npm - tend-cli - Versions diffs - 0.4.1 → 0.6.0 - Mend

tend-cli 0.4.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/bin.js +242 -449
package/dist/config-tbp_HMuZ.js +184970 -0
package/dist/index.d.ts +1130 -383
package/dist/index.js +11 -3
package/package.json +1 -3
package/prompts/dead-code-cleanup.md +48 -0
package/prompts/fix.md +25 -21
package/prompts/generated-source-repair.md +48 -0
package/prompts/multi-file-duplicate-refactor.md +49 -0
package/prompts/regression-repair.md +67 -0
package/prompts/single-file-ai-edit.md +46 -0
package/prompts/test-file-repair.md +46 -0
package/dist/config-pmGLB0x1.js +0 -1833

package/dist/index.d.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { SimpleGit } from "simple-git";
 //#region src/findings/finding.d.ts
 declare const TOOLS: readonly ["sonarjs", "knip", "jscpd", "semgrep", "osv", "gitleaks"];
+declare const SCOPE_EXCLUSION_REASONS: readonly ["generated", "fixtures", "tests", "out-of-scope"];
 declare const FindingSchema: z.ZodObject<{
   id: z.ZodString;
   retryId: z.ZodOptional<z.ZodString>;
@@ -33,22 +34,57 @@ declare const FindingSchema: z.ZodObject<{
   flowPath: z.ZodOptional<z.ZodArray<z.ZodObject<{
     file: z.ZodString;
     line: z.ZodNumber;
+    range: z.ZodOptional<z.ZodObject<{
+      startLine: z.ZodNumber;
+      startCol: z.ZodNumber;
+      endLine: z.ZodNumber;
+      endCol: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    }, {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    }>>;
   }, "strip", z.ZodTypeAny, {
     file: string;
     line: number;
+    range?: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    } | undefined;
   }, {
     file: string;
     line: number;
+    range?: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    } | undefined;
   }>, "many">>;
   remediation: z.ZodOptional<z.ZodString>;
+  autofixable: z.ZodOptional<z.ZodBoolean>;
+  repairStrategy: z.ZodOptional<z.ZodEnum<["deterministic-eslint-fix", "deterministic-ts-organize-imports", "deterministic-package-json-cleanup", "single-file-ai-edit", "multi-file-duplicate-refactor", "generated-source-repair", "test-file-repair", "dead-code-cleanup", "unsupported"]>>;
+  repairStrategyReason: z.ZodOptional<z.ZodString>;
   track: z.ZodEnum<["ai-fix", "deterministic", "report-only"]>;
   status: z.ZodEnum<["pending", "fixing", "fixed", "reverted", "unfixable", "skipped"]>;
   attempts: z.ZodNumber;
-  revertReason: z.ZodOptional<z.ZodEnum<["broke-test", "suppression", "regression", "typecheck", "session-error"]>>;
+  revertReason: z.ZodOptional<z.ZodEnum<["broke-test", "suppression", "regression", "typecheck", "session-error", "needs-lockfile-update"]>>;
   revertDetail: z.ZodOptional<z.ZodString>;
+  finalFailureClass: z.ZodOptional<z.ZodEnum<["tool-timeout", "rate-limit", "model-tool-failure", "no-edit", "no-op", "regression", "typecheck", "broke-test", "suppression", "needs-lockfile-update"]>>;
   firstSeenLoop: z.ZodNumber;
   lastSeenLoop: z.ZodNumber;
   inScope: z.ZodOptional<z.ZodBoolean>;
+  inReportScope: z.ZodDefault<z.ZodBoolean>;
+  inFixScope: z.ZodDefault<z.ZodBoolean>;
+  scopeExclusionReason: z.ZodOptional<z.ZodEnum<["generated", "fixtures", "tests", "out-of-scope"]>>;
 }, "strip", z.ZodTypeAny, {
   id: string;
   tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
@@ -68,16 +104,29 @@ declare const FindingSchema: z.ZodObject<{
   attempts: number;
   firstSeenLoop: number;
   lastSeenLoop: number;
+  inReportScope: boolean;
+  inFixScope: boolean;
   retryId?: string | undefined;
   helpUri?: string | undefined;
   flowPath?: {
     file: string;
     line: number;
+    range?: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    } | undefined;
   }[] | undefined;
   remediation?: string | undefined;
-  revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+  autofixable?: boolean | undefined;
+  repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+  repairStrategyReason?: string | undefined;
+  revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
   revertDetail?: string | undefined;
+  finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
   inScope?: boolean | undefined;
+  scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
 }, {
   id: string;
   tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
@@ -102,15 +151,29 @@ declare const FindingSchema: z.ZodObject<{
   flowPath?: {
     file: string;
     line: number;
+    range?: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    } | undefined;
   }[] | undefined;
   remediation?: string | undefined;
-  revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+  autofixable?: boolean | undefined;
+  repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+  repairStrategyReason?: string | undefined;
+  revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
   revertDetail?: string | undefined;
+  finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
   inScope?: boolean | undefined;
+  inReportScope?: boolean | undefined;
+  inFixScope?: boolean | undefined;
+  scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
 }>;
 type Finding = z.infer<typeof FindingSchema>;
 type Tool = (typeof TOOLS)[number];
 type Track = Finding["track"];
+type ScopeExclusionReason = (typeof SCOPE_EXCLUSION_REASONS)[number];
 /** The components that give a finding its stable identity. */
 type FingerprintInput = {
   tool: string;
@@ -137,12 +200,81 @@ type RawFinding = {
   helpUri?: string;
   flowPath?: Finding["flowPath"];
   remediation?: string;
+  autofixable?: boolean;
 };
 /** Which track a tool's findings flow into. */
 declare function trackForTool(tool: Tool): Track;
 /** Turn a raw scanner record into a tracked `Finding` for the given loop. */
 declare function normalize(raw: RawFinding, loop: number): Finding;
+//#endregion
+//#region src/fixing/change-set.d.ts
+type FileEdit = {
+  path: string;
+  contents: string;
+};
+/**
+ * The atomic unit of a fix: edits to one file plus (optionally) its sibling test,
+ * applied and reverted together. Captures each file's prior state on apply so a
+ * revert — even after a partial apply — restores the working tree exactly.
+ */
+declare class ChangeSet {
+  private readonly edits;
+  /** path → original contents, or null if the file did not exist before. */
+  private readonly originals;
+  constructor(edits: FileEdit[]);
+  apply(): void;
+  revert(): void;
+}
+//#endregion
+//#region src/session/types.d.ts
+type SessionRequest = {
+  /** The file this session owns (plus its sibling test). */
+  file: string;
+  /** Findings to fix in this file. */
+  findings: Finding[];
+  /** The fully-rendered prompt for the AI. */
+  prompt: string;
+};
+type FailureClass = "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update";
+/**
+ * Estimated AI cost/usage for a unit of work. `total_cost_usd` from Claude's
+ * stream-json `result` message is a **client-side estimate**, never authoritative
+ * billing — always surface it as "estimated AI cost".
+ */
+type AiUsage = {
+  /** Claude's `total_cost_usd` estimate (USD). A client-side estimate, not a bill. */
+  estimatedCostUsd: number;
+  inputTokens: number;
+  outputTokens: number;
+  cacheCreationInputTokens: number;
+  cacheReadInputTokens: number;
+  /** Number of Claude sessions (result messages) observed. */
+  sessions: number;
+};
+/** Cost/token portion of usage parsed from a single stream (sessions tracked separately). */
+/** A usage record with everything zeroed. */
+declare const zeroUsage: () => AiUsage;
+/** Sum two usage records field-by-field (used to roll usage up through the run). */
+declare function addUsage(a: AiUsage, b: AiUsage): AiUsage;
+type SessionResult = {
+  ok: true;
+  edits: FileEdit[];
+  usage?: AiUsage;
+} | {
+  ok: false;
+  error: string;
+  rateLimited: boolean;
+  failureClass: Extract<FailureClass, "tool-timeout" | "rate-limit" | "model-tool-failure">;
+  usage?: AiUsage;
+};
+/** One of the two interfaces in tend: drives an AI fix session. */
+interface SessionRunner {
+  run(request: SessionRequest): Promise<SessionResult>;
+}
 //#endregion
 //#region src/findings/store.d.ts
 type RevertReason$1 = NonNullable<Finding["revertReason"]>;
@@ -166,7 +298,8 @@ declare class FindingStore {
     file?: string;
   }): Finding[];
   /** Record a failed fix attempt against a finding's fingerprint. */
-  recordFailedAttempt(id: string, reason: RevertReason$1, detail?: string): void;
+  recordFailedAttempt(id: string, reason: RevertReason$1, detail?: string, failureClass?: FailureClass): void;
+  recordFailureWithoutAttempt(id: string, reason: RevertReason$1, detail: string | undefined, failureClass: FailureClass): void;
   /** A finding's per-issue budget is exhausted once it has used `budget` attempts. */
   isBudgetExhausted(id: string, budget: number): boolean;
   /** Serialize to a plain array — `report.json`'s findings section. */
@@ -290,24 +423,43 @@ type GateOutcome = {
 declare function runGate(checks: Check[]): Promise<GateOutcome>;
 //#endregion
-//#region src/fixing/change-set.d.ts
-type FileEdit = {
-  path: string;
-  contents: string;
+//#region src/scanners/scope-policy.d.ts
+type FixScopeConfig = {
+  include?: string[];
+  exclude?: string[];
+  includeGenerated?: boolean;
+  includeFixtures?: boolean;
+  includeTests?: boolean;
 };
-/**
- * The atomic unit of a fix: edits to one file plus (optionally) its sibling test,
- * applied and reverted together. Captures each file's prior state on apply so a
- * revert — even after a partial apply — restores the working tree exactly.
- */
-declare class ChangeSet {
-  private readonly edits;
-  /** path → original contents, or null if the file did not exist before. */
-  private readonly originals;
-  constructor(edits: FileEdit[]);
-  apply(): void;
-  revert(): void;
-}
+//#endregion
+//#region src/fixing/repair-strategy.d.ts
+declare const REPAIR_STRATEGIES: readonly ["deterministic-eslint-fix", "deterministic-ts-organize-imports", "deterministic-package-json-cleanup", "single-file-ai-edit", "multi-file-duplicate-refactor", "generated-source-repair", "test-file-repair", "dead-code-cleanup", "unsupported"];
+type RepairStrategy = (typeof REPAIR_STRATEGIES)[number];
+type RepairStrategyReason = ScopeExclusionReason | "generated-source-not-found" | "report-only" | "deterministic-not-dispatched";
+type RepairPlannerInput = {
+  finding: Finding;
+  scope?: Partial<Pick<Finding, "inFixScope" | "scopeExclusionReason" | "inReportScope" | "inScope">>;
+  config?: FixScopeConfig & {
+    eslintAutofixableRules?: string[];
+  };
+  cwd?: string;
+  flowPath?: Finding["flowPath"];
+  file?: string;
+  category?: Finding["category"];
+  rule?: string;
+  tool?: Finding["tool"];
+};
+type RepairPlan = {
+  finding: Finding;
+  strategy: RepairStrategy;
+  editableFiles: string[];
+  verificationTargets: string[];
+  reason?: RepairStrategyReason;
+};
+declare function planRepair(input: RepairPlannerInput): RepairPlan;
+declare function applyRepairPlanToFinding(plan: RepairPlan): Finding;
+declare function isAiDispatchStrategy(strategy: RepairStrategy): boolean;
 //#endregion
 //#region src/fixing/dispatch.d.ts
@@ -317,6 +469,9 @@ type WorkUnit = {
   /** Every file this worker reserves — the code file plus any sibling test. */
   files: string[];
   findings: Finding[];
+  strategy?: RepairStrategy;
+  strategies?: RepairStrategy[];
+  verificationTargets?: string[];
 };
 /** Whether a repo-relative path is a test file (`*.test.*` / `*.spec.*`). */
@@ -325,239 +480,109 @@ type WorkUnit = {
  * (a code file plus its sibling test). No two sessions ever touch the same file.
  */
 declare function planWork(findings: Finding[]): WorkUnit[];
+/**
+ * Group planned repairs into disjoint work units. Unlike `planWork`, this honors
+ * planner-selected editable files, so cross-file duplicate plans reserve both clone sites.
+ */
+declare function planWorkFromRepairs(plans: RepairPlan[]): WorkUnit[];
 /** Run each work unit through `runUnit`, capped at `concurrency` concurrent sessions. */
 declare function dispatch<T>(units: WorkUnit[], runUnit: (unit: WorkUnit) => Promise<T>, opts: {
   concurrency: number;
 }): Promise<T[]>;
 //#endregion
-//#region src/session/types.d.ts
-type SessionRequest = {
-  /** The file this session owns (plus its sibling test). */
+//#region src/output/events.d.ts
+/** What happened to a file in the current dispatched batch. "left" = not attempted. */
+type FileOutcome = "fixed" | "reverted" | "left";
+type TendEvent = {
+  type: "snapshot";
+} | {
+  type: "detected";
+  packageManager: string;
+  typescript: boolean;
+  testRunner?: string;
+} | {
+  type: "scan-start";
+  loop: number;
+} | {
+  type: "audit";
+  loop: number;
+  findings: number;
+  files: number;
+  scanned?: number;
+} | {
+  type: "loop-start";
+  loop: number;
+  files: string[];
+  concurrency: number;
+} | {
+  type: "file-start";
+  loop: number;
   file: string;
-  /** Findings to fix in this file. */
-  findings: Finding[];
-  /** The fully-rendered prompt for the AI. */
-  prompt: string;
+  rule?: string;
+} | {
+  type: "file-result";
+  loop: number;
+  file: string;
+  outcome: FileOutcome;
+  reason?: string;
+} | {
+  type: "loop-complete";
+  loop: number;
+  fixed: number;
+} | {
+  type: "done";
+  exitStatus: number;
 };
+type Listener = (event: TendEvent) => void;
+/** Minimal synchronous event bus. With no listener, emit is a no-op (silent mode). */
+declare class EventBus {
+  private readonly listeners;
+  on(listener: Listener): () => void;
+  emit(event: TendEvent): void;
+}
+//#endregion
+//#region src/report/schema.d.ts
+/** Per-scanner outcome for a run: did it run clean, get skipped, or fail (with a reason). */
+declare const ScannerStatusSchema: z.ZodObject<{
+  tool: z.ZodEnum<["sonarjs", "knip", "jscpd", "semgrep", "osv", "gitleaks"]>;
+  status: z.ZodEnum<["ran", "skipped", "failed"]>;
+  reason: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+  tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
+  status: "skipped" | "ran" | "failed";
+  reason?: string | undefined;
+}, {
+  tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
+  status: "skipped" | "ran" | "failed";
+  reason?: string | undefined;
+}>;
+declare const BehaviorChangeSchema: z.ZodObject<{
+  findingId: z.ZodString;
+  file: z.ZodString;
+  note: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+  file: string;
+  findingId: string;
+  note: string;
+}, {
+  file: string;
+  findingId: string;
+  note: string;
+}>;
 /**
- * Estimated AI cost/usage for a unit of work. `total_cost_usd` from Claude's
- * stream-json `result` message is a **client-side estimate**, never authoritative
- * billing — always surface it as "estimated AI cost".
+ * Estimated AI cost/usage for a run. `estimatedCostUsd` is Claude's client-side
+ * `total_cost_usd` estimate — never authoritative billing.
  */
-type AiUsage = {
-  /** Claude's `total_cost_usd` estimate (USD). A client-side estimate, not a bill. */
-  estimatedCostUsd: number;
-  inputTokens: number;
-  outputTokens: number;
-  cacheCreationInputTokens: number;
-  cacheReadInputTokens: number;
-  /** Number of Claude sessions (result messages) observed. */
-  sessions: number;
-};
-/** Cost/token portion of usage parsed from a single stream (sessions tracked separately). */
-/** A usage record with everything zeroed. */
-declare const zeroUsage: () => AiUsage;
-/** Sum two usage records field-by-field (used to roll usage up through the run). */
-declare function addUsage(a: AiUsage, b: AiUsage): AiUsage;
-type SessionResult = {
-  ok: true;
-  edits: FileEdit[];
-  usage?: AiUsage;
-} | {
-  ok: false;
-  error: string;
-  rateLimited: boolean;
-  usage?: AiUsage;
-};
-/** One of the two interfaces in tend: drives an AI fix session. */
-interface SessionRunner {
-  run(request: SessionRequest): Promise<SessionResult>;
-}
-//#endregion
-//#region src/session/claude.d.ts
-type ClaudeSpawn = (request: SessionRequest) => Promise<{
-  stdout: string;
-  exitCode: number;
-}>;
-/** Drives a real `claude -p` session and parses its stream-json into edits. */
-declare class ClaudeSession implements SessionRunner {
-  private readonly deps;
-  constructor(deps: {
-    spawn: ClaudeSpawn;
-  });
-  run(request: SessionRequest): Promise<SessionResult>;
-}
-//#endregion
-//#region src/git/snapshot.d.ts
-/**
- * A silent restore point for the working tree, stored as a git commit object pinned by a private
- * ref (`refs/tend/snapshot`) — nothing committed to any branch, the editor sees no change. Backs
- * `tend undo` (exact restore) and `tend diff` (only the tool's edits). Reuses git's content store,
- * so the on-disk record is a 40-char id rather than a copy of every file.
- */
-declare class Snapshot {
-  private readonly cwd;
-  private readonly root;
-  private readonly sha;
-  private constructor();
-  static capture(_git: SimpleGit, cwd: string): Promise<Snapshot>;
-  /** Serialize to a tiny object for `.tend/snapshot.json` (powers `undo` across invocations). */
-  toJSON(): {
-    cwd: string;
-    root: string;
-    sha: string;
-  };
-  static fromJSON(data: {
-    cwd: string;
-    root: string;
-    sha: string;
-  }): Snapshot;
-  /** Files whose contents differ from the snapshot, or that are new/deleted since it (sorted). */
-  changedSince(_git: SimpleGit): Promise<string[]>;
-  /** Restore a single file to its captured contents (worktree only — the user's index is untouched). */
-  restoreFile(rel: string): Promise<void>;
-  /** Restore the working tree exactly to the captured state (incl. deleting files created since). */
-  restore(_git: SimpleGit): Promise<void>;
-}
-//#endregion
-//#region src/git/repo.d.ts
-/** Refuse to run outside a git repo — the snapshot/restore safety net needs it. */
-declare function assertGitRepo(git: SimpleGit): Promise<void>;
-/**
- * Files changed vs `HEAD`: tracked modifications/additions/renames plus untracked files,
- * scoped and re-based to `git`'s working directory (so a run from `apps/foo` only sees
- * `apps/foo`'s changes, pathed as the scanners path them).
- */
-declare function changedVsHead(git: SimpleGit): Promise<string[]>;
-/**
- * Concrete files under the given path(s) — tracked plus untracked (so newly-added files
- * are scoped too, mirroring `changedVsHead`). `git ls-files` reports paths relative to
- * `git`'s working directory and interprets the pathspecs the same way, so the result is
- * already in the coordinate system the scanners and `filterToChanged` expect. Expanding to
- * concrete files (not bare directories) matters: `filterToChanged` matches exact paths.
- */
-/** Revert a single file to its snapshot state. */
-declare function revertFile(snapshot: Snapshot, file: string): Promise<void>;
-//#endregion
-//#region src/detect/package-manager.d.ts
-type PackageManager = "pnpm" | "yarn" | "bun" | "npm";
-/** Detect the package manager from the lockfile present; defaults to npm. */
-declare function detectPackageManager(cwd: string): PackageManager;
-//#endregion
-//#region src/config/config.d.ts
-declare const ConfigSchema: z.ZodObject<{
-  maxSessions: z.ZodDefault<z.ZodNumber>;
-  maxLoops: z.ZodDefault<z.ZodNumber>;
-  perIssueBudget: z.ZodDefault<z.ZodNumber>;
-  test: z.ZodOptional<z.ZodString>;
-  teethCheck: z.ZodDefault<z.ZodBoolean>;
-  includeTests: z.ZodDefault<z.ZodBoolean>;
-  /** Model passed to `claude -p` for fixes — an alias (sonnet/opus/haiku) or a full model id. */
-  model: z.ZodDefault<z.ZodString>;
-  /** Reasoning effort for fixes; unset → claude's own default. */
-  effort: z.ZodOptional<z.ZodEnum<["low", "medium", "high", "xhigh", "max"]>>;
-  tools: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
-    enabled: z.ZodDefault<z.ZodBoolean>;
-    configPath: z.ZodOptional<z.ZodString>;
-  }, "strip", z.ZodTypeAny, {
-    enabled: boolean;
-    configPath?: string | undefined;
-  }, {
-    enabled?: boolean | undefined;
-    configPath?: string | undefined;
-  }>>>;
-}, "strip", z.ZodTypeAny, {
-  maxSessions: number;
-  maxLoops: number;
-  perIssueBudget: number;
-  teethCheck: boolean;
-  includeTests: boolean;
-  model: string;
-  tools: Record<string, {
-    enabled: boolean;
-    configPath?: string | undefined;
-  }>;
-  test?: string | undefined;
-  effort?: "low" | "medium" | "high" | "xhigh" | "max" | undefined;
-}, {
-  maxSessions?: number | undefined;
-  maxLoops?: number | undefined;
-  perIssueBudget?: number | undefined;
-  test?: string | undefined;
-  teethCheck?: boolean | undefined;
-  includeTests?: boolean | undefined;
-  model?: string | undefined;
-  effort?: "low" | "medium" | "high" | "xhigh" | "max" | undefined;
-  tools?: Record<string, {
-    enabled?: boolean | undefined;
-    configPath?: string | undefined;
-  }> | undefined;
-}>;
-type TendConfig = z.infer<typeof ConfigSchema>;
-/** CLI flags that can override config; only defined keys take effect. */
-type CliOverrides = Partial<Pick<TendConfig, "maxSessions" | "maxLoops" | "perIssueBudget" | "test" | "teethCheck" | "includeTests" | "model" | "effort">>;
-/**
- * Load config via cosmiconfig (searching from `cwd`), validate with zod, and apply
- * zero-config defaults when no file is found. Invalid config throws a clear message.
- */
-declare function loadConfig(cwd: string): Promise<TendConfig>;
-/** Overlay CLI flags onto a loaded config (flags win). */
-declare function applyCliOverrides(config: TendConfig, overrides: CliOverrides): TendConfig;
-//#endregion
-//#region src/report/retry-id.d.ts
-type RetryIdGenerator = () => string;
-//#endregion
-//#region src/report/schema.d.ts
-/** Ensure every finding in a persisted report has a human-facing id unique to that report. */
-/** Per-scanner outcome for a run: did it run clean, get skipped, or fail (with a reason). */
-declare const ScannerStatusSchema: z.ZodObject<{
-  tool: z.ZodEnum<["sonarjs", "knip", "jscpd", "semgrep", "osv", "gitleaks"]>;
-  status: z.ZodEnum<["ran", "skipped", "failed"]>;
-  reason: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-  tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
-  status: "skipped" | "ran" | "failed";
-  reason?: string | undefined;
-}, {
-  tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
-  status: "skipped" | "ran" | "failed";
-  reason?: string | undefined;
-}>;
-declare const BehaviorChangeSchema: z.ZodObject<{
-  findingId: z.ZodString;
-  file: z.ZodString;
-  note: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-  file: string;
-  findingId: string;
-  note: string;
-}, {
-  file: string;
-  findingId: string;
-  note: string;
-}>;
-/**
- * Estimated AI cost/usage for a run. `estimatedCostUsd` is Claude's client-side
- * `total_cost_usd` estimate — never authoritative billing.
- */
-declare const AiUsageSchema: z.ZodObject<{
-  estimatedCostUsd: z.ZodNumber;
-  inputTokens: z.ZodNumber;
-  outputTokens: z.ZodNumber;
-  cacheCreationInputTokens: z.ZodNumber;
-  cacheReadInputTokens: z.ZodNumber;
-  sessions: z.ZodNumber;
-}, "strip", z.ZodTypeAny, {
+declare const AiUsageSchema: z.ZodObject<{
+  estimatedCostUsd: z.ZodNumber;
+  inputTokens: z.ZodNumber;
+  outputTokens: z.ZodNumber;
+  cacheCreationInputTokens: z.ZodNumber;
+  cacheReadInputTokens: z.ZodNumber;
+  sessions: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
   estimatedCostUsd: number;
   inputTokens: number;
   outputTokens: number;
@@ -572,6 +597,35 @@ declare const AiUsageSchema: z.ZodObject<{
   cacheReadInputTokens: number;
   sessions: number;
 }>;
+declare const RunScopeSchema: z.ZodDefault<z.ZodObject<{
+  type: z.ZodEnum<["all", "scoped"]>;
+  fileCount: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+  type: "all" | "scoped";
+  fileCount?: number | undefined;
+}, {
+  type: "all" | "scoped";
+  fileCount?: number | undefined;
+}>>;
+declare const FixPolicySchema: z.ZodDefault<z.ZodObject<{
+  includeTests: z.ZodDefault<z.ZodBoolean>;
+  include: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+  exclude: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+  includeGenerated: z.ZodDefault<z.ZodBoolean>;
+  includeFixtures: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+  includeTests: boolean;
+  include: string[];
+  exclude: string[];
+  includeGenerated: boolean;
+  includeFixtures: boolean;
+}, {
+  includeTests?: boolean | undefined;
+  include?: string[] | undefined;
+  exclude?: string[] | undefined;
+  includeGenerated?: boolean | undefined;
+  includeFixtures?: boolean | undefined;
+}>>;
 declare const ReportSchema: z.ZodObject<{
   findings: z.ZodArray<z.ZodObject<{
     id: z.ZodString;
@@ -602,22 +656,57 @@ declare const ReportSchema: z.ZodObject<{
     flowPath: z.ZodOptional<z.ZodArray<z.ZodObject<{
       file: z.ZodString;
       line: z.ZodNumber;
+      range: z.ZodOptional<z.ZodObject<{
+        startLine: z.ZodNumber;
+        startCol: z.ZodNumber;
+        endLine: z.ZodNumber;
+        endCol: z.ZodNumber;
+      }, "strip", z.ZodTypeAny, {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      }, {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      }>>;
     }, "strip", z.ZodTypeAny, {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }, {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }>, "many">>;
     remediation: z.ZodOptional<z.ZodString>;
+    autofixable: z.ZodOptional<z.ZodBoolean>;
+    repairStrategy: z.ZodOptional<z.ZodEnum<["deterministic-eslint-fix", "deterministic-ts-organize-imports", "deterministic-package-json-cleanup", "single-file-ai-edit", "multi-file-duplicate-refactor", "generated-source-repair", "test-file-repair", "dead-code-cleanup", "unsupported"]>>;
+    repairStrategyReason: z.ZodOptional<z.ZodString>;
     track: z.ZodEnum<["ai-fix", "deterministic", "report-only"]>;
     status: z.ZodEnum<["pending", "fixing", "fixed", "reverted", "unfixable", "skipped"]>;
     attempts: z.ZodNumber;
-    revertReason: z.ZodOptional<z.ZodEnum<["broke-test", "suppression", "regression", "typecheck", "session-error"]>>;
+    revertReason: z.ZodOptional<z.ZodEnum<["broke-test", "suppression", "regression", "typecheck", "session-error", "needs-lockfile-update"]>>;
     revertDetail: z.ZodOptional<z.ZodString>;
+    finalFailureClass: z.ZodOptional<z.ZodEnum<["tool-timeout", "rate-limit", "model-tool-failure", "no-edit", "no-op", "regression", "typecheck", "broke-test", "suppression", "needs-lockfile-update"]>>;
     firstSeenLoop: z.ZodNumber;
     lastSeenLoop: z.ZodNumber;
     inScope: z.ZodOptional<z.ZodBoolean>;
+    inReportScope: z.ZodDefault<z.ZodBoolean>;
+    inFixScope: z.ZodDefault<z.ZodBoolean>;
+    scopeExclusionReason: z.ZodOptional<z.ZodEnum<["generated", "fixtures", "tests", "out-of-scope"]>>;
   }, "strip", z.ZodTypeAny, {
     id: string;
     tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
@@ -637,16 +726,29 @@ declare const ReportSchema: z.ZodObject<{
     attempts: number;
     firstSeenLoop: number;
     lastSeenLoop: number;
+    inReportScope: boolean;
+    inFixScope: boolean;
     retryId?: string | undefined;
     helpUri?: string | undefined;
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }, {
     id: string;
     tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
@@ -671,11 +773,24 @@ declare const ReportSchema: z.ZodObject<{
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    inReportScope?: boolean | undefined;
+    inFixScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }>, "many">;
   secrets: z.ZodArray<z.ZodObject<{
     id: z.ZodString;
@@ -706,22 +821,57 @@ declare const ReportSchema: z.ZodObject<{
     flowPath: z.ZodOptional<z.ZodArray<z.ZodObject<{
       file: z.ZodString;
       line: z.ZodNumber;
+      range: z.ZodOptional<z.ZodObject<{
+        startLine: z.ZodNumber;
+        startCol: z.ZodNumber;
+        endLine: z.ZodNumber;
+        endCol: z.ZodNumber;
+      }, "strip", z.ZodTypeAny, {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      }, {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      }>>;
     }, "strip", z.ZodTypeAny, {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }, {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }>, "many">>;
     remediation: z.ZodOptional<z.ZodString>;
+    autofixable: z.ZodOptional<z.ZodBoolean>;
+    repairStrategy: z.ZodOptional<z.ZodEnum<["deterministic-eslint-fix", "deterministic-ts-organize-imports", "deterministic-package-json-cleanup", "single-file-ai-edit", "multi-file-duplicate-refactor", "generated-source-repair", "test-file-repair", "dead-code-cleanup", "unsupported"]>>;
+    repairStrategyReason: z.ZodOptional<z.ZodString>;
     track: z.ZodEnum<["ai-fix", "deterministic", "report-only"]>;
     status: z.ZodEnum<["pending", "fixing", "fixed", "reverted", "unfixable", "skipped"]>;
     attempts: z.ZodNumber;
-    revertReason: z.ZodOptional<z.ZodEnum<["broke-test", "suppression", "regression", "typecheck", "session-error"]>>;
+    revertReason: z.ZodOptional<z.ZodEnum<["broke-test", "suppression", "regression", "typecheck", "session-error", "needs-lockfile-update"]>>;
     revertDetail: z.ZodOptional<z.ZodString>;
+    finalFailureClass: z.ZodOptional<z.ZodEnum<["tool-timeout", "rate-limit", "model-tool-failure", "no-edit", "no-op", "regression", "typecheck", "broke-test", "suppression", "needs-lockfile-update"]>>;
     firstSeenLoop: z.ZodNumber;
     lastSeenLoop: z.ZodNumber;
     inScope: z.ZodOptional<z.ZodBoolean>;
+    inReportScope: z.ZodDefault<z.ZodBoolean>;
+    inFixScope: z.ZodDefault<z.ZodBoolean>;
+    scopeExclusionReason: z.ZodOptional<z.ZodEnum<["generated", "fixtures", "tests", "out-of-scope"]>>;
   }, "strip", z.ZodTypeAny, {
     id: string;
     tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
@@ -741,16 +891,29 @@ declare const ReportSchema: z.ZodObject<{
     attempts: number;
     firstSeenLoop: number;
     lastSeenLoop: number;
+    inReportScope: boolean;
+    inFixScope: boolean;
     retryId?: string | undefined;
     helpUri?: string | undefined;
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }, {
     id: string;
     tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
@@ -775,48 +938,255 @@ declare const ReportSchema: z.ZodObject<{
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    inReportScope?: boolean | undefined;
+    inFixScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }>, "many">;
-  depBumps: z.ZodArray<z.ZodObject<{
-    findingId: z.ZodString;
-    remediation: z.ZodString;
-  }, "strip", z.ZodTypeAny, {
-    remediation: string;
-    findingId: string;
-  }, {
-    remediation: string;
-    findingId: string;
-  }>, "many">;
-  flaggedBehaviorChanges: z.ZodArray<z.ZodObject<{
-    findingId: z.ZodString;
-    file: z.ZodString;
-    note: z.ZodString;
-  }, "strip", z.ZodTypeAny, {
-    file: string;
-    findingId: string;
-    note: string;
-  }, {
-    file: string;
-    findingId: string;
-    note: string;
-  }>, "many">;
-  scannerStatuses: z.ZodDefault<z.ZodArray<z.ZodObject<{
+  reportOnly: z.ZodDefault<z.ZodArray<z.ZodObject<{
+    id: z.ZodString;
+    retryId: z.ZodOptional<z.ZodString>;
     tool: z.ZodEnum<["sonarjs", "knip", "jscpd", "semgrep", "osv", "gitleaks"]>;
-    status: z.ZodEnum<["ran", "skipped", "failed"]>;
-    reason: z.ZodOptional<z.ZodString>;
+    rule: z.ZodString;
+    category: z.ZodEnum<["bug", "smell", "dead-code", "duplication", "security", "secret", "vuln-dep"]>;
+    severity: z.ZodEnum<["error", "warning", "info"]>;
+    file: z.ZodString;
+    range: z.ZodObject<{
+      startLine: z.ZodNumber;
+      startCol: z.ZodNumber;
+      endLine: z.ZodNumber;
+      endCol: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    }, {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    }>;
+    message: z.ZodString;
+    helpUri: z.ZodOptional<z.ZodString>;
+    flowPath: z.ZodOptional<z.ZodArray<z.ZodObject<{
+      file: z.ZodString;
+      line: z.ZodNumber;
+      range: z.ZodOptional<z.ZodObject<{
+        startLine: z.ZodNumber;
+        startCol: z.ZodNumber;
+        endLine: z.ZodNumber;
+        endCol: z.ZodNumber;
+      }, "strip", z.ZodTypeAny, {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      }, {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      }>>;
+    }, "strip", z.ZodTypeAny, {
+      file: string;
+      line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
+    }, {
+      file: string;
+      line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
+    }>, "many">>;
+    remediation: z.ZodOptional<z.ZodString>;
+    autofixable: z.ZodOptional<z.ZodBoolean>;
+    repairStrategy: z.ZodOptional<z.ZodEnum<["deterministic-eslint-fix", "deterministic-ts-organize-imports", "deterministic-package-json-cleanup", "single-file-ai-edit", "multi-file-duplicate-refactor", "generated-source-repair", "test-file-repair", "dead-code-cleanup", "unsupported"]>>;
+    repairStrategyReason: z.ZodOptional<z.ZodString>;
+    track: z.ZodEnum<["ai-fix", "deterministic", "report-only"]>;
+    status: z.ZodEnum<["pending", "fixing", "fixed", "reverted", "unfixable", "skipped"]>;
+    attempts: z.ZodNumber;
+    revertReason: z.ZodOptional<z.ZodEnum<["broke-test", "suppression", "regression", "typecheck", "session-error", "needs-lockfile-update"]>>;
+    revertDetail: z.ZodOptional<z.ZodString>;
+    finalFailureClass: z.ZodOptional<z.ZodEnum<["tool-timeout", "rate-limit", "model-tool-failure", "no-edit", "no-op", "regression", "typecheck", "broke-test", "suppression", "needs-lockfile-update"]>>;
+    firstSeenLoop: z.ZodNumber;
+    lastSeenLoop: z.ZodNumber;
+    inScope: z.ZodOptional<z.ZodBoolean>;
+    inReportScope: z.ZodDefault<z.ZodBoolean>;
+    inFixScope: z.ZodDefault<z.ZodBoolean>;
+    scopeExclusionReason: z.ZodOptional<z.ZodEnum<["generated", "fixtures", "tests", "out-of-scope"]>>;
   }, "strip", z.ZodTypeAny, {
+    id: string;
     tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
-    status: "skipped" | "ran" | "failed";
-    reason?: string | undefined;
+    status: "pending" | "fixing" | "fixed" | "reverted" | "unfixable" | "skipped";
+    message: string;
+    rule: string;
+    category: "bug" | "smell" | "dead-code" | "duplication" | "security" | "secret" | "vuln-dep";
+    severity: "error" | "warning" | "info";
+    file: string;
+    range: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    };
+    track: "ai-fix" | "deterministic" | "report-only";
+    attempts: number;
+    firstSeenLoop: number;
+    lastSeenLoop: number;
+    inReportScope: boolean;
+    inFixScope: boolean;
+    retryId?: string | undefined;
+    helpUri?: string | undefined;
+    flowPath?: {
+      file: string;
+      line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
+    }[] | undefined;
+    remediation?: string | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
+    revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
+    inScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
+  }, {
+    id: string;
+    tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
+    status: "pending" | "fixing" | "fixed" | "reverted" | "unfixable" | "skipped";
+    message: string;
+    rule: string;
+    category: "bug" | "smell" | "dead-code" | "duplication" | "security" | "secret" | "vuln-dep";
+    severity: "error" | "warning" | "info";
+    file: string;
+    range: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    };
+    track: "ai-fix" | "deterministic" | "report-only";
+    attempts: number;
+    firstSeenLoop: number;
+    lastSeenLoop: number;
+    retryId?: string | undefined;
+    helpUri?: string | undefined;
+    flowPath?: {
+      file: string;
+      line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
+    }[] | undefined;
+    remediation?: string | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
+    revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
+    inScope?: boolean | undefined;
+    inReportScope?: boolean | undefined;
+    inFixScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
+  }>, "many">>;
+  depBumps: z.ZodArray<z.ZodObject<{
+    findingId: z.ZodString;
+    remediation: z.ZodString;
+  }, "strip", z.ZodTypeAny, {
+    remediation: string;
+    findingId: string;
+  }, {
+    remediation: string;
+    findingId: string;
+  }>, "many">;
+  flaggedBehaviorChanges: z.ZodArray<z.ZodObject<{
+    findingId: z.ZodString;
+    file: z.ZodString;
+    note: z.ZodString;
+  }, "strip", z.ZodTypeAny, {
+    file: string;
+    findingId: string;
+    note: string;
+  }, {
+    file: string;
+    findingId: string;
+    note: string;
+  }>, "many">;
+  scannerStatuses: z.ZodDefault<z.ZodArray<z.ZodObject<{
+    tool: z.ZodEnum<["sonarjs", "knip", "jscpd", "semgrep", "osv", "gitleaks"]>;
+    status: z.ZodEnum<["ran", "skipped", "failed"]>;
+    reason: z.ZodOptional<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
+    status: "skipped" | "ran" | "failed";
+    reason?: string | undefined;
   }, {
     tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
     status: "skipped" | "ran" | "failed";
     reason?: string | undefined;
   }>, "many">>;
+  runScope: z.ZodDefault<z.ZodObject<{
+    type: z.ZodEnum<["all", "scoped"]>;
+    fileCount: z.ZodOptional<z.ZodNumber>;
+  }, "strip", z.ZodTypeAny, {
+    type: "all" | "scoped";
+    fileCount?: number | undefined;
+  }, {
+    type: "all" | "scoped";
+    fileCount?: number | undefined;
+  }>>;
+  fixPolicy: z.ZodDefault<z.ZodObject<{
+    includeTests: z.ZodDefault<z.ZodBoolean>;
+    include: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    exclude: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    includeGenerated: z.ZodDefault<z.ZodBoolean>;
+    includeFixtures: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    includeTests: boolean;
+    include: string[];
+    exclude: string[];
+    includeGenerated: boolean;
+    includeFixtures: boolean;
+  }, {
+    includeTests?: boolean | undefined;
+    include?: string[] | undefined;
+    exclude?: string[] | undefined;
+    includeGenerated?: boolean | undefined;
+    includeFixtures?: boolean | undefined;
+  }>>;
   aiUsage: z.ZodDefault<z.ZodObject<{
     estimatedCostUsd: z.ZodNumber;
     inputTokens: z.ZodNumber;
@@ -839,6 +1209,35 @@ declare const ReportSchema: z.ZodObject<{
     cacheReadInputTokens: number;
     sessions: number;
   }>>;
+  failureSummary: z.ZodDefault<z.ZodObject<{
+    blockingSecrets: z.ZodNumber;
+    unresolvedEligible: z.ZodNumber;
+    toolFailures: z.ZodNumber;
+    failedDeterministic: z.ZodNumber;
+    sessionErrors: z.ZodNumber;
+    regressions: z.ZodNumber;
+    typecheckFailures: z.ZodNumber;
+    testFailures: z.ZodNumber;
+  }, "strip", z.ZodTypeAny, {
+    blockingSecrets: number;
+    unresolvedEligible: number;
+    toolFailures: number;
+    failedDeterministic: number;
+    sessionErrors: number;
+    regressions: number;
+    typecheckFailures: number;
+    testFailures: number;
+  }, {
+    blockingSecrets: number;
+    unresolvedEligible: number;
+    toolFailures: number;
+    failedDeterministic: number;
+    sessionErrors: number;
+    regressions: number;
+    typecheckFailures: number;
+    testFailures: number;
+  }>>;
+  unresolvedEligibleCount: z.ZodDefault<z.ZodNumber>;
   loops: z.ZodNumber;
   durationMs: z.ZodNumber;
   exitStatus: z.ZodNumber;
@@ -862,16 +1261,29 @@ declare const ReportSchema: z.ZodObject<{
     attempts: number;
     firstSeenLoop: number;
     lastSeenLoop: number;
+    inReportScope: boolean;
+    inFixScope: boolean;
     retryId?: string | undefined;
     helpUri?: string | undefined;
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }[];
   secrets: {
     id: string;
@@ -892,16 +1304,72 @@ declare const ReportSchema: z.ZodObject<{
     attempts: number;
     firstSeenLoop: number;
     lastSeenLoop: number;
+    inReportScope: boolean;
+    inFixScope: boolean;
     retryId?: string | undefined;
     helpUri?: string | undefined;
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
+  }[];
+  reportOnly: {
+    id: string;
+    tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
+    status: "pending" | "fixing" | "fixed" | "reverted" | "unfixable" | "skipped";
+    message: string;
+    rule: string;
+    category: "bug" | "smell" | "dead-code" | "duplication" | "security" | "secret" | "vuln-dep";
+    severity: "error" | "warning" | "info";
+    file: string;
+    range: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    };
+    track: "ai-fix" | "deterministic" | "report-only";
+    attempts: number;
+    firstSeenLoop: number;
+    lastSeenLoop: number;
+    inReportScope: boolean;
+    inFixScope: boolean;
+    retryId?: string | undefined;
+    helpUri?: string | undefined;
+    flowPath?: {
+      file: string;
+      line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
+    }[] | undefined;
+    remediation?: string | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
+    revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
+    inScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }[];
   depBumps: {
     remediation: string;
@@ -917,6 +1385,17 @@ declare const ReportSchema: z.ZodObject<{
     status: "skipped" | "ran" | "failed";
     reason?: string | undefined;
   }[];
+  runScope: {
+    type: "all" | "scoped";
+    fileCount?: number | undefined;
+  };
+  fixPolicy: {
+    includeTests: boolean;
+    include: string[];
+    exclude: string[];
+    includeGenerated: boolean;
+    includeFixtures: boolean;
+  };
   aiUsage: {
     estimatedCostUsd: number;
     inputTokens: number;
@@ -925,6 +1404,17 @@ declare const ReportSchema: z.ZodObject<{
     cacheReadInputTokens: number;
     sessions: number;
   };
+  failureSummary: {
+    blockingSecrets: number;
+    unresolvedEligible: number;
+    toolFailures: number;
+    failedDeterministic: number;
+    sessionErrors: number;
+    regressions: number;
+    typecheckFailures: number;
+    testFailures: number;
+  };
+  unresolvedEligibleCount: number;
   loops: number;
   durationMs: number;
   exitStatus: number;
@@ -953,11 +1443,24 @@ declare const ReportSchema: z.ZodObject<{
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    inReportScope?: boolean | undefined;
+    inFixScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }[];
   secrets: {
     id: string;
@@ -983,11 +1486,24 @@ declare const ReportSchema: z.ZodObject<{
     flowPath?: {
       file: string;
       line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
     }[] | undefined;
     remediation?: string | undefined;
-    revertReason?: "broke-test" | "suppression" | "regression" | "typecheck" | "session-error" | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
     revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
     inScope?: boolean | undefined;
+    inReportScope?: boolean | undefined;
+    inFixScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
   }[];
   depBumps: {
     remediation: string;
@@ -1001,11 +1517,65 @@ declare const ReportSchema: z.ZodObject<{
   loops: number;
   durationMs: number;
   exitStatus: number;
+  reportOnly?: {
+    id: string;
+    tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
+    status: "pending" | "fixing" | "fixed" | "reverted" | "unfixable" | "skipped";
+    message: string;
+    rule: string;
+    category: "bug" | "smell" | "dead-code" | "duplication" | "security" | "secret" | "vuln-dep";
+    severity: "error" | "warning" | "info";
+    file: string;
+    range: {
+      startLine: number;
+      startCol: number;
+      endLine: number;
+      endCol: number;
+    };
+    track: "ai-fix" | "deterministic" | "report-only";
+    attempts: number;
+    firstSeenLoop: number;
+    lastSeenLoop: number;
+    retryId?: string | undefined;
+    helpUri?: string | undefined;
+    flowPath?: {
+      file: string;
+      line: number;
+      range?: {
+        startLine: number;
+        startCol: number;
+        endLine: number;
+        endCol: number;
+      } | undefined;
+    }[] | undefined;
+    remediation?: string | undefined;
+    autofixable?: boolean | undefined;
+    repairStrategy?: "deterministic-eslint-fix" | "deterministic-ts-organize-imports" | "deterministic-package-json-cleanup" | "single-file-ai-edit" | "multi-file-duplicate-refactor" | "generated-source-repair" | "test-file-repair" | "dead-code-cleanup" | "unsupported" | undefined;
+    repairStrategyReason?: string | undefined;
+    revertReason?: "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | "session-error" | undefined;
+    revertDetail?: string | undefined;
+    finalFailureClass?: "tool-timeout" | "rate-limit" | "model-tool-failure" | "no-edit" | "no-op" | "regression" | "typecheck" | "broke-test" | "suppression" | "needs-lockfile-update" | undefined;
+    inScope?: boolean | undefined;
+    inReportScope?: boolean | undefined;
+    inFixScope?: boolean | undefined;
+    scopeExclusionReason?: "generated" | "fixtures" | "tests" | "out-of-scope" | undefined;
+  }[] | undefined;
   scannerStatuses?: {
     tool: "sonarjs" | "knip" | "jscpd" | "semgrep" | "osv" | "gitleaks";
     status: "skipped" | "ran" | "failed";
     reason?: string | undefined;
   }[] | undefined;
+  runScope?: {
+    type: "all" | "scoped";
+    fileCount?: number | undefined;
+  } | undefined;
+  fixPolicy?: {
+    includeTests?: boolean | undefined;
+    include?: string[] | undefined;
+    exclude?: string[] | undefined;
+    includeGenerated?: boolean | undefined;
+    includeFixtures?: boolean | undefined;
+  } | undefined;
   aiUsage?: {
     estimatedCostUsd: number;
     inputTokens: number;
@@ -1014,14 +1584,289 @@ declare const ReportSchema: z.ZodObject<{
     cacheReadInputTokens: number;
     sessions: number;
   } | undefined;
+  failureSummary?: {
+    blockingSecrets: number;
+    unresolvedEligible: number;
+    toolFailures: number;
+    failedDeterministic: number;
+    sessionErrors: number;
+    regressions: number;
+    typecheckFailures: number;
+    testFailures: number;
+  } | undefined;
+  unresolvedEligibleCount?: number | undefined;
 }>;
 type Report = z.infer<typeof ReportSchema>;
 type BehaviorChange = z.infer<typeof BehaviorChangeSchema>;
 type ScannerStatus = z.infer<typeof ScannerStatusSchema>;
 type AiUsage$1 = z.infer<typeof AiUsageSchema>;
+type RunScope = z.infer<typeof RunScopeSchema>;
+type FixPolicy = z.infer<typeof FixPolicySchema>; //#endregion
+//#region src/orchestrator.d.ts
+type AuditResult = {
+  findings: Finding[];
+  allScannersMissing?: boolean;
+  scanned?: number;
+  scannerStatuses?: ScannerStatus$1[];
+};
+type FixOutcome = {
+  kept: boolean;
+  reason?: RevertReason;
+  detail?: string;
+  failureClass?: FailureClass;
+  usage?: AiUsage;
+};
+type OrchestrateDeps = {
+  cwd?: string;
+  /** Run the scanners for a loop and return normalized findings. */
+  audit: (loop: number) => Promise<AuditResult>;
+  /** Fix one work unit (session + gate); returns whether the fix was kept. */
+  fixUnit: (unit: WorkUnit, loop: number) => Promise<FixOutcome>;
+  /** Fix one deterministic work unit without AI usage. */
+  deterministicFixUnit?: (unit: WorkUnit, loop: number) => Promise<FixOutcome>;
+  config: {
+    maxLoops: number;
+    perIssueBudget: number;
+    maxSessions: number;
+    includeTests?: boolean;
+    fix?: FixScopeConfig;
+  };
+  /** Restrict findings to the fix scope (changed files); defaults to all. */
+  inScope?: (findings: Finding[]) => Finding[];
+  bus?: EventBus;
+};
+type Termination = "converged" | "max-loops" | "no-progress" | "no-scanners" | "retryable-infrastructure";
+type OrchestrateResult = {
+  termination: Termination;
+  loops: number;
+  exitStatus: number;
+  findings: Finding[];
+  secrets: Finding[];
+  reportOnly: Finding[];
+  deterministic: Finding[];
+  depBumps: Finding[];
+  scannerStatuses: ScannerStatus$1[];
+  runScope: RunScope;
+  /** Estimated AI cost/usage summed across every fix attempt (including reverted ones). */
+  usage: AiUsage;
+};
+/**
+ * The scan → fix → re-audit loop. Terminates on the first of: converged (0 fixable),
+ * no-progress (no dispatchable units or an attempted loop changed no attempt/status
+ * state), per-issue budget exhaustion (mark unfixable, keep going), or max-loops.
+ */
+declare function orchestrate(deps: OrchestrateDeps): Promise<OrchestrateResult>;
+//#endregion
+//#region src/gate/checks/tests.d.ts
+type TestStatus = "pass" | "fail";
+type TestOutcome = {
+  name: string;
+  status: TestStatus;
+};
+//#endregion
+//#region src/fixing/unit-gate.d.ts
+type UnitGateDeps = {
+  cwd: string;
+  typescript: boolean;
+  runTsc: () => Promise<{
+    exitCode: number;
+    output: string;
+  }>;
+  runBuild?: () => Promise<{
+    exitCode: number;
+    output: string;
+  }>;
+  hasTestRunner: boolean;
+  runRelated: (files: string[]) => Promise<TestOutcome[]>;
+  scanFindings: (files: string[]) => Promise<Finding[]>;
+  baseline: Set<string>;
+};
+//#endregion
+//#region src/fixing/deterministic.d.ts
+interface DeterministicFixer {
+  /** Fix a planned repair unit without starting an AI session. */
+  fix(unit: WorkUnit): Promise<FixOutcome>;
+}
+type DeterministicFixUnitDeps = UnitGateDeps;
+declare function makeDeterministicFixer(deps: DeterministicFixUnitDeps): DeterministicFixer;
+declare const makeDeterministicFixUnit: (deps: DeterministicFixUnitDeps) => (unit: WorkUnit) => Promise<FixOutcome>;
+//#endregion
+//#region src/session/claude.d.ts
+type ClaudeSpawn = (request: SessionRequest) => Promise<{
+  stdout: string;
+  exitCode: number;
+}>;
+/** Drives a real `claude -p` session and parses its stream-json into edits. */
+declare class ClaudeSession implements SessionRunner {
+  private readonly deps;
+  constructor(deps: {
+    spawn: ClaudeSpawn;
+  });
+  run(request: SessionRequest): Promise<SessionResult>;
+}
+//#endregion
+//#region src/git/snapshot.d.ts
+/**
+ * A silent restore point for the working tree, stored as a git commit object pinned by a private
+ * ref (`refs/tend/snapshot`) — nothing committed to any branch, the editor sees no change. Backs
+ * `tend undo` (exact restore) and `tend diff` (only the tool's edits). Reuses git's content store,
+ * so the on-disk record is a 40-char id rather than a copy of every file.
+ */
+declare class Snapshot {
+  private readonly cwd;
+  private readonly root;
+  private readonly sha;
+  private constructor();
+  static capture(_git: SimpleGit, cwd: string): Promise<Snapshot>;
+  /** Serialize to a tiny object for `.tend/snapshot.json` (powers `undo` across invocations). */
+  toJSON(): {
+    cwd: string;
+    root: string;
+    sha: string;
+  };
+  static fromJSON(data: {
+    cwd: string;
+    root: string;
+    sha: string;
+  }): Snapshot;
+  /** Files whose contents differ from the snapshot, or that are new/deleted since it (sorted). */
+  changedSince(_git: SimpleGit): Promise<string[]>;
+  /** Restore a single file to its captured contents (worktree only — the user's index is untouched). */
+  restoreFile(rel: string): Promise<void>;
+  /** Restore the working tree exactly to the captured state (incl. deleting files created since). */
+  restore(_git: SimpleGit): Promise<void>;
+}
+//#endregion
+//#region src/git/repo.d.ts
+/** Refuse to run outside a git repo — the snapshot/restore safety net needs it. */
+declare function assertGitRepo(git: SimpleGit): Promise<void>;
+/**
+ * Files changed vs `HEAD`: tracked modifications/additions/renames plus untracked files,
+ * scoped and re-based to `git`'s working directory (so a run from `apps/foo` only sees
+ * `apps/foo`'s changes, pathed as the scanners path them).
+ */
+declare function changedVsHead(git: SimpleGit): Promise<string[]>;
+/**
+ * Concrete files under the given path(s) — tracked plus untracked (so newly-added files
+ * are scoped too, mirroring `changedVsHead`). `git ls-files` reports paths relative to
+ * `git`'s working directory and interprets the pathspecs the same way, so the result is
+ * already in the coordinate system the scanners and `filterToChanged` expect. Expanding to
+ * concrete files (not bare directories) matters: `filterToChanged` matches exact paths.
+ */
+/** Revert a single file to its snapshot state. */
+declare function revertFile(snapshot: Snapshot, file: string): Promise<void>;
+//#endregion
+//#region src/detect/package-manager.d.ts
+type PackageManager = "pnpm" | "yarn" | "bun" | "npm";
+/** Detect the package manager from the lockfile present; defaults to npm. */
+declare function detectPackageManager(cwd: string): PackageManager;
+//#endregion
+//#region src/config/config.d.ts
+declare const ConfigSchema: z.ZodObject<{
+  maxSessions: z.ZodDefault<z.ZodNumber>;
+  maxLoops: z.ZodDefault<z.ZodNumber>;
+  perIssueBudget: z.ZodDefault<z.ZodNumber>;
+  test: z.ZodOptional<z.ZodString>;
+  teethCheck: z.ZodDefault<z.ZodBoolean>;
+  includeTests: z.ZodDefault<z.ZodBoolean>;
+  /** Model passed to `claude -p` for fixes — an alias (sonnet/opus/haiku) or a full model id. */
+  model: z.ZodDefault<z.ZodString>;
+  /** Reasoning effort for fixes; unset → claude's own default. */
+  effort: z.ZodOptional<z.ZodEnum<["low", "medium", "high", "xhigh", "max"]>>;
+  /** Report/fix scope policy. Reports stay broad; fixes default away from generated/tooling paths. */
+  fix: z.ZodDefault<z.ZodObject<{
+    include: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    exclude: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    includeGenerated: z.ZodDefault<z.ZodBoolean>;
+    includeFixtures: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    include: string[];
+    exclude: string[];
+    includeGenerated: boolean;
+    includeFixtures: boolean;
+  }, {
+    include?: string[] | undefined;
+    exclude?: string[] | undefined;
+    includeGenerated?: boolean | undefined;
+    includeFixtures?: boolean | undefined;
+  }>>;
+  tools: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    configPath: z.ZodOptional<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    enabled: boolean;
+    configPath?: string | undefined;
+  }, {
+    enabled?: boolean | undefined;
+    configPath?: string | undefined;
+  }>>>;
+}, "strip", z.ZodTypeAny, {
+  maxSessions: number;
+  maxLoops: number;
+  perIssueBudget: number;
+  teethCheck: boolean;
+  includeTests: boolean;
+  model: string;
+  fix: {
+    include: string[];
+    exclude: string[];
+    includeGenerated: boolean;
+    includeFixtures: boolean;
+  };
+  tools: Record<string, {
+    enabled: boolean;
+    configPath?: string | undefined;
+  }>;
+  test?: string | undefined;
+  effort?: "low" | "medium" | "high" | "xhigh" | "max" | undefined;
+}, {
+  maxSessions?: number | undefined;
+  maxLoops?: number | undefined;
+  perIssueBudget?: number | undefined;
+  test?: string | undefined;
+  teethCheck?: boolean | undefined;
+  includeTests?: boolean | undefined;
+  model?: string | undefined;
+  effort?: "low" | "medium" | "high" | "xhigh" | "max" | undefined;
+  fix?: {
+    include?: string[] | undefined;
+    exclude?: string[] | undefined;
+    includeGenerated?: boolean | undefined;
+    includeFixtures?: boolean | undefined;
+  } | undefined;
+  tools?: Record<string, {
+    enabled?: boolean | undefined;
+    configPath?: string | undefined;
+  }> | undefined;
+}>;
+type TendConfig = z.infer<typeof ConfigSchema>;
+/** CLI flags that can override config; only defined keys take effect. */
+type CliOverrides = Partial<Pick<TendConfig, "maxSessions" | "maxLoops" | "perIssueBudget" | "test" | "teethCheck" | "includeTests" | "model" | "effort">>;
+/**
+ * Load config via cosmiconfig (searching from `cwd`), validate with zod, and apply
+ * zero-config defaults when no file is found. Invalid config throws a clear message.
+ */
+declare function loadConfig(cwd: string): Promise<TendConfig>;
+/** Overlay CLI flags onto a loaded config (flags win). */
+declare function applyCliOverrides(config: TendConfig, overrides: CliOverrides): TendConfig;
+//#endregion
+//#region src/report/retry-id.d.ts
+type RetryIdGenerator = () => string;
 //#endregion
 //#region src/report/builder.d.ts
+/** Ensure every finding in a persisted report has a human-facing id unique to that report. */
 /** Accumulates per-finding outcomes and run metadata into a validated report.json. */
 declare class ReportBuilder {
   private readonly generateRetryId?;
@@ -1041,61 +1886,11 @@ declare class ReportBuilder {
     durationMs: number;
     exitStatus: number;
     aiUsage?: AiUsage$1;
+    runScope?: RunScope;
+    fixPolicy?: FixPolicy;
   }): Report;
 }
-//#endregion
-//#region src/output/events.d.ts
-/** What happened to a file's fix attempt. "left" = in scope but never dispatched. */
-type FileOutcome = "fixed" | "reverted" | "left";
-type TendEvent = {
-  type: "snapshot";
-} | {
-  type: "detected";
-  packageManager: string;
-  typescript: boolean;
-  testRunner?: string;
-} | {
-  type: "scan-start";
-  loop: number;
-} | {
-  type: "audit";
-  loop: number;
-  findings: number;
-  files: number;
-  scanned?: number;
-} | {
-  type: "loop-start";
-  loop: number;
-  files: string[];
-  concurrency: number;
-} | {
-  type: "file-start";
-  loop: number;
-  file: string;
-  rule?: string;
-} | {
-  type: "file-result";
-  loop: number;
-  file: string;
-  outcome: FileOutcome;
-  reason?: string;
-} | {
-  type: "loop-complete";
-  loop: number;
-  fixed: number;
-} | {
-  type: "done";
-  exitStatus: number;
-};
-type Listener = (event: TendEvent) => void;
-/** Minimal synchronous event bus. With no listener, emit is a no-op (silent mode). */
-declare class EventBus {
-  private readonly listeners;
-  on(listener: Listener): () => void;
-  emit(event: TendEvent): void;
-}
 //#endregion
 //#region src/output/theme.d.ts
 /**
@@ -1157,54 +1952,6 @@ type RemainingGroup = {
  */
 declare function groupRemaining(report: Report): RemainingGroup[];
-//#endregion
-//#region src/orchestrator.d.ts
-type AuditResult = {
-  findings: Finding[];
-  allScannersMissing?: boolean;
-  scanned?: number;
-  scannerStatuses?: ScannerStatus$1[];
-};
-type FixOutcome = {
-  kept: boolean;
-  reason?: RevertReason;
-  detail?: string;
-  usage?: AiUsage;
-};
-type OrchestrateDeps = {
-  /** Run the scanners for a loop and return normalized findings. */
-  audit: (loop: number) => Promise<AuditResult>;
-  /** Fix one work unit (session + gate); returns whether the fix was kept. */
-  fixUnit: (unit: WorkUnit, loop: number) => Promise<FixOutcome>;
-  config: {
-    maxLoops: number;
-    perIssueBudget: number;
-    maxSessions: number;
-    includeTests?: boolean;
-  };
-  /** Restrict findings to the fix scope (changed files); defaults to all. */
-  inScope?: (findings: Finding[]) => Finding[];
-  bus?: EventBus;
-};
-type Termination = "converged" | "max-loops" | "no-progress" | "no-scanners";
-type OrchestrateResult = {
-  termination: Termination;
-  loops: number;
-  exitStatus: number;
-  findings: Finding[];
-  secrets: Finding[];
-  depBumps: Finding[];
-  scannerStatuses: ScannerStatus$1[];
-  /** Estimated AI cost/usage summed across every fix attempt (including reverted ones). */
-  usage: AiUsage;
-};
-/**
- * The scan → fix → re-audit loop. Terminates on the first of: converged (0 fixable),
- * no-progress (no dispatchable units or an attempted loop changed no attempt/status
- * state), per-issue budget exhaustion (mark unfixable, keep going), or max-loops.
- */
-declare function orchestrate(deps: OrchestrateDeps): Promise<OrchestrateResult>;
 //#endregion
 //#region src/cli.d.ts
 type CliHandlers = {
@@ -1285,4 +2032,4 @@ type RetryResult = {
 declare function retryCommand(id: string, deps: RetryDeps): Promise<RetryResult>;
 //#endregion
-export { AiUsage, AuditResult, ChangeSet, Check, ClaudeSession, CliHandlers, ConfigSchema, EventBus, FileEdit, Finding, FindingSchema, FindingStore, FixOutcome, GateOutcome, OrchestrateDeps, OrchestrateResult, PackageManager, RawFinding, Report, ReportBuilder, ReportSchema, RetryDeps, RetryResult, RouteResult, RunDeps, ScanContext, ScanResult, Scanner, SessionRequest, SessionResult, SessionRunner, Snapshot, Spawn, TendConfig, TendEvent, Termination, Tool, Track, Which, WorkUnit, addUsage, applyCliOverrides, assertGitRepo, buildProgram, changedFiles, changedVsHead, detectPackageManager, diffCommand, dispatch, filterToChanged, fingerprint, groupRemaining, isAvailable, loadConfig, normalize, orchestrate, planWork, renderSummary, retryCommand, revertFile, route, runCommand, runGate, runScanner, scopeFindings, showCommand, trackForTool, undoCommand, zeroUsage };
+export { AiUsage, AuditResult, ChangeSet, Check, ClaudeSession, CliHandlers, ConfigSchema, DeterministicFixUnitDeps, DeterministicFixer, EventBus, FileEdit, Finding, FindingSchema, FindingStore, FixOutcome, GateOutcome, OrchestrateDeps, OrchestrateResult, PackageManager, REPAIR_STRATEGIES, RawFinding, RepairPlan, RepairStrategy, Report, ReportBuilder, ReportSchema, RetryDeps, RetryResult, RouteResult, RunDeps, ScanContext, ScanResult, Scanner, SessionRequest, SessionResult, SessionRunner, Snapshot, Spawn, TendConfig, TendEvent, Termination, Tool, Track, Which, WorkUnit, addUsage, applyCliOverrides, applyRepairPlanToFinding, assertGitRepo, buildProgram, changedFiles, changedVsHead, detectPackageManager, diffCommand, dispatch, filterToChanged, fingerprint, groupRemaining, isAiDispatchStrategy, isAvailable, loadConfig, makeDeterministicFixUnit, makeDeterministicFixer, normalize, orchestrate, planRepair, planWork, planWorkFromRepairs, renderSummary, retryCommand, revertFile, route, runCommand, runGate, runScanner, scopeFindings, showCommand, trackForTool, undoCommand, zeroUsage };