222 Commits

  • chore: reconcile publish/agent surfaces after PR batch
    - agent.yaml: register epic-* commands (#2236) and vue-review (#2241)
    - package.json files: drop stray skills/ml-adoption-playbook entry (follows orphan-skill publish pattern; not in install-modules.json)
    - unicode-safety: strip decorative emoji from dashboard-web.js (#2100) and brand-discovery refs (#2221) to pass the CI gate
    - agent-compress: raise catalog token canary 5000 -> 6000 for the 67-agent catalog
    
    Full suite green (2836/2836).
  • Merge pull request #2236 from Victor-Casado/feat/github-native-coordination
    feat: add github-native coordination (epic-* commands + scripts + tests). Command registry + catalog reconciled.
  • feat: add dry-run mode for hook execution (#2116) (#2188)
    - Global --dry-run flag and ECC_DRY_RUN=1 env var
    - Enriched preview: shows target file path, tool name, and command
    - --dry-run stripped from argv so command routing works correctly
    - Handles non-JSON and empty stdin gracefully (session/stop hooks)
    - 10 tests covering isDryRun(), hook gating, enriched output, CLI routing
  • fix: context-size /compact trigger, Codex marketplace plugin path, live README badges (#2237)
    - suggest-compact hook now reads the latest usage record from the session
      transcript and suggests /compact at a window-scaled token threshold
      (160k/200k window, 250k/1M window; COMPACT_CONTEXT_THRESHOLD and
      COMPACT_CONTEXT_INTERVAL overridable), re-firing per 60k-token growth
      bucket; tool-call count stays as the secondary signal (#2155)
    - Codex repo marketplace now points at ./plugins/ecc instead of ./ — Codex
      never discovers plugins whose local marketplace source.path is the
      marketplace root (verified on Codex CLI 0.137.0); plugins/ecc is a thin
      folder referencing root skills/.mcp.json per maintainer direction on
      #2097; docs flag plugin mode as experimental with the upstream blocker
      openai/codex#26037 linked (#2128)
    - README badges for installs/stars/forks now use shields endpoint badges
      backed by api.ecc.tools (live install count 3,712 vs the stale static
      150), which also eliminates shields' 'Unable to select next GitHub token
      from pool' render in the stars badge
    
    Closes #2155
    Closes #2128
  • fix: address second round of code-review findings
    actions.js:
    - Add assertValidRepo/assertValidIssueNumber guards at the top of all
      action handlers (applyClaim, applySync, applyValidate, applyPublish,
      applyReview, applyDecompose, applyUnblock) for fast-fail validation
    - applyValidate: fix status transition — set 'validated' unconditionally
      when ok=true instead of preserving 'blocked' (was inconsistent with
      projectState becoming 'ready')
    
    gh-api.js:
    - runGh: preserve GITHUB_TOKEN by default; only delete when caller
      explicitly sets options.stripGithubToken=true (was deleting by
      default, breaking CI)
    
    parsing.js:
    - extractCoordinationState: throw SyntaxError on malformed JSON instead
      of silently returning null — lets callers distinguish bad JSON from
      absent marker
    - normalizeBodyForComparison: fix regex to match JSON-quoted form
      "lastSyncAt": ... instead of bare lastSyncAt: ...
    
    policy.js:
    - loadPolicy: validate that parsed JSON is a plain object before
      spreading; coerce nested fields (labels, review, validation,
      branchModel, project, fieldNames) to objects before merging
    
    state.js:
    - assertIssueClaimable: block re-claim on status alone (not status AND
      owner) to prevent {status:'claimed', owner:null} bypass; use
      state.owner || 'unknown' in error message
    - getCoordinationState: catch SyntaxError from extractCoordinationState,
      log warning to stderr, fall back to default state
    
    tests/lib:
    - Update malformed-JSON test to expect SyntaxError throw instead of null
    
    Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • refactor: apply code-review findings to github-native coordination
    scripts/github-coordination.js:
    - parseArgs: replace 13-entry if/else chain with BOOL_FLAGS/VALUE_FLAGS
      lookup maps; shrinks from 119 to ~45 lines
    - Extract dispatchCommand(options, ctx) and formatOutput(payload, options)
      from main(); main() shrinks to ~20 lines
    
    scripts/lib/github-coordination.js:
    - Split 1041-line monolith into 6 focused sub-modules under
      scripts/lib/github-coordination/ (policy, parsing, gh-api, state,
      actions, store); index becomes a thin re-export (~55 lines)
    - Document ECC_GH_SHIM trust boundary in runGh() (gh-api.js)
    - Document applyClaim() read→check→write race condition (actions.js)
    
    tests/lib/github-coordination.test.js:
    - Refactor runTests() to data-driven DESCRIPTORS array + runGroup()
      helper; runTests() shrinks to ~10 lines
    - Add 5 new edge-case tests: normalizeRepo('') and normalizeRepo('   ')
      throw, desiredLabelsForState for blocked/ready statuses, and
      buildIssueStateFromAction for validate action (15 → 20 tests)
    
    tests/scripts/github-coordination.test.js:
    - Replace console.log in test runner with process.stdout.write
    
    Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • feat: add github-native coordination (epic-* commands + scripts + tests)
    Adds a GitHub-native coordination layer on top of ECC:
    
    Commands (7 new slash commands):
    - epic-claim, epic-sync, epic-validate, epic-publish
    - epic-review, epic-unblock, epic-decompose
    
    Scripts:
    - scripts/github-coordination.js  — CLI entry point
    - scripts/lib/github-coordination.js  — core library (state machine, gh API wrappers)
    - scripts/status.js  — coordination status reporter
    
    Config:
    - config/github-native-coordination.json  — labels, review policy, validation gates
    
    Tests:
    - tests/lib/github-coordination.test.js  — 15 unit tests for pure functions
    - tests/scripts/github-coordination.test.js  — integration/CLI test suite
    
    Registry:
    - docs/COMMAND-REGISTRY.json  — adds 7 epic-* entries, totalCommands 84 → 91
    
    No encoding changes, no prp-* modifications, no Windows shims.
    
    Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • fix(commands): resolve active plugin root in /instinct-status (#2037) (#2059)
    The `/instinct-status` slash command template expanded
    `${CLAUDE_PLUGIN_ROOT}` directly and documented a manual-install
    fallback to `~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py`.
    When users had both an active plugin install (under
    `~/.claude/plugins/cache/<slug>/<org>/<version>/`) and a legacy
    `~/.claude/skills/continuous-learning-v2/` directory left over from a
    previous manual install, an empty `CLAUDE_PLUGIN_ROOT` (which Claude
    Code does not always populate in slash-command shell contexts) silently
    made the command read the stale legacy install while the active plugin
    hooks and observer wrote to the new XDG path. The user saw "No
    instincts found" while the system was actively learning — exactly the
    divergence the bug reporter spent hours diagnosing.
    
    Replace the brittle two-block template with the same inline resolver
    pattern that `hooks/hooks.json` and `/sessions` / `/skill-health`
    already use: env var → standard install → known plugin roots → plugin
    cache walk → fallback. The resolver is the canonical `INLINE_RESOLVE`
    constant from `scripts/lib/resolve-ecc-root.js`, so no new code is
    introduced — just consistent adoption of the existing pattern.
    
    Apply the same fix to all five copies of the command:
      - commands/instinct-status.md (canonical)
      - .opencode/commands/instinct-status.md
      - docs/zh-CN/commands/instinct-status.md
      - docs/ja-JP/commands/instinct-status.md
      - docs/tr/commands/instinct-status.md
    
    Extend tests/lib/command-plugin-root.test.js with an assertion that the
    canonical instinct-status.md uses the inline resolver and no longer
    hard-codes the legacy `~/.claude/skills/...` fallback (regression
    guard).
    
    zh-CN copy: polish the Chinese phrasing per LanguageTool feedback
    (`使用与 ... 相同的解析器` → `以与 ... 相同的解析器`) so the verb is
    introduced by an explicit preposition instead of reading as an awkward
    verb-object construction.
  • feat: Cursor-independent ECC memory via ECC_AGENT_DATA_HOME (#2066)
    * feat: auto-isolate ECC memory data for Cursor via ECC_AGENT_DATA_HOME
    
    Add ECC_AGENT_DATA_HOME (defaults to ~/.claude) with Cursor-aware resolution,
    sessionStart env injection, install scaffolds, and hook bootstrap so memory
    hooks do not collide with Claude Code when both harnesses are used.
    
    Closes #2065
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * fix: log agent-data config errors and ship cursor sessionStart deps
    
    Address CodeRabbit review: log invalid .cursor/ecc-agent-data.json parse
    failures, and copy cursor-session-env.js plus lib deps on legacy Cursor
    install so sessionStart hook path exists without hooks-runtime alone.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * fix: resolve relative agentDataHome paths from project root
    
    Project config values like ".ecc-data" now resolve against the
    repository root (parent of .cursor/), not process.cwd(), so Cursor
    hooks persist memory in the intended directory regardless of hook cwd.
    
    Addresses cubic review on PR #2066.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * docs: explain getHomeDir duplicate and docstring policy
    
    Document why agent-data-home keeps a local home-dir helper (circular
    require with utils.js) and list consolidation options for maintainers.
    Note that CodeRabbit JSDoc coverage warnings are informational relative
    to ECC's usual script documentation style.
    
    Addresses cubic P2 context on PR #2066.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * test: isolate agent-data-home tests from dogfooded .cursor config
    
    Use isolated temp cwd for default-resolution cases and assert
    resolveAgentDataHome({ projectDir }) reads ecc-agent-data.json.
    Document cwd/project caveats in the test file header.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    ---------
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
  • fix: retire rules/zh from the always-loaded default rules install (#2170)
    rules/zh shipped ~17KB of Chinese rule text into the auto-loaded rules tree
    of every default install (rules-core installs the bare 'rules' path with
    defaultInstall: true), with no paths: frontmatter gating. The content had
    also drifted behind both rules/common and the maintained translations in
    docs/zh-CN/rules/common (e.g. zh/coding-style.md 48 lines vs the 52-line
    docs/zh-CN copy), and 'zh' was already dropped from the installer's language
    help in favor of the gated docs-zh-cn locale module (--locale zh-CN).
    
    - move rules/zh/code-review.md to docs/zh-CN/rules/common/code-review.md:
      the only file with no counterpart in the maintained locale tree (fills a
      zh-CN parity gap with rules/common/code-review.md)
    - delete the remaining 10 rules/zh files, all older duplicates of
      docs/zh-CN/rules/common content
    - update trae-install test to assert the rules tree via rules/web instead
    
    Not addressed here: rules/README.md (~5.5KB of installer docs) still ships
    into the auto-loaded tree via the bare 'rules' module path; filtering README
    files from rule-tree expansion is a separate decision
  • test: skip chmod-based permission tests when running as root (#2171)
    Two tests provoke EACCES via chmod (saveAliases backup double failure,
    appendSessionContent on a read-only file) and already skip on win32, but
    root ignores file modes so both fail when the suite runs as root (for
    example in a default Docker container). Every other chmod-based test in
    the repo already guards with process.getuid?.() === 0; these two were the
    only ones missing the guard. Apply the same skip condition and message.
  • test: guard broken-symlink tests so the suite passes on Windows (#2176)
    * test: guard broken-symlink tests so the suite passes on Windows
    
    Four test cases create a dangling symlink with fs.symlinkSync() to exercise
    statSync catch branches, but did not guard for platforms where symlink
    creation is not permitted. On Windows without Developer Mode / admin rights,
    fs.symlinkSync throws EPERM, so these tests fail and `npm test` is red:
    
      - tests/ci/validators.test.js (Round 73, validate-commands skill entry)
      - tests/lib/session-manager.test.js (Round 83, getAllSessions)
      - tests/lib/session-manager.test.js (Round 84, getSessionById)
      - tests/lib/utils.test.js (Round 84, findFiles)
    
    Wrap each symlinkSync in try/catch and skip cleanly on failure, mirroring the
    existing convention already used in this repo (validators.test.js Round 57 and
    hooks/config-protection.test.js). On Linux/macOS and admin Windows the symlink
    still succeeds and the tests run unchanged; only the unsupported-symlink path
    now skips instead of failing.
    
    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
    
    * test: only skip symlink tests on EPERM/EACCES, rethrow other errors
    
    Address CodeRabbit review: the catch blocks swallowed every error, which could
    mask a real test/setup failure as a false skip. Inspect err.code and only take
    the skip path for EPERM/EACCES (symlink creation blocked, e.g. Windows without
    Developer Mode); rethrow anything else so genuine failures still surface.
    
    Per the repo coding guideline: never silently swallow errors.
    
    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  • fix(project-detect): match packageKeys on boundaries, not substrings (#2181)
    Framework detection matched a dependency against a framework's packageKeys
    with unbounded substring containment (dep.includes(key)), so any dependency
    whose name merely contained a key was misclassified: `preact` and even
    `reactive` were both detected as `react`.
    
    Match only when the dependency equals the key, or the key is a prefix
    immediately followed by a delimiter (/ . _ -). This still matches every real
    case (react-dom, @remix-run/node, spring-boot-starter, org.springframework.boot,
    github.com/labstack/echo/v4, phoenix_live_view) while excluding preact/reactive
    (and incidentally nextra). Adds regression tests.
    
    Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>
  • feat: worktree-lifecycle service (deterministic conflict prediction + safe GC) (#2164)
    * feat: add worktree-lifecycle service (ecc.worktree-lifecycle.v1)
    
    The "unowned moat" from the orchestrator landscape research: no existing
    tool ships deterministic merge-conflict prediction or a safe worktree GC.
    
    - scripts/lib/worktree-lifecycle/git.js: injectable, hermetic git layer.
      Predicts merge conflicts WITHOUT touching the working tree via
      `git merge-tree`. Strips inherited GIT_* env so it is safe inside hooks.
    - scripts/lib/worktree-lifecycle/lifecycle.js: deterministic state machine
      (main/dirty/conflict/merge-ready/merged/stale/idle) + planCleanup that
      buckets worktrees into remove / salvage / keep. Only fully-merged trees
      are auto-removable; stale (unmerged+inactive) => salvage, never deleted.
    - scripts/worktree-lifecycle.js: CLI (--json/--conflicts/--stale/
      --cleanup-plan/--base/--stale-days/--repo).
    - tests/lib/worktree-lifecycle.test.js: 11 tests (fake-git + real-git).
    
    Safety model mirrors the reference-arch salvage rule, validated by the
    2026-06-05 MacBook->Mac Mini consolidation. Tests: 11/0.
    
    * fix: hermetic git env in session adapters + mcp-inventory lint
    
    - session adapters (codex-worktree, opencode): resolveGitBranch stripped
      no git env, so the "outside a repo" path returned the host branch when
      run inside a git hook (GIT_DIR set). Strip GIT_* before rev-parse.
    - mcp-inventory: fix eslint no-unused-vars (signatures) and a stale
      eslint-disable directive in the merged code.
    
    * test: run each test with inherited git env stripped (hermetic runner)
    
    When the suite runs inside a git hook (pre-push), git sets GIT_DIR/
    GIT_WORK_TREE, which hijack 'git -C <dir>' calls in tests that exercise
    real git, making them operate on the host repo. Strip GIT_* before
    spawning each test so the suite is isolated from ambient git state.
    
    ---------
    
    Co-authored-by: ECC Test <ecc@example.test>
  • feat: MCP inventory (ecc.mcp.v1) — unified cross-harness MCP config view (#2146)
    * feat: add MCP inventory (ecc.mcp.v1) across harnesses
    
    Read-only MCP-gateway groundwork: discover MCP server configs across
    every installed harness, normalize to a canonical ecc.mcp.v1 inventory,
    redact secrets, and report which servers are configured in 2+ harnesses
    (the configure-N-times pain). The read+dedup side of a unified gateway,
    mirroring how the session-adapter layer started read-only.
    
    Readers (per-harness config formats):
    - claude-code: ~/.claude.json mcpServers + project .mcp.json
    - codex: ~/.codex/config.toml [mcp_servers.*] TOML via @iarna/toml
    - opencode: ~/.config/opencode/opencode.json mcp block (command ARRAY)
    
    canonical-mcp.js:
    - normalize transport labels (local=>stdio, remote=>http) to stdio/http/sse
    - merge servers by name across harnesses; flag DRIFT when signatures differ
    - fragmentation report + aggregates
    - SECRET REDACTION: env values stripped to key names; secrets in args
      (--modelApiKey sk-ant-...), inline --flag=secret, and URL userinfo/token
      query params all redacted before storage AND before the dedup signature.
    
    scripts/mcp-inventory.js: CLI (--json, --fragmented, --help).
    tests/lib/mcp-inventory.test.js: 12 tests incl. a regression for the
    real arg-carried-secret leak found while smoke-testing on live configs.
    
    Tests: 12/0. Real-data smoke: 33 servers across 3 harnesses, 21
    configured in 2+ harnesses (7 drift); secret-leak audit clean.
    
    * test: cover reader error paths, collect skip-logic, and CLI main() for mcp-inventory
    
    Lift global branch coverage past the 80% gate (was 79.86%). Adds 6
    tests exercising: missing-file/malformed-JSON/missing-block reader
    fallbacks, codex no-parser path, collect skipping non-function readers
    and swallowing reader errors, CLI usage()/main() help+json+human paths,
    and formatHumanReport no-fragmentation + fragmented-only branches.
    
    Also scrub a real API-key fragment that had leaked into a test fixture;
    all secret-like fixtures are now obviously-fake FAKE... tokens.
    
    mcp-inventory.js branch 30%->93%, collect.js ->100%. Global branch 80.33%.
  • feat: extend session-adapter layer with codex-worktree + opencode adapters (#2145)
    * feat: add codex-worktree session adapter
    
    Adds the third session adapter (after dmux-tmux and claude-history),
    normalizing Codex rollout sessions into the harness-neutral
    ecc.session.v1 snapshot. Reads ~/.codex/sessions rollout JSONL,
    derives objective (skipping the AGENTS.md preamble + leading message
    UUID), model, originator, worktree cwd, and best-effort git branch.
    
    This is step 1 of ECC-2.0-SESSION-ADAPTER-DISCOVERY (move the
    abstraction beyond tmux + Claude-history) and supports the
    wrap/adapt control-pane strategy: ECC reads sessions from any
    harness rather than owning one UX.
    
    - scripts/lib/session-adapters/codex-worktree.js: adapter + rollout parser
    - canonical-session.js: normalizeCodexWorktreeSession
    - registry.js: register adapter, codex/codex-worktree target types
    - tests/lib/session-adapters-codex.test.js: 4 tests (unit + registry routing)
    
    * feat: add opencode session adapter + allow empty intent objective
    
    Adds the fourth session adapter (after dmux-tmux, claude-history,
    codex-worktree), normalizing OpenCode sessions into ecc.session.v1.
    
    Reads ~/.local/share/opencode/storage: session/<project>/ses_*.json
    for metadata (id, directory, title, version, projectID, time) and
    message/<session>/msg_*.json to extract the model (modelID/providerID
    from the first assistant message). Derives objective from the session
    title, treating the auto-generated "New session - <date>" title as no
    objective. Recency-based active/recorded state.
    
    Schema: relax intent.objective from non-empty to allow empty string
    (ensureStringAllowEmpty). Sessions legitimately have no objective yet
    (fresh/auto-titled), and claude-history already emitted "" via
    metadata.title fallback. This fixes a latent over-strict validation.
    
    - scripts/lib/session-adapters/opencode.js: adapter + storage parser
    - canonical-session.js: normalizeOpencodeSession + ensureStringAllowEmpty
    - registry.js: register adapter + opencode target type
    - tests/lib/session-adapters-opencode.test.js: 5 tests
    
    Tests: opencode 5/0, codex 4/0, session-adapters 14/0,
    control-pane-state 10/0, session-inspect 8/0, control-pane 12/0.
    Smoke-tested on a real OpenCode session (140 messages, gpt-5.3-codex).
    
    * test: cover error/fallback branches for codex-worktree + opencode adapters
    
    Lift global branch coverage past the 80% gate (was 79.53%). Adds error
    and fallback path tests: missing-session/unknown-id throws, findRolloutById/
    findSessionInfoById, direct file targets, objective truncation, model
    fallbacks, corrupt-line skip, mtime activity fallback, and the real
    resolveGitBranch path outside a repo.
    
    codex-worktree.js branch 52.8%->78.3%; global branch 80.04%.
  • feat: add dynamic workflow team orchestration surface
    Adds dynamic workflow/team orchestration skills, the content pack, and control-pane work-item/Kanban state DB support. Includes reviewer hardening for state-db CLI validation, optional state DB failure handling, and mergeStateStatus projection.
  • feat: add ECC2 local control pane (#2131)
    * feat: add ECC2 local control pane
    
    * fix: refresh control pane package locks
    
    * test: harden control pane coverage
    
    * test: allow portable control pane shutdown
    
    * test: retry local control pane fetches
    
    * fix: harden control pane error handling
    
    * fix: wrap control pane metadata
  • docs(i18n): add German localization scout (#2029)
    Adds de-DE docs, installer wiring, and locale tests. Pre-validated on current main with install manifest checks, markdownlint, locale-install tests, and ECC 2.0 release-surface tests.
  • fix(install-targets): validate compiled OpenCode plugin before install (#2041)
    Fail fast when the OpenCode home install is attempted from a source checkout without the compiled .opencode/dist payload. PR had the full CI matrix green.
  • test(install-targets): add positive rules assertion to claude-project foreign-path test
    Addresses CodeRabbit review: the negative-only assertions could have
    passed on an empty plan. Add a positive assertion that the non-foreign
    'rules' path is still planned under .claude/rules/ecc so regression to
    zero ops would fail loudly.
  • feat(install-targets): add claude-project (per-project Claude Code) adapter
    Completes the install-target matrix for Claude Code. Until now, ECC's
    Claude support was home-scope only (~/.claude/) via the `claude` target.
    This adds a project-scope counterpart (./.claude/) via a new
    `claude-project` target so teams can install ECC per-repo without
    contaminating ~/.claude/ — matching the existing project-scope adapters
    for Cursor, Antigravity, Gemini, CodeBuddy, Joycode, and Zed.
    
    Symmetric with `claude`:
    - Same namespace under rules/ecc and skills/ecc
    - Same docs/<locale> handling for --locale
    - Same hooks placeholder substitution for hooks.json
    - Reuses claude-home's destination-mapping logic 1:1
    
    Use cases:
    - Monorepos with multiple Flow-managed projects
    - Teams that want ECC scoped per-project without touching ~/.claude/
    - Per-project skill/rule isolation when global install isn't desirable
    
    No breaking change: existing --target claude continues to route to
    claude-home (user-scope) unchanged. New target is opt-in.
    
    Tests
    -----
    - 4 new tests in tests/lib/install-targets.test.js
      (root resolution, lookup-by-id, plan parity with claude, foreign-path filtering)
    - All install-target regression guards (schema enum / SUPPORTED_INSTALL_TARGETS)
      still pass
    - End-to-end smoke: `--target claude-project --profile minimal --dry-run`
      emits 359 ops with destinations rooted at <projectRoot>/.claude/ (parity
      with --target claude which emits 359 ops rooted at ~/.claude/)
  • fix(hooks): avoid escaped quotes in plugin bootstrap
    Generate the inline hook root resolver with single-quoted JavaScript literals so Windows Git Bash does not choke on nested escaped double quotes before Node starts. Refresh hooks.json and add regression coverage for parsed hook commands and installed hook manifests.
  • test(lib): make concurrent-write test actually concurrent + use regex matcher for assert.throws
    Two round-1 review findings in `tests/lib/session-bridge.test.js`,
    both about test correctness rather than the underlying fix:
    
    1. **greptile P1 + coderabbitai Major + cubic P2 (all three): concurrent-write test ran sequentially.**
    
       The test spawned two child processes with two consecutive
       `spawnSync` calls. Because `spawnSync` blocks until the child
       exits, the second writer started *after* the first finished —
       the two writers never overlapped, so the rename race the fix
       targets was never actually exercised. The test would have passed
       with the old broken `${target}.tmp` suffix.
    
       Fix: introduce a one-off "race runner" helper that runs inside
       its own subprocess and uses async `spawn` to start both writers
       simultaneously. The runner waits for both to exit (the event
       loop is local to the runner subprocess, so this stays compatible
       with the synchronous test harness used elsewhere in this file)
       and reports both exit codes plus stderrs on stdout. The test
       then calls the runner via `spawnSync` and parses the result.
       Both writer children now overlap for the duration of their 200
       `writeBridgeAtomic` calls each, which is enough wall time to
       reliably trigger the rename race against the pre-fix code.
    
       Verified: with the fixed `${target}.${pid}.${nonce}.tmp` suffix,
       the test passes; with the old fixed `${target}.tmp` suffix
       reintroduced, it fails as expected (one writer hits ENOENT on
       roughly half its rename calls).
    
    2. **greptile P2 + cubic P3: `assert.throws` used a string as the second argument.**
    
       Node deprecated passing a string as the second argument to
       `assert.throws` years ago: the string is silently treated as
       the assertion failure message (what to print when the function
       does *not* throw) rather than as an error matcher. The check
       passed for any thrown error, not just the rename failure.
    
       Fix: pass a regex matcher as the second arg and keep the
       explanatory text as the third. The regex matches `EISDIR`,
       `EPERM`, `ENOTDIR`, or `ENOENT` because `renameSync` of a
       regular tmp file onto an existing directory raises different
       codes on Linux / macOS / BSD — making the matcher portable
       across CI runners.
    
    Test count unchanged at 14; `npm test` green; `npm run lint` clean.
    
    The two helper files (`tests/__tmp_bridge_writer.js`,
    `tests/__tmp_bridge_race_runner.js`) are written and unlinked
    inside the test's try/finally so they never persist beyond the
    test run.
  • test(lib): concurrent writeBridgeAtomic + tmp-cleanup regression
    Two regression tests pin down the previous two commits' atomic-rename
    fixes:
    
    1. **concurrent writes don't throw ENOENT or corrupt the file** —
       spawns two child Node processes (`tests/__tmp_bridge_writer.js`
       created in-test, cleaned up in finally) that each call
       `writeBridgeAtomic(sid, …)` 200 times against the same session
       ID with independent payloads. Asserts both subprocesses exit 0
       (the previous implementation produced ENOENT on roughly 50% of
       rename calls, all swallowed by the in-test catch) and the final
       bridge file is parseable JSON belonging to one of the two writers
       (last-writer-wins is fine; the contract is *no corruption* and
       *no rename ENOENT*, not data preservation).
    
    2. **tmp file cleanup on rename failure** — pre-creates a directory
       at the target bridge path so `renameSync(tmp, target)` fails,
       calls `writeBridgeAtomic`, asserts the call throws AND that no
       tmp file with the writer's `pid.<nonce>.tmp` prefix is left
       behind in `os.tmpdir()`. The previous code had no cleanup; the
       fix's `try/catch + unlinkSync` keeps tmpdir from accumulating
       orphan files across repeated rename failures.
    
    The first test deliberately writes independent payloads from each
    subprocess so this regression doesn't try to claim a property the
    fix doesn't actually deliver (read-modify-write race in the caller
    is a separate issue and out of scope per PR body).
    
    Test count: 12 → 14 in `tests/lib/session-bridge.test.js`;
    `npm test` green; `npm run lint` clean.
  • feat: add ECC statusline observability hooks
    Salvages the useful statusline/context monitor work from stale PR #1504 while preserving the current continuous-learning hook runner wiring.
    
    Adds the metrics bridge, context monitor, statusline script, shared cost/session bridge utilities, and tests. Fixes the reviewed false loop-detection hash collision for non-file tools, avoids default-session cost inflation, sanitizes statusline task lookup, and records hook payload session IDs in cost-tracker.
  • fix: port continuous-learning observer fixes
    Ports continuous-learning observer signal, storage, remote normalization, and v1 deprecation fixes onto current main.