scene-capability-engine 3.3.21 → 3.3.23

package/lib/commands/errorbook.js

@@ -1,4 +1,6 @@
 const crypto = require('crypto');
+const http = require('http');
+const https = require('https');
 const path = require('path');
 const fs = require('fs-extra');
 const chalk = require('chalk');
@@ -6,7 +8,14 @@ const Table = require('cli-table3');
 
 const ERRORBOOK_INDEX_API_VERSION = 'sce.errorbook.index/v0.1';
 const ERRORBOOK_ENTRY_API_VERSION = 'sce.errorbook.entry/v0.1';
+const ERRORBOOK_REGISTRY_API_VERSION = 'sce.errorbook.registry/v0.1';
+const ERRORBOOK_REGISTRY_CACHE_API_VERSION = 'sce.errorbook.registry-cache/v0.1';
+const ERRORBOOK_REGISTRY_INDEX_API_VERSION = 'sce.errorbook.registry-index/v0.1';
 const ERRORBOOK_STATUSES = Object.freeze(['candidate', 'verified', 'promoted', 'deprecated']);
+const TEMPORARY_MITIGATION_TAG = 'temporary-mitigation';
+const DEFAULT_ERRORBOOK_REGISTRY_CONFIG = '.sce/config/errorbook-registry.json';
+const DEFAULT_ERRORBOOK_REGISTRY_CACHE = '.sce/errorbook/registry-cache.json';
+const DEFAULT_ERRORBOOK_REGISTRY_EXPORT = '.sce/errorbook/exports/errorbook-registry-export.json';
 const STATUS_RANK = Object.freeze({
   deprecated: 0,
   candidate: 1,
@@ -59,6 +68,28 @@ function resolveErrorbookPaths(projectPath = process.cwd()) {
   };
 }
 
+function resolveProjectPath(projectPath, maybeRelativePath, fallbackRelativePath) {
+  const normalized = normalizeText(maybeRelativePath || fallbackRelativePath || '');
+  if (!normalized) {
+    return path.resolve(projectPath, fallbackRelativePath || '');
+  }
+  return path.isAbsolute(normalized)
+    ? normalized
+    : path.resolve(projectPath, normalized);
+}
+
+function resolveErrorbookRegistryPaths(projectPath = process.cwd(), overrides = {}) {
+  const configFile = resolveProjectPath(projectPath, overrides.configPath, DEFAULT_ERRORBOOK_REGISTRY_CONFIG);
+  const cacheFile = resolveProjectPath(projectPath, overrides.cachePath, DEFAULT_ERRORBOOK_REGISTRY_CACHE);
+  const exportFile = resolveProjectPath(projectPath, overrides.exportPath, DEFAULT_ERRORBOOK_REGISTRY_EXPORT);
+  return {
+    projectPath,
+    configFile,
+    cacheFile,
+    exportFile
+  };
+}
+
 function nowIso() {
   return new Date().toISOString();
 }
@@ -71,6 +102,23 @@ function normalizeText(value) {
   return value.trim();
 }
 
+function normalizeBoolean(value, fallback = false) {
+  if (typeof value === 'boolean') {
+    return value;
+  }
+  const normalized = normalizeText(`${value || ''}`).toLowerCase();
+  if (!normalized) {
+    return fallback;
+  }
+  if (['1', 'true', 'yes', 'y', 'on'].includes(normalized)) {
+    return true;
+  }
+  if (['0', 'false', 'no', 'n', 'off'].includes(normalized)) {
+    return false;
+  }
+  return fallback;
+}
+
 function normalizeCsv(value) {
   if (Array.isArray(value)) {
     return value;
@@ -109,6 +157,18 @@ function normalizeStringList(...rawInputs) {
   return Array.from(new Set(merged));
 }
 
+function normalizeIsoTimestamp(value, fieldName = 'datetime') {
+  const normalized = normalizeText(value);
+  if (!normalized) {
+    return '';
+  }
+  const parsed = Date.parse(normalized);
+  if (Number.isNaN(parsed)) {
+    throw new Error(`${fieldName} must be a valid ISO datetime`);
+  }
+  return new Date(parsed).toISOString();
+}
+
 function normalizeOntologyTags(...rawInputs) {
   const normalized = normalizeStringList(...rawInputs).map((item) => item.toLowerCase());
   const mapped = normalized.map((item) => ONTOLOGY_TAG_ALIASES[item] || item);
@@ -116,6 +176,140 @@ function normalizeOntologyTags(...rawInputs) {
   return Array.from(new Set(valid));
 }
 
+function hasMitigationInput(options = {}, fromFilePayload = {}) {
+  const mitigation = fromFilePayload && typeof fromFilePayload.temporary_mitigation === 'object'
+    ? fromFilePayload.temporary_mitigation
+    : {};
+  return Boolean(
+    options.temporaryMitigation === true ||
+    normalizeBoolean(mitigation.enabled, false) ||
+    normalizeText(options.mitigationReason || mitigation.reason || mitigation.notes) ||
+    normalizeText(options.mitigationExit || mitigation.exit_criteria || mitigation.exitCriteria) ||
+    normalizeText(options.mitigationCleanup || mitigation.cleanup_task || mitigation.cleanupTask) ||
+    normalizeText(options.mitigationDeadline || mitigation.deadline_at || mitigation.deadlineAt)
+  );
+}
+
+function normalizeTemporaryMitigation(options = {}, fromFilePayload = {}) {
+  const mitigationFromFile = fromFilePayload && typeof fromFilePayload.temporary_mitigation === 'object'
+    ? fromFilePayload.temporary_mitigation
+    : {};
+  if (!hasMitigationInput(options, fromFilePayload)) {
+    return { enabled: false };
+  }
+
+  return {
+    enabled: true,
+    reason: normalizeText(options.mitigationReason || mitigationFromFile.reason || mitigationFromFile.notes),
+    exit_criteria: normalizeText(options.mitigationExit || mitigationFromFile.exit_criteria || mitigationFromFile.exitCriteria),
+    cleanup_task: normalizeText(options.mitigationCleanup || mitigationFromFile.cleanup_task || mitigationFromFile.cleanupTask),
+    deadline_at: normalizeIsoTimestamp(
+      options.mitigationDeadline || mitigationFromFile.deadline_at || mitigationFromFile.deadlineAt,
+      '--mitigation-deadline'
+    ),
+    created_at: normalizeIsoTimestamp(mitigationFromFile.created_at || mitigationFromFile.createdAt, 'temporary_mitigation.created_at') || '',
+    updated_at: normalizeIsoTimestamp(mitigationFromFile.updated_at || mitigationFromFile.updatedAt, 'temporary_mitigation.updated_at') || '',
+    resolved_at: normalizeIsoTimestamp(mitigationFromFile.resolved_at || mitigationFromFile.resolvedAt, 'temporary_mitigation.resolved_at') || ''
+  };
+}
+
+function normalizeExistingTemporaryMitigation(value = {}) {
+  if (!value || typeof value !== 'object' || normalizeBoolean(value.enabled, false) !== true) {
+    return { enabled: false };
+  }
+  return {
+    enabled: true,
+    reason: normalizeText(value.reason || value.notes),
+    exit_criteria: normalizeText(value.exit_criteria || value.exitCriteria),
+    cleanup_task: normalizeText(value.cleanup_task || value.cleanupTask),
+    deadline_at: normalizeText(value.deadline_at || value.deadlineAt),
+    created_at: normalizeText(value.created_at || value.createdAt),
+    updated_at: normalizeText(value.updated_at || value.updatedAt),
+    resolved_at: normalizeText(value.resolved_at || value.resolvedAt)
+  };
+}
+
+function resolveMergedTemporaryMitigation(existingEntry = {}, incomingPayload = {}) {
+  const existing = normalizeExistingTemporaryMitigation(existingEntry.temporary_mitigation);
+  const incoming = normalizeExistingTemporaryMitigation(incomingPayload.temporary_mitigation);
+  if (!incoming.enabled) {
+    return existing;
+  }
+
+  return {
+    enabled: true,
+    reason: normalizeText(incoming.reason) || existing.reason || '',
+    exit_criteria: normalizeText(incoming.exit_criteria) || existing.exit_criteria || '',
+    cleanup_task: normalizeText(incoming.cleanup_task) || existing.cleanup_task || '',
+    deadline_at: normalizeText(incoming.deadline_at) || existing.deadline_at || '',
+    created_at: normalizeText(existing.created_at) || nowIso(),
+    updated_at: nowIso(),
+    resolved_at: ''
+  };
+}
+
+function markTemporaryMitigationResolved(entry = {}, resolvedAt = nowIso()) {
+  const current = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  if (!current.enabled || normalizeText(current.resolved_at)) {
+    return current.enabled ? {
+      ...current,
+      resolved_at: normalizeText(current.resolved_at) || resolvedAt,
+      updated_at: normalizeText(current.updated_at) || resolvedAt
+    } : { enabled: false };
+  }
+  return {
+    ...current,
+    resolved_at: resolvedAt,
+    updated_at: resolvedAt
+  };
+}
+
+function evaluateTemporaryMitigationPolicy(entry = {}) {
+  const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  const status = normalizeStatus(entry.status, 'candidate');
+  if (!mitigation.enabled || ['promoted', 'deprecated'].includes(status)) {
+    return null;
+  }
+  if (normalizeText(mitigation.resolved_at)) {
+    return null;
+  }
+
+  const policyViolations = [];
+  if (!normalizeText(mitigation.exit_criteria)) {
+    policyViolations.push('temporary_mitigation.exit_criteria');
+  }
+  if (!normalizeText(mitigation.cleanup_task)) {
+    policyViolations.push('temporary_mitigation.cleanup_task');
+  }
+  const deadlineAtRaw = normalizeText(mitigation.deadline_at);
+  let deadlineAt = deadlineAtRaw;
+  let deadlineExpired = false;
+  if (!deadlineAtRaw) {
+    policyViolations.push('temporary_mitigation.deadline_at');
+  } else {
+    const parsed = Date.parse(deadlineAtRaw);
+    if (Number.isNaN(parsed)) {
+      policyViolations.push('temporary_mitigation.deadline_at:invalid_datetime');
+    } else {
+      deadlineAt = new Date(parsed).toISOString();
+      if (parsed <= Date.now()) {
+        deadlineExpired = true;
+        policyViolations.push('temporary_mitigation.deadline_at:expired');
+      }
+    }
+  }
+
+  return {
+    enabled: true,
+    reason: mitigation.reason,
+    exit_criteria: mitigation.exit_criteria,
+    cleanup_task: mitigation.cleanup_task,
+    deadline_at: deadlineAt,
+    deadline_expired: deadlineExpired,
+    policy_violations: policyViolations
+  };
+}
+
 function normalizeStatus(input, fallback = 'candidate') {
   const normalized = normalizeText(`${input || ''}`).toLowerCase();
   if (!normalized) {
@@ -273,9 +467,22 @@ function validateRecordPayload(payload) {
   if (status === 'verified' && (!Array.isArray(payload.verification_evidence) || payload.verification_evidence.length === 0)) {
     throw new Error('status=verified requires at least one --verification evidence');
   }
+  const mitigation = normalizeExistingTemporaryMitigation(payload.temporary_mitigation);
+  if (mitigation.enabled) {
+    if (!normalizeText(mitigation.exit_criteria)) {
+      throw new Error('temporary mitigation requires --mitigation-exit');
+    }
+    if (!normalizeText(mitigation.cleanup_task)) {
+      throw new Error('temporary mitigation requires --mitigation-cleanup');
+    }
+    if (!normalizeText(mitigation.deadline_at)) {
+      throw new Error('temporary mitigation requires --mitigation-deadline');
+    }
+  }
 }
 
 function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
+  const temporaryMitigation = normalizeTemporaryMitigation(options, fromFilePayload);
   const payload = {
     title: normalizeText(options.title || fromFilePayload.title),
     symptom: normalizeText(options.symptom || fromFilePayload.symptom),
@@ -287,7 +494,11 @@ function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
       options.verification,
       options.verificationEvidence
     ),
-    tags: normalizeStringList(fromFilePayload.tags, options.tags),
+    tags: normalizeStringList(
+      fromFilePayload.tags,
+      options.tags,
+      temporaryMitigation.enabled ? TEMPORARY_MITIGATION_TAG : []
+    ),
     ontology_tags: normalizeOntologyTags(fromFilePayload.ontology_tags, fromFilePayload.ontology, options.ontology),
     status: normalizeStatus(options.status || fromFilePayload.status || 'candidate'),
     source: {
@@ -295,6 +506,7 @@ function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
       files: normalizeStringList(fromFilePayload?.source?.files, options.files),
       tests: normalizeStringList(fromFilePayload?.source?.tests, options.tests)
     },
+    temporary_mitigation: temporaryMitigation,
     notes: normalizeText(options.notes || fromFilePayload.notes),
     fingerprint: createFingerprint({
       fingerprint: options.fingerprint || fromFilePayload.fingerprint,
@@ -312,6 +524,8 @@ function createEntryId() {
 }
 
 function buildIndexSummary(entry) {
+  const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  const mitigationActive = mitigation.enabled && !normalizeText(mitigation.resolved_at);
   return {
     id: entry.id,
     fingerprint: entry.fingerprint,
@@ -320,6 +534,8 @@ function buildIndexSummary(entry) {
     quality_score: entry.quality_score,
     tags: entry.tags,
     ontology_tags: entry.ontology_tags,
+    temporary_mitigation_active: mitigationActive,
+    temporary_mitigation_deadline_at: mitigationActive ? normalizeText(mitigation.deadline_at) : '',
     occurrences: entry.occurrences || 1,
     created_at: entry.created_at,
     updated_at: entry.updated_at
@@ -348,6 +564,12 @@ function findSummaryById(index, id) {
 }
 
 function mergeEntry(existingEntry, incomingPayload) {
+  const temporaryMitigation = resolveMergedTemporaryMitigation(existingEntry, incomingPayload);
+  const mergedTags = normalizeStringList(
+    existingEntry.tags,
+    incomingPayload.tags,
+    temporaryMitigation.enabled ? TEMPORARY_MITIGATION_TAG : []
+  );
   const merged = {
     ...existingEntry,
     title: normalizeText(incomingPayload.title) || existingEntry.title,
@@ -355,7 +577,7 @@ function mergeEntry(existingEntry, incomingPayload) {
     root_cause: normalizeText(incomingPayload.root_cause) || existingEntry.root_cause,
     fix_actions: normalizeStringList(existingEntry.fix_actions, incomingPayload.fix_actions),
     verification_evidence: normalizeStringList(existingEntry.verification_evidence, incomingPayload.verification_evidence),
-    tags: normalizeStringList(existingEntry.tags, incomingPayload.tags),
+    tags: mergedTags,
     ontology_tags: normalizeOntologyTags(existingEntry.ontology_tags, incomingPayload.ontology_tags),
     status: selectStatus(existingEntry.status, incomingPayload.status),
     notes: normalizeText(incomingPayload.notes) || existingEntry.notes || '',
@@ -364,6 +586,7 @@ function mergeEntry(existingEntry, incomingPayload) {
       files: normalizeStringList(existingEntry?.source?.files, incomingPayload?.source?.files),
       tests: normalizeStringList(existingEntry?.source?.tests, incomingPayload?.source?.tests)
     },
+    temporary_mitigation: temporaryMitigation,
     occurrences: Number(existingEntry.occurrences || 1) + 1,
     updated_at: nowIso()
   };
@@ -396,6 +619,382 @@ async function loadRecordPayloadFromFile(projectPath, sourcePath, fileSystem = f
   }
 }
 
+function normalizeStatusList(values = [], fallback = ['promoted']) {
+  const raw = Array.isArray(values) ? values : normalizeStringList(values);
+  const list = raw.length > 0 ? raw : fallback;
+  const normalized = list
+    .map((item) => normalizeText(item).toLowerCase())
+    .filter(Boolean);
+  const unique = Array.from(new Set(normalized));
+  for (const status of unique) {
+    if (!ERRORBOOK_STATUSES.includes(status)) {
+      throw new Error(`invalid status in list: ${status}`);
+    }
+  }
+  return unique;
+}
+
+function normalizeRegistrySource(input = {}) {
+  const candidate = input || {};
+  const name = normalizeText(candidate.name) || 'default';
+  const url = normalizeText(candidate.url || candidate.source);
+  const file = normalizeText(candidate.file || candidate.path);
+  const source = url || file;
+  const indexUrl = normalizeText(candidate.index_url || candidate.indexUrl || candidate.registry_index || candidate.registryIndex);
+  return {
+    name,
+    source,
+    index_url: indexUrl,
+    enabled: candidate.enabled !== false
+  };
+}
+
+function normalizeRegistryMode(value, fallback = 'cache') {
+  const normalized = normalizeText(`${value || ''}`).toLowerCase();
+  if (!normalized) {
+    return fallback;
+  }
+  if (['cache', 'remote', 'hybrid'].includes(normalized)) {
+    return normalized;
+  }
+  throw new Error('registry mode must be one of: cache, remote, hybrid');
+}
+
+async function readErrorbookRegistryConfig(paths, fileSystem = fs) {
+  const fallback = {
+    enabled: false,
+    search_mode: 'cache',
+    cache_file: DEFAULT_ERRORBOOK_REGISTRY_CACHE,
+    sources: []
+  };
+  if (!await fileSystem.pathExists(paths.configFile)) {
+    return fallback;
+  }
+  const payload = await fileSystem.readJson(paths.configFile).catch(() => null);
+  if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
+    return fallback;
+  }
+  const sources = Array.isArray(payload.sources)
+    ? payload.sources.map((item) => normalizeRegistrySource(item)).filter((item) => item.enabled && item.source)
+    : [];
+  return {
+    enabled: normalizeBoolean(payload.enabled, true),
+    search_mode: normalizeRegistryMode(payload.search_mode || payload.searchMode, 'cache'),
+    cache_file: normalizeText(payload.cache_file || payload.cacheFile || DEFAULT_ERRORBOOK_REGISTRY_CACHE),
+    sources
+  };
+}
+
+function isHttpSource(source = '') {
+  return /^https?:\/\//i.test(normalizeText(source));
+}
+
+function fetchJsonFromHttp(source, timeoutMs = 15000) {
+  const normalized = normalizeText(source);
+  if (!normalized) {
+    return Promise.reject(new Error('registry source is required'));
+  }
+  const client = normalized.startsWith('https://') ? https : http;
+  return new Promise((resolve, reject) => {
+    const request = client.get(normalized, {
+      timeout: timeoutMs,
+      headers: {
+        Accept: 'application/json'
+      }
+    }, (response) => {
+      const chunks = [];
+      response.on('data', (chunk) => chunks.push(chunk));
+      response.on('end', () => {
+        const body = Buffer.concat(chunks).toString('utf8');
+        if (response.statusCode < 200 || response.statusCode >= 300) {
+          reject(new Error(`registry source responded ${response.statusCode}`));
+          return;
+        }
+        try {
+          resolve(JSON.parse(body));
+        } catch (error) {
+          reject(new Error(`registry source returned invalid JSON: ${error.message}`));
+        }
+      });
+    });
+    request.on('timeout', () => {
+      request.destroy(new Error('registry source request timed out'));
+    });
+    request.on('error', reject);
+  });
+}
+
+async function loadRegistryPayload(projectPath, source, fileSystem = fs) {
+  const normalized = normalizeText(source);
+  if (!normalized) {
+    throw new Error('registry source is required');
+  }
+  if (isHttpSource(normalized)) {
+    return fetchJsonFromHttp(normalized);
+  }
+  const absolutePath = path.isAbsolute(normalized)
+    ? normalized
+    : path.resolve(projectPath, normalized);
+  if (!await fileSystem.pathExists(absolutePath)) {
+    throw new Error(`registry source file not found: ${source}`);
+  }
+  return fileSystem.readJson(absolutePath);
+}
+
+function normalizeRegistryEntry(entry = {}, sourceName = 'registry') {
+  const title = normalizeText(entry.title || entry.name);
+  const symptom = normalizeText(entry.symptom);
+  const rootCause = normalizeText(entry.root_cause || entry.rootCause);
+  const fingerprint = createFingerprint({
+    fingerprint: normalizeText(entry.fingerprint),
+    title,
+    symptom,
+    root_cause: rootCause
+  });
+  const statusRaw = normalizeText(entry.status || 'candidate').toLowerCase();
+  const status = ERRORBOOK_STATUSES.includes(statusRaw) ? statusRaw : 'candidate';
+  const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+
+  return {
+    id: normalizeText(entry.id) || `registry-${fingerprint}`,
+    fingerprint,
+    title,
+    symptom,
+    root_cause: rootCause,
+    fix_actions: normalizeStringList(entry.fix_actions, entry.fixActions),
+    verification_evidence: normalizeStringList(entry.verification_evidence, entry.verificationEvidence),
+    tags: normalizeStringList(entry.tags, mitigation.enabled ? TEMPORARY_MITIGATION_TAG : []),
+    ontology_tags: normalizeOntologyTags(entry.ontology_tags),
+    status,
+    quality_score: Number.isFinite(Number(entry.quality_score)) ? Number(entry.quality_score) : scoreQuality(entry),
+    updated_at: normalizeIsoTimestamp(entry.updated_at || entry.updatedAt, 'registry.updated_at') || nowIso(),
+    source: {
+      ...entry.source,
+      registry: sourceName
+    },
+    temporary_mitigation: mitigation,
+    entry_source: 'registry'
+  };
+}
+
+function extractRegistryEntries(payload = {}, sourceName = 'registry') {
+  const rawEntries = Array.isArray(payload)
+    ? payload
+    : Array.isArray(payload.entries)
+      ? payload.entries
+      : [];
+  const normalized = [];
+  for (const item of rawEntries) {
+    if (!item || typeof item !== 'object') {
+      continue;
+    }
+    const entry = normalizeRegistryEntry(item, sourceName);
+    if (!entry.title || !entry.fingerprint) {
+      continue;
+    }
+    normalized.push(entry);
+  }
+  const deduped = new Map();
+  for (const entry of normalized) {
+    const key = entry.fingerprint;
+    const existing = deduped.get(key);
+    if (!existing) {
+      deduped.set(key, entry);
+      continue;
+    }
+    if ((Number(entry.quality_score) || 0) >= (Number(existing.quality_score) || 0)) {
+      deduped.set(key, entry);
+    }
+  }
+  return Array.from(deduped.values());
+}
+
+async function loadRegistryCache(projectPath, cachePathInput = '', fileSystem = fs) {
+  const cachePath = resolveProjectPath(projectPath, cachePathInput, DEFAULT_ERRORBOOK_REGISTRY_CACHE);
+  if (!await fileSystem.pathExists(cachePath)) {
+    return {
+      cache_path: cachePath,
+      entries: []
+    };
+  }
+  const payload = await fileSystem.readJson(cachePath).catch(() => null);
+  const entries = extractRegistryEntries(payload || {}, 'registry-cache');
+  return {
+    cache_path: cachePath,
+    entries
+  };
+}
+
+function tokenizeQueryText(query = '') {
+  return normalizeText(query)
+    .toLowerCase()
+    .split(/[^a-z0-9_]+/i)
+    .map((item) => item.trim())
+    .filter((item) => item.length >= 2);
+}
+
+function normalizeRegistryIndex(payload = {}, sourceName = '') {
+  if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
+    return null;
+  }
+  return {
+    api_version: normalizeText(payload.api_version || payload.version || ERRORBOOK_REGISTRY_INDEX_API_VERSION),
+    source_name: sourceName || normalizeText(payload.source_name || payload.sourceName),
+    min_token_length: Number.isFinite(Number(payload.min_token_length))
+      ? Number(payload.min_token_length)
+      : 2,
+    token_to_source: payload.token_to_source && typeof payload.token_to_source === 'object'
+      ? payload.token_to_source
+      : {},
+    token_to_bucket: payload.token_to_bucket && typeof payload.token_to_bucket === 'object'
+      ? payload.token_to_bucket
+      : {},
+    buckets: payload.buckets && typeof payload.buckets === 'object'
+      ? payload.buckets
+      : {},
+    default_source: normalizeText(payload.default_source || payload.fallback_source || '')
+  };
+}
+
+function collectRegistryShardSources(indexPayload, queryTokens = [], maxShards = 8) {
+  const index = normalizeRegistryIndex(indexPayload);
+  if (!index) {
+    return [];
+  }
+  const sources = [];
+  const minTokenLength = Number.isFinite(index.min_token_length) ? index.min_token_length : 2;
+  for (const token of queryTokens) {
+    const normalizedToken = normalizeText(token).toLowerCase();
+    if (!normalizedToken || normalizedToken.length < minTokenLength) {
+      continue;
+    }
+    const direct = index.token_to_source[normalizedToken];
+    if (direct) {
+      const items = Array.isArray(direct) ? direct : [direct];
+      for (const item of items) {
+        sources.push(normalizeText(item));
+      }
+      continue;
+    }
+    const bucket = normalizeText(index.token_to_bucket[normalizedToken]);
+    if (!bucket) {
+      continue;
+    }
+    const bucketSource = normalizeText(index.buckets[bucket] || index.buckets[normalizedToken]);
+    if (bucketSource) {
+      sources.push(bucketSource);
+    }
+  }
+
+  const deduped = Array.from(new Set(sources.filter(Boolean)));
+  if (deduped.length > 0) {
+    return Number.isFinite(Number(maxShards)) && Number(maxShards) > 0
+      ? deduped.slice(0, Number(maxShards))
+      : deduped;
+  }
+  if (index.default_source) {
+    return [index.default_source];
+  }
+  return [];
+}
+
+async function searchRegistryRemote(options = {}, dependencies = {}) {
+  const projectPath = dependencies.projectPath || process.cwd();
+  const fileSystem = dependencies.fileSystem || fs;
+  const source = normalizeRegistrySource(options.source || {});
+  const query = normalizeText(options.query);
+  const queryTokens = Array.isArray(options.queryTokens) ? options.queryTokens : tokenizeQueryText(query);
+  const requestedStatus = options.requestedStatus || null;
+  const maxShards = Number.isFinite(Number(options.maxShards)) ? Number(options.maxShards) : 8;
+  const allowRemoteFullscan = options.allowRemoteFullscan === true;
+
+  if (!source.source) {
+    return {
+      source_name: source.name || 'registry',
+      shard_sources: [],
+      matched_count: 0,
+      candidates: [],
+      warnings: ['registry source is empty']
+    };
+  }
+
+  const warnings = [];
+  let shardSources = [];
+  if (source.index_url) {
+    try {
+      const indexPayload = await loadRegistryPayload(projectPath, source.index_url, fileSystem);
+      shardSources = collectRegistryShardSources(indexPayload, queryTokens, maxShards);
+    } catch (error) {
+      warnings.push(`failed to load registry index (${source.index_url}): ${error.message}`);
+    }
+  }
+
+  if (shardSources.length === 0) {
+    if (allowRemoteFullscan) {
+      shardSources = [source.source];
+      warnings.push('remote index unavailable; fallback to full-source scan');
+    } else {
+      warnings.push('remote index unavailable and full-source scan disabled');
+      return {
+        source_name: source.name || 'registry',
+        shard_sources: [],
+        matched_count: 0,
+        candidates: [],
+        warnings
+      };
+    }
+  }
+
+  const candidates = [];
+  for (const shardSource of shardSources) {
+    try {
+      const payload = await loadRegistryPayload(projectPath, shardSource, fileSystem);
+      const entries = extractRegistryEntries(payload, source.name || 'registry');
+      for (const entry of entries) {
+        if (requestedStatus && normalizeStatus(entry.status, 'candidate') !== requestedStatus) {
+          continue;
+        }
+        const matchScore = scoreSearchMatch(entry, queryTokens);
+        if (matchScore <= 0) {
+          continue;
+        }
+        candidates.push({
+          id: entry.id,
+          entry_source: 'registry-remote',
+          registry_source: source.name || 'registry',
+          status: entry.status,
+          quality_score: entry.quality_score,
+          title: entry.title,
+          fingerprint: entry.fingerprint,
+          tags: normalizeStringList(entry.tags),
+          ontology_tags: normalizeOntologyTags(entry.ontology_tags),
+          match_score: matchScore,
+          updated_at: entry.updated_at
+        });
+      }
+    } catch (error) {
+      warnings.push(`failed to load registry shard (${shardSource}): ${error.message}`);
+    }
+  }
+
+  const deduped = new Map();
+  for (const item of candidates) {
+    const key = normalizeText(item.fingerprint || item.id);
+    const existing = deduped.get(key);
+    if (!existing || Number(item.match_score || 0) >= Number(existing.match_score || 0)) {
+      deduped.set(key, item);
+    }
+  }
+
+  return {
+    source_name: source.name || 'registry',
+    shard_sources: shardSources,
+    matched_count: deduped.size,
+    candidates: Array.from(deduped.values()),
+    warnings
+  };
+}
+
 function printRecordSummary(result) {
   const action = result.created ? 'Recorded new entry' : 'Updated duplicate fingerprint';
   console.log(chalk.green(`✓ ${action}`));
@@ -529,6 +1128,8 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
   const includeVerified = options.includeVerified === true;
 
   const inspected = [];
+  const mitigationInspected = [];
+  const mitigationBlocked = [];
   for (const summary of index.entries) {
     const entry = await readErrorbookEntry(paths, summary.id, fileSystem);
     if (!entry) {
@@ -536,12 +1137,34 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
     }
 
     const status = normalizeStatus(entry.status, 'candidate');
+    const risk = evaluateEntryRisk(entry);
+    const mitigation = evaluateTemporaryMitigationPolicy(entry);
+    if (mitigation) {
+      const mitigationItem = {
+        id: entry.id,
+        title: entry.title,
+        status,
+        risk,
+        quality_score: Number(entry.quality_score || 0),
+        tags: normalizeStringList(entry.tags),
+        updated_at: entry.updated_at,
+        temporary_mitigation: mitigation
+      };
+      mitigationInspected.push(mitigationItem);
+      if (Array.isArray(mitigation.policy_violations) && mitigation.policy_violations.length > 0) {
+        mitigationBlocked.push({
+          ...mitigationItem,
+          block_reasons: ['temporary_mitigation_policy'],
+          policy_violations: mitigation.policy_violations
+        });
+      }
+    }
+
     const unresolved = status === 'candidate' || (includeVerified && status === 'verified');
     if (!unresolved) {
       continue;
     }
 
-    const risk = evaluateEntryRisk(entry);
     inspected.push({
       id: entry.id,
       title: entry.title,
@@ -553,9 +1176,43 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
     });
   }
 
-  const blocked = inspected
+  const riskBlocked = inspected
     .filter((item) => riskRank(item.risk) >= riskRank(minRisk))
+    .map((item) => ({
+      ...item,
+      block_reasons: ['risk_threshold']
+    }));
+
+  const blockedById = new Map();
+  for (const item of riskBlocked) {
+    blockedById.set(item.id, {
+      ...item,
+      policy_violations: []
+    });
+  }
+  for (const item of mitigationBlocked) {
+    const existing = blockedById.get(item.id);
+    if (!existing) {
+      blockedById.set(item.id, {
+        ...item,
+        policy_violations: Array.isArray(item.policy_violations) ? item.policy_violations : []
+      });
+      continue;
+    }
+    existing.block_reasons = normalizeStringList(existing.block_reasons, item.block_reasons);
+    existing.policy_violations = normalizeStringList(existing.policy_violations, item.policy_violations);
+    if (!existing.temporary_mitigation && item.temporary_mitigation) {
+      existing.temporary_mitigation = item.temporary_mitigation;
+    }
+    blockedById.set(existing.id, existing);
+  }
+
+  const blocked = Array.from(blockedById.values())
     .sort((left, right) => {
+      const mitigationDiff = Number((right.policy_violations || []).length > 0) - Number((left.policy_violations || []).length > 0);
+      if (mitigationDiff !== 0) {
+        return mitigationDiff;
+      }
       const riskDiff = riskRank(right.risk) - riskRank(left.risk);
       if (riskDiff !== 0) {
         return riskDiff;
@@ -571,10 +1228,14 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
     mode: 'errorbook-release-gate',
     gate: {
       min_risk: minRisk,
-      include_verified: includeVerified
+      include_verified: includeVerified,
+      mitigation_policy_enforced: true
     },
     passed: blocked.length === 0,
     inspected_count: inspected.length,
+    risk_blocked_count: riskBlocked.length,
+    mitigation_inspected_count: mitigationInspected.length,
+    mitigation_blocked_count: mitigationBlocked.length,
     blocked_count: blocked.length,
     blocked_entries: blocked
   };
@@ -628,6 +1289,15 @@ async function runErrorbookRecordCommand(options = {}, dependencies = {}) {
     entry = mergeEntry(existingEntry, normalized);
     deduplicated = true;
   } else {
+    const temporaryMitigation = normalizeExistingTemporaryMitigation(normalized.temporary_mitigation);
+    const mitigationPayload = temporaryMitigation.enabled
+      ? {
+        ...temporaryMitigation,
+        created_at: nowIso(),
+        updated_at: nowIso(),
+        resolved_at: ''
+      }
+      : { enabled: false };
     entry = {
       api_version: ERRORBOOK_ENTRY_API_VERSION,
       id: createEntryId(),
@@ -643,6 +1313,7 @@ async function runErrorbookRecordCommand(options = {}, dependencies = {}) {
       ontology_tags: normalized.ontology_tags,
       status: normalized.status,
       source: normalized.source,
+      temporary_mitigation: mitigationPayload,
       notes: normalized.notes || '',
       occurrences: 1
     };
@@ -680,6 +1351,154 @@ async function runErrorbookRecordCommand(options = {}, dependencies = {}) {
   return result;
 }
 
+async function runErrorbookExportCommand(options = {}, dependencies = {}) {
+  const projectPath = dependencies.projectPath || process.cwd();
+  const fileSystem = dependencies.fileSystem || fs;
+  const paths = resolveErrorbookPaths(projectPath);
+  const registryPaths = resolveErrorbookRegistryPaths(projectPath, {
+    exportPath: options.out
+  });
+  const index = await readErrorbookIndex(paths, fileSystem);
+
+  const statuses = normalizeStatusList(options.statuses || options.status || 'promoted', ['promoted']);
+  const minQuality = Number.isFinite(Number(options.minQuality))
+    ? Number(options.minQuality)
+    : 75;
+  const limit = Number.isFinite(Number(options.limit)) && Number(options.limit) > 0
+    ? Number(options.limit)
+    : 0;
+
+  const selected = [];
+  for (const summary of index.entries) {
+    const entry = await readErrorbookEntry(paths, summary.id, fileSystem);
+    if (!entry) {
+      continue;
+    }
+    const status = normalizeStatus(entry.status, 'candidate');
+    if (!statuses.includes(status)) {
+      continue;
+    }
+    if (Number(entry.quality_score || 0) < minQuality) {
+      continue;
+    }
+    selected.push({
+      id: entry.id,
+      fingerprint: entry.fingerprint,
+      title: entry.title,
+      symptom: entry.symptom,
+      root_cause: entry.root_cause,
+      fix_actions: normalizeStringList(entry.fix_actions),
+      verification_evidence: normalizeStringList(entry.verification_evidence),
+      tags: normalizeStringList(entry.tags),
+      ontology_tags: normalizeOntologyTags(entry.ontology_tags),
+      status,
+      quality_score: Number(entry.quality_score || 0),
+      updated_at: entry.updated_at,
+      source: entry.source || {},
+      temporary_mitigation: normalizeExistingTemporaryMitigation(entry.temporary_mitigation)
+    });
+  }
+
+  selected.sort((left, right) => {
+    const qualityDiff = Number(right.quality_score || 0) - Number(left.quality_score || 0);
+    if (qualityDiff !== 0) {
+      return qualityDiff;
+    }
+    return `${right.updated_at || ''}`.localeCompare(`${left.updated_at || ''}`);
+  });
+
+  const entries = limit > 0 ? selected.slice(0, limit) : selected;
+  const payload = {
+    api_version: ERRORBOOK_REGISTRY_API_VERSION,
+    generated_at: nowIso(),
+    source: {
+      project: path.basename(projectPath),
+      statuses,
+      min_quality: minQuality
+    },
+    total_entries: entries.length,
+    entries
+  };
+
+  await fileSystem.ensureDir(path.dirname(registryPaths.exportFile));
+  await fileSystem.writeJson(registryPaths.exportFile, payload, { spaces: 2 });
+
+  const result = {
+    mode: 'errorbook-export',
+    out_file: registryPaths.exportFile,
+    statuses,
+    min_quality: minQuality,
+    total_entries: entries.length
+  };
+
+  if (options.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else if (!options.silent) {
+    console.log(chalk.green('✓ Exported curated errorbook entries'));
+    console.log(chalk.gray(`  out: ${registryPaths.exportFile}`));
+    console.log(chalk.gray(`  total: ${entries.length}`));
+    console.log(chalk.gray(`  statuses: ${statuses.join(', ')}`));
+  }
+
+  return result;
+}
+
+async function runErrorbookSyncRegistryCommand(options = {}, dependencies = {}) {
+  const projectPath = dependencies.projectPath || process.cwd();
+  const fileSystem = dependencies.fileSystem || fs;
+  const registryPaths = resolveErrorbookRegistryPaths(projectPath, {
+    configPath: options.config,
+    cachePath: options.cache
+  });
+
+  const config = await readErrorbookRegistryConfig(registryPaths, fileSystem);
+  const sourceOption = normalizeText(options.source);
+  const configuredSource = config.sources.find((item) => item.enabled && item.source);
+  const source = sourceOption || (configuredSource ? configuredSource.source : '');
+  if (!source) {
+    throw new Error('registry source is required (use --source or configure .sce/config/errorbook-registry.json)');
+  }
+  const sourceName = normalizeText(options.sourceName)
+    || (configuredSource ? configuredSource.name : '')
+    || 'registry';
+
+  const payload = await loadRegistryPayload(projectPath, source, fileSystem);
+  const entries = extractRegistryEntries(payload, sourceName);
+  const cachePath = resolveProjectPath(projectPath, options.cache, config.cache_file || DEFAULT_ERRORBOOK_REGISTRY_CACHE);
+  const cachePayload = {
+    api_version: ERRORBOOK_REGISTRY_CACHE_API_VERSION,
+    synced_at: nowIso(),
+    source: {
+      name: sourceName,
+      uri: source
+    },
+    total_entries: entries.length,
+    entries
+  };
+
+  await fileSystem.ensureDir(path.dirname(cachePath));
+  await fileSystem.writeJson(cachePath, cachePayload, { spaces: 2 });
+
+  const result = {
+    mode: 'errorbook-sync-registry',
+    source,
+    source_name: sourceName,
+    cache_file: cachePath,
+    total_entries: entries.length
+  };
+
+  if (options.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else if (!options.silent) {
+    console.log(chalk.green('✓ Synced external errorbook registry'));
+    console.log(chalk.gray(`  source: ${source}`));
+    console.log(chalk.gray(`  cache: ${cachePath}`));
+    console.log(chalk.gray(`  entries: ${entries.length}`));
+  }
+
+  return result;
+}
+
 async function runErrorbookListCommand(options = {}, dependencies = {}) {
   const projectPath = dependencies.projectPath || process.cwd();
   const fileSystem = dependencies.fileSystem || fs;
@@ -765,6 +1584,7 @@ async function runErrorbookShowCommand(options = {}, dependencies = {}) {
   if (options.json) {
     console.log(JSON.stringify(result, null, 2));
   } else if (!options.silent) {
+    const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
     console.log(chalk.cyan.bold(entry.title));
     console.log(chalk.gray(`id: ${entry.id}`));
     console.log(chalk.gray(`status: ${entry.status}`));
@@ -775,6 +1595,16 @@ async function runErrorbookShowCommand(options = {}, dependencies = {}) {
     console.log(chalk.gray(`fix_actions: ${entry.fix_actions.join(' | ')}`));
     console.log(chalk.gray(`verification: ${entry.verification_evidence.join(' | ') || '(none)'}`));
     console.log(chalk.gray(`ontology: ${entry.ontology_tags.join(', ') || '(none)'}`));
+    if (mitigation.enabled) {
+      const active = !normalizeText(mitigation.resolved_at);
+      console.log(chalk.gray(`temporary_mitigation: ${active ? 'active' : 'resolved'}`));
+      console.log(chalk.gray(`  exit: ${mitigation.exit_criteria || '(none)'}`));
+      console.log(chalk.gray(`  cleanup: ${mitigation.cleanup_task || '(none)'}`));
+      console.log(chalk.gray(`  deadline: ${mitigation.deadline_at || '(none)'}`));
+      if (mitigation.resolved_at) {
+        console.log(chalk.gray(`  resolved_at: ${mitigation.resolved_at}`));
+      }
+    }
   }
 
   return result;
@@ -795,9 +1625,15 @@ async function runErrorbookFindCommand(options = {}, dependencies = {}) {
   const limit = Number.isFinite(Number(options.limit)) && Number(options.limit) > 0
     ? Number(options.limit)
     : 10;
-  const tokens = query.toLowerCase().split(/[\s,;|]+/).map((item) => item.trim()).filter(Boolean);
+  const tokens = tokenizeQueryText(query);
+  const includeRegistry = options.includeRegistry === true;
 
   const candidates = [];
+  let localMatched = 0;
+  let registryMatched = 0;
+  let registryCacheMatched = 0;
+  let registryRemoteMatched = 0;
+  const registryWarnings = [];
   for (const summary of index.entries) {
     if (requestedStatus && summary.status !== requestedStatus) {
       continue;
@@ -810,8 +1646,10 @@ async function runErrorbookFindCommand(options = {}, dependencies = {}) {
     if (matchScore <= 0) {
       continue;
     }
+    localMatched += 1;
     candidates.push({
       id: entry.id,
+      entry_source: 'local',
       status: entry.status,
       quality_score: entry.quality_score,
       title: entry.title,
@@ -823,7 +1661,96 @@ async function runErrorbookFindCommand(options = {}, dependencies = {}) {
     });
   }
 
-  candidates.sort((left, right) => {
+  if (includeRegistry) {
+    const configPaths = resolveErrorbookRegistryPaths(projectPath, {
+      configPath: options.config,
+      cachePath: options.registryCache
+    });
+    const registryConfig = await readErrorbookRegistryConfig(configPaths, fileSystem);
+    const registryMode = normalizeRegistryMode(options.registryMode, registryConfig.search_mode || 'cache');
+    const useCache = registryMode === 'cache' || registryMode === 'hybrid';
+    const useRemote = registryMode === 'remote' || registryMode === 'hybrid';
+
+    if (useRemote) {
+      const configuredSources = Array.isArray(registryConfig.sources)
+        ? registryConfig.sources.filter((item) => item.enabled && item.source)
+        : [];
+      const overrideSource = normalizeText(options.registrySource);
+      const remoteSources = overrideSource
+        ? [normalizeRegistrySource({
+          name: normalizeText(options.registrySourceName) || 'override',
+          source: overrideSource,
+          index_url: normalizeText(options.registryIndex)
+        })]
+        : configuredSources;
+
+      for (const source of remoteSources) {
+        const remoteResult = await searchRegistryRemote({
+          source,
+          query,
+          queryTokens: tokens,
+          requestedStatus,
+          maxShards: options.registryMaxShards,
+          allowRemoteFullscan: options.allowRemoteFullscan === true
+        }, {
+          projectPath,
+          fileSystem
+        });
+        registryRemoteMatched += Number(remoteResult.matched_count || 0);
+        registryMatched += Number(remoteResult.matched_count || 0);
+        if (Array.isArray(remoteResult.warnings)) {
+          registryWarnings.push(...remoteResult.warnings);
+        }
+        if (Array.isArray(remoteResult.candidates)) {
+          candidates.push(...remoteResult.candidates);
+        }
+      }
+    }
+
+    if (useCache) {
+      const cachePath = resolveProjectPath(
+        projectPath,
+        options.registryCache,
+        registryConfig.cache_file || DEFAULT_ERRORBOOK_REGISTRY_CACHE
+      );
+      const registryCache = await loadRegistryCache(projectPath, cachePath, fileSystem);
+      for (const entry of registryCache.entries) {
+        if (requestedStatus && normalizeStatus(entry.status, 'candidate') !== requestedStatus) {
+          continue;
+        }
+        const matchScore = scoreSearchMatch(entry, tokens);
+        if (matchScore <= 0) {
+          continue;
+        }
+        registryMatched += 1;
+        registryCacheMatched += 1;
+        candidates.push({
+          id: entry.id,
+          entry_source: 'registry-cache',
+          status: entry.status,
+          quality_score: entry.quality_score,
+          title: entry.title,
+          fingerprint: entry.fingerprint,
+          tags: normalizeStringList(entry.tags),
+          ontology_tags: normalizeOntologyTags(entry.ontology_tags),
+          match_score: matchScore,
+          updated_at: entry.updated_at
+        });
+      }
+    }
+  }
+
+  const dedupedCandidates = new Map();
+  for (const item of candidates) {
+    const key = normalizeText(item.fingerprint || item.id);
+    const existing = dedupedCandidates.get(key);
+    if (!existing || Number(item.match_score || 0) >= Number(existing.match_score || 0)) {
+      dedupedCandidates.set(key, item);
+    }
+  }
+  const sortedCandidates = Array.from(dedupedCandidates.values());
+
+  sortedCandidates.sort((left, right) => {
     const scoreDiff = Number(right.match_score) - Number(left.match_score);
     if (scoreDiff !== 0) {
       return scoreDiff;
@@ -834,8 +1761,16 @@ async function runErrorbookFindCommand(options = {}, dependencies = {}) {
   const result = {
     mode: 'errorbook-find',
     query,
-    total_results: candidates.length,
-    entries: candidates.slice(0, limit)
+    include_registry: includeRegistry,
+    source_breakdown: {
+      local_results: localMatched,
+      registry_results: registryMatched,
+      registry_cache_results: registryCacheMatched,
+      registry_remote_results: registryRemoteMatched
+    },
+    warnings: normalizeStringList(registryWarnings),
+    total_results: sortedCandidates.length,
+    entries: sortedCandidates.slice(0, limit)
   };
 
   if (options.json) {
@@ -880,6 +1815,7 @@ async function runErrorbookPromoteCommand(options = {}, dependencies = {}) {
 
   entry.status = 'promoted';
   entry.promoted_at = nowIso();
+  entry.temporary_mitigation = markTemporaryMitigationResolved(entry, entry.promoted_at);
   entry.updated_at = entry.promoted_at;
   await writeErrorbookEntry(paths, entry, fileSystem);
 
@@ -971,6 +1907,7 @@ async function runErrorbookDeprecateCommand(options = {}, dependencies = {}) {
 
   entry.status = 'deprecated';
   entry.updated_at = nowIso();
+  entry.temporary_mitigation = markTemporaryMitigationResolved(entry, entry.updated_at);
   entry.deprecated_at = entry.updated_at;
   entry.deprecation = {
     reason,
@@ -1109,6 +2046,11 @@ function registerErrorbookCommands(program) {
     .option('--tags <csv>', 'Tags, comma-separated')
     .option('--ontology <csv>', `Ontology focus tags (${ERRORBOOK_ONTOLOGY_TAGS.join(', ')})`)
     .option('--status <status>', 'candidate|verified', 'candidate')
+    .option('--temporary-mitigation', 'Mark this entry as temporary fallback/mitigation (requires governance fields)')
+    .option('--mitigation-reason <text>', 'Temporary mitigation reason/context')
+    .option('--mitigation-exit <text>', 'Exit criteria that define mitigation cleanup completion')
+    .option('--mitigation-cleanup <text>', 'Cleanup task/spec to remove temporary mitigation')
+    .option('--mitigation-deadline <iso>', 'Deadline for mitigation cleanup (ISO datetime)')
     .option('--fingerprint <text>', 'Custom deduplication fingerprint')
     .option('--from <path>', 'Load payload from JSON file')
     .option('--spec <spec>', 'Related spec id/name')
@@ -1156,6 +2098,15 @@ function registerErrorbookCommands(program) {
     .requiredOption('--query <text>', 'Search query')
     .option('--status <status>', `Filter by status (${ERRORBOOK_STATUSES.join(', ')})`)
     .option('--limit <n>', 'Maximum entries returned', parseInt, 10)
+    .option('--include-registry', 'Include external registry entries in search')
+    .option('--registry-mode <mode>', 'Registry lookup mode (cache|remote|hybrid)')
+    .option('--registry-source <url-or-path>', 'Override registry source (for remote mode)')
+    .option('--registry-source-name <name>', 'Override registry source label')
+    .option('--registry-index <url-or-path>', 'Override registry index source (for remote mode)')
+    .option('--registry-max-shards <n>', 'Max remote shards to fetch per query', parseInt, 8)
+    .option('--allow-remote-fullscan', 'Allow remote full-source fallback when index is unavailable')
+    .option('--registry-cache <path>', `Registry cache path (default: ${DEFAULT_ERRORBOOK_REGISTRY_CACHE})`)
+    .option('--config <path>', `Registry config path (default: ${DEFAULT_ERRORBOOK_REGISTRY_CONFIG})`)
     .option('--json', 'Emit machine-readable JSON')
     .action(async (options) => {
       try {
@@ -1165,6 +2116,38 @@ function registerErrorbookCommands(program) {
       }
     });
 
+  errorbook
+    .command('export')
+    .description('Export curated local entries for external registry publication')
+    .option('--status <csv>', 'Statuses to include (csv, default: promoted)', 'promoted')
+    .option('--min-quality <n>', 'Minimum quality score (default: 75)', parseInt)
+    .option('--limit <n>', 'Maximum entries exported', parseInt)
+    .option('--out <path>', `Output file (default: ${DEFAULT_ERRORBOOK_REGISTRY_EXPORT})`)
+    .option('--json', 'Emit machine-readable JSON')
+    .action(async (options) => {
+      try {
+        await runErrorbookExportCommand(options);
+      } catch (error) {
+        emitCommandError(error, options.json);
+      }
+    });
+
+  errorbook
+    .command('sync-registry')
+    .description('Sync external errorbook registry to local cache')
+    .option('--source <url-or-path>', 'Registry source JSON (https://... or local file)')
+    .option('--source-name <name>', 'Registry source name label')
+    .option('--cache <path>', `Registry cache output path (default: ${DEFAULT_ERRORBOOK_REGISTRY_CACHE})`)
+    .option('--config <path>', `Registry config path (default: ${DEFAULT_ERRORBOOK_REGISTRY_CONFIG})`)
+    .option('--json', 'Emit machine-readable JSON')
+    .action(async (options) => {
+      try {
+        await runErrorbookSyncRegistryCommand(options);
+      } catch (error) {
+        emitCommandError(error, options.json);
+      }
+    });
+
   errorbook
     .command('promote <id>')
     .description('Promote entry after strict quality gate')
@@ -1179,7 +2162,7 @@ function registerErrorbookCommands(program) {
 
   errorbook
     .command('release-gate')
-    .description('Block release on unresolved high-risk candidate entries')
+    .description('Block release on unresolved high-risk entries and temporary-mitigation policy violations')
     .option('--min-risk <level>', 'Risk threshold (low|medium|high)', 'high')
     .option('--include-verified', 'Also inspect verified (non-promoted) entries')
     .option('--fail-on-block', 'Exit with error when gate is blocked')
@@ -1224,15 +2207,22 @@ module.exports = {
   ERRORBOOK_STATUSES,
   ERRORBOOK_ONTOLOGY_TAGS,
   ERRORBOOK_RISK_LEVELS,
+  TEMPORARY_MITIGATION_TAG,
+  DEFAULT_ERRORBOOK_REGISTRY_CONFIG,
+  DEFAULT_ERRORBOOK_REGISTRY_CACHE,
+  DEFAULT_ERRORBOOK_REGISTRY_EXPORT,
   HIGH_RISK_SIGNAL_TAGS,
   DEFAULT_PROMOTE_MIN_QUALITY,
   resolveErrorbookPaths,
+  resolveErrorbookRegistryPaths,
   normalizeOntologyTags,
   normalizeRecordPayload,
   scoreQuality,
   evaluateEntryRisk,
   evaluateErrorbookReleaseGate,
   runErrorbookRecordCommand,
+  runErrorbookExportCommand,
+  runErrorbookSyncRegistryCommand,
   runErrorbookListCommand,
   runErrorbookShowCommand,
   runErrorbookFindCommand,