Harden eternal stack gates and policy contracts

Author: claude

.github/workflows/health.yml

@@ -0,0 +1,52 @@
+name: health
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - "release/**"
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  repo-health:
+    name: Repository Health Checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
+        with:
+          persist-credentials: false
+
+      - name: Set up Node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
+        with:
+          node-version: "22"
+          cache: ""
+
+      - name: Install CLI dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y jq fd-find ripgrep shellcheck
+          sudo ln -sf "$(command -v fdfind)" /usr/local/bin/fd
+
+      - name: Validate generated rule exports
+        run: node scripts/sync-rule-exports.mjs --check
+
+      - name: Hook tests
+        run: tests/test-hooks.sh
+
+      - name: Workflow tool tests
+        run: tests/test-workflow-tools.sh
+
+      - name: Install and rollback tests
+        run: tests/test-install.sh
+
+      - name: Doctor
+        run: scripts/doctor.sh --jobs 4

.gitignore

@@ -15,6 +15,9 @@ coverage/
 plans/
 docs/plans/
 docs/research/
+# Local privacy overlay is intentionally ignored without hiding all .eternal/ state.
+.eternal/privacy-banned-tokens.local
+rules-manifest.local.json
 
 # Never commit private Claude runtime data.
 settings.local.json

CHANGELOG.md

@@ -18,6 +18,31 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 
 ### Deprecated
 
+## v0.5.2
+
+2026-06-16
+
+### Added
+
+- `.github/workflows/health.yml` — CI health workflow for rule export sync, hook tests, workflow tests, install/rollback tests, and doctor.
+- `rules/eternal-saas/project/tcg-contract.md` — scoped TCG/card-domain contract rule module and generated Cursor export.
+
+### Changed
+
+- `scripts/sync-rule-exports.mjs` and `scripts/init-project-rules.sh` — manifest-driven rule sync now validates profile membership, generated Cursor exports, privacy overlays, and install-time Cursor checksums.
+- `rules/eternal-saas/*` — rule host metadata now reflects Claude and Cursor support without claiming unsupported Codex nested context output.
+- `skills/bundled/stripe-best-practices` — hardens Stripe guidance from advisory wording to explicit policy gates for API versions, payment-surface selection, test/migration expectations, and Connect settlement/dispute behavior.
+
+### Fixed
+
+- `scripts/install.sh` — validate source install inputs before any non-dry-run mutation.
+- `hooks/cc-stop-verifier.sh`, `hooks/cc-pretooluse-guard.sh`, and `scripts/code-health-ledger-check.mjs` — close enforcement gaps for invalid Stop JSON, live hook writes, and prompt-only code-health audits.
+- `scripts/update-check.mjs`, `scripts/skill-contract-check.mjs`, `scripts/tool-stack-check.mjs`, and `scripts/doctor.sh` — harden update trust, bundled skill contracts, pinned tool install specs, ShellCheck, privacy scanning, and rule export drift detection.
+
+### Security
+
+- `rules-manifest.json` and `scripts/doctor.sh` — remove tracked private project literals from the privacy gate and support gitignored local banned-token overlays with redacted diagnostics.
+
 ## v0.5.1
 
 2026-06-11
@@ -53,14 +78,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 - `templates/AGENTS.global.md` — portable ~32-line cross-host agent baseline for Codex startup.
 - `templates/AGENTS.override.codex.md` — Codex-specific startup deltas (no slash commands, no hooks, byte budget, skills path).
 - `docs/rules.md` — cross-host rules reference: module catalog, host activation per tool, install and drift-check commands.
-- `docs/adr/0003-cross-host-rule-stack.md` — decision record for the Exodia cross-host rule architecture.
+- `docs/adr/0003-exodia-cross-host-rules.md` — decision record for the Exodia cross-host rule architecture.
 - Codex byte gate in `scripts/doctor.sh` — warns when `~/.codex/AGENTS.md` exceeds 75 % of the configured `project_doc_max_bytes` limit.
 - Manifest assertions in `scripts/doctor.sh` — validates `rules-manifest.json` schema version, `bannedTokens` non-empty, and `rules/eternal-saas/global/` module count.
 - Rollback now restores `rules/eternal-saas` global digest and backed-up Codex startup files (`AGENTS.md`, `AGENTS.override.md`).
 - `scripts/lib/skill-lists.sh` now includes `init-project-rules.sh` in `INSTALL_SCRIPTS` so it deploys to both Claude and Codex homes.
 - Prompt router extended: "prune AGENTS/claude/rules", "rule bloat", "AGENTS.md/CLAUDE.md too long", "trim AGENTS/CLAUDE.md", and "startup file/context too long" prompts now route to `etrnl-ops-agent-files`. Three new skill-triggering fixture cases added.
-- Six project pilots with the eternal-saas pack: core-suite, agency-tbd, tcg-collector, mimo-finance, vivaz-website, and sbcc-portal — each with project-specific `local-overrides.md`, pruned `AGENTS.md`, and removed old flat rule files.
-- sbcc-portal `.gitignore` updated to track `.claude/rules/` while keeping local session state ignored.
+- Six private project pilots with the eternal-saas pack, each with project-specific `local-overrides.md`, pruned `AGENTS.md`, and removed old flat rule files.
+- One private pilot `.gitignore` updated to track `.claude/rules/` while keeping local session state ignored.
 
 ### Changed
 
@@ -73,7 +98,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 
 ### Fixed
 
-- `scripts/plan-readiness-check.mjs` no longer flags hyphenated proper names such as the `agency-tbd` repo as a `TBD` placeholder; standalone `TBD` markers still fail (regression tests in `tests/test-workflow-tools.sh`).
+- `scripts/plan-readiness-check.mjs` no longer flags hyphenated proper names such as the `example-agency` repo as a `TBD` placeholder; standalone `TBD` markers still fail (regression tests in `tests/test-workflow-tools.sh`).
 - `scripts/update-check.mjs` now correctly marks `sync-rule-exports.mjs` as source-only (not installed) to prevent false drift failures.
 - `scripts/update-check.mjs` renamed map includes `doctor.sh → doctor-etrnl.sh` to suppress stale-scripts drift false positives.
 
@@ -94,4 +119,3 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 ### Security
 
 - Public repository boundary: no private identity, credentials, transcripts, or local planning artifacts in tracked files.
-

CREDITS.md

@@ -28,7 +28,9 @@ Eternal Stack is designed as a complete skill family. Policy, review, simplifica
 | `better-auth`, `tenant-isolation-patterns`, `money-vo-discipline` | Auth, tenancy, and money discipline | Community / upstream skill bundles |
 | `stripe-best-practices`, `abacatepay-integration` | Payments review | Community / upstream skill bundles |
 | `ci-cd` | CI helper scripts referenced by `/etrnl-dev-ci` | Community skill bundle |
-| `domain-*`, `i18n-localization`, and related domain skills | Domain-specific review gates | Community / upstream skill bundles |
+| `domain-cli`, `domain-cloud-native`, `domain-embedded`, `domain-fintech`, `domain-iot`, `domain-ml`, `domain-web` | Domain-specific review gates | Community / upstream skill bundles |
+| `prisma-expert` | Prisma schema and query review | Community / upstream skill bundle |
+| `i18n-localization` | Locale and translation review | Community / upstream skill bundle |
 
 The full inventory and routing notes live in [docs/skills.md](docs/skills.md).
 

README.md

@@ -53,7 +53,7 @@ tests/test-hooks.sh
 
 **Hooks** — enforcement at tool boundaries. Full catalog and lifecycle wiring: [docs/hooks.md](docs/hooks.md). Pretool and stop rules: [docs/guards.md](docs/guards.md). Regression: [tests/test-hooks.sh](tests/test-hooks.sh).
 
-**Skills** — repeatable workflows as `/etrnl-*` commands, grouped by namespace (`dev`, `audit`, `ops`, `comm`). Inventory: [docs/skills.md](docs/skills.md).
+**Skills** — repeatable workflows as `/etrnl-*` commands, grouped by namespace (`dev`, `audit`, `ops`, `comm`). Bundled domain skills include `domain-cli`, `domain-cloud-native`, `domain-embedded`, `domain-fintech`, `domain-iot`, `domain-ml`, and `domain-web`. Inventory: [docs/skills.md](docs/skills.md).
 
 **Scripts** — deterministic helpers for ledgers, browser QA, workflow health, code-health inventory, deep-audit validation, and release hygiene.
 

VERSION

@@ -1 +1 @@
-0.5.1
+0.5.2

commands/email-triage.md

@@ -1,5 +1,5 @@
 ---
-description: Run VIVAZ email Inbox Zero triage for one account, then open the action queue.
+description: Run managed email Inbox Zero triage for one account, then open the action queue.
 argument-hint: <account-id>
 allowed-tools: Bash
 ---
@@ -8,41 +8,41 @@ Account argument from the slash command: `$ARGUMENTS`
 
 Treat the argument as the account id. If it is empty, ask the repository owner for the account id and stop.
 
-Do not handwrite Gmail commands. Do not send email. Do not mutate Gmail outside the VIVAZ email runtime.
-Do not run `vivaz-email triage run` for this slash command. That is a dry classification path and does not clear INBOX.
+Do not handwrite Gmail commands. Do not send email. Do not mutate Gmail outside the managed email runtime.
+Do not run `etrnl-email triage run` for this slash command. That is a dry classification path and does not clear INBOX.
 
 Phase 1 is Inbox Zero. Triage every email in INBOX, archive known bad-quality emails, label action/waiting/manual-review items, remove them from INBOX, and provider-verify INBOX is zero:
 
 ```bash
-vivaz-email triage guarded-run --account <account-id> --max-inbox 500 --apply --require-insights
+etrnl-email triage guarded-run --account <account-id> --max-inbox 500 --apply --require-insights
 ```
 
 Verify the queue run before opening any queue:
 
 ```bash
-vivaz-email triage verify --latest --account <account-id>
+etrnl-email triage verify --latest --account <account-id>
 ```
 
 If verification does not show `inbox_zero_verified: true`, `inbox_count: 0`, and either `gmail_mutated: true` or `queue_ready_without_mutation: true`, do not show queue items. Continue Inbox Zero triage first or paste the runtime blocker.
 
 If `guarded-run` exits with `TRIAGE_GUARD_ML_DISAGREED`, do not ask the repository owner whether to continue. Inspect the runtime evidence, patch deterministic triage rules/cache when appropriate, then rerun the guarded command:
 
 ```bash
-vivaz-email triage guarded-run --account <account-id> --max-inbox 500 --apply --require-insights
-vivaz-email triage ml-reviews --latest --account <account-id> --limit 20
-vivaz-email triage report --latest --account <account-id> --include-failures --format markdown
+etrnl-email triage guarded-run --account <account-id> --max-inbox 500 --apply --require-insights
+etrnl-email triage ml-reviews --latest --account <account-id> --limit 20
+etrnl-email triage report --latest --account <account-id> --include-failures --format markdown
 ```
 
 Phase 2 starts only after Inbox Zero is verified. Use the queue run id emitted by the runtime, then show exactly one action/reply queue item:
 
 ```bash
-vivaz-email triage queue --run-id <run-id> --mode reply --format markdown --next
+etrnl-email triage queue --run-id <run-id> --mode reply --format markdown --next
 ```
 
 If the queue item shows a proposed reply with a draft id, run the outgoing reply checker before asking the repository owner to approve or send it:
 
 ```bash
-vivaz-email drafts check --draft-id <draft-id>
+etrnl-email drafts check --draft-id <draft-id>
 ```
 
 If the checker returns any issue, stop and surface the failed draft check with the exact issue list. Do not improvise manual rewrites, and do not ask the repository owner to approve or send a failed draft until the runtime provides a checked replacement draft.

docs/adr/0003-exodia-cross-host-rules.md

@@ -7,11 +7,11 @@ date: 2026-06-10
 
 ## Context
 
-Claude Code, Codex, and Cursor each provide native agent-context surfaces (`.claude/rules/` with `paths:` frontmatter, `AGENTS.md` nesting, and `.mdc` with `globs`), but the rule content is currently authored separately for each project. This creates drift, duplication, and inconsistent enforcement surfaces across repos.
+Claude Code, Codex, and Cursor each provide native agent-context surfaces (`.claude/rules/` with `paths:` frontmatter, global `AGENTS.md` startup context, and `.mdc` with `globs`), but the rule content is currently authored separately for each project. This creates drift, duplication, and inconsistent enforcement surfaces across repos.
 
 Host features verified on 2026-06-10:
 - **Claude Code** natively loads `.claude/rules/` and `~/.claude/rules/` with `paths:` frontmatter scoping; no hooks needed.
-- **Codex** reads `~/.codex/AGENTS.md` and `AGENTS.override.md`; nested `AGENTS.md` files are its only depth mechanism; no glob or import syntax.
+- **Codex** reads `~/.codex/AGENTS.md` and `AGENTS.override.md`; this repo installs the global startup digest and does not install project-depth rule modules for Codex.
 - **Cursor** `.mdc` files with `globs`, `description`, and `alwaysApply` are native; Cursor has no user-level rules directory (settings UI only).
 
 `scripts/install.sh` already syncs `rules/etrnl` to `~/.claude/rules/etrnl` with an atomic tmp/old swap and implements `ETRNL_INSTALL_STARTUP` gating for startup files. The bundled skill family already publishes Eternal-stack patterns publicly (`money-vo-discipline`, `abacatepay-integration`, `eternal-best-practices`).
@@ -24,11 +24,11 @@ This record is ADR 0003. ADR 0002 is taken by `etrnl-state-and-compact-handoff`.
 
 ### 2. Privacy boundary
 
-The `eternal-saas` rule pack ships publicly. Excluded from tracked rule files: client business names, account facts, credentials, transcripts, and personal identity. Client-repo rollout lists stay in local gitignored planning paths. Enforcement: `rules-manifest.json` carries `privacy.bannedTokens`; `sync-rule-exports.mjs --check` fails when a tracked rule file contains one.
+The `eternal-saas` rule pack ships publicly. Excluded from tracked rule files: client business names, account facts, credentials, transcripts, and personal identity. Client-repo rollout lists stay in local gitignored planning paths. Enforcement: `rules-manifest.json` carries generic privacy sentinel tokens plus optional untracked local token files; `sync-rule-exports.mjs --check` fails when a tracked rule file contains one.
 
-### 3. Codex scoped depth via nested AGENTS.md
+### 3. Codex uses the startup digest
 
-Each rule module may declare `codexNested: <relative-dir>`; `sync-rule-exports.mjs` emits a nested `AGENTS.md` for declared modules; undeclared modules ride the root digest only. No import syntax exists in Codex — `@` imports are never used in Codex files.
+The project rule pack installs to Claude Code and Cursor project surfaces. Codex receives the shared baseline through `~/.codex/AGENTS.md` and `AGENTS.override.md`; no nested project `AGENTS.md` files are generated by `sync-rule-exports.mjs` or `init-project-rules.sh`.
 
 ### 4. Byte budget is read, not assumed
 
@@ -48,7 +48,7 @@ All project-pack installs use file copies. Symlinks break for other clones, CI,
 
 ## Consequences
 
-- One source of truth for rule content; Claude `.claude/rules/`, Cursor `.mdc`, and Codex `AGENTS.md` files are generated or installed from the same module.
+- One source of truth for project rule content; Claude `.claude/rules/` and Cursor `.mdc` files are generated or installed from the same module. Codex receives the global baseline through startup files.
 - `sync-rule-exports.mjs --check` in the test suite prevents host-twin drift and banned-token leaks.
 - The byte-gate in `doctor.sh` keeps Codex context under the effective limit; the explicit fallback prevents silent overflow.
 - Checksum-tracked installs let pilot repos self-classify drift without re-running install.

docs/eternal-stack-coverage.md

@@ -27,7 +27,13 @@ Status key: `done` means implemented in this repo; `live-gated` means intentiona
 Eternal Stack is a bundled skill family: `etrnl-*` orchestration from this repo plus policy, review, and domain skills that install on the host and are routed by hooks and workflows. See `docs/skills.md` for the full inventory. Representative bundled skills:
 
 - `eternal-best-practices`
-- `domain-*`
+- `domain-cli`
+- `domain-cloud-native`
+- `domain-embedded`
+- `domain-fintech`
+- `domain-iot`
+- `domain-ml`
+- `domain-web`
 - `better-auth`
 - `tenant-isolation-patterns`
 - `money-vo-discipline`

docs/health-stack.md

@@ -126,6 +126,8 @@ node scripts/update-check.mjs --explain
 scripts/post-upgrade-canary.sh
 ```
 
+- `.github/workflows/health.yml` runs the repository health pipeline in GitHub Actions on every pull request, on pushes to `main`, and on pushes to `release/**` branches. The workflow validates generated rule exports, then runs `tests/test-hooks.sh`, `tests/test-workflow-tools.sh`, `tests/test-install.sh`, and `scripts/doctor.sh --jobs 4`.
+- The workflow is the hosted counterpart to the Required Gates block above: `sync-rule-exports.mjs --check` covers generated rule drift, the hook/workflow/install suites cover runtime behavior and rollback safety, and `scripts/doctor.sh --jobs 4` replays the aggregated syntax, ShellCheck, manifest, privacy, documentation, and heavy-suite health checks.
 - `scripts/workflow-health.mjs` reads run ledgers in parallel with `ETRNL_LEDGER_READ_CONCURRENCY` (default `8`, capped at `12` for constrained systems). `workflow-health.mjs status` is the concise text surface used by SessionStart hints; `status --json` is the machine-readable surface for active run id, unfinished work, missing artifacts, browser/context freshness, phase/UAT state, stale run count, and the next deterministic action. Use `workflow-health.mjs doctor --strict` or `ETRNL_WORKFLOW_HEALTH_STRICT=1` when live runtime findings must fail closed instead of remaining diagnostic.
 - `tool-effectiveness.mjs` summarizes sanitized local tool events into deterministic `keep`, `enforce`, `repo-specific`, `remove-watch`, or `insufficient-data` verdicts. It reads hook tool-signal state, optional local event artifacts, and explicit Codex imports; it rejects raw prompts, transcript text, secrets, private transcript paths, and tracked private project names. Use the seven-day `summarize` command above to revisit CodeGraph, Beads, and stolen hook patterns without manual log reading.
 - `etrnl-state.mjs` is the canonical local state helper for compact lifecycle and small workflow events. It writes append-only JSONL under `~/.claude/etrnl/state`, rebuilds compact handoff views, rejects raw prompts/transcripts/private paths/secrets before append, and exposes `compact-handoff`, `stop-status`, `doctor`, `bead-link`, and `bead-prime-audit`. Hook hot paths may use bounded state appends and queries only.