From bb1d9cb42870bc56e7edfbe7447bb11cce867189 Mon Sep 17 00:00:00 2001
From: Rhuan Barreto <rhuan@barreto.work>
Date: Fri, 29 May 2026 02:05:07 +0200
Subject: [PATCH 1/5] feat(adr): convert agent-memory patterns into enforced
 ADR rules

Consolidate the archgate-developer agent memory (fix stale Bun version,
remove a dead pointer, correct skill names) and codify enforceable
"Patterns & Fixes" entries as machine-checkable ADR rules.

- GEN-003: enable rules - ban bunx/npx of lint/format tools and bare
  `bun test` in CI; fix smoke-test-windows.yml accordingly
- ARCH-001: add no-top-level-await-in-entry rule for src/cli.ts
- ARCH-017: enable rules - forbid an npm `main` field on the thin shim
- ARCH-018: new ADR - lazy-load heavy deps (inquirer, @sentry, posthog)
- ARCH-019: new ADR - wrap inquirer prompts in withPromptFix()
- ARCH-020: new ADR - Bun.Glob.scan must pass { dot: true }
- ARCH-021: new ADR - PowerShell scripts must be ASCII-only
- Route the format-on-save hook through `bun run format:file` (no bunx)

archgate check: 39/39 rules pass.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
---
 .archgate/adrs/ARCH-001-command-structure.md  |  3 +-
 .../adrs/ARCH-001-command-structure.rules.ts  | 46 ++++++++++
 .../ARCH-017-multi-ecosystem-distribution.md  | 13 ++-
 ...-017-multi-ecosystem-distribution.rules.ts | 30 +++++++
 .../ARCH-018-lazy-load-heavy-dependencies.md  | 87 +++++++++++++++++++
 ...-018-lazy-load-heavy-dependencies.rules.ts | 55 ++++++++++++
 .../adrs/ARCH-019-inquirer-prompt-fix.md      | 76 ++++++++++++++++
 .../ARCH-019-inquirer-prompt-fix.rules.ts     | 61 +++++++++++++
 .../ARCH-020-glob-scan-include-dotfiles.md    | 68 +++++++++++++++
 ...CH-020-glob-scan-include-dotfiles.rules.ts | 46 ++++++++++
 .../ARCH-021-ascii-only-powershell-scripts.md | 77 ++++++++++++++++
 ...021-ascii-only-powershell-scripts.rules.ts | 51 +++++++++++
 .../GEN-003-tool-invocation-via-scripts.md    |  9 +-
 ...N-003-tool-invocation-via-scripts.rules.ts | 77 ++++++++++++++++
 .../agent-memory/archgate-developer/MEMORY.md | 32 +++----
 .claude/settings.json                         |  6 +-
 .github/workflows/smoke-test-windows.yml      |  2 +-
 CLAUDE.md                                     |  2 +-
 package.json                                  |  1 +
 19 files changed, 715 insertions(+), 27 deletions(-)
 create mode 100644 .archgate/adrs/ARCH-017-multi-ecosystem-distribution.rules.ts
 create mode 100644 .archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.md
 create mode 100644 .archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.rules.ts
 create mode 100644 .archgate/adrs/ARCH-019-inquirer-prompt-fix.md
 create mode 100644 .archgate/adrs/ARCH-019-inquirer-prompt-fix.rules.ts
 create mode 100644 .archgate/adrs/ARCH-020-glob-scan-include-dotfiles.md
 create mode 100644 .archgate/adrs/ARCH-020-glob-scan-include-dotfiles.rules.ts
 create mode 100644 .archgate/adrs/ARCH-021-ascii-only-powershell-scripts.md
 create mode 100644 .archgate/adrs/ARCH-021-ascii-only-powershell-scripts.rules.ts
 create mode 100644 .archgate/adrs/GEN-003-tool-invocation-via-scripts.rules.ts

diff --git a/.archgate/adrs/ARCH-001-command-structure.md b/.archgate/adrs/ARCH-001-command-structure.md
index f5adecc1..37018410 100644
--- a/.archgate/adrs/ARCH-001-command-structure.md
+++ b/.archgate/adrs/ARCH-001-command-structure.md
@@ -200,7 +200,8 @@ export function registerAdrCommand(program: Command) {
 
 - **Archgate rule** ARCH-001/register-function-export: Scans all command files under src/commands/ (excluding index.ts group files) and verifies each exports a register\*Command function. Severity: error.
 - **Archgate rule** ARCH-001/no-business-logic: Detects complex data transformation patterns in command files that should be in helpers. Severity: error.
-- **Build check** bun run build:check: Compiles src/cli.ts with bun build --compile --bytecode as part of bun run validate. A top-level await regression causes an immediate, descriptive parse error.
+- **Archgate rule** ARCH-001\no-top-level-await-in-entry: Scans src/cli.ts for top-level await (await outside an indented function body) and flags it before a compile is needed. Severity: error.
+- **Build check** bun run build:check: Compiles src/cli.ts with bun build --compile --bytecode as part of bun run validate. A top-level await regression causes an immediate, descriptive parse error. This remains the authoritative check; the rule above is a fast local early-warning.
 
 ### Manual Enforcement
 
diff --git a/.archgate/adrs/ARCH-001-command-structure.rules.ts b/.archgate/adrs/ARCH-001-command-structure.rules.ts
index 4fc8e2e1..5095e404 100644
--- a/.archgate/adrs/ARCH-001-command-structure.rules.ts
+++ b/.archgate/adrs/ARCH-001-command-structure.rules.ts
@@ -44,5 +44,51 @@ export default {
         }
       },
     },
+    "no-top-level-await-in-entry": {
+      description:
+        "src/cli.ts must not use top-level await (bun build --compile --bytecode rejects it)",
+      severity: "error",
+      async check(ctx) {
+        // The CLI entry point is the only file compiled with --bytecode, so the
+        // top-level-await ban applies specifically to it. Read directly rather
+        // than via scopedFiles (which is scoped to src/commands/**). `bun run
+        // build:check` is the authoritative backstop; this rule is a fast,
+        // local early-warning that does not require a full compile.
+        let content: string;
+        try {
+          content = await ctx.readFile("src/cli.ts");
+        } catch {
+          return;
+        }
+
+        const awaitWord = /\bawait\b/u;
+        const lines = content.split("\n");
+        for (const [index, line] of lines.entries()) {
+          // Lines indented >= 2 spaces are inside a function body (2-space
+          // indentation) and are therefore not top-level.
+          const leading = line.length - line.trimStart().length;
+          if (leading >= 2) continue;
+
+          const trimmed = line.trimStart();
+          if (
+            trimmed.startsWith("//") ||
+            trimmed.startsWith("*") ||
+            trimmed.startsWith("/*")
+          ) {
+            continue;
+          }
+
+          if (awaitWord.test(line)) {
+            ctx.report.violation({
+              message:
+                "Top-level await in src/cli.ts breaks `bun build --compile --bytecode`",
+              file: "src/cli.ts",
+              line: index + 1,
+              fix: "Move async bootstrap logic into `async function main()` and call `main().catch(...)`",
+            });
+          }
+        }
+      },
+    },
   },
 } satisfies RuleSet;
diff --git a/.archgate/adrs/ARCH-017-multi-ecosystem-distribution.md b/.archgate/adrs/ARCH-017-multi-ecosystem-distribution.md
index a3d68aa3..604f9e85 100644
--- a/.archgate/adrs/ARCH-017-multi-ecosystem-distribution.md
+++ b/.archgate/adrs/ARCH-017-multi-ecosystem-distribution.md
@@ -2,7 +2,7 @@
 id: ARCH-017
 title: Multi-Ecosystem Distribution
 domain: distribution
-rules: false
+rules: true
 ---
 
 # Multi-Ecosystem Distribution
@@ -61,6 +61,7 @@ All shims produce identical user-facing error messages on stderr:
 - Don't add runtime dependencies to any shim package
 - Don't use a different cache location per ecosystem
 - Don't skip SHA256 verification
+- Don't add a top-level `main` field to the root `package.json` — npm always includes the `main` entry point in the published tarball regardless of the `files` array, which would bundle the CLI source into the thin shim. The npm package exposes only `bin/archgate.cjs` (and sub-path exports like `./rules`); it needs no default entry point.
 
 ## Consequences
 
@@ -77,6 +78,16 @@ All shims produce identical user-facing error messages on stderr:
 - Multiple codebases to maintain (one per ecosystem), though the logic is simple and rarely changes
 - Network dependency on GitHub Releases for the initial download
 
+## Compliance and Enforcement
+
+### Automated
+
+- **Archgate rule** ARCH-017/no-npm-main-field: Verifies the root `package.json` has no top-level `main` field, so the npm shim never bundles the CLI entry point. Severity: error.
+
+### Manual
+
+Code reviewers MUST verify new shims download (never bundle) the binary, add zero runtime dependencies, share the `~/.archgate/bin/` cache, and register their version file in `.simple-release.js` and the ARCH-013 companion rule.
+
 ## References
 
 - [ARCH-013 -- Version Synchronization](./ARCH-013-version-synchronization.md) -- Enforces version parity across all shim packages
diff --git a/.archgate/adrs/ARCH-017-multi-ecosystem-distribution.rules.ts b/.archgate/adrs/ARCH-017-multi-ecosystem-distribution.rules.ts
new file mode 100644
index 00000000..bd4b3380
--- /dev/null
+++ b/.archgate/adrs/ARCH-017-multi-ecosystem-distribution.rules.ts
@@ -0,0 +1,30 @@
+/// <reference path="../rules.d.ts" />
+
+export default {
+  rules: {
+    "no-npm-main-field": {
+      description:
+        "Root package.json must not declare a `main` field — npm always publishes it, bundling the CLI into the thin shim",
+      severity: "error",
+      async check(ctx) {
+        let pkgJson: Record<string, unknown>;
+        try {
+          pkgJson = (await ctx.readJSON("package.json")) as Record<
+            string,
+            unknown
+          >;
+        } catch {
+          return;
+        }
+
+        if ("main" in pkgJson) {
+          ctx.report.violation({
+            message: `package.json declares a "main" field ("${String(pkgJson.main)}") — npm always includes it in the published tarball, bundling the CLI entry point into the thin shim`,
+            file: "package.json",
+            fix: 'Remove the "main" field; the npm package exposes only bin/archgate.cjs and sub-path exports (e.g. "./rules")',
+          });
+        }
+      },
+    },
+  },
+} satisfies RuleSet;
diff --git a/.archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.md b/.archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.md
new file mode 100644
index 00000000..834eb4eb
--- /dev/null
+++ b/.archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.md
@@ -0,0 +1,87 @@
+---
+id: ARCH-018
+title: Lazy-Load Heavy Dependencies
+domain: architecture
+rules: true
+files: ["src/**/*.ts"]
+---
+
+# Lazy-Load Heavy Dependencies
+
+## Context
+
+The CLI is a single compiled binary whose entry point (`src/cli.ts`) statically imports every command's `register*Command` function so the help text and argument parser can be built. Static imports are evaluated eagerly: the moment `src/cli.ts` runs, the entire transitive import graph is parsed and executed — even for `archgate --help`, `archgate --version`, or any non-interactive command.
+
+Several dependencies are large enough that parsing them dominates cold-start latency:
+
+- **`inquirer`** (~200ms to parse) — only needed by interactive flows (`init`, `login`, `adr create`, `adr import`, `adr sync`, editor detection).
+- **`posthog-node`** — only needed when telemetry is enabled and an event is actually sent.
+- **`@sentry/node-core`** — only needed when error reporting initializes.
+
+If these are imported statically at module load, every invocation pays their parse cost. For a CLI whose most common interactions are fast, non-interactive commands (and machine/agent invocations of `check`, `review-context`, `session-context`), that cost is pure waste.
+
+### Alternatives Analysis
+
+**Static imports everywhere (status quo for small deps)**: Simple, but forces every invocation to parse heavy modules it will never use. Rejected for heavy deps.
+
+**Dynamic `import()` at the call site**: `const { default: inquirer } = await import("inquirer")` inside the function that needs it. The module is parsed only when that code path runs. This is the chosen approach.
+
+**Eager-start / lazy-await for init-style work**: For SDKs that must initialize early but whose result is only needed later (Sentry, telemetry), start the async work before command registration and `await` it only at the first point of use (the `preAction` hook). This overlaps the cost with other startup work and skips it entirely for `--help`/`--version` which never reach `preAction`.
+
+## Decision
+
+Heavy dependencies MUST be loaded with dynamic `import()` at the point of use, never statically imported for their runtime value at module top level.
+
+This applies to `inquirer`, `posthog-node`, `@sentry/*`, and any future dependency whose parse cost is significant and whose use is confined to specific code paths.
+
+**Type-only imports are exempt.** `import type { PostHog } from "posthog-node"` and `import type * as SentryNs from "@sentry/node-core/light"` are erased at compile time and carry zero runtime cost — they are required for type safety and are allowed.
+
+**Eager-start / lazy-await is permitted** for SDKs that must initialize early: start the init promise before command registration, then `await` it in the `preAction` hook so `--help`/`--version` skip it (see `src/cli.ts`, `initSentry()` + `initTelemetry()`).
+
+## Do's and Don'ts
+
+### Do
+
+- **DO** load `inquirer` with `const { default: inquirer } = await import("inquirer")` inside the action handler or helper that prompts
+- **DO** load `posthog-node` / `@sentry/*` SDK values with dynamic `import()` inside their init functions
+- **DO** use `import type { ... }` for type-only references to these modules — it is free at runtime
+- **DO** prefer eager-start + lazy-await (in `preAction`) for SDKs that need early initialization but whose result is consumed later
+
+### Don't
+
+- **DON'T** write `import inquirer from "inquirer"` (or any value import of a heavy module) at module top level
+- **DON'T** statically `import { PostHog } from "posthog-node"` for its value — use `import type` plus a dynamic `import()`
+- **DON'T** import heavy SDKs transitively through a statically-imported helper that runs at load time — keep the dynamic boundary at the SDK
+
+## Consequences
+
+### Positive
+
+- **Fast cold start** for the common case: `--help`, `--version`, and non-interactive commands never parse interactive/telemetry/error SDKs
+- **Agent-friendly**: machine invocations of `check`/`review-context` pay only for what they use
+- **Localized cost**: each heavy module's parse time is attributed to the one code path that needs it
+
+### Negative
+
+- **Slight verbosity**: call sites use `await import()` instead of a top-of-file import
+- **`await` required at the call site**: the consuming function must be async (already true for command actions)
+
+### Risks
+
+- **A new heavy dependency added with a static import**: silently reintroduces the cold-start tax. **Mitigation:** the companion rule flags value-level static imports of the known heavy modules; extend `HEAVY_MODULES` when adding a new one.
+
+## Compliance and Enforcement
+
+### Automated
+
+- **Archgate rule** ARCH-018/no-static-heavy-import: Scans `src/**/*.ts` for value-level static imports of heavy modules (`inquirer`, `posthog-node`, `@sentry/*`). `import type` is allowed. Severity: error.
+
+### Manual
+
+Code reviewers MUST verify that any newly added large dependency is loaded via dynamic `import()` at its point of use, and that `HEAVY_MODULES` in the companion rule is updated to cover it.
+
+## References
+
+- [ARCH-001: Command Structure](./ARCH-001-command-structure.md) — `src/cli.ts` statically imports all command register functions; this ADR keeps their transitive heavy deps lazy
+- [ARCH-006: Dependency Policy](./ARCH-006-dependency-policy.md) — governs which dependencies are permitted at all
+- [ARCH-019: Interactive Prompts via withPromptFix](./ARCH-019-inquirer-prompt-fix.md) — companion rule for the `inquirer` usage this ADR keeps lazy
diff --git a/.archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.rules.ts b/.archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.rules.ts
new file mode 100644
index 00000000..70c72ecc
--- /dev/null
+++ b/.archgate/adrs/ARCH-018-lazy-load-heavy-dependencies.rules.ts
@@ -0,0 +1,55 @@
+/// <reference path="../rules.d.ts" />
+
+// Dependencies heavy enough that their parse cost should never be paid by
+// invocations that don't use them. Value-level static imports of these are
+// banned; `import type` is fine (erased at compile time). See ARCH-018.
+const HEAVY_MODULES = ["inquirer", "posthog-node", "@sentry/"];
+
+export default {
+  rules: {
+    "no-static-heavy-import": {
+      description:
+        "Heavy dependencies (inquirer, posthog-node, @sentry/*) must be loaded via dynamic import(), not statically imported for their value",
+      severity: "error",
+      async check(ctx) {
+        const files = ctx.scopedFiles.filter((f) => f.endsWith(".ts"));
+
+        const checks = files.map(async (file) => {
+          let content: string;
+          try {
+            content = await ctx.readFile(file);
+          } catch {
+            return;
+          }
+          const lines = content.split("\n");
+
+          for (const [index, line] of lines.entries()) {
+            // Only consider static `import ... from "..."` statements.
+            const fromMatch = line.match(
+              /^\s*import\s+(?<clause>[^;]*?)\s+from\s+["'](?<source>[^"']+)["']/u
+            );
+            if (!fromMatch?.groups) continue;
+
+            const { clause, source } = fromMatch.groups;
+
+            // `import type ...` is erased at runtime — always allowed.
+            if (/^type\b/u.test(clause.trim())) continue;
+
+            const isHeavy = HEAVY_MODULES.some((mod) =>
+              mod.endsWith("/") ? source.startsWith(mod) : source === mod
+            );
+            if (!isHeavy) continue;
+
+            ctx.report.violation({
+              message: `Static value import of heavy module "${source}" forces every CLI invocation to parse it`,
+              file,
+              line: index + 1,
+              fix: `Load it lazily: \`const { default: x } = await import("${source}")\` at the point of use (or use \`import type\` for type-only references)`,
+            });
+          }
+        });
+        await Promise.all(checks);
+      },
+    },
+  },
+} satisfies RuleSet;
diff --git a/.archgate/adrs/ARCH-019-inquirer-prompt-fix.md b/.archgate/adrs/ARCH-019-inquirer-prompt-fix.md
new file mode 100644
index 00000000..5f35c5e9
--- /dev/null
+++ b/.archgate/adrs/ARCH-019-inquirer-prompt-fix.md
@@ -0,0 +1,76 @@
+---
+id: ARCH-019
+title: Interactive Prompts via withPromptFix
+domain: architecture
+rules: true
+files: ["src/**/*.ts"]
+---
+
+# Interactive Prompts via withPromptFix
+
+## Context
+
+When `inquirer` creates a readline interface on Windows, it enables Virtual Terminal Processing (VTP) and sets the console flag `DISABLE_NEWLINE_AUTO_RETURN`. That flag is **never restored** after the prompt closes. The consequence is global and persistent: once any inquirer prompt has run, a bare `\n` no longer returns the cursor to column 0 for **all subsequent output** in the same process — not just during the prompt. Tables, summaries, and multi-line messages printed after an interactive flow render as a staircase.
+
+An earlier per-prompt `cursorTo(process.stdout, 0)` fix only corrected the cursor position on the answer line; it did not address the console-mode change, so later output was still broken.
+
+The root-cause fix lives in `src/helpers/prompt.ts`, which exports `withPromptFix()`. It applies an idempotent, permanent patch to `process.stdout.write` that translates bare `\n` to `\r\n` (via the `(?<!\r)\n` pattern) and resets the cursor to column 0 after each prompt. Because the damage is process-global, the fix only works if **every** inquirer prompt goes through `withPromptFix()` — a single unwrapped prompt re-breaks newline handling for the rest of the process.
+
+### Alternatives Analysis
+
+**Wrap each prompt individually with ad-hoc cursor fixes**: Insufficient — it doesn't undo the console-mode change, only the cursor position. Rejected.
+
+**Patch `process.stdout.write` once at startup unconditionally**: Pays the patch cost (and behavior change) even for runs that never prompt, and is harder to reason about. `withPromptFix()` applies the patch lazily on first prompt and is idempotent thereafter. Chosen.
+
+**Mandatory wrapper at every call site (`withPromptFix(() => inquirer.prompt(...))`)**: Keeps the fix co-located with the prompt and is mechanically checkable. Chosen.
+
+## Decision
+
+Every `inquirer.prompt(...)` call MUST be wrapped in `withPromptFix(() => ...)` from `src/helpers/prompt.ts`. There are no exceptions: one unwrapped prompt corrupts newline handling for the remainder of the process.
+
+Note: `inquirer` itself is loaded lazily (see ARCH-018). The `withPromptFix` wrapper is independent of how `inquirer` is imported — it governs how the prompt is _invoked_.
+
+## Do's and Don'ts
+
+### Do
+
+- **DO** wrap every prompt: `const answer = await withPromptFix(() => inquirer.prompt([...]))`
+- **DO** import `withPromptFix` from `src/helpers/prompt.ts` (or load it dynamically alongside `inquirer`)
+- **DO** keep `withPromptFix` idempotent and the single source of the stdout patch
+
+### Don't
+
+- **DON'T** call `inquirer.prompt(...)` directly without the wrapper
+- **DON'T** reimplement the cursor/newline fix at individual call sites — funnel everything through `withPromptFix`
+- **DON'T** assume "it works on my machine" — the bug is Windows-only and does not reproduce on macOS/Linux
+
+## Consequences
+
+### Positive
+
+- **Correct multi-line output on Windows** after any interactive flow
+- **Single point of truth** for the console fix; call sites stay simple
+- **Mechanically enforceable** — the wrapper presence is checkable
+
+### Negative
+
+- **Boilerplate** at every prompt call site (`withPromptFix(() => ...)`)
+
+### Risks
+
+- **A new prompt added without the wrapper** silently re-breaks newline handling for the rest of the run. **Mitigation:** the companion rule flags any `inquirer.prompt(` not preceded by (or on the same line as) `withPromptFix`.
+
+## Compliance and Enforcement
+
+### Automated
+
+- **Archgate rule** ARCH-019/inquirer-prompt-wrapped: Scans `src/**/*.ts` for `inquirer.prompt(` calls and reports any that are not wrapped in `withPromptFix` (checked on the same line or the immediately-preceding non-blank line). Comment lines are ignored. Severity: error.
+
+### Manual
+
+Code reviewers MUST verify any new interactive flow wraps its prompts in `withPromptFix` and does not introduce a competing stdout/cursor patch.
+
+## References
+
+- [ARCH-018: Lazy-Load Heavy Dependencies](./ARCH-018-lazy-load-heavy-dependencies.md) — `inquirer` is loaded lazily; this ADR governs how its prompts are invoked
+- [`src/helpers/prompt.ts`](../../src/helpers/prompt.ts) — defines `withPromptFix()` and the stdout patch
diff --git a/.archgate/adrs/ARCH-019-inquirer-prompt-fix.rules.ts b/.archgate/adrs/ARCH-019-inquirer-prompt-fix.rules.ts
new file mode 100644
index 00000000..6927e291
--- /dev/null
+++ b/.archgate/adrs/ARCH-019-inquirer-prompt-fix.rules.ts
@@ -0,0 +1,61 @@
+/// <reference path="../rules.d.ts" />
+
+function isCommentLine(line: string): boolean {
+  const trimmed = line.trimStart();
+  return (
+    trimmed.startsWith("//") ||
+    trimmed.startsWith("*") ||
+    trimmed.startsWith("/*")
+  );
+}
+
+export default {
+  rules: {
+    "inquirer-prompt-wrapped": {
+      description:
+        "Every inquirer.prompt() call must be wrapped in withPromptFix() (Windows newline corruption)",
+      severity: "error",
+      async check(ctx) {
+        const files = ctx.scopedFiles.filter((f) => f.endsWith(".ts"));
+
+        const checks = files.map(async (file) => {
+          let content: string;
+          try {
+            content = await ctx.readFile(file);
+          } catch {
+            return;
+          }
+          const lines = content.split("\n");
+
+          for (const [index, line] of lines.entries()) {
+            if (isCommentLine(line)) continue;
+            if (!line.includes("inquirer.prompt(")) continue;
+
+            // Allowed if wrapped on the same line, or if the immediately
+            // preceding non-blank line opens the wrapper (the common
+            // `withPromptFix(() =>\n  inquirer.prompt([` shape).
+            if (line.includes("withPromptFix")) continue;
+
+            let prevNonBlank = "";
+            for (let i = index - 1; i >= 0; i--) {
+              if (lines[i].trim() !== "") {
+                prevNonBlank = lines[i];
+                break;
+              }
+            }
+            if (prevNonBlank.includes("withPromptFix")) continue;
+
+            ctx.report.violation({
+              message:
+                "inquirer.prompt() must be wrapped in withPromptFix() or it corrupts newline handling on Windows",
+              file,
+              line: index + 1,
+              fix: "Wrap the call: `await withPromptFix(() => inquirer.prompt([...]))` (import from src/helpers/prompt.ts)",
+            });
+          }
+        });
+        await Promise.all(checks);
+      },
+    },
+  },
+} satisfies RuleSet;
diff --git a/.archgate/adrs/ARCH-020-glob-scan-include-dotfiles.md b/.archgate/adrs/ARCH-020-glob-scan-include-dotfiles.md
new file mode 100644
index 00000000..0dc7e317
--- /dev/null
+++ b/.archgate/adrs/ARCH-020-glob-scan-include-dotfiles.md
@@ -0,0 +1,68 @@
+---
+id: ARCH-020
+title: Glob Scanning Must Include Dotfiles
+domain: architecture
+rules: true
+files: ["src/**/*.ts"]
+---
+
+# Glob Scanning Must Include Dotfiles
+
+## Context
+
+`Bun.Glob.scan()` defaults to `dot: false`, which skips any match whose path contains a dot-prefixed segment — **even when the pattern explicitly names that directory**. A pattern like `.github/workflows/release.yml` returns nothing under the default. Worse, the behavior is platform-dependent: Windows reliably drops the match while Linux can match the same pattern, so a glob appears to "work in CI" but silently no-ops on a contributor's Windows machine.
+
+Archgate is a code-governance tool. The directories it must inspect — `.github/`, `.husky/`, `.vscode/`, `.archgate/` — are dot-prefixed by convention. Treating them as first-class source means every `scan()` over the project tree must opt into dotfiles, or rules that target CI workflows and tooling config will silently scan nothing. This caused [archgate/cli#222](https://github.com/archgate/cli/issues/222): rules over `.github/workflows/**` no-opped locally while passing in CI.
+
+### Alternatives Analysis
+
+**Rely on the `dot: false` default and avoid dot-dirs**: Impossible — the files we must govern live in dot-dirs.
+
+**Pass `dot: true` at every `scan()` call site**: Explicit, local, and mechanically checkable. The engine already does this in `src/engine/runner.ts` (`ctx.glob`, `ctx.grepFiles`) and `src/engine/git-files.ts` (`resolveScopedFiles`). Chosen.
+
+## Decision
+
+Every call to `Bun.Glob#scan()` (`glob.scan(...)`) in source MUST pass `{ dot: true }` in its options object, so dot-prefixed segments are traversed. This applies regardless of whether the current glob pattern targets a dot-dir — the requirement is unconditional to prevent a future pattern from silently no-opping.
+
+## Do's and Don'ts
+
+### Do
+
+- **DO** call `glob.scan({ cwd, dot: true })` — always include `dot: true`
+- **DO** normalize separators after scanning (`file.replaceAll("\\", "/")`) for cross-platform path comparisons
+
+### Don't
+
+- **DON'T** call `glob.scan(...)` without `dot: true` — even for patterns that don't obviously touch a dot-dir
+- **DON'T** assume a glob that works on Linux works on Windows; the `dot` default diverges across platforms
+
+## Consequences
+
+### Positive
+
+- **Rules see dot-dirs** (`.github/`, `.husky/`, `.vscode/`, `.archgate/`) consistently
+- **Cross-platform parity** — no more "works in CI, no-ops locally" glob bugs
+
+### Negative
+
+- **Includes more paths** — callers that genuinely want to exclude dotfiles must filter explicitly (rare in this codebase)
+
+### Risks
+
+- **A new `scan()` added without `dot: true`** silently skips dot-dirs on Windows. **Mitigation:** the companion rule flags any `.scan(` call whose options lack `dot:`.
+
+## Compliance and Enforcement
+
+### Automated
+
+- **Archgate rule** ARCH-020/glob-scan-dot: Scans `src/**/*.ts` for `.scan(` calls and reports any whose argument list does not contain `dot:`. Severity: error.
+
+### Manual
+
+Code reviewers MUST verify new `Bun.Glob` scans pass `dot: true` and that any intentional exclusion of dotfiles is done by explicit post-scan filtering with a comment.
+
+## References
+
+- [archgate/cli#222](https://github.com/archgate/cli/issues/222) — the dotfile-skipping bug this ADR prevents
+- [`src/engine/runner.ts`](../../src/engine/runner.ts), [`src/engine/git-files.ts`](../../src/engine/git-files.ts) — canonical `scan({ dot: true })` usage
+- [ARCH-009: Platform Detection Helper](./ARCH-009-platform-detection-helper.md) — related cross-platform correctness governance
diff --git a/.archgate/adrs/ARCH-020-glob-scan-include-dotfiles.rules.ts b/.archgate/adrs/ARCH-020-glob-scan-include-dotfiles.rules.ts
new file mode 100644
index 00000000..eb74c3ab
--- /dev/null
+++ b/.archgate/adrs/ARCH-020-glob-scan-include-dotfiles.rules.ts
@@ -0,0 +1,46 @@
+/// <reference path="../rules.d.ts" />
+
+export default {
+  rules: {
+    "glob-scan-dot": {
+      description:
+        "Bun.Glob#scan() calls must pass { dot: true } so dot-prefixed dirs (.github, .husky, ...) are traversed",
+      severity: "error",
+      async check(ctx) {
+        const files = ctx.scopedFiles.filter((f) => f.endsWith(".ts"));
+
+        // Capture the argument list of each `.scan( ... )` call. The character
+        // class `[^)]` spans newlines, so multi-line option objects are
+        // covered, as long as the args contain no nested `)` (true for glob
+        // option objects: `{ cwd, dot: true }`).
+        const callPattern = /\.scan\(([^)]*)\)/gu;
+
+        const checks = files.map(async (file) => {
+          let content: string;
+          try {
+            content = await ctx.readFile(file);
+          } catch {
+            return;
+          }
+
+          for (const match of content.matchAll(callPattern)) {
+            const args = match[1];
+            if (/\bdot\s*:/u.test(args)) continue;
+
+            const offset = match.index ?? 0;
+            const line = content.slice(0, offset).split("\n").length;
+
+            ctx.report.violation({
+              message:
+                "Bun.Glob#scan() must pass { dot: true } or it silently skips dot-prefixed directories on Windows",
+              file,
+              line,
+              fix: "Add `dot: true` to the scan options, e.g. `glob.scan({ cwd, dot: true })`",
+            });
+          }
+        });
+        await Promise.all(checks);
+      },
+    },
+  },
+} satisfies RuleSet;
diff --git a/.archgate/adrs/ARCH-021-ascii-only-powershell-scripts.md b/.archgate/adrs/ARCH-021-ascii-only-powershell-scripts.md
new file mode 100644
index 00000000..7d1fa0da
--- /dev/null
+++ b/.archgate/adrs/ARCH-021-ascii-only-powershell-scripts.md
@@ -0,0 +1,77 @@
+---
+id: ARCH-021
+title: ASCII-Only PowerShell Scripts
+domain: architecture
+rules: true
+files: ["**/*.ps1"]
+---
+
+# ASCII-Only PowerShell Scripts
+
+## Context
+
+Archgate distributes a Windows installer, `install.ps1`, fetched and executed with `irm ... | iex`. The file is saved without a UTF-8 byte-order mark (its first bytes are `# A...`). On **Windows PowerShell 5.1** — still the default shell on a large share of Windows machines — a BOM-less `.ps1` is decoded using the system codepage (typically Windows-1252), not UTF-8.
+
+The consequence: any multi-byte UTF-8 character in the file is mis-decoded. An em-dash (`—`, bytes `E2 80 94`) becomes three garbage characters, which corrupts later string parsing. The failure mode is cryptic — the parser reports errors like "string is missing the terminator" on lines that look perfectly fine, far from the actual offending character. Because the install script is the very first thing a new user runs, a parse failure here is maximally damaging.
+
+This is not hypothetical: a non-ASCII character in `install.ps1` is exactly the kind of edit that passes review (it looks fine in a UTF-8 editor) and breaks only on PowerShell 5.1.
+
+### Alternatives Analysis
+
+**Add a UTF-8 BOM to the script**: Would make 5.1 decode UTF-8 correctly, but a BOM can break `irm | iex` piping and other tooling, and is easy to strip accidentally. Fragile.
+
+**Restrict distributed `.ps1` files to ASCII**: Eliminates the decoding ambiguity entirely — ASCII is identical under UTF-8 and Windows-1252. Simple, robust, mechanically checkable. Chosen.
+
+## Decision
+
+All `.ps1` files in the repository MUST contain only ASCII characters (byte values 0–127) in comments and string literals. Use `-`/`--` instead of em/en dashes, straight quotes instead of curly quotes, and avoid any other non-ASCII typography or symbols.
+
+To verify a script still parses after editing:
+
+```powershell
+$errs = $null
+[System.Management.Automation.Language.Parser]::ParseFile((Resolve-Path .\install.ps1).Path, [ref]$null, [ref]$errs)
+$errs
+```
+
+## Do's and Don'ts
+
+### Do
+
+- **DO** use ASCII punctuation in `.ps1` files: `-`, `--`, straight quotes `'` `"`
+- **DO** run the `Parser::ParseFile` check above after editing a distributed `.ps1`
+
+### Don't
+
+- **DON'T** use em-dashes (`—`), en-dashes (`–`), curly quotes (`“ ” ‘ ’`), ellipsis (`…`), or other non-ASCII characters in `.ps1` comments or strings
+- **DON'T** rely on "it renders fine in my editor" — the corruption only manifests under Windows PowerShell 5.1 with a BOM-less file
+
+## Consequences
+
+### Positive
+
+- **The installer parses on every Windows shell**, including PowerShell 5.1
+- **Mechanically enforceable** — non-ASCII bytes are trivially detectable
+
+### Negative
+
+- **No typographic niceties** in PowerShell scripts (acceptable — these are install scripts, not prose)
+
+### Risks
+
+- **A non-ASCII character slips in via copy-paste** (e.g., an em-dash auto-inserted by an editor). **Mitigation:** the companion rule flags any non-ASCII byte in a `.ps1` file with its line and column.
+
+## Compliance and Enforcement
+
+### Automated
+
+- **Archgate rule** ARCH-021/ascii-only-ps1: Scans every `.ps1` file for characters outside the ASCII range (code point > 127) and reports the offending file, line, and character. Severity: error.
+
+### Manual
+
+Code reviewers MUST reject `.ps1` changes that introduce non-ASCII characters, and SHOULD run the `Parser::ParseFile` check for non-trivial edits to `install.ps1`.
+
+## References
+
+- [`install.ps1`](../../install.ps1) — the Windows install script governed by this ADR
+- [ARCH-007: Cross-Platform Subprocess Execution](./ARCH-007-cross-platform-subprocess-execution.md) — related cross-platform robustness governance
diff --git a/.archgate/adrs/ARCH-021-ascii-only-powershell-scripts.rules.ts b/.archgate/adrs/ARCH-021-ascii-only-powershell-scripts.rules.ts
new file mode 100644
index 00000000..8189ae42
--- /dev/null
+++ b/.archgate/adrs/ARCH-021-ascii-only-powershell-scripts.rules.ts
@@ -0,0 +1,51 @@
+/// <reference path="../rules.d.ts" />
+
+// Highest allowed code point: 0x7F (DEL) and below is the ASCII range. Anything
+// above 127 is decoded ambiguously by Windows PowerShell 5.1 on BOM-less files.
+const MAX_ASCII = 0x7f;
+
+export default {
+  rules: {
+    "ascii-only-ps1": {
+      description:
+        "PowerShell (.ps1) files must be ASCII-only (Windows PowerShell 5.1 mis-decodes non-ASCII in BOM-less scripts)",
+      severity: "error",
+      async check(ctx) {
+        const files = ctx.scopedFiles.filter((f) => f.endsWith(".ps1"));
+
+        const checks = files.map(async (file) => {
+          let content: string;
+          try {
+            content = await ctx.readFile(file);
+          } catch {
+            return;
+          }
+          const lines = content.split("\n");
+
+          for (const [index, line] of lines.entries()) {
+            for (let col = 0; col < line.length; col++) {
+              const codePoint = line.codePointAt(col) ?? 0;
+              if (codePoint <= MAX_ASCII) continue;
+
+              const char = String.fromCodePoint(codePoint);
+              ctx.report.violation({
+                message: `Non-ASCII character "${char}" (U+${codePoint
+                  .toString(16)
+                  .toUpperCase()
+                  .padStart(
+                    4,
+                    "0"
+                  )}) at column ${col + 1} breaks Windows PowerShell 5.1 parsing`,
+                file,
+                line: index + 1,
+                fix: "Replace with an ASCII equivalent (e.g. em-dash with `-`, curly quotes with straight quotes)",
+              });
+              break; // one report per line is enough
+            }
+          }
+        });
+        await Promise.all(checks);
+      },
+    },
+  },
+} satisfies RuleSet;
diff --git a/.archgate/adrs/GEN-003-tool-invocation-via-scripts.md b/.archgate/adrs/GEN-003-tool-invocation-via-scripts.md
index 06fc1ddb..bc80589d 100644
--- a/.archgate/adrs/GEN-003-tool-invocation-via-scripts.md
+++ b/.archgate/adrs/GEN-003-tool-invocation-via-scripts.md
@@ -2,7 +2,7 @@
 id: GEN-003
 title: Tool Invocation via Package Scripts
 domain: general
-rules: false
+rules: true
 ---
 
 # Tool Invocation via Package Scripts
@@ -91,7 +91,12 @@ All linting, formatting, and validation MUST be invoked through `package.json` s
 
 ## Compliance and Enforcement
 
-**Automated enforcement**: The Archgate developer agent definition (`agents/developer.md`) MUST instruct agents to use `bun run format`, `bun run lint`, and `bun run validate` — never direct tool invocation. Agent memory records reinforce this rule across sessions.
+**Automated enforcement** (companion `GEN-003-tool-invocation-via-scripts.rules.ts`):
+
+- **GEN-003/no-direct-lint-format-invocation**: Scans `.github/workflows/*` and `package.json` for `bunx`/`npx` invocations of lint/format tools (`prettier`, `oxfmt`, `oxlint`, `eslint`, `biome`). The only acceptable place for a direct tool binary is inside a `package.json` script body. Scope deliberately excludes Markdown so this ADR's own prohibited-example text is not self-flagged, and excludes non-lint tools so legitimate invocations like `bunx --bun astro` (docs build) remain allowed.
+- **GEN-003/no-bare-bun-test-in-ci**: Scans `.github/workflows/*` for bare `bun test` (as opposed to `bun run test`). Bare `bun test` skips the script-level flags in `package.json` (e.g. `--timeout 60000`), which causes filesystem/subprocess tests to time out on slow runners.
+
+The Archgate developer agent definition also instructs agents to use `bun run format`, `bun run lint`, `bun run test`, and `bun run validate` — never direct tool invocation. Agent memory records reinforce this across sessions.
 
 **Manual enforcement**: Code reviewers MUST reject PRs that introduce direct tool invocations (e.g., `bunx prettier --write`, `npx oxlint`) in scripts, CI workflows, or documentation. The only acceptable place for direct tool invocation is inside the `package.json` scripts themselves.
 
diff --git a/.archgate/adrs/GEN-003-tool-invocation-via-scripts.rules.ts b/.archgate/adrs/GEN-003-tool-invocation-via-scripts.rules.ts
new file mode 100644
index 00000000..99a58a5c
--- /dev/null
+++ b/.archgate/adrs/GEN-003-tool-invocation-via-scripts.rules.ts
@@ -0,0 +1,77 @@
+/// <reference path="../rules.d.ts" />
+
+// Lint/format tools that MUST only be invoked via package.json scripts
+// (`bun run lint` / `bun run format`), never directly with bunx/npx. Non-lint
+// tools (e.g. astro) are intentionally excluded so `bunx --bun astro` stays
+// legal. See GEN-003.
+const LINT_FORMAT_TOOLS = ["prettier", "oxfmt", "oxlint", "eslint", "biome"];
+
+export default {
+  rules: {
+    "no-direct-lint-format-invocation": {
+      description:
+        "Lint/format tools must be invoked via package.json scripts, not bunx/npx",
+      severity: "error",
+      async check(ctx) {
+        // Build an alternation like (prettier|oxfmt|oxlint|eslint|biome).
+        const toolGroup = LINT_FORMAT_TOOLS.join("|");
+        // Match `bunx <tool>` or `npx <tool>`, allowing flags between the
+        // runner and the tool name (e.g. `bunx --bun oxfmt`).
+        const pattern = new RegExp(
+          String.raw`\b(?:bunx|npx)\b(?:\s+--?\S+)*\s+(?:${toolGroup})\b`,
+          "u"
+        );
+
+        // Scope: CI workflows + package.json only. Markdown is excluded so this
+        // ADR's own prohibited-example prose is not flagged.
+        const targets = [
+          ...(await ctx.glob(".github/workflows/*.yml")),
+          ...(await ctx.glob(".github/workflows/*.yaml")),
+          "package.json",
+        ];
+
+        const checks = targets.map(async (file) => {
+          const matches = await ctx.grep(file, pattern);
+          for (const m of matches) {
+            ctx.report.violation({
+              message: `Direct lint/format tool invocation ("${m.content.trim()}") is prohibited`,
+              file: m.file,
+              line: m.line,
+              fix: "Invoke the tool via a package.json script instead (e.g. `bun run lint`, `bun run format`)",
+            });
+          }
+        });
+        await Promise.all(checks);
+      },
+    },
+    "no-bare-bun-test-in-ci": {
+      description:
+        "CI workflows must run tests via `bun run test`, not bare `bun test`",
+      severity: "error",
+      async check(ctx) {
+        // `\bbun test\b` matches `bun test ...` but NOT `bun run test ...`
+        // (the literal substring "bun test" is absent from "bun run test").
+        const pattern = /\bbun test\b/u;
+
+        const targets = [
+          ...(await ctx.glob(".github/workflows/*.yml")),
+          ...(await ctx.glob(".github/workflows/*.yaml")),
+        ];
+
+        const checks = targets.map(async (file) => {
+          const matches = await ctx.grep(file, pattern);
+          for (const m of matches) {
+            ctx.report.violation({
+              message:
+                "Bare `bun test` in CI skips package.json script flags (e.g. --timeout)",
+              file: m.file,
+              line: m.line,
+              fix: "Use `bun run test` (append extra flags after it, e.g. `bun run test --coverage`)",
+            });
+          }
+        });
+        await Promise.all(checks);
+      },
+    },
+  },
+} satisfies RuleSet;
diff --git a/.claude/agent-memory/archgate-developer/MEMORY.md b/.claude/agent-memory/archgate-developer/MEMORY.md
index 55e3940d..d35e9ef2 100644
--- a/.claude/agent-memory/archgate-developer/MEMORY.md
+++ b/.claude/agent-memory/archgate-developer/MEMORY.md
@@ -5,15 +5,15 @@
 Every work loop MUST end with these steps — no exceptions, even for trivial changes:
 
 1. **`bun run validate`** — lint, typecheck, format, test, ADR check, knip, build check (fail-fast)
-2. **`@architect` skill** — Invoke via `Skill tool` with skill `"archgate:architect"`. Validates structural ADR compliance beyond automated rules.
-3. **`@quality-manager` skill** — Invoke via `Skill tool` with skill `"archgate:quality-manager"`. Captures learnings and governance gaps.
+2. **`@reviewer` skill** — Invoke via `Skill tool` with skill `"archgate:reviewer"`. Validates structural ADR compliance beyond automated rules.
+3. **`@lessons-learned` skill** — Invoke via `Skill tool` with skill `"archgate:lessons-learned"`. Captures learnings and governance gaps.
 
-Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to invoke these manually.
+Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to invoke these manually. (Note: `.claude/settings.json` still allowlists the older `archgate:architect`/`archgate:quality-manager` names — update it to match.)
 
 ## Version References
 
 - **Minimum version** (`>=1.2.21`): Enforced in `src/cli.ts`, documented in CLAUDE.md "Technology Stack". This is the user-facing requirement.
-- **Pinned version** (`1.3.8`): Set in `.prototools`, referenced in ADR risk sections (ARCH-005, ARCH-006) and CLAUDE.md "Toolchain" section. This is the dev toolchain version.
+- **Pinned version** (`1.3.14`): Set in `.prototools`, referenced in ADR risk sections (ARCH-005, ARCH-006) and CLAUDE.md "Toolchain" section. This is the dev toolchain version.
 - These are intentionally different. When upgrading the pinned version, update `.prototools` + ADR risk sections + CLAUDE.md toolchain. Do NOT change the minimum unless a new Bun API is required.
 
 ## Git Workflow
@@ -32,25 +32,25 @@ Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to inv
 
 - **YAML double-quoted strings require escaped backslashes for Windows paths in tests** — YAML interprets `\` as an escape character inside double-quoted strings. Writing `cwd: "E:\project"` silently corrupts the parsed value because `\p` is not a valid escape sequence. Fix: use `JSON.stringify(path)` to produce properly escaped YAML values (e.g., `cwd: ${JSON.stringify(cwd)}`). JSON and YAML double-quoted strings share the same escape syntax. Encountered in Copilot CLI session-context tests (`workspace.yaml` with Windows paths).
 - **`git commit` in temp repos requires local identity** — CI runners have no global `user.email`/`user.name` configured. Any test that runs `git commit` on a temp repo MUST call `git config user.email` and `git config user.name` locally after `git init`. Fails with a cryptic `ShellPromise` error in CI; passes locally. Also captured in ARCH-005 Do's.
-- **Never use `bunx prettier` directly** — Always use `bun run format` (to fix) or `bun run format:check` (to verify). Using `bunx prettier` can fail or use a different version than the project's devDependency. The same applies to all dev tools: prefer `bun run <script>` over `bunx <tool>` when a package.json script exists.
+- **Never use `bunx prettier` directly** (ENFORCED: GEN-003/no-direct-lint-format-invocation) — Always use `bun run format` (to fix) or `bun run format:check` (to verify). Using `bunx prettier` can fail or use a different version than the project's devDependency. The same applies to all dev tools: prefer `bun run <script>` over `bunx <tool>` when a package.json script exists. Note: this repo's formatter is **oxfmt** (`.oxfmtrc.json`), not Prettier; the rule bans `bunx`/`npx` of any lint/format tool (prettier, oxfmt, oxlint, eslint, biome) in workflows + package.json. `bunx --bun astro` (docs) stays allowed.
 - **`Bun.Glob.match()` triggers oxlint `prefer-regexp-test`** — `Bun.Glob.match()` returns a boolean (not a RegExp), but oxlint can't tell. Suppress with `// oxlint-disable-next-line prefer-regexp-test -- Bun.Glob.match() returns boolean, not RegExp`.
 - **oxlint `no-negated-condition`** — Always write ternaries with the positive condition first: `x === null ? A : B` not `x !== null ? B : A`. Applies to both `if/else` blocks and ternary expressions.
 - **oxlint `no-unused-vars` on catch parameters** — Use bare `catch { }` (no parameter) when the caught error is not used. `catch (err) { }` with unused `err` triggers the rule.
 - **oxlint `no-await-in-loop`** — Sequential `await` inside a `for` loop is flagged (warning). When the sequential order is intentional (e.g., build steps with per-step output), suppress with `// oxlint-disable-next-line no-await-in-loop -- <reason>`.
-- **`bun build --compile --bytecode` rejects top-level `await`** — Even though `bun run` and `tsc` handle top-level `await` fine, the Bun bytecode compiler (`--bytecode`) does not. In `src/cli.ts`, all async bootstrap logic MUST be wrapped in `async function main() { ... }` and called as `main().catch((err) => { logError(String(err)); process.exit(2); })`. Never use top-level `await` in the CLI entry point. See ARCH-001 Do's for the documented pattern.
-- **npm `main` field always gets included in publish** — `"main"` in `package.json` is always included in `npm publish` regardless of the `files` array. If the package doesn't need a default entry point (only sub-path exports like `./rules`), remove `main` entirely to avoid bundling the CLI entry point into the npm package.
-- **`CHANGELOG.md` is auto-generated — exclude from Prettier** — `CHANGELOG.md` is written by `TrigenSoftware/simple-release-action` during the release PR workflow. It is committed directly and never formatted by Prettier. It MUST be in `.prettierignore`; otherwise `bun run format:check` (part of `bun run validate`) will fail on the release PR. Do not attempt to run prettier on it post-commit.
+- **`bun build --compile --bytecode` rejects top-level `await`** (ENFORCED: ARCH-001/no-top-level-await-in-entry + `build:check`) — Even though `bun run` and `tsc` handle top-level `await` fine, the Bun bytecode compiler (`--bytecode`) does not. In `src/cli.ts`, all async bootstrap logic MUST be wrapped in `async function main() { ... }` and called as `main().catch((err) => { logError(String(err)); process.exit(2); })`. Never use top-level `await` in the CLI entry point. See ARCH-001 Do's for the documented pattern.
+- **npm `main` field always gets included in publish** (ENFORCED: ARCH-017/no-npm-main-field) — `"main"` in `package.json` is always included in `npm publish` regardless of the `files` array. If the package doesn't need a default entry point (only sub-path exports like `./rules`), remove `main` entirely to avoid bundling the CLI entry point into the npm package.
+- **`CHANGELOG.md` is auto-generated — exclude from the formatter** — `CHANGELOG.md` is written by `simple-release-action`/`.simple-release.js` during the release PR workflow and committed directly. NOTE: this is a **plugins-repo concern** (that repo uses Prettier + `.prettierignore`). The CLI repo uses **oxfmt** (`.oxfmtrc.json`) which doesn't format Markdown, so no exclusion is needed here — the `.prettierignore` in this repo is vestigial. If a future formatter starts touching `.md`, exclude `CHANGELOG.md`.
 - **`mock.module("node:fetch", ...)` does NOT intercept `globalThis.fetch` in Bun** — Bun's runtime fetch is `globalThis.fetch`, not the `node:fetch` module. Using `mock.module` silently fails; the real network is hit. Always mock fetch by assigning `globalThis.fetch = mockFn as unknown as typeof fetch` directly, and restore via `mock.restore()` in `afterEach`. TypeScript type cast: `as never` is insufficient for the `typeof fetch` type (which includes `preconnect`) — always use `as unknown as typeof fetch`. Also captured in ARCH-005 Don'ts.
 - **Git credential tests need system-level isolation on Windows** — Overriding `Bun.env.HOME` is NOT sufficient to isolate `git credential fill/approve` calls in tests. Windows Credential Manager is a system-level API, not file-based. Tests MUST set `Bun.env.GIT_CONFIG_NOSYSTEM = "1"` and `Bun.env.GIT_CONFIG_GLOBAL = <path-to-empty-file>` to prevent git from reading the real credential helper config. Without this, tests on machines with stored credentials will pick up real tokens.
 - **GCM prompt suppression requires 5 env vars** — `GIT_TERMINAL_PROMPT=0` alone does NOT prevent Git Credential Manager (GCM) from showing GUI prompts on Windows or askpass prompts on Linux. The full set for `gitCredentialEnv()` in `src/helpers/credential-store.ts` is: `GIT_TERMINAL_PROMPT=0`, `GCM_INTERACTIVE=never`, `GCM_GUI_PROMPT=false`, `GIT_ASKPASS=""`, `SSH_ASKPASS=""`. Omitting any one can trigger unexpected prompts in editor contexts where the CLI runs as a subprocess.
 - **Module-level `{ ...Bun.env }` captures env at import time** — Spreading `Bun.env` into a module-level constant freezes the env snapshot. Tests that override `Bun.env.HOME` after import won't affect the constant. Fix: use a function that returns `{ ...Bun.env, ... }` on each call so it picks up test-time overrides. Applied in `src/helpers/credential-store.ts`.
-- **`Bun.Glob.scan({ dot: false })` silently drops dot-prefixed segments — even on explicit paths** — `dot: false` (the default) skips matches whose path contains a `.`-prefixed segment, including patterns that explicitly name the dir (e.g. `.github/workflows/release.yml`). Behavior also varies across platforms — Windows reliably drops the match while Linux can match the same pattern, so a rule appears to "work in CI" but no-ops locally. For code repos where `.github/`, `.husky/`, `.vscode/` are first-class source dirs, ALWAYS pass `dot: true` to `Bun.Glob.scan()`. Applied in `src/engine/runner.ts` (`ctx.glob`, `ctx.grepFiles`) and `src/engine/git-files.ts` (`resolveScopedFiles`). See archgate/cli#222.
-- **PowerShell 5.1 reads BOM-less `.ps1` files as ANSI — never use non-ASCII chars in `install.ps1`** — `install.ps1` has no UTF-8 BOM (first bytes are `# A...`). On Windows PowerShell 5.1, this means the file is decoded as the system codepage (Windows-1252), so multi-byte UTF-8 characters like em-dash (`—`, `\xE2\x80\x94`) get split into garbage bytes that break later string parsing — the parser reports cryptic errors like "string is missing the terminator" on lines that look fine. ALWAYS stick to ASCII (`-`, `--`, straight quotes) in comments and string literals in `install.ps1`. To verify after editing: `[System.Management.Automation.Language.Parser]::ParseFile((Resolve-Path .\install.ps1).Path, [ref]$null, [ref]$errs)`. Same caveat applies to any unsigned `.ps1` file the project distributes.
+- **`Bun.Glob.scan({ dot: false })` silently drops dot-prefixed segments — even on explicit paths** (ENFORCED: ARCH-020/glob-scan-dot) — `dot: false` (the default) skips matches whose path contains a `.`-prefixed segment, including patterns that explicitly name the dir (e.g. `.github/workflows/release.yml`). Behavior also varies across platforms — Windows reliably drops the match while Linux can match the same pattern, so a rule appears to "work in CI" but no-ops locally. For code repos where `.github/`, `.husky/`, `.vscode/` are first-class source dirs, ALWAYS pass `dot: true` to `Bun.Glob.scan()`. Applied in `src/engine/runner.ts` (`ctx.glob`, `ctx.grepFiles`) and `src/engine/git-files.ts` (`resolveScopedFiles`). See archgate/cli#222.
+- **PowerShell 5.1 reads BOM-less `.ps1` files as ANSI — never use non-ASCII chars in `install.ps1`** (ENFORCED: ARCH-021/ascii-only-ps1) — `install.ps1` has no UTF-8 BOM (first bytes are `# A...`). On Windows PowerShell 5.1, this means the file is decoded as the system codepage (Windows-1252), so multi-byte UTF-8 characters like em-dash (`—`, `\xE2\x80\x94`) get split into garbage bytes that break later string parsing — the parser reports cryptic errors like "string is missing the terminator" on lines that look fine. ALWAYS stick to ASCII (`-`, `--`, straight quotes) in comments and string literals in `install.ps1`. To verify after editing: `[System.Management.Automation.Language.Parser]::ParseFile((Resolve-Path .\install.ps1).Path, [ref]$null, [ref]$errs)`. Same caveat applies to any unsigned `.ps1` file the project distributes.
 - **SLSA reusable workflow MUST be tag-pinned, not SHA-pinned** — `slsa-framework/slsa-github-generator/.github/workflows/*` looks like it should follow CI-001 (SHA pin), but the SLSA generator's `generate-builder.sh` reads the workflow ref to download the prebuilt builder from a GitHub release and rejects non-tag refs (`Invalid ref: ... Expected ref of the form refs/tags/vX.Y.Z`, exit 2). Pinning by SHA broke the v0.31.0 release ([run 25107195589](https://github.com/archgate/cli/actions/runs/25107195589)). The CI-001 rule allowlists this path so it does NOT block a SHA repin — meaning a future agent could "fix" the tag pin and the rule would be silent until the next release fails. ALWAYS keep `@v2.x.y` for `release-binaries.yml:165` and read the inline comment + CI-001 "Carved-out exceptions" before changing. Upstream issue: [slsa-framework/slsa-github-generator#150](https://github.com/slsa-framework/slsa-github-generator/issues/150).
 - **Windows binary upgrade: never use detached child processes for `.old` cleanup** — On Windows, `replaceBinary()` renames the running exe to `.old` because the OS file-locks it. Cleaning up the `.old` via a detached `cmd /c ping -n 2 ... & del` process is unreliable (process may not spawn, `del` may fail silently, timing races). Instead, `cleanupStaleBinary()` runs at the next CLI startup as a fire-and-forget `unlink()` — the file is guaranteed unlocked by then. The cleanup is platform-agnostic (uses `getArtifactInfo()` to resolve the binary name), so it works on any supported platform even though only Windows currently creates `.old` files. The sync `unlinkSync` in `replaceBinary()` is kept as defense-in-depth for leftover `.old` files from previous upgrades. Do NOT reintroduce detached cleanup processes.
 - **`bun:sqlite` file handles persist after `db.close()` on Windows — wrap test cleanup in try/catch** — Tests that create temp SQLite databases via `new Database(path)` will fail with `EBUSY: resource busy or locked` when `rmSync` tries to remove the temp directory in `afterEach`, even after calling `db.close()`. Windows holds the file handle briefly. Fix: (1) set `PRAGMA journal_mode = DELETE` in test DBs to avoid creating WAL/SHM files, and (2) wrap `rmSync` in `afterEach` with `try { rmSync(...) } catch { /* SQLite handles may persist */ }`. Each test must use a unique temp dir name so leftover files don't collide.
-- **Inquirer permanently breaks Windows console newline handling — use `withPromptFix()`** — When inquirer creates a readline interface on Windows, it enables VTP (Virtual Terminal Processing) which sets `DISABLE_NEWLINE_AUTO_RETURN`. This flag is NEVER restored after the prompt closes, so bare `\n` stops returning to column 0 for ALL subsequent output — not just during the prompt. The per-prompt `cursorTo(process.stdout, 0)` fix only addressed the cursor position after the answer line; it did NOT fix the console mode change. Root-cause fix: `src/helpers/prompt.ts` exports `withPromptFix()` which applies a permanent `process.stdout.write` patch (idempotent, applied once) that translates bare `\n` → `\r\n` via `(?<!\r)\n`, plus resets cursor to column 0 after each prompt. ALL inquirer prompt calls MUST be wrapped with `withPromptFix(() => inquirer.prompt([...]))`. The `upgrade.ts` command uses a separate `clearLine`/`cursorTo` pattern for download progress cleanup (not inquirer).
-- **`inquirer` must be lazy-loaded via dynamic `import()` — never statically imported at module level** — `inquirer` costs ~200ms to parse. Static `import inquirer from "inquirer"` at module level forces every CLI invocation to pay this cost — even `--help`, `--version`, and non-interactive commands that never prompt. Always use `const { default: inquirer } = await import("inquirer")` at the call site, inside the action handler or function that actually needs it. Applied in `src/commands/adr/create.ts`, `src/commands/init.ts`, `src/helpers/editor-detect.ts`, `src/helpers/login-flow.ts`. Same principle applies to any heavy dependency used only in specific code paths (e.g., Sentry and PostHog SDKs are already lazy-loaded in `sentry.ts` and `telemetry.ts`).
+- **Inquirer permanently breaks Windows console newline handling — use `withPromptFix()`** (ENFORCED: ARCH-019/inquirer-prompt-wrapped) — When inquirer creates a readline interface on Windows, it enables VTP (Virtual Terminal Processing) which sets `DISABLE_NEWLINE_AUTO_RETURN`. This flag is NEVER restored after the prompt closes, so bare `\n` stops returning to column 0 for ALL subsequent output — not just during the prompt. The per-prompt `cursorTo(process.stdout, 0)` fix only addressed the cursor position after the answer line; it did NOT fix the console mode change. Root-cause fix: `src/helpers/prompt.ts` exports `withPromptFix()` which applies a permanent `process.stdout.write` patch (idempotent, applied once) that translates bare `\n` → `\r\n` via `(?<!\r)\n`, plus resets cursor to column 0 after each prompt. ALL inquirer prompt calls MUST be wrapped with `withPromptFix(() => inquirer.prompt([...]))`. The `upgrade.ts` command uses a separate `clearLine`/`cursorTo` pattern for download progress cleanup (not inquirer).
+- **`inquirer` must be lazy-loaded via dynamic `import()` — never statically imported at module level** (ENFORCED: ARCH-018/no-static-heavy-import — also covers `@sentry/*`, `posthog-node`) — `inquirer` costs ~200ms to parse. Static `import inquirer from "inquirer"` at module level forces every CLI invocation to pay this cost — even `--help`, `--version`, and non-interactive commands that never prompt. Always use `const { default: inquirer } = await import("inquirer")` at the call site, inside the action handler or function that actually needs it. Applied in `src/commands/adr/create.ts`, `src/commands/init.ts`, `src/helpers/editor-detect.ts`, `src/helpers/login-flow.ts`. Same principle applies to any heavy dependency used only in specific code paths (e.g., Sentry and PostHog SDKs are already lazy-loaded in `sentry.ts` and `telemetry.ts`).
 - **Telemetry/Sentry init should be started eagerly but awaited lazily** — In `src/cli.ts`, `initSentry()` + `initTelemetry()` are started before command registration (so they run concurrently with setup) but only awaited in the `preAction` hook (right before the first telemetry event). This defers ~150ms of SDK parsing + git subprocess cost for `--help`/`--version` which never trigger `preAction`. The `preAction` hook is `async` to support this `await`.
 - **Smoke test install-script steps must find a release with uploaded assets, not just the latest tag** — On release-commit pushes to main, the Validate and Release workflows trigger concurrently. The Release workflow creates the tag/release before `release-binaries.yml` uploads platform binaries. Smoke tests that naively use `gh release view --json tagName` get the just-created release and 404 on the binary download. Fix: iterate `gh release list --limit 5` and check each release's assets for the expected artifact (`archgate-win32-x64.zip` / `archgate-linux-x64.tar.gz`) before selecting the version. Applied in `smoke-test-windows.yml` and `smoke-test-linux.yml`.
 - **GitHub CodeQL "default setup" can silently skip PRs — use an explicit workflow** — The repository-level "default setup" for CodeQL does not guarantee analysis on every PR. PR #279 (Renovate deps update) had zero CodeQL analyses, dropping the Scorecard SAST score from 10 to 9. Fix: add an explicit `.github/workflows/codeql.yml` that runs on `push: [main]`, `pull_request: [main]`, and a weekly schedule. After merging, disable the "default setup" in repository Settings > Code security > Code scanning to avoid duplicate analyses. The explicit workflow gives Scorecard a detectable `github/codeql-action` reference and guarantees coverage.
@@ -59,7 +59,7 @@ Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to inv
 - **`Bun.env` modifications in parallel test files leak into integration test subprocesses** — Bun test runner runs all test files in a single process sharing `Bun.env`. Tests that set `Bun.env.HOME`, `Bun.env.GIT_CONFIG_NOSYSTEM`, or `Bun.env.GIT_CONFIG_GLOBAL` (e.g., `auth.test.ts`, `credential-store.test.ts`) modify the shared environment. Integration tests that spawn CLI subprocesses via `runCli()` spread `process.env` (which IS `Bun.env`) into the child, inheriting the leaked values. Symptom: git operations in the subprocess fail with "not a git repo" or similar, but the test passes in isolation. Fix: integration tests that rely on git must explicitly reset git-related env vars in the `runCli` call: `runCli(args, dir, { GIT_CONFIG_NOSYSTEM: "", GIT_CONFIG_GLOBAL: "" })`. Applied in `tests/integration/check.test.ts` for the `--base` tests.
 - **Cross-command I/O sharing: export from the existing command file, don't create shared files** — When two commands need to share I/O functions (console.log with styleText), you CANNOT put them in `src/helpers/` (ARCH-002 forbids console.log in helpers) or create a new file under `src/commands/<parent>/` without a register function (ARCH-001 requires register\*Command export, ARCH-016 requires docs heading). The correct pattern: export the shared functions from the command file that already defines them (e.g., `plugin/install.ts` exports `installForEditor()` and `printManualInstructions()`) and import them in the other command. Applied in `upgrade.ts` importing from `./plugin/install`.
 - **macOS `/var` → `/private/var` symlink breaks temp dir path comparisons in tests** — On macOS, `/var` is a symlink to `/private/var`. `mkdtempSync(join(tmpdir(), ...))` returns `/var/folders/...` but `process.cwd()` after `chdir()` resolves the symlink to `/private/var/folders/...`. Tests that compare `tempDir` against paths derived from `process.cwd()` or `findProjectRoot()` will fail. Fix: always wrap `mkdtempSync` with `realpathSync` in test setup: `tempDir = realpathSync(mkdtempSync(join(tmpdir(), "archgate-test-")))`. This normalizes the path upfront. Discovered in v0.38.0/v0.39.0 release builds — PR CI runs on ubuntu-latest only, so macOS-specific issues are invisible until the release workflow.
-- **Always use `bun run test`, never bare `bun test`, in CI workflows** — The package.json `test` script includes `--timeout 60000`, but bare `bun test` uses Bun's default 5000ms timeout. Tests that perform filesystem operations or spawn subprocesses (e.g., session-context tests) can exceed 5s on slow CI runners. The `release-binaries.yml` Windows step originally used `bun test` and hit timeout failures. Same principle as "never use `bunx prettier` directly" — always prefer `bun run <script>` to pick up script-level flags.
+- **Always use `bun run test`, never bare `bun test`, in CI workflows** (ENFORCED: GEN-003/no-bare-bun-test-in-ci) — The package.json `test` script includes `--timeout 60000`, but bare `bun test` uses Bun's default 5000ms timeout. Tests that perform filesystem operations or spawn subprocesses (e.g., session-context tests) can exceed 5s on slow CI runners. The `release-binaries.yml` Windows step originally used `bun test` and hit timeout failures. Same principle as "never use `bunx prettier` directly" — always prefer `bun run <script>` to pick up script-level flags. To pass extra flags, append after the script: `bun run test --coverage`.
 - **Don't test that well-known tools exist on PATH** — Tests like `expect(resolveCommand("bun")).toBe("bun")` assert CI environment state, not application logic. They fail when the runner installs tools via shims (e.g., proto on macOS ARM64 where `Bun.which` returns null). Delete such tests entirely — the "returns null for non-existent command" tests already cover `resolveCommand`'s actual logic, and WSL-specific tests cover the `.exe` fallback path.
 - **`mock.module` + `require()` of the same module is unreliable on macOS ARM64** — Using `require("../path/to/module")` inside a `mock.module("../path/to/module", factory)` factory to spread the real exports is unreliable on darwin-arm64. The `require()` can return a circular/empty object instead of the real module, causing the spread to produce an incomplete mock (missing functions). Fix: provide explicit inline implementations of all needed functions in the mock factory. See `sync.test.ts` for the reliable pattern (all exports declared explicitly). Applied in `tests/commands/adr/import.test.ts` — PR [#355](https://github.com/archgate/cli/pull/355).
 
@@ -78,8 +78,4 @@ Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to inv
 - **npm shim + GitHub Releases** — The npm package is a thin shim (`bin/archgate.cjs`). On first run, the shim downloads the platform binary from GitHub Releases and caches it to `~/.archgate/bin/`. No platform-specific npm packages.
 - **`.cjs` extension is mandatory** — Root `package.json` has `"type": "module"`. Any Node.js CJS wrapper script placed at the package root MUST use `.cjs`, not `.js`, or Node.js will attempt to parse it as ESM and fail.
 - [Shim publishing pipeline gotchas](project_shim_publishing.md) — PyPI README, RubyGem Rakefile/working-dir, Maven waitUntil; build reqs not caught by `archgate check`
-- **Each shim needs its own `LICENSE.md` — the repo-root license is invisible to registries** — Registries/indexes detect license from files _inside_ the published package, not the repo root. The Go shim is a subdirectory module (`github.com/archgate/cli/shims/go`); a subdir module's zip only contains files under that subtree, so root `LICENSE.md` is excluded and pkg.go.dev shows "no license" until `shims/go/LICENSE.md` exists. Compounded by `shim-readme-sync`: every shim README is byte-identical to root and carries the root's relative `[Apache-2.0](LICENSE.md)` link/badge, which only resolves with a sibling `LICENSE.md`. Fix applied: byte-identical `LICENSE.md` in all 5 shim dirs (go, maven, nuget/Archgate.Tool, pypi, rubygem); rubygem also adds it to `spec.files`. To register a subdir Go module on pkg.go.dev, hit the proxy: `curl https://proxy.golang.org/<module>/@v/<version>.info`. Captured in ARCH-013 and ENFORCED: the `ARCH-013/shim-license-sync` rule (in the ADR's `.rules.ts`) fails `archgate check` on drift, and `.simple-release.js` `bump()` propagates root `LICENSE.md` to every shim at release — both exactly parallel to the README sync.
-
-## Telemetry Strategy
-
-- [Telemetry & Analytics Strategy](project_telemetry_strategy.md) — Decisions on PostHog analytics, Sentry error tracking, plugin surveys (2026-03-22)
+- **Each shim needs its own `LICENSE.md`** — Now ENFORCED by the `ARCH-013/shim-license-sync` rule (fails `archgate check` on drift) and propagated at release by `.simple-release.js` `bump()`, parallel to the README sync. Operational detail: a subdir Go module's zip only contains files under its subtree, so root `LICENSE.md` is excluded and pkg.go.dev shows "no license" until `shims/go/LICENSE.md` exists. To register a subdir Go module, hit the proxy: `curl https://proxy.golang.org/<module>/@v/<version>.info`.
diff --git a/.claude/settings.json b/.claude/settings.json
index 1041439e..66345f1d 100644
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -12,8 +12,8 @@
       "Bash(ls *)",
       "Bash(rm *)",
       "Bash(proto *)",
-      "Skill(archgate:architect)",
-      "Skill(archgate:quality-manager)",
+      "Skill(archgate:reviewer)",
+      "Skill(archgate:lessons-learned)",
       "Skill(archgate:adr-author)",
       "WebSearch",
       "Read",
@@ -31,7 +31,7 @@
         "hooks": [
           {
             "type": "command",
-            "command": "jq -r '.tool_input.file_path' | xargs -I {} bunx oxfmt --write {}"
+            "command": "jq -r '.tool_input.file_path' | xargs -I {} bun run format:file {}"
           }
         ]
       }
diff --git a/.github/workflows/smoke-test-windows.yml b/.github/workflows/smoke-test-windows.yml
index cbf009d6..ad2e0867 100644
--- a/.github/workflows/smoke-test-windows.yml
+++ b/.github/workflows/smoke-test-windows.yml
@@ -33,7 +33,7 @@ jobs:
 
       - name: Tests
         id: tests
-        run: bun test --timeout 60000 --coverage
+        run: bun run test --coverage
       - name: Upload coverage
         if: always() && steps.tests.outcome == 'success'
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
diff --git a/CLAUDE.md b/CLAUDE.md
index 21dcdd71..a1368fe6 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -17,7 +17,7 @@ bun run lint                  # oxlint
 bun run typecheck             # tsc --build
 bun run format                # oxfmt --write
 bun run format:check          # oxfmt --check
-bun test                      # all tests
+bun run test                  # all tests (not bare `bun test` — picks up --timeout; see GEN-003)
 bun run knip                  # dead export detection
 bun run validate              # MANDATORY: lint + typecheck + format + test + ADR check + knip + build check
 bun run build:check            # verify build compiles (CI builds binaries via release workflow)
diff --git a/package.json b/package.json
index 7ed6c546..13c03093 100644
--- a/package.json
+++ b/package.json
@@ -46,6 +46,7 @@
     "docs:preview": "cd docs && bunx --bun astro preview",
     "format": "oxfmt --write .",
     "format:check": "oxfmt --check .",
+    "format:file": "oxfmt --write",
     "knip": "knip",
     "lint": "oxlint --deny-warnings .",
     "test": "bun test --timeout 60000",

From 48fa7041d8444afec7940af30e189dab1bb10e94 Mon Sep 17 00:00:00 2001
From: Rhuan Barreto <rhuan@barreto.work>
Date: Fri, 29 May 2026 02:09:17 +0200
Subject: [PATCH 2/5] docs(memory): collapse ADR-enforced patterns into a
 compact map

The enforced "Patterns & Fixes" entries duplicated the rationale now
owned by their ADRs. Replace ~9 verbose bullets with a one-line
"Enforced by ADRs" map and keep only the non-enforceable env/CI/platform
lessons in "Patterns & Fixes". Net: 22.4KB -> 17.7KB.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
---
 .../agent-memory/archgate-developer/MEMORY.md | 24 ++++++++++++-------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/.claude/agent-memory/archgate-developer/MEMORY.md b/.claude/agent-memory/archgate-developer/MEMORY.md
index d35e9ef2..26cca3e1 100644
--- a/.claude/agent-memory/archgate-developer/MEMORY.md
+++ b/.claude/agent-memory/archgate-developer/MEMORY.md
@@ -28,29 +28,36 @@ Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to inv
 
 - **Content filtering on policy/legal text** — Writing files containing Contributor Covenant, license text, or similar legal boilerplate (e.g., `CODE_OF_CONDUCT.md`) may trigger API content filtering and block output. Do NOT attempt to auto-generate these files. Instead, tell the user to copy the content manually from the official source (e.g., https://www.contributor-covenant.org/version/2/1/code_of_conduct/).
 
+## Enforced by ADRs
+
+These conventions are now machine-checked by `archgate check` — the ADR + its `.rules.ts` own the full rationale and do/don'ts. This is just a map; read the ADR before relying on specifics.
+
+- **GEN-003** — no `bunx`/`npx` of lint/format tools (prettier, oxfmt, oxlint, eslint, biome); use `bun run <script>`. Also bans bare `bun test` in CI (use `bun run test`, append flags after). This repo's formatter is **oxfmt**.
+- **ARCH-001** — no top-level `await` in `src/cli.ts`; wrap async bootstrap in `async function main()` (`--bytecode` rejects it).
+- **ARCH-013** — shim `LICENSE.md`/`README.md`/version files stay byte-identical to root (propagated by `.simple-release.js`).
+- **ARCH-017** — no `main` field in root `package.json` (keeps the npm thin shim lean).
+- **ARCH-018** — lazy-load heavy deps (`inquirer`, `@sentry/*`, `posthog-node`) via dynamic `import()`; `import type` is exempt.
+- **ARCH-019** — wrap every `inquirer.prompt()` in `withPromptFix()` (Windows newline corruption).
+- **ARCH-020** — `Bun.Glob.scan()` must pass `{ dot: true }` (else dot-dirs silently skipped on Windows).
+- **ARCH-021** — `.ps1` files must be ASCII-only (Windows PowerShell 5.1 mis-decodes BOM-less UTF-8).
+
 ## Patterns & Fixes
 
+Non-enforceable lessons — environment/CI/platform quirks no static rule can reliably catch.
+
 - **YAML double-quoted strings require escaped backslashes for Windows paths in tests** — YAML interprets `\` as an escape character inside double-quoted strings. Writing `cwd: "E:\project"` silently corrupts the parsed value because `\p` is not a valid escape sequence. Fix: use `JSON.stringify(path)` to produce properly escaped YAML values (e.g., `cwd: ${JSON.stringify(cwd)}`). JSON and YAML double-quoted strings share the same escape syntax. Encountered in Copilot CLI session-context tests (`workspace.yaml` with Windows paths).
 - **`git commit` in temp repos requires local identity** — CI runners have no global `user.email`/`user.name` configured. Any test that runs `git commit` on a temp repo MUST call `git config user.email` and `git config user.name` locally after `git init`. Fails with a cryptic `ShellPromise` error in CI; passes locally. Also captured in ARCH-005 Do's.
-- **Never use `bunx prettier` directly** (ENFORCED: GEN-003/no-direct-lint-format-invocation) — Always use `bun run format` (to fix) or `bun run format:check` (to verify). Using `bunx prettier` can fail or use a different version than the project's devDependency. The same applies to all dev tools: prefer `bun run <script>` over `bunx <tool>` when a package.json script exists. Note: this repo's formatter is **oxfmt** (`.oxfmtrc.json`), not Prettier; the rule bans `bunx`/`npx` of any lint/format tool (prettier, oxfmt, oxlint, eslint, biome) in workflows + package.json. `bunx --bun astro` (docs) stays allowed.
 - **`Bun.Glob.match()` triggers oxlint `prefer-regexp-test`** — `Bun.Glob.match()` returns a boolean (not a RegExp), but oxlint can't tell. Suppress with `// oxlint-disable-next-line prefer-regexp-test -- Bun.Glob.match() returns boolean, not RegExp`.
 - **oxlint `no-negated-condition`** — Always write ternaries with the positive condition first: `x === null ? A : B` not `x !== null ? B : A`. Applies to both `if/else` blocks and ternary expressions.
 - **oxlint `no-unused-vars` on catch parameters** — Use bare `catch { }` (no parameter) when the caught error is not used. `catch (err) { }` with unused `err` triggers the rule.
 - **oxlint `no-await-in-loop`** — Sequential `await` inside a `for` loop is flagged (warning). When the sequential order is intentional (e.g., build steps with per-step output), suppress with `// oxlint-disable-next-line no-await-in-loop -- <reason>`.
-- **`bun build --compile --bytecode` rejects top-level `await`** (ENFORCED: ARCH-001/no-top-level-await-in-entry + `build:check`) — Even though `bun run` and `tsc` handle top-level `await` fine, the Bun bytecode compiler (`--bytecode`) does not. In `src/cli.ts`, all async bootstrap logic MUST be wrapped in `async function main() { ... }` and called as `main().catch((err) => { logError(String(err)); process.exit(2); })`. Never use top-level `await` in the CLI entry point. See ARCH-001 Do's for the documented pattern.
-- **npm `main` field always gets included in publish** (ENFORCED: ARCH-017/no-npm-main-field) — `"main"` in `package.json` is always included in `npm publish` regardless of the `files` array. If the package doesn't need a default entry point (only sub-path exports like `./rules`), remove `main` entirely to avoid bundling the CLI entry point into the npm package.
-- **`CHANGELOG.md` is auto-generated — exclude from the formatter** — `CHANGELOG.md` is written by `simple-release-action`/`.simple-release.js` during the release PR workflow and committed directly. NOTE: this is a **plugins-repo concern** (that repo uses Prettier + `.prettierignore`). The CLI repo uses **oxfmt** (`.oxfmtrc.json`) which doesn't format Markdown, so no exclusion is needed here — the `.prettierignore` in this repo is vestigial. If a future formatter starts touching `.md`, exclude `CHANGELOG.md`.
 - **`mock.module("node:fetch", ...)` does NOT intercept `globalThis.fetch` in Bun** — Bun's runtime fetch is `globalThis.fetch`, not the `node:fetch` module. Using `mock.module` silently fails; the real network is hit. Always mock fetch by assigning `globalThis.fetch = mockFn as unknown as typeof fetch` directly, and restore via `mock.restore()` in `afterEach`. TypeScript type cast: `as never` is insufficient for the `typeof fetch` type (which includes `preconnect`) — always use `as unknown as typeof fetch`. Also captured in ARCH-005 Don'ts.
 - **Git credential tests need system-level isolation on Windows** — Overriding `Bun.env.HOME` is NOT sufficient to isolate `git credential fill/approve` calls in tests. Windows Credential Manager is a system-level API, not file-based. Tests MUST set `Bun.env.GIT_CONFIG_NOSYSTEM = "1"` and `Bun.env.GIT_CONFIG_GLOBAL = <path-to-empty-file>` to prevent git from reading the real credential helper config. Without this, tests on machines with stored credentials will pick up real tokens.
 - **GCM prompt suppression requires 5 env vars** — `GIT_TERMINAL_PROMPT=0` alone does NOT prevent Git Credential Manager (GCM) from showing GUI prompts on Windows or askpass prompts on Linux. The full set for `gitCredentialEnv()` in `src/helpers/credential-store.ts` is: `GIT_TERMINAL_PROMPT=0`, `GCM_INTERACTIVE=never`, `GCM_GUI_PROMPT=false`, `GIT_ASKPASS=""`, `SSH_ASKPASS=""`. Omitting any one can trigger unexpected prompts in editor contexts where the CLI runs as a subprocess.
 - **Module-level `{ ...Bun.env }` captures env at import time** — Spreading `Bun.env` into a module-level constant freezes the env snapshot. Tests that override `Bun.env.HOME` after import won't affect the constant. Fix: use a function that returns `{ ...Bun.env, ... }` on each call so it picks up test-time overrides. Applied in `src/helpers/credential-store.ts`.
-- **`Bun.Glob.scan({ dot: false })` silently drops dot-prefixed segments — even on explicit paths** (ENFORCED: ARCH-020/glob-scan-dot) — `dot: false` (the default) skips matches whose path contains a `.`-prefixed segment, including patterns that explicitly name the dir (e.g. `.github/workflows/release.yml`). Behavior also varies across platforms — Windows reliably drops the match while Linux can match the same pattern, so a rule appears to "work in CI" but no-ops locally. For code repos where `.github/`, `.husky/`, `.vscode/` are first-class source dirs, ALWAYS pass `dot: true` to `Bun.Glob.scan()`. Applied in `src/engine/runner.ts` (`ctx.glob`, `ctx.grepFiles`) and `src/engine/git-files.ts` (`resolveScopedFiles`). See archgate/cli#222.
-- **PowerShell 5.1 reads BOM-less `.ps1` files as ANSI — never use non-ASCII chars in `install.ps1`** (ENFORCED: ARCH-021/ascii-only-ps1) — `install.ps1` has no UTF-8 BOM (first bytes are `# A...`). On Windows PowerShell 5.1, this means the file is decoded as the system codepage (Windows-1252), so multi-byte UTF-8 characters like em-dash (`—`, `\xE2\x80\x94`) get split into garbage bytes that break later string parsing — the parser reports cryptic errors like "string is missing the terminator" on lines that look fine. ALWAYS stick to ASCII (`-`, `--`, straight quotes) in comments and string literals in `install.ps1`. To verify after editing: `[System.Management.Automation.Language.Parser]::ParseFile((Resolve-Path .\install.ps1).Path, [ref]$null, [ref]$errs)`. Same caveat applies to any unsigned `.ps1` file the project distributes.
 - **SLSA reusable workflow MUST be tag-pinned, not SHA-pinned** — `slsa-framework/slsa-github-generator/.github/workflows/*` looks like it should follow CI-001 (SHA pin), but the SLSA generator's `generate-builder.sh` reads the workflow ref to download the prebuilt builder from a GitHub release and rejects non-tag refs (`Invalid ref: ... Expected ref of the form refs/tags/vX.Y.Z`, exit 2). Pinning by SHA broke the v0.31.0 release ([run 25107195589](https://github.com/archgate/cli/actions/runs/25107195589)). The CI-001 rule allowlists this path so it does NOT block a SHA repin — meaning a future agent could "fix" the tag pin and the rule would be silent until the next release fails. ALWAYS keep `@v2.x.y` for `release-binaries.yml:165` and read the inline comment + CI-001 "Carved-out exceptions" before changing. Upstream issue: [slsa-framework/slsa-github-generator#150](https://github.com/slsa-framework/slsa-github-generator/issues/150).
 - **Windows binary upgrade: never use detached child processes for `.old` cleanup** — On Windows, `replaceBinary()` renames the running exe to `.old` because the OS file-locks it. Cleaning up the `.old` via a detached `cmd /c ping -n 2 ... & del` process is unreliable (process may not spawn, `del` may fail silently, timing races). Instead, `cleanupStaleBinary()` runs at the next CLI startup as a fire-and-forget `unlink()` — the file is guaranteed unlocked by then. The cleanup is platform-agnostic (uses `getArtifactInfo()` to resolve the binary name), so it works on any supported platform even though only Windows currently creates `.old` files. The sync `unlinkSync` in `replaceBinary()` is kept as defense-in-depth for leftover `.old` files from previous upgrades. Do NOT reintroduce detached cleanup processes.
 - **`bun:sqlite` file handles persist after `db.close()` on Windows — wrap test cleanup in try/catch** — Tests that create temp SQLite databases via `new Database(path)` will fail with `EBUSY: resource busy or locked` when `rmSync` tries to remove the temp directory in `afterEach`, even after calling `db.close()`. Windows holds the file handle briefly. Fix: (1) set `PRAGMA journal_mode = DELETE` in test DBs to avoid creating WAL/SHM files, and (2) wrap `rmSync` in `afterEach` with `try { rmSync(...) } catch { /* SQLite handles may persist */ }`. Each test must use a unique temp dir name so leftover files don't collide.
-- **Inquirer permanently breaks Windows console newline handling — use `withPromptFix()`** (ENFORCED: ARCH-019/inquirer-prompt-wrapped) — When inquirer creates a readline interface on Windows, it enables VTP (Virtual Terminal Processing) which sets `DISABLE_NEWLINE_AUTO_RETURN`. This flag is NEVER restored after the prompt closes, so bare `\n` stops returning to column 0 for ALL subsequent output — not just during the prompt. The per-prompt `cursorTo(process.stdout, 0)` fix only addressed the cursor position after the answer line; it did NOT fix the console mode change. Root-cause fix: `src/helpers/prompt.ts` exports `withPromptFix()` which applies a permanent `process.stdout.write` patch (idempotent, applied once) that translates bare `\n` → `\r\n` via `(?<!\r)\n`, plus resets cursor to column 0 after each prompt. ALL inquirer prompt calls MUST be wrapped with `withPromptFix(() => inquirer.prompt([...]))`. The `upgrade.ts` command uses a separate `clearLine`/`cursorTo` pattern for download progress cleanup (not inquirer).
-- **`inquirer` must be lazy-loaded via dynamic `import()` — never statically imported at module level** (ENFORCED: ARCH-018/no-static-heavy-import — also covers `@sentry/*`, `posthog-node`) — `inquirer` costs ~200ms to parse. Static `import inquirer from "inquirer"` at module level forces every CLI invocation to pay this cost — even `--help`, `--version`, and non-interactive commands that never prompt. Always use `const { default: inquirer } = await import("inquirer")` at the call site, inside the action handler or function that actually needs it. Applied in `src/commands/adr/create.ts`, `src/commands/init.ts`, `src/helpers/editor-detect.ts`, `src/helpers/login-flow.ts`. Same principle applies to any heavy dependency used only in specific code paths (e.g., Sentry and PostHog SDKs are already lazy-loaded in `sentry.ts` and `telemetry.ts`).
 - **Telemetry/Sentry init should be started eagerly but awaited lazily** — In `src/cli.ts`, `initSentry()` + `initTelemetry()` are started before command registration (so they run concurrently with setup) but only awaited in the `preAction` hook (right before the first telemetry event). This defers ~150ms of SDK parsing + git subprocess cost for `--help`/`--version` which never trigger `preAction`. The `preAction` hook is `async` to support this `await`.
 - **Smoke test install-script steps must find a release with uploaded assets, not just the latest tag** — On release-commit pushes to main, the Validate and Release workflows trigger concurrently. The Release workflow creates the tag/release before `release-binaries.yml` uploads platform binaries. Smoke tests that naively use `gh release view --json tagName` get the just-created release and 404 on the binary download. Fix: iterate `gh release list --limit 5` and check each release's assets for the expected artifact (`archgate-win32-x64.zip` / `archgate-linux-x64.tar.gz`) before selecting the version. Applied in `smoke-test-windows.yml` and `smoke-test-linux.yml`.
 - **GitHub CodeQL "default setup" can silently skip PRs — use an explicit workflow** — The repository-level "default setup" for CodeQL does not guarantee analysis on every PR. PR #279 (Renovate deps update) had zero CodeQL analyses, dropping the Scorecard SAST score from 10 to 9. Fix: add an explicit `.github/workflows/codeql.yml` that runs on `push: [main]`, `pull_request: [main]`, and a weekly schedule. After merging, disable the "default setup" in repository Settings > Code security > Code scanning to avoid duplicate analyses. The explicit workflow gives Scorecard a detectable `github/codeql-action` reference and guarantees coverage.
@@ -59,7 +66,6 @@ Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to inv
 - **`Bun.env` modifications in parallel test files leak into integration test subprocesses** — Bun test runner runs all test files in a single process sharing `Bun.env`. Tests that set `Bun.env.HOME`, `Bun.env.GIT_CONFIG_NOSYSTEM`, or `Bun.env.GIT_CONFIG_GLOBAL` (e.g., `auth.test.ts`, `credential-store.test.ts`) modify the shared environment. Integration tests that spawn CLI subprocesses via `runCli()` spread `process.env` (which IS `Bun.env`) into the child, inheriting the leaked values. Symptom: git operations in the subprocess fail with "not a git repo" or similar, but the test passes in isolation. Fix: integration tests that rely on git must explicitly reset git-related env vars in the `runCli` call: `runCli(args, dir, { GIT_CONFIG_NOSYSTEM: "", GIT_CONFIG_GLOBAL: "" })`. Applied in `tests/integration/check.test.ts` for the `--base` tests.
 - **Cross-command I/O sharing: export from the existing command file, don't create shared files** — When two commands need to share I/O functions (console.log with styleText), you CANNOT put them in `src/helpers/` (ARCH-002 forbids console.log in helpers) or create a new file under `src/commands/<parent>/` without a register function (ARCH-001 requires register\*Command export, ARCH-016 requires docs heading). The correct pattern: export the shared functions from the command file that already defines them (e.g., `plugin/install.ts` exports `installForEditor()` and `printManualInstructions()`) and import them in the other command. Applied in `upgrade.ts` importing from `./plugin/install`.
 - **macOS `/var` → `/private/var` symlink breaks temp dir path comparisons in tests** — On macOS, `/var` is a symlink to `/private/var`. `mkdtempSync(join(tmpdir(), ...))` returns `/var/folders/...` but `process.cwd()` after `chdir()` resolves the symlink to `/private/var/folders/...`. Tests that compare `tempDir` against paths derived from `process.cwd()` or `findProjectRoot()` will fail. Fix: always wrap `mkdtempSync` with `realpathSync` in test setup: `tempDir = realpathSync(mkdtempSync(join(tmpdir(), "archgate-test-")))`. This normalizes the path upfront. Discovered in v0.38.0/v0.39.0 release builds — PR CI runs on ubuntu-latest only, so macOS-specific issues are invisible until the release workflow.
-- **Always use `bun run test`, never bare `bun test`, in CI workflows** (ENFORCED: GEN-003/no-bare-bun-test-in-ci) — The package.json `test` script includes `--timeout 60000`, but bare `bun test` uses Bun's default 5000ms timeout. Tests that perform filesystem operations or spawn subprocesses (e.g., session-context tests) can exceed 5s on slow CI runners. The `release-binaries.yml` Windows step originally used `bun test` and hit timeout failures. Same principle as "never use `bunx prettier` directly" — always prefer `bun run <script>` to pick up script-level flags. To pass extra flags, append after the script: `bun run test --coverage`.
 - **Don't test that well-known tools exist on PATH** — Tests like `expect(resolveCommand("bun")).toBe("bun")` assert CI environment state, not application logic. They fail when the runner installs tools via shims (e.g., proto on macOS ARM64 where `Bun.which` returns null). Delete such tests entirely — the "returns null for non-existent command" tests already cover `resolveCommand`'s actual logic, and WSL-specific tests cover the `.exe` fallback path.
 - **`mock.module` + `require()` of the same module is unreliable on macOS ARM64** — Using `require("../path/to/module")` inside a `mock.module("../path/to/module", factory)` factory to spread the real exports is unreliable on darwin-arm64. The `require()` can return a circular/empty object instead of the real module, causing the spread to produce an incomplete mock (missing functions). Fix: provide explicit inline implementations of all needed functions in the mock factory. See `sync.test.ts` for the reliable pattern (all exports declared explicitly). Applied in `tests/commands/adr/import.test.ts` — PR [#355](https://github.com/archgate/cli/pull/355).
 

From 69186d337c7dcb92fa6f64b46cb3fc02e59cf5a7 Mon Sep 17 00:00:00 2001
From: Rhuan Barreto <rhuan@barreto.work>
Date: Fri, 29 May 2026 02:10:30 +0200
Subject: [PATCH 3/5] docs(memory): remove ADR-enforced patterns instead of
 pointing to them
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Drop the "Enforced by ADRs" pointer map entirely — enforced conventions
live in their ADRs (which the agent reads before coding), so duplicating
even a one-liner is redundant. Memory now keeps only non-enforceable
lessons. 22.4KB -> 16.7KB.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
---
 .../agent-memory/archgate-developer/MEMORY.md   | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/.claude/agent-memory/archgate-developer/MEMORY.md b/.claude/agent-memory/archgate-developer/MEMORY.md
index 26cca3e1..98c8a5ca 100644
--- a/.claude/agent-memory/archgate-developer/MEMORY.md
+++ b/.claude/agent-memory/archgate-developer/MEMORY.md
@@ -28,22 +28,9 @@ Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to inv
 
 - **Content filtering on policy/legal text** — Writing files containing Contributor Covenant, license text, or similar legal boilerplate (e.g., `CODE_OF_CONDUCT.md`) may trigger API content filtering and block output. Do NOT attempt to auto-generate these files. Instead, tell the user to copy the content manually from the official source (e.g., https://www.contributor-covenant.org/version/2/1/code_of_conduct/).
 
-## Enforced by ADRs
-
-These conventions are now machine-checked by `archgate check` — the ADR + its `.rules.ts` own the full rationale and do/don'ts. This is just a map; read the ADR before relying on specifics.
-
-- **GEN-003** — no `bunx`/`npx` of lint/format tools (prettier, oxfmt, oxlint, eslint, biome); use `bun run <script>`. Also bans bare `bun test` in CI (use `bun run test`, append flags after). This repo's formatter is **oxfmt**.
-- **ARCH-001** — no top-level `await` in `src/cli.ts`; wrap async bootstrap in `async function main()` (`--bytecode` rejects it).
-- **ARCH-013** — shim `LICENSE.md`/`README.md`/version files stay byte-identical to root (propagated by `.simple-release.js`).
-- **ARCH-017** — no `main` field in root `package.json` (keeps the npm thin shim lean).
-- **ARCH-018** — lazy-load heavy deps (`inquirer`, `@sentry/*`, `posthog-node`) via dynamic `import()`; `import type` is exempt.
-- **ARCH-019** — wrap every `inquirer.prompt()` in `withPromptFix()` (Windows newline corruption).
-- **ARCH-020** — `Bun.Glob.scan()` must pass `{ dot: true }` (else dot-dirs silently skipped on Windows).
-- **ARCH-021** — `.ps1` files must be ASCII-only (Windows PowerShell 5.1 mis-decodes BOM-less UTF-8).
-
 ## Patterns & Fixes
 
-Non-enforceable lessons — environment/CI/platform quirks no static rule can reliably catch.
+Non-enforceable lessons — environment/CI/platform quirks no static rule can reliably catch. (Conventions that ARE machine-checked live in their ADRs under `.archgate/adrs/`; the agent reads those before coding, so they are intentionally not duplicated here.)
 
 - **YAML double-quoted strings require escaped backslashes for Windows paths in tests** — YAML interprets `\` as an escape character inside double-quoted strings. Writing `cwd: "E:\project"` silently corrupts the parsed value because `\p` is not a valid escape sequence. Fix: use `JSON.stringify(path)` to produce properly escaped YAML values (e.g., `cwd: ${JSON.stringify(cwd)}`). JSON and YAML double-quoted strings share the same escape syntax. Encountered in Copilot CLI session-context tests (`workspace.yaml` with Windows paths).
 - **`git commit` in temp repos requires local identity** — CI runners have no global `user.email`/`user.name` configured. Any test that runs `git commit` on a temp repo MUST call `git config user.email` and `git config user.name` locally after `git init`. Fails with a cryptic `ShellPromise` error in CI; passes locally. Also captured in ARCH-005 Do's.
@@ -84,4 +71,4 @@ Non-enforceable lessons — environment/CI/platform quirks no static rule can re
 - **npm shim + GitHub Releases** — The npm package is a thin shim (`bin/archgate.cjs`). On first run, the shim downloads the platform binary from GitHub Releases and caches it to `~/.archgate/bin/`. No platform-specific npm packages.
 - **`.cjs` extension is mandatory** — Root `package.json` has `"type": "module"`. Any Node.js CJS wrapper script placed at the package root MUST use `.cjs`, not `.js`, or Node.js will attempt to parse it as ESM and fail.
 - [Shim publishing pipeline gotchas](project_shim_publishing.md) — PyPI README, RubyGem Rakefile/working-dir, Maven waitUntil; build reqs not caught by `archgate check`
-- **Each shim needs its own `LICENSE.md`** — Now ENFORCED by the `ARCH-013/shim-license-sync` rule (fails `archgate check` on drift) and propagated at release by `.simple-release.js` `bump()`, parallel to the README sync. Operational detail: a subdir Go module's zip only contains files under its subtree, so root `LICENSE.md` is excluded and pkg.go.dev shows "no license" until `shims/go/LICENSE.md` exists. To register a subdir Go module, hit the proxy: `curl https://proxy.golang.org/<module>/@v/<version>.info`.
+- **Registering a subdir Go module on pkg.go.dev** — A subdir Go module's zip only contains files under its subtree, so the repo-root `LICENSE.md` is excluded and pkg.go.dev shows "no license" until `shims/go/LICENSE.md` exists (the shim LICENSE sync is enforced by ARCH-013). To trigger registration, hit the proxy: `curl https://proxy.golang.org/<module>/@v/<version>.info`.

From acd44668502ca89cc84163ad44a6f892a99433ec Mon Sep 17 00:00:00 2001
From: Rhuan Barreto <rhuan@barreto.work>
Date: Fri, 29 May 2026 02:14:51 +0200
Subject: [PATCH 4/5] docs(memory): prune settled and ADR-duplicated lessons

Remove entries that no longer earn their place: git-identity-in-tests
and mock.module/fetch (fully covered in ARCH-005 Do's/Don'ts/examples),
SLSA tag-pin (stale line/version; owned by an in-repo comment + CI-001
carve-out), telemetry eager/lazy init (derivable from cli.ts comments),
smoke-test asset finding and CodeQL setup (settled one-time CI changes;
codeql.yml now exists). Trim the GITHUB_TOKEN entry to its generalizable
lesson, dropping the PR-history narrative.

Memory now keeps only recurring, non-enforceable hazards. 22.4KB -> 12.1KB.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
---
 .claude/agent-memory/archgate-developer/MEMORY.md | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/.claude/agent-memory/archgate-developer/MEMORY.md b/.claude/agent-memory/archgate-developer/MEMORY.md
index 98c8a5ca..1ee43728 100644
--- a/.claude/agent-memory/archgate-developer/MEMORY.md
+++ b/.claude/agent-memory/archgate-developer/MEMORY.md
@@ -33,23 +33,16 @@ Skipping steps 2 or 3 is a workflow violation. The user should NEVER have to inv
 Non-enforceable lessons — environment/CI/platform quirks no static rule can reliably catch. (Conventions that ARE machine-checked live in their ADRs under `.archgate/adrs/`; the agent reads those before coding, so they are intentionally not duplicated here.)
 
 - **YAML double-quoted strings require escaped backslashes for Windows paths in tests** — YAML interprets `\` as an escape character inside double-quoted strings. Writing `cwd: "E:\project"` silently corrupts the parsed value because `\p` is not a valid escape sequence. Fix: use `JSON.stringify(path)` to produce properly escaped YAML values (e.g., `cwd: ${JSON.stringify(cwd)}`). JSON and YAML double-quoted strings share the same escape syntax. Encountered in Copilot CLI session-context tests (`workspace.yaml` with Windows paths).
-- **`git commit` in temp repos requires local identity** — CI runners have no global `user.email`/`user.name` configured. Any test that runs `git commit` on a temp repo MUST call `git config user.email` and `git config user.name` locally after `git init`. Fails with a cryptic `ShellPromise` error in CI; passes locally. Also captured in ARCH-005 Do's.
 - **`Bun.Glob.match()` triggers oxlint `prefer-regexp-test`** — `Bun.Glob.match()` returns a boolean (not a RegExp), but oxlint can't tell. Suppress with `// oxlint-disable-next-line prefer-regexp-test -- Bun.Glob.match() returns boolean, not RegExp`.
 - **oxlint `no-negated-condition`** — Always write ternaries with the positive condition first: `x === null ? A : B` not `x !== null ? B : A`. Applies to both `if/else` blocks and ternary expressions.
 - **oxlint `no-unused-vars` on catch parameters** — Use bare `catch { }` (no parameter) when the caught error is not used. `catch (err) { }` with unused `err` triggers the rule.
 - **oxlint `no-await-in-loop`** — Sequential `await` inside a `for` loop is flagged (warning). When the sequential order is intentional (e.g., build steps with per-step output), suppress with `// oxlint-disable-next-line no-await-in-loop -- <reason>`.
-- **`mock.module("node:fetch", ...)` does NOT intercept `globalThis.fetch` in Bun** — Bun's runtime fetch is `globalThis.fetch`, not the `node:fetch` module. Using `mock.module` silently fails; the real network is hit. Always mock fetch by assigning `globalThis.fetch = mockFn as unknown as typeof fetch` directly, and restore via `mock.restore()` in `afterEach`. TypeScript type cast: `as never` is insufficient for the `typeof fetch` type (which includes `preconnect`) — always use `as unknown as typeof fetch`. Also captured in ARCH-005 Don'ts.
 - **Git credential tests need system-level isolation on Windows** — Overriding `Bun.env.HOME` is NOT sufficient to isolate `git credential fill/approve` calls in tests. Windows Credential Manager is a system-level API, not file-based. Tests MUST set `Bun.env.GIT_CONFIG_NOSYSTEM = "1"` and `Bun.env.GIT_CONFIG_GLOBAL = <path-to-empty-file>` to prevent git from reading the real credential helper config. Without this, tests on machines with stored credentials will pick up real tokens.
 - **GCM prompt suppression requires 5 env vars** — `GIT_TERMINAL_PROMPT=0` alone does NOT prevent Git Credential Manager (GCM) from showing GUI prompts on Windows or askpass prompts on Linux. The full set for `gitCredentialEnv()` in `src/helpers/credential-store.ts` is: `GIT_TERMINAL_PROMPT=0`, `GCM_INTERACTIVE=never`, `GCM_GUI_PROMPT=false`, `GIT_ASKPASS=""`, `SSH_ASKPASS=""`. Omitting any one can trigger unexpected prompts in editor contexts where the CLI runs as a subprocess.
 - **Module-level `{ ...Bun.env }` captures env at import time** — Spreading `Bun.env` into a module-level constant freezes the env snapshot. Tests that override `Bun.env.HOME` after import won't affect the constant. Fix: use a function that returns `{ ...Bun.env, ... }` on each call so it picks up test-time overrides. Applied in `src/helpers/credential-store.ts`.
-- **SLSA reusable workflow MUST be tag-pinned, not SHA-pinned** — `slsa-framework/slsa-github-generator/.github/workflows/*` looks like it should follow CI-001 (SHA pin), but the SLSA generator's `generate-builder.sh` reads the workflow ref to download the prebuilt builder from a GitHub release and rejects non-tag refs (`Invalid ref: ... Expected ref of the form refs/tags/vX.Y.Z`, exit 2). Pinning by SHA broke the v0.31.0 release ([run 25107195589](https://github.com/archgate/cli/actions/runs/25107195589)). The CI-001 rule allowlists this path so it does NOT block a SHA repin — meaning a future agent could "fix" the tag pin and the rule would be silent until the next release fails. ALWAYS keep `@v2.x.y` for `release-binaries.yml:165` and read the inline comment + CI-001 "Carved-out exceptions" before changing. Upstream issue: [slsa-framework/slsa-github-generator#150](https://github.com/slsa-framework/slsa-github-generator/issues/150).
 - **Windows binary upgrade: never use detached child processes for `.old` cleanup** — On Windows, `replaceBinary()` renames the running exe to `.old` because the OS file-locks it. Cleaning up the `.old` via a detached `cmd /c ping -n 2 ... & del` process is unreliable (process may not spawn, `del` may fail silently, timing races). Instead, `cleanupStaleBinary()` runs at the next CLI startup as a fire-and-forget `unlink()` — the file is guaranteed unlocked by then. The cleanup is platform-agnostic (uses `getArtifactInfo()` to resolve the binary name), so it works on any supported platform even though only Windows currently creates `.old` files. The sync `unlinkSync` in `replaceBinary()` is kept as defense-in-depth for leftover `.old` files from previous upgrades. Do NOT reintroduce detached cleanup processes.
 - **`bun:sqlite` file handles persist after `db.close()` on Windows — wrap test cleanup in try/catch** — Tests that create temp SQLite databases via `new Database(path)` will fail with `EBUSY: resource busy or locked` when `rmSync` tries to remove the temp directory in `afterEach`, even after calling `db.close()`. Windows holds the file handle briefly. Fix: (1) set `PRAGMA journal_mode = DELETE` in test DBs to avoid creating WAL/SHM files, and (2) wrap `rmSync` in `afterEach` with `try { rmSync(...) } catch { /* SQLite handles may persist */ }`. Each test must use a unique temp dir name so leftover files don't collide.
-- **Telemetry/Sentry init should be started eagerly but awaited lazily** — In `src/cli.ts`, `initSentry()` + `initTelemetry()` are started before command registration (so they run concurrently with setup) but only awaited in the `preAction` hook (right before the first telemetry event). This defers ~150ms of SDK parsing + git subprocess cost for `--help`/`--version` which never trigger `preAction`. The `preAction` hook is `async` to support this `await`.
-- **Smoke test install-script steps must find a release with uploaded assets, not just the latest tag** — On release-commit pushes to main, the Validate and Release workflows trigger concurrently. The Release workflow creates the tag/release before `release-binaries.yml` uploads platform binaries. Smoke tests that naively use `gh release view --json tagName` get the just-created release and 404 on the binary download. Fix: iterate `gh release list --limit 5` and check each release's assets for the expected artifact (`archgate-win32-x64.zip` / `archgate-linux-x64.tar.gz`) before selecting the version. Applied in `smoke-test-windows.yml` and `smoke-test-linux.yml`.
-- **GitHub CodeQL "default setup" can silently skip PRs — use an explicit workflow** — The repository-level "default setup" for CodeQL does not guarantee analysis on every PR. PR #279 (Renovate deps update) had zero CodeQL analyses, dropping the Scorecard SAST score from 10 to 9. Fix: add an explicit `.github/workflows/codeql.yml` that runs on `push: [main]`, `pull_request: [main]`, and a weekly schedule. After merging, disable the "default setup" in repository Settings > Code security > Code scanning to avoid duplicate analyses. The explicit workflow gives Scorecard a detectable `github/codeql-action` reference and guarantees coverage.
-- **`GITHUB_TOKEN`-authored pushes do NOT trigger downstream workflows — release.yml MUST use the GH App token** — When an Actions workflow pushes commits or opens PRs using `${{ github.token }}` / `secrets.GITHUB_TOKEN`, GitHub intentionally suppresses the resulting `push` / `pull_request` events to prevent recursion. Symptom on release PRs: the head SHA has no `pull_request`-event check runs, so `Validate Code` / `Lint, Test & Check` / `DCO Sign-off Check` are missing from the PR rollup and branch protection treats the PR as missing required checks. PR [#131](https://github.com/archgate/cli/pull/131) papered over this by manually `gh workflow run` + posting commit statuses, but `workflow_dispatch` runs land on `head_branch: release` with `pull_requests: []` — they are not associated with the PR ref, so `Lint, Test & Check` stayed orphaned and the bug recurred on PR [#251](https://github.com/archgate/cli/pull/251). Root-cause fix: in `release.yml` the `pull-request` job MUST generate a GitHub App installation token via `actions/create-github-app-token` (using `secrets.GH_APP_APP_ID` / `secrets.GH_APP_PRIVATE_KEY`) and pass it to BOTH `actions/checkout` and `simple-release-action`. App-token-authored pushes DO trigger `pull_request` events naturally. Apply the same pattern to any future workflow that pushes to a branch whose downstream CI must run.
-
+- **`GITHUB_TOKEN`-authored pushes do NOT trigger downstream workflows** — When an Actions workflow pushes commits or opens PRs using `${{ github.token }}` / `secrets.GITHUB_TOKEN`, GitHub suppresses the resulting `push`/`pull_request` events (anti-recursion). Symptom: required PR checks never run, so branch protection treats the PR as missing checks. Fix: author such pushes with a GitHub App installation token (`actions/create-github-app-token`) passed to both `actions/checkout` and the pushing step. Applies to any new workflow that pushes to a branch whose downstream CI must run.
 - **`Bun.env` modifications in parallel test files leak into integration test subprocesses** — Bun test runner runs all test files in a single process sharing `Bun.env`. Tests that set `Bun.env.HOME`, `Bun.env.GIT_CONFIG_NOSYSTEM`, or `Bun.env.GIT_CONFIG_GLOBAL` (e.g., `auth.test.ts`, `credential-store.test.ts`) modify the shared environment. Integration tests that spawn CLI subprocesses via `runCli()` spread `process.env` (which IS `Bun.env`) into the child, inheriting the leaked values. Symptom: git operations in the subprocess fail with "not a git repo" or similar, but the test passes in isolation. Fix: integration tests that rely on git must explicitly reset git-related env vars in the `runCli` call: `runCli(args, dir, { GIT_CONFIG_NOSYSTEM: "", GIT_CONFIG_GLOBAL: "" })`. Applied in `tests/integration/check.test.ts` for the `--base` tests.
 - **Cross-command I/O sharing: export from the existing command file, don't create shared files** — When two commands need to share I/O functions (console.log with styleText), you CANNOT put them in `src/helpers/` (ARCH-002 forbids console.log in helpers) or create a new file under `src/commands/<parent>/` without a register function (ARCH-001 requires register\*Command export, ARCH-016 requires docs heading). The correct pattern: export the shared functions from the command file that already defines them (e.g., `plugin/install.ts` exports `installForEditor()` and `printManualInstructions()`) and import them in the other command. Applied in `upgrade.ts` importing from `./plugin/install`.
 - **macOS `/var` → `/private/var` symlink breaks temp dir path comparisons in tests** — On macOS, `/var` is a symlink to `/private/var`. `mkdtempSync(join(tmpdir(), ...))` returns `/var/folders/...` but `process.cwd()` after `chdir()` resolves the symlink to `/private/var/folders/...`. Tests that compare `tempDir` against paths derived from `process.cwd()` or `findProjectRoot()` will fail. Fix: always wrap `mkdtempSync` with `realpathSync` in test setup: `tempDir = realpathSync(mkdtempSync(join(tmpdir(), "archgate-test-")))`. This normalizes the path upfront. Discovered in v0.38.0/v0.39.0 release builds — PR CI runs on ubuntu-latest only, so macOS-specific issues are invisible until the release workflow.

From cd92699096c2df92fc531a4688652d66c6eff5be Mon Sep 17 00:00:00 2001
From: Rhuan Barreto <rhuan@barreto.work>
Date: Fri, 29 May 2026 02:28:54 +0200
Subject: [PATCH 5/5] test(adr): migrate import.test.ts to spyOn; slim agent
 memory
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the process-global mock.module() on the first-party registry
module with per-test spyOn (ARCH-005): mock.module leaks across files in
the same Bun process and risked contaminating registry.test.ts. Fakes are
typed as `typeof registryMod.fn` so they check against the real signatures,
and are restored via mock.restore() in afterEach. All 20 tests pass; full
suite green (1218 pass) with no cross-file leakage.

Memory slimming:
- Remove the "mock.module + require macOS" entry — obsolete now that the
  one file using it is migrated, and superseded by ARCH-005's spyOn guidance.
- Trim project_shim_publishing.md to the durable, non-enforceable gotchas;
  drop ephemeral incident details (run IDs, deploymentId, v0.40.0 narrative).

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
---
 .../agent-memory/archgate-developer/MEMORY.md |   1 -
 .../project_shim_publishing.md                |  16 +-
 tests/commands/adr/import.test.ts             | 152 ++++++++++--------
 3 files changed, 88 insertions(+), 81 deletions(-)

diff --git a/.claude/agent-memory/archgate-developer/MEMORY.md b/.claude/agent-memory/archgate-developer/MEMORY.md
index 1c8358da..bb476920 100644
--- a/.claude/agent-memory/archgate-developer/MEMORY.md
+++ b/.claude/agent-memory/archgate-developer/MEMORY.md
@@ -51,7 +51,6 @@ Non-enforceable lessons — environment/CI/platform quirks no static rule can re
 - **Cross-command I/O sharing: export from the existing command file, don't create shared files** — When two commands need to share I/O functions (console.log with styleText), you CANNOT put them in `src/helpers/` (ARCH-002 forbids console.log in helpers) or create a new file under `src/commands/<parent>/` without a register function (ARCH-001 requires register\*Command export, ARCH-016 requires docs heading). The correct pattern: export the shared functions from the command file that already defines them (e.g., `plugin/install.ts` exports `installForEditor()` and `printManualInstructions()`) and import them in the other command. Applied in `upgrade.ts` importing from `./plugin/install`.
 - **macOS `/var` → `/private/var` symlink breaks temp dir path comparisons in tests** — On macOS, `/var` is a symlink to `/private/var`. `mkdtempSync(join(tmpdir(), ...))` returns `/var/folders/...` but `process.cwd()` after `chdir()` resolves the symlink to `/private/var/folders/...`. Tests that compare `tempDir` against paths derived from `process.cwd()` or `findProjectRoot()` will fail. Fix: always wrap `mkdtempSync` with `realpathSync` in test setup: `tempDir = realpathSync(mkdtempSync(join(tmpdir(), "archgate-test-")))`. This normalizes the path upfront. Discovered in v0.38.0/v0.39.0 release builds — PR CI runs on ubuntu-latest only, so macOS-specific issues are invisible until the release workflow.
 - **Don't test that well-known tools exist on PATH** — Tests like `expect(resolveCommand("bun")).toBe("bun")` assert CI environment state, not application logic. They fail when the runner installs tools via shims (e.g., proto on macOS ARM64 where `Bun.which` returns null). Delete such tests entirely — the "returns null for non-existent command" tests already cover `resolveCommand`'s actual logic, and WSL-specific tests cover the `.exe` fallback path.
-- **`mock.module` + `require()` of the same module is unreliable on macOS ARM64** — Using `require("../path/to/module")` inside a `mock.module("../path/to/module", factory)` factory to spread the real exports is unreliable on darwin-arm64. The `require()` can return a circular/empty object instead of the real module, causing the spread to produce an incomplete mock (missing functions). Fix: provide explicit inline implementations of all needed functions in the mock factory. See `sync.test.ts` for the reliable pattern (all exports declared explicitly). Applied in `tests/commands/adr/import.test.ts` — PR [#355](https://github.com/archgate/cli/pull/355).
 
 ## Validation Pipeline
 
diff --git a/.claude/agent-memory/archgate-developer/project_shim_publishing.md b/.claude/agent-memory/archgate-developer/project_shim_publishing.md
index d9451cb9..49714d34 100644
--- a/.claude/agent-memory/archgate-developer/project_shim_publishing.md
+++ b/.claude/agent-memory/archgate-developer/project_shim_publishing.md
@@ -1,18 +1,16 @@
 ---
 name: shim-publishing-pipeline
-description: Build/publish requirements for the multi-ecosystem shims in publish-shims.yml (pypi, rubygem, maven) — non-obvious gotchas that broke the first v0.40.0 release
+description: Non-obvious build/publish requirements for the multi-ecosystem shims in publish-shims.yml (pypi, rubygem, maven) that `archgate check` does NOT catch
 metadata:
   type: project
 ---
 
-The `publish-shims.yml` workflow publishes thin shim packages to PyPI, RubyGems, Maven Central, NuGet, and Go. Added in [#356](https://github.com/archgate/cli/pull/356); first ran at v0.40.0 ([run 26601268709](https://github.com/archgate/cli/actions/runs/26601268709)) where pypi/rubygem/maven all failed. Each ecosystem has build-time requirements NOT covered by the `shim-version-sync` ADR rule (ARCH-013), which only checks version strings.
+`publish-shims.yml` publishes thin shim packages to PyPI, RubyGems, Maven Central, NuGet, and Go. Each ecosystem has build-time requirements that no archgate rule enforces (ARCH-013's `shim-version-sync` only checks version strings) — so a green `archgate check` does NOT mean the shims will publish. These are external-tool config (hatchling, bundler, Sonatype central-publishing plugin) and breakage only surfaces at release time.
 
-**Why:** These are external-tool config requirements (hatchling, bundler, Sonatype central-publishing plugin) that no archgate lint rule enforces — so a green `archgate check` does NOT mean the shims will publish.
+**When editing any shim under `shims/` or `publish-shims.yml`:**
 
-**How to apply** — when editing any shim under `shims/` or `publish-shims.yml`:
+- **PyPI** (`shims/pypi/`): `pyproject.toml` declares `readme = "README.md"`, so `shims/pypi/README.md` MUST exist or `python -m build` fails with `OSError: Readme file does not exist`.
+- **RubyGem** (`shims/rubygem/`): `rubygems/release-gem` runs `bundle exec rake release` from its `working-directory`. Requires (1) `working-directory: shims/rubygem` on BOTH `ruby/setup-ruby` (with `bundler-cache: true`) and `rubygems/release-gem`; (2) a `shims/rubygem/Rakefile` with `require "bundler/gem_tasks"` for the `release` task. Do NOT commit `Gemfile.lock` — bundler-cache generates it untracked, keeping `release:guard_clean` happy.
+- **Maven** (`shims/maven/pom.xml`): use `<waitUntil>validated</waitUntil>` with `<autoPublish>true</autoPublish>`, NOT `<waitUntil>published</waitUntil>` — the latter blocks until Sonatype finishes publishing, which routinely exceeds the job timeout (upload succeeds, then the build hangs on "Waiting until Deployment ... is published").
 
-- **PyPI** (`shims/pypi/`): `pyproject.toml` declares `readme = "README.md"`, so `shims/pypi/README.md` MUST exist or `python -m build` fails with `OSError: Readme file does not exist`. If you change the `readme =` key, keep the referenced file present.
-- **RubyGem** (`shims/rubygem/`): `rubygems/release-gem` runs `bundle exec rake release` from its `working-directory` input. Requires (1) `working-directory: shims/rubygem` on BOTH `ruby/setup-ruby` (with `bundler-cache: true` so `bundle install` runs) and `rubygems/release-gem`; and (2) a `shims/rubygem/Rakefile` containing `require "bundler/gem_tasks"` to provide the `release` task. Without the working-directory, bundler errors `Could not locate Gemfile`. Do NOT commit a `Gemfile.lock` — bundler-cache generates it untracked, which keeps `release:guard_clean` happy (an untracked lock isn't seen by `git diff --exit-code`).
-- **Maven** (`shims/maven/pom.xml`): the `central-publishing-maven-plugin` with `<waitUntil>published</waitUntil>` blocks the build until Sonatype fully publishes, which routinely exceeds the 15-min job timeout (upload itself succeeds — you'll see `Uploaded bundle successfully` then a hang on `Waiting until Deployment ... is published`). Use `<waitUntil>validated</waitUntil>` with `<autoPublish>true</autoPublish>` so the build returns after validation and publishing finishes async.
-
-**Re-running after a partial failure:** the jobs are not idempotent across a full workflow re-run. `publish-go-tag` (creates a git tag), `publish-nuget`, and a maven deploy that already uploaded will fail on "already exists" the second time. After fixing, prefer applying to the next version bump, or `workflow_dispatch` only the previously-failed ecosystems. Note v0.40.0's maven bundle DID upload (deploymentId d7671fb1) before the timeout, so it may already be published on Central.
+**Re-runs are not idempotent:** `publish-go-tag` (creates a git tag), `publish-nuget`, and an already-uploaded Maven deploy fail on "already exists" on a second run. After a partial failure, apply the fix to the next version bump or `workflow_dispatch` only the failed ecosystems.
diff --git a/tests/commands/adr/import.test.ts b/tests/commands/adr/import.test.ts
index 99b54eb0..e78f0ac6 100644
--- a/tests/commands/adr/import.test.ts
+++ b/tests/commands/adr/import.test.ts
@@ -23,77 +23,82 @@ import { join } from "node:path";
 
 import { Command } from "@commander-js/extra-typings";
 
-import { parsePackMetadata } from "../../../src/formats/pack";
-
-// Module mock — declared before importing so shallowClone never hits the network.
-// Provides explicit implementations instead of `require()` + spread of the mocked
-// module, which is unreliable on macOS ARM64 (Bun mock.module interop issue).
-let fakeCloneDir: string = "";
-mock.module("../../../src/helpers/registry", () => ({
-  resolveSource(input: string) {
-    const atIdx = input.lastIndexOf("@");
-    const base = atIdx <= 0 ? input : input.slice(0, atIdx);
-    const ref = atIdx <= 0 ? undefined : input.slice(atIdx + 1);
-    if (base.startsWith("packs/")) {
-      return {
-        kind: "official",
-        repoUrl: "https://github.com/archgate/awesome-adrs.git",
-        ref,
-        subpath: base,
-      };
-    }
-    const segments = base.split("/");
-    if (segments.length >= 3) {
-      const [org, repo, ...rest] = segments;
-      return {
-        kind: "github-repo",
-        repoUrl: `https://github.com/${org}/${repo}.git`,
-        ref,
-        subpath: rest.join("/"),
-      };
-    }
-    throw new Error(`Cannot resolve source "${input}".`);
-  },
-  async detectTarget(cloneDir: string, subpath: string) {
-    const fullPath = join(cloneDir, subpath);
-    const packYaml = join(fullPath, "archgate-pack.yaml");
-    if (existsSync(packYaml)) {
-      const raw = await Bun.file(packYaml).text();
-      const packMeta = parsePackMetadata(raw);
-      const adrsDir = join(fullPath, "adrs");
-      const entries = existsSync(adrsDir) ? readdirSync(adrsDir) : [];
-      return {
-        kind: "pack",
-        packMeta,
-        adrFiles: entries
-          .filter((f: string) => f.endsWith(".md"))
-          .map((f: string) => join(adrsDir, f)),
-        rulesFiles: entries
-          .filter((f: string) => f.endsWith(".rules.ts"))
-          .map((f: string) => join(adrsDir, f)),
-        baseDir: adrsDir,
-      };
-    }
-    const mdPath = fullPath.endsWith(".md") ? fullPath : `${fullPath}.md`;
-    if (existsSync(mdPath)) {
-      const rulesPath = mdPath.replace(/\.md$/u, ".rules.ts");
-      return {
-        kind: "single-adr",
-        adrFile: mdPath,
-        rulesFile: existsSync(rulesPath) ? rulesPath : null,
-        baseDir: join(mdPath, ".."),
-      };
-    }
-    throw new Error(
-      `Cannot detect import target at "${subpath}". Expected archgate-pack.yaml (pack) or a .md file (single ADR).`
-    );
-  },
-  shallowClone: () => Promise.resolve(fakeCloneDir),
-}));
-
 import { registerAdrImportCommand } from "../../../src/commands/adr/import";
+import { parsePackMetadata } from "../../../src/formats/pack";
+import * as registryMod from "../../../src/helpers/registry";
 import { safeRmSync } from "../../test-utils";
 
+// Per-test clone target; the shallowClone spy reads it at call time.
+let fakeCloneDir = "";
+
+// Explicit stand-ins for the first-party registry module, installed via spyOn
+// in beforeEach. We deliberately avoid mock.module: mock.module on a first-party
+// module is process-global and would leak into tests/helpers/registry.test.ts
+// (see ARCH-005). spyOn is per-test and auto-restored, and reaches import.ts's
+// static named imports via Bun's live bindings.
+const fakeResolveSource: typeof registryMod.resolveSource = (input) => {
+  const atIdx = input.lastIndexOf("@");
+  const base = atIdx <= 0 ? input : input.slice(0, atIdx);
+  const ref = atIdx <= 0 ? undefined : input.slice(atIdx + 1);
+  if (base.startsWith("packs/")) {
+    return {
+      kind: "official",
+      repoUrl: "https://github.com/archgate/awesome-adrs.git",
+      ref,
+      subpath: base,
+    };
+  }
+  const segments = base.split("/");
+  if (segments.length >= 3) {
+    const [org, repo, ...rest] = segments;
+    return {
+      kind: "github-repo",
+      repoUrl: `https://github.com/${org}/${repo}.git`,
+      ref,
+      subpath: rest.join("/"),
+    };
+  }
+  throw new Error(`Cannot resolve source "${input}".`);
+};
+
+const fakeDetectTarget: typeof registryMod.detectTarget = async (
+  cloneDir,
+  subpath
+) => {
+  const fullPath = join(cloneDir, subpath);
+  const packYaml = join(fullPath, "archgate-pack.yaml");
+  if (existsSync(packYaml)) {
+    const raw = await Bun.file(packYaml).text();
+    const packMeta = parsePackMetadata(raw);
+    const adrsDir = join(fullPath, "adrs");
+    const entries = existsSync(adrsDir) ? readdirSync(adrsDir) : [];
+    return {
+      kind: "pack",
+      packMeta,
+      adrFiles: entries
+        .filter((f) => f.endsWith(".md"))
+        .map((f) => join(adrsDir, f)),
+      rulesFiles: entries
+        .filter((f) => f.endsWith(".rules.ts"))
+        .map((f) => join(adrsDir, f)),
+      baseDir: adrsDir,
+    };
+  }
+  const mdPath = fullPath.endsWith(".md") ? fullPath : `${fullPath}.md`;
+  if (existsSync(mdPath)) {
+    const rulesPath = mdPath.replace(/\.md$/u, ".rules.ts");
+    return {
+      kind: "single-adr",
+      adrFile: mdPath,
+      rulesFile: existsSync(rulesPath) ? rulesPath : null,
+      baseDir: join(mdPath, ".."),
+    };
+  }
+  throw new Error(
+    `Cannot detect import target at "${subpath}". Expected archgate-pack.yaml (pack) or a .md file (single ADR).`
+  );
+};
+
 const PACK_YAML =
   "name: test-pack\nversion: 0.1.0\ndescription: A test pack for import testing.\nmaintainers:\n  - github: testuser\ntags: []\nrequires: []";
 
@@ -137,7 +142,7 @@ describe("import action handler", () => {
 
   beforeEach(() => {
     // realpathSync normalizes macOS /var → /private/var symlink so paths
-    // match what process.cwd() and mock.module resolve to at runtime.
+    // match what process.cwd() resolves to at runtime.
     tempDir = realpathSync(
       mkdtempSync(join(tmpdir(), "archgate-import-test-"))
     );
@@ -151,6 +156,11 @@ describe("import action handler", () => {
       throw new Error("process.exit");
     });
     fakeCloneDir = upstreamDir;
+    spyOn(registryMod, "resolveSource").mockImplementation(fakeResolveSource);
+    spyOn(registryMod, "detectTarget").mockImplementation(fakeDetectTarget);
+    spyOn(registryMod, "shallowClone").mockImplementation(() =>
+      Promise.resolve(fakeCloneDir)
+    );
   });
 
   afterEach(() => {
@@ -158,8 +168,8 @@ describe("import action handler", () => {
     delete Bun.env.ARCHGATE_PROJECT_CEILING;
     safeRmSync(tempDir);
     safeRmSync(upstreamDir);
-    logSpy.mockRestore();
-    exitSpy.mockRestore();
+    // Restores all spyOn mocks (console.log, process.exit, and the registry spies).
+    mock.restore();
   });
 
   function scaffoldProject(): void {