runtrim 0.1.17 → 0.1.19

package/dist-cli/runtrim.js

@@ -97,8 +97,45 @@ function getConfigPath(cwd = process.cwd()) {
   return path.join(getConfigDir(cwd), "config.json");
 }
 function getRunsDir(cwd = process.cwd()) {
+  return path.join(getInternalDir(cwd), "runs");
+}
+function getLegacyRunsDir(cwd = process.cwd()) {
   return path.join(getConfigDir(cwd), "runs");
 }
+function getInternalDir(cwd = process.cwd()) {
+  return path.join(getConfigDir(cwd), "internal");
+}
+function getPreviewsDir(cwd = process.cwd()) {
+  return path.join(getInternalDir(cwd), "previews");
+}
+function getLegacyPreviewsDir(cwd = process.cwd()) {
+  return path.join(getConfigDir(cwd), "previews");
+}
+function getRestoresDir(cwd = process.cwd()) {
+  return path.join(getInternalDir(cwd), "restores");
+}
+function getLegacyRestoresDir(cwd = process.cwd()) {
+  return path.join(getConfigDir(cwd), "restores");
+}
+function getContractsArchiveDir(cwd = process.cwd()) {
+  return path.join(getInternalDir(cwd), "contracts-archive");
+}
+function getAgentArchiveDir(cwd = process.cwd()) {
+  return path.join(getInternalDir(cwd), "agent-archive");
+}
+function ensureInternalArtifactDirs(cwd = process.cwd()) {
+  const dirs = [
+    getInternalDir(cwd),
+    getRunsDir(cwd),
+    getPreviewsDir(cwd),
+    getRestoresDir(cwd),
+    getContractsArchiveDir(cwd),
+    getAgentArchiveDir(cwd)
+  ];
+  for (const dir of dirs) {
+    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  }
+}
 function configExists(cwd = process.cwd()) {
   return fs.existsSync(getConfigPath(cwd));
 }
@@ -666,6 +703,28 @@ function buildCategoryScope(category, hasSrc, hasApp, hasPages) {
           "Check no regression in adjacent routes"
         ]
       };
+    case "docs":
+      return {
+        allowedHints: [
+          "README.md - project documentation",
+          "docs/ - documentation files",
+          "CHANGELOG.md or CONTRIBUTING.md if task-specific"
+        ],
+        forbiddenAdditions: [
+          "Do not touch auth internals, session logic, or JWT handling",
+          "Do not touch billing, subscription, payment, or webhook logic",
+          "Do not touch database schema or migrations",
+          "Do not touch .env files or secrets"
+        ],
+        stopRules: [
+          "Stop if the requested change requires code-path behavior changes outside docs",
+          "Stop if sensitive files or secrets are referenced"
+        ],
+        verificationSteps: [
+          "Confirm documentation text matches the requested task",
+          "Check markdown formatting renders correctly"
+        ]
+      };
     default:
       return {
         allowedHints: [],
@@ -1530,35 +1589,38 @@ function saveRun(task, audit, contract, cwd = process.cwd()) {
   return record;
 }
 function loadLatestRun(cwd = process.cwd()) {
-  const runsDir = getRunsDir(cwd);
-  if (!fs3.existsSync(runsDir)) return null;
-  const files = fs3.readdirSync(runsDir).filter((f) => f.endsWith(".json")).map((f) => ({
-    name: f,
-    time: fs3.statSync(path3.join(runsDir, f)).mtime.getTime()
-  })).sort((a, b) => b.time - a.time);
+  const candidateDirs = [getRunsDir(cwd), getLegacyRunsDir(cwd)].filter((dir, idx, arr) => arr.indexOf(dir) === idx);
+  const files = candidateDirs.filter((dir) => fs3.existsSync(dir)).flatMap(
+    (dir) => fs3.readdirSync(dir).filter((f) => f.endsWith(".json")).map((f) => ({
+      dir,
+      name: f,
+      time: fs3.statSync(path3.join(dir, f)).mtime.getTime()
+    }))
+  ).sort((a, b) => b.time - a.time);
   if (files.length === 0) return null;
   try {
     return JSON.parse(
-      fs3.readFileSync(path3.join(runsDir, files[0].name), "utf-8")
+      fs3.readFileSync(path3.join(files[0].dir, files[0].name), "utf-8")
     );
   } catch (e) {
     return null;
   }
 }
 function updateRun(runId, updates, cwd = process.cwd()) {
-  const filePath = path3.join(getRunsDir(cwd), `${runId}.json`);
+  const preferredPath = path3.join(getRunsDir(cwd), `${runId}.json`);
+  const legacyPath = path3.join(getLegacyRunsDir(cwd), `${runId}.json`);
+  const filePath = fs3.existsSync(preferredPath) ? preferredPath : legacyPath;
   if (!fs3.existsSync(filePath)) return;
   const existing = JSON.parse(fs3.readFileSync(filePath, "utf-8"));
   fs3.writeFileSync(filePath, JSON.stringify(__spreadValues(__spreadValues({}, existing), updates), null, 2));
 }
 function loadAllRuns(cwd = process.cwd()) {
-  const runsDir = getRunsDir(cwd);
-  if (!fs3.existsSync(runsDir)) return [];
-  return fs3.readdirSync(runsDir).filter((f) => f.endsWith(".json")).map((f) => {
+  const candidateDirs = [getRunsDir(cwd), getLegacyRunsDir(cwd)].filter((dir, idx, arr) => arr.indexOf(dir) === idx);
+  const files = candidateDirs.filter((dir) => fs3.existsSync(dir)).flatMap((dir) => fs3.readdirSync(dir).filter((f) => f.endsWith(".json")).map((f) => path3.join(dir, f)));
+  const deduped = [...new Set(files)];
+  return deduped.map((filePath) => {
     try {
-      return JSON.parse(
-        fs3.readFileSync(path3.join(runsDir, f), "utf-8")
-      );
+      return JSON.parse(fs3.readFileSync(filePath, "utf-8"));
     } catch (e) {
       return null;
     }
@@ -2577,7 +2639,7 @@ function buildSyncPayload(input) {
   var _a2, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m, _n, _o, _p, _q, _r, _s, _t;
   const { cwd, projectName, config, projectAudit, memoryMarkdown, runs } = input;
   const latest = runs[0];
-  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  const nowIso2 = (/* @__PURE__ */ new Date()).toISOString();
   const localProjectId = buildLocalProjectId(cwd);
   const latestPromptText = readTextFileIfExists(path6.join(cwd, ".runtrim", "latest-prompt.md"));
   const continuationPromptText = readTextFileIfExists(
@@ -2639,7 +2701,7 @@ function buildSyncPayload(input) {
       name: resolveProjectName2(cwd, projectName, projectAudit == null ? void 0 : projectAudit.projectName),
       stack: (_a2 = projectAudit == null ? void 0 : projectAudit.detectedStack) != null ? _a2 : config.stack ? config.stack.split(",").map((s) => s.trim()).filter(Boolean) : ["auto"],
       packageManager: (_c = (_b = projectAudit == null ? void 0 : projectAudit.packageManager) != null ? _b : config.packageManager) != null ? _c : null,
-      lastUpdated: nowIso
+      lastUpdated: nowIso2
     },
     memory: {
       markdown: memoryMarkdown,
@@ -2721,7 +2783,8 @@ function writeCanonicalRuntrimMd(cwd = process.cwd(), projectName) {
     "## How to start an AI coding task",
     "",
     "```",
-    'runtrim go "<task>"',
+    "runtrim start",
+    'runtrim agent "Your task" --copy',
     "```",
     "",
     "RunTrim creates a scoped contract, loads project memory, and generates a guarded prompt.",
@@ -2742,7 +2805,7 @@ function writeCanonicalRuntrimMd(cwd = process.cwd(), projectName) {
     "",
     "1. Read `.runtrim/contracts/latest.md`.",
     "   - If `Status: active` \u2014 a live task exists. Follow the contract strictly.",
-    '   - If `Status: none` \u2014 no active task. Ask the user to run `runtrim go "<task>"` first.',
+    '   - If `Status: none` \u2014 no active task. Ask the user to run `runtrim start` then `runtrim agent "Your task" --copy`.',
     "2. Do not assume any prior task is still active.",
     "3. Stay inside the allowed scope defined in the contract.",
     "4. Stop and ask before touching any forbidden area.",
@@ -2750,7 +2813,7 @@ function writeCanonicalRuntrimMd(cwd = process.cwd(), projectName) {
     "6. After editing, tell the user to run: `runtrim finish`",
     "",
     "---",
-    `Protocol: runtrim init. Updated: ${(/* @__PURE__ */ new Date()).toISOString()}`
+    `Protocol: runtrim start. Updated: ${(/* @__PURE__ */ new Date()).toISOString()}`
   ];
   fs7.writeFileSync(path7.join(cwd, "RUNTRIM.md"), lines.join("\n"), "utf-8");
 }
@@ -2767,7 +2830,8 @@ function writeRestingContract(cwd = process.cwd()) {
     "Start one with:",
     "",
     "```",
-    'runtrim go "<your task>"',
+    "runtrim start",
+    'runtrim agent "Your task" --copy',
     "```",
     "",
     "---",
@@ -2790,7 +2854,8 @@ function writeRestingMemory(cwd = process.cwd()) {
     "Start a new session with:",
     "",
     "```",
-    'runtrim go "<your task>"',
+    "runtrim start",
+    'runtrim agent "Your task" --copy',
     "```",
     "",
     "---",
@@ -2804,7 +2869,7 @@ function archiveContract(cwd, runId) {
   if (!fs7.existsSync(latestPath)) return;
   const content = fs7.readFileSync(latestPath, "utf-8");
   if (content.includes("Status: none")) return;
-  const archiveDir = path7.join(contractsDir, "archive");
+  const archiveDir = getContractsArchiveDir(cwd);
   if (!fs7.existsSync(archiveDir)) fs7.mkdirSync(archiveDir, { recursive: true });
   fs7.writeFileSync(path7.join(archiveDir, `${runId}.md`), content, "utf-8");
 }
@@ -2911,7 +2976,7 @@ function writeBridgeInstructions(cwd = process.cwd()) {
     "1. Read `RUNTRIM.md`.",
     "2. Read `.runtrim/contracts/latest.md`.",
     "   - If `Status: active` \u2014 follow the contract strictly.",
-    '   - If `Status: none` \u2014 stop. Ask the user to run `runtrim go "<task>"` first.',
+    '   - If `Status: none` \u2014 stop. Ask the user to run `runtrim start` then `runtrim agent "Your task" --copy`.',
     "3. If the contract is active, read `.runtrim/memory/current.md` for session context.",
     "   If no active session, read `.runtrim/memory/baseline.md` for project baseline.",
     "",
@@ -2985,6 +3050,28 @@ function buildBridgePrompt(contractText, ctx) {
 // src/lib/run-watch.ts
 function normalizeScopeKeywords2(scope) {
   var _a2;
+  const genericStopwords = /* @__PURE__ */ new Set([
+    "read",
+    "write",
+    "reference",
+    "touch",
+    "modify",
+    "change",
+    "update",
+    "allow",
+    "scope",
+    "paths",
+    "path",
+    "files",
+    "file",
+    "only",
+    "with",
+    "without",
+    "before",
+    "after",
+    "inside",
+    "outside"
+  ]);
   const words = /* @__PURE__ */ new Set();
   for (const line of scope) {
     const lower = line.toLowerCase();
@@ -2994,7 +3081,7 @@ function normalizeScopeKeywords2(scope) {
     }
     const cleaned = lower.replace(/[^a-z0-9_./\s-]/g, " ").split(/\s+/).filter(Boolean);
     for (const token of cleaned) {
-      if (token.length >= 4) words.add(token);
+      if (token.length >= 4 && !genericStopwords.has(token)) words.add(token);
     }
   }
   return [...words];
@@ -3091,15 +3178,7 @@ import fs8 from "fs";
 import os from "os";
 import path8 from "path";
 import { execa as execa2 } from "execa";
-var DEFAULT_REGISTRY = {
-  version: 1,
-  plan: "free",
-  trackedRepos: [],
-  telemetry: {
-    enabled: false,
-    anonymousId: ""
-  }
-};
+var EMPTY_TELEMETRY = { enabled: false, anonymousId: "" };
 function normalizeRepoPath(input) {
   const resolved = path8.resolve(input);
   return process.platform === "win32" ? resolved.toLowerCase() : resolved;
@@ -3107,41 +3186,208 @@ function normalizeRepoPath(input) {
 function hashValue(value) {
   return crypto.createHash("sha256").update(value).digest("hex").slice(0, 16);
 }
+function nowIso() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function randomId(prefix) {
+  return `${prefix}_${crypto.randomBytes(12).toString("hex")}`;
+}
 function getGlobalRunTrimDir() {
   return path8.join(os.homedir(), ".runtrim");
 }
 function getGlobalRegistryPath() {
   return path8.join(getGlobalRunTrimDir(), "global.json");
 }
-function loadGlobalRegistry() {
+function getInstallStatePath() {
+  return path8.join(getGlobalRunTrimDir(), "install-state.json");
+}
+function buildSealInput(registry) {
+  const tracked = [...registry.trackedRepos].map((r) => ({
+    id: r.id,
+    name: r.name,
+    path: normalizeRepoPath(r.path),
+    gitRemote: r.gitRemote,
+    createdAt: r.createdAt,
+    lastSeenAt: r.lastSeenAt
+  })).sort((a, b) => `${a.id}:${a.path}`.localeCompare(`${b.id}:${b.path}`));
+  const payload = {
+    version: registry.version,
+    stateVersion: registry.stateVersion,
+    plan: registry.plan,
+    machineInstallId: registry.machineInstallId,
+    createdAt: registry.createdAt,
+    updatedAt: registry.updatedAt,
+    trackedRepos: tracked,
+    lastKnownRepo: registry.lastKnownRepo ? __spreadProps(__spreadValues({}, registry.lastKnownRepo), {
+      path: normalizeRepoPath(registry.lastKnownRepo.path)
+    }) : null
+  };
+  return JSON.stringify(payload);
+}
+function computeSeal(registry) {
+  return crypto.createHash("sha256").update(buildSealInput(registry)).digest("hex");
+}
+function sanitizeTrackedRepoEntry(input) {
+  var _a2, _b, _c, _d, _e, _f;
+  const id = String((_a2 = input.id) != null ? _a2 : "").trim();
+  const rawPath = String((_b = input.path) != null ? _b : "").trim();
+  if (!id || !rawPath) return null;
+  return {
+    id,
+    name: String((_c = input.name) != null ? _c : "").trim(),
+    path: normalizeRepoPath(rawPath),
+    gitRemote: String((_d = input.gitRemote) != null ? _d : "").trim(),
+    createdAt: String((_e = input.createdAt) != null ? _e : "").trim(),
+    lastSeenAt: String((_f = input.lastSeenAt) != null ? _f : "").trim()
+  };
+}
+function readInstallStateRaw() {
+  var _a2, _b, _c;
+  const p = getInstallStatePath();
+  if (!fs8.existsSync(p)) return { exists: false, state: null };
+  try {
+    const parsed = JSON.parse(fs8.readFileSync(p, "utf-8"));
+    const machineInstallId = String((_a2 = parsed.machineInstallId) != null ? _a2 : "").trim();
+    if (!machineInstallId) return { exists: true, state: null };
+    return {
+      exists: true,
+      state: {
+        machineInstallId,
+        createdAt: String((_b = parsed.createdAt) != null ? _b : "").trim() || nowIso(),
+        updatedAt: String((_c = parsed.updatedAt) != null ? _c : "").trim() || nowIso()
+      }
+    };
+  } catch (e) {
+    return { exists: true, state: null };
+  }
+}
+function writeInstallState(state) {
+  const dir = getGlobalRunTrimDir();
+  if (!fs8.existsSync(dir)) fs8.mkdirSync(dir, { recursive: true });
+  fs8.writeFileSync(getInstallStatePath(), JSON.stringify(state, null, 2), "utf-8");
+}
+function ensureInstallState() {
+  const raw = readInstallStateRaw();
+  if (raw.exists && raw.state) return raw.state;
+  const created = {
+    machineInstallId: randomId("rt_install"),
+    createdAt: nowIso(),
+    updatedAt: nowIso()
+  };
+  writeInstallState(created);
+  return created;
+}
+function buildDefaultRegistry(install) {
+  const base = {
+    version: 2,
+    stateVersion: 2,
+    plan: "free",
+    machineInstallId: install.machineInstallId,
+    createdAt: nowIso(),
+    updatedAt: nowIso(),
+    trackedRepos: [],
+    lastKnownRepo: null,
+    telemetry: __spreadValues({}, EMPTY_TELEMETRY)
+  };
+  return __spreadProps(__spreadValues({}, base), {
+    integrity: {
+      algorithm: "sha256-local-seal-v1",
+      seal: computeSeal(base)
+    }
+  });
+}
+function saveRegistryWithSeal(registry) {
+  var _a2;
+  const dir = getGlobalRunTrimDir();
+  if (!fs8.existsSync(dir)) fs8.mkdirSync(dir, { recursive: true });
+  const normalizedBase = __spreadProps(__spreadValues({}, registry), {
+    version: 2,
+    stateVersion: 2,
+    trackedRepos: registry.trackedRepos.map((r) => __spreadProps(__spreadValues({}, r), { path: normalizeRepoPath(r.path) })),
+    telemetry: (_a2 = registry.telemetry) != null ? _a2 : __spreadValues({}, EMPTY_TELEMETRY)
+  });
+  const sealed = __spreadProps(__spreadValues({}, normalizedBase), {
+    integrity: {
+      algorithm: "sha256-local-seal-v1",
+      seal: computeSeal(normalizedBase)
+    }
+  });
+  fs8.writeFileSync(getGlobalRegistryPath(), JSON.stringify(sealed, null, 2), "utf-8");
+}
+function inspectGlobalRegistry() {
+  var _a2, _b, _c, _d, _e, _f, _g, _h, _i;
+  const installRaw = readInstallStateRaw();
+  const install = (_a2 = installRaw.state) != null ? _a2 : ensureInstallState();
   const registryPath = getGlobalRegistryPath();
-  if (!fs8.existsSync(registryPath)) return __spreadValues({}, DEFAULT_REGISTRY);
+  const defaultRegistry = buildDefaultRegistry(install);
+  if (!fs8.existsSync(registryPath)) {
+    if (installRaw.exists) {
+      return {
+        registry: defaultRegistry,
+        needsRepair: true,
+        repairReason: "missing_registry_after_initialization"
+      };
+    }
+    return { registry: defaultRegistry, needsRepair: false, repairReason: null };
+  }
   try {
     const raw = JSON.parse(fs8.readFileSync(registryPath, "utf-8"));
-    return {
-      version: 1,
+    const trackedRepos = Array.isArray(raw.trackedRepos) ? raw.trackedRepos.map((item) => sanitizeTrackedRepoEntry(item)).filter((item) => Boolean(item)) : [];
+    const base = {
+      version: 2,
+      stateVersion: 2,
       plan: raw.plan === "free" ? "free" : "free",
-      trackedRepos: Array.isArray(raw.trackedRepos) ? raw.trackedRepos.filter((item) => Boolean(item && typeof item === "object")).map((item) => ({
-        id: String(item.id || ""),
-        name: String(item.name || ""),
-        path: normalizeRepoPath(String(item.path || "")),
-        gitRemote: String(item.gitRemote || ""),
-        createdAt: String(item.createdAt || ""),
-        lastSeenAt: String(item.lastSeenAt || "")
-      })).filter((item) => Boolean(item.id && item.path)) : [],
+      machineInstallId: String((_b = raw.machineInstallId) != null ? _b : "").trim() || install.machineInstallId,
+      createdAt: String((_c = raw.createdAt) != null ? _c : "").trim() || nowIso(),
+      updatedAt: String((_d = raw.updatedAt) != null ? _d : "").trim() || nowIso(),
+      trackedRepos,
+      lastKnownRepo: raw.lastKnownRepo && typeof raw.lastKnownRepo === "object" ? {
+        id: String((_e = raw.lastKnownRepo.id) != null ? _e : "").trim(),
+        name: String((_f = raw.lastKnownRepo.name) != null ? _f : "").trim(),
+        path: normalizeRepoPath(String((_g = raw.lastKnownRepo.path) != null ? _g : "")),
+        gitRemote: String((_h = raw.lastKnownRepo.gitRemote) != null ? _h : "").trim(),
+        lastSeenAt: String((_i = raw.lastKnownRepo.lastSeenAt) != null ? _i : "").trim() || nowIso()
+      } : null,
       telemetry: {
         enabled: typeof raw.telemetry === "object" && raw.telemetry !== null && Boolean(raw.telemetry.enabled),
         anonymousId: typeof raw.telemetry === "object" && raw.telemetry !== null && typeof raw.telemetry.anonymousId === "string" ? String(raw.telemetry.anonymousId).slice(0, 120) : ""
       }
     };
+    const normalized = __spreadProps(__spreadValues({}, base), {
+      integrity: {
+        algorithm: "sha256-local-seal-v1",
+        seal: raw.integrity && typeof raw.integrity === "object" && typeof raw.integrity.seal === "string" ? String(raw.integrity.seal) : ""
+      }
+    });
+    if (normalized.machineInstallId !== install.machineInstallId) {
+      return {
+        registry: normalized,
+        needsRepair: true,
+        repairReason: "machine_install_id_mismatch"
+      };
+    }
+    const expectedSeal = computeSeal(base);
+    if (!normalized.integrity.seal || normalized.integrity.seal !== expectedSeal) {
+      return {
+        registry: normalized,
+        needsRepair: true,
+        repairReason: "integrity_seal_mismatch"
+      };
+    }
+    return { registry: normalized, needsRepair: false, repairReason: null };
   } catch (e) {
-    return __spreadValues({}, DEFAULT_REGISTRY);
+    return {
+      registry: defaultRegistry,
+      needsRepair: true,
+      repairReason: "registry_corrupt"
+    };
   }
 }
+function loadGlobalRegistry() {
+  return inspectGlobalRegistry().registry;
+}
 function saveGlobalRegistry(registry) {
-  const dir = getGlobalRunTrimDir();
-  if (!fs8.existsSync(dir)) fs8.mkdirSync(dir, { recursive: true });
-  fs8.writeFileSync(getGlobalRegistryPath(), JSON.stringify(registry, null, 2), "utf-8");
+  saveRegistryWithSeal(registry);
 }
 async function getCurrentRepoIdentity(cwd = process.cwd()) {
   const normalizedPath = normalizeRepoPath(cwd);
@@ -3171,36 +3417,71 @@ function findTrackedRepo(trackedRepos, currentRepo) {
   return byPath != null ? byPath : null;
 }
 async function assertFreeRepoAllowed(cwd = process.cwd()) {
-  const registry = loadGlobalRegistry();
+  const inspected = inspectGlobalRegistry();
+  const registry = inspected.registry;
   const currentRepo = await getCurrentRepoIdentity(cwd);
   const trackedRepo = findTrackedRepo(registry.trackedRepos, currentRepo);
-  if (registry.plan !== "free") {
-    return { allowed: true, plan: registry.plan, currentRepo, trackedRepo };
+  const base = {
+    plan: registry.plan,
+    currentRepo,
+    trackedRepo,
+    registryPath: getGlobalRegistryPath()
+  };
+  if (inspected.needsRepair) {
+    return __spreadProps(__spreadValues({}, base), {
+      allowed: false,
+      status: "blocked_repair",
+      repairRequired: true,
+      repairReason: inspected.repairReason
+    });
   }
-  if (trackedRepo) {
-    return { allowed: true, plan: registry.plan, currentRepo, trackedRepo };
+  if (registry.plan !== "free") {
+    return __spreadProps(__spreadValues({}, base), {
+      allowed: true,
+      status: "allowed",
+      repairRequired: false,
+      repairReason: null
+    });
   }
-  if (registry.trackedRepos.length === 0) {
-    return { allowed: true, plan: registry.plan, currentRepo, trackedRepo: null };
+  if (trackedRepo || registry.trackedRepos.length === 0) {
+    return __spreadProps(__spreadValues({}, base), {
+      allowed: true,
+      status: "allowed",
+      repairRequired: false,
+      repairReason: null
+    });
   }
-  return {
+  return __spreadProps(__spreadValues({}, base), {
     allowed: false,
-    plan: registry.plan,
-    currentRepo,
+    status: "blocked_limit",
+    repairRequired: false,
+    repairReason: null,
     trackedRepo: registry.trackedRepos[0]
-  };
+  });
 }
 async function registerCurrentRepo(cwd = process.cwd()) {
+  const check = await assertFreeRepoAllowed(cwd);
+  if (!check.allowed && check.status === "blocked_repair") {
+    throw new Error("runtrim_local_state_repair_required");
+  }
   const registry = loadGlobalRegistry();
   const currentRepo = await getCurrentRepoIdentity(cwd);
-  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const now = nowIso();
   const existing = findTrackedRepo(registry.trackedRepos, currentRepo);
   if (existing) {
     existing.lastSeenAt = now;
     existing.name = currentRepo.name;
     existing.path = currentRepo.path;
     existing.gitRemote = currentRepo.gitRemote;
-    saveGlobalRegistry(registry);
+    registry.updatedAt = now;
+    registry.lastKnownRepo = {
+      id: currentRepo.id,
+      name: currentRepo.name,
+      path: currentRepo.path,
+      gitRemote: currentRepo.gitRemote,
+      lastSeenAt: now
+    };
+    saveRegistryWithSeal(registry);
     return existing;
   }
   const entry = {
@@ -3211,24 +3492,110 @@ async function registerCurrentRepo(cwd = process.cwd()) {
     createdAt: now,
     lastSeenAt: now
   };
-  registry.trackedRepos.push(entry);
-  saveGlobalRegistry(registry);
+  registry.trackedRepos = [entry];
+  registry.updatedAt = now;
+  registry.lastKnownRepo = {
+    id: entry.id,
+    name: entry.name,
+    path: entry.path,
+    gitRemote: entry.gitRemote,
+    lastSeenAt: now
+  };
+  saveRegistryWithSeal(registry);
   return entry;
 }
+async function repairGlobalRegistry(cwd = process.cwd(), options = {}) {
+  const before = await assertFreeRepoAllowed(cwd);
+  if (!before.repairRequired) {
+    return { repaired: false, check: before };
+  }
+  const install = ensureInstallState();
+  const now = nowIso();
+  const repaired = buildDefaultRegistry(install);
+  repaired.createdAt = now;
+  repaired.updatedAt = now;
+  if (options.useCurrentRepo) {
+    const currentRepo = await getCurrentRepoIdentity(cwd);
+    repaired.trackedRepos = [
+      {
+        id: currentRepo.id,
+        name: currentRepo.name,
+        path: currentRepo.path,
+        gitRemote: currentRepo.gitRemote,
+        createdAt: now,
+        lastSeenAt: now
+      }
+    ];
+    repaired.lastKnownRepo = {
+      id: currentRepo.id,
+      name: currentRepo.name,
+      path: currentRepo.path,
+      gitRemote: currentRepo.gitRemote,
+      lastSeenAt: now
+    };
+  }
+  saveRegistryWithSeal(repaired);
+  const check = await assertFreeRepoAllowed(cwd);
+  return { repaired: true, check };
+}
 async function unlinkCurrentRepo(cwd = process.cwd(), force = false) {
   var _a2;
+  const check = await assertFreeRepoAllowed(cwd);
+  if (check.status === "blocked_repair") {
+    if (!force) {
+      return {
+        removed: false,
+        forced: false,
+        currentRepo: check.currentRepo,
+        trackedRepo: null
+      };
+    }
+    const install = ensureInstallState();
+    const repaired = buildDefaultRegistry(install);
+    repaired.updatedAt = nowIso();
+    repaired.lastKnownRepo = {
+      id: check.currentRepo.id,
+      name: check.currentRepo.name,
+      path: check.currentRepo.path,
+      gitRemote: check.currentRepo.gitRemote,
+      lastSeenAt: repaired.updatedAt
+    };
+    saveRegistryWithSeal(repaired);
+    return {
+      removed: true,
+      forced: true,
+      currentRepo: check.currentRepo,
+      trackedRepo: null
+    };
+  }
   const registry = loadGlobalRegistry();
   const currentRepo = await getCurrentRepoIdentity(cwd);
   const trackedRepo = findTrackedRepo(registry.trackedRepos, currentRepo);
   if (trackedRepo) {
     registry.trackedRepos = registry.trackedRepos.filter((repo) => repo.id !== trackedRepo.id);
-    saveGlobalRegistry(registry);
+    registry.updatedAt = nowIso();
+    registry.lastKnownRepo = {
+      id: trackedRepo.id,
+      name: trackedRepo.name,
+      path: trackedRepo.path,
+      gitRemote: trackedRepo.gitRemote,
+      lastSeenAt: registry.updatedAt
+    };
+    saveRegistryWithSeal(registry);
     return { removed: true, forced: false, currentRepo, trackedRepo };
   }
   if (force && registry.trackedRepos.length > 0) {
     const first = registry.trackedRepos[0];
     registry.trackedRepos = [];
-    saveGlobalRegistry(registry);
+    registry.updatedAt = nowIso();
+    registry.lastKnownRepo = {
+      id: first.id,
+      name: first.name,
+      path: first.path,
+      gitRemote: first.gitRemote,
+      lastSeenAt: registry.updatedAt
+    };
+    saveRegistryWithSeal(registry);
     return { removed: true, forced: true, currentRepo, trackedRepo: first };
   }
   return {
@@ -3832,9 +4199,15 @@ async function getPanelState(cwd, monitorMode) {
   let runs = [];
   let latest = null;
   let registry = {
-    version: 1,
+    version: 2,
+    stateVersion: 2,
     plan: "free",
+    machineInstallId: "",
+    createdAt: "",
+    updatedAt: "",
     trackedRepos: [],
+    lastKnownRepo: null,
+    integrity: { algorithm: "sha256-local-seal-v1", seal: "" },
     telemetry: {
       enabled: false,
       anonymousId: ""
@@ -3876,9 +4249,15 @@ async function getPanelState(cwd, monitorMode) {
   } catch (e) {
     warnings.push("global_registry_failed");
     registry = {
-      version: 1,
+      version: 2,
+      stateVersion: 2,
       plan: "free",
+      machineInstallId: "",
+      createdAt: "",
+      updatedAt: "",
       trackedRepos: [],
+      lastKnownRepo: null,
+      integrity: { algorithm: "sha256-local-seal-v1", seal: "" },
       telemetry: {
         enabled: false,
         anonymousId: ""
@@ -4346,7 +4725,7 @@ Before editing code:
 If no active RunTrim contract exists:
 - Do not edit code without one.
 - Ask the user to start a guarded run:
-  runtrim go "<task>"
+  runtrim agent "<task>" --copy
 
 If the task requires leaving the current scope:
 - Stop.
@@ -4442,7 +4821,7 @@ ${BASE_PROTOCOL}
 Before using any tool or executing any command:
 1. Confirm a RunTrim contract is active at .runtrim/contracts/latest.md.
 2. If no active contract exists, do not proceed. Ask for:
-   runtrim go "<task>"
+   runtrim agent "<task>" --copy
 3. Do not call shell commands, write files, or read env vars outside the contract.
 `.trim(),
   custom: `
@@ -4495,7 +4874,7 @@ function getCursorMdcContent() {
     "## If no active contract",
     "",
     "Ask the user to start a guarded run:",
-    '`runtrim go "<task>"`',
+    '`runtrim agent "<task>" --copy`',
     "",
     "Any agent. One run boundary."
   ].join("\n");
@@ -4757,7 +5136,7 @@ Before editing code:
 - If the task touches auth, billing, payments, webhooks, database, middleware,
   env vars, secrets, or subscriptions, stop and require an active RunTrim contract.
   Ask the user to run:
-  runtrim go "<task>"
+  runtrim agent "<task>" --copy
 - For low-risk work (UI polish, copy, docs, isolated component styling):
   Fast Path is allowed if no unfinished changes exist.
   Keep the change minimal.
@@ -4780,7 +5159,7 @@ No active RunTrim contract means no code edits.
 If no active contract exists at .runtrim/contracts/latest.md:
 - Do not edit any file.
 - Ask the user to start a guarded run:
-  runtrim go "<task>"
+  runtrim agent "<task>" --copy
 
 After every editing session:
 - Ask the user to run:
@@ -4794,7 +5173,7 @@ Fast Path is allowed for low and medium risk work.
 
 Critical systems (auth, billing, payments, webhooks, database, middleware,
 env vars, secrets, subscriptions) still require a RunTrim contract:
-  runtrim go "<task>"
+  runtrim agent "<task>" --copy
 
 After any edits:
 - runtrim finish is required before continuing to another task.
@@ -4805,7 +5184,7 @@ RunTrim Auto-guard: Off
 
 Auto-guard is disabled for this project.
 RunTrim can still be used manually:
-  runtrim go "<task>"
+  runtrim agent "<task>" --copy
   runtrim finish
 `.trim();
   }
@@ -4831,7 +5210,7 @@ function saveFastRunRecord(cwd, changedFiles, risk) {
     reportParts.push(`${sensitive.length} sensitive path${sensitive.length === 1 ? "" : "s"} touched.`);
   }
   reportParts.push("No pre-run contract was captured for this run.");
-  const nextSafeAction = changedFiles.length > 0 ? 'Create a contract before the next change: runtrim go "<task>"' : 'Start a guarded run: runtrim go "<task>"';
+  const nextSafeAction = changedFiles.length > 0 ? 'Create a contract before the next change: runtrim agent "<task>" --copy' : 'Start a guarded run: runtrim agent "<task>" --copy';
   const summary = {
     id,
     task,
@@ -5351,7 +5730,7 @@ function recommendProviderRouting(ctx) {
   } else if (route === "split-required") {
     routingReason = "This spans multiple critical systems, so RunTrim should split into audit, implementation, and verification.";
   }
-  let nextCommand = `runtrim go "${ctx.task}"`;
+  let nextCommand = `runtrim agent "${ctx.task}" --copy`;
   if (route === "split-required") {
     nextCommand = "split into:\n1. audit only\n2. implementation only\n3. verification only";
   } else if (route === "preview-only") {
@@ -5373,6 +5752,7 @@ var _a;
 var oraFactory = typeof ora === "function" ? ora : (_a = ora.default) != null ? _a : ora;
 var ACCENT = chalk.hex("#C8901A");
 var GO_ACCENT = chalk.hex("#8B7CFF");
+var RUNTRIM_AGENT_INSTRUCTIONS_VERSION = "2";
 var DIM = chalk.gray;
 var BOLD = chalk.white.bold;
 var program = new Command();
@@ -5508,6 +5888,98 @@ async function copyToClipboardSafe(value) {
 function dedupeFiles(files) {
   return [...new Set(files.filter(Boolean).map((f) => f.replace(/\\/g, "/")))];
 }
+var RUNTRIM_GITIGNORE_BLOCK_START = "# BEGIN RUNTRIM_ARTIFACTS";
+var RUNTRIM_GITIGNORE_BLOCK_END = "# END RUNTRIM_ARTIFACTS";
+function ensureRuntrimReadme(cwd) {
+  const readmePath = path13.join(getConfigDir(cwd), "README.md");
+  const content = [
+    "# RunTrim Local Files",
+    "",
+    "RunTrim stores local metadata in this folder.",
+    "",
+    "Human-facing files:",
+    "- `agent/instructions.md` and `agent/latest.md`",
+    "- `contracts/latest.md`",
+    "- `memory/current.md` and `memory/baseline.md`",
+    "- `mcp/*.json`",
+    "- `config.json`",
+    "",
+    "Internal artifacts:",
+    "- `.runtrim/internal/runs/`",
+    "- `.runtrim/internal/previews/`",
+    "- `.runtrim/internal/restores/`",
+    "- `.runtrim/internal/contracts-archive/`",
+    "- `.runtrim/internal/agent-archive/`",
+    "",
+    "Notes:",
+    "- Artifacts are local-first.",
+    "- Source code is not uploaded by local storage.",
+    "- Restore metadata is path-only and does not store secret contents."
+  ].join("\n");
+  fs13.writeFileSync(readmePath, content + "\n", "utf-8");
+}
+function ensureRuntrimGitignoreGuidance(cwd) {
+  const gitignorePath = path13.join(cwd, ".gitignore");
+  if (!fs13.existsSync(gitignorePath)) return;
+  const desired = [
+    RUNTRIM_GITIGNORE_BLOCK_START,
+    "# RunTrim local artifacts",
+    ".runtrim/internal/",
+    ".runtrim/runs/",
+    ".runtrim/previews/",
+    ".runtrim/restores/",
+    ".runtrim/contracts/archive/",
+    ".runtrim/agent/*.json",
+    RUNTRIM_GITIGNORE_BLOCK_END
+  ].join("\n");
+  const current = fs13.readFileSync(gitignorePath, "utf-8");
+  const start = current.indexOf(RUNTRIM_GITIGNORE_BLOCK_START);
+  const end = current.indexOf(RUNTRIM_GITIGNORE_BLOCK_END);
+  if (start !== -1 && end !== -1 && end > start) {
+    const next = current.slice(0, start).trimEnd() + "\n\n" + desired + "\n" + current.slice(end + RUNTRIM_GITIGNORE_BLOCK_END.length).replace(/^\n+/, "\n");
+    if (next !== current) fs13.writeFileSync(gitignorePath, next, "utf-8");
+    return;
+  }
+  if (!current.includes(".runtrim/internal/")) {
+    fs13.writeFileSync(gitignorePath, current.trimEnd() + "\n\n" + desired + "\n", "utf-8");
+  }
+}
+function listFilesIfExists(dir) {
+  if (!fs13.existsSync(dir)) return [];
+  return fs13.readdirSync(dir).map((name) => path13.join(dir, name)).filter((p) => fs13.existsSync(p) && fs13.statSync(p).isFile());
+}
+function listArtifactFiles(cwd) {
+  const dirs = [
+    getRunsDir(cwd),
+    getPreviewsDir(cwd),
+    getRestoresDir(cwd),
+    getContractsArchiveDir(cwd),
+    path13.join(getConfigDir(cwd), "internal", "agent-archive"),
+    getLegacyRunsDir(cwd),
+    getLegacyPreviewsDir(cwd),
+    getLegacyRestoresDir(cwd),
+    path13.join(getConfigDir(cwd), "contracts", "archive"),
+    path13.join(getConfigDir(cwd), "agent")
+  ];
+  const files = dirs.flatMap((dir) => listFilesIfExists(dir));
+  return files.filter((filePath) => {
+    const base = path13.basename(filePath).toLowerCase();
+    const rel = path13.relative(cwd, filePath).replace(/\\/g, "/");
+    if (rel === ".runtrim/previews/latest.md") return false;
+    if (base === "latest.md" || base === "instructions.md" || base === "current.md" || base === "baseline.md") return false;
+    return true;
+  });
+}
+function parseRunIdFromArtifact(filePath) {
+  const base = path13.basename(filePath);
+  const direct = base.match(/^([a-zA-Z0-9_-]{6,})\.json$/);
+  if (direct) return direct[1];
+  const report = base.match(/^([a-zA-Z0-9_-]{6,})\.report\.\d+\.json$/);
+  if (report) return report[1];
+  const out = base.match(/^([a-zA-Z0-9_-]{6,})\.output\.txt$/);
+  if (out) return out[1];
+  return null;
+}
 function normalizeContractPathPattern(pattern) {
   let p = pattern.trim().replace(/\\/g, "/");
   if (!p || p === "-" || p.toLowerCase() === "none") return "";
@@ -5677,10 +6149,11 @@ function buildRecommendedNextCommand(task, approval, filesToInspect) {
   return `runtrim go "${task}"`;
 }
 function writePreviewArtifacts(cwd, preview) {
-  const previewsDir = path13.join(cwd, ".runtrim", "previews");
+  const previewsDir = getPreviewsDir(cwd);
   if (!fs13.existsSync(previewsDir)) fs13.mkdirSync(previewsDir, { recursive: true });
   const jsonPath = path13.join(previewsDir, `${preview.id}.json`);
-  const markdownPath = path13.join(previewsDir, "latest.md");
+  const markdownPath = path13.join(getLegacyPreviewsDir(cwd), "latest.md");
+  if (!fs13.existsSync(path13.dirname(markdownPath))) fs13.mkdirSync(path13.dirname(markdownPath), { recursive: true });
   fs13.writeFileSync(jsonPath, JSON.stringify(preview, null, 2), "utf-8");
   const lines = [
     "RunTrim Agent Preview",
@@ -5719,7 +6192,7 @@ function writePreviewArtifacts(cwd, preview) {
     "Next:",
     preview.recommendedNextCommand,
     "",
-    `Preview JSON: .runtrim/previews/${preview.id}.json`
+    `Preview JSON: .runtrim/internal/previews/${preview.id}.json`
   ];
   fs13.writeFileSync(markdownPath, lines.join("\n"), "utf-8");
   return { jsonPath, markdownPath };
@@ -6101,6 +6574,7 @@ async function runAgentApply(task, mode) {
   const copied = mode.copy ? await copyToClipboardSafe(fs13.readFileSync(handoff.markdownPath, "utf-8")) : false;
   const run = saveRun(task, previewResult.audit, previewResult.contract, cwd);
   updateRun(run.id, { status: "guarded" }, cwd);
+  await captureRestorePoint(cwd, run.id, task);
   const riskColor = (_a2 = { low: chalk.green, medium: chalk.yellow, high: chalk.hex("#FF8C00"), critical: chalk.red }[risk]) != null ? _a2 : chalk.white;
   if (mode.primary) {
     console.log("");
@@ -6287,6 +6761,7 @@ async function runControlledExecution(task, mode) {
       controlledExecutionId: id,
       controlledExecutionStatus: status
     }, cwd);
+    await captureRestorePoint(cwd, run.id, task);
   }
   if (status === "blocked") {
     console.log("");
@@ -6577,14 +7052,18 @@ ${block}
 function buildRuntrimAgentBlockContent() {
   return [
     "RunTrim project instructions",
+    `RUNTRIM_AGENT_INSTRUCTIONS_VERSION: ${RUNTRIM_AGENT_INSTRUCTIONS_VERSION}`,
     "- Before editing, read RunTrim project memory and profile context.",
-    "- Verify active contract first. If MCP is available and no contract is active, call runtrim_create_contract with the user's task.",
+    "- Before editing, create or verify an active RunTrim contract for the current user task.",
+    "- If MCP is available and no active contract exists, call runtrim_create_contract with the user's task.",
     '- If MCP is unavailable, ask the user to run: runtrim agent "task" --copy',
-    "- Stay inside active contract scope.",
-    "- Before high-risk edits (auth, billing, middleware/proxy, migrations, sensitive files, broad app-wide changes), check scope first. If MCP is available, call runtrim_check_path.",
+    "- Before touching risky paths (auth, billing, middleware/proxy, migrations, env/sensitive files, broad app-wide refactors), call runtrim_check_path when available.",
+    "- Use RunTrim project memory and stay inside active contract scope.",
+    "- Do not silently expand scope. Preserve existing project style and logic.",
     "- Never read or print env file contents.",
-    '- Do not continue outside scope silently. Request: runtrim approve "Allow <path/scope> for this run only"',
-    "- At the end, run or ask for runtrim finish. Do not claim completion before finish verification.",
+    '- If scope must expand, stop and request approval: runtrim approve "Allow <path/scope> for this run only"',
+    "- At the end, run runtrim finish if terminal execution is available, otherwise ask the user to run runtrim finish.",
+    "- Do not claim completion before finish verification when RunTrim is active.",
     "",
     "RunTrim MCP:",
     "- runtrim mcp instructions",
@@ -6744,12 +7223,16 @@ function updateStartAgentInstructions(cwd) {
   const existing = fs13.existsSync(instructionsPath) ? fs13.readFileSync(instructionsPath, "utf-8") : "";
   const body = [
     "RunTrim agent instructions:",
+    `RUNTRIM_AGENT_INSTRUCTIONS_VERSION: ${RUNTRIM_AGENT_INSTRUCTIONS_VERSION}`,
     "- Use RunTrim project memory and profile before editing.",
-    "- Verify active contract before edits. If MCP is available and contract is missing, call runtrim_create_contract with the user's task.",
+    "- Create or verify an active RunTrim contract before edits.",
+    "- If MCP is available and contract is missing, call runtrim_create_contract with the user's task.",
     '- If MCP is unavailable, ask user to run: runtrim agent "task" --copy',
-    "- For high-risk paths (auth, billing, middleware/proxy, migrations, sensitive files, broad app-wide changes), check scope first. If MCP is available, call runtrim_check_path.",
+    "- For high-risk paths (auth, billing, middleware/proxy, migrations, env/sensitive files, broad app-wide changes), check scope first. If MCP is available, call runtrim_check_path.",
+    "- Stay inside active contract scope and preserve existing project style and logic.",
     '- If scope must expand, request: runtrim approve "Allow <path/scope> for this run only"',
-    "- Run finish verification at the end. Do not claim completion before runtrim finish.",
+    "- Run runtrim finish when terminal execution is available, otherwise ask the user to run runtrim finish.",
+    "- Do not claim completion before runtrim finish verification when RunTrim is active.",
     "- Never read or print env file contents.",
     "",
     "RunTrim MCP:",
@@ -6822,6 +7305,202 @@ function detectKnownMcpConfigPresence() {
     cursorConfigFound: Boolean(cursorMatch)
   };
 }
+function getRestorePointPath(cwd, runId) {
+  return path13.join(getRestoresDir(cwd), `${runId}.json`);
+}
+function getLegacyRestorePointPath(cwd, runId) {
+  return path13.join(getLegacyRestoresDir(cwd), `${runId}.json`);
+}
+async function isGitRepo(cwd) {
+  try {
+    await execa3("git", ["rev-parse", "--is-inside-work-tree"], { cwd });
+    return true;
+  } catch (e) {
+    return false;
+  }
+}
+async function captureRestorePoint(cwd, runId, task) {
+  const dir = getRestoresDir(cwd);
+  if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
+  const existingPath = getRestorePointPath(cwd, runId);
+  if (fs13.existsSync(existingPath) || fs13.existsSync(getLegacyRestorePointPath(cwd, runId))) return;
+  let commit = null;
+  let changedBeforeRun = [];
+  if (await isGitRepo(cwd)) {
+    try {
+      const { stdout } = await execa3("git", ["rev-parse", "HEAD"], { cwd });
+      commit = stdout.trim() || null;
+    } catch (e) {
+      commit = null;
+    }
+    try {
+      const changed = await getGitChangedFiles(cwd);
+      changedBeforeRun = dedupeFiles(changed.map((c) => c.path));
+    } catch (e) {
+      changedBeforeRun = [];
+    }
+  }
+  const record = {
+    runId,
+    task,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    preRun: {
+      commit,
+      dirty: changedBeforeRun.length > 0,
+      changedBeforeRun
+    }
+  };
+  fs13.writeFileSync(existingPath, JSON.stringify(record, null, 2), "utf-8");
+}
+function loadRestorePoint(cwd, runId) {
+  const preferred = getRestorePointPath(cwd, runId);
+  const legacy = getLegacyRestorePointPath(cwd, runId);
+  const p = fs13.existsSync(preferred) ? preferred : legacy;
+  if (!fs13.existsSync(p)) return null;
+  try {
+    return JSON.parse(fs13.readFileSync(p, "utf-8"));
+  } catch (e) {
+    return null;
+  }
+}
+function saveRestorePoint(cwd, record) {
+  const dir = getRestoresDir(cwd);
+  if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
+  fs13.writeFileSync(getRestorePointPath(cwd, record.runId), JSON.stringify(record, null, 2), "utf-8");
+}
+function isSecretLikePath(file) {
+  const n = file.replace(/\\/g, "/").toLowerCase();
+  return n.includes(".env") || n.endsWith(".env") || n.endsWith(".pem") || n.endsWith(".key") || n.includes("id_rsa") || n.includes("id_ed25519") || n.includes("private-key");
+}
+function isDocsLikePath(file) {
+  const n = file.replace(/\\/g, "/").toLowerCase();
+  return n === "readme.md" || n.startsWith("docs/") || n.endsWith(".md") || n.endsWith(".mdx") || n.includes("changelog");
+}
+function isUiCheckoutPath(file) {
+  const n = file.replace(/\\/g, "/").toLowerCase();
+  return n.includes("/checkout/") && !n.includes("/api/") && !n.includes("webhook") && !n.includes("stripe") && !n.includes("dodo") && !n.includes("provider") && !n.includes("session");
+}
+function isHighRiskLogicPath(file) {
+  const n = file.replace(/\\/g, "/").toLowerCase();
+  if (isSecretLikePath(n)) return true;
+  if (n.endsWith("middleware.ts") || n.endsWith("middleware.js") || n.endsWith("proxy.ts") || n.endsWith("proxy.js")) return true;
+  if (n.includes("supabase/migrations") || n.includes("prisma/migrations") || n.includes("/migrations/")) return true;
+  if (n.includes("/auth/") || n.includes("session") || n.includes("jwt")) return true;
+  if (n.includes("webhook")) return true;
+  if ((n.includes("billing") || n.includes("payment") || n.includes("stripe") || n.includes("dodo")) && (n.includes("/api/") || n.includes("/lib/") || n.includes("route.ts") || n.includes("route.js") || n.includes("server"))) return true;
+  if (n.includes("/checkout/") && !isUiCheckoutPath(n) && (n.includes("/api/") || n.includes("provider") || n.includes("session") || n.includes("route.ts") || n.includes("route.js"))) return true;
+  return false;
+}
+function matchesAnyContractRule(file, rules) {
+  return rules.some((rule) => matchesContractPattern(file, rule));
+}
+async function detectCiChangedFiles(cwd, base, head) {
+  var _a2;
+  const warnings = [];
+  let baseUsed = (base == null ? void 0 : base.trim()) || "";
+  let headUsed = (head == null ? void 0 : head.trim()) || "";
+  if (!headUsed) {
+    try {
+      const { stdout } = await execa3("git", ["rev-parse", "HEAD"], { cwd });
+      headUsed = stdout.trim();
+    } catch (e) {
+      headUsed = "HEAD";
+    }
+  }
+  if (!baseUsed) {
+    const ghBase = (_a2 = process.env.GITHUB_BASE_REF) == null ? void 0 : _a2.trim();
+    if (ghBase) {
+      baseUsed = `origin/${ghBase}`;
+    }
+  }
+  if (!baseUsed) {
+    for (const candidate of ["origin/main", "origin/master", "main", "master", "HEAD~1"]) {
+      try {
+        await execa3("git", ["rev-parse", "--verify", candidate], { cwd });
+        baseUsed = candidate;
+        break;
+      } catch (e) {
+        continue;
+      }
+    }
+  }
+  if (!baseUsed) {
+    warnings.push("Could not infer a base ref. Using working tree changes only.");
+  }
+  let diffFiles = [];
+  if (baseUsed) {
+    try {
+      const { stdout } = await execa3("git", ["diff", "--name-only", `${baseUsed}...${headUsed}`], { cwd });
+      diffFiles = stdout.split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
+    } catch (e) {
+      warnings.push(`Could not diff ${baseUsed}...${headUsed}. Falling back to local changes.`);
+    }
+  }
+  if (diffFiles.length === 0) {
+    try {
+      const { stdout } = await execa3("git", ["diff", "--name-only"], { cwd });
+      diffFiles = stdout.split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
+    } catch (e) {
+    }
+  }
+  try {
+    const { stdout } = await execa3("git", ["status", "--porcelain"], { cwd });
+    const untracked = stdout.split(/\r?\n/).map((line) => line.trim()).filter((line) => line.startsWith("?? ")).map((line) => line.slice(3).trim());
+    diffFiles = dedupeFiles([...diffFiles, ...untracked]);
+  } catch (e) {
+  }
+  return {
+    files: dedupeFiles(diffFiles.map((f) => f.replace(/\\/g, "/"))),
+    baseUsed: baseUsed || "(local)",
+    headUsed,
+    warnings
+  };
+}
+function detectMcpConfigState(configPath, found) {
+  if (!found || !configPath) return "not found";
+  try {
+    const raw = JSON.parse(fs13.readFileSync(configPath, "utf-8"));
+    const servers = raw.mcpServers && typeof raw.mcpServers === "object" ? raw.mcpServers : {};
+    return servers.runtrim ? "configured" : "missing runtrim";
+  } catch (e) {
+    return "missing runtrim";
+  }
+}
+function hasCurrentRuntrimBlock(filePath) {
+  if (!fs13.existsSync(filePath)) return { exists: false, current: false };
+  const content = fs13.readFileSync(filePath, "utf-8");
+  const hasBlock = content.includes("<!-- RUNTRIM:START -->") && content.includes("<!-- RUNTRIM:END -->");
+  const hasVersion = content.includes(`RUNTRIM_AGENT_INSTRUCTIONS_VERSION: ${RUNTRIM_AGENT_INSTRUCTIONS_VERSION}`);
+  return { exists: hasBlock, current: hasBlock && hasVersion };
+}
+function readMcpLastUsed(cwd) {
+  const p = path13.join(getProjectMcpDir(cwd), "last-used.json");
+  if (!fs13.existsSync(p)) return { tracked: false, tool: null, usedAt: null };
+  try {
+    const parsed = JSON.parse(fs13.readFileSync(p, "utf-8"));
+    return {
+      tracked: true,
+      tool: typeof parsed.tool === "string" ? parsed.tool : null,
+      usedAt: typeof parsed.usedAt === "string" ? parsed.usedAt : null
+    };
+  } catch (e) {
+    return { tracked: false, tool: null, usedAt: null };
+  }
+}
+function writeMcpLastUsed(cwd, tool) {
+  try {
+    const dir = getProjectMcpDir(cwd);
+    if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
+    const payload = {
+      tool,
+      usedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      projectPath: cwd
+    };
+    fs13.writeFileSync(path13.join(dir, "last-used.json"), `${JSON.stringify(payload, null, 2)}
+`, "utf-8");
+  } catch (e) {
+  }
+}
 function appendContractAmendment(cwd, approvalText) {
   const p = path13.join(cwd, ".runtrim", "contracts", "latest.md");
   if (!fs13.existsSync(p)) return { ok: false, reason: "missing_contract" };
@@ -7129,6 +7808,24 @@ async function buildRuntrimCreateContractMcp(cwd, args) {
       isError: true
     };
   }
+  const repoCheck = await assertFreeRepoAllowed(cwd);
+  if (!repoCheck.allowed) {
+    const guidance = repoCheck.status === "blocked_repair" ? "RunTrim local state needs repair. Free includes 1 tracked repo. The local repo registry changed unexpectedly. Repair the registry or upgrade to Builder for unlimited repos." : "Free includes 1 tracked repo. This repo is not currently tracked. Continue in the tracked repo, unlink the tracked repo with runtrim repo unlink --force, or upgrade to Builder for unlimited repos.";
+    const blockedPayload = {
+      contract_created: false,
+      task: taskRaw,
+      error: repoCheck.status === "blocked_repair" ? "repo_registry_repair_required" : "repo_limit_blocked",
+      guidance,
+      next_action: guidance,
+      finish_command: "runtrim finish",
+      approval_command_example: 'runtrim approve "Allow <path> for this run only"'
+    };
+    return {
+      content: [{ type: "text", text: JSON.stringify(blockedPayload, null, 2) }],
+      structuredContent: blockedPayload,
+      isError: true
+    };
+  }
   const latest = loadLatestRun(cwd);
   if ((latest == null ? void 0 : latest.status) === "guarded") {
     const blockedPayload = {
@@ -7176,6 +7873,7 @@ async function buildRuntrimCreateContractMcp(cwd, args) {
   const handoff = writeAgentHandoffArtifacts(cwd, apply, path13.relative(cwd, previewPath));
   const run = saveRun(mergedTask, previewResult.audit, previewResult.contract, cwd);
   updateRun(run.id, { status: "guarded" }, cwd);
+  await captureRestorePoint(cwd, run.id, mergedTask);
   const payload = {
     contract_created: true,
     task: taskRaw,
@@ -7370,6 +8068,7 @@ async function startMcpServerStdio(cwd) {
         });
         return;
       }
+      writeMcpLastUsed(cwd, name);
       send({
         jsonrpc: "2.0",
         id,
@@ -7790,6 +8489,21 @@ function isInteractiveTerminal() {
 async function ensureRepoAllowedForFree(cwd) {
   var _a2, _b;
   const check = await assertFreeRepoAllowed(cwd);
+  if (check.status === "blocked_repair") {
+    console.log(chalk.yellow("  RunTrim local state needs repair."));
+    console.log(chalk.yellow("  Free includes 1 tracked repo."));
+    console.log(chalk.yellow("  Your local repo registry changed unexpectedly."));
+    console.log("");
+    console.log(DIM("  Next:"));
+    console.log(chalk.white("  - runtrim repo status"));
+    console.log(chalk.white("  - runtrim repo repair"));
+    console.log(chalk.white("  - runtrim repo repair --use-current"));
+    console.log(chalk.white("  - runtrim repo unlink --force"));
+    console.log(chalk.white("  - upgrade to Builder for unlimited repos"));
+    console.log(chalk.white("  - sign in to restore cloud entitlements"));
+    console.log("");
+    return false;
+  }
   if (check.allowed) {
     await registerCurrentRepo(cwd);
     return true;
@@ -7803,9 +8517,12 @@ async function ensureRepoAllowedForFree(cwd) {
   console.log(chalk.white(`  ${check.currentRepo.path}`));
   console.log("");
   console.log(DIM("  Next:"));
-  console.log(chalk.white("  - continue in the tracked repo"));
-  console.log(chalk.white("  - unlink the tracked repo with runtrim repo unlink --force"));
-  console.log(chalk.white("  - join Builder early access for unlimited repos"));
+  console.log(
+    chalk.white(
+      "  Free includes 1 tracked repo. This repo is not currently tracked. Continue in the tracked repo, unlink the tracked repo with runtrim repo unlink --force, or upgrade to Builder for unlimited repos."
+    )
+  );
+  console.log(chalk.white("  Agent instructions were not installed because this repo is not tracked."));
   console.log("");
   console.log(
     DIM(
@@ -7839,6 +8556,7 @@ async function initializeRunTrim(cwd, options = {}) {
   const runsDir = getRunsDir(cwd);
   if (!fs13.existsSync(configDir)) fs13.mkdirSync(configDir, { recursive: true });
   if (!fs13.existsSync(runsDir)) fs13.mkdirSync(runsDir, { recursive: true });
+  ensureInternalArtifactDirs(cwd);
   const existingConfig = hadConfig ? loadConfig(cwd) : null;
   const baseConfig = __spreadValues(__spreadValues({}, DEFAULT_CONFIG), detectProjectInfo(cwd));
   const nextConfig = options.refresh && existingConfig ? __spreadValues({}, existingConfig) : baseConfig;
@@ -7858,13 +8576,8 @@ async function initializeRunTrim(cwd, options = {}) {
     fs13.writeFileSync(memoryPath, buildBaselineMemoryMarkdown(baseline), "utf-8");
   }
   ensureStarterPromptIfMissing(cwd);
-  const gitignorePath = path13.join(cwd, ".gitignore");
-  if (fs13.existsSync(gitignorePath)) {
-    const content = fs13.readFileSync(gitignorePath, "utf-8");
-    if (!content.includes(".runtrim/runs")) {
-      fs13.appendFileSync(gitignorePath, "\n# RunTrim run history\n.runtrim/runs/\n");
-    }
-  }
+  ensureRuntrimReadme(cwd);
+  ensureRuntrimGitignoreGuidance(cwd);
   return { ok: true };
 }
 async function runPrepareTask(task, options) {
@@ -7899,7 +8612,7 @@ async function runPrepareTask(task, options) {
     console.log("");
     console.log(DIM("  Task      ") + chalk.white(truncate(task, 70)));
     console.log(DIM("  Prompt    ") + chalk.white(promptPath2));
-    console.log(DIM("  Run saved ") + chalk.white(`.runtrim/runs/${run.id}.json`));
+    console.log(DIM("  Run saved ") + chalk.white(`.runtrim/internal/runs/${run.id}.json`));
     console.log("");
     printPrepareAgentInstructions(selectedAgent, config.lastPromptPath);
     console.log("");
@@ -7919,6 +8632,7 @@ async function runPrepareTask(task, options) {
   const promptPath = writeLatestPromptFile(contract.contractText, config, cwd);
   if (options.copy !== false) await copyToClipboardSafe(contract.contractText);
   updateRun(run.id, { status: "guarded" }, cwd);
+  await captureRestorePoint(cwd, run.id, task);
   const riskColors = {
     low: chalk.green,
     medium: chalk.yellow,
@@ -7941,7 +8655,7 @@ async function runPrepareTask(task, options) {
   );
   console.log(DIM("  Reduction ") + chalk.white(contract.riskReductionPercent + "%"));
   console.log(DIM("  Prompt    ") + chalk.white(promptPath));
-  console.log(DIM("  Run saved ") + chalk.white(`.runtrim/runs/${run.id}.json`));
+  console.log(DIM("  Run saved ") + chalk.white(`.runtrim/internal/runs/${run.id}.json`));
   console.log("");
   printPrepareAgentInstructions(selectedAgent, config.lastPromptPath);
   console.log("");
@@ -8166,13 +8880,116 @@ program.command("start").description("Guided RunTrim onboarding and daily loop")
     console.log("");
   }
 });
+program.command("doctor").description("Check project readiness for RunTrim agent auto-control").action(async () => {
+  const cwd = process.cwd();
+  const repoCheck = await assertFreeRepoAllowed(cwd);
+  const profilePath = path13.join(getConfigDir(cwd), "project-profile.json");
+  const memoryPath = path13.join(getConfigDir(cwd), "memory", "current.md");
+  const instructionsPath = path13.join(getConfigDir(cwd), "agent", "instructions.md");
+  const snippetsDir = getProjectMcpDir(cwd);
+  const snippetFiles = [
+    path13.join(snippetsDir, "claude-desktop.json"),
+    path13.join(snippetsDir, "cursor.json"),
+    path13.join(snippetsDir, "generic.json")
+  ];
+  const profileReady = fs13.existsSync(profilePath);
+  const memoryReady = fs13.existsSync(memoryPath) && fs13.readFileSync(memoryPath, "utf-8").trim().length > 0;
+  const instructionsReady = fs13.existsSync(instructionsPath) && fs13.readFileSync(instructionsPath, "utf-8").trim().length > 0;
+  const claudeBlock = hasCurrentRuntrimBlock(path13.join(cwd, "CLAUDE.md"));
+  const agentsBlock = hasCurrentRuntrimBlock(path13.join(cwd, "AGENTS.md"));
+  const cursorRulePath = path13.join(cwd, ".cursor", "rules", "runtrim.mdc");
+  const cursorRuleExists = fs13.existsSync(cursorRulePath);
+  const cursorRuleCurrent = cursorRuleExists ? fs13.readFileSync(cursorRulePath, "utf-8").includes(`RUNTRIM_AGENT_INSTRUCTIONS_VERSION: ${RUNTRIM_AGENT_INSTRUCTIONS_VERSION}`) : false;
+  const anySurfaceInstalled = claudeBlock.exists || agentsBlock.exists || cursorRuleExists;
+  const runtrimBlockCurrent = [claudeBlock.current, agentsBlock.current, cursorRuleCurrent].some(Boolean);
+  const snippetsGenerated = snippetFiles.every((p) => fs13.existsSync(p));
+  const knownMcp = detectKnownMcpConfigPresence();
+  const claudeMcpState = detectMcpConfigState(knownMcp.claudeConfigPath, knownMcp.claudeConfigFound);
+  const cursorMcpState = detectMcpConfigState(knownMcp.cursorConfigPath, knownMcp.cursorConfigFound);
+  const genericReady = snippetsGenerated ? "ready" : "missing";
+  const tools = buildMcpTools();
+  const hasContractTool = tools.some((t) => t.name === "runtrim_create_contract");
+  const hasPathTool = tools.some((t) => t.name === "runtrim_check_path");
+  const hasApprovalTool = tools.some((t) => t.name === "runtrim_suggest_approval");
+  const hasFinishTool = tools.some((t) => t.name === "runtrim_finish_guidance");
+  const contract = parseContractSummary(cwd);
+  const lastMcp = readMcpLastUsed(cwd);
+  const setupCorrupt = configExists(cwd) && (!profileReady || !memoryReady || !instructionsReady);
+  const artifactFiles = listArtifactFiles(cwd);
+  const artifactCount = artifactFiles.length;
+  let readiness = "partial";
+  if (!repoCheck.allowed || setupCorrupt) {
+    readiness = "blocked";
+  } else if (profileReady && memoryReady && instructionsReady && anySurfaceInstalled && snippetsGenerated && hasContractTool && hasPathTool && hasApprovalTool && hasFinishTool) {
+    readiness = "ready";
+  }
+  console.log("");
+  console.log(BOLD("RunTrim") + DIM("  doctor"));
+  console.log("");
+  console.log(BOLD("Project"));
+  console.log(chalk.white(`- Project profile: ${profileReady ? "ready" : "missing"}`));
+  console.log(chalk.white(`- Project memory: ${memoryReady ? "ready" : "missing"}`));
+  console.log(chalk.white(`- Agent instructions: ${instructionsReady ? "ready" : "missing"}`));
+  console.log(chalk.white(`- Active contract: ${contract.active ? "active" : "none"}`));
+  console.log("");
+  console.log(BOLD("Agent rules"));
+  console.log(chalk.white(`- CLAUDE.md: ${claudeBlock.exists ? "installed" : "not found"}`));
+  console.log(chalk.white(`- AGENTS.md: ${agentsBlock.exists ? "installed" : "not found"}`));
+  console.log(chalk.white(`- Cursor rules: ${cursorRuleExists ? "installed" : "not found"}`));
+  console.log(chalk.white(`- RunTrim instruction block: ${runtrimBlockCurrent ? "current" : anySurfaceInstalled ? "stale" : "missing"}`));
+  console.log("");
+  console.log(BOLD("MCP"));
+  console.log(chalk.white("- MCP server: available"));
+  console.log(chalk.white(`- Project snippets: ${snippetsGenerated ? "generated" : "missing"}`));
+  console.log(chalk.white(`- Claude Desktop config: ${claudeMcpState}`));
+  console.log(chalk.white(`- Cursor MCP config: ${cursorMcpState}`));
+  console.log(chalk.white(`- Generic config: ${genericReady}`));
+  if (lastMcp.tracked && lastMcp.tool && lastMcp.usedAt) {
+    console.log(chalk.white(`- Last MCP tool call: ${lastMcp.tool}, ${lastMcp.usedAt}`));
+  } else {
+    console.log(chalk.white("- Last MCP tool call: not tracked yet"));
+  }
+  console.log("");
+  console.log(BOLD("Automation readiness"));
+  console.log(chalk.white(`- Contract creation tool: ${hasContractTool ? "available" : "missing"}`));
+  console.log(chalk.white(`- Path check tool: ${hasPathTool ? "available" : "missing"}`));
+  console.log(chalk.white(`- Approval tool: ${hasApprovalTool ? "available" : "missing"}`));
+  console.log(chalk.white(`- Finish guidance tool: ${hasFinishTool ? "available" : "missing"}`));
+  console.log(chalk.white(`- Local artifacts: ${artifactCount}`));
+  console.log("");
+  console.log(BOLD("Readiness"));
+  console.log(chalk.white(`- State: ${readiness}`));
+  console.log("");
+  console.log(BOLD("Next"));
+  if (repoCheck.status === "blocked_repair") {
+    console.log(chalk.yellow("- RunTrim local state needs repair. Run runtrim repo repair."));
+  } else if (repoCheck.status === "blocked_limit") {
+    console.log(chalk.yellow("- Free includes 1 tracked repo. Continue in tracked repo, unlink with runtrim repo unlink --force, or upgrade to Builder."));
+  } else if (readiness === "ready") {
+    if (claudeMcpState !== "configured" && cursorMcpState !== "configured") {
+      console.log(chalk.white("- Ready locally, MCP client not connected."));
+      console.log(chalk.white("- Run runtrim mcp instructions or copy .runtrim/mcp/cursor.json into your MCP client."));
+    } else {
+      console.log(chalk.white("- Your project is RunTrim-aware. Open Cursor/Claude/Codex and use normal language."));
+    }
+  } else {
+    console.log(chalk.white("- Run runtrim start."));
+    console.log(chalk.white("- Run runtrim mcp instructions."));
+    console.log(chalk.white("- Run runtrim mcp config --print."));
+  }
+  if (artifactCount > 25) {
+    console.log(chalk.white(`- Local artifacts: ${artifactCount}. Run runtrim clean --dry-run to review cleanup.`));
+  }
+  console.log("");
+});
 var PROTOCOL_BLOCK_START = "<!-- RUNTRIM_PROTOCOL_START -->";
 var PROTOCOL_BLOCK_END = "<!-- RUNTRIM_PROTOCOL_END -->";
 var PROTOCOL_POINTER_BLOCK = `
 ${PROTOCOL_BLOCK_START}
 This repo uses RunTrim as the guarded AI coding protocol.
 Before editing code, read RUNTRIM.md.
-Start every task with: runtrim go "<task>"
+Start every task with: runtrim start
+Then run: runtrim agent "Your task" --copy
 Stay inside .runtrim/contracts/latest.md.
 After edits, ask the user to run: runtrim finish
 ${PROTOCOL_BLOCK_END}
@@ -8868,6 +9685,8 @@ program.command("execute <task>").description("Create a controlled execution pac
 var agentCommand = program.command("agent").description("Start a guarded AI coding run with contract, scope, memory, and handoff");
 agentCommand.argument("[task]").option("--copy", "Copy the handoff to clipboard").option("--bridge", "Ensure local bridge is running for this agent run").option("--preview", "Generate an execution preview instead of running any agent").option("--apply", "Generate Agent Apply handoff artifacts").option("--execute", "Create a controlled execution packet and handoff").option("--run", "Alias for --execute").option("--dry-run", "Create execution packet in pending mode without ready status").option("--confirm", "Confirm high-risk apply handoff creation").action(async (task, options) => {
   if (task == null ? void 0 : task.trim()) {
+    const allowed = await ensureRepoAllowedForFree(process.cwd());
+    if (!allowed) return;
     const normalizedTask = (task != null ? task : "").trim();
     if (options == null ? void 0 : options.bridge) {
       const bridge = await ensureBridgeRunningForAgent(process.cwd());
@@ -9267,6 +10086,146 @@ agentCommand.command("prompt-mode <mode>").description("Set how guarded contract
   console.log(ACCENT.bold("  Agent prompt mode updated to: " + m));
   console.log("");
 });
+var ciCommand = program.command("ci").description("RunTrim CI checks for pull requests and merges");
+ciCommand.command("check").description("Evaluate changed files and RunTrim context for CI-safe PASS/WARN/BLOCKED verdict").option("--base <ref>", "Base ref to diff from").option("--head <ref>", "Head ref to diff to").option("--strict", "Treat WARN as failing and require RunTrim context").option("--allow-warn", "Allow WARN even when --strict is set").option("--json", "Print machine-readable JSON output").option("--report", "Include extra diagnostic context in output").action(async (options) => {
+  const cwd = process.cwd();
+  const strict = options.strict === true;
+  const allowWarn = options.allowWarn === true;
+  const outputJson = options.json === true;
+  const report = options.report === true;
+  const repoCheck = await assertFreeRepoAllowed(cwd);
+  const detection = await detectCiChangedFiles(cwd, options.base, options.head);
+  const changedFiles = detection.files;
+  const contract = parseContractSummary(cwd);
+  const latestRun = loadLatestRun(cwd);
+  const hasRuntrimContext = contract.exists || Boolean(latestRun);
+  const issues = [];
+  const warnings = [...detection.warnings];
+  const nextSteps = [];
+  let verdict = "PASS";
+  if (repoCheck.status === "blocked_repair") {
+    issues.push("RunTrim local state needs repair before CI can trust local guard state.");
+    nextSteps.push("Run: runtrim repo repair");
+    verdict = "BLOCKED";
+  } else if (repoCheck.status === "blocked_limit") {
+    issues.push("Free includes 1 tracked repo and this repo is not currently tracked.");
+    nextSteps.push("Continue in tracked repo, unlink with runtrim repo unlink --force, or upgrade to Builder.");
+    verdict = "BLOCKED";
+  }
+  if (changedFiles.length === 0) {
+    warnings.push("No changed files detected for this diff.");
+  }
+  const secretFiles = changedFiles.filter(isSecretLikePath);
+  if (secretFiles.length > 0) {
+    issues.push(`Sensitive file path changed: ${secretFiles[0]}`);
+    nextSteps.push("Remove secret/env/key/cert files from this PR before merge.");
+    verdict = "BLOCKED";
+  }
+  const highRiskFiles = changedFiles.filter((f) => isHighRiskLogicPath(f) && !isSecretLikePath(f));
+  if (highRiskFiles.length > 0) {
+    if (!hasRuntrimContext) {
+      issues.push(`High-risk path changed without RunTrim context: ${highRiskFiles[0]}`);
+      nextSteps.push("Create a dedicated guarded run and finish it before merging.");
+      verdict = "BLOCKED";
+    } else if (contract.allowedPaths.length > 0 && !matchesAnyContractRule(highRiskFiles[0], contract.allowedPaths)) {
+      issues.push(`High-risk path is outside contract allowed scope: ${highRiskFiles[0]}`);
+      nextSteps.push(`Run: runtrim approve "Allow ${highRiskFiles[0]} for this run only"`);
+      verdict = "BLOCKED";
+    }
+  }
+  if (contract.forbiddenPaths.length > 0) {
+    const forbiddenTouched = changedFiles.filter((f) => matchesAnyContractRule(f, contract.forbiddenPaths));
+    if (forbiddenTouched.length > 0) {
+      issues.push(`Contract-forbidden path touched: ${forbiddenTouched[0]}`);
+      nextSteps.push("Split the task or get explicit scoped approval before merge.");
+      verdict = "BLOCKED";
+    }
+  }
+  if (contract.allowedPaths.length > 0) {
+    const outOfScope = changedFiles.filter((f) => !matchesAnyContractRule(f, contract.allowedPaths));
+    if (outOfScope.length > 0) {
+      issues.push(`Changed file is outside latest contract scope: ${outOfScope[0]}`);
+      nextSteps.push(`Run: runtrim approve "Allow ${outOfScope[0]} for this run only"`);
+      verdict = "BLOCKED";
+    }
+  }
+  const docsOnly = changedFiles.length > 0 && changedFiles.every((f) => isDocsLikePath(f));
+  if (!hasRuntrimContext && verdict !== "BLOCKED") {
+    if (docsOnly) {
+      warnings.push("No RunTrim contract/report found. Docs-only change treated as low risk.");
+      verdict = "WARN";
+    } else {
+      warnings.push("No RunTrim contract/report found. CI could not fully verify scope context.");
+      verdict = "WARN";
+    }
+  }
+  if (strict && !hasRuntrimContext && verdict !== "BLOCKED") {
+    issues.push("Strict mode requires RunTrim contract/report context.");
+    verdict = "BLOCKED";
+  }
+  if (verdict === "PASS" && warnings.length > 0) {
+    verdict = "WARN";
+  }
+  if (nextSteps.length === 0) {
+    if (verdict === "PASS") {
+      nextSteps.push("Safe to merge under current RunTrim CI policy.");
+    } else if (verdict === "WARN") {
+      nextSteps.push("Run runtrim finish locally to strengthen verification context.");
+    } else {
+      nextSteps.push("Resolve blocked issues, then rerun runtrim ci check.");
+    }
+  }
+  let exitCode = 0;
+  if (verdict === "BLOCKED") exitCode = 1;
+  if (verdict === "WARN" && strict && !allowWarn) exitCode = 1;
+  const jsonPayload = {
+    verdict: verdict.toLowerCase(),
+    exitCode,
+    changedFiles,
+    issues,
+    warnings,
+    nextSteps
+  };
+  if (outputJson) {
+    process.stdout.write(`${JSON.stringify(jsonPayload, null, 2)}
+`);
+    process.exit(exitCode);
+    return;
+  }
+  console.log("");
+  console.log(BOLD("RunTrim") + DIM("  CI Check"));
+  console.log("");
+  const verdictColor = verdict === "PASS" ? chalk.green : verdict === "WARN" ? chalk.yellow : chalk.red;
+  console.log(DIM("  Verdict: ") + verdictColor(verdict));
+  console.log("");
+  console.log(DIM("  Changed files:"));
+  if (changedFiles.length === 0) console.log(chalk.white("  - (none detected)"));
+  for (const f of changedFiles.slice(0, 20)) console.log(chalk.white("  - " + f));
+  if (changedFiles.length > 20) console.log(DIM(`  ... and ${changedFiles.length - 20} more`));
+  console.log("");
+  if (issues.length > 0) {
+    console.log(DIM("  Issues:"));
+    for (const i of issues) console.log(chalk.red("  - " + i));
+    console.log("");
+  }
+  if (warnings.length > 0) {
+    console.log(DIM("  Warnings:"));
+    for (const w of warnings) console.log(chalk.yellow("  - " + w));
+    console.log("");
+  }
+  console.log(DIM("  Next:"));
+  for (const n of nextSteps) console.log(chalk.white("  - " + n));
+  if (report) {
+    console.log("");
+    console.log(DIM("  Report:"));
+    console.log(chalk.white(`  - Base: ${detection.baseUsed}`));
+    console.log(chalk.white(`  - Head: ${detection.headUsed}`));
+    console.log(chalk.white(`  - Contract: ${contract.exists ? contract.active ? "active" : "present" : "none"}`));
+    console.log(chalk.white(`  - Latest run: ${latestRun ? latestRun.status : "none"}`));
+  }
+  console.log("");
+  process.exit(exitCode);
+});
 var authCommand = program.command("auth").description("Configure sync token for dashboard sync");
 authCommand.command("set <token>").description("Set sync token and enable sync").action((token) => {
   const cwd = process.cwd();
@@ -9336,12 +10295,54 @@ repoCommand.command("status").description("Show local tracked repo status").acti
   console.log(DIM("  Current repo  ") + chalk.white(identity.path));
   console.log(DIM("  Tracked repo  ") + chalk.white((_b = tracked == null ? void 0 : tracked.path) != null ? _b : "(none)"));
   console.log(DIM("  Allowed       ") + chalk.white(check.allowed ? "yes" : "no"));
+  console.log(DIM("  State         ") + chalk.white(check.status));
   console.log("");
+  if (check.status === "blocked_repair") {
+    console.log(chalk.yellow("  RunTrim local state needs repair."));
+    console.log(chalk.yellow("  Free includes 1 tracked repo."));
+    console.log(chalk.yellow("  The local repo registry changed unexpectedly."));
+    console.log(DIM("  Run: runtrim repo repair"));
+    console.log("");
+  }
   if (tracked) {
     console.log(DIM("  A tracked repo is one codebase with its own .runtrim workspace."));
     console.log("");
   }
 });
+repoCommand.command("repair").description("Repair local free-plan repo registry integrity").option("--use-current", "Repair and set the current repo as the single tracked Free repo").action(async (options) => {
+  const cwd = process.cwd();
+  const before = await assertFreeRepoAllowed(cwd);
+  console.log("");
+  console.log(BOLD("RunTrim") + DIM("  repo repair"));
+  console.log("");
+  if (!before.repairRequired) {
+    console.log(DIM("  Local state is healthy. No repair required."));
+    console.log("");
+    return;
+  }
+  if (!options.useCurrent) {
+    console.log(chalk.yellow("  RunTrim local state needs repair."));
+    console.log(chalk.yellow("  Free includes 1 tracked repo."));
+    console.log(chalk.yellow("  Your local repo registry changed unexpectedly."));
+    console.log("");
+    console.log(DIM("  Safe next actions:"));
+    console.log(chalk.white("  - runtrim repo repair --use-current"));
+    console.log(chalk.white("  - runtrim repo unlink --force"));
+    console.log(chalk.white("  - upgrade to Builder for unlimited repos"));
+    console.log(chalk.white("  - sign in to restore cloud entitlements"));
+    console.log("");
+    return;
+  }
+  const result = await repairGlobalRegistry(cwd, { useCurrentRepo: true });
+  if (result.repaired) {
+    console.log(ACCENT.bold("  Local registry repaired."));
+    console.log(DIM("  Current repo is now the tracked Free repo."));
+    console.log("");
+    return;
+  }
+  console.log(DIM("  No repair changes applied."));
+  console.log("");
+});
 repoCommand.command("unlink").description("Unlink tracked repo from local free-plan registry").option("--force", "Force unlink tracked repo even when running from another path").action(async (options) => {
   const cwd = process.cwd();
   const result = await unlinkCurrentRepo(cwd, Boolean(options.force));
@@ -9366,6 +10367,214 @@ repoCommand.command("unlink").description("Unlink tracked repo from local free-p
   console.log(DIM("  No tracked repo found."));
   console.log("");
 });
+program.command("clean").description("Clean old local RunTrim artifacts while preserving active project state").option("--dry-run", "Preview files that would be removed").option("--keep <n>", "Number of latest run-linked artifacts to keep", "10").action(async (options) => {
+  var _a2;
+  const cwd = process.cwd();
+  const dryRun = (options == null ? void 0 : options.dryRun) === true;
+  const keep = Math.max(1, Number.parseInt((_a2 = options == null ? void 0 : options.keep) != null ? _a2 : "10", 10) || 10);
+  ensureInternalArtifactDirs(cwd);
+  const runs = loadAllRuns(cwd);
+  const keepRunIds = new Set(runs.slice(0, keep).map((r) => r.id));
+  const files = listArtifactFiles(cwd);
+  const removable = files.filter((filePath) => {
+    const runId = parseRunIdFromArtifact(filePath);
+    if (!runId) return true;
+    return !keepRunIds.has(runId);
+  });
+  const byCategory = {
+    runs: 0,
+    previews: 0,
+    restores: 0,
+    archives: 0,
+    other: 0
+  };
+  for (const filePath of removable) {
+    const rel = path13.relative(cwd, filePath).replace(/\\/g, "/").toLowerCase();
+    if (rel.includes(".runtrim/internal/runs/") || rel.includes(".runtrim/runs/")) byCategory.runs += 1;
+    else if (rel.includes(".runtrim/internal/previews/") || rel.includes(".runtrim/previews/")) byCategory.previews += 1;
+    else if (rel.includes(".runtrim/internal/restores/") || rel.includes(".runtrim/restores/")) byCategory.restores += 1;
+    else if (rel.includes("archive")) byCategory.archives += 1;
+    else byCategory.other += 1;
+  }
+  if (!dryRun) {
+    for (const filePath of removable) {
+      try {
+        fs13.rmSync(filePath, { force: true });
+      } catch (e) {
+      }
+    }
+  }
+  console.log("");
+  console.log(BOLD("RunTrim") + DIM("  clean"));
+  console.log("");
+  console.log(DIM("  Mode              ") + chalk.white(dryRun ? "dry-run" : "apply"));
+  console.log(DIM("  Keep latest runs  ") + chalk.white(String(keep)));
+  console.log(DIM("  Candidate files   ") + chalk.white(String(removable.length)));
+  console.log("");
+  console.log(DIM("  Cleanup summary"));
+  console.log(chalk.white(`  - runs: ${byCategory.runs}`));
+  console.log(chalk.white(`  - previews: ${byCategory.previews}`));
+  console.log(chalk.white(`  - restores: ${byCategory.restores}`));
+  console.log(chalk.white(`  - archives: ${byCategory.archives}`));
+  if (byCategory.other > 0) console.log(chalk.white(`  - other: ${byCategory.other}`));
+  console.log("");
+  if (removable.length > 0) {
+    const sample = removable.slice(0, 10).map((p) => path13.relative(cwd, p).replace(/\\/g, "/"));
+    console.log(DIM("  Sample files"));
+    for (const rel of sample) console.log(chalk.white(`  - ${rel}`));
+    if (removable.length > sample.length) {
+      console.log(DIM(`  ... and ${removable.length - sample.length} more`));
+    }
+    console.log("");
+  }
+  if (dryRun) {
+    console.log(chalk.white("  No files were removed."));
+    console.log(chalk.white("  Re-run without --dry-run to apply cleanup."));
+  } else {
+    console.log(chalk.white("  Cleanup complete."));
+    console.log(chalk.white("  Active contract, latest files, memory current, and MCP snippets were preserved."));
+  }
+  console.log("");
+});
+var restoreCommand = program.command("restore").description("Preview or apply local restore for guarded runs");
+restoreCommand.argument("[runId]", "Run ID to restore, or use 'last'").option("--preview", "Preview restore plan").option("--apply", "Apply restore plan").option("--force", "Apply even if unrelated new changes are detected").action(async (runIdArg, options) => {
+  var _a2, _b, _c, _d;
+  const cwd = process.cwd();
+  const doPreview = (options == null ? void 0 : options.preview) === true;
+  const doApply = (options == null ? void 0 : options.apply) === true;
+  const force = (options == null ? void 0 : options.force) === true;
+  if (!doPreview && !doApply) {
+    console.log("");
+    console.log(chalk.yellow("Choose --preview or --apply."));
+    console.log("");
+    return;
+  }
+  if (doPreview && doApply) {
+    console.log("");
+    console.log(chalk.yellow("Use either --preview or --apply, not both."));
+    console.log("");
+    return;
+  }
+  const runs = loadAllRuns(cwd);
+  const runIdInput = (runIdArg != null ? runIdArg : "last").trim();
+  let targetRunId = runIdInput;
+  if (runIdInput === "last") {
+    const latest = runs.find((r) => r.status === "completed" || r.status === "guarded" || r.status === "executed" || r.status === "checked");
+    if (!latest) {
+      console.log("");
+      console.log(chalk.yellow("No runs available for restore."));
+      console.log("");
+      return;
+    }
+    targetRunId = latest.id;
+  }
+  const run = runs.find((r) => r.id === targetRunId);
+  if (!run) {
+    console.log("");
+    console.log(chalk.yellow(`Run not found: ${targetRunId}`));
+    console.log("");
+    return;
+  }
+  const restore = loadRestorePoint(cwd, targetRunId);
+  if (!restore) {
+    console.log("");
+    console.log(chalk.yellow("No restore point found for this run."));
+    console.log("");
+    return;
+  }
+  const postFiles = (_b = (_a2 = restore.postRun) == null ? void 0 : _a2.changedFiles) != null ? _b : [];
+  const sensitive = postFiles.filter((f) => isSensitivePath(f) || isSecretLikePath(f));
+  const safeFiles = postFiles.filter((f) => !sensitive.includes(f));
+  const gitAvailable = await isGitRepo(cwd);
+  const method = gitAvailable && restore.preRun.commit ? "git checkout from pre-run commit" : "metadata-only (limited)";
+  const nowChanged = gitAvailable ? dedupeFiles((await getGitChangedFiles(cwd)).map((f) => f.path)) : [];
+  const unrelated = nowChanged.filter((f) => !postFiles.includes(f));
+  if (doPreview) {
+    console.log("");
+    console.log(BOLD("RunTrim") + DIM("  restore preview"));
+    console.log("");
+    console.log(DIM("  Run ID   ") + chalk.white(targetRunId));
+    console.log(DIM("  Task     ") + chalk.white(truncate(run.task, 80)));
+    console.log(DIM("  Method   ") + chalk.white(method));
+    console.log(DIM("  Verdict  ") + chalk.white((_d = (_c = restore.postRun) == null ? void 0 : _c.finishVerdict) != null ? _d : "unknown"));
+    console.log("");
+    console.log(DIM("  Files to restore"));
+    if (safeFiles.length === 0) console.log(chalk.white("  - (none)"));
+    for (const f of safeFiles.slice(0, 20)) console.log(chalk.white("  - " + f));
+    if (safeFiles.length > 20) console.log(DIM(`  ... and ${safeFiles.length - 20} more`));
+    if (sensitive.length > 0) {
+      console.log("");
+      console.log(DIM("  Sensitive files (listed by path only)"));
+      for (const f of sensitive.slice(0, 20)) console.log(chalk.yellow("  - " + f));
+      console.log(chalk.yellow("  Sensitive files are skipped by default and not auto-restored."));
+    }
+    if (unrelated.length > 0) {
+      console.log("");
+      console.log(chalk.yellow("  Warning: repo has new changes after this run."));
+      console.log(chalk.yellow("  Use --apply --force or review manually before restore."));
+    }
+    console.log("");
+    return;
+  }
+  if (!doApply) return;
+  if (!gitAvailable || !restore.preRun.commit) {
+    console.log("");
+    console.log(chalk.red("Restore apply requires git and a pre-run commit restore point."));
+    console.log("");
+    process.exit(1);
+    return;
+  }
+  if (unrelated.length > 0 && !force) {
+    console.log("");
+    console.log(chalk.red("Restore blocked: new unrelated changes detected after this run."));
+    console.log(chalk.red("Re-run with --apply --force after manual review."));
+    console.log("");
+    process.exit(1);
+    return;
+  }
+  const restored = [];
+  const skippedSensitive = [...sensitive];
+  const failed = [];
+  for (const file of safeFiles) {
+    try {
+      let existedBefore = false;
+      try {
+        await execa3("git", ["cat-file", "-e", `${restore.preRun.commit}:${file}`], { cwd });
+        existedBefore = true;
+      } catch (e) {
+        existedBefore = false;
+      }
+      if (existedBefore) {
+        await execa3("git", ["checkout", restore.preRun.commit, "--", file], { cwd });
+      } else if (fs13.existsSync(path13.join(cwd, file))) {
+        fs13.rmSync(path13.join(cwd, file), { force: true });
+      }
+      restored.push(file);
+    } catch (e) {
+      failed.push(file);
+    }
+  }
+  const report = {
+    runId: targetRunId,
+    appliedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    restored,
+    skippedSensitive,
+    failed,
+    forced: force
+  };
+  const reportPath = path13.join(getRestoresDir(cwd), `${targetRunId}.report.${Date.now()}.json`);
+  fs13.writeFileSync(reportPath, JSON.stringify(report, null, 2), "utf-8");
+  console.log("");
+  console.log(BOLD("RunTrim") + DIM("  restore apply"));
+  console.log("");
+  console.log(DIM("  Run ID             ") + chalk.white(targetRunId));
+  console.log(DIM("  Restored files     ") + chalk.white(String(restored.length)));
+  console.log(DIM("  Skipped sensitive  ") + chalk.white(String(skippedSensitive.length)));
+  console.log(DIM("  Failed             ") + chalk.white(String(failed.length)));
+  console.log(DIM("  Report             ") + chalk.white(path13.relative(cwd, reportPath)));
+  console.log("");
+  if (failed.length > 0) process.exit(1);
+});
 program.command("guard <task>").description("Audit a task and generate a guarded run contract").action(async (task) => {
   var _a2, _b, _c;
   const cwd = process.cwd();
@@ -9453,7 +10662,7 @@ program.command("guard <task>").description("Audit a task and generate a guarded
     const run2 = saveRun(task, audit, contract, cwd);
     updateRun(run2.id, { status: "blocked" }, cwd);
     console.log("");
-    console.log(DIM("  Run saved: .runtrim/runs/" + run2.id + ".json  (status: blocked)"));
+    console.log(DIM("  Run saved: .runtrim/internal/runs/" + run2.id + ".json  (status: blocked)"));
     console.log("");
     console.log(DIM("  Next:  ") + chalk.white('runtrim guard "<one system at a time>"'));
     console.log("");
@@ -9533,7 +10742,7 @@ program.command("guard <task>").description("Audit a task and generate a guarded
   }
   const run = saveRun(task, audit, contract, cwd);
   console.log("");
-  console.log(DIM("  Run saved: .runtrim/runs/" + run.id + ".json"));
+  console.log(DIM("  Run saved: .runtrim/internal/runs/" + run.id + ".json"));
   console.log("");
   console.log(DIM("  After your agent run:  ") + chalk.white("runtrim check"));
   console.log("");
@@ -9583,6 +10792,7 @@ program.command("run <task>").description("Guard then run configured local agent
       },
       cwd
     );
+    await captureRestorePoint(cwd, run.id, task);
     const copySavings = estimateSavingsFromTokens2(
       parseEstimatedNumber3(String(contract.estimatedTokensTrimmed))
     );
@@ -9663,6 +10873,7 @@ program.command("run <task>").description("Guard then run configured local agent
       },
       cwd
     );
+    await captureRestorePoint(cwd, run.id, task);
     console.log(DIM("  Execution cancelled. Guarded contract copied to clipboard."));
     console.log("");
     return;
@@ -9719,6 +10930,7 @@ program.command("run <task>").description("Guard then run configured local agent
         },
         cwd
       );
+      await captureRestorePoint(cwd, run.id, task);
       console.log("");
       console.log(chalk.yellow("  Agent command not found. Falling back to copy mode guidance."));
       console.log(DIM("  Configure with: npm run runtrim -- agent set claude|codex|custom"));
@@ -9752,6 +10964,7 @@ program.command("run <task>").description("Guard then run configured local agent
       },
       cwd
     );
+    await captureRestorePoint(cwd, run.id, task);
     console.log("");
     console.log(chalk.yellow("  Agent command not found. Falling back to copy mode guidance."));
     console.log(DIM("  Configure with: npm run runtrim -- agent set claude|codex|custom"));
@@ -9795,7 +11008,7 @@ ${stderr}`, "utf-8");
         exitCode,
         stdoutPreview: stdout.slice(0, OUTPUT_PREVIEW_MAX),
         stderrPreview: stderr.slice(0, OUTPUT_PREVIEW_MAX),
-        outputPath: `.runtrim/runs/${run.id}.output.txt`
+        outputPath: `.runtrim/internal/runs/${run.id}.output.txt`
       },
       evaluation
     },
@@ -9945,6 +11158,7 @@ program.command("go <task>").description("Bridge Mode: generate a scoped contrac
     memoryUsed,
     providerRouting
   }, cwd);
+  await captureRestorePoint(cwd, run.id, task);
   const bridgeCtx = deriveBridgeContext(task, contract, runs, projectName);
   let bridgeWritten = [];
   let bridgeManagedPaths = [];
@@ -10003,7 +11217,7 @@ program.command("go <task>").description("Bridge Mode: generate a scoped contrac
   if (contract.contract.stopRules.length > 0) {
     console.log(DIM("  Stop rule     ") + chalk.white(truncate((_g = contract.contract.stopRules[contract.contract.stopRules.length - 1]) != null ? _g : "", 60)));
   }
-  console.log(DIM("  Run saved     ") + chalk.white(`.runtrim/runs/${run.id}.json`));
+  console.log(DIM("  Run saved     ") + chalk.white(`.runtrim/internal/runs/${run.id}.json`));
   console.log(DIM("  Contract      ") + chalk.white("created"));
   console.log("");
   if (bridgeWritten.length > 0) {
@@ -10508,7 +11722,7 @@ program.command("continue").description("Create a safe continuation prompt from
   const audit = (_a2 = loadProjectAudit(cwd)) != null ? _a2 : performBaselineProjectAudit(cwd, null);
   const reason = normalizeContinuationReason(options.reason);
   const agent = normalizeContinuationAgent(options.agent, config.defaultAgent);
-  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  const nowIso2 = (/* @__PURE__ */ new Date()).toISOString();
   const continuationPath = resolveContinuationPath(cwd);
   const latestPromptPath = resolvePromptPath(config, cwd);
   const latestPrompt = fs13.existsSync(latestPromptPath) ? fs13.readFileSync(latestPromptPath, "utf-8").trim() : "";
@@ -10698,14 +11912,14 @@ program.command("continue").description("Create a safe continuation prompt from
   fs13.writeFileSync(continuationPath, continuationPrompt, "utf-8");
   const copied = await copyToClipboardSafe(continuationPrompt);
   if (memory) {
-    const memoryWithContinuation = updateMemoryWithContinuation(memory, reason, continuationPath, nowIso);
+    const memoryWithContinuation = updateMemoryWithContinuation(memory, reason, continuationPath, nowIso2);
     fs13.writeFileSync(path13.join(getConfigDir(cwd), "memory.md"), memoryWithContinuation, "utf-8");
   }
   if (hasConfig) {
     const nextConfig = __spreadProps(__spreadValues({}, config), {
       lastContinuationReason: reason,
       continuationPromptPath: continuationPath.replace(/\\/g, "/"),
-      continuationCreatedAt: nowIso
+      continuationCreatedAt: nowIso2
     });
     saveConfig(nextConfig, cwd);
   }
@@ -11358,6 +12572,18 @@ program.command("finish").description("Bridge Mode: evaluate agent output, check
   const blockedByExistingHard = scope.forbiddenFiles.length > 0 || scope.status === "limit_exceeded";
   const warnBySensitiveIgnored = sensitiveIgnored.length > 0;
   const finishVerdict = blockedBySensitive || blockedByContract || blockedByExistingHard ? "BLOCKED" : warnBySensitiveIgnored || scopeDriftStatus !== "passed" || evaluation.status === "needs_verification" || evaluation.status === "partial" ? "WARN" : "PASS";
+  const restoreRecord = loadRestorePoint(cwd, activeRun.id);
+  if (restoreRecord) {
+    restoreRecord.postRun = {
+      changedFiles,
+      forbiddenFiles: [...scope.forbiddenFiles, ...forbiddenPathFiles],
+      sensitiveFiles: scope.sensitiveFiles,
+      outOfScopeFiles: [...outOfContractFiles, ...scope.outOfScopeFiles],
+      finishVerdict,
+      capturedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    saveRestorePoint(cwd, restoreRecord);
+  }
   const verdictColor = finishVerdict === "PASS" ? chalk.green : finishVerdict === "WARN" ? chalk.yellow : chalk.red;
   const scopeColor = scopeDriftStatus === "passed" ? chalk.green : scopeDriftStatus === "forbidden_touched" ? chalk.red : chalk.yellow;
   const riskAfter = (_m = activeRun.contract.wasteRiskAfter) != null ? _m : "medium";
@@ -11497,6 +12723,8 @@ program.command("finish").description("Bridge Mode: evaluate agent output, check
 program.command("sync").description("Sync local run history and project memory to your RunTrim dashboard").option("--dry-run", "Show what would be synced without uploading").action(async (opts) => {
   var _a2, _b;
   const cwd = process.cwd();
+  const allowed = await ensureRepoAllowedForFree(cwd);
+  if (!allowed) return;
   console.log("");
   console.log(BOLD("RunTrim") + DIM("  cloud sync"));
   console.log("");