npm - vgxness - Versions diffs - 1.8.0 → 1.9.1 - Mend

vgxness 1.8.0 → 1.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/agents/canonical-agent-manifest.js +22 -19
package/dist/agents/renderers/claude-renderer.js +3 -1
package/dist/agents/renderers/opencode-renderer.js +2 -1
package/dist/behavior/behavior-contract-manifest.js +42 -0
package/dist/behavior/behavior-contract-schema.js +1 -0
package/dist/behavior/behavior-contract-validation.js +42 -0
package/dist/governance/index.js +1 -0
package/dist/governance/risk-classifier.js +116 -0
package/dist/mcp/control-plane-snapshot-service.js +272 -0
package/dist/mcp/control-plane.js +2 -1
package/dist/mcp/index.js +1 -0
package/dist/mcp/schema.js +5 -0
package/dist/mcp/validation.js +19 -1
package/dist/orchestrator/natural-language-planner.js +34 -17
package/dist/payload/context-budget-policy.js +17 -0
package/dist/payload/context-budget-service.js +44 -0
package/dist/permissions/policy-evaluator.js +88 -11
package/dist/runs/execution-planning.js +1 -1
package/dist/runs/run-service.js +129 -35
package/package.json +1 -1

package/dist/agents/canonical-agent-manifest.js CHANGED Viewed

@@ -1,5 +1,6 @@
+import { canonicalBehaviorContractVersion } from '../behavior/behavior-contract-manifest.js';
 export const canonicalDefaultAgentName = 'vgxness-manager';
-export const canonicalPromptContractVersion = 6;
+export const canonicalPromptContractVersion = 7;
 export const canonicalSddSubagentNames = [
     'vgxness-sdd-explore',
     'vgxness-sdd-propose',
@@ -74,14 +75,14 @@ function managerDefinition() {
         mode: 'agent',
         builtIn: true,
         name: canonicalDefaultAgentName,
-        description: 'Coordinates VGXNESS MCP state and SDD sub-agents while avoiding unsafe inline execution.',
+        description: 'Coordinates VGXNESS MCP state and SDD sub-agents while routing Tier 0-2 lightweight work, Tier 3 preflight validation, and Tier 4 formal SDD.',
         instructions: { kind: 'inline', value: registryManagerInstructions },
         capabilities: ['sdd-orchestration', 'agent-routing', 'mcp-coordination', 'project-local-automation'],
         permissions: { read: 'allow', edit: 'ask', shell: 'ask', git: 'ask', memory: 'allow', 'provider-tool': 'deny', secrets: 'deny' },
         memory: { scopes: ['project'] },
         workflows: ['explore', 'quickfix', 'plan', 'build', 'debug', 'sdd', 'agent-seeding', 'opencode-install'],
         skills: ['vgxness-sdd-manager'],
-        adapters: { opencode: { model: 'openai/gpt-5.5', config: { options: { reasoningEffort: 'high', vgxnessPromptContractVersion: canonicalPromptContractVersion }, permission: { task: createCanonicalOpenCodeSddTaskPermissions() } } } },
+        adapters: { opencode: { model: 'openai/gpt-5.5', config: { options: { reasoningEffort: 'high', vgxnessPromptContractVersion: canonicalPromptContractVersion, vgxnessBehaviorContractVersion: canonicalBehaviorContractVersion }, permission: { task: createCanonicalOpenCodeSddTaskPermissions() } } } },
         providerSupport: commonSupport(),
     };
 }
@@ -100,7 +101,7 @@ function subagentDefinition(name) {
         memory: { scopes: ['project'] },
         workflows: data.workflows,
         skills: data.skills,
-        adapters: { opencode: { model: 'openai/gpt-5.5', config: { hidden: true, options: { vgxnessPromptContractVersion: canonicalPromptContractVersion } } } },
+        adapters: { opencode: { model: 'openai/gpt-5.5', config: { hidden: true, options: { vgxnessPromptContractVersion: canonicalPromptContractVersion, vgxnessBehaviorContractVersion: canonicalBehaviorContractVersion } } } },
         providerSupport: commonSupport(),
     };
 }
@@ -118,42 +119,44 @@ export const canonicalOpenCodeManagerPrompt = `# VGXNESS Manager - compact SDD o
 Bind only to the primary \`vgxness-manager\` agent. Executor agents (for example \`vgxness-sdd-apply\`) use their own prompts.
 ## Role
-Coordinate SDD; do not become a monolithic executor. Keep the chat thin, use VGXNESS MCP as durable state, delegate phase work to the smallest exact hidden SDD subagent, then synthesize concise evidence for the user. Be direct, practical, repository-grounded, user-controlled, and willing to challenge unsafe or weak assumptions.
-Coach while coordinating: teach briefly when helpful, explain practical tradeoffs, stay realistic about risk/effort/unknowns, respectfully challenge weak assumptions, keep the user comfortable and in control, and avoid lectures or unnecessary verbosity.
+Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to the smallest exact hidden SDD subagent, then synthesize evidence. Coach while coordinating: teach briefly, explain practical tradeoffs, stay realistic about risk/effort/unknowns, respectfully challenge weak assumptions, keep the user comfortable and in control, and avoid lectures or unnecessary verbosity.
 ## Non-negotiable governance
-- SDD artifact acceptance is human-only. Never infer acceptance from generated output, file presence, confidence, or legacy artifacts. Treat draft/rejected/superseded/unaccepted artifacts as not accepted until a human acceptance record exists.
+- SDD artifact acceptance is human-only. Never infer or fabricate acceptance from generated output, subagent/model output, file presence, confidence, or legacy artifacts. Treat draft/rejected/superseded/stale/unaccepted artifacts as not accepted until a human acceptance record exists.
 - Before phase advancement, call readiness/status tools: \`vgxness_sdd_status\`/\`vgxness_sdd_next\` and \`vgxness_sdd_ready\` or \`vgxness_sdd_get_readiness\`.
 - Before risky VGX-managed side effects (edit, shell/tests, git, network, provider-tool, secrets, external-directory, destructive, privileged, ambiguous), call \`vgxness_run_preflight\` with runId/workflow/phase/agent context when available. If approval/block is required, stop; do not invent approval.
+- Direct human acceptance of an exact SDD artifact via \`vgxness_sdd_accept_artifact\` is not a generic SDD write for manager routing: do not call \`vgxness_run_preflight\` solely for that acceptance when the user explicitly accepted the exact project/change/phase artifact, \`acceptedBy.type\` is \`"human"\`, \`acceptedBy.id\` is non-empty, and status/readiness confirms the artifact is eligible. This shortcut applies only to \`vgxness_sdd_accept_artifact\`, not \`vgxness_sdd_save_artifact\`, edits, shell/tests, git, provider config, memory writes, external paths, secrets, destructive/privileged/ambiguous operations.
 - OpenCode native/provider tools are governance-v1 audit-only/non-hard-blocking. Report warnings; do not say native OpenCode tools are hard-blocked by config.
 - Do not mutate provider/global OpenCode config unless explicitly requested. Do not write to \`openspec/\`. Never revert/overwrite unrelated user work. Preserve \`permission.task\` deny-by-default with only exact known SDD subagents allowed.
 - Do not publish packages unless explicitly requested.
 - Do not change model or reasoning effort.
+## Flexible governance routing
+Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight/explicit validation; Tier 4 formal SDD for governance, permission model, SDD acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff are read-only audit-only; provider config writes stay gated.
 ## Provider-native daily flow
-Normal SDD progression happens inside OpenCode through conversation, VGXNESS MCP, and hidden SDD subagents. Do not tell users to run terminal SDD phase commands for daily flow. CLI is an escape hatch only for bootstrap, doctor, rollback/recovery, MCP unavailable/setup missing, provider-native repair out of scope, or explicit user request.
+Daily SDD happens inside OpenCode through conversation, VGXNESS MCP, and hidden SDD subagents. Do not tell users to run terminal SDD phase commands for normal flow. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
 ## MCP playbook
-- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\` with project + workspace; treat \`vgxness_session_restore\` as one signal inside the cockpit, not authoritative truth. If cockpit is unavailable, use \`vgxness_session_restore\` with project + workspace before inferring state. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one, say so and include summary in final response.
-- SDD artifacts: list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; use \`payloadMode: "compact"\` by default for manager-facing reads/lists so the primary context stays clean. Use \`payloadMode: "verbose"\` only when full content is truly required, preferably inside the delegated phase subagent rather than the manager context. Save phase output with \`vgxness_sdd_save_artifact\` only after the appropriate flow. SDD artifacts are not generic memory.
-- Acceptance/readiness: confirm explicit human acceptance, use \`vgxness_sdd_accept_artifact\` only for explicit human acceptance, then \`vgxness_sdd_get_readiness\`/readiness tools before reporting state. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings before risky/ambiguous transitions and in apply/verify summaries.
-- Memory: call \`vgxness_memory_search\`/\`vgxness_memory_get\` when prior work or unclear project context is referenced; call \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; use \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
-- Agents/profile/payloads: resolve exact phase with \`vgxness_agent_resolve\`. \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, and \`vgxness_skill_payload\` prepare/read preview context only; agent_activate does not execute a provider or write provider config. Use \`vgxness_manager_profile_get\` before behavior changes; \`vgxness_manager_profile_set\` requires explicit human authorization.
+- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\` with project + workspace; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one and summarize.
+- SDD artifacts: list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; use \`payloadMode: "compact"\` by default so the primary context stays clean. Use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` only after the appropriate flow. SDD artifacts are not generic memory.
+- Acceptance/readiness: check SDD status/readiness for the exact project/change/phase, confirm explicit human acceptance of that exact artifact, call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId, note/rationale when useful), then re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings before risky/ambiguous transitions and in apply/verify summaries.
+- Memory: call \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work or unclear context; call \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; use \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
+- Agents/profile/payloads: resolve exact phase with \`vgxness_agent_resolve\`. \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, and \`vgxness_skill_payload\` are preview context only; agent_activate does not execute a provider or write provider config. Use \`vgxness_manager_profile_get\` before behavior changes; \`vgxness_manager_profile_set\` requires explicit human authorization.
 - Runs: use \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\` for significant implementation/verification or multi-step delegated work; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, and close with \`vgxness_run_finalize\`.
 - Provider diagnostics: \`vgxness_provider_status\` and \`vgxness_provider_doctor\` are read-only reports.
 ## Minimum flows
-- Simple answer: respond inline; memory only if prior context is referenced; no run by default.
-- Proposal/spec/design/tasks: status/next -> readiness -> read prerequisites -> resolve exact subagent -> delegate -> persist returned output only according to acceptance/governance.
-- Apply/verify: require tasks/apply-progress as appropriate -> read artifacts -> resolve exact subagent -> recover/start run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save apply-progress/verify -> finalize when clear.
+- Simple answer: inline; memory only for prior context; no run by default.
+- Proposal/spec/design/tasks: status/next -> readiness -> read prerequisites -> resolve exact subagent -> delegate -> persist by governance.
+- Apply/verify: require prerequisites -> read artifacts -> resolve exact subagent -> start/recover run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save output -> finalize when clear.
 - Config/provider/prompt change: inspect manager/profile or payload first; persistent changes require explicit human authorization.
 ## Delegation thresholds
-Inline only small decisions, 1-3 file reads, status commands, and atomic one-file mechanical edits. Delegate broad exploration (4+ files), substantial implementation, writes with analysis/new logic, and execution-heavy verification. Never delegate to unknown agents; use exact SDD phase mapping: explore/propose/spec/design/tasks/apply/verify/archive/init/onboard.
+Inline only small decisions, 1-3 file reads, status commands, and atomic one-file mechanical edits. Delegate broad exploration, substantial implementation, writes with analysis/new logic, and execution-heavy verification. Never delegate to unknown agents; use exact SDD phase mapping.
 ## Output
-Be concise: what was delegated, what came back, files/decisions changed, evidence/tests, risks, and next step.`;
+Be concise: delegated work, results, files/decisions, evidence/tests, risks, next step.`;
 const registryManagerInstructions = 'You are the VGXNESS SDD coordinator, not a monolithic executor. Coach briefly while coordinating: explain useful tradeoffs, be realistic about risks and unknowns, respectfully challenge weak assumptions with better options, keep the user comfortable and in control, and stay concise. Use VGXNESS MCP as the durable control plane: restore session context with vgxness_session_restore before inferring start/resume state from chat, and close/pause/compact with vgxness_session_close using actor manager plus an actionable summary when a current session id exists. Check SDD status/next/ready, read prerequisites with sdd_get_artifact or sdd_list_artifacts, save accepted phase output with sdd_save_artifact, search/get/save/update memory only for reusable knowledge, resolve exact SDD subagents before substantial phase work, use runs/checkpoints/preflight/finalize for significant implementation or verification, and use vgxness_provider_status for configured/phase/next questions plus vgxness_provider_doctor for read-only OpenCode MCP/manager health. Prefer payloadMode=compact for manager-facing status/context reads, SDD artifact reads/lists, and activation handoffs so the primary context stays clean; request payloadMode=verbose only when full artifact contents, provider payloads, or skill context are actually needed, preferably inside delegated phase subagents. CLI is an escape hatch for bootstrap, doctor, rollback, recovery, MCP unavailable/setup missing, or explicit user request; do not tell users to run terminal SDD phase commands for normal daily flow. Delegate real SDD phase work to the smallest exact vgxness-sdd-* subagent allowed by permission.task, synthesize results, and persist artifacts/checkpoints. Do not perform substantial multi-file implementation inline. Do not mutate global/provider OpenCode config, install skills, publish packages, or write openspec/ unless explicitly authorized. Checked-in manager and subagent instructions are self-contained; external sdd-* skill files are optional registry assets, not requirements.';
 const subagentData = {
     'vgxness-sdd-explore': { seedDescription: 'Investigates codebase context and identifies options before proposals.', seedInstructions: 'You are the explore phase executor, not the orchestrator. Do not delegate. Explore repository evidence for the requested SDD change. Do not implement code changes. Return concise findings, risks, and recommended next artifacts.', capabilities: ['sdd-exploration', 'codebase-research', 'discovery'], permissions: { read: 'allow', edit: 'deny', shell: 'ask', git: 'deny', memory: 'allow', 'provider-tool': 'deny', secrets: 'deny' }, workflows: ['sdd:explore'], skills: ['vgxness-sdd-explore'], phaseContract: 'Investigate codebase context, constraints, options, and risks. Do not implement code changes. Return findings and recommended next artifacts.' },

package/dist/agents/renderers/claude-renderer.js CHANGED Viewed

@@ -1,3 +1,5 @@
+import { canonicalPromptContractVersion } from '../canonical-agent-manifest.js';
+import { canonicalBehaviorContractVersion } from '../../behavior/behavior-contract-manifest.js';
 import { ok, validationFailure } from './provider-adapter.js';
 const previewWarnings = [
     'Claude rendering returns installable preview artifacts only; it does not install and does not write provider configuration.',
@@ -66,7 +68,7 @@ export class ClaudeAgentRenderer {
     }
 }
 function renderClaudeAgentMarkdown(agent, key) {
-    return `---\nname: ${JSON.stringify(key)}\ndescription: ${JSON.stringify(agent.description)}\n---\n\n<!-- VGXNESS-GENERATED claude-code-provider-support provider=claude artifact=claude-code-subagent promptContractVersion=6 safe-update=true -->\n\n${agent.instructions.value.trim()}\n`;
+    return `---\nname: ${JSON.stringify(key)}\ndescription: ${JSON.stringify(agent.description)}\n---\n\n<!-- VGXNESS-GENERATED claude-code-provider-support provider=claude artifact=claude-code-subagent promptContractVersion=${canonicalPromptContractVersion} behaviorContractVersion=${canonicalBehaviorContractVersion} safe-update=true -->\n\n${agent.instructions.value.trim()}\n`;
 }
 function claudeAgentKey(value) {
     return pathSegment(value);

package/dist/agents/renderers/opencode-renderer.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { behaviorContractProjectionMetadata } from '../../behavior/behavior-contract-manifest.js';
 import { ok, validationFailure } from './provider-adapter.js';
 const openCodeSchema = 'https://opencode.ai/config.json';
 const previewWarning = 'Rendering returns preview artifacts only; it does not install or write .opencode/, .claude/, or provider configuration.';
@@ -50,7 +51,7 @@ export class OpenCodeAgentRenderer {
         const artifact = {
             relativePath: `rendered/opencode/${pathSegment(input.agent.project)}/${input.agent.scope}/${pathSegment(input.agent.name)}/opencode.json`,
             contentType: 'application/json',
-            contents: `${JSON.stringify({ $schema: openCodeSchema, agent: renderedAgents, safety: previewSafety }, null, 2)}\n`,
+            contents: `${JSON.stringify({ $schema: openCodeSchema, behaviorContract: behaviorContractProjectionMetadata, agent: renderedAgents, safety: previewSafety }, null, 2)}\n`,
         };
         return ok({
             provider: this.provider,

package/dist/behavior/behavior-contract-manifest.js ADDED Viewed

@@ -0,0 +1,42 @@
+export const canonicalBehaviorContractName = 'vgxness-manager-behavior-contract';
+export const canonicalBehaviorContractVersion = '1.0.0';
+export const criticalBehaviorContractInvariantIds = [
+    'sdd.acceptance.human-only',
+    'sdd.draft-is-not-accepted',
+    'sdd.readiness-before-advance',
+    'provider.preview-status-doctor-readonly',
+    'provider.config-writes-explicit-consent',
+    'run.risky-effects-preflight',
+    'delegation.deny-by-default',
+    'delegation.no-wildcard',
+    'context.manager-compact-default',
+    'context.progressive-disclosure',
+    'flow.provider-native-no-terminal-sdd-daily',
+    'scope.exclude-vgxcode-runtime',
+    'worktree.preserve-unrelated-user-work',
+];
+export const behaviorContractManifest = {
+    name: canonicalBehaviorContractName,
+    contractVersion: canonicalBehaviorContractVersion,
+    excludedTargets: ['vgxcode', 'src/code/runtime/*', 'src/code/prompts/*'],
+    invariants: [
+        { id: 'sdd.acceptance.human-only', category: 'sdd', severity: 'critical', summary: 'SDD acceptance is recorded only from explicit human acceptance.' },
+        { id: 'sdd.draft-is-not-accepted', category: 'sdd', severity: 'critical', summary: 'Draft, rejected, superseded, legacy, or unaccepted artifacts are not accepted prerequisites.' },
+        { id: 'sdd.readiness-before-advance', category: 'sdd', severity: 'critical', summary: 'Phase advancement checks readiness/status before treating prerequisites as satisfied.' },
+        { id: 'provider.preview-status-doctor-readonly', category: 'provider', severity: 'critical', summary: 'Preview, status, and doctor surfaces are read-only and do not write provider configuration.' },
+        { id: 'provider.config-writes-explicit-consent', category: 'provider', severity: 'critical', summary: 'Provider configuration writes require explicit user consent through confirmed flows.' },
+        { id: 'run.risky-effects-preflight', category: 'run', severity: 'critical', summary: 'Risky edits, shell, git, provider, secret, destructive, privileged, or ambiguous effects require preflight.' },
+        { id: 'delegation.deny-by-default', category: 'delegation', severity: 'critical', summary: 'Delegation defaults to deny unless an exact governed path allows it.' },
+        { id: 'delegation.no-wildcard', category: 'delegation', severity: 'critical', summary: 'Wildcard delegation is not allowed; exact canonical subagents must be used.' },
+        { id: 'context.manager-compact-default', category: 'context', severity: 'critical', summary: 'Manager-facing context defaults to compact payloads.' },
+        { id: 'context.progressive-disclosure', category: 'context', severity: 'critical', summary: 'Expanded and verbose context are requested only when needed.' },
+        { id: 'flow.provider-native-no-terminal-sdd-daily', category: 'flow', severity: 'critical', summary: 'Daily SDD progression happens provider-natively through conversation and MCP, not mandatory terminal phase commands.' },
+        { id: 'scope.exclude-vgxcode-runtime', category: 'scope', severity: 'critical', summary: 'This behavior contract excludes vgxcode and src/code runtime/prompt implementation targets.' },
+        { id: 'worktree.preserve-unrelated-user-work', category: 'worktree', severity: 'critical', summary: 'Unrelated user work and dirty files are preserved.' },
+    ],
+};
+export const behaviorContractProjectionMetadata = {
+    behaviorContractName: canonicalBehaviorContractName,
+    behaviorContractVersion: canonicalBehaviorContractVersion,
+    criticalInvariantIds: criticalBehaviorContractInvariantIds,
+};

package/dist/behavior/behavior-contract-schema.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/behavior/behavior-contract-validation.js ADDED Viewed

@@ -0,0 +1,42 @@
+import { behaviorContractManifest, criticalBehaviorContractInvariantIds } from './behavior-contract-manifest.js';
+export function validateBehaviorContractManifest(manifest = behaviorContractManifest) {
+    const errors = [];
+    if (!manifest.name.trim())
+        errors.push('behavior contract name is required');
+    if (!manifest.contractVersion.trim())
+        errors.push('behavior contract version is required');
+    const seen = new Set();
+    for (const invariant of manifest.invariants) {
+        if (!invariant.id.trim())
+            errors.push('invariant id is required');
+        if (seen.has(invariant.id))
+            errors.push(`duplicate invariant id: ${invariant.id}`);
+        seen.add(invariant.id);
+        if (!invariant.summary.trim())
+            errors.push(`invariant ${invariant.id} summary is required`);
+    }
+    for (const id of criticalBehaviorContractInvariantIds) {
+        const invariant = manifest.invariants.find((candidate) => candidate.id === id);
+        if (invariant === undefined)
+            errors.push(`missing critical invariant: ${id}`);
+        else if (invariant.severity !== 'critical')
+            errors.push(`critical invariant ${id} must have severity critical`);
+    }
+    for (const target of ['vgxcode', 'src/code/runtime/*', 'src/code/prompts/*']) {
+        if (!manifest.excludedTargets.includes(target))
+            errors.push(`missing excluded target: ${target}`);
+    }
+    return { ok: errors.length === 0, errors };
+}
+export function validateBehaviorContractProjection(metadata, manifest = behaviorContractManifest) {
+    const errors = [];
+    if (metadata.behaviorContractName !== manifest.name)
+        errors.push(`behavior contract name mismatch: ${metadata.behaviorContractName}`);
+    if (metadata.behaviorContractVersion !== manifest.contractVersion)
+        errors.push(`behavior contract version mismatch: ${metadata.behaviorContractVersion}`);
+    for (const id of criticalBehaviorContractInvariantIds) {
+        if (!metadata.criticalInvariantIds.includes(id))
+            errors.push(`projection missing critical invariant reference: ${id}`);
+    }
+    return { ok: errors.length === 0, errors };
+}

package/dist/governance/index.js CHANGED Viewed

@@ -1,3 +1,4 @@
 export * from './governance-report-builder.js';
 export * from './overlay-fingerprint.js';
+export * from './risk-classifier.js';
 export * from './schema.js';

package/dist/governance/risk-classifier.js ADDED Viewed

@@ -0,0 +1,116 @@
+import { isWorkflowId } from '../workflows/schema.js';
+const readOnlyIntentTerms = [
+    /\b(explain|what|why|how|describe|read|inspect|search|status|doctor|preview|diagnos(?:e|tic|tics)|logs?)\b/,
+    /\b(explicar|diagnosticar)\b/,
+];
+const planningTerms = [/\b(plan|review|checklist|preview|dry[- ]run)\b/, /\btarea simple\b/];
+const quickfixTerms = [/\b(fix|patch|typo|small|bounded|arreglar)\b/];
+const buildTerms = [/\b(build|add|create|implement|feature|capability)\b/];
+const tier3Terms = [
+    /\b(install|repair|write config|provider config|\.opencode|\.claude|global config)\b/,
+    /\b(commit|push|tag|amend|force[- ]push|publish|release|delete|remove|destroy|drop|reset|secret|token|sudo|external|network)\b/,
+    /\b(aprobaci[oó]n|permiso)\b/,
+];
+const tier4MutationTerms = [
+    /\b(build|add|create|implement)\b.*\bnew\b.*\bworkflow\b/,
+    /\b(change|update|modify|refactor|implement|build|add|create|fix|arreglar)\b.*\b(governance|permission model|permissions?|sdd acceptance|artifact acceptance|workflow routing|workflow capability|routing|security semantics|architecture|cross[- ]surface)\b/,
+    /\b(governance|permission model|permissions?|sdd acceptance|artifact acceptance|workflow routing|workflow capability|routing|security semantics|architecture|cross[- ]surface)\b.*\b(change|update|modify|refactor|implement|build|add|create|fix|arreglar)\b/,
+];
+const keywordOnlyProtectedTerms = /\b(governance|permissions?|workflow|provider|sdd|security|architecture)\b/;
+export function classifyIntentRisk(input) {
+    const intent = normalize(input.intent);
+    const evidence = [`intent:${intent}`];
+    if (tier4MutationTerms.some((term) => term.test(intent))) {
+        const reasonCodes = [];
+        if (/\bpermissions?|permission model|permiso\b/.test(intent))
+            reasonCodes.push('permission_model_change');
+        if (/\bsdd acceptance|artifact acceptance|sdd\b/.test(intent))
+            reasonCodes.push('sdd_governance_change');
+        if (/\bgovernance\b/.test(intent))
+            reasonCodes.push('governance_change');
+        if (/\barchitecture\b/.test(intent))
+            reasonCodes.push('architecture_change');
+        if (/\bcross[- ]surface|workflow routing|workflow capability|routing\b/.test(intent))
+            reasonCodes.push('cross_surface_change');
+        return classification(4, unique(reasonCodes.length === 0 ? ['governance_change'] : reasonCodes), 'sdd', 'ask', evidence);
+    }
+    if (readOnlyIntentTerms.some((term) => term.test(intent)) || (/\b(no uses sdd)\b/.test(intent) && keywordOnlyProtectedTerms.test(intent))) {
+        const workflow = /\bdiagnos(?:e|tic|tics)|diagnosticar|doctor|status|logs?\b/.test(intent) ? 'debug' : 'direct';
+        return classification(0, ['read_only'], workflow, 'audit', evidence);
+    }
+    if (tier3Terms.some((term) => term.test(intent)))
+        return classification(3, ['unknown_conservative'], workflowFromHint(input.workflowHint, 'plan'), 'ask', evidence);
+    if (buildTerms.some((term) => term.test(intent)))
+        return classification(2, ['moderate_project_mutation'], 'build', 'ask', evidence);
+    if (planningTerms.some((term) => term.test(intent)))
+        return classification(1, ['read_only'], 'plan', 'audit', evidence);
+    if (quickfixTerms.some((term) => term.test(intent)))
+        return classification(1, ['small_local_change'], 'quickfix', 'allow', evidence);
+    return classification(0, ['read_only'], 'explore', 'audit', evidence);
+}
+export function classifyOperationRisk(input) {
+    const op = normalize([input.operation, input.providerToolName].filter(Boolean).join(' '));
+    const evidence = [`category:${input.category}`, `operation:${input.operation}`];
+    if (input.providerToolName !== undefined)
+        evidence.push(`providerTool:${input.providerToolName}`);
+    if (input.destructive === true)
+        return classification(3, ['destructive_operation'], 'plan', 'ask', evidence);
+    if (input.external === true || input.category === 'network' || input.category === 'external-directory')
+        return classification(3, ['external_operation'], 'plan', 'ask', evidence);
+    if (input.privileged === true)
+        return classification(3, ['privileged_operation'], 'plan', 'ask', evidence);
+    if (input.ambiguous === true)
+        return classification(3, ['ambiguous_mutation'], 'plan', 'ask', evidence);
+    if (input.category === 'secrets')
+        return classification(3, ['secret_access'], 'plan', 'deny', evidence);
+    if (input.category === 'provider-tool')
+        return classifyProviderTool(op, evidence);
+    if (input.category === 'git-write' || (input.category === 'git' && /\b(commit|amend|tag|push|delete[- ]branch|force[- ]push|merge|rebase)\b/.test(op)))
+        return classification(3, ['git_write'], 'plan', 'ask', evidence);
+    if (input.category === 'git')
+        return classification(0, ['read_only'], 'direct', 'audit', evidence);
+    if (/\b(publish|release|npm publish|package distribution)\b/.test(op))
+        return classification(3, ['publish_release'], 'plan', 'ask', evidence);
+    if (input.category === 'shell' && /^command-allowlist[ :-][a-z0-9._/-]+$/.test(op))
+        return classification(0, ['allowlisted_verification'], 'debug', 'allow', evidence);
+    if (input.category === 'shell')
+        return classification(3, ['unknown_conservative'], 'plan', 'ask', evidence);
+    if (input.category === 'test-run')
+        return classification(0, ['allowlisted_verification'], 'debug', 'audit', evidence);
+    if (input.category === 'read')
+        return classification(0, [input.workspaceRoot !== undefined ? 'workspace_read' : 'read_only'], 'direct', 'audit', evidence);
+    if (input.category === 'edit' || input.category === 'implementation-edit' || input.category === 'spec-write' || input.category === 'design-write' || input.category === 'task-write')
+        return classification(input.category === 'implementation-edit' ? 2 : 1, [input.category === 'implementation-edit' ? 'moderate_project_mutation' : 'small_local_change'], workflowFromHint(input.workflow, 'quickfix'), 'ask', evidence);
+    if (input.category === 'install')
+        return classification(3, ['external_operation'], 'plan', 'ask', evidence);
+    if (input.category === 'memory' || input.category === 'memory-write')
+        return classification(1, ['small_local_change'], 'explore', 'audit', evidence);
+    return classification(3, ['unknown_conservative'], 'plan', 'ask', evidence);
+}
+function classifyProviderTool(operation, evidence) {
+    if (/\b(status|doctor|preview|handoff|change[- ]plan|health)\b/.test(operation))
+        return classification(0, ['provider_readonly_audit'], 'direct', 'audit', evidence);
+    if (/\b(install|setup|repair|write|apply|config|mcp[- ]install)\b/.test(operation))
+        return classification(3, ['provider_config_write'], 'plan', 'ask', evidence);
+    return classification(3, ['unknown_conservative'], 'plan', 'ask', evidence);
+}
+function classification(tier, reasonCodes, recommendedWorkflow, defaultDecision, evidence) {
+    return {
+        tier,
+        reasonCodes,
+        recommendedWorkflow,
+        defaultDecision,
+        requiresSdd: tier === 4,
+        requiresExplicitValidation: tier >= 3,
+        evidence,
+    };
+}
+function workflowFromHint(value, fallback) {
+    return value !== undefined && isWorkflowId(value) ? value : fallback;
+}
+function normalize(value) {
+    return value.toLowerCase().replace(/[^a-z0-9._/ áéíóúüñ-]+/g, ' ').replace(/\s+/g, ' ').trim();
+}
+function unique(values) {
+    return [...new Set(values)];
+}

package/dist/mcp/control-plane-snapshot-service.js ADDED Viewed

@@ -0,0 +1,272 @@
+import { ContextBudgetService } from '../payload/context-budget-service.js';
+export const contextCockpitSnapshotLevels = ['compact', 'expanded', 'verbose'];
+export class ContextCockpitSnapshotService {
+    dependencies;
+    budget;
+    constructor(dependencies) {
+        this.dependencies = dependencies;
+        this.budget = dependencies.budget ?? new ContextBudgetService();
+    }
+    build(input) {
+        const level = input.level ?? 'compact';
+        const legacyInput = {
+            project: input.project,
+            ...(input.directory === undefined ? {} : { directory: input.directory }),
+            ...(input.limit === undefined ? {} : { limit: input.limit }),
+        };
+        const legacy = this.dependencies.memory.getContextCockpit(legacyInput);
+        if (!legacy.ok)
+            return legacy;
+        const sddResult = input.change === undefined ? undefined : this.buildSddSection({ project: input.project, change: input.change }, level);
+        if (sddResult !== undefined && !sddResult.ok)
+            return sddResult;
+        const sdd = sddResult?.value;
+        const integratesSdd = sdd !== undefined;
+        const optionalSectionsOmitted = omittedSections(legacy.value.optionalSectionsOmitted, integratesSdd ? ['provider'] : ['sdd', 'provider'], integratesSdd ? ['sdd'] : []);
+        const snapshotWithoutBudget = {
+            ...legacy.value,
+            optionalSectionsOmitted,
+            ...(sdd === undefined ? {} : { sdd }),
+            snapshotVersion: 2,
+            level,
+            references: [
+                {
+                    id: 'legacy-context-cockpit',
+                    kind: 'legacy-context-cockpit',
+                    description: 'Wrapped output from the existing no-trace context cockpit path.',
+                },
+            ],
+            warnings: [
+                ...(integratesSdd ? [] : ['sdd-snapshot-omitted:no-change']),
+                'provider-snapshot-omitted:no-workspace-root',
+            ],
+            safety: {
+                ...legacy.value.safety,
+                readOnly: true,
+                recordsTraces: false,
+                noTrace: true,
+                mutatesSessions: false,
+                noSessionMutation: true,
+                mutatesMemories: false,
+                noMemoryMutation: true,
+                mutatesArtifacts: false,
+                noArtifactMutation: true,
+                mutatesRuns: false,
+                noCheckpoints: true,
+                writesProviderConfig: false,
+                noProviderConfigWrites: true,
+                mutatesRepository: false,
+                executesProvider: false,
+                mutatesProviderConfig: false,
+                createsRun: false,
+                createsCheckpoint: false,
+                recordsTimelineEvent: false,
+                integratesSdd,
+                integratesProvider: false,
+            },
+        };
+        const report = this.budget.reportJson(budgetIdForLevel(level), snapshotWithoutBudget);
+        return {
+            ok: true,
+            value: {
+                ...snapshotWithoutBudget,
+                budget: {
+                    level,
+                    policy: budgetIdForLevel(level),
+                    report,
+                    memoryPreviewLimit: input.limit ?? legacy.value.memoryPreviews.length,
+                    includesSdd: integratesSdd,
+                    includesProvider: false,
+                    omittedSections: [
+                        ...(integratesSdd ? [] : ['sdd']),
+                        'provider',
+                        'runs',
+                        'memory-content',
+                        'session-transcripts',
+                        'provider-config-contents',
+                        'run-checkpoint-details',
+                    ],
+                    heavyContentPolicy: 'references-only',
+                    notes: ['Budget measured with ContextBudgetService.reportJson before adding the final budget section.'],
+                },
+            },
+        };
+    }
+    buildSddSection(input, level) {
+        if (this.dependencies.sdd === undefined) {
+            return { ok: false, error: { code: 'validation_failed', message: 'SDD cockpit service is not available' } };
+        }
+        const cockpit = this.dependencies.sdd.getCockpit(input);
+        if (!cockpit.ok)
+            return cockpit;
+        return { ok: true, value: toSddSection(cockpit.value, level) };
+    }
+}
+function toSddSection(cockpit, level) {
+    switch (level) {
+        case 'compact':
+            return toCompactSddSection(cockpit);
+        case 'expanded':
+            return toExpandedSddSection(cockpit);
+        case 'verbose':
+            return toVerboseSddSection(cockpit);
+    }
+}
+function toCompactSddSection(cockpit) {
+    return {
+        projection: 'compact',
+        project: cockpit.project,
+        change: cockpit.change,
+        recommendedAction: cockpit.recommendedAction,
+        ...(cockpit.actionablePhase === undefined ? {} : { actionablePhase: cockpit.actionablePhase }),
+        next: {
+            status: cockpit.next.status,
+            ...(cockpit.next.nextPhase === undefined ? {} : { nextPhase: cockpit.next.nextPhase }),
+            reason: cockpit.next.reason,
+        },
+        phases: cockpit.phases.map((phase) => ({
+            phase: phase.phase,
+            topicKey: phase.topicKey,
+            present: phase.present,
+            accepted: phase.accepted,
+            legacy: phase.legacy,
+            state: phase.state,
+            readinessReady: phase.readiness.ready,
+            blockerCount: phase.blockers.length,
+        })),
+        counts: {
+            phases: cockpit.phases.length,
+            artifacts: cockpit.artifacts.length,
+            accepted: cockpit.acceptedCount,
+            legacy: cockpit.legacyCount,
+            blockers: cockpit.aggregateBlockers.length,
+        },
+    };
+}
+function toExpandedSddSection(cockpit) {
+    return {
+        projection: 'expanded',
+        project: cockpit.project,
+        change: cockpit.change,
+        recommendedAction: cockpit.recommendedAction,
+        ...(cockpit.actionablePhase === undefined ? {} : { actionablePhase: cockpit.actionablePhase }),
+        next: {
+            status: cockpit.next.status,
+            ...(cockpit.next.nextPhase === undefined ? {} : { nextPhase: cockpit.next.nextPhase }),
+            reason: cockpit.next.reason,
+        },
+        phases: cockpit.phases.map(toExpandedSddPhase),
+        counts: {
+            phases: cockpit.phases.length,
+            artifacts: cockpit.artifacts.length,
+            accepted: cockpit.acceptedCount,
+            legacy: cockpit.legacyCount,
+            blockers: cockpit.aggregateBlockers.length,
+        },
+        blockers: cockpit.aggregateBlockers.map(toSddBlocker),
+    };
+}
+function toVerboseSddSection(cockpit) {
+    return {
+        projection: 'verbose',
+        project: cockpit.project,
+        change: cockpit.change,
+        recommendedAction: cockpit.recommendedAction,
+        ...(cockpit.actionablePhase === undefined ? {} : { actionablePhase: cockpit.actionablePhase }),
+        next: {
+            status: cockpit.next.status,
+            ...(cockpit.next.nextPhase === undefined ? {} : { nextPhase: cockpit.next.nextPhase }),
+            reason: cockpit.next.reason,
+        },
+        phases: cockpit.phases.map(toExpandedSddPhase),
+        counts: {
+            phases: cockpit.phases.length,
+            artifacts: cockpit.artifacts.length,
+            accepted: cockpit.acceptedCount,
+            legacy: cockpit.legacyCount,
+            blockers: cockpit.aggregateBlockers.length,
+        },
+        blockers: cockpit.aggregateBlockers.map(toSddBlocker),
+        artifacts: cockpit.artifacts.map(toArtifactMetadata),
+    };
+}
+function toExpandedSddPhase(phase) {
+    return {
+        phase: phase.phase,
+        topicKey: phase.topicKey,
+        present: phase.present,
+        accepted: phase.accepted,
+        legacy: phase.legacy,
+        state: phase.state,
+        readinessReady: phase.readiness.ready,
+        blockerCount: phase.blockers.length,
+        readiness: toReadinessMetadata(phase.readiness),
+        ...(phase.artifact === undefined ? {} : { artifact: toArtifactMetadata(phase.artifact) }),
+        blockers: phase.blockers.map(toSddBlocker),
+    };
+}
+function toReadinessMetadata(readiness) {
+    return {
+        change: readiness.change,
+        phase: readiness.phase,
+        ready: readiness.ready,
+        satisfiedPrerequisites: readiness.satisfiedPrerequisites,
+        missingArtifactTopicKeys: readiness.missingArtifactTopicKeys,
+        blockedPrerequisites: (readiness.blockedPrerequisites ?? []).map(toPrerequisiteBlocker),
+    };
+}
+function toPrerequisiteBlocker(blocker) {
+    return {
+        phase: blocker.phase,
+        topicKey: blocker.topicKey,
+        reason: blocker.reason,
+        ...(blocker.artifactId === undefined ? {} : { artifactId: blocker.artifactId }),
+    };
+}
+function toArtifactMetadata(artifact) {
+    return {
+        phase: artifact.phase,
+        topicKey: artifact.topicKey,
+        present: artifact.present,
+        accepted: artifact.accepted,
+        legacy: artifact.legacy,
+        state: artifact.state,
+        ...(artifact.artifactId === undefined ? {} : { artifactId: artifact.artifactId }),
+        ...(artifact.createdAt === undefined ? {} : { createdAt: artifact.createdAt }),
+        ...(artifact.updatedAt === undefined ? {} : { updatedAt: artifact.updatedAt }),
+        ...(artifact.acceptance === undefined ? {} : { acceptance: toAcceptanceMetadata(artifact.acceptance) }),
+    };
+}
+function toAcceptanceMetadata(acceptance) {
+    return {
+        actor: {
+            type: acceptance.actor.type,
+            id: acceptance.actor.id,
+            ...(acceptance.actor.displayName === undefined ? {} : { displayName: acceptance.actor.displayName }),
+        },
+        acceptedAt: acceptance.acceptedAt,
+    };
+}
+function toSddBlocker(blocker) {
+    return {
+        kind: blocker.kind,
+        phase: blocker.phase,
+        topicKey: blocker.topicKey,
+        reason: blocker.reason,
+        ...(blocker.artifactId === undefined ? {} : { artifactId: blocker.artifactId }),
+    };
+}
+function budgetIdForLevel(level) {
+    switch (level) {
+        case 'compact':
+            return 'snapshotCompact';
+        case 'expanded':
+            return 'snapshotExpanded';
+        case 'verbose':
+            return 'subagentVerbosePayload';
+    }
+}
+function omittedSections(legacy, required, resolved = []) {
+    const resolvedSet = new Set(resolved);
+    return [...new Set([...legacy, ...required])].filter((section) => !resolvedSet.has(section));
+}