runtrim 0.1.16 → 0.1.18

package/dist-cli/runtrim.cjs

@@ -169,6 +169,22 @@ var ENV_FILE_RE = /(?:^|[\s"'`,(])(\.[.]?env(?:\.[a-zA-Z\d]+)?)\b/g;
 var ONLY_EDIT_RE = /\bonly\s+(?:edit|touch|modify|change|update|fix)\b/i;
 var MUST_INCLUDE_RE = /\ballowed\s+scope\s+(?:must\s+)?include\b|\bmust\s+(?:include|contain)\b/i;
 var CLI_SCOPE_RE = /\b(cli|command routing|runtrim command|run compiler|contract generation|scope inference|preview command|agent preview command|agent apply|adapters?|auto-guard|bridge helpers?|daemon|local server|localhost|\.runtrim(?:\s+artifacts?)?)\b/i;
+var NEGATION_PREFIX_RE = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE.test(window);
+}
+function hasPositiveKeywordMention(task, keyword) {
+  const lowerTask = task.toLowerCase();
+  const lowerKeyword = keyword.toLowerCase();
+  let idx = lowerTask.indexOf(lowerKeyword);
+  while (idx !== -1) {
+    if (!hasNegationNear(lowerTask, idx)) return true;
+    idx = lowerTask.indexOf(lowerKeyword, idx + lowerKeyword.length);
+  }
+  return false;
+}
 function extractScopePhrase(task, re) {
   var _a2, _b;
   const m = task.match(re);
@@ -226,18 +242,34 @@ function buildExplicitAllowedScope(task, explicitPaths) {
 }
 function buildExplicitForbiddenScope(task) {
   const out = [];
-  const forbiddenPhrase = extractScopePhrase(task, /\bforbidden\s+scope\s+must\s+include\s+([^\n.]+)/i);
-  if (forbiddenPhrase) out.push(forbiddenPhrase);
-  const doNotTouch = extractScopePhrase(task, /\bdo\s+not\s+touch\s+([^\n.]+)/i);
-  if (doNotTouch) out.push(`Do not touch ${doNotTouch}`);
-  const doNotEdit = extractScopePhrase(task, /\bdo\s+not\s+edit\s+([^\n.]+)/i);
-  if (doNotEdit) out.push(`Do not edit ${doNotEdit}`);
-  const withoutTouching = extractScopePhrase(task, /\bwithout\s+touching\s+([^\n.]+)/i);
-  if (withoutTouching) out.push(`Without touching ${withoutTouching}`);
-  const exclude = extractScopePhrase(task, /\bexclude\s+([^\n.]+)/i);
-  if (exclude) out.push(`Exclude ${exclude}`);
-  const forbidden = extractScopePhrase(task, /\bforbidden\s+([^\n.]+)/i);
-  if (forbidden) out.push(`Forbidden ${forbidden}`);
+  const addBoundaryList = (raw) => {
+    if (!raw) return;
+    const normalized = raw.replace(/\b(logic|internals?|behavior|files?|systems?)\b/gi, "").replace(/\s+/g, " ").trim();
+    const parts = normalized.split(/\s*(?:,|;|\band\b|\bor\b)\s*/i).map((p) => p.trim().replace(/[.]+$/, "")).filter(Boolean).slice(0, 12);
+    for (const p of parts) {
+      if (p.length < 2) continue;
+      out.push(`Do not touch ${p}`);
+    }
+  };
+  const explicitPhrases = [
+    /\bforbidden\s+scope\s+must\s+include\s+([^\n.]+)/i,
+    /\bdo\s+not\s+touch\s+([^\n.]+)/i,
+    /\bdo\s+not\s+edit\s+([^\n.]+)/i,
+    /\bdo\s+not\s+change\s+([^\n.]+)/i,
+    /\bmust\s+not\s+touch\s+([^\n.]+)/i,
+    /\bshould\s+not\s+touch\s+([^\n.]+)/i,
+    /\bwithout\s+changing\s+([^\n.]+)/i,
+    /\bwithout\s+touching\s+([^\n.]+)/i,
+    /\bno\s+changes\s+to\s+([^\n.]+)/i,
+    /\bkeep\s+([^\n.]+?)\s+(?:untouched|unchanged)\b/i,
+    /\bleave\s+([^\n.]+?)\s+untouched\b/i,
+    /\bavoid\s+changing\s+([^\n.]+)/i,
+    /\bexclude\s+([^\n.]+)/i,
+    /\bforbidden\s+([^\n.]+)/i
+  ];
+  for (const re of explicitPhrases) {
+    addBoundaryList(extractScopePhrase(task, re));
+  }
   return [...new Set(out)];
 }
 function extractExplicitPaths(task) {
@@ -469,11 +501,10 @@ var CATEGORY_KEYWORDS = [
 ];
 function classifyTaskCategory(task, explicitPaths) {
   const lower = task.toLowerCase();
-  if (CLI_SCOPE_RE.test(task)) return "cli";
   const pathHints = explicitPaths.join(" ").toLowerCase();
   for (const [category, keywords] of CATEGORY_KEYWORDS) {
     const combined = lower + " " + pathHints;
-    if (keywords.some((kw) => combined.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention(combined, kw))) {
       return category;
     }
   }
@@ -656,6 +687,28 @@ function buildCategoryScope(category, hasSrc, hasApp, hasPages) {
           "Check no regression in adjacent routes"
         ]
       };
+    case "docs":
+      return {
+        allowedHints: [
+          "README.md - project documentation",
+          "docs/ - documentation files",
+          "CHANGELOG.md or CONTRIBUTING.md if task-specific"
+        ],
+        forbiddenAdditions: [
+          "Do not touch auth internals, session logic, or JWT handling",
+          "Do not touch billing, subscription, payment, or webhook logic",
+          "Do not touch database schema or migrations",
+          "Do not touch .env files or secrets"
+        ],
+        stopRules: [
+          "Stop if the requested change requires code-path behavior changes outside docs",
+          "Stop if sensitive files or secrets are referenced"
+        ],
+        verificationSteps: [
+          "Confirm documentation text matches the requested task",
+          "Check markdown formatting renders correctly"
+        ]
+      };
     default:
       return {
         allowedHints: [],
@@ -716,6 +769,28 @@ var LOOP_PATTERNS = [
   /\b(keep (trying|going|working)|iterate until|loop until|retry)\b/i,
   /\b(if it doesn.t work.{0,20}try again)\b/i
 ];
+var NEGATION_PREFIX_RE2 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear2(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE2.test(window);
+}
+function hasPositiveKeywordMention2(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (!hasNegationNear2(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
+function hasNegatedKeywordMention(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (hasNegationNear2(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
 function scoreTask(task, flags) {
   let score = 100;
   for (const flag of flags) {
@@ -776,7 +851,7 @@ function detectProjectContext(cwd = process.cwd()) {
 function detectMegaRun(taskLower, task) {
   const found = [];
   for (const [system, keywords] of Object.entries(MEGA_RUN_SYSTEMS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       found.push(system);
     }
   }
@@ -787,17 +862,24 @@ function detectMegaRun(taskLower, task) {
 function detectAreasTouched(taskLower) {
   const forbidden = [];
   const sensitive = [];
+  const boundaries = [];
   for (const [area, keywords] of Object.entries(ALWAYS_FORBIDDEN_KEYWORDS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       forbidden.push(area);
     }
+    if (keywords.some((kw) => hasNegatedKeywordMention(taskLower, kw))) {
+      boundaries.push(area);
+    }
   }
   for (const [area, keywords] of Object.entries(SENSITIVE_BILLING_KEYWORDS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       sensitive.push(area);
     }
+    if (keywords.some((kw) => hasNegatedKeywordMention(taskLower, kw))) {
+      boundaries.push(area);
+    }
   }
-  return { forbidden, sensitive };
+  return { forbidden, sensitive, boundaries: [...new Set(boundaries)] };
 }
 function auditTask(task, config, cwd = process.cwd()) {
   const flags = [];
@@ -887,7 +969,7 @@ function auditTask(task, config, cwd = process.cwd()) {
       detail: "References to full context or entire conversation force expensive context loading."
     });
   }
-  const { forbidden: forbiddenAreasTouched, sensitive: sensitiveAreasRelevant } = detectAreasTouched(taskLower);
+  const { forbidden: forbiddenAreasTouched, sensitive: sensitiveAreasRelevant, boundaries } = detectAreasTouched(taskLower);
   if (forbiddenAreasTouched.length > 0) {
     flags.push({
       code: "touches_forbidden_area",
@@ -904,6 +986,14 @@ function auditTask(task, config, cwd = process.cwd()) {
       detail: `Task touches ${sensitiveAreasRelevant.join(", ")}. These are moved to SENSITIVE SCOPE: inspect allowed, editing requires explicit approval.`
     });
   }
+  if (boundaries.length > 0) {
+    flags.push({
+      code: "forbidden_boundaries_detected",
+      label: `Boundaries detected: ${boundaries.join(", ")}`,
+      severity: "info",
+      detail: "Sensitive systems in negated constraints are treated as forbidden boundaries, not active task scope."
+    });
+  }
   const isSimpleTask = task.length < 80 && flags.filter((f) => f.severity === "critical").length === 0;
   if (isSimpleTask && config.defaultModel === "opus") {
     flags.push({
@@ -981,6 +1071,10 @@ function scoreToRisk2(score) {
 }
 function cleanObjective(task) {
   let t = task.trim();
+  t = t.replace(
+    /(?:^|[\s,.])(do not|don't|dont|must not|should not|without changing|without touching|no changes to|keep .*? unchanged|keep .*? untouched|leave .*? untouched|avoid changing)\b[^.]*\.?/gi,
+    " "
+  );
   t = t.replace(/,?\s*check everything(\s+and\b)?/gi, "");
   t = t.replace(/,?\s*(look|search|scan)\s+everywhere(\s+and\b)?/gi, "");
   t = t.replace(/,?\s*review everything(\s+and\b)?/gi, "");
@@ -2526,7 +2620,7 @@ function buildSyncPayload(input) {
   var _a2, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m, _n, _o, _p, _q, _r, _s, _t;
   const { cwd, projectName, config, projectAudit, memoryMarkdown, runs } = input;
   const latest = runs[0];
-  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  const nowIso2 = (/* @__PURE__ */ new Date()).toISOString();
   const localProjectId = buildLocalProjectId(cwd);
   const latestPromptText = readTextFileIfExists(import_path6.default.join(cwd, ".runtrim", "latest-prompt.md"));
   const continuationPromptText = readTextFileIfExists(
@@ -2588,7 +2682,7 @@ function buildSyncPayload(input) {
       name: resolveProjectName2(cwd, projectName, projectAudit == null ? void 0 : projectAudit.projectName),
       stack: (_a2 = projectAudit == null ? void 0 : projectAudit.detectedStack) != null ? _a2 : config.stack ? config.stack.split(",").map((s) => s.trim()).filter(Boolean) : ["auto"],
       packageManager: (_c = (_b = projectAudit == null ? void 0 : projectAudit.packageManager) != null ? _b : config.packageManager) != null ? _c : null,
-      lastUpdated: nowIso
+      lastUpdated: nowIso2
     },
     memory: {
       markdown: memoryMarkdown,
@@ -2670,7 +2764,8 @@ function writeCanonicalRuntrimMd(cwd = process.cwd(), projectName) {
     "## How to start an AI coding task",
     "",
     "```",
-    'runtrim go "<task>"',
+    "runtrim start",
+    'runtrim agent "Your task" --copy',
     "```",
     "",
     "RunTrim creates a scoped contract, loads project memory, and generates a guarded prompt.",
@@ -2691,7 +2786,7 @@ function writeCanonicalRuntrimMd(cwd = process.cwd(), projectName) {
     "",
     "1. Read `.runtrim/contracts/latest.md`.",
     "   - If `Status: active` \u2014 a live task exists. Follow the contract strictly.",
-    '   - If `Status: none` \u2014 no active task. Ask the user to run `runtrim go "<task>"` first.',
+    '   - If `Status: none` \u2014 no active task. Ask the user to run `runtrim start` then `runtrim agent "Your task" --copy`.',
     "2. Do not assume any prior task is still active.",
     "3. Stay inside the allowed scope defined in the contract.",
     "4. Stop and ask before touching any forbidden area.",
@@ -2716,7 +2811,8 @@ function writeRestingContract(cwd = process.cwd()) {
     "Start one with:",
     "",
     "```",
-    'runtrim go "<your task>"',
+    "runtrim start",
+    'runtrim agent "Your task" --copy',
     "```",
     "",
     "---",
@@ -2739,7 +2835,8 @@ function writeRestingMemory(cwd = process.cwd()) {
     "Start a new session with:",
     "",
     "```",
-    'runtrim go "<your task>"',
+    "runtrim start",
+    'runtrim agent "Your task" --copy',
     "```",
     "",
     "---",
@@ -2860,7 +2957,7 @@ function writeBridgeInstructions(cwd = process.cwd()) {
     "1. Read `RUNTRIM.md`.",
     "2. Read `.runtrim/contracts/latest.md`.",
     "   - If `Status: active` \u2014 follow the contract strictly.",
-    '   - If `Status: none` \u2014 stop. Ask the user to run `runtrim go "<task>"` first.',
+    '   - If `Status: none` \u2014 stop. Ask the user to run `runtrim start` then `runtrim agent "Your task" --copy`.',
     "3. If the contract is active, read `.runtrim/memory/current.md` for session context.",
     "   If no active session, read `.runtrim/memory/baseline.md` for project baseline.",
     "",
@@ -2934,6 +3031,28 @@ function buildBridgePrompt(contractText, ctx) {
 // src/lib/run-watch.ts
 function normalizeScopeKeywords2(scope) {
   var _a2;
+  const genericStopwords = /* @__PURE__ */ new Set([
+    "read",
+    "write",
+    "reference",
+    "touch",
+    "modify",
+    "change",
+    "update",
+    "allow",
+    "scope",
+    "paths",
+    "path",
+    "files",
+    "file",
+    "only",
+    "with",
+    "without",
+    "before",
+    "after",
+    "inside",
+    "outside"
+  ]);
   const words = /* @__PURE__ */ new Set();
   for (const line of scope) {
     const lower = line.toLowerCase();
@@ -2943,7 +3062,7 @@ function normalizeScopeKeywords2(scope) {
     }
     const cleaned = lower.replace(/[^a-z0-9_./\s-]/g, " ").split(/\s+/).filter(Boolean);
     for (const token of cleaned) {
-      if (token.length >= 4) words.add(token);
+      if (token.length >= 4 && !genericStopwords.has(token)) words.add(token);
     }
   }
   return [...words];
@@ -3040,15 +3159,7 @@ var import_fs8 = __toESM(require("fs"), 1);
 var import_os = __toESM(require("os"), 1);
 var import_path8 = __toESM(require("path"), 1);
 var import_execa2 = require("execa");
-var DEFAULT_REGISTRY = {
-  version: 1,
-  plan: "free",
-  trackedRepos: [],
-  telemetry: {
-    enabled: false,
-    anonymousId: ""
-  }
-};
+var EMPTY_TELEMETRY = { enabled: false, anonymousId: "" };
 function normalizeRepoPath(input) {
   const resolved = import_path8.default.resolve(input);
   return process.platform === "win32" ? resolved.toLowerCase() : resolved;
@@ -3056,41 +3167,208 @@ function normalizeRepoPath(input) {
 function hashValue(value) {
   return import_crypto2.default.createHash("sha256").update(value).digest("hex").slice(0, 16);
 }
+function nowIso() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function randomId(prefix) {
+  return `${prefix}_${import_crypto2.default.randomBytes(12).toString("hex")}`;
+}
 function getGlobalRunTrimDir() {
   return import_path8.default.join(import_os.default.homedir(), ".runtrim");
 }
 function getGlobalRegistryPath() {
   return import_path8.default.join(getGlobalRunTrimDir(), "global.json");
 }
-function loadGlobalRegistry() {
+function getInstallStatePath() {
+  return import_path8.default.join(getGlobalRunTrimDir(), "install-state.json");
+}
+function buildSealInput(registry) {
+  const tracked = [...registry.trackedRepos].map((r) => ({
+    id: r.id,
+    name: r.name,
+    path: normalizeRepoPath(r.path),
+    gitRemote: r.gitRemote,
+    createdAt: r.createdAt,
+    lastSeenAt: r.lastSeenAt
+  })).sort((a, b) => `${a.id}:${a.path}`.localeCompare(`${b.id}:${b.path}`));
+  const payload = {
+    version: registry.version,
+    stateVersion: registry.stateVersion,
+    plan: registry.plan,
+    machineInstallId: registry.machineInstallId,
+    createdAt: registry.createdAt,
+    updatedAt: registry.updatedAt,
+    trackedRepos: tracked,
+    lastKnownRepo: registry.lastKnownRepo ? __spreadProps(__spreadValues({}, registry.lastKnownRepo), {
+      path: normalizeRepoPath(registry.lastKnownRepo.path)
+    }) : null
+  };
+  return JSON.stringify(payload);
+}
+function computeSeal(registry) {
+  return import_crypto2.default.createHash("sha256").update(buildSealInput(registry)).digest("hex");
+}
+function sanitizeTrackedRepoEntry(input) {
+  var _a2, _b, _c, _d, _e, _f;
+  const id = String((_a2 = input.id) != null ? _a2 : "").trim();
+  const rawPath = String((_b = input.path) != null ? _b : "").trim();
+  if (!id || !rawPath) return null;
+  return {
+    id,
+    name: String((_c = input.name) != null ? _c : "").trim(),
+    path: normalizeRepoPath(rawPath),
+    gitRemote: String((_d = input.gitRemote) != null ? _d : "").trim(),
+    createdAt: String((_e = input.createdAt) != null ? _e : "").trim(),
+    lastSeenAt: String((_f = input.lastSeenAt) != null ? _f : "").trim()
+  };
+}
+function readInstallStateRaw() {
+  var _a2, _b, _c;
+  const p = getInstallStatePath();
+  if (!import_fs8.default.existsSync(p)) return { exists: false, state: null };
+  try {
+    const parsed = JSON.parse(import_fs8.default.readFileSync(p, "utf-8"));
+    const machineInstallId = String((_a2 = parsed.machineInstallId) != null ? _a2 : "").trim();
+    if (!machineInstallId) return { exists: true, state: null };
+    return {
+      exists: true,
+      state: {
+        machineInstallId,
+        createdAt: String((_b = parsed.createdAt) != null ? _b : "").trim() || nowIso(),
+        updatedAt: String((_c = parsed.updatedAt) != null ? _c : "").trim() || nowIso()
+      }
+    };
+  } catch (e) {
+    return { exists: true, state: null };
+  }
+}
+function writeInstallState(state) {
+  const dir = getGlobalRunTrimDir();
+  if (!import_fs8.default.existsSync(dir)) import_fs8.default.mkdirSync(dir, { recursive: true });
+  import_fs8.default.writeFileSync(getInstallStatePath(), JSON.stringify(state, null, 2), "utf-8");
+}
+function ensureInstallState() {
+  const raw = readInstallStateRaw();
+  if (raw.exists && raw.state) return raw.state;
+  const created = {
+    machineInstallId: randomId("rt_install"),
+    createdAt: nowIso(),
+    updatedAt: nowIso()
+  };
+  writeInstallState(created);
+  return created;
+}
+function buildDefaultRegistry(install) {
+  const base = {
+    version: 2,
+    stateVersion: 2,
+    plan: "free",
+    machineInstallId: install.machineInstallId,
+    createdAt: nowIso(),
+    updatedAt: nowIso(),
+    trackedRepos: [],
+    lastKnownRepo: null,
+    telemetry: __spreadValues({}, EMPTY_TELEMETRY)
+  };
+  return __spreadProps(__spreadValues({}, base), {
+    integrity: {
+      algorithm: "sha256-local-seal-v1",
+      seal: computeSeal(base)
+    }
+  });
+}
+function saveRegistryWithSeal(registry) {
+  var _a2;
+  const dir = getGlobalRunTrimDir();
+  if (!import_fs8.default.existsSync(dir)) import_fs8.default.mkdirSync(dir, { recursive: true });
+  const normalizedBase = __spreadProps(__spreadValues({}, registry), {
+    version: 2,
+    stateVersion: 2,
+    trackedRepos: registry.trackedRepos.map((r) => __spreadProps(__spreadValues({}, r), { path: normalizeRepoPath(r.path) })),
+    telemetry: (_a2 = registry.telemetry) != null ? _a2 : __spreadValues({}, EMPTY_TELEMETRY)
+  });
+  const sealed = __spreadProps(__spreadValues({}, normalizedBase), {
+    integrity: {
+      algorithm: "sha256-local-seal-v1",
+      seal: computeSeal(normalizedBase)
+    }
+  });
+  import_fs8.default.writeFileSync(getGlobalRegistryPath(), JSON.stringify(sealed, null, 2), "utf-8");
+}
+function inspectGlobalRegistry() {
+  var _a2, _b, _c, _d, _e, _f, _g, _h, _i;
+  const installRaw = readInstallStateRaw();
+  const install = (_a2 = installRaw.state) != null ? _a2 : ensureInstallState();
   const registryPath = getGlobalRegistryPath();
-  if (!import_fs8.default.existsSync(registryPath)) return __spreadValues({}, DEFAULT_REGISTRY);
+  const defaultRegistry = buildDefaultRegistry(install);
+  if (!import_fs8.default.existsSync(registryPath)) {
+    if (installRaw.exists) {
+      return {
+        registry: defaultRegistry,
+        needsRepair: true,
+        repairReason: "missing_registry_after_initialization"
+      };
+    }
+    return { registry: defaultRegistry, needsRepair: false, repairReason: null };
+  }
   try {
     const raw = JSON.parse(import_fs8.default.readFileSync(registryPath, "utf-8"));
-    return {
-      version: 1,
+    const trackedRepos = Array.isArray(raw.trackedRepos) ? raw.trackedRepos.map((item) => sanitizeTrackedRepoEntry(item)).filter((item) => Boolean(item)) : [];
+    const base = {
+      version: 2,
+      stateVersion: 2,
       plan: raw.plan === "free" ? "free" : "free",
-      trackedRepos: Array.isArray(raw.trackedRepos) ? raw.trackedRepos.filter((item) => Boolean(item && typeof item === "object")).map((item) => ({
-        id: String(item.id || ""),
-        name: String(item.name || ""),
-        path: normalizeRepoPath(String(item.path || "")),
-        gitRemote: String(item.gitRemote || ""),
-        createdAt: String(item.createdAt || ""),
-        lastSeenAt: String(item.lastSeenAt || "")
-      })).filter((item) => Boolean(item.id && item.path)) : [],
+      machineInstallId: String((_b = raw.machineInstallId) != null ? _b : "").trim() || install.machineInstallId,
+      createdAt: String((_c = raw.createdAt) != null ? _c : "").trim() || nowIso(),
+      updatedAt: String((_d = raw.updatedAt) != null ? _d : "").trim() || nowIso(),
+      trackedRepos,
+      lastKnownRepo: raw.lastKnownRepo && typeof raw.lastKnownRepo === "object" ? {
+        id: String((_e = raw.lastKnownRepo.id) != null ? _e : "").trim(),
+        name: String((_f = raw.lastKnownRepo.name) != null ? _f : "").trim(),
+        path: normalizeRepoPath(String((_g = raw.lastKnownRepo.path) != null ? _g : "")),
+        gitRemote: String((_h = raw.lastKnownRepo.gitRemote) != null ? _h : "").trim(),
+        lastSeenAt: String((_i = raw.lastKnownRepo.lastSeenAt) != null ? _i : "").trim() || nowIso()
+      } : null,
       telemetry: {
         enabled: typeof raw.telemetry === "object" && raw.telemetry !== null && Boolean(raw.telemetry.enabled),
         anonymousId: typeof raw.telemetry === "object" && raw.telemetry !== null && typeof raw.telemetry.anonymousId === "string" ? String(raw.telemetry.anonymousId).slice(0, 120) : ""
       }
     };
+    const normalized = __spreadProps(__spreadValues({}, base), {
+      integrity: {
+        algorithm: "sha256-local-seal-v1",
+        seal: raw.integrity && typeof raw.integrity === "object" && typeof raw.integrity.seal === "string" ? String(raw.integrity.seal) : ""
+      }
+    });
+    if (normalized.machineInstallId !== install.machineInstallId) {
+      return {
+        registry: normalized,
+        needsRepair: true,
+        repairReason: "machine_install_id_mismatch"
+      };
+    }
+    const expectedSeal = computeSeal(base);
+    if (!normalized.integrity.seal || normalized.integrity.seal !== expectedSeal) {
+      return {
+        registry: normalized,
+        needsRepair: true,
+        repairReason: "integrity_seal_mismatch"
+      };
+    }
+    return { registry: normalized, needsRepair: false, repairReason: null };
   } catch (e) {
-    return __spreadValues({}, DEFAULT_REGISTRY);
+    return {
+      registry: defaultRegistry,
+      needsRepair: true,
+      repairReason: "registry_corrupt"
+    };
   }
 }
+function loadGlobalRegistry() {
+  return inspectGlobalRegistry().registry;
+}
 function saveGlobalRegistry(registry) {
-  const dir = getGlobalRunTrimDir();
-  if (!import_fs8.default.existsSync(dir)) import_fs8.default.mkdirSync(dir, { recursive: true });
-  import_fs8.default.writeFileSync(getGlobalRegistryPath(), JSON.stringify(registry, null, 2), "utf-8");
+  saveRegistryWithSeal(registry);
 }
 async function getCurrentRepoIdentity(cwd = process.cwd()) {
   const normalizedPath = normalizeRepoPath(cwd);
@@ -3120,36 +3398,71 @@ function findTrackedRepo(trackedRepos, currentRepo) {
   return byPath != null ? byPath : null;
 }
 async function assertFreeRepoAllowed(cwd = process.cwd()) {
-  const registry = loadGlobalRegistry();
+  const inspected = inspectGlobalRegistry();
+  const registry = inspected.registry;
   const currentRepo = await getCurrentRepoIdentity(cwd);
   const trackedRepo = findTrackedRepo(registry.trackedRepos, currentRepo);
-  if (registry.plan !== "free") {
-    return { allowed: true, plan: registry.plan, currentRepo, trackedRepo };
+  const base = {
+    plan: registry.plan,
+    currentRepo,
+    trackedRepo,
+    registryPath: getGlobalRegistryPath()
+  };
+  if (inspected.needsRepair) {
+    return __spreadProps(__spreadValues({}, base), {
+      allowed: false,
+      status: "blocked_repair",
+      repairRequired: true,
+      repairReason: inspected.repairReason
+    });
   }
-  if (trackedRepo) {
-    return { allowed: true, plan: registry.plan, currentRepo, trackedRepo };
+  if (registry.plan !== "free") {
+    return __spreadProps(__spreadValues({}, base), {
+      allowed: true,
+      status: "allowed",
+      repairRequired: false,
+      repairReason: null
+    });
   }
-  if (registry.trackedRepos.length === 0) {
-    return { allowed: true, plan: registry.plan, currentRepo, trackedRepo: null };
+  if (trackedRepo || registry.trackedRepos.length === 0) {
+    return __spreadProps(__spreadValues({}, base), {
+      allowed: true,
+      status: "allowed",
+      repairRequired: false,
+      repairReason: null
+    });
   }
-  return {
+  return __spreadProps(__spreadValues({}, base), {
     allowed: false,
-    plan: registry.plan,
-    currentRepo,
+    status: "blocked_limit",
+    repairRequired: false,
+    repairReason: null,
     trackedRepo: registry.trackedRepos[0]
-  };
+  });
 }
 async function registerCurrentRepo(cwd = process.cwd()) {
+  const check = await assertFreeRepoAllowed(cwd);
+  if (!check.allowed && check.status === "blocked_repair") {
+    throw new Error("runtrim_local_state_repair_required");
+  }
   const registry = loadGlobalRegistry();
   const currentRepo = await getCurrentRepoIdentity(cwd);
-  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const now = nowIso();
   const existing = findTrackedRepo(registry.trackedRepos, currentRepo);
   if (existing) {
     existing.lastSeenAt = now;
     existing.name = currentRepo.name;
     existing.path = currentRepo.path;
     existing.gitRemote = currentRepo.gitRemote;
-    saveGlobalRegistry(registry);
+    registry.updatedAt = now;
+    registry.lastKnownRepo = {
+      id: currentRepo.id,
+      name: currentRepo.name,
+      path: currentRepo.path,
+      gitRemote: currentRepo.gitRemote,
+      lastSeenAt: now
+    };
+    saveRegistryWithSeal(registry);
     return existing;
   }
   const entry = {
@@ -3160,24 +3473,110 @@ async function registerCurrentRepo(cwd = process.cwd()) {
     createdAt: now,
     lastSeenAt: now
   };
-  registry.trackedRepos.push(entry);
-  saveGlobalRegistry(registry);
+  registry.trackedRepos = [entry];
+  registry.updatedAt = now;
+  registry.lastKnownRepo = {
+    id: entry.id,
+    name: entry.name,
+    path: entry.path,
+    gitRemote: entry.gitRemote,
+    lastSeenAt: now
+  };
+  saveRegistryWithSeal(registry);
   return entry;
 }
+async function repairGlobalRegistry(cwd = process.cwd(), options = {}) {
+  const before = await assertFreeRepoAllowed(cwd);
+  if (!before.repairRequired) {
+    return { repaired: false, check: before };
+  }
+  const install = ensureInstallState();
+  const now = nowIso();
+  const repaired = buildDefaultRegistry(install);
+  repaired.createdAt = now;
+  repaired.updatedAt = now;
+  if (options.useCurrentRepo) {
+    const currentRepo = await getCurrentRepoIdentity(cwd);
+    repaired.trackedRepos = [
+      {
+        id: currentRepo.id,
+        name: currentRepo.name,
+        path: currentRepo.path,
+        gitRemote: currentRepo.gitRemote,
+        createdAt: now,
+        lastSeenAt: now
+      }
+    ];
+    repaired.lastKnownRepo = {
+      id: currentRepo.id,
+      name: currentRepo.name,
+      path: currentRepo.path,
+      gitRemote: currentRepo.gitRemote,
+      lastSeenAt: now
+    };
+  }
+  saveRegistryWithSeal(repaired);
+  const check = await assertFreeRepoAllowed(cwd);
+  return { repaired: true, check };
+}
 async function unlinkCurrentRepo(cwd = process.cwd(), force = false) {
   var _a2;
+  const check = await assertFreeRepoAllowed(cwd);
+  if (check.status === "blocked_repair") {
+    if (!force) {
+      return {
+        removed: false,
+        forced: false,
+        currentRepo: check.currentRepo,
+        trackedRepo: null
+      };
+    }
+    const install = ensureInstallState();
+    const repaired = buildDefaultRegistry(install);
+    repaired.updatedAt = nowIso();
+    repaired.lastKnownRepo = {
+      id: check.currentRepo.id,
+      name: check.currentRepo.name,
+      path: check.currentRepo.path,
+      gitRemote: check.currentRepo.gitRemote,
+      lastSeenAt: repaired.updatedAt
+    };
+    saveRegistryWithSeal(repaired);
+    return {
+      removed: true,
+      forced: true,
+      currentRepo: check.currentRepo,
+      trackedRepo: null
+    };
+  }
   const registry = loadGlobalRegistry();
   const currentRepo = await getCurrentRepoIdentity(cwd);
   const trackedRepo = findTrackedRepo(registry.trackedRepos, currentRepo);
   if (trackedRepo) {
     registry.trackedRepos = registry.trackedRepos.filter((repo) => repo.id !== trackedRepo.id);
-    saveGlobalRegistry(registry);
+    registry.updatedAt = nowIso();
+    registry.lastKnownRepo = {
+      id: trackedRepo.id,
+      name: trackedRepo.name,
+      path: trackedRepo.path,
+      gitRemote: trackedRepo.gitRemote,
+      lastSeenAt: registry.updatedAt
+    };
+    saveRegistryWithSeal(registry);
     return { removed: true, forced: false, currentRepo, trackedRepo };
   }
   if (force && registry.trackedRepos.length > 0) {
     const first = registry.trackedRepos[0];
     registry.trackedRepos = [];
-    saveGlobalRegistry(registry);
+    registry.updatedAt = nowIso();
+    registry.lastKnownRepo = {
+      id: first.id,
+      name: first.name,
+      path: first.path,
+      gitRemote: first.gitRemote,
+      lastSeenAt: registry.updatedAt
+    };
+    saveRegistryWithSeal(registry);
     return { removed: true, forced: true, currentRepo, trackedRepo: first };
   }
   return {
@@ -4661,21 +5060,21 @@ var MEDIUM_PATH_PATTERNS = [
 ];
 function classifyFileRisk(files) {
   if (files.length === 0) return "low";
-  let maxRisk = "low";
+  let maxRisk2 = "low";
   for (const f of files) {
     const norm = f.replace(/\\/g, "/").toLowerCase();
     if (CRITICAL_PATH_PATTERNS.some((p) => norm.includes(p))) {
       return "critical";
     }
-    if (HIGH_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk !== "high") {
-      maxRisk = "high";
+    if (HIGH_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk2 !== "high") {
+      maxRisk2 = "high";
       continue;
     }
-    if (MEDIUM_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk === "low") {
-      maxRisk = "medium";
+    if (MEDIUM_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk2 === "low") {
+      maxRisk2 = "medium";
     }
   }
-  return maxRisk;
+  return maxRisk2;
 }
 function isSensitivePath(filePath) {
   const norm = filePath.replace(/\\/g, "/").toLowerCase();
@@ -5018,6 +5417,24 @@ function getLearningContext(cwd, task, runs) {
 // src/lib/run-planner.ts
 var FAST_PATH_CATEGORIES = /* @__PURE__ */ new Set(["ui", "docs", "tests", "unknown"]);
 var ALWAYS_CONTRACT_CATEGORIES = /* @__PURE__ */ new Set(["auth", "billing", "payment", "webhook", "database", "env", "middleware"]);
+var RISK_ORDER = ["low", "medium", "high", "critical"];
+var NEGATION_PREFIX_RE3 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function maxRisk(a, b) {
+  return RISK_ORDER[Math.max(RISK_ORDER.indexOf(a), RISK_ORDER.indexOf(b))];
+}
+function hasNegationNear3(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE3.test(window);
+}
+function hasPositiveKeywordMention3(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (!hasNegationNear3(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
 function isFastPathEligible(risk, category, guardMode, hasExplicitPaths) {
   if (guardMode === "strict") return false;
   if (guardMode === "off") return true;
@@ -5033,8 +5450,16 @@ function generatePlan(cwd, task, runs, config, currentChangedFiles) {
   const compiler = compileTask(task);
   const guardMode = (_a2 = config.autoGuardMode) != null ? _a2 : "smart";
   const adapters = detectAdapters(cwd);
-  const riskFiles = compiler.explicitPaths.length > 0 ? compiler.explicitPaths : currentChangedFiles.length > 0 ? currentChangedFiles : [];
-  const rawRisk = classifyFileRisk(riskFiles);
+  const riskFiles = compiler.explicitPaths.length > 0 ? compiler.explicitPaths : [];
+  let rawRisk = classifyFileRisk(riskFiles);
+  if (ALWAYS_CONTRACT_CATEGORIES.has(compiler.taskCategory)) {
+    rawRisk = maxRisk(rawRisk, "high");
+  }
+  const lowerTask = task.toLowerCase();
+  const criticalSystemMentions = ["auth", "billing", "payment", "webhook", "database", "migration", "middleware"].filter((k) => hasPositiveKeywordMention3(lowerTask, k)).length;
+  if (criticalSystemMentions >= 2) {
+    rawRisk = maxRisk(rawRisk, "critical");
+  }
   const catScope = buildCategoryScope(
     compiler.taskCategory,
     true,
@@ -5158,6 +5583,22 @@ var FAST_LOCAL_KEYWORDS = [
   "responsive",
   "ui polish"
 ];
+var NEGATION_PREFIX_RE4 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear4(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE4.test(window);
+}
+function hasPositiveKeywordMention4(task, keyword) {
+  const lowerTask = task.toLowerCase();
+  const lowerKeyword = keyword.toLowerCase();
+  let idx = lowerTask.indexOf(lowerKeyword);
+  while (idx !== -1) {
+    if (!hasNegationNear4(lowerTask, idx)) return true;
+    idx = lowerTask.indexOf(lowerKeyword, idx + lowerKeyword.length);
+  }
+  return false;
+}
 function normalize(s) {
   return (s != null ? s : "").toLowerCase();
 }
@@ -5216,9 +5657,9 @@ function recommendProviderRouting(ctx) {
   const changedFiles = (_d = ctx.changedFiles) != null ? _d : [];
   const learnedContext = (_e = ctx.learnedContext) != null ? _e : [];
   const hasProofGapSignals = proofRequired.some((p) => /proof gap|missing|vercel log|manual verification/i.test(p));
-  const highRiskByKeyword = HIGH_RISK_KEYWORDS.some((k) => task.includes(k) || category.includes(k));
+  const highRiskByKeyword = HIGH_RISK_KEYWORDS.some((k) => hasPositiveKeywordMention4(task, k) || hasPositiveKeywordMention4(category, k));
   const fastKeyword = FAST_LOCAL_KEYWORDS.some((k) => task.includes(k));
-  const multiCritical = ["auth", "billing", "database", "webhook", "payment", "migration"].filter((k) => task.includes(k)).length >= 2;
+  const multiCritical = ["auth", "billing", "database", "webhook", "payment", "migration"].filter((k) => hasPositiveKeywordMention4(task, k)).length >= 2;
   const broadTask = !ctx.explicitScope && task.split(/\s+/).length > 16;
   const hasSensitiveFiles = sensitiveAreas.length > 0 || changedFiles.some((f) => HIGH_RISK_KEYWORDS.some((k) => normalize(f).includes(k)));
   const noLearning = learnedContext.length === 0 && ((_f = ctx.similarRunsCount) != null ? _f : 0) === 0;
@@ -5483,6 +5924,19 @@ async function getSensitivePathStates(cwd) {
     return /* @__PURE__ */ new Map();
   }
 }
+function extractBoundaryLabels(forbiddenScope) {
+  const labels = /* @__PURE__ */ new Set();
+  for (const line of forbiddenScope) {
+    const lower = line.toLowerCase();
+    if (lower.includes("billing") || lower.includes("subscription") || lower.includes("payment")) labels.add("billing");
+    if (lower.includes("auth") || lower.includes("session") || lower.includes("jwt")) labels.add("auth");
+    if (lower.includes("middleware") || lower.includes("proxy")) labels.add("middleware");
+    if (lower.includes(".env") || lower.includes("secret")) labels.add("env");
+    if (lower.includes("cli")) labels.add("cli");
+    if (lower.includes("mcp")) labels.add("mcp");
+  }
+  return [...labels];
+}
 function nowId() {
   const d = /* @__PURE__ */ new Date();
   const pad = (n) => String(n).padStart(2, "0");
@@ -5544,8 +5998,21 @@ function buildApprovalLevel(risk, task, category) {
   const text = `${task}
 ${category}`.toLowerCase();
   const highSystems = ["auth", "billing", "payment", "dodo", "stripe", "webhook", "database", "migration", "rls", "middleware", "env", "secret"];
+  const hasNegationNear5 = (source, index) => {
+    const start = Math.max(0, index - 64);
+    const window = source.slice(start, index + 8);
+    return /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i.test(window);
+  };
+  const hasPositiveKeyword = (source, keyword) => {
+    let idx = source.indexOf(keyword);
+    while (idx !== -1) {
+      if (!hasNegationNear5(source, idx)) return true;
+      idx = source.indexOf(keyword, idx + keyword.length);
+    }
+    return false;
+  };
   if (risk === "high" || risk === "critical") return "required";
-  if (highSystems.some((k) => text.includes(k))) return "required";
+  if (highSystems.some((k) => hasPositiveKeyword(text, k))) return "required";
   if (risk === "medium") return "recommended";
   return "no";
 }
@@ -5586,6 +6053,7 @@ function writePreviewArtifacts(cwd, preview) {
     "",
     "Forbidden:",
     ...preview.forbiddenScope.length > 0 ? preview.forbiddenScope.slice(0, 8).map((f) => `- ${f}`) : ["- none"],
+    ...preview.boundariesDetected.length > 0 ? ["", `Boundaries detected: ${preview.boundariesDetected.join(", ")} will be forbidden, not treated as active scope.`] : [],
     "",
     "Learned context:",
     ...preview.learnedContext.length > 0 ? preview.learnedContext.map((x) => `- ${x}`) : ["- learning not available yet"],
@@ -5625,6 +6093,9 @@ async function runAgentPreview(task) {
   console.log("");
   console.log(GO_ACCENT.bold("Forbidden"));
   for (const item of preview.forbiddenScope.slice(0, 6)) console.log(DIM("  - ") + chalk.white(item));
+  if (preview.boundariesDetected.length > 0) {
+    console.log(DIM("  Boundaries detected: ") + chalk.white(`${preview.boundariesDetected.join(", ")} will be forbidden, not treated as active scope.`));
+  }
   console.log("");
   console.log(GO_ACCENT.bold("Patch strategy"));
   for (let i = 0; i < preview.patchStrategy.length; i += 1) {
@@ -5689,6 +6160,7 @@ async function buildAgentPreview(task) {
     filesToInspect,
     allowedScope: contract.contract.relevantScope,
     forbiddenScope: contract.contract.forbiddenScope,
+    boundariesDetected: extractBoundaryLabels(contract.contract.forbiddenScope),
     sensitiveAreas: [...contract.contract.sensitiveScope, ...plan.sensitiveAreas].slice(0, 10),
     stopRules: contract.contract.stopRules,
     successCriteria: contract.contract.successCriteria,
@@ -7005,6 +7477,24 @@ async function buildRuntrimCreateContractMcp(cwd, args) {
       isError: true
     };
   }
+  const repoCheck = await assertFreeRepoAllowed(cwd);
+  if (!repoCheck.allowed) {
+    const guidance = repoCheck.status === "blocked_repair" ? "RunTrim local state needs repair. Free includes 1 tracked repo. The local repo registry changed unexpectedly. Repair the registry or upgrade to Builder for unlimited repos." : "Free includes 1 tracked repo. This repo is not currently tracked. Continue in the tracked repo, unlink the tracked repo with runtrim repo unlink --force, or upgrade to Builder for unlimited repos.";
+    const blockedPayload = {
+      contract_created: false,
+      task: taskRaw,
+      error: repoCheck.status === "blocked_repair" ? "repo_registry_repair_required" : "repo_limit_blocked",
+      guidance,
+      next_action: guidance,
+      finish_command: "runtrim finish",
+      approval_command_example: 'runtrim approve "Allow <path> for this run only"'
+    };
+    return {
+      content: [{ type: "text", text: JSON.stringify(blockedPayload, null, 2) }],
+      structuredContent: blockedPayload,
+      isError: true
+    };
+  }
   const latest = loadLatestRun(cwd);
   if ((latest == null ? void 0 : latest.status) === "guarded") {
     const blockedPayload = {
@@ -7666,6 +8156,21 @@ function isInteractiveTerminal() {
 async function ensureRepoAllowedForFree(cwd) {
   var _a2, _b;
   const check = await assertFreeRepoAllowed(cwd);
+  if (check.status === "blocked_repair") {
+    console.log(chalk.yellow("  RunTrim local state needs repair."));
+    console.log(chalk.yellow("  Free includes 1 tracked repo."));
+    console.log(chalk.yellow("  Your local repo registry changed unexpectedly."));
+    console.log("");
+    console.log(DIM("  Next:"));
+    console.log(chalk.white("  - runtrim repo status"));
+    console.log(chalk.white("  - runtrim repo repair"));
+    console.log(chalk.white("  - runtrim repo repair --use-current"));
+    console.log(chalk.white("  - runtrim repo unlink --force"));
+    console.log(chalk.white("  - upgrade to Builder for unlimited repos"));
+    console.log(chalk.white("  - sign in to restore cloud entitlements"));
+    console.log("");
+    return false;
+  }
   if (check.allowed) {
     await registerCurrentRepo(cwd);
     return true;
@@ -7679,9 +8184,12 @@ async function ensureRepoAllowedForFree(cwd) {
   console.log(chalk.white(`  ${check.currentRepo.path}`));
   console.log("");
   console.log(DIM("  Next:"));
-  console.log(chalk.white("  - continue in the tracked repo"));
-  console.log(chalk.white("  - unlink the tracked repo with runtrim repo unlink --force"));
-  console.log(chalk.white("  - join Builder early access for unlimited repos"));
+  console.log(
+    chalk.white(
+      "  Free includes 1 tracked repo. This repo is not currently tracked. Continue in the tracked repo, unlink the tracked repo with runtrim repo unlink --force, or upgrade to Builder for unlimited repos."
+    )
+  );
+  console.log(chalk.white("  Agent instructions were not installed because this repo is not tracked."));
   console.log("");
   console.log(
     DIM(
@@ -8048,7 +8556,8 @@ var PROTOCOL_POINTER_BLOCK = `
 ${PROTOCOL_BLOCK_START}
 This repo uses RunTrim as the guarded AI coding protocol.
 Before editing code, read RUNTRIM.md.
-Start every task with: runtrim go "<task>"
+Start every task with: runtrim start
+Then run: runtrim agent "Your task" --copy
 Stay inside .runtrim/contracts/latest.md.
 After edits, ask the user to run: runtrim finish
 ${PROTOCOL_BLOCK_END}
@@ -8744,6 +9253,8 @@ program.command("execute <task>").description("Create a controlled execution pac
 var agentCommand = program.command("agent").description("Start a guarded AI coding run with contract, scope, memory, and handoff");
 agentCommand.argument("[task]").option("--copy", "Copy the handoff to clipboard").option("--bridge", "Ensure local bridge is running for this agent run").option("--preview", "Generate an execution preview instead of running any agent").option("--apply", "Generate Agent Apply handoff artifacts").option("--execute", "Create a controlled execution packet and handoff").option("--run", "Alias for --execute").option("--dry-run", "Create execution packet in pending mode without ready status").option("--confirm", "Confirm high-risk apply handoff creation").action(async (task, options) => {
   if (task == null ? void 0 : task.trim()) {
+    const allowed = await ensureRepoAllowedForFree(process.cwd());
+    if (!allowed) return;
     const normalizedTask = (task != null ? task : "").trim();
     if (options == null ? void 0 : options.bridge) {
       const bridge = await ensureBridgeRunningForAgent(process.cwd());
@@ -9212,12 +9723,54 @@ repoCommand.command("status").description("Show local tracked repo status").acti
   console.log(DIM("  Current repo  ") + chalk.white(identity.path));
   console.log(DIM("  Tracked repo  ") + chalk.white((_b = tracked == null ? void 0 : tracked.path) != null ? _b : "(none)"));
   console.log(DIM("  Allowed       ") + chalk.white(check.allowed ? "yes" : "no"));
+  console.log(DIM("  State         ") + chalk.white(check.status));
   console.log("");
+  if (check.status === "blocked_repair") {
+    console.log(chalk.yellow("  RunTrim local state needs repair."));
+    console.log(chalk.yellow("  Free includes 1 tracked repo."));
+    console.log(chalk.yellow("  The local repo registry changed unexpectedly."));
+    console.log(DIM("  Run: runtrim repo repair"));
+    console.log("");
+  }
   if (tracked) {
     console.log(DIM("  A tracked repo is one codebase with its own .runtrim workspace."));
     console.log("");
   }
 });
+repoCommand.command("repair").description("Repair local free-plan repo registry integrity").option("--use-current", "Repair and set the current repo as the single tracked Free repo").action(async (options) => {
+  const cwd = process.cwd();
+  const before = await assertFreeRepoAllowed(cwd);
+  console.log("");
+  console.log(BOLD("RunTrim") + DIM("  repo repair"));
+  console.log("");
+  if (!before.repairRequired) {
+    console.log(DIM("  Local state is healthy. No repair required."));
+    console.log("");
+    return;
+  }
+  if (!options.useCurrent) {
+    console.log(chalk.yellow("  RunTrim local state needs repair."));
+    console.log(chalk.yellow("  Free includes 1 tracked repo."));
+    console.log(chalk.yellow("  Your local repo registry changed unexpectedly."));
+    console.log("");
+    console.log(DIM("  Safe next actions:"));
+    console.log(chalk.white("  - runtrim repo repair --use-current"));
+    console.log(chalk.white("  - runtrim repo unlink --force"));
+    console.log(chalk.white("  - upgrade to Builder for unlimited repos"));
+    console.log(chalk.white("  - sign in to restore cloud entitlements"));
+    console.log("");
+    return;
+  }
+  const result = await repairGlobalRegistry(cwd, { useCurrentRepo: true });
+  if (result.repaired) {
+    console.log(ACCENT.bold("  Local registry repaired."));
+    console.log(DIM("  Current repo is now the tracked Free repo."));
+    console.log("");
+    return;
+  }
+  console.log(DIM("  No repair changes applied."));
+  console.log("");
+});
 repoCommand.command("unlink").description("Unlink tracked repo from local free-plan registry").option("--force", "Force unlink tracked repo even when running from another path").action(async (options) => {
   const cwd = process.cwd();
   const result = await unlinkCurrentRepo(cwd, Boolean(options.force));
@@ -10384,7 +10937,7 @@ program.command("continue").description("Create a safe continuation prompt from
   const audit = (_a2 = loadProjectAudit(cwd)) != null ? _a2 : performBaselineProjectAudit(cwd, null);
   const reason = normalizeContinuationReason(options.reason);
   const agent = normalizeContinuationAgent(options.agent, config.defaultAgent);
-  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  const nowIso2 = (/* @__PURE__ */ new Date()).toISOString();
   const continuationPath = resolveContinuationPath(cwd);
   const latestPromptPath = resolvePromptPath(config, cwd);
   const latestPrompt = import_fs13.default.existsSync(latestPromptPath) ? import_fs13.default.readFileSync(latestPromptPath, "utf-8").trim() : "";
@@ -10574,14 +11127,14 @@ program.command("continue").description("Create a safe continuation prompt from
   import_fs13.default.writeFileSync(continuationPath, continuationPrompt, "utf-8");
   const copied = await copyToClipboardSafe(continuationPrompt);
   if (memory) {
-    const memoryWithContinuation = updateMemoryWithContinuation(memory, reason, continuationPath, nowIso);
+    const memoryWithContinuation = updateMemoryWithContinuation(memory, reason, continuationPath, nowIso2);
     import_fs13.default.writeFileSync(import_path13.default.join(getConfigDir(cwd), "memory.md"), memoryWithContinuation, "utf-8");
   }
   if (hasConfig) {
     const nextConfig = __spreadProps(__spreadValues({}, config), {
       lastContinuationReason: reason,
       continuationPromptPath: continuationPath.replace(/\\/g, "/"),
-      continuationCreatedAt: nowIso
+      continuationCreatedAt: nowIso2
     });
     saveConfig(nextConfig, cwd);
   }
@@ -11373,6 +11926,8 @@ program.command("finish").description("Bridge Mode: evaluate agent output, check
 program.command("sync").description("Sync local run history and project memory to your RunTrim dashboard").option("--dry-run", "Show what would be synced without uploading").action(async (opts) => {
   var _a2, _b;
   const cwd = process.cwd();
+  const allowed = await ensureRepoAllowedForFree(cwd);
+  if (!allowed) return;
   console.log("");
   console.log(BOLD("RunTrim") + DIM("  cloud sync"));
   console.log("");