReadinessCheck({
       git: params.git,
       repoRoot: params.repoRoot,
     }),
-    evaluateAdapterWiringCheck(params.repoRoot),
+    adapterCheck,
     evaluatePolicyDriftCheck(params.repoRoot),
     evaluateEvidenceSourceDriftCheck({
       git: params.git,
       repoRoot: params.repoRoot,
     }),
+    evaluateCompatibilityContractCheck(compatibilityContract),
   ];
 
   return {
@@ -480,6 +617,7 @@ const buildDoctorDeepReport = (params: {
     blocking: checks.some(
       (check) => check.status === 'fail' && check.severity === 'error'
     ),
+    contract: compatibilityContract,
   };
 };
 
@@ -504,6 +642,8 @@ export const runLifecycleDoctor = (params?: {
     ? buildDoctorDeepReport({
       git,
       repoRoot,
+      lifecycleState,
+      hookStatus,
     })
     : undefined;
 

package/integrations/telemetry/gateTelemetry.ts

@@ -1,4 +1,11 @@
-import { appendFileSync, mkdirSync } from 'node:fs';
+import {
+  appendFileSync,
+  existsSync,
+  mkdirSync,
+  renameSync,
+  statSync,
+  unlinkSync,
+} from 'node:fs';
 import { dirname, isAbsolute, join } from 'node:path';
 import type { Finding } from '../../core/gate/Finding';
 import type { GateOutcome } from '../../core/gate/GateOutcome';
@@ -76,6 +83,14 @@ const toOtelTimeoutMs = (value: string | undefined): number => {
   return parsed;
 };
 
+const toTelemetryJsonlMaxBytes = (value: string | undefined): number | null => {
+  const parsed = Number.parseInt(value ?? '', 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return null;
+  }
+  return parsed;
+};
+
 const resolveTargetPath = (repoRoot: string, targetPath: string): string => {
   if (isAbsolute(targetPath)) {
     return targetPath;
@@ -88,6 +103,31 @@ const defaultAppendJsonlLine = (targetPath: string, line: string): void => {
   appendFileSync(targetPath, line, 'utf8');
 };
 
+const rotateTelemetryJsonlIfNeeded = (params: {
+  targetPath: string;
+  line: string;
+  maxBytes: number;
+}): void => {
+  mkdirSync(dirname(params.targetPath), { recursive: true });
+
+  const lineBytes = Buffer.byteLength(params.line, 'utf8');
+  let currentSize = 0;
+  if (existsSync(params.targetPath)) {
+    currentSize = statSync(params.targetPath).size;
+  }
+  if (currentSize + lineBytes <= params.maxBytes) {
+    return;
+  }
+
+  const rotatedPath = `${params.targetPath}.1`;
+  if (existsSync(rotatedPath)) {
+    unlinkSync(rotatedPath);
+  }
+  if (existsSync(params.targetPath)) {
+    renameSync(params.targetPath, rotatedPath);
+  }
+};
+
 const defaultPostOtelPayload = async (params: {
   endpoint: string;
   payload: unknown;
@@ -325,6 +365,9 @@ export const emitGateTelemetryEvent = async (
   const otelTimeoutMs = toOtelTimeoutMs(
     activeDependencies.env.PUMUKI_TELEMETRY_OTEL_TIMEOUT_MS
   );
+  const telemetryJsonlMaxBytes = toTelemetryJsonlMaxBytes(
+    activeDependencies.env.PUMUKI_TELEMETRY_JSONL_MAX_BYTES
+  );
 
   const event = toTelemetryEvent({
     ...params,
@@ -342,7 +385,15 @@ export const emitGateTelemetryEvent = async (
   let jsonlPath: string | undefined;
   if (jsonlPathRaw.length > 0) {
     jsonlPath = resolveTargetPath(params.repoRoot, jsonlPathRaw);
-    activeDependencies.appendJsonlLine(jsonlPath, `${JSON.stringify(event)}\n`);
+    const line = `${JSON.stringify(event)}\n`;
+    if (typeof telemetryJsonlMaxBytes === 'number') {
+      rotateTelemetryJsonlIfNeeded({
+        targetPath: jsonlPath,
+        line,
+        maxBytes: telemetryJsonlMaxBytes,
+      });
+    }
+    activeDependencies.appendJsonlLine(jsonlPath, line);
   }
 
   let otelDispatched = false;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.32",
+  "version": "6.3.34",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/scripts/enterprise-contract-suite-contract.ts

@@ -1,4 +1,8 @@
-export type EnterpriseContractProfileId = 'minimal' | 'block' | 'minimal-repeat';
+export type EnterpriseContractProfileId =
+  | 'minimal'
+  | 'block'
+  | 'minimal-repeat'
+  | 'telemetry-rotation';
 
 export type EnterpriseContractProfileSpec = {
   id: EnterpriseContractProfileId;
@@ -46,4 +50,9 @@ export const resolveEnterpriseContractProfiles = (): ReadonlyArray<EnterpriseCon
     mode: 'minimal',
     expectedExitCode: 1,
   },
+  {
+    id: 'telemetry-rotation',
+    mode: 'minimal',
+    expectedExitCode: 0,
+  },
 ];

package/scripts/enterprise-contract-telemetry-rotation.ts

@@ -0,0 +1,102 @@
+import assert from 'node:assert/strict';
+import { existsSync, mkdtempSync, readFileSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import type { RepoState } from '../integrations/evidence/schema';
+import { emitGateTelemetryEvent } from '../integrations/telemetry/gateTelemetry';
+
+const buildRepoState = (repoRoot: string): RepoState => ({
+  repo_root: repoRoot,
+  git: {
+    available: true,
+    branch: 'feature/contract-suite-telemetry-rotation',
+    upstream: 'origin/feature/contract-suite-telemetry-rotation',
+    ahead: 0,
+    behind: 0,
+    dirty: false,
+    staged: 0,
+    unstaged: 0,
+  },
+  lifecycle: {
+    installed: true,
+    package_version: '6.3.33',
+    lifecycle_version: '6.3.33',
+    hooks: {
+      pre_commit: 'managed',
+      pre_push: 'managed',
+    },
+  },
+});
+
+const main = async (): Promise<void> => {
+  const workspaceRoot = mkdtempSync(join(tmpdir(), 'pumuki-contract-telemetry-rotation-'));
+  const jsonlRelativePath = '.pumuki/artifacts/gate-telemetry.jsonl';
+  const repoState = buildRepoState(workspaceRoot);
+
+  try {
+    await emitGateTelemetryEvent(
+      {
+        stage: 'PRE_COMMIT',
+        auditMode: 'gate',
+        gateOutcome: 'PASS',
+        filesScanned: 1,
+        findings: [],
+        repoRoot: workspaceRoot,
+        repoState,
+      },
+      {
+        env: {
+          PUMUKI_TELEMETRY_JSONL_PATH: jsonlRelativePath,
+          PUMUKI_TELEMETRY_JSONL_MAX_BYTES: '1',
+        } as NodeJS.ProcessEnv,
+        now: () => new Date('2026-03-04T00:00:00.000Z'),
+      }
+    );
+
+    const secondEvent = await emitGateTelemetryEvent(
+      {
+        stage: 'PRE_PUSH',
+        auditMode: 'gate',
+        gateOutcome: 'BLOCK',
+        filesScanned: 2,
+        findings: [],
+        repoRoot: workspaceRoot,
+        repoState,
+      },
+      {
+        env: {
+          PUMUKI_TELEMETRY_JSONL_PATH: jsonlRelativePath,
+          PUMUKI_TELEMETRY_JSONL_MAX_BYTES: '1',
+        } as NodeJS.ProcessEnv,
+        now: () => new Date('2026-03-04T00:00:01.000Z'),
+      }
+    );
+
+    assert.ok(secondEvent.jsonl_path);
+    const currentPath = secondEvent.jsonl_path;
+    const rotatedPath = `${currentPath}.1`;
+    assert.equal(existsSync(currentPath), true);
+    assert.equal(existsSync(rotatedPath), true);
+
+    const currentPayload = JSON.parse(readFileSync(currentPath, 'utf8').trim()) as {
+      schema?: string;
+      stage?: string;
+    };
+    const rotatedPayload = JSON.parse(readFileSync(rotatedPath, 'utf8').trim()) as {
+      schema?: string;
+      stage?: string;
+    };
+
+    assert.equal(currentPayload.schema, 'telemetry_event_v1');
+    assert.equal(currentPayload.stage, 'PRE_PUSH');
+    assert.equal(rotatedPayload.schema, 'telemetry_event_v1');
+    assert.equal(rotatedPayload.stage, 'PRE_COMMIT');
+  } finally {
+    rmSync(workspaceRoot, {
+      recursive: true,
+      force: true,
+    });
+  }
+};
+
+void main();

package/scripts/run-enterprise-contract-suite.ts

@@ -19,7 +19,10 @@ const runProfile = (
   repoRoot: string,
   profile: EnterpriseContractProfileSpec
 ): EnterpriseContractProfileResult => {
-  const args = ['--import', 'tsx', 'scripts/package-install-smoke.ts', `--mode=${profile.mode}`];
+  const args =
+    profile.id === 'telemetry-rotation'
+      ? ['--import', 'tsx', 'scripts/enterprise-contract-telemetry-rotation.ts']
+      : ['--import', 'tsx', 'scripts/package-install-smoke.ts', `--mode=${profile.mode}`];
   const result = runCommand({
     cwd: repoRoot,
     executable: 'node',