pumuki 6.3.73 → 6.3.76

package/integrations/git/aiGateRepoPolicyFindings.ts

@@ -6,6 +6,10 @@ const AI_GATE_STAGES = new Set<AiGateStage>(['PRE_WRITE', 'PRE_COMMIT', 'PRE_PUS
 
 const REPO_POLICY_CODES = new Set<string>([
   'GITFLOW_PROTECTED_BRANCH',
+  'GITFLOW_BRANCH_NAMING_INVALID',
+  'TRACKING_CANONICAL_SOURCE_CONFLICT',
+  'TRACKING_CANONICAL_FILE_MISSING',
+  'TRACKING_CANONICAL_IN_PROGRESS_INVALID',
   'EVIDENCE_PREWRITE_WORKTREE_OVER_LIMIT',
   'EVIDENCE_PREWRITE_WORKTREE_WARN',
 ]);

package/integrations/git/runPlatformGateFacts.ts

@@ -27,7 +27,6 @@ export type GateScope =
   };
 
 const DEFAULT_EXTENSIONS = ['.swift', '.ts', '.tsx', '.js', '.jsx', '.kt', '.kts'];
-export const DEFAULT_FACT_FILE_EXTENSIONS = DEFAULT_EXTENSIONS;
 
 export const countScannedFilesFromFacts = (facts: ReadonlyArray<Fact>): number => {
   const contentPaths = new Set<string>();

package/integrations/lifecycle/adapter.templates.json

@@ -2,7 +2,6 @@
   "codex": [
     {
       "path": ".pumuki/adapter.json",
-      "mode": "json-merge",
       "payload": {
         "hooks": {
           "pre_write": {
@@ -32,7 +31,6 @@
   "repo": [
     {
       "path": ".pumuki/adapter.json",
-      "mode": "json-merge",
       "payload": {
         "hooks": {
           "pre_write": {
@@ -145,7 +143,6 @@
     },
     {
       "path": ".pumuki/adapter.json",
-      "mode": "json-merge",
       "payload": {
         "hooks": {
           "pre_write": {

package/integrations/lifecycle/adapter.ts

@@ -2,6 +2,7 @@ import { mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { dirname, isAbsolute, join, resolve } from 'node:path';
 import { LifecycleGitService, type ILifecycleGitService } from './gitService';
+import { writeLifecycleBootstrapManifest } from './bootstrapManifest';
 
 export type AdapterAgent = string;
 
@@ -11,6 +12,10 @@ export type LifecycleAdapterInstallResult = {
   dryRun: boolean;
   written: boolean;
   changedFiles: ReadonlyArray<string>;
+  bootstrapManifest: {
+    path: string;
+    changed: boolean;
+  };
 };
 
 type AdapterTemplate = {
@@ -154,11 +159,30 @@ export const runLifecycleAdapterInstall = (params: {
     writeFileSync(absolutePath, nextContents, 'utf8');
   }
 
+  let bootstrapManifest = {
+    path: join(repoRoot, '.pumuki', 'bootstrap-manifest.json'),
+    changed: false,
+  };
+  if (!dryRun) {
+    const manifestWrite = writeLifecycleBootstrapManifest({
+      git,
+      repoRoot,
+    });
+    bootstrapManifest = {
+      path: manifestWrite.path,
+      changed: manifestWrite.changed,
+    };
+    if (manifestWrite.changed) {
+      changedFiles.push('.pumuki/bootstrap-manifest.json');
+    }
+  }
+
   return {
     repoRoot,
     agent: params.agent,
     dryRun,
     written: !dryRun,
     changedFiles,
+    bootstrapManifest,
   };
 };

package/integrations/lifecycle/bootstrapManifest.ts

@@ -0,0 +1,248 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
+import { dirname, join } from 'node:path'
+import { getPumukiHooksStatus, resolvePumukiHooksDirectory } from './hookManager'
+import { LifecycleGitService, type ILifecycleGitService } from './gitService'
+import {
+  readGovernanceObservationSnapshot,
+  type GovernanceContractSurface,
+  type GovernanceObservationSnapshot,
+} from './governanceObservationSnapshot'
+import { readGovernanceNextAction, type GovernanceNextActionSummary } from './governanceNextAction'
+import { getCurrentPumukiPackageName, getCurrentPumukiVersion } from './packageInfo'
+import { readLifecycleExperimentalFeaturesSnapshot } from './experimentalFeaturesSnapshot'
+import { readLifecyclePolicyValidationSnapshot } from './policyValidationSnapshot'
+import { readLifecycleState } from './state'
+
+export const BOOTSTRAP_MANIFEST_RELATIVE_PATH = '.pumuki/bootstrap-manifest.json'
+
+type AdapterCommandContract = {
+  path: string
+  present: boolean
+  hooks: {
+    pre_write?: string
+    pre_commit?: string
+    pre_push?: string
+    ci?: string
+  }
+  mcp: {
+    enterprise?: string
+    evidence?: string
+  }
+}
+
+export type LifecycleBootstrapManifest = {
+  schema_version: '1'
+  repo_root: string
+  package: {
+    name: string
+    version: string
+  }
+  lifecycle: {
+    installed: boolean
+    version: string | null
+    installed_at: string | null
+    managed_hooks: ReadonlyArray<string>
+    openspec_managed_artifacts: ReadonlyArray<string>
+  }
+  hooks_directory: {
+    path: string
+    source: 'git-rev-parse' | 'git-config' | 'default'
+  }
+  hook_status: Record<string, { managed_block_present: boolean; exists: boolean }>
+  contract_surface: GovernanceContractSurface
+  governance: {
+    effective: GovernanceObservationSnapshot['governance_effective']
+    attention_codes: ReadonlyArray<string>
+    next_action: GovernanceNextActionSummary
+    bootstrap_hints: ReadonlyArray<string>
+  }
+  sdd: {
+    effective_mode: GovernanceObservationSnapshot['sdd']['effective_mode']
+    experimental_source: string
+    session_active: boolean
+    session_valid: boolean
+    change_id: string | null
+  }
+  policy_strict: GovernanceObservationSnapshot['policy_strict']
+  git: GovernanceObservationSnapshot['git']
+  adapter: AdapterCommandContract
+}
+
+export type LifecycleBootstrapManifestWriteResult = {
+  path: string
+  changed: boolean
+  manifest: LifecycleBootstrapManifest
+}
+
+const isRecord = (value: unknown): value is Record<string, unknown> =>
+  typeof value === 'object' && value !== null && !Array.isArray(value)
+
+const readOptionalCommand = (source: unknown): string | undefined => {
+  if (!isRecord(source)) {
+    return undefined
+  }
+  const command = source.command
+  return typeof command === 'string' && command.trim().length > 0 ? command.trim() : undefined
+}
+
+const readAdapterCommandContract = (repoRoot: string): AdapterCommandContract => {
+  const path = join(repoRoot, '.pumuki', 'adapter.json')
+  if (!existsSync(path)) {
+    return {
+      path: BOOTSTRAP_MANIFEST_RELATIVE_PATH.replace('bootstrap-manifest.json', 'adapter.json'),
+      present: false,
+      hooks: {},
+      mcp: {},
+    }
+  }
+
+  try {
+    const parsed = JSON.parse(readFileSync(path, 'utf8')) as unknown
+    const hooks = isRecord(parsed) && isRecord(parsed.hooks) ? parsed.hooks : {}
+    const mcp = isRecord(parsed) && isRecord(parsed.mcp) ? parsed.mcp : {}
+    return {
+      path: '.pumuki/adapter.json',
+      present: true,
+      hooks: {
+        pre_write: readOptionalCommand(isRecord(hooks) ? hooks.pre_write : undefined),
+        pre_commit: readOptionalCommand(isRecord(hooks) ? hooks.pre_commit : undefined),
+        pre_push: readOptionalCommand(isRecord(hooks) ? hooks.pre_push : undefined),
+        ci: readOptionalCommand(isRecord(hooks) ? hooks.ci : undefined),
+      },
+      mcp: {
+        enterprise: readOptionalCommand(isRecord(mcp) ? mcp.enterprise : undefined),
+        evidence: readOptionalCommand(isRecord(mcp) ? mcp.evidence : undefined),
+      },
+    }
+  } catch {
+    return {
+      path: '.pumuki/adapter.json',
+      present: false,
+      hooks: {},
+      mcp: {},
+    }
+  }
+}
+
+const parseManagedHooks = (raw?: string): string[] => {
+  if (typeof raw !== 'string' || raw.trim().length === 0) {
+    return []
+  }
+  return raw
+    .split(',')
+    .map((value) => value.trim())
+    .filter((value) => value.length > 0)
+}
+
+const parseManagedArtifacts = (raw?: string): string[] => {
+  if (typeof raw !== 'string' || raw.trim().length === 0) {
+    return []
+  }
+  return raw
+    .split(',')
+    .map((value) => value.trim())
+    .filter((value) => value.length > 0)
+}
+
+const toHookStatusSummary = (
+  hookStatus: ReturnType<typeof getPumukiHooksStatus>
+): Record<string, { managed_block_present: boolean; exists: boolean }> =>
+  Object.fromEntries(
+    Object.entries(hookStatus).map(([hook, entry]) => [
+      hook,
+      {
+        managed_block_present: entry.managedBlockPresent,
+        exists: entry.exists,
+      },
+    ])
+  )
+
+export const buildLifecycleBootstrapManifest = (params: {
+  repoRoot: string
+  git?: ILifecycleGitService
+}): LifecycleBootstrapManifest => {
+  const git = params.git ?? new LifecycleGitService()
+  const repoRoot = git.resolveRepoRoot(params.repoRoot)
+  const lifecycleState = readLifecycleState(git, repoRoot)
+  const experimentalFeatures = readLifecycleExperimentalFeaturesSnapshot()
+  const policyValidation = readLifecyclePolicyValidationSnapshot(repoRoot)
+  const governanceObservation = readGovernanceObservationSnapshot({
+    repoRoot,
+    experimentalFeatures,
+    policyValidation,
+    git,
+  })
+  const governanceNextAction = readGovernanceNextAction({
+    repoRoot,
+    stage: 'PRE_WRITE',
+    governanceObservation,
+  })
+  const hooksDirectory = resolvePumukiHooksDirectory(repoRoot)
+  const hookStatus = getPumukiHooksStatus(repoRoot)
+  const adapter = readAdapterCommandContract(repoRoot)
+
+  return {
+    schema_version: '1',
+    repo_root: repoRoot,
+    package: {
+      name: getCurrentPumukiPackageName(),
+      version: getCurrentPumukiVersion({ repoRoot }),
+    },
+    lifecycle: {
+      installed: lifecycleState.installed === 'true',
+      version: typeof lifecycleState.version === 'string' && lifecycleState.version.length > 0
+        ? lifecycleState.version
+        : null,
+      installed_at:
+        typeof lifecycleState.installedAt === 'string' && lifecycleState.installedAt.length > 0
+          ? lifecycleState.installedAt
+          : null,
+      managed_hooks: parseManagedHooks(lifecycleState.hooks),
+      openspec_managed_artifacts: parseManagedArtifacts(lifecycleState.openSpecManagedArtifacts),
+    },
+    hooks_directory: hooksDirectory,
+    hook_status: toHookStatusSummary(hookStatus),
+    contract_surface: governanceObservation.contract_surface,
+    governance: {
+      effective: governanceObservation.governance_effective,
+      attention_codes: governanceObservation.attention_codes,
+      next_action: governanceNextAction,
+      bootstrap_hints: governanceObservation.agent_bootstrap_hints,
+    },
+    sdd: {
+      effective_mode: governanceObservation.sdd.effective_mode,
+      experimental_source: governanceObservation.sdd.experimental_source,
+      session_active: governanceObservation.sdd_session.active,
+      session_valid: governanceObservation.sdd_session.valid,
+      change_id: governanceObservation.sdd_session.change_id,
+    },
+    policy_strict: governanceObservation.policy_strict,
+    git: governanceObservation.git,
+    adapter,
+  }
+}
+
+const serializeManifest = (manifest: LifecycleBootstrapManifest): string =>
+  `${JSON.stringify(manifest, null, 2)}\n`
+
+export const writeLifecycleBootstrapManifest = (params: {
+  repoRoot: string
+  git?: ILifecycleGitService
+}): LifecycleBootstrapManifestWriteResult => {
+  const git = params.git ?? new LifecycleGitService()
+  const repoRoot = git.resolveRepoRoot(params.repoRoot)
+  const path = join(repoRoot, BOOTSTRAP_MANIFEST_RELATIVE_PATH)
+  const manifest = buildLifecycleBootstrapManifest({ repoRoot, git })
+  const nextContents = serializeManifest(manifest)
+  const currentContents = existsSync(path) ? readFileSync(path, 'utf8') : ''
+  const changed = currentContents !== nextContents
+  if (changed) {
+    mkdirSync(dirname(path), { recursive: true })
+    writeFileSync(path, nextContents, 'utf8')
+  }
+  return {
+    path,
+    changed,
+    manifest,
+  }
+}

package/integrations/lifecycle/cli.ts

@@ -77,7 +77,6 @@ import {
   type RemoteCiDiagnostics,
 } from './remoteCiDiagnostics';
 import { runPolicyReconcile } from './policyReconcile';
-import { runLifecycleAudit, type LifecycleAuditStage } from './audit';
 import { resolvePreWriteEnforcement, type PreWriteEnforcementResolution } from '../policy/preWriteEnforcement';
 
 type LifecycleCommand =
@@ -93,8 +92,7 @@ type LifecycleCommand =
   | 'sdd'
   | 'adapter'
   | 'analytics'
-  | 'policy'
-  | 'audit';
+  | 'policy';
 
 type SddCommand =
   | 'status'
@@ -180,8 +178,6 @@ export type ParsedArgs = {
   policyCommand?: PolicyCommand;
   policyStrict?: boolean;
   policyApply?: boolean;
-  auditStage?: LifecycleAuditStage;
-  auditEngine?: boolean;
 };
 
 const HELP_TEXT = `
@@ -192,7 +188,6 @@ Pumuki lifecycle commands:
   pumuki remove
   pumuki update [--latest|--spec=<package-spec>]
   pumuki doctor [--remote-checks] [--deep] [--parity] [--json]
-  pumuki audit [--stage=PRE_COMMIT|PRE_PUSH|CI] [--engine] [--json]
   pumuki status [--json] [--remote-checks]
   pumuki watch [--stage=PRE_COMMIT|PRE_PUSH|CI] [--scope=workingTree|staged|repoAndStaged|repo] [--severity=critical|high|medium|low] [--interval-ms=<n>] [--notify-cooldown-ms=<n>] [--no-notify] [--once|--iterations=<n>] [--json]
   pumuki loop run --objective=<text> [--max-attempts=<n>] [--json]
@@ -238,8 +233,7 @@ const isLifecycleCommand = (value: string): value is LifecycleCommand =>
   value === 'sdd' ||
   value === 'adapter' ||
   value === 'analytics' ||
-  value === 'policy' ||
-  value === 'audit';
+  value === 'policy';
 
 const parseAdapterAgent = (value?: string): AdapterAgent => {
   const normalized = (value ?? '').trim();
@@ -269,16 +263,6 @@ const parseSddStage = (value?: string): SddStage => {
   throw new Error(`Unsupported SDD stage "${value}". Use PRE_WRITE, PRE_COMMIT, PRE_PUSH or CI.`);
 };
 
-const parseAuditStage = (value?: string): LifecycleAuditStage => {
-  const stage = parseSddStage(value);
-  if (stage === 'PRE_WRITE') {
-    throw new Error(
-      'PRE_WRITE is not supported for "pumuki audit". Use PRE_COMMIT, PRE_PUSH or CI (aliases GREEN, REFACTOR, CLOSE).'
-    );
-  }
-  return stage;
-};
-
 const parseSddEvidencePath = (value: string): string => {
   const normalized = value.trim();
   if (normalized.length === 0) {
@@ -644,8 +628,6 @@ export const parseLifecycleCliArgs = (argv: ReadonlyArray<string>): ParsedArgs =
   let analyticsSinceDays: ParsedArgs['analyticsSinceDays'];
   let analyticsJsonOutputPath: ParsedArgs['analyticsJsonOutputPath'];
   let analyticsMarkdownOutputPath: ParsedArgs['analyticsMarkdownOutputPath'];
-  let auditStage: LifecycleAuditStage | undefined;
-  let auditEngine = false;
 
   if (commandRaw === 'watch') {
     for (const arg of argv.slice(1)) {
@@ -829,31 +811,6 @@ export const parseLifecycleCliArgs = (argv: ReadonlyArray<string>): ParsedArgs =
     };
   }
 
-  if (commandRaw === 'audit') {
-    for (const arg of argv.slice(1)) {
-      if (arg === '--json') {
-        json = true;
-        continue;
-      }
-      if (arg === '--engine') {
-        auditEngine = true;
-        continue;
-      }
-      if (arg.startsWith('--stage=')) {
-        auditStage = parseAuditStage(arg.slice('--stage='.length));
-        continue;
-      }
-      throw new Error(`Unsupported argument "${arg}".\n\n${HELP_TEXT}`);
-    }
-    return {
-      command: commandRaw,
-      purgeArtifacts: false,
-      json,
-      auditStage: auditStage ?? 'PRE_COMMIT',
-      ...(auditEngine ? { auditEngine: true } : {}),
-    };
-  }
-
   if (commandRaw === 'loop') {
     const subcommandRaw = argv[1] ?? '';
     if (
@@ -1662,8 +1619,8 @@ export type PreWriteOpenSpecBootstrapTrace = {
   details?: string;
 };
 
-export const PRE_WRITE_ENABLE_ADVISORY_COMMAND =
-  'PUMUKI_EXPERIMENTAL_PRE_WRITE=advisory npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json';
+export const PRE_WRITE_ENABLE_STRICT_COMMAND =
+  'PUMUKI_EXPERIMENTAL_PRE_WRITE=strict npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json';
 export const buildSddExperimentalEnableAdvisoryCommand = (stage: SddStage): string =>
   `PUMUKI_EXPERIMENTAL_SDD=advisory npx --yes --package pumuki@latest pumuki sdd validate --stage=${stage} --json`;
 const buildAnalyticsExperimentalEnableCommand = (action: AnalyticsHotspotsCommand): string =>
@@ -1757,6 +1714,7 @@ const buildSaasIngestionExperimentalDisabledEnvelope = (
 export const buildPreWriteExperimentalDisabledResult = (params: {
   stage: SddStage;
   status: SddEvaluateResult['status'];
+  source: 'env' | 'legacy-env' | 'default';
 }): SddEvaluateResult => ({
   stage: params.stage,
   status: params.status,
@@ -1764,14 +1722,16 @@ export const buildPreWriteExperimentalDisabledResult = (params: {
     allowed: true,
     code: 'PRE_WRITE_EXPERIMENTAL_DISABLED',
     message:
-      'PRE_WRITE pertenece al namespace experimental y está desactivado por defecto. Actívalo explícitamente con PUMUKI_EXPERIMENTAL_PRE_WRITE=advisory o strict si necesitas este flujo.',
+      'PRE_WRITE está desactivado explícitamente. Reactívalo con PUMUKI_EXPERIMENTAL_PRE_WRITE=strict si necesitas recuperar el gate previo a escritura.',
     details: {
       experimental: true,
-      default_off: true,
+      default_off: false,
+      disabled_explicitly: true,
+      disabled_source: params.source,
       layer: 'experimental',
       activation_env: 'PUMUKI_EXPERIMENTAL_PRE_WRITE',
       legacy_activation_env: 'PUMUKI_PREWRITE_ENFORCEMENT',
-      activation_command: PRE_WRITE_ENABLE_ADVISORY_COMMAND,
+      activation_command: PRE_WRITE_ENABLE_STRICT_COMMAND,
     },
   },
 });
@@ -2153,6 +2113,10 @@ export const runLifecycleCli = async (
                   repo_root: installResult.repoRoot,
                   version: installResult.version,
                   hooks_changed: installResult.changedHooks,
+                  bootstrap_manifest: {
+                    path: installResult.bootstrapManifest.path,
+                    changed: installResult.bootstrapManifest.changed,
+                  },
                   openspec: installResult.openSpecBootstrap
                     ? {
                         installed: installResult.openSpecBootstrap.packageInstalled,
@@ -2165,6 +2129,10 @@ export const runLifecycleCli = async (
                 mcp: {
                   agent: adapterResult.agent,
                   changed_files: adapterResult.changedFiles,
+                  bootstrap_manifest: {
+                    path: adapterResult.bootstrapManifest.path,
+                    changed: adapterResult.bootstrapManifest.changed,
+                  },
                   adapter_health: adapterCheck
                     ? {
                         status: adapterCheck.status,
@@ -2191,6 +2159,9 @@ export const runLifecycleCli = async (
           writeInfo(
             `[pumuki] bootstrap install: hooks changed=${installResult.changedHooks.join(', ') || 'none'}`
           );
+          writeInfo(
+            `[pumuki] bootstrap manifest: path=${installResult.bootstrapManifest.path} changed=${installResult.bootstrapManifest.changed ? 'yes' : 'no'}`
+          );
           if (installResult.openSpecBootstrap) {
             writeInfo(
               `[pumuki] bootstrap openspec: installed=${installResult.openSpecBootstrap.packageInstalled ? 'yes' : 'no'} project=${installResult.openSpecBootstrap.projectInitialized ? 'yes' : 'no'} actions=${installResult.openSpecBootstrap.actions.join(', ') || 'none'}`
@@ -2231,6 +2202,9 @@ export const runLifecycleCli = async (
         writeInfo(
           `[pumuki] installed ${result.version} at ${result.repoRoot} (hooks changed: ${result.changedHooks.join(', ') || 'none'})`
         );
+        writeInfo(
+          `[pumuki] bootstrap manifest: path=${result.bootstrapManifest.path} changed=${result.bootstrapManifest.changed ? 'yes' : 'no'}`
+        );
         if (result.openSpecBootstrap) {
           writeInfo(
             `[pumuki] openspec bootstrap: installed=${result.openSpecBootstrap.packageInstalled ? 'yes' : 'no'} project=${result.openSpecBootstrap.projectInitialized ? 'yes' : 'no'} actions=${result.openSpecBootstrap.actions.join(', ') || 'none'}`
@@ -2246,6 +2220,9 @@ export const runLifecycleCli = async (
           writeInfo(
             `[pumuki] mcp wiring: agent=${adapterResult.agent} changed=${adapterResult.changedFiles.length}`
           );
+          writeInfo(
+            `[pumuki] mcp manifest: path=${adapterResult.bootstrapManifest.path} changed=${adapterResult.bootstrapManifest.changed ? 'yes' : 'no'}`
+          );
           if (adapterResult.changedFiles.length > 0) {
             writeInfo(`[pumuki] mcp files: ${adapterResult.changedFiles.join(', ')}`);
           }
@@ -2302,24 +2279,6 @@ export const runLifecycleCli = async (
         );
         return 0;
       }
-      case 'audit': {
-        const result = await runLifecycleAudit({
-          stage: parsed.auditStage ?? 'PRE_COMMIT',
-          auditMode: parsed.auditEngine === true ? 'engine' : 'gate',
-        });
-        if (parsed.json) {
-          writeInfo(JSON.stringify(result, null, 2));
-        } else {
-          writeInfo(
-            `[pumuki] audit: repo=${result.repo_root} stage=${result.stage} mode=${result.audit_mode} exit=${result.gate_exit_code}`
-          );
-          writeInfo(
-            `[pumuki] audit: files_scanned=${result.files_scanned ?? 'n/a'} untracked_matching_extensions=${result.untracked_matching_extensions_count} outcome=${result.snapshot_outcome ?? 'n/a'}`
-          );
-          writeInfo(`[pumuki] audit: hint=${result.policy_reconcile_hint}`);
-        }
-        return result.gate_exit_code;
-      }
       case 'doctor': {
         const report = runLifecycleDoctor({
           deep: parsed.doctorDeep === true,
@@ -2772,6 +2731,9 @@ export const runLifecycleCli = async (
                 `[pumuki] adapter files: ${result.changedFiles.join(', ')}`
               );
             }
+            writeInfo(
+              `[pumuki] adapter manifest: path=${result.bootstrapManifest.path} changed=${result.bootstrapManifest.changed ? 'yes' : 'no'}`
+            );
           }
           return 0;
         }

package/integrations/lifecycle/cliSdd.ts

@@ -36,7 +36,7 @@ import {
   buildPreWriteExperimentalDisabledResult,
   buildSddExperimentalEnableAdvisoryCommand,
   runRawPreWriteAiGateCheck,
-  PRE_WRITE_ENABLE_ADVISORY_COMMAND,
+  PRE_WRITE_ENABLE_STRICT_COMMAND,
 } from './cli';
 
 export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: LifecycleCliDependencies): Promise<number> => {
@@ -84,6 +84,7 @@ export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: Life
             const disabledResult = buildPreWriteExperimentalDisabledResult({
               stage: requestedStage,
               status: readSddStatus(process.cwd()),
+              source: preWriteEnforcement.source,
             });
             if (parsed.json) {
               writeInfo(
@@ -106,7 +107,7 @@ export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: Life
                     },
                     next_action: {
                       reason: 'PRE_WRITE_EXPERIMENTAL_DISABLED',
-                      command: PRE_WRITE_ENABLE_ADVISORY_COMMAND,
+                      command: PRE_WRITE_ENABLE_STRICT_COMMAND,
                     },
                   },
                   null,
@@ -127,7 +128,7 @@ export const runSddCommand = async (parsed: ParsedArgs, activeDependencies: Life
                 `[pumuki][sdd] pre-write enforcement: mode=${preWriteEnforcement.mode} source=${preWriteEnforcement.source} blocking=no`
               );
               writeInfo(
-                `[pumuki][sdd] next action (PRE_WRITE_EXPERIMENTAL_DISABLED): ${PRE_WRITE_ENABLE_ADVISORY_COMMAND}`
+                `[pumuki][sdd] next action (PRE_WRITE_EXPERIMENTAL_DISABLED): ${PRE_WRITE_ENABLE_STRICT_COMMAND}`
               );
             }
             return 0;

package/integrations/lifecycle/doctor.ts

@@ -113,7 +113,6 @@ export type LifecycleDoctorReport = {
   experimentalFeatures: LifecycleExperimentalFeaturesSnapshot;
   governanceObservation: GovernanceObservationSnapshot;
   governanceNextAction: GovernanceNextActionSummary;
-  policy_signature_remediation?: string;
   issues: ReadonlyArray<DoctorIssue>;
   deep?: DoctorDeepReport;
   parity_profile?: DoctorParityProfile;
@@ -811,15 +810,6 @@ const compareDoctorParityProfile = (params: {
   };
 };
 
-const buildPolicySignatureRemediation = (
-  policyValidation: LifecyclePolicyValidationSnapshot
-): string | undefined => {
-  const mismatch = Object.values(policyValidation.stages).some(
-    (stage) => stage.validationCode === 'POLICY_AS_CODE_SIGNATURE_MISMATCH'
-  );
-  return mismatch ? 'pumuki policy reconcile --apply' : undefined;
-};
-
 export const runLifecycleDoctor = (params?: {
   cwd?: string;
   git?: ILifecycleGitService;
@@ -879,8 +869,6 @@ export const runLifecycleDoctor = (params?: {
       ? compareDoctorParityProfile({ repoRoot, actual: parity_profile })
       : undefined;
 
-  const policySignatureRemediation = buildPolicySignatureRemediation(policyValidation);
-
   return {
     repoRoot,
     packageVersion: version.effective,
@@ -892,11 +880,8 @@ export const runLifecycleDoctor = (params?: {
     hooksDirectoryResolution: hooksDirectory.source,
     policyValidation,
     experimentalFeatures,
-    governanceObservation,
     governanceNextAction,
-    ...(policySignatureRemediation
-      ? { policy_signature_remediation: policySignatureRemediation }
-      : {}),
+    governanceObservation,
     issues,
     deep,
     parity_profile,
@@ -914,11 +899,11 @@ export const doctorHasGovernanceAttention = (report: LifecycleDoctorReport): boo
   doctorGovernanceNeedsAttention(report.governanceObservation);
 
 export const doctorCommandShouldWarnHuman = (report: LifecycleDoctorReport): boolean =>
-  report.issues.length > 0 ||
-  report.deep?.checks.some((check) => check.status !== 'pass') === true ||
-  doctorHasGovernanceAttention(report);
+  report.issues.length > 0
+  || report.deep?.checks.some((check) => check.status !== 'pass') === true
+  || doctorHasGovernanceAttention(report);
 
 export const doctorCommandShouldFailExit = (report: LifecycleDoctorReport): boolean =>
-  doctorHasBlockingIssues(report) ||
-  doctorHasParityMismatch(report) ||
-  doctorGovernanceIsBlocking(report.governanceObservation);
+  doctorHasBlockingIssues(report)
+  || doctorHasParityMismatch(report)
+  || doctorGovernanceIsBlocking(report.governanceObservation);