npm - soloforge - Versions diffs - 1.3.0 → 1.3.2 - Mend

soloforge 1.3.0 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (165) hide show

package/dist/engine/release_readiness_gate.js CHANGED Viewed

@@ -13,8 +13,17 @@
  * 5. 旧 gate 误导标记
  * 6. 测试污染初筛
  * 7. Batch 问题文档格式一致性
+ * 8. 关键问题消费验证
+ * 9. 机制身份一致性
+ * 10. P0/P1 知识资产 schema
+ * 11. engine console.log 检查
+ * 12. 中文注释检查
+ * 13. 第五批一致性校验
+ * 14. 依赖漏洞扫描
+ * 15. 发布问题架构决策与设计产物真实消费
  */
 import fs from "node:fs";
+import os from "node:os";
 import path from "node:path";
 // ── 辅助函数 ──
 function safeRead(filePath) {
@@ -218,7 +227,7 @@ const CONSUMER_ENTRY_FILES = {
     "CLI validate-knowledge": ["src/engine/knowledge_scenario_registry.ts"],
     "sf_verify": ["src/engine/verifier.ts"],
     "sf_deliver": ["src/adapters/claude_code/tools.ts", "src/engine/delivery_readiness.ts"],
-    "sf_expand": ["src/engine/intent_expander.ts"],
+    "sf_expand": ["src/adapters/claude_code/tools.ts", "src/engine/intent_expander.ts"],
     "问题管理流程": [],
 };
 /** 模块名→文件路径映射 (用于模块间调用链如 "knowledge_evolution.validateCandidateTrust") */
@@ -435,7 +444,15 @@ function checkMainlineConsumption(rootDir, hardFail, _info) {
                         continue;
                     const staticImportPattern = new RegExp(`import\\s+\\{[^}]*\\b${ep}\\b[^}]*\\}\\s+from`);
                     const dynamicImportPattern = new RegExp(`\\{[^}]*\\b${ep}\\b[^}]*\\}\\s*=\\s*await\\s+import\\(`);
-                    const hasImport = staticImportPattern.test(consumerContent) || dynamicImportPattern.test(consumerContent);
+                    const hasLazyModuleImport = entry.owner_files.some((ownerFile) => {
+                        const moduleName = path.basename(ownerFile, ".ts");
+                        return consumerContent.includes(`import("../../engine/${moduleName}.js")`)
+                            || consumerContent.includes(`import("../engine/${moduleName}.js")`)
+                            || consumerContent.includes(`import("./${moduleName}.js")`);
+                    });
+                    const hasImport = staticImportPattern.test(consumerContent)
+                        || dynamicImportPattern.test(consumerContent)
+                        || hasLazyModuleImport;
                     if (!hasImport)
                         continue;
                     const importLinePattern = new RegExp(`import\\s+\\{[^}]*\\b${ep}\\b|\\{[^}]*\\b${ep}\\b[^}]*\\}\\s*=\\s*await\\s+import`);
@@ -636,7 +653,7 @@ function checkTestPollution(rootDir, hardFail, _info) {
     }
 }
 // ── 8. 关键问题消费验证 (problem-17/38/57) ──
-function checkCriticalProblemConsumption(rootDir, hardFail, _info) {
+async function checkCriticalProblemConsumption(rootDir, hardFail, _info) {
     const taskContextPath = path.join(rootDir, "src/engine/task_context.ts");
     const cliPath = path.join(rootDir, "src/bin/soloforge.ts");
     // problem-17: StateFact 分区 — save() 必须调用 validateStateFactPartition，hard_fail 必须 throw
@@ -765,6 +782,342 @@ function checkCriticalProblemConsumption(rootDir, hardFail, _info) {
         }
     }
     _info("  problem-17/38/57 消费验证完成");
+    // 问题六十：证据驱动与反幻觉契约 — 行为级检查
+    {
+        const evidenceGroundingPath = path.join(rootDir, "src/engine/evidence_grounding_contract.ts");
+        if (!fs.existsSync(evidenceGroundingPath)) {
+            hardFail("CRITICAL_PROBLEM_FILE_MISSING", "problem-60: evidence_grounding_contract.ts 不存在", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "发布门禁不检查 problem-60 实现", "创建 evidence_grounding_contract.ts");
+        }
+        else {
+            // 行为级检查：动态导入并验证核心门禁行为
+            try {
+                const eg = await import(path.join(rootDir, "dist/engine/evidence_grounding_contract.js"));
+                const sys = eg.createEvidenceGroundingSystem();
+                // 检查 1：无证据高风险 claim 必须被 blocked
+                {
+                    const noEvClaims = [{
+                            id: "gate-test-no-ev", claim_text: "项目使用 React", category: "project_fact",
+                            evidence_ids: [], is_uncertain: false, risk_level: "high",
+                        }];
+                    const noEvResult = sys.verifier.verify(noEvClaims, "high");
+                    if (noEvResult.unsupported.length === 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: 无证据高风险 claim 未被 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 未阻断无证据声明", "验证 classify 逻辑");
+                    }
+                }
+                // 检查 2：generated_inference 单独支撑 project_fact 必须被 blocked
+                {
+                    const infEv = sys.registry.register({
+                        source_type: "generated_inference", authority: "weak", freshness: "unknown",
+                        permission: "allowed", scope: "test", description: "推理",
+                    });
+                    const infClaims = [{
+                            id: "gate-test-inference", claim_text: "项目使用 Vue", category: "tech_stack",
+                            evidence_ids: [infEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const infResult = sys.verifier.verify(infClaims, "high");
+                    if (infResult.unsupported.length === 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: generated_inference 单独支撑 project_fact 未被 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 未阻断推理自证", "验证 isSelfAttestation 逻辑");
+                    }
+                }
+                // 检查 3：validation_plan 冒充 validation_result 必须被 blocked
+                {
+                    const planEv = sys.registry.register({
+                        source_type: "generated_inference", authority: "weak", freshness: "unknown",
+                        permission: "allowed", scope: "test", description: "验证计划",
+                    });
+                    const planClaims = [{
+                            id: "gate-test-plan-as-result", claim_text: "验证已通过",
+                            category: "validation_result",
+                            evidence_ids: [planEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const planResult = sys.verifier.verify(planClaims, "high");
+                    if (planResult.unsupported.length === 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: validation_plan 冒充 validation_result 未被 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 未阻断验证计划冒充", "验证 validation_result 检查逻辑");
+                    }
+                }
+                // 检查 4：forbidden source 必须被 blocked
+                {
+                    const matrix = sys.builder.buildContext([], {
+                        target_claims: [], source_types: [], keywords: [], max_results: 10,
+                    });
+                    matrix.evidence.push({
+                        id: "ev-forbidden-test", source_type: "project_file",
+                        authority: "authoritative", freshness: "current",
+                        permission: "forbidden", scope: "sensitive",
+                        description: "敏感数据", timestamp: new Date().toISOString(),
+                    });
+                    matrix.risk_summary = { low: 0, medium: 0, high: 0, critical: 1 };
+                    const forbiddenResult = sys.gate.evaluate(matrix, "high");
+                    if (forbiddenResult.allowed) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: forbidden source 未被 UnsupportedClaimGate 阻断", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "UnsupportedClaimGate 允许 forbidden 证据通过", "验证 forbidden 检查逻辑");
+                    }
+                }
+                // 检查 5：conflict unresolved 必须被 blocked（高风险）
+                {
+                    const confMatrix = sys.builder.buildContext([], {
+                        target_claims: [], source_types: [], keywords: [], max_results: 10,
+                    });
+                    confMatrix.conflicts.push({
+                        claim_id: "claim-conflict-test",
+                        conflicting_evidence_ids: ["ev-a", "ev-b"],
+                        description: "矛盾",
+                        resolution_status: "unresolved",
+                    });
+                    confMatrix.risk_summary = { low: 0, medium: 0, high: 1, critical: 0 };
+                    const confResult = sys.gate.evaluate(confMatrix, "high");
+                    if (confResult.allowed) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: unresolved conflict 未被 UnsupportedClaimGate 阻断", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "UnsupportedClaimGate 允许未裁决冲突通过", "验证 conflict 检查逻辑");
+                    }
+                }
+                // 检查 6：classification-only 证据不得支撑 architecture 声明
+                {
+                    sys.registry.clear();
+                    const clsOnlyEv = sys.registry.register({
+                        source_type: "task_context", authority: "authoritative", freshness: "current",
+                        permission: "allowed", scope: "classification", description: "任务分类结果",
+                    });
+                    const clsOnlyClaims = [{
+                            id: "gate-test-cls-only", claim_text: "技术方案基于现有系统分析",
+                            category: "architecture",
+                            evidence_ids: [clsOnlyEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const clsOnlyResult = sys.verifier.verify(clsOnlyClaims, "high");
+                    if (clsOnlyResult.unsupported.length === 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: classification-only 证据支撑 architecture 声明未被 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 允许 task_context:classification 支撑项目事实声明", "验证 CATEGORY_REQUIRED_SOURCES 逻辑");
+                    }
+                }
+                // 检查 7：project_file + project_source_file 证据可以支撑 architecture 声明
+                {
+                    sys.registry.clear();
+                    const pfEv = sys.registry.register({
+                        source_type: "project_file", evidence_role: "project_source_file",
+                        authority: "authoritative", freshness: "current",
+                        permission: "allowed", scope: "src/", description: "项目源码文件",
+                    });
+                    const pfClaims = [{
+                            id: "gate-test-pf-ok", claim_text: "技术方案基于现有系统分析",
+                            category: "architecture",
+                            evidence_ids: [pfEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const pfResult = sys.verifier.verify(pfClaims, "high");
+                    if (pfResult.unsupported.length > 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: project_source_file 证据支撑 architecture 声明被错误 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 误阻断了有效证据", "验证 CATEGORY_REQUIRED_ROLES 逻辑");
+                    }
+                }
+                // 检查 8：template_guidance 证据不得支撑 architecture 声明
+                {
+                    sys.registry.clear();
+                    const tgEv = sys.registry.register({
+                        source_type: "knowledge_asset", evidence_role: "template_guidance",
+                        authority: "trusted", freshness: "current",
+                        permission: "allowed", scope: "knowledge", description: "默认模板",
+                    });
+                    const tgClaims = [{
+                            id: "gate-test-tg-block", claim_text: "技术方案基于现有系统分析",
+                            category: "architecture",
+                            evidence_ids: [tgEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const tgResult = sys.verifier.verify(tgClaims, "high");
+                    if (tgResult.unsupported.length === 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: template_guidance 证据支撑 architecture 声明未被 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 允许 template_guidance 支撑项目事实声明", "验证 CATEGORY_REQUIRED_ROLES 逻辑");
+                    }
+                }
+                // 检查 9：project_source_file 证据角色可以支撑 architecture 声明
+                {
+                    sys.registry.clear();
+                    const psfEv = sys.registry.register({
+                        source_type: "project_file", evidence_role: "project_source_file",
+                        authority: "authoritative", freshness: "current",
+                        permission: "allowed", scope: "src/", description: "项目源码文件",
+                    });
+                    const psfClaims = [{
+                            id: "gate-test-psf-ok", claim_text: "技术方案基于现有系统分析",
+                            category: "architecture",
+                            evidence_ids: [psfEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const psfResult = sys.verifier.verify(psfClaims, "high");
+                    if (psfResult.unsupported.length > 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: project_source_file 角色支撑 architecture 声明被错误 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 误阻断了有效 project_source_file 证据", "验证 CATEGORY_REQUIRED_ROLES 逻辑");
+                    }
+                }
+                // 检查 10：普通 code_change 不应因无 project_source_file 被 blocked（无 architecture claim 时）
+                {
+                    sys.registry.clear();
+                    const clsEv = sys.registry.register({
+                        source_type: "task_context", evidence_role: "classification",
+                        authority: "authoritative", freshness: "current",
+                        permission: "allowed", scope: "classification", description: "任务分类结果",
+                    });
+                    // 普通 code_change 只有 user_confirmation claim（无 architecture claim）
+                    const ccClaims = [{
+                            id: "gate-test-cc-ok", claim_text: "任务路由和执行范围已确认",
+                            category: "user_confirmation",
+                            evidence_ids: [clsEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const ccResult = sys.verifier.verify(ccClaims, "high");
+                    if (ccResult.unsupported.length > 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: 普通 code_change 的 user_confirmation claim 被 classification 证据错误 blocked", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 误阻断了不需要项目事实的普通任务", "验证 claim 语义逻辑");
+                    }
+                }
+                // 检查 11：architecture_design 无真实项目证据必须 blocked
+                {
+                    sys.registry.clear();
+                    const clsOnlyEv = sys.registry.register({
+                        source_type: "task_context", evidence_role: "classification",
+                        authority: "authoritative", freshness: "current",
+                        permission: "allowed", scope: "classification", description: "任务分类结果",
+                    });
+                    const tgOnlyEv = sys.registry.register({
+                        source_type: "knowledge_asset", evidence_role: "template_guidance",
+                        authority: "trusted", freshness: "current",
+                        permission: "allowed", scope: "knowledge", description: "默认模板",
+                    });
+                    const archClaims = [{
+                            id: "gate-test-arch-block", claim_text: "技术方案基于现有系统分析",
+                            category: "architecture",
+                            evidence_ids: [clsOnlyEv.id, tgOnlyEv.id], is_uncertain: false, risk_level: "high",
+                        }];
+                    const archResult = sys.verifier.verify(archClaims, "high");
+                    if (archResult.unsupported.length === 0) {
+                        hardFail("CRITICAL_PROBLEM_BEHAVIOR", "problem-60: architecture_design 无真实项目证据未被 blocked（classification + template_guidance 不够）", ["src/engine/evidence_grounding_contract.ts"], "problem-60", "FactClaimVerifier 允许非项目证据支撑架构声明", "验证 CATEGORY_REQUIRED_ROLES + claim 语义逻辑");
+                    }
+                }
+            }
+            catch (behaviorErr) {
+                hardFail("CRITICAL_PROBLEM_BEHAVIOR", `problem-60: 行为级检查执行失败: ${behaviorErr?.message ?? behaviorErr}`, ["src/engine/evidence_grounding_contract.ts"], "problem-60", "证据驱动机制行为检查不可执行", "修复 import 或机制代码");
+            }
+        }
+        // 静态检查：导出完整性
+        const egContent = safeRead(evidenceGroundingPath);
+        if (egContent) {
+            const requiredExports = ["createEvidenceGroundingSystem", "assessTaskRisk", "EvidenceSourceRegistry", "FactClaimVerifier", "UnsupportedClaimGate"];
+            for (const exp of requiredExports) {
+                if (!egContent.includes(exp)) {
+                    hardFail("CRITICAL_PROBLEM_EXPORT_MISSING", `problem-60: evidence_grounding_contract.ts 缺少导出: ${exp}`, ["src/engine/evidence_grounding_contract.ts"], "problem-60", "证据驱动机制缺少核心导出", `添加 ${exp} 导出`);
+                }
+            }
+        }
+        // 静态检查：InstructionContract schema 必须包含 evidence 字段
+        const instrContractPath = path.join(rootDir, "src/engine/instruction_contract.ts");
+        const instrContent = safeRead(instrContractPath);
+        if (instrContent) {
+            const evidenceFields = ["evidence_matrix", "unsupported_claim_policy", "uncertainty_policy", "conflict_resolution_policy"];
+            for (const field of evidenceFields) {
+                if (!instrContent.includes(field)) {
+                    hardFail("CRITICAL_PROBLEM_SCHEMA_INCOMPLETE", `problem-60: instruction_contract.ts schema 缺少证据字段: ${field}`, ["src/engine/instruction_contract.ts"], "problem-60", "施工指令契约缺少证据驱动字段", `添加 ${field} 字段`);
+                }
+            }
+        }
+        // 静态检查：主链路必须有 runtime 阻断（不能只是 advisory）
+        const toolsPath = path.join(rootDir, "src/adapters/claude_code/tools.ts");
+        const toolsContent = safeRead(toolsPath);
+        if (!toolsContent?.includes("evidence_grounding_contract")) {
+            hardFail("CRITICAL_PROBLEM_NOT_CONSUMED", "problem-60: tools.ts 未消费 evidence_grounding_contract", ["src/adapters/claude_code/tools.ts"], "problem-60", "证据驱动机制未接入主链路", "在 sf_expand/sf_verify/sf_deliver 中接入");
+        }
+        // sf_expand 必须有 blocked/manual_required 分支
+        if (toolsContent && !toolsContent.includes("_evGate.allowed") && !toolsContent.includes("evidence_blocked")) {
+            hardFail("CRITICAL_PROBLEM_ADVISORY_ONLY", "problem-60: sf_expand 证据检查只有 advisory，缺少 blocked 分支", ["src/adapters/claude_code/tools.ts"], "problem-60", "sf_expand 证据门禁不阻断", "添加 evidence gate blocked 分支");
+        }
+        // sf_verify: 验证计划描述行中不得包含 source_type: "validation_result"
+        if (toolsContent) {
+            // 找到 sf_verify handler 中问题六十部分
+            const verifyStart = toolsContent.indexOf("问题六十：验证结论必须经过 FactClaimVerifier");
+            const verifyEnd = toolsContent.indexOf("// 验证后核心体验评估", verifyStart);
+            if (verifyStart >= 0 && verifyEnd >= 0) {
+                const verifySection = toolsContent.substring(verifyStart, verifyEnd);
+                // 检查验证计划注册调用中是否使用了 validation_result
+                const planRegMatch = verifySection.match(/register\(\{[^}]*验证计划:[^}]*\}\)/s);
+                if (planRegMatch && planRegMatch[0].includes("source_type: \"validation_result\"")) {
+                    hardFail("CRITICAL_PROBLEM_PLAN_AS_RESULT", "problem-60: sf_verify 把验证计划注册为 validation_result", ["src/adapters/claude_code/tools.ts"], "problem-60", "验证计划冒充验证结果", "验证计划应注册为 task_context 类型");
+                }
+            }
+        }
+        // 静态检查：负向测试
+        const testPath = path.join(rootDir, "tests/engine/evidence_grounding_contract.test.ts");
+        if (!fs.existsSync(testPath)) {
+            hardFail("CRITICAL_PROBLEM_TEST_MISSING", "problem-60: 缺少负向测试文件", ["tests/engine/evidence_grounding_contract.test.ts"], "problem-60", "证据驱动机制缺少测试覆盖", "创建 evidence_grounding_contract.test.ts");
+        }
+        // 静态检查：知识规则
+        const kaRulePath = path.join(rootDir, "templates/knowledge/rules/证据驱动与反幻觉规则.md");
+        if (!fs.existsSync(kaRulePath)) {
+            hardFail("CRITICAL_PROBLEM_ASSET_MISSING", "problem-60: 缺少知识规则文件 证据驱动与反幻觉规则.md", ["templates/knowledge/rules/证据驱动与反幻觉规则.md"], "problem-60", "证据驱动知识规则缺失", "创建知识规则文件");
+        }
+        // 静态检查：workflow_template
+        const wfPath = path.join(rootDir, "src/adapters/shared/workflow_template.ts");
+        const wfContent = safeRead(wfPath);
+        if (!wfContent?.includes("wf-evidence-grounding")) {
+            hardFail("CRITICAL_PROBLEM_TEMPLATE_MISSING", "problem-60: workflow_template.ts 缺少 wf-evidence-grounding 硬规则", ["src/adapters/shared/workflow_template.ts"], "problem-60", "工作流模板未包含证据驱动规则", "添加 wf-evidence-grounding 硬规则");
+        }
+        // 静态检查：TaskContext 类型必须有证据字段
+        const typesPath = path.join(rootDir, "src/types.ts");
+        const typesContent = safeRead(typesPath);
+        if (typesContent && !typesContent.includes("evidence_matrix?:") && !typesContent.includes("evidence_gate_result?:")) {
+            hardFail("CRITICAL_PROBLEM_TASKCTX_MISSING", "problem-60: TaskContext 缺少 evidence_matrix/evidence_gate_result 字段", ["src/types.ts"], "problem-60", "TaskContext 未保存证据结果", "添加 evidence_matrix 和 evidence_gate_result 字段");
+        }
+        // 静态检查：task_context.ts 必须有 setEvidenceGroundingResult 写入方法
+        const tcPath = path.join(rootDir, "src/engine/task_context.ts");
+        const tcContent = safeRead(tcPath);
+        if (tcContent && !tcContent.includes("setEvidenceGroundingResult")) {
+            hardFail("CRITICAL_PROBLEM_NO_WRITEBACK", "problem-60: task_context.ts 缺少 setEvidenceGroundingResult 写入方法", ["src/engine/task_context.ts"], "problem-60", "TaskContext 只有类型字段没有写入方法", "添加 setEvidenceGroundingResult 方法");
+        }
+        // 静态检查：tools.ts 主链路必须调用 setEvidenceGroundingResult
+        if (toolsContent && !toolsContent.includes("setEvidenceGroundingResult")) {
+            hardFail("CRITICAL_PROBLEM_NO_RUNTIME_WRITEBACK", "problem-60: tools.ts 未调用 setEvidenceGroundingResult 写回 TaskContext", ["src/adapters/claude_code/tools.ts"], "problem-60", "主链路不写回证据结果到 TaskContext", "在 sf_expand/sf_verify/sf_deliver 中调用 setEvidenceGroundingResult");
+        }
+        // 静态检查：tools.ts 不得出现 registry.query({}).map() 无差别证据绑定
+        if (toolsContent) {
+            const toolsLines = toolsContent.split("\n");
+            for (let i = 0; i < toolsLines.length; i++) {
+                if (/registry\.query\(\{\}\)\.map/.test(toolsLines[i])) {
+                    hardFail("CRITICAL_PROBLEM_INDISCRIMINATE_BINDING", `problem-60: tools.ts:${i + 1} 使用 registry.query({}).map() 无差别绑定证据到所有 claim`, ["src/adapters/claude_code/tools.ts"], "problem-60", "所有 registry 证据被无差别绑定到所有 claim，不区分语义", "按 claim 语义筛选 evidence_ids");
+                }
+            }
+        }
+        // 行为检查：setEvidenceGroundingResult 写入后 load 能读回
+        try {
+            const tcModule = await import(path.join(rootDir, "dist/engine/task_context.js"));
+            const tmpStateDir = path.join(rootDir, ".soloforge", "state");
+            const fsModule = await import("node:fs");
+            if (!fsModule.existsSync(tmpStateDir)) {
+                fsModule.mkdirSync(tmpStateDir, { recursive: true });
+            }
+            const tmpMgr = new tcModule.TaskContextManager(tmpStateDir);
+            const tmpCtx = await tmpMgr.create("gate-evidence-writeback-test", "test");
+            const testMatrix = {
+                task_id: tmpCtx.task_id, claims: [], evidence: [],
+                conflicts: [], unsupported_claims: ["test-claim"],
+                risk_summary: { low: 0, medium: 0, high: 1, critical: 0 },
+                created_at: new Date().toISOString(),
+            };
+            const testGate = {
+                allowed: false, reason_zh: "测试", diagnostic_code: "SF-EVIDENCE-TEST",
+                unsupported_claims: ["test-claim"], unresolved_conflicts: [],
+                missing_evidence: [], risk_level: "high",
+                requires_user_confirmation: [],
+            };
+            await tmpMgr.setEvidenceGroundingResult(tmpCtx.task_id, {
+                evidence_matrix: testMatrix,
+                evidence_gate_result: testGate,
+                unsupported_claims: ["test-claim"],
+            });
+            const loaded = await tmpMgr.load(tmpCtx.task_id);
+            if (!loaded?.evidence_matrix || !loaded?.evidence_gate_result) {
+                hardFail("CRITICAL_PROBLEM_WRITEBACK_FAILED", "problem-60: setEvidenceGroundingResult 写入后 load 无法读回", ["src/engine/task_context.ts"], "problem-60", "TaskContext 写入方法不工作", "修复 setEvidenceGroundingResult 或 save/load");
+            }
+            if (loaded.evidence_gate_result?.allowed !== false) {
+                hardFail("CRITICAL_PROBLEM_WRITEBACK_CORRUPT", "problem-60: setEvidenceGroundingResult 写入的 gate result 数据损坏", ["src/engine/task_context.ts"], "problem-60", "写入的 allowed=false 被读回为 true", "检查序列化逻辑");
+            }
+            // 清理测试任务
+            try {
+                fsModule.rmSync(path.join(tmpStateDir, `${tmpCtx.task_id}.json`), { force: true });
+            }
+            catch { }
+        }
+        catch (wbErr) {
+            hardFail("CRITICAL_PROBLEM_WRITEBACK_ERROR", `problem-60: setEvidenceGroundingResult 行为检查失败: ${wbErr?.message ?? wbErr}`, ["src/engine/task_context.ts"], "problem-60", "TaskContext 写入方法不可用", "修复 import 或方法实现");
+        }
+    }
+    _info("  problem-60 证据驱动消费验证完成");
 }
 // ── 7. Batch 问题文档格式一致性 ──
 async function checkBatchIssueFormatConsistency(rootDir, hardFail, _info) {
@@ -783,13 +1136,13 @@ async function checkBatchIssueFormatConsistency(rootDir, hardFail, _info) {
         hardFail("BATCH_ISSUE_FORMAT_INCONSISTENT", "loadBatchIssueDetails 导出未找到", ["scripts/batch_issue_details.mjs"], "构建系统", "共享解析脚本导出不正确", "修复脚本");
         return;
     }
-    const expectedCounts = { 1: 19, 2: 12, 3: 9, 4: 13, 5: 5 };
+    const expectedCounts = { 1: 19, 2: 12, 3: 9, 4: 13, 5: 6, 6: 4 };
     const requiredPerProblemSections = [
         "问题背景", "用户反馈 / 触发场景", "根因分析", "解决方案", "方案细节",
         "硬规则", "非目标", "影响范围", "落地文件", "验收标准", "回归风险",
         "与其他问题的关联", "发布门禁要求",
     ];
-    for (let batch = 1; batch <= 5; batch++) {
+    for (let batch = 1; batch <= 6; batch++) {
         const details = loadBatchIssueDetails(batch, rootDir);
         if (!details.loaded) {
             hardFail("BATCH_ISSUE_FORMAT_INCONSISTENT", `Batch${batch} 问题集未加载: ${details.error}`, [`docs/SoloForge-Batch${batch}问题集.md`], `Batch${batch}`, "旧 gate 只检查文档存在，不验证是否可解析", "第 3 步统一格式");
@@ -965,6 +1318,767 @@ function findFilesRecursive(dir, ext) {
     }
     return results;
 }
+// ── Phase 10: P0/P1 知识资产 schema 完整性 ──
+async function checkKnowledgeAssetSchema(rootDir, hardFail, _info) {
+    const matter = (await import("gray-matter")).default;
+    const { validateKnowledgeAssetFrontmatter } = await import("./knowledge_asset_schema.js");
+    const knowledgeDir = path.join(rootDir, "templates", "knowledge");
+    if (!fs.existsSync(knowledgeDir))
+        return;
+    const mdFiles = findFilesRecursive(knowledgeDir, ".md");
+    for (const filePath of mdFiles) {
+        const raw = fs.readFileSync(filePath, "utf-8");
+        const { data: frontmatter } = matter(raw);
+        if (!frontmatter || Object.keys(frontmatter).length === 0)
+            continue;
+        if (!frontmatter.asset_kind)
+            continue;
+        const findings = validateKnowledgeAssetFrontmatter(frontmatter, filePath);
+        for (const f of findings) {
+            if (f.severity === "hard_fail") {
+                hardFail(`KA_SCHEMA_${f.kind}`, f.message_zh, [filePath], f.asset_id, "旧 validate-release 不独立校验知识资产 schema", "补齐缺失的 frontmatter 字段");
+            }
+        }
+    }
+}
+// ── Phase 11: engine console.log 检查 ──
+function checkEngineConsoleLog(rootDir, hardFail) {
+    // 扫描全 src/ 目录（不仅 engine）
+    const srcDir = path.join(rootDir, "src");
+    if (!fs.existsSync(srcDir))
+        return;
+    const files = findFilesRecursive(srcDir, ".ts");
+    for (const file of files) {
+        const content = fs.readFileSync(file, "utf-8");
+        const lines = content.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/^\s*\/\//.test(line))
+                continue;
+            if (/^\s*\*|^\s*\/\*/.test(line))
+                continue;
+            if (/"console\.log"|`console\.log`|'console\.log'|console\\.log/.test(line))
+                continue;
+            // 日志模块内部 stdout 封装允许 console.log
+            if (/logger\.ts$/.test(file) && /^\s*console\.log\(/.test(line))
+                continue;
+            if (/console\.log\s*\(/.test(line)) {
+                const rel = path.relative(rootDir, file);
+                hardFail("ENGINE_CONSOLE_LOG", `${rel}:${i + 1} 使用 console.log（应使用 logger 或 console.error 写 stderr）`, [rel], "发布门禁 console 检查", "旧 gate 不检查 src/ 全目录 console.log", "替换为 logger 模块调用");
+            }
+        }
+    }
+}
+// ── Phase 12: 中文注释检查 ──
+function checkChineseComments(rootDir, hardFail) {
+    const srcDir = path.join(rootDir, "src");
+    if (!fs.existsSync(srcDir))
+        return;
+    const tsFiles = findFilesRecursive(srcDir, ".ts");
+    for (const file of tsFiles) {
+        const content = fs.readFileSync(file, "utf-8");
+        const lines = content.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (!/^\s*\/\//.test(line))
+                continue;
+            if (/[一-龥]/.test(line))
+                continue;
+            // 跳过装饰分隔线
+            if (/^\s*\/\/\s*[─═\-~=*#]+\s*$/.test(line))
+                continue;
+            // 跳过工具指令
+            if (/@ts-|eslint|TODO|FIXME|NOTE|prettier|istanbul|c8/.test(line))
+                continue;
+            // 跳过机制 ID 标签
+            if (/\/\/\s*──\s*\d+\./.test(line))
+                continue;
+            if (/\/\/\s*mc-[a-z]/.test(line))
+                continue;
+            // 跳过纯代码标识符
+            if (/^\s*\/\/\s*[a-z][a-z0-9_.\/-]+\s*$/.test(line))
+                continue;
+            // 跳过大小标注
+            if (/^\s*\/\/\s*\d+\s*(MB|KB|GB|ms|min|分钟|秒)/.test(line))
+                continue;
+            // 跳过技术术语注释
+            if (/^\s*\/\/\s*[a-z_]+\.[a-z_]+/.test(line))
+                continue;
+            // 检查连续 4+ 字母
+            if (/[a-zA-Z]{4,}/.test(line)) {
+                const rel = path.relative(rootDir, file);
+                hardFail("ENGLISH_COMMENT", `${rel}:${i + 1}: ${line.trim()}（应使用中文注释）`, [rel], "中文注释检查", "旧 gate 不检查中文注释", "将英文注释改为中文");
+            }
+        }
+    }
+}
+// ── 13. 第五批文档↔roadmap↔scenario 一致性 ──
+async function checkLastBatchConsistency(rootDir, hardFail, _info) {
+    // 动态导入避免循环依赖
+    const roadmapPath = path.join(rootDir, "dist", "engine", "implementation_roadmap_registry.js");
+    const scenarioPath = path.join(rootDir, "dist", "engine", "release_gate_scenario_registry.js");
+    let listAllProblems;
+    let listBatches;
+    let RELEASE_GATE_SCENARIOS;
+    let runAllReleaseGateScenarios;
+    try {
+        const roadmap = await import(roadmapPath);
+        listAllProblems = roadmap.listAllProblems;
+        listBatches = roadmap.listBatches;
+    }
+    catch {
+        hardFail("LAST_BATCH_CONSISTENCY", "无法导入 implementation_roadmap_registry", ["src/engine/implementation_roadmap_registry.ts"], "末批一致性", "旧 gate 不检查 roadmap↔scenario 一致性", "先 build");
+        return;
+    }
+    try {
+        const scenario = await import(scenarioPath);
+        RELEASE_GATE_SCENARIOS = scenario.RELEASE_GATE_SCENARIOS;
+        runAllReleaseGateScenarios = scenario.runAllReleaseGateScenarios;
+    }
+    catch {
+        hardFail("LAST_BATCH_CONSISTENCY", "无法导入 release_gate_scenario_registry", ["src/engine/release_gate_scenario_registry.ts"], "末批一致性", "旧 gate 不检查 roadmap↔scenario 一致性", "先 build");
+        return;
+    }
+    // 1. 末批必须存在且包含 problem-55 到 problem-60
+    const batches = listBatches();
+    const lastBatch = batches.find((b) => b.batch_id === "batch-5");
+    if (!lastBatch) {
+        hardFail("LAST_BATCH_CONSISTENCY", "implementation_roadmap_registry 缺少 batch-5", ["src/engine/implementation_roadmap_registry.ts"], "末批一致性", "旧 gate 不检查末批是否存在于 roadmap", "新增 batch-5 并登记 problem-55 到 problem-60");
+        return;
+    }
+    const expectedLastProblems = ["problem-55", "problem-56", "problem-57", "problem-58", "problem-59", "problem-60"];
+    const missing = expectedLastProblems.filter((pid) => !lastBatch.included_problem_ids.includes(pid));
+    if (missing.length > 0) {
+        hardFail("LAST_BATCH_CONSISTENCY", `batch-5 缺少问题: ${missing.join(", ")}`, ["src/engine/implementation_roadmap_registry.ts"], "末批一致性", "旧 gate 不检查末批问题归属完整性", `将 ${missing.join(", ")} 加入 batch-5`);
+    }
+    // 2. problem-58 和 problem-60 不得在 batch-4
+    const prevBatch = batches.find((b) => b.batch_id === "batch-4");
+    if (prevBatch) {
+        const misattrib = ["problem-58", "problem-60"].filter((pid) => prevBatch.included_problem_ids.includes(pid));
+        if (misattrib.length > 0) {
+            hardFail("LAST_BATCH_CONSISTENCY", `problem-58/60 错误归属到 batch-4: ${misattrib.join(", ")}`, ["src/engine/implementation_roadmap_registry.ts"], "末批一致性", "旧 gate 不检查问题是否被错误归入其他批次", "将 problem-58/60 从 batch-4 迁到 batch-5");
+        }
+    }
+    // 3. 场景矩阵必须覆盖问题五十五到问题六十
+    const scenarios = RELEASE_GATE_SCENARIOS;
+    const allCoveredIssues = scenarios.flatMap((s) => s.covered_issues);
+    const expectedIssueLabels = ["问题五十五", "问题五十六", "问题五十七", "问题五十八", "问题五十九", "问题六十"];
+    const uncovered = expectedIssueLabels.filter((label) => !allCoveredIssues.includes(label));
+    if (uncovered.length > 0) {
+        hardFail("LAST_BATCH_CONSISTENCY", `场景矩阵未覆盖: ${uncovered.join(", ")}`, ["src/engine/release_gate_scenario_registry.ts"], "末批一致性", "旧 gate 不检查场景矩阵是否覆盖所有末批问题", `为 ${uncovered.join(", ")} 新增场景`);
+    }
+    // 4. 场景矩阵必须全部通过
+    const results = runAllReleaseGateScenarios();
+    const failedScenarios = results.filter((r) => !r.passed);
+    if (failedScenarios.length > 0) {
+        hardFail("LAST_BATCH_CONSISTENCY", `场景矩阵未全部通过: ${failedScenarios.map((r) => `${r.scenario_id}: ${r.failures.join("; ")}`).join(", ")}`, ["src/engine/release_gate_scenario_registry.ts"], "末批一致性", "旧 gate 不运行场景矩阵验证", "修复失败场景");
+    }
+    _info("  第五批一致性校验通过");
+}
+// ── 14. 依赖漏洞扫描 ──
+function checkDependencyAudit(rootDir, hardFail, _info) {
+    const reportPath = path.join(rootDir, ".soloforge", "advisory-report.json");
+    if (!fs.existsSync(reportPath)) {
+        hardFail("DEPENDENCY_AUDIT", "未找到依赖漏洞扫描报告 (.soloforge/advisory-report.json)", ["package.json"], "依赖健康", "旧 gate 不检查依赖漏洞", "运行 npm run audit-deps");
+        return;
+    }
+    try {
+        const report = JSON.parse(fs.readFileSync(reportPath, "utf-8"));
+        if (!report.timestamp) {
+            hardFail("DEPENDENCY_AUDIT", "漏洞扫描报告缺少时间戳", ["package.json"], "依赖健康", "旧 gate 不验证报告完整性", "重新运行 npm run audit-deps");
+            return;
+        }
+        // 报告过期检查: 超过 24 小时视为过期
+        const reportAge = Date.now() - new Date(report.timestamp).getTime();
+        const maxAge = 24 * 60 * 60 * 1000;
+        if (reportAge > maxAge) {
+            hardFail("DEPENDENCY_AUDIT", `漏洞扫描报告已过期 (生成于 ${report.timestamp})`, ["package.json"], "依赖健康", "旧 gate 不检查报告时效", "重新运行 npm run audit-deps");
+            return;
+        }
+        const blocked = report.blocked || [];
+        if (blocked.length > 0) {
+            const details = blocked.map((b) => `[${b.severity}] ${b.package}: ${b.title}`).join("; ");
+            hardFail("DEPENDENCY_AUDIT", `发现 ${blocked.length} 个阻断级漏洞: ${details}`, ["package.json"], "依赖健康", "旧 gate 不扫描依赖漏洞", "npm audit fix 或升级依赖");
+            return;
+        }
+        const total = report.vulnerability_summary?.total || 0;
+        _info(`  依赖漏洞扫描通过: ${total} 个已知漏洞（无阻断级）`);
+    }
+    catch {
+        hardFail("DEPENDENCY_AUDIT", "漏洞扫描报告格式无效", ["package.json"], "依赖健康", "旧 gate 不验证报告格式", "删除 .soloforge/advisory-report.json 并重新运行 npm run audit-deps");
+    }
+}
+// ── 15. 发布问题全局合同 ──
+async function checkReleaseIssueDesignPath(rootDir, hardFail, _info) {
+    const toolsText = safeRead(path.join(rootDir, "src", "adapters", "claude_code", "tools.ts")) ?? "";
+    const cliText = safeRead(path.join(rootDir, "src", "bin", "soloforge.ts")) ?? "";
+    const workflowText = safeRead(path.join(rootDir, "src", "adapters", "shared", "workflow_template.ts")) ?? "";
+    // ══ 前置检查: roadmap 状态与发布文档一致性 ══
+    const roadmapText = safeRead(path.join(rootDir, "src", "engine", "implementation_roadmap_registry.ts")) ?? "";
+    const gateDocText = safeRead(path.join(rootDir, "docs", "正式发布门槛.md")) ?? "";
+    if (/status:\s*"in_repair"/.test(roadmapText)) {
+        hardFail("RELEASE_ISSUE_ROADMAP_IN_REPAIR", "发布问题仍有 in_repair 状态，不得通过发布门禁", ["src/engine/implementation_roadmap_registry.ts"], "release-issues", "roadmap 状态为 in_repair 时不能声称完成", "完成所有返修后改为 implemented_verified");
+    }
+    // 发布问题场景矩阵: 结构化场景注册表验证测试文件存在 + 执行证据
+    {
+        const { validateReleaseIssueScenarios, executeReleaseIssueScenarios } = await import("./release_issue_scenario_registry.js");
+        const scenarioResult = validateReleaseIssueScenarios(rootDir);
+        _info(`  发布问题场景: ${scenarioResult.scenario_count} 条，覆盖 ${scenarioResult.covered_problems.join(", ")}`);
+        if (scenarioResult.missing_runners.length > 0) {
+            hardFail("RELEASE_ISSUE_SCENARIO_NO_RUNNER", `发布问题场景缺少 runner: ${scenarioResult.missing_runners.join("; ")}`, ["src/engine/release_issue_scenario_registry.ts"], "release-issues", "所有场景必须有真实生产入口 runner", "为缺失场景添加 runner");
+        }
+        if (scenarioResult.missing_tests.length > 0) {
+            hardFail("RELEASE_ISSUE_SCENARIO_TESTS_MISSING", `发布问题场景引用的测试文件缺失: ${scenarioResult.missing_tests.join("; ")}`, scenarioResult.missing_tests.map(m => m.split(": ")[1] ?? "unknown"), "release-issues", "场景测试文件必须存在", "创建缺失的测试文件");
+        }
+        // 运行所有场景收集执行证据（全部必须有 runner）
+        const execResults = await executeReleaseIssueScenarios();
+        const failed = execResults.filter(r => r.status === "fail");
+        _info(`  发布问题场景执行: ${execResults.length} 条已执行，${failed.length} 条失败`);
+        if (failed.length > 0) {
+            hardFail("RELEASE_ISSUE_SCENARIO_EXECUTION_FAILED", `发布问题场景执行失败: ${failed.map(f => `${f.scenario_id}: ${f.error ?? "unknown"}`).join("; ")}`, ["src/engine/release_issue_scenario_registry.ts"], "release-issues", "所有场景执行必须通过", "修复失败场景的 runner 逻辑");
+        }
+        // R10: 所有场景必须有 production_trace 且 tool_entrypoint 引用真实工具
+        const noTrace = execResults.filter(r => !r.production_trace);
+        if (noTrace.length > 0) {
+            hardFail("RELEASE_ISSUE_SCENARIO_NO_PRODUCTION_TRACE", `场景缺少 production_trace: ${noTrace.map(r => r.scenario_id).join("; ")}`, ["src/engine/release_issue_scenario_registry.ts"], "release-issues", "所有场景必须有 production_trace 记录真实入口", "为缺失场景添加 production_trace");
+        }
+        // R12: production_trace 的 diagnostic_codes 必须非空（来自工具返回值或函数调用结果）
+        const noDiagCodes = execResults.filter(r => r.production_trace && (!r.production_trace.diagnostic_codes || r.production_trace.diagnostic_codes.length === 0));
+        if (noDiagCodes.length > 0) {
+            hardFail("RELEASE_ISSUE_SCENARIO_NO_PRODUCTION_TRACE", `场景 production_trace 缺少 diagnostic_codes: ${noDiagCodes.map(r => r.scenario_id).join("; ")}`, ["src/engine/release_issue_scenario_registry.ts"], "release-issues", "所有 production_trace 必须包含来自工具/函数返回值的 diagnostic_codes", "为场景添加真实 diagnostic_codes");
+        }
+        // R10: 每个 problem 必须至少有一个场景通过真实 MCP 工具入口执行
+        const realToolNames = ["sf_classify", "sf_expand", "sf_verify", "sf_deliver", "sf_learn", "sf_accept", "sf_record_verification_execution", "sf_scaffold"];
+        // 用 scenario_id 前缀识别 problem 归属
+        const problemPrefixes = {
+            "problem-61": ["release-scenario-architecture-workshop-", "release-scenario-decision-workshop-"],
+            "problem-62": ["release-scenario-design-pack-"],
+            "problem-63": ["release-scenario-template-contract-"],
+            "problem-64": ["release-scenario-template-visibility-"],
+        };
+        for (const [problem, prefixes] of Object.entries(problemPrefixes)) {
+            const problemScenarios = execResults.filter(r => prefixes.some(p => r.scenario_id.startsWith(p)));
+            const withRealTools = problemScenarios.filter(r => r.production_trace && realToolNames.some(t => r.production_trace.tool_entrypoint.includes(t)));
+            if (withRealTools.length === 0 && problemScenarios.length > 0) {
+                hardFail("RELEASE_ISSUE_SCENARIO_NO_PRODUCTION_TRACE", `${problem} 无场景通过真实 MCP 工具入口执行`, ["src/engine/release_issue_scenario_registry.ts"], "release-issues", `R10 ${problem} 必须有通过 sf_classify/sf_expand 等真实 MCP 工具执行的场景`, "用 createToolHarness + callTool 重写 runner");
+            }
+        }
+        // R13: problem-61 必须证明 awaiting_confirmation 阻断 + 确认放行双向
+        {
+            const p61 = execResults.filter(r => r.scenario_id.startsWith("release-scenario-decision-workshop-"));
+            // 阻断证据: evidence 包含 "awaiting" 或 diagnostic_codes 包含决策研讨阻断码
+            const hasAwaiting = p61.some(r => r.evidence?.includes("awaiting") ||
+                r.production_trace?.diagnostic_codes?.some(c => c.includes("决策研讨") || c.includes("awaiting_confirmation")));
+            // 放行证据: 至少一个 decision_workshop 场景通过两次 sf_expand（tool_entrypoint 含两个 sf_expand）
+            const hasConfirmedPass = p61.some(r => r.status === "pass" && r.production_trace?.tool_entrypoint &&
+                (r.production_trace.tool_entrypoint.match(/sf_expand/g) ?? []).length >= 2);
+            if (!hasAwaiting || !hasConfirmedPass) {
+                hardFail("RELEASE_ISSUE_SCENARIO_NO_PRODUCTION_TRACE", `problem-61 缺少 awaiting_confirmation 阻断+放行双向证据 (awaiting=${hasAwaiting}, confirmed=${hasConfirmedPass})`, ["src/engine/release_issue_scenario_registry.ts"], "release-issues", "problem-61 必须有场景证明 decision_workshop 阻断后确认放行", "确保 data-migration/security-policy 等场景含 awaiting 阻断和确认放行双向证据");
+            }
+        }
+        // problem-63 必须在同一正式产物任务上证明阻断、清零、接受与交付，不能由描述文字自证。
+        {
+            const p63 = execResults.filter(r => r.scenario_id.startsWith("release-scenario-template-contract-"));
+            const lifecycleProof = p63.find(r => r.scenario_id === "release-scenario-template-contract-repair-directive")?.behavioral_proof;
+            const sameTask = lifecycleProof?.task_id
+                && lifecycleProof.blocked_task_id === lifecycleProof.task_id
+                && lifecycleProof.delivered_task_id === lifecycleProof.task_id;
+            const completed = lifecycleProof?.contract_blocked === true
+                && lifecycleProof?.repair_directive_cleared === true
+                && lifecycleProof?.artifact_status === "accepted"
+                && !!lifecycleProof?.acceptance_confirmation_ref
+                && lifecycleProof?.delivery_succeeded === true;
+            if (!sameTask || !completed) {
+                hardFail("RELEASE_ISSUE_SCENARIO_NO_PRODUCTION_TRACE", `problem-63 缺少同任务正式产物生命周期证据 (same_task=${!!sameTask}, completed=${completed})`, ["src/engine/release_issue_scenario_registry.ts"], "release-issues", "problem-63 必须从同一 task 的 artifact_output 证明阻断、重验、显式接受和成功交付", "修复 repair-directive 场景的 behavioral_proof 与真实工具链");
+            }
+        }
+    }
+    // R10: index_only 泄漏行为门禁 — 通过真实 sf_expand 验证 index_only 不进入 prompt
+    {
+        const { createToolHarness } = await import("./release_tool_harness.js");
+        const { clearInjectionContractCache } = await import("./knowledge_injection_boundary.js");
+        clearInjectionContractCache();
+        try {
+            const harness = await createToolHarness({ copyKnowledge: true });
+            try {
+                const all = harness.knowledgeIndex.getAllEntries();
+                // 找到 index_only 条目
+                const { buildTemplateAssetContracts } = await import("./template_asset_contract_registry.js");
+                const contracts = buildTemplateAssetContracts(rootDir);
+                const indexOnlyIds = new Set(contracts.filter(c => c.runtime_visibility === "index_only").map(c => c.asset_id));
+                // R12: 前置条件缺失 = hardFail，不得静默跳过
+                if (all.project.length === 0) {
+                    hardFail("RELEASE_ISSUE_INDEX_ONLY_PROMPT_LEAK", "copyKnowledge 后无项目资产被索引，前置条件不满足", ["src/engine/knowledge_injection_boundary.ts"], "release-issues", "index_only 行为检查必须有同步+索引的资产", "检查 copyKnowledgeToProject 和 KIM build");
+                }
+                if (indexOnlyIds.size === 0) {
+                    hardFail("RELEASE_ISSUE_INDEX_ONLY_PROMPT_LEAK", "模板合同中无 index_only 资产，前置条件不满足", ["src/engine/template_asset_contract_registry.ts"], "release-issues", "index_only 行为检查必须存在 index_only 合同", "检查 buildTemplateAssetContracts 是否注册了 index_only 资产");
+                }
+                const clsRaw = await harness.callTool("sf_classify", { intent: "添加用户管理功能" });
+                const cls = harness.parseResult(clsRaw);
+                if (!cls.task_id) {
+                    hardFail("RELEASE_ISSUE_INDEX_ONLY_PROMPT_LEAK", "sf_classify 未返回 task_id，前置条件不满足", ["src/engine/classifier.ts"], "release-issues", "index_only 行为检查必须 sf_classify 返回有效 task_id", "检查分类器是否正常返回");
+                }
+                const expRaw = await harness.callTool("sf_expand", { task_id: cls.task_id });
+                const exp = harness.parseResult(expRaw);
+                // index_only 资产不得进入 matched_knowledge
+                const leaked = (exp.matched_knowledge ?? []).filter((k) => indexOnlyIds.has(k.id));
+                if (leaked.length > 0) {
+                    hardFail("RELEASE_ISSUE_INDEX_ONLY_PROMPT_LEAK", `index_only 资产泄漏到 expand 结果: ${leaked.map((k) => k.id).join(", ")}`, ["src/engine/knowledge_injection_boundary.ts"], "release-issues", "index_only 资产不得进入 matched_knowledge 或 prompt", "修复注入边界逻辑");
+                }
+                // prompt 中也不得包含 index_only 资产内容
+                const promptStr = exp.prompt ?? "";
+                const leakedInPrompt = all.project.filter((e) => {
+                    const contract = contracts.find(c => c.asset_id === e.id || c.path.endsWith(e.name + ".md"));
+                    return contract?.runtime_visibility === "index_only" && e.body && promptStr.includes(e.body.slice(0, 50));
+                });
+                if (leakedInPrompt.length > 0) {
+                    hardFail("RELEASE_ISSUE_INDEX_ONLY_PROMPT_LEAK", `index_only 资产内容泄漏到 prompt: ${leakedInPrompt.map((e) => e.id).join(", ")}`, ["src/engine/knowledge_injection_boundary.ts"], "release-issues", "index_only 资产内容不得出现在 prompt 中", "修复注入边界逻辑");
+                }
+            }
+            finally {
+                harness.cleanup();
+            }
+        }
+        catch (err) {
+            // R11: fail-closed — 缺少前置条件或异常 = hard_fail
+            hardFail("RELEASE_ISSUE_INDEX_ONLY_PROMPT_LEAK", `index_only 行为检查失败: ${err.message}`, ["src/engine/knowledge_injection_boundary.ts"], "release-issues", "index_only 行为检查不得跳过", "修复 index_only 检查前置条件");
+        }
+    }
+    // R10: 权威来源 fail-closed 主动负向测试 — 已注册但文件缺失必须被阻断
+    {
+        const { getConsumptionTraces, clearConsumptionTraces } = await import("./consumption_trace_store.js");
+        // 先检查已有 traces
+        const traces = getConsumptionTraces();
+        const authorityLeaks = traces.filter((t) => t.matched_reason?.includes("权威来源文件缺失") && t.contract_decision === "allowed");
+        if (authorityLeaks.length > 0) {
+            hardFail("RELEASE_ISSUE_AUTHORITIVE_FAIL_OPEN", `权威来源缺失的资产被 allowed: ${authorityLeaks.map((t) => t.asset_id).join(", ")}`, ["src/knowledge/index_manager.ts"], "release-issues", "已注册资产权威来源缺失时必须 fail-closed", "检查 filterByContractGate 逻辑");
+        }
+        // 主动负向测试: 创建临时项目，manifest 指向不存在的权威文件
+        try {
+            const { copyKnowledgeToProject } = await import("./template_init_sync.js");
+            const { KnowledgeIndexManager } = await import("../knowledge/index_manager.js");
+            const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "soloforge-r10-auth-"));
+            try {
+                await copyKnowledgeToProject(rootDir, tmpDir);
+                const manifestPath = path.join(tmpDir, ".soloforge", "sync-manifest.json");
+                const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+                const domainKey = Object.keys(manifest.entries).find(k => k.startsWith("domain/"));
+                // R12: 找不到 domain 条目 = hardFail，不得静默通过
+                if (!domainKey) {
+                    hardFail("RELEASE_ISSUE_AUTHORITIVE_FAIL_OPEN", "sync-manifest 中无 domain/ 条目可做篡改测试，前置条件不满足", ["src/engine/template_init_sync.ts"], "release-issues", "权威 fail-closed 测试必须找到可篡改的 domain 合同", "检查 copyKnowledgeToProject 是否同步了 domain 资产");
+                }
+                manifest.entries[domainKey].source_contract_path = "templates/knowledge/domain/不存在的权威文件.md";
+                fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2), "utf-8");
+                clearConsumptionTraces();
+                const kim = new KnowledgeIndexManager({
+                    tech_stack: { backend: { lang: "java", framework: "spring-boot" }, frontend: { lang: "typescript", framework: "react" } },
+                    _projectPath: tmpDir,
+                }, { watch: false });
+                await kim.build();
+                const domainEntries = kim.getAllEntries().project.filter((e) => e.file_path?.replace(/\\/g, "/").includes(domainKey));
+                await kim.close();
+                // 权威来源缺失 → 不得被索引
+                if (domainEntries.length > 0) {
+                    hardFail("RELEASE_ISSUE_AUTHORITIVE_FAIL_OPEN", `权威缺失的资产被索引: ${domainKey}`, ["src/knowledge/index_manager.ts"], "release-issues", "已注册资产权威来源缺失时必须 fail-closed", "检查 filterByContractGate 逻辑");
+                }
+            }
+            finally {
+                fs.rmSync(tmpDir, { recursive: true, force: true });
+            }
+        }
+        catch (err) {
+            // R11: fail-closed — 找不到篡改目标或执行异常 = hard_fail
+            hardFail("RELEASE_ISSUE_AUTHORITIVE_FAIL_OPEN", `权威 fail-closed 主动测试失败: ${err.message}`, ["src/knowledge/index_manager.ts"], "release-issues", "权威来源缺失测试不得跳过", "检查 filterByContractGate 和模板合同配置");
+        }
+    }
+    // 工作流硬规则正文单真源检查
+    {
+        const { WORKFLOW_TEMPLATE_HARD_RULES } = await import("./asset_manifest.js");
+        const { generateWorkflowRules } = await import("../adapters/shared/workflow_template.js");
+        const emptyRules = WORKFLOW_TEMPLATE_HARD_RULES.filter(r => r.enforcement_status === "enforced" && (!r.user_instruction || r.user_instruction.trim() === ""));
+        if (emptyRules.length > 0) {
+            hardFail("WORKFLOW_RULE_EMPTY_INSTRUCTION", `enforced 规则 user_instruction 为空: ${emptyRules.map(r => r.rule_id).join(", ")}`, ["src/engine/asset_manifest.ts"], "release-issues", "enforced 规则必须有非空 user_instruction", "为空规则补充用户可见指令文本");
+        }
+        const output = generateWorkflowRules({});
+        for (const rule of WORKFLOW_TEMPLATE_HARD_RULES) {
+            if (rule.user_instruction) {
+                const lines = rule.user_instruction.split("\n").filter(l => l.trim());
+                for (const line of lines) {
+                    if (!output.includes(line)) {
+                        hardFail("WORKFLOW_RULE_TEXT_MISSING_IN_OUTPUT", `规则 ${rule.rule_id} 正文未出现在生成输出: ${line}`, ["src/engine/asset_manifest.ts", "src/adapters/shared/workflow_template.ts"], "release-issues", "每条规则正文必须出现在 generateWorkflowRules 输出", "检查 WORKFLOW_STEPS 中是否遗漏该规则");
+                    }
+                }
+            }
+            if (!output.includes(`id=${rule.rule_id}`)) {
+                hardFail("WORKFLOW_RULE_MARKER_MISSING", `规则 ${rule.rule_id} marker 未出现在生成输出`, ["src/adapters/shared/workflow_template.ts"], "release-issues", "每条规则 marker 必须出现在 generateWorkflowRules 输出", "将规则添加到 WORKFLOW_STEPS");
+            }
+        }
+    }
+    if (/发布问题.*100%|100%.*发布问题/.test(gateDocText)) {
+        hardFail("RELEASE_ISSUE_DOC_PREMATURE_100", "发布门槛文档提前声称发布问题 100% 完成", ["docs/正式发布门槛.md"], "release-issues", "文档不得在返修未完成前声称 100%", "完成所有返修后更新文档");
+    }
+    // ══ 问题六十一: 通用决策研讨机制 ══
+    // TaskContext 必须有强类型通用决策研讨字段
+    const typesText = safeRead(path.join(rootDir, "src", "types.ts")) ?? "";
+    if (!typesText.includes("decision_workshop?: import")) {
+        hardFail("RELEASE_ISSUE_TASKCONTEXT_WEAK_TYPE", "TaskContext 缺少强类型 decision_workshop 字段", ["src/types.ts"], "problem-61", "使用 (ctx as any).decision_workshop 是弱类型", "在 TaskContext 添加 decision_workshop 强类型字段");
+    }
+    // tools.ts 不得使用 (ctx as any).decision_workshop
+    if (toolsText.includes("(ctx as any).decision_workshop")) {
+        hardFail("RELEASE_ISSUE_TOOLS_ANY_CAST", "tools.ts 仍使用 (ctx as any).decision_workshop 弱类型", ["src/adapters/claude_code/tools.ts"], "problem-61", "必须使用 TaskContext 强类型字段", "将 (ctx as any).decision_workshop 改为 ctx.decision_workshop");
+    }
+    // ExpandSchema 必须支持 decision_workshop 输入
+    if (!toolsText.includes("decision_workshop: z.unknown()")) {
+        hardFail("RELEASE_ISSUE_EXPAND_NO_WORKSHOP_INPUT", "ExpandSchema 不支持通用 decision_workshop 输入", ["src/adapters/claude_code/tools.ts"], "problem-61", "用户无法回传确认后的决策合同", "在 ExpandSchema 添加 decision_workshop 输入参数");
+    }
+    // 架构决策研讨子包必须接入 sf_expand
+    if (!toolsText.includes("checkArchitectureDecisionWorkshopGate({") ||
+        !toolsText.includes("projectContext: detectedArchitectureContext")) {
+        hardFail("RELEASE_ISSUE_MAINLINE_MISSING", "问题六十一架构研讨子包未接入 sf_expand", ["src/adapters/claude_code/tools.ts"], "problem-61", "仅有合同或模板不能证明主链路消费", "在 sf_expand 真实路由调用架构研讨门");
+    }
+    // 通用决策研讨必须接入 sf_expand（可组合决策包）
+    if (!toolsText.includes("lazyDecisionWorkshop") || !toolsText.includes("matchDecisionPacks") || !toolsText.includes("nonArchPacks")) {
+        hardFail("RELEASE_ISSUE_DECISION_WORKSHOP_MISSING", "问题六十一通用决策研讨未接入 sf_expand 可组合决策包", ["src/adapters/claude_code/tools.ts"], "problem-61", "非架构高影响任务也必须门禁，且必须支持组合多个决策包", "在 sf_expand 接入 matchDecisionPacks 门禁");
+    }
+    // DecisionPackRegistry 必须有 business_process 和 delivery_validation 独立包
+    {
+        const dwText = safeRead(path.join(rootDir, "src", "engine", "decision_workshop.ts")) ?? "";
+        if (!dwText.includes("business_process") || !dwText.includes("delivery_validation")) {
+            hardFail("RELEASE_ISSUE_DECISION_PACK_MISSING", "问题六十一 DecisionPackRegistry 缺少 business_process 或 delivery_validation 独立包", ["src/engine/decision_workshop.ts"], "problem-61", "业务流程和交付验证必须可独立触发", "在 DECISION_PACKS 添加 business_process 和 delivery_validation");
+        }
+    }
+    try {
+        const dw = await import(path.join(rootDir, "dist", "engine", "decision_workshop.js"));
+        // must-fail: 未确认的技术选型必须阻断
+        const techContract = dw.createDecisionWorkshop("gate-test", "technology_selection");
+        const techGate = dw.evaluateDecisionWorkshop(techContract);
+        if (techGate.allowed) {
+            hardFail("RELEASE_ISSUE_DECISION_FALSE_PASS", "问题六十一未确认技术选型草稿错误放行", ["src/engine/decision_workshop.ts"], "problem-61", "技术选型未确认应阻断", "修复 evaluateDecisionWorkshop");
+        }
+        // must-fail: 低风险任务不需要研讨
+        const lowRisk = dw.requiresDecisionWorkshop({ intent: "修复按钮颜色" });
+        if (lowRisk.required) {
+            hardFail("RELEASE_ISSUE_DECISION_LOW_RISK_BLOCKED", "问题六十一低风险任务错误触发决策研讨", ["src/engine/decision_workshop.ts"], "problem-61", "低风险任务不应触发研讨", "修复 requiresDecisionWorkshop 触发条件");
+        }
+        // must-pass: 确认的技术选型放行
+        const confirmed = dw.createDecisionWorkshop("gate-test-2", "technology_selection");
+        confirmed.extended_domains.technology_selection.status = "confirmed";
+        confirmed.extended_domains.technology_selection.user_confirmation_ref = "user-ok";
+        if (!dw.evaluateDecisionWorkshop(confirmed).allowed) {
+            hardFail("RELEASE_ISSUE_DECISION_CONFIRMED_BLOCKED", "问题六十一已确认决策仍被阻断", ["src/engine/decision_workshop.ts"], "problem-61", "已确认决策应放行", "修复 evaluateDecisionWorkshop 确认检查");
+        }
+    }
+    catch (error) {
+        hardFail("RELEASE_ISSUE_DECISION_LOAD_FAILED", `无法执行问题六十一行为复验: ${error?.message ?? error}`, ["src/engine/decision_workshop.ts"], "problem-61", "模块不可执行", "修复构建或导出");
+    }
+    // ══ 问题六十二: 标准资产覆盖机制 ══
+    if (!toolsText.includes("verifyDesignArtifactPack(projectPath, designPack)") ||
+        !toolsText.includes("ctx.design_artifact_pack.status !== \"implementation_ready\"") ||
+        !toolsText.includes("checkDesignArtifactWriteGate({ ctx, toolName: name, sideEffects: effectiveSideEffects })")) {
+        hardFail("RELEASE_ISSUE_MAINLINE_MISSING", "问题六十二设计产物包子机制未接入真实消费路径", ["src/adapters/claude_code/tools.ts"], "problem-62", "仅有文档校验函数不能阻断用户编码/交付", "在验证、写入与交付路径消费设计产物包状态");
+    }
+    if (!cliText.includes("cmdAuditDesignArtifacts") ||
+        !cliText.includes("cmdUpgradeDesignArtifacts") ||
+        !cliText.includes("currentTask?.design_artifact_pack")) {
+        hardFail("RELEASE_ISSUE_USER_CLI_MISSING", "问题六十二缺少用户 CLI 审计/升级或 Claude Code 写入 hook 阻断路径", ["src/bin/soloforge.ts"], "problem-62", "MCP 内部调用不能覆盖用户现有文档升级与直接 Edit/Write 路径", "接入 audit/upgrade CLI 与 check-write 设计产物门");
+    }
+    // 标准资产覆盖机制必须使用真实注册表审计
+    try {
+        const cov = await import(path.join(rootDir, "dist", "engine", "standard_asset_coverage.js"));
+        const car = await import(path.join(rootDir, "dist", "engine", "consumable_asset_registry.js"));
+        const manifest = await import(path.join(rootDir, "dist", "engine", "asset_manifest.js"));
+        // 从真实注册表构建消费证据
+        const registeredAssets = car.listBuiltinConsumableAssets();
+        const consumablePaths = new Set(registeredAssets.map((a) => a.path));
+        const ownerMap = new Map(registeredAssets.map((a) => [a.path, a.owner_mechanism_id ?? ""]));
+        const manifestEntries = manifest.ASSET_MANIFEST;
+        const consumerMap = new Map(manifestEntries.map((e) => [e.path, []]));
+        const visibilityMap = new Map(manifestEntries.map((e) => [e.path, e.consumption_mode ?? "unknown"]));
+        const report = cov.auditStandardAssetCoverage(rootDir, consumablePaths, ownerMap, consumerMap, visibilityMap);
+        // 必须能审计并返回结构化报告
+        if (typeof report.total_assets !== "number" || typeof report.covered_assets !== "number") {
+            hardFail("RELEASE_ISSUE_COVERAGE_REPORT_INVALID", "问题六十二覆盖审计报告结构不完整", ["src/engine/standard_asset_coverage.ts"], "problem-62", "审计报告缺少必须字段", "修复 auditStandardAssetCoverage 返回结构");
+        }
+        // 不得传空 Set/空 Map 通过覆盖检查 — 必须使用真实数据
+        if (report.total_assets > 0 && report.covered_assets === report.total_assets && consumablePaths.size === 0) {
+            hardFail("RELEASE_ISSUE_COVERAGE_EMPTY_REGISTRY_PASS", "问题六十二空注册表不应全部覆盖", ["src/engine/standard_asset_coverage.ts"], "problem-62", "空注册表时所有资产必须 uncovered", "修复覆盖检查使用真实注册表");
+        }
+    }
+    catch (error) {
+        hardFail("RELEASE_ISSUE_COVERAGE_LOAD_FAILED", `无法执行问题六十二覆盖审计行为复验: ${error?.message ?? error}`, ["src/engine/standard_asset_coverage.ts"], "problem-62", "模块不可执行", "修复构建或导出");
+    }
+    try {
+        const workshop = await import(path.join(rootDir, "dist", "engine", "architecture_decision_workshop.js"));
+        const designPack = await import(path.join(rootDir, "dist", "engine", "design_artifact_pack.js"));
+        const draft = workshop.createArchitectureDecisionWorkshop("release-issue", "new_system");
+        if (workshop.evaluateArchitectureDecisionWorkshop(draft).allowed) {
+            hardFail("RELEASE_ISSUE_BEHAVIOR_FALSE_PASS", "问题六十一未确认六域的草稿错误放行", ["src/engine/architecture_decision_workshop.ts"], "problem-61", "必须有负向行为证据", "修复研讨生成门");
+        }
+        const missingPackResult = designPack.verifyDesignArtifactPack(rootDir, designPack.createDesignArtifactPack("release-issue"));
+        if (missingPackResult.passed) {
+            hardFail("RELEASE_ISSUE_BEHAVIOR_FALSE_PASS", "问题六十二缺少用户项目设计产物时错误放行", ["src/engine/design_artifact_pack.ts"], "problem-62", "必须读取真实资产并阻断缺失", "修复设计产物复验门");
+        }
+    }
+    catch (error) {
+        hardFail("RELEASE_ISSUE_MODULE_LOAD_FAILED", `无法执行 发布问题行为复验: ${error?.message ?? error}`, ["src/engine/architecture_decision_workshop.ts", "src/engine/design_artifact_pack.ts"], "发布问题", "模块不可执行", "修复构建或导出");
+    }
+    if (!workflowText.includes("wf-architecture-workshop-first") || !workflowText.includes("wf-design-artifact-pack")) {
+        hardFail("RELEASE_ISSUE_USER_INJECTION_MISSING", "用户项目工作流模板未注入 发布问题硬协议", ["src/adapters/shared/workflow_template.ts"], "problem-61/problem-62", "运行时有门但用户不可预期会造成体验断裂", "向 workflow template 注入硬规则");
+    }
+    // workflow_template @sf-hard-rule 机制 ID 必须能解析到权威机制注册条目且资产文件存在
+    try {
+        const { validateWorkflowRuleSources } = await import("../adapters/shared/workflow_template.js");
+        const wfValidation = validateWorkflowRuleSources(rootDir);
+        if (!wfValidation.valid) {
+            if (wfValidation.missing_mechanisms.length > 0) {
+                hardFail("RELEASE_ISSUE_WF_RULE_MISSING_MECHANISM", `工作流模板引用了未注册的机制: ${wfValidation.missing_mechanisms.join(", ")}`, ["src/adapters/shared/workflow_template.ts"], "发布问题", "硬编码规则与权威机制注册表漂移", "在 dual_layer_mechanism_registry 中注册缺失机制或修正 workflow_template 引用");
+            }
+            if (wfValidation.missing_assets.length > 0) {
+                hardFail("RELEASE_ISSUE_WF_RULE_MISSING_ASSET", `工作流模板规则的权威资产文件缺失: ${wfValidation.missing_assets.join(", ")}`, ["src/adapters/shared/workflow_template.ts"], "发布问题", "权威规则资产文件不存在", "恢复缺失的模板文件或修正注册表路径");
+            }
+            if (wfValidation.checksum_mismatch) {
+                hardFail("RELEASE_ISSUE_WF_RULE_CONTENT_DRIFT", `工作流模板权威规则内容校验和不匹配: 嵌入=${wfValidation.embedded_checksum}, 实际=${wfValidation.computed_checksum}`, ["src/adapters/shared/workflow_template.ts"], "发布问题", "权威规则资产内容已变化但工作流模板未同步", "运行 updateEmbeddedChecksum 或重新生成工作流模板");
+            }
+        }
+    }
+    catch (error) {
+        hardFail("RELEASE_ISSUE_WF_RULE_VALIDATION_FAILED", `工作流规则来源校验失败: ${error?.message ?? error}`, ["src/adapters/shared/workflow_template.ts"], "发布问题", "校验函数不可执行", "修复 validateWorkflowRuleSources 导出");
+    }
+    // ══ 问题六十三: 标准资产契约 ══
+    const sacText = safeRead(path.join(rootDir, "src", "engine", "standard_asset_contract.ts")) ?? "";
+    if (!sacText.includes("matchTemplateContract") || !sacText.includes("verifyOutputAgainstContract") || !sacText.includes("createRepairReverifyDirective")) {
+        hardFail("RELEASE_ISSUE_CONTRACT_MISSING", "问题六十三缺少模板契约匹配、产物验证或修复重验函数", ["src/engine/standard_asset_contract.ts"], "problem-63", "缺少核心函数不能实现契约验证", "实现 matchTemplateContract / verifyOutputAgainstContract / createRepairReverifyDirective");
+    }
+    // sf_verify 必须按文件逐一匹配契约（不得使用 changed_files[0] 的契约校验全部文件）
+    if (!toolsText.includes("lazyStandardAssetContract") || !toolsText.includes("SF-CONTRACT-0003") || !toolsText.includes("repair_reverify_directive")) {
+        hardFail("RELEASE_ISSUE_CONTRACT_MAINLINE_MISSING", "问题六十三未接入 sf_verify 模板契约验证和 sf_deliver 修复重验阻断", ["src/adapters/claude_code/tools.ts"], "problem-63", "仅有契约定义不能阻断交付", "在 sf_verify 消费模板契约验证、sf_deliver 消费修复重验阻断");
+    }
+    // 必须检查 per-file 匹配（不得 changed_files[0] 统一匹配）
+    if (toolsText.includes("file_path: args.changed_files?.[0]") && !toolsText.includes("file_path: changedFile")) {
+        hardFail("RELEASE_ISSUE_CONTRACT_SINGLE_FILE_MATCH", "问题六十三 sf_verify 仍使用 changed_files[0] 单一匹配", ["src/adapters/claude_code/tools.ts"], "problem-63", "一个契约不能校验所有文件", "改为按文件逐一匹配 matchTemplateContract");
+    }
+    // 草稿必须阻断（不得 continue 跳过）
+    if (toolsText.includes("SF-CONTRACT-DRAFT") === false) {
+        hardFail("RELEASE_ISSUE_CONTRACT_DRAFT_SKIP", "问题六十三草稿文件未阻断下游消费", ["src/adapters/claude_code/tools.ts"], "problem-63", "草稿不得静默跳过", "草稿必须写入 blocked 状态并阻断");
+    }
+    try {
+        const sac = await import(path.join(rootDir, "dist", "engine", "standard_asset_contract.js"));
+        if (sac.matchTemplateContract({ file_path: "docs/architecture/01-架构设计文档.md" }) === null) {
+            hardFail("RELEASE_ISSUE_CONTRACT_MATCH_FAILURE", "问题六十三模板匹配失败：架构设计文档路径应匹配模板契约", ["src/engine/standard_asset_contract.ts"], "problem-63", "精确路径应匹配 P0 模板", "修复 matchTemplateContract 路径匹配逻辑");
+        }
+    }
+    catch (error) {
+        hardFail("RELEASE_ISSUE_CONTRACT_LOAD_FAILED", `无法执行问题六十三行为复验: ${error?.message ?? error}`, ["src/engine/standard_asset_contract.ts"], "problem-63", "模块不可执行", "修复构建或导出");
+    }
+    // ══ 问题六十四: 模板资产可见性 ══
+    const visText = safeRead(path.join(rootDir, "src", "engine", "template_asset_visibility.ts")) ?? "";
+    if (!visText.includes("isInherentlyInternal") || !visText.includes("inferVisibilityFromPath") || !visText.includes("filterSyncAssets")) {
+        hardFail("RELEASE_ISSUE_VISIBILITY_MISSING", "问题六十四缺少内部资产识别、可见性推断或同步过滤函数", ["src/engine/template_asset_visibility.ts"], "problem-64", "缺少核心函数不能实现可见性门禁", "实现 isInherentlyInternal / inferVisibilityFromPath / filterSyncAssets");
+    }
+    const syncText = safeRead(path.join(rootDir, "src", "engine", "template_init_sync.ts")) ?? "";
+    if (!cliText.includes("getContractDecision") && !syncText.includes("getContractDecision")) {
+        hardFail("RELEASE_ISSUE_VISIBILITY_SYNC_MISSING", "问题六十四 copyKnowledgeTemplates 未接入可见性门禁", ["src/engine/template_init_sync.ts"], "problem-64", "init/sync 不加门禁会泄漏内部资产到用户项目", "在 template_init_sync 中消费可见性门禁");
+    }
+    // copyKnowledgeTemplates 不得使用 subDirs 硬编码列表
+    if (cliText.includes("const subDirs = [")) {
+        hardFail("RELEASE_ISSUE_VISIBILITY_SUBDIRS_HARDCODE", "问题六十四 copyKnowledgeTemplates 仍使用 subDirs 硬编码列表", ["src/bin/soloforge.ts"], "problem-64", "硬编码 subDirs 无法覆盖新增目录", "改为递归发现并统一走可见性门禁");
+    }
+    // scaffolder 不得使用 process.cwd() 作为内置路径 fallback
+    const scaffolderText = safeRead(path.join(rootDir, "src", "engine", "scaffolder.ts")) ?? "";
+    if (scaffolderText.includes("process.cwd()")) {
+        hardFail("RELEASE_ISSUE_SCAFFOLDER_CWD_FALLBACK", "问题六十四 scaffolder 仍使用 process.cwd() 作为内置路径", ["src/engine/scaffolder.ts"], "problem-64", "process.cwd() 在 npm 安装场景解析错误", "改为 import.meta.dirname 解析包内路径");
+    }
+    try {
+        const vis = await import(path.join(rootDir, "dist", "engine", "template_asset_visibility.js"));
+        // 内部资产必须被识别
+        if (!vis.isInherentlyInternal("templates/knowledge/rules/演进回归规则.md")) {
+            hardFail("RELEASE_ISSUE_VISIBILITY_INTERNAL_MISS", "问题六十四内部资产识别失败：演进回归规则应被识别为内部资产", ["src/engine/template_asset_visibility.ts"], "problem-64", "denylist 不生效", "修复 isInherentlyInternal 逻辑");
+        }
+        // 用户可见资产不应被识别为内部
+        if (vis.isInherentlyInternal("templates/knowledge/acceptance_templates/架构设计模版.md")) {
+            hardFail("RELEASE_ISSUE_VISIBILITY_USER_MISS", "问题六十四用户项目资产误判为内部资产", ["src/engine/template_asset_visibility.ts"], "problem-64", "用户可见资产不应被过滤", "修复 isInherentlyInternal 逻辑");
+        }
+    }
+    catch (error) {
+        hardFail("RELEASE_ISSUE_VISIBILITY_LOAD_FAILED", `无法执行问题六十四行为复验: ${error?.message ?? error}`, ["src/engine/template_asset_visibility.ts"], "problem-64", "模块不可执行", "修复构建或导出");
+    }
+    // ══ 发布问题返修新增门禁 ══
+    // 问题六十一: sf_expand 不得使用不存在的 args.intent
+    {
+        const expandFnMatch = toolsText.match(/\/\/ 问题六十一[\s\S]*?matchDecisionPacks\(\{[^}]*\}\)/);
+        if (expandFnMatch && expandFnMatch[0].includes("args.intent")) {
+            hardFail("RELEASE_ISSUE_DECISION_ARGS_INTENT", "问题六十一 sf_expand 使用不存在的 args.intent 调用 matchDecisionPacks", ["src/adapters/claude_code/tools.ts"], "problem-61", "ExpandSchema 无 intent 字段，args.intent 永远 undefined", "改用 ctx.intent / ctx.classification / ctx.route_decision");
+        }
+    }
+    // 问题六十二: standard_asset_coverage 不得以注册存在替代复验路径
+    {
+        const sacCovText = safeRead(path.join(rootDir, "src", "engine", "standard_asset_coverage.ts")) ?? "";
+        if (sacCovText.includes("hasRevalidation = isRegistered") || sacCovText.includes("has_revalidation_path: isRegistered")) {
+            hardFail("RELEASE_ISSUE_COVERAGE_FAKE_REVALIDATION", "问题六十二 hasRevalidation=isRegistered 将注册等同于复验路径", ["src/engine/standard_asset_coverage.ts"], "problem-62", "注册存在不等于有复验入口", "必须从真实消费链路验证复验路径");
+        }
+        // 覆盖审计不得从 ASSET_MANIFEST 创建空 consumerMap
+        if (cliText.includes("ASSET_MANIFEST") && cliText.includes("[] as string[]") && cliText.includes("consumerMap")) {
+            hardFail("RELEASE_ISSUE_COVERAGE_EMPTY_CONSUMER", "问题六十二 audit-template-visibility 从 ASSET_MANIFEST 创建空 consumerMap", ["src/bin/soloforge.ts"], "problem-62", "空 consumerMap 导致所有资产 missing_consumer=0 假通过", "从权威合同获取真实消费者");
+        }
+        // 覆盖报告中有 uncovered/missing_consumer 时必须 hard_fail
+        // 消费者证据从逐资产运行时观察结果获取，不从合同声明字段复制
+        try {
+            const cov = await import(path.join(rootDir, "dist", "engine", "standard_asset_coverage.js"));
+            const car = await import(path.join(rootDir, "dist", "engine", "consumable_asset_registry.js"));
+            const contractReg = await import(path.join(rootDir, "dist", "engine", "template_asset_contract_registry.js"));
+            const obsMod = await import(path.join(rootDir, "dist", "engine", "observed_consumption.js"));
+            const registeredAssets = car.listBuiltinConsumableAssets();
+            const contracts = contractReg.listTemplateAssetContracts();
+            const consumablePaths = new Set(registeredAssets.map((a) => a.path));
+            const ownerMap = new Map(contracts.map((c) => [c.path, c.owner_mechanism_id]));
+            // 运行真实 scenario 生成消费 trace，然后构建消费者映射
+            const obsReport = await obsMod.observeAllConsumption(rootDir);
+            const consumerMap = new Map();
+            for (const obs of obsReport.observations) {
+                const consumers = consumerMap.get(obs.asset_path) ?? [];
+                // entry_point 即为真实消费入口
+                if (obs.entry_point && !consumers.includes(obs.entry_point)) {
+                    consumers.push(obs.entry_point);
+                }
+                consumerMap.set(obs.asset_path, consumers);
+            }
+            // 补充复验入口标识（与消费者证据不同维度，复验入口是审计/验证角色标识）
+            for (const c of contracts) {
+                const consumers = consumerMap.get(c.path) ?? [];
+                if (c.validation_entrypoint && !consumers.includes(c.validation_entrypoint)) {
+                    consumers.push(c.validation_entrypoint);
+                }
+                consumerMap.set(c.path, consumers);
+            }
+            const visibilityMap = new Map(contracts.map((c) => [c.path, c.asset_visibility ?? "unknown"]));
+            const report = cov.auditStandardAssetCoverage(rootDir, consumablePaths, ownerMap, consumerMap, visibilityMap);
+            if (report.uncovered_assets > 0) {
+                hardFail("RELEASE_ISSUE_COVERAGE_UNCOVERED", `问题六十二覆盖审计发现 ${report.uncovered_assets} 个未覆盖资产`, ["src/engine/standard_asset_coverage.ts", "src/engine/template_asset_contract_registry.ts"], "problem-62", "未覆盖资产不得通过发布门禁", "为每个资产建立真实消费证据");
+            }
+            if (report.missing_consumer > 0) {
+                hardFail("RELEASE_ISSUE_COVERAGE_MISSING_CONSUMER", `问题六十二覆盖审计发现 ${report.missing_consumer} 个资产缺少主链路消费者`, ["src/engine/standard_asset_coverage.ts", "src/engine/template_asset_contract_registry.ts"], "problem-62", "无消费者证据不得通过发布门禁", "为每个资产建立真实主链路消费者");
+            }
+            if (report.missing_revalidation > 0) {
+                hardFail("RELEASE_ISSUE_COVERAGE_MISSING_REVALIDATION", `问题六十二覆盖审计发现 ${report.missing_revalidation} 个资产缺少复验入口`, ["src/engine/standard_asset_coverage.ts", "src/engine/template_asset_contract_registry.ts"], "problem-62", "无复验入口不得通过发布门禁", "为每个资产建立真实复验入口");
+            }
+        }
+        catch (error) {
+            // template_asset_contract_registry 尚不存在 — 这是预期失败
+            hardFail("RELEASE_ISSUE_CONTRACT_REGISTRY_MISSING", `问题六十三权威合同注册表不存在: ${error?.message ?? error}`, ["src/engine/template_asset_contract_registry.ts"], "problem-63", "214 资产必须有权威合同", "创建 template_asset_contract_registry.ts");
+        }
+    }
+    // 问题六十三: templates 总数 = 权威合同覆盖数
+    {
+        const contractRegText = safeRead(path.join(rootDir, "src", "engine", "template_asset_contract_registry.ts")) ?? "";
+        if (!contractRegText.includes("TemplateAssetContract") || !contractRegText.includes("listTemplateAssetContracts")) {
+            hardFail("RELEASE_ISSUE_CONTRACT_REGISTRY_MISSING", "问题六十三缺少权威合同注册表（TemplateAssetContract / listTemplateAssetContracts）", ["src/engine/template_asset_contract_registry.ts"], "problem-63", "214 资产必须有单一权威元数据体系", "创建 template_asset_contract_registry.ts");
+        }
+    }
+    // 问题六十四: 可见性不得使用 denylist 猜测
+    {
+        const visText2 = safeRead(path.join(rootDir, "src", "engine", "template_asset_visibility.ts")) ?? "";
+        if (visText2.includes("INTERNAL_ASSET_PATTERNS")) {
+            hardFail("RELEASE_ISSUE_VISIBILITY_DENYLIST", "问题六十四 template_asset_visibility.ts 仍使用 INTERNAL_ASSET_PATTERNS denylist", ["src/engine/template_asset_visibility.ts"], "problem-64", "denylist 猜测不是权威分类", "改用权威合同注册表的 asset_visibility 字段");
+        }
+    }
+    // 问题六十四: 必须存在并执行真实技术栈受限资产，禁止以跳过或内存假资产代替。
+    {
+        const { buildTemplateAssetContracts } = await import("./template_asset_contract_registry.js");
+        const restrictedScaffolds = buildTemplateAssetContracts(rootDir).filter((contract) => contract.consume_category === "scaffold_only" && contract.applicable_tech_stack.length > 0);
+        if (restrictedScaffolds.length === 0) {
+            hardFail("RELEASE_ISSUE_TECH_STACK_ASSET_MISSING", "问题六十四不存在真实 applicable_tech_stack 脚手架资产", ["src/engine/explicit_asset_registry.ts"], "problem-64", "没有真实受限资产不能证明技术栈隔离", "为内置脚手架声明权威 applicable_tech_stack 并走 sf_scaffold 验证");
+        }
+        const scenarioTestText = safeRead(path.join(rootDir, "tests", "engine", "release_issue_scenario_matrix.test.ts")) ?? "";
+        const failClosedTestText = safeRead(path.join(rootDir, "tests", "engine", "contract_fail_closed.test.ts")) ?? "";
+        if (/it\.skip\([\s\S]{0,80}技术栈|test-java-rule/.test(`${scenarioTestText}\n${failClosedTestText}`)) {
+            hardFail("RELEASE_ISSUE_TECH_STACK_FAKE_TEST", "问题六十四仍以跳过测试或内存假资产代替真实技术栈复验", ["tests/engine/release_issue_scenario_matrix.test.ts", "tests/engine/contract_fail_closed.test.ts"], "problem-64", "假资产/skip 不证明用户实际链路", "仅使用 explicit_asset_registry 已登记资产执行真实 scaffold 场景");
+        }
+    }
+    // sf_accept 必须为需要显式授权的验收入口，且处理器不得直接篡改产物状态。
+    {
+        const contractText = safeRead(path.join(rootDir, "src", "engine", "tool_invocation_contract_registry.ts")) ?? "";
+        const acceptStart = toolsText.indexOf('registerSafeTool(\n    "sf_accept"');
+        const deliverStart = toolsText.indexOf('registerSafeTool(\n    "sf_deliver"', acceptStart + 1);
+        const acceptBody = toolsText.substring(acceptStart, deliverStart > 0 ? deliverStart : toolsText.length);
+        const contractStrict = /tool_name:\s*"sf_accept"[\s\S]{0,120}category:\s*"strict_controlled"[\s\S]{0,120}requires_authorization:\s*true/.test(contractText);
+        const confirmsEvidence = acceptBody.includes("confirmation_ref") && acceptBody.includes("confirmed_by") && acceptBody.includes("updateArtifactStatus");
+        const directStatusWrite = /artifact_output\.status\s*=\s*"accepted"/.test(acceptBody);
+        if (!contractStrict || !confirmsEvidence || directStatusWrite) {
+            hardFail("RELEASE_ISSUE_ACCEPTANCE_SELF_ATTESTATION", "sf_accept 仍可缺少显式确认或绕过 artifact 生命周期", ["src/adapters/claude_code/tools.ts", "src/engine/tool_invocation_contract_registry.ts"], "problem-63", "自动生成的验收证据不得放行正式产物", "要求显式确认引用并只通过 updateArtifactStatus 接受产物");
+        }
+    }
+    // 问题五十九: 新增 CLI 命令不得使用 console.log
+    {
+        const auditFnStart = cliText.indexOf("async function cmdAuditTemplateVisibility");
+        const nextFnStart = cliText.indexOf("\nasync function ", auditFnStart + 1);
+        const fnBody = cliText.substring(auditFnStart, nextFnStart > 0 ? nextFnStart : cliText.length);
+        if (fnBody.includes("console.log")) {
+            hardFail("RELEASE_ISSUE_LOGGER_VIOLATION", "问题五十九 cmdAuditTemplateVisibility 使用 console.log 违反日志治理", ["src/bin/soloforge.ts"], "problem-59", "新增代码必须使用统一 logger", "替换 console.log 为 userInfo/userJson");
+        }
+    }
+    // 问题六十二/六十三: 逐资产运行时消费证据 — 不得接受"consumer file exists"或"export name exists"作为真实消费证明
+    {
+        const { observeAllConsumption } = await import("./observed_consumption.js");
+        const report = await observeAllConsumption(rootDir);
+        if (report.fail > 0) {
+            hardFail("RELEASE_ISSUE_CONSUMPTION_EVIDENCE_FAIL", `问题六十二逐资产消费证据验证失败(${report.fail} failures): ${report.failures.join("; ")}`, ["src/engine/observed_consumption.ts", "src/engine/template_asset_contract_registry.ts"], "problem-62", "逐资产运行时消费证据不完整", "检查 observeAllConsumption 中每个资产的观察结果");
+        }
+        if (report.total < 215) {
+            hardFail("RELEASE_ISSUE_CONSUMPTION_EVIDENCE_INCOMPLETE", `问题六十二消费证据仅覆盖 ${report.total} 个资产，预期至少 215`, ["src/engine/observed_consumption.ts"], "problem-62", "消费证据覆盖不全", "确保所有注册资产都有消费观察记录");
+        }
+        // trace 必须来自真实入口（init/sync_templates），不得仅来自 contract_gate 兜底
+        const traceCounts = report.trace_counts;
+        if ((traceCounts.init ?? 0) === 0 && (traceCounts.sync_templates ?? 0) === 0) {
+            hardFail("RELEASE_ISSUE_CONSUMPTION_EVIDENCE_NO_REAL_TRACE", "问题六十二消费证据无真实入口 trace（init/sync_templates 均为 0）", ["src/engine/observed_consumption.ts"], "problem-62", "必须运行真实入口 scenario 产生 trace", "检查 observeAllConsumption 中的 scenario runner");
+        }
+        // 硬检查: mainline trace 的 declared_consumer 必须与合同 mainline_consumer 精确匹配
+        for (const obs of report.observations) {
+            if (obs.consume_category === "mainline" && obs.validation_result === "fail" && obs.failure_reason?.includes("无精确消费 trace")) {
+                hardFail("RELEASE_ISSUE_MAINLINE_TRACE_MISMATCH", `mainline 资产消费 trace 不匹配: ${obs.failure_reason}`, ["src/engine/observed_consumption.ts", obs.asset_path], "problem-62", "mainline trace declared_consumer 必须与合同 mainline_consumer 精确对应", "确保生产函数记录 declared_consumer");
+            }
+        }
+    }
+    // 负向测试: scaffold_only 资产必须有 scaffold trace，删除 scaffold scenario 后必须 fail
+    {
+        const { buildTemplateAssetContracts } = await import("./template_asset_contract_registry.js");
+        const { getConsumptionTraces, clearConsumptionTraces, recordConsumptionTrace } = await import("./consumption_trace_store.js");
+        clearConsumptionTraces();
+        // 只运行 init+sync（不运行 scaffold），scaffold_only 资产应无合法 trace
+        const { copyKnowledgeToProject, copyPatternsToGlobal } = await import("./template_init_sync.js");
+        const tmpNegDir = fs.mkdtempSync(path.join(os.tmpdir(), "soloforge-neg-"));
+        try {
+            await copyKnowledgeToProject(rootDir, tmpNegDir);
+            const globalDir = path.join(tmpNegDir, ".soloforge", "patterns");
+            await copyPatternsToGlobal(rootDir, globalDir);
+        }
+        finally {
+            fs.rmSync(tmpNegDir, { recursive: true, force: true });
+        }
+        // 收集 scaffold_only 合同，验证它们都没有 scaffold trace
+        const contracts = buildTemplateAssetContracts(rootDir);
+        const scaffoldContracts = contracts.filter(c => c.consume_category === "scaffold_only");
+        const traces = getConsumptionTraces();
+        const scaffoldTracedPaths = new Set(traces.filter(t => t.consumer === "scaffold").map(t => t.asset_path));
+        const scaffoldWithTrace = scaffoldContracts.filter(c => scaffoldTracedPaths.has(c.path));
+        if (scaffoldWithTrace.length > 0) {
+            hardFail("RELEASE_ISSUE_NEGATIVE_SCAFFOLD_LEAK", `负向测试失败: 未运行 scaffold scenario 但 ${scaffoldWithTrace.length} 个 scaffold_only 资产有 scaffold trace`, ["src/engine/observed_consumption.ts"], "problem-62", "scaffold trace 不应从其他 scenario 泄露", "检查 scaffold scenario 是否独立");
+        }
+        clearConsumptionTraces();
+    }
+    // 问题六十四: copyKnowledgeTemplates 必须对无合同资产 fail-closed
+    {
+        const copyFnSource = syncText || cliText;
+        const copyFnStart = copyFnSource.indexOf("async function copyKnowledge") !== -1
+            ? copyFnSource.indexOf("async function copyKnowledge")
+            : copyFnSource.indexOf("export async function copyKnowledgeToProject");
+        const copyFnEnd = copyFnSource.indexOf("\nasync function ", copyFnStart + 1);
+        const copyFnBody = copyFnSource.substring(copyFnStart, copyFnEnd > 0 ? copyFnEnd : copyFnSource.length);
+        // 必须有 "skipped_no_contract" 或 "unregistered" — 证明无合同时会跳过
+        if (!copyFnBody.includes("skipped_no_contract") && !copyFnBody.includes("unregistered")) {
+            hardFail("RELEASE_ISSUE_COPY_NO_CONTRACT_FAIL_OPEN", "问题六十四 copyKnowledgeTemplates 未对无合同资产 fail-closed", ["src/engine/template_init_sync.ts"], "problem-64", "无合同资产不应被复制", "添加 skipped_no_contract 计数并在无合同时 continue");
+        }
+    }
+}
 // ── 主入口 ──
 export async function runReleaseReadinessGate(rootDir) {
     const hardFails = [];
@@ -1025,12 +2139,36 @@ export async function runReleaseReadinessGate(rootDir) {
     endPhase("Batch 问题文档格式一致性");
     // 8
     beginPhase("关键问题消费验证");
-    checkCriticalProblemConsumption(rootDir, hardFail, _info);
+    await checkCriticalProblemConsumption(rootDir, hardFail, _info);
     endPhase("关键问题消费验证");
     // 9
     beginPhase("机制身份一致性");
     await checkMechanismIdentityConsistency(rootDir, hardFail, _info);
     endPhase("机制身份一致性");
+    // 10: P0/P1 知识资产 schema 完整性
+    beginPhase("P0/P1 知识资产 schema");
+    await checkKnowledgeAssetSchema(rootDir, hardFail, _info);
+    endPhase("P0/P1 知识资产 schema");
+    // 11: console.log 检查
+    beginPhase("engine console.log 检查");
+    checkEngineConsoleLog(rootDir, hardFail);
+    endPhase("engine console.log 检查");
+    // 12: 中文注释检查
+    beginPhase("中文注释检查");
+    checkChineseComments(rootDir, hardFail);
+    endPhase("中文注释检查");
+    // 13: 第五批文档↔roadmap↔scenario 一致性
+    beginPhase("第五批一致性校验");
+    await checkLastBatchConsistency(rootDir, hardFail, _info);
+    endPhase("第五批一致性校验");
+    // 14: 依赖漏洞扫描（在 console.error 恢复前执行以避免干扰）
+    beginPhase("依赖漏洞扫描");
+    checkDependencyAudit(rootDir, hardFail, _info);
+    endPhase("依赖漏洞扫描");
+    // 15: 发布问题全局合同（问题六十一至六十四）
+    beginPhase("发布问题全局合同");
+    await checkReleaseIssueDesignPath(rootDir, hardFail, _info);
+    endPhase("发布问题全局合同");
     // 恢复 console.error 和日志器
     console.error = origConsoleError;
     resetLogger();