pumuki 6.3.72 → 6.3.75

package/integrations/lifecycle/bootstrapManifest.ts

@@ -0,0 +1,248 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
+import { dirname, join } from 'node:path'
+import { getPumukiHooksStatus, resolvePumukiHooksDirectory } from './hookManager'
+import { LifecycleGitService, type ILifecycleGitService } from './gitService'
+import {
+  readGovernanceObservationSnapshot,
+  type GovernanceContractSurface,
+  type GovernanceObservationSnapshot,
+} from './governanceObservationSnapshot'
+import { readGovernanceNextAction, type GovernanceNextActionSummary } from './governanceNextAction'
+import { getCurrentPumukiPackageName, getCurrentPumukiVersion } from './packageInfo'
+import { readLifecycleExperimentalFeaturesSnapshot } from './experimentalFeaturesSnapshot'
+import { readLifecyclePolicyValidationSnapshot } from './policyValidationSnapshot'
+import { readLifecycleState } from './state'
+
+export const BOOTSTRAP_MANIFEST_RELATIVE_PATH = '.pumuki/bootstrap-manifest.json'
+
+type AdapterCommandContract = {
+  path: string
+  present: boolean
+  hooks: {
+    pre_write?: string
+    pre_commit?: string
+    pre_push?: string
+    ci?: string
+  }
+  mcp: {
+    enterprise?: string
+    evidence?: string
+  }
+}
+
+export type LifecycleBootstrapManifest = {
+  schema_version: '1'
+  repo_root: string
+  package: {
+    name: string
+    version: string
+  }
+  lifecycle: {
+    installed: boolean
+    version: string | null
+    installed_at: string | null
+    managed_hooks: ReadonlyArray<string>
+    openspec_managed_artifacts: ReadonlyArray<string>
+  }
+  hooks_directory: {
+    path: string
+    source: 'git-rev-parse' | 'git-config' | 'default'
+  }
+  hook_status: Record<string, { managed_block_present: boolean; exists: boolean }>
+  contract_surface: GovernanceContractSurface
+  governance: {
+    effective: GovernanceObservationSnapshot['governance_effective']
+    attention_codes: ReadonlyArray<string>
+    next_action: GovernanceNextActionSummary
+    bootstrap_hints: ReadonlyArray<string>
+  }
+  sdd: {
+    effective_mode: GovernanceObservationSnapshot['sdd']['effective_mode']
+    experimental_source: string
+    session_active: boolean
+    session_valid: boolean
+    change_id: string | null
+  }
+  policy_strict: GovernanceObservationSnapshot['policy_strict']
+  git: GovernanceObservationSnapshot['git']
+  adapter: AdapterCommandContract
+}
+
+export type LifecycleBootstrapManifestWriteResult = {
+  path: string
+  changed: boolean
+  manifest: LifecycleBootstrapManifest
+}
+
+const isRecord = (value: unknown): value is Record<string, unknown> =>
+  typeof value === 'object' && value !== null && !Array.isArray(value)
+
+const readOptionalCommand = (source: unknown): string | undefined => {
+  if (!isRecord(source)) {
+    return undefined
+  }
+  const command = source.command
+  return typeof command === 'string' && command.trim().length > 0 ? command.trim() : undefined
+}
+
+const readAdapterCommandContract = (repoRoot: string): AdapterCommandContract => {
+  const path = join(repoRoot, '.pumuki', 'adapter.json')
+  if (!existsSync(path)) {
+    return {
+      path: BOOTSTRAP_MANIFEST_RELATIVE_PATH.replace('bootstrap-manifest.json', 'adapter.json'),
+      present: false,
+      hooks: {},
+      mcp: {},
+    }
+  }
+
+  try {
+    const parsed = JSON.parse(readFileSync(path, 'utf8')) as unknown
+    const hooks = isRecord(parsed) && isRecord(parsed.hooks) ? parsed.hooks : {}
+    const mcp = isRecord(parsed) && isRecord(parsed.mcp) ? parsed.mcp : {}
+    return {
+      path: '.pumuki/adapter.json',
+      present: true,
+      hooks: {
+        pre_write: readOptionalCommand(isRecord(hooks) ? hooks.pre_write : undefined),
+        pre_commit: readOptionalCommand(isRecord(hooks) ? hooks.pre_commit : undefined),
+        pre_push: readOptionalCommand(isRecord(hooks) ? hooks.pre_push : undefined),
+        ci: readOptionalCommand(isRecord(hooks) ? hooks.ci : undefined),
+      },
+      mcp: {
+        enterprise: readOptionalCommand(isRecord(mcp) ? mcp.enterprise : undefined),
+        evidence: readOptionalCommand(isRecord(mcp) ? mcp.evidence : undefined),
+      },
+    }
+  } catch {
+    return {
+      path: '.pumuki/adapter.json',
+      present: false,
+      hooks: {},
+      mcp: {},
+    }
+  }
+}
+
+const parseManagedHooks = (raw?: string): string[] => {
+  if (typeof raw !== 'string' || raw.trim().length === 0) {
+    return []
+  }
+  return raw
+    .split(',')
+    .map((value) => value.trim())
+    .filter((value) => value.length > 0)
+}
+
+const parseManagedArtifacts = (raw?: string): string[] => {
+  if (typeof raw !== 'string' || raw.trim().length === 0) {
+    return []
+  }
+  return raw
+    .split(',')
+    .map((value) => value.trim())
+    .filter((value) => value.length > 0)
+}
+
+const toHookStatusSummary = (
+  hookStatus: ReturnType<typeof getPumukiHooksStatus>
+): Record<string, { managed_block_present: boolean; exists: boolean }> =>
+  Object.fromEntries(
+    Object.entries(hookStatus).map(([hook, entry]) => [
+      hook,
+      {
+        managed_block_present: entry.managedBlockPresent,
+        exists: entry.exists,
+      },
+    ])
+  )
+
+export const buildLifecycleBootstrapManifest = (params: {
+  repoRoot: string
+  git?: ILifecycleGitService
+}): LifecycleBootstrapManifest => {
+  const git = params.git ?? new LifecycleGitService()
+  const repoRoot = git.resolveRepoRoot(params.repoRoot)
+  const lifecycleState = readLifecycleState(git, repoRoot)
+  const experimentalFeatures = readLifecycleExperimentalFeaturesSnapshot()
+  const policyValidation = readLifecyclePolicyValidationSnapshot(repoRoot)
+  const governanceObservation = readGovernanceObservationSnapshot({
+    repoRoot,
+    experimentalFeatures,
+    policyValidation,
+    git,
+  })
+  const governanceNextAction = readGovernanceNextAction({
+    repoRoot,
+    stage: 'PRE_WRITE',
+    governanceObservation,
+  })
+  const hooksDirectory = resolvePumukiHooksDirectory(repoRoot)
+  const hookStatus = getPumukiHooksStatus(repoRoot)
+  const adapter = readAdapterCommandContract(repoRoot)
+
+  return {
+    schema_version: '1',
+    repo_root: repoRoot,
+    package: {
+      name: getCurrentPumukiPackageName(),
+      version: getCurrentPumukiVersion({ repoRoot }),
+    },
+    lifecycle: {
+      installed: lifecycleState.installed === 'true',
+      version: typeof lifecycleState.version === 'string' && lifecycleState.version.length > 0
+        ? lifecycleState.version
+        : null,
+      installed_at:
+        typeof lifecycleState.installedAt === 'string' && lifecycleState.installedAt.length > 0
+          ? lifecycleState.installedAt
+          : null,
+      managed_hooks: parseManagedHooks(lifecycleState.hooks),
+      openspec_managed_artifacts: parseManagedArtifacts(lifecycleState.openSpecManagedArtifacts),
+    },
+    hooks_directory: hooksDirectory,
+    hook_status: toHookStatusSummary(hookStatus),
+    contract_surface: governanceObservation.contract_surface,
+    governance: {
+      effective: governanceObservation.governance_effective,
+      attention_codes: governanceObservation.attention_codes,
+      next_action: governanceNextAction,
+      bootstrap_hints: governanceObservation.agent_bootstrap_hints,
+    },
+    sdd: {
+      effective_mode: governanceObservation.sdd.effective_mode,
+      experimental_source: governanceObservation.sdd.experimental_source,
+      session_active: governanceObservation.sdd_session.active,
+      session_valid: governanceObservation.sdd_session.valid,
+      change_id: governanceObservation.sdd_session.change_id,
+    },
+    policy_strict: governanceObservation.policy_strict,
+    git: governanceObservation.git,
+    adapter,
+  }
+}
+
+const serializeManifest = (manifest: LifecycleBootstrapManifest): string =>
+  `${JSON.stringify(manifest, null, 2)}\n`
+
+export const writeLifecycleBootstrapManifest = (params: {
+  repoRoot: string
+  git?: ILifecycleGitService
+}): LifecycleBootstrapManifestWriteResult => {
+  const git = params.git ?? new LifecycleGitService()
+  const repoRoot = git.resolveRepoRoot(params.repoRoot)
+  const path = join(repoRoot, BOOTSTRAP_MANIFEST_RELATIVE_PATH)
+  const manifest = buildLifecycleBootstrapManifest({ repoRoot, git })
+  const nextContents = serializeManifest(manifest)
+  const currentContents = existsSync(path) ? readFileSync(path, 'utf8') : ''
+  const changed = currentContents !== nextContents
+  if (changed) {
+    mkdirSync(dirname(path), { recursive: true })
+    writeFileSync(path, nextContents, 'utf8')
+  }
+  return {
+    path,
+    changed,
+    manifest,
+  }
+}

package/integrations/lifecycle/cli.ts

@@ -4,11 +4,16 @@ import type { GatePolicy } from '../../core/gate/GatePolicy';
 import { runPlatformGate } from '../git/runPlatformGate';
 import { collectWorktreeAtomicSlices } from '../git/worktreeAtomicSlices';
 import {
+  doctorCommandShouldFailExit,
+  doctorCommandShouldWarnHuman,
   doctorHasBlockingIssues,
+  doctorHasGovernanceAttention,
   doctorHasParityMismatch,
   runLifecycleDoctor,
   type LifecycleDoctorReport,
 } from './doctor';
+import { printGovernanceObservationHuman } from './governanceObservationSnapshot';
+import { printGovernanceNextActionHuman } from './governanceNextAction';
 import { runLifecycleInstall } from './install';
 import { runLifecycleRemove } from './remove';
 import { readLifecycleStatus } from './status';
@@ -1517,6 +1522,8 @@ const printDoctorReport = (
   writeInfo(
     `[pumuki] hook pre-push: ${report.hookStatus['pre-push'].managedBlockPresent ? 'managed' : 'missing'}`
   );
+  printGovernanceObservationHuman(report.governanceObservation);
+  printGovernanceNextActionHuman(report.governanceNextAction);
   writeInfo(
     `[pumuki] policy-as-code: PRE_COMMIT=${report.policyValidation.stages.PRE_COMMIT.validationCode ?? 'n/a'} strict=${report.policyValidation.stages.PRE_COMMIT.strict ? 'yes' : 'no'} ` +
     `PRE_PUSH=${report.policyValidation.stages.PRE_PUSH.validationCode ?? 'n/a'} strict=${report.policyValidation.stages.PRE_PUSH.strict ? 'yes' : 'no'} ` +
@@ -1554,17 +1561,19 @@ const printDoctorReport = (
     }
   }
 
-  const hasBlocking =
-    doctorHasBlockingIssues(report) || doctorHasParityMismatch(report);
-  const hasWarnings =
-    report.issues.length > 0 ||
-    report.deep?.checks.some((check) => check.status !== 'pass') === true;
+  const hasBlocking = doctorCommandShouldFailExit(report);
+  const hasWarnings = doctorCommandShouldWarnHuman(report);
 
   if (!hasWarnings && !hasBlocking) {
     writeInfo('[pumuki] doctor verdict: PASS');
   } else {
     writeInfo(`[pumuki] doctor verdict: ${hasBlocking ? 'BLOCKED' : 'WARN'}`);
   }
+  if (!hasBlocking && doctorHasGovernanceAttention(report)) {
+    writeInfo(
+      '[pumuki] doctor: governance_effective is not GREEN (see governance truth).'
+    );
+  }
 
   if (remoteCiDiagnostics) {
     printRemoteCiDiagnostics(remoteCiDiagnostics);
@@ -1610,8 +1619,8 @@ export type PreWriteOpenSpecBootstrapTrace = {
   details?: string;
 };
 
-export const PRE_WRITE_ENABLE_ADVISORY_COMMAND =
-  'PUMUKI_EXPERIMENTAL_PRE_WRITE=advisory npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json';
+export const PRE_WRITE_ENABLE_STRICT_COMMAND =
+  'PUMUKI_EXPERIMENTAL_PRE_WRITE=strict npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json';
 export const buildSddExperimentalEnableAdvisoryCommand = (stage: SddStage): string =>
   `PUMUKI_EXPERIMENTAL_SDD=advisory npx --yes --package pumuki@latest pumuki sdd validate --stage=${stage} --json`;
 const buildAnalyticsExperimentalEnableCommand = (action: AnalyticsHotspotsCommand): string =>
@@ -1705,6 +1714,7 @@ const buildSaasIngestionExperimentalDisabledEnvelope = (
 export const buildPreWriteExperimentalDisabledResult = (params: {
   stage: SddStage;
   status: SddEvaluateResult['status'];
+  source: 'env' | 'legacy-env' | 'default';
 }): SddEvaluateResult => ({
   stage: params.stage,
   status: params.status,
@@ -1712,14 +1722,16 @@ export const buildPreWriteExperimentalDisabledResult = (params: {
     allowed: true,
     code: 'PRE_WRITE_EXPERIMENTAL_DISABLED',
     message:
-      'PRE_WRITE pertenece al namespace experimental y está desactivado por defecto. Actívalo explícitamente con PUMUKI_EXPERIMENTAL_PRE_WRITE=advisory o strict si necesitas este flujo.',
+      'PRE_WRITE está desactivado explícitamente. Reactívalo con PUMUKI_EXPERIMENTAL_PRE_WRITE=strict si necesitas recuperar el gate previo a escritura.',
     details: {
       experimental: true,
-      default_off: true,
+      default_off: false,
+      disabled_explicitly: true,
+      disabled_source: params.source,
       layer: 'experimental',
       activation_env: 'PUMUKI_EXPERIMENTAL_PRE_WRITE',
       legacy_activation_env: 'PUMUKI_PREWRITE_ENFORCEMENT',
-      activation_command: PRE_WRITE_ENABLE_ADVISORY_COMMAND,
+      activation_command: PRE_WRITE_ENABLE_STRICT_COMMAND,
     },
   },
 });
@@ -2101,6 +2113,10 @@ export const runLifecycleCli = async (
                   repo_root: installResult.repoRoot,
                   version: installResult.version,
                   hooks_changed: installResult.changedHooks,
+                  bootstrap_manifest: {
+                    path: installResult.bootstrapManifest.path,
+                    changed: installResult.bootstrapManifest.changed,
+                  },
                   openspec: installResult.openSpecBootstrap
                     ? {
                         installed: installResult.openSpecBootstrap.packageInstalled,
@@ -2113,6 +2129,10 @@ export const runLifecycleCli = async (
                 mcp: {
                   agent: adapterResult.agent,
                   changed_files: adapterResult.changedFiles,
+                  bootstrap_manifest: {
+                    path: adapterResult.bootstrapManifest.path,
+                    changed: adapterResult.bootstrapManifest.changed,
+                  },
                   adapter_health: adapterCheck
                     ? {
                         status: adapterCheck.status,
@@ -2139,6 +2159,9 @@ export const runLifecycleCli = async (
           writeInfo(
             `[pumuki] bootstrap install: hooks changed=${installResult.changedHooks.join(', ') || 'none'}`
           );
+          writeInfo(
+            `[pumuki] bootstrap manifest: path=${installResult.bootstrapManifest.path} changed=${installResult.bootstrapManifest.changed ? 'yes' : 'no'}`
+          );
           if (installResult.openSpecBootstrap) {
             writeInfo(
               `[pumuki] bootstrap openspec: installed=${installResult.openSpecBootstrap.packageInstalled ? 'yes' : 'no'} project=${installResult.openSpecBootstrap.projectInitialized ? 'yes' : 'no'} actions=${installResult.openSpecBootstrap.actions.join(', ') || 'none'}`
@@ -2179,6 +2202,9 @@ export const runLifecycleCli = async (
         writeInfo(
           `[pumuki] installed ${result.version} at ${result.repoRoot} (hooks changed: ${result.changedHooks.join(', ') || 'none'})`
         );
+        writeInfo(
+          `[pumuki] bootstrap manifest: path=${result.bootstrapManifest.path} changed=${result.bootstrapManifest.changed ? 'yes' : 'no'}`
+        );
         if (result.openSpecBootstrap) {
           writeInfo(
             `[pumuki] openspec bootstrap: installed=${result.openSpecBootstrap.packageInstalled ? 'yes' : 'no'} project=${result.openSpecBootstrap.projectInitialized ? 'yes' : 'no'} actions=${result.openSpecBootstrap.actions.join(', ') || 'none'}`
@@ -2194,6 +2220,9 @@ export const runLifecycleCli = async (
           writeInfo(
             `[pumuki] mcp wiring: agent=${adapterResult.agent} changed=${adapterResult.changedFiles.length}`
           );
+          writeInfo(
+            `[pumuki] mcp manifest: path=${adapterResult.bootstrapManifest.path} changed=${adapterResult.bootstrapManifest.changed ? 'yes' : 'no'}`
+          );
           if (adapterResult.changedFiles.length > 0) {
             writeInfo(`[pumuki] mcp files: ${adapterResult.changedFiles.join(', ')}`);
           }
@@ -2276,7 +2305,7 @@ export const runLifecycleCli = async (
         } else {
           printDoctorReport(report, remoteCiDiagnostics);
         }
-        return doctorHasBlockingIssues(report) || doctorHasParityMismatch(report) ? 1 : 0;
+        return doctorCommandShouldFailExit(report) ? 1 : 0;
       }
       case 'status': {
         const status = readLifecycleStatus();
@@ -2329,6 +2358,8 @@ export const runLifecycleCli = async (
           writeInfo(
             `[pumuki] hooks: pre-commit=${status.hookStatus['pre-commit'].managedBlockPresent ? 'managed' : 'missing'}, pre-push=${status.hookStatus['pre-push'].managedBlockPresent ? 'managed' : 'missing'}`
           );
+          printGovernanceObservationHuman(status.governanceObservation);
+          printGovernanceNextActionHuman(status.governanceNextAction);
           writeInfo(
             `[pumuki] tracked node_modules paths: ${status.trackedNodeModulesCount}`
           );
@@ -2700,6 +2731,9 @@ export const runLifecycleCli = async (
                 `[pumuki] adapter files: ${result.changedFiles.join(', ')}`
               );
             }
+            writeInfo(
+              `[pumuki] adapter manifest: path=${result.bootstrapManifest.path} changed=${result.bootstrapManifest.changed ? 'yes' : 'no'}`
+            );
           }
           return 0;
         }

package/integrations/lifecycle/cliSdd.ts

@@ -36,7 +36,7 @@ import {
   buildPreWriteExperimentalDisabledResult,
   buildSddExperimentalEnableAdvisoryCommand,
   runRawPreWriteAiGateCheck,
-  PRE_WRITE_ENABLE_ADVISORY_COMMAND,
+  PRE_WRITE_ENABLE_STRICT_COMMAND,
 } from './cli';
 
 export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: LifecycleCliDependencies): Promise<number> => {
@@ -84,6 +84,7 @@ export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: Life
             const disabledResult = buildPreWriteExperimentalDisabledResult({
               stage: requestedStage,
               status: readSddStatus(process.cwd()),
+              source: preWriteEnforcement.source,
             });
             if (parsed.json) {
               writeInfo(
@@ -106,7 +107,7 @@ export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: Life
                     },
                     next_action: {
                       reason: 'PRE_WRITE_EXPERIMENTAL_DISABLED',
-                      command: PRE_WRITE_ENABLE_ADVISORY_COMMAND,
+                      command: PRE_WRITE_ENABLE_STRICT_COMMAND,
                     },
                   },
                   null,
@@ -127,7 +128,7 @@ export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: Life
                 `[pumuki][sdd] pre-write enforcement: mode=${preWriteEnforcement.mode} source=${preWriteEnforcement.source} blocking=no`
               );
               writeInfo(
-                `[pumuki][sdd] next action (PRE_WRITE_EXPERIMENTAL_DISABLED): ${PRE_WRITE_ENABLE_ADVISORY_COMMAND}`
+                `[pumuki][sdd] next action (PRE_WRITE_EXPERIMENTAL_DISABLED): ${PRE_WRITE_ENABLE_STRICT_COMMAND}`
               );
             }
             return 0;

package/integrations/lifecycle/doctor.ts

@@ -5,10 +5,25 @@ import { resolvePolicyForStage } from '../gate/stagePolicies';
 import { getPumukiHooksStatus, resolvePumukiHooksDirectory } from './hookManager';
 import { LifecycleGitService, type ILifecycleGitService } from './gitService';
 import { buildLifecycleVersionReport, getCurrentPumukiVersion } from './packageInfo';
+import {
+  readLifecycleExperimentalFeaturesSnapshot,
+  type LifecycleExperimentalFeaturesSnapshot,
+} from './experimentalFeaturesSnapshot';
 import {
   readLifecyclePolicyValidationSnapshot,
   type LifecyclePolicyValidationSnapshot,
 } from './policyValidationSnapshot';
+import {
+  doctorGovernanceIsBlocking,
+  doctorGovernanceNeedsAttention,
+  readGovernanceObservationSnapshot,
+  type GovernanceObservationSnapshot,
+} from './governanceObservationSnapshot';
+import {
+  readGovernanceNextAction,
+  type GovernanceNextActionReader,
+  type GovernanceNextActionSummary,
+} from './governanceNextAction';
 import { readLifecycleState, type LifecycleState } from './state';
 import {
   detectOpenSpecInstallation,
@@ -95,6 +110,9 @@ export type LifecycleDoctorReport = {
   hooksDirectory: string;
   hooksDirectoryResolution: 'git-rev-parse' | 'git-config' | 'default';
   policyValidation: LifecyclePolicyValidationSnapshot;
+  experimentalFeatures: LifecycleExperimentalFeaturesSnapshot;
+  governanceObservation: GovernanceObservationSnapshot;
+  governanceNextAction: GovernanceNextActionSummary;
   issues: ReadonlyArray<DoctorIssue>;
   deep?: DoctorDeepReport;
   parity_profile?: DoctorParityProfile;
@@ -797,6 +815,7 @@ export const runLifecycleDoctor = (params?: {
   git?: ILifecycleGitService;
   deep?: boolean;
   parity?: boolean;
+  governanceNextActionReader?: GovernanceNextActionReader;
 }): LifecycleDoctorReport => {
   const git = params?.git ?? new LifecycleGitService();
   const cwd = params?.cwd ?? process.cwd();
@@ -824,6 +843,19 @@ export const runLifecycleDoctor = (params?: {
     repoRoot,
     lifecycleVersion: lifecycleState.version,
   });
+  const policyValidation = readLifecyclePolicyValidationSnapshot(repoRoot);
+  const experimentalFeatures = readLifecycleExperimentalFeaturesSnapshot();
+  const governanceObservation = readGovernanceObservationSnapshot({
+    repoRoot,
+    experimentalFeatures,
+    policyValidation,
+    git,
+  });
+  const governanceNextAction = (params?.governanceNextActionReader ?? readGovernanceNextAction)({
+    repoRoot,
+    stage: 'PRE_WRITE',
+    governanceObservation,
+  });
 
   const parity_profile =
     params?.parity === true
@@ -846,7 +878,10 @@ export const runLifecycleDoctor = (params?: {
     hookStatus,
     hooksDirectory: hooksDirectory.path,
     hooksDirectoryResolution: hooksDirectory.source,
-    policyValidation: readLifecyclePolicyValidationSnapshot(repoRoot),
+    policyValidation,
+    experimentalFeatures,
+    governanceNextAction,
+    governanceObservation,
     issues,
     deep,
     parity_profile,
@@ -859,3 +894,16 @@ export const doctorHasBlockingIssues = (report: LifecycleDoctorReport): boolean
 
 export const doctorHasParityMismatch = (report: LifecycleDoctorReport): boolean =>
   typeof report.parity_comparison !== 'undefined' && report.parity_comparison.matches === false;
+
+export const doctorHasGovernanceAttention = (report: LifecycleDoctorReport): boolean =>
+  doctorGovernanceNeedsAttention(report.governanceObservation);
+
+export const doctorCommandShouldWarnHuman = (report: LifecycleDoctorReport): boolean =>
+  report.issues.length > 0
+  || report.deep?.checks.some((check) => check.status !== 'pass') === true
+  || doctorHasGovernanceAttention(report);
+
+export const doctorCommandShouldFailExit = (report: LifecycleDoctorReport): boolean =>
+  doctorHasBlockingIssues(report)
+  || doctorHasParityMismatch(report)
+  || doctorGovernanceIsBlocking(report.governanceObservation);