soulguard 0.1.3 → 0.2.0

package/dist/index.js

@@ -1,4 +1,3 @@
-import { createRequire } from "node:module";
 var __create = Object.create;
 var __getProtoOf = Object.getPrototypeOf;
 var __defProp = Object.defineProperty;
@@ -25,7 +24,6 @@ var __export = (target, all) => {
       set: (newValue) => all[name] = () => newValue
     });
 };
-var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // ../../node_modules/.bun/picocolors@1.1.1/node_modules/picocolors/picocolors.js
 var require_picocolors = __commonJS((exports, module) => {
@@ -97,15 +95,14 @@ var require_picocolors = __commonJS((exports, module) => {
   module.exports.createColors = createColors;
 });
 
-// ../core/src/result.ts
+// ../core/src/util/result.ts
 function ok(value) {
   return { ok: true, value };
 }
 function err(error) {
   return { ok: false, error };
 }
-
-// ../core/src/types.ts
+// ../core/src/util/types.ts
 function formatIssue(issue) {
   switch (issue.kind) {
     case "wrong_owner":
@@ -4091,82 +4088,29 @@ var coerce = {
   date: (arg) => ZodDate.create({ ...arg, coerce: true })
 };
 var NEVER = INVALID;
-// ../core/src/schema.ts
+// ../core/src/sdk/schema.ts
+var tierSchema = exports_external.enum(["protect", "watch"]);
+var ownershipSchema = exports_external.object({
+  user: exports_external.string(),
+  group: exports_external.string(),
+  mode: exports_external.string()
+});
+var daemonConfigSchema = exports_external.object({
+  channel: exports_external.string()
+}).passthrough();
 var soulguardConfigSchema = exports_external.object({
-  vault: exports_external.array(exports_external.string()),
-  ledger: exports_external.array(exports_external.string()),
-  git: exports_external.boolean().optional()
+  version: exports_external.literal(1),
+  guardian: exports_external.string(),
+  files: exports_external.record(exports_external.string(), tierSchema),
+  git: exports_external.boolean().optional(),
+  defaultOwnership: ownershipSchema.optional(),
+  daemon: daemonConfigSchema.optional()
 });
 function parseConfig(raw) {
   return soulguardConfigSchema.parse(raw);
 }
-// ../core/src/system-ops.ts
-async function getFileInfo(path, ops) {
-  const statResult = await ops.stat(path);
-  if (!statResult.ok)
-    return statResult;
-  const hashResult = await ops.hashFile(path);
-  if (!hashResult.ok)
-    return hashResult;
-  return ok({
-    path,
-    ownership: statResult.value.ownership,
-    hash: hashResult.value
-  });
-}
-// ../core/src/system-ops-mock.ts
+// ../core/src/util/system-ops-mock.ts
 import { resolve } from "node:path";
-
-// ../core/src/glob.ts
-function isGlob(path) {
-  return path.includes("*");
-}
-function createGlobMatcher(pattern) {
-  const escape = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-  let normalized = pattern;
-  normalized = normalized.replace(/\/\*\*\//g, "<GLOBSTAR>");
-  normalized = normalized.replace(/^\*\*\//, "<GLOBSTAR_PREFIX>");
-  normalized = normalized.replace(/\/\*\*$/, "<GLOBSTAR_SUFFIX>");
-  normalized = normalized.replace(/^\*\*$/, "<GLOBSTAR_ALL>");
-  const regexStr = normalized.split(/(<GLOBSTAR(?:_PREFIX|_SUFFIX|_ALL)?>)/).map((part) => {
-    if (part === "<GLOBSTAR>")
-      return "/(?:.+/)?";
-    if (part === "<GLOBSTAR_PREFIX>")
-      return "(?:.+/)?";
-    if (part === "<GLOBSTAR_SUFFIX>")
-      return "(?:/.*)?";
-    if (part === "<GLOBSTAR_ALL>")
-      return ".*";
-    return part.split("*").map(escape).join("[^/]*");
-  }).join("");
-  const regex = new RegExp(`^${regexStr}$`);
-  return (path) => regex.test(path);
-}
-function matchGlob(pattern, path) {
-  return createGlobMatcher(pattern)(path);
-}
-async function resolvePatterns(ops, patterns) {
-  const files = new Set;
-  for (const pattern of patterns) {
-    if (isGlob(pattern)) {
-      const result = await ops.glob(pattern);
-      if (!result.ok) {
-        return err(result.error);
-      }
-      for (const match of result.value) {
-        const statResult = await ops.stat(match);
-        if (statResult.ok && !statResult.value.isDirectory) {
-          files.add(match);
-        }
-      }
-    } else {
-      files.add(pattern);
-    }
-  }
-  return ok([...files].sort());
-}
-
-// ../core/src/system-ops-mock.ts
 class MockSystemOps {
   workspace;
   files = new Map;
@@ -4175,10 +4119,21 @@ class MockSystemOps {
   ops = [];
   failingExecs = new Set;
   failingDeletes = new Set;
+  failingStats = new Set;
+  failingHashes = new Set;
+  failingListDirs = new Set;
+  failingReads = new Set;
   execCallCounts = new Map;
   execFailOnCall = new Map;
   constructor(workspace) {
     this.workspace = workspace;
+    this.files.set(workspace, {
+      content: "",
+      owner: "root",
+      group: "root",
+      mode: "755",
+      isDirectory: true
+    });
   }
   resolve(path) {
     return resolve(this.workspace, path);
@@ -4191,6 +4146,15 @@ class MockSystemOps {
       mode: opts.mode ?? "644"
     });
   }
+  addDirectory(path, opts = {}) {
+    this.files.set(this.resolve(path), {
+      content: "",
+      owner: opts.owner ?? "unknown",
+      group: opts.group ?? "unknown",
+      mode: opts.mode ?? "755",
+      isDirectory: true
+    });
+  }
   addUser(name) {
     this.users.add(name);
   }
@@ -4204,6 +4168,9 @@ class MockSystemOps {
     return ok(this.groups.has(name));
   }
   async stat(path) {
+    if (this.failingStats.has(path)) {
+      return err({ kind: "permission_denied", path, operation: "stat" });
+    }
     const full = this.resolve(path);
     const file = this.files.get(full);
     if (!file)
@@ -4211,7 +4178,7 @@ class MockSystemOps {
     return ok({
       path,
       ownership: { user: file.owner, group: file.group, mode: file.mode },
-      isDirectory: false
+      isDirectory: file.isDirectory ?? false
     });
   }
   async chown(path, owner) {
@@ -4224,6 +4191,23 @@ class MockSystemOps {
     file.group = owner.group;
     return ok(undefined);
   }
+  async chownRecursive(path, owner) {
+    const full = this.resolve(path);
+    const file = this.files.get(full);
+    if (!file)
+      return err({ kind: "not_found", path });
+    this.ops.push({ kind: "chown", path, owner });
+    file.owner = owner.user;
+    file.group = owner.group;
+    const prefix = full + "/";
+    for (const [childPath, childFile] of this.files) {
+      if (childPath.startsWith(prefix)) {
+        childFile.owner = owner.user;
+        childFile.group = owner.group;
+      }
+    }
+    return ok(undefined);
+  }
   async chmod(path, mode) {
     const full = this.resolve(path);
     const file = this.files.get(full);
@@ -4233,7 +4217,25 @@ class MockSystemOps {
     file.mode = mode;
     return ok(undefined);
   }
+  async chmodRecursive(path, mode) {
+    const full = this.resolve(path);
+    const file = this.files.get(full);
+    if (!file)
+      return err({ kind: "not_found", path });
+    this.ops.push({ kind: "chmod", path, mode });
+    file.mode = mode;
+    const prefix = full + "/";
+    for (const [childPath, childFile] of this.files) {
+      if (childPath.startsWith(prefix)) {
+        childFile.mode = mode;
+      }
+    }
+    return ok(undefined);
+  }
   async readFile(path) {
+    if (this.failingReads.has(path)) {
+      return err({ kind: "permission_denied", path, operation: "read" });
+    }
     const full = this.resolve(path);
     const file = this.files.get(full);
     if (!file)
@@ -4256,14 +4258,26 @@ class MockSystemOps {
   async mkdir(path) {
     const full = this.resolve(path);
     if (!this.files.has(full)) {
-      this.files.set(full, { content: "", owner: "root", group: "root", mode: "755" });
+      this.files.set(full, {
+        content: "",
+        owner: "root",
+        group: "root",
+        mode: "755",
+        isDirectory: true
+      });
     }
     const parts = path.split("/");
     for (let i = 1;i < parts.length; i++) {
       const parent = parts.slice(0, i).join("/");
       const parentFull = this.resolve(parent);
       if (!this.files.has(parentFull)) {
-        this.files.set(parentFull, { content: "", owner: "root", group: "root", mode: "755" });
+        this.files.set(parentFull, {
+          content: "",
+          owner: "root",
+          group: "root",
+          mode: "755",
+          isDirectory: true
+        });
       }
     }
     return ok(undefined);
@@ -4292,6 +4306,9 @@ class MockSystemOps {
     return ok(undefined);
   }
   async hashFile(path) {
+    if (this.failingHashes.has(path)) {
+      return err({ kind: "io_error", path, message: "simulated hash failure" });
+    }
     const full = this.resolve(path);
     const file = this.files.get(full);
     if (!file)
@@ -4300,18 +4317,37 @@ class MockSystemOps {
     hash.update(file.content);
     return ok(hash.digest("hex"));
   }
-  async glob(pattern) {
-    const prefix = this.workspace + "/";
-    const matches = [];
-    for (const fullPath of this.files.keys()) {
-      if (!fullPath.startsWith(prefix))
-        continue;
-      const relPath = fullPath.slice(prefix.length);
-      if (matchGlob(pattern, relPath)) {
-        matches.push(relPath);
+  async chmodDirectoryTree(path, modes) {
+    const full = this.resolve(path);
+    const dir = this.files.get(full);
+    if (!dir)
+      return err({ kind: "not_found", path });
+    this.ops.push({ kind: "chmod", path, mode: modes.dirMode });
+    dir.mode = modes.dirMode;
+    const prefix = full + "/";
+    for (const [childPath, childFile] of this.files) {
+      if (childPath.startsWith(prefix)) {
+        childFile.mode = childFile.isDirectory ? modes.dirMode : modes.fileMode;
+      }
+    }
+    return ok(undefined);
+  }
+  async listDir(path) {
+    if (this.failingListDirs.has(path)) {
+      return err({ kind: "permission_denied", path, operation: "listDir" });
+    }
+    const full = this.resolve(path);
+    const dir = this.files.get(full);
+    if (!dir)
+      return err({ kind: "not_found", path });
+    const prefix = full + "/";
+    const files = [];
+    for (const [childPath, childFile] of this.files) {
+      if (childPath.startsWith(prefix) && !childFile.isDirectory) {
+        files.push(childPath.slice((this.workspace + "/").length));
       }
     }
-    return ok(matches.sort());
+    return ok(files.sort());
   }
   async exec(command, args) {
     this.ops.push({ kind: "exec", command, args });
@@ -4327,8 +4363,17 @@ class MockSystemOps {
     }
     return ok(undefined);
   }
+  execCaptureResults = new Map;
+  async execCapture(command, args) {
+    this.ops.push({ kind: "exec", command, args });
+    const key = [command, ...args].join(" ");
+    if (this.failingExecs.has(key)) {
+      return err({ kind: "io_error", path: "", message: `${key} failed` });
+    }
+    return ok(this.execCaptureResults.get(key) ?? "");
+  }
 }
-// ../core/src/system-ops-node.ts
+// ../core/src/util/system-ops-node.ts
 import { resolve as resolve2, relative, dirname } from "node:path";
 import {
   stat as fsStat,
@@ -4696,34 +4741,24 @@ class NodeSystemOps {
       stream.on("error", (e) => resolve3(err(mapError(e, path, "hashFile"))));
     });
   }
-  async glob(pattern) {
+  async exec(command, args) {
+    const execFileAsync2 = promisify(execFile);
     try {
-      const fs = await import("node:fs");
-      const { promisify: promisify2 } = await import("node:util");
-      const globFn = fs.glob;
-      if (typeof globFn !== "function") {
-        return err({
-          kind: "io_error",
-          path: pattern,
-          message: "fs.glob requires Node.js 22+"
-        });
-      }
-      const globAsync = promisify2(globFn);
-      const matches = await globAsync(pattern, { cwd: this.workspace });
-      return ok([...matches].sort());
+      await execFileAsync2(command, args, { cwd: this.workspace });
+      return ok(undefined);
     } catch (e) {
       return err({
         kind: "io_error",
-        path: pattern,
-        message: `glob: ${e instanceof Error ? e.message : String(e)}`
+        path: this.workspace,
+        message: `exec ${command}: ${e instanceof Error ? e.message : String(e)}`
       });
     }
   }
-  async exec(command, args) {
+  async execCapture(command, args) {
     const execFileAsync2 = promisify(execFile);
     try {
-      await execFileAsync2(command, args, { cwd: this.workspace });
-      return ok(undefined);
+      const { stdout } = await execFileAsync2(command, args, { cwd: this.workspace });
+      return ok(stdout);
     } catch (e) {
       return err({
         kind: "io_error",
@@ -4732,66 +4767,449 @@ class NodeSystemOps {
       });
     }
   }
+  async chownRecursive(path, owner) {
+    const resolved = this.resolvePath(path);
+    if (!resolved.ok)
+      return resolved;
+    try {
+      await execFileAsync("chown", ["-R", `${owner.user}:${owner.group}`, resolved.value]);
+      return ok(undefined);
+    } catch (e) {
+      return err(mapError(e, path, "chownRecursive"));
+    }
+  }
+  async chmodRecursive(path, mode) {
+    const resolved = this.resolvePath(path);
+    if (!resolved.ok)
+      return resolved;
+    try {
+      await execFileAsync("chmod", ["-R", mode, resolved.value]);
+      return ok(undefined);
+    } catch (e) {
+      return err(mapError(e, path, "chmodRecursive"));
+    }
+  }
+  async chmodDirectoryTree(path, modes) {
+    const resolved = this.resolvePath(path);
+    if (!resolved.ok)
+      return resolved;
+    try {
+      await execFileAsync("find", [
+        resolved.value,
+        "-type",
+        "f",
+        "-exec",
+        "chmod",
+        modes.fileMode,
+        "{}",
+        "+"
+      ]);
+      await execFileAsync("find", [
+        resolved.value,
+        "-type",
+        "d",
+        "-exec",
+        "chmod",
+        modes.dirMode,
+        "{}",
+        "+"
+      ]);
+      return ok(undefined);
+    } catch (e) {
+      return err(mapError(e, path, "chmodDirectoryTree"));
+    }
+  }
+  async listDir(path) {
+    const resolved = this.resolvePath(path);
+    if (!resolved.ok)
+      return resolved;
+    try {
+      const { stdout } = await execFileAsync("find", [resolved.value, "-type", "f"]);
+      const files = stdout.trim().split(`
+`).filter((f) => f.length > 0).map((f) => relative(this.workspace, f)).sort();
+      return ok(files);
+    } catch (e) {
+      return err(mapError(e, path, "listDir"));
+    }
+  }
 }
-// ../core/src/status.ts
-async function status(options) {
-  const { config, expectedVaultOwnership, expectedLedgerOwnership, ops } = options;
-  const [vaultResult, ledgerResult] = await Promise.all([
-    resolvePatterns(ops, config.vault),
-    resolvePatterns(ops, config.ledger)
-  ]);
-  if (!vaultResult.ok)
-    return vaultResult;
-  if (!ledgerResult.ok)
-    return ledgerResult;
-  const vaultPaths = vaultResult.value;
-  const ledgerPaths = ledgerResult.value;
-  const [vault, ledger] = await Promise.all([
-    Promise.all(vaultPaths.map((path) => checkPath(path, "vault", expectedVaultOwnership, ops))),
-    Promise.all(ledgerPaths.map((path) => checkPath(path, "ledger", expectedLedgerOwnership, ops)))
-  ]);
-  const issues = [...vault, ...ledger].filter((f) => f.status !== "ok");
-  return ok({ vault, ledger, issues });
-}
-async function checkPath(filePath, tier, expectedOwnership, ops) {
-  const infoResult = await getFileInfo(filePath, ops);
-  if (!infoResult.ok) {
-    if (infoResult.error.kind === "not_found") {
-      return { tier, status: "missing", path: filePath };
-    }
-    return { tier, status: "error", path: filePath, error: infoResult.error };
-  }
-  const file = infoResult.value;
-  const issues = [];
-  if (file.ownership.user !== expectedOwnership.user) {
-    issues.push({
-      kind: "wrong_owner",
-      expected: expectedOwnership.user,
-      actual: file.ownership.user
+// ../core/src/sdk/state.ts
+import { createHash as createHash2 } from "node:crypto";
+
+// ../core/src/sdk/staging.ts
+import { join } from "node:path";
+var STAGING_DIR = ".soulguard-staging";
+function stagingPath(filePath) {
+  return join(STAGING_DIR, filePath);
+}
+function isStagingPath(filePath) {
+  return filePath === STAGING_DIR || filePath.startsWith(STAGING_DIR + "/");
+}
+var DELETE_SENTINEL = { __soulguard_delete_sentinel__: true };
+function isDeleteSentinel(content) {
+  try {
+    const parsed = JSON.parse(content);
+    return parsed != null && parsed.__soulguard_delete_sentinel__ === true;
+  } catch {
+    return false;
+  }
+}
+
+// ../core/src/util/constants.ts
+var SOULGUARD_GROUP = "soulguard";
+function getProtectOwnership(guardian) {
+  return { user: guardian, group: SOULGUARD_GROUP, mode: "444" };
+}
+function guardianName(agentUser) {
+  return `soulguardian_${agentUser}`;
+}
+function makeDefaultConfig(guardian) {
+  return {
+    version: 1,
+    guardian,
+    files: {
+      "soulguard.json": "protect"
+    }
+  };
+}
+
+// ../core/src/sdk/state.ts
+var PROTECT_DIR_MODE = "555";
+
+class StateTreeBuildError extends Error {
+  constructor(error) {
+    super(`Failed to build state tree: ${error.message}`);
+    this.name = "StateTreeBuildError";
+  }
+}
+
+class StateTree {
+  entities;
+  config;
+  protectOwnership;
+  constructor(entities, config, protectOwnership) {
+    this.entities = entities;
+    this.config = config;
+    this.protectOwnership = protectOwnership;
+  }
+  static async buildOrThrow(options) {
+    const result = await StateTree.build(options);
+    if (!result.ok)
+      throw new StateTreeBuildError(result.error);
+    return result.value;
+  }
+  static async build(options) {
+    const { ops, config } = options;
+    const protectOwnership = getProtectOwnership(config.guardian);
+    const entities = [];
+    for (const [key, tier] of Object.entries(config.files)) {
+      let isDir = key.endsWith("/");
+      const path = isDir ? key.slice(0, -1) : key;
+      if (!isDir) {
+        const statResult = await ops.stat(path);
+        if (statResult.ok && statResult.value.isDirectory) {
+          isDir = true;
+        }
+      }
+      if (isDir) {
+        const result = await buildDirectory(ops, path, tier);
+        if (!result.ok)
+          return result;
+        if (result.value)
+          entities.push(result.value);
+      } else {
+        const result = await buildFile(ops, key, tier);
+        if (!result.ok)
+          return result;
+        if (result.value)
+          entities.push(result.value);
+      }
+    }
+    return ok(new StateTree(entities, config, protectOwnership));
+  }
+  flatFiles() {
+    return collectFiles(this.entities);
+  }
+  get approvalHash() {
+    const changed = this.changedFiles();
+    if (changed.length === 0)
+      return null;
+    const sorted = [...changed].sort((a, b) => a.path.localeCompare(b.path));
+    const hasher = createHash2("sha256");
+    for (const file of sorted) {
+      hasher.update(file.path);
+      hasher.update(file.status);
+      hasher.update(file.canonicalHash ?? "null");
+      hasher.update(file.stagedHash ?? "null");
+    }
+    return hasher.digest("hex");
+  }
+  changedFiles() {
+    return this.flatFiles().filter((f) => f.status !== "unchanged");
+  }
+  stagedFiles() {
+    return this.flatFiles().filter((f) => f.stagedHash !== null || f.status === "deleted");
+  }
+  driftedEntities() {
+    return collectDrifts(this.entities, this.protectOwnership);
+  }
+}
+function collectFiles(entities) {
+  const files = [];
+  for (const entity of entities) {
+    if (entity.kind === "file") {
+      files.push(entity);
+    } else {
+      files.push(...collectFiles(entity.children));
+    }
+  }
+  return files;
+}
+function collectDrifts(entities, protectOwnership) {
+  const drifts = [];
+  for (const entity of entities) {
+    if (entity.configTier === "protect" && entity.ownership) {
+      const details = [];
+      const expectedMode = entity.kind === "directory" ? PROTECT_DIR_MODE : protectOwnership.mode;
+      if (entity.ownership.user !== protectOwnership.user) {
+        details.push({
+          kind: "wrong_owner",
+          expected: protectOwnership.user,
+          actual: entity.ownership.user
+        });
+      }
+      if (entity.ownership.group !== protectOwnership.group) {
+        details.push({
+          kind: "wrong_group",
+          expected: protectOwnership.group,
+          actual: entity.ownership.group
+        });
+      }
+      if (entity.ownership.mode !== expectedMode) {
+        details.push({ kind: "wrong_mode", expected: expectedMode, actual: entity.ownership.mode });
+      }
+      if (details.length > 0) {
+        drifts.push({ entity, details });
+      }
+    }
+    if (entity.kind === "directory") {
+      drifts.push(...collectDrifts(entity.children, protectOwnership));
+    }
+  }
+  return drifts;
+}
+async function buildFile(ops, path, tier) {
+  const statResult = await ops.stat(path);
+  let diskExists = false;
+  let ownership = null;
+  if (statResult.ok) {
+    diskExists = true;
+    ownership = statResult.value.ownership;
+  } else if (statResult.error.kind !== "not_found") {
+    return err({
+      kind: "build_failed",
+      message: `stat failed for ${path}: ${statResult.error.kind}`
+    });
+  }
+  let canonicalHash = null;
+  if (diskExists) {
+    const hashResult = await ops.hashFile(path);
+    if (!hashResult.ok) {
+      return err({
+        kind: "build_failed",
+        message: `hash failed for ${path}: ${hashResult.error.kind}`
+      });
+    }
+    canonicalHash = hashResult.value;
+  }
+  const staged = stagingPath(path);
+  const stagedExists = await ops.exists(staged);
+  if (!stagedExists.ok) {
+    return err({
+      kind: "build_failed",
+      message: `exists check failed for ${staged}: ${stagedExists.error.kind}`
     });
   }
-  if (file.ownership.group !== expectedOwnership.group) {
-    issues.push({
-      kind: "wrong_group",
-      expected: expectedOwnership.group,
-      actual: file.ownership.group
+  let stagedHash = null;
+  let isDelete = false;
+  if (stagedExists.value) {
+    const content = await ops.readFile(staged);
+    if (!content.ok) {
+      return err({
+        kind: "build_failed",
+        message: `read failed for ${staged}: ${content.error.kind}`
+      });
+    }
+    if (isDeleteSentinel(content.value)) {
+      isDelete = true;
+    } else {
+      const hashResult = await ops.hashFile(staged);
+      if (!hashResult.ok) {
+        return err({
+          kind: "build_failed",
+          message: `hash failed for ${staged}: ${hashResult.error.kind}`
+        });
+      }
+      stagedHash = hashResult.value;
+    }
+  }
+  if (!diskExists && !stagedExists.value) {
+    return ok(null);
+  }
+  let status;
+  if (isDelete) {
+    status = "deleted";
+  } else if (!diskExists) {
+    status = "created";
+  } else if (stagedHash === null) {
+    status = "unchanged";
+  } else if (stagedHash === canonicalHash) {
+    status = "unchanged";
+  } else {
+    status = "modified";
+  }
+  return ok({
+    kind: "file",
+    path,
+    configTier: tier,
+    ownership: ownership ? { user: ownership.user, group: ownership.group, mode: ownership.mode } : null,
+    canonicalHash,
+    stagedHash,
+    status
+  });
+}
+async function buildDirectory(ops, dirPath, tier) {
+  const statResult = await ops.stat(dirPath);
+  let diskExists = false;
+  let ownership = null;
+  if (statResult.ok) {
+    if (statResult.value.isDirectory) {
+      diskExists = true;
+      ownership = statResult.value.ownership;
+    }
+  } else if (statResult.error.kind !== "not_found") {
+    return err({
+      kind: "build_failed",
+      message: `stat failed for ${dirPath}: ${statResult.error.kind}`
     });
   }
-  if (file.ownership.mode !== expectedOwnership.mode) {
-    issues.push({
-      kind: "wrong_mode",
-      expected: expectedOwnership.mode,
-      actual: file.ownership.mode
+  const staged = stagingPath(dirPath);
+  const stagedStat = await ops.stat(staged);
+  let dirDelete = false;
+  if (stagedStat.ok && !stagedStat.value.isDirectory) {
+    const content = await ops.readFile(staged);
+    if (!content.ok) {
+      return err({
+        kind: "build_failed",
+        message: `read failed for ${staged}: ${content.error.kind}`
+      });
+    }
+    if (isDeleteSentinel(content.value)) {
+      dirDelete = true;
+    }
+  } else if (!stagedStat.ok && stagedStat.error.kind !== "not_found") {
+    return err({
+      kind: "build_failed",
+      message: `stat failed for ${staged}: ${stagedStat.error.kind}`
     });
   }
-  if (issues.length === 0) {
-    return { tier, status: "ok", file };
+  if (!diskExists && !dirDelete) {
+    const stagedDirExists = stagedStat.ok && stagedStat.value.isDirectory;
+    if (!stagedDirExists)
+      return ok(null);
+  }
+  const children = [];
+  const diskChildren = new Set;
+  if (diskExists) {
+    const listResult = await ops.listDir(dirPath);
+    if (!listResult.ok) {
+      return err({
+        kind: "build_failed",
+        message: `listDir failed for ${dirPath}: ${listResult.error.kind}`
+      });
+    }
+    for (const childPath of listResult.value) {
+      diskChildren.add(childPath);
+    }
+  }
+  const stagedChildren = new Set;
+  if (!dirDelete) {
+    if (stagedStat.ok && stagedStat.value.isDirectory) {
+      const stagedList = await ops.listDir(staged);
+      if (!stagedList.ok) {
+        return err({
+          kind: "build_failed",
+          message: `listDir failed for ${staged}: ${stagedList.error.kind}`
+        });
+      }
+      for (const stagedChildPath of stagedList.value) {
+        const canonical = stagedChildPath.slice(STAGING_DIR.length + 1);
+        stagedChildren.add(canonical);
+      }
+    }
+  }
+  const allChildren = new Set([...diskChildren, ...stagedChildren]);
+  for (const childPath of [...allChildren].sort()) {
+    if (dirDelete) {
+      const childStat = await ops.stat(childPath);
+      let childOwnership = null;
+      let childHash = null;
+      if (childStat.ok) {
+        childOwnership = {
+          user: childStat.value.ownership.user,
+          group: childStat.value.ownership.group,
+          mode: childStat.value.ownership.mode
+        };
+        const hashResult = await ops.hashFile(childPath);
+        if (!hashResult.ok) {
+          return err({
+            kind: "build_failed",
+            message: `hash failed for ${childPath}: ${hashResult.error.kind}`
+          });
+        }
+        childHash = hashResult.value;
+      } else if (childStat.error.kind !== "not_found") {
+        return err({
+          kind: "build_failed",
+          message: `stat failed for ${childPath}: ${childStat.error.kind}`
+        });
+      }
+      children.push({
+        kind: "file",
+        path: childPath,
+        configTier: tier,
+        ownership: childOwnership,
+        canonicalHash: childHash,
+        stagedHash: null,
+        status: "deleted"
+      });
+    } else {
+      const childResult = await buildFile(ops, childPath, tier);
+      if (!childResult.ok)
+        return childResult;
+      if (childResult.value)
+        children.push(childResult.value);
+    }
   }
-  return { tier, status: "drifted", file, issues };
+  if (!diskExists && children.length === 0)
+    return ok(null);
+  return ok({
+    kind: "directory",
+    path: dirPath,
+    configTier: tier,
+    ownership: ownership ? { user: ownership.user, group: ownership.group, mode: ownership.mode } : null,
+    deleted: dirDelete,
+    children
+  });
+}
+// ../core/src/sdk/status.ts
+async function status(opts) {
+  const { tree } = opts;
+  return ok({
+    changed: tree.changedFiles(),
+    drifts: tree.driftedEntities()
+  });
 }
-// ../core/src/diff.ts
-import { createHash as createHash2 } from "node:crypto";
-
 // ../../node_modules/.bun/diff@8.0.3/node_modules/diff/libesm/diff/base.js
 class Diff {
   diff(oldStr, newStr, options = {}) {
@@ -5600,148 +6018,118 @@ function splitLines(text) {
   return result;
 }
 
-// ../core/src/diff.ts
-var STAGING_DIR = ".soulguard/staging";
+// ../core/src/sdk/diff.ts
 async function diff(options) {
-  const { ops, config, files: filterFiles } = options;
-  const stagingExists = await ops.exists(STAGING_DIR);
-  if (!stagingExists.ok) {
-    return err({ kind: "read_failed", path: STAGING_DIR, message: stagingExists.error.message });
-  }
-  if (!stagingExists.value) {
-    return err({ kind: "no_staging" });
-  }
-  const resolved = await resolvePatterns(ops, config.vault);
-  if (!resolved.ok) {
-    return err({ kind: "read_failed", path: "glob", message: resolved.error.message });
-  }
-  let vaultFiles = resolved.value;
+  const { tree, ops, files: filterFiles } = options;
+  let changed = tree.changedFiles();
   if (filterFiles && filterFiles.length > 0) {
     const filterSet = new Set(filterFiles);
-    vaultFiles = vaultFiles.filter((p) => filterSet.has(p));
-  }
-  const fileDiffs = [];
-  for (const path of vaultFiles) {
-    const stagingPath = `${STAGING_DIR}/${path}`;
-    const [vaultExists, stagingFileExists] = await Promise.all([
-      ops.exists(path),
-      ops.exists(stagingPath)
-    ]);
-    if (!vaultExists.ok) {
-      return err({ kind: "read_failed", path, message: vaultExists.error.message });
-    }
-    if (!stagingFileExists.ok) {
-      return err({
-        kind: "read_failed",
-        path: stagingPath,
-        message: stagingFileExists.error.message
-      });
-    }
-    if (vaultExists.value && !stagingFileExists.value) {
-      const vaultHash2 = await ops.hashFile(path);
-      fileDiffs.push({
-        path,
-        status: "deleted",
-        protectedHash: vaultHash2.ok ? vaultHash2.value : undefined
-      });
-      continue;
-    }
-    if (!vaultExists.value && stagingFileExists.value) {
-      const newHash = await ops.hashFile(stagingPath);
-      fileDiffs.push({
-        path,
-        status: "vault_missing",
-        stagedHash: newHash.ok ? newHash.value : undefined
-      });
-      continue;
-    }
-    if (!vaultExists.value && !stagingFileExists.value) {
-      fileDiffs.push({ path, status: "staging_missing" });
-      continue;
-    }
-    const [vaultHash, stagingHash] = await Promise.all([
-      ops.hashFile(path),
-      ops.hashFile(stagingPath)
-    ]);
-    if (!vaultHash.ok) {
-      return err({ kind: "read_failed", path, message: "hash failed" });
-    }
-    if (!stagingHash.ok) {
-      return err({ kind: "read_failed", path: stagingPath, message: "hash failed" });
-    }
-    if (vaultHash.value === stagingHash.value) {
-      fileDiffs.push({
-        path,
-        status: "unchanged",
-        protectedHash: vaultHash.value,
-        stagedHash: stagingHash.value
-      });
-      continue;
-    }
-    const [vaultContent, stagingContent] = await Promise.all([
-      ops.readFile(path),
-      ops.readFile(stagingPath)
-    ]);
-    if (!vaultContent.ok) {
-      return err({ kind: "read_failed", path, message: "read failed" });
-    }
-    if (!stagingContent.ok) {
-      return err({ kind: "read_failed", path: stagingPath, message: "read failed" });
-    }
-    const unifiedDiff = createTwoFilesPatch(`a/${path}`, `b/${path}`, vaultContent.value, stagingContent.value);
-    fileDiffs.push({
-      path,
-      status: "modified",
-      diff: unifiedDiff,
-      protectedHash: vaultHash.value,
-      stagedHash: stagingHash.value
-    });
+    changed = changed.filter((f) => filterSet.has(f.path));
   }
-  const hasChanges = fileDiffs.some((f) => f.status !== "unchanged");
-  let approvalHash;
-  if (hasChanges) {
-    approvalHash = computeApprovalHash(fileDiffs);
+  const files = [];
+  for (const sf of changed) {
+    const diffText = await generateDiff(ops, sf);
+    if (!diffText.ok)
+      return diffText;
+    files.push({ file: sf, diff: diffText.value });
   }
-  return ok({ files: fileDiffs, hasChanges, approvalHash });
+  return ok({
+    files,
+    hasChanges: files.length > 0,
+    approvalHash: tree.approvalHash ?? undefined
+  });
 }
-function computeApprovalHash(files) {
-  const actionable = files.filter((f) => (f.status === "modified" || f.status === "vault_missing") && f.stagedHash || f.status === "deleted").sort((a, b) => a.path.localeCompare(b.path));
-  const hash = createHash2("sha256");
-  for (const f of actionable) {
-    if (f.status === "deleted") {
-      hash.update(`${f.path}\x00DELETED\x00${f.protectedHash ?? ""}\x00`);
-    } else {
-      hash.update(`${f.path}\x00${f.stagedHash}\x00`);
+async function generateDiff(ops, sf) {
+  let oldContent = "";
+  let newContent = "";
+  if (sf.status !== "created") {
+    const result = await ops.readFile(sf.path);
+    if (!result.ok) {
+      return err({ kind: "build_failed", message: `read failed for ${sf.path}` });
+    }
+    oldContent = result.value;
+  }
+  if (sf.status !== "deleted") {
+    const result = await ops.readFile(stagingPath(sf.path));
+    if (!result.ok) {
+      return err({ kind: "build_failed", message: `read failed for ${stagingPath(sf.path)}` });
     }
+    newContent = result.value;
+  }
+  const oldName = sf.status === "created" ? "/dev/null" : `a/${sf.path}`;
+  const newName = sf.status === "deleted" ? "/dev/null" : `b/${sf.path}`;
+  return ok(createTwoFilesPatch(oldName, newName, oldContent, newContent));
+}
+// ../core/src/sdk/config.ts
+function patternsForTier(config, tier) {
+  return Object.entries(config.files).filter(([, t]) => t === tier).map(([pattern]) => pattern);
+}
+function protectPatterns(config) {
+  return patternsForTier(config, "protect");
+}
+function watchPatterns(config) {
+  return patternsForTier(config, "watch");
+}
+async function readConfig(ops) {
+  const exists = await ops.exists("soulguard.json");
+  if (!exists.ok) {
+    return err({ kind: "io_error", message: exists.error.message });
+  }
+  if (!exists.value) {
+    return err({ kind: "not_found" });
+  }
+  const raw = await ops.readFile("soulguard.json");
+  if (!raw.ok) {
+    return err({ kind: "io_error", message: raw.error.kind });
   }
-  return hash.digest("hex");
+  try {
+    return ok(parseConfig(JSON.parse(raw.value)));
+  } catch (e) {
+    return err({
+      kind: "parse_failed",
+      message: e instanceof Error ? e.message : String(e)
+    });
+  }
+}
+async function writeConfig(ops, config) {
+  const content = JSON.stringify(config, null, 2) + `
+`;
+  const result = await ops.writeFile("soulguard.json", content);
+  if (!result.ok) {
+    return err({ kind: "config_write_failed", message: result.error.kind });
+  }
+  return ok(undefined);
 }
-// ../core/src/git.ts
+
+// ../core/src/util/git.ts
+var GIT_DIR = ".soulguard/.git";
+var GIT_ARGS = ["--git-dir", GIT_DIR, "--work-tree", "."];
 async function isGitEnabled(ops, config) {
   if (config.git === false)
     return false;
-  const gitExists = await ops.exists(".git");
+  const gitExists = await ops.exists(GIT_DIR);
   return gitExists.ok && gitExists.value;
 }
 async function gitCommit(ops, files, message) {
   if (files.length === 0) {
     return ok({ committed: false, reason: "no_files" });
   }
-  const preCheck = await ops.exec("git", ["diff", "--cached", "--quiet"]);
+  const preCheck = await ops.exec("git", [...GIT_ARGS, "diff", "--cached", "--quiet"]);
   if (!preCheck.ok) {
     return ok({ committed: false, reason: "dirty_staging" });
   }
   for (const file of files) {
-    const result = await ops.exec("git", ["add", "--", file]);
+    const result = await ops.exec("git", [...GIT_ARGS, "add", "--", file]);
     if (!result.ok) {
       return err({ kind: "git_error", message: `git add ${file}: ${result.error.message}` });
     }
   }
-  const diffResult = await ops.exec("git", ["diff", "--cached", "--quiet"]);
+  const diffResult = await ops.exec("git", [...GIT_ARGS, "diff", "--cached", "--quiet"]);
   if (diffResult.ok) {
     return ok({ committed: false, reason: "nothing_staged" });
   }
   const commitResult = await ops.exec("git", [
+    ...GIT_ARGS,
     "commit",
     "--author",
     "SoulGuardian <soulguardian@soulguard.ai>",
@@ -5753,9 +6141,9 @@ async function gitCommit(ops, files, message) {
   }
   return ok({ committed: true, message, files });
 }
-function vaultCommitMessage(files, approvalMessage) {
+function protectCommitMessage(files, approvalMessage) {
   const fileList = files.join(", ");
-  const base = `soulguard: vault update — ${fileList}`;
+  const base = `soulguard: protect update — ${fileList}`;
   if (approvalMessage) {
     return `${base}
 
@@ -5763,41 +6151,23 @@ ${approvalMessage}`;
   }
   return base;
 }
-function ledgerCommitMessage() {
-  return "soulguard: ledger sync";
-}
-async function commitLedgerFiles(ops, config) {
-  if (!await isGitEnabled(ops, config)) {
-    return ok({ committed: false, reason: "git_disabled" });
-  }
-  const resolved = await resolvePatterns(ops, config.ledger);
-  if (!resolved.ok) {
-    return err({ kind: "git_error", message: `glob failed: ${resolved.error.message}` });
-  }
-  const ledgerFiles = resolved.value;
-  if (ledgerFiles.length === 0) {
-    return ok({ committed: false, reason: "no_files" });
-  }
-  return gitCommit(ops, ledgerFiles, ledgerCommitMessage());
-}
 
-// ../core/src/sync.ts
+// ../core/src/sdk/sync.ts
 async function sync(options) {
-  const { ops } = options;
-  const beforeResult = await status(options);
-  if (!beforeResult.ok)
-    return beforeResult;
-  const before = beforeResult.value;
+  const { tree, ops, config } = options;
+  const drifts = tree.driftedEntities();
   const errors2 = [];
-  for (const issue of before.issues) {
-    if (issue.status !== "drifted")
+  for (const drift of drifts) {
+    if (drift.entity.configTier !== "protect")
       continue;
-    const expectedOwnership = issue.tier === "vault" ? options.expectedVaultOwnership : options.expectedLedgerOwnership;
-    const path = issue.file.path;
-    const needsChown = issue.issues.some((i) => i.kind === "wrong_owner" || i.kind === "wrong_group");
-    const needsChmod = issue.issues.some((i) => i.kind === "wrong_mode");
+    const path = drift.entity.path;
+    const needsChown = drift.details.some((i) => i.kind === "wrong_owner" || i.kind === "wrong_group");
+    const needsChmod = drift.details.some((i) => i.kind === "wrong_mode");
     if (needsChown) {
-      const { user, group } = expectedOwnership;
+      const ownerIssue = drift.details.find((i) => i.kind === "wrong_owner");
+      const groupIssue = drift.details.find((i) => i.kind === "wrong_group");
+      const user = ownerIssue ? ownerIssue.expected : drift.entity.ownership.user;
+      const group = groupIssue ? groupIssue.expected : drift.entity.ownership.group;
       const result = await ops.chown(path, { user, group });
       if (!result.ok) {
         errors2.push({ path, operation: "chown", error: result.error });
@@ -5805,27 +6175,19 @@ async function sync(options) {
       }
     }
     if (needsChmod) {
-      const result = await ops.chmod(path, expectedOwnership.mode);
+      const modeIssue = drift.details.find((i) => i.kind === "wrong_mode");
+      const result = await ops.chmod(path, modeIssue.expected);
       if (!result.ok) {
         errors2.push({ path, operation: "chmod", error: result.error });
-        continue;
       }
     }
   }
-  const afterResult = await status(options);
-  if (!afterResult.ok)
-    return afterResult;
-  const after = afterResult.value;
+  if (errors2.length > 0) {
+    return ok({ drifts, errors: errors2, git: undefined });
+  }
   let git;
-  if (await isGitEnabled(ops, options.config)) {
-    const [vaultResolved, ledgerResolved] = await Promise.all([
-      resolvePatterns(ops, options.config.vault),
-      resolvePatterns(ops, options.config.ledger)
-    ]);
-    const allFiles = [
-      ...vaultResolved.ok ? vaultResolved.value : [],
-      ...ledgerResolved.ok ? ledgerResolved.value : []
-    ];
+  if (await isGitEnabled(ops, config)) {
+    const allFiles = [...protectPatterns(config), ...watchPatterns(config)];
     if (allFiles.length > 0) {
       const gitResult = await gitCommit(ops, allFiles, "soulguard: sync");
       if (gitResult.ok) {
@@ -5833,20 +6195,9 @@ async function sync(options) {
       }
     }
   }
-  return ok({ before, after, errors: errors2, git });
+  return ok({ drifts, errors: errors2, git });
 }
-// ../core/src/constants.ts
-var IDENTITY = { user: "soulguardian", group: "soulguard" };
-var VAULT_OWNERSHIP = {
-  user: IDENTITY.user,
-  group: IDENTITY.group,
-  mode: "444"
-};
-var DEFAULT_CONFIG = {
-  vault: ["soulguard.json"],
-  ledger: []
-};
-// ../core/src/console-live.ts
+// ../core/src/util/console-live.ts
 var import_picocolors = __toESM(require_picocolors(), 1);
 
 class LiveConsoleOutput {
@@ -5869,7 +6220,7 @@ class LiveConsoleOutput {
     console.log(import_picocolors.default.bold(text));
   }
 }
-// ../core/src/policy.ts
+// ../core/src/sdk/policy.ts
 function validatePolicies(policies) {
   const seen = new Set;
   const duplicates = [];
@@ -5897,7 +6248,7 @@ async function evaluatePolicies(policies, ctx) {
   }
   return ok(undefined);
 }
-// ../core/src/self-protection.ts
+// ../core/src/sdk/self-protection.ts
 function validateSelfProtection(pendingContents, deletedFiles = []) {
   if (deletedFiles.some((f) => f.path === "soulguard.json")) {
     return err({
@@ -5928,64 +6279,54 @@ function validateSelfProtection(pendingContents, deletedFiles = []) {
   }
   return ok(undefined);
 }
-// ../core/src/approve.ts
-async function approve(options) {
-  const { ops, config, hash, vaultOwnership, policies } = options;
+// ../core/src/sdk/apply.ts
+import { dirname as dirname2 } from "node:path";
+function collectParentDirs(prefix, paths) {
+  const dirs = new Set;
+  for (const p of paths) {
+    const parent = dirname2(`${prefix}/${p}`);
+    if (parent !== prefix) {
+      dirs.add(parent);
+    }
+  }
+  return [...dirs].sort();
+}
+async function apply(options) {
+  const { ops, tree, hash, policies } = options;
+  const protectOwnership = tree.protectOwnership;
   if (policies && policies.length > 0) {
     const validation = validatePolicies(policies);
     if (!validation.ok) {
       return err(validation.error);
     }
   }
-  const diffResult = await diff({ ops, config });
-  if (!diffResult.ok) {
-    return err({ kind: "diff_failed", message: diffResult.error.kind });
+  const changedFiles = tree.changedFiles();
+  if (changedFiles.length === 0) {
+    return ok({ appliedFiles: [] });
   }
-  if (!diffResult.value.hasChanges) {
-    return err({ kind: "no_changes" });
-  }
-  const changedFiles = diffResult.value.files.filter((f) => f.status === "modified" || f.status === "vault_missing" || f.status === "deleted");
-  await ops.mkdir(".soulguard/pending");
-  for (const file of changedFiles.filter((f) => f.status !== "deleted")) {
-    const copyResult = await ops.copyFile(`.soulguard/staging/${file.path}`, `.soulguard/pending/${file.path}`);
-    if (!copyResult.ok) {
-      await cleanupPending(ops, changedFiles);
-      return err({ kind: "apply_failed", message: `Cannot copy staging/${file.path} to pending` });
+  if (hash) {
+    if (tree.approvalHash !== hash) {
+      return err({
+        kind: "hash_mismatch",
+        message: `Expected hash ${hash} but got hash ${tree.approvalHash}`
+      });
     }
   }
-  const chownPending = await ops.chown(".soulguard/pending", vaultOwnership);
-  if (!chownPending.ok) {
-    await cleanupPending(ops, changedFiles);
-    return err({ kind: "apply_failed", message: "Cannot protect pending directory" });
-  }
-  const pendingHash = await computePendingHash(ops, changedFiles);
-  if (!pendingHash.ok) {
-    await cleanupPending(ops, changedFiles);
-    return err({ kind: "apply_failed", message: pendingHash.error });
-  }
-  if (pendingHash.value !== hash) {
-    await cleanupPending(ops, changedFiles);
-    return err({
-      kind: "hash_mismatch",
-      message: `Expected hash ${hash} but got hash ${pendingHash.value}`
-    });
-  }
-  const pendingContents = new Map;
-  for (const file of changedFiles.filter((f) => f.status !== "deleted")) {
-    const content = await ops.readFile(`.soulguard/pending/${file.path}`);
+  const nonDeletedFiles = changedFiles.filter((f) => f.status !== "deleted");
+  const stagingContents = new Map;
+  for (const file of nonDeletedFiles) {
+    const content = await ops.readFile(stagingPath(file.path));
     if (!content.ok) {
-      await cleanupPending(ops, changedFiles);
       return err({
         kind: "apply_failed",
-        message: `Cannot read pending/${file.path}`
+        message: `Cannot read staging/${file.path}`
       });
     }
-    pendingContents.set(file.path, content.value);
+    stagingContents.set(file.path, content.value);
   }
   {
-    const selfCheck = validateSelfProtection(pendingContents, changedFiles.filter((f) => f.status === "deleted"));
+    const selfCheck = validateSelfProtection(stagingContents, changedFiles.filter((f) => f.status === "deleted"));
     if (!selfCheck.ok) {
-      await cleanupPending(ops, changedFiles);
       return err(selfCheck.error);
     }
   }
@@ -5993,103 +6334,118 @@ async function approve(options) {
     const ctx = new Map;
     for (const file of changedFiles) {
       if (file.status === "deleted") {
-        const vaultContent = await ops.readFile(file.path);
+        const protectContent = await ops.readFile(file.path);
         ctx.set(file.path, {
           final: "",
           diff: `File deleted: ${file.path}`,
-          previous: vaultContent.ok ? vaultContent.value : ""
+          previous: protectContent.ok ? protectContent.value : ""
         });
       } else {
         let previous = "";
         if (file.status === "modified") {
-          const vaultContent = await ops.readFile(file.path);
-          if (vaultContent.ok) {
-            previous = vaultContent.value;
+          const protectContent = await ops.readFile(file.path);
+          if (protectContent.ok) {
+            previous = protectContent.value;
           }
         }
-        ctx.set(file.path, {
-          final: pendingContents.get(file.path),
-          diff: file.diff ?? "",
-          previous
-        });
+        const final = stagingContents.get(file.path);
+        const diffText = file.status === "modified" ? createTwoFilesPatch(`a/${file.path}`, `b/${file.path}`, previous, final) : "";
+        ctx.set(file.path, { final, diff: diffText, previous });
       }
     }
     const policyResult = await evaluatePolicies(policies, ctx);
     if (!policyResult.ok) {
-      await cleanupPending(ops, changedFiles);
       return err(policyResult.error);
     }
   }
-  const backedUpFiles = [];
   await ops.mkdir(".soulguard/backup");
-  for (const file of changedFiles) {
-    if (file.status === "vault_missing")
-      continue;
+  const filesToBackup = changedFiles.filter((f) => f.status !== "created");
+  const backupParents = collectParentDirs(".soulguard/backup", filesToBackup.map((f) => f.path));
+  for (const dir of backupParents) {
+    await ops.mkdir(dir);
+  }
+  for (const file of filesToBackup) {
     const backupResult = await ops.copyFile(file.path, `.soulguard/backup/${file.path}`);
     if (!backupResult.ok) {
-      await cleanupBackup(ops, backedUpFiles);
-      await cleanupPending(ops, changedFiles);
+      await cleanupBackup(ops);
       return err({ kind: "apply_failed", message: `Backup of ${file.path} failed` });
     }
-    backedUpFiles.push(file.path);
   }
   const appliedFiles = [];
   for (const file of changedFiles) {
     if (file.status === "deleted") {
       const deleteResult = await ops.deleteFile(file.path);
       if (!deleteResult.ok) {
-        await rollback(ops, changedFiles, appliedFiles, backedUpFiles, vaultOwnership);
+        await rollback(ops, appliedFiles, protectOwnership);
         return err({
           kind: "apply_failed",
           message: `Cannot delete ${file.path}: ${deleteResult.error.kind}`
         });
       }
     } else {
-      const content = await ops.readFile(`.soulguard/pending/${file.path}`);
+      if (file.status === "created") {
+        const parentDir = dirname2(file.path);
+        if (parentDir !== ".") {
+          await ops.mkdir(parentDir);
+        }
+      }
+      const content = await ops.readFile(stagingPath(file.path));
       if (!content.ok) {
-        await rollback(ops, changedFiles, appliedFiles, backedUpFiles, vaultOwnership);
-        return err({ kind: "apply_failed", message: `Cannot read pending/${file.path}` });
+        await rollback(ops, appliedFiles, protectOwnership);
+        return err({ kind: "apply_failed", message: `Cannot read staging/${file.path}` });
       }
       const writeResult = await ops.writeFile(file.path, content.value);
       if (!writeResult.ok) {
-        await rollback(ops, changedFiles, appliedFiles, backedUpFiles, vaultOwnership);
+        await rollback(ops, appliedFiles, protectOwnership);
         return err({
           kind: "apply_failed",
           message: `Cannot write ${file.path}: ${writeResult.error.kind}`
         });
       }
-      const chownResult = await ops.chown(file.path, vaultOwnership);
+      const chownResult = await ops.chown(file.path, protectOwnership);
       if (!chownResult.ok) {
-        await rollback(ops, changedFiles, appliedFiles, backedUpFiles, vaultOwnership);
+        await rollback(ops, appliedFiles, protectOwnership);
         return err({
           kind: "apply_failed",
           message: `Cannot chown ${file.path}: ${chownResult.error.kind}`
         });
       }
-      const chmodResult = await ops.chmod(file.path, vaultOwnership.mode);
+      const chmodResult = await ops.chmod(file.path, protectOwnership.mode);
       if (!chmodResult.ok) {
-        await rollback(ops, changedFiles, appliedFiles, backedUpFiles, vaultOwnership);
+        await rollback(ops, appliedFiles, protectOwnership);
         return err({
           kind: "apply_failed",
           message: `Cannot chmod ${file.path}: ${chmodResult.error.kind}`
         });
       }
+      const writtenHash = await ops.hashFile(file.path);
+      if (!writtenHash.ok || writtenHash.value !== file.stagedHash) {
+        await rollback(ops, appliedFiles, protectOwnership);
+        return err({
+          kind: "hash_mismatch",
+          message: `Staging tampered: ${file.path} content after write does not match snapshot`
+        });
+      }
     }
     appliedFiles.push(file.path);
   }
-  for (const file of changedFiles.filter((f) => f.status !== "deleted")) {
-    const stagingPath = `.soulguard/staging/${file.path}`;
-    await ops.copyFile(file.path, stagingPath);
-    if (options.stagingOwnership) {
-      await ops.chown(stagingPath, options.stagingOwnership);
-      await ops.chmod(stagingPath, options.stagingOwnership.mode);
+  const defaultOwnership = tree.config.defaultOwnership;
+  for (const file of nonDeletedFiles) {
+    const stagePath = stagingPath(file.path);
+    const stageParent = dirname2(stagePath);
+    if (stageParent !== STAGING_DIR) {
+      await ops.mkdir(stageParent);
+    }
+    await ops.copyFile(file.path, stagePath);
+    if (defaultOwnership) {
+      await ops.chown(stagePath, defaultOwnership);
+      await ops.chmod(stagePath, defaultOwnership.mode);
     }
   }
-  await cleanupBackup(ops, backedUpFiles);
-  await cleanupPending(ops, changedFiles);
+  await cleanupBackup(ops);
   let gitResult;
-  if (await isGitEnabled(ops, config)) {
-    const message = vaultCommitMessage(appliedFiles);
+  if (await isGitEnabled(ops, tree.config)) {
+    const message = protectCommitMessage(appliedFiles);
     const result = await gitCommit(ops, appliedFiles, message);
     if (result.ok) {
       gitResult = result.value;
@@ -6097,77 +6453,57 @@ async function approve(options) {
   }
   return ok({ appliedFiles, gitResult });
 }
-async function computePendingHash(ops, changedFiles) {
-  const withHashes = [];
-  for (const f of changedFiles) {
-    if (f.status === "deleted") {
-      withHashes.push(f);
-    } else {
-      const fileHash = await ops.hashFile(`.soulguard/pending/${f.path}`);
-      if (!fileHash.ok) {
-        return err(`Cannot hash pending/${f.path}`);
-      }
-      withHashes.push({ ...f, stagedHash: fileHash.value });
-    }
-  }
-  return ok(computeApprovalHash(withHashes));
-}
-async function cleanupPending(ops, files) {
-  for (const file of files) {
-    await ops.deleteFile(`.soulguard/pending/${file.path}`);
-  }
-}
-async function cleanupBackup(ops, backedUpFiles) {
-  for (const filePath of backedUpFiles) {
-    await ops.deleteFile(`.soulguard/backup/${filePath}`);
-  }
+async function cleanupBackup(ops) {
+  await ops.deleteFile(".soulguard/backup");
 }
-async function rollback(ops, changedFiles, appliedFiles, backedUpFiles, vaultOwnership) {
+async function rollback(ops, appliedFiles, protectOwnership) {
   for (const filePath of appliedFiles) {
-    const backupContent = await ops.readFile(`.soulguard/backup/${filePath}`);
-    if (backupContent.ok) {
-      await ops.writeFile(filePath, backupContent.value);
-      await ops.chown(filePath, vaultOwnership);
-      await ops.chmod(filePath, vaultOwnership.mode);
+    const backupExists = await ops.exists(`.soulguard/backup/${filePath}`);
+    if (backupExists.ok && backupExists.value) {
+      const backupContent = await ops.readFile(`.soulguard/backup/${filePath}`);
+      if (backupContent.ok) {
+        await ops.writeFile(filePath, backupContent.value);
+        await ops.chown(filePath, protectOwnership);
+        await ops.chmod(filePath, protectOwnership.mode);
+      }
+    } else {
+      await ops.deleteFile(filePath);
     }
   }
-  await cleanupBackup(ops, backedUpFiles);
-  await cleanupPending(ops, changedFiles);
+  await cleanupBackup(ops);
 }
-// ../core/src/reset.ts
+// ../core/src/sdk/reset.ts
 async function reset(options) {
-  const { ops, config, stagingOwnership } = options;
-  const diffResult = await diff({ ops, config });
-  if (!diffResult.ok) {
-    return err({ kind: "reset_failed", message: `Diff failed: ${diffResult.error.kind}` });
+  const { tree, ops, paths, all } = options;
+  const stagedFiles = tree.stagedFiles().map((f) => f.path);
+  if (stagedFiles.length === 0) {
+    return ok({ stagedFiles: [], deleted: false });
   }
-  if (!diffResult.value.hasChanges) {
-    return ok({ resetFiles: [] });
+  if (!paths?.length && !all) {
+    return ok({ stagedFiles, deleted: false });
   }
-  const resetFiles = [];
-  const resettableFiles = diffResult.value.files.filter((f) => f.status === "modified" || f.status === "deleted");
-  for (const file of resettableFiles) {
-    const stagingPath = `.soulguard/staging/${file.path}`;
-    const copyResult = await ops.copyFile(file.path, stagingPath);
-    if (copyResult.ok) {
-      if (stagingOwnership) {
-        await ops.chown(stagingPath, stagingOwnership);
-        await ops.chmod(stagingPath, stagingOwnership.mode);
-      }
-      resetFiles.push(file.path);
+  if (all) {
+    for (const f of stagedFiles) {
+      await ops.deleteFile(stagingPath(f));
     }
+    return ok({ stagedFiles, deleted: true });
   }
-  return ok({ resetFiles });
+  const affected = [];
+  for (const p of paths) {
+    const matching = stagedFiles.filter((f) => f === p || f.startsWith(p + "/"));
+    for (const f of matching) {
+      await ops.deleteFile(stagingPath(f));
+      affected.push(f);
+    }
+  }
+  return ok({ stagedFiles: affected, deleted: true });
 }
-// ../core/src/vault-check.ts
-function isVaultedFile(vaultFiles, filePath) {
+// ../core/src/sdk/protect-check.ts
+function isProtectedFile(protectFiles, filePath) {
   const norm = normalizePath(filePath);
-  return vaultFiles.some((pattern) => {
-    const normPattern = normalizePath(pattern);
-    if (isGlob(normPattern)) {
-      return matchGlob(normPattern, norm);
-    }
-    return norm === normPattern;
+  return protectFiles.some((entry) => {
+    const normEntry = normalizePath(entry);
+    return norm === normEntry || norm.startsWith(normEntry + "/");
   });
 }
 function normalizePath(p) {
@@ -6176,9 +6512,61 @@ function normalizePath(p) {
     s = s.slice(2);
   if (s.startsWith("/"))
     s = s.slice(1);
+  if (s.endsWith("/"))
+    s = s.slice(0, -1);
   return s;
 }
+// ../core/src/sdk/tier.ts
+function setTier(config, files, tier) {
+  const added = [];
+  const moved = [];
+  const alreadyInTier = [];
+  const newFiles = { ...config.files };
+  for (const file of files) {
+    const currentTier = newFiles[file];
+    if (currentTier === tier) {
+      alreadyInTier.push(file);
+    } else if (currentTier !== undefined) {
+      moved.push(file);
+      newFiles[file] = tier;
+    } else {
+      added.push(file);
+      newFiles[file] = tier;
+    }
+  }
+  return {
+    added,
+    moved,
+    alreadyInTier,
+    config: { ...config, files: newFiles }
+  };
+}
+function release(config, files) {
+  const released = [];
+  const notTracked = [];
+  const newFiles = { ...config.files };
+  for (const file of files) {
+    if (newFiles[file] !== undefined) {
+      released.push(file);
+      delete newFiles[file];
+    } else {
+      notTracked.push(file);
+    }
+  }
+  return {
+    released,
+    notTracked,
+    config: { ...config, files: newFiles }
+  };
+}
 // ../core/src/cli/status-command.ts
+var STAGED_LABELS = {
+  modified: "staged",
+  created: "staged (new)",
+  deleted: "staged (delete)",
+  unchanged: "unchanged"
+};
+
 class StatusCommand {
   opts;
   out;
@@ -6187,62 +6575,30 @@ class StatusCommand {
     this.out = out;
   }
   async execute() {
-    const result = await status(this.opts);
+    const result = await status({ tree: this.opts.tree });
     if (!result.ok)
       return 1;
-    const { vault, ledger, issues } = result.value;
+    const { changed, drifts } = result.value;
     this.out.heading(`Soulguard Status — ${this.opts.ops.workspace}`);
     this.out.write("");
-    if (vault.length > 0) {
-      this.out.heading("Vault");
-      for (const f of vault) {
-        this.printFile(f);
+    for (const drift of drifts) {
+      this.out.warn(`  ⚠️  ${drift.entity.path} (${drift.entity.configTier})`);
+      for (const issue of drift.details) {
+        this.out.warn(`      ${formatIssue(issue)}`);
       }
-      this.out.write("");
     }
-    if (ledger.length > 0) {
-      this.out.heading("Ledger");
-      for (const f of ledger) {
-        this.printFile(f);
-      }
-      this.out.write("");
+    for (const file of changed) {
+      this.out.info(`  ${STAGED_LABELS[file.status]} ${file.path}`);
     }
-    const counts = this.summarize([...vault, ...ledger]);
-    this.out.info(`${counts.ok} files ok, ${counts.drifted} drifted, ${counts.missing} missing`);
-    return issues.length > 0 ? 1 : 0;
-  }
-  printFile(f) {
-    switch (f.status) {
-      case "ok":
-        this.out.success(`  ✅ ${f.file.path}`);
-        break;
-      case "drifted":
-        this.out.warn(`  ⚠️  ${f.file.path}`);
-        for (const issue of f.issues) {
-          this.out.warn(`      ${formatIssue(issue)}`);
-        }
-        break;
-      case "missing":
-        this.out.error(`  ❌ ${f.path}`);
-        break;
-      case "error":
-        this.out.error(`  ❌ ${f.path} (${f.error.kind})`);
-        break;
+    if (drifts.length === 0 && changed.length === 0) {
+      this.out.success("All files ok.");
     }
-  }
-  summarize(files) {
-    let okCount = 0;
-    let drifted = 0;
-    let missing = 0;
-    for (const f of files) {
-      if (f.status === "ok")
-        okCount++;
-      else if (f.status === "drifted")
-        drifted++;
-      else if (f.status === "missing")
-        missing++;
+    this.out.write("");
+    if (drifts.length > 0) {
+      this.out.info(`${drifts.length} drifted`);
+      return 1;
     }
-    return { ok: okCount, drifted, missing };
+    return 0;
   }
 }
 // ../core/src/cli/sync-command.ts
@@ -6257,24 +6613,20 @@ class SyncCommand {
     const result = await sync(this.opts);
     if (!result.ok)
       return 1;
-    const { before, after, errors: errors2, git } = result.value;
+    const { drifts, errors: errors2, git } = result.value;
     this.out.heading(`Soulguard Sync — ${this.opts.ops.workspace}`);
     this.out.write("");
-    if (before.issues.length === 0 && errors2.length === 0) {
+    if (drifts.length === 0 && errors2.length === 0) {
       this.out.success("Nothing to fix — all files ok.");
       this.reportGit(git);
       return 0;
     }
-    const afterPaths = new Set(after.issues.map((f) => this.issuePath(f)));
-    const fixed = before.issues.filter((f) => !afterPaths.has(this.issuePath(f)));
-    if (fixed.length > 0) {
+    if (drifts.length > 0 && errors2.length === 0) {
       this.out.heading("Fixed:");
-      for (const f of fixed) {
-        this.out.success(`  \uD83D\uDD27 ${this.issuePath(f)}`);
-        if (f.status === "drifted") {
-          for (const issue of f.issues) {
-            this.out.info(`      ${formatIssue(issue)}`);
-          }
+      for (const d of drifts) {
+        this.out.success(`  \uD83D\uDD27 ${d.entity.path}`);
+        for (const issue of d.details) {
+          this.out.info(`      ${formatIssue(issue)}`);
         }
       }
       this.out.write("");
@@ -6285,47 +6637,17 @@ class SyncCommand {
         this.out.error(`  ❌ ${e.path}: ${e.operation} failed (${e.error.kind})`);
       }
       this.out.write("");
+      return 1;
     }
-    if (after.issues.length === 0) {
-      this.out.success("All files now ok.");
-      this.reportGit(git);
-      return 0;
-    }
-    this.out.warn(`${after.issues.length} issue(s) remaining after sync:`);
-    for (const f of after.issues) {
-      this.printFile(f);
-    }
-    return 1;
+    this.out.success("All files now ok.");
+    this.reportGit(git);
+    return 0;
   }
   reportGit(git) {
     if (git?.committed) {
       this.out.success(`  \uD83D\uDCDD Committed ${git.files.length} file(s) to git`);
     }
   }
-  issuePath(f) {
-    switch (f.status) {
-      case "ok":
-        return f.file.path;
-      case "drifted":
-        return f.file.path;
-      case "missing":
-      case "error":
-        return f.path;
-    }
-  }
-  printFile(f) {
-    switch (f.status) {
-      case "drifted":
-        this.out.warn(`  ⚠️  ${f.file.path}`);
-        break;
-      case "missing":
-        this.out.error(`  ❌ ${f.path}`);
-        break;
-      case "error":
-        this.out.error(`  ❌ ${f.path} (${f.error.kind})`);
-        break;
-    }
-  }
 }
 // ../core/src/cli/diff-command.ts
 class DiffCommand {
@@ -6338,56 +6660,34 @@ class DiffCommand {
   async execute() {
     const result = await diff(this.options);
     if (!result.ok) {
-      switch (result.error.kind) {
-        case "no_staging":
-          this.out.error("No staging directory found. Run `soulguard init` first.");
-          return 1;
-        case "no_config":
-          this.out.error("No soulguard.json found.");
-          return 1;
-        case "read_failed":
-          this.out.error(`Failed to read ${result.error.path}: ${result.error.message}`);
-          return 1;
-      }
+      this.out.error(`Failed: ${result.error.message}`);
+      return 1;
     }
     const { files, hasChanges } = result.value;
     this.out.heading(`Soulguard Diff — ${this.options.ops.workspace}`);
     this.out.write("");
-    let changeCount = 0;
-    for (const file of files) {
-      switch (file.status) {
-        case "unchanged":
-          this.out.info(`  ✅ ${file.path} (no changes)`);
-          break;
+    for (const entry of files) {
+      switch (entry.file.status) {
         case "modified":
-          changeCount++;
-          this.out.warn(`  \uD83D\uDCDD ${file.path}`);
-          if (file.diff) {
-            for (const line of file.diff.split(`
-`)) {
-              this.out.write(`      ${line}`);
-            }
-          }
+          this.out.warn(`  \uD83D\uDCDD ${entry.file.path}`);
           break;
-        case "staging_missing":
-          changeCount++;
-          this.out.warn(`  ⚠️ ${file.path} (no staging copy)`);
-          break;
-        case "vault_missing":
-          changeCount++;
-          this.out.warn(`  ⚠️ ${file.path} (vault file missing — new file)`);
+        case "created":
+          this.out.warn(`  ⚠️ ${entry.file.path} (new file)`);
           break;
         case "deleted":
-          changeCount++;
-          this.out.warn(`  \uD83D\uDDD1️ ${file.path} (staged for deletion)`);
+          this.out.warn(`  \uD83D\uDDD1️ ${entry.file.path} (staged for deletion)`);
           break;
       }
+      for (const line of entry.diff.split(`
+`)) {
+        this.out.write(`      ${line}`);
+      }
     }
     this.out.write("");
     if (hasChanges) {
-      this.out.info(`${changeCount} file(s) changed`);
+      this.out.info(`${files.length} file(s) changed`);
       if (result.value.approvalHash) {
-        this.out.info(`Approval hash: ${result.value.approvalHash}`);
+        this.out.info(`Apply hash: ${result.value.approvalHash}`);
       }
     } else {
       this.out.info("No changes");
@@ -6395,8 +6695,8 @@ class DiffCommand {
     return hasChanges ? 1 : 0;
   }
 }
-// ../core/src/cli/approve-command.ts
-class ApproveCommand {
+// ../core/src/cli/apply-command.ts
+class ApplyCommand {
   opts;
   out;
   constructor(opts, out) {
@@ -6405,25 +6705,32 @@ class ApproveCommand {
   }
   async execute() {
     let hash = this.opts.hash;
-    if (!hash) {
-      const diffResult = await diff({ ops: this.opts.ops, config: this.opts.config });
+    if (this.opts.skipHashVerification) {
+      if (hash) {
+        this.out.error("Cannot use both --yes and --hash flags");
+        return 1;
+      }
+      hash = undefined;
+    } else if (!hash) {
+      const diffResult = await diff({
+        tree: this.opts.tree,
+        ops: this.opts.ops
+      });
       if (!diffResult.ok) {
-        this.out.error(`Diff failed: ${diffResult.error.kind}`);
+        this.out.error(`Diff failed: ${diffResult.error.message}`);
         return 1;
       }
       if (!diffResult.value.hasChanges) {
-        this.out.info("No changes to approve — staging matches vault.");
+        this.out.info("No changes to apply — staging matches protected files.");
         return 0;
       }
-      this.out.heading(`Soulguard Approve — ${this.opts.ops.workspace}`);
+      this.out.heading(`Soulguard Apply — ${this.opts.ops.workspace}`);
       this.out.write("");
-      for (const file of diffResult.value.files) {
-        if (file.status === "modified" && file.diff) {
-          this.out.write(file.diff);
-        }
+      for (const entry of diffResult.value.files) {
+        this.out.write(entry.diff);
       }
       this.out.write("");
-      this.out.info(`Approval hash: ${diffResult.value.approvalHash}`);
+      this.out.info(`Apply hash: ${diffResult.value.approvalHash}`);
       this.out.write("");
       if (this.opts.prompt) {
         const confirmed = await this.opts.prompt();
@@ -6434,12 +6741,14 @@ class ApproveCommand {
       }
       hash = diffResult.value.approvalHash;
     }
-    const result = await approve({ ...this.opts, hash });
+    const result = await apply({
+      ops: this.opts.ops,
+      tree: this.opts.tree,
+      hash,
+      policies: this.opts.policies
+    });
     if (!result.ok) {
       switch (result.error.kind) {
-        case "no_changes":
-          this.out.info("No changes to approve — staging matches vault.");
-          return 0;
         case "hash_mismatch":
           this.out.error(result.error.message);
           this.out.info("Please run `soulguard diff` again and re-review.");
@@ -6459,18 +6768,15 @@ class ApproveCommand {
         case "apply_failed":
           this.out.error(`Apply failed: ${result.error.message}`);
           return 1;
-        case "diff_failed":
-          this.out.error(`Diff failed: ${result.error.message}`);
-          return 1;
       }
     }
     this.out.write("");
-    this.out.success(`Approved ${result.value.appliedFiles.length} file(s):`);
+    this.out.success(`Applied ${result.value.appliedFiles.length} file(s):`);
     for (const file of result.value.appliedFiles) {
       this.out.success(`  ✅ ${file}`);
     }
     this.out.write("");
-    this.out.info("Vault updated. Staging synced.");
+    this.out.info("Protected files updated. Staging synced.");
     return 0;
   }
 }
@@ -6488,118 +6794,852 @@ class ResetCommand {
       this.out.error(`Reset failed: ${result.error.message}`);
       return 1;
     }
-    if (result.value.resetFiles.length === 0) {
-      this.out.info("No changes to reset — staging already matches vault.");
+    const { stagedFiles, deleted } = result.value;
+    if (stagedFiles.length === 0) {
+      this.out.info("Nothing staged — staging tree is clean.");
       return 0;
     }
-    this.out.heading(`Soulguard Reset — ${this.opts.ops.workspace}`);
+    if (!deleted) {
+      this.out.write("Staged changes:");
+      for (const f of stagedFiles) {
+        this.out.write(`  ${STAGING_DIR}/${f}`);
+      }
+      this.out.write("");
+      this.out.write("Use --all to reset everything, or specify paths to reset.");
+      return 0;
+    }
+    this.out.success(`Reset ${stagedFiles.length} staged file(s):`);
+    for (const f of stagedFiles) {
+      this.out.write(`  ${STAGING_DIR}/${f}`);
+    }
+    return 0;
+  }
+}
+// ../core/src/cli/tier-command.ts
+function formatSummary(paths) {
+  const dirs = paths.filter((p) => p.endsWith("/")).length;
+  const files = paths.length - dirs;
+  const parts = [];
+  if (files > 0)
+    parts.push(`${files} ${files === 1 ? "file" : "files"}`);
+  if (dirs > 0)
+    parts.push(`${dirs} ${dirs === 1 ? "directory" : "directories"}`);
+  return parts.join(" and ");
+}
+function formatChange(action, from) {
+  if (action.kind === "release") {
+    return { prefix: "-", suffix: "(released)" };
+  }
+  const tier = action.tier;
+  if (from === undefined) {
+    return { prefix: "+", suffix: `→ ${tier}` };
+  }
+  const arrow = from === "watch" ? "↑" : "↓";
+  return { prefix: arrow, suffix: `→ ${tier} (was ${from})` };
+}
+async function isDirectory(ops, path) {
+  const stat = await ops.stat(path);
+  return stat.ok && stat.value.isDirectory;
+}
+async function enforceProtect(ops, path, ownership) {
+  const isDir = await isDirectory(ops, path);
+  if (isDir) {
+    const chown = await ops.chownRecursive(path, { user: ownership.user, group: ownership.group });
+    if (!chown.ok)
+      return { ok: false, error: `chown ${path}: ${chown.error.kind}` };
+    const chmod = await ops.chmodDirectoryTree(path, { fileMode: ownership.mode, dirMode: "555" });
+    if (!chmod.ok)
+      return { ok: false, error: `chmod ${path}: ${chmod.error.kind}` };
+  } else {
+    const chown = await ops.chown(path, { user: ownership.user, group: ownership.group });
+    if (!chown.ok)
+      return { ok: false, error: `chown ${path}: ${chown.error.kind}` };
+    const chmod = await ops.chmod(path, ownership.mode);
+    if (!chmod.ok)
+      return { ok: false, error: `chmod ${path}: ${chmod.error.kind}` };
+  }
+  return { ok: true };
+}
+async function restoreOwnership(ops, path, ownership) {
+  const isDir = await isDirectory(ops, path);
+  if (isDir) {
+    await ops.chownRecursive(path, { user: ownership.user, group: ownership.group });
+    await ops.chmodRecursive(path, ownership.mode);
+  } else {
+    await ops.chown(path, { user: ownership.user, group: ownership.group });
+    await ops.chmod(path, ownership.mode);
+  }
+}
+
+class TierCommand {
+  opts;
+  out;
+  constructor(opts, out) {
+    this.opts = opts;
+    this.out = out;
+  }
+  async execute() {
+    const { ops, files, action } = this.opts;
+    if (files.length === 0) {
+      this.out.error("No files specified.");
+      return 1;
+    }
+    const configResult = await readConfig(ops);
+    if (!configResult.ok) {
+      const e = configResult.error;
+      if (e.kind === "not_found") {
+        this.out.error("Failed to read config: soulguard.json not found");
+      } else {
+        this.out.error(`Failed to read config: ${e.message}`);
+      }
+      return 1;
+    }
+    let config;
+    let changedPaths;
+    const createdPaths = new Set;
+    if (action.kind === "set") {
+      for (const file of files) {
+        const exists = await ops.exists(file);
+        if (exists.ok && exists.value)
+          continue;
+        if (file.endsWith("/")) {
+          const mk = await ops.exec("mkdir", ["-p", file]);
+          if (!mk.ok) {
+            this.out.error(`Failed to create directory ${file}: ${mk.error.message}`);
+            return 1;
+          }
+        } else {
+          const parent = file.includes("/") ? file.slice(0, file.lastIndexOf("/")) : null;
+          if (parent) {
+            await ops.exec("mkdir", ["-p", parent]);
+          }
+          const wr = await ops.writeFile(file, "");
+          if (!wr.ok) {
+            this.out.error(`Failed to create file ${file}: ${wr.error.kind}`);
+            return 1;
+          }
+        }
+        if (action.tier === "watch") {
+          const defaultOwnership = configResult.value.defaultOwnership;
+          if (defaultOwnership) {
+            const owner = { user: defaultOwnership.user, group: defaultOwnership.group };
+            if (file.endsWith("/")) {
+              await ops.chownRecursive(file, owner);
+              await ops.chmodRecursive(file, "755");
+            } else {
+              await ops.chown(file, owner);
+              await ops.chmod(file, defaultOwnership.mode);
+            }
+          }
+        }
+        createdPaths.add(file);
+      }
+    }
+    if (action.kind === "set") {
+      const result = setTier(configResult.value, files, action.tier);
+      config = result.config;
+      changedPaths = [...result.added, ...result.moved];
+      for (const f of result.added) {
+        const fmt = formatChange(action);
+        const created = createdPaths.has(f) ? " (created)" : "";
+        this.out.success(`  ${fmt.prefix} ${f} ${fmt.suffix}${created}`);
+      }
+      for (const f of result.moved) {
+        const oldTier = configResult.value.files[f];
+        const fmt = formatChange(action, oldTier);
+        this.out.info(`  ${fmt.prefix} ${f} ${fmt.suffix}`);
+      }
+      for (const f of result.alreadyInTier) {
+        this.out.info(`  · ${f} (already ${action.tier})`);
+      }
+    } else {
+      const result = release(configResult.value, files);
+      config = result.config;
+      changedPaths = result.released;
+      for (const f of result.released) {
+        this.out.success(`  - ${f} (released)`);
+      }
+      for (const f of result.notTracked) {
+        this.out.info(`  · ${f} (not tracked)`);
+      }
+    }
+    if (changedPaths.length === 0) {
+      this.out.info("Nothing to change.");
+      return 0;
+    }
+    const writeResult = await writeConfig(ops, config);
+    if (!writeResult.ok) {
+      this.out.error(`Failed to write config: ${writeResult.error.message}`);
+      return 1;
+    }
+    if (action.kind === "set" && action.tier === "protect") {
+      const expectedProtectOwnership = getProtectOwnership(configResult.value.guardian);
+      for (const file of changedPaths) {
+        const result = await enforceProtect(ops, file, expectedProtectOwnership);
+        if (!result.ok) {
+          this.out.error(`Failed to enforce: ${result.error}`);
+          return 1;
+        }
+      }
+    } else if (action.kind === "set" && action.tier === "watch") {
+      const defaultOwnership = configResult.value.defaultOwnership;
+      for (const file of changedPaths) {
+        const wasTier = configResult.value.files[file];
+        if (wasTier === "protect" && defaultOwnership) {
+          await restoreOwnership(ops, file, defaultOwnership);
+        }
+      }
+    } else if (action.kind === "release") {
+      const defaultOwnership = configResult.value.defaultOwnership;
+      for (const file of changedPaths) {
+        const wasTier = configResult.value.files[file];
+        if (wasTier === "protect" && defaultOwnership) {
+          await restoreOwnership(ops, file, defaultOwnership);
+        }
+        const sibling = stagingPath(file);
+        const siblingExists = await ops.exists(sibling);
+        if (siblingExists.ok && siblingExists.value) {
+          await ops.deleteFile(sibling);
+        }
+      }
+    }
+    if (await isGitEnabled(ops, config)) {
+      const gitFiles = ["soulguard.json", ...changedPaths];
+      const verb = action.kind === "set" ? action.tier : "release";
+      await gitCommit(ops, gitFiles, `soulguard: ${verb} ${changedPaths.join(", ")}`);
+    }
     this.out.write("");
-    this.out.success(`Reset ${result.value.resetFiles.length} staging file(s):`);
-    for (const file of result.value.resetFiles) {
-      this.out.info(`  ↩️  ${file}`);
+    if (action.kind === "set") {
+      const label = action.tier === "protect" ? "protected" : "watched";
+      this.out.success(`Updated. ${formatSummary(changedPaths)} now ${label}.`);
+    } else {
+      this.out.success(`Released. ${formatSummary(changedPaths)} untracked.`);
+    }
+    return 0;
+  }
+}
+// ../core/src/sdk/stage.ts
+import { dirname as dirname3 } from "node:path";
+function isInProtectTier(path, protectPatterns2) {
+  for (const pattern of protectPatterns2) {
+    const normalized = pattern.endsWith("/") ? pattern.slice(0, -1) : pattern;
+    if (path === normalized || path === pattern)
+      return true;
+    if (path.startsWith(normalized + "/"))
+      return true;
+  }
+  return false;
+}
+async function ensureParentDir(ops, path) {
+  const parentDir = dirname3(path);
+  if (parentDir === "." || parentDir === "/") {
+    return ok(undefined);
+  }
+  const mkdirResult = await ops.mkdir(parentDir);
+  if (!mkdirResult.ok) {
+    return err(`Cannot create parent directory ${parentDir}: ${mkdirResult.error.kind}`);
+  }
+  return ok(undefined);
+}
+async function stage(options) {
+  const { ops, config, path, delete: isDelete } = options;
+  const protectFiles = protectPatterns(config);
+  if (!isInProtectTier(path, protectFiles)) {
+    return err({ kind: "not_in_protect_tier", path });
+  }
+  const stagedFiles = [];
+  const pathStat = await ops.stat(path);
+  if (!pathStat.ok && pathStat.error.kind !== "not_found") {
+    return err({
+      kind: "stage_failed",
+      path,
+      message: `Cannot stat path: ${pathStat.error.kind}`
+    });
+  }
+  const isDirectory2 = pathStat.ok && pathStat.value.isDirectory;
+  if (isDirectory2 && isDelete) {
+    const stagePath = stagingPath(path);
+    const existsResult = await ops.exists(stagePath);
+    if (existsResult.ok && existsResult.value) {
+      const readResult = await ops.readFile(stagePath);
+      if (readResult.ok && isDeleteSentinel(readResult.value)) {
+        return ok({ stagedFiles: [] });
+      }
+    }
+    const parentResult = await ensureParentDir(ops, stagePath);
+    if (!parentResult.ok) {
+      return err({ kind: "stage_failed", path, message: parentResult.error });
+    }
+    const writeResult = await ops.writeFile(stagePath, JSON.stringify(DELETE_SENTINEL, null, 2));
+    if (!writeResult.ok) {
+      return err({
+        kind: "stage_failed",
+        path,
+        message: `Cannot write delete sentinel: ${writeResult.error.kind}`
+      });
+    }
+    stagedFiles.push({ path, action: "delete" });
+  } else if (isDirectory2 && !isDelete) {
+    const listResult = await ops.listDir(path);
+    if (!listResult.ok) {
+      return err({
+        kind: "stage_failed",
+        path,
+        message: `Cannot list directory: ${listResult.error.kind}`
+      });
+    }
+    for (const filePath of listResult.value) {
+      const result = await stage({ ops, config, path: filePath, delete: isDelete });
+      if (!result.ok) {
+        return result;
+      }
+      stagedFiles.push(...result.value.stagedFiles);
+    }
+  } else if (!isDirectory2 && isDelete) {
+    const stagePath = stagingPath(path);
+    const existsResult = await ops.exists(stagePath);
+    if (existsResult.ok && existsResult.value) {
+      const readResult = await ops.readFile(stagePath);
+      if (readResult.ok && isDeleteSentinel(readResult.value)) {
+        return ok({ stagedFiles: [] });
+      }
+    }
+    const parentResult = await ensureParentDir(ops, stagePath);
+    if (!parentResult.ok) {
+      return err({ kind: "stage_failed", path, message: parentResult.error });
+    }
+    const writeResult = await ops.writeFile(stagePath, JSON.stringify(DELETE_SENTINEL, null, 2));
+    if (!writeResult.ok) {
+      return err({
+        kind: "stage_failed",
+        path,
+        message: `Cannot write delete sentinel: ${writeResult.error.kind}`
+      });
+    }
+    stagedFiles.push({ path, action: "delete" });
+  } else if (!isDirectory2 && !isDelete) {
+    const stagePath = stagingPath(path);
+    const existsResult = await ops.exists(stagePath);
+    if (existsResult.ok && existsResult.value) {
+      const readResult = await ops.readFile(stagePath);
+      if (readResult.ok && isDeleteSentinel(readResult.value)) {} else {
+        return ok({ stagedFiles: [] });
+      }
+    }
+    const parentResult = await ensureParentDir(ops, stagePath);
+    if (!parentResult.ok) {
+      return err({ kind: "stage_failed", path, message: parentResult.error });
+    }
+    const sourceExists = await ops.exists(path);
+    if (sourceExists.ok && sourceExists.value) {
+      const readResult = await ops.readFile(path);
+      if (!readResult.ok) {
+        return err({
+          kind: "stage_failed",
+          path,
+          message: `Cannot read file: ${readResult.error.kind}`
+        });
+      }
+      const writeResult = await ops.writeFile(stagePath, readResult.value);
+      if (!writeResult.ok) {
+        return err({
+          kind: "stage_failed",
+          path,
+          message: `Cannot write staging copy: ${writeResult.error.kind}`
+        });
+      }
+    } else {
+      const writeResult = await ops.writeFile(stagePath, "");
+      if (!writeResult.ok) {
+        return err({
+          kind: "stage_failed",
+          path,
+          message: `Cannot create empty staging file: ${writeResult.error.kind}`
+        });
+      }
+    }
+    stagedFiles.push({ path, action: "edit" });
+  }
+  return ok({ stagedFiles });
+}
+
+// ../core/src/cli/stage-command.ts
+class StageCommand {
+  opts;
+  out;
+  constructor(opts, out) {
+    this.opts = opts;
+    this.out = out;
+  }
+  async execute() {
+    const { ops, config, paths, delete: isDelete } = this.opts;
+    if (paths.length === 0) {
+      this.out.error("No paths specified.");
+      return 1;
+    }
+    const allStagedFiles = [];
+    const alreadyStaged = [];
+    for (const path of paths) {
+      const result = await stage({ ops, config, path, delete: isDelete });
+      if (!result.ok) {
+        switch (result.error.kind) {
+          case "not_in_protect_tier":
+            this.out.error(`${result.error.path} is not in the protect tier.`);
+            return 1;
+          case "stage_failed":
+            this.out.error(`Failed to stage ${result.error.path}: ${result.error.message}`);
+            return 1;
+        }
+      }
+      if (result.value.stagedFiles.length === 0) {
+        alreadyStaged.push(path);
+      } else {
+        allStagedFiles.push(...result.value.stagedFiles);
+      }
+    }
+    for (const file of alreadyStaged) {
+      this.out.info(`  · ${file} (already staged)`);
+    }
+    for (const { path, action } of allStagedFiles) {
+      if (action === "delete") {
+        this.out.success(`  \uD83D\uDDD1️  ${path} (staged for deletion)`);
+      } else {
+        this.out.success(`  \uD83D\uDCDD ${path} (staged for editing)`);
+      }
+    }
+    if (allStagedFiles.length === 0) {
+      this.out.info("Nothing to stage.");
+    } else {
+      this.out.write("");
+      this.out.success(`Staged ${allStagedFiles.length} file(s).`);
     }
     return 0;
   }
 }
+// ../core/src/daemon/proposal-manager.ts
+import { EventEmitter } from "node:events";
+class ProposalManager extends EventEmitter {
+  _ops;
+  _config;
+  _channel;
+  _pollIntervalMs;
+  _activeProposal = null;
+  _abortController = null;
+  _pendingFlow = null;
+  _running = false;
+  _pollTimer = null;
+  _pendingProposalHash = null;
+  constructor(options) {
+    super();
+    this._ops = options.ops;
+    this._config = options.config;
+    this._channel = options.channel;
+    this._pollIntervalMs = options.pollIntervalMs ?? 2000;
+  }
+  get activeProposal() {
+    return this._activeProposal;
+  }
+  get running() {
+    return this._running;
+  }
+  start() {
+    if (this._running)
+      return;
+    this._running = true;
+    this._pendingProposalHash = null;
+    this._poll();
+    this._pollTimer = setInterval(() => this._poll(), this._pollIntervalMs);
+  }
+  async stop() {
+    if (!this._running)
+      return;
+    this._running = false;
+    if (this._pollTimer) {
+      clearInterval(this._pollTimer);
+      this._pollTimer = null;
+    }
+    await this._abortPending();
+  }
+  async onStagingReady() {
+    this._pendingFlow = this._propose();
+    await this._pendingFlow;
+  }
+  async _poll() {
+    try {
+      const treeResult = await StateTree.build({
+        ops: this._ops,
+        config: this._config
+      });
+      if (!treeResult.ok) {
+        console.log(`[poll] StateTree.build failed: ${treeResult.error.message}`);
+        return;
+      }
+      const currentHash = treeResult.value.approvalHash;
+      if (currentHash === this._pendingProposalHash)
+        return;
+      console.log(`[poll] hash changed: ${this._pendingProposalHash?.slice(0, 12) ?? "null"} → ${currentHash?.slice(0, 12) ?? "null"}`);
+      this._pendingProposalHash = currentHash;
+      this._pendingFlow = this._propose().catch((err3) => {
+        this.emit("error", err3 instanceof Error ? err3 : new Error(String(err3)), "propose");
+      });
+    } catch (e) {
+      this.emit("error", e instanceof Error ? e : new Error(String(e)), "poll");
+    }
+  }
+  async _propose() {
+    await this._supersedePending();
+    const treeResult = await StateTree.build({ ops: this._ops, config: this._config });
+    if (!treeResult.ok) {
+      this.emit("error", new Error(`Failed to build state tree: ${treeResult.error.message}`), "propose:tree");
+      return;
+    }
+    const diffResult = await diff({ tree: treeResult.value, ops: this._ops });
+    if (!diffResult.ok) {
+      this.emit("error", new Error(`Failed to build diff: ${diffResult.error.message}`), "propose:diff");
+      return;
+    }
+    if (!diffResult.value.hasChanges)
+      return;
+    const files = diffResult.value.files.map((df) => ({
+      path: df.file.path,
+      status: df.file.status,
+      diff: df.diff
+    }));
+    const hash = diffResult.value.approvalHash;
+    const payload = { files, hash };
+    const postResult = await this._channel.postProposal(payload);
+    const proposal = {
+      channel: postResult.channel,
+      externalId: postResult.proposalId,
+      payload,
+      state: "pending",
+      createdAt: new Date().toISOString()
+    };
+    this._activeProposal = proposal;
+    const ac = new AbortController;
+    this._abortController = ac;
+    this.emit("proposed", proposal);
+    await this._runApprovalFlow(proposal, ac.signal);
+    this._pendingFlow = null;
+  }
+  async _runApprovalFlow(proposal, signal) {
+    try {
+      const approvalResult = await this._channel.waitForApproval(proposal.externalId, signal);
+      if (approvalResult.approved) {
+        const freshTree = await StateTree.build({ ops: this._ops, config: this._config });
+        if (!freshTree.ok) {
+          const error = new Error(`Failed to build fresh state tree: ${freshTree.error.message}`);
+          this.emit("error", error, "approval:verification");
+          proposal.state = "rejected";
+          this._activeProposal = null;
+          await this._channel.postResult(proposal.externalId, "rejected");
+          this.emit("rejected", proposal);
+          return;
+        }
+        if (freshTree.value.approvalHash !== proposal.payload.hash) {
+          proposal.state = "rejected";
+          this._activeProposal = null;
+          await this._channel.postResult(proposal.externalId, "rejected");
+          this.emit("rejected", proposal);
+          return;
+        }
+        const applyResult = await apply({
+          ops: this._ops,
+          tree: freshTree.value,
+          hash: proposal.payload.hash
+        });
+        if (!applyResult.ok) {
+          const error = new Error(`Apply failed: ${applyResult.error.kind}`);
+          this.emit("error", error, "approval:apply");
+          proposal.state = "rejected";
+          this._activeProposal = null;
+          await this._channel.postResult(proposal.externalId, "rejected");
+          this.emit("rejected", proposal);
+          return;
+        }
+        proposal.state = "approved";
+        this._activeProposal = null;
+        await this._channel.postResult(proposal.externalId, "applied");
+        this.emit("applied", proposal);
+      } else {
+        proposal.state = "rejected";
+        this._activeProposal = null;
+        await this._channel.postResult(proposal.externalId, "rejected");
+        this.emit("rejected", proposal);
+      }
+    } catch (e) {
+      if (e instanceof DOMException && e.name === "AbortError")
+        return;
+      if (e instanceof Error && e.name === "AbortError")
+        return;
+      const error = e instanceof Error ? e : new Error(String(e));
+      this.emit("error", error, "approval:wait");
+      proposal.state = "rejected";
+      this._activeProposal = null;
+    }
+  }
+  async _supersedePending() {
+    if (this._activeProposal && this._abortController) {
+      const oldProposal = this._activeProposal;
+      const oldController = this._abortController;
+      oldProposal.state = "superseded";
+      this._activeProposal = null;
+      this._abortController = null;
+      oldController.abort();
+      if (this._pendingFlow) {
+        await this._pendingFlow.catch(() => {});
+        this._pendingFlow = null;
+      }
+      await this._channel.postResult(oldProposal.externalId, "superseded");
+      this.emit("superseded", oldProposal);
+    }
+  }
+  async _abortPending() {
+    if (this._abortController)
+      this._abortController.abort();
+    if (this._pendingFlow) {
+      await this._pendingFlow.catch(() => {});
+      this._pendingFlow = null;
+    }
+    this._activeProposal = null;
+    this._abortController = null;
+  }
+}
+// ../core/src/daemon/channel-registry.ts
+var REGISTRY_KEY = "__soulguard_channel_registry__";
+function getRegistry() {
+  const g = globalThis;
+  if (!g[REGISTRY_KEY]) {
+    g[REGISTRY_KEY] = new Map;
+  }
+  return g[REGISTRY_KEY];
+}
+function registerChannel(name, createFn) {
+  getRegistry().set(name, createFn);
+}
+function getChannel(name) {
+  return getRegistry().get(name);
+}
+
+// ../core/src/daemon/daemon.ts
+class SoulguardDaemon {
+  _ops;
+  _config;
+  _channel = null;
+  _proposalManager = null;
+  _running = false;
+  constructor(options) {
+    this._ops = options.ops;
+    this._config = options.config;
+  }
+  get running() {
+    return this._running;
+  }
+  get proposalManager() {
+    return this._proposalManager;
+  }
+  async start() {
+    if (this._running)
+      return;
+    const daemonConfig = this._config.daemon;
+    if (!daemonConfig) {
+      throw new Error("Daemon configuration missing. Add a 'daemon' section to soulguard.json.");
+    }
+    const channelName = daemonConfig.channel;
+    console.log(`[daemon] channel: "${channelName}", config keys: ${JSON.stringify(Object.keys(daemonConfig))}`);
+    const createChannelFn = getChannel(channelName);
+    if (!createChannelFn) {
+      throw new Error(`No channel registered for "${channelName}". Register it with registerChannel() before starting the daemon.`);
+    }
+    const channelConfig = daemonConfig[channelName];
+    console.log(`[daemon] channelConfig present: ${!!channelConfig}, keys: ${channelConfig ? JSON.stringify(Object.keys(channelConfig)) : "n/a"}`);
+    this._channel = createChannelFn(channelConfig);
+    console.log(`[daemon] channel created: ${this._channel.name}`);
+    this._proposalManager = new ProposalManager({
+      ops: this._ops,
+      config: this._config,
+      channel: this._channel
+    });
+    console.log(`[daemon] starting proposal manager`);
+    this._proposalManager.start();
+    this._running = true;
+  }
+  async stop() {
+    if (!this._running)
+      return;
+    this._running = false;
+    if (this._proposalManager) {
+      await this._proposalManager.stop();
+      this._proposalManager = null;
+    }
+    if (this._channel) {
+      await this._channel.dispose();
+      this._channel = null;
+    }
+  }
+}
+// ../core/src/daemon/service.ts
+function generateServiceFile(options) {
+  if (options.platform === "systemd") {
+    return generateSystemdUnit(options);
+  }
+  return generateLaunchdPlist(options);
+}
+function serviceFilePath(options) {
+  if (options.platform === "systemd") {
+    return `/etc/systemd/system/soulguard-${options.guardianUser}.service`;
+  }
+  return `/Library/LaunchDaemons/com.soulguard.${options.guardianUser}.plist`;
+}
+function generateSystemdUnit(options) {
+  return `[Unit]
+Description=Soulguard daemon for ${options.agentUser}
+After=network.target
+
+[Service]
+Type=simple
+User=${options.guardianUser}
+ExecStart=${options.soulguardBin} daemon start
+WorkingDirectory=${options.workspaceRoot}
+Restart=on-failure
+RestartSec=5
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+`;
+}
+function generateLaunchdPlist(options) {
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>com.soulguard.${options.guardianUser}</string>
+  <key>UserName</key>
+  <string>${options.guardianUser}</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>${options.soulguardBin}</string>
+    <string>daemon</string>
+    <string>start</string>
+  </array>
+  <key>WorkingDirectory</key>
+  <string>${options.workspaceRoot}</string>
+  <key>KeepAlive</key>
+  <true/>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>StandardOutPath</key>
+  <string>/var/log/soulguard-${options.guardianUser}.log</string>
+  <key>StandardErrorPath</key>
+  <string>/var/log/soulguard-${options.guardianUser}.err</string>
+</dict>
+</plist>
+`;
+}
+// ../core/src/cli/plugin-registry.ts
+var REGISTRY_KEY2 = "__soulguard_plugin_registry__";
+function getRegistry2() {
+  const g = globalThis;
+  if (!g[REGISTRY_KEY2]) {
+    g[REGISTRY_KEY2] = new Map;
+  }
+  return g[REGISTRY_KEY2];
+}
+function registerPlugin(name, dir) {
+  getRegistry2().set(name, dir);
+}
+function getPluginDir(name) {
+  return getRegistry2().get(name);
+}
 // ../openclaw/src/index.ts
 var exports_src = {};
 __export(exports_src, {
   templates: () => templates,
-  relaxedTemplate: () => relaxedTemplate,
-  paranoidTemplate: () => paranoidTemplate,
   guardToolCall: () => guardToolCall,
-  defaultTemplate: () => defaultTemplate,
+  getPendingChanges: () => getPendingChanges,
   default: () => src_default,
-  createSoulguardPlugin: () => createSoulguardPlugin
+  createSoulguardPlugin: () => createSoulguardPlugin,
+  buildPendingChangesContext: () => buildPendingChangesContext
 });
 
 // ../openclaw/src/templates.ts
-var SOULGUARD_CONFIG = ["soulguard.json"];
-var CORE_IDENTITY = ["SOUL.md", "AGENTS.md", "IDENTITY.md", "USER.md"];
-var CORE_SESSION = ["TOOLS.md", "HEARTBEAT.md", "BOOTSTRAP.md"];
-var CORE_MEMORY = ["MEMORY.md"];
-var MEMORY_DIR = ["memory/**"];
-var SKILLS = ["skills/**"];
-var OPENCLAW_CONFIG = ["openclaw.json"];
-var CRON = ["cron/jobs.json"];
-var EXTENSIONS = ["extensions/**"];
-var SESSIONS = ["sessions/**"];
-var ALL_KNOWN_PATHS = [
-  ...SOULGUARD_CONFIG,
-  ...CORE_IDENTITY,
-  ...CORE_SESSION,
-  ...CORE_MEMORY,
-  ...MEMORY_DIR,
-  ...SKILLS,
-  ...OPENCLAW_CONFIG,
-  ...CRON,
-  ...EXTENSIONS,
-  ...SESSIONS
-];
-var defaultTemplate = {
-  name: "default",
-  description: "Core identity and config in vault, memory and skills tracked in ledger",
-  vault: [
-    ...SOULGUARD_CONFIG,
-    ...CORE_IDENTITY,
-    ...CORE_SESSION,
-    ...OPENCLAW_CONFIG,
-    ...CRON,
-    ...EXTENSIONS
-  ],
-  ledger: [...CORE_MEMORY, ...MEMORY_DIR, ...SKILLS],
-  unprotected: [...SESSIONS]
-};
-var paranoidTemplate = {
-  name: "paranoid",
-  description: "Everything possible in vault, only skills in ledger",
-  vault: [
-    ...SOULGUARD_CONFIG,
-    ...CORE_IDENTITY,
-    ...CORE_SESSION,
-    ...CORE_MEMORY,
-    ...MEMORY_DIR,
-    ...SKILLS,
-    ...OPENCLAW_CONFIG,
-    ...CRON,
-    ...EXTENSIONS
-  ],
-  ledger: [...SESSIONS],
-  unprotected: []
-};
-var relaxedTemplate = {
-  name: "relaxed",
-  description: "Only soulguard config locked, everything else tracked — good for initial setup",
-  vault: [...SOULGUARD_CONFIG],
-  ledger: [
-    ...CORE_IDENTITY,
-    ...CORE_SESSION,
-    ...CORE_MEMORY,
-    ...MEMORY_DIR,
-    ...SKILLS,
-    ...OPENCLAW_CONFIG,
-    ...CRON,
-    ...EXTENSIONS
-  ],
-  unprotected: [...SESSIONS]
-};
 var templates = {
-  default: defaultTemplate,
-  paranoid: paranoidTemplate,
-  relaxed: relaxedTemplate
+  default: {
+    name: "default",
+    description: "Core identity and config protected, memory and skills watched",
+    protect: [
+      "workspace/SOUL.md",
+      "workspace/AGENTS.md",
+      "workspace/IDENTITY.md",
+      "workspace/USER.md",
+      "workspace/TOOLS.md",
+      "workspace/HEARTBEAT.md",
+      "workspace/BOOTSTRAP.md",
+      "openclaw.json",
+      "cron/",
+      "extensions/"
+    ],
+    watch: ["workspace/MEMORY.md", "workspace/memory/", "workspace/skills/"],
+    release: ["workspace/sessions/"]
+  },
+  paranoid: {
+    name: "paranoid",
+    description: "Everything protected, only sessions watched",
+    protect: [
+      "workspace/SOUL.md",
+      "workspace/AGENTS.md",
+      "workspace/IDENTITY.md",
+      "workspace/USER.md",
+      "workspace/TOOLS.md",
+      "workspace/HEARTBEAT.md",
+      "workspace/BOOTSTRAP.md",
+      "workspace/MEMORY.md",
+      "workspace/memory/",
+      "workspace/skills/",
+      "openclaw.json",
+      "cron/",
+      "extensions/"
+    ],
+    watch: ["workspace/sessions/"],
+    release: []
+  },
+  relaxed: {
+    name: "relaxed",
+    description: "Everything watched — good for initial setup",
+    protect: [],
+    watch: [
+      "workspace/SOUL.md",
+      "workspace/AGENTS.md",
+      "workspace/IDENTITY.md",
+      "workspace/USER.md",
+      "workspace/TOOLS.md",
+      "workspace/HEARTBEAT.md",
+      "workspace/BOOTSTRAP.md",
+      "workspace/MEMORY.md",
+      "workspace/memory/",
+      "workspace/skills/",
+      "openclaw.json",
+      "cron/",
+      "extensions/"
+    ],
+    release: ["workspace/sessions/"]
+  }
 };
 // ../openclaw/src/plugin.ts
 import { readFileSync } from "node:fs";
-import { join } from "node:path";
+import os from "node:os";
+import { join as join2 } from "node:path";
 
 // ../openclaw/src/guard.ts
-import { basename } from "node:path";
-var WRITE_TOOLS = new Set(["Write", "Edit"]);
+import path from "node:path";
+var WRITE_TOOLS = new Set(["write", "edit"]);
 var PATH_KEYS = ["file_path", "path", "file"];
-var STAGING_PREFIX = ".soulguard/staging/";
 function guardToolCall(toolName, params, options) {
-  if (!WRITE_TOOLS.has(toolName))
+  if (!WRITE_TOOLS.has(toolName.toLowerCase())) {
     return { blocked: false };
+  }
   let targetPath;
   for (const key of PATH_KEYS) {
     const v = params[key];
@@ -6608,138 +7648,59 @@ function guardToolCall(toolName, params, options) {
       break;
     }
   }
+  if (targetPath && path.isAbsolute(targetPath)) {
+    targetPath = path.relative(options.stateDir, targetPath);
+  }
   if (!targetPath)
     return { blocked: false };
-  const norm = normalizePath(targetPath);
-  if (norm.startsWith(STAGING_PREFIX))
+  if (isStagingPath(targetPath))
     return { blocked: false };
-  if (!isVaultedFile(options.vaultFiles, targetPath))
+  if (!isProtectedFile(options.protectFiles, targetPath))
     return { blocked: false };
-  const fileName = basename(targetPath);
   return {
     blocked: true,
-    reason: `${fileName} is vault-protected by soulguard. ` + `To modify it, edit .soulguard/staging/${norm} instead. ` + `Your changes will be reviewed and approved by the owner.`
+    reason: [
+      `${targetPath} is protected by soulguard.`,
+      `To propose changes, run \`soulguard stage ${targetPath}\` to create a working copy,`,
+      `then edit the staged file at ${stagingPath(targetPath)}.`,
+      `Run \`soulguard diff\` to review your changes.`,
+      `Your owner will review and apply the changes.`
+    ].join(" ")
   };
 }
 
 // ../openclaw/src/plugin.ts
-var OPENCLAW_DEFAULT_CONFIG = {
-  vault: ["openclaw.json", "soulguard.json"],
-  ledger: []
-};
+var PKG_VERSION = typeof SOULGUARD_VERSION !== "undefined" ? SOULGUARD_VERSION : "0.0.0-dev";
 var PLUGIN_DESCRIPTION = "Identity protection for AI agents";
 function createSoulguardPlugin(options) {
   return {
     id: "soulguard",
     name: "Soulguard",
     description: PLUGIN_DESCRIPTION,
-    version: "0.1.0",
+    version: PKG_VERSION,
     activate(api) {
-      const workspaceDir = api.resolvePath?.(".") ?? api.runtime.workspaceDir ?? ".";
+      const stateDir = process.env.OPENCLAW_STATE_DIR?.trim() ?? join2(os.homedir(), ".openclaw");
       const configFile = options?.configPath ?? "soulguard.json";
-      const configPath = api.resolvePath?.(configFile) ?? join(workspaceDir, configFile);
-      let config;
-      let vaultFiles;
+      const configPath = join2(stateDir, configFile);
+      let protectFiles;
       try {
         const raw = JSON.parse(readFileSync(configPath, "utf-8"));
-        config = parseConfig(raw);
-        vaultFiles = config.vault;
+        protectFiles = protectPatterns(parseConfig(raw));
       } catch {
-        config = OPENCLAW_DEFAULT_CONFIG;
-        vaultFiles = config.vault;
-        api.logger?.warn("soulguard: no soulguard.json found — using OpenClaw defaults");
+        api.logger?.warn(`soulguard: no config found at ${configPath} — plugin inactive`);
+        return;
       }
-      if (vaultFiles.length === 0)
+      if (protectFiles.length === 0)
         return;
-      const createOps = () => new NodeSystemOps(workspaceDir);
-      api.registerTool({
-        name: "soulguard_status",
-        description: "Check soulguard protection status of vault and ledger files",
-        parameters: { type: "object", properties: {}, required: [] },
-        async execute(_id, _params) {
-          const ops = createOps();
-          const result = await status({
-            config,
-            expectedVaultOwnership: { user: "soulguardian", group: "soulguard", mode: "444" },
-            expectedLedgerOwnership: { user: "agent", group: "staff", mode: "644" },
-            ops
-          });
-          if (!result.ok) {
-            return { content: [{ type: "text", text: "Status check failed" }] };
-          }
-          const lines = ["Soulguard Status:", ""];
-          for (const f of [...result.value.vault, ...result.value.ledger]) {
-            if (f.status === "ok")
-              lines.push(`  ✅ ${f.file.path}`);
-            else if (f.status === "drifted")
-              lines.push(`  ⚠️  ${f.file.path} — ${f.issues.map((i) => i.kind).join(", ")}`);
-            else if (f.status === "missing")
-              lines.push(`  ❌ ${f.path} — missing`);
-            else if (f.status === "error")
-              lines.push(`  ❌ ${f.path} — error: ${f.error.kind}`);
-          }
-          if (result.value.issues.length === 0)
-            lines.push("", "All files ok.");
-          else
-            lines.push("", `${result.value.issues.length} issue(s) found.`);
-          return { content: [{ type: "text", text: lines.join(`
-`) }] };
-        }
-      }, { optional: true });
-      api.registerTool({
-        name: "soulguard_diff",
-        description: "Show differences between vault files and their staging copies",
-        parameters: {
-          type: "object",
-          properties: {
-            files: {
-              type: "array",
-              items: { type: "string" },
-              description: "Specific files to diff (default: all vault files)"
-            }
-          },
-          required: []
-        },
-        async execute(_id, params) {
-          const ops = createOps();
-          const files = Array.isArray(params.files) ? params.files : undefined;
-          const result = await diff({ ops, config, files });
-          if (!result.ok) {
-            return {
-              content: [{ type: "text", text: `Diff failed: ${result.error.kind}` }]
-            };
-          }
-          if (!result.value.hasChanges) {
-            return {
-              content: [
-                { type: "text", text: "No differences — staging matches vault." }
-              ]
-            };
-          }
-          const lines = result.value.files.filter((d) => d.status === "modified" && d.diff).map((d) => `--- ${d.path}
-${d.diff}`);
-          let text = lines.join(`
-
-`) || "No modified files.";
-          if (result.value.approvalHash) {
-            text += `
-
-────────────────────────────────────────
-Approval hash: ${result.value.approvalHash}
-To approve: soulguard approve --hash ${result.value.approvalHash}`;
-          }
-          return { content: [{ type: "text", text }] };
-        }
-      }, { optional: true });
-      const hookFn = api.registerHook ?? api.on;
-      hookFn("before_tool_call", (...args) => {
+      api.on("before_tool_call", (...args) => {
         const event = args[0];
         if (!event || typeof event !== "object" || !("toolName" in event)) {
           return;
         }
         const e = event;
         const result = guardToolCall(e.toolName, e.params, {
-          vaultFiles
+          protectFiles,
+          stateDir
         });
         if (result.blocked) {
           return { block: true, blockReason: result.reason };
@@ -6749,42 +7710,74 @@ To approve: soulguard approve --hash ${result.value.approvalHash}`;
     }
   };
 }
+// ../openclaw/src/context.ts
+async function getPendingChanges(options) {
+  const treeResult = await StateTree.build(options);
+  if (!treeResult.ok)
+    return { files: [] };
+  return { files: treeResult.value.changedFiles().map((f) => f.path) };
+}
+async function buildPendingChangesContext(options) {
+  const { files } = await getPendingChanges(options);
+  if (files.length === 0)
+    return;
+  const fileList = files.join(", ");
+  return `[Soulguard] ${files.length} protected file(s) have pending staged changes: ${fileList}. ` + `Use \`soulguard diff\` to review. Ask your owner to apply changes, ` + `or use \`soulguard reset\` to discard them.`;
+}
+
 // ../openclaw/src/index.ts
 var src_default = createSoulguardPlugin();
 export {
-  vaultCommitMessage,
+  writeConfig,
+  watchPatterns,
   validateSelfProtection,
   validatePolicies,
   sync,
   status,
+  stagingPath,
   soulguardConfigSchema,
-  resolvePatterns,
+  setTier,
+  serviceFilePath,
   reset,
+  release,
+  registerPlugin,
+  registerChannel,
+  readConfig,
+  protectPatterns,
+  patternsForTier,
   parseConfig,
   exports_src as openclaw,
   ok,
   normalizePath,
-  matchGlob,
-  ledgerCommitMessage,
-  isVaultedFile,
-  isGlob,
-  isGitEnabled,
-  gitCommit,
-  getFileInfo,
+  makeDefaultConfig,
+  isStagingPath,
+  isProtectedFile,
+  isDeleteSentinel,
+  guardianName,
+  getProtectOwnership,
+  getPluginDir,
+  getChannel,
+  generateServiceFile,
   formatIssue,
   evaluatePolicies,
   err,
   diff,
-  createGlobMatcher,
-  commitLedgerFiles,
-  approve,
+  apply,
+  TierCommand,
   SyncCommand,
   StatusCommand,
+  StateTreeBuildError,
+  StateTree,
+  StageCommand,
+  SoulguardDaemon,
+  STAGING_DIR,
+  SOULGUARD_GROUP,
   ResetCommand,
+  ProposalManager,
   NodeSystemOps,
   MockSystemOps,
   LiveConsoleOutput,
   DiffCommand,
-  DEFAULT_CONFIG,
-  ApproveCommand
+  DELETE_SENTINEL,
+  ApplyCommand
 };