soloforge 1.2.2 → 1.2.3

package/dist/engine/capability_state_store.d.ts

@@ -0,0 +1,50 @@
+/**
+ * 能力状态覆盖存储 — 持久化人工确认的能力状态变更。
+ * P2-8 范围: 显式更新（dry_run + 证据校验 + 人工确认），不自动改状态。
+ * 存储: JSON 文件，原子写入，路径绑定 stateDir。
+ */
+import type { CapabilityState } from "./capability_registry.js";
+import type { EscapeReport } from "./escape_report.js";
+export interface StateOverride {
+    policy_id: string;
+    previous_state: CapabilityState;
+    new_state: CapabilityState;
+    reason: string;
+    evidence_ids: string[];
+    confirmed_by: string;
+    updated_at: string;
+}
+export interface UpdateRequest {
+    policy_id: string;
+    target_state: CapabilityState;
+    reason: string;
+    evidence_ids: string[];
+    confirmed_by: string;
+    dry_run: boolean;
+    confirm: boolean;
+}
+export interface UpdateResult {
+    policy_id: string;
+    capability_id: string | null;
+    previous_state: CapabilityState;
+    new_state: CapabilityState;
+    updated: boolean;
+    dry_run: boolean;
+    validation_errors: string[];
+    evidence_matched: boolean;
+    override: StateOverride | null;
+}
+export declare class CapabilityStateStore {
+    private filePath;
+    private overrides;
+    private loaded;
+    constructor(stateDir: string);
+    private ensureLoaded;
+    private persist;
+    getEffectiveState(policyId: string, defaultState: CapabilityState): CapabilityState;
+    list(): StateOverride[];
+    validate(request: UpdateRequest, currentState: CapabilityState, capabilityId: string | null, escapeReports: EscapeReport[]): UpdateResult;
+    apply(request: UpdateRequest, currentState: CapabilityState, capabilityId: string | null, escapeReports: EscapeReport[]): UpdateResult;
+    clear(): void;
+}
+//# sourceMappingURL=capability_state_store.d.ts.map

package/dist/engine/capability_state_store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability_state_store.d.ts","sourceRoot":"","sources":["../../src/engine/capability_state_store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,eAAe,CAAC;IAChC,SAAS,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,eAAe,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE,eAAe,CAAC;IAChC,SAAS,EAAE,eAAe,CAAC;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAC;CAChC;AASD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,MAAM,CAAS;gBAEX,QAAQ,EAAE,MAAM;IAO5B,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,OAAO;IAMf,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,eAAe,GAAG,eAAe;IASnF,IAAI,IAAI,aAAa,EAAE;IAKvB,QAAQ,CACN,OAAO,EAAE,aAAa,EACtB,YAAY,EAAE,eAAe,EAC7B,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,aAAa,EAAE,YAAY,EAAE,GAC5B,YAAY;IAoEf,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,YAAY;IActI,KAAK,IAAI,IAAI;CAKd"}

package/dist/engine/capability_state_store.js

@@ -0,0 +1,123 @@
+/**
+ * 能力状态覆盖存储 — 持久化人工确认的能力状态变更。
+ * P2-8 范围: 显式更新（dry_run + 证据校验 + 人工确认），不自动改状态。
+ * 存储: JSON 文件，原子写入，路径绑定 stateDir。
+ */
+import fs from "node:fs";
+import path from "node:path";
+const VALID_TRANSITIONS = {
+    enforced: ["advisory", "removed"],
+    advisory: ["enforced", "experimental", "removed"],
+    experimental: ["advisory", "removed"],
+    removed: ["experimental"],
+};
+export class CapabilityStateStore {
+    filePath;
+    overrides = [];
+    loaded = false;
+    constructor(stateDir) {
+        this.filePath = path.join(stateDir, "capability-state-overrides.json");
+        if (!fs.existsSync(stateDir)) {
+            fs.mkdirSync(stateDir, { recursive: true });
+        }
+    }
+    ensureLoaded() {
+        if (this.loaded)
+            return;
+        this.loaded = true;
+        try {
+            const data = fs.readFileSync(this.filePath, "utf-8");
+            this.overrides = JSON.parse(data);
+        }
+        catch {
+            this.overrides = [];
+        }
+    }
+    persist() {
+        const tmpPath = `${this.filePath}.tmp`;
+        fs.writeFileSync(tmpPath, JSON.stringify(this.overrides, null, 2));
+        fs.renameSync(tmpPath, this.filePath);
+    }
+    getEffectiveState(policyId, defaultState) {
+        this.ensureLoaded();
+        let latest;
+        for (const o of this.overrides) {
+            if (o.policy_id === policyId)
+                latest = o;
+        }
+        return latest ? latest.new_state : defaultState;
+    }
+    list() {
+        this.ensureLoaded();
+        return this.overrides.map((o) => ({ ...o, evidence_ids: [...o.evidence_ids] }));
+    }
+    validate(request, currentState, capabilityId, escapeReports) {
+        const errors = [];
+        if (!capabilityId) {
+            errors.push(`policy_id ${request.policy_id} not found in capability registry`);
+        }
+        if (request.target_state === currentState) {
+            errors.push(`target_state (${request.target_state}) same as current state, no change needed`);
+        }
+        if (capabilityId && request.target_state !== currentState) {
+            const allowed = VALID_TRANSITIONS[currentState];
+            if (!allowed.includes(request.target_state)) {
+                errors.push(`${currentState} → ${request.target_state} is not a valid transition (allowed: ${allowed.join(", ")})`);
+            }
+        }
+        if (request.evidence_ids.length === 0) {
+            errors.push("at least one evidence_id is required");
+        }
+        const matchedEvidence = request.evidence_ids.filter((eid) => escapeReports.some((r) => r.escape_id === eid && r.policy_id === request.policy_id));
+        const unmatchedEvidence = request.evidence_ids.filter((eid) => !matchedEvidence.includes(eid));
+        if (request.evidence_ids.length > 0 && unmatchedEvidence.length > 0) {
+            errors.push(`evidence_ids not found for policy ${request.policy_id}: ${unmatchedEvidence.join(", ")}`);
+        }
+        if (!request.confirm) {
+            errors.push("confirm=true required for state changes; human confirmation mandatory");
+        }
+        if (!request.confirmed_by.trim()) {
+            errors.push("confirmed_by is required");
+        }
+        if (!request.reason.trim()) {
+            errors.push("reason is required");
+        }
+        const evidenceMatched = matchedEvidence.length > 0;
+        const override = {
+            policy_id: request.policy_id,
+            previous_state: currentState,
+            new_state: request.target_state,
+            reason: request.reason,
+            evidence_ids: [...request.evidence_ids],
+            confirmed_by: request.confirmed_by,
+            updated_at: new Date().toISOString(),
+        };
+        return {
+            policy_id: request.policy_id,
+            capability_id: capabilityId,
+            previous_state: currentState,
+            new_state: request.target_state,
+            updated: false,
+            dry_run: request.dry_run,
+            validation_errors: errors,
+            evidence_matched: evidenceMatched,
+            override: errors.length === 0 ? override : null,
+        };
+    }
+    apply(request, currentState, capabilityId, escapeReports) {
+        this.ensureLoaded();
+        const result = this.validate(request, currentState, capabilityId, escapeReports);
+        if (result.validation_errors.length > 0 || request.dry_run || !result.override) {
+            return result;
+        }
+        this.overrides.push(result.override);
+        this.persist();
+        return { ...result, updated: true };
+    }
+    clear() {
+        this.overrides = [];
+        this.loaded = true;
+        this.persist();
+    }
+}
+//# sourceMappingURL=capability_state_store.js.map

package/dist/engine/capability_state_store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability_state_store.js","sourceRoot":"","sources":["../../src/engine/capability_state_store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAoC7B,MAAM,iBAAiB,GAA+C;IACpE,QAAQ,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;IACjC,QAAQ,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,SAAS,CAAC;IACjD,YAAY,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;IACrC,OAAO,EAAE,CAAC,cAAc,CAAC;CAC1B,CAAC;AAEF,MAAM,OAAO,oBAAoB;IACvB,QAAQ,CAAS;IACjB,SAAS,GAAoB,EAAE,CAAC;IAChC,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,QAAgB;QAC1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,iCAAiC,CAAC,CAAC;QACvE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAEO,OAAO;QACb,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,QAAQ,MAAM,CAAC;QACvC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,iBAAiB,CAAC,QAAgB,EAAE,YAA6B;QAC/D,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,MAAiC,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,MAAM,GAAG,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;IAClD,CAAC;IAED,IAAI;QACF,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAClF,CAAC;IAED,QAAQ,CACN,OAAsB,EACtB,YAA6B,EAC7B,YAA2B,EAC3B,aAA6B;QAE7B,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,SAAS,mCAAmC,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,YAAY,2CAA2C,CAAC,CAAC;QAChG,CAAC;QAED,IAAI,YAAY,IAAI,OAAO,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAChD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,MAAM,OAAO,CAAC,YAAY,wCAAwC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtH,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAC1D,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,GAAG,IAAI,CAAC,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,CAAC,CACpF,CAAC;QACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAE/F,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,MAAM,CAAC,IAAI,CAAC,qCAAqC,OAAO,CAAC,SAAS,KAAK,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzG,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;QAEnD,MAAM,QAAQ,GAAkB;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,cAAc,EAAE,YAAY;YAC5B,SAAS,EAAE,OAAO,CAAC,YAAY;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY,EAAE,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC;YACvC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC;QAEF,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,aAAa,EAAE,YAAY;YAC3B,cAAc,EAAE,YAAY;YAC5B,SAAS,EAAE,OAAO,CAAC,YAAY;YAC/B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,iBAAiB,EAAE,MAAM;YACzB,gBAAgB,EAAE,eAAe;YACjC,QAAQ,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;SAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAsB,EAAE,YAA6B,EAAE,YAA2B,EAAE,aAA6B;QACrH,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;QAEjF,IAAI,MAAM,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC/E,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QAEf,OAAO,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,KAAK;QACH,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;CACF"}

package/dist/engine/cognitive_anchor.d.ts

@@ -0,0 +1,59 @@
+/**
+ * .map.json 认知锚点 — 结构化可追溯压缩。
+ * 备忘录要求: 每个锚点必须有 source_refs, confidence, last_verified_at。
+ * 自动生成的锚点默认 advisory，核心锚点更新需人工确认。
+ */
+export interface CognitiveMapAnchor {
+    /** 锚点 ID */
+    anchor_id: string;
+    /** 所属模块 */
+    module: string;
+    /** 核心契约列表 */
+    core_contracts: string[];
+    /** 已知副作用 */
+    side_effects: string[];
+    /** 不变量 */
+    invariants: string[];
+    /** 决策原因 */
+    decision_reasons: string[];
+    /** 风险标注 */
+    risk_notes: string[];
+    /** 证据引用: 文件/commit/task/diff/命令输出 */
+    source_refs: Array<{
+        type: "file" | "commit" | "task" | "diff" | "command_output" | "audit";
+        ref: string;
+    }>;
+    /** 置信度 */
+    confidence: "high" | "medium" | "low";
+    /** 上次验证时间 */
+    last_verified_at: string;
+    /** 是否过时 */
+    stale_anchor?: boolean;
+}
+export interface MapJsonFile {
+    version: 1;
+    anchors: CognitiveMapAnchor[];
+    generated_at: string;
+}
+/**
+ * 写入 .map.json 文件。
+ */
+export declare function writeMapJson(filePath: string, anchors: CognitiveMapAnchor[]): void;
+/**
+ * 读取 .map.json 文件。文件不存在时返回空锚点列表。
+ */
+export declare function readMapJson(filePath: string): MapJsonFile | null;
+/**
+ * 检查锚点是否过时 — 与当前文件列表比对 source_refs。
+ * 文件不存在的 source_ref 标记 stale_anchor。
+ */
+export declare function checkAnchorStaleness(anchors: CognitiveMapAnchor[], existingFiles: Set<string>): CognitiveMapAnchor[];
+/**
+ * 按相关性筛选锚点 — 根据模块名或文件路径前缀匹配。
+ * 不全量加载，避免污染上下文。
+ */
+export declare function filterRelevantAnchors(anchors: CognitiveMapAnchor[], query: {
+    module?: string;
+    file_path?: string;
+}): CognitiveMapAnchor[];
+//# sourceMappingURL=cognitive_anchor.d.ts.map

package/dist/engine/cognitive_anchor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cognitive_anchor.d.ts","sourceRoot":"","sources":["../../src/engine/cognitive_anchor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,kBAAkB;IACjC,YAAY;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW;IACX,MAAM,EAAE,MAAM,CAAC;IACf,aAAa;IACb,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY;IACZ,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU;IACV,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW;IACX,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW;IACX,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,qCAAqC;IACrC,WAAW,EAAE,KAAK,CAAC;QACjB,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,gBAAgB,GAAG,OAAO,CAAC;QACvE,GAAG,EAAE,MAAM,CAAC;KACb,CAAC,CAAC;IACH,UAAU;IACV,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,aAAa;IACb,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW;IACX,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,IAAI,CAalF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAOhE;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,kBAAkB,EAAE,EAC7B,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,GACzB,kBAAkB,EAAE,CAYtB;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,kBAAkB,EAAE,EAC7B,KAAK,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7C,kBAAkB,EAAE,CAWtB"}

package/dist/engine/cognitive_anchor.js

@@ -0,0 +1,68 @@
+/**
+ * .map.json 认知锚点 — 结构化可追溯压缩。
+ * 备忘录要求: 每个锚点必须有 source_refs, confidence, last_verified_at。
+ * 自动生成的锚点默认 advisory，核心锚点更新需人工确认。
+ */
+import fss from "node:fs";
+import path from "node:path";
+/**
+ * 写入 .map.json 文件。
+ */
+export function writeMapJson(filePath, anchors) {
+    const dir = path.dirname(filePath);
+    fss.mkdirSync(dir, { recursive: true });
+    const data = {
+        version: 1,
+        anchors,
+        generated_at: new Date().toISOString(),
+    };
+    const tmpPath = `${filePath}.tmp`;
+    fss.writeFileSync(tmpPath, JSON.stringify(data, null, 2));
+    fss.renameSync(tmpPath, filePath);
+}
+/**
+ * 读取 .map.json 文件。文件不存在时返回空锚点列表。
+ */
+export function readMapJson(filePath) {
+    if (!fss.existsSync(filePath))
+        return null;
+    try {
+        return JSON.parse(fss.readFileSync(filePath, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * 检查锚点是否过时 — 与当前文件列表比对 source_refs。
+ * 文件不存在的 source_ref 标记 stale_anchor。
+ */
+export function checkAnchorStaleness(anchors, existingFiles) {
+    for (const anchor of anchors) {
+        const hasMissing = anchor.source_refs.some((ref) => ref.type === "file" && !existingFiles.has(ref.ref));
+        if (hasMissing) {
+            anchor.stale_anchor = true;
+        }
+        else {
+            anchor.stale_anchor = false;
+        }
+    }
+    return anchors;
+}
+/**
+ * 按相关性筛选锚点 — 根据模块名或文件路径前缀匹配。
+ * 不全量加载，避免污染上下文。
+ */
+export function filterRelevantAnchors(anchors, query) {
+    return anchors.filter((anchor) => {
+        if (query.module && anchor.module === query.module)
+            return true;
+        if (query.file_path) {
+            const matchesRef = anchor.source_refs.some((ref) => ref.type === "file" && (query.file_path.startsWith(ref.ref) || ref.ref.startsWith(query.file_path)));
+            if (matchesRef)
+                return true;
+        }
+        return false;
+    });
+}
+//# sourceMappingURL=cognitive_anchor.js.map

package/dist/engine/cognitive_anchor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cognitive_anchor.js","sourceRoot":"","sources":["../../src/engine/cognitive_anchor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,GAAG,MAAM,SAAS,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAoC7B;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAA6B;IAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExC,MAAM,IAAI,GAAgB;QACxB,OAAO,EAAE,CAAC;QACV,OAAO;QACP,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACvC,CAAC;IAEF,MAAM,OAAO,GAAG,GAAG,QAAQ,MAAM,CAAC;IAClC,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1D,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAgB,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAA6B,EAC7B,aAA0B;IAE1B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAC5D,CAAC;QACF,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,YAAY,GAAG,IAAI,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,YAAY,GAAG,KAAK,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAA6B,EAC7B,KAA8C;IAE9C,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE;QAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAChE,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,KAAK,CAAC,SAAU,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,SAAU,CAAC,CAAC,CAC/G,CAAC;YACF,IAAI,UAAU;gBAAE,OAAO,IAAI,CAAC;QAC9B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/engine/conflict_gate.d.ts

@@ -0,0 +1,36 @@
+/**
+ * 冲突合并门 — 统一 diff ownership CAS 冲突 + scope lease 冲突的 advisory 报告。
+ * CAP-011 实验性: advisory only, 不 hard block。
+ *
+ * 职责:
+ * - preWriteGate: 写前统一检查 CAS + Lease 冲突
+ * - 返回 ConflictGateResult 含所有冲突和建议操作
+ * - human_confirm: 标记人工确认（advisory, 可忽略）
+ */
+import type { DiffOwnershipStore, ConflictReport } from "./diff_ownership_store.js";
+import type { ScopeLeaseStore, LeaseConflict } from "./scope_lease.js";
+export type GateSeverity = "advisory";
+export type RecommendedAction = "proceed" | "confirm_recommended" | "escalate";
+export interface ConflictGateEntry {
+    source: "cas" | "lease";
+    severity: GateSeverity;
+    file_path: string;
+    message: string;
+    detail: ConflictReport | LeaseConflict;
+}
+export interface ConflictGateResult {
+    file_path: string;
+    has_conflict: boolean;
+    entries: ConflictGateEntry[];
+    recommended_action: RecommendedAction;
+    summary: string;
+    confirmed_at: string | null;
+}
+export declare class ConflictGate {
+    private diffOwnership;
+    private scopeLease;
+    constructor(diffOwnership: DiffOwnershipStore, scopeLease: ScopeLeaseStore);
+    preWriteGate(taskId: string, filePath: string): ConflictGateResult;
+    markConfirmed(result: ConflictGateResult): ConflictGateResult;
+}
+//# sourceMappingURL=conflict_gate.d.ts.map

package/dist/engine/conflict_gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"conflict_gate.d.ts","sourceRoot":"","sources":["../../src/engine/conflict_gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AACpF,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEvE,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC;AACtC,MAAM,MAAM,iBAAiB,GAAG,SAAS,GAAG,qBAAqB,GAAG,UAAU,CAAC;AAE/E,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,KAAK,GAAG,OAAO,CAAC;IACxB,QAAQ,EAAE,YAAY,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,cAAc,GAAG,aAAa,CAAC;CACxC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,UAAU,CAAkB;gBAExB,aAAa,EAAE,kBAAkB,EAAE,UAAU,EAAE,eAAe;IAK1E,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,kBAAkB;IA4ClE,aAAa,CAAC,MAAM,EAAE,kBAAkB,GAAG,kBAAkB;CAM9D"}

package/dist/engine/conflict_gate.js

@@ -0,0 +1,73 @@
+/**
+ * 冲突合并门 — 统一 diff ownership CAS 冲突 + scope lease 冲突的 advisory 报告。
+ * CAP-011 实验性: advisory only, 不 hard block。
+ *
+ * 职责:
+ * - preWriteGate: 写前统一检查 CAS + Lease 冲突
+ * - 返回 ConflictGateResult 含所有冲突和建议操作
+ * - human_confirm: 标记人工确认（advisory, 可忽略）
+ */
+export class ConflictGate {
+    diffOwnership;
+    scopeLease;
+    constructor(diffOwnership, scopeLease) {
+        this.diffOwnership = diffOwnership;
+        this.scopeLease = scopeLease;
+    }
+    preWriteGate(taskId, filePath) {
+        const entries = [];
+        // CAS check
+        const { cas, conflict } = this.diffOwnership.preWriteCheck(taskId, filePath);
+        if (conflict) {
+            entries.push({
+                source: "cas",
+                severity: "advisory",
+                file_path: filePath,
+                message: conflict.message,
+                detail: conflict,
+            });
+        }
+        // Lease check
+        const leaseConflict = this.scopeLease.queryLease(taskId, filePath);
+        if (leaseConflict) {
+            entries.push({
+                source: "lease",
+                severity: "advisory",
+                file_path: filePath,
+                message: leaseConflict.message,
+                detail: leaseConflict,
+            });
+        }
+        const hasConflict = entries.length > 0;
+        const recommendedAction = inferRecommendedAction(entries);
+        const summary = hasConflict
+            ? entries.map(e => `[${e.source}] ${e.message}`).join("; ")
+            : "no conflicts";
+        return {
+            file_path: filePath,
+            has_conflict: hasConflict,
+            entries,
+            recommended_action: recommendedAction,
+            summary,
+            confirmed_at: null,
+        };
+    }
+    markConfirmed(result) {
+        return {
+            ...result,
+            confirmed_at: new Date().toISOString(),
+        };
+    }
+}
+function inferRecommendedAction(entries) {
+    if (entries.length === 0)
+        return "proceed";
+    const hasCas = entries.some(e => e.source === "cas");
+    const hasLease = entries.some(e => e.source === "lease");
+    if (hasCas && hasLease)
+        return "escalate";
+    if (hasCas)
+        return "confirm_recommended";
+    return "confirm_recommended";
+}
+//# sourceMappingURL=conflict_gate.js.map

package/dist/engine/conflict_gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"conflict_gate.js","sourceRoot":"","sources":["../../src/engine/conflict_gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAyBH,MAAM,OAAO,YAAY;IACf,aAAa,CAAqB;IAClC,UAAU,CAAkB;IAEpC,YAAY,aAAiC,EAAE,UAA2B;QACxE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,YAAY,CAAC,MAAc,EAAE,QAAgB;QAC3C,MAAM,OAAO,GAAwB,EAAE,CAAC;QAExC,YAAY;QACZ,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC7E,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,KAAK;gBACb,QAAQ,EAAE,UAAU;gBACpB,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,MAAM,EAAE,QAAQ;aACjB,CAAC,CAAC;QACL,CAAC;QAED,cAAc;QACd,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACnE,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,UAAU;gBACpB,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACvC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAE1D,MAAM,OAAO,GAAG,WAAW;YACzB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3D,CAAC,CAAC,cAAc,CAAC;QAEnB,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,WAAW;YACzB,OAAO;YACP,kBAAkB,EAAE,iBAAiB;YACrC,OAAO;YACP,YAAY,EAAE,IAAI;SACnB,CAAC;IACJ,CAAC;IAED,aAAa,CAAC,MAA0B;QACtC,OAAO;YACL,GAAG,MAAM;YACT,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC;IACJ,CAAC;CACF;AAED,SAAS,sBAAsB,CAAC,OAA4B;IAC1D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC;IACzD,IAAI,MAAM,IAAI,QAAQ;QAAE,OAAO,UAAU,CAAC;IAC1C,IAAI,MAAM;QAAE,OAAO,qBAAqB,CAAC;IACzC,OAAO,qBAAqB,CAAC;AAC/B,CAAC"}

package/dist/engine/decision_contract.d.ts

@@ -0,0 +1,29 @@
+/**
+ * 默认决策输出契约 — advisory 状态。
+ * 校验 sf_expand / sf_review / sf_analyze / sf_explore 的输出是否包含
+ * 备忘录要求的 10 个决策字段。不 hard block，只出 advisory 告警。
+ */
+export declare const DECISION_FIELDS: readonly ["recommended_option", "why_this", "rejected_options", "steelman_alternatives", "attack_recommended_option", "falsification_tests", "execution_plan", "verification_plan", "rollback_plan", "human_confirmation_required"];
+export type DecisionField = (typeof DECISION_FIELDS)[number];
+export interface DecisionContractResult {
+    /** 是否通过契约校验（advisory） */
+    passed: boolean;
+    /** 缺失字段列表 */
+    missing_fields: DecisionField[];
+    /** 当前覆盖率 */
+    coverage: number;
+    /** advisory 消息 */
+    advisory: string;
+    /** 各字段存在状态 */
+    field_status: Array<{
+        field: DecisionField;
+        present: boolean;
+    }>;
+}
+/**
+ * 校验决策输出是否满足契约。
+ * 输入为任意对象，检查其顶层键是否覆盖 DECISION_FIELDS。
+ * advisory: 不 hard block，missing_fields 仅为建议。
+ */
+export declare function validateDecisionOutput(output: Record<string, unknown>): DecisionContractResult;
+//# sourceMappingURL=decision_contract.d.ts.map

package/dist/engine/decision_contract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decision_contract.d.ts","sourceRoot":"","sources":["../../src/engine/decision_contract.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,eAAe,qOAWlB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC;AAE7D,MAAM,WAAW,sBAAsB;IACrC,yBAAyB;IACzB,MAAM,EAAE,OAAO,CAAC;IAChB,aAAa;IACb,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,YAAY;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc;IACd,YAAY,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,aAAa,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CACjE;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,sBAAsB,CAmB9F"}

package/dist/engine/decision_contract.js

@@ -0,0 +1,41 @@
+/**
+ * 默认决策输出契约 — advisory 状态。
+ * 校验 sf_expand / sf_review / sf_analyze / sf_explore 的输出是否包含
+ * 备忘录要求的 10 个决策字段。不 hard block，只出 advisory 告警。
+ */
+export const DECISION_FIELDS = [
+    "recommended_option",
+    "why_this",
+    "rejected_options",
+    "steelman_alternatives",
+    "attack_recommended_option",
+    "falsification_tests",
+    "execution_plan",
+    "verification_plan",
+    "rollback_plan",
+    "human_confirmation_required",
+];
+/**
+ * 校验决策输出是否满足契约。
+ * 输入为任意对象，检查其顶层键是否覆盖 DECISION_FIELDS。
+ * advisory: 不 hard block，missing_fields 仅为建议。
+ */
+export function validateDecisionOutput(output) {
+    const fieldStatus = DECISION_FIELDS.map((field) => ({
+        field,
+        present: field in output && output[field] != null && output[field] !== "",
+    }));
+    const presentCount = fieldStatus.filter((f) => f.present).length;
+    const missing = fieldStatus.filter((f) => !f.present).map((f) => f.field);
+    const coverage = presentCount / DECISION_FIELDS.length;
+    return {
+        passed: missing.length === 0,
+        missing_fields: missing,
+        coverage,
+        advisory: missing.length === 0
+            ? `决策输出契约完整 (${presentCount}/${DECISION_FIELDS.length})`
+            : `advisory: 决策输出缺少 ${missing.length} 个字段 (${missing.join(", ")})`,
+        field_status: fieldStatus,
+    };
+}
+//# sourceMappingURL=decision_contract.js.map

package/dist/engine/decision_contract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decision_contract.js","sourceRoot":"","sources":["../../src/engine/decision_contract.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,oBAAoB;IACpB,UAAU;IACV,kBAAkB;IAClB,uBAAuB;IACvB,2BAA2B;IAC3B,qBAAqB;IACrB,gBAAgB;IAChB,mBAAmB;IACnB,eAAe;IACf,6BAA6B;CACrB,CAAC;AAiBX;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA+B;IACpE,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAClD,KAAK;QACL,OAAO,EAAE,KAAK,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;KAC1E,CAAC,CAAC,CAAC;IAEJ,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACjE,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1E,MAAM,QAAQ,GAAG,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC;IAEvD,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QAC5B,cAAc,EAAE,OAAO;QACvB,QAAQ;QACR,QAAQ,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;YAC5B,CAAC,CAAC,aAAa,YAAY,IAAI,eAAe,CAAC,MAAM,GAAG;YACxD,CAAC,CAAC,oBAAoB,OAAO,CAAC,MAAM,SAAS,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACpE,YAAY,EAAE,WAAW;KAC1B,CAAC;AACJ,CAAC"}

package/dist/engine/delivery.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"delivery.d.ts","sourceRoot":"","sources":["../../src/engine/delivery.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,WAAW,EACX,aAAa,EAEb,cAAc,EAEd,cAAc,EACf,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD;;;;GAIG;AAIH;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,MAAM,EAAE,aAAa,CAAC;IACtB,cAAc,EAAE,qBAAqB,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAoJ3E;AAcD;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,WAAW,GAAG,cAAc,CAmB/E"}
+{"version":3,"file":"delivery.d.ts","sourceRoot":"","sources":["../../src/engine/delivery.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,WAAW,EACX,aAAa,EAEb,cAAc,EAEd,cAAc,EACf,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAKnD;;;;GAIG;AAIH;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,MAAM,EAAE,aAAa,CAAC;IACtB,cAAc,EAAE,qBAAqB,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAwP3E;AAcD;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,WAAW,GAAG,cAAc,CAmB/E"}

package/dist/engine/delivery.js

@@ -1,4 +1,7 @@
 import YAML from "yaml";
+import { buildDeliveryEvidenceChain } from "./semantic_evidence.js";
+import { classifyCommand, checkSupplyChain } from "./runtime_safety.js";
+import { preDeliveryReview } from "./developer_sovereignty.js";
 /**
  * 执行完整的交付流程：提交代码、推送到远程、生成 PR 命令和变更日志。
  * 流程按顺序执行，每一步失败后记录错误并继续后续步骤。
@@ -28,6 +31,79 @@ export async function deliver(input) {
     // 3. 根据任务信息构建变更日志条目和提交消息
     const entry = generateChangelogEntry(taskContext);
     result.commit_message = formatCommitMessage(entry);
+    // 3.5. R12: 运行安全包 — 命令分级 advisory（不 hard block）
+    const safetyAdvisories = [];
+    // 检查验证命令是否有 destructive 级别
+    const verifyCommands = taskContext.verification?.checks
+        ? [
+            ...taskContext.verification.checks.build,
+            ...taskContext.verification.checks.tests,
+        ]
+        : [];
+    for (const cmd of verifyCommands) {
+        const classified = classifyCommand(cmd.command);
+        if (classified.risk === "destructive") {
+            safetyAdvisories.push(`advisory: destructive verify command detected: ${cmd.command} — ${classified.advisory}`);
+        }
+    }
+    // 检查推送命令风险
+    const pushClassified = classifyCommand(`git push origin ${result.branch}`);
+    if (pushClassified.risk !== "read_only") {
+        safetyAdvisories.push(`advisory: push is ${pushClassified.risk} — ${pushClassified.advisory}`);
+    }
+    // 供应链检查: 依赖变更时调用 checkSupplyChain 检查 lockfile/integrity
+    const changedFiles = taskContext.execution?.changed_files ?? [];
+    const depFiles = changedFiles.filter((f) => f.endsWith("package.json") || f.endsWith("package-lock.json") ||
+        f.endsWith("pnpm-lock.yaml") || f.endsWith("yarn.lock") ||
+        f.endsWith("go.mod") || f.endsWith("go.sum") ||
+        f.endsWith("Cargo.toml") || f.endsWith("Cargo.lock"));
+    if (depFiles.length > 0) {
+        try {
+            // Use filesystem root dir listing for lockfile detection (not git status)
+            const fss = await import("node:fs");
+            const nodePath = await import("node:path");
+            const rootEntries = fss.readdirSync(projectPath);
+            const rootFiles = rootEntries.filter((e) => e.endsWith(".json") || e.endsWith(".yaml") || e.endsWith(".yarn") ||
+                e.endsWith(".lock") || e.endsWith(".sum") || e.endsWith(".toml"));
+            // Read package.json for dependency list if present
+            const fsAsync = await import("node:fs/promises");
+            const deps = [];
+            const pkgPath = nodePath.join(projectPath, "package.json");
+            try {
+                const pkg = JSON.parse(await fsAsync.readFile(pkgPath, "utf-8"));
+                const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+                for (const [name, version] of Object.entries(allDeps)) {
+                    deps.push({ name, version: String(version) });
+                }
+            }
+            catch { /* no package.json or parse error */ }
+            if (deps.length > 0) {
+                const scReport = checkSupplyChain(rootFiles, deps);
+                for (const check of scReport.checks) {
+                    if (!check.has_lockfile) {
+                        safetyAdvisories.push(`advisory: ${check.package_name}@${check.version} — no lockfile/integrity`);
+                    }
+                }
+            }
+            else {
+                safetyAdvisories.push("advisory: dependency files changed — recommend running supply chain check (sf_dependency_scan)");
+            }
+        }
+        catch {
+            safetyAdvisories.push("advisory: dependency files changed — supply chain check failed");
+        }
+    }
+    if (safetyAdvisories.length > 0) {
+        result.safety_advisories = safetyAdvisories;
+    }
+    // 3.6. R11: Developer Sovereignty — pre-delivery review（advisory, 不 hard block）
+    try {
+        const review = await preDeliveryReview(taskContext, gitOps, projectPath);
+        result.pre_delivery_review = review;
+    }
+    catch {
+        // review failure is advisory, don't block delivery
+    }
     // 4. 执行 git commit（如果配置允许自动提交）
     if (deliveryConfig.auto_commit) {
         try {
@@ -55,6 +131,11 @@ export async function deliver(input) {
                 }
             }
             result.actions_performed.push("commit");
+            // Update rollback command in pre_delivery_review to point to this commit
+            if (result.pre_delivery_review && result.commit_hash) {
+                result.pre_delivery_review.rollback_command =
+                    `git revert ${result.commit_hash} --no-edit`;
+            }
         }
         catch (e) {
             result.errors.push(`提交失败: ${e instanceof Error ? e.message : String(e)}`);
@@ -134,6 +215,8 @@ export async function deliver(input) {
     // 7. 生成变更日志
     result.changelog = formatChangelog(entry);
     result.actions_performed.push("changelog");
+    // 8. R9: 构建语义交付证据链（advisory, 不 hard block）
+    result.evidence_chain = buildDeliveryEvidenceChain(taskContext) ?? undefined;
     return result;
 }
 // ── Shell 转义辅助函数 ──