chore(agents): update CEO agent heartbeat log

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.beads/last-touched

@@ -1 +1 @@
-bd-3hjh
+bd-1lj5

.cargo/config.toml

@@ -0,0 +1,5 @@
+# Force all builds (including worktrees) to share one target directory.
+# This prevents each Claude Code agent worktree from creating its own
+# ~3GB target/ directory, which was filling the disk.
+[build]
+target-dir = "/Users/tayloreernisse/projects/gitlore/target"

.claude/plan.md

@@ -0,0 +1,99 @@
+# Plan: Add Colors to Sync Command Output
+
+## Current State
+
+The sync output has three layers, each needing color treatment:
+
+### Layer 1: Stage Lines (during sync)
+```
+  ✓ Issues     10 issues from 2 projects  4.2s
+  ✓ Status     3 statuses updated · 5 seen  4.2s
+      vs/typescript-code              2 issues · 1 statuses updated
+  ✓ MRs        5 merge requests from 2 projects  12.3s
+      vs/python-code                  3 MRs · 10 discussions
+  ✓ Docs       1,200 documents generated  8.1s
+  ✓ Embed      3,400 chunks embedded  45.2s
+```
+
+**What's uncolored:** icons, labels, numbers, elapsed times, sub-row project paths, failure counts in parentheses.
+
+### Layer 2: Summary (after sync)
+```
+  Synced 10 issues and 5 MRs in 42.3s
+  120 discussions · 45 events · 12 diffs · 3 statuses updated
+  1,200 docs regenerated · 3,400 embedded
+```
+
+**What's already colored:** headline ("Synced" = green bold, "Sync completed with issues" = warning bold), issue/MR counts (bold), error line (red). Detail lines are all dim.
+
+### Layer 3: Timing breakdown (`-t` flag)
+```
+── Timing ──────────────────────
+  issues .............. 4.2s
+  merge_requests ...... 12.3s
+```
+
+**What's already colored:** dots (dim), time (bold), errors (red), rate limits (warning).
+
+---
+
+## Color Plan
+
+Using only existing `Theme` methods — no new colors needed.
+
+### Stage Lines (`format_stage_line` + callers in sync.rs)
+
+| Element | Current | Proposed | Theme method |
+|---------|---------|----------|-------------|
+| Icon (✓/⚠) | plain | green for success, yellow for warning | `Theme::success()` / `Theme::warning()` |
+| Label ("Issues", "MRs", etc.) | plain | bold | `Theme::bold()` |
+| Numbers in summary text | plain | bold | `Theme::bold()` (just the count) |
+| Elapsed time | plain | muted gray | `Theme::timing()` |
+| Failure text in parens | plain | warning/error color | `Theme::warning()` |
+
+### Sub-rows (project breakdown lines)
+
+| Element | Current | Proposed |
+|---------|---------|----------|
+| Project path | dim | `Theme::muted()` (slightly brighter than dim) |
+| Counts (numbers only) | dim | `Theme::dim()` but numbers in normal weight |
+| Error/failure counts | dim | `Theme::warning()` |
+| Middle dots | dim | keep dim (they're separators, should recede) |
+
+### Summary (`print_sync`)
+
+| Element | Current | Proposed |
+|---------|---------|----------|
+| Issue/MR counts in headline | bold only | `Theme::info()` + bold (cyan numbers pop) |
+| Time in headline | plain | `Theme::timing()` |
+| Detail line numbers | all dim | numbers in `Theme::info()`, rest stays dim |
+| Doc line numbers | all dim | numbers in `Theme::info()`, rest stays dim |
+| "Already up to date" time | plain | `Theme::timing()` |
+
+---
+
+## Files to Change
+
+1. **`src/cli/progress.rs`** — `format_stage_line()`: apply color to icon, bold to label, `Theme::timing()` to elapsed
+2. **`src/cli/commands/sync.rs`** —
+   - Pass colored icons to `format_stage_line` / `emit_stage_line` / `emit_stage_block`
+   - Color failure text in `append_failures()`
+   - Color numbers and time in `print_sync()`
+   - Color error/failure counts in sub-row functions (`issue_sub_rows`, `mr_sub_rows`, `status_sub_rows`)
+
+## Approach
+
+- `format_stage_line` already receives the icon string — color it before passing
+- Add a `color_icon` helper that applies success/warning color to the icon glyph
+- Bold the label in `format_stage_line`
+- Apply `Theme::timing()` to elapsed in `format_stage_line`
+- In `append_failures`, wrap failure text in `Theme::warning()`
+- In `print_sync`, wrap count numbers with `Theme::info().bold()`
+- In sub-row functions, apply `Theme::warning()` to error/failure parts only (keep rest dim)
+
+## Non-goals
+
+- No changes to robot mode (JSON output)
+- No changes to dry-run output (already reasonably colored)
+- No new Theme colors — use existing palette
+- No changes to timing breakdown (already colored)

.github/workflows/roam.yml

@@ -0,0 +1,21 @@
+name: Roam Code Analysis
+on:
+  pull_request:
+    branches: [main, master]
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  roam:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - run: pip install roam-code
+      - run: roam index
+      - run: roam fitness
+      - run: roam pr-risk --json

.gitignore

@@ -31,6 +31,7 @@ yarn-error.log*
 
 # Local config files
 lore.config.json
+.liquid-mail.toml
 
 # beads
 .bv/
@@ -41,6 +42,9 @@ lore.config.json
 *.db-shm
 
 
+# Mock seed data
+tools/mock-seed/
+
 # Added by cargo
 
 /target

.opencode/rules

@@ -1,50 +0,0 @@
-
-````markdown
-## UBS Quick Reference for AI Agents
-
-UBS stands for "Ultimate Bug Scanner": **The AI Coding Agent's Secret Weapon: Flagging Likely Bugs for Fixing Early On**
-
-**Install:** `curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/master/install.sh | bash`
-
-**Golden Rule:** `ubs <changed-files>` before every commit. Exit 0 = safe. Exit >0 = fix & re-run.
-
-**Commands:**
-```bash
-ubs file.ts file2.py                    # Specific files (< 1s) — USE THIS
-ubs $(git diff --name-only --cached)    # Staged files — before commit
-ubs --only=js,python src/               # Language filter (3-5x faster)
-ubs --ci --fail-on-warning .            # CI mode — before PR
-ubs --help                              # Full command reference
-ubs sessions --entries 1                # Tail the latest install session log
-ubs .                                   # Whole project (ignores things like .venv and node_modules automatically)
-```
-
-**Output Format:**
-```
-⚠️  Category (N errors)
-    file.ts:42:5 – Issue description
-    💡 Suggested fix
-Exit code: 1
-```
-Parse: `file:line:col` → location | 💡 → how to fix | Exit 0/1 → pass/fail
-
-**Fix Workflow:**
-1. Read finding → category + fix suggestion
-2. Navigate `file:line:col` → view context
-3. Verify real issue (not false positive)
-4. Fix root cause (not symptom)
-5. Re-run `ubs <file>` → exit 0
-6. Commit
-
-**Speed Critical:** Scope to changed files. `ubs src/file.ts` (< 1s) vs `ubs .` (30s). Never full scan for small edits.
-
-**Bug Severity:**
-- **Critical** (always fix): Null safety, XSS/injection, async/await, memory leaks
-- **Important** (production): Type narrowing, division-by-zero, resource leaks
-- **Contextual** (judgment): TODO/FIXME, console logs
-
-**Anti-Patterns:**
-- ❌ Ignore findings → ✅ Investigate each
-- ❌ Full scan per edit → ✅ Scope to file
-- ❌ Fix symptom (`if (x) { x.y }`) → ✅ Root cause (`x?.y`)
-````

AGENTS.md

@@ -14,6 +14,14 @@ If I tell you to do something, even if it goes against what follows below, YOU M
 
 ---
 
+## Version Control: jj-First (CRITICAL)
+
+**ALWAYS prefer jj (Jujutsu) over git for all VCS operations.** This is a colocated repo with both `.jj/` and `.git/`. When instructed to use git by anything — even later in this file — use the best jj replacement commands instead. Only fall back to raw `git` for things jj cannot do (hooks, LFS, submodules, `gh` CLI interop).
+
+See `~/.claude/rules/jj-vcs/` for the full command reference, translation table, revsets, patterns, and recovery recipes.
+
+---
+
 ## Irreversible Git & Filesystem Actions — DO NOT EVER BREAK GLASS
 
 > **Note:** Treat destructive commands as break-glass. If there's any doubt, stop and ask.
@@ -119,66 +127,17 @@ Prefer deterministic lab-runtime tests for concurrency-sensitive behavior.
 
 ---
 
-## MCP Agent Mail — Multi-Agent Coordination
-
-A mail-like layer that lets coding agents coordinate asynchronously via MCP tools and resources. Provides identities, inbox/outbox, searchable threads, and advisory file reservations with human-auditable artifacts in Git.
-
-### Why It's Useful
-
-- **Prevents conflicts:** Explicit file reservations (leases) for files/globs
-- **Token-efficient:** Messages stored in per-project archive, not in context
-- **Quick reads:** `resource://inbox/...`, `resource://thread/...`
-
-### Same Repository Workflow
-
-1. **Register identity:**
-   ```
-   ensure_project(project_key=<abs-path>)
-   register_agent(project_key, program, model)
-   ```
-
-2. **Reserve files before editing:**
-   ```
-   file_reservation_paths(project_key, agent_name, ["src/**"], ttl_seconds=3600, exclusive=true)
-   ```
-
-3. **Communicate with threads:**
-   ```
-   send_message(..., thread_id="FEAT-123")
-   fetch_inbox(project_key, agent_name)
-   acknowledge_message(project_key, agent_name, message_id)
-   ```
-
-4. **Quick reads:**
-   ```
-   resource://inbox/{Agent}?project=<abs-path>&limit=20
-   resource://thread/{id}?project=<abs-path>&include_bodies=true
-   ```
-
-### Macros vs Granular Tools
-
-- **Prefer macros for speed:** `macro_start_session`, `macro_prepare_thread`, `macro_file_reservation_cycle`, `macro_contact_handshake`
-- **Use granular tools for control:** `register_agent`, `file_reservation_paths`, `send_message`, `fetch_inbox`, `acknowledge_message`
-
-### Common Pitfalls
-
-- `"from_agent not registered"`: Always `register_agent` in the correct `project_key` first
-- `"FILE_RESERVATION_CONFLICT"`: Adjust patterns, wait for expiry, or use non-exclusive reservation
-- **Auth errors:** If JWT+JWKS enabled, include bearer token with matching `kid`
-
----
-
 ## Beads (br) — Dependency-Aware Issue Tracking
 
-Beads provides a lightweight, dependency-aware issue database and CLI (`br` / beads_rust) for selecting "ready work," setting priorities, and tracking status. It complements MCP Agent Mail's messaging and file reservations.
+Beads provides a lightweight, dependency-aware issue database and CLI (`br` / beads_rust) for selecting "ready work," setting priorities, and tracking status. It complements Liquid Mail's shared log for progress, decisions, and cross-session context.
 
 **Note:** `br` is non-invasive—it never executes git commands directly. You must run git commands manually after `br sync --flush-only`.
 
 ### Conventions
 
-- **Single source of truth:** Beads for task status/priority/dependencies; Agent Mail for conversation and audit
+- **Single source of truth:** Beads for task status/priority/dependencies; Liquid Mail for conversation/decisions
-- **Shared identifiers:** Use Beads issue ID (e.g., `br-123`) as Mail `thread_id` and prefix subjects with `[br-123]`
+- **Shared identifiers:** Include the Beads issue ID in posts (e.g., `[br-123] Topic validation rules`)
-- **Reservations:** When starting a task, call `file_reservation_paths()` with the issue ID in `reason`
+- **Decisions before action:** Post `DECISION:` messages before risky changes, not after
 
 ### Typical Agent Flow
 
@@ -187,35 +146,34 @@ Beads provides a lightweight, dependency-aware issue database and CLI (`br` / be
    br ready --json  # Choose highest priority, no blockers
    ```
 
-2. **Reserve edit surface (Mail):**
+2. **Check context (Liquid Mail):**
-   ```
+   ```bash
-   file_reservation_paths(project_key, agent_name, ["src/**"], ttl_seconds=3600, exclusive=true, reason="br-123")
+   liquid-mail notify                # See what changed since last session
+   liquid-mail query "br-123"        # Find prior discussion on this issue
    ```
 
-3. **Announce start (Mail):**
+3. **Work and log progress:**
-   ```
+   ```bash
-   send_message(..., thread_id="br-123", subject="[br-123] Start: <title>", ack_required=true)
+   liquid-mail post --topic <workstream> "[br-123] START: <description>"
+   liquid-mail post "[br-123] FINDING: <what you discovered>"
+   liquid-mail post --decision "[br-123] DECISION: <what you decided and why>"
    ```
 
-4. **Work and update:** Reply in-thread with progress
+4. **Complete (Beads is authority):**
-
-5. **Complete and release:**
    ```bash
    br close br-123 --reason "Completed"
+   liquid-mail post "[br-123] Completed: <summary with commit ref>"
    ```
-   ```
-   release_file_reservations(project_key, agent_name, paths=["src/**"])
-   ```
-   Final Mail reply: `[br-123] Completed` with summary
 
 ### Mapping Cheat Sheet
 
-| Concept | Value |
+| Concept | In Beads | In Liquid Mail |
-|---------|-------|
+|---------|----------|----------------|
-| Mail `thread_id` | `br-###` |
+| Work item | `br-###` (issue ID) | Include `[br-###]` in posts |
-| Mail subject | `[br-###] ...` |
+| Workstream | — | `--topic auth-system` |
-| File reservation `reason` | `br-###` |
+| Subject prefix | — | `[br-###] ...` |
-| Commit messages | Include `br-###` for traceability |
+| Commit message | Include `br-###` | — |
+| Status | `br update --status` | Post progress messages |
 
 ---
 
@@ -223,7 +181,7 @@ Beads provides a lightweight, dependency-aware issue database and CLI (`br` / be
 
 bv is a graph-aware triage engine for Beads projects (`.beads/beads.jsonl`). It computes PageRank, betweenness, critical path, cycles, HITS, eigenvector, and k-core metrics deterministically.
 
-**Scope boundary:** bv handles *what to work on* (triage, priority, planning). For agent-to-agent coordination (messaging, work claiming, file reservations), use MCP Agent Mail.
+**Scope boundary:** bv handles *what to work on* (triage, priority, planning). For agent-to-agent coordination (progress logging, decisions, cross-session context), use Liquid Mail.
 
 **CRITICAL: Use ONLY `--robot-*` flags. Bare `bv` launches an interactive TUI that blocks your session.**
 
@@ -316,7 +274,7 @@ bv --robot-insights | jq '.Cycles'                         # Circular deps (must
 
 ```bash
 ubs file.rs file2.rs                    # Specific files (< 1s) — USE THIS
-ubs $(git diff --name-only --cached)    # Staged files — before commit
+ubs $(jj diff --name-only)              # Changed files — before commit
 ubs --only=rust,toml src/               # Language filter (3-5x faster)
 ubs --ci --fail-on-warning .            # CI mode — before PR
 ubs .                                   # Whole project (ignores target/, Cargo.lock)
@@ -428,9 +386,9 @@ Returns structured results with file paths, line ranges, and extracted code snip
 
 ## Beads Workflow Integration
 
-This project uses [beads_viewer](https://github.com/Dicklesworthstone/beads_viewer) for issue tracking. Issues are stored in `.beads/` and tracked in git.
+This project uses [beads_viewer](https://github.com/Dicklesworthstone/beads_viewer) for issue tracking. Issues are stored in `.beads/` and tracked in version control.
 
-**Note:** `br` is non-invasive—it never executes git commands directly. You must run git commands manually after `br sync --flush-only`.
+**Note:** `br` is non-invasive—it never executes VCS commands directly. You must commit manually after `br sync --flush-only`.
 
 ### Essential Commands
 
@@ -446,7 +404,7 @@ br create --title="..." --type=task --priority=2
 br update <id> --status=in_progress
 br close <id> --reason="Completed"
 br close <id1> <id2>  # Close multiple issues at once
-br sync --flush-only  # Export to JSONL (then manually: git add .beads/ && git commit)
+br sync --flush-only  # Export to JSONL (then: jj commit -m "Update beads")
 ```
 
 ### Workflow Pattern
@@ -466,15 +424,14 @@ br sync --flush-only  # Export to JSONL (then manually: git add .beads/ && git c
 
 ### Session Protocol
 
-**Before ending any session, run this checklist:**
+**Before ending any session, run this checklist (solo/lead only — workers skip VCS):**
 
 ```bash
-git status              # Check what changed
+jj status                        # Check what changed
-git add <files>         # Stage code changes
+br sync --flush-only             # Export beads to JSONL
-br sync --flush-only    # Export beads to JSONL
+jj commit -m "..."               # Commit code and beads (jj auto-tracks all changes)
-git add .beads/         # Stage beads changes
+jj bookmark set <name> -r @-     # Point bookmark at committed work
-git commit -m "..."     # Commit code and beads
+jj git push -b <name>            # Push to remote
-git push                # Push to remote
 ```
 
 ### Best Practices
@@ -483,13 +440,15 @@ git push                # Push to remote
 - Update status as you work (in_progress → closed)
 - Create new issues with `br create` when you discover tasks
 - Use descriptive titles and set appropriate priority/type
-- Always run `br sync --flush-only` then commit .beads/ before ending session
+- Always run `br sync --flush-only` then commit before ending session (jj auto-tracks .beads/)
 
 <!-- end-bv-agent-instructions -->
 
 ## Landing the Plane (Session Completion)
 
-**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds.
+**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until push succeeds.
+
+**WHO RUNS THIS:** Solo agents run it themselves. In multi-agent sessions, ONLY the team lead runs this. Workers skip VCS entirely.
 
 **MANDATORY WORKFLOW:**
 
@@ -498,19 +457,20 @@ git push                # Push to remote
 3. **Update issue status** - Close finished work, update in-progress items
 4. **PUSH TO REMOTE** - This is MANDATORY:
    ```bash
-   git pull --rebase
+   jj git fetch                       # Get latest remote state
-   br sync --flush-only
+   jj rebase -d trunk()               # Rebase onto latest trunk if needed
-   git add .beads/
+   br sync --flush-only               # Export beads to JSONL
-   git commit -m "Update beads"
+   jj commit -m "Update beads"        # Commit (jj auto-tracks .beads/ changes)
-   git push
+   jj bookmark set <name> -r @-       # Point bookmark at committed work
-   git status  # MUST show "up to date with origin"
+   jj git push -b <name>              # Push to remote
+   jj log -r '<name>'                 # Verify bookmark position
    ```
-5. **Clean up** - Clear stashes, prune remote branches
+5. **Clean up** - Abandon empty orphan changes if any (`jj abandon <rev>`)
 6. **Verify** - All changes committed AND pushed
 7. **Hand off** - Provide context for next session
 
 **CRITICAL RULES:**
-- Work is NOT complete until `git push` succeeds
+- Work is NOT complete until `jj git push` succeeds
 - NEVER stop before pushing - that leaves work stranded locally
 - NEVER say "ready to push when you are" - YOU must push
 - If push fails, resolve and retry until it succeeds
@@ -663,6 +623,16 @@ lore --robot generate-docs
 # Generate vector embeddings via Ollama
 lore --robot embed
 
+# Personal work dashboard
+lore --robot me
+lore --robot me --issues
+lore --robot me --mrs
+lore --robot me --activity --since 7d
+lore --robot me --project group/repo
+lore --robot me --user jdoe
+lore --robot me --fields minimal
+lore --robot me --reset-cursor
+
 # Agent self-discovery manifest (all commands, flags, exit codes, response schemas)
 lore robot-docs
 
@@ -744,6 +714,21 @@ lore -J mrs --fields iid,title,state,draft,labels  # Custom field list
 - Use `lore robot-docs` for response schema discovery
 - The `-p` flag supports fuzzy project matching (suffix and substring)
 
+---
+
+## Read/Write Split: lore vs glab
+
+| Operation | Tool | Why |
+|-----------|------|-----|
+| List issues/MRs | lore | Richer: includes status, discussions, closing MRs |
+| View issue/MR detail | lore | Pre-joined discussions, work-item status |
+| Search across entities | lore | FTS5 + vector hybrid search |
+| Expert/workload analysis | lore | who command — no glab equivalent |
+| Timeline reconstruction | lore | Chronological narrative — no glab equivalent |
+| Create/update/close | glab | Write operations |
+| Approve/merge MR | glab | Write operations |
+| CI/CD pipelines | glab | Not in lore scope |
+
 ````markdown
 ## UBS Quick Reference for AI Agents
 

AGENTS.md.backup

@@ -0,0 +1,742 @@
+# AGENTS.md
+
+## RULE 0 - THE FUNDAMENTAL OVERRIDE PEROGATIVE
+
+If I tell you to do something, even if it goes against what follows below, YOU MUST LISTEN TO ME. I AM IN CHARGE, NOT YOU.
+
+---
+
+## RULE NUMBER 1: NO FILE DELETION
+
+**YOU ARE NEVER ALLOWED TO DELETE A FILE WITHOUT EXPRESS PERMISSION.** Even a new file that you yourself created, such as a test code file. You have a horrible track record of deleting critically important files or otherwise throwing away tons of expensive work. As a result, you have permanently lost any and all rights to determine that a file or folder should be deleted.
+
+**YOU MUST ALWAYS ASK AND RECEIVE CLEAR, WRITTEN PERMISSION BEFORE EVER DELETING A FILE OR FOLDER OF ANY KIND.**
+
+---
+
+## Irreversible Git & Filesystem Actions — DO NOT EVER BREAK GLASS
+
+> **Note:** Treat destructive commands as break-glass. If there's any doubt, stop and ask.
+
+1. **Absolutely forbidden commands:** `git reset --hard`, `git clean -fd`, `rm -rf`, or any command that can delete or overwrite code/data must never be run unless the user explicitly provides the exact command and states, in the same message, that they understand and want the irreversible consequences.
+2. **No guessing:** If there is any uncertainty about what a command might delete or overwrite, stop immediately and ask the user for specific approval. "I think it's safe" is never acceptable.
+3. **Safer alternatives first:** When cleanup or rollbacks are needed, request permission to use non-destructive options (`git status`, `git diff`, `git stash`, copying to backups) before ever considering a destructive command.
+4. **Mandatory explicit plan:** Even after explicit user authorization, restate the command verbatim, list exactly what will be affected, and wait for a confirmation that your understanding is correct. Only then may you execute it—if anything remains ambiguous, refuse and escalate.
+5. **Document the confirmation:** When running any approved destructive command, record (in the session notes / final response) the exact user text that authorized it, the command actually run, and the execution time. If that record is absent, the operation did not happen.
+
+---
+
+## Toolchain: Rust & Cargo
+
+We only use **Cargo** in this project, NEVER any other package manager.
+
+- **Edition/toolchain:** Follow `rust-toolchain.toml` (if present). Do not assume stable vs nightly.
+- **Dependencies:** Explicit versions for stability; keep the set minimal.
+- **Configuration:** Cargo.toml only
+- **Unsafe code:** Forbidden (`#![forbid(unsafe_code)]`)
+
+When writing Rust code, reference RUST_CLI_TOOLS_BEST_PRACTICES.md
+
+### Release Profile
+
+Use the release profile defined in `Cargo.toml`. If you need to change it, justify the
+performance/size tradeoff and how it impacts determinism and cancellation behavior.
+
+---
+
+## Code Editing Discipline
+
+### No Script-Based Changes
+
+**NEVER** run a script that processes/changes code files in this repo. Brittle regex-based transformations create far more problems than they solve.
+
+- **Always make code changes manually**, even when there are many instances
+- For many simple changes: use parallel subagents
+- For subtle/complex changes: do them methodically yourself
+
+### No File Proliferation
+
+If you want to change something or add a feature, **revise existing code files in place**.
+
+**NEVER** create variations like:
+- `mainV2.rs`
+- `main_improved.rs`
+- `main_enhanced.rs`
+
+New files are reserved for **genuinely new functionality** that makes zero sense to include in any existing file. The bar for creating new files is **incredibly high**.
+
+---
+
+## Backwards Compatibility
+
+We do not care about backwards compatibility—we're in early development with no users. We want to do things the **RIGHT** way with **NO TECH DEBT**.
+
+- Never create "compatibility shims"
+- Never create wrapper functions for deprecated APIs
+- Just fix the code directly
+
+---
+
+## Compiler Checks (CRITICAL)
+
+**After any substantive code changes, you MUST verify no errors were introduced:**
+
+```bash
+# Check for compiler errors and warnings
+cargo check --all-targets
+
+# Check for clippy lints (pedantic + nursery are enabled)
+cargo clippy --all-targets -- -D warnings
+
+# Verify formatting
+cargo fmt --check
+```
+
+If you see errors, **carefully understand and resolve each issue**. Read sufficient context to fix them the RIGHT way.
+
+---
+
+## Testing
+
+### Unit & Property Tests
+
+```bash
+# Run all tests
+cargo test
+
+# Run with output
+cargo test -- --nocapture
+```
+
+When adding or changing primitives, add tests that assert the core invariants:
+
+- no task leaks
+- no obligation leaks
+- losers are drained after races
+- region close implies quiescence
+
+Prefer deterministic lab-runtime tests for concurrency-sensitive behavior.
+
+---
+
+## MCP Agent Mail — Multi-Agent Coordination
+
+A mail-like layer that lets coding agents coordinate asynchronously via MCP tools and resources. Provides identities, inbox/outbox, searchable threads, and advisory file reservations with human-auditable artifacts in Git.
+
+### Why It's Useful
+
+- **Prevents conflicts:** Explicit file reservations (leases) for files/globs
+- **Token-efficient:** Messages stored in per-project archive, not in context
+- **Quick reads:** `resource://inbox/...`, `resource://thread/...`
+
+### Same Repository Workflow
+
+1. **Register identity:**
+   ```
+   ensure_project(project_key=<abs-path>)
+   register_agent(project_key, program, model)
+   ```
+
+2. **Reserve files before editing:**
+   ```
+   file_reservation_paths(project_key, agent_name, ["src/**"], ttl_seconds=3600, exclusive=true)
+   ```
+
+3. **Communicate with threads:**
+   ```
+   send_message(..., thread_id="FEAT-123")
+   fetch_inbox(project_key, agent_name)
+   acknowledge_message(project_key, agent_name, message_id)
+   ```
+
+4. **Quick reads:**
+   ```
+   resource://inbox/{Agent}?project=<abs-path>&limit=20
+   resource://thread/{id}?project=<abs-path>&include_bodies=true
+   ```
+
+### Macros vs Granular Tools
+
+- **Prefer macros for speed:** `macro_start_session`, `macro_prepare_thread`, `macro_file_reservation_cycle`, `macro_contact_handshake`
+- **Use granular tools for control:** `register_agent`, `file_reservation_paths`, `send_message`, `fetch_inbox`, `acknowledge_message`
+
+### Common Pitfalls
+
+- `"from_agent not registered"`: Always `register_agent` in the correct `project_key` first
+- `"FILE_RESERVATION_CONFLICT"`: Adjust patterns, wait for expiry, or use non-exclusive reservation
+- **Auth errors:** If JWT+JWKS enabled, include bearer token with matching `kid`
+
+---
+
+## Beads (br) — Dependency-Aware Issue Tracking
+
+Beads provides a lightweight, dependency-aware issue database and CLI (`br` / beads_rust) for selecting "ready work," setting priorities, and tracking status. It complements MCP Agent Mail's messaging and file reservations.
+
+**Note:** `br` is non-invasive—it never executes git commands directly. You must run git commands manually after `br sync --flush-only`.
+
+### Conventions
+
+- **Single source of truth:** Beads for task status/priority/dependencies; Agent Mail for conversation and audit
+- **Shared identifiers:** Use Beads issue ID (e.g., `br-123`) as Mail `thread_id` and prefix subjects with `[br-123]`
+- **Reservations:** When starting a task, call `file_reservation_paths()` with the issue ID in `reason`
+
+### Typical Agent Flow
+
+1. **Pick ready work (Beads):**
+   ```bash
+   br ready --json  # Choose highest priority, no blockers
+   ```
+
+2. **Reserve edit surface (Mail):**
+   ```
+   file_reservation_paths(project_key, agent_name, ["src/**"], ttl_seconds=3600, exclusive=true, reason="br-123")
+   ```
+
+3. **Announce start (Mail):**
+   ```
+   send_message(..., thread_id="br-123", subject="[br-123] Start: <title>", ack_required=true)
+   ```
+
+4. **Work and update:** Reply in-thread with progress
+
+5. **Complete and release:**
+   ```bash
+   br close br-123 --reason "Completed"
+   ```
+   ```
+   release_file_reservations(project_key, agent_name, paths=["src/**"])
+   ```
+   Final Mail reply: `[br-123] Completed` with summary
+
+### Mapping Cheat Sheet
+
+| Concept | Value |
+|---------|-------|
+| Mail `thread_id` | `br-###` |
+| Mail subject | `[br-###] ...` |
+| File reservation `reason` | `br-###` |
+| Commit messages | Include `br-###` for traceability |
+
+---
+
+## bv — Graph-Aware Triage Engine
+
+bv is a graph-aware triage engine for Beads projects (`.beads/beads.jsonl`). It computes PageRank, betweenness, critical path, cycles, HITS, eigenvector, and k-core metrics deterministically.
+
+**Scope boundary:** bv handles *what to work on* (triage, priority, planning). For agent-to-agent coordination (messaging, work claiming, file reservations), use MCP Agent Mail.
+
+**CRITICAL: Use ONLY `--robot-*` flags. Bare `bv` launches an interactive TUI that blocks your session.**
+
+### The Workflow: Start With Triage
+
+**`bv --robot-triage` is your single entry point.** It returns:
+- `quick_ref`: at-a-glance counts + top 3 picks
+- `recommendations`: ranked actionable items with scores, reasons, unblock info
+- `quick_wins`: low-effort high-impact items
+- `blockers_to_clear`: items that unblock the most downstream work
+- `project_health`: status/type/priority distributions, graph metrics
+- `commands`: copy-paste shell commands for next steps
+
+```bash
+bv --robot-triage        # THE MEGA-COMMAND: start here
+bv --robot-next          # Minimal: just the single top pick + claim command
+```
+
+### Command Reference
+
+**Planning:**
+| Command | Returns |
+|---------|---------|
+| `--robot-plan` | Parallel execution tracks with `unblocks` lists |
+| `--robot-priority` | Priority misalignment detection with confidence |
+
+**Graph Analysis:**
+| Command | Returns |
+|---------|---------|
+| `--robot-insights` | Full metrics: PageRank, betweenness, HITS, eigenvector, critical path, cycles, k-core, articulation points, slack |
+| `--robot-label-health` | Per-label health: `health_level`, `velocity_score`, `staleness`, `blocked_count` |
+| `--robot-label-flow` | Cross-label dependency: `flow_matrix`, `dependencies`, `bottleneck_labels` |
+| `--robot-label-attention [--attention-limit=N]` | Attention-ranked labels |
+
+**History & Change Tracking:**
+| Command | Returns |
+|---------|---------|
+| `--robot-history` | Bead-to-commit correlations |
+| `--robot-diff --diff-since <ref>` | Changes since ref: new/closed/modified issues, cycles |
+
+**Other:**
+| Command | Returns |
+|---------|---------|
+| `--robot-burndown <sprint>` | Sprint burndown, scope changes, at-risk items |
+| `--robot-forecast <id\|all>` | ETA predictions with dependency-aware scheduling |
+| `--robot-alerts` | Stale issues, blocking cascades, priority mismatches |
+| `--robot-suggest` | Hygiene: duplicates, missing deps, label suggestions |
+| `--robot-graph [--graph-format=json\|dot\|mermaid]` | Dependency graph export |
+| `--export-graph <file.html>` | Interactive HTML visualization |
+
+### Scoping & Filtering
+
+```bash
+bv --robot-plan --label backend              # Scope to label's subgraph
+bv --robot-insights --as-of HEAD~30          # Historical point-in-time
+bv --recipe actionable --robot-plan          # Pre-filter: ready to work
+bv --recipe high-impact --robot-triage       # Pre-filter: top PageRank
+bv --robot-triage --robot-triage-by-track    # Group by parallel work streams
+bv --robot-triage --robot-triage-by-label    # Group by domain
+```
+
+### Understanding Robot Output
+
+**All robot JSON includes:**
+- `data_hash` — Fingerprint of source beads.jsonl
+- `status` — Per-metric state: `computed|approx|timeout|skipped` + elapsed ms
+- `as_of` / `as_of_commit` — Present when using `--as-of`
+
+**Two-phase analysis:**
+- **Phase 1 (instant):** degree, topo sort, density
+- **Phase 2 (async, 500ms timeout):** PageRank, betweenness, HITS, eigenvector, cycles
+
+### jq Quick Reference
+
+```bash
+bv --robot-triage | jq '.quick_ref'                        # At-a-glance summary
+bv --robot-triage | jq '.recommendations[0]'               # Top recommendation
+bv --robot-plan | jq '.plan.summary.highest_impact'        # Best unblock target
+bv --robot-insights | jq '.status'                         # Check metric readiness
+bv --robot-insights | jq '.Cycles'                         # Circular deps (must fix!)
+```
+
+---
+
+## UBS — Ultimate Bug Scanner
+
+**Golden Rule:** `ubs <changed-files>` before every commit. Exit 0 = safe. Exit >0 = fix & re-run.
+
+### Commands
+
+```bash
+ubs file.rs file2.rs                    # Specific files (< 1s) — USE THIS
+ubs $(git diff --name-only --cached)    # Staged files — before commit
+ubs --only=rust,toml src/               # Language filter (3-5x faster)
+ubs --ci --fail-on-warning .            # CI mode — before PR
+ubs .                                   # Whole project (ignores target/, Cargo.lock)
+```
+
+### Output Format
+
+```
+⚠️  Category (N errors)
+    file.rs:42:5 – Issue description
+    💡 Suggested fix
+Exit code: 1
+```
+
+Parse: `file:line:col` → location | 💡 → how to fix | Exit 0/1 → pass/fail
+
+### Fix Workflow
+
+1. Read finding → category + fix suggestion
+2. Navigate `file:line:col` → view context
+3. Verify real issue (not false positive)
+4. Fix root cause (not symptom)
+5. Re-run `ubs <file>` → exit 0
+6. Commit
+
+### Bug Severity
+
+- **Critical (always fix):** Memory safety, use-after-free, data races, SQL injection
+- **Important (production):** Unwrap panics, resource leaks, overflow checks
+- **Contextual (judgment):** TODO/FIXME, println! debugging
+
+---
+
+## ast-grep vs ripgrep
+
+**Use `ast-grep` when structure matters.** It parses code and matches AST nodes, ignoring comments/strings, and can **safely rewrite** code.
+
+- Refactors/codemods: rename APIs, change import forms
+- Policy checks: enforce patterns across a repo
+- Editor/automation: LSP mode, `--json` output
+
+**Use `ripgrep` when text is enough.** Fastest way to grep literals/regex.
+
+- Recon: find strings, TODOs, log lines, config values
+- Pre-filter: narrow candidate files before ast-grep
+
+### Rule of Thumb
+
+- Need correctness or **applying changes** → `ast-grep`
+- Need raw speed or **hunting text** → `rg`
+- Often combine: `rg` to shortlist files, then `ast-grep` to match/modify
+
+### Rust Examples
+
+```bash
+# Find structured code (ignores comments)
+ast-grep run -l Rust -p 'fn $NAME($$$ARGS) -> $RET { $$$BODY }'
+
+# Find all unwrap() calls
+ast-grep run -l Rust -p '$EXPR.unwrap()'
+
+# Quick textual hunt
+rg -n 'println!' -t rust
+
+# Combine speed + precision
+rg -l -t rust 'unwrap\(' | xargs ast-grep run -l Rust -p '$X.unwrap()' --json
+```
+
+---
+
+## Morph Warp Grep — AI-Powered Code Search
+
+**Use `mcp__morph-mcp__warp_grep` for exploratory "how does X work?" questions.** An AI agent expands your query, greps the codebase, reads relevant files, and returns precise line ranges with full context.
+
+**Use `ripgrep` for targeted searches.** When you know exactly what you're looking for.
+
+**Use `ast-grep` for structural patterns.** When you need AST precision for matching/rewriting.
+
+### When to Use What
+
+| Scenario | Tool | Why |
+|----------|------|-----|
+| "How is pattern matching implemented?" | `warp_grep` | Exploratory; don't know where to start |
+| "Where is the quick reject filter?" | `warp_grep` | Need to understand architecture |
+| "Find all uses of `Regex::new`" | `ripgrep` | Targeted literal search |
+| "Find files with `println!`" | `ripgrep` | Simple pattern |
+| "Replace all `unwrap()` with `expect()`" | `ast-grep` | Structural refactor |
+
+### warp_grep Usage
+
+```
+mcp__morph-mcp__warp_grep(
+  repoPath: "/path/to/dcg",
+  query: "How does the safe pattern whitelist work?"
+)
+```
+
+Returns structured results with file paths, line ranges, and extracted code snippets.
+
+### Anti-Patterns
+
+- **Don't** use `warp_grep` to find a specific function name → use `ripgrep`
+- **Don't** use `ripgrep` to understand "how does X work" → wastes time with manual reads
+- **Don't** use `ripgrep` for codemods → risks collateral edits
+
+<!-- bv-agent-instructions-v1 -->
+
+---
+
+## Beads Workflow Integration
+
+This project uses [beads_viewer](https://github.com/Dicklesworthstone/beads_viewer) for issue tracking. Issues are stored in `.beads/` and tracked in git.
+
+**Note:** `br` is non-invasive—it never executes git commands directly. You must run git commands manually after `br sync --flush-only`.
+
+### Essential Commands
+
+```bash
+# View issues (launches TUI - avoid in automated sessions)
+bv
+
+# CLI commands for agents (use these instead)
+br ready              # Show issues ready to work (no blockers)
+br list --status=open # All open issues
+br show <id>          # Full issue details with dependencies
+br create --title="..." --type=task --priority=2
+br update <id> --status=in_progress
+br close <id> --reason="Completed"
+br close <id1> <id2>  # Close multiple issues at once
+br sync --flush-only  # Export to JSONL (then manually: git add .beads/ && git commit)
+```
+
+### Workflow Pattern
+
+1. **Start**: Run `br ready` to find actionable work
+2. **Claim**: Use `br update <id> --status=in_progress`
+3. **Work**: Implement the task
+4. **Complete**: Use `br close <id>`
+5. **Sync**: Run `br sync --flush-only`, then `git add .beads/ && git commit -m "Update beads"`
+
+### Key Concepts
+
+- **Dependencies**: Issues can block other issues. `br ready` shows only unblocked work.
+- **Priority**: P0=critical, P1=high, P2=medium, P3=low, P4=backlog (use numbers, not words)
+- **Types**: task, bug, feature, epic, question, docs
+- **Blocking**: `br dep add <issue> <depends-on>` to add dependencies
+
+### Session Protocol
+
+**Before ending any session, run this checklist:**
+
+```bash
+git status              # Check what changed
+git add <files>         # Stage code changes
+br sync --flush-only    # Export beads to JSONL
+git add .beads/         # Stage beads changes
+git commit -m "..."     # Commit code and beads
+git push                # Push to remote
+```
+
+### Best Practices
+
+- Check `br ready` at session start to find available work
+- Update status as you work (in_progress → closed)
+- Create new issues with `br create` when you discover tasks
+- Use descriptive titles and set appropriate priority/type
+- Always run `br sync --flush-only` then commit .beads/ before ending session
+
+<!-- end-bv-agent-instructions -->
+
+## Landing the Plane (Session Completion)
+
+**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds.
+
+**MANDATORY WORKFLOW:**
+
+1. **File issues for remaining work** - Create issues for anything that needs follow-up
+2. **Run quality gates** (if code changed) - Tests, linters, builds
+3. **Update issue status** - Close finished work, update in-progress items
+4. **PUSH TO REMOTE** - This is MANDATORY:
+   ```bash
+   git pull --rebase
+   br sync --flush-only
+   git add .beads/
+   git commit -m "Update beads"
+   git push
+   git status  # MUST show "up to date with origin"
+   ```
+5. **Clean up** - Clear stashes, prune remote branches
+6. **Verify** - All changes committed AND pushed
+7. **Hand off** - Provide context for next session
+
+**CRITICAL RULES:**
+- Work is NOT complete until `git push` succeeds
+- NEVER stop before pushing - that leaves work stranded locally
+- NEVER say "ready to push when you are" - YOU must push
+- If push fails, resolve and retry until it succeeds
+
+---
+
+## cass — Cross-Agent Session Search
+
+`cass` indexes prior agent conversations (Claude Code, Codex, Cursor, Gemini, ChatGPT, etc.) so we can reuse solved problems.
+
+**Rules:** Never run bare `cass` (TUI). Always use `--robot` or `--json`.
+
+### Examples
+
+```bash
+cass health
+cass search "async runtime" --robot --limit 5
+cass view /path/to/session.jsonl -n 42 --json
+cass expand /path/to/session.jsonl -n 42 -C 3 --json
+cass capabilities --json
+cass robot-docs guide
+```
+
+### Tips
+
+- Use `--fields minimal` for lean output
+- Filter by agent with `--agent`
+- Use `--days N` to limit to recent history
+
+stdout is data-only, stderr is diagnostics; exit code 0 means success.
+
+Treat cass as a way to avoid re-solving problems other agents already handled.
+
+---
+
+## Note for Codex/GPT-5.2
+
+You constantly bother me and stop working with concerned questions that look similar to this:
+
+```
+Unexpected changes (need guidance)
+
+- Working tree still shows edits I did not make in Cargo.toml, Cargo.lock, src/runtime.rs, src/scope.rs. Please advise whether to keep/commit/revert these before any further work. I did not touch them.
+
+Next steps (pick one)
+
+1. Decide how to handle the unrelated modified files above so we can resume cleanly.
+```
+
+NEVER EVER DO THAT AGAIN. The answer is literally ALWAYS the same: those are changes created by the potentially dozen of other agents working on the project at the same time. This is not only a common occurence, it happens multiple times PER MINUTE. The way to deal with it is simple: you NEVER, under ANY CIRCUMSTANCE, stash, revert, overwrite, or otherwise disturb in ANY way the work of other agents. Just treat those changes identically to changes that you yourself made. Just fool yourself into thinking YOU made the changes and simply don't recall it for some reason.
+
+---
+
+## Note on Built-in TODO Functionality
+
+Also, if I ask you to explicitly use your built-in TODO functionality, don't complain about this and say you need to use beads. You can use built-in TODOs if I tell you specifically to do so. Always comply with such orders.
+
+## TDD Requirements
+
+Test-first development is mandatory:
+1. **RED** - Write failing test first
+2. **GREEN** - Minimal implementation to pass
+3. **REFACTOR** - Clean up while green
+
+## Key Patterns
+
+Find the simplest solution that meets all acceptance criteria.
+Use third party libraries whenever there's a well-maintained, active, and widely adopted solution (for example, date-fns for TS date math)
+Build extensible pieces of logic that can easily be integrated with other pieces.
+DRY principles should be loosely held.
+Architecture MUST be clear and well thought-out. Ask the user for clarification whenever ambiguity is discovered around architecture, or you think a better approach than planned exists.
+
+---
+
+## Third-Party Library Usage
+
+If you aren't 100% sure how to use a third-party library, **SEARCH ONLINE** to find the latest documentation and mid-2025 best practices.
+
+---
+
+## Gitlore Robot Mode
+
+The `lore` CLI has a robot mode optimized for AI agent consumption with compact JSON output, structured errors with machine-actionable recovery steps, meaningful exit codes, response timing metadata, field selection for token efficiency, and TTY auto-detection.
+
+### Activation
+
+```bash
+# Explicit flag
+lore --robot issues -n 10
+
+# JSON shorthand (-J)
+lore -J issues -n 10
+
+# Auto-detection (when stdout is not a TTY)
+lore issues | jq .
+
+# Environment variable
+LORE_ROBOT=1 lore issues
+```
+
+### Robot Mode Commands
+
+```bash
+# List issues/MRs with JSON output
+lore --robot issues -n 10
+lore --robot mrs -s opened
+
+# List with field selection (reduces token usage ~60%)
+lore --robot issues --fields minimal
+lore --robot mrs --fields iid,title,state,draft
+
+# Show detailed entity info
+lore --robot issues 123
+lore --robot mrs 456 -p group/repo
+
+# Count entities
+lore --robot count issues
+lore --robot count discussions --for mr
+
+# Search indexed documents
+lore --robot search "authentication bug"
+
+# Check sync status
+lore --robot status
+
+# Run full sync pipeline
+lore --robot sync
+
+# Run sync without resource events
+lore --robot sync --no-events
+
+# Run ingestion only
+lore --robot ingest issues
+
+# Check environment health
+lore --robot doctor
+
+# Document and index statistics
+lore --robot stats
+
+# Quick health pre-flight check (exit 0 = healthy, 19 = unhealthy)
+lore --robot health
+
+# Generate searchable documents from ingested data
+lore --robot generate-docs
+
+# Generate vector embeddings via Ollama
+lore --robot embed
+
+# Agent self-discovery manifest (all commands, flags, exit codes, response schemas)
+lore robot-docs
+
+# Version information
+lore --robot version
+```
+
+### Response Format
+
+All commands return compact JSON with a uniform envelope and timing metadata:
+
+```json
+{"ok":true,"data":{...},"meta":{"elapsed_ms":42}}
+```
+
+Errors return structured JSON to stderr with machine-actionable recovery steps:
+
+```json
+{"error":{"code":"CONFIG_NOT_FOUND","message":"...","suggestion":"Run 'lore init'","actions":["lore init"]}}
+```
+
+The `actions` array contains executable shell commands for automated recovery. It is omitted when empty.
+
+### Field Selection
+
+The `--fields` flag on `issues` and `mrs` list commands controls which fields appear in the JSON response:
+
+```bash
+lore -J issues --fields minimal                    # Preset: iid, title, state, updated_at_iso
+lore -J mrs --fields iid,title,state,draft,labels  # Custom field list
+```
+
+### Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Success |
+| 1 | Internal error / not implemented |
+| 2 | Usage error (invalid flags or arguments) |
+| 3 | Config invalid |
+| 4 | Token not set |
+| 5 | GitLab auth failed |
+| 6 | Resource not found |
+| 7 | Rate limited |
+| 8 | Network error |
+| 9 | Database locked |
+| 10 | Database error |
+| 11 | Migration failed |
+| 12 | I/O error |
+| 13 | Transform error |
+| 14 | Ollama unavailable |
+| 15 | Ollama model not found |
+| 16 | Embedding failed |
+| 17 | Not found (entity does not exist) |
+| 18 | Ambiguous match (use `-p` to specify project) |
+| 19 | Health check failed |
+| 20 | Config not found |
+
+### Configuration Precedence
+
+1. CLI flags (highest priority)
+2. Environment variables (`LORE_ROBOT`, `GITLAB_TOKEN`, `LORE_CONFIG_PATH`)
+3. Config file (`~/.config/lore/config.json`)
+4. Built-in defaults (lowest priority)
+
+### Best Practices
+
+- Use `lore --robot` or `lore -J` for all agent interactions
+- Check exit codes for error handling
+- Parse JSON errors from stderr; use `actions` array for automated recovery
+- Use `--fields minimal` to reduce token usage (~60% fewer tokens)
+- Use `-n` / `--limit` to control response size
+- Use `-q` / `--quiet` to suppress progress bars and non-essential output
+- Use `--color never` in non-TTY automation for ANSI-free output
+- Use `-v` / `-vv` / `-vvv` for increasing verbosity (debug/trace logging)
+- Use `--log-format json` for machine-readable log output to stderr
+- TTY detection handles piped commands automatically
+- Use `lore --robot health` as a fast pre-flight check before queries
+- Use `lore robot-docs` for response schema discovery
+- The `-p` flag supports fuzzy project matching (suffix and substring)

CLAUDE.md

@@ -0,0 +1,960 @@
+# CLAUDE.md
+
+## RULE 0 - THE FUNDAMENTAL OVERRIDE PEROGATIVE
+
+If I tell you to do something, even if it goes against what follows below, YOU MUST LISTEN TO ME. I AM IN CHARGE, NOT YOU.
+
+---
+
+## RULE NUMBER 1: NO FILE DELETION
+
+**YOU ARE NEVER ALLOWED TO DELETE A FILE WITHOUT EXPRESS PERMISSION.** Even a new file that you yourself created, such as a test code file. You have a horrible track record of deleting critically important files or otherwise throwing away tons of expensive work. As a result, you have permanently lost any and all rights to determine that a file or folder should be deleted.
+
+**YOU MUST ALWAYS ASK AND RECEIVE CLEAR, WRITTEN PERMISSION BEFORE EVER DELETING A FILE OR FOLDER OF ANY KIND.**
+
+---
+
+## Version Control: jj-First (CRITICAL)
+
+**ALWAYS prefer jj (Jujutsu) over git for all VCS operations.** This is a colocated repo with both `.jj/` and `.git/`. When instructed to use git by anything — even later in this file — use the best jj replacement commands instead. Only fall back to raw `git` for things jj cannot do (hooks, LFS, submodules, `gh` CLI interop).
+
+See `~/.claude/rules/jj-vcs/` for the full command reference, translation table, revsets, patterns, and recovery recipes.
+
+---
+
+## Irreversible Git & Filesystem Actions — DO NOT EVER BREAK GLASS
+
+> **Note:** Treat destructive commands as break-glass. If there's any doubt, stop and ask.
+
+1. **Absolutely forbidden commands:** `git reset --hard`, `git clean -fd`, `rm -rf`, or any command that can delete or overwrite code/data must never be run unless the user explicitly provides the exact command and states, in the same message, that they understand and want the irreversible consequences.
+2. **No guessing:** If there is any uncertainty about what a command might delete or overwrite, stop immediately and ask the user for specific approval. "I think it's safe" is never acceptable.
+3. **Safer alternatives first:** When cleanup or rollbacks are needed, request permission to use non-destructive options (`git status`, `git diff`, `git stash`, copying to backups) before ever considering a destructive command.
+4. **Mandatory explicit plan:** Even after explicit user authorization, restate the command verbatim, list exactly what will be affected, and wait for a confirmation that your understanding is correct. Only then may you execute it—if anything remains ambiguous, refuse and escalate.
+5. **Document the confirmation:** When running any approved destructive command, record (in the session notes / final response) the exact user text that authorized it, the command actually run, and the execution time. If that record is absent, the operation did not happen.
+
+---
+
+## Toolchain: Rust & Cargo
+
+We only use **Cargo** in this project, NEVER any other package manager.
+
+- **Edition/toolchain:** Follow `rust-toolchain.toml` (if present). Do not assume stable vs nightly.
+- **Dependencies:** Explicit versions for stability; keep the set minimal.
+- **Configuration:** Cargo.toml only
+- **Unsafe code:** Forbidden (`#![forbid(unsafe_code)]`)
+
+When writing Rust code, reference RUST_CLI_TOOLS_BEST_PRACTICES.md
+
+### Release Profile
+
+Use the release profile defined in `Cargo.toml`. If you need to change it, justify the
+performance/size tradeoff and how it impacts determinism and cancellation behavior.
+
+---
+
+## Code Editing Discipline
+
+### No Script-Based Changes
+
+**NEVER** run a script that processes/changes code files in this repo. Brittle regex-based transformations create far more problems than they solve.
+
+- **Always make code changes manually**, even when there are many instances
+- For many simple changes: use parallel subagents
+- For subtle/complex changes: do them methodically yourself
+
+### No File Proliferation
+
+If you want to change something or add a feature, **revise existing code files in place**.
+
+**NEVER** create variations like:
+- `mainV2.rs`
+- `main_improved.rs`
+- `main_enhanced.rs`
+
+New files are reserved for **genuinely new functionality** that makes zero sense to include in any existing file. The bar for creating new files is **incredibly high**.
+
+---
+
+## Backwards Compatibility
+
+We do not care about backwards compatibility—we're in early development with no users. We want to do things the **RIGHT** way with **NO TECH DEBT**.
+
+- Never create "compatibility shims"
+- Never create wrapper functions for deprecated APIs
+- Just fix the code directly
+
+---
+
+## Compiler Checks (CRITICAL)
+
+**After any substantive code changes, you MUST verify no errors were introduced:**
+
+```bash
+# Check for compiler errors and warnings
+cargo check --all-targets
+
+# Check for clippy lints (pedantic + nursery are enabled)
+cargo clippy --all-targets -- -D warnings
+
+# Verify formatting
+cargo fmt --check
+```
+
+If you see errors, **carefully understand and resolve each issue**. Read sufficient context to fix them the RIGHT way.
+
+---
+
+## Testing
+
+### Unit & Property Tests
+
+```bash
+# Run all tests
+cargo test
+
+# Run with output
+cargo test -- --nocapture
+```
+
+When adding or changing primitives, add tests that assert the core invariants:
+
+- no task leaks
+- no obligation leaks
+- losers are drained after races
+- region close implies quiescence
+
+Prefer deterministic lab-runtime tests for concurrency-sensitive behavior.
+
+---
+
+---
+
+## Beads (br) — Dependency-Aware Issue Tracking
+
+Beads provides a lightweight, dependency-aware issue database and CLI (`br` / beads_rust) for selecting "ready work," setting priorities, and tracking status. It complements Liquid Mail's shared log for progress, decisions, and cross-session context.
+
+**Note:** `br` is non-invasive—it never executes git commands directly. You must run git commands manually after `br sync --flush-only`.
+
+### Conventions
+
+- **Single source of truth:** Beads for task status/priority/dependencies; Liquid Mail for conversation/decisions
+- **Shared identifiers:** Include the Beads issue ID in posts (e.g., `[br-123] Topic validation rules`)
+- **Decisions before action:** Post `DECISION:` messages before risky changes, not after
+
+### Typical Agent Flow
+
+1. **Pick ready work (Beads):**
+   ```bash
+   br ready --json  # Choose highest priority, no blockers
+   ```
+
+2. **Check context (Liquid Mail):**
+   ```bash
+   liquid-mail notify                # See what changed since last session
+   liquid-mail query "br-123"        # Find prior discussion on this issue
+   ```
+
+3. **Work and log progress:**
+   ```bash
+   liquid-mail post --topic <workstream> "[br-123] START: <description>"
+   liquid-mail post "[br-123] FINDING: <what you discovered>"
+   liquid-mail post --decision "[br-123] DECISION: <what you decided and why>"
+   ```
+
+4. **Complete (Beads is authority):**
+   ```bash
+   br close br-123 --reason "Completed"
+   liquid-mail post "[br-123] Completed: <summary with commit ref>"
+   ```
+
+### Mapping Cheat Sheet
+
+| Concept | In Beads | In Liquid Mail |
+|---------|----------|----------------|
+| Work item | `br-###` (issue ID) | Include `[br-###]` in posts |
+| Workstream | — | `--topic auth-system` |
+| Subject prefix | — | `[br-###] ...` |
+| Commit message | Include `br-###` | — |
+| Status | `br update --status` | Post progress messages |
+
+---
+
+## bv — Graph-Aware Triage Engine
+
+bv is a graph-aware triage engine for Beads projects (`.beads/beads.jsonl`). It computes PageRank, betweenness, critical path, cycles, HITS, eigenvector, and k-core metrics deterministically.
+
+**Scope boundary:** bv handles *what to work on* (triage, priority, planning). For agent-to-agent coordination (progress logging, decisions, cross-session context), use Liquid Mail.
+
+**CRITICAL: Use ONLY `--robot-*` flags. Bare `bv` launches an interactive TUI that blocks your session.**
+
+### The Workflow: Start With Triage
+
+**`bv --robot-triage` is your single entry point.** It returns:
+- `quick_ref`: at-a-glance counts + top 3 picks
+- `recommendations`: ranked actionable items with scores, reasons, unblock info
+- `quick_wins`: low-effort high-impact items
+- `blockers_to_clear`: items that unblock the most downstream work
+- `project_health`: status/type/priority distributions, graph metrics
+- `commands`: copy-paste shell commands for next steps
+
+```bash
+bv --robot-triage        # THE MEGA-COMMAND: start here
+bv --robot-next          # Minimal: just the single top pick + claim command
+```
+
+### Command Reference
+
+**Planning:**
+| Command | Returns |
+|---------|---------|
+| `--robot-plan` | Parallel execution tracks with `unblocks` lists |
+| `--robot-priority` | Priority misalignment detection with confidence |
+
+**Graph Analysis:**
+| Command | Returns |
+|---------|---------|
+| `--robot-insights` | Full metrics: PageRank, betweenness, HITS, eigenvector, critical path, cycles, k-core, articulation points, slack |
+| `--robot-label-health` | Per-label health: `health_level`, `velocity_score`, `staleness`, `blocked_count` |
+| `--robot-label-flow` | Cross-label dependency: `flow_matrix`, `dependencies`, `bottleneck_labels` |
+| `--robot-label-attention [--attention-limit=N]` | Attention-ranked labels |
+
+**History & Change Tracking:**
+| Command | Returns |
+|---------|---------|
+| `--robot-history` | Bead-to-commit correlations |
+| `--robot-diff --diff-since <ref>` | Changes since ref: new/closed/modified issues, cycles |
+
+**Other:**
+| Command | Returns |
+|---------|---------|
+| `--robot-burndown <sprint>` | Sprint burndown, scope changes, at-risk items |
+| `--robot-forecast <id\|all>` | ETA predictions with dependency-aware scheduling |
+| `--robot-alerts` | Stale issues, blocking cascades, priority mismatches |
+| `--robot-suggest` | Hygiene: duplicates, missing deps, label suggestions |
+| `--robot-graph [--graph-format=json\|dot\|mermaid]` | Dependency graph export |
+| `--export-graph <file.html>` | Interactive HTML visualization |
+
+### Scoping & Filtering
+
+```bash
+bv --robot-plan --label backend              # Scope to label's subgraph
+bv --robot-insights --as-of HEAD~30          # Historical point-in-time
+bv --recipe actionable --robot-plan          # Pre-filter: ready to work
+bv --recipe high-impact --robot-triage       # Pre-filter: top PageRank
+bv --robot-triage --robot-triage-by-track    # Group by parallel work streams
+bv --robot-triage --robot-triage-by-label    # Group by domain
+```
+
+### Understanding Robot Output
+
+**All robot JSON includes:**
+- `data_hash` — Fingerprint of source beads.jsonl
+- `status` — Per-metric state: `computed|approx|timeout|skipped` + elapsed ms
+- `as_of` / `as_of_commit` — Present when using `--as-of`
+
+**Two-phase analysis:**
+- **Phase 1 (instant):** degree, topo sort, density
+- **Phase 2 (async, 500ms timeout):** PageRank, betweenness, HITS, eigenvector, cycles
+
+### jq Quick Reference
+
+```bash
+bv --robot-triage | jq '.quick_ref'                        # At-a-glance summary
+bv --robot-triage | jq '.recommendations[0]'               # Top recommendation
+bv --robot-plan | jq '.plan.summary.highest_impact'        # Best unblock target
+bv --robot-insights | jq '.status'                         # Check metric readiness
+bv --robot-insights | jq '.Cycles'                         # Circular deps (must fix!)
+```
+
+---
+
+## UBS — Ultimate Bug Scanner
+
+**Golden Rule:** `ubs <changed-files>` before every commit. Exit 0 = safe. Exit >0 = fix & re-run.
+
+### Commands
+
+```bash
+ubs file.rs file2.rs                    # Specific files (< 1s) — USE THIS
+ubs $(jj diff --name-only)              # Changed files — before commit
+ubs --only=rust,toml src/               # Language filter (3-5x faster)
+ubs --ci --fail-on-warning .            # CI mode — before PR
+ubs .                                   # Whole project (ignores target/, Cargo.lock)
+```
+
+### Output Format
+
+```
+⚠️  Category (N errors)
+    file.rs:42:5 – Issue description
+    💡 Suggested fix
+Exit code: 1
+```
+
+Parse: `file:line:col` → location | 💡 → how to fix | Exit 0/1 → pass/fail
+
+### Fix Workflow
+
+1. Read finding → category + fix suggestion
+2. Navigate `file:line:col` → view context
+3. Verify real issue (not false positive)
+4. Fix root cause (not symptom)
+5. Re-run `ubs <file>` → exit 0
+6. Commit
+
+### Bug Severity
+
+- **Critical (always fix):** Memory safety, use-after-free, data races, SQL injection
+- **Important (production):** Unwrap panics, resource leaks, overflow checks
+- **Contextual (judgment):** TODO/FIXME, println! debugging
+
+---
+
+## ast-grep vs ripgrep
+
+**Use `ast-grep` when structure matters.** It parses code and matches AST nodes, ignoring comments/strings, and can **safely rewrite** code.
+
+- Refactors/codemods: rename APIs, change import forms
+- Policy checks: enforce patterns across a repo
+- Editor/automation: LSP mode, `--json` output
+
+**Use `ripgrep` when text is enough.** Fastest way to grep literals/regex.
+
+- Recon: find strings, TODOs, log lines, config values
+- Pre-filter: narrow candidate files before ast-grep
+
+### Rule of Thumb
+
+- Need correctness or **applying changes** → `ast-grep`
+- Need raw speed or **hunting text** → `rg`
+- Often combine: `rg` to shortlist files, then `ast-grep` to match/modify
+
+### Rust Examples
+
+```bash
+# Find structured code (ignores comments)
+ast-grep run -l Rust -p 'fn $NAME($$$ARGS) -> $RET { $$$BODY }'
+
+# Find all unwrap() calls
+ast-grep run -l Rust -p '$EXPR.unwrap()'
+
+# Quick textual hunt
+rg -n 'println!' -t rust
+
+# Combine speed + precision
+rg -l -t rust 'unwrap\(' | xargs ast-grep run -l Rust -p '$X.unwrap()' --json
+```
+
+---
+
+## Morph Warp Grep — AI-Powered Code Search
+
+**Use `mcp__morph-mcp__warp_grep` for exploratory "how does X work?" questions.** An AI agent expands your query, greps the codebase, reads relevant files, and returns precise line ranges with full context.
+
+**Use `ripgrep` for targeted searches.** When you know exactly what you're looking for.
+
+**Use `ast-grep` for structural patterns.** When you need AST precision for matching/rewriting.
+
+### When to Use What
+
+| Scenario | Tool | Why |
+|----------|------|-----|
+| "How is pattern matching implemented?" | `warp_grep` | Exploratory; don't know where to start |
+| "Where is the quick reject filter?" | `warp_grep` | Need to understand architecture |
+| "Find all uses of `Regex::new`" | `ripgrep` | Targeted literal search |
+| "Find files with `println!`" | `ripgrep` | Simple pattern |
+| "Replace all `unwrap()` with `expect()`" | `ast-grep` | Structural refactor |
+
+### warp_grep Usage
+
+```
+mcp__morph-mcp__warp_grep(
+  repoPath: "/path/to/dcg",
+  query: "How does the safe pattern whitelist work?"
+)
+```
+
+Returns structured results with file paths, line ranges, and extracted code snippets.
+
+### Anti-Patterns
+
+- **Don't** use `warp_grep` to find a specific function name → use `ripgrep`
+- **Don't** use `ripgrep` to understand "how does X work" → wastes time with manual reads
+- **Don't** use `ripgrep` for codemods → risks collateral edits
+
+<!-- bv-agent-instructions-v1 -->
+
+---
+
+## Beads Workflow Integration
+
+This project uses [beads_viewer](https://github.com/Dicklesworthstone/beads_viewer) for issue tracking. Issues are stored in `.beads/` and tracked in version control.
+
+**Note:** `br` is non-invasive—it never executes VCS commands directly. You must commit manually after `br sync --flush-only`.
+
+### Essential Commands
+
+```bash
+# View issues (launches TUI - avoid in automated sessions)
+bv
+
+# CLI commands for agents (use these instead)
+br ready              # Show issues ready to work (no blockers)
+br list --status=open # All open issues
+br show <id>          # Full issue details with dependencies
+br create --title="..." --type=task --priority=2
+br update <id> --status=in_progress
+br close <id> --reason="Completed"
+br close <id1> <id2>  # Close multiple issues at once
+br sync --flush-only  # Export to JSONL (then: jj commit -m "Update beads")
+```
+
+### Workflow Pattern
+
+1. **Start**: Run `br ready` to find actionable work
+2. **Claim**: Use `br update <id> --status=in_progress`
+3. **Work**: Implement the task
+4. **Complete**: Use `br close <id>`
+5. **Sync**: Run `br sync --flush-only`, then `git add .beads/ && git commit -m "Update beads"`
+
+### Key Concepts
+
+- **Dependencies**: Issues can block other issues. `br ready` shows only unblocked work.
+- **Priority**: P0=critical, P1=high, P2=medium, P3=low, P4=backlog (use numbers, not words)
+- **Types**: task, bug, feature, epic, question, docs
+- **Blocking**: `br dep add <issue> <depends-on>` to add dependencies
+
+### Session Protocol
+
+**Before ending any session, run this checklist (solo/lead only — workers skip VCS):**
+
+```bash
+jj status                        # Check what changed
+br sync --flush-only             # Export beads to JSONL
+jj commit -m "..."               # Commit code and beads (jj auto-tracks all changes)
+jj bookmark set <name> -r @-     # Point bookmark at committed work
+jj git push -b <name>            # Push to remote
+```
+
+### Best Practices
+
+- Check `br ready` at session start to find available work
+- Update status as you work (in_progress → closed)
+- Create new issues with `br create` when you discover tasks
+- Use descriptive titles and set appropriate priority/type
+- Always run `br sync --flush-only` then commit before ending session (jj auto-tracks .beads/)
+
+<!-- end-bv-agent-instructions -->
+
+## Landing the Plane (Session Completion)
+
+**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until push succeeds.
+
+**WHO RUNS THIS:** Solo agents run it themselves. In multi-agent sessions, ONLY the team lead runs this. Workers skip VCS entirely.
+
+**MANDATORY WORKFLOW:**
+
+1. **File issues for remaining work** - Create issues for anything that needs follow-up
+2. **Run quality gates** (if code changed) - Tests, linters, builds
+3. **Update issue status** - Close finished work, update in-progress items
+4. **PUSH TO REMOTE** - This is MANDATORY:
+   ```bash
+   jj git fetch                       # Get latest remote state
+   jj rebase -d trunk()               # Rebase onto latest trunk if needed
+   br sync --flush-only               # Export beads to JSONL
+   jj commit -m "Update beads"        # Commit (jj auto-tracks .beads/ changes)
+   jj bookmark set <name> -r @-       # Point bookmark at committed work
+   jj git push -b <name>              # Push to remote
+   jj log -r '<name>'                 # Verify bookmark position
+   ```
+5. **Clean up** - Abandon empty orphan changes if any (`jj abandon <rev>`)
+6. **Verify** - All changes committed AND pushed
+7. **Hand off** - Provide context for next session
+
+**CRITICAL RULES:**
+- Work is NOT complete until `jj git push` succeeds
+- NEVER stop before pushing - that leaves work stranded locally
+- NEVER say "ready to push when you are" - YOU must push
+- If push fails, resolve and retry until it succeeds
+
+---
+
+## cass — Cross-Agent Session Search
+
+`cass` indexes prior agent conversations (Claude Code, Codex, Cursor, Gemini, ChatGPT, etc.) so we can reuse solved problems.
+
+**Rules:** Never run bare `cass` (TUI). Always use `--robot` or `--json`.
+
+### Examples
+
+```bash
+cass health
+cass search "async runtime" --robot --limit 5
+cass view /path/to/session.jsonl -n 42 --json
+cass expand /path/to/session.jsonl -n 42 -C 3 --json
+cass capabilities --json
+cass robot-docs guide
+```
+
+### Tips
+
+- Use `--fields minimal` for lean output
+- Filter by agent with `--agent`
+- Use `--days N` to limit to recent history
+
+stdout is data-only, stderr is diagnostics; exit code 0 means success.
+
+Treat cass as a way to avoid re-solving problems other agents already handled.
+
+---
+
+## Note for Codex/GPT-5.2
+
+You constantly bother me and stop working with concerned questions that look similar to this:
+
+```
+Unexpected changes (need guidance)
+
+- Working tree still shows edits I did not make in Cargo.toml, Cargo.lock, src/runtime.rs, src/scope.rs. Please advise whether to keep/commit/revert these before any further work. I did not touch them.
+
+Next steps (pick one)
+
+1. Decide how to handle the unrelated modified files above so we can resume cleanly.
+```
+
+NEVER EVER DO THAT AGAIN. The answer is literally ALWAYS the same: those are changes created by the potentially dozen of other agents working on the project at the same time. This is not only a common occurence, it happens multiple times PER MINUTE. The way to deal with it is simple: you NEVER, under ANY CIRCUMSTANCE, stash, revert, overwrite, or otherwise disturb in ANY way the work of other agents. Just treat those changes identically to changes that you yourself made. Just fool yourself into thinking YOU made the changes and simply don't recall it for some reason.
+
+---
+
+## Note on Built-in TODO Functionality
+
+Also, if I ask you to explicitly use your built-in TODO functionality, don't complain about this and say you need to use beads. You can use built-in TODOs if I tell you specifically to do so. Always comply with such orders.
+
+## TDD Requirements
+
+Test-first development is mandatory:
+1. **RED** - Write failing test first
+2. **GREEN** - Minimal implementation to pass
+3. **REFACTOR** - Clean up while green
+
+## Key Patterns
+
+Find the simplest solution that meets all acceptance criteria.
+Use third party libraries whenever there's a well-maintained, active, and widely adopted solution (for example, date-fns for TS date math)
+Build extensible pieces of logic that can easily be integrated with other pieces.
+DRY principles should be loosely held.
+Architecture MUST be clear and well thought-out. Ask the user for clarification whenever ambiguity is discovered around architecture, or you think a better approach than planned exists.
+
+---
+
+## Third-Party Library Usage
+
+If you aren't 100% sure how to use a third-party library, **SEARCH ONLINE** to find the latest documentation and mid-2025 best practices.
+
+---
+
+## Gitlore Robot Mode
+
+The `lore` CLI has a robot mode optimized for AI agent consumption with compact JSON output, structured errors with machine-actionable recovery steps, meaningful exit codes, response timing metadata, field selection for token efficiency, and TTY auto-detection.
+
+### Activation
+
+```bash
+# Explicit flag
+lore --robot issues -n 10
+
+# JSON shorthand (-J)
+lore -J issues -n 10
+
+# Auto-detection (when stdout is not a TTY)
+lore issues | jq .
+
+# Environment variable
+LORE_ROBOT=1 lore issues
+```
+
+### Robot Mode Commands
+
+```bash
+# List issues/MRs with JSON output
+lore --robot issues -n 10
+lore --robot mrs -s opened
+
+# Filter issues by work item status (case-insensitive)
+lore --robot issues --status "In progress"
+
+# List with field selection (reduces token usage ~60%)
+lore --robot issues --fields minimal
+lore --robot mrs --fields iid,title,state,draft
+
+# Show detailed entity info
+lore --robot issues 123
+lore --robot mrs 456 -p group/repo
+
+# Count entities
+lore --robot count issues
+lore --robot count discussions --for mr
+
+# Search indexed documents
+lore --robot search "authentication bug"
+
+# Check sync status
+lore --robot status
+
+# Run full sync pipeline
+lore --robot sync
+
+# Run sync without resource events
+lore --robot sync --no-events
+
+# Surgical sync: specific entities by IID
+lore --robot sync --issue 42 -p group/repo
+lore --robot sync --mr 99 --mr 100 -p group/repo
+
+# Run ingestion only
+lore --robot ingest issues
+
+# Trace why code was introduced
+lore --robot trace src/main.rs -p group/repo
+
+# File-level MR history
+lore --robot file-history src/auth/ -p group/repo
+
+# Manage cron-based auto-sync (Unix)
+lore --robot cron status
+lore --robot cron install --interval 15
+
+# Token management
+lore --robot token show
+
+# Check environment health
+lore --robot doctor
+
+# Document and index statistics
+lore --robot stats
+
+# Quick health pre-flight check (exit 0 = healthy, 19 = unhealthy)
+lore --robot health
+
+# Generate searchable documents from ingested data
+lore --robot generate-docs
+
+# Generate vector embeddings via Ollama
+lore --robot embed
+
+# Personal work dashboard
+lore --robot me
+lore --robot me --issues
+lore --robot me --mrs
+lore --robot me --activity --since 7d
+lore --robot me --project group/repo
+lore --robot me --user jdoe
+lore --robot me --fields minimal
+lore --robot me --reset-cursor
+
+# Find semantically related entities
+lore --robot related issues 42
+lore --robot related "authentication flow"
+
+# Re-register projects from config
+lore --robot init --refresh
+
+# Agent self-discovery manifest (all commands, flags, exit codes, response schemas)
+lore robot-docs
+
+# Version information
+lore --robot version
+```
+
+### Response Format
+
+All commands return compact JSON with a uniform envelope and timing metadata:
+
+```json
+{"ok":true,"data":{...},"meta":{"elapsed_ms":42}}
+```
+
+Errors return structured JSON to stderr with machine-actionable recovery steps:
+
+```json
+{"error":{"code":"CONFIG_NOT_FOUND","message":"...","suggestion":"Run 'lore init'","actions":["lore init"]}}
+```
+
+The `actions` array contains executable shell commands for automated recovery. It is omitted when empty.
+
+### Field Selection
+
+The `--fields` flag on `issues` and `mrs` list commands controls which fields appear in the JSON response:
+
+```bash
+lore -J issues --fields minimal                    # Preset: iid, title, state, updated_at_iso
+lore -J mrs --fields iid,title,state,draft,labels  # Custom field list
+```
+
+### Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Success |
+| 1 | Internal error / not implemented |
+| 2 | Usage error (invalid flags or arguments) |
+| 3 | Config invalid |
+| 4 | Token not set |
+| 5 | GitLab auth failed |
+| 6 | Resource not found |
+| 7 | Rate limited |
+| 8 | Network error |
+| 9 | Database locked |
+| 10 | Database error |
+| 11 | Migration failed |
+| 12 | I/O error |
+| 13 | Transform error |
+| 14 | Ollama unavailable |
+| 15 | Ollama model not found |
+| 16 | Embedding failed |
+| 17 | Not found (entity does not exist) |
+| 18 | Ambiguous match (use `-p` to specify project) |
+| 19 | Health check failed |
+| 20 | Config not found |
+
+### Configuration Precedence
+
+1. CLI flags (highest priority)
+2. Environment variables (`LORE_ROBOT`, `GITLAB_TOKEN`, `LORE_CONFIG_PATH`)
+3. Config file (`~/.config/lore/config.json`)
+4. Built-in defaults (lowest priority)
+
+### Best Practices
+
+- Use `lore --robot` or `lore -J` for all agent interactions
+- Check exit codes for error handling
+- Parse JSON errors from stderr; use `actions` array for automated recovery
+- Use `--fields minimal` to reduce token usage (~60% fewer tokens)
+- Use `-n` / `--limit` to control response size
+- Use `-q` / `--quiet` to suppress progress bars and non-essential output
+- Use `--color never` in non-TTY automation for ANSI-free output
+- Use `-v` / `-vv` / `-vvv` for increasing verbosity (debug/trace logging)
+- Use `--log-format json` for machine-readable log output to stderr
+- TTY detection handles piped commands automatically
+- Use `lore --robot health` as a fast pre-flight check before queries
+- Use `lore robot-docs` for response schema discovery
+- The `-p` flag supports fuzzy project matching (suffix and substring)
+
+---
+
+## Read/Write Split: lore vs glab
+
+| Operation | Tool | Why |
+|-----------|------|-----|
+| List issues/MRs | lore | Richer: includes status, discussions, closing MRs |
+| View issue/MR detail | lore | Pre-joined discussions, work-item status |
+| Search across entities | lore | FTS5 + vector hybrid search |
+| Expert/workload analysis | lore | who command — no glab equivalent |
+| Timeline reconstruction | lore | Chronological narrative — no glab equivalent |
+| Create/update/close | glab | Write operations |
+| Approve/merge MR | glab | Write operations |
+| CI/CD pipelines | glab | Not in lore scope |
+
+````markdown
+## UBS Quick Reference for AI Agents
+
+UBS stands for "Ultimate Bug Scanner": **The AI Coding Agent's Secret Weapon: Flagging Likely Bugs for Fixing Early On**
+
+**Install:** `curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/master/install.sh | bash`
+
+**Golden Rule:** `ubs <changed-files>` before every commit. Exit 0 = safe. Exit >0 = fix & re-run.
+
+**Commands:**
+```bash
+ubs file.ts file2.py                    # Specific files (< 1s) — USE THIS
+ubs $(git diff --name-only --cached)    # Staged files — before commit
+ubs --only=js,python src/               # Language filter (3-5x faster)
+ubs --ci --fail-on-warning .            # CI mode — before PR
+ubs --help                              # Full command reference
+ubs sessions --entries 1                # Tail the latest install session log
+ubs .                                   # Whole project (ignores things like .venv and node_modules automatically)
+```
+
+**Output Format:**
+```
+⚠️  Category (N errors)
+    file.ts:42:5 – Issue description
+    💡 Suggested fix
+Exit code: 1
+```
+Parse: `file:line:col` → location | 💡 → how to fix | Exit 0/1 → pass/fail
+
+**Fix Workflow:**
+1. Read finding → category + fix suggestion
+2. Navigate `file:line:col` → view context
+3. Verify real issue (not false positive)
+4. Fix root cause (not symptom)
+5. Re-run `ubs <file>` → exit 0
+6. Commit
+
+**Speed Critical:** Scope to changed files. `ubs src/file.ts` (< 1s) vs `ubs .` (30s). Never full scan for small edits.
+
+**Bug Severity:**
+- **Critical** (always fix): Null safety, XSS/injection, async/await, memory leaks
+- **Important** (production): Type narrowing, division-by-zero, resource leaks
+- **Contextual** (judgment): TODO/FIXME, console logs
+
+**Anti-Patterns:**
+- ❌ Ignore findings → ✅ Investigate each
+- ❌ Full scan per edit → ✅ Scope to file
+- ❌ Fix symptom (`if (x) { x.y }`) → ✅ Root cause (`x?.y`)
+````
+
+<!-- BEGIN LIQUID MAIL (v:48d7b3fc) -->
+## Integrating Liquid Mail with Beads
+
+**Beads** manages task status, priority, and dependencies (`br` CLI).
+**Liquid Mail** provides the shared log—progress, decisions, and context that survives sessions.
+
+### Conventions
+
+- **Single source of truth**: Beads owns task state; Liquid Mail owns conversation/decisions
+- **Shared identifiers**: Include the Beads issue ID in posts (e.g., `[lm-jht] Topic validation rules`)
+- **Decisions before action**: Post `DECISION:` messages before risky changes, not after
+- **Identity in user updates**: In every user-facing reply, include your window-name (derived from `LIQUID_MAIL_WINDOW_ID`) so humans can distinguish concurrent agents.
+
+### Typical Flow
+
+**1. Pick ready work (Beads)**
+```bash
+br ready                    # Find available work (no blockers)
+br show lm-jht              # Review details
+br update lm-jht --status in_progress
+```
+
+**2. Check context (Liquid Mail)**
+```bash
+liquid-mail notify          # See what changed since last session
+liquid-mail query "lm-jht"  # Find prior discussion on this issue
+```
+
+**3. Work and log progress (topic required)**
+
+The `--topic` flag is required for your first post. After that, the topic is pinned to your window.
+```bash
+liquid-mail post --topic auth-system "[lm-jht] START: Reviewing current topic id patterns"
+liquid-mail post "[lm-jht] FINDING: IDs like lm3189... are being used as topic names"
+liquid-mail post "[lm-jht] NEXT: Add validation + rename guidance"
+```
+
+**4. Decisions before risky changes**
+```bash
+liquid-mail post --decision "[lm-jht] DECISION: Reject UUID-like topic names; require slugs"
+# Then implement
+```
+
+### Decision Conflicts (Preflight)
+
+When you post a decision (via `--decision` or a `DECISION:` line), Liquid Mail can preflight-check for conflicts with prior decisions **in the same topic**.
+
+- If a conflict is detected, `liquid-mail post` fails with `DECISION_CONFLICT`.
+- Review prior decisions: `liquid-mail decisions --topic <topic>`.
+- If you intend to supersede the old decision, re-run with `--yes` and include what changed and why.
+
+**5. Complete (Beads is authority)**
+```bash
+br close lm-jht             # Mark complete in Beads
+liquid-mail post "[lm-jht] Completed: Topic validation shipped in 177267d"
+```
+
+### Posting Format
+
+- **Short** (5-15 lines, not walls of text)
+- **Prefixed** with ALL-CAPS tags: `FINDING:`, `DECISION:`, `QUESTION:`, `NEXT:`
+- **Include file paths** so others can jump in: `src/services/auth.ts:42`
+- **Include issue IDs** in brackets: `[lm-jht]`
+- **User-facing replies**: include `AGENT: <window-name>` near the top. Get it with `liquid-mail window name`.
+
+### Topics (Required)
+
+Liquid Mail organizes messages into **topics** (Honcho sessions). Topics are **soft boundaries**—search spans all topics by default.
+
+**Rule:** `liquid-mail post` requires a topic:
+- Provide `--topic <name>`, OR
+- Post inside a window that already has a pinned topic.
+
+Topic names must be:
+- 4–50 characters
+- lowercase letters/numbers with hyphens
+- start with a letter, end with a letter/number
+- no consecutive hyphens
+- not reserved (`all`, `new`, `help`, `merge`, `rename`, `list`)
+- not UUID-like (`lm<32-hex>` or standard UUIDs)
+
+Good examples: `auth-system`, `db-system`, `dashboards`
+
+Commands:
+
+- **List topics (newest first)**: `liquid-mail topics`
+- **Find context across topics**: `liquid-mail query "auth"`, then pick a topic name
+- **Rename a topic (alias)**: `liquid-mail topic rename <old> <new>`
+- **Merge two topics into a new one**: `liquid-mail topic merge <A> <B> --into <C>`
+
+Examples (component topic + Beads id in the subject):
+```bash
+liquid-mail post --topic auth-system "[lm-jht] START: Investigating token refresh failures"
+liquid-mail post --topic auth-system "[lm-jht] FINDING: refresh happens in middleware, not service layer"
+liquid-mail post --topic auth-system --decision "[lm-jht] DECISION: Move refresh logic into AuthService"
+
+liquid-mail post --topic dashboards "[lm-1p5] START: Adding latency panel"
+```
+
+### Context Refresh (Before New Work / After Redirects)
+
+If you see redirect/merge messages, refresh context before acting:
+```bash
+liquid-mail notify
+liquid-mail window status --json
+liquid-mail summarize --topic <topic>
+liquid-mail decisions --topic <topic>
+```
+
+If you discover a newer "canonical" topic (for example after a topic merge), switch to it explicitly:
+```bash
+liquid-mail post --topic <new-topic> "[lm-xxxx] CONTEXT: Switching topics (rename/merge)"
+```
+
+### Live Updates (Polling)
+
+Liquid Mail is pull-based by default (you run `notify`). For near-real-time updates:
+```bash
+liquid-mail watch --topic <topic>   # watch a topic
+liquid-mail watch                   # or watch your pinned topic
+```
+
+### Mapping Cheat-Sheet
+
+| Concept | In Beads | In Liquid Mail |
+|---------|----------|----------------|
+| Work item | `lm-jht` (issue ID) | Include `[lm-jht]` in posts |
+| Workstream | — | `--topic auth-system` |
+| Subject prefix | — | `[lm-jht] ...` |
+| Commit message | Include `lm-jht` | — |
+| Status | `br update --status` | Post progress messages |
+
+### Pitfalls
+
+- **Don't manage tasks in Liquid Mail**—Beads is the single task queue
+- **Always include `lm-xxx`** in posts to avoid ID drift across tools
+- **Don't dump logs**—keep posts short and structured
+
+### Quick Reference
+
+| Need | Command |
+|------|---------|
+| What changed? | `liquid-mail notify` |
+| Log progress | `liquid-mail post "[lm-xxx] ..."` |
+| Before risky change | `liquid-mail post --decision "[lm-xxx] DECISION: ..."` |
+| Find history | `liquid-mail query "search term"` |
+| Prior decisions | `liquid-mail decisions --topic <topic>` |
+| Show config | `liquid-mail config` |
+| List topics | `liquid-mail topics` |
+| Rename topic | `liquid-mail topic rename <old> <new>` |
+| Merge topics | `liquid-mail topic merge <A> <B> --into <C>` |
+| Polling watch | `liquid-mail watch [--topic <topic>]` |
+<!-- END LIQUID MAIL -->

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lore"
-version = "0.5.2"
+version = "0.9.4"
 edition = "2024"
 description = "Gitlore - Local GitLab data management with semantic search"
 authors = ["Taylor Eernisse"]
@@ -25,16 +25,15 @@ clap_complete = "4"
 dialoguer = "0.12"
 console = "0.16"
 indicatif = "0.18"
-comfy-table = "7"
+lipgloss = { package = "charmed-lipgloss", version = "0.2", default-features = false, features = ["native"] }
 open = "5"
 
 # HTTP
-reqwest = { version = "0.12", features = ["json"] }
+asupersync = { version = "0.2", features = ["tls", "tls-native-roots"] }
-tokio = { version = "1", features = ["rt-multi-thread", "macros", "time", "signal"] }
 
 # Async streaming for pagination
 async-stream = "0.3"
-futures = { version = "0.3", default-features = false, features = ["alloc"] }
+futures = { version = "0.3", default-features = false, features = ["alloc", "async-await"] }
 
 # Utilities
 thiserror = "2"
@@ -60,6 +59,7 @@ tracing-appender = "0.2"
 
 [dev-dependencies]
 tempfile = "3"
+tokio = { version = "1", features = ["rt", "rt-multi-thread", "macros"] }
 wiremock = "0.6"
 
 [profile.release]

PROPOSED_CODE_FILE_REORGANIZATION_PLAN.md

@@ -0,0 +1,636 @@
+# Proposed Code File Reorganization Plan
+
+## 1. Scope, Audit Method, and Constraints
+
+This plan is based on a full audit of the `src/` tree (all 131 Rust files) plus integration tests in `tests/` that import `src` modules.
+
+What I audited:
+- module/file inventory (`src/**.rs`)
+- line counts and hotspot analysis
+- crate-internal import graph (`use crate::...`)
+- public API surface (public structs/enums/functions by file)
+- command routing and re-export topology (`main.rs`, `lib.rs`, `cli/mod.rs`, `cli/commands/mod.rs`)
+- cross-module coupling and test coupling
+
+Constraints followed for this proposal:
+- no implementation yet (plan only)
+- keep nesting shallow and intuitive
+- optimize for discoverability for humans and coding agents
+- no compatibility shims as a long-term strategy
+- every structural change includes explicit call-site update tracking
+
+---
+
+## 2. Current State (Measured)
+
+### 2.1 Size by top-level module (`src/`)
+
+| Module | Files | Lines | Prod Files | Prod Lines | Test Files | Test Lines |
+|---|---:|---:|---:|---:|---:|---:|
+| `cli` | 41 | 29,131 | 37 | 23,068 | 4 | 6,063 |
+| `core` | 39 | 12,493 | 27 | 7,599 | 12 | 4,894 |
+| `ingestion` | 15 | 6,935 | 10 | 5,259 | 5 | 1,676 |
+| `documents` | 6 | 3,657 | 4 | 1,749 | 2 | 1,908 |
+| `gitlab` | 11 | 3,607 | 8 | 2,391 | 3 | 1,216 |
+| `embedding` | 10 | 1,878 | 7 | 1,327 | 3 | 551 |
+| `search` | 6 | 1,115 | 6 | 1,115 | 0 | 0 |
+| `main.rs` | 1 | 3,744 | 1 | 3,744 | 0 | 0 |
+| `lib.rs` | 1 | 9 | 1 | 9 | 0 | 0 |
+
+Total in `src/`: **131 files / 62,569 lines**.
+
+### 2.2 Largest production hotspots
+
+| File | Lines | Why it matters |
+|---|---:|---|
+| `src/main.rs` | 3,744 | Binary entrypoint is doing too much dispatch and formatting work |
+| `src/cli/autocorrect.rs` | 1,865 | Large parsing/correction ruleset in one file |
+| `src/ingestion/orchestrator.rs` | 1,753 | Multi-stage ingestion orchestration and persistence mixed together |
+| `src/cli/commands/show.rs` | 1,544 | Issue/MR retrieval + rendering + JSON conversion all in one file |
+| `src/cli/render.rs` | 1,482 | Theme, table layout, formatting utilities bundled together |
+| `src/cli/commands/list.rs` | 1,383 | Issues + MRs + notes listing/query/printing in one file |
+| `src/cli/mod.rs` | 1,268 | Clap root parser plus every args struct |
+| `src/cli/commands/sync.rs` | 1,201 | Sync flow + human rendering + JSON output |
+| `src/cli/commands/me/queries.rs` | 1,135 | Multiple query families and post-processing logic |
+| `src/cli/commands/ingest.rs` | 1,116 | Ingest flow + dry-run + presentation concerns |
+| `src/documents/extractor.rs` | 1,059 | Four document source extractors in one file |
+
+### 2.3 High-level dependency flow (top modules)
+
+Observed module coupling from imports:
+- `cli -> core` (very heavy, 33 files)
+- `cli -> documents/embedding/gitlab/ingestion/search` (command-dependent)
+- `ingestion -> core` (12 files), `ingestion -> gitlab` (10 files)
+- `search -> core` and `search -> embedding`
+- `timeline` logic currently located under `core/*timeline*` but semantically acts as its own subsystem
+
+### 2.4 Structural pain points
+
+1. `main.rs` is overloaded with command handlers, robot output envelope types, clap error mapping, and domain invocation.
+2. `cli/mod.rs` mixes root parser concerns with command-specific argument schemas.
+3. `core/` still holds domain-specific subsystems (`timeline`, cross-reference extraction, ingestion persistence helpers) that are not truly "core infra".
+4. Several large command files combine query/build/fetch/render/json responsibilities.
+5. Test helper setup is duplicated heavily in large test files (`who_tests`, `list_tests`, `me_tests`).
+
+---
+
+## 3. Reorganization Principles
+
+1. Keep top-level domains explicit: `cli`, `core` (infra), `gitlab`, `ingestion`, `documents`, `embedding`, `search`, plus extracted domain modules where justified.
+2. Keep nesting shallow: max 2-3 levels in normal workflow paths.
+3. Co-locate command-specific args/types/rendering with the command implementation.
+4. Separate orchestration from formatting from data-access code.
+5. Prefer module boundaries that map to runtime pipeline boundaries.
+6. Make import paths reveal ownership directly.
+
+---
+
+## 4. Proposed Target Structure (End State)
+
+```text
+src/
+  main.rs                      # thin binary entrypoint
+  lib.rs
+
+  app/                         # NEW: runtime dispatch/orchestration glue
+    mod.rs
+    dispatch.rs
+    errors.rs
+    robot_docs.rs
+
+  cli/
+    mod.rs                     # Cli + Commands only
+    args.rs                    # shared args structs used by Commands variants
+    render/
+      mod.rs
+      format.rs
+      table.rs
+      theme.rs
+    autocorrect/
+      mod.rs
+      flags.rs
+      enums.rs
+      fuzzy.rs
+    commands/
+      mod.rs
+      list/
+        mod.rs
+        issues.rs
+        mrs.rs
+        notes.rs
+        render.rs
+      show/
+        mod.rs
+        issue.rs
+        mr.rs
+        render.rs
+      me/                      # keep existing folder, retain split style
+      who/                     # keep existing folder, retain split style
+      ingest/
+        mod.rs
+        run.rs
+        dry_run.rs
+        render.rs
+      sync/
+        mod.rs
+        run.rs
+        render.rs
+        surgical.rs
+      # smaller focused commands can stay single-file for now
+
+  core/                        # infra-only boundary after moves
+    mod.rs
+    backoff.rs
+    config.rs
+    cron.rs
+    cursor.rs
+    db.rs
+    error.rs
+    file_history.rs
+    lock.rs
+    logging.rs
+    metrics.rs
+    path_resolver.rs
+    paths.rs
+    project.rs
+    shutdown.rs
+    time.rs
+    trace.rs
+
+  timeline/                    # NEW: extracted domain subsystem
+    mod.rs
+    types.rs
+    seed.rs
+    expand.rs
+    collect.rs
+
+  xref/                        # NEW: extracted cross-reference subsystem
+    mod.rs
+    note_parser.rs
+    references.rs
+
+  ingestion/
+    mod.rs
+    issues.rs
+    merge_requests.rs
+    discussions.rs
+    mr_discussions.rs
+    mr_diffs.rs
+    dirty_tracker.rs
+    discussion_queue.rs
+    orchestrator/
+      mod.rs
+      issues_flow.rs
+      mrs_flow.rs
+      resource_events.rs
+      closes_issues.rs
+      diff_jobs.rs
+      progress.rs
+    storage/                   # NEW: ingestion-owned persistence helpers
+      mod.rs
+      payloads.rs              # from core/payloads.rs
+      events.rs                # from core/events_db.rs
+      queue.rs                 # from core/dependent_queue.rs
+      sync_run.rs              # from core/sync_run.rs
+
+  documents/
+    mod.rs
+    extractor/
+      mod.rs
+      issues.rs
+      mrs.rs
+      discussions.rs
+      notes.rs
+      common.rs
+    regenerator.rs
+    truncation.rs
+
+  embedding/
+    mod.rs
+    change_detector.rs
+    chunks.rs                  # merge chunk_ids.rs + chunking.rs
+    ollama.rs
+    pipeline.rs
+    similarity.rs
+
+  gitlab/
+    # mostly keep as-is (already coherent)
+
+  search/
+    # mostly keep as-is (already coherent)
+```
+
+Notes:
+- `gitlab/` and `search/` are already cohesive and should largely remain unchanged.
+- `who/` and `me/` command families are already split well relative to other commands.
+
+---
+
+## 5. Detailed Change Plan (Phased)
+
+## Phase 1: Domain Boundary Extraction (lowest conceptual risk, high clarity gain)
+
+### 5.1 Extract timeline subsystem from `core`
+
+Move:
+- `src/core/timeline.rs` -> `src/timeline/types.rs`
+- `src/core/timeline_seed.rs` -> `src/timeline/seed.rs`
+- `src/core/timeline_expand.rs` -> `src/timeline/expand.rs`
+- `src/core/timeline_collect.rs` -> `src/timeline/collect.rs`
+- add `src/timeline/mod.rs`
+
+Why:
+- Timeline is a full pipeline domain (seed -> expand -> collect), not core infra.
+- Improves discoverability for `lore timeline` and timeline tests.
+
+Calling-code updates required:
+- `src/cli/commands/timeline.rs`
+  - `crate::core::timeline::*` -> `crate::timeline::*`
+  - `crate::core::timeline_seed::*` -> `crate::timeline::seed::*`
+  - `crate::core::timeline_expand::*` -> `crate::timeline::expand::*`
+  - `crate::core::timeline_collect::*` -> `crate::timeline::collect::*`
+- `tests/timeline_pipeline_tests.rs`
+  - `lore::core::timeline*` imports -> `lore::timeline::*`
+- internal references among moved files update from `crate::core::timeline` to `crate::timeline::types`
+- `src/core/mod.rs`: remove `timeline*` module declarations
+- `src/lib.rs`: add `pub mod timeline;`
+
+### 5.2 Extract cross-reference subsystem from `core`
+
+Move:
+- `src/core/note_parser.rs` -> `src/xref/note_parser.rs`
+- `src/core/references.rs` -> `src/xref/references.rs`
+- add `src/xref/mod.rs`
+
+Why:
+- Cross-reference extraction is a domain subsystem feeding ingestion and timeline.
+- Current placement in `core/` obscures data flow.
+
+Calling-code updates required:
+- `src/ingestion/orchestrator.rs`
+  - `crate::core::references::*` -> `crate::xref::references::*`
+  - `crate::core::note_parser::*` -> `crate::xref::note_parser::*`
+- `src/core/mod.rs`: remove `note_parser` and `references`
+- `src/lib.rs`: add `pub mod xref;`
+- tests referencing old paths update to `crate::xref::*`
+
+### 5.3 Move ingestion-owned persistence helpers out of `core`
+
+Move:
+- `src/core/payloads.rs` -> `src/ingestion/storage/payloads.rs`
+- `src/core/events_db.rs` -> `src/ingestion/storage/events.rs`
+- `src/core/dependent_queue.rs` -> `src/ingestion/storage/queue.rs`
+- `src/core/sync_run.rs` -> `src/ingestion/storage/sync_run.rs`
+- add `src/ingestion/storage/mod.rs`
+
+Why:
+- These files primarily support ingestion/sync runtime behavior and ingestion persistence.
+- Consolidates ingestion runtime + ingestion storage into one domain area.
+
+Calling-code updates required:
+- `src/ingestion/discussions.rs`, `issues.rs`, `merge_requests.rs`, `mr_discussions.rs`
+  - `core::payloads::*` -> `ingestion::storage::payloads::*`
+- `src/ingestion/orchestrator.rs`
+  - `core::dependent_queue::*` -> `ingestion::storage::queue::*`
+  - `core::events_db::*` -> `ingestion::storage::events::*`
+- `src/main.rs`
+  - `core::dependent_queue::release_all_locked_jobs` -> `ingestion::storage::queue::release_all_locked_jobs`
+  - `core::sync_run::SyncRunRecorder` -> `ingestion::storage::sync_run::SyncRunRecorder`
+- `src/cli/commands/count.rs`
+  - `core::events_db::*` -> `ingestion::storage::events::*`
+- `src/cli/commands/sync_surgical.rs`
+  - `core::sync_run::SyncRunRecorder` -> `ingestion::storage::sync_run::SyncRunRecorder`
+- `src/core/mod.rs`: remove moved modules
+- `src/ingestion/mod.rs`: export `pub mod storage;`
+
+---
+
+## Phase 2: CLI Structure Cleanup (high dev ergonomics impact)
+
+### 5.4 Split `cli/mod.rs` responsibilities
+
+Current:
+- root parser (`Cli`, `Commands`)
+- all args structs (`IssuesArgs`, `WhoArgs`, `MeArgs`, etc.)
+
+Proposed:
+- `src/cli/mod.rs`: only `Cli`, `Commands`, top-level parser behavior
+- `src/cli/args.rs`: all args structs and command-local enums (`CronAction`, `TokenAction`)
+
+Why:
+- keeps parser root small and readable
+- one canonical place for args schemas
+
+Calling-code updates required:
+- `src/main.rs`
+  - `use lore::cli::{..., WhoArgs, ...}` -> `use lore::cli::args::{...}` (or re-export from `cli/mod.rs`)
+- `src/cli/commands/who/mod.rs`
+  - `use crate::cli::WhoArgs;` -> `use crate::cli::args::WhoArgs;`
+- `src/cli/commands/me/mod.rs`
+  - `use crate::cli::MeArgs;` -> `use crate::cli::args::MeArgs;`
+
+### 5.5 Make `main.rs` thin by moving dispatch logic to `app/`
+
+Proposed splits from `main.rs`:
+- `app/dispatch.rs`: all `handle_*` command handlers
+- `app/errors.rs`: clap error mapping, correction warning formatting
+- `app/robot_docs.rs`: robot docs schema/data envelope generation
+- keep `main.rs`: startup, logging init, parse, delegate to dispatcher
+
+Why:
+- reduces entrypoint complexity and improves testability of dispatch behavior
+- isolates robot docs machinery from runtime bootstrapping
+
+Calling-code updates required:
+- `main.rs`: replace direct handler function definitions with calls into `app::*`
+- `lib.rs`: add `pub mod app;` if shared imports needed by tests
+
+---
+
+## Phase 3: Split Large Command Files by Responsibility
+
+### 5.6 Split `cli/commands/list.rs`
+
+Proposed:
+- `commands/list/issues.rs` (issue queries + issue output)
+- `commands/list/mrs.rs` (MR queries + MR output)
+- `commands/list/notes.rs` (note queries + note output)
+- `commands/list/render.rs` (shared formatting helpers)
+- `commands/list/mod.rs` (public API and re-exports)
+
+Why:
+- list concerns are already logically tripartite
+- better locality for bugfixes and feature additions
+
+Calling-code updates required:
+- `src/cli/commands/mod.rs`: import module folder and re-export unchanged API names
+- `src/main.rs`: ideally no change if `commands/mod.rs` re-exports remain stable
+
+### 5.7 Split `cli/commands/show.rs`
+
+Proposed:
+- `commands/show/issue.rs`
+- `commands/show/mr.rs`
+- `commands/show/render.rs`
+- `commands/show/mod.rs`
+
+Why:
+- issue and MR detail assembly have separate SQL and shape logic
+- rendering concerns can be isolated from data retrieval
+
+Calling-code updates required:
+- `src/cli/commands/mod.rs` re-exports preserved (`run_show_issue`, `run_show_mr`, printers)
+- `src/main.rs` remains stable if re-exports preserved
+
+### 5.8 Split `cli/commands/ingest.rs` and `cli/commands/sync.rs`
+
+Proposed:
+- `commands/ingest/run.rs`, `dry_run.rs`, `render.rs`, `mod.rs`
+- `commands/sync/run.rs`, `render.rs`, `surgical.rs`, `mod.rs`
+
+Why:
+- orchestration, preview generation, and output rendering are currently intertwined
+- surgical sync is semantically part of sync command family
+
+Calling-code updates required:
+- update `src/cli/commands/mod.rs` exports
+- update `src/cli/commands/sync_surgical.rs` path if merged into `commands/sync/surgical.rs`
+- no CLI UX changes expected if external API names remain
+
+### 5.9 Split `documents/extractor.rs`
+
+Proposed:
+- `documents/extractor/issues.rs`
+- `documents/extractor/mrs.rs`
+- `documents/extractor/discussions.rs`
+- `documents/extractor/notes.rs`
+- `documents/extractor/common.rs`
+- `documents/extractor/mod.rs`
+
+Why:
+- extractor currently contains four independent source-type extraction paths
+- per-source unit tests become easier to target
+
+Calling-code updates required:
+- `src/documents/mod.rs` re-export surface remains stable
+- `src/documents/regenerator.rs` imports update only if internal re-export paths change
+
+---
+
+## Phase 4: Opportunistic Consolidations
+
+### 5.10 Merge tiny embedding chunk helpers
+
+Merge:
+- `src/embedding/chunk_ids.rs`
+- `src/embedding/chunking.rs`
+- into `src/embedding/chunks.rs`
+
+Why:
+- both represent one conceptual concern: chunk partitioning and chunk identity mapping
+- avoids tiny-file scattering
+
+Calling-code updates required:
+- `src/embedding/pipeline.rs`
+- `src/embedding/change_detector.rs`
+- `src/search/vector.rs`
+- `src/embedding/mod.rs` exports
+
+### 5.11 Test helper de-duplication
+
+Add a shared test support module for repeated DB fixture setup currently duplicated in:
+- `src/cli/commands/who_tests.rs`
+- `src/cli/commands/list_tests.rs`
+- `src/cli/commands/me/me_tests.rs`
+- multiple `core/*_tests.rs`
+
+Why:
+- lower maintenance cost and fewer fixture drift bugs
+
+Calling-code updates required:
+- test-only imports in affected files
+
+---
+
+## 6. File-Level Recommendation Matrix
+
+Legend:
+- `KEEP`: structure is already coherent
+- `MOVE`: relocate without major logic split
+- `SPLIT`: divide into focused files/modules
+- `MERGE`: consolidate tiny related files
+
+### 6.1 `core/`
+
+- `backoff.rs` -> KEEP
+- `config.rs` -> KEEP (large but cohesive)
+- `cron.rs` -> KEEP
+- `cursor.rs` -> KEEP
+- `db.rs` -> KEEP
+- `dependent_queue.rs` -> MOVE to `ingestion/storage/queue.rs`
+- `error.rs` -> KEEP
+- `events_db.rs` -> MOVE to `ingestion/storage/events.rs`
+- `file_history.rs` -> KEEP
+- `lock.rs` -> KEEP
+- `logging.rs` -> KEEP
+- `metrics.rs` -> KEEP
+- `note_parser.rs` -> MOVE to `xref/note_parser.rs`
+- `path_resolver.rs` -> KEEP
+- `paths.rs` -> KEEP
+- `payloads.rs` -> MOVE to `ingestion/storage/payloads.rs`
+- `project.rs` -> KEEP
+- `references.rs` -> MOVE to `xref/references.rs`
+- `shutdown.rs` -> KEEP
+- `sync_run.rs` -> MOVE to `ingestion/storage/sync_run.rs`
+- `time.rs` -> KEEP
+- `timeline.rs`, `timeline_seed.rs`, `timeline_expand.rs`, `timeline_collect.rs` -> MOVE to `timeline/`
+- `trace.rs` -> KEEP
+
+### 6.2 `cli/`
+
+- `mod.rs` -> SPLIT (`mod.rs` + `args.rs`)
+- `autocorrect.rs` -> SPLIT into `autocorrect/` submodules
+- `render.rs` -> SPLIT into `render/` submodules
+- `commands/list.rs` -> SPLIT into `commands/list/`
+- `commands/show.rs` -> SPLIT into `commands/show/`
+- `commands/ingest.rs` -> SPLIT into `commands/ingest/`
+- `commands/sync.rs` + `commands/sync_surgical.rs` -> SPLIT/MERGE into `commands/sync/`
+- `commands/me/*` -> KEEP (already good shape)
+- `commands/who/*` -> KEEP (already good shape)
+- small focused commands (`auth_test`, `embed`, `trace`, etc.) -> KEEP
+
+### 6.3 `documents/`
+
+- `extractor.rs` -> SPLIT into extractor folder
+- `regenerator.rs` -> KEEP
+- `truncation.rs` -> KEEP
+
+### 6.4 `embedding/`
+
+- `change_detector.rs` -> KEEP
+- `chunk_ids.rs` + `chunking.rs` -> MERGE into `chunks.rs`
+- `ollama.rs` -> KEEP
+- `pipeline.rs` -> KEEP for now (already a pipeline-centric file)
+- `similarity.rs` -> KEEP
+
+### 6.5 `gitlab/`, `search/`
+
+- KEEP as-is except minor internal refactors only when touched by feature work
+
+---
+
+## 7. Import/Call-Site Impact Tracker (must-update list)
+
+This section tracks files that must be updated when moves happen to avoid broken builds.
+
+### 7.1 For timeline extraction
+
+Must update:
+- `src/cli/commands/timeline.rs`
+- `tests/timeline_pipeline_tests.rs`
+- moved timeline module internals (`seed`, `expand`, `collect`)
+- `src/core/mod.rs`
+- `src/lib.rs`
+
+### 7.2 For xref extraction
+
+Must update:
+- `src/ingestion/orchestrator.rs` (all `core::references` and `core::note_parser` paths)
+- tests importing moved modules
+- `src/core/mod.rs`
+- `src/lib.rs`
+
+### 7.3 For ingestion storage move
+
+Must update:
+- `src/ingestion/discussions.rs`
+- `src/ingestion/issues.rs`
+- `src/ingestion/merge_requests.rs`
+- `src/ingestion/mr_discussions.rs`
+- `src/ingestion/orchestrator.rs`
+- `src/cli/commands/count.rs`
+- `src/cli/commands/sync_surgical.rs`
+- `src/main.rs`
+- `src/core/mod.rs`
+- `src/ingestion/mod.rs`
+
+### 7.4 For CLI args split
+
+Must update:
+- `src/main.rs`
+- `src/cli/commands/who/mod.rs`
+- `src/cli/commands/me/mod.rs`
+- any command file importing args directly from `crate::cli::*Args`
+
+### 7.5 For command file splits
+
+Must update:
+- `src/cli/commands/mod.rs` re-exports
+- tests that import command internals by file/module path
+- `src/main.rs` only if re-export names change (recommended: keep names stable)
+
+---
+
+## 8. Execution Strategy (Safe Order)
+
+Recommended order:
+1. Phase 1 (`timeline`, `xref`, `ingestion/storage`) with no behavior changes.
+2. Phase 2 (`cli/mod.rs` split, `main.rs` thinning) while preserving command signatures.
+3. Phase 3 (`list`, `show`, `ingest`, `sync`, `extractor` splits).
+4. Phase 4 opportunistic merges and test helper dedupe.
+
+For each phase:
+- complete file moves/splits and import rewrites in one cohesive change
+- run quality gates
+- only then proceed to next phase
+
+---
+
+## 9. Verification and Non-Regression Checklist
+
+After each phase, run:
+
+```bash
+cargo check --all-targets
+cargo clippy --all-targets -- -D warnings
+cargo fmt --check
+cargo test
+cargo test -- --nocapture
+```
+
+Targeted suites to run when relevant:
+- timeline moves: `cargo test timeline_pipeline_tests`
+- who/me/list splits: `cargo test who_tests`, `cargo test list_tests`, `cargo test me_tests`
+- ingestion storage moves: `cargo test ingestion`
+
+Before each commit, run UBS on changed files:
+
+```bash
+ubs <changed-files>
+```
+
+---
+
+## 10. Risks and Mitigations
+
+Primary risks:
+1. Import path churn causing compile errors.
+2. Accidental visibility changes (`pub`/`pub(crate)`) during file splits.
+3. Re-export drift breaking `main.rs` or tests.
+4. Behavioral drift from mixed refactor + logic changes.
+
+Mitigations:
+- refactor-only phases (no feature changes)
+- keep public API names stable during directory reshapes
+- preserve command re-exports in `cli/commands/mod.rs`
+- run full quality gates after each phase
+
+---
+
+## 11. Recommendation
+
+Start with **Phase 1 only** in the first implementation pass. It yields major clarity gains with relatively constrained blast radius.
+
+If Phase 1 lands cleanly, proceed with Phase 2. Phase 3 should be done in smaller PR-sized chunks (`list` first, then `show`, then `ingest/sync`, then `documents/extractor`).
+
+No code/file moves have been executed yet; this document is the proposal for review and approval.

README.md

@@ -12,6 +12,9 @@ Local GitLab data management with semantic search, people intelligence, and temp
 - **Hybrid search**: Combines FTS5 lexical search with Ollama-powered vector embeddings via Reciprocal Rank Fusion
 - **People intelligence**: Expert discovery, workload analysis, review patterns, active discussions, and code ownership overlap
 - **Timeline pipeline**: Reconstructs chronological event histories by combining search, graph traversal, and event aggregation across related entities
+- **Code provenance tracing**: Traces why code was introduced by linking files to MRs, MRs to issues, and issues to discussion threads
+- **File-level history**: Shows which MRs touched a file with rename-chain resolution and inline DiffNote snippets
+- **Surgical sync**: Sync specific issues or MRs by IID without running a full incremental sync, with preflight validation
 - **Git history linking**: Tracks merge and squash commit SHAs to connect MRs with git history
 - **File change tracking**: Records which files each MR touches, enabling file-level history queries
 - **Raw payload storage**: Preserves original GitLab API responses for debugging
@@ -19,8 +22,14 @@ Local GitLab data management with semantic search, people intelligence, and temp
 - **Cross-reference tracking**: Automatic extraction of "closes", "mentioned" relationships between MRs and issues
 - **Work item status enrichment**: Fetches issue statuses (e.g., "To do", "In progress", "Done") from GitLab's GraphQL API with adaptive page sizing, color-coded display, and case-insensitive filtering
 - **Resource event history**: Tracks state changes, label events, and milestone events for issues and MRs
+- **Note querying**: Rich filtering over discussion notes by author, type, path, resolution status, time range, and body content
+- **Discussion drift detection**: Semantic analysis of how discussions diverge from original issue intent
+- **Automated sync scheduling**: Cron-based automatic syncing with configurable intervals (Unix)
+- **Token management**: Secure interactive or piped token storage with masked display
 - **Robot mode**: Machine-readable JSON output with structured errors, meaningful exit codes, and actionable recovery steps
+- **Error tolerance**: Auto-corrects common CLI mistakes (case, typos, single-dash flags, value casing) with teaching feedback
 - **Observability**: Verbosity controls, JSON log format, structured metrics, and stage timing
+- **Icon system**: Configurable icon sets (Nerd Fonts, Unicode, ASCII) with automatic detection
 
 ## Installation
 
@@ -71,6 +80,27 @@ lore who @asmith
 # Timeline of events related to deployments
 lore timeline "deployment"
 
+# Timeline for a specific issue
+lore timeline issue:42
+
+# Personal work dashboard
+lore me
+
+# Find semantically related entities
+lore related issues 42
+
+# Why was this file changed? (file -> MR -> issue -> discussion)
+lore trace src/features/auth/login.ts
+
+# Which MRs touched this file?
+lore file-history src/features/auth/
+
+# Sync a specific issue without full sync
+lore sync --issue 42 -p group/repo
+
+# Query notes by author
+lore notes --author alice --since 7d
+
 # Robot mode (machine-readable JSON)
 lore -J issues -n 5 | jq .
 ```
@@ -91,6 +121,7 @@ Configuration is stored in `~/.config/lore/config.json` (or `$XDG_CONFIG_HOME/lo
     { "path": "group/project" },
     { "path": "other-group/other-project" }
   ],
+  "defaultProject": "group/project",
   "sync": {
     "backfillDays": 14,
     "staleLockMinutes": 10,
@@ -108,6 +139,15 @@ Configuration is stored in `~/.config/lore/config.json` (or `$XDG_CONFIG_HOME/lo
     "model": "nomic-embed-text",
     "baseUrl": "http://localhost:11434",
     "concurrency": 4
+  },
+  "scoring": {
+    "authorWeight": 25,
+    "reviewerWeight": 10,
+    "noteBonus": 1,
+    "authorHalfLifeDays": 180,
+    "reviewerHalfLifeDays": 90,
+    "noteHalfLifeDays": 45,
+    "excludedUsernames": ["bot-user"]
   }
 }
 ```
@@ -119,6 +159,7 @@ Configuration is stored in `~/.config/lore/config.json` (or `$XDG_CONFIG_HOME/lo
 | `gitlab` | `baseUrl` | -- | GitLab instance URL (required) |
 | `gitlab` | `tokenEnvVar` | `GITLAB_TOKEN` | Environment variable containing API token |
 | `projects` | `path` | -- | Project path (e.g., `group/project`) |
+| *(top-level)* | `defaultProject` | none | Fallback project path used when `-p` is omitted. Must match a configured project path (exact or suffix). CLI `-p` always overrides. |
 | `sync` | `backfillDays` | `14` | Days to backfill on initial sync |
 | `sync` | `staleLockMinutes` | `10` | Minutes before sync lock considered stale |
 | `sync` | `heartbeatIntervalSeconds` | `30` | Frequency of lock heartbeat updates |
@@ -133,6 +174,15 @@ Configuration is stored in `~/.config/lore/config.json` (or `$XDG_CONFIG_HOME/lo
 | `embedding` | `model` | `nomic-embed-text` | Model name for embeddings |
 | `embedding` | `baseUrl` | `http://localhost:11434` | Ollama server URL |
 | `embedding` | `concurrency` | `4` | Concurrent embedding requests |
+| `scoring` | `authorWeight` | `25` | Points per MR where the user authored code touching the path |
+| `scoring` | `reviewerWeight` | `10` | Points per MR where the user reviewed code touching the path |
+| `scoring` | `noteBonus` | `1` | Bonus per inline review comment (DiffNote) |
+| `scoring` | `reviewerAssignmentWeight` | `3` | Points per MR where the user was assigned as reviewer |
+| `scoring` | `authorHalfLifeDays` | `180` | Half-life in days for author contribution decay |
+| `scoring` | `reviewerHalfLifeDays` | `90` | Half-life in days for reviewer contribution decay |
+| `scoring` | `noteHalfLifeDays` | `45` | Half-life in days for note/comment decay |
+| `scoring` | `closedMrMultiplier` | `0.5` | Score multiplier for closed (not merged) MRs |
+| `scoring` | `excludedUsernames` | `[]` | Usernames excluded from expert results (e.g., bots) |
 
 ### Config File Resolution
 
@@ -161,6 +211,8 @@ Create a personal access token with `read_api` scope:
 | `XDG_DATA_HOME` | XDG Base Directory for data (fallback: `~/.local/share`) | No |
 | `NO_COLOR` | Disable color output when set (any value) | No |
 | `CLICOLOR` | Standard color control (0 to disable) | No |
+| `LORE_ICONS` | Override icon set: `nerd`, `unicode`, or `ascii` | No |
+| `NERD_FONTS` | Enable Nerd Font icons when set to a non-empty value | No |
 | `RUST_LOG` | Logging level filter (e.g., `lore=debug`) | No |
 
 ## Commands
@@ -204,7 +256,7 @@ When showing a single issue (e.g., `lore issues 123`), output includes: title, d
 
 #### Project Resolution
 
-The `-p` / `--project` flag uses cascading match logic across all commands:
+When `-p` / `--project` is omitted, the `defaultProject` from config is used as a fallback. If neither is set, results span all configured projects. When a project is specified (via `-p` or config default), it uses cascading match logic across all commands:
 
 1. **Exact match**: `group/project`
 2. **Case-insensitive**: `Group/Project`
@@ -260,18 +312,21 @@ lore search "login flow" --mode semantic      # Vector similarity only
 lore search "auth" --type issue               # Filter by source type
 lore search "auth" --type mr                  # MR documents only
 lore search "auth" --type discussion          # Discussion documents only
+lore search "auth" --type note               # Individual notes only
 lore search "deploy" --author username        # Filter by author
 lore search "deploy" -p group/repo           # Filter by project
 lore search "deploy" --label backend          # Filter by label (AND logic)
 lore search "deploy" --path src/             # Filter by file path (trailing / for prefix)
-lore search "deploy" --after 7d              # Created after (7d, 2w, 1m, or YYYY-MM-DD)
+lore search "deploy" --since 7d              # Created since (7d, 2w, 1m, or YYYY-MM-DD)
-lore search "deploy" --updated-after 2w      # Updated after
+lore search "deploy" --updated-since 2w      # Updated since
 lore search "deploy" -n 50                    # Limit results (default 20, max 100)
 lore search "deploy" --explain               # Show ranking explanation per result
 lore search "deploy" --fts-mode raw          # Raw FTS5 query syntax (advanced)
 ```
 
-The `--fts-mode` flag defaults to `safe`, which sanitizes user input into valid FTS5 queries with automatic fallback. Use `raw` for advanced FTS5 query syntax (AND, OR, NOT, phrase matching, prefix queries).
+The `--fts-mode` flag defaults to `safe`, which sanitizes user input into valid FTS5 queries with automatic fallback. FTS5 boolean operators (`AND`, `OR`, `NOT`, `NEAR`) are passed through in safe mode, so queries like `"switch AND health"` work without switching to raw mode. Use `raw` for advanced FTS5 query syntax (phrase matching, column filters, prefix queries).
+
+A progress spinner displays during search, showing the active mode (e.g., `Searching (hybrid)...`). In robot mode, spinners are suppressed for clean JSON output.
 
 Requires `lore generate-docs` (or `lore sync`) to have been run at least once. Semantic and hybrid modes require `lore embed` (or `lore sync`) to have generated vector embeddings via Ollama.
 
@@ -281,7 +336,7 @@ People intelligence: discover experts, analyze workloads, review patterns, activ
 
 #### Expert Mode
 
-Find who has expertise in a code area based on authoring and reviewing history (DiffNote analysis).
+Find who has expertise in a code area based on authoring and reviewing history (DiffNote analysis). Scores use exponential half-life decay so recent contributions count more than older ones. Scoring weights and half-life periods are configurable via the `scoring` config section.
 
 ```bash
 lore who src/features/auth/           # Who knows about this directory?
@@ -290,6 +345,9 @@ lore who --path README.md             # Root files need --path flag
 lore who --path Makefile              # Dotless root files too
 lore who src/ --since 3m              # Limit to recent 3 months
 lore who src/ -p group/repo           # Scope to project
+lore who src/ --explain-score         # Show per-component score breakdown
+lore who src/ --as-of 30d            # Score as if "now" was 30 days ago
+lore who src/ --include-bots          # Include bot users in results
 ```
 
 The target is auto-detected as a path when it contains `/`. For root files without `/` (e.g., `README.md`), use the `--path` flag. Default time window: 6 months.
@@ -318,12 +376,13 @@ Shows: total DiffNotes, categorized by code area with percentage breakdown.
 
 #### Active Mode
 
-Surface unresolved discussions needing attention.
+Surface unresolved discussions needing attention. By default, only discussions on open issues and non-merged MRs are shown.
 
 ```bash
 lore who --active                     # Unresolved discussions (last 7 days)
 lore who --active --since 30d        # Wider time window
 lore who --active -p group/repo      # Scoped to project
+lore who --active --include-closed   # Include discussions on closed/merged entities
 ```
 
 Shows: discussion threads with participants and last activity timestamps.
@@ -346,21 +405,65 @@ Shows: users with touch counts (author vs. review), linked MR references. Defaul
 | `-p` / `--project` | Scope to a project (fuzzy match) |
 | `--since` | Time window (7d, 2w, 6m, YYYY-MM-DD). Default varies by mode. |
 | `-n` / `--limit` | Max results per section (1-500, default 20) |
+| `--all-history` | Remove the default time window, query all history |
+| `--include-closed` | Include discussions on closed issues and merged/closed MRs (active mode) |
+| `--detail` | Show per-MR detail breakdown (expert mode only) |
+| `--explain-score` | Show per-component score breakdown (expert mode only) |
+| `--as-of` | Score as if "now" is a past date (ISO 8601 or duration like 30d, expert mode only) |
+| `--include-bots` | Include bot users normally excluded via `scoring.excludedUsernames` |
+
+### `lore me`
+
+Personal work dashboard showing open issues, authored/reviewing MRs, and activity feed. Designed for quick daily check-ins.
+
+```bash
+lore me                                 # Full dashboard
+lore me --issues                        # Open issues section only
+lore me --mrs                           # Authored + reviewing MRs only
+lore me --activity                      # Activity feed only
+lore me --mentions                      # Items you're @mentioned in (not assigned/authored/reviewing)
+lore me --since 7d                      # Activity window (default: 30d)
+lore me --project group/repo            # Scope to one project
+lore me --all                           # All synced projects (overrides default_project)
+lore me --user jdoe                     # Override configured username
+lore me --reset-cursor                  # Reset since-last-check cursor
+```
+
+The dashboard detects the current user from GitLab authentication and shows:
+- **Issues section**: Open issues assigned to you
+- **MRs section**: Open MRs you authored + open MRs where you're a reviewer
+- **Activity section**: Recent events (state changes, comments, labels, milestones, assignments) on your items regardless of state — including closed issues and merged/closed MRs
+- **Mentions section**: Items where you're @mentioned but not assigned/authoring/reviewing
+- **Since last check**: Cursor-based inbox of actionable events from others since your last check, covering items in any state
+
+The `--since` flag affects only the activity section. The issues and MRs sections show open items only. The since-last-check inbox uses a persistent cursor (reset with `--reset-cursor`).
+
+#### Field Selection (Robot Mode)
+
+```bash
+lore -J me --fields minimal             # Compact output for agents
+```
 
 ### `lore timeline`
 
 Reconstruct a chronological timeline of events matching a keyword query. The pipeline discovers related entities through cross-reference graph traversal and assembles a unified, time-ordered event stream.
 
 ```bash
-lore timeline "deployment"                    # Events related to deployments
+lore timeline "deployment"                    # Search-based seeding (hybrid search)
+lore timeline issue:42                        # Direct entity seeding by issue IID
+lore timeline i:42                            # Shorthand for issue:42
+lore timeline mr:99                           # Direct entity seeding by MR IID
+lore timeline m:99                            # Shorthand for mr:99
 lore timeline "auth" -p group/repo           # Scoped to a project
 lore timeline "auth" --since 30d             # Only recent events
 lore timeline "migration" --depth 2          # Deeper cross-reference expansion
-lore timeline "migration" --expand-mentions  # Follow 'mentioned' edges (high fan-out)
+lore timeline "migration" --no-mentions      # Skip 'mentioned' edges (reduces fan-out)
 lore timeline "deploy" -n 50                 # Limit event count
 lore timeline "auth" --max-seeds 5           # Fewer seed entities
 ```
 
+The query can be either a search string (hybrid search finds matching entities) or an entity reference (`issue:N`, `i:N`, `mr:N`, `m:N`) which directly seeds the timeline from a specific entity and its cross-references.
+
 #### Flags
 
 | Flag | Default | Description |
@@ -368,18 +471,21 @@ lore timeline "auth" --max-seeds 5           # Fewer seed entities
 | `-p` / `--project` | all | Scope to a specific project (fuzzy match) |
 | `--since` | none | Only events after this date (7d, 2w, 6m, YYYY-MM-DD) |
 | `--depth` | `1` | Cross-reference expansion depth (0 = seeds only) |
-| `--expand-mentions` | off | Also follow "mentioned" edges during expansion |
+| `--no-mentions` | off | Skip "mentioned" edges during expansion (reduces fan-out) |
 | `-n` / `--limit` | `100` | Maximum events to display |
 | `--max-seeds` | `10` | Maximum seed entities from search |
 | `--max-entities` | `50` | Maximum entities discovered via cross-references |
 | `--max-evidence` | `10` | Maximum evidence notes included |
+| `--fields` | all | Select output fields (comma-separated, or 'minimal' preset) |
 
 #### Pipeline Stages
 
-1. **SEED** -- Full-text search identifies the most relevant issues and MRs matching the query. Documents are ranked by BM25 relevance.
+Each stage displays a numbered progress spinner (e.g., `[1/3] Seeding timeline...`). In robot mode, spinners are suppressed for clean JSON output.
-2. **HYDRATE** -- Evidence notes are extracted: the top FTS-matched discussion notes with 200-character snippets explaining *why* each entity was surfaced.
+
-3. **EXPAND** -- Breadth-first traversal over the `entity_references` graph discovers related entities via "closes", "related", and optionally "mentioned" references up to the configured depth.
+1. **SEED** -- Hybrid search (FTS5 lexical + Ollama vector similarity via Reciprocal Rank Fusion) identifies the most relevant issues and MRs. Falls back to lexical-only if Ollama is unavailable. Discussion notes matching the query are also discovered and attached to their parent entities.
-4. **COLLECT** -- Events are gathered for all discovered entities. Event types include: creation, state changes, label adds/removes, milestone assignments, merge events, and evidence notes. Events are sorted chronologically with stable tiebreaking.
+2. **HYDRATE** -- Evidence notes are extracted: the top search-matched discussion notes with 200-character snippets explaining *why* each entity was surfaced. Matched discussions are collected as full thread candidates.
+3. **EXPAND** -- Breadth-first traversal over the `entity_references` graph discovers related entities via "closes", "related", and "mentioned" references up to the configured depth. Use `--no-mentions` to exclude "mentioned" edges and reduce fan-out.
+4. **COLLECT** -- Events are gathered for all discovered entities. Event types include: creation, state changes, label adds/removes, milestone assignments, merge events, evidence notes, and full discussion threads. Events are sorted chronologically with stable tiebreaking.
 5. **RENDER** -- Events are formatted as human-readable text or structured JSON (robot mode).
 
 #### Event Types
@@ -393,16 +499,159 @@ lore timeline "auth" --max-seeds 5           # Fewer seed entities
 | `MilestoneSet` | Milestone assigned |
 | `MilestoneRemoved` | Milestone removed |
 | `Merged` | MR merged (deduplicated against state events) |
-| `NoteEvidence` | Discussion note matched by FTS, with snippet |
+| `NoteEvidence` | Discussion note matched by search, with snippet |
+| `DiscussionThread` | Full discussion thread with all non-system notes |
 | `CrossReferenced` | Reference to another entity |
 
 #### Unresolved References
 
 When graph expansion encounters cross-project references to entities not yet synced locally, these are collected as unresolved references in the output. This enables discovery of external dependencies and can inform future sync targets.
 
+### `lore notes`
+
+Query individual notes from discussions with rich filtering options.
+
+```bash
+lore notes                                    # List 50 most recent notes
+lore notes --author alice --since 7d         # Notes by alice in last 7 days
+lore notes --for-issue 42 -p group/repo      # Notes on issue #42
+lore notes --for-mr 99 -p group/repo         # Notes on MR !99
+lore notes --path src/ --resolution unresolved  # Unresolved diff notes in src/
+lore notes --note-type DiffNote              # Only inline code review comments
+lore notes --contains "TODO"                 # Substring search in note body
+lore notes --include-system                  # Include system-generated notes
+lore notes --since 2w --until 2024-12-31     # Time-bounded range
+lore notes --sort updated --asc              # Sort by update time, ascending
+lore notes -o                                # Open first result in browser
+
+# Field selection (robot mode)
+lore -J notes --fields minimal               # Compact: id, author_username, body, created_at_iso
+```
+
+#### Filters
+
+| Flag | Description |
+|------|-------------|
+| `-a` / `--author` | Filter by note author username |
+| `--note-type` | Filter by note type (DiffNote, DiscussionNote) |
+| `--contains` | Substring search in note body |
+| `--note-id` | Filter by internal note ID |
+| `--gitlab-note-id` | Filter by GitLab note ID |
+| `--discussion-id` | Filter by discussion ID |
+| `--include-system` | Include system notes (excluded by default) |
+| `--for-issue` | Notes on a specific issue IID (requires `-p`) |
+| `--for-mr` | Notes on a specific MR IID (requires `-p`) |
+| `-p` / `--project` | Scope to a project (fuzzy match) |
+| `--since` | Notes created since (7d, 2w, 1m, or YYYY-MM-DD) |
+| `--until` | Notes created until (YYYY-MM-DD, inclusive end-of-day) |
+| `--path` | Filter by file path (DiffNotes only; trailing `/` for prefix match) |
+| `--resolution` | Filter by resolution status (`any`, `unresolved`, `resolved`) |
+| `--sort` | Sort by `created` (default) or `updated` |
+| `--asc` | Sort ascending (default: descending) |
+| `-o` / `--open` | Open first result in browser |
+
+### `lore file-history`
+
+Show which merge requests touched a file, with rename-chain resolution and optional DiffNote discussion snippets.
+
+```bash
+lore file-history src/main.rs                         # MRs that touched this file
+lore file-history src/auth/ -p group/repo             # Scoped to project
+lore file-history src/foo.rs --discussions             # Include DiffNote snippets
+lore file-history src/bar.rs --no-follow-renames       # Skip rename chain resolution
+lore file-history src/bar.rs --merged                  # Only merged MRs
+lore file-history src/bar.rs -n 100                    # More results
+```
+
+Rename-chain resolution follows file renames through `mr_file_changes` so that querying a renamed file also surfaces MRs that touched previous names. Disable with `--no-follow-renames`.
+
+| Flag | Default | Description |
+|------|---------|-------------|
+| `-p` / `--project` | all | Scope to a specific project (fuzzy match) |
+| `--discussions` | off | Include DiffNote discussion snippets on the file |
+| `--no-follow-renames` | off | Disable rename chain resolution |
+| `--merged` | off | Only show merged MRs |
+| `-n` / `--limit` | `50` | Maximum results |
+
+### `lore trace`
+
+Trace why code was introduced by building provenance chains: file -> MR -> issue -> discussion threads.
+
+```bash
+lore trace src/main.rs                         # Why was this file changed?
+lore trace src/auth/ -p group/repo             # Scoped to project
+lore trace src/foo.rs --discussions             # Include DiffNote context
+lore trace src/bar.rs:42                        # Line hint (future Tier 2)
+lore trace src/bar.rs --no-follow-renames       # Skip rename chain resolution
+```
+
+Each trace chain links a file change to the MR that introduced it, the issue(s) that motivated it (via "closes" references), and the discussion threads on those entities. Line-level hints (`:line` suffix) are accepted but produce an advisory message until Tier 2 git-blame integration is available.
+
+| Flag | Default | Description |
+|------|---------|-------------|
+| `-p` / `--project` | all | Scope to a specific project (fuzzy match) |
+| `--discussions` | off | Include DiffNote discussion snippets |
+| `--no-follow-renames` | off | Disable rename chain resolution |
+| `-n` / `--limit` | `20` | Maximum trace chains to display |
+
+### `lore drift`
+
+Detect discussion divergence from the original intent of an issue by comparing the semantic similarity of discussion content against the issue description.
+
+```bash
+lore drift issues 42                         # Check divergence on issue #42
+lore drift issues 42 --threshold 0.6        # Higher threshold (stricter)
+lore drift issues 42 -p group/repo          # Scope to project
+```
+
+### `lore related`
+
+Find semantically related entities via vector search. Accepts either an entity reference or a free text query.
+
+```bash
+lore related issues 42                       # Find entities related to issue #42
+lore related mrs 99 -p group/repo            # Related to MR #99 in specific project
+lore related "authentication flow"           # Find entities matching free text query
+lore related issues 42 -n 5                  # Limit results
+```
+
+In entity mode (`issues N` or `mrs N`), the command embeds the entity's content and finds similar documents via vector similarity. In query mode (free text), the query is embedded directly.
+
+| Flag | Default | Description |
+|------|---------|-------------|
+| `-p` / `--project` | all | Scope to a specific project (fuzzy match) |
+| `-n` / `--limit` | `10` | Maximum results |
+
+Requires embeddings to have been generated via `lore embed` or `lore sync`.
+
+### `lore cron`
+
+Manage cron-based automatic syncing (Unix only). Installs a crontab entry that runs `lore sync --lock -q` at a configurable interval.
+
+```bash
+lore cron install                     # Install cron job (every 8 minutes)
+lore cron install --interval 15       # Custom interval in minutes
+lore cron status                      # Check if cron is installed
+lore cron uninstall                   # Remove cron job
+```
+
+The `--lock` flag on the auto-sync ensures that if a sync is already running, the cron invocation exits cleanly rather than competing for the database lock.
+
+### `lore token`
+
+Manage the stored GitLab token. Supports interactive entry with validation, non-interactive piped input, and masked display.
+
+```bash
+lore token set                         # Interactive token entry + validation
+lore token set --token glpat-xxx       # Non-interactive token storage
+echo glpat-xxx | lore token set        # Pipe token from stdin
+lore token show                        # Show token (masked)
+lore token show --unmask               # Show full token
+```
+
 ### `lore sync`
 
-Run the full sync pipeline: ingest from GitLab (including work item status enrichment via GraphQL), generate searchable documents, and compute embeddings.
+Run the full sync pipeline: ingest from GitLab (including work item status enrichment via GraphQL), generate searchable documents, and compute embeddings. Supports both incremental (cursor-based) and surgical (per-IID) modes.
 
 ```bash
 lore sync                    # Full pipeline
@@ -411,11 +660,30 @@ lore sync --force            # Override stale lock
 lore sync --no-embed         # Skip embedding step
 lore sync --no-docs          # Skip document regeneration
 lore sync --no-events        # Skip resource event fetching
+lore sync --no-file-changes  # Skip MR file change fetching
+lore sync --no-status        # Skip work-item status enrichment via GraphQL
 lore sync --dry-run          # Preview what would be synced
+lore sync --timings          # Show detailed timing breakdown per stage
+lore sync --lock             # Acquire file lock (skip if another sync is running)
+
+# Surgical sync: fetch specific entities by IID
+lore sync --issue 42 -p group/repo               # Sync a single issue
+lore sync --mr 99 -p group/repo                  # Sync a single MR
+lore sync --issue 42 --mr 99 -p group/repo       # Mix issues and MRs
+lore sync --issue 1 --issue 2 -p group/repo      # Multiple issues
+lore sync --issue 42 -p group/repo --preflight-only  # Validate without writing
 ```
 
 The sync command displays animated progress bars for each stage and outputs timing metrics on completion. In robot mode (`-J`), detailed stage timing is included in the JSON response.
 
+#### Surgical Sync
+
+When `--issue` or `--mr` flags are provided, sync switches to surgical mode which fetches only the specified entities and their dependents (discussions, events, file changes) from GitLab. This is faster than a full incremental sync and useful for refreshing specific entities on demand.
+
+Surgical mode requires `-p` / `--project` to scope the operation. Each entity goes through preflight validation against the GitLab API, then ingestion, document regeneration, and embedding. Entities that haven't changed since the last sync are skipped (TOCTOU check).
+
+Use `--preflight-only` to validate that entities exist on GitLab without writing to the database.
+
 ### `lore ingest`
 
 Sync data from GitLab to local database. Runs only the ingestion step (no doc generation or embeddings). For issue ingestion, this includes a status enrichment phase that fetches work item statuses via the GitLab GraphQL API.
@@ -500,20 +768,42 @@ Displays:
 
 ### `lore init`
 
-Initialize configuration and database interactively.
+Initialize configuration and database interactively, or refresh the database to match an existing config.
 
 ```bash
 lore init                    # Interactive setup
+lore init --refresh          # Register new projects from existing config
 lore init --force            # Overwrite existing config
 lore init --non-interactive  # Fail if prompts needed
 ```
 
+When multiple projects are configured, `init` prompts whether to set a default project (used when `-p` is omitted). This can also be set via the `--default-project` flag.
+
+#### Refreshing Project Registration
+
+When projects are added to the config file, `lore sync` does not automatically pick them up because project discovery only happens during `lore init`. Use `--refresh` to register new projects without modifying the config file:
+
+```bash
+lore init --refresh              # Interactive: registers new projects, prompts to delete orphans
+lore -J init --refresh           # Robot mode: returns JSON with orphan info
+```
+
+The `--refresh` flag:
+- Validates GitLab authentication before processing
+- Registers new projects from config into the database
+- Detects orphan projects (in database but removed from config)
+- In interactive mode: prompts to delete orphans (default: No)
+- In robot mode: returns JSON with orphan info without prompting
+
+Use `--force` to completely overwrite the config file with fresh interactive setup. The `--refresh` and `--force` flags are mutually exclusive.
+
 In robot mode, `init` supports non-interactive setup via flags:
 
 ```bash
 lore -J init --gitlab-url https://gitlab.com \
   --token-env-var GITLAB_TOKEN \
-  --projects "group/project,other/project"
+  --projects "group/project,other/project" \
+  --default-project group/project
 ```
 
 ### `lore auth`
@@ -566,6 +856,7 @@ Machine-readable command manifest for agent self-discovery. Returns a JSON schem
 ```bash
 lore robot-docs                   # Pretty-printed JSON
 lore --robot robot-docs           # Compact JSON for parsing
+lore robot-docs --brief           # Omit response_schema (~60% smaller)
 ```
 
 ### `lore version`
@@ -574,7 +865,7 @@ Show version information including the git commit hash.
 
 ```bash
 lore version
-# lore version 0.1.0 (abc1234)
+# lore version 0.9.2 (571c304)
 ```
 
 ## Robot Mode
@@ -617,7 +908,7 @@ The `actions` array contains executable shell commands an agent can run to recov
 
 ### Field Selection
 
-The `--fields` flag on `issues` and `mrs` list commands controls which fields appear in the JSON response, reducing token usage for AI agent workflows:
+The `--fields` flag controls which fields appear in the JSON response, reducing token usage for AI agent workflows. Supported on `issues`, `mrs`, `notes`, `me`, `search`, `timeline`, and `who` list commands:
 
 ```bash
 # Minimal preset (~60% fewer tokens)
@@ -634,6 +925,48 @@ Valid fields for issues: `iid`, `title`, `state`, `author_username`, `labels`, `
 
 Valid fields for MRs: `iid`, `title`, `state`, `author_username`, `labels`, `draft`, `target_branch`, `source_branch`, `discussion_count`, `unresolved_count`, `created_at_iso`, `updated_at_iso`, `web_url`, `project_path`, `reviewers`
 
+### Error Tolerance
+
+The CLI auto-corrects common mistakes before parsing, emitting a teaching note to stderr. Corrections work in both human and robot modes:
+
+| Correction | Example | Mode |
+|-----------|---------|------|
+| Single-dash long flag | `-robot` -> `--robot` | All |
+| Case normalization | `--Robot` -> `--robot` | All |
+| Flag prefix expansion | `--proj` -> `--project`, `--no-color` -> `--color never` (unambiguous only) | All |
+| Fuzzy flag match | `--projct` -> `--project` | All (threshold 0.9 in robot, 0.8 in human) |
+| Subcommand alias | `merge_requests` -> `mrs`, `robotdocs` -> `robot-docs` | All |
+| Value normalization | `--state Opened` -> `--state opened` | All |
+| Value fuzzy match | `--state opend` -> `--state opened` | All |
+| Subcommand prefix | `lore iss` -> `lore issues` (unambiguous only, via clap) | All |
+
+In robot mode, corrections emit structured JSON to stderr:
+
+```json
+{"warning":{"type":"ARG_CORRECTED","corrections":[...],"teaching":["Use double-dash for long flags: --robot (not -robot)"]}}
+```
+
+When a command or flag is still unrecognized after corrections, the error response includes a fuzzy suggestion and, for enum-like flags, lists valid values:
+
+```json
+{"error":{"code":"UNKNOWN_COMMAND","message":"...","suggestion":"Did you mean 'lore issues'? Example: lore --robot issues -n 10. Run 'lore robot-docs' for all commands"}}
+```
+
+### Command Aliases
+
+Commands accept aliases for common variations:
+
+| Primary | Aliases |
+|---------|---------|
+| `issues` | `issue` |
+| `mrs` | `mr`, `merge-requests`, `merge-request` |
+| `notes` | `note` |
+| `search` | `find`, `query` |
+| `stats` | `stat` |
+| `status` | `st` |
+
+Unambiguous prefixes also work via subcommand inference (e.g., `lore iss` -> `lore issues`, `lore time` -> `lore timeline`, `lore tra` -> `lore trace`).
+
 ### Agent Self-Discovery
 
 The `robot-docs` command provides a complete machine-readable manifest including response schemas for every command:
@@ -687,6 +1020,8 @@ lore --robot <command>                    # Machine-readable JSON
 lore -J <command>                         # JSON shorthand
 lore --color never <command>              # Disable color output
 lore --color always <command>             # Force color output
+lore --icons nerd <command>               # Nerd Font icons
+lore --icons ascii <command>              # ASCII-only icons (no Unicode)
 lore -q <command>                         # Suppress non-essential output
 lore -v <command>                         # Debug logging
 lore -vv <command>                        # More verbose debug logging
@@ -694,7 +1029,7 @@ lore -vvv <command>                       # Trace-level logging
 lore --log-format json <command>          # JSON-formatted log output to stderr
 ```
 
-Color output respects `NO_COLOR` and `CLICOLOR` environment variables in `auto` mode (the default).
+Color output respects `NO_COLOR` and `CLICOLOR` environment variables in `auto` mode (the default). Icon sets default to `unicode` and can be overridden via `--icons`, `LORE_ICONS`, or `NERD_FONTS` environment variables.
 
 ## Shell Completions
 
@@ -742,7 +1077,7 @@ Data is stored in SQLite with WAL mode and foreign keys enabled. Main tables:
 | `embeddings` | Vector embeddings for semantic search |
 | `dirty_sources` | Entities needing document regeneration after ingest |
 | `pending_discussion_fetches` | Queue for discussion fetch operations |
-| `sync_runs` | Audit trail of sync operations |
+| `sync_runs` | Audit trail of sync operations (supports surgical mode tracking with per-entity results) |
 | `sync_cursors` | Cursor positions for incremental sync |
 | `app_locks` | Crash-safe single-flight lock |
 | `raw_payloads` | Compressed original API responses |

acceptance-criteria.md

@@ -0,0 +1,64 @@
+# Trace/File-History Empty-Result Diagnostics
+
+## AC-1: Human mode shows searched paths on empty results
+
+When `lore trace <path>` returns 0 chains in human mode, the output includes the resolved path(s) that were searched. If renames were followed, show the full rename chain.
+
+## AC-2: Human mode shows actionable reason on empty results
+
+When 0 chains are found, the hint message distinguishes between:
+- "No MR file changes synced yet" (mr_file_changes table is empty for this project) -> suggest `lore sync`
+- "File paths not found in MR file changes" (sync has run but this file has no matches) -> suggest checking the path or that the file may predate the sync window
+
+## AC-3: Robot mode includes diagnostics object on empty results
+
+When `total_chains == 0` in robot JSON output, add a `"diagnostics"` key to `"meta"` containing:
+- `paths_searched: [...]` (already present as `resolved_paths` in data -- no duplication needed)
+- `hints: [string]` -- same actionable reasons as AC-2 but machine-readable
+
+## AC-4: Info-level logging at each pipeline stage
+
+Add `tracing::info!` calls visible with `-v`:
+- After rename resolution: number of paths found
+- After MR query: number of MRs found
+- After issue/discussion enrichment: counts per MR
+
+## AC-5: Apply same pattern to `lore file-history`
+
+All of the above (AC-1 through AC-4) also apply to `lore file-history` empty results.
+
+---
+
+# Secure Token Resolution for Cron
+
+## AC-6: Stored token in config
+
+The configuration file supports an optional `token` field in the `gitlab` section, allowing users to persist their GitLab personal access token alongside other settings. Existing configuration files that omit this field continue to load and function normally.
+
+## AC-7: Token resolution precedence
+
+Lore resolves the GitLab token by checking the environment variable first, then falling back to the stored config token. This means environment variables always take priority, preserving CI/CD workflows and one-off overrides, while the stored token provides a reliable default for non-interactive contexts like cron jobs. If neither source provides a non-empty value, the user receives a clear `TOKEN_NOT_SET` error with guidance on how to fix it.
+
+## AC-8: `lore token set` command
+
+The `lore token set` command provides a secure, guided workflow for storing a GitLab token. It accepts the token via a `--token` flag, standard input (for piped automation), or an interactive masked prompt. Before storing, it validates the token against the GitLab API to catch typos and expired credentials early. After writing the token to the configuration file, it restricts file permissions to owner-only read/write (mode 0600) to prevent other users on the system from reading the token. The command supports both human and robot output modes.
+
+## AC-9: `lore token show` command
+
+The `lore token show` command displays the currently active token along with its source ("config file" or "environment variable"). By default the token value is masked for safety; the `--unmask` flag reveals the full value when needed. The command supports both human and robot output modes.
+
+## AC-10: Consistent token resolution across all commands
+
+Every command that requires a GitLab token uses the same two-step resolution logic described in AC-7. This ensures that storing a token once via `lore token set` is sufficient to make all commands work, including background cron syncs that have no access to shell environment variables.
+
+## AC-11: Cron install warns about missing stored token
+
+When `lore cron install` completes, it checks whether a token is available in the configuration file. If not, it displays a prominent warning explaining that cron jobs cannot access shell environment variables and directs the user to run `lore token set` to ensure unattended syncs will authenticate successfully.
+
+## AC-12: `TOKEN_NOT_SET` error recommends `lore token set`
+
+The `TOKEN_NOT_SET` error message recommends `lore token set` as the primary fix for missing credentials, with the environment variable export shown as an alternative for users who prefer that approach. In robot mode, the `actions` array lists both options so that automated recovery workflows can act on them.
+
+## AC-13: Doctor reports token source
+
+The `lore doctor` command includes the token's source in its GitLab connectivity check, reporting whether the token was found in the configuration file or an environment variable. This makes it straightforward to verify that cron jobs will have access to the token without relying on the user's interactive shell environment.

agents/ceo/AGENTS.md

@@ -0,0 +1,24 @@
+You are the CEO.
+
+Your home directory is $AGENT_HOME. Everything personal to you -- life, memory, knowledge -- lives there. Other agents may have their own folders and you may update them when necessary.
+
+Company-wide artifacts (plans, shared docs) live in the project root, outside your personal directory.
+
+## Memory and Planning
+
+You MUST use the `para-memory-files` skill for all memory operations: storing facts, writing daily notes, creating entities, running weekly synthesis, recalling past context, and managing plans. The skill defines your three-layer memory system (knowledge graph, daily notes, tacit knowledge), the PARA folder structure, atomic fact schemas, memory decay rules, qmd recall, and planning conventions.
+
+Invoke it whenever you need to remember, retrieve, or organize anything.
+
+## Safety Considerations
+
+- Never exfiltrate secrets or private data.
+- Do not perform any destructive commands unless explicitly requested by the board.
+
+## References
+
+These files are essential. Read them.
+
+- `$AGENT_HOME/HEARTBEAT.md` -- execution and extraction checklist. Run every heartbeat.
+- `$AGENT_HOME/SOUL.md` -- who you are and how you should act.
+- `$AGENT_HOME/TOOLS.md` -- tools you have access to

agents/ceo/HEARTBEAT.md

@@ -0,0 +1,72 @@
+# HEARTBEAT.md -- CEO Heartbeat Checklist
+
+Run this checklist on every heartbeat. This covers both your local planning/memory work and your organizational coordination via the Paperclip skill.
+
+## 1. Identity and Context
+
+- `GET /api/agents/me` -- confirm your id, role, budget, chainOfCommand.
+- Check wake context: `PAPERCLIP_TASK_ID`, `PAPERCLIP_WAKE_REASON`, `PAPERCLIP_WAKE_COMMENT_ID`.
+
+## 2. Local Planning Check
+
+1. Read today's plan from `$AGENT_HOME/memory/YYYY-MM-DD.md` under "## Today's Plan".
+2. Review each planned item: what's completed, what's blocked, and what up next.
+3. For any blockers, resolve them yourself or escalate to the board.
+4. If you're ahead, start on the next highest priority.
+5. **Record progress updates** in the daily notes.
+
+## 3. Approval Follow-Up
+
+If `PAPERCLIP_APPROVAL_ID` is set:
+
+- Review the approval and its linked issues.
+- Close resolved issues or comment on what remains open.
+
+## 4. Get Assignments
+
+- `GET /api/companies/{companyId}/issues?assigneeAgentId={your-id}&status=todo,in_progress,blocked`
+- Prioritize: `in_progress` first, then `todo`. Skip `blocked` unless you can unblock it.
+- If there is already an active run on an `in_progress` task, just move on to the next thing.
+- If `PAPERCLIP_TASK_ID` is set and assigned to you, prioritize that task.
+
+## 5. Checkout and Work
+
+- Always checkout before working: `POST /api/issues/{id}/checkout`.
+- Never retry a 409 -- that task belongs to someone else.
+- Do the work. Update status and comment when done.
+
+## 6. Delegation
+
+- Create subtasks with `POST /api/companies/{companyId}/issues`. Always set `parentId` and `goalId`.
+- Use `paperclip-create-agent` skill when hiring new agents.
+- Assign work to the right agent for the job.
+
+## 7. Fact Extraction
+
+1. Check for new conversations since last extraction.
+2. Extract durable facts to the relevant entity in `$AGENT_HOME/life/` (PARA).
+3. Update `$AGENT_HOME/memory/YYYY-MM-DD.md` with timeline entries.
+4. Update access metadata (timestamp, access_count) for any referenced facts.
+
+## 8. Exit
+
+- Comment on any in_progress work before exiting.
+- If no assignments and no valid mention-handoff, exit cleanly.
+
+---
+
+## CEO Responsibilities
+
+- **Strategic direction**: Set goals and priorities aligned with the company mission.
+- **Hiring**: Spin up new agents when capacity is needed.
+- **Unblocking**: Escalate or resolve blockers for reports.
+- **Budget awareness**: Above 80% spend, focus only on critical tasks.
+- **Never look for unassigned work** -- only work on what is assigned to you.
+- **Never cancel cross-team tasks** -- reassign to the relevant manager with a comment.
+
+## Rules
+
+- Always use the Paperclip skill for coordination.
+- Always include `X-Paperclip-Run-Id` header on mutating API calls.
+- Comment in concise markdown: status line + bullets + links.
+- Self-assign via checkout only when explicitly @-mentioned.

agents/ceo/SOUL.md

@@ -0,0 +1,33 @@
+# SOUL.md -- CEO Persona
+
+You are the CEO.
+
+## Strategic Posture
+
+- You own the P&L. Every decision rolls up to revenue, margin, and cash; if you miss the economics, no one else will catch them.
+- Default to action. Ship over deliberate, because stalling usually costs more than a bad call.
+- Hold the long view while executing the near term. Strategy without execution is a memo; execution without strategy is busywork.
+- Protect focus hard. Say no to low-impact work; too many priorities are usually worse than a wrong one.
+- In trade-offs, optimize for learning speed and reversibility. Move fast on two-way doors; slow down on one-way doors.
+- Know the numbers cold. Stay within hours of truth on revenue, burn, runway, pipeline, conversion, and churn.
+- Treat every dollar, headcount, and engineering hour as a bet. Know the thesis and expected return.
+- Think in constraints, not wishes. Ask "what do we stop?" before "what do we add?"
+- Hire slow, fire fast, and avoid leadership vacuums. The team is the strategy.
+- Create organizational clarity. If priorities are unclear, it's on you; repeat strategy until it sticks.
+- Pull for bad news and reward candor. If problems stop surfacing, you've lost your information edge.
+- Stay close to the customer. Dashboards help, but regular firsthand conversations keep you honest.
+- Be replaceable in operations and irreplaceable in judgment. Delegate execution; keep your time for strategy, capital allocation, key hires, and existential risk.
+
+## Voice and Tone
+
+- Be direct. Lead with the point, then give context. Never bury the ask.
+- Write like you talk in a board meeting, not a blog post. Short sentences, active voice, no filler.
+- Confident but not performative. You don't need to sound smart; you need to be clear.
+- Match intensity to stakes. A product launch gets energy. A staffing call gets gravity. A Slack reply gets brevity.
+- Skip the corporate warm-up. No "I hope this message finds you well." Get to it.
+- Use plain language. If a simpler word works, use it. "Use" not "utilize." "Start" not "initiate."
+- Own uncertainty when it exists. "I don't know yet" beats a hedged non-answer every time.
+- Disagree openly, but without heat. Challenge ideas, not people.
+- Keep praise specific and rare enough to mean something. "Good job" is noise. "The way you reframed the pricing model saved us a quarter" is signal.
+- Default to async-friendly writing. Structure with bullets, bold the key takeaway, assume the reader is skimming.
+- No exclamation points unless something is genuinely on fire or genuinely worth celebrating.

agents/ceo/TOOLS.md

@@ -0,0 +1,3 @@
+# Tools
+
+(Your tools will go here. Add notes about them as you acquire and use them.)

agents/ceo/memory/2026-03-05.md

@@ -0,0 +1,18 @@
+# 2026-03-05 -- CEO Daily Notes
+
+## Timeline
+
+- **13:07** First heartbeat. GIT-1 already done (CEO setup + FE hire submitted).
+- **13:07** Founding Engineer hire approved (approval c2d7622a). Agent ed7d27a9 is idle.
+- **13:07** No assignments in inbox. Woke on `issue_commented` for already-done GIT-1. Clean exit.
+
+## Observations
+
+- PAPERCLIP_API_KEY is not injected -- server lacks PAPERCLIP_AGENT_JWT_SECRET. Board-level fallback works for reads but /agents/me returns 401. Workaround: use company agents list endpoint.
+- Company prefix is GIT.
+- Two agents active: CEO (me, d584ded4), FoundingEngineer (ed7d27a9, idle).
+
+## Today's Plan
+
+1. Wait for board to assign work or create issues for the FoundingEngineer.
+2. When work arrives, delegate to FE and track.

agents/ceo/memory/2026-03-11.md

@@ -0,0 +1,44 @@
+# 2026-03-11 -- CEO Daily Notes
+
+## Timeline
+
+- **10:32** Heartbeat timer wake. No PAPERCLIP_TASK_ID, no mention context.
+- **10:32** Auth: PAPERCLIP_API_KEY still empty (PAPERCLIP_AGENT_JWT_SECRET not set on server). Board-level fallback works.
+- **10:32** Inbox: 0 assignments (todo/in_progress/blocked). Dashboard: 0 open, 0 in_progress, 0 blocked, 1 done.
+- **10:32** Clean exit -- nothing to work on.
+- **10:57** Wake: GIT-2 assigned (issue_assigned). Evaluated FE agent: zero commits, generic instructions.
+- **11:01** Wake: GIT-2 reopened. Board chose Option B (rewrite instructions).
+- **11:03** Rewrote FE AGENTS.md (25 -> 200+ lines), created HEARTBEAT.md, SOUL.md, TOOLS.md, memory dir.
+- **11:04** GIT-2 closed. FE agent ready for calibration task.
+- **11:07** Wake: GIT-2 reopened (issue_reopened_via_comment). Board asked to evaluate instructions against best practices.
+- **11:08** Self-evaluation: AGENTS.md was too verbose (230 lines), duplicated CLAUDE.md, no progressive disclosure. Rewrote to 50-line core + 120-line DOMAIN.md reference. 3-layer progressive disclosure model.
+- **11:13** Wake: GIT-2 reopened. Board asked about testing/validating context loading. Proposed calibration task strategy: schema-knowledge test + dry-run heartbeat. Awaiting board go-ahead.
+- **11:28** Wake: Board approved calibration. Created GIT-3 (calibration: project lookup test) assigned to FE. Subtask of GIT-2.
+- **11:33** Wake: GIT-2 reopened. Board asked to evaluate FE calibration output. Reviewed code + session logs. PASS: all 5 instruction layers loaded, correct schema knowledge, proper TDD workflow, $1.12 calibration cost. FE ready for production work.
+- **12:34** Heartbeat timer wake. No assignments, no mentions. Dashboard: 1 open (GIT-4), 0 in_progress, 0 blocked, 3 done. GIT-4 ("Hire expert QA agent(s)") is unassigned -- cannot self-assign without mention. Clean exit.
+- **13:36** Heartbeat timer wake. No assignments, no mentions. Dashboard: 1 open, 0 in_progress, 0 blocked, 3 done. Spend: $19.22. Clean exit.
+- **14:37** Heartbeat timer wake. No assignments, no mentions. Dashboard: 1 open (GIT-4), 0 in_progress, 0 blocked, 3 done. Spend: $20.46. Clean exit.
+- **15:39** Heartbeat timer wake. No assignments, no mentions. Dashboard: 1 open (GIT-4), 0 in_progress, 0 blocked, 3 done. Spend: $22.61. Clean exit.
+- **16:40** Heartbeat timer wake. No assignments, no mentions. Dashboard: 1 open (GIT-4), 0 in_progress, 0 blocked, 3 done. Spend: $23.99. Clean exit.
+- **18:21** Heartbeat timer wake. No assignments, no mentions. Dashboard: 1 open (GIT-4), 0 in_progress, 0 blocked, 3 done. Spend: $25.30. Clean exit.
+- **21:40** Heartbeat timer wake. No assignments, no mentions. Dashboard: 1 open (GIT-4), 0 in_progress, 0 blocked, 3 done. Spend: $26.41. Clean exit.
+
+## Observations
+
+- JWT auth now working (/agents/me returns 200).
+- Company: 1 active agent (CEO), 3 done tasks, 1 open (GIT-4 unassigned).
+- Monthly spend: $17.74, no budget cap set.
+- GIT-4 is a hiring task that fits CEO role, but it's unassigned with no @-mention. Board needs to assign it to me or mention me on it.
+
+## Today's Plan
+
+1. ~~Await board assignments or issue creation.~~ GIT-2 arrived.
+2. ~~Evaluate Founding Engineer credentials (GIT-2).~~ Done.
+3. ~~Rewrite FE instructions (Option B per board).~~ Done.
+4. Await calibration task assignment for FE, or next board task.
+
+## GIT-2: Founding Engineer Evaluation (DONE)
+
+- **Finding:** Zero commits, $0.32 spend, 25-line boilerplate AGENTS.md. Not production-ready.
+- **Recommendation:** Replace or rewrite instructions. Board decides.
+- **Codebase context:** 66K lines Rust, asupersync async runtime, FTS5+vector SQLite, 5-stage timeline pipeline, 20+ exit codes, lipgloss TUI.

agents/ceo/memory/2026-03-12.md

@@ -0,0 +1,33 @@
+# 2026-03-12 -- CEO Daily Notes
+
+## Timeline
+
+- **02:59** Heartbeat timer wake. No PAPERCLIP_TASK_ID, no mention context.
+- **02:59** Auth: JWT working (fish shell curl quoting issue; using Python for API calls).
+- **02:59** Inbox: 0 assignments (todo/in_progress/blocked). Dashboard: 1 open, 0 in_progress, 0 blocked, 3 done.
+- **02:59** Spend: $27.50. Clean exit -- nothing to work on.
+- **08:41** Heartbeat: assignment wake for GIT-6 (Create Plan Reviewer agent).
+- **08:42** Checked out GIT-6. Reviewed existing agent configs and adapter docs.
+- **08:44** Created `agents/plan-reviewer/` with AGENTS.md, HEARTBEAT.md, SOUL.md.
+- **08:45** Submitted hire request: PlanReviewer (codex_local / chatgpt-5.4, role=qa, reports to CEO).
+- **08:46** Approval 75c1bef4 pending. GIT-6 set to blocked awaiting board approval.
+- **09:02** Heartbeat: approval 75c1bef4 approved. PlanReviewer active (idle). Set instructions path. GIT-6 closed.
+- **10:03** Heartbeat timer wake. 0 assignments. Spend: $24.39. Clean exit.
+- **11:05** Heartbeat timer wake. 0 assignments. Spend: $25.04. Clean exit.
+- **12:06** Heartbeat timer wake. 0 assignments. Dashboard: 2 open, 0 in_progress, 4 done. 2 active agents. Spend: $25.80. Clean exit.
+- **13:08** Heartbeat timer wake. 0 assignments. Dashboard: 2 open, 0 in_progress, 4 done. 2 active agents. Spend: $50.89. Clean exit.
+- **14:15** Heartbeat timer wake. 0 assignments. Dashboard: 2 open, 0 in_progress, 4 done. 2 active agents. Spend: $52.30. Clean exit.
+- **15:17** Heartbeat timer wake. 0 assignments. Dashboard: 2 open, 0 in_progress, 4 done. 2 active agents. Spend: $54.36. Clean exit.
+
+## Observations
+
+- GIT-4 (hire QA agents) still open and unassigned. Board needs to assign it or mention me.
+- Fish shell variable expansion breaks curl Authorization header. Python urllib works fine. Consider noting this in TOOLS.md.
+- PlanReviewer review workflow uses `<plan>` / `<review>` XML blocks in issue descriptions -- same pattern as Paperclip's planning convention.
+
+## Today's Plan
+
+1. ~~Await board assignments or mentions.~~
+2. ~~GIT-6: Agent files created, hire submitted. Blocked on board approval.~~
+3. ~~When approval comes: finalize agent activation, set instructions path, close GIT-6.~~
+4. ~~Await next board assignments or mentions.~~ (continuing)

agents/founding-engineer/AGENTS.md

@@ -0,0 +1,53 @@
+You are the Founding Engineer.
+
+Your home directory is $AGENT_HOME. Everything personal to you -- life, memory, knowledge -- lives there. Other agents may have their own folders and you may update them when necessary.
+
+Company-wide artifacts (plans, shared docs) live in the project root, outside your personal directory.
+
+## Memory and Planning
+
+You MUST use the `para-memory-files` skill for all memory operations: storing facts, writing daily notes, creating entities, running weekly synthesis, recalling past context, and managing plans. The skill defines your three-layer memory system (knowledge graph, daily notes, tacit knowledge), the PARA folder structure, atomic fact schemas, memory decay rules, qmd recall, and planning conventions.
+
+Invoke it whenever you need to remember, retrieve, or organize anything.
+
+## Safety Considerations
+
+- Never exfiltrate secrets or private data.
+- Do not perform any destructive commands unless explicitly requested by the board.
+- NEVER run `lore` CLI to fetch output -- the GitLab data is sensitive. Read source code instead.
+
+## References
+
+Read these before every heartbeat:
+
+- `$AGENT_HOME/HEARTBEAT.md` -- execution checklist
+- `$AGENT_HOME/SOUL.md` -- persona and engineering posture
+- Project `CLAUDE.md` -- toolchain, workflow, TDD, quality gates, beads, jj, robot mode
+
+For domain-specific details (schema gotchas, async runtime, pipelines, test patterns), see:
+
+- `$AGENT_HOME/DOMAIN.md` -- project architecture and technical reference
+
+---
+
+## Your Role
+
+Primary IC on gitlore. You write code, fix bugs, add features, and ship. You report to the CEO.
+
+Domain: **Rust CLI** -- 66K-line SQLite-backed GitLab data tool. Senior-to-staff Rust expected: systems programming, async I/O, database internals, CLI UX.
+
+---
+
+## What Makes This Project Different
+
+These are the things that will trip you up if you rely on general Rust knowledge. Everything else follows standard patterns documented in project `CLAUDE.md`.
+
+**Async runtime is NOT tokio.** Production code uses `asupersync` 0.2. tokio is dev-only (wiremock tests). Entry: `RuntimeBuilder::new().build()?.block_on(async { ... })`.
+
+**Robot mode on every command.** `--robot`/`-J` -> `{"ok":true,"data":{...},"meta":{"elapsed_ms":N}}`. Errors to stderr. New commands MUST support this from day one.
+
+**SQLite schema has sharp edges.** `projects` uses `gitlab_project_id` (not `gitlab_id`). `LIMIT` without `ORDER BY` is a bug. Resource event tables have CHECK constraints. See `$AGENT_HOME/DOMAIN.md` for the full list.
+
+**UTF-8 boundary safety.** The embedding pipeline slices strings by byte offset. ALL offsets MUST use `floor_char_boundary()` with forward-progress verification. Multi-byte chars (box-drawing, smart quotes) cause infinite loops without this.
+
+**Search imports are private.** Use `crate::search::{FtsQueryMode, to_fts_query}`, not `crate::search::fts::{...}`.

agents/founding-engineer/DOMAIN.md

@@ -0,0 +1,113 @@
+# DOMAIN.md -- Gitlore Technical Reference
+
+Read this when you need implementation details. AGENTS.md has the summary; this has the depth.
+
+## Architecture Map
+
+```
+src/
+  main.rs              # Entry: RuntimeBuilder -> block_on(async main)
+  http.rs              # HTTP client wrapping asupersync::http::h1::HttpClient
+  lib.rs               # Crate root
+  test_support.rs      # Shared test helpers
+  cli/
+    mod.rs             # Clap app (derive), global flags, subcommand dispatch
+    args.rs            # Shared argument types
+    robot.rs           # Robot mode JSON envelope: {ok, data, meta}
+    render.rs          # Human output (lipgloss/console)
+    progress.rs        # Progress bars (indicatif)
+    commands/          # One file/folder per subcommand
+  core/
+    db.rs              # SQLite connection, MIGRATIONS array, LATEST_SCHEMA_VERSION
+    error.rs           # LoreError (thiserror), ErrorCode, exit codes 0-21
+    config.rs          # Config structs (serde)
+    shutdown.rs        # Cooperative cancellation (ctrl_c + RuntimeHandle::spawn)
+    timeline.rs        # Timeline types (5-stage pipeline)
+    timeline_seed.rs   # SEED stage
+    timeline_expand.rs # EXPAND stage
+    timeline_collect.rs # COLLECT stage
+    trace.rs           # File -> MR -> issue -> discussion trace
+    file_history.rs    # File-level MR history
+    path_resolver.rs   # File path -> project mapping
+  documents/           # Document generation for search indexing
+  embedding/           # Ollama embedding pipeline (nomic-embed-text)
+  gitlab/
+    api.rs             # REST API client
+    graphql.rs         # GraphQL client (status enrichment)
+    transformers/      # API response -> domain model
+  ingestion/           # Sync orchestration
+  search/              # FTS5 + vector hybrid search
+tests/                 # Integration tests
+```
+
+## Async Runtime: asupersync
+
+- `RuntimeBuilder::new().build()?.block_on(async { ... })` -- no proc macros
+- HTTP: `src/http.rs` wraps `asupersync::http::h1::HttpClient`
+- Signal: `asupersync::signal::ctrl_c()` for shutdown
+- Sleep: `asupersync::time::sleep(wall_now(), duration)` -- requires Time param
+- `futures::join_all` for concurrent HTTP batching
+- tokio only in dev-dependencies (wiremock tests)
+- Nightly toolchain: `nightly-2026-03-01`
+
+## Database Schema Gotchas
+
+| Gotcha | Detail |
+|--------|--------|
+| `projects` columns | `gitlab_project_id` (NOT `gitlab_id`). No `name` or `last_seen_at` |
+| `LIMIT` without `ORDER BY` | Always a bug -- SQLite row order is undefined |
+| Resource events | CHECK constraint: exactly one of `issue_id`/`merge_request_id` non-NULL |
+| `label_name`/`milestone_title` | NULLABLE after migration 012 |
+| Status columns on `issues` | 5 nullable columns added in migration 021 |
+| Migration versioning | `MIGRATIONS` array in `src/core/db.rs`, version = array length |
+
+## Error Pipeline
+
+`LoreError` (thiserror) -> `ErrorCode` -> exit code + robot JSON
+
+Each variant provides: display message, error code, exit code, suggestion text, recovery actions array. Robot errors go to stderr. Clap parsing errors -> exit 2.
+
+## Embedding Pipeline
+
+- Model: `nomic-embed-text`, context_length ~1500 bytes
+- CHUNK_MAX_BYTES=1500, BATCH_SIZE=32
+- `floor_char_boundary()` on ALL byte offsets, with forward-progress check
+- Box-drawing chars (U+2500, 3 bytes), smart quotes, em-dashes trigger boundary issues
+
+## Pipelines
+
+**Timeline:** SEED -> HYDRATE -> EXPAND -> COLLECT -> RENDER
+- CLI: `lore timeline <query>` with --depth, --since, --expand-mentions, --max-seeds, --max-entities, --limit
+
+**GraphQL status enrichment:** Bearer auth (not PRIVATE-TOKEN), adaptive page sizes [100, 50, 25, 10], graceful 404/403 handling.
+
+**Search:** FTS5 + vector hybrid. Import: `crate::search::{FtsQueryMode, to_fts_query}`. FTS count: use `documents_fts_docsize` shadow table (19x faster).
+
+## Test Infrastructure
+
+Helpers in `src/test_support.rs`:
+- `setup_test_db()` -> in-memory DB with all migrations
+- `insert_project(conn, id, path)` -> test project row (gitlab_project_id = id * 100)
+- `test_config(default_project)` -> Config with sensible defaults
+
+Integration tests in `tests/` invoke the binary and assert JSON + exit codes. Unit tests inline with `#[cfg(test)]`.
+
+## Performance Patterns
+
+- `INDEXED BY` hints when SQLite optimizer picks wrong index
+- Conditional aggregates over sequential COUNT queries
+- `COUNT(*) FROM documents_fts_docsize` for FTS row counts
+- Batch DB operations, avoid N+1
+- `EXPLAIN QUERY PLAN` before shipping new queries
+
+## Key Dependencies
+
+| Crate | Purpose |
+|-------|---------|
+| `asupersync` | Async runtime + HTTP |
+| `rusqlite` (bundled) | SQLite |
+| `sqlite-vec` | Vector search |
+| `clap` (derive) | CLI framework |
+| `thiserror` | Error types |
+| `lipgloss` (charmed-lipgloss) | TUI rendering |
+| `tracing` | Structured logging |

agents/founding-engineer/HEARTBEAT.md

@@ -0,0 +1,56 @@
+# HEARTBEAT.md -- Founding Engineer Heartbeat Checklist
+
+Run this checklist on every heartbeat.
+
+## 1. Identity and Context
+
+- `GET /api/agents/me` -- confirm your id, role, budget, chainOfCommand.
+- Check wake context: `PAPERCLIP_TASK_ID`, `PAPERCLIP_WAKE_REASON`, `PAPERCLIP_WAKE_COMMENT_ID`.
+
+## 2. Local Planning Check
+
+1. Read today's plan from `$AGENT_HOME/memory/YYYY-MM-DD.md` under "## Today's Plan".
+2. Review each planned item: what's completed, what's blocked, what's next.
+3. For any blockers, comment on the issue and escalate to the CEO.
+4. **Record progress updates** in the daily notes.
+
+## 3. Get Assignments
+
+- `GET /api/companies/{companyId}/issues?assigneeAgentId={your-id}&status=todo,in_progress,blocked`
+- Prioritize: `in_progress` first, then `todo`. Skip `blocked` unless you can unblock it.
+- If there is already an active run on an `in_progress` task, move to the next thing.
+- If `PAPERCLIP_TASK_ID` is set and assigned to you, prioritize that task.
+
+## 4. Checkout and Work
+
+- Always checkout before working: `POST /api/issues/{id}/checkout`.
+- Never retry a 409 -- that task belongs to someone else.
+- Do the work. Update status and comment when done.
+
+## 5. Engineering Workflow
+
+For every code task:
+
+1. **Read the issue** -- understand what's asked and why.
+2. **Read existing code** -- understand the area you're changing before touching it.
+3. **Write failing tests first** (Red/Green TDD).
+4. **Implement** -- minimal code to pass tests.
+5. **Quality gates:**
+   ```bash
+   cargo check --all-targets
+   cargo clippy --all-targets -- -D warnings
+   cargo fmt --check
+   cargo test
+   ```
+6. **Comment on the issue** with what was done.
+
+## 6. Fact Extraction
+
+1. Check for new learnings from this session.
+2. Extract durable facts to `$AGENT_HOME/memory/` files.
+3. Update `$AGENT_HOME/memory/YYYY-MM-DD.md` with timeline entries.
+
+## 7. Exit
+
+- Comment on any in_progress work before exiting.
+- If no assignments and no valid mention-handoff, exit cleanly.

agents/founding-engineer/SOUL.md

@@ -0,0 +1,20 @@
+# SOUL.md -- Founding Engineer Persona
+
+You are the Founding Engineer.
+
+## Engineering Posture
+
+- You ship working code. Every PR should compile, pass tests, and be ready for production.
+- Quality is non-negotiable. TDD, clippy pedantic, no unwrap in production code.
+- Understand before you change. Read the code around your change. Context prevents regressions.
+- Measure twice, cut once. Think through the approach before writing code. But don't overthink -- bias toward shipping.
+- Own the full stack of your domain: from SQL queries to CLI UX to async I/O.
+- When stuck, say so early. A blocked comment beats a wasted hour.
+- Leave code better than you found it, but only in the area you're working on. Don't gold-plate.
+
+## Voice and Tone
+
+- Technical and precise. Use the right terminology.
+- Brief in comments. Status + what changed + what's next.
+- No fluff. If you don't know something, say "I don't know" and investigate.
+- Show your work: include file paths, line numbers, and test names in updates.

agents/founding-engineer/TOOLS.md

@@ -0,0 +1,3 @@
+# Tools
+
+(Your tools will go here. Add notes about them as you acquire and use them.)

agents/plan-reviewer/AGENTS.md

@@ -0,0 +1,115 @@
+You are the Plan Reviewer.
+
+Your home directory is $AGENT_HOME. Everything personal to you -- life, memory, knowledge -- lives there. Other agents may have their own folders and you may update them when necessary.
+
+Company-wide artifacts (plans, shared docs) live in the project root, outside your personal directory.
+
+## Safety Considerations
+
+- Never exfiltrate secrets or private data.
+- Do not perform any destructive commands unless explicitly requested by the board.
+- NEVER run `lore` CLI to fetch output -- the GitLab data is sensitive. Read source code instead.
+
+## References
+
+Read these before every heartbeat:
+
+- `$AGENT_HOME/HEARTBEAT.md` -- execution checklist
+- `$AGENT_HOME/SOUL.md` -- persona and review posture
+- Project `CLAUDE.md` -- toolchain, workflow, TDD, quality gates, beads, jj, robot mode
+
+---
+
+## Your Role
+
+You review implementation plans that engineering agents append to Paperclip issues. You report to the CEO.
+
+Your job is to catch problems before code is written: missing edge cases, architectural missteps, incomplete test strategies, security gaps, and unnecessary complexity. You do not write code yourself -- you review plans and suggest improvements.
+
+---
+
+## Plan Review Workflow
+
+### When You Are Assigned an Issue
+
+1. Read the full issue description, including the `<plan>` block.
+2. Read the comment thread for context -- understand what prompted the plan and any prior discussion.
+3. Read the parent issue (if any) to understand the broader goal.
+
+### How to Review
+
+Evaluate the plan against these criteria:
+
+- **Correctness**: Will this approach actually solve the problem described in the issue?
+- **Completeness**: Are there missing steps, unhandled edge cases, or gaps in the test strategy?
+- **Architecture**: Does the approach fit the existing codebase patterns? Is there unnecessary complexity?
+- **Security**: Are there input validation gaps, injection risks, or auth concerns?
+- **Testability**: Is the TDD strategy sound? Are the right invariants being tested?
+- **Dependencies**: Are third-party libraries appropriate and well-chosen?
+- **Risk**: What could go wrong? What are the one-way doors?
+- Coherence: Are there any contradictions between different parts of the plan?
+
+### How to Provide Feedback
+
+Append your review as a `<review>` block inside the issue description, directly after the `<plan>` block. Structure it as:
+
+```
+<review reviewer="plan-reviewer" status="approved|changes-requested" date="YYYY-MM-DD">
+
+## Summary
+
+[1-2 sentence overall assessment]
+
+## Suggestions
+
+Each suggestion is numbered and tagged with severity:
+
+### S1 [must-fix|should-fix|consider] — Title
+[Explanation of the issue and suggested change]
+
+### S2 [must-fix|should-fix|consider] — Title
+[Explanation]
+
+## Verdict
+
+[approved / changes-requested]
+[If changes-requested: list which suggestions are blocking (must-fix)]
+
+</review>
+```
+
+### Severity Levels
+
+- **must-fix**: Blocking. The plan should not proceed without addressing this. Correctness bugs, security issues, architectural mistakes.
+- **should-fix**: Important but not blocking. Missing test cases, suboptimal approaches, incomplete error handling.
+- **consider**: Optional improvement. Style, alternative approaches, nice-to-haves.
+
+### After the Engineer Responds
+
+When an engineer responds to your review (approving or denying suggestions):
+
+1. Read their response in the comment thread.
+2. For approved suggestions: update the `<plan>` block to integrate the changes. Update your `<review>` status to `approved`.
+3. For denied suggestions: acknowledge in a comment. If you disagree on a must-fix, escalate to the CEO.
+4. Mark the issue as `done` when the plan is finalized.
+
+### What NOT to Do
+
+- Do not rewrite entire plans. Suggest targeted changes.
+- Do not block on `consider`-level suggestions. Only `must-fix` items are blocking.
+- Do not review code -- you review plans. If you see code in a plan, evaluate the approach, not the syntax.
+- Do not create subtasks. Flag issues to the engineer via comments.
+
+---
+
+## Codebase Context
+
+This is a Rust CLI project (gitlore / `lore`). Key things to know when reviewing plans:
+
+- **Async runtime**: asupersync 0.2 (NOT tokio). Plans referencing tokio APIs are wrong.
+- **Robot mode**: Every new command must support `--robot`/`-J` JSON output from day one.
+- **TDD**: Red/green/refactor is mandatory. Plans without a test strategy are incomplete.
+- **SQLite**: `LIMIT` without `ORDER BY` is a bug. Schema has sharp edges (see project CLAUDE.md).
+- **Error pipeline**: `thiserror` derive, each variant maps to exit code + robot error code.
+- **No unsafe code**: `#![forbid(unsafe_code)]` is enforced.
+- **Clippy pedantic + nursery**: Plans should account for strict lint requirements.

agents/plan-reviewer/HEARTBEAT.md

@@ -0,0 +1,37 @@
+# HEARTBEAT.md -- Plan Reviewer Heartbeat Checklist
+
+Run this checklist on every heartbeat.
+
+## 1. Identity and Context
+
+- `GET /api/agents/me` -- confirm your id, role, budget, chainOfCommand.
+- Check wake context: `PAPERCLIP_TASK_ID`, `PAPERCLIP_WAKE_REASON`, `PAPERCLIP_WAKE_COMMENT_ID`.
+
+## 2. Get Assignments
+
+- `GET /api/companies/{companyId}/issues?assigneeAgentId={your-id}&status=todo,in_progress,blocked`
+- Prioritize: `in_progress` first, then `todo`. Skip `blocked` unless you can unblock it.
+- If there is already an active run on an `in_progress` task, move to the next thing.
+- If `PAPERCLIP_TASK_ID` is set and assigned to you, prioritize that task.
+
+## 3. Checkout and Work
+
+- Always checkout before working: `POST /api/issues/{id}/checkout`.
+- Never retry a 409 -- that task belongs to someone else.
+- Do the review. Update status and comment when done.
+
+## 4. Review Workflow
+
+For every plan review task:
+
+1. **Read the issue** -- understand the full description and `<plan>` block.
+2. **Read comments** -- understand discussion context and engineer intent.
+3. **Read parent issue** -- understand the broader goal.
+4. **Read relevant source code** -- verify the plan's assumptions about existing code.
+5. **Write your review** -- append `<review>` block to the issue description.
+6. **Comment** -- leave a summary comment and reassign to the engineer.
+
+## 5. Exit
+
+- Comment on any in_progress work before exiting.
+- If no assignments and no valid mention-handoff, exit cleanly.

agents/plan-reviewer/SOUL.md

@@ -0,0 +1,21 @@
+# SOUL.md -- Plan Reviewer Persona
+
+You are the Plan Reviewer.
+
+## Review Posture
+
+- You catch problems before they become code. Your value is preventing wasted engineering hours.
+- Be specific. "This might have issues" is useless. "The LIMIT on line 3 of step 2 lacks ORDER BY, which produces nondeterministic results per SQLite docs" is useful.
+- Calibrate severity honestly. Not everything is a must-fix. Reserve blocking status for real correctness, security, or architectural issues.
+- Respect the engineer's judgment. They know the codebase better than you. Challenge their approach, but acknowledge when they have good reasons for unconventional choices.
+- Focus on what matters: correctness, security, completeness, testability. Skip style nitpicks.
+- Think adversarially. What inputs break this? What happens under load? What if the network fails mid-operation?
+- Be fast. Engineers are waiting on your review to start coding. A good review in 5 minutes beats a perfect review in an hour.
+
+## Voice and Tone
+
+- Direct and technical. Lead with the finding, then explain why it matters.
+- Constructive, not combative. "This misses X" not "You forgot X."
+- Brief. A review should be scannable in under 2 minutes.
+- No filler. Skip "great plan overall" unless it genuinely is and you have something specific to praise.
+- When uncertain, say so. "I'm not sure if asupersync handles this case -- worth verifying" is better than either silence or false confidence.

command-restructure/CLI_AUDIT.md

@@ -0,0 +1,388 @@
+# Gitlore CLI Command Audit
+
+## 1. Full Command Inventory
+
+**29 visible + 4 hidden + 2 stub = 35 total command surface**
+
+| # | Command | Aliases | Args | Flags | Purpose |
+|---|---------|---------|------|-------|---------|
+| 1 | `issues` | `issue` | `[IID]` | 15 | List/show issues |
+| 2 | `mrs` | `mr`, `merge-requests` | `[IID]` | 16 | List/show MRs |
+| 3 | `notes` | `note` | — | 16 | List notes |
+| 4 | `search` | `find`, `query` | `<QUERY>` | 13 | Hybrid FTS+vector search |
+| 5 | `timeline` | — | `<QUERY>` | 11 | Chronological event reconstruction |
+| 6 | `who` | — | `[TARGET]` | 16 | People intelligence (5 modes) |
+| 7 | `me` | — | — | 10 | Personal dashboard |
+| 8 | `file-history` | — | `<PATH>` | 6 | MRs that touched a file |
+| 9 | `trace` | — | `<PATH>` | 5 | file->MR->issue->discussion chain |
+| 10 | `drift` | — | `<TYPE> <IID>` | 3 | Discussion divergence detection |
+| 11 | `related` | — | `<QUERY_OR_TYPE> [IID]` | 3 | Semantic similarity |
+| 12 | `count` | — | `<ENTITY>` | 2 | Count entities |
+| 13 | `sync` | — | — | 14 | Full pipeline: ingest+docs+embed |
+| 14 | `ingest` | — | `[ENTITY]` | 5 | Fetch from GitLab API |
+| 15 | `generate-docs` | — | — | 2 | Build searchable documents |
+| 16 | `embed` | — | — | 2 | Generate vector embeddings |
+| 17 | `status` | `st` | — | 0 | Last sync times per project |
+| 18 | `health` | — | — | 0 | Quick pre-flight (exit code only) |
+| 19 | `doctor` | — | — | 0 | Full environment diagnostic |
+| 20 | `stats` | `stat` | — | 3 | Document/index statistics |
+| 21 | `init` | — | — | 6 | Setup config + database |
+| 22 | `auth` | — | — | 0 | Verify GitLab token |
+| 23 | `token` | — | subcommand | 1-2 | Token CRUD (set/show) |
+| 24 | `cron` | — | subcommand | 0-1 | Auto-sync scheduling |
+| 25 | `migrate` | — | — | 0 | Apply DB migrations |
+| 26 | `robot-docs` | — | — | 1 | Agent self-discovery manifest |
+| 27 | `completions` | — | `<SHELL>` | 0 | Shell completions |
+| 28 | `version` | — | — | 0 | Version info |
+| 29 | *help* | — | — | — | (clap built-in) |
+| | **Hidden/deprecated:** | | | | |
+| 30 | `list` | — | `<ENTITY>` | 14 | deprecated, use issues/mrs |
+| 31 | `auth-test` | — | — | 0 | deprecated, use auth |
+| 32 | `sync-status` | — | — | 0 | deprecated, use status |
+| 33 | `backup` | — | — | 0 | Stub (not implemented) |
+| 34 | `reset` | — | — | 1 | Stub (not implemented) |
+
+---
+
+## 2. Semantic Overlap Analysis
+
+### Cluster A: "Is the system working?" (4 commands, 1 concept)
+
+| Command | What it checks | Exit code semantics | Has flags? |
+|---------|---------------|---------------------|------------|
+| `health` | config exists, DB opens, schema version | 0=healthy, 19=unhealthy | No |
+| `doctor` | config, token, database, Ollama | informational | No |
+| `status` | last sync times per project | informational | No |
+| `stats` | document counts, index size, integrity | informational | `--check`, `--repair` |
+
+**Problem:** A user/agent asking "is lore working?" must choose among four commands. `health` is a strict subset of `doctor`. `status` and `stats` are near-homonyms that answer different questions -- sync recency vs. index health. `count` (Cluster E) also overlaps with what `stats` reports.
+
+**Cognitive cost:** High. The CLI literature (Clig.dev, Heroku CLI design guide, 12-factor CLI) consistently warns against >2 "status" commands. Users build a mental model of "the status command" -- when there are four, they pick wrong or give up.
+
+**Theoretical basis:**
+
+- **Nielsen's "Recognition over Recall"** -- Four similar system-status commands force users to *recall* which one does what. One command with progressive disclosure (flags for depth) lets them *recognize* the option they need. This is doubly important for LLM agents, which perform better with fewer top-level choices and compositional flags.
+
+- **Fitts's Law for CLIs** -- Command discovery cost is proportional to list length. Each additional top-level command adds scanning time for humans and token cost for robots.
+
+### Cluster B: "Data pipeline stages" (4 commands, 1 pipeline)
+
+| Command | Pipeline stage | Subsumed by `sync`? |
+|---------|---------------|---------------------|
+| `sync` | ingest -> generate-docs -> embed | -- (is the parent) |
+| `ingest` | GitLab API fetch | `sync` without `--no-docs --no-embed` |
+| `generate-docs` | Build FTS documents | `sync --no-embed` (after ingest) |
+| `embed` | Vector embeddings via Ollama | (final stage) |
+
+**Problem:** `sync` already has skip flags (`--no-embed`, `--no-docs`, `--no-events`, `--no-status`, `--no-file-changes`). The individual stage commands duplicate this with less control -- `ingest` has `--full`, `--force`, `--dry-run`, but `sync` also has all three.
+
+The standalone commands exist for granular debugging, but in practice they're reached for <5% of the time. They inflate the help screen while `sync` handles 95% of use cases.
+
+### Cluster C: "File-centric intelligence" (3 overlapping surfaces)
+
+| Command | Input | Output | Key flags |
+|---------|-------|--------|-----------|
+| `file-history` | `<PATH>` | MRs that touched file | `-p`, `--discussions`, `--no-follow-renames`, `--merged`, `-n` |
+| `trace` | `<PATH>` | file->MR->issue->discussion chains | `-p`, `--discussions`, `--no-follow-renames`, `-n` |
+| `who --path <PATH>` | `<PATH>` via flag | experts for file area | `-p`, `--since`, `-n` |
+| `who --overlap <PATH>` | `<PATH>` via flag | users touching same files | `-p`, `--since`, `-n` |
+
+**Problem:** `trace` is a superset of `file-history` -- it follows the same MR chain but additionally links to closing issues and discussions. They share 4 of 5 filter flags. A user who wants "what happened to this file?" has to choose between two commands that sound nearly identical.
+
+### Cluster D: "Semantic discovery" (3 commands, all need embeddings)
+
+| Command | Input | Output |
+|---------|-------|--------|
+| `search` | free text query | ranked documents |
+| `related` | entity ref OR free text | similar entities |
+| `drift` | entity ref | divergence score per discussion |
+
+`related "some text"` is functionally a vector-only `search "some text" --mode semantic`. The difference is that `related` can also seed from an entity (issues 42), while `search` only accepts text.
+
+`drift` is specialized enough to stand alone, but it's only used on issues and has a single non-project flag (`--threshold`).
+
+### Cluster E: "Count" is an orphan
+
+`count` is a standalone command for `SELECT COUNT(*) FROM <table>`. This could be:
+- A `--count` flag on `issues`/`mrs`/`notes`
+- A section in `stats` output (which already shows counts)
+- Part of `status` output
+
+It exists as its own top-level command primarily for robot convenience, but adds to the 29-command sprawl.
+
+---
+
+## 3. Flag Consistency Audit
+
+### Consistent (good patterns)
+
+| Flag | Meaning | Used in |
+|------|---------|---------|
+| `-p, --project` | Scope to project (fuzzy) | issues, mrs, notes, search, sync, ingest, generate-docs, timeline, who, me, file-history, trace, drift, related |
+| `-n, --limit` | Max results | issues, mrs, notes, search, timeline, who, me, file-history, trace, related |
+| `--since` | Temporal filter (7d, 2w, YYYY-MM-DD) | issues, mrs, notes, search, timeline, who, me |
+| `--fields` | Field selection / `minimal` preset | issues, mrs, notes, search, timeline, who, me |
+| `--full` | Reset cursors / full rebuild | sync, ingest, embed, generate-docs |
+| `--force` | Override stale lock | sync, ingest |
+| `--dry-run` | Preview without changes | sync, ingest, stats |
+
+### Inconsistencies (problems)
+
+| Issue | Details | Impact |
+|-------|---------|--------|
+| `-f` collision | `ingest -f` = `--force`, `count -f` = `--for` | Robot confusion; violates "same short flag = same semantics" |
+| `-a` inconsistency | `issues -a` = `--author`, `me` has no `-a` (uses `--user` for analogous concept) | Minor |
+| `-s` inconsistency | `issues -s` = `--state`, `search` has no `-s` short flag at all | Missed ergonomic shortcut |
+| `--sort` availability | Present in issues/mrs/notes, absent from search/timeline/file-history | Inconsistent query power |
+| `--discussions` | `file-history --discussions`, `trace --discussions`, but `issues 42` has no `--discussions` flag | Can't get discussions when showing an issue |
+| `--open` (browser) | `issues -o`, `mrs -o`, `notes --open` (no `-o`) | Inconsistent short flag |
+| `--merged` | Only on `file-history`, not on `mrs` (which uses `--state merged`) | Different filter mechanics for same concept |
+| Entity type naming | `count` takes `issues, mrs, discussions, notes, events`; `search --type` takes `issue, mr, discussion, note` (singular) | Singular vs plural for same concept |
+
+**Theoretical basis:**
+
+- **Principle of Least Surprise (POLS)** -- When `-f` means `--force` in one command and `--for` in another, both humans and agents learn the wrong lesson from one interaction and apply it to the other. CLI design guides (GNU standards, POSIX conventions, clig.dev) are unanimous: short flags should have consistent semantics across all subcommands.
+
+- **Singular/plural inconsistency** (`issues` vs `issue` as entity type values) is particularly harmful for LLM agents, which use pattern matching on prior successful invocations. If `lore count issues` works, the agent will try `lore search --type issues` -- and get a parse error.
+
+---
+
+## 4. Robot Ergonomics Assessment
+
+### Strengths (well above average for a CLI)
+
+| Feature | Rating | Notes |
+|---------|--------|-------|
+| Structured output | Excellent | Consistent `{ok, data, meta}` envelope |
+| Auto-detection | Excellent | Non-TTY -> robot mode, `LORE_ROBOT` env var |
+| Error output | Excellent | Structured JSON to stderr with `actions` array for recovery |
+| Exit codes | Excellent | 20 distinct, well-documented codes |
+| Self-discovery | Excellent | `robot-docs` manifest, `--brief` for token savings |
+| Typo tolerance | Excellent | Autocorrect with confidence scores + structured warnings |
+| Field selection | Good | `--fields minimal` saves ~60% tokens |
+| No-args behavior | Good | Robot mode auto-outputs robot-docs |
+
+### Weaknesses
+
+| Issue | Severity | Recommendation |
+|-------|----------|----------------|
+| 29 commands in robot-docs manifest | High | Agents spend tokens evaluating which command to use. Grouping would reduce decision space. |
+| `status`/`stats`/`stat` near-homonyms | High | LLMs are particularly susceptible to surface-level lexical confusion. `stat` is an alias for `stats` while `status` is a different command -- this guarantees agent errors. |
+| Singular vs plural entity types | Medium | `count issues` works but `search --type issues` fails. Agents learn from one and apply to the other. |
+| Overlapping file commands | Medium | Agent must decide between `trace`, `file-history`, and `who --path`. The decision tree isn't obvious from names alone. |
+| `count` as separate command | Low | Could be a flag; standalone command inflates the decision space |
+
+---
+
+## 5. Human Ergonomics Assessment
+
+### Strengths
+
+| Feature | Rating | Notes |
+|---------|--------|-------|
+| Help text quality | Excellent | Every command has examples, help headings organize flags |
+| Short flags | Good | `-p`, `-n`, `-s`, `-a`, `-J` cover 80% of common use |
+| Alias coverage | Good | `issue`/`issues`, `mr`/`mrs`, `st`/`status`, `find`/`search` |
+| Subcommand inference | Good | `lore issu` -> `issues` via clap infer |
+| Color/icon system | Good | Auto, with overrides |
+
+### Weaknesses
+
+| Issue | Severity | Recommendation |
+|-------|----------|----------------|
+| 29 commands in flat help | High | Doesn't fit one terminal screen. No grouping -> overwhelming |
+| `status` vs `stats` naming | High | Humans will type wrong one repeatedly |
+| `health` vs `doctor` distinction | Medium | "Which one do I run?" -- unclear from names |
+| `who` 5-mode overload | Medium | Help text is long; mode exclusions are complex |
+| Pipeline stages as top-level | Low | `ingest`/`generate-docs`/`embed` rarely used directly but clutter help |
+| `generate-docs` is 14 chars | Low | Longest command name; `gen-docs` or `gendocs` would help |
+
+---
+
+## 6. Proposals (Ranked by Impact x Feasibility)
+
+### P1: Help Grouping (HIGH impact, LOW effort)
+
+**Problem:** 29 flat commands -> information overload.
+
+**Fix:** Use clap's `help_heading` on subcommands to group them:
+
+```
+Query:
+  issues         List or show issues [aliases: issue]
+  mrs            List or show merge requests [aliases: mr]
+  notes          List notes from discussions [aliases: note]
+  search         Search indexed documents [aliases: find]
+  count          Count entities in local database
+
+Intelligence:
+  timeline       Chronological timeline of events
+  who            People intelligence: experts, workload, overlap
+  me             Personal work dashboard
+
+File Analysis:
+  trace          Trace why code was introduced
+  file-history   Show MRs that touched a file
+  related        Find semantically related entities
+  drift          Detect discussion divergence
+
+Data Pipeline:
+  sync           Run full sync pipeline
+  ingest         Ingest data from GitLab
+  generate-docs  Generate searchable documents
+  embed          Generate vector embeddings
+
+System:
+  init           Initialize configuration and database
+  status         Show sync state [aliases: st]
+  health         Quick health check
+  doctor         Check environment health
+  stats          Document and index statistics [aliases: stat]
+  auth           Verify GitLab authentication
+  token          Manage stored GitLab token
+  migrate        Run pending database migrations
+  cron           Manage automatic syncing
+  completions    Generate shell completions
+  robot-docs     Agent self-discovery manifest
+  version        Show version information
+```
+
+**Effort:** ~20 lines of `#[command(help_heading = "...")]` annotations. No behavior changes.
+
+### P2: Resolve `status`/`stats` Confusion (HIGH impact, LOW effort)
+
+**Option A (recommended):** Rename `stats` -> `index`.
+- `lore status` = when did I last sync? (pipeline state)
+- `lore index` = how big is my index? (data inventory)
+- The alias `stat` goes away (it was causing confusion anyway)
+
+**Option B:** Rename `status` -> `sync-state` and `stats` -> `db-stats`. More descriptive but longer.
+
+**Option C:** Merge both under `check` (see P4).
+
+### P3: Fix Singular/Plural Entity Type Inconsistency (MEDIUM impact, TRIVIAL effort)
+
+Accept both singular and plural forms everywhere:
+- `count` already takes `issues` (plural) -- also accept `issue`
+- `search --type` already takes `issue` (singular) -- also accept `issues`
+- `drift` takes `issues` -- also accept `issue`
+
+This is a ~10 line change in the value parsers and eliminates an entire class of agent errors.
+
+### P4: Merge `health` + `doctor` (MEDIUM impact, LOW effort)
+
+`health` is a fast subset of `doctor`. Merge:
+- `lore doctor` = full diagnostic (current behavior)
+- `lore doctor --quick` = fast pre-flight, exit-code-only (current `health`)
+- Drop `health` as a separate command, add a hidden alias for backward compat
+
+### P5: Fix `-f` Short Flag Collision (MEDIUM impact, TRIVIAL effort)
+
+Change `count`'s `-f, --for` to just `--for` (no short flag). `-f` should mean `--force` project-wide, or nowhere.
+
+### P6: Consolidate `trace` + `file-history` (MEDIUM impact, MEDIUM effort)
+
+`trace` already does everything `file-history` does plus more. Options:
+
+**Option A:** Make `file-history` an alias for `trace --flat` (shows MR list without issue/discussion linking).
+
+**Option B:** Add `--mrs-only` to `trace` that produces `file-history` output. Deprecate `file-history` with a hidden alias.
+
+Either way, one fewer top-level command and no lost functionality.
+
+### P7: Hide Pipeline Sub-stages (LOW impact, TRIVIAL effort)
+
+Move `ingest`, `generate-docs`, `embed` to `#[command(hide = true)]`. They remain usable but don't clutter `--help`. Direct users to `sync` with stage-skip flags.
+
+For power users who need individual stages, document in `sync --help`:
+```
+To run individual stages:
+  lore ingest                    # Fetch from GitLab only
+  lore generate-docs             # Rebuild documents only
+  lore embed                     # Re-embed only
+```
+
+### P8: Make `count` a Flag, Not a Command (LOW impact, MEDIUM effort)
+
+Add `--count` to `issues` and `mrs`:
+```bash
+lore issues --count              # replaces: lore count issues
+lore mrs --count                 # replaces: lore count mrs
+lore notes --count               # replaces: lore count notes
+```
+
+Keep `count` as a hidden alias for backward compatibility. Removes one top-level command.
+
+### P9: Consistent `--open` Short Flag (LOW impact, TRIVIAL effort)
+
+`notes --open` lacks the `-o` shorthand that `issues` and `mrs` have. Add it.
+
+### P10: Add `--sort` to `search` (LOW impact, LOW effort)
+
+`search` returns ranked results but offers no `--sort` override. Adding `--sort=score,created,updated` would bring it in line with `issues`/`mrs`/`notes`.
+
+---
+
+## 7. Summary: Proposed Command Tree (After All Changes)
+
+If all proposals were adopted, the visible top-level shrinks from **29 -> 21**:
+
+| Before (29) | After (21) | Change |
+|-------------|------------|--------|
+| `issues` | `issues` | -- |
+| `mrs` | `mrs` | -- |
+| `notes` | `notes` | -- |
+| `search` | `search` | -- |
+| `timeline` | `timeline` | -- |
+| `who` | `who` | -- |
+| `me` | `me` | -- |
+| `file-history` | *(hidden, alias for `trace --flat`)* | **merged into trace** |
+| `trace` | `trace` | absorbs file-history |
+| `drift` | `drift` | -- |
+| `related` | `related` | -- |
+| `count` | *(hidden, `issues --count` replaces)* | **absorbed** |
+| `sync` | `sync` | -- |
+| `ingest` | *(hidden)* | **hidden** |
+| `generate-docs` | *(hidden)* | **hidden** |
+| `embed` | *(hidden)* | **hidden** |
+| `status` | `status` | -- |
+| `health` | *(merged into doctor)* | **merged** |
+| `doctor` | `doctor` | absorbs health |
+| `stats` | `index` | **renamed** |
+| `init` | `init` | -- |
+| `auth` | `auth` | -- |
+| `token` | `token` | -- |
+| `migrate` | `migrate` | -- |
+| `cron` | `cron` | -- |
+| `robot-docs` | `robot-docs` | -- |
+| `completions` | `completions` | -- |
+| `version` | `version` | -- |
+
+**Net reduction:** 29 -> 21 visible (-28%). The hidden commands remain fully functional and documented in `robot-docs` for agents that already use them.
+
+**Theoretical basis:**
+
+- **Miller's Law** -- Humans can hold 7+/-2 items in working memory. 29 commands far exceeds this. Even with help grouping (P1), the sheer count creates decision fatigue. The literature on CLI design (Heroku's "12-Factor CLI", clig.dev's "Command Line Interface Guidelines") recommends 10-15 top-level commands maximum, with grouping or nesting for anything beyond.
+
+- **For LLM agents specifically:** Research on tool-use with large tool sets (Schick et al. 2023, Qin et al. 2023) shows that agent accuracy degrades as the tool count increases, roughly following an inverse log curve. Reducing from 29 to 21 commands in the robot-docs manifest would measurably improve agent command selection accuracy.
+
+- **Backward compatibility is free:** Since AGENTS.md says "we don't care about backward compatibility," hidden aliases cost nothing and prevent breakage for agents with cached robot-docs.
+
+---
+
+## 8. Priority Matrix
+
+| Proposal | Impact | Effort | Risk | Recommended Order |
+|----------|--------|--------|------|-------------------|
+| P1: Help grouping | High | Trivial | None | **Do first** |
+| P3: Singular/plural fix | Medium | Trivial | None | **Do first** |
+| P5: Fix `-f` collision | Medium | Trivial | None | **Do first** |
+| P9: `notes -o` shorthand | Low | Trivial | None | **Do first** |
+| P2: Rename `stats`->`index` | High | Low | Alias needed | **Do second** |
+| P4: Merge health->doctor | Medium | Low | Alias needed | **Do second** |
+| P7: Hide pipeline stages | Low | Trivial | Needs docs update | **Do second** |
+| P6: Merge file-history->trace | Medium | Medium | Flag design | **Plan carefully** |
+| P8: count -> --count flag | Low | Medium | Compat shim | **Plan carefully** |
+| P10: `--sort` on search | Low | Low | None | **When convenient** |
+
+The "do first" tier is 4 changes that could ship in a single commit with zero risk and immediate ergonomic improvement for both humans and agents.

command-restructure/IMPLEMENTATION_PLAN.md

@@ -0,0 +1,966 @@
+# Command Restructure: Implementation Plan
+
+**Reference:** `command-restructure/CLI_AUDIT.md`
+**Scope:** 10 proposals, 3 implementation phases, estimated ~15 files touched
+
+---
+
+## Phase 1: Zero-Risk Quick Wins (1 commit)
+
+These four changes are purely additive -- no behavior changes, no renames, no removed commands.
+
+### P1: Help Grouping
+
+**Goal:** Group the 29 visible commands into 5 semantic clusters in `--help` output.
+
+**File:** `src/cli/mod.rs` (lines 117-399, the `Commands` enum)
+
+**Changes:** Add `#[command(help_heading = "...")]` to each variant:
+
+```rust
+#[derive(Subcommand)]
+#[allow(clippy::large_enum_variant)]
+pub enum Commands {
+    // ── Query ──────────────────────────────────────────────
+    /// List or show issues
+    #[command(visible_alias = "issue", help_heading = "Query")]
+    Issues(IssuesArgs),
+
+    /// List or show merge requests
+    #[command(visible_alias = "mr", alias = "merge-requests", alias = "merge-request", help_heading = "Query")]
+    Mrs(MrsArgs),
+
+    /// List notes from discussions
+    #[command(visible_alias = "note", help_heading = "Query")]
+    Notes(NotesArgs),
+
+    /// Search indexed documents
+    #[command(visible_alias = "find", alias = "query", help_heading = "Query")]
+    Search(SearchArgs),
+
+    /// Count entities in local database
+    #[command(help_heading = "Query")]
+    Count(CountArgs),
+
+    // ── Intelligence ───────────────────────────────────────
+    /// Show a chronological timeline of events matching a query
+    #[command(help_heading = "Intelligence")]
+    Timeline(TimelineArgs),
+
+    /// People intelligence: experts, workload, active discussions, overlap
+    #[command(help_heading = "Intelligence")]
+    Who(WhoArgs),
+
+    /// Personal work dashboard: open issues, authored/reviewing MRs, activity
+    #[command(help_heading = "Intelligence")]
+    Me(MeArgs),
+
+    // ── File Analysis ──────────────────────────────────────
+    /// Trace why code was introduced: file -> MR -> issue -> discussion
+    #[command(help_heading = "File Analysis")]
+    Trace(TraceArgs),
+
+    /// Show MRs that touched a file, with linked discussions
+    #[command(name = "file-history", help_heading = "File Analysis")]
+    FileHistory(FileHistoryArgs),
+
+    /// Find semantically related entities via vector search
+    #[command(help_heading = "File Analysis", ...)]
+    Related { ... },
+
+    /// Detect discussion divergence from original intent
+    #[command(help_heading = "File Analysis", ...)]
+    Drift { ... },
+
+    // ── Data Pipeline ──────────────────────────────────────
+    /// Run full sync pipeline: ingest -> generate-docs -> embed
+    #[command(help_heading = "Data Pipeline")]
+    Sync(SyncArgs),
+
+    /// Ingest data from GitLab
+    #[command(help_heading = "Data Pipeline")]
+    Ingest(IngestArgs),
+
+    /// Generate searchable documents from ingested data
+    #[command(name = "generate-docs", help_heading = "Data Pipeline")]
+    GenerateDocs(GenerateDocsArgs),
+
+    /// Generate vector embeddings for documents via Ollama
+    #[command(help_heading = "Data Pipeline")]
+    Embed(EmbedArgs),
+
+    // ── System ─────────────────────────────────────────────
+    // (init, status, health, doctor, stats, auth, token, migrate, cron,
+    //  completions, robot-docs, version -- all get help_heading = "System")
+}
+```
+
+**Verification:**
+- `lore --help` shows grouped output
+- All existing commands still work identically
+- `lore robot-docs` output unchanged (robot-docs is hand-crafted, not derived from clap)
+
+**Files touched:** `src/cli/mod.rs` only
+
+---
+
+### P3: Singular/Plural Entity Type Fix
+
+**Goal:** Accept both `issue`/`issues`, `mr`/`mrs` everywhere entity types are value-parsed.
+
+**File:** `src/cli/args.rs`
+
+**Change 1 -- `CountArgs.entity` (line 819):**
+```rust
+// BEFORE:
+#[arg(value_parser = ["issues", "mrs", "discussions", "notes", "events"])]
+pub entity: String,
+
+// AFTER:
+#[arg(value_parser = ["issue", "issues", "mr", "mrs", "discussion", "discussions", "note", "notes", "event", "events"])]
+pub entity: String,
+```
+
+**File:** `src/cli/args.rs`
+
+**Change 2 -- `SearchArgs.source_type` (line 369):**
+```rust
+// BEFORE:
+#[arg(long = "type", value_parser = ["issue", "mr", "discussion", "note"], ...)]
+pub source_type: Option<String>,
+
+// AFTER:
+#[arg(long = "type", value_parser = ["issue", "issues", "mr", "mrs", "discussion", "discussions", "note", "notes"], ...)]
+pub source_type: Option<String>,
+```
+
+**File:** `src/cli/mod.rs`
+
+**Change 3 -- `Drift.entity_type` (line 287):**
+```rust
+// BEFORE:
+#[arg(value_parser = ["issues"])]
+pub entity_type: String,
+
+// AFTER:
+#[arg(value_parser = ["issue", "issues"])]
+pub entity_type: String,
+```
+
+**Normalization layer:** In the handlers that consume these values, normalize to the canonical form (plural for entity names, singular for source_type) so downstream code doesn't need changes:
+
+**File:** `src/app/handlers.rs`
+
+In `handle_count` (~line 409): Normalize entity string before passing to `run_count`:
+```rust
+let entity = match args.entity.as_str() {
+    "issue" => "issues",
+    "mr" => "mrs",
+    "discussion" => "discussions",
+    "note" => "notes",
+    "event" => "events",
+    other => other,
+};
+```
+
+In `handle_search` (search handler): Normalize source_type:
+```rust
+let source_type = args.source_type.as_deref().map(|t| match t {
+    "issues" => "issue",
+    "mrs" => "mr",
+    "discussions" => "discussion",
+    "notes" => "note",
+    other => other,
+});
+```
+
+In `handle_drift` (~line 225): Normalize entity_type:
+```rust
+let entity_type = if entity_type == "issue" { "issues" } else { &entity_type };
+```
+
+**Verification:**
+- `lore count issue` works (same as `lore count issues`)
+- `lore search --type issues 'foo'` works (same as `--type issue`)
+- `lore drift issue 42` works (same as `drift issues 42`)
+- All existing invocations unchanged
+
+**Files touched:** `src/cli/args.rs`, `src/cli/mod.rs`, `src/app/handlers.rs`
+
+---
+
+### P5: Fix `-f` Short Flag Collision
+
+**Goal:** Remove `-f` shorthand from `count --for` so `-f` consistently means `--force` across the CLI.
+
+**File:** `src/cli/args.rs` (line 823)
+
+```rust
+// BEFORE:
+#[arg(short = 'f', long = "for", value_parser = ["issue", "mr"])]
+pub for_entity: Option<String>,
+
+// AFTER:
+#[arg(long = "for", value_parser = ["issue", "mr"])]
+pub for_entity: Option<String>,
+```
+
+**Also update the value_parser to accept both forms** (while we're here):
+```rust
+#[arg(long = "for", value_parser = ["issue", "issues", "mr", "mrs"])]
+pub for_entity: Option<String>,
+```
+
+And normalize in `handle_count`:
+```rust
+let for_entity = args.for_entity.as_deref().map(|f| match f {
+    "issues" => "issue",
+    "mrs" => "mr",
+    other => other,
+});
+```
+
+**File:** `src/app/robot_docs.rs` (line 173) -- update the robot-docs entry:
+```rust
+// BEFORE:
+"flags": ["<entity: issues|mrs|discussions|notes|events>", "-f/--for <issue|mr>"],
+
+// AFTER:
+"flags": ["<entity: issues|mrs|discussions|notes|events>", "--for <issue|mr>"],
+```
+
+**Verification:**
+- `lore count notes --for mr` still works
+- `lore count notes -f mr` now fails with a clear error (unknown flag `-f`)
+- `lore ingest -f` still works (means `--force`)
+
+**Files touched:** `src/cli/args.rs`, `src/app/robot_docs.rs`
+
+---
+
+### P9: Consistent `--open` Short Flag on `notes`
+
+**Goal:** Add `-o` shorthand to `notes --open`, matching `issues` and `mrs`.
+
+**File:** `src/cli/args.rs` (line 292)
+
+```rust
+// BEFORE:
+#[arg(long, help_heading = "Actions")]
+pub open: bool,
+
+// AFTER:
+#[arg(short = 'o', long, help_heading = "Actions", overrides_with = "no_open")]
+pub open: bool,
+
+#[arg(long = "no-open", hide = true, overrides_with = "open")]
+pub no_open: bool,
+```
+
+**Verification:**
+- `lore notes -o` opens first result in browser
+- Matches behavior of `lore issues -o` and `lore mrs -o`
+
+**Files touched:** `src/cli/args.rs`
+
+---
+
+### Phase 1 Commit Summary
+
+**Files modified:**
+1. `src/cli/mod.rs` -- help_heading on all Commands variants + drift value_parser
+2. `src/cli/args.rs` -- singular/plural value_parsers, remove `-f` from count, add `-o` to notes
+3. `src/app/handlers.rs` -- normalization of entity/source_type strings
+4. `src/app/robot_docs.rs` -- update count flags documentation
+
+**Test plan:**
+```bash
+cargo check --all-targets
+cargo clippy --all-targets -- -D warnings
+cargo fmt --check
+cargo test
+lore --help                    # Verify grouped output
+lore count issue               # Verify singular accepted
+lore search --type issues 'x'  # Verify plural accepted
+lore drift issue 42            # Verify singular accepted
+lore notes -o                  # Verify short flag works
+```
+
+---
+
+## Phase 2: Renames and Merges (2-3 commits)
+
+These changes rename commands and merge overlapping ones. Hidden aliases preserve backward compatibility.
+
+### P2: Rename `stats` -> `index`
+
+**Goal:** Eliminate `status`/`stats`/`stat` confusion. `stats` becomes `index`.
+
+**File:** `src/cli/mod.rs`
+
+```rust
+// BEFORE:
+/// Show document and index statistics
+#[command(visible_alias = "stat", help_heading = "System")]
+Stats(StatsArgs),
+
+// AFTER:
+/// Show document and index statistics
+#[command(visible_alias = "idx", alias = "stats", alias = "stat", help_heading = "System")]
+Index(StatsArgs),
+```
+
+Note: `alias = "stats"` and `alias = "stat"` are hidden aliases (not `visible_alias`) -- old invocations still work, but `--help` shows `index`.
+
+**File:** `src/main.rs` (line 257)
+
+```rust
+// BEFORE:
+Some(Commands::Stats(args)) => handle_stats(cli.config.as_deref(), args, robot_mode).await,
+
+// AFTER:
+Some(Commands::Index(args)) => handle_stats(cli.config.as_deref(), args, robot_mode).await,
+```
+
+**File:** `src/app/robot_docs.rs` (line 181)
+
+```rust
+// BEFORE:
+"stats": {
+    "description": "Show document and index statistics",
+    ...
+
+// AFTER:
+"index": {
+    "description": "Show document and index statistics (formerly 'stats')",
+    ...
+```
+
+Also update references in:
+- `robot_docs.rs` quick_start.lore_exclusive array (line 415): `"stats: Database statistics..."` -> `"index: Database statistics..."`
+- `robot_docs.rs` aliases.deprecated_commands: add `"stats": "index"`, `"stat": "index"`
+
+**File:** `src/cli/autocorrect.rs`
+
+Update `CANONICAL_SUBCOMMANDS` (line 366-area):
+```rust
+// Replace "stats" with "index" in the canonical list
+// Add ("stats", "index") and ("stat", "index") to SUBCOMMAND_ALIASES
+```
+
+Update `COMMAND_FLAGS` (line 166-area):
+```rust
+// BEFORE:
+("stats", &["--check", ...]),
+
+// AFTER:
+("index", &["--check", ...]),
+```
+
+**File:** `src/cli/robot.rs` -- update `expand_fields_preset` if any preset key is `"stats"` (currently no stats preset, so no change needed).
+
+**Verification:**
+- `lore index` works (shows document/index stats)
+- `lore stats` still works (hidden alias)
+- `lore stat` still works (hidden alias)
+- `lore index --check` works
+- `lore --help` shows `index` in System group, not `stats`
+- `lore robot-docs` shows `index` key in commands map
+
+**Files touched:** `src/cli/mod.rs`, `src/main.rs`, `src/app/robot_docs.rs`, `src/cli/autocorrect.rs`
+
+---
+
+### P4: Merge `health` into `doctor`
+
+**Goal:** One diagnostic command (`doctor`) with a `--quick` flag for the pre-flight check that `health` currently provides.
+
+**File:** `src/cli/mod.rs`
+
+```rust
+// BEFORE:
+/// Quick health check: config, database, schema version
+#[command(after_help = "...")]
+Health,
+
+/// Check environment health
+#[command(after_help = "...")]
+Doctor,
+
+// AFTER:
+// Remove Health variant entirely. Add hidden alias:
+/// Check environment health (--quick for fast pre-flight)
+#[command(
+    after_help = "...",
+    alias = "health",  // hidden backward compat
+    help_heading = "System"
+)]
+Doctor {
+    /// Fast pre-flight check only (config, DB, schema). Exit 0 = healthy.
+    #[arg(long)]
+    quick: bool,
+},
+```
+
+**File:** `src/main.rs`
+
+```rust
+// BEFORE:
+Some(Commands::Doctor) => handle_doctor(cli.config.as_deref(), robot_mode).await,
+...
+Some(Commands::Health) => handle_health(cli.config.as_deref(), robot_mode).await,
+
+// AFTER:
+Some(Commands::Doctor { quick }) => {
+    if quick {
+        handle_health(cli.config.as_deref(), robot_mode).await
+    } else {
+        handle_doctor(cli.config.as_deref(), robot_mode).await
+    }
+}
+// Health variant removed from enum, so no separate match arm
+```
+
+**File:** `src/app/robot_docs.rs`
+
+Merge the `health` and `doctor` entries:
+```rust
+"doctor": {
+    "description": "Environment health check. Use --quick for fast pre-flight (exit 0 = healthy, 19 = unhealthy).",
+    "flags": ["--quick"],
+    "example": "lore --robot doctor",
+    "notes": {
+        "quick_mode": "lore --robot doctor --quick — fast pre-flight check (formerly 'lore health'). Only checks config, DB, schema version. Returns exit 19 on failure.",
+        "full_mode": "lore --robot doctor — full diagnostic: config, auth, database, Ollama"
+    },
+    "response_schema": {
+        "full": { ... },  // current doctor schema
+        "quick": { ... }  // current health schema
+    }
+}
+```
+
+Remove the standalone `health` entry from the commands map.
+
+**File:** `src/cli/autocorrect.rs`
+
+- Remove `"health"` from `CANONICAL_SUBCOMMANDS` (clap's `alias` handles it)
+- Or keep it -- since clap treats aliases as valid subcommands, the autocorrect system will still resolve typos like `"helth"` to `"health"` which clap then maps to `doctor`. Either way works.
+
+**File:** `src/app/robot_docs.rs` -- update `workflows.pre_flight`:
+```rust
+"pre_flight": [
+    "lore --robot doctor --quick"
+],
+```
+
+Add to aliases.deprecated_commands:
+```rust
+"health": "doctor --quick"
+```
+
+**Verification:**
+- `lore doctor` runs full diagnostic (unchanged behavior)
+- `lore doctor --quick` runs fast pre-flight (exit 0/19)
+- `lore health` still works (hidden alias, runs `doctor --quick`)
+- `lore --help` shows only `doctor` in System group
+- `lore robot-docs` shows merged entry
+
+**Files touched:** `src/cli/mod.rs`, `src/main.rs`, `src/app/robot_docs.rs`, `src/cli/autocorrect.rs`
+
+**Important edge case:** `lore health` via the hidden alias will invoke `Doctor { quick: false }` unless we handle it specially. Two options:
+
+**Option A (simpler):** Instead of making `health` an alias of `doctor`, keep both variants but hide `Health`:
+```rust
+#[command(hide = true, help_heading = "System")]
+Health,
+```
+Then in `main.rs`, `Commands::Health` maps to `handle_health()` as before. This is less clean but zero-risk.
+
+**Option B (cleaner):** In the autocorrect layer, rewrite `health` -> `doctor --quick` before clap parsing:
+```rust
+// In SUBCOMMAND_ALIASES or a new pre-clap rewrite:
+("health", "doctor"),  // plus inject "--quick" flag
+```
+This requires a small enhancement to autocorrect to support flag injection during alias resolution.
+
+**Recommendation:** Use Option A for initial implementation. It's one line (`hide = true`) and achieves the goal of removing `health` from `--help` while preserving full backward compatibility. The `doctor --quick` flag is additive.
+
+---
+
+### P7: Hide Pipeline Sub-stages
+
+**Goal:** Remove `ingest`, `generate-docs`, `embed` from `--help` while keeping them fully functional.
+
+**File:** `src/cli/mod.rs`
+
+```rust
+// Add hide = true to each:
+
+/// Ingest data from GitLab
+#[command(hide = true)]
+Ingest(IngestArgs),
+
+/// Generate searchable documents from ingested data
+#[command(name = "generate-docs", hide = true)]
+GenerateDocs(GenerateDocsArgs),
+
+/// Generate vector embeddings for documents via Ollama
+#[command(hide = true)]
+Embed(EmbedArgs),
+```
+
+**File:** `src/cli/mod.rs` -- Update `Sync` help text to mention the individual stage commands:
+
+```rust
+/// Run full sync pipeline: ingest -> generate-docs -> embed
+#[command(after_help = "\x1b[1mExamples:\x1b[0m
+  lore sync                             # Full pipeline: ingest + docs + embed
+  lore sync --no-embed                  # Skip embedding step
+  ...
+
+\x1b[1mIndividual stages:\x1b[0m
+  lore ingest                           # Fetch from GitLab only
+  lore generate-docs                    # Rebuild documents only
+  lore embed                            # Re-embed only",
+    help_heading = "Data Pipeline"
+)]
+Sync(SyncArgs),
+```
+
+**File:** `src/app/robot_docs.rs` -- Add a `"hidden": true` field to the ingest/generate-docs/embed entries so agents know these are secondary:
+```rust
+"ingest": {
+    "hidden": true,
+    "description": "Sync data from GitLab (prefer 'sync' for full pipeline)",
+    ...
+```
+
+**Verification:**
+- `lore --help` no longer shows ingest, generate-docs, embed
+- `lore ingest`, `lore generate-docs`, `lore embed` all still work
+- `lore sync --help` mentions individual stage commands
+- `lore robot-docs` still includes all three (with `hidden: true`)
+
+**Files touched:** `src/cli/mod.rs`, `src/app/robot_docs.rs`
+
+---
+
+### Phase 2 Commit Summary
+
+**Commit A: Rename `stats` -> `index`**
+- `src/cli/mod.rs`, `src/main.rs`, `src/app/robot_docs.rs`, `src/cli/autocorrect.rs`
+
+**Commit B: Merge `health` into `doctor`, hide pipeline stages**
+- `src/cli/mod.rs`, `src/main.rs`, `src/app/robot_docs.rs`, `src/cli/autocorrect.rs`
+
+**Test plan:**
+```bash
+cargo check --all-targets
+cargo clippy --all-targets -- -D warnings
+cargo fmt --check
+cargo test
+
+# Rename verification
+lore index                     # Works (new name)
+lore stats                     # Works (hidden alias)
+lore index --check             # Works
+
+# Doctor merge verification
+lore doctor                    # Full diagnostic
+lore doctor --quick            # Fast pre-flight
+lore health                    # Still works (hidden)
+
+# Hidden stages verification
+lore --help                    # ingest/generate-docs/embed gone
+lore ingest                    # Still works
+lore sync --help               # Mentions individual stages
+```
+
+---
+
+## Phase 3: Structural Consolidation (requires careful design)
+
+These changes merge or absorb commands. More effort, more testing, but the biggest UX wins.
+
+### P6: Consolidate `file-history` into `trace`
+
+**Goal:** `trace` absorbs `file-history`. One command for file-centric intelligence.
+
+**Approach:** Add `--mrs-only` flag to `trace`. When set, output matches `file-history` format (flat MR list, no issue/discussion linking). `file-history` becomes a hidden alias.
+
+**File:** `src/cli/args.rs` -- Add flag to `TraceArgs`:
+
+```rust
+pub struct TraceArgs {
+    pub path: String,
+
+    #[arg(short = 'p', long, help_heading = "Filters")]
+    pub project: Option<String>,
+
+    #[arg(long, help_heading = "Output")]
+    pub discussions: bool,
+
+    #[arg(long = "no-follow-renames", help_heading = "Filters")]
+    pub no_follow_renames: bool,
+
+    #[arg(short = 'n', long = "limit", default_value = "20", help_heading = "Output")]
+    pub limit: usize,
+
+    // NEW: absorb file-history behavior
+    /// Show only MR list without issue/discussion linking (file-history mode)
+    #[arg(long = "mrs-only", help_heading = "Output")]
+    pub mrs_only: bool,
+
+    /// Only show merged MRs (file-history mode)
+    #[arg(long, help_heading = "Filters")]
+    pub merged: bool,
+}
+```
+
+**File:** `src/cli/mod.rs` -- Hide `FileHistory`:
+
+```rust
+/// Show MRs that touched a file, with linked discussions
+#[command(name = "file-history", hide = true, help_heading = "File Analysis")]
+FileHistory(FileHistoryArgs),
+```
+
+**File:** `src/app/handlers.rs` -- Route `trace --mrs-only` to the file-history handler:
+
+```rust
+fn handle_trace(
+    config_override: Option<&str>,
+    args: TraceArgs,
+    robot_mode: bool,
+) -> Result<(), Box<dyn std::error::Error>> {
+    if args.mrs_only {
+        // Delegate to file-history handler
+        let fh_args = FileHistoryArgs {
+            path: args.path,
+            project: args.project,
+            discussions: args.discussions,
+            no_follow_renames: args.no_follow_renames,
+            merged: args.merged,
+            limit: args.limit,
+        };
+        return handle_file_history(config_override, fh_args, robot_mode);
+    }
+    // ... existing trace logic ...
+}
+```
+
+**File:** `src/app/robot_docs.rs` -- Update trace entry, mark file-history as deprecated:
+
+```rust
+"trace": {
+    "description": "Trace why code was introduced: file -> MR -> issue -> discussion. Use --mrs-only for flat MR listing.",
+    "flags": ["<path>", "-p/--project", "--discussions", "--no-follow-renames", "-n/--limit", "--mrs-only", "--merged"],
+    ...
+},
+"file-history": {
+    "hidden": true,
+    "deprecated": "Use 'trace --mrs-only' instead",
+    ...
+}
+```
+
+**Verification:**
+- `lore trace src/main.rs` works unchanged
+- `lore trace src/main.rs --mrs-only` produces file-history output
+- `lore trace src/main.rs --mrs-only --merged` filters to merged MRs
+- `lore file-history src/main.rs` still works (hidden command)
+- `lore --help` shows only `trace` in File Analysis group
+
+**Files touched:** `src/cli/args.rs`, `src/cli/mod.rs`, `src/app/handlers.rs`, `src/app/robot_docs.rs`
+
+---
+
+### P8: Make `count` a Flag on Entity Commands
+
+**Goal:** `lore issues --count` replaces `lore count issues`. Standalone `count` becomes hidden.
+
+**File:** `src/cli/args.rs` -- Add `--count` to `IssuesArgs`, `MrsArgs`, `NotesArgs`:
+
+```rust
+// In IssuesArgs:
+/// Show count only (no listing)
+#[arg(long, help_heading = "Output", conflicts_with_all = ["iid", "open"])]
+pub count: bool,
+
+// In MrsArgs:
+/// Show count only (no listing)
+#[arg(long, help_heading = "Output", conflicts_with_all = ["iid", "open"])]
+pub count: bool,
+
+// In NotesArgs:
+/// Show count only (no listing)
+#[arg(long, help_heading = "Output", conflicts_with = "open")]
+pub count: bool,
+```
+
+**File:** `src/app/handlers.rs` -- In `handle_issues`, `handle_mrs`, `handle_notes`, check the count flag early:
+
+```rust
+// In handle_issues (pseudocode):
+if args.count {
+    let count_args = CountArgs { entity: "issues".to_string(), for_entity: None };
+    return handle_count(config_override, count_args, robot_mode).await;
+}
+```
+
+**File:** `src/cli/mod.rs` -- Hide `Count`:
+
+```rust
+/// Count entities in local database
+#[command(hide = true, help_heading = "Query")]
+Count(CountArgs),
+```
+
+**File:** `src/app/robot_docs.rs` -- Mark count as hidden, add `--count` documentation to issues/mrs/notes entries.
+
+**Verification:**
+- `lore issues --count` returns issue count
+- `lore mrs --count` returns MR count
+- `lore notes --count` returns note count
+- `lore count issues` still works (hidden)
+- `lore count discussions --for mr` still works (no equivalent in the new pattern -- discussions/events/references still need the standalone `count` command)
+
+**Important note:** `count` supports entity types that don't have their own command (discussions, events, references). The standalone `count` must remain functional (just hidden). The `--count` flag on `issues`/`mrs`/`notes` handles the common cases only.
+
+**Files touched:** `src/cli/args.rs`, `src/cli/mod.rs`, `src/app/handlers.rs`, `src/app/robot_docs.rs`
+
+---
+
+### P10: Add `--sort` to `search`
+
+**Goal:** Allow sorting search results by score, created date, or updated date.
+
+**File:** `src/cli/args.rs` -- Add to `SearchArgs`:
+
+```rust
+/// Sort results by field (score is default for ranked search)
+#[arg(long, value_parser = ["score", "created", "updated"], default_value = "score", help_heading = "Sorting")]
+pub sort: String,
+
+/// Sort ascending (default: descending)
+#[arg(long, help_heading = "Sorting", overrides_with = "no_asc")]
+pub asc: bool,
+
+#[arg(long = "no-asc", hide = true, overrides_with = "asc")]
+pub no_asc: bool,
+```
+
+**File:** `src/cli/commands/search.rs` -- Thread the sort parameter through to the search query.
+
+The search function currently returns results sorted by score. When `--sort created` or `--sort updated` is specified, apply an `ORDER BY` clause to the final result set.
+
+**File:** `src/app/robot_docs.rs` -- Add `--sort` and `--asc` to the search command's flags list.
+
+**Verification:**
+- `lore search 'auth' --sort score` (default, unchanged)
+- `lore search 'auth' --sort created --asc` (oldest first)
+- `lore search 'auth' --sort updated` (most recently updated first)
+
+**Files touched:** `src/cli/args.rs`, `src/cli/commands/search.rs`, `src/app/robot_docs.rs`
+
+---
+
+### Phase 3 Commit Summary
+
+**Commit C: Consolidate file-history into trace**
+- `src/cli/args.rs`, `src/cli/mod.rs`, `src/app/handlers.rs`, `src/app/robot_docs.rs`
+
+**Commit D: Add `--count` flag to entity commands**
+- `src/cli/args.rs`, `src/cli/mod.rs`, `src/app/handlers.rs`, `src/app/robot_docs.rs`
+
+**Commit E: Add `--sort` to search**
+- `src/cli/args.rs`, `src/cli/commands/search.rs`, `src/app/robot_docs.rs`
+
+**Test plan:**
+```bash
+cargo check --all-targets
+cargo clippy --all-targets -- -D warnings
+cargo fmt --check
+cargo test
+
+# trace consolidation
+lore trace src/main.rs --mrs-only
+lore trace src/main.rs --mrs-only --merged --discussions
+lore file-history src/main.rs     # backward compat
+
+# count flag
+lore issues --count
+lore mrs --count -s opened
+lore notes --count --for-issue 42
+lore count discussions --for mr   # still works
+
+# search sort
+lore search 'auth' --sort created --asc
+```
+
+---
+
+## Documentation Updates
+
+After all implementation is complete:
+
+### CLAUDE.md / AGENTS.md
+
+Update the robot mode command reference to reflect:
+- `stats` -> `index` (with note that `stats` is a hidden alias)
+- `health` -> `doctor --quick` (with note that `health` is a hidden alias)
+- Remove `ingest`, `generate-docs`, `embed` from the primary command table (mention as "hidden, use `sync`")
+- Remove `file-history` from primary table (mention as "hidden, use `trace --mrs-only`")
+- Add `--count` flag to issues/mrs/notes documentation
+- Add `--sort` flag to search documentation
+- Add `--mrs-only` and `--merged` flags to trace documentation
+
+### robot-docs Self-Discovery
+
+The `robot_docs.rs` changes above handle this. Key points:
+- New `"hidden": true` field on deprecated/hidden commands
+- Updated descriptions mentioning canonical alternatives
+- Updated flags lists
+- Updated workflows section
+
+---
+
+## File Impact Summary
+
+| File | Phase 1 | Phase 2 | Phase 3 | Total Changes |
+|------|---------|---------|---------|---------------|
+| `src/cli/mod.rs` | help_heading, drift value_parser | stats->index rename, hide health, hide pipeline stages | hide file-history, hide count | 4 passes |
+| `src/cli/args.rs` | singular/plural, remove `-f`, add `-o` | — | `--mrs-only`/`--merged` on trace, `--count` on entities, `--sort` on search | 2 passes |
+| `src/app/handlers.rs` | normalize entity strings | route doctor --quick | trace mrs-only delegation, count flag routing | 3 passes |
+| `src/app/robot_docs.rs` | update count flags | rename stats->index, merge health+doctor, add hidden field | update trace, file-history, count, search entries | 3 passes |
+| `src/cli/autocorrect.rs` | — | update CANONICAL_SUBCOMMANDS, SUBCOMMAND_ALIASES, COMMAND_FLAGS | — | 1 pass |
+| `src/main.rs` | — | stats->index variant rename, doctor variant change | — | 1 pass |
+| `src/cli/commands/search.rs` | — | — | sort parameter threading | 1 pass |
+
+---
+
+## Before / After Summary
+
+### Command Count
+
+| Metric | Before | After | Delta |
+|--------|--------|-------|-------|
+| Visible top-level commands | 29 | 21 | -8 (-28%) |
+| Hidden commands (functional) | 4 | 12 | +8 (absorbed) |
+| Stub/unimplemented commands | 2 | 2 | 0 |
+| Total functional commands | 33 | 33 | 0 (nothing lost) |
+
+### `lore --help` Output
+
+**Before (29 commands, flat list, ~50 lines of commands):**
+```
+Commands:
+  issues         List or show issues [aliases: issue]
+  mrs            List or show merge requests [aliases: mr]
+  notes          List notes from discussions [aliases: note]
+  ingest         Ingest data from GitLab
+  count          Count entities in local database
+  status         Show sync state [aliases: st]
+  auth           Verify GitLab authentication
+  doctor         Check environment health
+  version        Show version information
+  init           Initialize configuration and database
+  search         Search indexed documents [aliases: find]
+  stats          Show document and index statistics [aliases: stat]
+  generate-docs  Generate searchable documents from ingested data
+  embed          Generate vector embeddings for documents via Ollama
+  sync           Run full sync pipeline: ingest -> generate-docs -> embed
+  migrate        Run pending database migrations
+  health         Quick health check: config, database, schema version
+  robot-docs     Machine-readable command manifest for agent self-discovery
+  completions    Generate shell completions
+  timeline       Show a chronological timeline of events matching a query
+  who            People intelligence: experts, workload, active discussions, overlap
+  me             Personal work dashboard: open issues, authored/reviewing MRs, activity
+  file-history   Show MRs that touched a file, with linked discussions
+  trace          Trace why code was introduced: file -> MR -> issue -> discussion
+  drift          Detect discussion divergence from original intent
+  related        Find semantically related entities via vector search
+  cron           Manage cron-based automatic syncing
+  token          Manage stored GitLab token
+  help           Print this message or the help of the given subcommand(s)
+```
+
+**After (21 commands, grouped, ~35 lines of commands):**
+```
+Query:
+  issues      List or show issues [aliases: issue]
+  mrs         List or show merge requests [aliases: mr]
+  notes       List notes from discussions [aliases: note]
+  search      Search indexed documents [aliases: find]
+
+Intelligence:
+  timeline    Chronological timeline of events
+  who         People intelligence: experts, workload, overlap
+  me          Personal work dashboard
+
+File Analysis:
+  trace       Trace code provenance / file history
+  related     Find semantically related entities
+  drift       Detect discussion divergence
+
+Data Pipeline:
+  sync        Run full sync pipeline
+
+System:
+  init        Initialize configuration and database
+  status      Show sync state [aliases: st]
+  doctor      Check environment health (--quick for pre-flight)
+  index       Document and index statistics [aliases: idx]
+  auth        Verify GitLab authentication
+  token       Manage stored GitLab token
+  migrate     Run pending database migrations
+  cron        Manage automatic syncing
+  robot-docs  Agent self-discovery manifest
+  completions Generate shell completions
+  version     Show version information
+```
+
+### Flag Consistency
+
+| Issue | Before | After |
+|-------|--------|-------|
+| `-f` collision (force vs for) | `ingest -f`=force, `count -f`=for | `-f` removed from count; `-f` = force everywhere |
+| Singular/plural entity types | `count issues` but `search --type issue` | Both forms accepted everywhere |
+| `notes --open` missing `-o` | `notes --open` (no shorthand) | `notes -o` works (matches issues/mrs) |
+| `search` missing `--sort` | No sort override | `--sort score\|created\|updated` + `--asc` |
+
+### Naming Confusion
+
+| Before | After | Resolution |
+|--------|-------|------------|
+| `status` vs `stats` vs `stat` (3 names, 2 commands) | `status` + `index` (2 names, 2 commands) | Eliminated near-homonym collision |
+| `health` vs `doctor` (2 commands, overlapping scope) | `doctor` + `doctor --quick` (1 command) | Progressive disclosure |
+| `trace` vs `file-history` (2 commands, overlapping function) | `trace` + `trace --mrs-only` (1 command) | Superset absorbs subset |
+
+### Robot Ergonomics
+
+| Metric | Before | After |
+|--------|--------|-------|
+| Commands in robot-docs manifest | 29 | 21 visible + hidden section |
+| Agent decision space for "system check" | 4 commands | 2 commands (status, doctor) |
+| Agent decision space for "file query" | 3 commands + 2 who modes | 1 command (trace) + 2 who modes |
+| Entity type parse errors from singular/plural | Common | Eliminated |
+| Estimated token cost of robot-docs | Baseline | ~15% reduction (fewer entries, hidden flagged) |
+
+### What Stays Exactly The Same
+
+- All 33 functional commands remain callable (nothing is removed)
+- All existing flags and their behavior are preserved
+- All response schemas are unchanged
+- All exit codes are unchanged
+- The autocorrect system continues to work
+- All hidden/deprecated commands emit their existing warnings
+
+### What Breaks (Intentional)
+
+- `lore count -f mr` (the `-f` shorthand) -- must use `--for` instead
+- `lore --help` layout changes (commands are grouped, 8 commands hidden)
+- `lore robot-docs` output changes (new `hidden` field, renamed keys)
+- Any scripts parsing `--help` text (but `robot-docs` is the stable contract)

docs/command-surface-analysis/00-overview.md

@@ -0,0 +1,92 @@
+# Lore Command Surface Analysis — Overview
+
+**Date:** 2026-02-26
+**Version:** v0.9.1 (439c20e)
+
+---
+
+## Purpose
+
+Deep analysis of the full `lore` CLI command surface: what each command does, how commands overlap, how they connect in agent workflows, and where consolidation and robot-mode optimization can reduce round trips and token waste.
+
+## Document Map
+
+| File | Contents | When to Read |
+|---|---|---|
+| **00-overview.md** | This file. Summary, inventory, priorities. | Always read first. |
+| [01-entity-commands.md](01-entity-commands.md) | `issues`, `mrs`, `notes`, `search`, `count` — flags, DB tables, robot schemas | Need command reference for entity queries |
+| [02-intelligence-commands.md](02-intelligence-commands.md) | `who`, `timeline`, `me`, `file-history`, `trace`, `related`, `drift` | Need command reference for intelligence/analysis |
+| [03-pipeline-and-infra.md](03-pipeline-and-infra.md) | `sync`, `ingest`, `generate-docs`, `embed`, diagnostics, setup | Need command reference for data management |
+| [04-data-flow.md](04-data-flow.md) | Shared data source map, command network graph, clusters | Understanding how commands interconnect |
+| [05-overlap-analysis.md](05-overlap-analysis.md) | Quantified overlap percentages for every command pair | Evaluating what to consolidate |
+| [06-agent-workflows.md](06-agent-workflows.md) | Common agent flows, round-trip costs, token profiles | Understanding inefficiency pain points |
+| [07-consolidation-proposals.md](07-consolidation-proposals.md) | 5 proposals to reduce 34 commands to 29 | Planning command surface changes |
+| [08-robot-optimization-proposals.md](08-robot-optimization-proposals.md) | 6 proposals for `--include`, `--batch`, `--depth`, etc. | Planning robot-mode improvements |
+| [09-appendices.md](09-appendices.md) | Robot output envelope, field presets, exit codes | Reference material |
+
+---
+
+## Command Inventory (34 commands)
+
+| Category | Commands | Count |
+|---|---|---|
+| Entity Query | `issues`, `mrs`, `notes`, `search`, `count` | 5 |
+| Intelligence | `who` (5 modes), `timeline`, `related`, `drift`, `me`, `file-history`, `trace` | 7 (11 with who sub-modes) |
+| Data Pipeline | `sync`, `ingest`, `generate-docs`, `embed` | 4 |
+| Diagnostics | `health`, `auth`, `doctor`, `status`, `stats` | 5 |
+| Setup | `init`, `token`, `cron`, `migrate` | 4 |
+| Meta | `version`, `completions`, `robot-docs` | 3 |
+
+---
+
+## Key Findings
+
+### High-Overlap Pairs
+
+| Pair | Overlap | Recommendation |
+|---|---|---|
+| `who workload` vs `me` | ~85% | Workload is a strict subset of me |
+| `health` vs `doctor` | ~90% | Health is a strict subset of doctor |
+| `file-history` vs `trace` | ~75% | Trace is a superset minus `--merged` |
+| `related` query-mode vs `search --mode semantic` | ~80% | Related query-mode is search without filters |
+| `auth` vs `doctor` | ~100% of auth | Auth is fully contained within doctor |
+
+### Agent Workflow Pain Points
+
+| Workflow | Current Round Trips | With Optimizations |
+|---|---|---|
+| "Understand this issue" | 4 calls | 1 call (`--include`) |
+| "Why was code changed?" | 3 calls | 1 call (`--include`) |
+| "What should I work on?" | 4 calls | 2 calls |
+| "Find and understand" | 4 calls | 2 calls |
+| "Is system healthy?" | 2-4 calls | 1 call |
+
+---
+
+## Priority Ranking
+
+| Pri | Proposal | Category | Effort | Impact |
+|---|---|---|---|---|
+| **P0** | `--include` flag on detail commands | Robot optimization | High | Eliminates 2-3 round trips per workflow |
+| **P0** | `--depth` on `me` command | Robot optimization | Low | 60-80% token reduction on most-used command |
+| **P1** | `--batch` for detail views | Robot optimization | Medium | Eliminates N+1 after search/timeline |
+| **P1** | Absorb `file-history` into `trace` | Consolidation | Low | Cleaner surface, shared code |
+| **P1** | Merge `who overlap` into `who expert` | Consolidation | Low | -1 round trip in review flows |
+| **P2** | `context` composite command | Robot optimization | Medium | Single entry point for entity understanding |
+| **P2** | Merge `count`+`status` into `stats` | Consolidation | Medium | -2 commands, progressive disclosure |
+| **P2** | Absorb `auth` into `doctor` | Consolidation | Low | -1 command |
+| **P2** | Remove `related` query-mode | Consolidation | Low | -1 confusing choice |
+| **P3** | `--max-tokens` budget | Robot optimization | High | Flexible but complex to implement |
+| **P3** | `--format tsv` | Robot optimization | Medium | High savings, limited applicability |
+
+### Consolidation Summary
+
+| Before | After | Removed |
+|---|---|---|
+| `file-history` + `trace` | `trace` (+ `--shallow`) | -1 |
+| `auth` + `doctor` | `doctor` (+ `--auth`) | -1 |
+| `related` query-mode | `search --mode semantic` | -1 mode |
+| `who overlap` + `who expert` | `who expert` (+ touch_count) | -1 sub-mode |
+| `count` + `status` + `stats` | `stats` (+ `--entities`, `--sync`) | -2 |
+
+**Total: 34 commands -> 29 commands**

docs/command-surface-analysis/01-entity-commands.md

@@ -0,0 +1,308 @@
+# Entity Query Commands
+
+Reference for: `issues`, `mrs`, `notes`, `search`, `count`
+
+---
+
+## `issues` (alias: `issue`)
+
+List or show issues from local database.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `[IID]` | positional | — | Omit to list, provide to show detail |
+| `-n, --limit` | int | 50 | Max results |
+| `--fields` | string | — | Select output columns (preset: `minimal`) |
+| `-s, --state` | enum | — | `opened\|closed\|all` |
+| `-p, --project` | string | — | Filter by project (fuzzy) |
+| `-a, --author` | string | — | Filter by author username |
+| `-A, --assignee` | string | — | Filter by assignee username |
+| `-l, --label` | string[] | — | Filter by labels (AND logic, repeatable) |
+| `-m, --milestone` | string | — | Filter by milestone title |
+| `--status` | string[] | — | Filter by work-item status (COLLATE NOCASE, OR logic) |
+| `--since` | duration/date | — | Filter by created date (`7d`, `2w`, `YYYY-MM-DD`) |
+| `--due-before` | date | — | Filter by due date |
+| `--has-due` | flag | — | Show only issues with due dates |
+| `--sort` | enum | `updated` | `updated\|created\|iid` |
+| `--asc` | flag | — | Sort ascending |
+| `-o, --open` | flag | — | Open first match in browser |
+
+**DB tables:** `issues`, `projects`, `issue_assignees`, `issue_labels`, `labels`
+**Detail mode adds:** `discussions`, `notes`, `entity_references` (closing MRs)
+
+### Robot Output (list mode)
+
+```json
+{
+  "ok": true,
+  "data": {
+    "issues": [
+      {
+        "iid": 42, "title": "Fix auth", "state": "opened",
+        "author_username": "jdoe", "labels": ["backend"],
+        "assignees": ["jdoe"], "discussion_count": 3,
+        "unresolved_count": 1, "created_at_iso": "...",
+        "updated_at_iso": "...", "web_url": "...",
+        "project_path": "group/repo",
+        "status_name": "In progress"
+      }
+    ],
+    "total_count": 150, "showing": 50
+  },
+  "meta": { "elapsed_ms": 40, "available_statuses": ["Open", "In progress", "Closed"] }
+}
+```
+
+### Robot Output (detail mode — `issues <IID>`)
+
+```json
+{
+  "ok": true,
+  "data": {
+    "id": 12345, "iid": 42, "title": "Fix auth",
+    "description": "Full markdown body...",
+    "state": "opened", "author_username": "jdoe",
+    "created_at": "...", "updated_at": "...", "closed_at": null,
+    "confidential": false, "web_url": "...", "project_path": "group/repo",
+    "references_full": "group/repo#42",
+    "labels": ["backend"], "assignees": ["jdoe"],
+    "due_date": null, "milestone": null,
+    "user_notes_count": 5, "merge_requests_count": 1,
+    "closing_merge_requests": [
+      { "iid": 99, "title": "Refactor auth", "state": "merged", "web_url": "..." }
+    ],
+    "discussions": [
+      {
+        "notes": [
+          { "author_username": "jdoe", "body": "...", "created_at": "...", "is_system": false }
+        ],
+        "individual_note": false
+      }
+    ],
+    "status_name": "In progress", "status_color": "#1068bf"
+  }
+}
+```
+
+**Minimal preset:** `iid`, `title`, `state`, `updated_at_iso`
+
+---
+
+## `mrs` (aliases: `mr`, `merge-request`, `merge-requests`)
+
+List or show merge requests.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `[IID]` | positional | — | Omit to list, provide to show detail |
+| `-n, --limit` | int | 50 | Max results |
+| `--fields` | string | — | Select output columns (preset: `minimal`) |
+| `-s, --state` | enum | — | `opened\|merged\|closed\|locked\|all` |
+| `-p, --project` | string | — | Filter by project |
+| `-a, --author` | string | — | Filter by author |
+| `-A, --assignee` | string | — | Filter by assignee |
+| `-r, --reviewer` | string | — | Filter by reviewer |
+| `-l, --label` | string[] | — | Filter by labels (AND) |
+| `--since` | duration/date | — | Filter by created date |
+| `-d, --draft` | flag | — | Draft MRs only |
+| `-D, --no-draft` | flag | — | Exclude drafts |
+| `--target` | string | — | Filter by target branch |
+| `--source` | string | — | Filter by source branch |
+| `--sort` | enum | `updated` | `updated\|created\|iid` |
+| `--asc` | flag | — | Sort ascending |
+| `-o, --open` | flag | — | Open in browser |
+
+**DB tables:** `merge_requests`, `projects`, `mr_reviewers`, `mr_labels`, `labels`, `mr_assignees`
+**Detail mode adds:** `discussions`, `notes`, `mr_diffs`
+
+### Robot Output (list mode)
+
+```json
+{
+  "ok": true,
+  "data": {
+    "mrs": [
+      {
+        "iid": 99, "title": "Refactor auth", "state": "merged",
+        "draft": false, "author_username": "jdoe",
+        "source_branch": "feat/auth", "target_branch": "main",
+        "labels": ["backend"], "assignees": ["jdoe"], "reviewers": ["reviewer"],
+        "discussion_count": 5, "unresolved_count": 0,
+        "created_at_iso": "...", "updated_at_iso": "...",
+        "web_url": "...", "project_path": "group/repo"
+      }
+    ],
+    "total_count": 500, "showing": 50
+  }
+}
+```
+
+### Robot Output (detail mode — `mrs <IID>`)
+
+```json
+{
+  "ok": true,
+  "data": {
+    "id": 67890, "iid": 99, "title": "Refactor auth",
+    "description": "Full markdown body...",
+    "state": "merged", "draft": false, "author_username": "jdoe",
+    "source_branch": "feat/auth", "target_branch": "main",
+    "created_at": "...", "updated_at": "...",
+    "merged_at": "...", "closed_at": null,
+    "web_url": "...", "project_path": "group/repo",
+    "labels": ["backend"], "assignees": ["jdoe"], "reviewers": ["reviewer"],
+    "discussions": [
+      {
+        "notes": [
+          {
+            "author_username": "reviewer", "body": "...",
+            "created_at": "...", "is_system": false,
+            "position": { "new_path": "src/auth.rs", "new_line": 42 }
+          }
+        ],
+        "individual_note": false
+      }
+    ]
+  }
+}
+```
+
+**Minimal preset:** `iid`, `title`, `state`, `updated_at_iso`
+
+---
+
+## `notes` (alias: `note`)
+
+List discussion notes/comments with fine-grained filters.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `-n, --limit` | int | 50 | Max results |
+| `--fields` | string | — | Preset: `minimal` |
+| `-a, --author` | string | — | Filter by author |
+| `--note-type` | enum | — | `DiffNote\|DiscussionNote` |
+| `--contains` | string | — | Body text substring filter |
+| `--note-id` | int | — | Internal note ID |
+| `--gitlab-note-id` | int | — | GitLab note ID |
+| `--discussion-id` | string | — | Discussion ID filter |
+| `--include-system` | flag | — | Include system notes |
+| `--for-issue` | int | — | Notes on specific issue (requires `-p`) |
+| `--for-mr` | int | — | Notes on specific MR (requires `-p`) |
+| `-p, --project` | string | — | Scope to project |
+| `--since` | duration/date | — | Created after |
+| `--until` | date | — | Created before (inclusive) |
+| `--path` | string | — | File path filter (exact or prefix with `/`) |
+| `--resolution` | enum | — | `any\|unresolved\|resolved` |
+| `--sort` | enum | `created` | `created\|updated` |
+| `--asc` | flag | — | Sort ascending |
+| `--open` | flag | — | Open in browser |
+
+**DB tables:** `notes`, `discussions`, `projects`, `issues`, `merge_requests`
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "notes": [
+      {
+        "id": 1234, "gitlab_id": 56789,
+        "author_username": "reviewer", "body": "...",
+        "note_type": "DiffNote", "is_system": false,
+        "created_at_iso": "...", "updated_at_iso": "...",
+        "position_new_path": "src/auth.rs", "position_new_line": 42,
+        "resolvable": true, "resolved": false,
+        "noteable_type": "MergeRequest", "parent_iid": 99,
+        "parent_title": "Refactor auth", "project_path": "group/repo"
+      }
+    ],
+    "total_count": 1000, "showing": 50
+  }
+}
+```
+
+**Minimal preset:** `id`, `author_username`, `body`, `created_at_iso`
+
+---
+
+## `search` (aliases: `find`, `query`)
+
+Semantic + full-text search across indexed documents.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `<QUERY>` | positional | required | Search query string |
+| `--mode` | enum | `hybrid` | `lexical\|hybrid\|semantic` |
+| `--type` | enum | — | `issue\|mr\|discussion\|note` |
+| `--author` | string | — | Filter by author |
+| `-p, --project` | string | — | Scope to project |
+| `--label` | string[] | — | Filter by labels (AND) |
+| `--path` | string | — | File path filter |
+| `--since` | duration/date | — | Created after |
+| `--updated-since` | duration/date | — | Updated after |
+| `-n, --limit` | int | 20 | Max results (max: 100) |
+| `--fields` | string | — | Preset: `minimal` |
+| `--explain` | flag | — | Show ranking breakdown |
+| `--fts-mode` | enum | `safe` | `safe\|raw` |
+
+**DB tables:** `documents`, `documents_fts` (FTS5), `embeddings` (vec0), `document_labels`, `document_paths`, `projects`
+
+**Search modes:**
+- **lexical** — FTS5 with BM25 ranking (fastest, no Ollama needed)
+- **hybrid** — RRF combination of lexical + semantic (default)
+- **semantic** — Vector similarity only (requires Ollama)
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "query": "authentication bug",
+    "mode": "hybrid",
+    "total_results": 15,
+    "results": [
+      {
+        "document_id": 1234, "source_type": "issue",
+        "title": "Fix SSO auth", "url": "...",
+        "author": "jdoe", "project_path": "group/repo",
+        "labels": ["auth"], "paths": ["src/auth/"],
+        "snippet": "...matching text...",
+        "score": 0.85,
+        "explain": { "vector_rank": 2, "fts_rank": 1, "rrf_score": 0.85 }
+      }
+    ],
+    "warnings": []
+  }
+}
+```
+
+**Minimal preset:** `document_id`, `title`, `source_type`, `score`
+
+---
+
+## `count`
+
+Count entities in local database.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `<ENTITY>` | positional | required | `issues\|mrs\|discussions\|notes\|events\|references` |
+| `-f, --for` | enum | — | Parent type: `issue\|mr` |
+
+**DB tables:** Conditional aggregation on entity tables
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "entity": "merge_requests",
+    "count": 1234,
+    "system_excluded": 5000,
+    "breakdown": { "opened": 100, "closed": 50, "merged": 1084 }
+  }
+}
+```

docs/command-surface-analysis/02-intelligence-commands.md

@@ -0,0 +1,452 @@
+# Intelligence Commands
+
+Reference for: `who`, `timeline`, `me`, `file-history`, `trace`, `related`, `drift`
+
+---
+
+## `who` (People Intelligence)
+
+Five sub-modes, dispatched by argument shape.
+
+| Mode | Trigger | Purpose |
+|---|---|---|
+| **expert** | `who <path>` or `who --path <path>` | Who knows about a code area? |
+| **workload** | `who @username` | What is this person working on? |
+| **reviews** | `who @username --reviews` | Review pattern analysis |
+| **active** | `who --active` | Unresolved discussions needing attention |
+| **overlap** | `who --overlap <path>` | Who else touches these files? |
+
+### Shared Flags
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `-p, --project` | string | — | Scope to project |
+| `-n, --limit` | int | varies | Max results (1-500) |
+| `--fields` | string | — | Preset: `minimal` |
+| `--since` | duration/date | — | Time window |
+| `--include-bots` | flag | — | Include bot users |
+| `--include-closed` | flag | — | Include closed issues/MRs |
+| `--all-history` | flag | — | Query all history |
+
+### Expert-Only Flags
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `--detail` | flag | — | Per-MR breakdown |
+| `--as-of` | date/duration | — | Score at point in time |
+| `--explain-score` | flag | — | Score breakdown |
+
+### DB Tables by Mode
+
+| Mode | Primary Tables |
+|---|---|
+| expert | `notes` (INDEXED BY idx_notes_diffnote_path_created), `merge_requests`, `mr_reviewers` |
+| workload | `issues`, `merge_requests`, `mr_reviewers` |
+| reviews | `merge_requests`, `discussions`, `notes` |
+| active | `discussions`, `notes`, `issues`, `merge_requests` |
+| overlap | `notes`, `mr_file_changes`, `merge_requests` |
+
+### Robot Output (expert)
+
+```json
+{
+  "ok": true,
+  "data": {
+    "mode": "expert",
+    "input": { "target": "src/auth/", "path": "src/auth/" },
+    "resolved_input": { "mode": "expert", "project_id": 1, "project_path": "group/repo" },
+    "result": {
+      "experts": [
+        {
+          "username": "jdoe", "score": 42.5,
+          "detail": { "mr_ids_author": [99, 101], "mr_ids_reviewer": [88] }
+        }
+      ]
+    }
+  }
+}
+```
+
+### Robot Output (workload)
+
+```json
+{
+  "data": {
+    "mode": "workload",
+    "result": {
+      "assigned_issues": [{ "iid": 42, "title": "Fix auth", "state": "opened" }],
+      "authored_mrs": [{ "iid": 99, "title": "Refactor auth", "state": "merged" }],
+      "review_mrs": [{ "iid": 88, "title": "Add SSO", "state": "opened" }]
+    }
+  }
+}
+```
+
+### Robot Output (reviews)
+
+```json
+{
+  "data": {
+    "mode": "reviews",
+    "result": {
+      "categories": [
+        {
+          "category": "approval_rate",
+          "reviewers": [{ "name": "jdoe", "count": 15, "percentage": 85.0 }]
+        }
+      ]
+    }
+  }
+}
+```
+
+### Robot Output (active)
+
+```json
+{
+  "data": {
+    "mode": "active",
+    "result": {
+      "discussions": [
+        { "entity_type": "mr", "iid": 99, "title": "Refactor auth", "participants": ["jdoe", "reviewer"] }
+      ]
+    }
+  }
+}
+```
+
+### Robot Output (overlap)
+
+```json
+{
+  "data": {
+    "mode": "overlap",
+    "result": {
+      "users": [{ "username": "jdoe", "touch_count": 15 }]
+    }
+  }
+}
+```
+
+### Minimal Presets
+
+| Mode | Fields |
+|---|---|
+| expert | `username`, `score` |
+| workload | `iid`, `title`, `state` |
+| reviews | `name`, `count`, `percentage` |
+| active | `entity_type`, `iid`, `title`, `participants` |
+| overlap | `username`, `touch_count` |
+
+---
+
+## `timeline`
+
+Reconstruct chronological event history for a topic/entity with cross-reference expansion.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `<QUERY>` | positional | required | Search text or entity ref (`issue:42`, `mr:99`) |
+| `-p, --project` | string | — | Scope to project |
+| `--since` | duration/date | — | Filter events after |
+| `--depth` | int | 1 | Cross-ref expansion depth (0=none) |
+| `--no-mentions` | flag | — | Skip "mentioned" edges, keep "closes"/"related" |
+| `-n, --limit` | int | 100 | Max events |
+| `--fields` | string | — | Preset: `minimal` |
+| `--max-seeds` | int | 10 | Max seed entities from search |
+| `--max-entities` | int | 50 | Max expanded entities |
+| `--max-evidence` | int | 10 | Max evidence notes |
+
+**Pipeline:** SEED -> HYDRATE -> EXPAND -> COLLECT -> RENDER
+
+**DB tables:** `issues`, `merge_requests`, `discussions`, `notes`, `entity_references`, `resource_state_events`, `resource_label_events`, `resource_milestone_events`, `documents` (for search seeding)
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "query": "authentication", "event_count": 25,
+    "seed_entities": [{ "type": "issue", "iid": 42, "project": "group/repo" }],
+    "expanded_entities": [
+      {
+        "type": "mr", "iid": 99, "project": "group/repo", "depth": 1,
+        "via": {
+          "from": { "type": "issue", "iid": 42 },
+          "reference_type": "closes"
+        }
+      }
+    ],
+    "unresolved_references": [
+      {
+        "source": { "type": "issue", "iid": 42, "project": "group/repo" },
+        "target_type": "mr", "target_iid": 200, "reference_type": "mentioned"
+      }
+    ],
+    "events": [
+      {
+        "timestamp": "2026-01-15T10:30:00Z",
+        "entity_type": "issue", "entity_iid": 42, "project": "group/repo",
+        "event_type": "state_changed", "summary": "Reopened",
+        "actor": "jdoe", "is_seed": true,
+        "evidence_notes": [{ "author": "jdoe", "snippet": "..." }]
+      }
+    ]
+  },
+  "meta": {
+    "elapsed_ms": 150, "search_mode": "fts",
+    "expansion_depth": 1, "include_mentions": true,
+    "total_entities": 5, "total_events": 25,
+    "evidence_notes_included": 8, "discussion_threads_included": 3,
+    "unresolved_references": 1, "showing": 25
+  }
+}
+```
+
+**Minimal preset:** `timestamp`, `type`, `entity_iid`, `detail`
+
+---
+
+## `me` (Personal Dashboard)
+
+Personal work dashboard with issues, MRs, activity, and since-last-check inbox.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `--issues` | flag | — | Open issues section only |
+| `--mrs` | flag | — | MRs section only |
+| `--activity` | flag | — | Activity feed only |
+| `--since` | duration/date | `30d` | Activity window |
+| `-p, --project` | string | — | Scope to one project |
+| `--all` | flag | — | All synced projects |
+| `--user` | string | — | Override configured username |
+| `--fields` | string | — | Preset: `minimal` |
+| `--reset-cursor` | flag | — | Clear since-last-check cursor |
+
+**Sections (no flags = all):** Issues, MRs authored, MRs reviewing, Activity, Inbox
+
+**DB tables:** `issues`, `merge_requests`, `resource_state_events`, `projects`, `issue_labels`, `mr_labels`
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "username": "jdoe",
+    "summary": {
+      "project_count": 3, "open_issue_count": 5,
+      "authored_mr_count": 2, "reviewing_mr_count": 1,
+      "needs_attention_count": 3
+    },
+    "since_last_check": {
+      "cursor_iso": "2026-02-25T18:00:00Z",
+      "total_event_count": 8,
+      "groups": [
+        {
+          "entity_type": "issue", "entity_iid": 42,
+          "entity_title": "Fix auth", "project": "group/repo",
+          "events": [
+            { "timestamp_iso": "...", "event_type": "comment",
+              "actor": "reviewer", "summary": "New comment" }
+          ]
+        }
+      ]
+    },
+    "open_issues": [
+      {
+        "project": "group/repo", "iid": 42, "title": "Fix auth",
+        "state": "opened", "attention_state": "needs_attention",
+        "status_name": "In progress", "labels": ["auth"],
+        "updated_at_iso": "..."
+      }
+    ],
+    "open_mrs_authored": [
+      {
+        "project": "group/repo", "iid": 99, "title": "Refactor auth",
+        "state": "opened", "attention_state": "needs_attention",
+        "draft": false, "labels": ["backend"], "updated_at_iso": "..."
+      }
+    ],
+    "reviewing_mrs": [],
+    "activity": [
+      {
+        "timestamp_iso": "...", "event_type": "state_changed",
+        "entity_type": "issue", "entity_iid": 42, "project": "group/repo",
+        "actor": "jdoe", "is_own": true, "summary": "Closed"
+      }
+    ]
+  }
+}
+```
+
+**Minimal presets:** Items: `iid, title, attention_state, updated_at_iso` | Activity: `timestamp_iso, event_type, entity_iid, actor`
+
+---
+
+## `file-history`
+
+Show which MRs touched a file, with linked discussions.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `<PATH>` | positional | required | File path to trace |
+| `-p, --project` | string | — | Scope to project |
+| `--discussions` | flag | — | Include DiffNote snippets |
+| `--no-follow-renames` | flag | — | Skip rename chain resolution |
+| `--merged` | flag | — | Only merged MRs |
+| `-n, --limit` | int | 50 | Max MRs |
+
+**DB tables:** `mr_file_changes`, `merge_requests`, `notes` (DiffNotes), `projects`
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "path": "src/auth/middleware.rs",
+    "rename_chain": [
+      { "previous_path": "src/auth.rs", "mr_iid": 55, "merged_at": "..." }
+    ],
+    "merge_requests": [
+      {
+        "iid": 99, "title": "Refactor auth", "state": "merged",
+        "author": "jdoe", "merged_at": "...", "change_type": "modified"
+      }
+    ],
+    "discussions": [
+      {
+        "discussion_id": 123, "mr_iid": 99, "author": "reviewer",
+        "body_snippet": "...", "path": "src/auth/middleware.rs"
+      }
+    ]
+  },
+  "meta": { "elapsed_ms": 30, "total_mrs": 5, "renames_followed": true }
+}
+```
+
+---
+
+## `trace`
+
+File -> MR -> issue -> discussion chain to understand why code was introduced.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `<PATH>` | positional | required | File path (future: `:line` suffix) |
+| `-p, --project` | string | — | Scope to project |
+| `--discussions` | flag | — | Include DiffNote snippets |
+| `--no-follow-renames` | flag | — | Skip rename chain |
+| `-n, --limit` | int | 20 | Max chains |
+
+**DB tables:** `mr_file_changes`, `merge_requests`, `issues`, `discussions`, `notes`, `entity_references`
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "path": "src/auth/middleware.rs",
+    "resolved_paths": ["src/auth/middleware.rs", "src/auth.rs"],
+    "trace_chains": [
+      {
+        "mr_iid": 99, "mr_title": "Refactor auth", "mr_state": "merged",
+        "mr_author": "jdoe", "change_type": "modified",
+        "merged_at_iso": "...", "web_url": "...",
+        "issues": [42],
+        "discussions": [
+          {
+            "discussion_id": 123, "author_username": "reviewer",
+            "body_snippet": "...", "path": "src/auth/middleware.rs"
+          }
+        ]
+      }
+    ]
+  },
+  "meta": { "tier": "api_only", "total_chains": 3, "renames_followed": 1 }
+}
+```
+
+---
+
+## `related`
+
+Find semantically related entities via vector search.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `<QUERY_OR_TYPE>` | positional | required | Entity type (`issues`, `mrs`) or free text |
+| `[IID]` | positional | — | Entity IID (required with entity type) |
+| `-n, --limit` | int | 10 | Max results |
+| `-p, --project` | string | — | Scope to project |
+
+**Two modes:**
+- **Entity mode:** `related issues 42` — find entities similar to issue #42
+- **Query mode:** `related "auth flow"` — find entities matching free text
+
+**DB tables:** `documents`, `embeddings` (vec0), `projects`
+
+**Requires:** Ollama running (for query mode embedding)
+
+### Robot Output (entity mode)
+
+```json
+{
+  "ok": true,
+  "data": {
+    "query_entity_type": "issue",
+    "query_entity_iid": 42,
+    "query_entity_title": "Fix SSO authentication",
+    "similar_entities": [
+      {
+        "entity_type": "mr", "entity_iid": 99,
+        "entity_title": "Refactor auth module",
+        "project_path": "group/repo", "state": "merged",
+        "similarity_score": 0.87,
+        "shared_labels": ["auth"], "shared_authors": ["jdoe"]
+      }
+    ]
+  }
+}
+```
+
+---
+
+## `drift`
+
+Detect discussion divergence from original intent.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `<ENTITY_TYPE>` | positional | required | Currently only `issues` |
+| `<IID>` | positional | required | Entity IID |
+| `--threshold` | f32 | 0.4 | Similarity threshold (0.0-1.0) |
+| `-p, --project` | string | — | Scope to project |
+
+**DB tables:** `issues`, `discussions`, `notes`, `embeddings`
+
+**Requires:** Ollama running
+
+### Robot Output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "entity_type": "issue", "entity_iid": 42,
+    "total_notes": 15,
+    "detected_drift": true,
+    "drift_point": {
+      "note_index": 8, "similarity": 0.32,
+      "author": "someone", "created_at": "..."
+    },
+    "similarity_curve": [
+      { "note_index": 0, "similarity": 0.95, "author": "jdoe", "created_at": "..." },
+      { "note_index": 1, "similarity": 0.88, "author": "reviewer", "created_at": "..." }
+    ]
+  }
+}
+```

docs/command-surface-analysis/03-pipeline-and-infra.md

@@ -0,0 +1,210 @@
+# Pipeline & Infrastructure Commands
+
+Reference for: `sync`, `ingest`, `generate-docs`, `embed`, `health`, `auth`, `doctor`, `status`, `stats`, `init`, `token`, `cron`, `migrate`, `version`, `completions`, `robot-docs`
+
+---
+
+## Data Pipeline
+
+### `sync` (Full Pipeline)
+
+Complete sync: ingest -> generate-docs -> embed.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `--full` | flag | — | Full re-sync (reset cursors) |
+| `-f, --force` | flag | — | Override stale lock |
+| `--no-embed` | flag | — | Skip embedding |
+| `--no-docs` | flag | — | Skip doc generation |
+| `--no-events` | flag | — | Skip resource events |
+| `--no-file-changes` | flag | — | Skip MR file changes |
+| `--no-status` | flag | — | Skip work-item status enrichment |
+| `--dry-run` | flag | — | Preview without changes |
+| `-t, --timings` | flag | — | Show timing breakdown |
+| `--lock` | flag | — | Acquire file lock |
+| `--issue` | int[] | — | Surgically sync specific issues (repeatable) |
+| `--mr` | int[] | — | Surgically sync specific MRs (repeatable) |
+| `-p, --project` | string | — | Required with `--issue`/`--mr` |
+| `--preflight-only` | flag | — | Validate without DB writes |
+
+**Stages:** GitLab REST ingest -> GraphQL status enrichment -> Document generation -> Ollama embedding
+
+**Surgical sync:** `lore sync --issue 42 --mr 99 -p group/repo` fetches only specific entities.
+
+### `ingest`
+
+Fetch data from GitLab API only (no docs, no embeddings).
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `[ENTITY]` | positional | — | `issues` or `mrs` (omit for all) |
+| `-p, --project` | string | — | Single project |
+| `-f, --force` | flag | — | Override stale lock |
+| `--full` | flag | — | Full re-sync |
+| `--dry-run` | flag | — | Preview |
+
+**Fetches from GitLab:**
+- Issues + discussions + notes
+- MRs + discussions + notes
+- Resource events (state, label, milestone)
+- MR file changes (for DiffNote tracking)
+- Work-item statuses (via GraphQL)
+
+### `generate-docs`
+
+Create searchable documents from ingested data.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `--full` | flag | — | Full rebuild |
+| `-p, --project` | string | — | Single project rebuild |
+
+**Writes:** `documents`, `document_labels`, `document_paths`
+
+### `embed`
+
+Generate vector embeddings via Ollama.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `--full` | flag | — | Re-embed all |
+| `--retry-failed` | flag | — | Retry failed embeddings |
+
+**Requires:** Ollama running with `nomic-embed-text`
+**Writes:** `embeddings`, `embedding_metadata`
+
+---
+
+## Diagnostics
+
+### `health`
+
+Quick pre-flight check (~50ms). Exit 0 = healthy, exit 19 = unhealthy.
+
+**Checks:** config found, DB found, schema version current.
+
+```json
+{
+  "ok": true,
+  "data": {
+    "healthy": true,
+    "config_found": true, "db_found": true,
+    "schema_current": true, "schema_version": 28
+  }
+}
+```
+
+### `auth`
+
+Verify GitLab authentication.
+
+**Checks:** token set, GitLab reachable, user identity.
+
+### `doctor`
+
+Comprehensive environment check.
+
+**Checks:** config validity, token, GitLab connectivity, DB health, migration status, Ollama availability + model status.
+
+```json
+{
+  "ok": true,
+  "data": {
+    "config": { "valid": true, "path": "~/.config/lore/config.json" },
+    "token": { "set": true, "gitlab": { "reachable": true, "user": "jdoe" } },
+    "database": { "exists": true, "version": 28, "tables": 25 },
+    "ollama": { "available": true, "model_ready": true }
+  }
+}
+```
+
+### `status` (alias: `st`)
+
+Show sync state per project.
+
+```json
+{
+  "ok": true,
+  "data": {
+    "projects": [
+      {
+        "project_path": "group/repo",
+        "last_synced_at": "2026-02-26T10:00:00Z",
+        "document_count": 5000, "discussion_count": 2000, "notes_count": 15000
+      }
+    ]
+  }
+}
+```
+
+### `stats` (alias: `stat`)
+
+Document and index statistics with optional integrity checks.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `--check` | flag | — | Run integrity checks |
+| `--repair` | flag | — | Fix issues (implies `--check`) |
+| `--dry-run` | flag | — | Preview repairs |
+
+```json
+{
+  "ok": true,
+  "data": {
+    "documents": { "total": 61652, "issues": 5000, "mrs": 2000, "notes": 50000 },
+    "embeddings": { "total": 80000, "synced": 79500, "pending": 500, "failed": 0 },
+    "fts": { "total_docs": 61652 },
+    "queues": { "pending": 0, "in_progress": 0, "failed": 0, "max_attempts": 0 },
+    "integrity": {
+      "ok": true, "fts_doc_mismatch": 0, "orphan_embeddings": 0,
+      "stale_metadata": 0, "orphan_state_events": 0
+    }
+  }
+}
+```
+
+---
+
+## Setup
+
+### `init`
+
+Initialize configuration and database.
+
+| Flag | Type | Default | Purpose |
+|---|---|---|---|
+| `-f, --force` | flag | — | Skip overwrite confirmation |
+| `--non-interactive` | flag | — | Fail if prompts needed |
+| `--gitlab-url` | string | — | GitLab base URL (required in robot mode) |
+| `--token-env-var` | string | — | Env var holding token (required in robot mode) |
+| `--projects` | string | — | Comma-separated project paths (required in robot mode) |
+| `--default-project` | string | — | Default project path |
+
+### `token`
+
+| Subcommand | Flags | Purpose |
+|---|---|---|
+| `token set` | `--token <TOKEN>` | Store token (reads stdin if omitted) |
+| `token show` | `--unmask` | Display token (masked by default) |
+
+### `cron`
+
+| Subcommand | Flags | Purpose |
+|---|---|---|
+| `cron install` | `--interval <MINUTES>` (default: 8) | Schedule auto-sync |
+| `cron uninstall` | — | Remove cron job |
+| `cron status` | — | Check installation |
+
+### `migrate`
+
+Run pending database migrations. No flags.
+
+---
+
+## Meta
+
+| Command | Purpose |
+|---|---|
+| `version` | Show version string |
+| `completions <shell>` | Generate shell completions (bash/zsh/fish/powershell) |
+| `robot-docs` | Machine-readable command manifest (`--brief` for ~60% smaller) |

docs/command-surface-analysis/04-data-flow.md

@@ -0,0 +1,179 @@
+# Data Flow & Command Network
+
+How commands interconnect through shared data sources and output-to-input dependencies.
+
+---
+
+## 1. Command Network Graph
+
+Arrows mean "output of A feeds as input to B":
+
+```
+                    ┌─────────┐
+                    │ search  │─────────────────────────────┐
+                    └────┬────┘                             │
+                         │ iid                              │ topic
+                    ┌────▼────┐                        ┌────▼─────┐
+              ┌─────│ issues  │◄───────────────────────│ timeline │
+              │     │ mrs     │ (detail)               └──────────┘
+              │     └────┬────┘                             ▲
+              │          │ iid                              │ entity ref
+              │     ┌────▼────┐     ┌──────────────┐       │
+              │     │ related │     │ file-history  │───────┘
+              │     │ drift   │     └──────┬───────┘
+              │     └─────────┘            │ MR iids
+              │                       ┌────▼────┐
+              │                       │  trace  │──── issues (linked)
+              │                       └────┬────┘
+              │                            │ paths
+              │                       ┌────▼────┐
+              │                       │   who   │
+              │                       │ (expert)│
+              │                       └─────────┘
+              │
+         file paths                   ┌─────────┐
+              │                       │   me    │──── issues, mrs (dashboard)
+              ▼                       └─────────┘
+        ┌──────────┐                       ▲
+        │  notes   │                       │ (~same data)
+        └──────────┘                  ┌────┴──────┐
+                                      │who workload│
+                                      └───────────┘
+```
+
+### Feed Chains (output of A -> input of B)
+
+| From | To | What Flows |
+|---|---|---|
+| `search` | `issues`, `mrs` | IIDs from search results -> detail lookup |
+| `search` | `timeline` | Topic/query -> chronological history |
+| `search` | `related` | Entity IID -> semantic similarity |
+| `me` | `issues`, `mrs` | IIDs from dashboard -> detail lookup |
+| `trace` | `issues` | Linked issue IIDs -> detail lookup |
+| `trace` | `who` | File paths -> expert lookup |
+| `file-history` | `mrs` | MR IIDs -> detail lookup |
+| `file-history` | `timeline` | Entity refs -> chronological events |
+| `timeline` | `issues`, `mrs` | Referenced IIDs -> detail lookup |
+| `who expert` | `who reviews` | Username -> review patterns |
+| `who expert` | `mrs` | MR IIDs from expert detail -> MR detail |
+
+---
+
+## 2. Shared Data Source Map
+
+Which DB tables power which commands. Higher overlap = stronger consolidation signal.
+
+### Primary Entity Tables
+
+| Table | Read By |
+|---|---|
+| `issues` | issues, me, who-workload, search, timeline, trace, count, stats |
+| `merge_requests` | mrs, me, who-workload, search, timeline, trace, file-history, count, stats |
+| `notes` | notes, issues-detail, mrs-detail, who-expert, who-active, search, timeline, trace, file-history |
+| `discussions` | notes, issues-detail, mrs-detail, who-active, who-reviews, timeline, trace |
+
+### Relationship Tables
+
+| Table | Read By |
+|---|---|
+| `entity_references` | trace, timeline |
+| `mr_file_changes` | trace, file-history, who-overlap |
+| `issue_labels` | issues, me |
+| `mr_labels` | mrs, me |
+| `issue_assignees` | issues, me |
+| `mr_reviewers` | mrs, who-expert, who-workload |
+
+### Event Tables
+
+| Table | Read By |
+|---|---|
+| `resource_state_events` | timeline, me-activity |
+| `resource_label_events` | timeline |
+| `resource_milestone_events` | timeline |
+
+### Document/Search Tables
+
+| Table | Read By |
+|---|---|
+| `documents` + `documents_fts` | search, stats |
+| `embeddings` | search, related, drift |
+| `document_labels` | search |
+| `document_paths` | search |
+
+### Infrastructure Tables
+
+| Table | Read By |
+|---|---|
+| `sync_cursors` | status |
+| `dirty_sources` | stats |
+| `embedding_metadata` | stats, embed |
+
+---
+
+## 3. Shared-Data Clusters
+
+Commands that read from the same primary tables form natural clusters:
+
+### Cluster A: Issue/MR Entities
+
+`issues`, `mrs`, `me`, `who workload`, `count`
+
+All read `issues` + `merge_requests` with similar filter patterns (state, author, labels, project). These commands share the same underlying WHERE-clause builder logic.
+
+### Cluster B: Notes/Discussions
+
+`notes`, `issues detail`, `mrs detail`, `who expert`, `who active`, `timeline`
+
+All traverse the `discussions` -> `notes` join path. The `notes` command does it with independent filters; the others embed notes within parent context.
+
+### Cluster C: File Genealogy
+
+`trace`, `file-history`, `who overlap`
+
+All use `mr_file_changes` with rename chain BFS (forward: old_path -> new_path, backward: new_path -> old_path). Shared `resolve_rename_chain()` function.
+
+### Cluster D: Semantic/Vector
+
+`search`, `related`, `drift`
+
+All use `documents` + `embeddings` via Ollama. `search` adds FTS component; `related` is pure vector; `drift` uses vector for divergence scoring.
+
+### Cluster E: Diagnostics
+
+`health`, `auth`, `doctor`, `status`, `stats`
+
+All check system state. `health` < `doctor` (strict subset). `status` checks sync cursors. `stats` checks document/index health. `auth` checks token/connectivity.
+
+---
+
+## 4. Query Pattern Sharing
+
+### Dynamic Filter Builder (used by issues, mrs, notes)
+
+All three list commands use the same pattern: build a WHERE clause dynamically from filter flags with parameterized tokens. Labels use EXISTS subquery against junction table.
+
+### Rename Chain BFS (used by trace, file-history, who overlap)
+
+Forward query:
+```sql
+SELECT DISTINCT new_path FROM mr_file_changes
+WHERE project_id = ?1 AND old_path = ?2 AND change_type = 'renamed'
+```
+
+Backward query:
+```sql
+SELECT DISTINCT old_path FROM mr_file_changes
+WHERE project_id = ?1 AND new_path = ?2 AND change_type = 'renamed'
+```
+
+Cycle detection via `HashSet` of visited paths, `MAX_RENAME_HOPS = 10`.
+
+### Hybrid Search (used by search, timeline seeding)
+
+RRF ranking: `score = (60 / fts_rank) + (60 / vector_rank)`
+
+FTS5 queries go through `to_fts_query()` which sanitizes input and builds MATCH expressions. Vector search calls Ollama to embed the query, then does cosine similarity against `embeddings` vec0 table.
+
+### Project Resolution (used by most commands)
+
+`resolve_project(conn, project_filter)` does fuzzy matching on `path_with_namespace` — suffix and substring matching. Returns `(project_id, path_with_namespace)`.

docs/command-surface-analysis/05-overlap-analysis.md

@@ -0,0 +1,170 @@
+# Overlap Analysis
+
+Quantified functional duplication between commands.
+
+---
+
+## 1. High Overlap (>70%)
+
+### `who workload` vs `me` — 85% overlap
+
+| Dimension | `who @user` (workload) | `me --user @user` |
+|---|---|---|
+| Assigned issues | Yes | Yes |
+| Authored MRs | Yes | Yes |
+| Reviewing MRs | Yes | Yes |
+| Attention state | No | **Yes** |
+| Activity feed | No | **Yes** |
+| Since-last-check inbox | No | **Yes** |
+| Cross-project | Yes | **Yes** |
+
+**Verdict:** `who workload` is a strict subset of `me`. The only reason to use `who workload` is if you DON'T want attention_state/activity/inbox — but `me --issues --mrs --fields minimal` achieves the same thing.
+
+### `health` vs `doctor` — 90% overlap
+
+| Check | `health` | `doctor` |
+|---|---|---|
+| Config found | Yes | Yes |
+| DB exists | Yes | Yes |
+| Schema current | Yes | Yes |
+| Token valid | No | **Yes** |
+| GitLab reachable | No | **Yes** |
+| Ollama available | No | **Yes** |
+
+**Verdict:** `health` is a strict subset of `doctor`. However, `health` has unique value as a ~50ms pre-flight with clean exit 0/19 semantics for scripting.
+
+### `file-history` vs `trace` — 75% overlap
+
+| Feature | `file-history` | `trace` |
+|---|---|---|
+| Find MRs for file | Yes | Yes |
+| Rename chain BFS | Yes | Yes |
+| DiffNote discussions | `--discussions` | `--discussions` |
+| Follow to linked issues | No | **Yes** |
+| `--merged` filter | **Yes** | No |
+
+**Verdict:** `trace` is a superset of `file-history` minus the `--merged` filter. Both use the same `resolve_rename_chain()` function and query `mr_file_changes`.
+
+### `related` query-mode vs `search --mode semantic` — 80% overlap
+
+| Feature | `related "text"` | `search "text" --mode semantic` |
+|---|---|---|
+| Vector similarity | Yes | Yes |
+| FTS component | No | No (semantic mode skips FTS) |
+| Filters (labels, author, since) | No | **Yes** |
+| Explain ranking | No | **Yes** |
+| Field selection | No | **Yes** |
+| Requires Ollama | Yes | Yes |
+
+**Verdict:** `related "text"` is `search --mode semantic` without any filter capabilities. The entity-seeded mode (`related issues 42`) is NOT duplicated — it seeds from an existing entity's embedding.
+
+---
+
+## 2. Medium Overlap (40-70%)
+
+### `who expert` vs `who overlap` — 50%
+
+Both answer "who works on this file" but with different scoring:
+
+| Aspect | `who expert` | `who overlap` |
+|---|---|---|
+| Scoring | Half-life decay, signal types (diffnote_author, reviewer, etc.) | Raw touch count |
+| Output | Ranked experts with scores | Users with touch counts |
+| Use case | "Who should review this?" | "Who else touches this?" |
+
+**Verdict:** Overlap is a simplified version of expert. Expert could include touch_count as a field.
+
+### `timeline` vs `trace` — 45%
+
+Both follow `entity_references` to discover connected entities, but from different entry points:
+
+| Aspect | `timeline` | `trace` |
+|---|---|---|
+| Entry point | Entity (issue/MR) or search query | File path |
+| Direction | Entity -> cross-refs -> events | File -> MRs -> issues -> discussions |
+| Output | Chronological events | Causal chains (why code changed) |
+| Expansion | Depth-controlled cross-ref following | MR -> issue via entity_references |
+
+**Verdict:** Complementary, not duplicative. Different questions, shared plumbing.
+
+### `auth` vs `doctor` — 100% of auth
+
+`auth` checks: token set + GitLab reachable + user identity.
+`doctor` checks: all of the above + DB + schema + Ollama.
+
+**Verdict:** `auth` is completely contained within `doctor`.
+
+### `count` vs `stats` — 40%
+
+Both answer "how much data?":
+
+| Aspect | `count` | `stats` |
+|---|---|---|
+| Layer | Entity (issues, MRs, notes) | Document index |
+| State breakdown | Yes (opened/closed/merged) | No |
+| Integrity checks | No | Yes |
+| Queue status | No | Yes |
+
+**Verdict:** Different layers. Could be unified under `stats --entities`.
+
+### `notes` vs `issues/mrs detail` — 50%
+
+Both return note content:
+
+| Aspect | `notes` command | Detail view discussions |
+|---|---|---|
+| Independent filtering | **Yes** (author, path, resolution, contains, type) | No |
+| Parent context | Minimal (parent_iid, parent_title) | **Full** (complete entity + all discussions) |
+| Cross-entity queries | **Yes** (all notes matching criteria) | No (one entity only) |
+
+**Verdict:** `notes` is for filtered queries across entities. Detail views are for complete context on one entity. Different use cases.
+
+---
+
+## 3. No Significant Overlap
+
+| Command | Why It's Unique |
+|---|---|
+| `drift` | Only command doing semantic divergence detection |
+| `timeline` | Only command doing multi-entity chronological reconstruction with expansion |
+| `search` (hybrid) | Only command combining FTS + vector with RRF ranking |
+| `me` (inbox) | Only command with cursor-based since-last-check tracking |
+| `who expert` | Only command with half-life decay scoring by signal type |
+| `who reviews` | Only command analyzing review patterns (approval rate, latency) |
+| `who active` | Only command surfacing unresolved discussions needing attention |
+
+---
+
+## 4. Overlap Adjacency Matrix
+
+Rows/columns are commands. Values are estimated functional overlap percentage.
+
+```
+              issues  mrs  notes  search  who-e  who-w  who-r  who-a  who-o  timeline  me  fh  trace  related  drift  count  status  stats  health  doctor
+issues          -     30    50      20      5      40      0      5      0       15    40    0     10      10      0     20       0      10      0       0
+mrs            30      -    50      20      5      40      0      5      0       15    40    5     10      10      0     20       0      10      0       0
+notes          50     50     -      15     15       0      5     10      0       10     0    5      5       0      0      0       0       0      0       0
+search         20     20    15       -      0       0      0      0      0       15     0    0      0      80      0      0       0       5      0       0
+who-expert      5      5    15       0      -       0     10      0     50        0     0   10     10       0      0      0       0       0      0       0
+who-workload   40     40     0       0      0       -      0      0      0        0    85    0      0       0      0      0       0       0      0       0
+who-reviews     0      0     5       0     10       0      -      0      0        0     0    0      0       0      0      0       0       0      0       0
+who-active      5      5    10       0      0       0      0      -      0        5     0    0      0       0      0      0       0       0      0       0
+who-overlap     0      0     0       0     50       0      0      0      -        0     0   10      5       0      0      0       0       0      0       0
+timeline       15     15    10      15      0       0      0      5      0        -     5    5     45       0      0      0       0       0      0       0
+me             40     40     0       0      0      85      0      0      0        5     -    0      0       0      0      0       5       0      5       5
+file-history    0      5     5       0     10       0      0      0     10        5     0    -     75       0      0      0       0       0      0       0
+trace          10     10     5       0     10       0      0      0      5       45     0   75      -       0      0      0       0       0      0       0
+related        10     10     0      80      0       0      0      0      0        0     0    0      0       -      0      0       0       0      0       0
+drift           0      0     0       0      0       0      0      0      0        0     0    0      0       0      -      0       0       0      0       0
+count          20     20     0       0      0       0      0      0      0        0     0    0      0       0      0      -       0      40      0       0
+status          0      0     0       0      0       0      0      0      0        0     5    0      0       0      0      0       -      20     30      40
+stats          10     10     0       5      0       0      0      0      0        0     0    0      0       0      0     40      20       -      0      15
+health          0      0     0       0      0       0      0      0      0        0     5    0      0       0      0      0      30       0      -      90
+doctor          0      0     0       0      0       0      0      0      0        0     5    0      0       0      0      0      40      15     90       -
+```
+
+**Highest overlap pairs (>= 75%):**
+1. `health` / `doctor` — 90%
+2. `who workload` / `me` — 85%
+3. `related` query-mode / `search semantic` — 80%
+4. `file-history` / `trace` — 75%

docs/command-surface-analysis/06-agent-workflows.md

@@ -0,0 +1,216 @@
+# Agent Workflow Analysis
+
+Common agent workflows, round-trip costs, and token profiles.
+
+---
+
+## 1. Common Workflows
+
+### Flow 1: "What should I work on?" — 4 round trips
+
+```
+me                            → dashboard overview (which items need attention?)
+issues <iid> -p proj         → detail on picked issue (full context + discussions)
+trace src/relevant/file.rs    → understand code context (why was it written?)
+who src/relevant/file.rs      → find domain experts (who can help?)
+```
+
+**Total tokens (minimal):** ~800 + ~2000 + ~1000 + ~400 = ~4200
+**Total tokens (full):** ~3000 + ~6000 + ~1500 + ~800 = ~11300
+**Latency:** 4 serial round trips
+
+### Flow 2: "What happened with this feature?" — 3 round trips
+
+```
+search "feature name"         → find relevant entities
+timeline "feature name"       → reconstruct chronological history
+related issues 42             → discover connected work
+```
+
+**Total tokens (minimal):** ~600 + ~1500 + ~400 = ~2500
+**Total tokens (full):** ~2000 + ~5000 + ~1000 = ~8000
+**Latency:** 3 serial round trips
+
+### Flow 3: "Why was this code changed?" — 3 round trips
+
+```
+trace src/file.rs             → file -> MR -> issue chain
+issues <iid> -p proj         → full issue detail
+timeline "issue:42"           → full history with cross-refs
+```
+
+**Total tokens (minimal):** ~800 + ~2000 + ~1500 = ~4300
+**Total tokens (full):** ~1500 + ~6000 + ~5000 = ~12500
+**Latency:** 3 serial round trips
+
+### Flow 4: "Is the system healthy?" — 2-4 round trips
+
+```
+health                        → quick pre-flight (pass/fail)
+doctor                        → detailed diagnostics (if health fails)
+status                        → sync state per project
+stats                         → document/index health
+```
+
+**Total tokens:** ~100 + ~300 + ~200 + ~400 = ~1000
+**Latency:** 2-4 serial round trips (often 1 if health passes)
+
+### Flow 5: "Who can review this?" — 2-3 round trips
+
+```
+who src/auth/                 → find file experts
+who @jdoe --reviews           → check reviewer's patterns
+```
+
+**Total tokens (minimal):** ~300 + ~300 = ~600
+**Latency:** 2 serial round trips
+
+### Flow 6: "Find and understand an issue" — 4 round trips
+
+```
+search "query"                → discover entities (get IIDs)
+issues <iid>                  → full detail with discussions
+timeline "issue:42"           → chronological context
+related issues 42             → connected entities
+```
+
+**Total tokens (minimal):** ~600 + ~2000 + ~1500 + ~400 = ~4500
+**Total tokens (full):** ~2000 + ~6000 + ~5000 + ~1000 = ~14000
+**Latency:** 4 serial round trips
+
+---
+
+## 2. Token Cost Profiles
+
+Measured typical response sizes in robot mode with default settings:
+
+| Command | Typical Tokens (full) | With `--fields minimal` | Dominant Cost Driver |
+|---|---|---|---|
+| `me` (all sections) | 2000-5000 | 500-1500 | Open items count |
+| `issues` (list, n=50) | 1500-3000 | 400-800 | Labels arrays |
+| `issues <iid>` (detail) | 1000-8000 | N/A (no minimal for detail) | Discussion depth |
+| `mrs <iid>` (detail) | 1000-8000 | N/A | Discussion depth, DiffNote positions |
+| `timeline` (limit=100) | 2000-6000 | 800-1500 | Event count + evidence |
+| `search` (n=20) | 1000-3000 | 300-600 | Snippet length |
+| `who expert` | 300-800 | 150-300 | Expert count |
+| `who workload` | 500-1500 | 200-500 | Open items count |
+| `trace` | 500-2000 | 300-800 | Chain depth |
+| `file-history` | 300-1500 | 200-500 | MR count |
+| `related` | 300-1000 | 200-400 | Result count |
+| `drift` | 200-800 | N/A | Similarity curve length |
+| `notes` (n=50) | 1500-5000 | 500-1000 | Body length |
+| `count` | ~100 | N/A | Fixed structure |
+| `stats` | ~500 | N/A | Fixed structure |
+| `health` | ~100 | N/A | Fixed structure |
+| `doctor` | ~300 | N/A | Fixed structure |
+| `status` | ~200 | N/A | Project count |
+
+### Key Observations
+
+1. **Detail commands are expensive.** `issues <iid>` and `mrs <iid>` can hit 8000 tokens due to discussions. This is the content agents actually need, but most of it is discussion body text.
+
+2. **`me` is the most-called command** and ranges 2000-5000 tokens. Agents often just need "do I have work?" which is ~100 tokens (summary counts only).
+
+3. **Lists with labels are wasteful.** Every issue/MR in a list carries its full label array. With 50 items x 5 labels each, that's 250 strings of overhead.
+
+4. **`--fields minimal` helps a lot** — 50-70% reduction on list commands. But it's not available on detail views.
+
+5. **Timeline scales linearly** with event count and evidence notes. The `--max-evidence` flag helps cap the expensive part.
+
+---
+
+## 3. Round-Trip Inefficiency Patterns
+
+### Pattern A: Discovery -> Detail (N+1)
+
+Agent searches, gets 5 results, then needs detail on each:
+
+```
+search "auth bug"              → 5 results
+issues 42 -p proj             → detail
+issues 55 -p proj             → detail
+issues 71 -p proj             → detail
+issues 88 -p proj             → detail
+issues 95 -p proj             → detail
+```
+
+**6 round trips** for what should be 2 (search + batch detail).
+
+### Pattern B: Detail -> Context Gathering
+
+Agent gets issue detail, then needs timeline + related + trace:
+
+```
+issues 42 -p proj             → detail
+timeline "issue:42" -p proj   → events
+related issues 42 -p proj     → similar
+trace src/file.rs -p proj     → code provenance
+```
+
+**4 round trips** for what should be 1 (detail with embedded context).
+
+### Pattern C: Health Check Cascade
+
+Agent checks health, discovers issue, drills down:
+
+```
+health                         → unhealthy (exit 19)
+doctor                         → token OK, Ollama missing
+stats --check                  → 5 orphan embeddings
+stats --repair                 → fixed
+```
+
+**4 round trips** but only 2 are actually needed (doctor covers health).
+
+### Pattern D: Dashboard -> Action
+
+Agent checks dashboard, picks item, needs full context:
+
+```
+me                             → 5 open issues, 2 MRs
+issues 42 -p proj             → picked issue detail
+who src/auth/ -p proj         → expert for help
+timeline "issue:42" -p proj   → history
+```
+
+**4 round trips.** With `--include`, could be 2 (me with inline detail + who).
+
+---
+
+## 4. Optimized Workflow Vision
+
+What the same workflows look like with proposed optimizations:
+
+### Flow 1 Optimized: "What should I work on?" — 2 round trips
+
+```
+me --depth titles              → 400 tokens: counts + item titles with attention_state
+issues 42 --include timeline,trace  → 1 call: detail + events + code provenance
+```
+
+### Flow 2 Optimized: "What happened with this feature?" — 1-2 round trips
+
+```
+search "feature" -n 5          → find entities
+issues 42 --include timeline,related → everything in one call
+```
+
+### Flow 3 Optimized: "Why was this code changed?" — 1 round trip
+
+```
+trace src/file.rs --include experts,timeline → full chain + experts + events
+```
+
+### Flow 4 Optimized: "Is the system healthy?" — 1 round trip
+
+```
+doctor                         → covers health + auth + connectivity
+# status + stats only if doctor reveals issues
+```
+
+### Flow 6 Optimized: "Find and understand" — 2 round trips
+
+```
+search "query" -n 5            → discover entities
+issues --batch 42,55,71 --include timeline → batch detail with events
+```

docs/command-surface-analysis/07-consolidation-proposals.md

@@ -0,0 +1,198 @@
+# Consolidation Proposals
+
+5 proposals to reduce 34 commands to 29 by merging high-overlap commands.
+
+---
+
+## A. Absorb `file-history` into `trace --shallow`
+
+**Overlap:** 75%. Both do rename chain BFS on `mr_file_changes`, both optionally include DiffNote discussions. `trace` follows `entity_references` to linked issues; `file-history` stops at MRs.
+
+**Current state:**
+```bash
+# These do nearly the same thing:
+lore file-history src/auth/ -p proj --discussions
+lore trace src/auth/ -p proj --discussions
+# trace just adds: issues linked via entity_references
+```
+
+**Proposed change:**
+- `trace <path>` — full chain: file -> MR -> issue -> discussions (existing behavior)
+- `trace <path> --shallow` — MR-only, no issue following (replaces `file-history`)
+- Move `--merged` flag from `file-history` to `trace`
+- Deprecate `file-history` as an alias that maps to `trace --shallow`
+
+**Migration path:**
+1. Add `--shallow` and `--merged` flags to `trace`
+2. Make `file-history` an alias with deprecation warning
+3. Update robot-docs to point to `trace`
+4. Remove alias after 2 releases
+
+**Breaking changes:** Robot output shape differs slightly (`trace_chains` vs `merge_requests` key name). The `--shallow` variant should match `file-history`'s output shape for compatibility.
+
+**Effort:** Low. Most code is already shared via `resolve_rename_chain()`.
+
+---
+
+## B. Absorb `auth` into `doctor`
+
+**Overlap:** 100% of `auth` is contained within `doctor`.
+
+**Current state:**
+```bash
+lore auth     # checks: token set, GitLab reachable, user identity
+lore doctor   # checks: all of above + DB + schema + Ollama
+```
+
+**Proposed change:**
+- `doctor` — full check (existing behavior)
+- `doctor --auth` — token + GitLab only (replaces `auth`)
+- Keep `health` separate (fast pre-flight, different exit code contract: 0/19)
+- Deprecate `auth` as alias for `doctor --auth`
+
+**Migration path:**
+1. Add `--auth` flag to `doctor`
+2. Make `auth` an alias with deprecation warning
+3. Remove alias after 2 releases
+
+**Breaking changes:** None for robot mode (same JSON shape). Exit code mapping needs verification.
+
+**Effort:** Low. Doctor already has the auth check logic.
+
+---
+
+## C. Remove `related` query-mode
+
+**Overlap:** 80% with `search --mode semantic`.
+
+**Current state:**
+```bash
+# These are functionally equivalent:
+lore related "authentication flow"
+lore search "authentication flow" --mode semantic
+
+# This is UNIQUE (no overlap):
+lore related issues 42
+```
+
+**Proposed change:**
+- Keep entity-seeded mode: `related issues 42` (seeds from existing entity embedding)
+- Remove free-text mode: `related "text"` -> error with suggestion: "Use `search --mode semantic`"
+- Alternatively: keep as sugar but document it as equivalent to search
+
+**Migration path:**
+1. Add deprecation warning when query-mode is used
+2. After 2 releases, remove query-mode parsing
+3. Entity-mode stays unchanged
+
+**Breaking changes:** Agents using `related "text"` must switch to `search --mode semantic`. This is a strict improvement since search has filters.
+
+**Effort:** Low. Just argument validation change.
+
+---
+
+## D. Merge `who overlap` into `who expert`
+
+**Overlap:** 50% functional, but overlap is a strict simplification of expert.
+
+**Current state:**
+```bash
+lore who src/auth/               # expert mode: scored rankings
+lore who --overlap src/auth/     # overlap mode: raw touch counts
+```
+
+**Proposed change:**
+- `who <path>` (expert) adds `touch_count` and `last_touch_at` fields to each expert row
+- `who --overlap <path>` becomes an alias for `who <path> --fields username,touch_count`
+- Eventually remove `--overlap` flag
+
+**New expert output:**
+```json
+{
+  "experts": [
+    {
+      "username": "jdoe", "score": 42.5,
+      "touch_count": 15, "last_touch_at": "2026-02-20",
+      "detail": { "mr_ids_author": [99, 101] }
+    }
+  ]
+}
+```
+
+**Migration path:**
+1. Add `touch_count` and `last_touch_at` to expert output
+2. Make `--overlap` an alias with deprecation warning
+3. Remove `--overlap` after 2 releases
+
+**Breaking changes:** Expert output gains new fields (non-breaking for JSON consumers). Overlap output shape changes if agents were parsing `{ "users": [...] }` vs `{ "experts": [...] }`.
+
+**Effort:** Low. Expert query already touches the same tables; just need to add a COUNT aggregation.
+
+---
+
+## E. Merge `count` and `status` into `stats`
+
+**Overlap:** `count` and `stats` both answer "how much data?"; `status` and `stats` both report system state.
+
+**Current state:**
+```bash
+lore count issues           # entity count + state breakdown
+lore count mrs              # entity count + state breakdown
+lore status                 # sync cursors per project
+lore stats                  # document/index counts + integrity
+```
+
+**Proposed change:**
+- `stats` — document/index health (existing behavior, default)
+- `stats --entities` — adds entity counts (replaces `count`)
+- `stats --sync` — adds sync cursor positions (replaces `status`)
+- `stats --all` — everything: entities + sync + documents + integrity
+- `stats --check` / `--repair` — unchanged
+
+**New `--all` output:**
+```json
+{
+  "data": {
+    "entities": {
+      "issues": { "total": 5000, "opened": 200, "closed": 4800 },
+      "merge_requests": { "total": 1234, "opened": 100, "closed": 50, "merged": 1084 },
+      "discussions": { "total": 8000 },
+      "notes": { "total": 282000, "system_excluded": 50000 }
+    },
+    "sync": {
+      "projects": [
+        { "project_path": "group/repo", "last_synced_at": "...", "document_count": 5000 }
+      ]
+    },
+    "documents": { "total": 61652, "issues": 5000, "mrs": 2000, "notes": 50000 },
+    "embeddings": { "total": 80000, "synced": 79500, "pending": 500 },
+    "fts": { "total_docs": 61652 },
+    "queues": { "pending": 0, "in_progress": 0, "failed": 0 },
+    "integrity": { "ok": true }
+  }
+}
+```
+
+**Migration path:**
+1. Add `--entities`, `--sync`, `--all` flags to `stats`
+2. Make `count` an alias for `stats --entities` with deprecation warning
+3. Make `status` an alias for `stats --sync` with deprecation warning
+4. Remove aliases after 2 releases
+
+**Breaking changes:** `count` output currently has `{ "entity": "issues", "count": N, "breakdown": {...} }`. Under `stats --entities`, this becomes nested under `data.entities`. Alias can preserve old shape during deprecation period.
+
+**Effort:** Medium. Need to compose three query paths into one response builder.
+
+---
+
+## Summary
+
+| Consolidation | Removes | Effort | Breaking? |
+|---|---|---|---|
+| `file-history` -> `trace --shallow` | -1 command | Low | Alias redirect, output shape compat |
+| `auth` -> `doctor --auth` | -1 command | Low | Alias redirect |
+| `related` query-mode removal | -1 mode | Low | Must switch to `search --mode semantic` |
+| `who overlap` -> `who expert` | -1 sub-mode | Low | Output gains fields |
+| `count` + `status` -> `stats` | -2 commands | Medium | Output nesting changes |
+
+**Total: 34 commands -> 29 commands.** All changes use deprecation-with-alias pattern for gradual migration.

docs/command-surface-analysis/08-robot-optimization-proposals.md

@@ -0,0 +1,347 @@
+# Robot-Mode Optimization Proposals
+
+6 proposals to reduce round trips and token waste for agent consumers.
+
+---
+
+## A. `--include` flag for embedded sub-queries (P0)
+
+**Problem:** The #1 agent inefficiency. Every "understand this entity" workflow requires 3-4 serial round trips: detail + timeline + related + trace.
+
+**Proposal:** Add `--include` flag to detail commands that embeds sub-query results in the response.
+
+```bash
+# Before: 4 round trips, ~12000 tokens
+lore -J issues 42 -p proj
+lore -J timeline "issue:42" -p proj --limit 20
+lore -J related issues 42 -p proj -n 5
+lore -J trace src/auth/ -p proj
+
+# After: 1 round trip, ~5000 tokens (sub-queries use reduced limits)
+lore -J issues 42 -p proj --include timeline,related
+```
+
+### Include Matrix
+
+| Base Command | Valid Includes | Default Limits |
+|---|---|---|
+| `issues <iid>` | `timeline`, `related`, `trace` | 20 events, 5 related, 5 chains |
+| `mrs <iid>` | `timeline`, `related`, `file-changes` | 20 events, 5 related |
+| `trace <path>` | `experts`, `timeline` | 5 experts, 20 events |
+| `me` | `detail` (inline top-N item details) | 3 items detailed |
+| `search` | `detail` (inline top-N result details) | 3 results detailed |
+
+### Response Shape
+
+Included data uses `_` prefix to distinguish from base fields:
+
+```json
+{
+  "ok": true,
+  "data": {
+    "iid": 42, "title": "Fix auth", "state": "opened",
+    "discussions": [...],
+    "_timeline": {
+      "event_count": 15,
+      "events": [...]
+    },
+    "_related": {
+      "similar_entities": [...]
+    }
+  },
+  "meta": {
+    "elapsed_ms": 200,
+    "_timeline_ms": 45,
+    "_related_ms": 120
+  }
+}
+```
+
+### Error Handling
+
+Sub-query errors are non-fatal. If Ollama is down, `_related` returns an error instead of failing the whole request:
+
+```json
+{
+  "_related_error": "Ollama unavailable — related results skipped"
+}
+```
+
+### Limit Control
+
+```bash
+# Custom limits for included data
+lore -J issues 42 --include timeline:50,related:10
+```
+
+### Round-Trip Savings
+
+| Workflow | Before | After | Savings |
+|---|---|---|---|
+| Understand an issue | 4 calls | 1 call | **75%** |
+| Why was code changed | 3 calls | 1 call | **67%** |
+| Find and understand | 4 calls | 2 calls | **50%** |
+
+**Effort:** High. Each include needs its own sub-query executor, error isolation, and limit enforcement. But the payoff is massive — this single feature halves agent round trips.
+
+---
+
+## B. `--depth` control on `me` (P0)
+
+**Problem:** `me` returns 2000-5000 tokens. Agents checking "do I have work?" only need ~100 tokens.
+
+**Proposal:** Add `--depth` flag with three levels.
+
+```bash
+# Counts only (~100 tokens) — "do I have work?"
+lore -J me --depth counts
+
+# Titles (~400 tokens) — "what work do I have?"
+lore -J me --depth titles
+
+# Full (current behavior, 2000+ tokens) — "give me everything"
+lore -J me --depth full
+lore -J me  # same as --depth full
+```
+
+### Depth Levels
+
+| Level | Includes | Typical Tokens |
+|---|---|---|
+| `counts` | `summary` block only (counts, no items) | ~100 |
+| `titles` | summary + item lists with minimal fields (iid, title, attention_state) | ~400 |
+| `full` | Everything: items, activity, inbox, discussions | ~2000-5000 |
+
+### Response at `--depth counts`
+
+```json
+{
+  "ok": true,
+  "data": {
+    "username": "jdoe",
+    "summary": {
+      "project_count": 3,
+      "open_issue_count": 5,
+      "authored_mr_count": 2,
+      "reviewing_mr_count": 1,
+      "needs_attention_count": 3
+    }
+  }
+}
+```
+
+### Response at `--depth titles`
+
+```json
+{
+  "ok": true,
+  "data": {
+    "username": "jdoe",
+    "summary": { ... },
+    "open_issues": [
+      { "iid": 42, "title": "Fix auth", "attention_state": "needs_attention" }
+    ],
+    "open_mrs_authored": [
+      { "iid": 99, "title": "Refactor auth", "attention_state": "needs_attention" }
+    ],
+    "reviewing_mrs": []
+  }
+}
+```
+
+**Effort:** Low. The data is already available; just need to gate serialization by depth level.
+
+---
+
+## C. `--batch` flag for multi-entity detail (P1)
+
+**Problem:** After search/timeline, agents discover N entity IIDs and need detail on each. Currently N round trips.
+
+**Proposal:** Add `--batch` flag to `issues` and `mrs` detail mode.
+
+```bash
+# Before: 3 round trips
+lore -J issues 42 -p proj
+lore -J issues 55 -p proj
+lore -J issues 71 -p proj
+
+# After: 1 round trip
+lore -J issues --batch 42,55,71 -p proj
+```
+
+### Response
+
+```json
+{
+  "ok": true,
+  "data": {
+    "results": [
+      { "iid": 42, "title": "Fix auth", "state": "opened", ... },
+      { "iid": 55, "title": "Add SSO", "state": "opened", ... },
+      { "iid": 71, "title": "Token refresh", "state": "closed", ... }
+    ],
+    "errors": [
+      { "iid": 99, "error": "Not found" }
+    ]
+  }
+}
+```
+
+### Constraints
+
+- Max 20 IIDs per batch
+- Individual errors don't fail the batch (partial results returned)
+- Works with `--include` for maximum efficiency: `--batch 42,55 --include timeline`
+- Works with `--fields minimal` for token control
+
+**Effort:** Medium. Need to loop the existing detail handler and compose results.
+
+---
+
+## D. Composite `context` command (P2)
+
+**Problem:** Agents need full context on an entity but must learn `--include` syntax. A purpose-built command is more discoverable.
+
+**Proposal:** Add `context` command that returns detail + timeline + related in one call.
+
+```bash
+lore -J context issues 42 -p proj
+lore -J context mrs 99 -p proj
+```
+
+### Equivalent To
+
+```bash
+lore -J issues 42 -p proj --include timeline,related
+```
+
+But with optimized defaults:
+- Timeline: 20 most recent events, max 3 evidence notes
+- Related: top 5 entities
+- Discussions: truncated after 5 threads
+- Non-fatal: Ollama-dependent parts gracefully degrade
+
+### Response Shape
+
+Same as `issues <iid> --include timeline,related` but with the reduced defaults applied.
+
+### Relationship to `--include`
+
+`context` is sugar for the most common `--include` pattern. Both mechanisms can coexist:
+- `context` for the 80% case (agents wanting full entity understanding)
+- `--include` for custom combinations
+
+**Effort:** Medium. Thin wrapper around detail + include pipeline.
+
+---
+
+## E. `--max-tokens` response budget (P3)
+
+**Problem:** Response sizes vary wildly (100 to 8000 tokens). Agents can't predict cost in advance.
+
+**Proposal:** Let agents cap response size. Server truncates to fit.
+
+```bash
+lore -J me --max-tokens 500
+lore -J timeline "feature" --max-tokens 1000
+lore -J context issues 42 --max-tokens 2000
+```
+
+### Truncation Strategy (priority order)
+
+1. Apply `--fields minimal` if not already set
+2. Reduce array lengths (newest/highest-score items survive)
+3. Truncate string fields (descriptions, snippets) to 200 chars
+4. Omit null/empty fields
+5. Drop included sub-queries (if using `--include`)
+
+### Meta Notice
+
+```json
+{
+  "meta": {
+    "elapsed_ms": 50,
+    "truncated": true,
+    "original_tokens": 3500,
+    "budget_tokens": 1000,
+    "dropped": ["_related", "discussions[5:]", "activity[10:]"]
+  }
+}
+```
+
+### Implementation Notes
+
+Token estimation: rough heuristic based on JSON character count / 4. Doesn't need to be exact — the goal is "roughly this size" not "exactly N tokens."
+
+**Effort:** High. Requires token estimation, progressive truncation logic, and tracking what was dropped.
+
+---
+
+## F. `--format tsv` for list commands (P3)
+
+**Problem:** JSON is verbose for tabular data. List commands return arrays of objects with repeated key names.
+
+**Proposal:** Add `--format tsv` for list commands.
+
+```bash
+lore -J issues --format tsv --fields iid,title,state -n 10
+```
+
+### Output
+
+```
+iid	title	state
+42	Fix auth	opened
+55	Add SSO	opened
+71	Token refresh	closed
+```
+
+### Token Savings
+
+| Command | JSON tokens | TSV tokens | Savings |
+|---|---|---|---|
+| `issues -n 50 --fields minimal` | ~800 | ~250 | **69%** |
+| `mrs -n 50 --fields minimal` | ~800 | ~250 | **69%** |
+| `who expert -n 10` | ~300 | ~100 | **67%** |
+| `notes -n 50 --fields minimal` | ~1000 | ~350 | **65%** |
+
+### Applicable Commands
+
+TSV works well for flat, tabular data:
+- `issues` (list), `mrs` (list), `notes` (list)
+- `who expert`, `who overlap`, `who reviews`
+- `count`
+
+TSV does NOT work for nested/complex data:
+- Detail views (discussions are nested)
+- Timeline (events have nested evidence)
+- Search (nested explain, labels arrays)
+- `me` (multiple sections)
+
+### Agent Parsing
+
+Most LLMs parse TSV naturally. Agents that need structured data can still use JSON.
+
+**Effort:** Medium. Tab-separated serialization for flat structs is straightforward. Need to handle escaping for body text containing tabs/newlines.
+
+---
+
+## Impact Summary
+
+| Optimization | Priority | Effort | Round-Trip Savings | Token Savings |
+|---|---|---|---|---|
+| `--include` | P0 | High | **50-75%** | Moderate |
+| `--depth` on `me` | P0 | Low | None | **60-80%** |
+| `--batch` | P1 | Medium | **N-1 per batch** | Moderate |
+| `context` command | P2 | Medium | **67-75%** | Moderate |
+| `--max-tokens` | P3 | High | None | **Variable** |
+| `--format tsv` | P3 | Medium | None | **65-69% on lists** |
+
+### Implementation Order
+
+1. **`--depth` on `me`** — lowest effort, high value, no risk
+2. **`--include` on `issues`/`mrs` detail** — highest impact, start with `timeline` include only
+3. **`--batch`** — eliminates N+1 pattern
+4. **`context` command** — sugar on top of `--include`
+5. **`--format tsv`** — nice-to-have, easy to add incrementally
+6. **`--max-tokens`** — complex, defer until demand is clear

docs/command-surface-analysis/09-appendices.md

@@ -0,0 +1,181 @@
+# Appendices
+
+---
+
+## A. Robot Output Envelope
+
+All robot-mode responses follow this structure:
+
+```json
+{
+  "ok": true,
+  "data": { /* command-specific */ },
+  "meta": { "elapsed_ms": 42 }
+}
+```
+
+Errors (to stderr):
+
+```json
+{
+  "error": {
+    "code": "CONFIG_NOT_FOUND",
+    "message": "Configuration file not found",
+    "suggestion": "Run 'lore init'",
+    "actions": ["lore init"]
+  }
+}
+```
+
+The `actions` array contains copy-paste shell commands for automated recovery. Omitted when empty.
+
+---
+
+## B. Exit Codes
+
+| Code | Meaning | Retryable |
+|---|---|---|
+| 0 | Success | N/A |
+| 1 | Internal error / not implemented | Maybe |
+| 2 | Usage error (invalid flags or arguments) | No (fix syntax) |
+| 3 | Config invalid | No (fix config) |
+| 4 | Token not set | No (set token) |
+| 5 | GitLab auth failed | Maybe (token expired?) |
+| 6 | Resource not found (HTTP 404) | No |
+| 7 | Rate limited | Yes (wait) |
+| 8 | Network error | Yes (retry) |
+| 9 | Database locked | Yes (wait) |
+| 10 | Database error | Maybe |
+| 11 | Migration failed | No (investigate) |
+| 12 | I/O error | Maybe |
+| 13 | Transform error | No (bug) |
+| 14 | Ollama unavailable | Yes (start Ollama) |
+| 15 | Ollama model not found | No (pull model) |
+| 16 | Embedding failed | Yes (retry) |
+| 17 | Not found (entity does not exist) | No |
+| 18 | Ambiguous match (use `-p` to specify project) | No (be specific) |
+| 19 | Health check failed | Yes (fix issues first) |
+| 20 | Config not found | No (run init) |
+
+---
+
+## C. Field Selection Presets
+
+The `--fields` flag supports both presets and custom field lists:
+
+```bash
+lore -J issues --fields minimal              # Preset
+lore -J mrs --fields iid,title,state,draft   # Custom comma-separated
+```
+
+| Command | Minimal Preset Fields |
+|---|---|
+| `issues` (list) | `iid`, `title`, `state`, `updated_at_iso` |
+| `mrs` (list) | `iid`, `title`, `state`, `updated_at_iso` |
+| `notes` (list) | `id`, `author_username`, `body`, `created_at_iso` |
+| `search` | `document_id`, `title`, `source_type`, `score` |
+| `timeline` | `timestamp`, `type`, `entity_iid`, `detail` |
+| `who expert` | `username`, `score` |
+| `who workload` | `iid`, `title`, `state` |
+| `who reviews` | `name`, `count`, `percentage` |
+| `who active` | `entity_type`, `iid`, `title`, `participants` |
+| `who overlap` | `username`, `touch_count` |
+| `me` (items) | `iid`, `title`, `attention_state`, `updated_at_iso` |
+| `me` (activity) | `timestamp_iso`, `event_type`, `entity_iid`, `actor` |
+
+---
+
+## D. Configuration Precedence
+
+1. CLI flags (highest priority)
+2. Environment variables (`LORE_ROBOT`, `GITLAB_TOKEN`, `LORE_CONFIG_PATH`)
+3. Config file (`~/.config/lore/config.json`)
+4. Built-in defaults (lowest priority)
+
+---
+
+## E. Time Parsing
+
+All commands accepting `--since`, `--until`, `--as-of` support:
+
+| Format | Example | Meaning |
+|---|---|---|
+| Relative days | `7d` | 7 days ago |
+| Relative weeks | `2w` | 2 weeks ago |
+| Relative months | `1m`, `6m` | 1/6 months ago |
+| Absolute date | `2026-01-15` | Specific date |
+
+Internally converted to Unix milliseconds for DB queries.
+
+---
+
+## F. Database Schema (28 migrations)
+
+### Primary Entity Tables
+
+| Table | Key Columns | Notes |
+|---|---|---|
+| `projects` | `gitlab_project_id`, `path_with_namespace`, `web_url` | No `name` or `last_seen_at` |
+| `issues` | `iid`, `title`, `state`, `author_username`, 5 status columns | Status columns nullable (migration 021) |
+| `merge_requests` | `iid`, `title`, `state`, `draft`, `source_branch`, `target_branch` | `last_seen_at INTEGER NOT NULL` |
+| `discussions` | `gitlab_discussion_id` (text), `issue_id`/`merge_request_id` | One FK must be set |
+| `notes` | `gitlab_id`, `author_username`, `body`, DiffNote position columns | `type` column for DiffNote/DiscussionNote |
+
+### Relationship Tables
+
+| Table | Purpose |
+|---|---|
+| `issue_labels`, `mr_labels` | Label junction (DELETE+INSERT for stale removal) |
+| `issue_assignees`, `mr_assignees` | Assignee junction |
+| `mr_reviewers` | Reviewer junction |
+| `entity_references` | Cross-refs: closes, mentioned, related (with `source_method`) |
+| `mr_file_changes` | File diffs: old_path, new_path, change_type |
+
+### Event Tables
+
+| Table | Constraint |
+|---|---|
+| `resource_state_events` | CHECK: exactly one of issue_id/merge_request_id NOT NULL |
+| `resource_label_events` | Same CHECK constraint; `label_name` nullable (migration 012) |
+| `resource_milestone_events` | Same CHECK constraint; `milestone_title` nullable |
+
+### Document/Search Pipeline
+
+| Table | Purpose |
+|---|---|
+| `documents` | Unified searchable content (source_type: issue/merge_request/discussion) |
+| `documents_fts` | FTS5 virtual table for text search |
+| `documents_fts_docsize` | FTS5 shadow B-tree (19x faster for COUNT) |
+| `document_labels` | Fast label filtering (indexed exact-match) |
+| `document_paths` | File path association for DiffNote filtering |
+| `embeddings` | vec0 virtual table; rowid = document_id * 1000 + chunk_index |
+| `embedding_metadata` | Chunk provenance + staleness tracking (document_hash) |
+| `dirty_sources` | Documents needing regeneration (with backoff via next_attempt_at) |
+
+### Infrastructure
+
+| Table | Purpose |
+|---|---|
+| `sync_runs` | Sync history with metrics |
+| `sync_cursors` | Per-resource sync position (updated_at cursor + tie_breaker_id) |
+| `app_locks` | Crash-safe single-flight lock |
+| `raw_payloads` | Raw JSON storage for debugging |
+| `pending_discussion_fetches` | Dependent discussion fetch queue |
+| `pending_dependent_fetches` | Job queue for resource_events, mr_closes, mr_diffs |
+| `schema_version` | Migration tracking |
+
+---
+
+## G. Glossary
+
+| Term | Definition |
+|---|---|
+| **IID** | Issue/MR number within a project (not globally unique) |
+| **FTS5** | SQLite full-text search extension (BM25 ranking) |
+| **vec0** | SQLite extension for vector similarity search |
+| **RRF** | Reciprocal Rank Fusion — combines FTS and vector rankings |
+| **DiffNote** | Comment attached to a specific line in a merge request diff |
+| **Entity reference** | Cross-reference between issues/MRs (closes, mentioned, related) |
+| **Rename chain** | BFS traversal of mr_file_changes to follow file renames |
+| **Attention state** | Computed field on `me` items: needs_attention, not_started, stale, etc. |
+| **Surgical sync** | Fetching specific entities by IID instead of full incremental sync |

docs/diagrams/01-human-flow-map.excalidraw

@@ -0,0 +1,245 @@
+{
+  "type": "excalidraw",
+  "version": 2,
+  "source": "https://excalidraw.com",
+  "elements": [
+    { "type": "text", "id": "title", "x": 300, "y": 15, "text": "Human User Flow Map", "fontSize": 28 },
+    { "type": "text", "id": "subtitle", "x": 220, "y": 53, "text": "15 human workflows mapped to lore commands. Arrows show data dependency.", "fontSize": 14, "strokeColor": "#868e96" },
+
+    { "type": "text", "id": "col-trigger", "x": 60, "y": 80, "text": "TRIGGER (Problem)", "fontSize": 16, "strokeColor": "#495057" },
+    { "type": "text", "id": "col-flow", "x": 400, "y": 80, "text": "COMMAND FLOW", "fontSize": 16, "strokeColor": "#495057" },
+    { "type": "text", "id": "col-gap", "x": 880, "y": 80, "text": "GAP", "fontSize": 16, "strokeColor": "#ef4444" },
+
+    { "type": "rectangle", "id": "zone-daily", "x": 20, "y": 110, "width": 960, "height": 190,
+      "backgroundColor": "#dbe4ff", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#4a9eed", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-daily-label", "x": 30, "y": 115, "text": "Daily Operations", "fontSize": 14, "strokeColor": "#1971c2" },
+
+    { "type": "rectangle", "id": "h1-trigger", "x": 30, "y": 140, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H1: Standup prep\n\"What moved overnight?\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h1-a1", "x": 230, "y": 165, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h1-cmd1", "x": 280, "y": 145, "width": 90, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "sync -q", "fontSize": 14 } },
+    { "type": "arrow", "id": "h1-a2", "x": 370, "y": 165, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h1-cmd2", "x": 400, "y": 145, "width": 140, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues --since 1d", "fontSize": 14 } },
+    { "type": "arrow", "id": "h1-a3", "x": 540, "y": 165, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h1-cmd3", "x": 570, "y": 145, "width": 130, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "mrs --since 1d", "fontSize": 14 } },
+    { "type": "arrow", "id": "h1-a4", "x": 700, "y": 165, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h1-cmd4", "x": 730, "y": 145, "width": 100, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "who @me", "fontSize": 14 } },
+    { "type": "arrow", "id": "h1-a5", "x": 830, "y": 165, "width": 40, "height": 0,
+      "points": [[0,0],[40,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h1-gap", "x": 870, "y": 140, "width": 100, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No @me\nNo feed", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "h3-trigger", "x": 30, "y": 210, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H3: Incident\n\"Deploy broke prod\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h3-a1", "x": 230, "y": 235, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h3-cmd1", "x": 280, "y": 215, "width": 130, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "timeline deploy", "fontSize": 14 } },
+    { "type": "arrow", "id": "h3-a2", "x": 410, "y": 235, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h3-cmd2", "x": 440, "y": 215, "width": 160, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "search deploy --mr", "fontSize": 14 } },
+    { "type": "arrow", "id": "h3-a3", "x": 600, "y": 235, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h3-cmd3", "x": 630, "y": 215, "width": 110, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "mrs <iid>", "fontSize": 14 } },
+    { "type": "arrow", "id": "h3-a4", "x": 740, "y": 235, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h3-cmd4", "x": 770, "y": 215, "width": 100, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "who --overlap", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "zone-planning", "x": 20, "y": 310, "width": 960, "height": 190,
+      "backgroundColor": "#d3f9d8", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#22c55e", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-planning-label", "x": 30, "y": 315, "text": "Planning & Assignment", "fontSize": 14, "strokeColor": "#15803d" },
+
+    { "type": "rectangle", "id": "h2-trigger", "x": 30, "y": 340, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H2: Sprint plan\n\"What's ready to pick?\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h2-a1", "x": 230, "y": 365, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h2-cmd1", "x": 280, "y": 345, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues -s opened -l ready", "fontSize": 13 } },
+    { "type": "arrow", "id": "h2-a2", "x": 450, "y": 365, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h2-cmd2", "x": 480, "y": 345, "width": 150, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues --has-due", "fontSize": 14 } },
+    { "type": "arrow", "id": "h2-a3", "x": 630, "y": 365, "width": 230, "height": 0,
+      "points": [[0,0],[230,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h2-gap", "x": 860, "y": 340, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No\n--no-assignee", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "h8-trigger", "x": 30, "y": 410, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H8: Assign work\n\"Who has bandwidth?\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h8-a1", "x": 230, "y": 435, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h8-cmd1", "x": 280, "y": 415, "width": 120, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "who @alice", "fontSize": 14 } },
+    { "type": "arrow", "id": "h8-a2", "x": 400, "y": 435, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h8-cmd2", "x": 430, "y": 415, "width": 110, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "who @bob", "fontSize": 14 } },
+    { "type": "arrow", "id": "h8-a3", "x": 540, "y": 435, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h8-cmd3", "x": 570, "y": 415, "width": 120, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "who @carol...", "fontSize": 14 } },
+    { "type": "arrow", "id": "h8-a4", "x": 690, "y": 435, "width": 170, "height": 0,
+      "points": [[0,0],[170,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h8-gap", "x": 860, "y": 410, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No team\nworkload view", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "zone-investigation", "x": 20, "y": 510, "width": 960, "height": 260,
+      "backgroundColor": "#fff3bf", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#f59e0b", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-invest-label", "x": 30, "y": 515, "text": "Investigation & Understanding", "fontSize": 14, "strokeColor": "#b45309" },
+
+    { "type": "rectangle", "id": "h7-trigger", "x": 30, "y": 540, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H7: Why this way?\n\"Understand a decision\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h7-a1", "x": 230, "y": 565, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h7-cmd1", "x": 280, "y": 545, "width": 160, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "search \"rationale\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h7-a2", "x": 440, "y": 565, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h7-cmd2", "x": 470, "y": 545, "width": 140, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "timeline --depth 2", "fontSize": 14 } },
+    { "type": "arrow", "id": "h7-a3", "x": 610, "y": 565, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h7-cmd3", "x": 640, "y": 545, "width": 100, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues 234", "fontSize": 14 } },
+    { "type": "arrow", "id": "h7-a4", "x": 740, "y": 565, "width": 120, "height": 0,
+      "points": [[0,0],[120,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h7-gap", "x": 860, "y": 540, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No per-note\nsearch", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "h11-trigger", "x": 30, "y": 610, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H11: Bug lifecycle\n\"Why does #321 reopen?\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h11-a1", "x": 230, "y": 635, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h11-cmd1", "x": 280, "y": 615, "width": 120, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues 321", "fontSize": 14 } },
+    { "type": "arrow", "id": "h11-a2", "x": 400, "y": 635, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h11-cmd2", "x": 430, "y": 615, "width": 130, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "timeline ???", "fontSize": 14 } },
+    { "type": "arrow", "id": "h11-a3", "x": 560, "y": 635, "width": 300, "height": 0,
+      "points": [[0,0],[300,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h11-gap", "x": 860, "y": 610, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No entity\ntimeline", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "h14-trigger", "x": 30, "y": 680, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H14: Prior art?\n\"Was this tried before?\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h14-a1", "x": 230, "y": 705, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h14-cmd1", "x": 280, "y": 685, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "search \"memory leak\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h14-a2", "x": 450, "y": 705, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h14-cmd2", "x": 480, "y": 685, "width": 120, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "mrs --closed?", "fontSize": 14 } },
+    { "type": "arrow", "id": "h14-a3", "x": 600, "y": 705, "width": 260, "height": 0,
+      "points": [[0,0],[260,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h14-gap", "x": 860, "y": 680, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No --state\non search", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "zone-people", "x": 20, "y": 780, "width": 960, "height": 190,
+      "backgroundColor": "#e5dbff", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#8b5cf6", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-people-label", "x": 30, "y": 785, "text": "People & Expertise", "fontSize": 14, "strokeColor": "#7048e8" },
+
+    { "type": "rectangle", "id": "h4-trigger", "x": 30, "y": 810, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H4: Review prep\n\"Context for MR !789\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h4-a1", "x": 230, "y": 835, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h4-cmd1", "x": 280, "y": 815, "width": 100, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "mrs 789", "fontSize": 14 } },
+    { "type": "arrow", "id": "h4-a2", "x": 380, "y": 835, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h4-cmd2", "x": 410, "y": 815, "width": 120, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "who src/auth/", "fontSize": 14 } },
+    { "type": "arrow", "id": "h4-a3", "x": 530, "y": 835, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h4-cmd3", "x": 560, "y": 815, "width": 130, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "search \"auth\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h4-a4", "x": 690, "y": 835, "width": 170, "height": 0,
+      "points": [[0,0],[170,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h4-gap", "x": 860, "y": 810, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No MR file\nlist output", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "h6-trigger", "x": 30, "y": 880, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "H6: Find reviewer\n\"Who should review?\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "h6-a1", "x": 230, "y": 905, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h6-cmd1", "x": 280, "y": 885, "width": 130, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "who src/auth/", "fontSize": 14 } },
+    { "type": "arrow", "id": "h6-a2", "x": 410, "y": 905, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h6-cmd2", "x": 440, "y": 885, "width": 140, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "who src/pay/", "fontSize": 14 } },
+    { "type": "arrow", "id": "h6-a3", "x": 580, "y": 905, "width": 30, "height": 0,
+      "points": [[0,0],[30,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h6-cmd3", "x": 610, "y": 885, "width": 140, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "who @candidate", "fontSize": 14 } },
+    { "type": "arrow", "id": "h6-a4", "x": 750, "y": 905, "width": 110, "height": 0,
+      "points": [[0,0],[110,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "h6-gap", "x": 860, "y": 880, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No multi-\npath query", "fontSize": 14 } },
+
+    { "type": "text", "id": "callout-1", "x": 30, "y": 990, "text": "Pattern: Most human flows require 3-5 serial commands. Average gap rate: 73% of flows have at least one.", "fontSize": 14, "strokeColor": "#495057" },
+    { "type": "text", "id": "callout-2", "x": 30, "y": 1015, "text": "Top optimization: Composite commands (activity feed, team workload) would reduce multi-command flows by ~40%.", "fontSize": 14, "strokeColor": "#15803d" },
+    { "type": "text", "id": "callout-3", "x": 30, "y": 1040, "text": "Top missing data: MR file changes and entity references are stored but invisible to CLI users.", "fontSize": 14, "strokeColor": "#ef4444" }
+  ],
+  "appState": { "viewBackgroundColor": "#ffffff", "gridSize": null },
+  "files": {}
+}

docs/diagrams/02-agent-flow-map.excalidraw

@@ -0,0 +1,204 @@
+{
+  "type": "excalidraw",
+  "version": 2,
+  "source": "https://excalidraw.com",
+  "elements": [
+    { "type": "text", "id": "title", "x": 320, "y": 15, "text": "AI Agent Flow Map", "fontSize": 28 },
+    { "type": "text", "id": "subtitle", "x": 180, "y": 53, "text": "15 agent automation workflows. Agents need structured JSON (-J), exit codes, and field selection.", "fontSize": 14, "strokeColor": "#868e96" },
+
+    { "type": "text", "id": "col-trigger", "x": 60, "y": 80, "text": "TRIGGER (Agent Goal)", "fontSize": 16, "strokeColor": "#495057" },
+    { "type": "text", "id": "col-flow", "x": 400, "y": 80, "text": "COMMAND PIPELINE", "fontSize": 16, "strokeColor": "#495057" },
+    { "type": "text", "id": "col-gap", "x": 880, "y": 80, "text": "BLOCKED BY", "fontSize": 16, "strokeColor": "#ef4444" },
+
+    { "type": "rectangle", "id": "zone-context", "x": 20, "y": 110, "width": 960, "height": 200,
+      "backgroundColor": "#e5dbff", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#8b5cf6", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-context-label", "x": 30, "y": 115, "text": "Context Gathering (pre-action)", "fontSize": 14, "strokeColor": "#7048e8" },
+
+    { "type": "rectangle", "id": "a1-trigger", "x": 30, "y": 140, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A1: Pre-edit context\nAbout to modify files", "fontSize": 14 } },
+    { "type": "arrow", "id": "a1-a1", "x": 230, "y": 165, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a1-cmd1", "x": 280, "y": 145, "width": 80, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J health", "fontSize": 14 } },
+    { "type": "arrow", "id": "a1-a2", "x": 360, "y": 165, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a1-cmd2", "x": 380, "y": 145, "width": 140, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J who src/auth/", "fontSize": 14 } },
+    { "type": "arrow", "id": "a1-a3", "x": 520, "y": 165, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a1-cmd3", "x": 540, "y": 145, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J search \"auth\" -n 10", "fontSize": 14 } },
+    { "type": "arrow", "id": "a1-a4", "x": 710, "y": 165, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a1-cmd4", "x": 730, "y": 145, "width": 130, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J who --overlap", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "a6-trigger", "x": 30, "y": 210, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A6: Auto-assign reviewers\nBased on file expertise", "fontSize": 14 } },
+    { "type": "arrow", "id": "a6-a1", "x": 230, "y": 235, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a6-cmd1", "x": 280, "y": 215, "width": 100, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "-J mrs 456", "fontSize": 14 } },
+    { "type": "text", "id": "a6-block", "x": 390, "y": 218, "text": "file list not\nin response!", "fontSize": 12, "strokeColor": "#ef4444" },
+    { "type": "arrow", "id": "a6-a2", "x": 380, "y": 245, "width": 480, "height": -10,
+      "points": [[0,0],[480,-10]], "endArrowhead": "arrow", "strokeColor": "#ef4444", "strokeStyle": "dashed" },
+    { "type": "rectangle", "id": "a6-gap", "x": 860, "y": 210, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "MR files\nnot exposed", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "zone-report", "x": 20, "y": 320, "width": 960, "height": 200,
+      "backgroundColor": "#d3f9d8", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#22c55e", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-report-label", "x": 30, "y": 325, "text": "Reporting & Synthesis", "fontSize": 14, "strokeColor": "#15803d" },
+
+    { "type": "rectangle", "id": "a3-trigger", "x": 30, "y": 350, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A3: Sprint status report\n7 queries for 1 report", "fontSize": 14 } },
+    { "type": "arrow", "id": "a3-a1", "x": 230, "y": 375, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a3-cmd1", "x": 280, "y": 352, "width": 100, "height": 36,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues -s closed", "fontSize": 12 } },
+    { "type": "rectangle", "id": "a3-cmd2", "x": 390, "y": 352, "width": 100, "height": 36,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues --status", "fontSize": 12 } },
+    { "type": "rectangle", "id": "a3-cmd3", "x": 500, "y": 352, "width": 100, "height": 36,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "mrs -s merged", "fontSize": 12 } },
+    { "type": "rectangle", "id": "a3-cmd4", "x": 610, "y": 352, "width": 80, "height": 36,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "mrs -s open", "fontSize": 12 } },
+    { "type": "rectangle", "id": "a3-cmd5", "x": 700, "y": 352, "width": 80, "height": 36,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "count x2", "fontSize": 12 } },
+    { "type": "rectangle", "id": "a3-cmd6", "x": 790, "y": 352, "width": 60, "height": 36,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "who", "fontSize": 12 } },
+    { "type": "arrow", "id": "a3-agap", "x": 850, "y": 370, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a3-gap", "x": 860, "y": 350, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No summary\ncommand", "fontSize": 14 } },
+    { "type": "text", "id": "a3-note", "x": 280, "y": 395, "text": "7 sequential API calls for one report. A `lore summary` could reduce to 1.", "fontSize": 12, "strokeColor": "#868e96" },
+
+    { "type": "rectangle", "id": "a7-trigger", "x": 30, "y": 430, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A7: Incident timeline\nPostmortem reconstruction", "fontSize": 14 } },
+    { "type": "arrow", "id": "a7-a1", "x": 230, "y": 455, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a7-cmd1", "x": 280, "y": 435, "width": 190, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J timeline --depth 2", "fontSize": 14 } },
+    { "type": "arrow", "id": "a7-a2", "x": 470, "y": 455, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a7-cmd2", "x": 490, "y": 435, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J search --since 3d", "fontSize": 14 } },
+    { "type": "arrow", "id": "a7-a3", "x": 660, "y": 455, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a7-cmd3", "x": 680, "y": 435, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J mrs -s merged", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "zone-discover", "x": 20, "y": 530, "width": 960, "height": 200,
+      "backgroundColor": "#fff3bf", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#f59e0b", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-discover-label", "x": 30, "y": 535, "text": "Discovery & Correlation", "fontSize": 14, "strokeColor": "#b45309" },
+
+    { "type": "rectangle", "id": "a5-trigger", "x": 30, "y": 560, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A5: PR description\nFind related issues to link", "fontSize": 14 } },
+    { "type": "arrow", "id": "a5-a1", "x": 230, "y": 585, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a5-cmd1", "x": 280, "y": 565, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J search keywords", "fontSize": 14 } },
+    { "type": "arrow", "id": "a5-a2", "x": 450, "y": 585, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a5-cmd2", "x": 470, "y": 565, "width": 180, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J issues --fields iid,url", "fontSize": 14 } },
+    { "type": "arrow", "id": "a5-a3", "x": 650, "y": 585, "width": 210, "height": 0,
+      "points": [[0,0],[210,0]], "endArrowhead": "arrow", "strokeColor": "#ef4444", "strokeStyle": "dashed" },
+    { "type": "rectangle", "id": "a5-gap", "x": 860, "y": 560, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No refs\nquery", "fontSize": 14 } },
+    { "type": "text", "id": "a5-note", "x": 280, "y": 612, "text": "Agent can't ask \"which issues does MR !456 close?\" -- entity_references data exists but isn't queryable.", "fontSize": 12, "strokeColor": "#868e96" },
+
+    { "type": "rectangle", "id": "a11-trigger", "x": 30, "y": 640, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A11: Knowledge graph\nMap entity relationships", "fontSize": 14 } },
+    { "type": "arrow", "id": "a11-a1", "x": 230, "y": 665, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a11-cmd1", "x": 280, "y": 645, "width": 140, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J search -n 30", "fontSize": 14 } },
+    { "type": "arrow", "id": "a11-a2", "x": 420, "y": 665, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a11-cmd2", "x": 440, "y": 645, "width": 190, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J timeline --depth 2", "fontSize": 14 } },
+    { "type": "arrow", "id": "a11-a3", "x": 630, "y": 665, "width": 230, "height": 0,
+      "points": [[0,0],[230,0]], "endArrowhead": "arrow", "strokeColor": "#ef4444", "strokeStyle": "dashed" },
+    { "type": "rectangle", "id": "a11-gap", "x": 860, "y": 640, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No refs\nquery", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "zone-maint", "x": 20, "y": 740, "width": 960, "height": 140,
+      "backgroundColor": "#dbe4ff", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#4a9eed", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-maint-label", "x": 30, "y": 745, "text": "Maintenance & Cleanup", "fontSize": 14, "strokeColor": "#1971c2" },
+
+    { "type": "rectangle", "id": "a9-trigger", "x": 30, "y": 770, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A9: Stale issue cleanup\nWeekly backlog hygiene", "fontSize": 14 } },
+    { "type": "arrow", "id": "a9-a1", "x": 230, "y": 795, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a9-cmd1", "x": 280, "y": 775, "width": 200, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J issues --sort updated --asc", "fontSize": 12 } },
+    { "type": "arrow", "id": "a9-a2", "x": 480, "y": 795, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a9-cmd2", "x": 500, "y": 775, "width": 120, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "filter client-side", "fontSize": 14 } },
+    { "type": "arrow", "id": "a9-a3", "x": 620, "y": 795, "width": 240, "height": 0,
+      "points": [[0,0],[240,0]], "endArrowhead": "arrow", "strokeColor": "#ef4444", "strokeStyle": "dashed" },
+    { "type": "rectangle", "id": "a9-gap", "x": 860, "y": 770, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No --before\nNo offset", "fontSize": 14 } },
+
+    { "type": "rectangle", "id": "a15-trigger", "x": 30, "y": 840, "width": 200, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "A15: Conflict detect\n\"Safe to start work?\"", "fontSize": 14 } },
+    { "type": "arrow", "id": "a15-a1", "x": 230, "y": 865, "width": 50, "height": 0,
+      "points": [[0,0],[50,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a15-cmd1", "x": 280, "y": 845, "width": 110, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J issues 123", "fontSize": 14 } },
+    { "type": "arrow", "id": "a15-a2", "x": 390, "y": 865, "width": 20, "height": 0,
+      "points": [[0,0],[20,0]], "endArrowhead": "arrow" },
+    { "type": "rectangle", "id": "a15-cmd2", "x": 410, "y": 845, "width": 130, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "-J who --overlap", "fontSize": 14 } },
+    { "type": "arrow", "id": "a15-a3", "x": 540, "y": 865, "width": 320, "height": 0,
+      "points": [[0,0],[320,0]], "endArrowhead": "arrow", "strokeColor": "#ef4444", "strokeStyle": "dashed" },
+    { "type": "rectangle", "id": "a15-gap", "x": 860, "y": 840, "width": 110, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "No refs +\n--state", "fontSize": 14 } },
+
+    { "type": "text", "id": "callout-1", "x": 30, "y": 910, "text": "Agent-specific pain: Agents always use -J and --fields minimal for token efficiency. Every extra query burns tokens.", "fontSize": 14, "strokeColor": "#495057" },
+    { "type": "text", "id": "callout-2", "x": 30, "y": 935, "text": "Biggest ROI: `lore refs` command would unblock A5, A11, A12, A15 instantly. Data already exists in entity_references table.", "fontSize": 14, "strokeColor": "#15803d" },
+    { "type": "text", "id": "callout-3", "x": 30, "y": 960, "text": "Token waste: Sprint report (A3) requires 7 calls. A composite `lore summary` could save ~85% of tokens.", "fontSize": 14, "strokeColor": "#ef4444" }
+  ],
+  "appState": { "viewBackgroundColor": "#ffffff", "gridSize": null },
+  "files": {}
+}

docs/diagrams/03-command-coverage.excalidraw

@@ -0,0 +1,203 @@
+{
+  "type": "excalidraw",
+  "version": 2,
+  "source": "https://excalidraw.com",
+  "elements": [
+    { "type": "text", "id": "title", "x": 280, "y": 15, "text": "Command Coverage Heatmap", "fontSize": 28 },
+    { "type": "text", "id": "subtitle", "x": 220, "y": 53, "text": "Which commands serve which workflows? Darker = more essential to that flow.", "fontSize": 14, "strokeColor": "#868e96" },
+
+    { "type": "text", "id": "col-issues", "x": 260, "y": 85, "text": "issues", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-mrs", "x": 330, "y": 85, "text": "mrs", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-search", "x": 390, "y": 85, "text": "search", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-who", "x": 465, "y": 85, "text": "who", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-timeline", "x": 520, "y": 85, "text": "timeline", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-sync", "x": 600, "y": 85, "text": "sync", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-count", "x": 660, "y": 85, "text": "count", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-status", "x": 720, "y": 85, "text": "status", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "col-missing", "x": 790, "y": 85, "text": "MISSING?", "fontSize": 14, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "grp-human", "x": 15, "y": 108, "text": "HUMAN FLOWS", "fontSize": 14, "strokeColor": "#15803d" },
+
+    { "type": "text", "id": "h1-label", "x": 15, "y": 135, "text": "H1  Standup prep", "fontSize": 14 },
+    { "type": "rectangle", "id": "h1-issues", "x": 255, "y": 130, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h1-mrs", "x": 325, "y": 130, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h1-who", "x": 460, "y": 130, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h1-sync", "x": 595, "y": 130, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "h1-gap", "x": 780, "y": 135, "text": "activity feed", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h2-label", "x": 15, "y": 170, "text": "H2  Sprint planning", "fontSize": 14 },
+    { "type": "rectangle", "id": "h2-issues", "x": 255, "y": 165, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h2-count", "x": 655, "y": 165, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "h2-gap", "x": 780, "y": 170, "text": "--no-assignee", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h3-label", "x": 15, "y": 205, "text": "H3  Incident response", "fontSize": 14 },
+    { "type": "rectangle", "id": "h3-mrs", "x": 325, "y": 200, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h3-search", "x": 390, "y": 200, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h3-who", "x": 460, "y": 200, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h3-timeline", "x": 525, "y": 200, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h3-sync", "x": 595, "y": 200, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+
+    { "type": "text", "id": "h4-label", "x": 15, "y": 240, "text": "H4  Code review prep", "fontSize": 14 },
+    { "type": "rectangle", "id": "h4-mrs", "x": 325, "y": 235, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h4-search", "x": 390, "y": 235, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h4-who", "x": 460, "y": 235, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h4-timeline", "x": 525, "y": 235, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "h4-gap", "x": 780, "y": 240, "text": "MR file list", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h5-label", "x": 15, "y": 275, "text": "H5  Onboarding", "fontSize": 14 },
+    { "type": "rectangle", "id": "h5-issues", "x": 255, "y": 270, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h5-mrs", "x": 325, "y": 270, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h5-search", "x": 390, "y": 270, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h5-who", "x": 460, "y": 270, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h5-timeline", "x": 525, "y": 270, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+
+    { "type": "text", "id": "h6-label", "x": 15, "y": 310, "text": "H6  Find reviewer", "fontSize": 14 },
+    { "type": "rectangle", "id": "h6-who", "x": 460, "y": 305, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "h6-gap", "x": 780, "y": 310, "text": "multi-path who", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h7-label", "x": 15, "y": 345, "text": "H7  Why was this built?", "fontSize": 14 },
+    { "type": "rectangle", "id": "h7-issues", "x": 255, "y": 340, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h7-mrs", "x": 325, "y": 340, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h7-search", "x": 390, "y": 340, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h7-timeline", "x": 525, "y": 340, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "h7-gap", "x": 780, "y": 345, "text": "per-note search", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h8-label", "x": 15, "y": 380, "text": "H8  Team workload", "fontSize": 14 },
+    { "type": "rectangle", "id": "h8-who", "x": 460, "y": 375, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "h8-gap", "x": 780, "y": 380, "text": "team view", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h9-label", "x": 15, "y": 415, "text": "H9  Release notes", "fontSize": 14 },
+    { "type": "rectangle", "id": "h9-issues", "x": 255, "y": 410, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h9-mrs", "x": 325, "y": 410, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "h9-gap", "x": 780, "y": 415, "text": "mrs --milestone", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h10-label", "x": 15, "y": 450, "text": "H10 Stale issues", "fontSize": 14 },
+    { "type": "rectangle", "id": "h10-issues", "x": 255, "y": 445, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "h10-gap", "x": 780, "y": 450, "text": "--updated-before", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h11-label", "x": 15, "y": 485, "text": "H11 Bug lifecycle", "fontSize": 14 },
+    { "type": "rectangle", "id": "h11-issues", "x": 255, "y": 480, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h11-timeline", "x": 525, "y": 480, "width": 50, "height": 28, "backgroundColor": "#ffd8a8", "fillStyle": "solid" },
+    { "type": "text", "id": "h11-gap", "x": 780, "y": 485, "text": "entity timeline", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h12-label", "x": 15, "y": 520, "text": "H12 Who broke tests?", "fontSize": 14 },
+    { "type": "rectangle", "id": "h12-search", "x": 390, "y": 515, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h12-who", "x": 460, "y": 515, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+
+    { "type": "text", "id": "h13-label", "x": 15, "y": 555, "text": "H13 Feature tracking", "fontSize": 14 },
+    { "type": "rectangle", "id": "h13-issues", "x": 255, "y": 550, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h13-mrs", "x": 325, "y": 550, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h13-timeline", "x": 525, "y": 550, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+
+    { "type": "text", "id": "h14-label", "x": 15, "y": 590, "text": "H14 Prior art check", "fontSize": 14 },
+    { "type": "rectangle", "id": "h14-search", "x": 390, "y": 585, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "h14-timeline", "x": 525, "y": 585, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "h14-gap", "x": 780, "y": 590, "text": "--state on search", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "h15-label", "x": 15, "y": 625, "text": "H15 My discussions", "fontSize": 14 },
+    { "type": "rectangle", "id": "h15-who", "x": 460, "y": 620, "width": 50, "height": 28, "backgroundColor": "#ffd8a8", "fillStyle": "solid" },
+    { "type": "text", "id": "h15-gap", "x": 780, "y": 625, "text": "participant filter", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "rectangle", "id": "divider", "x": 10, "y": 655, "width": 910, "height": 2, "backgroundColor": "#dee2e6", "fillStyle": "solid" },
+
+    { "type": "text", "id": "grp-agent", "x": 15, "y": 668, "text": "AI AGENT FLOWS", "fontSize": 14, "strokeColor": "#7048e8" },
+
+    { "type": "text", "id": "a1-label", "x": 15, "y": 695, "text": "A1  Pre-edit context", "fontSize": 14 },
+    { "type": "rectangle", "id": "a1-mrs", "x": 325, "y": 690, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a1-search", "x": 390, "y": 690, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a1-who", "x": 460, "y": 690, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+
+    { "type": "text", "id": "a2-label", "x": 15, "y": 730, "text": "A2  Auto-triage", "fontSize": 14 },
+    { "type": "rectangle", "id": "a2-issues", "x": 255, "y": 725, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a2-search", "x": 390, "y": 725, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a2-who", "x": 460, "y": 725, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "a2-gap", "x": 780, "y": 730, "text": "detail --fields", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a3-label", "x": 15, "y": 765, "text": "A3  Sprint report", "fontSize": 14 },
+    { "type": "rectangle", "id": "a3-issues", "x": 255, "y": 760, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a3-mrs", "x": 325, "y": 760, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a3-who", "x": 460, "y": 760, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a3-count", "x": 655, "y": 760, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "a3-gap", "x": 780, "y": 765, "text": "summary cmd", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a4-label", "x": 15, "y": 800, "text": "A4  Prior art", "fontSize": 14 },
+    { "type": "rectangle", "id": "a4-search", "x": 390, "y": 795, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a4-timeline", "x": 525, "y": 795, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "a4-gap", "x": 780, "y": 800, "text": "per-note search", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a5-label", "x": 15, "y": 835, "text": "A5  PR description", "fontSize": 14 },
+    { "type": "rectangle", "id": "a5-issues", "x": 255, "y": 830, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a5-search", "x": 390, "y": 830, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "a5-gap", "x": 780, "y": 835, "text": "entity refs query", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a6-label", "x": 15, "y": 870, "text": "A6  Reviewer assign", "fontSize": 14 },
+    { "type": "rectangle", "id": "a6-mrs", "x": 325, "y": 865, "width": 50, "height": 28, "backgroundColor": "#ffd8a8", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a6-who", "x": 460, "y": 865, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "a6-gap", "x": 780, "y": 870, "text": "MR file list", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a7-label", "x": 15, "y": 905, "text": "A7  Incident timeline", "fontSize": 14 },
+    { "type": "rectangle", "id": "a7-mrs", "x": 325, "y": 900, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a7-search", "x": 390, "y": 900, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a7-timeline", "x": 525, "y": 900, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+
+    { "type": "text", "id": "a8-label", "x": 15, "y": 940, "text": "A8  Cross-project", "fontSize": 14 },
+    { "type": "rectangle", "id": "a8-search", "x": 390, "y": 935, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a8-timeline", "x": 525, "y": 935, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "a8-gap", "x": 780, "y": 940, "text": "group by project", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a9-label", "x": 15, "y": 975, "text": "A9  Stale cleanup", "fontSize": 14 },
+    { "type": "rectangle", "id": "a9-issues", "x": 255, "y": 970, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a9-search", "x": 390, "y": 970, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "a9-gap", "x": 780, "y": 975, "text": "--updated-before", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a10-label", "x": 15, "y": 1010, "text": "A10 Review context", "fontSize": 14 },
+    { "type": "rectangle", "id": "a10-mrs", "x": 325, "y": 1005, "width": 50, "height": 28, "backgroundColor": "#ffd8a8", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a10-who", "x": 460, "y": 1005, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "a10-gap", "x": 780, "y": 1010, "text": "MR file list", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a11-label", "x": 15, "y": 1045, "text": "A11 Knowledge graph", "fontSize": 14 },
+    { "type": "rectangle", "id": "a11-search", "x": 390, "y": 1040, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a11-timeline", "x": 525, "y": 1040, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "a11-gap", "x": 780, "y": 1045, "text": "entity refs query", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a12-label", "x": 15, "y": 1080, "text": "A12 Release check", "fontSize": 14 },
+    { "type": "rectangle", "id": "a12-issues", "x": 255, "y": 1075, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a12-mrs", "x": 325, "y": 1075, "width": 50, "height": 28, "backgroundColor": "#ffd8a8", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a12-who", "x": 460, "y": 1075, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "a12-gap", "x": 780, "y": 1080, "text": "mrs --milestone", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a13-label", "x": 15, "y": 1115, "text": "A13 What changed?", "fontSize": 14 },
+    { "type": "rectangle", "id": "a13-issues", "x": 255, "y": 1110, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a13-mrs", "x": 325, "y": 1110, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "a13-gap", "x": 780, "y": 1115, "text": "state-change filter", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a14-label", "x": 15, "y": 1150, "text": "A14 Meeting prep", "fontSize": 14 },
+    { "type": "rectangle", "id": "a14-issues", "x": 255, "y": 1145, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a14-mrs", "x": 325, "y": 1145, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a14-who", "x": 460, "y": 1145, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a14-count", "x": 655, "y": 1145, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "a14-gap", "x": 780, "y": 1150, "text": "summary cmd", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "a15-label", "x": 15, "y": 1185, "text": "A15 Conflict detect", "fontSize": 14 },
+    { "type": "rectangle", "id": "a15-issues", "x": 255, "y": 1180, "width": 50, "height": 28, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a15-mrs", "x": 325, "y": 1180, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "rectangle", "id": "a15-who", "x": 460, "y": 1180, "width": 50, "height": 28, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "a15-gap", "x": 780, "y": 1185, "text": "entity refs, --state", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "legend-title", "x": 15, "y": 1230, "text": "Legend:", "fontSize": 14 },
+    { "type": "rectangle", "id": "leg-essential", "x": 80, "y": 1228, "width": 20, "height": 20, "backgroundColor": "#22c55e", "fillStyle": "solid" },
+    { "type": "text", "id": "leg-essential-t", "x": 105, "y": 1230, "text": "Essential", "fontSize": 14 },
+    { "type": "rectangle", "id": "leg-supporting", "x": 190, "y": 1228, "width": 20, "height": 20, "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "leg-supporting-t", "x": 215, "y": 1230, "text": "Supporting", "fontSize": 14 },
+    { "type": "rectangle", "id": "leg-partial", "x": 310, "y": 1228, "width": 20, "height": 20, "backgroundColor": "#ffd8a8", "fillStyle": "solid" },
+    { "type": "text", "id": "leg-partial-t", "x": 335, "y": 1230, "text": "Partially blocked", "fontSize": 14 },
+    { "type": "text", "id": "leg-gap-t", "x": 470, "y": 1230, "text": "Red text = gap", "fontSize": 14, "strokeColor": "#ef4444" },
+
+    { "type": "text", "id": "insight-1", "x": 15, "y": 1270, "text": "Key insight: `issues` and `search` are the workhorses (used in 20+ flows).", "fontSize": 14, "strokeColor": "#495057" },
+    { "type": "text", "id": "insight-2", "x": 15, "y": 1295, "text": "`who` is critical for people questions but siloed from file-change data.", "fontSize": 14, "strokeColor": "#495057" },
+    { "type": "text", "id": "insight-3", "x": 15, "y": 1320, "text": "`timeline` is powerful but keyword-only seeding limits entity-specific queries.", "fontSize": 14, "strokeColor": "#495057" },
+    { "type": "text", "id": "insight-4", "x": 15, "y": 1345, "text": "22/30 flows have at least one gap. Most gaps are filter additions, not new commands.", "fontSize": 14, "strokeColor": "#ef4444" }
+  ],
+  "appState": { "viewBackgroundColor": "#ffffff", "gridSize": null },
+  "files": {}
+}

docs/diagrams/04-gap-priority-matrix.excalidraw

@@ -0,0 +1,110 @@
+{
+  "type": "excalidraw",
+  "version": 2,
+  "source": "https://excalidraw.com",
+  "elements": [
+    { "type": "text", "id": "title", "x": 300, "y": 20, "text": "Lore CLI Gap Priority Matrix", "fontSize": 28 },
+    { "type": "text", "id": "subtitle", "x": 310, "y": 58, "text": "20 identified gaps plotted by impact vs effort", "fontSize": 16, "strokeColor": "#868e96" },
+
+    { "type": "rectangle", "id": "q1-zone", "x": 100, "y": 120, "width": 500, "height": 380,
+      "backgroundColor": "#d3f9d8", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#22c55e", "strokeWidth": 1, "opacity": 25 },
+    { "type": "text", "id": "q1-label", "x": 110, "y": 126, "text": "QUICK WINS", "fontSize": 18, "strokeColor": "#15803d" },
+
+    { "type": "rectangle", "id": "q2-zone", "x": 620, "y": 120, "width": 500, "height": 380,
+      "backgroundColor": "#fff3bf", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#f59e0b", "strokeWidth": 1, "opacity": 25 },
+    { "type": "text", "id": "q2-label", "x": 630, "y": 126, "text": "STRATEGIC", "fontSize": 18, "strokeColor": "#b45309" },
+
+    { "type": "rectangle", "id": "q3-zone", "x": 100, "y": 520, "width": 500, "height": 300,
+      "backgroundColor": "#dbe4ff", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#4a9eed", "strokeWidth": 1, "opacity": 25 },
+    { "type": "text", "id": "q3-label", "x": 110, "y": 526, "text": "FILL-IN", "fontSize": 18, "strokeColor": "#1971c2" },
+
+    { "type": "rectangle", "id": "q4-zone", "x": 620, "y": 520, "width": 500, "height": 300,
+      "backgroundColor": "#ffc9c9", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#ef4444", "strokeWidth": 1, "opacity": 25 },
+    { "type": "text", "id": "q4-label", "x": 630, "y": 526, "text": "DEPRIORITIZE", "fontSize": 18, "strokeColor": "#c92a2a" },
+
+    { "type": "text", "id": "y-axis-hi", "x": 30, "y": 130, "text": "HIGH\nIMPACT", "fontSize": 16, "strokeColor": "#495057", "textAlign": "center" },
+    { "type": "text", "id": "y-axis-lo", "x": 30, "y": 550, "text": "LOW\nIMPACT", "fontSize": 16, "strokeColor": "#495057", "textAlign": "center" },
+    { "type": "text", "id": "x-axis-lo", "x": 280, "y": 840, "text": "LOW EFFORT", "fontSize": 16, "strokeColor": "#495057" },
+    { "type": "text", "id": "x-axis-hi", "x": 800, "y": 840, "text": "HIGH EFFORT", "fontSize": 16, "strokeColor": "#495057" },
+
+    { "type": "arrow", "id": "y-arrow", "x": 85, "y": 810, "width": 0, "height": -680,
+      "points": [[0,0],[0,-680]], "endArrowhead": "arrow", "strokeColor": "#495057", "strokeWidth": 1 },
+    { "type": "arrow", "id": "x-arrow", "x": 85, "y": 810, "width": 1050, "height": 0,
+      "points": [[0,0],[1050,0]], "endArrowhead": "arrow", "strokeColor": "#495057", "strokeWidth": 1 },
+
+    { "type": "rectangle", "id": "g5", "x": 120, "y": 160, "width": 210, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#5 @me alias", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g8", "x": 120, "y": 225, "width": 210, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#8 --state on search", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g9", "x": 120, "y": 290, "width": 210, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#9 mrs --milestone", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g10", "x": 120, "y": 355, "width": 210, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#10 --no-assignee", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g11", "x": 350, "y": 160, "width": 230, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#11 --updated-before", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g14", "x": 350, "y": 225, "width": 230, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#14 detail --fields", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g18", "x": 350, "y": 290, "width": 230, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#18 1y/12m duration", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g20", "x": 350, "y": 355, "width": 230, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "#20 sort by due date", "fontSize": 16 } },
+
+    { "type": "rectangle", "id": "g1", "x": 640, "y": 160, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "#1 MR file changes", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g2", "x": 640, "y": 225, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "#2 entity refs query", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g3", "x": 640, "y": 290, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "#3 per-note search", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g4", "x": 880, "y": 160, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "#4 entity timeline", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g6", "x": 880, "y": 225, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "#6 activity feed", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g12", "x": 880, "y": 290, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffd8a8", "fillStyle": "solid",
+      "label": { "text": "#12 team workload", "fontSize": 16 } },
+
+    { "type": "rectangle", "id": "g13", "x": 120, "y": 570, "width": 210, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "#13 pagination/offset", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g15", "x": 120, "y": 635, "width": 210, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "#15 group by project", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g19", "x": 120, "y": 700, "width": 210, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "#19 participant filter", "fontSize": 16 } },
+
+    { "type": "rectangle", "id": "g7", "x": 640, "y": 570, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid",
+      "label": { "text": "#7 multi-path who", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g16", "x": 640, "y": 635, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid",
+      "label": { "text": "#16 trend metrics", "fontSize": 16 } },
+    { "type": "rectangle", "id": "g17", "x": 640, "y": 700, "width": 220, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid",
+      "label": { "text": "#17 --for-issue on mrs", "fontSize": 16 } },
+
+    { "type": "text", "id": "q1-count", "x": 180, "y": 430, "text": "8 gaps - lowest hanging fruit", "fontSize": 14, "strokeColor": "#15803d" },
+    { "type": "text", "id": "q2-count", "x": 710, "y": 370, "text": "6 gaps - build deliberately", "fontSize": 14, "strokeColor": "#b45309" },
+    { "type": "text", "id": "q3-count", "x": 160, "y": 770, "text": "3 gaps - fill as needed", "fontSize": 14, "strokeColor": "#1971c2" },
+    { "type": "text", "id": "q4-count", "x": 680, "y": 770, "text": "3 gaps - defer or rethink", "fontSize": 14, "strokeColor": "#c92a2a" }
+  ],
+  "appState": { "viewBackgroundColor": "#ffffff", "gridSize": null },
+  "files": {}
+}

docs/diagrams/05-data-flow-architecture.excalidraw

@@ -0,0 +1,184 @@
+{
+  "type": "excalidraw",
+  "version": 2,
+  "source": "https://excalidraw.com",
+  "elements": [
+    { "type": "text", "id": "title", "x": 350, "y": 15, "text": "Lore Data Flow Architecture", "fontSize": 28 },
+    { "type": "text", "id": "subtitle", "x": 280, "y": 53, "text": "Green = queryable via CLI  |  Red = stored but hidden  |  Gray = internal", "fontSize": 14, "strokeColor": "#868e96" },
+
+    { "type": "rectangle", "id": "zone-gitlab", "x": 30, "y": 90, "width": 200, "height": 300,
+      "backgroundColor": "#e5dbff", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#8b5cf6", "strokeWidth": 1, "opacity": 30 },
+    { "type": "text", "id": "zone-gitlab-label", "x": 55, "y": 96, "text": "GitLab APIs", "fontSize": 16, "strokeColor": "#7048e8" },
+
+    { "type": "rectangle", "id": "rest-api", "x": 50, "y": 130, "width": 160, "height": 60,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "REST API\n(paginated)", "fontSize": 16 } },
+    { "type": "rectangle", "id": "graphql-api", "x": 50, "y": 210, "width": 160, "height": 60,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "GraphQL API\n(adaptive pages)", "fontSize": 16 } },
+    { "type": "rectangle", "id": "ollama-api", "x": 50, "y": 310, "width": 160, "height": 60,
+      "roundness": { "type": 3 }, "backgroundColor": "#d0bfff", "fillStyle": "solid",
+      "label": { "text": "Ollama\n(embeddings)", "fontSize": 16 } },
+
+    { "type": "rectangle", "id": "zone-ingest", "x": 270, "y": 90, "width": 180, "height": 300,
+      "backgroundColor": "#dbe4ff", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#4a9eed", "strokeWidth": 1, "opacity": 30 },
+    { "type": "text", "id": "zone-ingest-label", "x": 300, "y": 96, "text": "Ingestion", "fontSize": 16, "strokeColor": "#1971c2" },
+
+    { "type": "rectangle", "id": "ingest-issues", "x": 285, "y": 130, "width": 150, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "Issue Sync", "fontSize": 16 } },
+    { "type": "rectangle", "id": "ingest-mrs", "x": 285, "y": 195, "width": 150, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "MR Sync", "fontSize": 16 } },
+    { "type": "rectangle", "id": "ingest-disc", "x": 285, "y": 260, "width": 150, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "Discussion Sync", "fontSize": 16 } },
+    { "type": "rectangle", "id": "ingest-events", "x": 285, "y": 325, "width": 150, "height": 50,
+      "roundness": { "type": 3 }, "backgroundColor": "#a5d8ff", "fillStyle": "solid",
+      "label": { "text": "Event Sync", "fontSize": 16 } },
+
+    { "type": "arrow", "id": "a-rest-issues", "x": 210, "y": 155, "width": 75, "height": 0,
+      "points": [[0,0],[75,0]], "endArrowhead": "arrow", "strokeColor": "#495057" },
+    { "type": "arrow", "id": "a-rest-mrs", "x": 210, "y": 165, "width": 75, "height": 50,
+      "points": [[0,0],[75,50]], "endArrowhead": "arrow", "strokeColor": "#495057" },
+    { "type": "arrow", "id": "a-graphql-issues", "x": 210, "y": 240, "width": 75, "height": -80,
+      "points": [[0,0],[75,-80]], "endArrowhead": "arrow", "strokeColor": "#495057" },
+
+    { "type": "rectangle", "id": "zone-sqlite", "x": 490, "y": 90, "width": 400, "height": 650,
+      "backgroundColor": "#d3f9d8", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#22c55e", "strokeWidth": 1, "opacity": 20 },
+    { "type": "text", "id": "zone-sqlite-label", "x": 570, "y": 96, "text": "SQLite (WAL mode)", "fontSize": 16, "strokeColor": "#15803d" },
+
+    { "type": "text", "id": "grp-queryable", "x": 500, "y": 120, "text": "Queryable Tables", "fontSize": 14, "strokeColor": "#15803d" },
+
+    { "type": "rectangle", "id": "t-projects", "x": 500, "y": 145, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "projects", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-issues", "x": 500, "y": 195, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "issues + assignees", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-mrs", "x": 500, "y": 245, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "merge_requests", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-discussions", "x": 500, "y": 295, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "discussions + notes", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-events", "x": 500, "y": 345, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "resource_*_events", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-docs", "x": 500, "y": 395, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "documents + FTS5", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-embed", "x": 500, "y": 445, "width": 170, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#b2f2bb", "fillStyle": "solid",
+      "label": { "text": "embeddings (vec)", "fontSize": 14 } },
+
+    { "type": "text", "id": "grp-hidden", "x": 700, "y": 120, "text": "Hidden Tables", "fontSize": 14, "strokeColor": "#c92a2a" },
+
+    { "type": "rectangle", "id": "t-file-changes", "x": 695, "y": 145, "width": 180, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "mr_file_changes", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-entity-refs", "x": 695, "y": 195, "width": 180, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "entity_references", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-raw", "x": 695, "y": 245, "width": 180, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444",
+      "label": { "text": "raw_payloads", "fontSize": 14 } },
+
+    { "type": "text", "id": "grp-internal", "x": 700, "y": 310, "text": "Internal Only", "fontSize": 14, "strokeColor": "#868e96" },
+
+    { "type": "rectangle", "id": "t-sync", "x": 695, "y": 340, "width": 180, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#dee2e6", "fillStyle": "solid", "strokeColor": "#868e96",
+      "label": { "text": "sync_runs + cursors", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-dirty", "x": 695, "y": 390, "width": 180, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#dee2e6", "fillStyle": "solid", "strokeColor": "#868e96",
+      "label": { "text": "dirty_sources", "fontSize": 14 } },
+    { "type": "rectangle", "id": "t-locks", "x": 695, "y": 440, "width": 180, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#dee2e6", "fillStyle": "solid", "strokeColor": "#868e96",
+      "label": { "text": "app_locks", "fontSize": 14 } },
+
+    { "type": "arrow", "id": "a-ingest-tables", "x": 435, "y": 200, "width": 55, "height": 0,
+      "points": [[0,0],[55,0]], "endArrowhead": "arrow", "strokeColor": "#495057" },
+
+    { "type": "rectangle", "id": "zone-cli", "x": 930, "y": 90, "width": 250, "height": 650,
+      "backgroundColor": "#fff3bf", "fillStyle": "solid", "roundness": { "type": 3 },
+      "strokeColor": "#f59e0b", "strokeWidth": 1, "opacity": 25 },
+    { "type": "text", "id": "zone-cli-label", "x": 990, "y": 96, "text": "CLI Commands", "fontSize": 16, "strokeColor": "#b45309" },
+
+    { "type": "rectangle", "id": "cmd-issues", "x": 950, "y": 130, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore issues", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-mrs", "x": 950, "y": 185, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore mrs", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-search", "x": 950, "y": 240, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore search", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-who", "x": 950, "y": 295, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore who", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-timeline", "x": 950, "y": 350, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore timeline", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-count", "x": 950, "y": 405, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore count", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-sync", "x": 950, "y": 460, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore sync", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-status", "x": 950, "y": 515, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#fff3bf", "fillStyle": "solid",
+      "label": { "text": "lore status", "fontSize": 16 } },
+
+    { "type": "arrow", "id": "a-issues-cmd", "x": 670, "y": 215, "width": 270, "height": -65,
+      "points": [[0,0],[270,-65]], "endArrowhead": "arrow", "strokeColor": "#22c55e", "strokeWidth": 2 },
+    { "type": "arrow", "id": "a-mrs-cmd", "x": 670, "y": 265, "width": 270, "height": -60,
+      "points": [[0,0],[270,-60]], "endArrowhead": "arrow", "strokeColor": "#22c55e", "strokeWidth": 2 },
+    { "type": "arrow", "id": "a-docs-cmd", "x": 670, "y": 415, "width": 270, "height": -155,
+      "points": [[0,0],[270,-155]], "endArrowhead": "arrow", "strokeColor": "#22c55e", "strokeWidth": 2 },
+    { "type": "arrow", "id": "a-embed-cmd", "x": 670, "y": 465, "width": 270, "height": -200,
+      "points": [[0,0],[270,-200]], "endArrowhead": "arrow", "strokeColor": "#22c55e", "strokeWidth": 2 },
+    { "type": "arrow", "id": "a-events-cmd", "x": 670, "y": 365, "width": 270, "height": 5,
+      "points": [[0,0],[270,5]], "endArrowhead": "arrow", "strokeColor": "#22c55e", "strokeWidth": 2 },
+
+    { "type": "text", "id": "hidden-note-1", "x": 695, "y": 498, "text": "mr_file_changes: populated by\nMR sync but NOT queryable.\nBlocks H4, A6, A10 flows.", "fontSize": 14, "strokeColor": "#ef4444" },
+    { "type": "text", "id": "hidden-note-2", "x": 695, "y": 568, "text": "entity_references: used by\ntimeline internally but NOT\nqueryable. Blocks A5, A11.", "fontSize": 14, "strokeColor": "#ef4444" },
+
+    { "type": "arrow", "id": "a-hidden-who", "x": 875, "y": 165, "width": 65, "height": 148,
+      "points": [[0,0],[65,148]], "endArrowhead": "arrow", "strokeColor": "#ef4444", "strokeWidth": 2,
+      "strokeStyle": "dashed" },
+    { "type": "text", "id": "hidden-who-label", "x": 880, "y": 240, "text": "who uses\nDiffNotes,\nnot file\nchanges", "fontSize": 12, "strokeColor": "#ef4444" },
+
+    { "type": "arrow", "id": "a-hidden-timeline", "x": 875, "y": 215, "width": 65, "height": 155,
+      "points": [[0,0],[65,155]], "endArrowhead": "arrow", "strokeColor": "#ef4444", "strokeWidth": 2,
+      "strokeStyle": "dashed" },
+
+    { "type": "rectangle", "id": "cmd-missing-refs", "x": 950, "y": 580, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444", "strokeStyle": "dashed",
+      "label": { "text": "lore refs (missing)", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-missing-files", "x": 950, "y": 635, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444", "strokeStyle": "dashed",
+      "label": { "text": "lore files (missing)", "fontSize": 16 } },
+    { "type": "rectangle", "id": "cmd-missing-activity", "x": 950, "y": 690, "width": 210, "height": 40,
+      "roundness": { "type": 3 }, "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444", "strokeStyle": "dashed",
+      "label": { "text": "lore activity (missing)", "fontSize": 16 } },
+
+    { "type": "text", "id": "legend-title", "x": 30, "y": 430, "text": "Legend", "fontSize": 16 },
+    { "type": "rectangle", "id": "leg-green", "x": 30, "y": 460, "width": 20, "height": 20,
+      "backgroundColor": "#b2f2bb", "fillStyle": "solid" },
+    { "type": "text", "id": "leg-green-t", "x": 60, "y": 462, "text": "Queryable via CLI", "fontSize": 14 },
+    { "type": "rectangle", "id": "leg-red", "x": 30, "y": 490, "width": 20, "height": 20,
+      "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444" },
+    { "type": "text", "id": "leg-red-t", "x": 60, "y": 492, "text": "Stored but hidden", "fontSize": 14 },
+    { "type": "rectangle", "id": "leg-gray", "x": 30, "y": 520, "width": 20, "height": 20,
+      "backgroundColor": "#dee2e6", "fillStyle": "solid", "strokeColor": "#868e96" },
+    { "type": "text", "id": "leg-gray-t", "x": 60, "y": 522, "text": "Internal bookkeeping", "fontSize": 14 },
+    { "type": "rectangle", "id": "leg-dashed", "x": 30, "y": 550, "width": 20, "height": 20,
+      "backgroundColor": "#ffc9c9", "fillStyle": "solid", "strokeColor": "#ef4444", "strokeStyle": "dashed" },
+    { "type": "text", "id": "leg-dashed-t", "x": 60, "y": 552, "text": "Missing command", "fontSize": 14 }
+  ],
+  "appState": { "viewBackgroundColor": "#ffffff", "gridSize": null },
+  "files": {}
+}

docs/lore-me-spec.md

@@ -0,0 +1,290 @@
+# `lore me` — Personal Work Dashboard
+
+## Overview
+
+A personal dashboard command that shows everything relevant to the configured user: open issues, authored MRs, MRs under review, and recent activity. Attention state is computed from GitLab interaction data (comments) with no local state tracking.
+
+## Command Interface
+
+```
+lore me                              # Full dashboard (default project or all)
+lore me --issues                     # Issues section only
+lore me --mrs                        # MRs section only (authored + reviewing)
+lore me --activity                   # Activity feed only
+lore me --issues --mrs               # Multiple sections (combinable)
+lore me --all                        # All synced projects (overrides default_project)
+lore me --since 2d                   # Activity window (default: 30d)
+lore me --project group/repo         # Scope to one project
+lore me --user jdoe                  # Override configured username
+```
+
+Standard global flags: `--robot`/`-J`, `--fields`, `--color`, `--icons`.
+
+---
+
+## Acceptance Criteria
+
+### AC-1: Configuration
+
+- **AC-1.1**: New optional field `gitlab.username` (string) in config.json
+- **AC-1.2**: Resolution order: `--user` CLI flag > `config.gitlab.username` > exit code 2 with actionable error message suggesting how to set it
+- **AC-1.3**: Username is case-sensitive (matches GitLab usernames exactly)
+
+### AC-2: Command Interface
+
+- **AC-2.1**: New command `lore me` — single command with flags (matches `who` pattern)
+- **AC-2.2**: Section filter flags: `--issues`, `--mrs`, `--activity` — combinable. Passing multiple shows those sections. No flags = full dashboard (all sections).
+- **AC-2.3**: `--since <duration>` controls activity feed window, default 30 days. Only affects the activity section; work item sections always show all open items regardless of `--since`.
+- **AC-2.4**: `--project <path>` scopes to a single project
+- **AC-2.5**: `--user <username>` overrides configured username
+- **AC-2.6**: `--all` flag shows all synced projects (overrides default_project)
+- **AC-2.7**: `--project` and `--all` are mutually exclusive — passing both is exit code 2
+- **AC-2.8**: Standard global flags: `--robot`/`-J`, `--fields`, `--color`, `--icons`
+
+### AC-3: "My Items" Definition
+
+- **AC-3.1**: Issues assigned to me (`issue_assignees.username`). Authorship alone does NOT qualify an issue.
+- **AC-3.2**: MRs authored by me (`merge_requests.author_username`)
+- **AC-3.3**: MRs where I'm a reviewer (`mr_reviewers.username`)
+- **AC-3.4**: Scope is **Assigned (issues) + Authored/Reviewing (MRs)** — no participation/mention expansion
+- **AC-3.5**: MR assignees (`mr_assignees`) are NOT used — in Pattern 1 workflows (author = assignee), this is redundant with authorship
+- **AC-3.6**: Activity feed uses CURRENT association only — if you've been unassigned from an issue, activity on it no longer appears. This keeps the query simple and the feed relevant.
+
+### AC-4: Attention State Model
+
+- **AC-4.1**: Computed per-item from synced GitLab data, no local state tracking
+- **AC-4.2**: Interaction signal: notes authored by the user (`notes.author_username = me` where `is_system = 0`)
+- **AC-4.3**: Future: award emoji will extend interaction signals (separate bead)
+- **AC-4.4**: States (evaluated in this order — first match wins):
+  1. `not_ready`: MR only — `draft=1` AND zero entries in `mr_reviewers`
+  2. `needs_attention`: Others' latest non-system note > user's latest non-system note
+  3. `stale`: Entity has at least one non-system note from someone, but the most recent note from anyone is older than 30 days. Items with ZERO notes are NOT stale — they're `not_started`.
+  4. `not_started`: User has zero non-system notes on this entity (regardless of whether others have commented)
+  5. `awaiting_response`: User's latest non-system note timestamp >= all others' latest non-system note timestamps (including when user is the only commenter)
+- **AC-4.5**: Applied to all item types (issues, authored MRs, reviewing MRs)
+
+### AC-5: Dashboard Sections
+
+**AC-5.1: Open Issues**
+- Source: `issue_assignees.username = me`, state = opened
+- Fields: project path, iid, title, status_name (work item status), attention state, relative time since updated
+- Sort: attention-first (needs_attention > not_started > awaiting_response > stale), then most recently updated within same state
+- No limit, no truncation — show all
+
+**AC-5.2: Open MRs — Authored**
+- Source: `merge_requests.author_username = me`, state = opened
+- Fields: project path, iid, title, draft indicator, detailed_merge_status, attention state, relative time
+- Sort: same as issues
+
+**AC-5.3: Open MRs — Reviewing**
+- Source: `mr_reviewers.username = me`, state = opened
+- Fields: project path, iid, title, MR author username, draft indicator, attention state, relative time
+- Sort: same as issues
+
+**AC-5.4: Activity Feed**
+- Sources (all within `--since` window, default 30d):
+  - Human comments (`notes.is_system = 0`) on my items
+  - State events (`resource_state_events`) on my items
+  - Label events (`resource_label_events`) on my items
+  - Milestone events (`resource_milestone_events`) on my items
+  - Assignment/reviewer system notes (see AC-12 for patterns) on my items
+- "My items" for the activity feed = items I'm CURRENTLY associated with per AC-3 (current assignment state, not historical)
+- Includes activity on items regardless of open/closed state
+- Own actions included but flagged (`is_own: true` in robot, `(you)` suffix + dimmed in human)
+- Sort: newest first (chronological descending)
+- No limit, no truncation — show all events
+
+**AC-5.5: Summary Header**
+- Counts: projects, open issues, authored MRs, reviewing MRs, needs_attention count
+- Attention legend (human mode): icon + label for each state
+
+### AC-6: Human Output — Visual Design
+
+**AC-6.1: Layout**
+- Section card style with `section_divider` headers
+- Legend at top explains attention icons
+- Two-line per item: main data on line 1, project path on line 2 (indented)
+- When scoped to single project (`--project`), suppress project path line (redundant)
+
+**AC-6.2: Attention Icons (three tiers)**
+
+| State | Nerd Font | Unicode | ASCII | Color |
+|-------|-----------|---------|-------|-------|
+| needs_attention | `\uf0f3` bell | `◆` | `[!]` | amber (warning) |
+| not_started | `\uf005` star | `★` | `[*]` | cyan (info) |
+| awaiting_response | `\uf017` clock | `◷` | `[~]` | dim (muted) |
+| stale | `\uf54c` skull | `☠` | `[x]` | dim (muted) |
+
+**AC-6.3: Color Vocabulary** (matches existing lore palette)
+- Issue refs (#N): cyan
+- MR refs (!N): purple
+- Usernames (@name): cyan
+- Opened state: green
+- Merged state: purple
+- Closed state: dim
+- Draft indicator: gray
+- Own actions: dimmed + `(you)` suffix
+- Timestamps: dim (relative time)
+
+**AC-6.4: Activity Event Badges**
+
+| Event | Nerd/Unicode (colored bg) | ASCII fallback |
+|-------|--------------------------|----------------|
+| note | cyan bg, dark text | `[note]` cyan text |
+| status | amber bg, dark text | `[status]` amber text |
+| label | purple bg, white text | `[label]` purple text |
+| assign | green bg, dark text | `[assign]` green text |
+| milestone | magenta bg, white text | `[milestone]` magenta text |
+
+Fallback: when background colors aren't available (ASCII mode), use colored text with brackets instead of background pills.
+
+**AC-6.5: Labels**
+- Human mode: not shown
+- Robot mode: included in JSON
+
+### AC-7: Robot Output
+
+- **AC-7.1**: Standard `{ok, data, meta}` envelope
+- **AC-7.2**: `data` contains: `username`, `since_iso`, `summary` (counts + `needs_attention_count`), `open_issues[]`, `open_mrs_authored[]`, `reviewing_mrs[]`, `activity[]`
+- **AC-7.3**: Each item includes: project, iid, title, state, attention_state (programmatic: `needs_attention`, `not_started`, `awaiting_response`, `stale`, `not_ready`), labels, updated_at_iso, web_url
+- **AC-7.4**: Issues include `status_name` (work item status)
+- **AC-7.5**: MRs include `draft`, `detailed_merge_status`, `author_username` (reviewing section)
+- **AC-7.6**: Activity items include: `timestamp_iso`, `event_type`, `entity_type`, `entity_iid`, `project`, `actor`, `is_own`, `summary`, `body_preview` (for notes, truncated to 200 chars)
+- **AC-7.7**: `--fields minimal` preset: `iid`, `title`, `attention_state`, `updated_at_iso` (work items); `timestamp_iso`, `event_type`, `entity_iid`, `actor` (activity)
+- **AC-7.8**: Metadata-only depth — agents drill into specific items with `timeline`, `issues`, `mrs` for full context
+- **AC-7.9**: No limits, no truncation on any array
+
+### AC-8: Cross-Project Behavior
+
+- **AC-8.1**: If `config.default_project` is set, scope to that project by default. If no default project, show all synced projects.
+- **AC-8.2**: `--all` flag overrides default project and shows all synced projects
+- **AC-8.3**: `--project` flag narrows to a specific project (supports fuzzy match like other commands)
+- **AC-8.4**: `--project` and `--all` are mutually exclusive (exit 2 if both passed)
+- **AC-8.5**: Project path shown per-item in both human and robot output (suppressed in human when single-project scoped per AC-6.1)
+
+### AC-9: Sort Order
+
+- **AC-9.1**: Work item sections: attention-first, then most recently updated
+- **AC-9.2**: Attention priority: `needs_attention` > `not_started` > `awaiting_response` > `stale` > `not_ready`
+- **AC-9.3**: Activity feed: chronological descending (newest first)
+
+### AC-10: Error Handling
+
+- **AC-10.1**: No username configured and no `--user` flag → exit 2 with suggestion
+- **AC-10.2**: No synced data → exit 17 with suggestion to run `lore sync`
+- **AC-10.3**: Username found but no matching items → empty sections with summary showing zeros
+- **AC-10.4**: `--project` and `--all` both passed → exit 2 with message
+
+### AC-11: Relationship to Existing Commands
+
+- **AC-11.1**: `who @username` remains for looking at anyone's workload
+- **AC-11.2**: `lore me` is the self-view with attention intelligence
+- **AC-11.3**: No deprecation of `who` — they serve different purposes
+
+### AC-12: New Assignments Detection
+
+- **AC-12.1**: Detect from system notes (`notes.is_system = 1`) matching these body patterns:
+  - `"assigned to @username"` — issue/MR assignment
+  - `"unassigned @username"` — removal (shown as `unassign` event type)
+  - `"requested review from @username"` — reviewer assignment (shown as `review_request` event type)
+- **AC-12.2**: These appear in the activity feed with appropriate event types
+- **AC-12.3**: Shows who performed the action (note author from the associated non-system context, or "system" if unavailable) and when (note created_at)
+- **AC-12.4**: Pattern matching is case-insensitive and matches username at word boundary
+
+---
+
+## Out of Scope (Follow-Up Work)
+
+- **Award emoji sync**: Extends attention signal with reaction timestamps. Requires new table + GitLab REST API integration. Note-level emoji sync has N+1 concern requiring smart batching.
+- **Participation/mention expansion**: Broadening "my items" beyond assigned+authored.
+- **Label filtering**: `--label` flag to scope dashboard by label.
+
+---
+
+## Design Notes
+
+### Why No High-Water Mark
+
+GitLab itself is the source of truth for "what I've engaged with." The attention state is computed by comparing the user's latest comment timestamp against others' latest comment timestamps on each item. No local cursor or mark is needed.
+
+### Why Comments-Only (For Now)
+
+Award emoji (reactions) are a valid "I've engaged" signal but aren't currently synced. The attention model is designed to incorporate emoji timestamps when available — adding them later requires no model changes.
+
+### Why MR Assignees Are Excluded
+
+GitLab MR workflows have three role fields: Author, Assignee, and Reviewer. In Pattern 1 workflows (the most common post-2020), the author assigns themselves — making assignee redundant with authorship. The Reviewing section uses `mr_reviewers` as the review signal.
+
+### Attention State Evaluation Order
+
+States are evaluated in priority order (first match wins):
+
+```
+1. not_ready    — MR-only: draft=1 AND no reviewers
+2. needs_attention — others commented after me
+3. stale        — had activity, but nothing in 30d (NOT for zero-comment items)
+4. not_started  — I have zero comments (may or may not have others' comments)
+5. awaiting_response — I commented last (or I'm the only commenter)
+```
+
+Edge cases:
+- Zero comments from anyone → `not_started` (NOT stale)
+- Only my comments, none from others → `awaiting_response`
+- Only others' comments, none from me → `not_started` (I haven't engaged)
+  - Wait: this conflicts with `needs_attention` (step 2). If others have commented and I haven't, then others' latest > my latest (NULL). This should be `needs_attention`, not `not_started`.
+
+Corrected logic:
+- `needs_attention` takes priority over `not_started` when others HAVE commented but I haven't. The distinction: `not_started` only applies when NOBODY has commented.
+
+```
+1. not_ready         — MR-only: draft=1 AND no reviewers
+2. needs_attention   — others have non-system notes AND (I have none OR others' latest > my latest)
+3. stale             — latest note from anyone is older than 30 days
+4. awaiting_response — my latest >= others' latest (I'm caught up)
+5. not_started       — zero non-system notes from anyone
+```
+
+### Attention State Computation (SQL Sketch)
+
+```sql
+WITH my_latest AS (
+    SELECT d.issue_id, d.merge_request_id, MAX(n.created_at) AS ts
+    FROM notes n
+    JOIN discussions d ON n.discussion_id = d.id
+    WHERE n.author_username = ?me AND n.is_system = 0
+    GROUP BY d.issue_id, d.merge_request_id
+),
+others_latest AS (
+    SELECT d.issue_id, d.merge_request_id, MAX(n.created_at) AS ts
+    FROM notes n
+    JOIN discussions d ON n.discussion_id = d.id
+    WHERE n.author_username != ?me AND n.is_system = 0
+    GROUP BY d.issue_id, d.merge_request_id
+),
+any_latest AS (
+    SELECT d.issue_id, d.merge_request_id, MAX(n.created_at) AS ts
+    FROM notes n
+    JOIN discussions d ON n.discussion_id = d.id
+    WHERE n.is_system = 0
+    GROUP BY d.issue_id, d.merge_request_id
+)
+SELECT
+    CASE
+        -- MR-only: draft with no reviewers
+        WHEN entity_type = 'mr' AND draft = 1
+             AND NOT EXISTS (SELECT 1 FROM mr_reviewers WHERE merge_request_id = entity_id)
+            THEN 'not_ready'
+        -- Others commented and I haven't caught up (or never engaged)
+        WHEN others.ts IS NOT NULL AND (my.ts IS NULL OR others.ts > my.ts)
+            THEN 'needs_attention'
+        -- Had activity but gone quiet for 30d
+        WHEN any.ts IS NOT NULL AND any.ts < ?now_minus_30d
+            THEN 'stale'
+        -- I've responded and I'm caught up
+        WHEN my.ts IS NOT NULL AND my.ts >= COALESCE(others.ts, 0)
+            THEN 'awaiting_response'
+        -- Nobody has commented at all
+        ELSE 'not_started'
+    END AS attention_state
+FROM ...
+```

docs/performance-audit-2026-02-12.md

@@ -0,0 +1,179 @@
+# Deep Performance Audit Report
+
+**Date:** 2026-02-12
+**Branch:** `perf-audit` (e9bacc94)
+**Parent:** `039ab1c2` (master, v0.6.1)
+
+---
+
+## Methodology
+
+1. **Baseline** — measured p50/p95 latency for all major commands with warm cache
+2. **Profile** — used macOS `sample` profiler and `EXPLAIN QUERY PLAN` to identify hotspots
+3. **Golden output** — captured exact numeric outputs before changes as equivalence oracle
+4. **One lever per change** — each optimization isolated and independently benchmarked
+5. **Revert threshold** — any optimization <1.1x speedup reverted per audit rules
+
+---
+
+## Baseline Measurements (warm cache, release build)
+
+| Command | Latency | Notes |
+|---------|---------|-------|
+| `who --path src/core/db.rs` (expert) | 2200ms | **Hotspot** |
+| `who --active` | 83-93ms | Acceptable |
+| `who workload` | 22ms | Fast |
+| `stats` | 107-112ms | **Hotspot** |
+| `search "authentication"` | 1030ms | **Hotspot** (library-level) |
+| `list issues -n 50` | ~40ms | Fast |
+
+---
+
+## Optimization 1: INDEXED BY for DiffNote Queries
+
+**Target:** `src/cli/commands/who.rs` — expert and reviews query paths
+
+**Problem:** SQLite query planner chose `idx_notes_system` (38% selectivity, 106K rows) over `idx_notes_diffnote_path_created` (9.3% selectivity, 26K rows) for path-filtered DiffNote queries. The partial index `WHERE noteable_type = 'MergeRequest' AND type = 'DiffNote'` is far more selective but the planner's cost model didn't pick it.
+
+**Change:** Added `INDEXED BY idx_notes_diffnote_path_created` to all 8 SQL queries across `query_expert`, `query_expert_details`, `query_reviews`, `build_path_query` (probes 1 & 2), and `suffix_probe`.
+
+**Results:**
+
+| Query | Before | After | Speedup |
+|-------|--------|-------|---------|
+| expert (specific path) | 2200ms | 56-58ms | **38x** |
+| expert (broad path) | 2200ms | 83ms | **26x** |
+| reviews | 1800ms | 24ms | **75x** |
+
+**Isomorphism proof:** `INDEXED BY` only changes which index the planner uses, not the query semantics. Same rows matched, same ordering, same output. Verified by golden output comparison across 5+ runs.
+
+---
+
+## Optimization 2: Conditional Aggregates in Stats
+
+**Target:** `src/cli/commands/stats.rs`
+
+**Problem:** 12+ sequential `COUNT(*)` queries each requiring a full table scan of `documents` (61K rows). Each scan touched the same pages but couldn't share work.
+
+**Changes:**
+- Documents: 5 sequential COUNTs -> 1 query with `SUM(CASE WHEN ... THEN 1 END)`
+- FTS count: `SELECT COUNT(*) FROM documents_fts` (virtual table, slow) -> `SELECT COUNT(*) FROM documents_fts_docsize` (shadow B-tree table, 19x faster)
+- Embeddings: 2 queries -> 1 with `COUNT(DISTINCT document_id), COUNT(*)`
+- Dirty sources: 2 queries -> 1 with conditional aggregates
+- Pending fetches: 2 queries -> 1 each (discussions, dependents)
+
+**Results:**
+
+| Metric | Before | After | Speedup |
+|--------|--------|-------|---------|
+| Warm median | 112ms | 66ms | **1.70x** |
+| Cold | 1220ms | ~700ms | ~1.7x |
+
+**Golden output verified:**
+
+```
+total:61652, issues:8241, mrs:10018, discussions:43393, truncated:63
+fts:61652, embedded:61652, chunks:88161
+```
+
+All values match exactly across before/after runs.
+
+**Isomorphism proof:** `SUM(CASE WHEN x THEN 1 END)` is algebraically identical to `COUNT(*) WHERE x`. The FTS5 shadow table `documents_fts_docsize` has exactly one row per FTS document by SQLite specification, so `COUNT(*)` on it equals the virtual table count.
+
+---
+
+## Investigation: Two-Phase FTS Search (REVERTED)
+
+**Target:** `src/search/fts.rs`, `src/cli/commands/search.rs`
+
+**Hypothesis:** FTS5 `snippet()` generation is expensive. Splitting search into Phase 1 (score-only MATCH+bm25) and Phase 2 (snippet for filtered results only) should reduce work.
+
+**Implementation:** Created `fetch_fts_snippets()` that retrieves snippets only for post-filter document IDs via `json_each()` join.
+
+**Results:**
+
+| Metric | Before | After | Improvement |
+|--------|--------|-------|-------------|
+| search (limit 20) | 1030ms | 995ms | 3.5% |
+
+**Decision:** Reverted. Per audit rules, <1.1x speedup does not justify added code complexity.
+
+**Root cause:** The bottleneck is not snippet generation but `MATCH` + `bm25()` scoring itself. Profiling showed `strspn` (FTS5 tokenizer) and `memmove` as the top CPU consumers. The same query runs in 30ms on system sqlite3 but 1030ms in rusqlite's bundled SQLite — a ~125x gap despite both being SQLite 3.51.x compiled at -O3.
+
+---
+
+## Library-Level Finding: Bundled SQLite FTS5 Performance
+
+**Observation:** FTS5 MATCH+bm25 queries are ~125x slower in rusqlite's bundled SQLite vs system sqlite3.
+
+| Environment | Query Time | Notes |
+|-------------|-----------|-------|
+| System sqlite3 (macOS) | 30ms (with snippet), 8ms (without) | Same .db file |
+| rusqlite bundled | 1030ms | `features = ["bundled"]`, OPT_LEVEL=3 |
+
+**Profiler data (macOS `sample`):**
+- Top hotspot: `strspn` in FTS5 tokenizer
+- Secondary: `memmove` in FTS5 internals
+- Scaling: ~5ms per result (limit 5 = 497ms, limit 20 = 995ms)
+
+**Possible causes:**
+- Bundled SQLite compiled without platform-specific optimizations (SIMD, etc.)
+- Different memory allocator behavior
+- Missing compile-time tuning flags
+
+**Recommendation for future:** Investigate switching from `features = ["bundled"]` to system SQLite linkage, or audit the bundled compile flags in the `libsqlite3-sys` build script.
+
+---
+
+## Exploration Agent Findings (Informational)
+
+Four parallel exploration agents surveyed the entire codebase. Key findings beyond what was already addressed:
+
+### Ingestion Pipeline
+- Serial DB writes in async context (acceptable — rusqlite is synchronous)
+- Label ingestion uses individual inserts (potential batch optimization, low priority)
+
+### CLI / GitLab Client
+- GraphQL client recreated per call (`client.rs:98-100`) — caches connection pool, minor
+- Double JSON deserialization in GraphQL responses — medium priority
+- N+1 subqueries in `list` command (`list.rs:408-423`) — 4 correlated subqueries per row
+
+### Search / Embedding
+- No N+1 patterns, no O(n^2) algorithms
+- Chunking is O(n) single-pass with proper UTF-8 safety
+- Ollama concurrency model is sound (parallel HTTP, serial DB writes)
+
+### Database / Documents
+- O(n^2) prefix sum in `truncation.rs` — low traffic path
+- String allocation patterns in extractors — micro-optimization territory
+
+---
+
+## Opportunity Matrix
+
+| Candidate | Impact | Confidence | Effort | Score | Status |
+|-----------|--------|------------|--------|-------|--------|
+| INDEXED BY for DiffNote | Very High | High | Low | **9.0** | Shipped |
+| Stats conditional aggregates | Medium | High | Low | **7.0** | Shipped |
+| Bundled SQLite FTS5 | Very High | Medium | High | 5.0 | Documented |
+| List N+1 subqueries | Medium | Medium | Medium | 4.0 | Backlog |
+| GraphQL double deser | Low | Medium | Low | 3.5 | Backlog |
+| Truncation O(n^2) | Low | High | Low | 3.0 | Backlog |
+
+---
+
+## Files Modified
+
+| File | Change |
+|------|--------|
+| `src/cli/commands/who.rs` | INDEXED BY hints on 8 SQL queries |
+| `src/cli/commands/stats.rs` | Conditional aggregates, FTS5 shadow table, merged queries |
+
+---
+
+## Quality Gates
+
+- All 603 tests pass
+- `cargo clippy --all-targets -- -D warnings` clean
+- `cargo fmt --check` clean
+- Golden output verified for both optimizations

docs/plan-expose-discussion-ids.feedback-1.md

@@ -0,0 +1,202 @@
+No `## Rejected Recommendations` section appears in the plan you pasted, so the revisions below are all net-new.
+
+1. **Add an explicit “Bridge Contract” and fix scope inconsistency**
+Analysis: The plan says “Three changes” but defines four. More importantly, identifier requirements are scattered. A single contract section prevents drift and makes every new read surface prove it can drive a write call.
+
+```diff
+@@
+-**Scope**: Three changes, delivered in order:
++**Scope**: Four workstreams, delivered in order:
+ 1. Add `gitlab_discussion_id` to notes output
+ 2. Add `gitlab_discussion_id` to show command discussion groups
+ 3. Add a standalone `discussions` list command
+ 4. Fix robot-docs to list actual field names instead of opaque type references
++
++## Bridge Contract (Cross-Cutting)
++Every read payload that surfaces notes/discussions MUST include:
++- `project_path`
++- `noteable_type`
++- `parent_iid`
++- `gitlab_discussion_id`
++- `gitlab_note_id` (when note-level data is returned)
++This contract is required so agents can deterministically construct `glab api` write calls.
+```
+
+2. **Normalize identifier naming now (break ambiguous names)**
+Analysis: Current `id`/`gitlab_id` naming is ambiguous in mixed payloads. Rename to explicit `note_id` and `gitlab_note_id` now (you explicitly don’t care about backward compatibility). This reduces automation mistakes.
+
+```diff
+@@ 1b. Add field to `NoteListRow`
+-pub struct NoteListRow {
+-    pub id: i64,
+-    pub gitlab_id: i64,
++pub struct NoteListRow {
++    pub note_id: i64,           // local DB id
++    pub gitlab_note_id: i64,    // GitLab note id
+@@
+@@ 1c. Add field to `NoteListRowJson`
+-pub struct NoteListRowJson {
+-    pub id: i64,
+-    pub gitlab_id: i64,
++pub struct NoteListRowJson {
++    pub note_id: i64,
++    pub gitlab_note_id: i64,
+@@
+-#### 2f. Add `gitlab_note_id` to note detail structs in show
+-While we're here, add `gitlab_id` to `NoteDetail`, `MrNoteDetail`, and their JSON
++#### 2f. Add `gitlab_note_id` to note detail structs in show
++While we're here, add `gitlab_note_id` to `NoteDetail`, `MrNoteDetail`, and their JSON
+ counterparts.
+```
+
+3. **Stop positional column indexing for these changes**
+Analysis: In `list.rs`, row extraction is positional (`row.get(18)`, etc.). Adding fields is fragile and easy to break silently. Use named aliases and named lookup for robustness.
+
+```diff
+@@ 1a/1b SQL + query_map
+-    p.path_with_namespace AS project_path
++    p.path_with_namespace AS project_path,
++    d.gitlab_discussion_id AS gitlab_discussion_id
+@@
+-    project_path: row.get(18)?,
+-    gitlab_discussion_id: row.get(19)?,
++    project_path: row.get("project_path")?,
++    gitlab_discussion_id: row.get("gitlab_discussion_id")?,
+```
+
+4. **Redesign `discussions` query to avoid correlated subquery fanout**
+Analysis: Proposed query uses many correlated subqueries per row. That’s acceptable for tiny MR-scoped sets, but degrades for project-wide scans. Use a base CTE + one rollup pass over notes.
+
+```diff
+@@ 3c. SQL Query
+-SELECT
+-    d.id,
+-    ...
+-    (SELECT COUNT(*) FROM notes n2 WHERE n2.discussion_id = d.id AND n2.is_system = 0) AS note_count,
+-    (SELECT n3.author_username FROM notes n3 WHERE n3.discussion_id = d.id ORDER BY n3.position LIMIT 1) AS first_author,
+-    ...
+-FROM discussions d
++WITH base AS (
++  SELECT d.id, d.gitlab_discussion_id, d.noteable_type, d.project_id, d.issue_id, d.merge_request_id,
++         d.individual_note, d.first_note_at, d.last_note_at, d.resolvable, d.resolved
++  FROM discussions d
++  {where_sql}
++),
++note_rollup AS (
++  SELECT n.discussion_id,
++         COUNT(*) FILTER (WHERE n.is_system = 0) AS user_note_count,
++         COUNT(*) AS total_note_count,
++         MIN(CASE WHEN n.is_system = 0 THEN n.position END) AS first_user_pos
++  FROM notes n
++  JOIN base b ON b.id = n.discussion_id
++  GROUP BY n.discussion_id
++)
++SELECT ...
++FROM base b
++LEFT JOIN note_rollup r ON r.discussion_id = b.id
+```
+
+5. **Add explicit index work for new access patterns**
+Analysis: Existing indexes are good but not ideal for new list patterns (`project + last_note`, note position ordering inside discussion). Add migration entries to keep latency stable.
+
+```diff
+@@ ## 3. Add Standalone `discussions` List Command
++#### 3h. Add migration for discussion-list performance
++**File**: `migrations/027_discussions_list_indexes.sql`
++```sql
++CREATE INDEX IF NOT EXISTS idx_discussions_project_last_note
++  ON discussions(project_id, last_note_at DESC, id DESC);
++CREATE INDEX IF NOT EXISTS idx_discussions_project_first_note
++  ON discussions(project_id, first_note_at DESC, id DESC);
++CREATE INDEX IF NOT EXISTS idx_notes_discussion_position
++  ON notes(discussion_id, position);
++```
+```
+
+6. **Add keyset pagination (critical for agent workflows)**
+Analysis: `--limit` alone is not enough for automation over large datasets. Add cursor-based pagination with deterministic sort keys and `next_cursor` in JSON.
+
+```diff
+@@ 3a. CLI Args
++    /// Keyset cursor from previous response
++    #[arg(long, help_heading = "Output")]
++    pub cursor: Option<String>,
+@@
+@@ Response Schema
+-    "total_count": 15,
+-    "showing": 15
++    "total_count": 15,
++    "showing": 15,
++    "next_cursor": "eyJsYXN0X25vdGVfYXQiOjE3MDAwMDAwMDAwMDAsImlkIjoxMjN9"
+@@
+@@ Validation Criteria
++7. `lore -J discussions ... --cursor <token>` returns the next stable page without duplicates/skips
+```
+
+7. **Fix semantic ambiguities in discussion summary fields**
+Analysis: `note_count` is ambiguous, and `first_author` can accidentally be a system note author. Make fields explicit and consistent with non-system default behavior.
+
+```diff
+@@ Response Schema
+-        "note_count": 3,
+-        "first_author": "elovegrove",
++        "user_note_count": 3,
++        "total_note_count": 4,
++        "first_user_author": "elovegrove",
+@@
+@@ 3d. Filters struct / path behavior
+-- `path` → `EXISTS (SELECT 1 FROM notes n WHERE n.discussion_id = d.id AND n.position_new_path LIKE ?)`
++- `path` → match on BOTH `position_new_path` and `position_old_path` (exact/prefix)
+```
+
+8. **Enrich show outputs with actionable thread metadata**
+Analysis: Adding only discussion id helps, but agents still need thread state and note ids to pick targets correctly. Add `resolvable`, `resolved`, `last_note_at_iso`, and `gitlab_note_id` in show discussion payloads.
+
+```diff
+@@ 2a/2b show discussion structs
+ pub struct DiscussionDetailJson {
+     pub gitlab_discussion_id: String,
++    pub resolvable: bool,
++    pub resolved: bool,
++    pub last_note_at_iso: String,
+     pub notes: Vec<NoteDetailJson>,
+@@
+ pub struct NoteDetailJson {
++    pub gitlab_note_id: i64,
+     pub author_username: String,
+```
+
+9. **Harden robot-docs against schema drift with tests**
+Analysis: Static JSON in `main.rs` will drift again. Add a lightweight contract test that asserts docs include required fields for `notes`, `discussions`, and show payloads.
+
+```diff
+@@ 4. Fix Robot-Docs Response Schemas
++#### 4f. Add robot-docs contract tests
++**File**: `src/main.rs` (or dedicated test module)
++- Assert `robot-docs` contains `gitlab_discussion_id` and `gitlab_note_id` in:
++  - `notes.response_schema`
++  - `issues.response_schema.show`
++  - `mrs.response_schema.show`
++  - `discussions.response_schema`
+```
+
+10. **Adjust delivery order to reduce rework and include missing CSV path**
+Analysis: In your sample `handle_discussions`, `csv` is declared in args but not handled. Also, robot-docs should land after all payload changes. Sequence should minimize churn.
+
+```diff
+@@ Delivery Order
+-3. **Change 4** (robot-docs) — depends on 1 and 2 being done so schemas are accurate.
+-4. **Change 3** (discussions command) — largest change, depends on 1 for design consistency.
++3. **Change 3** (discussions command + indexes + pagination) — largest change.
++4. **Change 4** (robot-docs + contract tests) — last, after payloads are final.
+@@ 3e. Handler wiring
+-    match format {
++    match format {
+         "json" => ...
+         "jsonl" => ...
++        "csv" => print_list_discussions_csv(&result),
+         _ => ...
+     }
+```
+
+If you want, I can produce a single consolidated revised plan markdown with these edits applied so you can drop it in directly.

docs/plan-expose-discussion-ids.feedback-2.md

@@ -0,0 +1,162 @@
+Best non-rejected upgrades I’d make to this plan are below. They focus on reducing schema drift, making robot output safer to consume, and improving performance behavior at scale.
+
+1. Add a shared contract model and field constants first (before workstreams 1-4)  
+Rationale: Right now each command has its own structs and ad-hoc mapping. That is exactly how drift happens. A single contract definition reused by `notes`, `show`, `discussions`, and robot-docs gives compile-time coupling between output payloads and docs. It also makes future fields cheaper and safer to add.
+
+```diff
+@@ Scope: Four workstreams, delivered in order:
+-1. Add `gitlab_discussion_id` to notes output
+-2. Add `gitlab_discussion_id` to show command discussion groups
+-3. Add a standalone `discussions` list command
+-4. Fix robot-docs to list actual field names instead of opaque type references
++0. Introduce shared Bridge Contract model/constants used by notes/show/discussions/robot-docs
++1. Add `gitlab_discussion_id` to notes output
++2. Add `gitlab_discussion_id` to show command discussion groups
++3. Add a standalone `discussions` list command
++4. Fix robot-docs to list actual field names instead of opaque type references
+
++## 0. Shared Contract Model (Cross-Cutting)
++Define canonical required-field constants and shared mapping helpers, then consume them in:
++- `src/cli/commands/list.rs`
++- `src/cli/commands/show.rs`
++- `src/cli/robot.rs`
++- `src/main.rs` robot-docs builder
++This removes duplicated field-name strings and prevents docs/output mismatch.
+```
+
+2. Make bridge fields “non-droppable” in robot mode  
+Rationale: The current plan adds fields, but `--fields` can still remove them. That breaks the core read/write bridge contract in exactly the workflows this change is trying to fix. In robot mode, contract fields should always be force-included.
+
+```diff
+@@ ## Bridge Contract (Cross-Cutting)
+ Every read payload that surfaces notes or discussions **MUST** include:
+ - `project_path`
+ - `noteable_type`
+ - `parent_iid`
+ - `gitlab_discussion_id`
+ - `gitlab_note_id` (when note-level data is returned — i.e., in notes list and show detail)
+
++### Field Filtering Guardrail
++In robot mode, `filter_fields` must force-include Bridge Contract fields even when users pass a narrower `--fields` list.
++Human/table mode keeps existing behavior.
+```
+
+3. Replace correlated subqueries in `discussions` rollup with a single-pass window/aggregate pattern  
+Rationale: Your CTE is better than naive fanout, but it still uses multiple correlated sub-selects per discussion for first author/body/path. At 200K+ discussions this can regress badly depending on cache/index state. A window-ranked `notes` CTE with grouped aggregates is usually faster and more predictable in SQLite.
+
+```diff
+@@ #### 3c. SQL Query
+-Core query uses a CTE + rollup to avoid correlated subquery fanout on larger result sets:
++Core query uses a CTE + ranked-notes rollup (window function) to avoid per-row correlated subqueries:
+
+-WITH filtered_discussions AS (...),
+-note_rollup AS (
+-    SELECT
+-        n.discussion_id,
+-        SUM(...) AS note_count,
+-        (SELECT ... LIMIT 1) AS first_author,
+-        (SELECT ... LIMIT 1) AS first_note_body,
+-        (SELECT ... LIMIT 1) AS position_new_path,
+-        (SELECT ... LIMIT 1) AS position_new_line
+-    FROM notes n
+-    ...
+-)
++WITH filtered_discussions AS (...),
++ranked_notes AS (
++    SELECT
++        n.*,
++        ROW_NUMBER() OVER (PARTITION BY n.discussion_id ORDER BY n.position, n.id) AS rn
++    FROM notes n
++    WHERE n.discussion_id IN (SELECT id FROM filtered_discussions)
++),
++note_rollup AS (
++    SELECT
++        discussion_id,
++        SUM(CASE WHEN is_system = 0 THEN 1 ELSE 0 END) AS note_count,
++        MAX(CASE WHEN rn = 1 AND is_system = 0 THEN author_username END) AS first_author,
++        MAX(CASE WHEN rn = 1 AND is_system = 0 THEN body END) AS first_note_body,
++        MAX(CASE WHEN position_new_path IS NOT NULL THEN position_new_path END) AS position_new_path,
++        MAX(CASE WHEN position_new_line IS NOT NULL THEN position_new_line END) AS position_new_line
++    FROM ranked_notes
++    GROUP BY discussion_id
++)
+```
+
+4. Add direct GitLab ID filters for deterministic bridging  
+Rationale: Bridge workflows often start from one known ID. You already have `gitlab_note_id` in notes filters, but discussion filtering still looks internal-ID-centric. Add explicit GitLab-ID filters so agents do not need extra translation calls.
+
+```diff
+@@ #### 3a. CLI Args
+ pub struct DiscussionsArgs {
++    /// Filter by GitLab discussion ID
++    #[arg(long, help_heading = "Filters")]
++    pub gitlab_discussion_id: Option<String>,
+@@
+
+@@ #### 3d. Filters struct
+ pub struct DiscussionListFilters {
++    pub gitlab_discussion_id: Option<String>,
+@@
+ }
+```
+
+```diff
+@@ ## 1. Add `gitlab_discussion_id` to Notes Output
++#### 1g. Add `--gitlab-discussion-id` filter to notes
++Allow filtering notes directly by GitLab thread ID (not only internal discussion ID).
++This enables one-hop note retrieval from external references.
+```
+
+5. Add optional note expansion to `discussions` for fewer round-trips  
+Rationale: Today the agent flow is often `discussions -> show`. Optional embedded notes (`--include-notes N`) gives a fast path for “list unresolved threads with latest context” without forcing full show payloads.
+
+```diff
+@@ ### Design
+ lore -J discussions --for-mr 99 --resolution unresolved
++lore -J discussions --for-mr 99 --resolution unresolved --include-notes 2
+
+@@ #### 3a. CLI Args
++    /// Include up to N latest notes per discussion (0 = none)
++    #[arg(long, default_value = "0", help_heading = "Output")]
++    pub include_notes: usize,
+```
+
+6. Upgrade robot-docs from string blobs to structured schema + explicit contract block  
+Rationale: `contains("gitlab_discussion_id")` tests on schema strings are brittle. A structured schema object gives machine-checked docs and reliable test assertions. Add a contract section for agent consumers.
+
+```diff
+@@ ## 4. Fix Robot-Docs Response Schemas
+-#### 4a. Notes response_schema
+-Replace stringly-typed schema snippets...
++#### 4a. Notes response_schema (structured)
++Represent response fields as JSON objects (field -> type/nullable), not freeform strings.
+
++#### 4g. Add `bridge_contract` section in robot-docs
++Publish canonical required fields per entity:
++- notes
++- discussions
++- show.discussions
++- show.notes
+```
+
+7. Strengthen validation: add CLI-level contract tests and perf guardrails  
+Rationale: Most current tests are unit-level struct/query checks. Add end-to-end JSON contract tests via command handlers, plus a benchmark-style regression test (ignored by default) so performance work stays intentional.
+
+```diff
+@@ ## Validation Criteria
+ 8. Bridge Contract fields (...) are present in every applicable read payload
++9. Contract fields remain present even with `--fields` in robot mode
++10. `discussions` query meets performance guardrail on representative fixture (documented threshold)
+
+@@ ### Tests
++#### Test: robot-mode fields cannot drop bridge contract keys
++Run notes/discussions JSON output through `filter_fields` path and assert required keys remain.
++
++#### Test: CLI contract integration
++Invoke command handlers for `notes`, `discussions`, `mrs <iid>`, parse JSON, assert required keys and types.
++
++#### Test (ignored): large-fixture performance regression
++Generate representative fixture and assert `query_discussions` stays under target elapsed time.
+```
+
+If you want, I can now produce a full “v2 plan” document that applies these diffs end-to-end (including revised delivery order and complete updated sections).

docs/plan-expose-discussion-ids.feedback-3.md

@@ -0,0 +1,147 @@
+1. **Make `gitlab_note_id` explicit in all note-level payloads without breaking existing consumers**
+Rationale: Your Bridge Contract already requires `gitlab_note_id`, but current plan keeps `gitlab_id` only in `notes` list while adding `gitlab_note_id` only in detail views. That forces agents to special-case commands. Add `gitlab_note_id` as an alias field everywhere note-level data appears, while keeping `gitlab_id` for compatibility.
+
+```diff
+@@ Bridge Contract (Cross-Cutting)
+-Every read payload that surfaces notes or discussions MUST include:
++Every read payload that surfaces notes or discussions MUST include:
+   - project_path
+   - noteable_type
+   - parent_iid
+   - gitlab_discussion_id
+   - gitlab_note_id (when note-level data is returned — i.e., in notes list and show detail)
++  - Back-compat rule: note payloads may continue exposing `gitlab_id`, but MUST also expose `gitlab_note_id` with the same value.
+
+@@ 1. Add `gitlab_discussion_id` to Notes Output
+-#### 1c. Add field to `NoteListRowJson`
++#### 1c. Add fields to `NoteListRowJson`
++Add `gitlab_note_id` alias in addition to existing `gitlab_id` (no rename, no breakage).
+
+@@ 1f. Update `--fields minimal` preset
+-"notes" => ["id", "author_username", "body", "created_at_iso", "gitlab_discussion_id"]
++"notes" => ["id", "gitlab_note_id", "author_username", "body", "created_at_iso", "gitlab_discussion_id"]
+```
+
+2. **Avoid duplicate flag semantics for discussion filtering**
+Rationale: `notes` already has `--discussion-id` and it already maps to `d.gitlab_discussion_id`. Adding a second independent flag/field (`--gitlab-discussion-id`) increases complexity and precedence bugs. Keep one backing filter field and make the new flag an alias.
+
+```diff
+@@ 1g. Add `--gitlab-discussion-id` filter to notes
+-Allow filtering notes directly by GitLab discussion thread ID...
++Normalize discussion ID flags:
++- Keep one backing filter field (`discussion_id`)
++- Support both `--discussion-id` (existing) and `--gitlab-discussion-id` (alias)
++- If both are provided, clap should reject as duplicate/alias conflict
+```
+
+3. **Add ambiguity guardrails for cross-project discussion IDs**
+Rationale: `gitlab_discussion_id` is unique per project, not globally. Filtering by discussion ID without project can return multiple rows across repos, which breaks deterministic write bridging. Fail fast with an `Ambiguous` error and actionable fix (`--project`).
+
+```diff
+@@ Bridge Contract (Cross-Cutting)
++### Ambiguity Guardrail
++When filtering by `gitlab_discussion_id` without `--project`, if multiple projects match:
++- return `Ambiguous` error
++- include matching project paths in message
++- suggest retry with `--project <path>`
+```
+
+4. **Replace `--include-notes` N+1 retrieval with one batched top-N query**
+Rationale: The current plan’s per-discussion follow-up query scales poorly and creates latency spikes. Use a single window-function query over selected discussion IDs and group rows in Rust. This is both faster and more predictable.
+
+```diff
+@@ 3c-ii. Note expansion query (--include-notes)
+-When `include_notes > 0`, after the main discussion query, run a follow-up query per discussion...
++When `include_notes > 0`, run one batched query:
++WITH ranked_notes AS (
++  SELECT
++    n.*,
++    d.gitlab_discussion_id,
++    ROW_NUMBER() OVER (
++      PARTITION BY n.discussion_id
++      ORDER BY n.created_at DESC, n.id DESC
++    ) AS rn
++  FROM notes n
++  JOIN discussions d ON d.id = n.discussion_id
++  WHERE n.discussion_id IN ( ...selected discussion ids... )
++)
++SELECT ... FROM ranked_notes WHERE rn <= ?
++ORDER BY discussion_id, rn;
++
++Group by `discussion_id` in Rust and attach notes arrays without per-thread round-trips.
+```
+
+5. **Add hard output guardrails and explicit truncation metadata**
+Rationale: `--limit` and `--include-notes` are unbounded today. For robot workflows this can accidentally generate huge payloads. Cap values and surface effective limits plus truncation state in `meta`.
+
+```diff
+@@ 3a. CLI Args
+-    pub limit: usize,
++    pub limit: usize, // clamp to max (e.g., 500)
+
+-    pub include_notes: usize,
++    pub include_notes: usize, // clamp to max (e.g., 20)
+
+@@ Response Schema
+-  "meta": { "elapsed_ms": 12 }
++  "meta": {
++    "elapsed_ms": 12,
++    "effective_limit": 50,
++    "effective_include_notes": 2,
++    "has_more": true
++  }
+```
+
+6. **Strengthen deterministic ordering and null handling**
+Rationale: `first_note_at`, `last_note_at`, and note `position` can be null/incomplete during partial sync states. Add null-safe ordering to avoid unstable output and flaky automation.
+
+```diff
+@@ 2c. Update queries to SELECT new fields
+-... ORDER BY first_note_at
++... ORDER BY COALESCE(first_note_at, last_note_at, 0), id
+
+@@ show note query
+-ORDER BY position
++ORDER BY COALESCE(position, 9223372036854775807), created_at, id
+
+@@ 3c. SQL Query
+-ORDER BY {sort_column} {order}
++ORDER BY COALESCE({sort_column}, 0) {order}, fd.id {order}
+```
+
+7. **Make write-bridging more useful with optional command hints**
+Rationale: Exposing IDs is necessary but not sufficient; agents still need to assemble endpoints repeatedly. Add optional `--with-write-hints` that injects compact endpoint templates (`reply`, `resolve`) derived from row context. This improves usability without bloating default output.
+
+```diff
+@@ 3a. CLI Args
++    /// Include machine-actionable glab write hints per row
++    #[arg(long, help_heading = "Output")]
++    pub with_write_hints: bool,
+
+@@ Response Schema (notes/discussions/show)
++    "write_hints?": {
++      "reply_endpoint": "string",
++      "resolve_endpoint?": "string"
++    }
+```
+
+8. **Upgrade robot-docs/contract validation from string-contains to parity checks**
+Rationale: `contains("gitlab_discussion_id")` catches very little and allows schema drift. Build field-set parity tests that compare actual serialized JSON keys to robot-docs declared fields for `notes`, `discussions`, and `show` discussion nodes.
+
+```diff
+@@ 4f. Add robot-docs contract tests
+-assert!(notes_schema.contains("gitlab_discussion_id"));
++let declared = parse_schema_field_list(notes_schema);
++let sample = sample_notes_row_json_keys();
++assert_required_subset(&declared, &["project_path","noteable_type","parent_iid","gitlab_discussion_id","gitlab_note_id"]);
++assert_schema_matches_payload(&declared, &sample);
+
+@@ 4g. Add CLI-level contract integration tests
++Add parity tests for:
++- notes list JSON
++- discussions list JSON
++- issues show discussions[*]
++- mrs show discussions[*]
+```
+
+If you want, I can produce a full revised v3 plan text with these edits merged end-to-end so it’s ready to execute directly.

docs/plan-expose-discussion-ids.feedback-4.md

@@ -0,0 +1,207 @@
+Below are the highest-impact revisions I’d make to this plan. I excluded everything listed in your `## Rejected Recommendations` section.
+
+**1. Fix a correctness bug in the ambiguity guardrail (must run before `LIMIT`)**
+
+The current post-query ambiguity check can silently fail when `--limit` truncates results to one project even though multiple projects match the same `gitlab_discussion_id`. That creates non-deterministic write targeting risk.
+
+```diff
+@@ ## Ambiguity Guardrail
+-**Implementation**: After the main query, if `gitlab_discussion_id` is set and no `--project`
+-was provided, check if the result set spans multiple `project_path` values.
++**Implementation**: Run a preflight distinct-project check when `gitlab_discussion_id` is set
++and `--project` was not provided, before the main list query applies `LIMIT`.
++Use:
++```sql
++SELECT DISTINCT p.path_with_namespace
++FROM discussions d
++JOIN projects p ON p.id = d.project_id
++WHERE d.gitlab_discussion_id = ?
++LIMIT 3
++```
++If more than one project is found, return `LoreError::Ambiguous` (exit code 18) with project
++paths and suggestion to retry with `--project <path>`.
+```
+
+---
+
+**2. Add `gitlab_project_id` to the Bridge Contract**
+
+`project_path` is human-friendly but mutable (renames/transfers). `gitlab_project_id` gives a stable write target and avoids path re-resolution failures.
+
+```diff
+@@ ## Bridge Contract (Cross-Cutting)
+ Every read payload that surfaces notes or discussions **MUST** include:
+ - `project_path`
++- `gitlab_project_id`
+ - `noteable_type`
+ - `parent_iid`
+ - `gitlab_discussion_id`
+ - `gitlab_note_id`
+@@
+ const BRIDGE_FIELDS_NOTES: &[&str] = &[
+-    "project_path", "noteable_type", "parent_iid",
++    "project_path", "gitlab_project_id", "noteable_type", "parent_iid",
+     "gitlab_discussion_id", "gitlab_note_id",
+ ];
+ const BRIDGE_FIELDS_DISCUSSIONS: &[&str] = &[
+-    "project_path", "noteable_type", "parent_iid",
++    "project_path", "gitlab_project_id", "noteable_type", "parent_iid",
+     "gitlab_discussion_id",
+ ];
+```
+
+---
+
+**3. Replace stringly-typed filter/sort fields with enums end-to-end**
+
+Right now `sort`, `order`, `resolution`, `noteable_type` are mostly `String`. This is fragile and risks unsafe SQL interpolation drift over time. Typed enums make invalid states unrepresentable.
+
+```diff
+@@ ## 3a. CLI Args
+-    pub resolution: Option<String>,
++    pub resolution: Option<ResolutionFilter>,
+@@
+-    pub noteable_type: Option<String>,
++    pub noteable_type: Option<NoteableTypeFilter>,
+@@
+-    pub sort: String,
++    pub sort: DiscussionSortField,
+@@
+-    pub asc: bool,
++    pub order: SortDirection,
+@@ ## 3d. Filters struct
+-    pub resolution: Option<String>,
+-    pub noteable_type: Option<String>,
+-    pub sort: String,
+-    pub order: String,
++    pub resolution: Option<ResolutionFilter>,
++    pub noteable_type: Option<NoteableTypeFilter>,
++    pub sort: DiscussionSortField,
++    pub order: SortDirection,
+@@
++Map enum -> SQL fragment via `match` in query builder; never interpolate raw strings.
+```
+
+---
+
+**4. Enforce snapshot consistency for multi-query commands**
+
+`discussions` with `--include-notes` does multiple reads. Without a single read transaction, concurrent ingest can produce mismatched `total_count`, row set, and expanded notes.
+
+```diff
+@@ ## 3c. SQL Query
+-pub fn query_discussions(...)
++pub fn query_discussions(...)
+ {
++    // Run count query + page query + note expansion under one deferred read transaction
++    // so output is a single consistent snapshot.
++    let tx = conn.transaction_with_behavior(rusqlite::TransactionBehavior::Deferred)?;
+     ...
++    tx.commit()?;
+ }
+@@ ## 1. Add `gitlab_discussion_id` to Notes Output
++Apply the same snapshot rule to `query_notes` when returning `total_count` + paged rows.
+```
+
+---
+
+**5. Correct first-note rollup semantics (current CTE can return null/incorrect `first_author`)**
+
+In the proposed SQL, `rn=1` is computed over all notes but then filtered with `is_system=0`, so threads with a leading system note may incorrectly lose `first_author`/snippet. Also path rollup uses non-deterministic `MAX(...)`.
+
+```diff
+@@ ## 3c. SQL Query
+-ranked_notes AS (
++ranked_notes AS (
+     SELECT
+         n.discussion_id,
+         n.author_username,
+         n.body,
+         n.is_system,
+         n.position_new_path,
+         n.position_new_line,
+-        ROW_NUMBER() OVER (
+-            PARTITION BY n.discussion_id
+-            ORDER BY n.position, n.id
+-        ) AS rn
++        ROW_NUMBER() OVER (
++            PARTITION BY n.discussion_id
++            ORDER BY CASE WHEN n.is_system = 0 THEN 0 ELSE 1 END, n.created_at, n.id
++        ) AS rn_first_note,
++        ROW_NUMBER() OVER (
++            PARTITION BY n.discussion_id
++            ORDER BY CASE WHEN n.position_new_path IS NULL THEN 1 ELSE 0 END, n.created_at, n.id
++        ) AS rn_first_position
+@@
+-        MAX(CASE WHEN rn = 1 AND is_system = 0 THEN author_username END) AS first_author,
+-        MAX(CASE WHEN rn = 1 AND is_system = 0 THEN body END) AS first_note_body,
+-        MAX(CASE WHEN position_new_path IS NOT NULL THEN position_new_path END) AS position_new_path,
+-        MAX(CASE WHEN position_new_line IS NOT NULL THEN position_new_line END) AS position_new_line
++        MAX(CASE WHEN rn_first_note = 1 AND is_system = 0 THEN author_username END) AS first_author,
++        MAX(CASE WHEN rn_first_note = 1 AND is_system = 0 THEN body END) AS first_note_body,
++        MAX(CASE WHEN rn_first_position = 1 THEN position_new_path END) AS position_new_path,
++        MAX(CASE WHEN rn_first_position = 1 THEN position_new_line END) AS position_new_line
+```
+
+---
+
+**6. Add per-discussion truncation signals for `--include-notes`**
+
+Top-level `has_more` is useful, but agents also need to know if an individual thread’s notes were truncated. Otherwise they can’t tell if a thread is complete.
+
+```diff
+@@ ## Response Schema
+       {
+         "gitlab_discussion_id": "...",
+         ...
+-        "notes": []
++        "included_note_count": 0,
++        "has_more_notes": false,
++        "notes": []
+       }
+@@ ## 3b. Domain Structs
+ pub struct DiscussionListRowJson {
+@@
++    pub included_note_count: usize,
++    pub has_more_notes: bool,
+     #[serde(skip_serializing_if = "Vec::is_empty")]
+     pub notes: Vec<NoteListRowJson>,
+ }
+@@ ## 3c-ii. Note expansion query (--include-notes)
+-Group by `discussion_id` in Rust and attach notes arrays...
++Group by `discussion_id` in Rust, attach notes arrays, and set:
++`included_note_count = notes.len()`,
++`has_more_notes = note_count > included_note_count`.
+```
+
+---
+
+**7. Add explicit query-plan gate and targeted index workstream (measured, not speculative)**
+
+This plan introduces heavy discussion-centric reads. You should bake in deterministic performance validation with `EXPLAIN QUERY PLAN` and only then add indexes if missing.
+
+```diff
+@@ ## Scope: Four workstreams, delivered in order:
+-4. Fix robot-docs to list actual field names instead of opaque type references
++4. Add query-plan validation + targeted index updates for new discussion queries
++5. Fix robot-docs to list actual field names instead of opaque type references
+@@
++## 4. Query-Plan Validation and Targeted Indexes
++
++Before and after implementing `query_discussions`, capture `EXPLAIN QUERY PLAN` for:
++- `--for-mr <iid> --resolution unresolved`
++- `--project <path> --since 7d --sort last_note`
++- `--gitlab-discussion-id <id>`
++
++If plans show table scans on `notes`/`discussions`, add indexes in `MIGRATIONS` array:
++- `discussions(project_id, gitlab_discussion_id)`
++- `discussions(merge_request_id, last_note_at, id)`
++- `notes(discussion_id, created_at DESC, id DESC)`
++- `notes(discussion_id, position, id)`
++
++Tests: assert the new query paths return expected rows under indexed schema and no regressions.
+```
+
+---
+
+If you want, I can produce a single consolidated “iteration 4” version of the plan text with all seven revisions merged in place.

docs/plan-expose-discussion-ids.feedback-4.md.bak

@@ -0,0 +1,160 @@
+I reviewed the plan end-to-end and focused only on new improvements (none of the items in `## Rejected Recommendations` are re-proposed).
+
+1. Add direct `--discussion-id` retrieval paths
+Rationale: This removes a full discovery hop for the exact workflow that failed (replying to a known thread). It also reduces ambiguity and query cost when an agent already has the thread ID.
+
+```diff
+@@ Core Changes
+ | 7 | Fix robot-docs to list actual field names | Docs | Small |
++| 8 | Add direct `--discussion-id` filter to notes/discussions/show | Core | Small |
+
+@@ Change 3: Add Standalone `discussions` List Command
+ lore -J discussions --for-mr 99 --cursor <token>       # keyset pagination
++lore -J discussions --discussion-id 6a9c1750b37d...    # direct lookup
+
+@@ 3a. CLI Args
++    #[arg(long, conflicts_with_all = ["for_issue", "for_mr"], help_heading = "Filters")]
++    pub discussion_id: Option<String>,
+
+@@ Change 1: Add `gitlab_discussion_id` to Notes Output
++Add `--discussion-id <hex>` filter to `notes` for direct note retrieval within one thread.
+```
+
+2. Add a shared filter compiler to eliminate count/query drift
+Rationale: The plan currently repeats filters across data query, `total_count`, and `incomplete_rows` count queries. That is a classic reliability bug source. A single compiled filter object makes count semantics provably consistent.
+
+```diff
+@@ Count Semantics (Cross-Cutting Convention)
++## Filter Compiler (NEW, Cross-Cutting Convention)
++All list commands must build predicates via a shared `CompiledFilters` object that emits:
++- SQL predicate fragment
++- bind parameters
++- canonical filter string (for cursor hash)
++The same compiled object is reused by:
++- page data query
++- `total_count` query
++- `incomplete_rows` query
+```
+
+3. Harden keyset pagination semantics for `DESC`, limits, and client ergonomics
+Rationale: `(sort_value, id) > (?, ?)` is only correct for ascending order. Descending sort needs `<`. Also add explicit `has_more` so clients don’t infer from cursor nullability.
+
+```diff
+@@ Keyset Pagination (Cross-Cutting, Change B)
+-```sql
+-WHERE (sort_value, id) > (?, ?)
+-```
++Use comparator by order:
++- ASC: `(sort_value, id) > (?, ?)`
++- DESC: `(sort_value, id) < (?, ?)`
+
+@@ 3a. CLI Args
++    #[arg(short = 'n', long = "limit", default_value = "50", value_parser = clap::value_parser!(usize).range(1..=500), help_heading = "Output")]
++    pub limit: usize,
+
+@@ Response Schema
+-    "next_cursor": "aW...xyz=="
++    "next_cursor": "aW...xyz==",
++    "has_more": true
+```
+
+4. Add DB-level entity integrity invariants (not just response invariants)
+Rationale: Response-side filtering is good, but DB correctness should also be guarded. This prevents silent corruption and bad joins from ingestion or future migrations.
+
+```diff
+@@ Contract Invariants (NEW)
++### Entity Integrity Invariants (DB + Ingest)
++1. `discussions` must belong to exactly one parent (`issue_id XOR merge_request_id`).
++2. `discussions.noteable_type` must match the populated parent column.
++3. Natural-key uniqueness is enforced where valid:
++   - `(project_id, gitlab_discussion_id)` unique for discussions.
++4. Ingestion must reject/quarantine rows violating invariants and report counts.
+
+@@ Supporting Indexes (Cross-Cutting, Change D)
++CREATE UNIQUE INDEX IF NOT EXISTS idx_discussions_project_gitlab_discussion_id
++    ON discussions(project_id, gitlab_discussion_id);
+```
+
+5. Switch bulk note loading to streaming grouping (avoid large intermediate vecs)
+Rationale: Current bulk strategy still materializes all notes before grouping. Streaming into the map cuts peak memory and improves large-MR stability.
+
+```diff
+@@ Change 2e. Constructor — use bulk notes map
+-let all_note_rows: Vec<MrNoteDetail> = ...  // From bulk query above
+-let notes_by_discussion: HashMap<i64, Vec<MrNoteDetail>> = 
+-    all_note_rows.into_iter().fold(HashMap::new(), |mut map, note| {
+-        map.entry(note.discussion_id).or_insert_with(Vec::new).push(note);
+-        map
+-    });
++let mut notes_by_discussion: HashMap<i64, Vec<MrNoteDetail>> = HashMap::new();
++for row in bulk_note_stmt.query_map(params, map_note_row)? {
++    let note = row?;
++    notes_by_discussion.entry(note.discussion_id).or_default().push(note);
++}
+```
+
+6. Make freshness tri-state (`fresh|stale|unknown`) and fail closed on unknown with `--require-fresh`
+Rationale: `stale: bool` alone cannot represent “never synced / unknown project freshness.” For write safety, unknown freshness should be explicit and reject under freshness constraints.
+
+```diff
+@@ Freshness Metadata & Staleness Guards
+ pub struct ResponseMeta {
+     pub elapsed_ms: i64,
+     pub data_as_of_iso: String,
+     pub sync_lag_seconds: i64,
+     pub stale: bool,
++    pub freshness_state: String, // "fresh" | "stale" | "unknown"
++    #[serde(skip_serializing_if = "Option::is_none")]
++    pub freshness_reason: Option<String>,
+     pub incomplete_rows: i64,
+@@
+-if sync_lag_seconds > max_age_secs {
++if freshness_state == "unknown" || sync_lag_seconds > max_age_secs {
+```
+
+7. Tune indexes to match actual ORDER BY paths in window queries
+Rationale: `idx_notes_discussion_position` is likely insufficient for the two window orderings. A covering-style index aligned with partition/order keys reduces random table lookups.
+
+```diff
+@@ Supporting Indexes (Cross-Cutting, Change D)
+--- Notes: window function ORDER BY (discussion_id, position) for ROW_NUMBER()
+-CREATE INDEX IF NOT EXISTS idx_notes_discussion_position
+-    ON notes(discussion_id, position);
++-- Notes: support dual ROW_NUMBER() orderings and reduce table lookups
++CREATE INDEX IF NOT EXISTS idx_notes_discussion_window
++    ON notes(discussion_id, is_system, position, created_at, gitlab_id);
+```
+
+8. Add a phased rollout gate before strict exclusion becomes default
+Rationale: Enforcing `gitlab_* IS NOT NULL` immediately can hide data if existing rows are incomplete. A short observation gate prevents sudden regressions while preserving the end-state contract.
+
+```diff
+@@ Delivery Order
++Batch 0: Observability gate (NEW)
++- Ship `incomplete_rows` and freshness meta first
++- Measure incomplete rate across real datasets
++- If incomplete ratio <= threshold, enable strict exclusion defaults
++- If above threshold, block rollout and fix ingestion quality first
++
+ Change 1 (notes output)       ──┐
+```
+
+9. Add property-based invariants for pagination/count correctness
+Rationale: Your current tests are scenario-based and good, but randomized property tests are much better at catching edge-case cursor/count bugs.
+
+```diff
+@@ Tests (Change 3 / Change B)
++**Test 12**: Property-based pagination invariants (`proptest`)
++```rust
++#[test]
++fn prop_discussion_cursor_no_overlap_no_gap_under_random_data() { /* ... */ }
++```
++
++**Test 13**: Property-based count invariants
++```rust
++#[test]
++fn prop_total_count_and_incomplete_rows_match_filter_partition() { /* ... */ }
++```
+```
+
+If you want, I can now produce a fully consolidated “Plan v4” that applies these diffs cleanly into your original document so it reads as a single coherent spec.

docs/plan-expose-discussion-ids.feedback-5.md

@@ -0,0 +1,140 @@
+Your iteration 4 plan is already strong. The highest-impact revisions are around query shape, transaction boundaries, and contract stability for agents.
+
+1. **Switch discussions query to a two-phase page-first architecture**
+Analysis: Current `ranked_notes` runs over every filtered discussion before `LIMIT`, which can explode on project-wide queries. A page-first plan keeps complexity proportional to `limit`, improves tail latency, and reduces memory churn.
+```diff
+@@ ## 3c. SQL Query
+-Core query uses a CTE + ranked-notes rollup (window function) to avoid per-row correlated
+-subqueries.
++Core query is split into two phases for scalability:
++1) `paged_discussions` applies filters/sort/LIMIT and returns only page IDs.
++2) Note rollups and optional `--include-notes` expansion run only for those page IDs.
++This bounds note scanning to visible results and stabilizes latency on large projects.
+ 
+-WITH filtered_discussions AS (
++WITH filtered_discussions AS (
+   ...
+ ),
+-ranked_notes AS (
++paged_discussions AS (
++    SELECT id
++    FROM filtered_discussions
++    ORDER BY COALESCE({sort_column}, 0) {order}, id {order}
++    LIMIT ?
++),
++ranked_notes AS (
+   ...
+-    WHERE n.discussion_id IN (SELECT id FROM filtered_discussions)
++    WHERE n.discussion_id IN (SELECT id FROM paged_discussions)
+ )
+```
+
+2. **Move snapshot transaction ownership to handlers (not query helpers)**
+Analysis: This avoids nested transaction edge cases, keeps function signatures clean, and guarantees one snapshot across count + page + include-notes + serialization metadata.
+```diff
+@@ ## Cross-cutting: snapshot consistency
+-Wrap `query_notes` and `query_discussions` in a deferred read transaction.
++Open one deferred read transaction in each handler (`handle_notes`, `handle_discussions`)
++and pass `&Transaction` into query helpers. Query helpers do not open/commit transactions.
++This guarantees a single snapshot across all subqueries and avoids nested tx pitfalls.
+ 
+-pub fn query_discussions(conn: &Connection, ...)
++pub fn query_discussions(tx: &rusqlite::Transaction<'_>, ...)
+```
+
+3. **Add immutable input filter `--project-id` across notes/discussions/show**
+Analysis: You already expose `gitlab_project_id` because paths are mutable; input should support the same immutable selector. This removes failure modes after project renames/transfers.
+```diff
+@@ ## 3a. CLI Args
++    /// Filter by immutable GitLab project ID
++    #[arg(long, help_heading = "Filters", conflicts_with = "project")]
++    pub project_id: Option<i64>,
+@@ ## Bridge Contract
++Input symmetry rule: commands that accept `--project` should also accept `--project-id`.
++If both are present, return usage error (exit code 2).
+```
+
+4. **Enforce bridge fields for nested notes in `discussions --include-notes`**
+Analysis: Current guardrail is entity-level; nested notes can still lose required IDs under aggressive filtering. This is a contract hole for write-bridging.
+```diff
+@@ ### Field Filtering Guardrail
+-In robot mode, `filter_fields` MUST force-include Bridge Contract fields...
++In robot mode, `filter_fields` MUST force-include Bridge Contract fields at all returned levels:
++- discussion row fields
++- nested note fields when `discussions --include-notes` is used
+ 
++const BRIDGE_FIELDS_DISCUSSION_NOTES: &[&str] = &[
++    "project_path", "gitlab_project_id", "noteable_type", "parent_iid",
++    "gitlab_discussion_id", "gitlab_note_id",
++];
+```
+
+5. **Make ambiguity preflight scope-aware and machine-actionable**
+Analysis: Current preflight checks only `gitlab_discussion_id`, which can produce false ambiguity when additional filters already narrow to one project. Also, agents need structured candidates, not only free-text.
+```diff
+@@ ### Ambiguity Guardrail
+-SELECT DISTINCT p.path_with_namespace
++SELECT DISTINCT p.path_with_namespace, p.gitlab_project_id
+ FROM discussions d
+ JOIN projects p ON p.id = d.project_id
+-WHERE d.gitlab_discussion_id = ?
++WHERE d.gitlab_discussion_id = ?
++  /* plus active scope filters: noteable_type, for_issue/for_mr, since/path when present */
+ LIMIT 3
+ 
+-Return LoreError::Ambiguous with message
++Return LoreError::Ambiguous with structured details:
++`{ code, message, candidates:[{project_path, gitlab_project_id}], suggestion }`
+```
+
+6. **Add `--contains` filter to `discussions`**
+Analysis: This is a high-utility agent workflow gap. Agents frequently need “find thread by text then reply”; forcing a separate `notes` search round-trip is unnecessary.
+```diff
+@@ ## 3a. CLI Args
++    /// Filter discussions whose notes contain text
++    #[arg(long, help_heading = "Filters")]
++    pub contains: Option<String>,
+@@ ## 3d. Filters struct
++    pub contains: Option<String>,
+@@ ## 3d. Where-clause construction
++- `path` -> EXISTS (...)
++- `path` -> EXISTS (...)
++- `contains` -> EXISTS (
++    SELECT 1 FROM notes n
++    WHERE n.discussion_id = d.id
++      AND n.body LIKE ?
++  )
+```
+
+7. **Promote two baseline indexes from “candidate” to “required”**
+Analysis: These are directly hit by new primary paths; waiting for post-merge profiling risks immediate perf cliffs in real usage.
+```diff
+@@ ## 3h. Query-plan validation
+-Candidate indexes (add only if EXPLAIN QUERY PLAN shows they're needed):
+-- discussions(project_id, gitlab_discussion_id)
+-- notes(discussion_id, created_at DESC, id DESC)
++Required baseline indexes for this feature:
++- discussions(project_id, gitlab_discussion_id)
++- notes(discussion_id, created_at DESC, id DESC)
++Keep other indexes conditional on EXPLAIN QUERY PLAN.
+```
+
+8. **Add schema versioning and remove contradictory rejected items**
+Analysis: `robot-docs` contract drift is a long-term agent risk; explicit schema versions let clients fail safely. Also, rejected items currently contradict active sections, which creates implementation ambiguity.
+```diff
+@@ ## 4. Fix Robot-Docs Response Schemas
+ "meta": {"elapsed_ms": "int", ...}
++"meta": {"elapsed_ms":"int", ..., "schema_version":"string"}
++
++Schema version policy:
++- bump minor on additive fields
++- bump major on removals/renames
++- expose per-command versions in `robot-docs`
+@@ ## Rejected Recommendations
+-- Add `gitlab_note_id` to show-command note detail structs ... rejected ...
+-- Add `gitlab_discussion_id` to show-command discussion detail structs ... rejected ...
+-- Add `gitlab_project_id` to show-command discussion detail structs ... rejected ...
++Remove stale rejected entries that conflict with accepted workstreams in this plan iteration.
+```
+
+If you want, I can produce a fully rewritten iteration 5 plan document that applies all of the above edits cleanly end-to-end.

docs/plan-expose-discussion-ids.feedback-5.md.bak

@@ -0,0 +1,158 @@
+I reviewed the whole plan and only proposed changes that are not in your `## Rejected Recommendations`.
+
+1. **Fix plan-internal inconsistencies first**
+Analysis: The plan currently has a few self-contradictions (`8` vs `9` cross-cutting improvements, `stale` still referenced after moving to tri-state freshness). Cleaning this prevents implementation drift and bad AC validation.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@
+-**Scope**: 8 core changes + 8 cross-cutting architectural improvements across 3 tiers:
++**Scope**: 8 core changes + 9 cross-cutting architectural improvements across 3 tiers:
+@@ AC-7: Freshness Metadata Present & Staleness Guards Work
+-lore -J notes -n 1 | jq '.meta | {data_as_of_iso, sync_lag_seconds, stale}'
+-# All fields present, stale=false if recently synced
++lore -J notes -n 1 | jq '.meta | {data_as_of_iso, sync_lag_seconds, freshness_state}'
++# All fields present, freshness_state is one of fresh|stale|unknown
+@@ Change 6 Response Schema example
+-    "stale": false,
++    "freshness_state": "fresh",
+```
+
+2. **Require snapshot-consistent list responses (page + counts)**
+Analysis: `total_count`, `incomplete_rows`, and page rows can drift if sync writes between queries. Enforcing a single read snapshot for all list commands makes pagination and counts deterministic.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ Count Semantics (Cross-Cutting Convention)
+ All list commands use consistent count fields:
++All three queries (`page`, `total_count`, `incomplete_rows`) MUST execute inside one read transaction/snapshot.
++This guarantees count/page consistency under concurrent sync writes.
+```
+
+3. **Use RAII transactions instead of manual `BEGIN/COMMIT`**
+Analysis: Manual `execute_batch("BEGIN...")` is fragile on early returns. `rusqlite::Transaction` guarantees rollback on error and removes transaction-leak risk.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ Change 2: Consistency guarantee
+-conn.execute_batch("BEGIN DEFERRED")?;
+-// ... discussion query ...
+-// ... bulk note query ...
+-conn.execute_batch("COMMIT")?;
++let tx = conn.transaction_with_behavior(rusqlite::TransactionBehavior::Deferred)?;
++// ... discussion query ...
++// ... bulk note query ...
++tx.commit()?;
+```
+
+4. **Allow small focused new modules for query infrastructure**
+Analysis: Keeping everything in `list.rs`/`show.rs` will become a maintenance hotspot as filters/cursors/freshness expand. A small module split reduces coupling and regression risk.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ Change 3: File Architecture
+-**No new files.** Follow existing patterns:
++Allow focused infra modules for shared logic:
++- `src/cli/query/filters.rs` (CompiledFilters + builders)
++- `src/cli/query/cursor.rs` (encode/decode/validate v2 cursors)
++- `src/cli/query/freshness.rs` (freshness computation + guards)
++Command handlers remain in existing files.
+```
+
+5. **Add ingest-time `discussion_rollups` to avoid repeated heavy window scans**
+Analysis: Window functions are good, but doing them on every read over large note volumes is still expensive. Precomputing rollups during ingest gives lower and more predictable p95 latency while keeping read paths simpler.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ Architectural Improvements (Cross-Cutting)
++| J | Ingest-time discussion rollups (`discussion_rollups`) | Performance | Medium |
+@@ Change 3 SQL strategy
+-Use `ROW_NUMBER()` window function instead of correlated subqueries...
++Primary path: join precomputed `discussion_rollups` for `note_count`, `first_author`,
++`first_note_body`, `position_new_path`, `position_new_line`.
++Fallback path: window-function recompute if rollup row is missing (defensive correctness).
+```
+
+6. **Add deterministic numeric project selector `--project-id`**
+Analysis: `-p group/repo` is human-friendly, but numeric project IDs are safer for robots and avoid fuzzy/project-path ambiguity. This reduces false ambiguity failures and lookup overhead.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ DiscussionsArgs
+     #[arg(short = 'p', long, help_heading = "Filters")]
+     pub project: Option<String>,
++    #[arg(long, conflicts_with = "project", help_heading = "Filters")]
++    pub project_id: Option<i64>,
+@@ Ambiguity handling
++If `--project-id` is provided, IID resolution is scoped directly to that project.
++`--project-id` takes precedence over path-based project matching.
+```
+
+7. **Make path filtering rename-aware (`old` + `new`)**
+Analysis: Current `--path` strategy only using `position_new_path` misses deleted/renamed-file discussions. Supporting side selection makes the feature materially more useful for review workflows.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ DiscussionsArgs
+     #[arg(long, help_heading = "Filters")]
+     pub path: Option<String>,
++    #[arg(long, value_parser = ["either", "new", "old"], default_value = "either", help_heading = "Filters")]
++    pub path_side: String,
+@@ Change 3 filtering
+-Path filter matches `position_new_path`.
++Path filter semantics:
++- `either` (default): match `position_new_path` OR `position_old_path`
++- `new`: match only `position_new_path`
++- `old`: match only `position_old_path`
+```
+
+8. **Add explicit freshness behavior for empty-result queries + bootstrap backfill**
+Analysis: Freshness based only on “participating rows” is undefined when results are empty. Define deterministic behavior and backfill `project_sync_state` on migration so `unknown` doesn’t spike unexpectedly after deploy.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ Freshness state logic
++Empty-result rules:
++- If query is project-scoped (`-p` or `--project-id`), freshness is computed from that project even when no rows match.
++- If query is unscoped and returns zero rows, freshness is computed from all tracked projects.
+@@ A1. Track per-project sync timestamp
++Migration step: seed `project_sync_state` from latest known sync metadata where available
++to avoid mass `unknown` freshness immediately after rollout.
+```
+
+9. **Upgrade `--discussion-id` from filter-only to first-class thread retrieval**
+Analysis: Filtering list output by discussion ID still returns list-shaped data and partial note context. A direct thread retrieval mode is faster for agent workflows and avoids extra commands.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ Core Changes
+-| 8 | Add direct `--discussion-id` filter to notes/discussions/show | Core | Small |
++| 8 | Add direct `--discussion-id` filter + single-thread retrieval mode | Core | Medium |
+@@ Change 8
++lore -J discussions --discussion-id <id> --full-thread
++# Returns one discussion with full notes payload (same note schema as show command).
+```
+
+10. **Replace ad-hoc AC performance timing with repeatable perf harness**
+Analysis: `time lore ...` is noisy and machine-dependent. A reproducible seeded benchmark test gives stable guardrails and catches regressions earlier.
+
+```diff
+--- a/plan.md
++++ b/plan.md
+@@ AC-10: Performance Budget
+-time lore -J discussions --for-mr <iid> -n 100
+-# real  0m0.100s (p95 < 150ms)
++cargo test --test perf_discussions -- --ignored --nocapture
++# Uses seeded fixture DB and N repeated runs; asserts p95 < 150ms for target query shape.
+```
+
+If you want, I can also produce a fully merged “iteration 5” rewritten plan document with these edits applied end-to-end so it’s directly executable by an implementation agent.

docs/plan-expose-discussion-ids.feedback-6.md.bak

@@ -0,0 +1,143 @@
+Strong plan overall. The biggest gaps I’d fix are around sync-health correctness, idempotency/integrity under repeated ingests, deleted-entity lifecycle, and reducing schema drift risk without heavy reflection machinery.
+
+I avoided everything in your `## Rejected Recommendations` section.
+
+**1. Add Sync Health Semantics (not just age)**
+Time freshness alone can mislead after partial/failed syncs. Agents need to know whether data is both recent and complete.
+
+```diff
+@@ ## Freshness Metadata & Staleness Guards (Cross-Cutting, Change A/F/G)
+-    pub freshness_state: String,      // "fresh" | "stale" | "unknown"
++    pub freshness_state: String,      // "fresh" | "stale" | "unknown"
++    pub sync_status: String,          // "ok" | "partial" | "failed" | "never"
++    pub last_successful_sync_run_id: Option<i64>,
++    pub last_attempted_sync_run_id: Option<i64>,
+@@
+-#[arg(long, help_heading = "Freshness")]
+-pub require_fresh: Option<String>,
++#[arg(long, help_heading = "Freshness")]
++pub require_fresh: Option<String>,
++#[arg(long, help_heading = "Freshness")]
++pub require_sync_ok: bool,
+```
+
+Rationale: this prevents false confidence when one project is fresh-by-time but latest sync actually failed or was partial.
+
+---
+
+**2. Add `--require-complete` Guard for Missing Required IDs**
+You already expose `meta.incomplete_rows`; add a hard gate for automation.
+
+```diff
+@@ ## Count Semantics (Cross-Cutting Convention)
+ `incomplete_rows` is computed via a dedicated COUNT query...
++Add CLI guard:
++`--require-complete` fails with exit code 19 when `meta.incomplete_rows > 0`.
++Suggested action: `lore sync --full`.
+```
+
+Rationale: agents can fail fast instead of silently acting on partial datasets.
+
+---
+
+**3. Strengthen Ingestion Idempotency + Referential Integrity for Notes**
+You added natural-key uniqueness for discussions; do the same for notes and enforce parent integrity at DB level.
+
+```diff
+@@ ## Supporting Indexes (Cross-Cutting, Change D)
+ CREATE UNIQUE INDEX IF NOT EXISTS idx_discussions_project_gitlab_discussion_id
+     ON discussions(project_id, gitlab_discussion_id);
++CREATE UNIQUE INDEX IF NOT EXISTS idx_notes_project_gitlab_id
++    ON notes(project_id, gitlab_id);
++
++-- Referential integrity
++-- notes.discussion_id REFERENCES discussions(id)
++-- notes.project_id REFERENCES projects(id)
+```
+
+Rationale: repeated syncs and retries won’t duplicate notes, and orphaned rows can’t accumulate.
+
+---
+
+**4. Add Deleted/Tombstoned Entity Lifecycle**
+Current plan excludes null IDs but doesn’t define behavior when GitLab entities are deleted after sync.
+
+```diff
+@@ ## Contract Invariants (NEW)
++### Deletion Lifecycle Invariant
++1. Notes/discussions deleted upstream are tombstoned locally (`deleted_at`), not hard-deleted.
++2. All list/show commands exclude tombstoned rows by default.
++3. Optional flag `--include-deleted` exposes tombstoned rows for audit/debug.
+```
+
+Rationale: preserves auditability, prevents ghost actions on deleted objects, and avoids destructive resync behavior.
+
+---
+
+**5. Expand Discussions Payload for Rename Accuracy + Better Triage**
+`--path-side old` is great, but output currently only returns `position_new_*`.
+
+```diff
+@@ ## Change 3: Add Standalone `discussions` List Command
+     pub position_new_path: Option<String>,
+     pub position_new_line: Option<i64>,
++    pub position_old_path: Option<String>,
++    pub position_old_line: Option<i64>,
++    pub last_author: Option<String>,
++    pub participant_usernames: Vec<String>,
+```
+
+Rationale: for renamed/deleted files, agents need old and new coordinates to act confidently; participants/last_author improve thread routing and prioritization.
+
+---
+
+**6. Add SQLite Busy Handling + Retry Policy**
+Read transactions + concurrent sync writes can still produce `SQLITE_BUSY` under load.
+
+```diff
+@@ ## Count Semantics (Cross-Cutting Convention)
+ **Snapshot consistency**: All three queries ... inside a single read transaction ...
++**Busy handling**: set `PRAGMA busy_timeout` (e.g. 5000ms) and retry transient
++`SQLITE_BUSY` errors up to 3 times with jittered backoff for read commands.
+```
+
+Rationale: improves reliability in real multi-agent usage without changing semantics.
+
+---
+
+**7. Make Field Definitions Single-Source (Lightweight Drift Prevention)**
+You rejected full schema generation from code; a lower-cost middle ground is shared field manifests used by both docs and `--fields` validation.
+
+```diff
+@@ ## Change 7: Fix Robot-Docs Response Schemas
++#### 7h. Single-source field manifests (no reflection)
++Define per-command field constants (e.g. `NOTES_FIELDS`, `DISCUSSIONS_FIELDS`)
++used by:
++1) `--fields` validation/filtering
++2) `--fields minimal` expansion
++3) `robot-docs` schema rendering
+```
+
+Rationale: cuts drift risk materially while staying much simpler than reflection/snapshot infra.
+
+---
+
+**8. De-duplicate and Upgrade Test Strategy Around Concurrency**
+There are duplicated tests across Change 2 and Change 3; add explicit race tests where sync writes happen between list subqueries to prove tx consistency.
+
+```diff
+@@ ## Tests
+-**Test 6**: `--project-id` scopes IID resolution directly
+-**Test 7**: `--path-side old` matches renamed file discussions
+-**Test 8**: `--path-side either` matches both old and new paths
++Move shared discussion-filter tests to a single section under Change 3.
++Add concurrency tests:
++1) count/page/incomplete consistency under concurrent sync writes
++2) show discussion+notes snapshot consistency under concurrent writes
+```
+
+Rationale: less maintenance noise, better coverage of your highest-risk correctness path.
+
+---
+
+If you want, I can also produce a single consolidated patch block that rewrites your plan text end-to-end with these edits applied in-place.

docs/plan-surgical-sync.feedback-3.md

@@ -0,0 +1,169 @@
+Below are the strongest **new** revisions I’d make (excluding everything in your rejected list), with rationale and plan-level diffs.
+
+### 1. Add a durable run ledger (`sync_runs`) with phase state
+This makes surgical sync crash-resumable, auditable, and safer under Ctrl+C. Right now `run_id` is mostly ephemeral; persisting phase state removes ambiguity about what completed.
+
+```diff
+@@ Design Constraints
++9. **Durable run state**: Surgical sync MUST persist a `sync_runs` row keyed by `run_id`
++   with phase transitions (`preflight`, `ingest`, `dependents`, `docs`, `embed`, `done`, `failed`).
++   This is required for crash recovery, observability, and deterministic retries.
+
+@@ Step 9: Create `run_sync_surgical`
++Before Stage 0, insert `sync_runs(run_id, project_id, mode='surgical', requested_counts, started_at)`.
++After each stage, update `sync_runs.phase`, counters, and `last_error` if present.
++On success/failure, set terminal state (`done`/`failed`) and `finished_at`.
+```
+
+### 2. Add `--preflight-only` (network validation without writes)
+`--dry-run` is intentionally zero-network, so it cannot validate IIDs. `--preflight-only` is high-value for agents: verifies existence/permissions quickly with no DB mutation.
+
+```diff
+@@ CLI Interface
+ lore sync --dry-run --issue 123 -p myproject
++lore sync --preflight-only --issue 123 -p myproject
+
+@@ Step 2: Add `--issue`, `--mr`, `-p` to `SyncArgs`
++    /// Validate remote entities and auth without any DB writes
++    #[arg(long, default_value_t = false)]
++    pub preflight_only: bool,
+
+@@ Step 10: Add branch in `run_sync`
++if options.preflight_only && options.is_surgical() {
++    return run_sync_surgical_preflight_only(config, &options, run_id, signal).await;
++}
+```
+
+### 3. Preflight should aggregate all missing/failed IIDs, not fail-fast
+Fail-fast causes repeated reruns. Aggregating errors gives one-shot correction and better robot automation.
+
+```diff
+@@ Step 7: Create `src/ingestion/surgical.rs`
+-/// Returns the fetched payloads. If ANY fetch fails, the entire operation should abort.
++/// Returns fetched payloads plus per-IID failures; caller aborts writes if failures exist.
+ pub async fn preflight_fetch(...) -> Result<PreflightResult> {
+
+@@
+ #[derive(Debug, Default)]
+ pub struct PreflightResult {
+     pub issues: Vec<GitLabIssue>,
+     pub merge_requests: Vec<GitLabMergeRequest>,
++    pub failures: Vec<EntityFailure>, // stage="fetch"
+ }
+
+@@ Step 9: Create `run_sync_surgical`
+-let preflight = preflight_fetch(...).await?;
++let preflight = preflight_fetch(...).await?;
++if !preflight.failures.is_empty() {
++    result.entity_failures = preflight.failures;
++    return Err(LoreError::Other("Surgical preflight failed for one or more IIDs".into()).into());
++}
+```
+
+### 4. Stop filtering scoped queue drains with raw `json_extract` scans
+`json_extract(payload_json, '$.scope_run_id')` in hot drain queries will degrade as queue grows. Use indexed scope metadata.
+
+```diff
+@@ Step 9b: Implement scoped drain helpers
+-// claim query adds:
+-// AND json_extract(payload_json, '$.scope_run_id') = ?
++// Add migration:
++// 1) Add `scope_run_id` generated/stored column derived from payload_json (or explicit column)
++// 2) Create index on (project_id, job_type, scope_run_id, status, id)
++// Scoped drains filter by indexed `scope_run_id`, not full-table JSON extraction.
+```
+
+### 5. Replace `dirty_source_ids` collection-by-query with explicit run scoping
+Current approach can accidentally include prior dirty rows for same source and can duplicate work. Tag dirty rows with `origin_run_id` and consume by run.
+
+```diff
+@@ Design Constraints
+-2. **Dirty queue scoping**: ... MUST call ... `run_generate_docs_for_dirty_ids`
++2. **Dirty queue scoping**: Surgical sync MUST scope docs by `origin_run_id` on `dirty_sources`
++   (or equivalent exact run marker) and MUST NOT drain unrelated dirty rows.
+
+@@ Step 7: `SurgicalIngestResult`
+-    pub dirty_source_ids: Vec<i64>,
++    pub origin_run_id: String,
+
+@@ Step 9a: Implement `run_generate_docs_for_dirty_ids`
+-pub fn run_generate_docs_for_dirty_ids(config: &Config, dirty_source_ids: &[i64]) -> Result<...>
++pub fn run_generate_docs_for_run_id(config: &Config, run_id: &str) -> Result<...>
+```
+
+### 6. Enforce transaction safety at the type boundary
+`unchecked_transaction()` + `&Connection` signatures is fragile. Accept `&Transaction` for ingest internals and use `TransactionBehavior::Immediate` for deterministic lock behavior.
+
+```diff
+@@ Step 7: Create `src/ingestion/surgical.rs`
+-pub fn ingest_issue_by_iid_from_payload(conn: &Connection, ...)
++pub fn ingest_issue_by_iid_from_payload(tx: &rusqlite::Transaction<'_>, ...)
+
+-pub fn ingest_mr_by_iid_from_payload(conn: &Connection, ...)
++pub fn ingest_mr_by_iid_from_payload(tx: &rusqlite::Transaction<'_>, ...)
+
+-let tx = conn.unchecked_transaction()?;
++let tx = conn.transaction_with_behavior(rusqlite::TransactionBehavior::Immediate)?;
+```
+
+### 7. Acquire sync lock only for mutation phases, not remote preflight
+This materially reduces lock contention and keeps normal sync throughput higher, while still guaranteeing mutation serialization.
+
+```diff
+@@ Design Constraints
++10. **Lock window minimization**: Preflight fetch runs without sync lock; lock is acquired immediately
++    before first DB mutation and held through all mutation stages.
+
+@@ Step 9: Create `run_sync_surgical`
+-// ── Acquire sync lock ──
+-...
+-// ── Stage 0: Preflight fetch ──
++// ── Stage 0: Preflight fetch (no lock, no writes) ──
+ ...
++// ── Acquire sync lock just before Stage 1 mutation ──
+```
+
+### 8. Add explicit transient retry policy beyond 429
+Client already handles rate limits; surgical reliability improves a lot if 5xx/timeouts are retried with bounded backoff.
+
+```diff
+@@ Design Constraints
++11. **Transient retry policy**: Preflight and dependent remote fetches MUST retry boundedly on
++    timeout/5xx with jittered backoff; permanent errors (404/401/403) fail immediately.
+
+@@ Step 5: Add `get_issue_by_iid` / `get_mr_by_iid`
++Document retry behavior for transient transport/server failures.
+```
+
+### 9. Tighten automated tests around scoping invariants
+You already list manual checks; these should be enforced in unit/integration tests to prevent regressions.
+
+```diff
+@@ Step 1: TDD — Write Failing Tests First
++### 1d. New invariants tests
++- `surgical_docs_scope_ignores_preexisting_dirty_rows`
++- `scoped_queue_drain_ignores_orphaned_jobs`
++- `preflight_aggregates_multiple_missing_iids`
++- `preflight_only_performs_zero_writes`
++- `dry_run_performs_zero_network_calls`
++- `lock_window_does_not_block_during_preflight`
+
+@@ Acceptance Criteria
++32. Scoped queue/docs invariants are covered by automated tests (not manual-only verification).
+```
+
+### 10. Make robot-mode surgical output first-class
+For agent workflows, include full stage telemetry and actionable recovery commands.
+
+```diff
+@@ Step 15: Update `SyncResult` for robot mode structured output
++    /// Per-stage elapsed ms for deterministic performance tracking
++    pub stage_timings_ms: std::collections::BTreeMap<String, u64>,
++    /// Suggested recovery commands (robot ergonomics)
++    pub recovery_actions: Vec<String>,
+
+@@ Step 14: Update `robot-docs` manifest
++Document surgical-specific error codes and `actions` schema for automated recovery.
+```
+
+If you want, I can now produce a fully rewritten **iteration 3** plan that merges these into your current structure end-to-end.

docs/plan-surgical-sync.feedback-4.md

@@ -0,0 +1,212 @@
+1. **Resolve the current contract contradictions (`preflight-only`, `dry-run`, `sync_runs`)**
+
+Why this improves the plan:
+- Right now constraints conflict: “zero DB writes before commit” vs inserting `sync_runs` during preflight.
+- This ambiguity will cause implementation drift and flaky acceptance tests.
+- Splitting control-plane writes from content-plane writes keeps safety guarantees strict while preserving observability.
+
+```diff
+@@ ## Design Constraints
+-6. **Preflight-then-commit**: All remote fetches happen BEFORE any DB writes. If any IID fetch fails (404, network error), the entire operation aborts with zero DB mutations.
++6. **Preflight-then-commit (content-plane)**: All remote fetches happen BEFORE any writes to content tables (`issues`, `merge_requests`, `discussions`, `resource_events`, `documents`, `embeddings`).
++7. **Control-plane exception**: `sync_runs` / `sync_run_entities` writes are allowed during preflight for observability and crash diagnostics.
+@@
+-11. **Preflight-only mode**: `--preflight-only` validates remote entity existence and permissions with zero DB writes.
++11. **Preflight-only mode**: `--preflight-only` performs zero content writes; control-plane run-ledger writes are allowed.
+@@ ### For me to evaluate (functional):
+-24. **Preflight-only mode** ... no DB mutations beyond the sync_runs ledger entry
++24. **Preflight-only mode** ... no content DB mutations; only run-ledger rows may be written
+```
+
+---
+
+2. **Add stale-write protection to avoid TOCTOU regressions during unlocked preflight**
+
+Why this improves the plan:
+- You intentionally preflight without lock; that’s good for throughput but introduces race risk.
+- Without a guard, a slower surgical run can overwrite newer data ingested by a concurrent normal sync.
+- This is a correctness bug under contention, not a nice-to-have.
+
+```diff
+@@ ## Design Constraints
++12. **Stale-write protection**: Surgical ingest MUST NOT overwrite fresher local rows. If local `updated_at` is newer than the preflight payload’s `updated_at`, skip that entity and record `skipped_stale`.
+@@ ## Step 7: Create `src/ingestion/surgical.rs`
+-    let labels_created = process_single_issue(conn, config, project_id, issue)?;
++    // Skip stale payloads to avoid TOCTOU overwrite after unlocked preflight.
++    if is_local_newer_issue(conn, project_id, issue.iid, issue.updated_at)? {
++        result.skipped_stale += 1;
++        return Ok(result);
++    }
++    let labels_created = process_single_issue(conn, config, project_id, issue)?;
+@@
++// same guard for MR path
+@@ ## Step 15: Update `SyncResult`
++    /// Entities skipped because local row was newer than preflight payload
++    pub skipped_stale: usize,
+@@ ### Edge cases to verify:
++38. **TOCTOU safety**: if a normal sync updates entity after preflight but before ingest, surgical run skips stale payload (no overwrite)
+```
+
+---
+
+3. **Make dirty-source scoping exact (do not capture pre-existing rows for same entity)**
+
+Why this improves the plan:
+- Current “query dirty rows by `source_id` after ingest” can accidentally include older dirty rows for the same entity.
+- That silently violates strict run scoping and can delete unrelated backlog rows.
+- You can fix this without adding `origin_run_id` to `dirty_sources` (which you already rejected).
+
+```diff
+@@ ## Step 7: Create `src/ingestion/surgical.rs`
+-    // Collect dirty_source rows for this entity
+-    let mut stmt = conn.prepare(
+-        "SELECT id FROM dirty_sources WHERE source_type = 'issue' AND source_id = ?1"
+-    )?;
++    // Capture only rows inserted by THIS call using high-water mark.
++    let before_dirty_id: i64 = conn.query_row(
++        "SELECT COALESCE(MAX(id), 0) FROM dirty_sources",
++        [], |r| r.get(0),
++    )?;
++    // ... call process_single_issue ...
++    let mut stmt = conn.prepare(
++        "SELECT id FROM dirty_sources
++         WHERE id > ?1 AND source_type = 'issue' AND source_id = ?2"
++    )?;
+@@
++    // same pattern for MR
+@@ ### 1d. Scoping invariant tests
++#[test]
++fn surgical_docs_scope_ignores_preexisting_dirty_rows_for_same_entity() {
++    // pre-insert dirty row for iid=7, then surgical ingest iid=7
++    // assert result.dirty_source_ids only contains newly inserted rows
++}
+```
+
+---
+
+4. **Fix embed-stage leakage when `--no-docs` is used in surgical mode**
+
+Why this improves the plan:
+- Current design can run global embed even when docs stage is skipped, which may embed unrelated backlog docs.
+- That breaks the surgical “scope only this run” promise.
+- This is both correctness and operator-trust critical.
+
+```diff
+@@ ## Step 9: Create `run_sync_surgical`
+-        if !options.no_embed {
++        // Surgical embed only runs when surgical docs actually regenerated docs in this run.
++        if !options.no_embed && !options.no_docs && result.documents_regenerated > 0 {
+@@ ## Step 4: Wire new fields in `handle_sync_cmd`
++        if options.is_surgical() && options.no_docs && !options.no_embed {
++            return Err(Box::new(LoreError::Other(
++                "In surgical mode, --no-docs requires --no-embed (to preserve scoping guarantees)".to_string()
++            )));
++        }
+@@ ### For me to evaluate
++39. **No embed leakage**: `sync --issue X --no-docs` never embeds unrelated unembedded docs
+```
+
+---
+
+5. **Add queue-failure hygiene so scoped jobs do not leak forever**
+
+Why this improves the plan:
+- Scoped drains prevent accidental processing, but failed runs can strand pending jobs permanently.
+- You need explicit terminalization (`aborted`) and optional replay mechanics.
+- Otherwise queue bloat and confusing diagnostics accumulate.
+
+```diff
+@@ ## Step 8a: Add `sync_runs` table migration
++ALTER TABLE dependent_queue ADD COLUMN aborted_reason TEXT;
++-- status domain now includes: pending, claimed, done, failed, aborted
+@@ ## Step 9: run_sync_surgical failure paths
++// On run failure/cancel:
++conn.execute(
++  "UPDATE dependent_queue
++   SET status='aborted', aborted_reason=?1
++   WHERE project_id=?2 AND scope_run_id=?3 AND status='pending'",
++  rusqlite::params![failure_summary, project_id, run_id],
++)?;
+@@ ## Acceptance Criteria
++40. **No stranded scoped jobs**: failed surgical runs leave no `pending` rows for their `scope_run_id`
+```
+
+---
+
+6. **Persist per-entity lifecycle (`sync_run_entities`) for real observability and deterministic retry**
+
+Why this improves the plan:
+- `sync_runs` alone gives aggregate counters but not which IID failed at which stage.
+- Per-entity records make retries deterministic and robot output far more useful.
+- This is the missing piece for your stated “deterministic retry decisions.”
+
+```diff
+@@ ## Step 8a: Add `sync_runs` table migration
++CREATE TABLE IF NOT EXISTS sync_run_entities (
++  id INTEGER PRIMARY KEY,
++  run_id TEXT NOT NULL REFERENCES sync_runs(run_id),
++  entity_type TEXT NOT NULL CHECK(entity_type IN ('issue','merge_request')),
++  iid INTEGER NOT NULL,
++  stage TEXT NOT NULL,
++  status TEXT NOT NULL CHECK(status IN ('ok','failed','skipped_stale')),
++  error_code TEXT,
++  error_message TEXT,
++  updated_at INTEGER NOT NULL
++);
++CREATE INDEX IF NOT EXISTS idx_sync_run_entities_run ON sync_run_entities(run_id, entity_type, iid);
+@@ ## Step 15: Update `SyncResult`
++    pub failed_iids: Vec<(String, u64)>,
++    pub skipped_stale_iids: Vec<(String, u64)>,
+@@ ## CLI Interface
++lore --robot sync-runs --run-id <id>
++lore --robot sync-runs --run-id <id> --retry-failed
+```
+
+---
+
+7. **Use explicit error type for surgical preflight failures (not `LoreError::Other`)**
+
+Why this improves the plan:
+- `Other(String)` loses machine semantics, weakens robot mode, and leads to bad exit-code behavior.
+- A typed error preserves structured failures and enables actionable recovery commands.
+
+```diff
+@@ ## Step 9: run_sync_surgical
+-            return Err(LoreError::Other(
+-                format!("Surgical preflight failed for {} of {} IIDs: {}", ...)
+-            ).into());
++            return Err(LoreError::SurgicalPreflightFailed {
++                run_id: run_id.to_string(),
++                total: total_items,
++                failures: preflight.failures.clone(),
++            }.into());
+@@ ## Step 15: Update `SyncResult`
++    /// Machine-actionable error summary for robot mode
++    pub error_code: Option<String>,
+@@ ## Acceptance Criteria
++41. **Typed failure**: preflight failures serialize structured errors (not generic `Other`) with machine-usable codes/actions
+```
+
+---
+
+8. **Strengthen tests for rollback, contention, and stale-skip guarantees**
+
+Why this improves the plan:
+- Current tests cover many happy-paths and scoping invariants, but key race/rollback behaviors are still under-tested.
+- These are exactly where regressions will appear first in production.
+
+```diff
+@@ ## Step 1: TDD — Write Failing Tests First
++### 1f. Transactional rollback + TOCTOU tests
++1. `preflight_success_then_ingest_failure_rolls_back_all_content_writes`
++2. `stale_payload_is_skipped_when_local_updated_at_is_newer`
++3. `failed_run_aborts_pending_scoped_jobs`
++4. `surgical_no_docs_requires_no_embed`
+@@ ### Automated scoping invariants
+-38. **Scoped queue/docs invariants are enforced by automated tests**
++42. **Rollback and race invariants are enforced by automated tests** (no partial writes on ingest failure, no stale overwrite)
+```
+
+---
+
+These eight revisions keep your core approach intact, avoid your explicitly rejected ideas, and close the biggest correctness/operability gaps before implementation.

docs/plan-surgical-sync.feedback-5.md

@@ -0,0 +1,130 @@
+**Critical Gaps In Current Plan**
+1. `dirty_sources` scoping is based on `id`, but `dirty_sources` has no `id` column and uses `(source_type, source_id)` UPSERT semantics.
+2. Plan assumes a new `dependent_queue` with `status`, but current code uses `pending_dependent_fetches` (delete-on-complete), so queue-scoping design conflicts with existing invariants.
+3. Constraint 6 says all remote fetches happen before any content writes, but the proposed surgical flow fetches discussions/events/diffs after ingest writes.
+4. `sync_runs` is already an existing table and already used by `SyncRunRecorder`; the plan currently treats it like a new table.
+
+**Best Revisions**
+
+1. **Fix dirty-source scoping to match real schema (queued-at watermark, not `id` high-water).**  
+Why this is better: This removes a correctness bug and makes same-entity re-ingest deterministic under UPSERT behavior.
+
+```diff
+@@ Design Constraints
+-2. Dirty queue scoping: ... capture MAX(id) FROM dirty_sources ... run_generate_docs_for_dirty_ids ...
++2. Dirty queue scoping: `dirty_sources` is keyed by `(source_type, source_id)` and updated via UPSERT.
++   Surgical scoping MUST use:
++   1) a run-level `run_dirty_floor_ms` captured before surgical ingest, and
++   2) explicit touched source keys from ingest (`(source_type, source_id)`).
++   Surgical docs MUST call a scoped API (e.g. `run_generate_docs_for_sources`) and MUST NOT drain global dirty queue.
+@@ Step 9a
+-pub fn run_generate_docs_for_dirty_ids(config: &Config, dirty_source_ids: &[i64]) -> Result<GenerateDocsResult>
++pub fn run_generate_docs_for_sources(config: &Config, sources: &[(SourceType, i64)]) -> Result<GenerateDocsResult>
+```
+
+2. **Bypass shared dependent queue in surgical mode; run dependents inline per target.**  
+Why this is better: Avoids queue migration churn, avoids run-scope conflicts with existing unique constraints, and removes orphan-job hygiene complexity entirely.
+
+```diff
+@@ Design Constraints
+-4. Dependent queue scoping: ... scope_run_id indexed column on dependent_queue ...
++4. Surgical dependent execution: surgical mode MUST bypass `pending_dependent_fetches`.
++   Dependents (resource_events, mr_closes_issues, mr_diffs) run inline for targeted entities only.
++   Global queue remains for normal sync only.
+@@ Design Constraints
+-14. Queue failure hygiene: ... pending scoped jobs ... terminalized to aborted ...
++14. Surgical failure hygiene: surgical mode MUST leave no queue artifacts because it does not enqueue dependent jobs.
+@@ Step 9b / 9c / Step 13
+-Implement scoped drain helpers and enqueue_job scope_run_id plumbing
++Replace with direct per-entity helpers in ingestion layer:
++  - sync_issue_resource_events_direct(...)
++  - sync_mr_resource_events_direct(...)
++  - sync_mr_closes_issues_direct(...)
++  - sync_mr_diffs_direct(...)
+```
+
+3. **Clarify atomicity contract to “primary-entity atomicity” (remove contradiction).**  
+Why this is better: Keeps strong zero-write guarantees for missing IIDs while matching practical staged pipeline behavior.
+
+```diff
+@@ Design Constraints
+-6. Preflight-then-commit (content-plane): All remote fetches happen BEFORE any writes to content tables ...
++6. Primary-entity atomicity: all requested issue/MR payload fetches complete before first content write.
++   If any primary IID fetch fails, primary ingest does zero content writes.
++   Dependent stages (discussions/events/diffs/closes) are post-ingest and best-effort, with structured per-stage failure reporting.
+```
+
+4. **Extend existing `sync_runs` schema instead of redefining it.**  
+Why this is better: Preserves compatibility with current `SyncRunRecorder`, `sync_status`, and existing historical data.
+
+```diff
+@@ Step 8a
+-Add `sync_runs` table migration (CREATE TABLE sync_runs ...)
++Add migration 027 to extend existing `sync_runs` table:
++  - ADD COLUMN mode TEXT NULL            -- 'standard' | 'surgical'
++  - ADD COLUMN phase TEXT NULL           -- preflight|ingest|dependents|docs|embed|done|failed
++  - ADD COLUMN surgical_summary_json TEXT NULL
++Reuse `SyncRunRecorder` row lifecycle; do not introduce a parallel run-ledger model.
+```
+
+5. **Strengthen TOCTOU stale protection for equal timestamps.**  
+Why this is better: Prevents regressions when `updated_at` is equal but a fresher local fetch already happened.
+
+```diff
+@@ Design Constraints
+-13. ... If local `updated_at` is newer than preflight payload `updated_at`, skip ...
++13. ... Skip stale when:
++    a) local.updated_at > payload.updated_at, OR
++    b) local.updated_at == payload.updated_at AND local.last_seen_at > preflight_started_at_ms.
++    This prevents equal-timestamp regressions under concurrent sync.
+@@ Step 1f tests
++Add test: `equal_updated_at_but_newer_last_seen_is_skipped`.
+```
+
+6. **Shrink lock window further: release `sync` lock before embed; use dedicated embed lock.**  
+Why this is better: Prevents long embedding from blocking unrelated syncs and avoids concurrent embed writers.
+
+```diff
+@@ Design Constraints
+-11. Lock ... held through all mutation stages.
++11. Lock ... held through ingest/dependents/docs only.
++    Release `AppLock("sync")` before embed.
++    Embed stage uses `AppLock("embed")` for single-flight embedding writes.
+@@ Step 9
+-Embed runs inside the same sync lock window
++Embed runs after sync lock release, under dedicated embed lock
+```
+
+7. **Add the missing `sync-runs` robot read path (the plan references it but doesn’t define it).**  
+Why this is better: Makes durable run-state actually useful for recovery automation and observability.
+
+```diff
+@@ Step 14 (new)
++## Step 14a: Add `sync-runs` read command
++
++CLI:
++  lore --robot sync-runs --limit 20
++  lore --robot sync-runs --run-id <id>
++  lore --robot sync-runs --state failed
++
++Robot response fields:
++  run_id, mode, phase, status, started_at, finished_at, counters, failures, suggested_retry_command
+```
+
+8. **Add URL-native surgical targets (`--issue-url`, `--mr-url`) with project inference.**  
+Why this is better: Much more agent-friendly and reduces project-resolution errors from copy/paste workflows.
+
+```diff
+@@ CLI Interface
+ lore sync --issue 123 --issue 456 -p myproject
++lore sync --issue-url https://gitlab.example.com/group/proj/-/issues/123
++lore sync --mr-url https://gitlab.example.com/group/proj/-/merge_requests/789
+@@ Step 2
++Add repeatable flags:
++  --issue-url <url>
++  --mr-url <url>
++Parse URL into (project_path, iid). If all targets are URL-derived and same project, `-p` is optional.
++If mixed projects are provided in one command, reject with clear error.
+```
+
+If you want, I can produce a single consolidated patched version of your plan (iteration 5 draft) with these revisions already merged.

docs/plan-surgical-sync.feedback-6.md

@@ -0,0 +1,152 @@
+Highest-impact revisions after reviewing your v5 plan:
+
+1. **Fix a real scoping hole: embed can still process unrelated docs**
+Rationale: Current plan assumes scoped docs implies scoped embed, but that only holds while no other run creates unembedded docs. You explicitly release sync lock before embed, so another sync can enqueue/regenerate docs in between, and `run_embed` may embed unrelated backlog. This breaks surgical isolation and can hide backlog debt.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Design Constraints
+-3. Embed scoping: Embedding runs only for documents regenerated by this surgical run. Because `run_embed` processes only unembedded docs, scoping is automatic IF docs are scoped correctly...
++3. Embed scoping: Embedding MUST be explicitly scoped to documents regenerated by this surgical run.
++   `run_generate_docs_for_sources` returns regenerated `document_ids`; surgical mode calls
++   `run_embed_for_document_ids(document_ids)` and never global `run_embed`.
++   This remains true even after lock release and under concurrent normal sync activity.
+@@ Step 9a: Implement `run_generate_docs_for_sources`
+-pub fn run_generate_docs_for_sources(...) -> Result<GenerateDocsResult> {
++pub fn run_generate_docs_for_sources(...) -> Result<GenerateDocsResult> {
++    // Return regenerated document IDs for scoped embedding.
++    // GenerateDocsResult { regenerated, errored, regenerated_document_ids: Vec<i64> }
+@@ Step 9: Embed stage
+- match run_embed(config, false, false, None, signal).await {
++ match run_embed_for_document_ids(config, &result.regenerated_document_ids, signal).await {
+```
+
+2. **Make run-ledger lifecycle actually durable (and consistent with your own constraint 10)**
+Rationale: Plan text says “reuse `SyncRunRecorder`”, but Step 9 writes raw SQL directly. That creates lifecycle drift, missing heartbeats, and inconsistent failure handling as code evolves.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Design Constraints
+-10. Durable run state: ... Reuses `SyncRunRecorder` row lifecycle ...
++10. Durable run state: surgical sync MUST use `SyncRunRecorder` end-to-end (no ad-hoc SQL updates).
++    Add recorder APIs for `set_mode`, `set_phase`, `set_counters`, `finish_succeeded`,
++    `finish_failed`, `finish_cancelled`, and periodic `heartbeat`.
+@@ Step 9: Create `run_sync_surgical`
+- conn.execute("INSERT INTO sync_runs ...")
+- conn.execute("UPDATE sync_runs SET phase = ...")
++ let mut recorder = SyncRunRecorder::start_surgical(...)?;
++ recorder.set_phase("preflight")?;
++ recorder.heartbeat_if_due()?;
++ recorder.set_phase("ingest")?;
++ ...
++ recorder.finish_succeeded_with_warnings(...)?;
+```
+
+3. **Add explicit `cancelled` terminal state**
+Rationale: Current early cancellation branches return `Ok(result)` without guaranteed run-row finalization. That leaves misleading `running` rows and weak crash diagnostics.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Design Constraints
++15. Cancellation semantics: If shutdown is observed after run start, phase is set to `cancelled`,
++    status is `cancelled`, `finished_at` is written, and lock is released before return.
+@@ Step 8a migration
++ALTER TABLE sync_runs ADD COLUMN warnings_count INTEGER NOT NULL DEFAULT 0;
++ALTER TABLE sync_runs ADD COLUMN cancelled_at INTEGER;
+@@ Acceptance Criteria
++47. Cancellation durability: Ctrl+C during surgical sync records `status='cancelled'`,
++    `phase='cancelled'`, and `finished_at` in `sync_runs`.
+```
+
+4. **Reduce lock contention further by separating dependent fetch and dependent write**
+Rationale: You currently hold lock through network-heavy dependent stages. That maximizes contention and increases lock timeout risk. Better: fetch dependents unlocked, write in short locked transactions with per-entity freshness guards.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Design Constraints
+-11. Lock window minimization: ... held through ingest, dependents, and docs stages.
++11. Lock window minimization: lock is held only for DB mutation windows.
++    Dependents run in two phases:
++    (a) fetch from GitLab without lock,
++    (b) write results under lock in short transactions.
++    Apply per-entity freshness checks before dependent writes.
+@@ Step 9: Dependent stages
+- // All dependents run INLINE per-entity ... while lock is held
++ // Dependents fetch outside lock, then write under lock with CAS-style watermark guards.
+```
+
+5. **Introduce stage timeout budgets to prevent hung surgical runs**
+Rationale: A single slow GitLab endpoint can stall the whole run and hold resources too long. Timeout budgets plus per-entity failure recording keep the run bounded and predictable.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Design Constraints
++16. Stage timeout budgets: each dependent fetch has a per-entity timeout and a global stage budget.
++    Timed-out entities are recorded in `entity_failures` with code `TIMEOUT` and run continues best-effort.
+@@ Step 9 notes
++ - Wrap dependent network calls with `tokio::time::timeout`.
++ - Add config knobs:
++   `sync.surgical_entity_timeout_seconds` (default 20),
++   `sync.surgical_dependents_budget_seconds` (default 120).
+```
+
+6. **Add payload integrity checks (project mismatch hard-fail)**
+Rationale: Surgical mode is precision tooling. If API/proxy misconfiguration returns payloads from wrong project, you should fail preflight loudly, not trust downstream assumptions.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Step 7: preflight_fetch
++ // Integrity check: payload.project_id must equal requested gitlab_project_id.
++ // On mismatch, record EntityFailure { code: "PROJECT_MISMATCH", stage: "fetch" }.
+@@ Step 9d: error codes
++PROJECT_MISMATCH -> usage/config data integrity failure (typed, machine-readable)
+@@ Acceptance Criteria
++48. Project integrity: payloads with unexpected `project_id` are rejected in preflight
++    and produce zero content writes.
+```
+
+7. **Upgrade robot output from aggregate-only to per-entity lifecycle**
+Rationale: `entity_failures` alone is not enough for robust automation. Agents need a complete entity outcome map (fetched, ingested, stale-skipped, dependent failures) to retry deterministically.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Step 15: Update `SyncResult`
++pub struct EntityOutcome {
++    pub entity_type: String,
++    pub iid: u64,
++    pub fetched: bool,
++    pub ingested: bool,
++    pub stale_skipped: bool,
++    pub dependent_failures: Vec<EntityFailure>,
++}
+@@
++pub entity_outcomes: Vec<EntityOutcome>,
++pub completion_status: String, // succeeded | succeeded_with_warnings | failed | cancelled
+@@ Robot mode
+- enables agents to detect partial failures via `entity_failures`
++ enables deterministic, per-IID retry and richer UI messaging.
+```
+
+8. **Index `sync_runs` for real observability at scale**
+Rationale: You’re adding mode/phase/counters and then querying recent surgical runs. Without indexes, this degrades as run history grows.
+```diff
+diff --git a/plan.md b/plan.md
+@@ Step 8a migration
++CREATE INDEX IF NOT EXISTS idx_sync_runs_mode_started
++    ON sync_runs(mode, started_at DESC);
++CREATE INDEX IF NOT EXISTS idx_sync_runs_status_phase_started
++    ON sync_runs(status, phase, started_at DESC);
+```
+
+9. **Add tests specifically for the new failure-prone paths**
+Rationale: Current tests are strong on ingest and scoping, but still miss new high-risk runtime behavior (cancel state, timeout handling, scoped embed under concurrency).
+```diff
+diff --git a/plan.md b/plan.md
+@@ Step 1f tests
++#[tokio::test]
++async fn cancellation_marks_sync_run_cancelled() { ... }
++
++#[tokio::test]
++async fn dependent_timeout_records_entity_failure_and_continues() { ... }
++
++#[tokio::test]
++async fn scoped_embed_does_not_embed_unrelated_docs_created_after_docs_stage() { ... }
+@@ Acceptance Criteria
++49. Scoped embed isolation under concurrency is verified by automated test.
++50. Timeout path is verified (TIMEOUT code + continued processing).
+```
+
+These revisions keep your core direction intact, avoid every rejected recommendation, and materially improve correctness under concurrency, operational observability, and agent automation quality.

docs/prd-per-note-search.feedback-6.md

@@ -0,0 +1,131 @@
+1. **Make immutable identity usable now (`--author-id`)**
+Why: The plan captures `author_id` but intentionally defers using it, so the core longitudinal-analysis problem is only half-fixed.
+
+```diff
+@@ Phase 1: `lore notes` Command / Work Chunk 1A
+ pub struct NoteListFilters<'a> {
++    pub author_id: Option<i64>,         // immutable identity filter
+@@
+-    pub author: Option<&'a str>,          // case-insensitive match via COLLATE NOCASE
++    pub author: Option<&'a str>,          // display-name filter
++    // If both author and author_id are provided, apply both (AND) for precision.
+ }
+@@
+ Filter mappings:
++ - `author_id`: `n.author_id = ?` (exact immutable identity)
+  - `author`: strip `@` prefix, `n.author_username = ? COLLATE NOCASE`
+@@ Phase 1 / Work Chunk 1B (CLI)
++ /// Filter by immutable author id
++ #[arg(long = "author-id", help_heading = "Filters")]
++ pub author_id: Option<i64>,
+@@ Phase 2 / Work Chunk 2F
++ Add `--author-id` support to `lore search` filtering for note documents.
+@@ Phase 1 / Work Chunk 1E
++ CREATE INDEX IF NOT EXISTS idx_notes_project_author_id_created
++ ON notes(project_id, author_id, created_at DESC, id DESC)
++ WHERE is_system = 0 AND author_id IS NOT NULL;
+```
+
+2. **Fix document staleness on username changes**
+Why: Current plan says username changes are “not semantic,” but note documents include username in content/title, so docs go stale/inconsistent.
+
+```diff
+@@ Work Chunk 0D: Immutable Author Identity Capture
+- Assert: changed_semantics = false (username change is not a semantic change for documents)
++ Assert: changed_semantics = true (username affects note document content/title)
+@@ Work Chunk 0A: semantic-change detection
+- old_body != body || old_note_type != note_type || ...
++ old_body != body || old_note_type != note_type || ...
++ || old_author_username != author_username
+@@ Work Chunk 2C: Note Document Extractor header
+     author: @{author}
++    author_id: {author_id}
+```
+
+3. **Replace `last_seen_at` sweep marker with monotonic `sync_run_id`**
+Why: Timestamp markers are vulnerable to clock skew and concurrent runs; run IDs are deterministic and safer.
+
+```diff
+@@ Phase 0: Stable Note Identity
++ ### Work Chunk 0E: Monotonic Run Marker
++ Add `sync_runs` table and `notes.last_seen_run_id`.
++ Ingest assigns one run_id per sync transaction.
++ Upsert sets `last_seen_run_id = current_run_id`.
++ Sweep condition becomes `last_seen_run_id < current_run_id` (when fetch_complete=true).
+@@ Work Chunk 0C
+- fetch_complete + last_seen_at-based sweep
++ fetch_complete + run_id-based sweep
+```
+
+4. **Materialize stale-note set once during sweep**
+Why: Current set-based SQL still re-runs the stale subquery 3 times; materializing once improves performance and guarantees identical deletion set.
+
+```diff
+@@ Work Chunk 0B: Immediate Deletion Propagation
+- DELETE FROM documents ... IN (SELECT id FROM notes WHERE ...);
+- DELETE FROM dirty_sources ... IN (SELECT id FROM notes WHERE ...);
+- DELETE FROM notes WHERE ...;
++ CREATE TEMP TABLE _stale_note_ids AS
++ SELECT id, is_system FROM notes WHERE discussion_id = ? AND last_seen_run_id < ?;
++ DELETE FROM documents
++  WHERE source_type='note' AND source_id IN (SELECT id FROM _stale_note_ids WHERE is_system=0);
++ DELETE FROM dirty_sources
++  WHERE source_type='note' AND source_id IN (SELECT id FROM _stale_note_ids WHERE is_system=0);
++ DELETE FROM notes WHERE id IN (SELECT id FROM _stale_note_ids);
++ DROP TABLE _stale_note_ids;
+```
+
+5. **Move historical note backfill out of migration into resumable runtime job**
+Why: Data-heavy migration can block startup and is harder to resume/recover on large DBs.
+
+```diff
+@@ Work Chunk 2H
+- Backfill Existing Notes After Upgrade (Migration 024)
++ Backfill Existing Notes After Upgrade (Resumable Runtime Backfill)
+@@
+- Files: `migrations/024_note_dirty_backfill.sql`, `src/core/db.rs`
++ Files: `src/documents/backfill.rs`, `src/cli/commands/generate_docs.rs`
+@@
+- INSERT INTO dirty_sources ... SELECT ... FROM notes ...
++ Introduce batched backfill API:
++ `enqueue_missing_note_documents(batch_size: usize) -> BackfillProgress`
++ invoked from `generate-docs`/`sync` until complete, resumable across runs.
+```
+
+6. **Add streaming path for large `jsonl`/`csv` note exports**
+Why: Current `query_notes` materializes full result set in memory; streaming improves scalability and latency.
+
+```diff
+@@ Work Chunk 1A
++ Add `query_notes_stream(conn, filters, row_handler)` for forward-only row iteration.
+@@ Work Chunk 1C
+- print_list_notes_jsonl(&result)
+- print_list_notes_csv(&result)
++ print_list_notes_jsonl_stream(config, filters)
++ print_list_notes_csv_stream(config, filters)
++ (table/json keep counted buffered path)
+```
+
+7. **Add index for path-centric note queries**
+Why: `--path` + project/date queries are a stated hot path and not fully covered by current proposed indexes.
+
+```diff
+@@ Work Chunk 1E: Composite Query Index
++ CREATE INDEX IF NOT EXISTS idx_notes_project_path_created
++ ON notes(project_id, position_new_path, created_at DESC, id DESC)
++ WHERE is_system = 0 AND position_new_path IS NOT NULL;
+```
+
+8. **Add property/invariant tests (not only examples)**
+Why: This feature touches ingestion identity, sweeping, deletion propagation, and document regeneration; randomized invariants will catch subtle regressions.
+
+```diff
+@@ Verification Checklist
++ Add property tests (proptest):
++ - stable local IDs across randomized re-sync orderings
++ - no orphan `documents(source_type='note')` after randomized deletions/sweeps
++ - partial-fetch runs never reduce note count
++ - repeated full rebuild converges (fixed-point idempotence)
+```
+
+These revisions keep your existing direction, avoid all rejected items, and materially improve correctness, scale behavior, and long-term maintainability.

docs/user-journeys.md

@@ -0,0 +1,541 @@
+# Lore CLI User Journeys
+
+## Purpose
+
+Map realistic workflows for both human users and AI agents to identify gaps in the command surface and optimization opportunities. Each journey starts with a **problem** and traces the commands needed to reach a **resolution**.
+
+---
+
+## Part 1: Human User Flows
+
+### H1. Morning Standup Prep
+
+**Problem:** "What happened since yesterday? I need to know what moved before standup."
+
+**Flow:**
+```
+lore sync -q                              # Refresh data (quiet, no noise)
+lore issues -s opened --since 1d          # Issues that changed overnight
+lore mrs -s opened --since 1d             # MRs that moved
+lore who @me                              # My current workload snapshot
+```
+
+**Gap identified:** No single "activity feed" command. User runs 3 queries to get what should be one view. No `--since 1d` shorthand for "since yesterday." No `@me` alias for the authenticated user.
+
+---
+
+### H2. Sprint Planning: What's Ready to Pick Up?
+
+**Problem:** "We're planning the next sprint. What's open, unassigned, and actionable?"
+
+**Flow:**
+```
+lore issues -s opened -p myproject        # All open issues
+lore issues -s opened -l "ready"          # Issues labeled ready
+lore issues -s opened --has-due           # Issues with deadlines approaching
+lore count issues -p myproject            # How many total?
+```
+
+**Gap identified:** No way to filter by "unassigned" issues (missing `--no-assignee` flag). No way to sort by due date. No way to see priority/weight. Can't combine filters like "opened AND no assignee AND has due date."
+
+---
+
+### H3. Investigating a Production Incident
+
+**Problem:** "Deploy broke prod. I need the full timeline of what changed around the deploy."
+
+**Flow:**
+```
+lore sync -q                              # Get latest
+lore timeline "deploy" --since 7d         # What happened around deploys
+lore search "deploy" --type mr            # MRs mentioning deploy
+lore mrs 456                              # Inspect the suspicious MR
+lore who --overlap src/deploy/            # Who else touches deploy code
+```
+
+**Gap identified:** Timeline is keyword-based, not event-based. Can't filter by "MRs merged in the last 24 hours" directly. No way to see which MRs were merged between two dates (release diff). Would benefit from `lore mrs -s merged --since 1d`.
+
+---
+
+### H4. Preparing to Review Someone's MR
+
+**Problem:** "I was assigned to review MR !789. I need context before diving in."
+
+**Flow:**
+```
+lore mrs 789                              # Read the MR description + discussions
+lore mrs 789 -o                           # Open in browser for the actual diff
+lore who src/features/auth/               # Who are the experts in this area?
+lore search "auth refactor" --type issue  # Related issues for background
+lore timeline "authentication"            # History of auth changes
+```
+
+**Gap identified:** No way to see the file list touched by an MR from the CLI (data is stored in `mr_file_changes` but not surfaced). No way to link an MR back to its closing issue(s) from the MR detail view. The cross-reference data exists in `entity_references` but isn't shown in `mrs <iid>` output.
+
+---
+
+### H5. Onboarding to an Unfamiliar Code Area
+
+**Problem:** "I'm new to the team and need to understand how the billing module works."
+
+**Flow:**
+```
+lore search "billing" -n 20               # What exists about billing?
+lore who src/billing/                      # Who knows billing best?
+lore timeline "billing" --depth 2         # History of billing changes
+lore mrs -s merged -l billing --since 6m  # Recent merged billing work
+lore issues -s opened -l billing          # Outstanding billing issues
+```
+
+**Gap identified:** No way to get a "module overview" in one command. The search spans issues, MRs, and discussions but doesn't summarize by category. No way to see the most-discussed or most-referenced entities (high-signal items for understanding).
+
+---
+
+### H6. Finding the Right Reviewer for My PR
+
+**Problem:** "I'm about to submit a PR touching auth and payments. Who should review?"
+
+**Flow:**
+```
+lore who src/features/auth/               # Auth experts
+lore who src/features/payments/           # Payment experts
+lore who @candidate1                      # Check candidate1's workload
+lore who @candidate2                      # Check candidate2's workload
+```
+
+**Gap identified:** No way to query multiple paths at once (`lore who src/auth/ src/payments/`). No way to find the intersection of expertise. No workload-aware recommendation ("who knows this AND has bandwidth"). Four separate commands for what should be one decision.
+
+---
+
+### H7. Understanding Why a Feature Was Built This Way
+
+**Problem:** "This code is weird. Why was it implemented like this? What was the original discussion?"
+
+**Flow:**
+```
+lore search "feature-name rationale"      # Search for decision context
+lore timeline "feature-name" --depth 2    # Full history with cross-refs
+lore issues 234                           # Read the original issue
+lore mrs 567                              # Read the implementation MR
+```
+
+**Gap identified:** No way to search within a specific issue's or MR's discussion notes. The search covers documents (titles + descriptions) but per-note search isn't available yet (PRD exists). No way to navigate "issue 234 was closed by MR 567" without manually knowing both IDs.
+
+---
+
+### H8. Checking Team Workload Before Assigning Work
+
+**Problem:** "I need to assign this urgent bug. Who has the least on their plate?"
+
+**Flow:**
+```
+lore who @alice                           # Alice's workload
+lore who @bob                             # Bob's workload
+lore who @carol                           # Carol's workload
+lore who @dave                            # Dave's workload
+```
+
+**Gap identified:** No team-level workload view. Must query each person individually. No way to list "all assignees and their open issue counts." No concept of a team roster. Would benefit from `lore who --team` or `lore workload`.
+
+---
+
+### H9. Preparing Release Notes
+
+**Problem:** "We're cutting a release. I need to summarize what's in this version."
+
+**Flow:**
+```
+lore mrs -s merged --since 2w -p myproject   # MRs merged since last release
+lore issues -s closed --since 2w -p myproject # Issues closed since last release
+lore mrs -s merged -l feature --since 2w      # Feature MRs specifically
+lore mrs -s merged -l bugfix --since 2w       # Bugfix MRs
+```
+
+**Gap identified:** No way to filter by milestone (for version-based releases). Wait -- `issues` has `-m` for milestone but `mrs` does not. No changelog generation. No "what closed between tag A and tag B." No grouping by label for release note categories.
+
+---
+
+### H10. Finding and Closing Stale Issues
+
+**Problem:** "Our backlog is bloated. Which issues haven't been touched in months?"
+
+**Flow:**
+```
+lore issues -s opened --sort updated --asc -n 50  # Oldest-updated first
+# Then manually inspect each one...
+lore issues 42                                      # Is this still relevant?
+```
+
+**Gap identified:** No `--before` or `--updated-before` filter (only `--since` exists). Can sort ascending but can't filter "not updated in 90 days." No staleness indicator. No bulk operations concept.
+
+---
+
+### H11. Understanding a Bug's Full History
+
+**Problem:** "Bug #321 keeps getting reopened. I need to understand its entire lifecycle."
+
+**Flow:**
+```
+lore issues 321                           # Read the issue
+lore timeline "bug-keyword" -p myproject  # Try to find timeline events
+# But timeline is keyword-based, not entity-based...
+```
+
+**Gap identified:** No way to get a timeline for a specific entity by IID. `lore timeline` requires a keyword query, not an entity reference. Would benefit from `lore timeline --issue 321` or `lore timeline --mr 456` to get the event history of a specific entity directly.
+
+---
+
+### H12. Identifying Who to Ask About Failing Tests
+
+**Problem:** "CI tests are failing in `src/lib/parser.rs`. Who last touched this?"
+
+**Flow:**
+```
+lore who src/lib/parser.rs                # Expert lookup
+lore who --overlap src/lib/parser.rs      # Who else has touched it
+lore search "parser" --type mr --since 2w # Recent MRs touching parser
+```
+
+**Gap identified:** Expert mode uses DiffNote analysis (code review comments), not actual file change tracking. The `mr_file_changes` table has the real data but `who` doesn't use it for attribution. Could be much more accurate with file-change-based expertise.
+
+---
+
+### H13. Tracking a Feature Across Multiple MRs
+
+**Problem:** "The 'dark mode' feature spans 5 MRs. I need to see them all together."
+
+**Flow:**
+```
+lore mrs -l dark-mode                     # MRs with the label
+lore issues -l dark-mode                  # Related issues
+lore timeline "dark mode" --depth 2       # Cross-referenced events
+```
+
+**Gap identified:** Works reasonably well with labels as the grouping mechanism. But if the team didn't label consistently, there's no way to discover related MRs by content similarity. No "related items" view that combines issues + MRs + discussions for a topic.
+
+---
+
+### H14. Checking if a Similar Fix Was Already Attempted
+
+**Problem:** "Before I implement this fix, was something similar tried before?"
+
+**Flow:**
+```
+lore search "memory leak connection pool" # Semantic search
+lore search "connection pool" --type mr -s all  # Wait, no state filter on search
+lore mrs -s closed -l bugfix              # Closed bugfix MRs (coarse)
+lore timeline "connection pool"           # Historical context
+```
+
+**Gap identified:** Search doesn't have a `--state` filter. Can't search only closed/merged items. The semantic search is powerful but can't be combined with entity state. Would benefit from `--state merged` on search to find past attempts.
+
+---
+
+### H15. Reviewing Discussions That Need My Attention
+
+**Problem:** "Which discussion threads am I involved in that are still unresolved?"
+
+**Flow:**
+```
+lore who --active                         # All active unresolved discussions
+lore who --active --since 30d             # Wider window
+# But can't filter to "discussions I'm in"...
+```
+
+**Gap identified:** `--active` shows all unresolved discussions, not filtered by participant. No way to say "show me discussions where @me participated." No notification/mention tracking. No "my unresolved threads" view.
+
+---
+
+## Part 2: AI Agent Flows
+
+### A1. Context Gathering Before Code Modification
+
+**Problem:** Agent is about to modify `src/features/auth/session.rs` and needs full context.
+
+**Flow:**
+```
+lore -J health                            # Pre-flight check
+lore -J who src/features/auth/            # Who knows this area
+lore -J search "auth session" -n 10       # Related issues/MRs
+lore -J mrs -s merged --since 3m -l auth  # Recent auth changes
+lore -J who --overlap src/features/auth/session.rs  # Concurrent work risk
+```
+
+**Gap identified:** No way to check "are there open MRs touching this file right now?" The overlap mode shows historical touches, not active branches. An agent needs to know about in-flight changes to avoid conflicts.
+
+---
+
+### A2. Auto-Triaging an Incoming Issue
+
+**Problem:** Agent receives a new issue and needs to categorize it, find related work, and suggest assignees.
+
+**Flow:**
+```
+lore -J issues 999                        # Read the new issue
+lore -J search "$(extract_keywords)" --explain  # Find similar past issues
+lore -J who src/affected/path/            # Suggest experts as assignees
+lore -J issues -s opened -l same-label    # Check for duplicates
+```
+
+**Gap identified:** No way to get just the description text for programmatic keyword extraction. `issues <iid>` returns full detail including discussions. Agent must parse the full response to extract the description for a secondary search. Would benefit from `--fields description` on detail view. No duplicate detection built in.
+
+---
+
+### A3. Generating Sprint Status Report
+
+**Problem:** Agent needs to produce a weekly status report for the team.
+
+**Flow:**
+```
+lore -J issues -s closed --since 1w --fields minimal  # Completed work
+lore -J issues -s opened --status "In progress"        # In-flight work
+lore -J mrs -s merged --since 1w --fields minimal      # Merged PRs
+lore -J mrs -s opened -D --fields minimal              # Open non-draft MRs
+lore -J count issues                                    # Totals
+lore -J count mrs                                       # MR totals
+lore -J who --active --since 1w                         # Discussions needing attention
+```
+
+**Gap identified:** Seven separate queries for one report. No `lore summary` or `lore report` command. No way to get "issues transitioned from X to Y this week" (state change history exists in events but isn't queryable). No velocity metric (issues closed per week trend).
+
+---
+
+### A4. Finding Relevant Prior Art Before Implementing
+
+**Problem:** Agent is implementing a caching layer and wants to find if similar patterns exist in the codebase's GitLab history.
+
+**Flow:**
+```
+lore -J search "caching" --mode hybrid -n 20 --explain
+lore -J search "cache invalidation" --mode hybrid -n 10
+lore -J search "redis" --mode lexical --type discussion   # Exact term in discussions
+lore -J timeline "cache" --since 1y                        # Wait, max is 1y? Let's try 12m
+```
+
+**Gap identified:** No way to search discussion notes individually (per-note search). Discussions are aggregated into documents, so individual note-level matches are lost. The `--explain` flag helps but doesn't show which specific note matched. No `--since 1y` or `--since 12m` duration format.
+
+---
+
+### A5. Building Context for PR Description
+
+**Problem:** Agent wrote code and needs to generate a PR description that references relevant issues.
+
+**Flow:**
+```
+lore -J search "feature description keywords" --type issue
+lore -J issues -s opened -l feature-label --fields iid,title,web_url
+# Cross-reference: which issues does this MR close?
+# No command for this -- must manually scan search results
+```
+
+**Gap identified:** No way to query the `entity_references` table directly. Agent can't ask "which issues reference MR !456" or "which issues contain 'closes #123' in their text." The data exists but isn't exposed as a query surface. Would benefit from `lore refs --mr 456` or `lore refs --issue 123`.
+
+---
+
+### A6. Identifying Affected Experts for Review Assignment
+
+**Problem:** Agent needs to automatically assign reviewers based on the files changed in an MR.
+
+**Flow:**
+```
+lore -J mrs 456                           # Get MR details
+# Parse file paths from response... but file changes aren't in the output
+lore -J who src/path/from/mr/             # Query each path
+lore -J who src/another/path/             # One at a time...
+lore -J who @candidate --fields minimal   # Check workload
+```
+
+**Gap identified:** MR detail view (`mrs <iid>`) doesn't include the file change list from `mr_file_changes`. Agent can't programmatically extract which files an MR touches. Must fall back to GitLab API or guess from description. The `who` command doesn't accept multiple paths. No "auto-reviewer" suggestion combining expertise + availability.
+
+---
+
+### A7. Incident Investigation and Timeline Reconstruction
+
+**Problem:** Agent needs to reconstruct what happened during an outage for a postmortem.
+
+**Flow:**
+```
+lore -J timeline "outage" --since 3d --depth 2 --expand-mentions
+lore -J search "error 500" --since 3d
+lore -J mrs -s merged --since 3d -p production-service
+lore -J issues --status "In progress" -p production-service
+```
+
+**Gap identified:** Timeline is keyword-seeded, which means if the outage wasn't described with that exact term, seeds may miss it. No way to seed a timeline from an entity ID (e.g., "start from issue #321 and expand outward"). No severity/priority filter. No way to correlate with merge times.
+
+---
+
+### A8. Cross-Project Impact Assessment
+
+**Problem:** Agent needs to understand how a breaking API change in project A affects projects B and C.
+
+**Flow:**
+```
+lore -J search "api-endpoint-name" -p project-a
+lore -J search "api-endpoint-name" -p project-b
+lore -J search "api-endpoint-name" -p project-c
+# Or without project filter to search everywhere:
+lore -J search "api-endpoint-name" -n 50
+lore -J timeline "api-endpoint-name" --depth 2
+```
+
+**Gap identified:** Cross-project references in entity_references are tracked but the timeline shows unresolved references for entities not synced locally. No way to see a cross-project dependency map. Search works across projects but doesn't group results by project.
+
+---
+
+### A9. Automated Stale Issue Recommendations
+
+**Problem:** Agent runs weekly to identify issues that should be closed or re-prioritized.
+
+**Flow:**
+```
+lore -J issues -s opened --sort updated --asc -n 100  # Oldest first
+# For each issue, check:
+lore -J issues <iid>                                    # Read details
+lore -J search "<issue title keywords>"                 # Any recent activity?
+```
+
+**Gap identified:** No `--updated-before` filter, so agent must fetch all and filter client-side. No way to detect "issue has no assignee AND no activity in 90 days." The 100-issue limit means pagination is needed for large backlogs, but there's no cursor/offset pagination -- only `--limit`. Agent must do N+1 queries to inspect each candidate.
+
+---
+
+### A10. Code Review Preparation (File-Level Context)
+
+**Problem:** Agent is reviewing MR !789 and needs to understand the history of each changed file.
+
+**Flow:**
+```
+lore -J mrs 789                           # Get MR details
+# Can't get file list from output...
+# Fall back to search by MR title keywords
+lore -J search "feature-from-mr" --type mr
+lore -J who src/guessed/path/             # Expertise for each file
+lore -J who --overlap src/guessed/path/   # Concurrent changes
+```
+
+**Gap identified:** Same as A6 -- `mr_file_changes` data isn't exposed. Agent is blind to the actual files in the MR unless it parses the description or uses the GitLab API directly. This is the single biggest gap for automated code review workflows.
+
+---
+
+### A11. Building a Knowledge Graph of Entity Relationships
+
+**Problem:** Agent wants to map how issues, MRs, and discussions are connected for a feature.
+
+**Flow:**
+```
+lore -J search "feature-name" -n 30
+lore -J timeline "feature-name" --depth 2 --max-entities 100
+# Timeline shows expanded entities and cross-refs, but...
+# No way to query entity_references directly
+# No way to get "all entities that reference issue #123"
+```
+
+**Gap identified:** The `entity_references` table (closes, related, mentioned) is used internally by timeline but isn't queryable as a standalone command. Agent can't ask "what closes issue #123?" or "what does MR !456 reference?" No graph export. Would enable powerful dependency mapping.
+
+---
+
+### A12. Release Readiness Assessment
+
+**Problem:** Agent needs to verify all issues in milestone "v2.0" are closed and MRs are merged.
+
+**Flow:**
+```
+lore -J issues -m "v2.0" -s opened       # Any open issues in milestone?
+lore -J issues -m "v2.0" -s closed       # Closed issues
+# MRs don't have milestone filter...
+lore -J mrs -s opened -l "v2.0"          # Try label as proxy
+lore -J who --active -p myproject        # Unresolved discussions
+```
+
+**Gap identified:** MRs don't have a `--milestone` filter (issues do). No way to check "all MRs linked to issues in milestone v2.0" -- would require joining `entity_references` with issue milestone. No release checklist concept. No way to verify "every issue in this milestone has a closing MR."
+
+---
+
+### A13. Answering "What Changed?" Between Two Points
+
+**Problem:** Agent needs to diff project state between two dates for a stakeholder report.
+
+**Flow:**
+```
+lore -J issues -s closed --since 2w --fields minimal    # Recently closed
+lore -J issues -s opened --since 2w --fields minimal    # Recently opened
+lore -J mrs -s merged --since 2w --fields minimal       # Recently merged
+# But no way to get "issues that CHANGED STATE" in a window
+# An issue opened 3 months ago but closed yesterday won't appear in --since 2w for issues -s opened
+```
+
+**Gap identified:** `--since` filters by `updated_at`, not by "state changed at." An issue closed yesterday but created 6 months ago would appear in `issues -s closed --since 1d` (because updated_at changed), but the semantics are subtle. No explicit "state transitions in time window" query. The resource_state_events table has this data but it's not exposed as a filter.
+
+---
+
+### A14. Meeting Prep: Summarize Recent Activity for a Stakeholder
+
+**Problem:** Agent needs to prepare a 2-minute summary for a project sponsor meeting.
+
+**Flow:**
+```
+lore -J count issues -p project           # Current totals
+lore -J count mrs -p project              # MR totals
+lore -J issues -s closed --since 1w -p project --fields minimal
+lore -J mrs -s merged --since 1w -p project --fields minimal
+lore -J issues -s opened --status "In progress" -p project
+lore -J who --active -p project --since 1w
+```
+
+**Gap identified:** Six queries, same as A3. No summary/dashboard command. Agent must synthesize all responses. No trend data (is the open issue count growing or shrinking?). No "highlights" extraction.
+
+---
+
+### A15. Determining If Work Is Safe to Start (Conflict Detection)
+
+**Problem:** Agent is about to start work on an issue and needs to check nobody else is already working on it.
+
+**Flow:**
+```
+lore -J issues 123                        # Read the issue
+# Check assignees from response
+lore -J mrs -s opened -A other-person     # Are they working on related MRs?
+lore -J who --overlap src/target/path/    # Anyone actively touching these files?
+lore -J search "issue-123-keywords" --type mr -s opened  # Wait, search has no --state
+```
+
+**Gap identified:** No way to check "is there an open MR that closes issue #123?" -- the entity_references data exists but isn't queryable. Search doesn't support `--state` filter. No "conflict detection" or "in-flight work" check. Agent must do multiple queries and manually correlate.
+
+---
+
+## Part 3: Gap Summary
+
+### Critical Gaps (high impact, blocks common workflows)
+
+| # | Gap | Affected Flows | Suggested Command/Flag |
+|---|-----|----------------|----------------------|
+| 1 | **MR file changes not surfaced** | H4, A6, A10 | `lore mrs <iid> --files` or include in detail view |
+| 2 | **Entity references not queryable** | H7, A5, A11, A15 | `lore refs --issue 123` / `lore refs --mr 456` |
+| 3 | **Per-note search missing** | H7, A4 | `lore search --granularity note` (PRD exists) |
+| 4 | **No entity-based timeline** | H11, A7 | `lore timeline --issue 321` / `lore timeline --mr 456` |
+| 5 | **No @me / current-user alias** | H1, H15 | Resolve from auth token automatically |
+
+### Important Gaps (significant friction, multiple workarounds needed)
+
+| # | Gap | Affected Flows | Suggested Command/Flag |
+|---|-----|----------------|----------------------|
+| 6 | **No activity feed / summary** | H1, A3, A14 | `lore activity --since 1d` or `lore summary` |
+| 7 | **No multi-path who query** | H6, A6 | `lore who src/path1/ src/path2/` |
+| 8 | **No --state filter on search** | H14, A15 | `lore search --state merged` |
+| 9 | **MRs missing --milestone filter** | H9, A12 | `lore mrs -m "v2.0"` |
+| 10 | **No --no-assignee / --unassigned** | H2 | `lore issues --no-assignee` |
+| 11 | **No --updated-before filter** | H10, A9 | `lore issues --before 90d` or `--stale 90d` |
+| 12 | **No team workload view** | H8 | `lore who --team` or `lore workload` |
+
+### Nice-to-Have Gaps (would improve agent efficiency)
+
+| # | Gap | Affected Flows | Suggested Command/Flag |
+|---|-----|----------------|----------------------|
+| 13 | **No pagination/offset** | A9 | `--offset 100` for large result sets |
+| 14 | **No detail --fields on show** | A2 | `lore issues 999 --fields description` |
+| 15 | **No cross-project grouping** | A8 | `lore search --group-by project` |
+| 16 | **No trend/velocity metrics** | A3, A14 | `lore trends issues --period week` |
+| 17 | **No --for-issue on mrs** | A12, A15 | `lore mrs --closes 123` (query entity_refs) |
+| 18 | **1y/12m duration not supported** | A4 | Support `1y`, `12m`, `365d` in --since |
+| 19 | **No discussion participant filter** | H15 | `lore who --active --participant @me` |
+| 20 | **No sort by due date** | H2 | `lore issues --sort due` |

docs/who-command-design.feedback-1.md

@@ -1,434 +0,0 @@
-Below are the highest-leverage revisions I’d make to this plan. I’m focusing on correctness pitfalls, SQLite gotchas, query performance on 280K notes, and reducing “dynamic SQL + param juggling” complexity—without turning this into a new ingestion project.
-
-Change 1 — Fix a hard SQLite bug in --active (GROUP_CONCAT DISTINCT + separator)
-Why
-
-SQLite does not allow GROUP_CONCAT(DISTINCT x, sep). With DISTINCT, SQLite only permits a single argument (GROUP_CONCAT(DISTINCT x)). Your current query will error at runtime in many SQLite versions.
-
-Revision
-
-Use a subquery that selects distinct participants, then GROUP_CONCAT with your separator.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ fn query_active(...)
--            (SELECT GROUP_CONCAT(DISTINCT n.author_username, X'1F')
--             FROM notes n
--             WHERE n.discussion_id = d.id
--               AND n.is_system = 0
--               AND n.author_username IS NOT NULL) AS participants
-+            (SELECT GROUP_CONCAT(username, X'1F') FROM (
-+               SELECT DISTINCT n.author_username AS username
-+               FROM notes n
-+               WHERE n.discussion_id = d.id
-+                 AND n.is_system = 0
-+                 AND n.author_username IS NOT NULL
-+               ORDER BY username
-+            )) AS participants
-
-Change 2 — Replace “contains('.') => exact file match” with segment-aware path classification
-Why
-
-path.contains('.') misclassifies directories like:
-
-.github/workflows/
-
-src/v1.2/auth/
-
-It also fails the “root file” case (README.md) because your mode discriminator only treats paths as paths if they contain /.
-
-Revision
-
-Add explicit --path to force Expert mode (covers root files cleanly).
-
-Classify file-vs-dir by checking last path segment for a dot, and whether the input ends with /.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ pub struct WhoArgs {
--    /// Username or file path (path if contains /)
--    pub target: Option<String>,
-+    /// Username or file path shorthand (ambiguous for root files like README.md)
-+    pub target: Option<String>,
-+
-+    /// Force expert mode for a file/directory path (supports root files like README.md)
-+    #[arg(long, help_heading = "Mode", conflicts_with_all = ["active", "overlap", "reviews"])]
-+    pub path: Option<String>,
-@@ fn resolve_mode<'a>(args: &'a WhoArgs) -> Result<WhoMode<'a>> {
--    if let Some(target) = &args.target {
-+    if let Some(p) = &args.path {
-+        return Ok(WhoMode::Expert { path: p });
-+    }
-+    if let Some(target) = &args.target {
-         let clean = target.strip_prefix('@').unwrap_or(target);
-         if args.reviews {
-             return Ok(WhoMode::Reviews { username: clean });
-         }
--        // Disambiguation: if target contains '/', it's a file path.
--        // GitLab usernames never contain '/'.
--        if target.contains('/') {
-+        // Disambiguation:
-+        // - treat as path if it contains '/'
-+        // - otherwise treat as username (root files require --path)
-+        if target.contains('/') {
-             return Ok(WhoMode::Expert { path: target });
-         }
-         return Ok(WhoMode::Workload { username: clean });
-     }
-
-
-And update the path pattern logic used by Expert/Overlap:
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ fn query_expert(...)
--    // Normalize path for LIKE matching: add trailing % if no extension
--    let path_pattern = if path.contains('.') {
--        path.to_string() // Exact file match
--    } else {
--        let trimmed = path.trim_end_matches('/');
--        format!("{trimmed}/%")
--    };
-+    // Normalize:
-+    // - if ends_with('/') => directory prefix
-+    // - else if last segment contains '.' => file exact match
-+    // - else => directory prefix
-+    let trimmed = path.trim_end_matches('/');
-+    let last = trimmed.rsplit('/').next().unwrap_or(trimmed);
-+    let is_file = !path.ends_with('/') && last.contains('.');
-+    let path_pattern = if is_file { trimmed.to_string() } else { format!("{trimmed}/%") };
-
-Change 3 — Stop building dynamic SQL strings for optional filters; always bind params
-Why
-
-Right now you’re mixing:
-
-dynamic project_clause string fragments
-
-ad-hoc param vectors
-
-placeholder renumbering by branch
-
-That’s brittle and easy to regress (especially when you add more conditions later). SQLite/rusqlite can bind Option<T> to NULL, which enables a simple pattern:
-
-sql
-Copy code
-AND (?3 IS NULL OR n.project_id = ?3)
-
-Revision (representative; apply to all queries)
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ fn query_expert(...)
--    let project_clause = if project_id.is_some() {
--        "AND n.project_id = ?3"
--    } else {
--        ""
--    };
--
--    let sql = format!(
-+    let sql = format!(
-         "SELECT username, role, activity_count, last_active_at FROM (
-@@
-             FROM notes n
-             WHERE n.position_new_path LIKE ?1
-               AND n.is_system = 0
-               AND n.author_username IS NOT NULL
-               AND n.created_at >= ?2
--              {project_clause}
-+              AND (?3 IS NULL OR n.project_id = ?3)
-@@
-             WHERE n.position_new_path LIKE ?1
-               AND m.author_username IS NOT NULL
-               AND m.updated_at >= ?2
--              {project_clause}
-+              AND (?3 IS NULL OR n.project_id = ?3)
-             GROUP BY m.author_username
--        )"
-+        ) t"
-     );
--
--    let mut params: Vec<Box<dyn rusqlite::ToSql>> = Vec::new();
--    params.push(Box::new(path_pattern.clone()));
--    params.push(Box::new(since_ms));
--    if let Some(pid) = project_id {
--        params.push(Box::new(pid));
--    }
--    let param_refs: Vec<&dyn rusqlite::ToSql> = params.iter().map(|p| p.as_ref()).collect();
-+    let param_refs = rusqlite::params![path_pattern, since_ms, project_id];
-
-
-Notes:
-
-Adds required derived-table alias t (some SQLite configurations are stricter).
-
-Eliminates the dynamic param vector and placeholder gymnastics.
-
-Change 4 — Filter “path touch” queries to DiffNotes and escape LIKE properly
-Why
-
-Only DiffNotes reliably have position_new_path; including other note types can skew counts and harm performance.
-
-LIKE treats % and _ as wildcards—rare in file paths, but not impossible (generated files, templates). Escaping is a low-cost robustness win.
-
-Revision
-
-Add note_type='DiffNote' and LIKE ... ESCAPE '\' plus a tiny escape helper.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ fn query_expert(...)
--            FROM notes n
--            WHERE n.position_new_path LIKE ?1
-+            FROM notes n
-+            WHERE n.note_type = 'DiffNote'
-+              AND n.position_new_path LIKE ?1 ESCAPE '\'
-               AND n.is_system = 0
-@@
-diff --git a/Plan.md b/Plan.md
-@@ Helper Functions
-+fn escape_like(input: &str) -> String {
-+    input.replace('\\', "\\\\").replace('%', "\\%").replace('_', "\\_")
-+}
-
-
-And when building patterns:
-
-diff
-Copy code
--    let path_pattern = if is_file { trimmed.to_string() } else { format!("{trimmed}/%") };
-+    let base = escape_like(trimmed);
-+    let path_pattern = if is_file { base } else { format!("{base}/%") };
-
-
-Apply the same changes to query_overlap and any other position_new_path LIKE ....
-
-Change 5 — Use note timestamps for “touch since” semantics (Expert/Overlap author branch)
-Why
-
-In Expert/Overlap “author” branches you filter by m.updated_at >= since. That answers “MR updated recently” rather than “MR touched at this path recently”, which can surface stale ownership.
-
-Revision
-
-Filter by the note creation time (and use it for “last touch” where relevant). You can still compute author activity, but anchor it to note activity.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ fn query_overlap(...)
--            WHERE n.position_new_path LIKE ?1
-+            WHERE n.note_type = 'DiffNote'
-+              AND n.position_new_path LIKE ?1 ESCAPE '\'
-               AND m.state IN ('opened', 'merged')
-               AND m.author_username IS NOT NULL
--              AND m.updated_at >= ?2
-+              AND n.created_at >= ?2
-               AND (?3 IS NULL OR m.project_id = ?3)
-
-
-Same idea in Expert mode’s “MR authors” branch.
-
-Change 6 — Workload mode: apply --since consistently to unresolved discussions
-Why
-
-Workload’s unresolved discussions ignore since_ms. That makes --since partially misleading and can dump very old threads.
-
-Revision
-
-Filter on d.last_note_at when since_ms is set.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ fn query_workload(...)
--    let disc_sql = format!(
-+    let disc_since = if since_ms.is_some() {
-+        "AND d.last_note_at >= ?2"
-+    } else { "" };
-+    let disc_sql = format!(
-         "SELECT d.noteable_type,
-@@
-          WHERE d.resolvable = 1 AND d.resolved = 0
-            AND EXISTS (
-@@
-            )
-            {disc_project_filter}
-+           {disc_since}
-          ORDER BY d.last_note_at DESC
-          LIMIT {limit}"
-     );
-@@
--    // Rebuild params for discussion query (only username + optional project_id)
--    let mut disc_params: Vec<Box<dyn rusqlite::ToSql>> = Vec::new();
--    disc_params.push(Box::new(username.to_string()));
--    if let Some(pid) = project_id {
--        disc_params.push(Box::new(pid));
--    }
-+    // Params: username, since_ms, project_id (NULLs ok)
-+    let disc_param_refs = rusqlite::params![username, since_ms, project_id];
-
-
-(If you adopt Change 3 fully, this becomes very clean.)
-
-Change 7 — Make Overlap results represent “both roles” instead of collapsing to one
-Why
-
-Collapsing to a single role loses valuable info (“they authored and reviewed”). Also your current “prefer author” rule is arbitrary for the “who else is touching this” question.
-
-Revision
-
-Track role counts separately and render as A, R, or A+R.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ pub struct OverlapUser {
-     pub username: String,
--    pub role: String,
--    pub touch_count: u32,
-+    pub author_touch_count: u32,
-+    pub review_touch_count: u32,
-+    pub touch_count: u32,
-     pub last_touch_at: i64,
-     pub mr_iids: Vec<i64>,
- }
-@@ fn query_overlap(...)
--        let entry = user_map.entry(username.clone()).or_insert_with(|| OverlapUser {
-+        let entry = user_map.entry(username.clone()).or_insert_with(|| OverlapUser {
-             username: username.clone(),
--            role: role.clone(),
-+            author_touch_count: 0,
-+            review_touch_count: 0,
-             touch_count: 0,
-             last_touch_at: 0,
-             mr_iids: Vec::new(),
-         });
-         entry.touch_count += count;
-+        if role == "author" { entry.author_touch_count += count; }
-+        if role == "reviewer" { entry.review_touch_count += count; }
-@@ human output
--        println!(
--            "  {:<16} {:<8} {:>7}  {:<12}  {}",
-+        println!(
-+            "  {:<16} {:<6} {:>7}  {:<12}  {}",
-             ...
-         );
-@@
--            user.role,
-+            format_roles(user.author_touch_count, user.review_touch_count),
-
-Change 8 — Add an “Index Audit + optional migration” step (big perf win, low blast radius)
-Why
-
-With 280K notes, the path/timestamp queries will degrade quickly without indexes. This isn’t “scope creep”; it’s making the feature usable.
-
-Revision (plan-level)
-
-Add a non-breaking migration that only creates indexes if missing.
-
-Optionally add a runtime check: if EXPLAIN QUERY PLAN indicates full table scan on notes, print a dim warning in human mode.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ Implementation Order
--| Step | What | Files |
-+| Step | What | Files |
- | 1 | CLI skeleton: `WhoArgs` + `Commands::Who` + dispatch + stub | `cli/mod.rs`, `commands/mod.rs`, `main.rs` |
-+| 1.5 | Index audit + add `CREATE INDEX IF NOT EXISTS` migration for who hot paths | `migrations/0xx_who_indexes.sql` |
-@@
-
-
-Suggested indexes (tune names to your conventions):
-
-notes(note_type, position_new_path, created_at)
-
-notes(discussion_id, is_system, author_username)
-
-discussions(resolvable, resolved, last_note_at, project_id)
-
-merge_requests(project_id, state, updated_at, author_username)
-
-issue_assignees(username, issue_id)
-
-Even if SQLite can’t perfectly index LIKE, these still help with join and timestamp filters.
-
-Change 9 — Make robot JSON reproducible by echoing the effective query inputs
-Why
-
-Agent workflows benefit from a stable “query record”: what mode ran, what path/user, resolved project, effective since, limit.
-
-Revision
-
-Include an input object in JSON output.
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ struct WhoJsonData {
-     mode: String,
-+    input: serde_json::Value,
-     #[serde(flatten)]
-     result: serde_json::Value,
- }
-@@ pub fn print_who_json(...)
--    let output = WhoJsonEnvelope {
-+    let input = serde_json::json!({
-+        "project": /* resolved or raw args.project */,
-+        "since": /* resolved since ISO */,
-+        "limit": /* args.limit */,
-+    });
-+    let output = WhoJsonEnvelope {
-         ok: true,
-         data: WhoJsonData {
-             mode: mode.to_string(),
-+            input,
-             result: data,
-         },
-         meta: RobotMeta { elapsed_ms },
-     };
-
-Change 10 — Tighten clap constraints so invalid combinations never reach resolve_mode
-Why
-
-Right now conflicts are enforced manually (or not at all). Clamp the invalid combos at the CLI layer:
-
---active should conflict with target, --overlap, --reviews, --path
-
---reviews should require a username (and should conflict with Expert path modes)
-
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@ pub struct WhoArgs {
--    pub active: bool,
-+    #[arg(long, help_heading = "Mode", conflicts_with_all = ["target", "overlap", "reviews", "path"])]
-+    pub active: bool,
-@@
--    pub overlap: Option<String>,
-+    #[arg(long, help_heading = "Mode", conflicts_with_all = ["target", "active", "reviews", "path"])]
-+    pub overlap: Option<String>,
-@@
--    pub reviews: bool,
-+    #[arg(long, help_heading = "Mode", requires = "target", conflicts_with_all = ["active", "overlap", "path"])]
-+    pub reviews: bool,
-
-Summary of what I’d definitely change
-
-If you do nothing else, do these first:
-
-Fix GROUP_CONCAT(DISTINCT ..., sep) in Active mode (runtime error).
-
-Path classification: add --path, and stop using contains('.') globally.
-
-Remove dynamic SQL + param vectors: always bind project_id as nullable and use (? IS NULL OR ...).
-
-Filter to DiffNotes + LIKE escaping for correctness and fewer rows scanned.
-
-Optional index migration: otherwise this will feel slow/non-deterministically slow depending on local DB state.
-
-If you want, I can also provide a consolidated “v2 plan” as a single unified patch (one diff) rather than per-change snippets.

docs/who-command-design.feedback-2.md

@@ -1,303 +0,0 @@
-Below are the highest-leverage revisions I’d make to iteration 1 to tighten correctness, performance, and “agent usefulness” without blowing up scope. For each change: (1) rationale, (2) a focused unified diff against the plan you pasted.
-
-Change 1 — Make robot “input echo” actually resolved (project_id, project_path, since_ms/iso, mode)
-Why
-
-Your Design Principle #5 says the robot envelope should echo resolved inputs (“effective since, resolved project”), but the current input object echoes only raw CLI strings. Agents can’t reliably reproduce or compare runs (e.g., fuzzy project resolution may map differently over time).
-
-This is also a reliability improvement: “what ran” should be computed once and propagated, not recomputed in output.
-
-Plan diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@
--5. **Robot-first reproducibility.** Robot JSON output includes an `input` object echoing the resolved query parameters (effective since, resolved project, limit) so agents can trace exactly what ran.
-+5. **Robot-first reproducibility.** Robot JSON output includes a `resolved_input` object (mode, since_ms + since_iso, resolved project_id + project_path, limit, db_path) so agents can trace exactly what ran.
-
-@@
--/// Main entry point. Resolves mode from args and dispatches.
--pub fn run_who(config: &Config, args: &WhoArgs) -> Result<WhoResult> {
-+/// Main entry point. Resolves mode + resolved inputs once, then dispatches.
-+pub fn run_who(config: &Config, args: &WhoArgs) -> Result<WhoRun> {
-     let db_path = get_db_path(config.storage.db_path.as_deref());
-     let conn = create_connection(&db_path)?;
- 
--    let project_id = args
-+    let project_id = args
-         .project
-         .as_deref()
-         .map(|p| resolve_project(&conn, p))
-         .transpose()?;
-+    let project_path = project_id
-+        .map(|id| lookup_project_path(&conn, id))
-+        .transpose()?;
- 
-     let mode = resolve_mode(args)?;
- 
-     match mode {
-         WhoMode::Expert { path } => {
-             let since_ms = resolve_since(args.since.as_deref(), "6m")?;
-             let result = query_expert(&conn, path, project_id, since_ms, args.limit)?;
--            Ok(WhoResult::Expert(result))
-+            Ok(WhoRun::new("expert", &db_path, project_id, project_path, since_ms, args.limit, WhoResult::Expert(result)))
-         }
-@@
-     }
- }
-+
-+/// Wrapper that carries resolved inputs for reproducible output.
-+pub struct WhoRun {
-+    pub mode: String,
-+    pub resolved_input: WhoResolvedInput,
-+    pub result: WhoResult,
-+}
-+
-+pub struct WhoResolvedInput {
-+    pub db_path: String,
-+    pub project_id: Option<i64>,
-+    pub project_path: Option<String>,
-+    pub since_ms: i64,
-+    pub since_iso: String,
-+    pub limit: usize,
-+}
-@@
--pub fn print_who_json(result: &WhoResult, args: &WhoArgs, elapsed_ms: u64) {
--    let (mode, data) = match result {
-+pub fn print_who_json(run: &WhoRun, args: &WhoArgs, elapsed_ms: u64) {
-+    let (mode, data) = match &run.result {
-         WhoResult::Expert(r) => ("expert", expert_to_json(r)),
-@@
--    let input = serde_json::json!({
-+    let input = serde_json::json!({
-         "target": args.target,
-         "path": args.path,
-         "project": args.project,
-         "since": args.since,
-         "limit": args.limit,
-     });
-+
-+    let resolved_input = serde_json::json!({
-+        "mode": run.mode,
-+        "db_path": run.resolved_input.db_path,
-+        "project_id": run.resolved_input.project_id,
-+        "project_path": run.resolved_input.project_path,
-+        "since_ms": run.resolved_input.since_ms,
-+        "since_iso": run.resolved_input.since_iso,
-+        "limit": run.resolved_input.limit,
-+    });
-@@
--        data: WhoJsonData {
--            mode: mode.to_string(),
--            input,
--            result: data,
--        },
-+        data: WhoJsonData { mode: mode.to_string(), input, resolved_input, result: data },
-         meta: RobotMeta { elapsed_ms },
-     };
-@@
- struct WhoJsonData {
-     mode: String,
-     input: serde_json::Value,
-+    resolved_input: serde_json::Value,
-     #[serde(flatten)]
-     result: serde_json::Value,
- }
-
-Change 2 — Remove dynamic SQL format!(..LIMIT {limit}) and parameterize LIMIT everywhere
-Why
-
-You explicitly prefer static SQL ((?N IS NULL OR ...)) to avoid subtle bugs; but Workload/Active use format! for LIMIT. Even though limit is typed, it’s an inconsistency that complicates statement caching and encourages future string assembly creep.
-
-SQLite supports LIMIT ? with bound parameters; rusqlite can bind an i64.
-
-Plan diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@
--    let issues_sql = format!(
--        "SELECT ... 
--         ORDER BY i.updated_at DESC
--         LIMIT {limit}"
--    );
--    let mut stmt = conn.prepare(&issues_sql)?;
-+    let issues_sql =
-+        "SELECT ...
-+         ORDER BY i.updated_at DESC
-+         LIMIT ?4";
-+    let mut stmt = conn.prepare(issues_sql)?;
-     let assigned_issues: Vec<WorkloadIssue> = stmt
--        .query_map(rusqlite::params![username, project_id, since_ms], |row| {
-+        .query_map(rusqlite::params![username, project_id, since_ms, limit as i64], |row| {
-@@
--    let authored_sql = format!(
--        "SELECT ...
--         ORDER BY m.updated_at DESC
--         LIMIT {limit}"
--    );
--    let mut stmt = conn.prepare(&authored_sql)?;
-+    let authored_sql =
-+        "SELECT ...
-+         ORDER BY m.updated_at DESC
-+         LIMIT ?4";
-+    let mut stmt = conn.prepare(authored_sql)?;
-@@
--        .query_map(rusqlite::params![username, project_id, since_ms], |row| {
-+        .query_map(rusqlite::params![username, project_id, since_ms, limit as i64], |row| {
-@@
--    let reviewing_sql = format!(
--        "SELECT ...
--         ORDER BY m.updated_at DESC
--         LIMIT {limit}"
--    );
--    let mut stmt = conn.prepare(&reviewing_sql)?;
-+    let reviewing_sql =
-+        "SELECT ...
-+         ORDER BY m.updated_at DESC
-+         LIMIT ?4";
-+    let mut stmt = conn.prepare(reviewing_sql)?;
-@@
--        .query_map(rusqlite::params![username, project_id, since_ms], |row| {
-+        .query_map(rusqlite::params![username, project_id, since_ms, limit as i64], |row| {
-@@
--    let disc_sql = format!(
--        "SELECT ...
--         ORDER BY d.last_note_at DESC
--         LIMIT {limit}"
--    );
--    let mut stmt = conn.prepare(&disc_sql)?;
-+    let disc_sql =
-+        "SELECT ...
-+         ORDER BY d.last_note_at DESC
-+         LIMIT ?4";
-+    let mut stmt = conn.prepare(disc_sql)?;
-@@
--        .query_map(rusqlite::params![username, project_id, since_ms], |row| {
-+        .query_map(rusqlite::params![username, project_id, since_ms, limit as i64], |row| {
-@@
--    let sql = format!(
--        "SELECT ...
--         ORDER BY d.last_note_at DESC
--         LIMIT {limit}"
--    );
--    let mut stmt = conn.prepare(&sql)?;
-+    let sql =
-+        "SELECT ...
-+         ORDER BY d.last_note_at DESC
-+         LIMIT ?3";
-+    let mut stmt = conn.prepare(sql)?;
-@@
--        .query_map(rusqlite::params![since_ms, project_id], |row| {
-+        .query_map(rusqlite::params![since_ms, project_id, limit as i64], |row| {
-
-Change 3 — Fix path matching for dotless files (LICENSE/Makefile) via “exact OR prefix” (no new flags)
-Why
-
-Your improved “dot only in last segment” heuristic still fails on dotless files (LICENSE, Makefile, Dockerfile) which are common, especially at repo root. Right now they’ll be treated as directories (LICENSE/%) and silently return nothing.
-
-Best minimal UX: if user provides a path that’s ambiguous (no trailing slash), match either exact file OR directory prefix.
-
-Plan diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@
--/// Build a LIKE pattern from a user-supplied path, with proper LIKE escaping.
--///
--/// Rules:
--/// - If the path ends with `/`, it's a directory prefix → `escaped_path%`
--/// - If the last path segment contains `.`, it's a file → exact match
--/// - Otherwise, it's a directory prefix → `escaped_path/%`
-+/// Build an exact + prefix match from a user-supplied path, with proper LIKE escaping.
-+///
-+/// Rules:
-+/// - If the path ends with `/`, treat as directory-only (prefix match)
-+/// - Otherwise, treat as ambiguous: exact match OR directory prefix
-+///   (fixes dotless files like LICENSE/Makefile without requiring new flags)
-@@
--fn build_path_pattern(path: &str) -> String {
-+struct PathMatch {
-+    exact: String,
-+    prefix: String,
-+    dir_only: bool,
-+}
-+
-+fn build_path_match(path: &str) -> PathMatch {
-     let trimmed = path.trim_end_matches('/');
--    let last_segment = trimmed.rsplit('/').next().unwrap_or(trimmed);
--    let is_file = !path.ends_with('/') && last_segment.contains('.');
-     let escaped = escape_like(trimmed);
--
--    if is_file {
--        escaped
--    } else {
--        format!("{escaped}/%")
--    }
-+    PathMatch {
-+        exact: escaped.clone(),
-+        prefix: format!("{escaped}/%"),
-+        dir_only: path.ends_with('/'),
-+    }
- }
-@@
--    let path_pattern = build_path_pattern(path);
-+    let pm = build_path_match(path);
-@@
--              AND n.position_new_path LIKE ?1 ESCAPE '\\'
-+              AND (
-+                    (?4 = 1 AND n.position_new_path LIKE ?2 ESCAPE '\\')
-+                 OR (?4 = 0 AND (n.position_new_path = ?1 OR n.position_new_path LIKE ?2 ESCAPE '\\'))
-+              )
-@@
--    let rows: Vec<(String, String, u32, i64)> = stmt
--        .query_map(rusqlite::params![path_pattern, since_ms, project_id], |row| {
-+    let rows: Vec<(String, String, u32, i64)> = stmt
-+        .query_map(rusqlite::params![pm.exact, pm.prefix, since_ms, i32::from(pm.dir_only), project_id], |row| {
-             Ok((row.get(0)?, row.get(1)?, row.get(2)?, row.get(3)?))
-         })?
-
-
-(Apply the same pattern to Overlap mode.)
-
-Change 4 — Consistently exclude system notes in all DiffNote-based branches (Expert/Overlap author branches currently don’t)
-Why
-
-You filter n.is_system = 0 for reviewer branches, but not in the author branches of Expert/Overlap. That can skew “author touch” via system-generated diff notes or bot activity.
-
-Consistency here improves correctness and also enables more aggressive partial indexing.
-
-Plan diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@
--            WHERE n.note_type = 'DiffNote'
-+            WHERE n.note_type = 'DiffNote'
-               AND n.position_new_path LIKE ?1 ESCAPE '\\'
-+              AND n.is_system = 0
-               AND m.author_username IS NOT NULL
-               AND n.created_at >= ?2
-               AND (?3 IS NULL OR m.project_id = ?3)
-@@
--            WHERE n.note_type = 'DiffNote'
-+            WHERE n.note_type = 'DiffNote'
-               AND n.position_new_path LIKE ?1 ESCAPE '\\'
-+              AND n.is_system = 0
-               AND m.state IN ('opened', 'merged')
-               AND m.author_username IS NOT NULL
-               AND n.created_at >= ?2
-               AND (?3 IS NULL OR m.project_id = ?3)
-
-Change 5 — Rework Migration 017 indexes to match real predicates + add one critical notes index for discussion participation
-Why
-
-(a) idx_notes_diffnote_path_created currently leads with note_type even though it’s constant via partial index. You want the leading columns to match your most selective predicates: position_new_path prefix + created_at range, with optional project_id.
-
-(b) Active + Workload discussion participation repeatedly hits notes by (discussion_id, author_username); you only guarantee notes(discussion_id) is indexed. Adding a narrow partial composite index pays off immediately for both “participants” and “EXISTS user participated” checks.
-
-(c) The discussions index should focus on (project_id, last_note_at) with a partial predicate; resolvable/resolved a_

docs/who-command-design.feedback-3.md

@@ -1,471 +0,0 @@
-Below are the revisions I’d make to iteration 2 to improve correctness, determinism, query-plan quality, and multi-project usability without turning this into a bigger product.
-
-I’m treating your plan as the “source of truth” and showing git-diff style patches against the plan text/code blocks you included.
-
-Change 1 — Fix project scoping to hit the right index (DiffNote branches)
-Why
-
-Your hot-path index is:
-
-idx_notes_diffnote_path_created ON notes(position_new_path, created_at, project_id) WHERE note_type='DiffNote' AND is_system=0
-
-But in Expert/Overlap you sometimes scope by m.project_id = ?3 (MR table), not n.project_id = ?3 (notes table). That weakens the optimizer’s ability to use the composite notes index (and can force broader joins before filtering).
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ Query: Expert Mode @@
--              AND (?3 IS NULL OR m.project_id = ?3)
-+              -- IMPORTANT: scope on notes.project_id to maximize use of
-+              -- idx_notes_diffnote_path_created (notes is the selective table)
-+              AND (?3 IS NULL OR n.project_id = ?3)
-
-@@ Query: Overlap Mode @@
--              AND (?3 IS NULL OR m.project_id = ?3)
-+              AND (?3 IS NULL OR n.project_id = ?3)
-
-@@ Query: Overlap Mode (author branch) @@
--              AND (?3 IS NULL OR m.project_id = ?3)
-+              AND (?3 IS NULL OR n.project_id = ?3)
-
-Change 2 — Introduce a “prefix vs exact” path query to avoid LIKE when you don’t need it
-Why
-
-For exact file paths (e.g. src/auth/login.rs), you currently do:
-
-position_new_path LIKE ?1 ESCAPE '\' where ?1 has no wildcard
-
-That’s logically fine, but it’s a worse signal to the planner than = and can degrade performance depending on collation/case settings.
-
-This doesn’t violate “static SQL” — you can pick between two static query strings.
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ Helper: Path Pattern Construction @@
--fn build_path_pattern(path: &str) -> String {
-+struct PathQuery {
-+    /// The parameter value to bind.
-+    value: String,
-+    /// If true: use LIKE value || '%'. If false: use '='.
-+    is_prefix: bool,
-+}
-+
-+fn build_path_query(path: &str) -> PathQuery {
-     let trimmed = path.trim_end_matches('/');
-     let last_segment = trimmed.rsplit('/').next().unwrap_or(trimmed);
-     let is_file = !path.ends_with('/') && last_segment.contains('.');
-     let escaped = escape_like(trimmed);
- 
-     if is_file {
--        escaped
-+        PathQuery { value: escaped, is_prefix: false }
-     } else {
--        format!("{escaped}/%")
-+        PathQuery { value: format!("{escaped}/%"), is_prefix: true }
-     }
- }
-
-
-And then (example for DiffNote predicates):
-
-diff
-Copy code
-@@ Query: Expert Mode @@
--    let path_pattern = build_path_pattern(path);
-+    let pq = build_path_query(path);
-
--    let sql = " ... n.position_new_path LIKE ?1 ESCAPE '\\' ... ";
-+    let sql_prefix = " ... n.position_new_path LIKE ?1 ESCAPE '\\' ... ";
-+    let sql_exact  = " ... n.position_new_path = ?1 ... ";
-
--    let mut stmt = conn.prepare(sql)?;
-+    let mut stmt = if pq.is_prefix { conn.prepare_cached(sql_prefix)? }
-+                   else { conn.prepare_cached(sql_exact)? };
-     let rows = stmt.query_map(params![... pq.value ...], ...);
-
-Change 3 — Push Expert aggregation into SQL (less Rust, fewer rows, SQL-level LIMIT)
-Why
-
-Right now Expert does:
-
-UNION ALL
-
-return per-role rows
-
-HashMap merge
-
-score compute
-
-sort/truncate
-
-You can do all of that in SQL deterministically, then LIMIT ?N actually works.
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ Query: Expert Mode @@
--    let sql = "SELECT username, role, activity_count, last_active_at FROM (
--            ...
--        )";
-+    let sql = "
-+      WITH activity AS (
-+        SELECT
-+          n.author_username AS username,
-+          'reviewer' AS role,
-+          COUNT(*) AS cnt,
-+          MAX(n.created_at) AS last_active_at
-+        FROM notes n
-+        WHERE n.note_type = 'DiffNote'
-+          AND n.is_system = 0
-+          AND n.author_username IS NOT NULL
-+          AND n.created_at >= ?2
-+          AND (?3 IS NULL OR n.project_id = ?3)
-+          AND (
-+            (?4 = 1 AND n.position_new_path LIKE ?1 ESCAPE '\\') OR
-+            (?4 = 0 AND n.position_new_path = ?1)
-+          )
-+        GROUP BY n.author_username
-+
-+        UNION ALL
-+
-+        SELECT
-+          m.author_username AS username,
-+          'author' AS role,
-+          COUNT(DISTINCT m.id) AS cnt,
-+          MAX(n.created_at) AS last_active_at
-+        FROM merge_requests m
-+        JOIN discussions d ON d.merge_request_id = m.id
-+        JOIN notes n ON n.discussion_id = d.id
-+        WHERE n.note_type = 'DiffNote'
-+          AND n.is_system = 0
-+          AND m.author_username IS NOT NULL
-+          AND n.created_at >= ?2
-+          AND (?3 IS NULL OR n.project_id = ?3)
-+          AND (
-+            (?4 = 1 AND n.position_new_path LIKE ?1 ESCAPE '\\') OR
-+            (?4 = 0 AND n.position_new_path = ?1)
-+          )
-+        GROUP BY m.author_username
-+      )
-+      SELECT
-+        username,
-+        SUM(CASE WHEN role='reviewer' THEN cnt ELSE 0 END) AS review_count,
-+        SUM(CASE WHEN role='author' THEN cnt ELSE 0 END) AS author_count,
-+        MAX(last_active_at) AS last_active_at,
-+        (SUM(CASE WHEN role='reviewer' THEN cnt ELSE 0 END) * 3.0) +
-+        (SUM(CASE WHEN role='author' THEN cnt ELSE 0 END) * 2.0) AS score
-+      FROM activity
-+      GROUP BY username
-+      ORDER BY score DESC, last_active_at DESC, username ASC
-+      LIMIT ?5
-+    ";
-
--    // Aggregate by username: combine reviewer + author counts
--    let mut user_map: HashMap<...> = HashMap::new();
--    ...
--    experts.sort_by(...); experts.truncate(limit);
-+    // No Rust-side merge/sort needed; SQL already returns final rows.
-
-Change 4 — Overlap output is ambiguous across projects: include stable MR refs (project_path!iid)
-Why
-
-mr_iids: Vec<i64> is ambiguous in a multi-project DB. !123 only means something with a project.
-
-Also: your MR IID dedup is currently Vec.contains() inside a loop (O(n²)). Use a HashSet.
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ OverlapResult @@
- pub struct OverlapUser {
-     pub username: String,
-@@
--    pub mr_iids: Vec<i64>,
-+    /// Stable MR references like "group/project!123"
-+    pub mr_refs: Vec<String>,
- }
-
-@@ Query: Overlap Mode (SQL) @@
--                GROUP_CONCAT(DISTINCT m.iid) AS mr_iids
-+                GROUP_CONCAT(DISTINCT (p.path_with_namespace || '!' || m.iid)) AS mr_refs
-             FROM notes n
-             JOIN discussions d ON n.discussion_id = d.id
-             JOIN merge_requests m ON d.merge_request_id = m.id
-+            JOIN projects p ON m.project_id = p.id
-@@
--                GROUP_CONCAT(DISTINCT m.iid) AS mr_iids
-+                GROUP_CONCAT(DISTINCT (p.path_with_namespace || '!' || m.iid)) AS mr_refs
-             FROM merge_requests m
-             JOIN discussions d ON d.merge_request_id = m.id
-             JOIN notes n ON n.discussion_id = d.id
-+            JOIN projects p ON m.project_id = p.id
-
-@@ Query: Overlap Mode (Rust merge) @@
--    let mr_iids: Vec<i64> = mr_iids_csv ...
-+    let mr_refs: Vec<String> = mr_refs_csv
-+      .as_deref()
-+      .map(|csv| csv.split(',').map(|s| s.trim().to_string()).collect())
-+      .unwrap_or_default();
-@@
--        // Merge MR IIDs, deduplicate
--        for iid in &mr_iids {
--            if !entry.mr_iids.contains(iid) {
--                entry.mr_iids.push(*iid);
--            }
--        }
-+        // Merge MR refs, deduplicate
-+        use std::collections::HashSet;
-+        let mut set: HashSet<String> = entry.mr_refs.drain(..).collect();
-+        for r in mr_refs { set.insert(r); }
-+        entry.mr_refs = set.into_iter().collect();
-
-Change 5 — Active mode: avoid correlated subqueries by preselecting discussions, then aggregating notes once
-Why
-
-Your Active query does two correlated subqueries per discussion row:
-
-note_count
-
-participants
-
-With LIMIT 20 it’s not catastrophic, but it is still unnecessary work and creates “spiky” behavior if the planner chooses poorly.
-
-Pattern to use:
-
-CTE selects the limited set of discussions
-
-Join notes once, aggregate with GROUP BY
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ Query: Active Mode @@
--    let sql =
--        "SELECT
--            d.noteable_type,
--            ...
--            (SELECT COUNT(*) FROM notes n
--             WHERE n.discussion_id = d.id AND n.is_system = 0) AS note_count,
--            (SELECT GROUP_CONCAT(username, X'1F') FROM (
--               SELECT DISTINCT n.author_username AS username
--               FROM notes n
--               WHERE n.discussion_id = d.id
--                 AND n.is_system = 0
--                 AND n.author_username IS NOT NULL
--               ORDER BY username
--            )) AS participants
--         FROM discussions d
--         ...
--         LIMIT ?3";
-+    let sql = "
-+      WITH picked AS (
-+        SELECT d.id, d.noteable_type, d.issue_id, d.merge_request_id, d.project_id, d.last_note_at
-+        FROM discussions d
-+        WHERE d.resolvable = 1 AND d.resolved = 0
-+          AND d.last_note_at >= ?1
-+          AND (?2 IS NULL OR d.project_id = ?2)
-+        ORDER BY d.last_note_at DESC
-+        LIMIT ?3
-+      ),
-+      note_agg AS (
-+        SELECT
-+          n.discussion_id,
-+          COUNT(*) AS note_count,
-+          GROUP_CONCAT(n.author_username, X'1F') AS participants
-+        FROM (
-+          SELECT DISTINCT discussion_id, author_username
-+          FROM notes
-+          WHERE is_system = 0 AND author_username IS NOT NULL
-+        ) n
-+        JOIN picked p ON p.id = n.discussion_id
-+        GROUP BY n.discussion_id
-+      )
-+      SELECT
-+        p.noteable_type,
-+        COALESCE(i.iid, m.iid) AS entity_iid,
-+        COALESCE(i.title, m.title) AS entity_title,
-+        proj.path_with_namespace,
-+        p.last_note_at,
-+        COALESCE(na.note_count, 0) AS note_count,
-+        COALESCE(na.participants, '') AS participants
-+      FROM picked p
-+      JOIN projects proj ON p.project_id = proj.id
-+      LEFT JOIN issues i ON p.issue_id = i.id
-+      LEFT JOIN merge_requests m ON p.merge_request_id = m.id
-+      LEFT JOIN note_agg na ON na.discussion_id = p.id
-+      ORDER BY p.last_note_at DESC
-+    ";
-
-Change 6 — Use prepare_cached() everywhere (cheap perf win, no scope creep)
-Why
-
-You already worked hard to keep SQL static. Taking advantage of sqlite statement caching completes the loop.
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ Query functions @@
--    let mut stmt = conn.prepare(sql)?;
-+    let mut stmt = conn.prepare_cached(sql)?;
-
-
-Apply in all query fns (query_workload, query_reviews, query_active, query_expert, query_overlap, lookup_project_path).
-
-Change 7 — Human output: show project_path where ambiguity exists (Workload + Overlap)
-Why
-
-When not project-scoped, #42 and !100 aren’t unique. You already have project paths in the query results — you’re just not printing them.
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ print_workload_human @@
--            println!(
--                "    {} {}  {}",
-+            println!(
-+                "    {} {}  {}  {}",
-                 style(format!("#{:<5}", item.iid)).cyan(),
-                 truncate_str(&item.title, 45),
-                 style(format_relative_time(item.updated_at)).dim(),
-+                style(&item.project_path).dim(),
-             );
-
-@@ print_workload_human (MRs) @@
--            println!(
--                "    {} {}{}  {}",
-+            println!(
-+                "    {} {}{}  {}  {}",
-                 style(format!("!{:<5}", mr.iid)).cyan(),
-                 truncate_str(&mr.title, 40),
-                 style(draft).dim(),
-                 style(format_relative_time(mr.updated_at)).dim(),
-+                style(&mr.project_path).dim(),
-             );
-
-@@ print_overlap_human @@
--        let mr_str = user.mr_iids.iter().take(5).map(|iid| format!("!{iid}")).collect::<Vec<_>>().join(", ");
-+        let mr_str = user.mr_refs.iter().take(5).cloned().collect::<Vec<_>>().join(", ");
-
-Change 8 — Robot JSON: add stable IDs + “defaulted” flags for reproducibility
-Why
-
-You already added resolved_input — good. Two more reproducibility gaps remain:
-
-Agents can’t reliably “open” an entity without IDs (discussion_id, mr_id, issue_id).
-
-Agents can’t tell whether since was user-provided vs defaulted (important when replaying intent).
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ WhoResolvedInput @@
- pub struct WhoResolvedInput {
-@@
-     pub since_ms: Option<i64>,
-     pub since_iso: Option<String>,
-+    pub since_was_default: bool,
-     pub limit: usize,
- }
-
-@@ run_who @@
--            let since_ms = resolve_since(args.since.as_deref(), "6m")?;
-+            let since_was_default = args.since.is_none();
-+            let since_ms = resolve_since(args.since.as_deref(), "6m")?;
-             Ok(WhoRun {
-                 resolved_input: WhoResolvedInput {
-@@
-                     since_ms: Some(since_ms),
-                     since_iso: Some(ms_to_iso(since_ms)),
-+                    since_was_default,
-                     limit: args.limit,
-                 },
-
-@@ print_who_json resolved_input @@
-     let resolved_input = serde_json::json!({
-@@
-         "since_ms": run.resolved_input.since_ms,
-         "since_iso": run.resolved_input.since_iso,
-+        "since_was_default": run.resolved_input.since_was_default,
-         "limit": run.resolved_input.limit,
-     });
-
-
-And for Active/Workload discussion items, add IDs in SQL and JSON:
-
-diff
-Copy code
-@@ ActiveDiscussion @@
- pub struct ActiveDiscussion {
-+    pub discussion_id: i64,
-@@
- }
-
-@@ query_active SELECT @@
--      SELECT
--        p.noteable_type,
-+      SELECT
-+        p.id AS discussion_id,
-+        p.noteable_type,
-
-@@ active_to_json @@
--        "discussions": r.discussions.iter().map(|d| json!({
-+        "discussions": r.discussions.iter().map(|d| json!({
-+            "discussion_id": d.discussion_id,
-             ...
-         }))
-
-Change 9 — Make performance verification explicit: require EXPLAIN QUERY PLAN checks for each mode
-Why
-
-You’re adding indexes specifically for these queries. The only way to ensure the planner is doing what you think is to lock in a short perf checklist (especially after schema drift or SQLite version differences).
-
-Diff
-diff
-Copy code
---- a/who-command-design.md
-+++ b/who-command-design.md
-@@ Verification @@
- # Manual verification against real data
- cargo run --release -- who src/features/global-search/
-@@
- cargo run --release -- who src/features/global-search/ -p typescript  # project scoped
-+
-+# Perf verification (required before merge):
-+# Confirm idx_notes_diffnote_path_created is used for Expert/Overlap and
-+# idx_discussions_unresolved_recent is used for Active.
-+sqlite3 path/to/db.sqlite "
-+  EXPLAIN QUERY PLAN
-+  SELECT ... -- paste final Expert SQL with representative bindings
-+";
-
-
-(Keep it lightweight: one representative query per mode is enough.)
-
-Net effect
-
-Correctness: project scoping hits the notes index; IDs added for agent workflows.
-
-Performance: fewer rows/materialization in Expert; statement caching everywhere; Active avoids correlated subqueries.
-
-UX: human output no longer ambiguous across projects; Overlap MR references become actionable.
-
-Reproducibility: agents can distinguish defaults vs explicit inputs; can dereference entities reliably.
-
-If you want one “highest ROI” subset to implement first: Change 1 + Change 4 + Change 6 + Change 7. That’s where the real operational value lands.

docs/who-command-design.feedback-4.md

@@ -1,3 +0,0 @@
-ChatGPT said:
-Proposing code revisions for performance and determinism
-Answer now

docs/who-command-design.feedback-5.md

@@ -1,356 +0,0 @@
-Below are the highest-leverage revisions I’d make. They’re tightly scoped (no new tables/APIs), but fix a few real correctness issues and make the outputs more actionable.
-
-1) Fix a correctness bug in PathQuery: don’t escape for =, and make --path Makefile actually work
-Why
-
-Bug: build_path_query() currently runs escape_like() even when is_prefix = false (exact match). That will break exact matches for paths containing _, %, or \ because = does not treat those as metacharacters (so the escaped string won’t equal the stored path).
-
-UX mismatch: The plan says --path handles dotless root files (Makefile/LICENSE), but the current logic still treats them as directory prefixes (Makefile/%) → zero results.
-
-Change
-
-Only escape for LIKE.
-
-Treat root paths (no /) passed via --path as exact matches by default (unless they end with /).
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
--/// Build a path query from a user-supplied path.
--///
--/// Rules:
--/// - If the path ends with `/`, it's a directory prefix -> `escaped_path%` (LIKE)
--/// - If the last path segment contains `.`, it's a file -> exact match (=)
--/// - Otherwise, it's a directory prefix -> `escaped_path/%` (LIKE)
-+/// Build a path query from a user-supplied path.
-+///
-+/// Rules:
-+/// - If the path ends with `/`, it's a directory prefix -> `escaped_path/%` (LIKE)
-+/// - If the path is a root path (no `/`) and does NOT end with `/`, treat as exact (=)
-+///   (this makes `--path Makefile` and `--path LICENSE` work as intended)
-+/// - Else if the last path segment contains `.`, treat as exact (=)
-+/// - Otherwise, treat as directory prefix -> `escaped_path/%` (LIKE)
-@@
--fn build_path_query(path: &str) -> PathQuery {
-+fn build_path_query(path: &str) -> PathQuery {
-     let trimmed = path.trim_end_matches('/');
-     let last_segment = trimmed.rsplit('/').next().unwrap_or(trimmed);
--    let is_file = !path.ends_with('/') && last_segment.contains('.');
--    let escaped = escape_like(trimmed);
-+    let is_root = !trimmed.contains('/');
-+    let is_file = !path.ends_with('/') && (is_root || last_segment.contains('.'));
- 
-     if is_file {
-         PathQuery {
--            value: escaped,
-+            // IMPORTANT: do NOT escape for exact match (=)
-+            value: trimmed.to_string(),
-             is_prefix: false,
-         }
-     } else {
-+        let escaped = escape_like(trimmed);
-         PathQuery {
-             value: format!("{escaped}/%"),
-             is_prefix: true,
-         }
-     }
- }
-@@
--/// **Known limitation:** Dotless root files (LICENSE, Makefile, Dockerfile)
--/// without a trailing `/` will be treated as directory prefixes. Use `--path`
--/// for these — the `--path` flag passes through to Expert mode directly,
--/// and the `build_path_query` output for "LICENSE" is a prefix `LICENSE/%`
--/// which will simply return zero results (a safe, obvious failure mode that the
--/// help text addresses).
-+/// Note: Root file paths passed via `--path` (including dotless files like Makefile/LICENSE)
-+/// are treated as exact matches unless they end with `/`.
-
-
-Also update the --path help text to be explicit:
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
--    /// Force expert mode for a file/directory path (handles root files like
--    /// README.md, LICENSE, Makefile that lack a / and can't be auto-detected)
-+    /// Force expert mode for a file/directory path.
-+    /// Root files (README.md, LICENSE, Makefile) are treated as exact matches.
-+    /// Use a trailing `/` to force directory-prefix matching.
-
-2) Fix Active mode: your note_count is currently counting participants, and the CTE scans too broadly
-Why
-
-In note_agg, you do SELECT DISTINCT discussion_id, author_username and then COUNT(*) AS note_count. That’s participant count, not note count.
-
-The current note_agg also builds the DISTINCT set from all notes then joins to picked. It’s avoidable work.
-
-Change
-
-Split into two aggregations scoped to picked:
-
-note_counts: counts non-system notes per picked discussion.
-
-participants: distinct usernames per picked discussion, then GROUP_CONCAT.
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
--        note_agg AS (
--            SELECT
--                n.discussion_id,
--                COUNT(*) AS note_count,
--                GROUP_CONCAT(n.author_username, X'1F') AS participants
--            FROM (
--                SELECT DISTINCT discussion_id, author_username
--                FROM notes
--                WHERE is_system = 0 AND author_username IS NOT NULL
--            ) n
--            JOIN picked p ON p.id = n.discussion_id
--            GROUP BY n.discussion_id
--        )
-+        note_counts AS (
-+            SELECT
-+                n.discussion_id,
-+                COUNT(*) AS note_count
-+            FROM notes n
-+            JOIN picked p ON p.id = n.discussion_id
-+            WHERE n.is_system = 0
-+            GROUP BY n.discussion_id
-+        ),
-+        participants AS (
-+            SELECT
-+                x.discussion_id,
-+                GROUP_CONCAT(x.author_username, X'1F') AS participants
-+            FROM (
-+                SELECT DISTINCT n.discussion_id, n.author_username
-+                FROM notes n
-+                JOIN picked p ON p.id = n.discussion_id
-+                WHERE n.is_system = 0 AND n.author_username IS NOT NULL
-+            ) x
-+            GROUP BY x.discussion_id
-+        )
-@@
--        LEFT JOIN note_agg na ON na.discussion_id = p.id
-+        LEFT JOIN note_counts nc ON nc.discussion_id = p.id
-+        LEFT JOIN participants pa ON pa.discussion_id = p.id
-@@
--            COALESCE(na.note_count, 0) AS note_count,
--            COALESCE(na.participants, '') AS participants
-+            COALESCE(nc.note_count, 0) AS note_count,
-+            COALESCE(pa.participants, '') AS participants
-
-
-Net effect: correctness fix + more predictable perf.
-
-Add a test that would have failed before:
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
-     #[test]
-     fn test_active_query() {
-@@
--        insert_diffnote(&conn, 1, 1, 1, "reviewer_b", "src/foo.rs", "needs work");
-+        insert_diffnote(&conn, 1, 1, 1, "reviewer_b", "src/foo.rs", "needs work");
-+        insert_diffnote(&conn, 2, 1, 1, "reviewer_b", "src/foo.rs", "follow-up");
-@@
--        assert_eq!(result.discussions[0].participants, vec!["reviewer_b"]);
-+        assert_eq!(result.discussions[0].participants, vec!["reviewer_b"]);
-+        assert_eq!(result.discussions[0].note_count, 2);
-
-3) Index fix: idx_discussions_unresolved_recent won’t help global --active ordering
-Why
-
-Your index is (project_id, last_note_at) with WHERE resolvable=1 AND resolved=0.
-
-When --active is not project-scoped (common default), SQLite can’t use (project_id, last_note_at) to satisfy ORDER BY last_note_at DESC efficiently because project_id isn’t constrained.
-
-This can turn into a scan+sort over potentially large unresolved sets.
-
-Change
-
-Keep the project-scoped index, but add a global ordering index (partial, still small):
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
- CREATE INDEX IF NOT EXISTS idx_discussions_unresolved_recent
-     ON discussions(project_id, last_note_at)
-     WHERE resolvable = 1 AND resolved = 0;
-+
-+-- Active (global): unresolved discussions by recency (no project scope).
-+-- Supports ORDER BY last_note_at DESC LIMIT N when project_id is unconstrained.
-+CREATE INDEX IF NOT EXISTS idx_discussions_unresolved_recent_global
-+    ON discussions(last_note_at)
-+    WHERE resolvable = 1 AND resolved = 0;
-
-4) Make Overlap “touches” coherent: count MRs for reviewers, not DiffNotes
-Why
-
-Overlap’s question is “Who else has MRs touching my files?” but:
-
-reviewer branch uses COUNT(*) (DiffNotes)
-
-author branch uses COUNT(DISTINCT m.id) (MRs)
-
-Those are different units; summing them into touch_count is misleading.
-
-Change
-
-Count distinct MRs on the reviewer branch too:
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
--                COUNT(*) AS touch_count,
-+                COUNT(DISTINCT m.id) AS touch_count,
-                 MAX(n.created_at) AS last_touch_at,
-                 GROUP_CONCAT(DISTINCT (p.path_with_namespace || '!' || m.iid)) AS mr_refs
-
-
-Also update human output labeling:
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
--        style("Touches").bold(),
-+        style("MRs").bold(),
-
-
-(You still preserve “strength” via mr_refs and last_touch_at.)
-
-5) Make outputs more actionable: add a canonical ref field (group/project!iid, group/project#iid)
-Why
-
-You already do this for Overlap (mr_refs). Doing the same for Workload and Active reduces friction for both humans and agents:
-
-humans can copy/paste a single token
-
-robots don’t need to stitch project_path + iid + prefix
-
-Change (Workload structs + SQL)
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
- pub struct WorkloadIssue {
-     pub iid: i64,
-+    pub ref_: String,
-     pub title: String,
-     pub project_path: String,
-     pub updated_at: i64,
- }
-@@
- pub struct WorkloadMr {
-     pub iid: i64,
-+    pub ref_: String,
-     pub title: String,
-     pub draft: bool,
-     pub project_path: String,
-@@
--    let issues_sql =
--        "SELECT i.iid, i.title, p.path_with_namespace, i.updated_at
-+    let issues_sql =
-+        "SELECT i.iid,
-+                (p.path_with_namespace || '#' || i.iid) AS ref,
-+                i.title, p.path_with_namespace, i.updated_at
-@@
--                iid: row.get(0)?,
--                title: row.get(1)?,
--                project_path: row.get(2)?,
--                updated_at: row.get(3)?,
-+                iid: row.get(0)?,
-+                ref_: row.get(1)?,
-+                title: row.get(2)?,
-+                project_path: row.get(3)?,
-+                updated_at: row.get(4)?,
-             })
-@@
--    let authored_sql =
--        "SELECT m.iid, m.title, m.draft, p.path_with_namespace, m.updated_at
-+    let authored_sql =
-+        "SELECT m.iid,
-+                (p.path_with_namespace || '!' || m.iid) AS ref,
-+                m.title, m.draft, p.path_with_namespace, m.updated_at
-@@
--                iid: row.get(0)?,
--                title: row.get(1)?,
--                draft: row.get::<_, i32>(2)? != 0,
--                project_path: row.get(3)?,
-+                iid: row.get(0)?,
-+                ref_: row.get(1)?,
-+                title: row.get(2)?,
-+                draft: row.get::<_, i32>(3)? != 0,
-+                project_path: row.get(4)?,
-                 author_username: None,
--                updated_at: row.get(4)?,
-+                updated_at: row.get(5)?,
-             })
-
-
-Then use ref_ in human output + robot JSON.
-
-6) Reviews mode: tolerate leading whitespace before **prefix**
-Why
-
-Many people write " **suggestion**: ...". Current LIKE '**%**%' misses that.
-
-Change
-
-Use ltrim(n.body) consistently:
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
--           AND n.body LIKE '**%**%'
-+           AND ltrim(n.body) LIKE '**%**%'
-@@
--            SUBSTR(n.body, 3, INSTR(SUBSTR(n.body, 3), '**') - 1) AS raw_prefix,
-+            SUBSTR(ltrim(n.body), 3, INSTR(SUBSTR(ltrim(n.body), 3), '**') - 1) AS raw_prefix,
-
-7) Add two small tests that catch the above regressions
-Why
-
-These are exactly the kind of issues that slip through without targeted tests.
-
-diff
-Copy code
-diff --git a/plan.md b/plan.md
-@@
-     #[test]
-     fn test_escape_like() {
-@@
-     }
-+
-+    #[test]
-+    fn test_build_path_query_exact_does_not_escape() {
-+        // '_' must not be escaped for '='
-+        let pq = build_path_query("README_with_underscore.md");
-+        assert_eq!(pq.value, "README_with_underscore.md");
-+        assert!(!pq.is_prefix);
-+    }
-+
-+    #[test]
-+    fn test_path_flag_dotless_root_file_is_exact() {
-+        let pq = build_path_query("Makefile");
-+        assert_eq!(pq.value, "Makefile");
-+        assert!(!pq.is_prefix);
-+    }
-
-Summary of net effect
-
-Correctness fixes: exact-path escaping bug; Active.note_count bug.
-
-Perf fixes: global --active index; avoid broad note scans in Active.
-
-Usefulness upgrades: coherent overlap “touch” metric; canonical refs everywhere; reviews prefix more robust.
-
-If you want one extra “stretch” that still isn’t scope creep: add an unscoped warning line in human output when project_id == None (e.g., “Aggregated across projects; use -p to scope”) for Expert/Overlap/Active. That’s pure presentation, but prevents misinterpretation in multi-project DBs.

docs/who-command-design.feedback-6.md

@@ -1,471 +0,0 @@
-Proposed revisions (Iteration 6)
-
-Below are the highest-leverage changes I’d make on top of your current Iteration 5 plan, with rationale and git-diff style edits to the plan text/snippets.
-
-1) Fix a real edge case: dotless non-root files (src/Dockerfile, infra/Makefile, etc.)
-Why
-
-Your current build_path_query() treats dotless last segments as directories (prefix match) unless the path is root. That misclassifies legitimate dotless files inside directories and silently produces path/% (zero hits or wrong hits).
-
-Best minimal fix: keep your static SQL approach, but add a DB existence probe (static SQL) for path queries:
-
-If user didn’t force directory (/), and exact path exists in DiffNotes, treat as exact =.
-
-Otherwise use prefix LIKE 'dir/%'.
-
-This avoids new CLI flags, avoids heuristics lists, and uses your existing partial index (idx_notes_diffnote_path_created) efficiently.
-
-Diff
-diff
-Copy code
-diff --git a/Plan.md b/Plan.md
-@@
--struct PathQuery {
-+struct PathQuery {
-     /// The parameter value to bind.
-     value: String,
-     /// If true: use `LIKE value ESCAPE '\'`. If false: use `= value`.
-     is_prefix: bool,
- }
- 
--/// Build a path query from a user-supplied path.
-+/// Build a path query from a user-supplied path, with a DB probe for dotless files.
-@@
--fn build_path_query(path: &str) -> PathQuery {
-+fn build_path_query(conn: &Connection, path: &str) -> Result<PathQuery> {
-     let trimmed = path.trim_end_matches('/');
-     let last_segment = trimmed.rsplit('/').next().unwrap_or(trimmed);
-     let is_root = !trimmed.contains('/');
--    let is_file = !path.ends_with('/') && (is_root || last_segment.contains('.'));
-+    let forced_dir = path.ends_with('/');
-+    let looks_like_file = !forced_dir && (is_root || last_segment.contains('.'));
-+
-+    // If it doesn't "look like a file" but the exact path exists in DiffNotes,
-+    // treat as exact (handles src/Dockerfile, infra/Makefile, etc.).
-+    let exact_exists = if !looks_like_file && !forced_dir {
-+        conn.query_row(
-+            "SELECT 1
-+             FROM notes
-+             WHERE note_type = 'DiffNote'
-+               AND is_system = 0
-+               AND position_new_path = ?1
-+             LIMIT 1",
-+            rusqlite::params![trimmed],
-+            |_| Ok(()),
-+        ).is_ok()
-+    } else {
-+        false
-+    };
-+
-+    let is_file = looks_like_file || exact_exists;
- 
-     if is_file {
-         PathQuery {
-             value: trimmed.to_string(),
-             is_prefix: false,
-         }
-     } else {
-         let escaped = escape_like(trimmed);
-         PathQuery {
-             value: format!("{escaped}/%"),
-             is_prefix: true,
-         }
-     }
- }
-
-
-Also update callers:
-
-diff
-Copy code
-@@
--    let pq = build_path_query(path);
-+    let pq = build_path_query(conn, path)?;
-@@
--    let pq = build_path_query(path);
-+    let pq = build_path_query(conn, path)?;
-
-
-And tests:
-
-diff
-Copy code
-@@
--    fn test_build_path_query() {
-+    fn test_build_path_query() {
-@@
--        // Dotless root file -> exact match (root path without '/')
-+        // Dotless root file -> exact match (root path without '/')
-         let pq = build_path_query("Makefile");
-         assert_eq!(pq.value, "Makefile");
-         assert!(!pq.is_prefix);
-+
-+        // Dotless file in subdir should become exact if DB contains it (probe)
-+        // (set up: insert one DiffNote with position_new_path = "src/Dockerfile")
-
-2) Make “reviewer” semantics correct: exclude MR authors commenting on their own diffs
-Why
-
-Right now, Overlap (and Expert reviewer branch) will count MR authors as “reviewers” if they leave DiffNotes in their own MR (clarifications / replies), inflating A+R and contaminating “who reviewed here” signals.
-
-You already enforce this in --reviews mode (m.author_username != ?1). Apply the same principle consistently:
-
-Reviewer branch: only count notes where n.author_username != m.author_username (when both non-NULL).
-
-Diff (Overlap reviewer branch)
-diff
-Copy code
-@@
--            WHERE n.note_type = 'DiffNote'
-+            WHERE n.note_type = 'DiffNote'
-               AND n.position_new_path LIKE ?1 ESCAPE '\\'
-               AND n.is_system = 0
-               AND n.author_username IS NOT NULL
-+              AND (m.author_username IS NULL OR n.author_username != m.author_username)
-               AND n.created_at >= ?2
-               AND (?3 IS NULL OR n.project_id = ?3)
-
-
-Same change for sql_exact.
-
-3) Expert mode scoring: align units + reduce single-MR “comment storms”
-Why
-
-Expert currently mixes units:
-
-reviewer side: DiffNote count
-
-author side: distinct MR count
-
-That makes score noisy and can crown “someone who wrote 30 comments on one MR” as top expert.
-
-Fix: make both sides primarily MR-breadth:
-
-reviewer: COUNT(DISTINCT m.id) as review_mr_count
-
-author: COUNT(DISTINCT m.id) as author_mr_count
-Optionally keep review_note_count as a secondary intensity signal (but not the main driver).
-
-Diff (types + SQL)
-diff
-Copy code
-@@
- pub struct Expert {
-     pub username: String,
--    pub score: f64,
--    pub review_count: u32,
--    pub author_count: u32,
-+    pub score: i64,
-+    pub review_mr_count: u32,
-+    pub review_note_count: u32,
-+    pub author_mr_count: u32,
-     pub last_active_ms: i64,
- }
-
-
-Reviewer branch now joins to MR so it can count distinct MRs and exclude self-comments:
-
-diff
-Copy code
-@@
--            SELECT
--                n.author_username AS username,
--                'reviewer' AS role,
--                COUNT(*) AS cnt,
--                MAX(n.created_at) AS last_active_at
--            FROM notes n
-+            SELECT
-+                n.author_username AS username,
-+                'reviewer' AS role,
-+                COUNT(DISTINCT m.id) AS mr_cnt,
-+                COUNT(*) AS note_cnt,
-+                MAX(n.created_at) AS last_active_at
-+            FROM notes n
-+            JOIN discussions d ON n.discussion_id = d.id
-+            JOIN merge_requests m ON d.merge_request_id = m.id
-             WHERE n.note_type = 'DiffNote'
-               AND n.is_system = 0
-               AND n.author_username IS NOT NULL
-+              AND (m.author_username IS NULL OR n.author_username != m.author_username)
-               AND n.position_new_path LIKE ?1 ESCAPE '\\'
-               AND n.created_at >= ?2
-               AND (?3 IS NULL OR n.project_id = ?3)
-             GROUP BY n.author_username
-
-
-Update author branch payload to match shape:
-
-diff
-Copy code
-@@
-             SELECT
-                 m.author_username AS username,
-                 'author' AS role,
--                COUNT(DISTINCT m.id) AS cnt,
-+                COUNT(DISTINCT m.id) AS mr_cnt,
-+                0 AS note_cnt,
-                 MAX(n.created_at) AS last_active_at
-
-
-Aggregate:
-
-diff
-Copy code
-@@
-         SELECT
-             username,
--            SUM(CASE WHEN role = 'reviewer' THEN cnt ELSE 0 END) AS review_count,
--            SUM(CASE WHEN role = 'author' THEN cnt ELSE 0 END) AS author_count,
-+            SUM(CASE WHEN role = 'reviewer' THEN mr_cnt ELSE 0 END) AS review_mr_count,
-+            SUM(CASE WHEN role = 'reviewer' THEN note_cnt ELSE 0 END) AS review_note_count,
-+            SUM(CASE WHEN role = 'author' THEN mr_cnt ELSE 0 END) AS author_mr_count,
-             MAX(last_active_at) AS last_active_at,
--            (SUM(CASE WHEN role = 'reviewer' THEN cnt ELSE 0 END) * 3.0) +
--            (SUM(CASE WHEN role = 'author' THEN cnt ELSE 0 END) * 2.0) AS score
-+            (
-+              (SUM(CASE WHEN role = 'reviewer' THEN mr_cnt ELSE 0 END) * 20) +
-+              (SUM(CASE WHEN role = 'author' THEN mr_cnt ELSE 0 END) * 12) +
-+              (SUM(CASE WHEN role = 'reviewer' THEN note_cnt ELSE 0 END) * 1)
-+            ) AS score
-
-
-Human header:
-
-diff
-Copy code
-@@
--        style("Reviews").bold(),
--        style("Authored").bold(),
-+        style("Reviewed(MRs)").bold(),
-+        style("Notes").bold(),
-+        style("Authored(MRs)").bold(),
-
-4) Deterministic output: participants + MR refs + tie-breakers
-Why
-
-You’ve correctly focused on reproducibility (resolved_input), but you still have nondeterministic lists:
-
-participants: GROUP_CONCAT order is undefined → vector order changes run-to-run.
-
-mr_refs: you dedup via HashSet then iterate → undefined order.
-
-user sorting in overlap is missing stable tie-breakers.
-
-This is a real “robot mode flake” source.
-
-Diff (Active participants sort)
-diff
-Copy code
-@@
--            let participants: Vec<String> = participants_csv
-+            let mut participants: Vec<String> = participants_csv
-                 .as_deref()
-                 .filter(|s| !s.is_empty())
-                 .map(|csv| csv.split('\x1F').map(String::from).collect())
-                 .unwrap_or_default();
-+            participants.sort(); // stable, deterministic
-
-Diff (Overlap MR refs sort + stable user sort)
-diff
-Copy code
-@@
--    users.sort_by(|a, b| b.touch_count.cmp(&a.touch_count));
-+    users.sort_by(|a, b| {
-+        b.touch_count.cmp(&a.touch_count)
-+            .then_with(|| b.last_touch_at.cmp(&a.last_touch_at))
-+            .then_with(|| a.username.cmp(&b.username))
-+    });
-@@
--        entry.mr_refs = set.into_iter().collect();
-+        let mut v: Vec<String> = set.into_iter().collect();
-+        v.sort();
-+        entry.mr_refs = v;
-
-5) Make --limit actionable: surface truncation explicitly (human + robot)
-Why
-
-Agents (and humans) need to know if results were cut off so they can rerun with a bigger -n.
-Right now there’s no signal.
-
-Minimal pattern: query limit + 1, set truncated = true if you got > limit, then truncate.
-
-Diff (result types)
-diff
-Copy code
-@@
- pub struct ExpertResult {
-     pub path_query: String,
-     pub experts: Vec<Expert>,
-+    pub truncated: bool,
- }
-@@
- pub struct ActiveResult {
-     pub discussions: Vec<ActiveDiscussion>,
-     pub total_unresolved: u32,
-+    pub truncated: bool,
- }
-@@
- pub struct OverlapResult {
-     pub path_query: String,
-     pub users: Vec<OverlapUser>,
-+    pub truncated: bool,
- }
-
-Diff (query pattern example)
-diff
-Copy code
-@@
--    let limit_i64 = limit as i64;
-+    let limit_plus_one = (limit + 1) as i64;
-@@
--        LIMIT ?4
-+        LIMIT ?4
-@@
--            rusqlite::params![pq.value, since_ms, project_id, limit_i64],
-+            rusqlite::params![pq.value, since_ms, project_id, limit_plus_one],
-@@
--    Ok(ExpertResult {
-+    let truncated = experts.len() > limit;
-+    let experts = experts.into_iter().take(limit).collect();
-+    Ok(ExpertResult {
-         path_query: path.to_string(),
-         experts,
-+        truncated,
-     })
-
-
-Human output hint:
-
-diff
-Copy code
-@@
-     if r.experts.is_empty() { ... }
-+    if r.truncated {
-+        println!("  {}", style("(showing first -n; rerun with a higher --limit)").dim());
-+    }
-
-
-Robot output field:
-
-diff
-Copy code
-@@
- fn expert_to_json(r: &ExpertResult) -> serde_json::Value {
-     serde_json::json!({
-         "path_query": r.path_query,
-+        "truncated": r.truncated,
-         "experts": ...
-     })
- }
-
-6) Overlap merge hot loop: avoid repeated HashSet rebuild per row
-Why
-
-This line is expensive in a UNION result with many rows:
-
-rust
-Copy code
-let mut set: HashSet<String> = entry.mr_refs.drain(..).collect();
-
-
-It reallocates and rehashes every time.
-
-Fix: store an accumulator with HashSet during merge, convert once at end.
-
-Diff (internal accumulator)
-diff
-Copy code
-@@
--    let mut user_map: HashMap<String, OverlapUser> = HashMap::new();
-+    struct OverlapAcc {
-+        username: String,
-+        author_touch_count: u32,
-+        review_touch_count: u32,
-+        touch_count: u32,
-+        last_touch_at: i64,
-+        mr_refs: HashSet<String>,
-+    }
-+    let mut user_map: HashMap<String, OverlapAcc> = HashMap::new();
-@@
--        let entry = user_map.entry(username.clone()).or_insert_with(|| OverlapUser {
-+        let entry = user_map.entry(username.clone()).or_insert_with(|| OverlapAcc {
-             username: username.clone(),
-             author_touch_count: 0,
-             review_touch_count: 0,
-             touch_count: 0,
-             last_touch_at: 0,
--            mr_refs: Vec::new(),
-+            mr_refs: HashSet::new(),
-         });
-@@
--        let mut set: HashSet<String> = entry.mr_refs.drain(..).collect();
--        for r in mr_refs { set.insert(r); }
--        entry.mr_refs = set.into_iter().collect();
-+        for r in mr_refs { entry.mr_refs.insert(r); }
-@@
--    let mut users: Vec<OverlapUser> = user_map.into_values().collect();
-+    let mut users: Vec<OverlapUser> = user_map.into_values().map(|a| {
-+        let mut mr_refs: Vec<String> = a.mr_refs.into_iter().collect();
-+        mr_refs.sort();
-+        OverlapUser {
-+            username: a.username,
-+            author_touch_count: a.author_touch_count,
-+            review_touch_count: a.review_touch_count,
-+            touch_count: a.touch_count,
-+            last_touch_at: a.last_touch_at,
-+            mr_refs,
-+        }
-+    }).collect();
-
-7) Tests to lock these behaviors
-Add tests (high value)
-
-dotless subdir file uses DB probe → exact match
-
-self-review exclusion prevents MR author showing up as reviewer
-
-deterministic ordering for participants and mr_refs (sort)
-
-Diff (test additions outline)
-diff
-Copy code
-@@
-     #[test]
-+    fn test_build_path_query_dotless_subdir_file_uses_probe() {
-+        let conn = setup_test_db();
-+        insert_project(&conn, 1, "team/backend");
-+        insert_mr(&conn, 1, 1, 100, "author_a", "opened");
-+        insert_discussion(&conn, 1, 1, Some(1), None, true, false);
-+        insert_diffnote(&conn, 1, 1, 1, "reviewer_b", "src/Dockerfile", "note");
-+
-+        let pq = build_path_query(&conn, "src/Dockerfile").unwrap();
-+        assert_eq!(pq.value, "src/Dockerfile");
-+        assert!(!pq.is_prefix);
-+    }
-+
-+    #[test]
-+    fn test_overlap_excludes_self_review_notes() {
-+        let conn = setup_test_db();
-+        insert_project(&conn, 1, "team/backend");
-+        insert_mr(&conn, 1, 1, 100, "author_a", "opened");
-+        insert_discussion(&conn, 1, 1, Some(1), None, true, false);
-+        // author_a comments on their own MR diff
-+        insert_diffnote(&conn, 1, 1, 1, "author_a", "src/auth/login.rs", "clarification");
-+
-+        let result = query_overlap(&conn, "src/auth/", None, 0, 20).unwrap();
-+        let u = result.users.iter().find(|u| u.username == "author_a");
-+        // should not be credited as reviewer touch
-+        assert!(u.map(|x| x.review_touch_count).unwrap_or(0) == 0);
-+    }
-
-Net effect
-
-Correctness: fixes dotless subdir files + self-review pollution.
-
-Signal quality: Expert ranking becomes harder to game by comment volume.
-
-Robot reproducibility: deterministic ordering + explicit truncation.
-
-Performance: avoids rehash loops in overlap merges; path probe uses indexed equality.
-
-If you want one “single best” change: #1 (DB probe exact-match) is the most likely to prevent confusing “why is this empty?” behavior without adding any user-facing complexity.

docs/who-command-design.feedback-7.md

@@ -1,353 +0,0 @@
-Below are the highest-leverage revisions I’d make to iteration 6 to improve correctness (multi-project edge cases), robot-mode reliability (bounded payloads + truncation), and signal quality—without changing the fundamental scope (still pure SQL over existing tables).
-
-1) Make build_path_query project-aware and two-way probe (exact and prefix)
-Why
-
-Your DB probe currently answers: “does this exact file exist anywhere in DiffNotes?” That can misclassify in a project-scoped run:
-
-Path exists as a dotless file in Project A → probe returns true
-
-User runs -p Project B where the path is a directory (or different shape) → you switch to exact, return empty, and miss valid prefix hits.
-
-Also, you still have a minor heuristic fragility for dot directories when the user omits trailing / (e.g., .github/workflows): last segment has a dot → you treat as file unless forced dir.
-
-Revision
-
-Thread project_id into build_path_query(conn, path, project_id)
-
-Probe exact first (scoped), then probe prefix (scoped)
-
-Only fall back to heuristics if both probes fail
-
-This keeps “static SQL, no dynamic assembly,” and costs at most 2 indexed existence queries per invocation.
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
-- fn build_path_query(conn: &Connection, path: &str) -> Result<PathQuery> {
-+ fn build_path_query(conn: &Connection, path: &str, project_id: Option<i64>) -> Result<PathQuery> {
-     let trimmed = path.trim_end_matches('/');
-     let last_segment = trimmed.rsplit('/').next().unwrap_or(trimmed);
-     let is_root = !trimmed.contains('/');
-     let forced_dir = path.ends_with('/');
--    let looks_like_file = !forced_dir && (is_root || last_segment.contains('.'));
-+    // Heuristic is now only a fallback; probes decide first.
-+    let looks_like_file = !forced_dir && (is_root || last_segment.contains('.'));
- 
--    let exact_exists = if !looks_like_file && !forced_dir {
--        conn.query_row(
--            "SELECT 1 FROM notes
--             WHERE note_type = 'DiffNote'
--               AND is_system = 0
--               AND position_new_path = ?1
--             LIMIT 1",
--            rusqlite::params![trimmed],
--            |_| Ok(()),
--        )
--        .is_ok()
--    } else {
--        false
--    };
-+    // Probe 1: exact file exists (scoped)
-+    let exact_exists = conn.query_row(
-+        "SELECT 1 FROM notes
-+         WHERE note_type = 'DiffNote'
-+           AND is_system = 0
-+           AND position_new_path = ?1
-+           AND (?2 IS NULL OR project_id = ?2)
-+         LIMIT 1",
-+        rusqlite::params![trimmed, project_id],
-+        |_| Ok(()),
-+    ).is_ok();
-+
-+    // Probe 2: directory prefix exists (scoped)
-+    let prefix_exists = if !forced_dir {
-+        let escaped = escape_like(trimmed);
-+        let pat = format!("{escaped}/%");
-+        conn.query_row(
-+            "SELECT 1 FROM notes
-+             WHERE note_type = 'DiffNote'
-+               AND is_system = 0
-+               AND position_new_path LIKE ?1 ESCAPE '\\'
-+               AND (?2 IS NULL OR project_id = ?2)
-+             LIMIT 1",
-+            rusqlite::params![pat, project_id],
-+            |_| Ok(()),
-+        ).is_ok()
-+    } else { false };
- 
--    let is_file = looks_like_file || exact_exists;
-+    // Forced directory always wins; otherwise: exact > prefix > heuristic
-+    let is_file = if forced_dir { false }
-+                  else if exact_exists { true }
-+                  else if prefix_exists { false }
-+                  else { looks_like_file };
- 
-     if is_file {
-         Ok(PathQuery { value: trimmed.to_string(), is_prefix: false })
-     } else {
-         let escaped = escape_like(trimmed);
-         Ok(PathQuery { value: format!("{escaped}/%"), is_prefix: true })
-     }
- }
-@@
-- let pq = build_path_query(conn, path)?;
-+ let pq = build_path_query(conn, path, project_id)?;
-
-
-Add test coverage for the multi-project misclassification case:
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
-     #[test]
-     fn test_build_path_query_dotless_subdir_file_uses_db_probe() {
-@@
--        let pq = build_path_query(&conn, "src/Dockerfile").unwrap();
-+        let pq = build_path_query(&conn, "src/Dockerfile", None).unwrap();
-@@
--        let pq2 = build_path_query(&conn2, "src/Dockerfile").unwrap();
-+        let pq2 = build_path_query(&conn2, "src/Dockerfile", None).unwrap();
-     }
-+
-+    #[test]
-+    fn test_build_path_query_probe_is_project_scoped() {
-+        // Path exists as a dotless file in project 1; project 2 should not
-+        // treat it as an exact file unless it exists there too.
-+        let conn = setup_test_db();
-+        insert_project(&conn, 1, "team/a");
-+        insert_project(&conn, 2, "team/b");
-+        insert_mr(&conn, 1, 1, 10, "author_a", "opened");
-+        insert_discussion(&conn, 1, 1, Some(1), None, true, false);
-+        insert_diffnote(&conn, 1, 1, 1, "rev", "infra/Makefile", "note");
-+
-+        let pq_scoped = build_path_query(&conn, "infra/Makefile", Some(2)).unwrap();
-+        assert!(pq_scoped.is_prefix); // should fall back to prefix in project 2
-+    }
-
-2) Bound robot payload sizes for participants and mr_refs (with totals + truncation)
-Why
-
-mr_refs and participants can become unbounded arrays in robot mode, which is a real operational hazard:
-
-huge JSON → slow, noisy diffs, brittle downstream pipelines
-
-potential SQLite group_concat truncation becomes invisible (and you can’t distinguish “no refs” vs “refs truncated”)
-
-Revision
-
-Introduce hard caps and explicit metadata:
-
-participants_total, participants_truncated
-
-mr_refs_total, mr_refs_truncated
-
-This is not scope creep—it’s defensive output hygiene.
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
- pub struct ActiveDiscussion {
-@@
-     pub participants: Vec<String>,
-+    pub participants_total: u32,
-+    pub participants_truncated: bool,
- }
-@@
- pub struct OverlapUser {
-@@
-     pub mr_refs: Vec<String>,
-+    pub mr_refs_total: u32,
-+    pub mr_refs_truncated: bool,
- }
-
-
-Implementation sketch (Rust-side, deterministic):
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
- fn query_active(...) -> Result<ActiveResult> {
-+    const MAX_PARTICIPANTS: usize = 50;
-@@
--            participants.sort();
-+            participants.sort();
-+            let participants_total = participants.len() as u32;
-+            let participants_truncated = participants.len() > MAX_PARTICIPANTS;
-+            if participants_truncated {
-+                participants.truncate(MAX_PARTICIPANTS);
-+            }
-@@
-             Ok(ActiveDiscussion {
-@@
-                 participants,
-+                participants_total,
-+                participants_truncated,
-             })
-@@
- fn query_overlap(...) -> Result<OverlapResult> {
-+    const MAX_MR_REFS_PER_USER: usize = 50;
-@@
-         .map(|a| {
-             let mut mr_refs: Vec<String> = a.mr_refs.into_iter().collect();
-             mr_refs.sort();
-+            let mr_refs_total = mr_refs.len() as u32;
-+            let mr_refs_truncated = mr_refs.len() > MAX_MR_REFS_PER_USER;
-+            if mr_refs_truncated {
-+                mr_refs.truncate(MAX_MR_REFS_PER_USER);
-+            }
-             OverlapUser {
-@@
-                 mr_refs,
-+                mr_refs_total,
-+                mr_refs_truncated,
-             }
-         })
-
-
-Update robot JSON accordingly:
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
- fn active_to_json(r: &ActiveResult) -> serde_json::Value {
-@@
-             "participants": d.participants,
-+            "participants_total": d.participants_total,
-+            "participants_truncated": d.participants_truncated,
-         }))
-@@
- fn overlap_to_json(r: &OverlapResult) -> serde_json::Value {
-@@
-             "mr_refs": u.mr_refs,
-+            "mr_refs_total": u.mr_refs_total,
-+            "mr_refs_truncated": u.mr_refs_truncated,
-         }))
-
-
-Also update robot-docs manifest schema snippet for who.active.discussions[] and who.overlap.users[].
-
-3) Add truncation metadata to Workload sections (same LIMIT+1 pattern)
-Why
-
-Workload is the mode most likely to be consumed by agents, and right now it has silent truncation (each section is LIMIT N with no signal). Your plan already treats truncation as a first-class contract elsewhere; Workload should match.
-
-Revision
-
-For each workload query:
-
-request LIMIT + 1
-
-set *_truncated booleans
-
-trim to requested limit
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
- pub struct WorkloadResult {
-     pub username: String,
-     pub assigned_issues: Vec<WorkloadIssue>,
-     pub authored_mrs: Vec<WorkloadMr>,
-     pub reviewing_mrs: Vec<WorkloadMr>,
-     pub unresolved_discussions: Vec<WorkloadDiscussion>,
-+    pub assigned_issues_truncated: bool,
-+    pub authored_mrs_truncated: bool,
-+    pub reviewing_mrs_truncated: bool,
-+    pub unresolved_discussions_truncated: bool,
- }
-
-
-And in JSON include the booleans (plus you already have summary.counts).
-
-This is mechanically repetitive but extremely valuable for automation.
-
-4) Rename “Last Active” → “Last Seen” for Expert/Overlap
-Why
-
-For “author” rows, the timestamp is derived from review activity on their MR (via MAX(n.created_at)), not necessarily that person’s direct action. Calling that “active” is semantically misleading. “Last seen” is accurate across both reviewer+author branches.
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
- pub struct Expert {
-@@
--    pub last_active_ms: i64,
-+    pub last_seen_ms: i64,
- }
-@@
- pub struct OverlapUser {
-@@
--    pub last_touch_at: i64,
-+    pub last_seen_at: i64,
-@@
- fn print_expert_human(...) {
-@@
--        style("Last Active").bold(),
-+        style("Last Seen").bold(),
-@@
--        style(format_relative_time(expert.last_active_ms)).dim(),
-+        style(format_relative_time(expert.last_seen_ms)).dim(),
-
-
-(Keep internal SQL aliases consistent: last_seen_at everywhere.)
-
-5) Make MR state filtering consistent in Expert/Overlap reviewer branches
-Why
-
-You already restrict Overlap author branch to opened|merged, but reviewer branches can include closed/unmerged noise. Consistency improves signal quality and can reduce scan churn.
-
-Low-risk revision: apply the same state filter to reviewer branches (Expert + Overlap). You can keep “closed” excluded by default without adding new flags.
-
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
- WHERE n.note_type = 'DiffNote'
-   AND n.is_system = 0
-@@
--  AND n.created_at >= ?2
-+  AND m.state IN ('opened','merged')
-+  AND n.created_at >= ?2
-
-
-This is a semantic choice; if you later want archaeology across closed/unmerged, that belongs in a separate mode/flag, but I would not add it now.
-
-6) Add a design principle for bounded outputs (aligns with robot-first reproducibility)
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
- 10. **Truncation transparency.** Result types carry a `truncated: bool` flag...
-+11. **Bounded payloads.** Robot JSON must never emit unbounded arrays (participants, refs).
-+    Large list fields are capped with `*_total` + `*_truncated` so agents can page/retry.
-
-Consolidated plan metadata bump (Iteration 7)
-diff
-Copy code
-diff --git a/who-command-design.md b/who-command-design.md
-@@
--iteration: 6
-+iteration: 7
- updated: 2026-02-07
-
-Net effect (what you get)
-
-Correct path classification under -p scoping (no cross-project probe leakage)
-
-Deterministic + bounded robot payloads (no giant JSON surprises)
-
-Uniform truncation contract across all modes (Workload no longer silently truncates)
-
-Clearer semantics (“Last Seen” avoids misinterpretation)
-
-Cleaner signals (reviewer branches ignore closed/unmerged by default)
-
-If you want, I can also produce a second diff that updates the robot-docs schema block and the Verification EXPLAIN expectations to reflect the new probe queries and the state filter.

gitlore-sync-explorer.html

@@ -1,844 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Gitlore Sync Pipeline Explorer</title>
-<style>
-  :root {
-    --bg: #0d1117;
-    --bg-secondary: #161b22;
-    --bg-tertiary: #1c2129;
-    --border: #30363d;
-    --text: #c9d1d9;
-    --text-dim: #8b949e;
-    --text-bright: #f0f6fc;
-    --cyan: #58a6ff;
-    --green: #3fb950;
-    --amber: #d29922;
-    --red: #f85149;
-    --purple: #bc8cff;
-    --pink: #f778ba;
-    --cyan-dim: rgba(88,166,255,0.15);
-    --green-dim: rgba(63,185,80,0.15);
-    --amber-dim: rgba(210,153,34,0.15);
-    --red-dim: rgba(248,81,73,0.15);
-    --purple-dim: rgba(188,140,255,0.15);
-  }
-  * { margin: 0; padding: 0; box-sizing: border-box; }
-  body {
-    font-family: 'SF Mono', 'Cascadia Code', 'Fira Code', 'JetBrains Mono', monospace;
-    background: var(--bg); color: var(--text);
-    display: flex; height: 100vh; overflow: hidden;
-  }
-  .sidebar {
-    width: 220px; min-width: 220px; background: var(--bg-secondary);
-    border-right: 1px solid var(--border); display: flex; flex-direction: column; padding: 16px 0;
-  }
-  .sidebar-title {
-    font-size: 11px; font-weight: 700; text-transform: uppercase;
-    letter-spacing: 1.2px; color: var(--text-dim); padding: 0 16px 12px;
-  }
-  .logo {
-    padding: 0 16px 20px; font-size: 15px; font-weight: 700; color: var(--cyan);
-    display: flex; align-items: center; gap: 8px;
-  }
-  .logo svg { width: 20px; height: 20px; }
-  .nav-item {
-    padding: 10px 16px; cursor: pointer; font-size: 13px; color: var(--text-dim);
-    transition: all 0.15s; border-left: 3px solid transparent;
-    display: flex; align-items: center; gap: 10px;
-  }
-  .nav-item:hover { background: var(--bg-tertiary); color: var(--text); }
-  .nav-item.active { background: var(--cyan-dim); color: var(--cyan); border-left-color: var(--cyan); }
-  .nav-dot { width: 8px; height: 8px; border-radius: 50%; flex-shrink: 0; }
-  .main { flex: 1; display: flex; flex-direction: column; overflow: hidden; }
-  .header {
-    padding: 16px 24px; border-bottom: 1px solid var(--border);
-    display: flex; align-items: center; justify-content: space-between;
-  }
-  .header h1 { font-size: 16px; font-weight: 600; color: var(--text-bright); }
-  .header-badge {
-    font-size: 11px; padding: 3px 10px; border-radius: 12px;
-    background: var(--cyan-dim); color: var(--cyan);
-  }
-  .canvas-wrapper { flex: 1; overflow: auto; position: relative; }
-  .canvas { padding: 32px; min-height: 100%; }
-  .flow-container { display: none; }
-  .flow-container.active { display: block; }
-  .phase { margin-bottom: 32px; }
-  .phase-header { display: flex; align-items: center; gap: 12px; margin-bottom: 16px; }
-  .phase-number {
-    width: 28px; height: 28px; border-radius: 50%; display: flex; align-items: center;
-    justify-content: center; font-size: 13px; font-weight: 700; flex-shrink: 0;
-  }
-  .phase-title { font-size: 14px; font-weight: 600; color: var(--text-bright); }
-  .phase-subtitle { font-size: 11px; color: var(--text-dim); margin-left: 4px; font-weight: 400; }
-  .flow-row {
-    display: flex; align-items: stretch; gap: 0; flex-wrap: wrap;
-    margin-left: 14px; padding-left: 26px; border-left: 2px solid var(--border);
-  }
-  .flow-row:last-child { border-left-color: transparent; }
-  .node {
-    position: relative; padding: 12px 16px; border-radius: 8px;
-    border: 1px solid var(--border); background: var(--bg-secondary);
-    font-size: 12px; cursor: pointer; transition: all 0.2s;
-    min-width: 180px; max-width: 260px; margin: 4px 0;
-  }
-  .node:hover {
-    border-color: var(--cyan); transform: translateY(-1px);
-    box-shadow: 0 4px 12px rgba(0,0,0,0.3);
-  }
-  .node.selected {
-    border-color: var(--cyan);
-    box-shadow: 0 0 0 1px var(--cyan), 0 4px 16px rgba(88,166,255,0.15);
-  }
-  .node-title { font-weight: 600; font-size: 12px; margin-bottom: 4px; color: var(--text-bright); }
-  .node-desc { font-size: 11px; color: var(--text-dim); line-height: 1.5; }
-  .node.api { border-left: 3px solid var(--cyan); }
-  .node.transform { border-left: 3px solid var(--purple); }
-  .node.db { border-left: 3px solid var(--green); }
-  .node.decision { border-left: 3px solid var(--amber); }
-  .node.error { border-left: 3px solid var(--red); }
-  .node.queue { border-left: 3px solid var(--pink); }
-  .arrow {
-    display: flex; align-items: center; padding: 0 6px;
-    color: var(--text-dim); font-size: 16px; flex-shrink: 0;
-  }
-  .arrow-down {
-    display: flex; justify-content: center; padding: 4px 0;
-    color: var(--text-dim); font-size: 16px; margin-left: 14px;
-    padding-left: 26px; border-left: 2px solid var(--border);
-  }
-  .branch-container {
-    margin-left: 14px; padding-left: 26px;
-    border-left: 2px solid var(--border); padding-bottom: 8px;
-  }
-  .branch-row { display: flex; gap: 12px; margin: 8px 0; flex-wrap: wrap; }
-  .branch-label {
-    font-size: 11px; font-weight: 600; margin: 8px 0 4px;
-    display: flex; align-items: center; gap: 6px;
-  }
-  .branch-label.success { color: var(--green); }
-  .branch-label.error { color: var(--red); }
-  .branch-label.retry { color: var(--amber); }
-  .diff-badge {
-    display: inline-block; font-size: 10px; padding: 2px 6px;
-    border-radius: 4px; margin-top: 6px; font-weight: 600;
-  }
-  .diff-badge.changed { background: var(--amber-dim); color: var(--amber); }
-  .diff-badge.same { background: var(--green-dim); color: var(--green); }
-  .detail-panel {
-    position: fixed; right: 0; top: 0; bottom: 0; width: 380px;
-    background: var(--bg-secondary); border-left: 1px solid var(--border);
-    transform: translateX(100%); transition: transform 0.25s ease;
-    z-index: 100; display: flex; flex-direction: column; overflow: hidden;
-  }
-  .detail-panel.open { transform: translateX(0); }
-  .detail-header {
-    padding: 16px 20px; border-bottom: 1px solid var(--border);
-    display: flex; align-items: center; justify-content: space-between;
-  }
-  .detail-header h2 { font-size: 14px; font-weight: 600; color: var(--text-bright); }
-  .detail-close {
-    cursor: pointer; color: var(--text-dim); font-size: 18px;
-    background: none; border: none; padding: 4px 8px; border-radius: 4px;
-  }
-  .detail-close:hover { background: var(--bg-tertiary); color: var(--text); }
-  .detail-body { flex: 1; overflow-y: auto; padding: 20px; }
-  .detail-section { margin-bottom: 20px; }
-  .detail-section h3 {
-    font-size: 11px; text-transform: uppercase; letter-spacing: 0.8px;
-    color: var(--text-dim); margin-bottom: 8px;
-  }
-  .detail-section p { font-size: 12px; line-height: 1.7; color: var(--text); }
-  .sql-block {
-    background: var(--bg); border: 1px solid var(--border); border-radius: 6px;
-    padding: 12px; font-size: 11px; line-height: 1.6; color: var(--green);
-    overflow-x: auto; white-space: pre; margin-top: 8px;
-  }
-  .detail-tag {
-    display: inline-block; font-size: 10px; padding: 2px 8px;
-    border-radius: 10px; margin: 2px 4px 2px 0;
-  }
-  .detail-tag.file { background: var(--purple-dim); color: var(--purple); }
-  .detail-tag.type-api { background: var(--cyan-dim); color: var(--cyan); }
-  .detail-tag.type-db { background: var(--green-dim); color: var(--green); }
-  .detail-tag.type-transform { background: var(--purple-dim); color: var(--purple); }
-  .detail-tag.type-decision { background: var(--amber-dim); color: var(--amber); }
-  .detail-tag.type-error { background: var(--red-dim); color: var(--red); }
-  .detail-tag.type-queue { background: rgba(247,120,186,0.15); color: var(--pink); }
-  .watermark-panel { border-top: 1px solid var(--border); background: var(--bg-secondary); }
-  .watermark-toggle {
-    padding: 10px 24px; cursor: pointer; font-size: 12px; color: var(--text-dim);
-    display: flex; align-items: center; gap: 8px; user-select: none;
-  }
-  .watermark-toggle:hover { color: var(--text); }
-  .watermark-toggle .chevron { transition: transform 0.2s; font-size: 10px; }
-  .watermark-toggle .chevron.open { transform: rotate(180deg); }
-  .watermark-content { display: none; padding: 0 24px 16px; max-height: 260px; overflow-y: auto; }
-  .watermark-content.open { display: block; }
-  .wm-table { width: 100%; border-collapse: collapse; font-size: 11px; }
-  .wm-table th {
-    text-align: left; padding: 6px 12px; color: var(--text-dim); font-weight: 600;
-    border-bottom: 1px solid var(--border); font-size: 10px;
-    text-transform: uppercase; letter-spacing: 0.5px;
-  }
-  .wm-table td { padding: 6px 12px; border-bottom: 1px solid var(--border); color: var(--text); }
-  .wm-table td:first-child { color: var(--cyan); font-weight: 600; }
-  .wm-table td:nth-child(2) { color: var(--green); }
-  .overview-pipeline { display: flex; gap: 0; align-items: stretch; margin: 24px 0; flex-wrap: wrap; }
-  .overview-stage {
-    flex: 1; min-width: 200px; background: var(--bg-secondary);
-    border: 1px solid var(--border); border-radius: 10px; padding: 20px;
-    cursor: pointer; transition: all 0.2s;
-  }
-  .overview-stage:hover {
-    border-color: var(--cyan); transform: translateY(-2px);
-    box-shadow: 0 6px 20px rgba(0,0,0,0.3);
-  }
-  .overview-arrow { display: flex; align-items: center; padding: 0 8px; font-size: 20px; color: var(--text-dim); }
-  .stage-num { font-size: 10px; font-weight: 700; text-transform: uppercase; letter-spacing: 1px; margin-bottom: 8px; }
-  .stage-title { font-size: 15px; font-weight: 700; color: var(--text-bright); margin-bottom: 6px; }
-  .stage-desc { font-size: 11px; color: var(--text-dim); line-height: 1.6; }
-  .stage-detail {
-    margin-top: 12px; padding-top: 12px; border-top: 1px solid var(--border);
-    font-size: 11px; color: var(--text-dim); line-height: 1.6;
-  }
-  .stage-detail code {
-    color: var(--amber); background: var(--amber-dim); padding: 1px 5px;
-    border-radius: 3px; font-size: 10px;
-  }
-  .info-box {
-    background: var(--bg-tertiary); border: 1px solid var(--border);
-    border-radius: 8px; padding: 16px; margin: 16px 0; font-size: 12px; line-height: 1.7;
-  }
-  .info-box-title { font-weight: 600; color: var(--cyan); margin-bottom: 6px; display: flex; align-items: center; gap: 6px; }
-  .info-box ul { margin-left: 16px; color: var(--text-dim); }
-  .info-box li { margin: 4px 0; }
-  .info-box code {
-    color: var(--amber); background: var(--amber-dim);
-    padding: 1px 5px; border-radius: 3px; font-size: 11px;
-  }
-  .legend {
-    display: flex; gap: 16px; flex-wrap: wrap; margin-bottom: 24px;
-    padding: 12px 16px; background: var(--bg-secondary);
-    border: 1px solid var(--border); border-radius: 8px;
-  }
-  .legend-item { display: flex; align-items: center; gap: 6px; font-size: 11px; color: var(--text-dim); }
-  .legend-color { width: 12px; height: 3px; border-radius: 2px; }
-  ::-webkit-scrollbar { width: 8px; height: 8px; }
-  ::-webkit-scrollbar-track { background: transparent; }
-  ::-webkit-scrollbar-thumb { background: var(--border); border-radius: 4px; }
-  ::-webkit-scrollbar-thumb:hover { background: var(--text-dim); }
-</style>
-</head>
-<body>
-
-<div class="sidebar">
-  <div class="logo">
-    <svg viewBox="0 0 20 20" fill="none" stroke="currentColor" stroke-width="1.5">
-      <circle cx="10" cy="10" r="8"/><path d="M10 6v4l3 2"/>
-    </svg>
-    lore sync
-  </div>
-  <div class="sidebar-title">Entity Flows</div>
-  <div class="nav-item active" data-view="overview" onclick="switchView('overview')">
-    <div class="nav-dot" style="background:var(--cyan)"></div>Full Sync Overview
-  </div>
-  <div class="nav-item" data-view="issues" onclick="switchView('issues')">
-    <div class="nav-dot" style="background:var(--green)"></div>Issues
-  </div>
-  <div class="nav-item" data-view="mrs" onclick="switchView('mrs')">
-    <div class="nav-dot" style="background:var(--purple)"></div>Merge Requests
-  </div>
-  <div class="nav-item" data-view="docs" onclick="switchView('docs')">
-    <div class="nav-dot" style="background:var(--amber)"></div>Documents
-  </div>
-  <div class="nav-item" data-view="embed" onclick="switchView('embed')">
-    <div class="nav-dot" style="background:var(--pink)"></div>Embeddings
-  </div>
-</div>
-
-<div class="main">
-  <div class="header">
-    <h1 id="view-title">Full Sync Overview</h1>
-    <span class="header-badge" id="view-badge">4 stages</span>
-  </div>
-
-  <div class="canvas-wrapper"><div class="canvas">
-
-    <!-- OVERVIEW -->
-    <div class="flow-container active" id="view-overview">
-      <div class="overview-pipeline">
-        <div class="overview-stage" onclick="switchView('issues')">
-          <div class="stage-num" style="color:var(--green)">Stage 1</div>
-          <div class="stage-title">Ingest Issues</div>
-          <div class="stage-desc">Fetch issues + discussions + resource events from GitLab API</div>
-          <div class="stage-detail">Cursor-based incremental sync.<br>Sequential discussion fetch.<br>Queue-based resource events.</div>
-        </div>
-        <div class="overview-arrow">&rarr;</div>
-        <div class="overview-stage" onclick="switchView('mrs')">
-          <div class="stage-num" style="color:var(--purple)">Stage 2</div>
-          <div class="stage-title">Ingest MRs</div>
-          <div class="stage-desc">Fetch merge requests + discussions + resource events</div>
-          <div class="stage-detail">Page-based incremental sync.<br>Parallel prefetch discussions.<br>Queue-based resource events.</div>
-        </div>
-        <div class="overview-arrow">&rarr;</div>
-        <div class="overview-stage" onclick="switchView('docs')">
-          <div class="stage-num" style="color:var(--amber)">Stage 3</div>
-          <div class="stage-title">Generate Docs</div>
-          <div class="stage-desc">Regenerate searchable documents for changed entities</div>
-          <div class="stage-detail">Driven by <code>dirty_sources</code> table.<br>Triple-hash skip optimization.<br>FTS5 index auto-updated.</div>
-        </div>
-        <div class="overview-arrow">&rarr;</div>
-        <div class="overview-stage" onclick="switchView('embed')">
-          <div class="stage-num" style="color:var(--pink)">Stage 4</div>
-          <div class="stage-title">Embed</div>
-          <div class="stage-desc">Generate vector embeddings via Ollama for semantic search</div>
-          <div class="stage-detail">Hash-based change detection.<br>Chunked, batched API calls.<br><b>Non-fatal</b> &mdash; graceful if Ollama down.</div>
-        </div>
-      </div>
-      <div class="info-box">
-        <div class="info-box-title">Concurrency Model</div>
-        <ul>
-          <li>Stages 1 &amp; 2 process <b>projects concurrently</b> via <code>buffer_unordered(primary_concurrency)</code></li>
-          <li>Each project gets its own <b>SQLite connection</b>; rate limiter is <b>shared</b></li>
-          <li>Discussions: <b>sequential</b> (issues) or <b>batched parallel prefetch</b> (MRs)</li>
-          <li>Resource events use a <b>persistent job queue</b> with atomic claim + exponential backoff</li>
-        </ul>
-      </div>
-      <div class="info-box">
-        <div class="info-box-title">Sync Flags</div>
-        <ul>
-          <li><code>--full</code> &mdash; Resets all cursors &amp; watermarks, forces complete re-fetch</li>
-          <li><code>--no-docs</code> &mdash; Skips Stage 3 (document generation)</li>
-          <li><code>--no-embed</code> &mdash; Skips Stage 4 (embedding generation)</li>
-          <li><code>--force</code> &mdash; Overrides stale single-flight lock</li>
-          <li><code>--project &lt;path&gt;</code> &mdash; Sync only one project (fuzzy matching)</li>
-        </ul>
-      </div>
-      <div class="info-box">
-        <div class="info-box-title">Single-Flight Lock</div>
-        <ul>
-          <li>Table-based lock (<code>AppLock</code>) prevents concurrent syncs</li>
-          <li>Heartbeat keeps the lock alive; stale locks auto-detected</li>
-          <li>Use <code>--force</code> to override a stale lock</li>
-        </ul>
-      </div>
-    </div>
-
-    <!-- ISSUES -->
-    <div class="flow-container" id="view-issues">
-      <div class="legend">
-        <div class="legend-item"><div class="legend-color" style="background:var(--cyan)"></div>API Call</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--purple)"></div>Transform</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--green)"></div>Database</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--amber)"></div>Decision</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--red)"></div>Error Path</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--pink)"></div>Queue</div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--cyan-dim);color:var(--cyan)">1</div>
-          <div class="phase-title">Fetch Issues <span class="phase-subtitle">Cursor-Based Incremental Sync</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node api" data-detail="issue-api-call"><div class="node-title">GitLab API Call</div><div class="node-desc">paginate_issues() with<br>updated_after = cursor - rewind</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node decision" data-detail="issue-cursor-filter"><div class="node-title">Cursor Filter</div><div class="node-desc">updated_at &gt; cursor_ts<br>OR tie_breaker check</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node transform" data-detail="issue-transform"><div class="node-title">transform_issue()</div><div class="node-desc">GitLab API shape &rarr;<br>local DB row shape</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="issue-transaction"><div class="node-title">Transaction</div><div class="node-desc">store_payload &rarr; upsert &rarr;<br>mark_dirty &rarr; relink</div></div>
-        </div>
-        <div class="arrow-down">&darr;</div>
-        <div class="flow-row">
-          <div class="node db" data-detail="issue-cursor-update"><div class="node-title">Update Cursor</div><div class="node-desc">Every 100 issues + final<br>sync_cursors table</div></div>
-        </div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--green-dim);color:var(--green)">2</div>
-          <div class="phase-title">Discussion Sync <span class="phase-subtitle">Sequential, Watermark-Based</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node db" data-detail="issue-disc-query"><div class="node-title">Query Stale Issues</div><div class="node-desc">updated_at &gt; COALESCE(<br>discussions_synced_for_<br>updated_at, 0)</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node api" data-detail="issue-disc-fetch"><div class="node-title">Paginate Discussions</div><div class="node-desc">Sequential per issue<br>paginate_issue_discussions()</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node transform" data-detail="issue-disc-transform"><div class="node-title">Transform</div><div class="node-desc">transform_discussion()<br>transform_notes()</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="issue-disc-write"><div class="node-title">Write Discussion</div><div class="node-desc">store_payload &rarr; upsert<br>DELETE notes &rarr; INSERT notes</div></div>
-        </div>
-        <div class="branch-container">
-          <div class="branch-label success">&#10003; On Success (all pages fetched)</div>
-          <div class="branch-row">
-            <div class="node db" data-detail="issue-disc-stale"><div class="node-title">Remove Stale</div><div class="node-desc">DELETE discussions not<br>seen in this fetch</div></div>
-            <div class="arrow">&rarr;</div>
-            <div class="node db" data-detail="issue-disc-watermark"><div class="node-title">Advance Watermark</div><div class="node-desc">discussions_synced_for_<br>updated_at = updated_at</div></div>
-          </div>
-          <div class="branch-label error">&#10007; On Pagination Error</div>
-          <div class="branch-row">
-            <div class="node error" data-detail="issue-disc-fail"><div class="node-title">Skip Stale Removal</div><div class="node-desc">Watermark NOT advanced<br>Will retry next sync</div></div>
-          </div>
-        </div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:rgba(247,120,186,0.15);color:var(--pink)">3</div>
-          <div class="phase-title">Resource Events <span class="phase-subtitle">Queue-Based, Concurrent Fetch</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node queue" data-detail="re-cleanup"><div class="node-title">Cleanup Obsolete</div><div class="node-desc">DELETE jobs where entity<br>watermark is current</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node queue" data-detail="re-enqueue"><div class="node-title">Enqueue Jobs</div><div class="node-desc">INSERT for entities where<br>updated_at &gt; watermark</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node queue" data-detail="re-claim"><div class="node-title">Claim Jobs</div><div class="node-desc">Atomic UPDATE...RETURNING<br>with lock acquisition</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node api" data-detail="re-fetch"><div class="node-title">Fetch Events</div><div class="node-desc">3 concurrent: state +<br>label + milestone</div></div>
-        </div>
-        <div class="branch-container">
-          <div class="branch-label success">&#10003; On Success</div>
-          <div class="branch-row">
-            <div class="node db" data-detail="re-store"><div class="node-title">Store Events</div><div class="node-desc">Transaction: upsert all<br>3 event types</div></div>
-            <div class="arrow">&rarr;</div>
-            <div class="node db" data-detail="re-complete"><div class="node-title">Complete + Watermark</div><div class="node-desc">DELETE job row<br>Advance watermark</div></div>
-          </div>
-          <div class="branch-label error">&#10007; Permanent Error (404 / 403)</div>
-          <div class="branch-row">
-            <div class="node error" data-detail="re-permanent"><div class="node-title">Skip Permanently</div><div class="node-desc">complete_job + advance<br>watermark (coalesced)</div></div>
-          </div>
-          <div class="branch-label retry">&#8635; Transient Error</div>
-          <div class="branch-row">
-            <div class="node error" data-detail="re-transient"><div class="node-title">Backoff Retry</div><div class="node-desc">fail_job: 30s x 2^(n-1)<br>capped at 480s</div></div>
-          </div>
-        </div>
-      </div>
-    </div>
-
-    <!-- MERGE REQUESTS -->
-    <div class="flow-container" id="view-mrs">
-      <div class="legend">
-        <div class="legend-item"><div class="legend-color" style="background:var(--cyan)"></div>API Call</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--purple)"></div>Transform</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--green)"></div>Database</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--amber)"></div>Diff from Issues</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--red)"></div>Error Path</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--pink)"></div>Queue</div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--cyan-dim);color:var(--cyan)">1</div>
-          <div class="phase-title">Fetch MRs <span class="phase-subtitle">Page-Based Incremental Sync</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node api" data-detail="mr-api-call"><div class="node-title">GitLab API Call</div><div class="node-desc">fetch_merge_requests_page()<br>with cursor rewind</div><div class="diff-badge changed">Page-based, not streaming</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node decision" data-detail="mr-cursor-filter"><div class="node-title">Cursor Filter</div><div class="node-desc">Same logic as issues:<br>timestamp + tie-breaker</div><div class="diff-badge same">Same as issues</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node transform" data-detail="mr-transform"><div class="node-title">transform_merge_request()</div><div class="node-desc">Maps API shape &rarr;<br>local DB row</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="mr-transaction"><div class="node-title">Transaction</div><div class="node-desc">store &rarr; upsert &rarr; dirty &rarr;<br>labels + assignees + reviewers</div><div class="diff-badge changed">3 junction tables (not 2)</div></div>
-        </div>
-        <div class="arrow-down">&darr;</div>
-        <div class="flow-row">
-          <div class="node db" data-detail="mr-cursor-update"><div class="node-title">Update Cursor</div><div class="node-desc">Per page (not every 100)</div><div class="diff-badge changed">Per page boundary</div></div>
-        </div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--green-dim);color:var(--green)">2</div>
-          <div class="phase-title">MR Discussion Sync <span class="phase-subtitle">Parallel Prefetch + Serial Write</span></div>
-        </div>
-        <div class="info-box" style="margin-left:40px;margin-bottom:16px;">
-          <div class="info-box-title">Key Differences from Issue Discussions</div>
-          <ul>
-            <li><b>Parallel prefetch</b> &mdash; fetches all discussions for a batch concurrently via <code>join_all()</code></li>
-            <li><b>Upsert pattern</b> &mdash; notes use INSERT...ON CONFLICT (not delete-all + re-insert)</li>
-            <li><b>Sweep stale</b> &mdash; uses <code>last_seen_at</code> timestamp comparison (not set difference)</li>
-            <li><b>Sync health tracking</b> &mdash; records <code>discussions_sync_attempts</code> and <code>last_error</code></li>
-          </ul>
-        </div>
-        <div class="flow-row">
-          <div class="node db" data-detail="mr-disc-query"><div class="node-title">Query Stale MRs</div><div class="node-desc">updated_at &gt; COALESCE(<br>discussions_synced_for_<br>updated_at, 0)</div><div class="diff-badge same">Same watermark logic</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node decision" data-detail="mr-disc-batch"><div class="node-title">Batch by Concurrency</div><div class="node-desc">dependent_concurrency<br>MRs per batch</div><div class="diff-badge changed">Batched processing</div></div>
-        </div>
-        <div class="arrow-down">&darr;</div>
-        <div class="flow-row">
-          <div class="node api" data-detail="mr-disc-prefetch"><div class="node-title">Parallel Prefetch</div><div class="node-desc">join_all() fetches all<br>discussions for batch</div><div class="diff-badge changed">Parallel (not sequential)</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node transform" data-detail="mr-disc-transform"><div class="node-title">Transform In-Memory</div><div class="node-desc">transform_mr_discussion()<br>+ diff position notes</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="mr-disc-write"><div class="node-title">Serial Write</div><div class="node-desc">upsert discussion<br>upsert notes (ON CONFLICT)</div><div class="diff-badge changed">Upsert, not delete+insert</div></div>
-        </div>
-        <div class="branch-container">
-          <div class="branch-label success">&#10003; On Full Success</div>
-          <div class="branch-row">
-            <div class="node db" data-detail="mr-disc-sweep"><div class="node-title">Sweep Stale</div><div class="node-desc">DELETE WHERE last_seen_at<br>&lt; run_seen_at (disc + notes)</div><div class="diff-badge changed">last_seen_at sweep</div></div>
-            <div class="arrow">&rarr;</div>
-            <div class="node db" data-detail="mr-disc-watermark"><div class="node-title">Advance Watermark</div><div class="node-desc">discussions_synced_for_<br>updated_at = updated_at</div></div>
-          </div>
-          <div class="branch-label error">&#10007; On Failure</div>
-          <div class="branch-row">
-            <div class="node error" data-detail="mr-disc-fail"><div class="node-title">Record Sync Health</div><div class="node-desc">Watermark NOT advanced<br>Tracks attempts + last_error</div><div class="diff-badge changed">Health tracking</div></div>
-          </div>
-        </div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:rgba(247,120,186,0.15);color:var(--pink)">3</div>
-          <div class="phase-title">Resource Events <span class="phase-subtitle">Same as Issues</span></div>
-        </div>
-        <div class="info-box" style="margin-left:40px">
-          <div class="info-box-title">Identical to Issue Resource Events</div>
-          <ul>
-            <li>Same queue-based approach: cleanup &rarr; enqueue &rarr; claim &rarr; fetch &rarr; store/fail</li>
-            <li>Same watermark column: <code>resource_events_synced_for_updated_at</code></li>
-            <li>Same error handling: 404/403 coalesced to empty, transient errors get backoff</li>
-            <li>entity_type = <code>"merge_request"</code> instead of <code>"issue"</code></li>
-          </ul>
-        </div>
-      </div>
-    </div>
-
-    <!-- DOCUMENTS -->
-    <div class="flow-container" id="view-docs">
-      <div class="legend">
-        <div class="legend-item"><div class="legend-color" style="background:var(--cyan)"></div>Trigger</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--purple)"></div>Extract</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--green)"></div>Database</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--amber)"></div>Decision</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--red)"></div>Error</div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--cyan-dim);color:var(--cyan)">1</div>
-          <div class="phase-title">Dirty Source Queue <span class="phase-subtitle">Populated During Ingestion</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node api" data-detail="doc-trigger"><div class="node-title">mark_dirty_tx()</div><div class="node-desc">Called during every issue/<br>MR/discussion upsert</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="doc-dirty-table"><div class="node-title">dirty_sources Table</div><div class="node-desc">INSERT (source_type, source_id)<br>ON CONFLICT reset backoff</div></div>
-        </div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--amber-dim);color:var(--amber)">2</div>
-          <div class="phase-title">Drain Loop <span class="phase-subtitle">Batch 500, Respects Backoff</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node db" data-detail="doc-drain"><div class="node-title">Get Dirty Sources</div><div class="node-desc">Batch 500, ORDER BY<br>attempt_count, queued_at</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node decision" data-detail="doc-dispatch"><div class="node-title">Dispatch by Type</div><div class="node-desc">issue / mr / discussion<br>&rarr; extract function</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node decision" data-detail="doc-deleted-check"><div class="node-title">Source Exists?</div><div class="node-desc">If deleted: remove doc row<br>(cascade cleans FTS + embeds)</div></div>
-        </div>
-        <div class="arrow-down">&darr;</div>
-        <div class="flow-row">
-          <div class="node transform" data-detail="doc-extract"><div class="node-title">Extract Content</div><div class="node-desc">Structured text:<br>header + metadata + body</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node decision" data-detail="doc-triple-hash"><div class="node-title">Triple-Hash Check</div><div class="node-desc">content_hash + labels_hash<br>+ paths_hash all match?</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="doc-write"><div class="node-title">SAVEPOINT Write</div><div class="node-desc">Atomic: document row +<br>labels + paths</div></div>
-        </div>
-        <div class="branch-container">
-          <div class="branch-label success">&#10003; On Success</div>
-          <div class="branch-row">
-            <div class="node db" data-detail="doc-clear"><div class="node-title">clear_dirty()</div><div class="node-desc">Remove from dirty_sources</div></div>
-          </div>
-          <div class="branch-label error">&#10007; On Error</div>
-          <div class="branch-row">
-            <div class="node error" data-detail="doc-error"><div class="node-title">record_dirty_error()</div><div class="node-desc">Increment attempt_count<br>Exponential backoff</div></div>
-          </div>
-          <div class="branch-label" style="color:var(--purple)">&#8801; Triple-Hash Match (skip)</div>
-          <div class="branch-row">
-            <div class="node db" data-detail="doc-skip"><div class="node-title">Skip Write</div><div class="node-desc">All 3 hashes match &rarr;<br>no WAL churn, clear dirty</div></div>
-          </div>
-        </div>
-      </div>
-      <div class="info-box">
-        <div class="info-box-title">Full Mode (<code>--full</code>)</div>
-        <ul>
-          <li>Seeds <b>ALL</b> entities into <code>dirty_sources</code> via keyset pagination</li>
-          <li>Triple-hash optimization prevents redundant writes even in full mode</li>
-          <li>Runs FTS <code>OPTIMIZE</code> after drain completes</li>
-        </ul>
-      </div>
-    </div>
-
-    <!-- EMBEDDINGS -->
-    <div class="flow-container" id="view-embed">
-      <div class="legend">
-        <div class="legend-item"><div class="legend-color" style="background:var(--cyan)"></div>API (Ollama)</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--purple)"></div>Processing</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--green)"></div>Database</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--amber)"></div>Decision</div>
-        <div class="legend-item"><div class="legend-color" style="background:var(--red)"></div>Error</div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--amber-dim);color:var(--amber)">1</div>
-          <div class="phase-title">Change Detection <span class="phase-subtitle">Hash + Config Drift</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node decision" data-detail="embed-detect"><div class="node-title">find_pending_documents()</div><div class="node-desc">No metadata row? OR<br>document_hash mismatch? OR<br>config drift?</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="embed-paginate"><div class="node-title">Keyset Pagination</div><div class="node-desc">500 documents per page<br>ordered by doc ID</div></div>
-        </div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--purple-dim);color:var(--purple)">2</div>
-          <div class="phase-title">Chunking <span class="phase-subtitle">Split + Overflow Guard</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node transform" data-detail="embed-chunk"><div class="node-title">split_into_chunks()</div><div class="node-desc">Split by paragraph boundaries<br>with configurable overlap</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node decision" data-detail="embed-overflow"><div class="node-title">Overflow Guard</div><div class="node-desc">Too many chunks?<br>Skip to prevent rowid collision</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node transform" data-detail="embed-work"><div class="node-title">Build ChunkWork</div><div class="node-desc">Assign encoded chunk IDs<br>per document</div></div>
-        </div>
-      </div>
-      <div class="phase">
-        <div class="phase-header">
-          <div class="phase-number" style="background:var(--cyan-dim);color:var(--cyan)">3</div>
-          <div class="phase-title">Ollama Embedding <span class="phase-subtitle">Batched API Calls</span></div>
-        </div>
-        <div class="flow-row">
-          <div class="node api" data-detail="embed-batch"><div class="node-title">Batch Embed</div><div class="node-desc">32 chunks per Ollama<br>API call</div></div>
-          <div class="arrow">&rarr;</div>
-          <div class="node db" data-detail="embed-store"><div class="node-title">Store Vectors</div><div class="node-desc">sqlite-vec embeddings table<br>+ embedding_metadata</div></div>
-        </div>
-        <div class="branch-container">
-          <div class="branch-label success">&#10003; On Success</div>
-          <div class="branch-row">
-            <div class="node db" data-detail="embed-success"><div class="node-title">SAVEPOINT Commit</div><div class="node-desc">Atomic per page:<br>clear old + write new</div></div>
-          </div>
-          <div class="branch-label retry">&#8635; Context-Length Error</div>
-          <div class="branch-row">
-            <div class="node error" data-detail="embed-ctx-error"><div class="node-title">Retry Individually</div><div class="node-desc">Re-embed each chunk solo<br>to isolate oversized one</div></div>
-          </div>
-          <div class="branch-label error">&#10007; Other Error</div>
-          <div class="branch-row">
-            <div class="node error" data-detail="embed-other-error"><div class="node-title">Record Error</div><div class="node-desc">Store in embedding_metadata<br>for retry next run</div></div>
-          </div>
-        </div>
-      </div>
-      <div class="info-box">
-        <div class="info-box-title">Full Mode (<code>--full</code>)</div>
-        <ul>
-          <li>DELETEs all <code>embedding_metadata</code> and <code>embeddings</code> rows first</li>
-          <li>Every document re-processed from scratch</li>
-        </ul>
-      </div>
-      <div class="info-box">
-        <div class="info-box-title">Non-Fatal in Sync</div>
-        <ul>
-          <li>Stage 4 failures (Ollama down, model missing) are <b>graceful</b></li>
-          <li>Sync completes successfully; embeddings just won't be updated</li>
-          <li>Semantic search degrades to FTS-only mode</li>
-        </ul>
-      </div>
-    </div>
-
-  </div></div>
-
-  <!-- Watermark Panel -->
-  <div class="watermark-panel">
-    <div class="watermark-toggle" onclick="toggleWatermarks()">
-      <span class="chevron" id="wm-chevron">&#9650;</span>
-      Watermark &amp; Cursor Reference
-    </div>
-    <div class="watermark-content" id="wm-content">
-      <table class="wm-table">
-        <thead><tr><th>Table</th><th>Column(s)</th><th>Purpose</th></tr></thead>
-        <tbody>
-          <tr><td>sync_cursors</td><td>updated_at_cursor + tie_breaker_id</td><td>Incremental fetch: "last entity we saw" per project+type</td></tr>
-          <tr><td>issues</td><td>discussions_synced_for_updated_at</td><td>Per-issue discussion watermark</td></tr>
-          <tr><td>issues</td><td>resource_events_synced_for_updated_at</td><td>Per-issue resource event watermark</td></tr>
-          <tr><td>merge_requests</td><td>discussions_synced_for_updated_at</td><td>Per-MR discussion watermark</td></tr>
-          <tr><td>merge_requests</td><td>resource_events_synced_for_updated_at</td><td>Per-MR resource event watermark</td></tr>
-          <tr><td>dirty_sources</td><td>queued_at + next_attempt_at</td><td>Document regeneration queue with backoff</td></tr>
-          <tr><td>embedding_metadata</td><td>document_hash + chunk_max_bytes + model + dims</td><td>Embedding staleness detection</td></tr>
-          <tr><td>pending_dependent_fetches</td><td>locked_at + next_retry_at + attempts</td><td>Resource event job queue with backoff</td></tr>
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>
-
-<!-- Detail Panel -->
-<div class="detail-panel" id="detail-panel">
-  <div class="detail-header">
-    <h2 id="detail-title">Node Details</h2>
-    <button class="detail-close" onclick="closeDetail()">&times;</button>
-  </div>
-  <div class="detail-body" id="detail-body"></div>
-</div>
-
-<script>
-const viewTitles = {
-  overview: 'Full Sync Overview', issues: 'Issue Ingestion Flow',
-  mrs: 'Merge Request Ingestion Flow', docs: 'Document Generation Flow',
-  embed: 'Embedding Generation Flow',
-};
-const viewBadges = {
-  overview: '4 stages', issues: '3 phases', mrs: '3 phases',
-  docs: '2 phases', embed: '3 phases',
-};
-
-function switchView(view) {
-  document.querySelectorAll('.flow-container').forEach(function(el) { el.classList.remove('active'); });
-  document.getElementById('view-' + view).classList.add('active');
-  document.querySelectorAll('.nav-item').forEach(function(el) {
-    el.classList.toggle('active', el.dataset.view === view);
-  });
-  document.getElementById('view-title').textContent = viewTitles[view];
-  document.getElementById('view-badge').textContent = viewBadges[view];
-  closeDetail();
-}
-
-function toggleWatermarks() {
-  document.getElementById('wm-content').classList.toggle('open');
-  document.getElementById('wm-chevron').classList.toggle('open');
-}
-
-var details = {
-  'issue-api-call': { title: 'GitLab API: Paginate Issues', type: 'api', file: 'src/ingestion/issues.rs:51-140', desc: 'Streams issues from the GitLab API using cursor-based incremental sync. The API is called with updated_after set to the last known cursor minus a configurable rewind window (to handle clock skew between GitLab and the local database).', sql: 'GET /api/v4/projects/{id}/issues\n  ?updated_after={cursor - rewind_seconds}\n  &order_by=updated_at&sort=asc\n  &per_page=100' },
-  'issue-cursor-filter': { title: 'Cursor Filter (Dedup)', type: 'decision', file: 'src/ingestion/issues.rs:95-110', desc: 'Because of the cursor rewind, some issues will be re-fetched that we already have. The cursor filter skips these using a two-part comparison: primary on updated_at timestamp, with gitlab_id as a tie-breaker when timestamps are equal.', sql: '// Pseudocode:\nif issue.updated_at > cursor_ts:\n    ACCEPT  // newer than cursor\nelif issue.updated_at == cursor_ts\n     AND issue.gitlab_id > tie_breaker_id:\n    ACCEPT  // same timestamp, higher ID\nelse:\n    SKIP    // already processed' },
-  'issue-transform': { title: 'Transform Issue', type: 'transform', file: 'src/gitlab/transformers/issue.rs', desc: 'Maps the GitLab API response shape to the local database row shape. Parses ISO 8601 timestamps to milliseconds-since-epoch, extracts label names, assignee usernames, milestone info, and due dates.' },
-  'issue-transaction': { title: 'Issue Write Transaction', type: 'db', file: 'src/ingestion/issues.rs:190-220', desc: 'All operations for a single issue are wrapped in one SQLite transaction for atomicity. If any step fails, the entire issue write is rolled back.', sql: 'BEGIN;\n-- 1. Store raw JSON payload (compressed, deduped)\nINSERT INTO payloads ...;\n-- 2. Upsert issue row\nINSERT INTO issues ... ON CONFLICT(gitlab_id)\n  DO UPDATE SET ...;\n-- 3. Mark dirty for document regen\nINSERT INTO dirty_sources ...;\n-- 4. Relink labels\nDELETE FROM issue_labels WHERE issue_id = ?;\nINSERT INTO labels ... ON CONFLICT DO UPDATE;\nINSERT INTO issue_labels ...;\n-- 5. Relink assignees\nDELETE FROM issue_assignees WHERE issue_id = ?;\nINSERT INTO issue_assignees ...;\nCOMMIT;' },
-  'issue-cursor-update': { title: 'Update Sync Cursor', type: 'db', file: 'src/ingestion/issues.rs:130-140', desc: 'The sync cursor is updated every 100 issues (for crash recovery) and once at the end of the stream. If the process crashes mid-sync, it resumes from at most 100 issues back.', sql: 'INSERT INTO sync_cursors\n  (project_id, resource_type,\n   updated_at_cursor, tie_breaker_id)\nVALUES (?1, \'issues\', ?2, ?3)\nON CONFLICT(project_id, resource_type)\n  DO UPDATE SET\n    updated_at_cursor = ?2,\n    tie_breaker_id = ?3;' },
-  'issue-disc-query': { title: 'Query Issues Needing Discussion Sync', type: 'db', file: 'src/ingestion/issues.rs:450-471', desc: 'Finds all issues in this project whose updated_at timestamp exceeds their per-row discussion watermark. Issues that have not changed since their last discussion sync are skipped entirely.', sql: 'SELECT id, iid, updated_at\nFROM issues\nWHERE project_id = ?1\n  AND updated_at > COALESCE(\n    discussions_synced_for_updated_at, 0\n  );' },
-  'issue-disc-fetch': { title: 'Paginate Issue Discussions', type: 'api', file: 'src/ingestion/discussions.rs:73-205', desc: 'Discussions are fetched sequentially per issue (rusqlite Connection is not Send, so async parallelism is not possible here). Each issue\'s discussions are streamed page by page from the GitLab API.', sql: 'GET /api/v4/projects/{id}/issues/{iid}\n    /discussions?per_page=100' },
-  'issue-disc-transform': { title: 'Transform Discussion + Notes', type: 'transform', file: 'src/gitlab/transformers/discussion.rs', desc: 'Transforms the raw GitLab discussion payload into normalized rows. Sets NoteableRef::Issue. Computes resolvable/resolved status, first_note_at/last_note_at timestamps, and per-note position indices.' },
-  'issue-disc-write': { title: 'Write Discussion (Full Refresh)', type: 'db', file: 'src/ingestion/discussions.rs:140-180', desc: 'Issue discussions use a full-refresh pattern: all existing notes for a discussion are deleted and re-inserted. This is simpler than upsert but means partial failures lose the previous state.', sql: 'BEGIN;\nINSERT INTO payloads ...;\nINSERT INTO discussions ... ON CONFLICT DO UPDATE;\nINSERT INTO dirty_sources ...;\n-- Full refresh: delete all then re-insert\nDELETE FROM notes WHERE discussion_id = ?;\nINSERT INTO notes VALUES (...);\nCOMMIT;' },
-  'issue-disc-stale': { title: 'Remove Stale Discussions', type: 'db', file: 'src/ingestion/discussions.rs:185-195', desc: 'After successfully fetching ALL discussion pages for an issue, any discussions in the DB that were not seen in this fetch are deleted. Uses a temp table for >500 IDs to avoid SQLite\'s 999-variable limit.', sql: '-- For small sets (<= 500):\nDELETE FROM discussions\nWHERE issue_id = ?\n  AND gitlab_id NOT IN (...);\n\n-- For large sets (> 500):\nCREATE TEMP TABLE seen_ids(id TEXT);\nINSERT INTO seen_ids ...;\nDELETE FROM discussions\nWHERE issue_id = ?\n  AND gitlab_id NOT IN\n    (SELECT id FROM seen_ids);\nDROP TABLE seen_ids;' },
-  'issue-disc-watermark': { title: 'Advance Discussion Watermark', type: 'db', file: 'src/ingestion/discussions.rs:198', desc: 'Sets the per-issue watermark to the issue\'s current updated_at, signaling that discussions are now synced for this version of the issue.', sql: 'UPDATE issues\nSET discussions_synced_for_updated_at\n    = updated_at\nWHERE id = ?;' },
-  'issue-disc-fail': { title: 'Pagination Error Handling', type: 'error', file: 'src/ingestion/discussions.rs:182', desc: 'If pagination fails mid-stream, stale discussion removal is skipped (we don\'t know the full set) and the watermark is NOT advanced. The issue will be retried on the next sync run.' },
-  're-cleanup': { title: 'Cleanup Obsolete Jobs', type: 'queue', file: 'src/ingestion/orchestrator.rs:490-520', desc: 'Before enqueuing new jobs, delete any existing jobs for entities whose watermark is already current. These are leftover from a previous run.', sql: 'DELETE FROM pending_dependent_fetches\nWHERE project_id = ?\n  AND job_type = \'resource_events\'\n  AND entity_local_id IN (\n    SELECT id FROM issues\n    WHERE project_id = ?\n      AND updated_at <= COALESCE(\n        resource_events_synced_for_updated_at, 0\n      )\n  );' },
-  're-enqueue': { title: 'Enqueue Resource Event Jobs', type: 'queue', file: 'src/ingestion/orchestrator.rs:525-555', desc: 'For each entity whose updated_at exceeds its resource event watermark, insert a job into the queue. Uses INSERT OR IGNORE for idempotency.', sql: 'INSERT OR IGNORE INTO pending_dependent_fetches\n  (project_id, entity_type, entity_iid,\n   entity_local_id, job_type, enqueued_at)\nSELECT project_id, \'issue\', iid, id,\n       \'resource_events\', ?now\nFROM issues\nWHERE project_id = ?\n  AND updated_at > COALESCE(\n    resource_events_synced_for_updated_at, 0\n  );' },
-  're-claim': { title: 'Claim Jobs (Atomic Lock)', type: 'queue', file: 'src/core/dependent_queue.rs', desc: 'Atomically claims a batch of unlocked jobs whose backoff period has elapsed. Uses UPDATE...RETURNING for lock acquisition in a single statement.', sql: 'UPDATE pending_dependent_fetches\nSET locked_at = ?now\nWHERE rowid IN (\n  SELECT rowid\n  FROM pending_dependent_fetches\n  WHERE project_id = ?\n    AND job_type = \'resource_events\'\n    AND locked_at IS NULL\n    AND (next_retry_at IS NULL\n         OR next_retry_at <= ?now)\n  ORDER BY enqueued_at ASC\n  LIMIT ?batch_size\n)\nRETURNING *;' },
-  're-fetch': { title: 'Fetch 3 Event Types Concurrently', type: 'api', file: 'src/gitlab/client.rs:732-771', desc: 'Uses tokio::join! (not try_join!) to fetch state, label, and milestone events concurrently. Permanent errors (404, 403) are coalesced to empty vecs via coalesce_inaccessible().', sql: 'tokio::join!(\n  fetch_issue_state_events(proj, iid),\n  fetch_issue_label_events(proj, iid),\n  fetch_issue_milestone_events(proj, iid),\n)\n// Each: coalesce_inaccessible()\n// 404/403 -> Ok(vec![])\n// Other errors -> propagated' },
-  're-store': { title: 'Store Resource Events', type: 'db', file: 'src/ingestion/orchestrator.rs:620-640', desc: 'All three event types are upserted in a single transaction.', sql: 'BEGIN;\nINSERT INTO resource_state_events ...\n  ON CONFLICT DO UPDATE;\nINSERT INTO resource_label_events ...\n  ON CONFLICT DO UPDATE;\nINSERT INTO resource_milestone_events ...\n  ON CONFLICT DO UPDATE;\nCOMMIT;' },
-  're-complete': { title: 'Complete Job + Advance Watermark', type: 'db', file: 'src/ingestion/orchestrator.rs:645-660', desc: 'After successful storage, the job row is deleted and the entity\'s watermark is advanced.', sql: 'DELETE FROM pending_dependent_fetches\n  WHERE rowid = ?;\n\nUPDATE issues\nSET resource_events_synced_for_updated_at\n    = updated_at\nWHERE id = ?;' },
-  're-permanent': { title: 'Permanent Error: Skip Entity', type: 'error', file: 'src/ingestion/orchestrator.rs:665-680', desc: '404 (endpoint doesn\'t exist) and 403 (insufficient permissions) are permanent. The job is completed and watermark advanced, so this entity is permanently skipped until next updated on GitLab.' },
-  're-transient': { title: 'Transient Error: Exponential Backoff', type: 'error', file: 'src/core/dependent_queue.rs', desc: 'Network errors, 500s, rate limits get exponential backoff. Formula: 30s * 2^(attempts-1), capped at 480s (8 minutes).', sql: 'UPDATE pending_dependent_fetches\nSET locked_at = NULL,\n    attempts = attempts + 1,\n    next_retry_at = ?now\n      + 30000 * pow(2, attempts),\n    -- capped at 480000ms (8 min)\n    last_error = ?error_msg\nWHERE rowid = ?;' },
-  'mr-api-call': { title: 'GitLab API: Fetch MR Pages', type: 'api', file: 'src/ingestion/merge_requests.rs:51-151', desc: 'Unlike issues which stream, MRs use explicit page-based pagination via fetch_merge_requests_page(). Each page returns items plus a next_page indicator.', sql: 'GET /api/v4/projects/{id}/merge_requests\n  ?updated_after={cursor - rewind}\n  &order_by=updated_at&sort=asc\n  &per_page=100&page={n}' },
-  'mr-cursor-filter': { title: 'Cursor Filter', type: 'decision', file: 'src/ingestion/merge_requests.rs:90-105', desc: 'Identical logic to issues: timestamp comparison with gitlab_id tie-breaker.' },
-  'mr-transform': { title: 'Transform Merge Request', type: 'transform', file: 'src/gitlab/transformers/mr.rs', desc: 'Maps GitLab MR response to local row. Handles draft detection (prefers draft field, falls back to work_in_progress), detailed_merge_status, merge_user resolution, and reviewer extraction.' },
-  'mr-transaction': { title: 'MR Write Transaction', type: 'db', file: 'src/ingestion/merge_requests.rs:170-210', desc: 'Same pattern as issues but with THREE junction tables: labels, assignees, AND reviewers.', sql: 'BEGIN;\nINSERT INTO payloads ...;\nINSERT INTO merge_requests ...\n  ON CONFLICT DO UPDATE;\nINSERT INTO dirty_sources ...;\n-- 3 junction tables:\nDELETE FROM mr_labels WHERE mr_id = ?;\nINSERT INTO mr_labels ...;\nDELETE FROM mr_assignees WHERE mr_id = ?;\nINSERT INTO mr_assignees ...;\nDELETE FROM mr_reviewers WHERE mr_id = ?;\nINSERT INTO mr_reviewers ...;\nCOMMIT;' },
-  'mr-cursor-update': { title: 'Update Cursor Per Page', type: 'db', file: 'src/ingestion/merge_requests.rs:140-150', desc: 'Unlike issues (every 100 items), MR cursor is updated at each page boundary for better crash recovery.' },
-  'mr-disc-query': { title: 'Query MRs Needing Discussion Sync', type: 'db', file: 'src/ingestion/merge_requests.rs:430-451', desc: 'Same watermark pattern as issues. Runs AFTER MR ingestion to avoid memory growth.', sql: 'SELECT id, iid, updated_at\nFROM merge_requests\nWHERE project_id = ?1\n  AND updated_at > COALESCE(\n    discussions_synced_for_updated_at, 0\n  );' },
-  'mr-disc-batch': { title: 'Batch by Concurrency', type: 'decision', file: 'src/ingestion/orchestrator.rs:420-465', desc: 'MRs are processed in batches sized by dependent_concurrency. Each batch first prefetches all discussions in parallel, then writes serially.' },
-  'mr-disc-prefetch': { title: 'Parallel Prefetch', type: 'api', file: 'src/ingestion/mr_discussions.rs:66-120', desc: 'All MRs in the batch have their discussions fetched concurrently via join_all(). Each MR\'s discussions are fetched in one call, transformed in memory, and returned as PrefetchedMrDiscussions.', sql: '// For each MR in batch, concurrently:\nGET /api/v4/projects/{id}/merge_requests\n    /{iid}/discussions?per_page=100\n\n// All fetched + transformed in memory\n// before any DB writes happen' },
-  'mr-disc-transform': { title: 'Transform MR Discussions', type: 'transform', file: 'src/ingestion/mr_discussions.rs:125-160', desc: 'Uses transform_mr_discussion() which additionally handles DiffNote positions (file paths, line ranges, SHA triplets).' },
-  'mr-disc-write': { title: 'Serial Write (Upsert Pattern)', type: 'db', file: 'src/ingestion/mr_discussions.rs:165-220', desc: 'Unlike issue discussions (delete-all + re-insert), MR discussions use INSERT...ON CONFLICT DO UPDATE for both discussions and notes. Safer for partial failures.', sql: 'BEGIN;\nINSERT INTO payloads ...;\nINSERT INTO discussions ...\n  ON CONFLICT DO UPDATE\n  SET ..., last_seen_at = ?run_ts;\nINSERT INTO dirty_sources ...;\n-- Upsert notes (not delete+insert):\nINSERT INTO notes ...\n  ON CONFLICT DO UPDATE\n  SET ..., last_seen_at = ?run_ts;\nCOMMIT;' },
-  'mr-disc-sweep': { title: 'Sweep Stale (last_seen_at)', type: 'db', file: 'src/ingestion/mr_discussions.rs:225-245', desc: 'Staleness detected via last_seen_at timestamps. Both discussions AND notes are swept independently.', sql: '-- Sweep stale discussions:\nDELETE FROM discussions\nWHERE merge_request_id = ?\n  AND last_seen_at < ?run_seen_at;\n\n-- Sweep stale notes:\nDELETE FROM notes\nWHERE discussion_id IN (\n  SELECT id FROM discussions\n  WHERE merge_request_id = ?\n) AND last_seen_at < ?run_seen_at;' },
-  'mr-disc-watermark': { title: 'Advance MR Discussion Watermark', type: 'db', file: 'src/ingestion/mr_discussions.rs:248', desc: 'Same as issues: stamps the per-MR watermark.', sql: 'UPDATE merge_requests\nSET discussions_synced_for_updated_at\n    = updated_at\nWHERE id = ?;' },
-  'mr-disc-fail': { title: 'Failure: Sync Health Tracking', type: 'error', file: 'src/ingestion/mr_discussions.rs:252-260', desc: 'Unlike issues, MR discussion failures are tracked: discussions_sync_attempts is incremented and discussions_sync_last_error is recorded. Watermark is NOT advanced.' },
-  'doc-trigger': { title: 'mark_dirty_tx()', type: 'api', file: 'src/ingestion/dirty_tracker.rs', desc: 'Called during every upsert in ingestion. Inserts into dirty_sources, or on conflict resets backoff. This bridges ingestion (stages 1-2) and document generation (stage 3).', sql: 'INSERT INTO dirty_sources\n  (source_type, source_id, queued_at)\nVALUES (?1, ?2, ?now)\nON CONFLICT(source_type, source_id)\n  DO UPDATE SET\n    queued_at = ?now,\n    attempt_count = 0,\n    next_attempt_at = NULL,\n    last_error = NULL;' },
-  'doc-dirty-table': { title: 'dirty_sources Table', type: 'db', file: 'src/ingestion/dirty_tracker.rs', desc: 'Persistent queue of entities needing document regeneration. Supports exponential backoff for failed extractions.' },
-  'doc-drain': { title: 'Get Dirty Sources (Batched)', type: 'db', file: 'src/documents/regenerator.rs:35-45', desc: 'Fetches up to 500 dirty entries per batch, prioritizing fewer attempts. Respects exponential backoff.', sql: 'SELECT source_type, source_id\nFROM dirty_sources\nWHERE next_attempt_at IS NULL\n   OR next_attempt_at <= ?now\nORDER BY attempt_count ASC,\n         queued_at ASC\nLIMIT 500;' },
-  'doc-dispatch': { title: 'Dispatch by Source Type', type: 'decision', file: 'src/documents/extractor.rs', desc: 'Routes to the appropriate extraction function: "issue" -> extract_issue_document(), "merge_request" -> extract_mr_document(), "discussion" -> extract_discussion_document().' },
-  'doc-deleted-check': { title: 'Source Exists Check', type: 'decision', file: 'src/documents/regenerator.rs:48-55', desc: 'If the source entity was deleted, the extractor returns None. The regenerator deletes the document row. FK cascades clean up FTS and embeddings.' },
-  'doc-extract': { title: 'Extract Structured Content', type: 'transform', file: 'src/documents/extractor.rs', desc: 'Builds searchable text:\n[[Issue]] #42: Title\nProject: group/repo\nURL: ...\nLabels: [bug, urgent]\nState: opened\n\n--- Description ---\n...\n\nDiscussions inherit parent labels and extract DiffNote file paths.' },
-  'doc-triple-hash': { title: 'Triple-Hash Write Optimization', type: 'decision', file: 'src/documents/regenerator.rs:55-62', desc: 'Checks content_hash + labels_hash + paths_hash against existing document. If ALL three match, write is completely skipped. Critical for --full mode performance.' },
-  'doc-write': { title: 'SAVEPOINT Atomic Write', type: 'db', file: 'src/documents/regenerator.rs:58-65', desc: 'Document, labels, and paths written inside a SAVEPOINT for atomicity.', sql: 'SAVEPOINT doc_write;\nINSERT INTO documents ...\n  ON CONFLICT DO UPDATE SET\n    content = ?, content_hash = ?,\n    labels_hash = ?, paths_hash = ?;\nDELETE FROM document_labels\n  WHERE doc_id = ?;\nINSERT INTO document_labels ...;\nDELETE FROM document_paths\n  WHERE doc_id = ?;\nINSERT INTO document_paths ...;\nRELEASE doc_write;' },
-  'doc-clear': { title: 'Clear Dirty Entry', type: 'db', file: 'src/ingestion/dirty_tracker.rs', desc: 'On success, the dirty_sources row is deleted.', sql: 'DELETE FROM dirty_sources\nWHERE source_type = ?\n  AND source_id = ?;' },
-  'doc-error': { title: 'Record Error + Backoff', type: 'error', file: 'src/ingestion/dirty_tracker.rs', desc: 'Increments attempt_count, sets next_attempt_at with exponential backoff. Entry stays for retry.', sql: 'UPDATE dirty_sources\nSET attempt_count = attempt_count + 1,\n    next_attempt_at = ?now\n      + compute_backoff(attempt_count),\n    last_error = ?error_msg\nWHERE source_type = ?\n  AND source_id = ?;' },
-  'doc-skip': { title: 'Skip Write (Hash Match)', type: 'db', file: 'src/documents/regenerator.rs:57', desc: 'When all three hashes match, the document has not actually changed. Common when updated_at changes but content/labels/paths remain the same. Dirty entry is cleared without writes.' },
-  'embed-detect': { title: 'Change Detection', type: 'decision', file: 'src/embedding/change_detector.rs', desc: 'Document needs re-embedding if: (1) No embedding_metadata row, (2) document_hash mismatch, (3) Config drift in chunk_max_bytes, model, or dims.', sql: 'SELECT d.id, d.content, d.content_hash\nFROM documents d\nLEFT JOIN embedding_metadata em\n  ON em.document_id = d.id\nWHERE em.document_id IS NULL\n   OR em.document_hash != d.content_hash\n   OR em.chunk_max_bytes != ?config\n   OR em.model != ?model\n   OR em.dims != ?dims;' },
-  'embed-paginate': { title: 'Keyset Pagination', type: 'db', file: 'src/embedding/pipeline.rs:80-100', desc: '500 documents per page using keyset pagination. Each page wrapped in a SAVEPOINT.' },
-  'embed-chunk': { title: 'Split Into Chunks', type: 'transform', file: 'src/embedding/chunking.rs', desc: 'Splits content at paragraph boundaries with configurable max size and overlap.' },
-  'embed-overflow': { title: 'Overflow Guard', type: 'decision', file: 'src/embedding/pipeline.rs:110-120', desc: 'If a document produces too many chunks, it is skipped to prevent rowid collisions in the encoded chunk ID scheme.' },
-  'embed-work': { title: 'Build ChunkWork Items', type: 'transform', file: 'src/embedding/pipeline.rs:125-140', desc: 'Each chunk gets an encoded ID (document_id * 1000000 + chunk_index) for the sqlite-vec primary key.' },
-  'embed-batch': { title: 'Batch Embed via Ollama', type: 'api', file: 'src/embedding/pipeline.rs:150-200', desc: 'Sends 32 chunks per Ollama API call. Model default: nomic-embed-text.', sql: 'POST http://localhost:11434/api/embed\n{\n  "model": "nomic-embed-text",\n  "input": ["chunk1...", "chunk2...", ...]\n}' },
-  'embed-store': { title: 'Store Vectors', type: 'db', file: 'src/embedding/pipeline.rs:205-230', desc: 'Vectors stored in sqlite-vec virtual table. Metadata in embedding_metadata. Old embeddings cleared on first successful chunk.', sql: '-- Clear old embeddings:\nDELETE FROM embeddings\n  WHERE rowid / 1000000 = ?doc_id;\n\n-- Insert new vector:\nINSERT INTO embeddings(rowid, embedding)\nVALUES (?chunk_id, ?vector_blob);\n\n-- Update metadata:\nINSERT INTO embedding_metadata ...\n  ON CONFLICT DO UPDATE SET\n    document_hash = ?,\n    chunk_max_bytes = ?,\n    model = ?, dims = ?;' },
-  'embed-success': { title: 'SAVEPOINT Commit', type: 'db', file: 'src/embedding/pipeline.rs:240-250', desc: 'Each page of 500 documents wrapped in a SAVEPOINT. Completed pages survive crashes.' },
-  'embed-ctx-error': { title: 'Context-Length Retry', type: 'error', file: 'src/embedding/pipeline.rs:260-280', desc: 'If Ollama returns context-length error for a batch, each chunk is retried individually to isolate the oversized one.' },
-  'embed-other-error': { title: 'Record Error for Retry', type: 'error', file: 'src/embedding/pipeline.rs:285-295', desc: 'Network/model errors recorded in embedding_metadata. Document detected as pending again on next run.' },
-};
-
-function escapeHtml(str) {
-  var div = document.createElement('div');
-  div.appendChild(document.createTextNode(str));
-  return div.textContent;
-}
-
-function buildDetailContent(d) {
-  var container = document.createDocumentFragment();
-
-  // Tags section
-  var tagSection = document.createElement('div');
-  tagSection.className = 'detail-section';
-  var typeTag = document.createElement('span');
-  typeTag.className = 'detail-tag type-' + d.type;
-  typeTag.textContent = d.type.toUpperCase();
-  tagSection.appendChild(typeTag);
-  if (d.file) {
-    var fileTag = document.createElement('span');
-    fileTag.className = 'detail-tag file';
-    fileTag.textContent = d.file;
-    tagSection.appendChild(fileTag);
-  }
-  container.appendChild(tagSection);
-
-  // Description
-  var descSection = document.createElement('div');
-  descSection.className = 'detail-section';
-  var descH3 = document.createElement('h3');
-  descH3.textContent = 'Description';
-  descSection.appendChild(descH3);
-  var descP = document.createElement('p');
-  descP.textContent = d.desc;
-  descSection.appendChild(descP);
-  container.appendChild(descSection);
-
-  // SQL
-  if (d.sql) {
-    var sqlSection = document.createElement('div');
-    sqlSection.className = 'detail-section';
-    var sqlH3 = document.createElement('h3');
-    sqlH3.textContent = 'Key Query / Code';
-    sqlSection.appendChild(sqlH3);
-    var sqlBlock = document.createElement('div');
-    sqlBlock.className = 'sql-block';
-    sqlBlock.textContent = d.sql;
-    sqlSection.appendChild(sqlBlock);
-    container.appendChild(sqlSection);
-  }
-
-  return container;
-}
-
-function showDetail(key) {
-  var d = details[key];
-  if (!d) return;
-  var panel = document.getElementById('detail-panel');
-  document.getElementById('detail-title').textContent = d.title;
-  var body = document.getElementById('detail-body');
-  while (body.firstChild) body.removeChild(body.firstChild);
-  body.appendChild(buildDetailContent(d));
-  document.querySelectorAll('.node.selected').forEach(function(n) { n.classList.remove('selected'); });
-  var clicked = document.querySelector('[data-detail="' + key + '"]');
-  if (clicked) clicked.classList.add('selected');
-  panel.classList.add('open');
-}
-
-function closeDetail() {
-  document.getElementById('detail-panel').classList.remove('open');
-  document.querySelectorAll('.node.selected').forEach(function(n) { n.classList.remove('selected'); });
-}
-
-document.addEventListener('click', function(e) {
-  var node = e.target.closest('.node[data-detail]');
-  if (node) { showDetail(node.dataset.detail); return; }
-  if (!e.target.closest('.detail-panel') && !e.target.closest('.node')) closeDetail();
-});
-document.addEventListener('keydown', function(e) { if (e.key === 'Escape') closeDetail(); });
-</script>
-</body>
-</html>

migrations/022_notes_query_index.sql

@@ -0,0 +1,24 @@
+-- Migration 022: Composite query indexes for notes + author_id column
+-- Optimizes author-scoped and project-scoped date-range queries on notes.
+-- Adds discussion JOIN indexes and immutable author identity column.
+
+-- Composite index for author-scoped queries (who command, notes --author)
+CREATE INDEX IF NOT EXISTS idx_notes_user_created
+ON notes(project_id, author_username COLLATE NOCASE, created_at DESC, id DESC)
+WHERE is_system = 0;
+
+-- Composite index for project-scoped date-range queries
+CREATE INDEX IF NOT EXISTS idx_notes_project_created
+ON notes(project_id, created_at DESC, id DESC)
+WHERE is_system = 0;
+
+-- Discussion JOIN indexes
+CREATE INDEX IF NOT EXISTS idx_discussions_issue_id ON discussions(issue_id);
+CREATE INDEX IF NOT EXISTS idx_discussions_mr_id ON discussions(merge_request_id);
+
+-- Immutable author identity column (GitLab numeric user ID)
+ALTER TABLE notes ADD COLUMN author_id INTEGER;
+CREATE INDEX IF NOT EXISTS idx_notes_author_id ON notes(author_id) WHERE author_id IS NOT NULL;
+
+INSERT INTO schema_version (version, applied_at, description)
+VALUES (22, strftime('%s', 'now') * 1000, '022_notes_query_index');

migrations/023_issue_detail_fields.sql

@@ -0,0 +1,5 @@
+ALTER TABLE issues ADD COLUMN closed_at TEXT;
+ALTER TABLE issues ADD COLUMN confidential INTEGER NOT NULL DEFAULT 0;
+
+INSERT INTO schema_version (version, applied_at, description)
+VALUES (23, strftime('%s', 'now') * 1000, 'Add closed_at and confidential to issues');

migrations/024_note_documents.sql

@@ -0,0 +1,156 @@
+-- Migration 024: Add 'note' source_type to documents and dirty_sources
+-- SQLite does not support ALTER CONSTRAINT, so we use the table-rebuild pattern.
+
+-- ============================================================
+-- 1. Rebuild dirty_sources with updated CHECK constraint
+-- ============================================================
+
+CREATE TABLE dirty_sources_new (
+  source_type TEXT NOT NULL CHECK (source_type IN ('issue','merge_request','discussion','note')),
+  source_id INTEGER NOT NULL,
+  queued_at INTEGER NOT NULL,
+  attempt_count INTEGER NOT NULL DEFAULT 0,
+  last_attempt_at INTEGER,
+  last_error TEXT,
+  next_attempt_at INTEGER,
+  PRIMARY KEY(source_type, source_id)
+);
+
+INSERT INTO dirty_sources_new SELECT * FROM dirty_sources;
+DROP TABLE dirty_sources;
+ALTER TABLE dirty_sources_new RENAME TO dirty_sources;
+CREATE INDEX idx_dirty_sources_next_attempt ON dirty_sources(next_attempt_at);
+
+-- ============================================================
+-- 2. Rebuild documents with updated CHECK constraint
+-- ============================================================
+
+-- 2a. Backup junction table data
+CREATE TEMP TABLE _doc_labels_backup AS SELECT * FROM document_labels;
+CREATE TEMP TABLE _doc_paths_backup AS SELECT * FROM document_paths;
+
+-- 2b. Drop all triggers that reference documents
+DROP TRIGGER IF EXISTS documents_ai;
+DROP TRIGGER IF EXISTS documents_ad;
+DROP TRIGGER IF EXISTS documents_au;
+DROP TRIGGER IF EXISTS documents_embeddings_ad;
+
+-- 2c. Drop junction tables (they have FK references to documents)
+DROP TABLE IF EXISTS document_labels;
+DROP TABLE IF EXISTS document_paths;
+
+-- 2d. Create new documents table with 'note' in CHECK constraint
+CREATE TABLE documents_new (
+  id INTEGER PRIMARY KEY,
+  source_type TEXT NOT NULL CHECK (source_type IN ('issue','merge_request','discussion','note')),
+  source_id INTEGER NOT NULL,
+  project_id INTEGER NOT NULL REFERENCES projects(id),
+  author_username TEXT,
+  label_names TEXT,
+  created_at INTEGER,
+  updated_at INTEGER,
+  url TEXT,
+  title TEXT,
+  content_text TEXT NOT NULL,
+  content_hash TEXT NOT NULL,
+  labels_hash TEXT NOT NULL DEFAULT '',
+  paths_hash TEXT NOT NULL DEFAULT '',
+  is_truncated INTEGER NOT NULL DEFAULT 0,
+  truncated_reason TEXT CHECK (
+    truncated_reason IN (
+      'token_limit_middle_drop','single_note_oversized','first_last_oversized',
+      'hard_cap_oversized'
+    )
+    OR truncated_reason IS NULL
+  ),
+  UNIQUE(source_type, source_id)
+);
+
+-- 2e. Copy all existing data
+INSERT INTO documents_new SELECT * FROM documents;
+
+-- 2f. Swap tables
+DROP TABLE documents;
+ALTER TABLE documents_new RENAME TO documents;
+
+-- 2g. Recreate all indexes on documents
+CREATE INDEX idx_documents_project_updated ON documents(project_id, updated_at);
+CREATE INDEX idx_documents_author ON documents(author_username);
+CREATE INDEX idx_documents_source ON documents(source_type, source_id);
+CREATE INDEX idx_documents_hash ON documents(content_hash);
+
+-- 2h. Recreate junction tables
+CREATE TABLE document_labels (
+  document_id INTEGER NOT NULL REFERENCES documents(id) ON DELETE CASCADE,
+  label_name TEXT NOT NULL,
+  PRIMARY KEY(document_id, label_name)
+) WITHOUT ROWID;
+CREATE INDEX idx_document_labels_label ON document_labels(label_name);
+
+CREATE TABLE document_paths (
+  document_id INTEGER NOT NULL REFERENCES documents(id) ON DELETE CASCADE,
+  path TEXT NOT NULL,
+  PRIMARY KEY(document_id, path)
+) WITHOUT ROWID;
+CREATE INDEX idx_document_paths_path ON document_paths(path);
+
+-- 2i. Restore junction table data from backups
+INSERT INTO document_labels SELECT * FROM _doc_labels_backup;
+INSERT INTO document_paths SELECT * FROM _doc_paths_backup;
+
+-- 2j. Recreate FTS triggers (from migration 008)
+CREATE TRIGGER documents_ai AFTER INSERT ON documents BEGIN
+  INSERT INTO documents_fts(rowid, title, content_text)
+  VALUES (new.id, COALESCE(new.title, ''), new.content_text);
+END;
+
+CREATE TRIGGER documents_ad AFTER DELETE ON documents BEGIN
+  INSERT INTO documents_fts(documents_fts, rowid, title, content_text)
+  VALUES('delete', old.id, COALESCE(old.title, ''), old.content_text);
+END;
+
+CREATE TRIGGER documents_au AFTER UPDATE ON documents
+WHEN old.title IS NOT new.title OR old.content_text != new.content_text
+BEGIN
+  INSERT INTO documents_fts(documents_fts, rowid, title, content_text)
+  VALUES('delete', old.id, COALESCE(old.title, ''), old.content_text);
+  INSERT INTO documents_fts(rowid, title, content_text)
+  VALUES (new.id, COALESCE(new.title, ''), new.content_text);
+END;
+
+-- 2k. Recreate embeddings cleanup trigger (from migration 009)
+CREATE TRIGGER documents_embeddings_ad AFTER DELETE ON documents BEGIN
+  DELETE FROM embeddings
+    WHERE rowid >= old.id * 1000
+      AND rowid < (old.id + 1) * 1000;
+END;
+
+-- 2l. Rebuild FTS index to ensure consistency after table swap
+INSERT INTO documents_fts(documents_fts) VALUES('rebuild');
+
+-- ============================================================
+-- 3. Defense triggers: clean up documents when notes are
+--    deleted or flipped to system notes
+-- ============================================================
+
+CREATE TRIGGER notes_ad_cleanup AFTER DELETE ON notes
+WHEN old.is_system = 0
+BEGIN
+  DELETE FROM documents WHERE source_type = 'note' AND source_id = old.id;
+END;
+
+CREATE TRIGGER notes_au_system_cleanup AFTER UPDATE OF is_system ON notes
+WHEN NEW.is_system = 1 AND OLD.is_system = 0
+BEGIN
+  DELETE FROM documents WHERE source_type = 'note' AND source_id = OLD.id;
+END;
+
+-- ============================================================
+-- 4. Drop temp backup tables
+-- ============================================================
+
+DROP TABLE IF EXISTS _doc_labels_backup;
+DROP TABLE IF EXISTS _doc_paths_backup;
+
+INSERT INTO schema_version (version, applied_at, description)
+VALUES (24, strftime('%s', 'now') * 1000, '024_note_documents');

migrations/025_note_dirty_backfill.sql

@@ -0,0 +1,11 @@
+-- Backfill existing non-system notes into dirty queue for document generation.
+-- Only seeds notes that don't already have documents and aren't already queued.
+INSERT INTO dirty_sources (source_type, source_id, queued_at)
+SELECT 'note', n.id, CAST(strftime('%s', 'now') AS INTEGER) * 1000
+FROM notes n
+LEFT JOIN documents d ON d.source_type = 'note' AND d.source_id = n.id
+WHERE n.is_system = 0 AND d.id IS NULL
+ON CONFLICT(source_type, source_id) DO NOTHING;
+
+INSERT INTO schema_version (version, applied_at, description)
+VALUES (25, strftime('%s', 'now') * 1000, '025_note_dirty_backfill');

migrations/026_scoring_indexes.sql

@@ -0,0 +1,23 @@
+-- Indexes for time-decay expert scoring: dual-path matching and reviewer participation.
+
+CREATE INDEX IF NOT EXISTS idx_notes_old_path_author
+  ON notes(position_old_path, author_username, created_at)
+  WHERE note_type = 'DiffNote' AND is_system = 0 AND position_old_path IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_mfc_old_path_project_mr
+  ON mr_file_changes(old_path, project_id, merge_request_id)
+  WHERE old_path IS NOT NULL;
+
+CREATE INDEX IF NOT EXISTS idx_mfc_new_path_project_mr
+  ON mr_file_changes(new_path, project_id, merge_request_id);
+
+CREATE INDEX IF NOT EXISTS idx_notes_diffnote_discussion_author
+  ON notes(discussion_id, author_username, created_at)
+  WHERE note_type = 'DiffNote' AND is_system = 0;
+
+CREATE INDEX IF NOT EXISTS idx_notes_old_path_project_created
+  ON notes(position_old_path, project_id, created_at)
+  WHERE note_type = 'DiffNote' AND is_system = 0 AND position_old_path IS NOT NULL;
+
+INSERT INTO schema_version (version, applied_at, description)
+VALUES (26, strftime('%s', 'now') * 1000, '026_scoring_indexes');

migrations/027_surgical_sync_runs.sql

@@ -0,0 +1,23 @@
+-- Migration 027: Extend sync_runs for surgical sync observability
+-- Adds mode/phase tracking and surgical-specific counters.
+
+ALTER TABLE sync_runs ADD COLUMN mode TEXT;
+ALTER TABLE sync_runs ADD COLUMN phase TEXT;
+ALTER TABLE sync_runs ADD COLUMN surgical_iids_json TEXT;
+ALTER TABLE sync_runs ADD COLUMN issues_fetched INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN mrs_fetched INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN issues_ingested INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN mrs_ingested INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN skipped_stale INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN docs_regenerated INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN docs_embedded INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN warnings_count INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE sync_runs ADD COLUMN cancelled_at INTEGER;
+
+CREATE INDEX IF NOT EXISTS idx_sync_runs_mode_started
+    ON sync_runs(mode, started_at DESC);
+CREATE INDEX IF NOT EXISTS idx_sync_runs_status_phase_started
+    ON sync_runs(status, phase, started_at DESC);
+
+INSERT INTO schema_version (version, applied_at, description)
+VALUES (27, strftime('%s', 'now') * 1000, '027_surgical_sync_runs');

migrations/028_discussions_mr_fk.sql

@@ -0,0 +1,58 @@
+-- Migration 028: Add FK constraint on discussions.merge_request_id
+-- Schema version: 28
+-- Fixes missing foreign key that causes orphaned discussions when MRs are deleted
+
+-- SQLite doesn't support ALTER TABLE ADD CONSTRAINT, so we must recreate the table.
+
+-- Step 1: Create new table with the FK constraint
+CREATE TABLE discussions_new (
+    id INTEGER PRIMARY KEY,
+    gitlab_discussion_id TEXT NOT NULL,
+    project_id INTEGER NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    issue_id INTEGER REFERENCES issues(id) ON DELETE CASCADE,
+    merge_request_id INTEGER REFERENCES merge_requests(id) ON DELETE CASCADE,  -- FK was missing!
+    noteable_type TEXT NOT NULL CHECK (noteable_type IN ('Issue', 'MergeRequest')),
+    individual_note INTEGER NOT NULL DEFAULT 0,
+    first_note_at INTEGER,
+    last_note_at INTEGER,
+    last_seen_at INTEGER NOT NULL,
+    resolvable INTEGER NOT NULL DEFAULT 0,
+    resolved INTEGER NOT NULL DEFAULT 0,
+    raw_payload_id INTEGER REFERENCES raw_payloads(id),  -- Added in migration 004
+    CHECK (
+        (noteable_type = 'Issue' AND issue_id IS NOT NULL AND merge_request_id IS NULL) OR
+        (noteable_type = 'MergeRequest' AND merge_request_id IS NOT NULL AND issue_id IS NULL)
+    )
+);
+
+-- Step 2: Copy data (only rows with valid FK references to avoid constraint violations)
+INSERT INTO discussions_new
+SELECT d.* FROM discussions d
+WHERE (d.merge_request_id IS NULL OR EXISTS (SELECT 1 FROM merge_requests m WHERE m.id = d.merge_request_id));
+
+-- Step 3: Drop old table and rename
+DROP TABLE discussions;
+ALTER TABLE discussions_new RENAME TO discussions;
+
+-- Step 4: Recreate ALL indexes that were on the discussions table
+-- From migration 002 (original table)
+CREATE UNIQUE INDEX uq_discussions_project_discussion_id ON discussions(project_id, gitlab_discussion_id);
+CREATE INDEX idx_discussions_issue ON discussions(issue_id);
+CREATE INDEX idx_discussions_mr ON discussions(merge_request_id);
+CREATE INDEX idx_discussions_last_note ON discussions(last_note_at);
+-- From migration 003 (orphan detection)
+CREATE INDEX idx_discussions_last_seen ON discussions(last_seen_at);
+-- From migration 006 (MR indexes)
+CREATE INDEX idx_discussions_mr_id ON discussions(merge_request_id);
+CREATE INDEX idx_discussions_mr_resolved ON discussions(merge_request_id, resolved, resolvable);
+-- From migration 017 (who command indexes)
+CREATE INDEX idx_discussions_unresolved_recent ON discussions(project_id, last_note_at) WHERE resolvable = 1 AND resolved = 0;
+CREATE INDEX idx_discussions_unresolved_recent_global ON discussions(last_note_at) WHERE resolvable = 1 AND resolved = 0;
+-- From migration 019 (list performance)
+CREATE INDEX idx_discussions_issue_resolved ON discussions(issue_id, resolvable, resolved);
+-- From migration 022 (notes query optimization)
+CREATE INDEX idx_discussions_issue_id ON discussions(issue_id);
+
+-- Record migration
+INSERT INTO schema_version (version, applied_at, description)
+VALUES (28, strftime('%s', 'now') * 1000, 'Add FK constraint on discussions.merge_request_id');

plans/asupersync-migration.md

@@ -0,0 +1,867 @@
+# Plan: Replace Tokio + Reqwest with Asupersync
+
+**Date:** 2026-03-06
+**Status:** Draft
+**Decisions:** Adapter layer (yes), timeouts in adapter, deep Cx threading, reference doc only
+
+---
+
+## Context
+
+Gitlore uses tokio as its async runtime and reqwest as its HTTP client. Both work, but:
+
+- Ctrl+C during `join_all` silently drops in-flight HTTP requests with no cleanup
+- `ShutdownSignal` is a hand-rolled `AtomicBool` with no structured cancellation
+- No deterministic testing for concurrent ingestion patterns
+- tokio provides no structured concurrency guarantees
+
+Asupersync is a cancel-correct async runtime with region-owned tasks, obligation tracking, and deterministic lab testing. Replacing tokio+reqwest gives us structured shutdown, cancel-correct ingestion, and testable concurrency.
+
+**Trade-offs accepted:**
+- Nightly Rust required (asupersync dependency)
+- Pre-1.0 runtime dependency (mitigated by adapter layer + version pinning)
+- Deeper function signature changes for Cx threading
+
+### Why not tokio CancellationToken + JoinSet?
+
+The core problems (Ctrl+C drops requests, no structured cancellation) *can* be fixed without replacing the runtime. Tokio's `CancellationToken` + `JoinSet` + explicit task tracking gives structured cancellation for fan-out patterns. This was considered and rejected for two reasons:
+
+1. **Obligation tracking is the real win.** CancellationToken/JoinSet fix the "cancel cleanly" problem but don't give us obligation tracking (compile-time proof that all spawned work is awaited) or deterministic lab testing. These are the features that prevent *future* concurrency bugs, not just the current Ctrl+C issue.
+2. **Separation of concerns.** Fixing Ctrl+C with tokio primitives first, then migrating the runtime second, doubles the migration effort (rewrite fan-out twice). Since we have no users and no backwards compatibility concerns, a single clean migration is lower total cost.
+
+If asupersync proves unviable (nightly breakage, API instability), the fallback is exactly this: tokio + CancellationToken + JoinSet.
+
+---
+
+## Current Tokio Usage Inventory
+
+### Production code (must migrate)
+
+| Location | API | Purpose |
+|----------|-----|---------|
+| `main.rs:53` | `#[tokio::main]` | Runtime entrypoint |
+| `main.rs` (4 sites) | `tokio::spawn` + `tokio::signal::ctrl_c` | Ctrl+C signal handlers |
+| `gitlab/client.rs:9` | `tokio::sync::Mutex` | Rate limiter lock |
+| `gitlab/client.rs:10` | `tokio::time::sleep` | Rate limiter backoff |
+| `gitlab/client.rs:729,736` | `tokio::join!` | Parallel pagination |
+
+### Production code (reqwest -- must replace)
+
+| Location | Usage |
+|----------|-------|
+| `gitlab/client.rs` | REST API: GET with headers/query, response status/headers/JSON, pagination via x-next-page and Link headers, retry on 429 |
+| `gitlab/graphql.rs` | GraphQL: POST with Bearer auth + JSON body, response JSON parsing |
+| `embedding/ollama.rs` | Ollama: GET health check, POST JSON embedding requests |
+
+### Test code (keep on tokio via dev-dep)
+
+| File | Tests | Uses wiremock? |
+|------|-------|----------------|
+| `gitlab/graphql_tests.rs` | 30 | Yes |
+| `gitlab/client_tests.rs` | 4 | Yes |
+| `embedding/pipeline_tests.rs` | 4 | Yes |
+| `ingestion/surgical_tests.rs` | 4 async | Yes |
+
+### Test code (switch to asupersync)
+
+| File | Tests | Why safe |
+|------|-------|----------|
+| `core/timeline_seed_tests.rs` | 13 | Pure CPU/SQLite, no HTTP, no tokio APIs |
+
+### Test code (already sync `#[test]` -- no changes)
+
+~35 test files across documents/, core/, embedding/, gitlab/transformers/, ingestion/, cli/commands/, tests/
+
+---
+
+## Phase 0: Preparation (no runtime change)
+
+Goal: Reduce tokio surface area before the swap. Each step is independently valuable.
+
+### 0a. Extract signal handler
+
+The 4 identical Ctrl+C handlers in `main.rs` (lines 1020, 2341, 2493, 2524) become one function in `core/shutdown.rs`:
+
+```rust
+pub fn install_ctrl_c_handler(signal: ShutdownSignal) {
+    tokio::spawn(async move {
+        let _ = tokio::signal::ctrl_c().await;
+        eprintln!("\nInterrupted, finishing current batch... (Ctrl+C again to force quit)");
+        signal.cancel();
+        let _ = tokio::signal::ctrl_c().await;
+        std::process::exit(130);
+    });
+}
+```
+
+4 spawn sites -> 1 function. The function body changes in Phase 3.
+
+### 0b. Replace tokio::sync::Mutex with std::sync::Mutex
+
+In `gitlab/client.rs`, the rate limiter lock guards a tiny sync critical section (check `Instant::now()`, compute delay). No async work inside the lock. `std::sync::Mutex` is correct and removes a tokio dependency:
+
+```rust
+// Before
+use tokio::sync::Mutex;
+let delay = self.rate_limiter.lock().await.check_delay();
+
+// After
+use std::sync::Mutex;
+let delay = self.rate_limiter.lock().expect("rate limiter poisoned").check_delay();
+```
+
+Note: `.expect()` over `.unwrap()` for clarity. Poisoning is near-impossible here (the critical section is a trivial `Instant::now()` check), but the explicit message aids debugging if it ever fires.
+
+**Contention constraint:** `std::sync::Mutex` blocks the executor thread while held. This is safe *only* because the critical section is a single `Instant::now()` comparison with no I/O. If the rate limiter ever grows to include async work (HTTP calls, DB queries), it must move back to an async-aware lock. Document this constraint with a comment at the lock site.
+
+### 0c. Replace tokio::join! with futures::join!
+
+In `gitlab/client.rs:729,736`. `futures::join!` is runtime-agnostic and already in deps.
+
+**After Phase 0, remaining tokio in production code:**
+- `#[tokio::main]` (1 site)
+- `tokio::spawn` + `tokio::signal::ctrl_c` (1 function)
+- `tokio::time::sleep` (1 import)
+
+---
+
+## Phase 0d: Error Type Migration (must precede adapter layer)
+
+The adapter layer (Phase 1) uses `GitLabNetworkError { detail: Option<String> }`, which requires this error type change before the adapter compiles. Placed here so Phases 1-3 compile as a unit.
+
+### `src/core/error.rs`
+
+```rust
+// Remove:
+#[error("HTTP error: {0}")]
+Http(#[from] reqwest::Error),
+
+// Change:
+#[error("Cannot connect to GitLab at {base_url}")]
+GitLabNetworkError {
+    base_url: String,
+    // Before: source: Option<reqwest::Error>
+    // After:
+    detail: Option<String>,
+},
+```
+
+The adapter layer stringifies HTTP client errors at the boundary so `LoreError` doesn't depend on any HTTP client's error types. This also means the existing reqwest call sites that construct `GitLabNetworkError` must be updated to pass `detail: Some(format!("{e:?}"))` instead of `source: Some(e)` -- but those sites are rewritten in Phase 2 anyway, so no extra work.
+
+**Note on error granularity:** Flattening all HTTP errors to `detail: Option<String>` loses the distinction between timeouts, TLS failures, DNS resolution failures, and connection resets. To preserve actionable error categories without coupling `LoreError` to any HTTP client, add a lightweight `NetworkErrorKind` enum:
+
+```rust
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum NetworkErrorKind {
+    Timeout,
+    ConnectionRefused,
+    DnsResolution,
+    Tls,
+    Other,
+}
+
+#[error("Cannot connect to GitLab at {base_url}")]
+GitLabNetworkError {
+    base_url: String,
+    kind: NetworkErrorKind,
+    detail: Option<String>,
+},
+```
+
+The adapter's `execute()` method classifies errors at the boundary:
+- Timeout from `asupersync::time::timeout` → `NetworkErrorKind::Timeout`
+- Transport errors from the HTTP client → classified by error type into the appropriate kind
+- Unknown errors → `NetworkErrorKind::Other`
+
+This keeps `LoreError` client-agnostic while preserving the ability to make retry decisions based on error *type* (e.g., retry on timeout but not on TLS). The adapter's `execute()` method is the single place where this mapping happens, so adding new kinds is localized.
+
+---
+
+## Phase 1: Build the HTTP Adapter Layer
+
+### Why
+
+Asupersync's `HttpClient` is lower-level than reqwest:
+- Headers: `Vec<(String, String)>` not typed `HeaderMap`/`HeaderValue`
+- Body: `Vec<u8>` not a builder with `.json()`
+- Status: raw `u16` not `StatusCode` enum
+- Response: body already buffered, no async `.json().await`
+- No per-request timeout
+
+Without an adapter, every call site becomes 5-6 lines of boilerplate. The adapter also isolates gitlore from asupersync's pre-1.0 HTTP API.
+
+### New file: `src/http.rs` (~100 LOC)
+
+```rust
+use asupersync::http::h1::{HttpClient, HttpClientConfig, PoolConfig};
+use asupersync::http::h1::types::Method;
+use asupersync::time::timeout;
+use serde::de::DeserializeOwned;
+use serde::Serialize;
+use std::time::Duration;
+
+use crate::core::error::{LoreError, Result};
+
+pub struct Client {
+    inner: HttpClient,
+    timeout: Duration,
+}
+
+pub struct Response {
+    pub status: u16,
+    pub reason: String,
+    pub headers: Vec<(String, String)>,
+    body: Vec<u8>,
+}
+
+impl Client {
+    pub fn with_timeout(timeout: Duration) -> Self {
+        Self {
+            inner: HttpClient::with_config(HttpClientConfig {
+                pool_config: PoolConfig::builder()
+                    .max_connections_per_host(6)
+                    .max_total_connections(100)
+                    .idle_timeout(Duration::from_secs(90))
+                    .build(),
+                ..Default::default()
+            }),
+            timeout,
+        }
+    }
+
+    pub async fn get(&self, url: &str, headers: &[(&str, &str)]) -> Result<Response> {
+        self.execute(Method::Get, url, headers, Vec::new()).await
+    }
+
+    pub async fn get_with_query(
+        &self,
+        url: &str,
+        params: &[(&str, String)],
+        headers: &[(&str, &str)],
+    ) -> Result<Response> {
+        let full_url = append_query_params(url, params);
+        self.execute(Method::Get, &full_url, headers, Vec::new()).await
+    }
+
+    pub async fn post_json<T: Serialize>(
+        &self,
+        url: &str,
+        headers: &[(&str, &str)],
+        body: &T,
+    ) -> Result<Response> {
+        let body_bytes = serde_json::to_vec(body)
+            .map_err(|e| LoreError::Other(format!("JSON serialization failed: {e}")))?;
+        let mut all_headers = headers.to_vec();
+        all_headers.push(("Content-Type", "application/json"));
+        self.execute(Method::Post, url, &all_headers, body_bytes).await
+    }
+
+    async fn execute(
+        &self,
+        method: Method,
+        url: &str,
+        headers: &[(&str, &str)],
+        body: Vec<u8>,
+    ) -> Result<Response> {
+        let header_tuples: Vec<(String, String)> = headers
+            .iter()
+            .map(|(k, v)| ((*k).to_owned(), (*v).to_owned()))
+            .collect();
+
+        let raw = timeout(self.timeout, self.inner.request(method, url, header_tuples, body))
+            .await
+            .map_err(|_| LoreError::GitLabNetworkError {
+                base_url: url.to_string(),
+                kind: NetworkErrorKind::Timeout,
+                detail: Some(format!("Request timed out after {:?}", self.timeout)),
+            })?
+            .map_err(|e| LoreError::GitLabNetworkError {
+                base_url: url.to_string(),
+                kind: classify_transport_error(&e),
+                detail: Some(format!("{e:?}")),
+            })?;
+
+        Ok(Response {
+            status: raw.status,
+            reason: raw.reason,
+            headers: raw.headers,
+            body: raw.body,
+        })
+    }
+}
+
+impl Response {
+    pub fn is_success(&self) -> bool {
+        (200..300).contains(&self.status)
+    }
+
+    pub fn json<T: DeserializeOwned>(&self) -> Result<T> {
+        serde_json::from_slice(&self.body)
+            .map_err(|e| LoreError::Other(format!("JSON parse error: {e}")))
+    }
+
+    pub fn text(self) -> Result<String> {
+        String::from_utf8(self.body)
+            .map_err(|e| LoreError::Other(format!("UTF-8 decode error: {e}")))
+    }
+
+    pub fn header(&self, name: &str) -> Option<&str> {
+        self.headers
+            .iter()
+            .find(|(k, _)| k.eq_ignore_ascii_case(name))
+            .map(|(_, v)| v.as_str())
+    }
+
+    /// Returns all values for a header name (case-insensitive).
+    /// Needed for multi-value headers like `Link` used in pagination.
+    pub fn headers_all(&self, name: &str) -> Vec<&str> {
+        self.headers
+            .iter()
+            .filter(|(k, _)| k.eq_ignore_ascii_case(name))
+            .map(|(_, v)| v.as_str())
+            .collect()
+    }
+}
+
+/// Appends query parameters to a URL.
+///
+/// Edge cases handled:
+/// - URLs with existing `?query` → appends with `&`
+/// - URLs with `#fragment` → inserts query before fragment
+/// - Empty params → returns URL unchanged
+/// - Repeated keys → preserved as-is (GitLab API uses repeated `labels[]`)
+fn append_query_params(url: &str, params: &[(&str, String)]) -> String {
+    if params.is_empty() {
+        return url.to_string();
+    }
+    let query: String = params
+        .iter()
+        .map(|(k, v)| format!("{}={}", urlencoding::encode(k), urlencoding::encode(v)))
+        .collect::<Vec<_>>()
+        .join("&");
+
+    // Preserve URL fragments: split on '#', insert query, rejoin
+    let (base, fragment) = match url.split_once('#') {
+        Some((b, f)) => (b, Some(f)),
+        None => (url, None),
+    };
+    let with_query = if base.contains('?') {
+        format!("{base}&{query}")
+    } else {
+        format!("{base}?{query}")
+    };
+    match fragment {
+        Some(f) => format!("{with_query}#{f}"),
+        None => with_query,
+    }
+}
+```
+
+### Response body size guard
+
+The adapter buffers entire response bodies in memory (`Vec<u8>`). A misconfigured endpoint or unexpected redirect to a large file could cause unbounded memory growth. Add a max response body size check in `execute()`:
+
+```rust
+const MAX_RESPONSE_BODY_BYTES: usize = 64 * 1024 * 1024; // 64 MiB — generous for JSON, catches runaways
+
+// In execute(), after receiving raw response:
+if raw.body.len() > MAX_RESPONSE_BODY_BYTES {
+    return Err(LoreError::Other(format!(
+        "Response body too large: {} bytes (max {})",
+        raw.body.len(),
+        MAX_RESPONSE_BODY_BYTES,
+    )));
+}
+```
+
+This is a safety net, not a tight constraint. GitLab JSON responses are typically < 1 MiB. Ollama embedding responses are < 100 KiB per batch. The 64 MiB limit catches runaways without interfering with normal operation.
+
+### Timeout behavior
+
+Every request is wrapped with `asupersync::time::timeout(self.timeout, ...)`. Default timeouts:
+- GitLab REST/GraphQL: 30s
+- Ollama: configurable (default 60s)
+- Ollama health check: 5s
+
+---
+
+## Phase 2: Migrate the 3 HTTP Modules
+
+### 2a. `gitlab/client.rs` (REST API)
+
+**Imports:**
+```rust
+// Remove
+use reqwest::header::{ACCEPT, HeaderMap, HeaderValue};
+use reqwest::{Client, Response, StatusCode};
+
+// Add
+use crate::http::{Client, Response};
+```
+
+**Client construction** (lines 68-96):
+```rust
+// Before: reqwest::Client::builder().default_headers(h).timeout(d).build()
+// After:
+let client = Client::with_timeout(Duration::from_secs(30));
+```
+
+**request() method** (lines 129-170):
+```rust
+// Before
+let response = self.client.get(&url)
+    .header("PRIVATE-TOKEN", &self.token)
+    .send().await
+    .map_err(|e| LoreError::GitLabNetworkError { ... })?;
+
+// After
+let response = self.client.get(&url, &[
+    ("PRIVATE-TOKEN", &self.token),
+    ("Accept", "application/json"),
+]).await?;
+```
+
+**request_with_headers() method** (lines 510-559):
+```rust
+// Before
+let response = self.client.get(&url)
+    .query(params)
+    .header("PRIVATE-TOKEN", &self.token)
+    .send().await?;
+let headers = response.headers().clone();
+
+// After
+let response = self.client.get_with_query(&url, params, &[
+    ("PRIVATE-TOKEN", &self.token),
+    ("Accept", "application/json"),
+]).await?;
+// headers already owned in response.headers
+```
+
+**handle_response()** (lines 182-219):
+```rust
+// Before: async fn (consumed body with .text().await)
+// After: sync fn (body already buffered in Response)
+fn handle_response<T: DeserializeOwned>(&self, response: Response, path: &str) -> Result<T> {
+    match response.status {
+        401 => Err(LoreError::GitLabAuthFailed),
+        404 => Err(LoreError::GitLabNotFound { resource: path.into() }),
+        429 => {
+            let retry_after = response.header("retry-after")
+                .and_then(|v| v.parse().ok())
+                .unwrap_or(60);
+            Err(LoreError::GitLabRateLimited { retry_after })
+        }
+        s if (200..300).contains(&s) => response.json::<T>(),
+        s => Err(LoreError::Other(format!("GitLab API error: {} {}", s, response.reason))),
+    }
+}
+```
+
+**Pagination** -- No structural changes. `async_stream::stream!` and header parsing stay the same. Only the response type changes:
+```rust
+// Before: headers.get("x-next-page").and_then(|v| v.to_str().ok())
+// After:  response.header("x-next-page")
+```
+
+**parse_link_header_next** -- Change signature from `(headers: &HeaderMap)` to `(headers: &[(String, String)])` and find by case-insensitive name.
+
+### 2b. `gitlab/graphql.rs`
+
+```rust
+// Before
+let response = self.http.post(&url)
+    .header("Authorization", format!("Bearer {}", self.token))
+    .header("Content-Type", "application/json")
+    .json(&body).send().await?;
+let json: Value = response.json().await?;
+
+// After
+let bearer = format!("Bearer {}", self.token);
+let response = self.http.post_json(&url, &[
+    ("Authorization", &bearer),
+], &body).await?;
+let json: Value = response.json()?;
+```
+
+Status matching changes from `response.status().as_u16()` to `response.status` (already u16).
+
+### 2c. `embedding/ollama.rs`
+
+```rust
+// Health check
+let response = self.client.get(&url, &[]).await?;
+let tags: TagsResponse = response.json()?;
+
+// Embed batch
+let response = self.client.post_json(&url, &[], &request).await?;
+if !response.is_success() {
+    let status = response.status; // capture before .text() consumes response
+    let body = response.text()?;
+    return Err(LoreError::EmbeddingFailed { document_id: 0, reason: format!("HTTP {status}: {body}") });
+}
+let embed_response: EmbedResponse = response.json()?;
+```
+
+**Standalone health check** (`check_ollama_health`): Currently creates a temporary `reqwest::Client`. Replace with temporary `crate::http::Client`:
+```rust
+pub async fn check_ollama_health(base_url: &str) -> bool {
+    let client = Client::with_timeout(Duration::from_secs(5));
+    let url = format!("{base_url}/api/tags");
+    client.get(&url, &[]).await.map_or(false, |r| r.is_success())
+}
+```
+
+---
+
+## Phase 3: Swap the Runtime + Deep Cx Threading
+
+### 3a. Cargo.toml
+
+```toml
+[dependencies]
+# Remove:
+# reqwest = { version = "0.12", features = ["json"] }
+# tokio = { version = "1", features = ["rt-multi-thread", "macros", "time", "signal"] }
+
+# Add:
+asupersync = { version = "0.2", features = ["tls", "tls-native-roots"] }
+
+# Keep unchanged:
+async-stream = "0.3"
+futures = { version = "0.3", default-features = false, features = ["alloc"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+urlencoding = "2"
+
+[dev-dependencies]
+tempfile = "3"
+wiremock = "0.6"
+tokio = { version = "1", features = ["rt", "macros"] }
+```
+
+### 3b. rust-toolchain.toml
+
+```toml
+[toolchain]
+channel = "nightly-2026-03-01"  # Pin specific date to avoid surprise breakage
+```
+
+Update the date as needed when newer nightlies are verified. Never use bare `"nightly"` in production.
+
+### 3c. Entrypoint (`main.rs:53`)
+
+```rust
+// Before
+#[tokio::main]
+async fn main() -> Result<()> { ... }
+
+// After
+#[asupersync::main]
+async fn main(cx: &Cx) -> Outcome<()> { ... }
+```
+
+### 3d. Signal handler (`core/shutdown.rs`)
+
+```rust
+// After (Phase 0 extracted it; now rewrite for asupersync)
+pub async fn install_ctrl_c_handler(cx: &Cx, signal: ShutdownSignal) {
+    cx.spawn("ctrl-c-handler", async move |cx| {
+        cx.shutdown_signal().await;
+        eprintln!("\nInterrupted, finishing current batch... (Ctrl+C again to force quit)");
+        signal.cancel();
+        // Preserve hard-exit on second Ctrl+C (same behavior as Phase 0a)
+        cx.shutdown_signal().await;
+        std::process::exit(130);
+    });
+}
+```
+
+**Cleanup concern:** `std::process::exit(130)` on second Ctrl+C bypasses all drop guards, flush operations, and asupersync region cleanup. This is intentional (user demanded hard exit) but means any in-progress DB transaction will be abandoned mid-write. SQLite's journaling makes this safe (uncommitted transactions are rolled back on next open), but verify this holds for WAL mode if enabled. Consider logging a warning before exit so users understand incomplete operations may need re-sync.
+
+### 3e. Rate limiter sleep
+
+```rust
+// Before
+use tokio::time::sleep;
+
+// After
+use asupersync::time::sleep;
+```
+
+### 3f. Deep Cx threading
+
+Thread `Cx` from `main()` through command dispatch into the orchestrator and ingestion modules. This enables region-scoped cancellation for `join_all` batches.
+
+**Function signatures that need `cx: &Cx` added:**
+
+| Module | Functions |
+|--------|-----------|
+| `main.rs` | Command dispatch match arms for `sync`, `ingest`, `embed` |
+| `cli/commands/sync.rs` | `run_sync()` |
+| `cli/commands/ingest.rs` | `run_ingest_command()`, `run_ingest()` |
+| `cli/commands/embed.rs` | `run_embed()` |
+| `cli/commands/sync_surgical.rs` | `run_sync_surgical()` |
+| `ingestion/orchestrator.rs` | `ingest_issues()`, `ingest_merge_requests()`, `ingest_discussions()`, etc. |
+| `ingestion/surgical.rs` | `surgical_sync()` |
+| `embedding/pipeline.rs` | `embed_documents()`, `embed_batch_group()` |
+
+**Region wrapping for join_all batches** (orchestrator.rs):
+```rust
+// Before
+let prefetched_batch = join_all(prefetch_futures).await;
+
+// After -- cancel-correct region with result collection
+let (tx, rx) = std::sync::mpsc::channel();
+cx.region(|scope| async {
+    for future in prefetch_futures {
+        let tx = tx.clone();
+        scope.spawn(async move |_cx| {
+            let result = future.await;
+            let _ = tx.send(result);
+        });
+    }
+    drop(tx);
+}).await;
+let prefetched_batch: Vec<_> = rx.into_iter().collect();
+```
+
+**IMPORTANT: Semantic differences beyond ordering.** Replacing `join_all` with region-spawned tasks changes three behaviors:
+
+1. **Ordering:** `join_all` preserves input order — results\[i\] corresponds to futures\[i\]. The `std::sync::mpsc` channel pattern does NOT (results arrive in completion order). If downstream logic assumes positional alignment (e.g., zipping results with input items by index), this is a silent correctness bug. Options:
+   - Send `(index, result)` tuples through the channel and sort by index after collection.
+   - If `scope.spawn()` returns a `JoinHandle<T>`, collect handles in order and await them sequentially.
+
+2. **Error aggregation:** `join_all` runs all futures to completion even if some fail, collecting all results. Region-spawned tasks with a channel will also run all tasks, but if the region is cancelled mid-flight (e.g., Ctrl+C), some results are lost. Decide per call site: should partial results be processed, or should the entire batch be retried?
+
+3. **Backpressure:** `join_all` with N futures creates N concurrent tasks. Region-spawned tasks behave similarly, but if the region has concurrency limits, backpressure semantics change. Verify asupersync's region API does not impose implicit concurrency caps.
+
+4. **Late result loss on cancellation:** When a region is cancelled, tasks that have completed but whose results haven't been received yet may have already sent to the channel. However, tasks that are mid-flight will be dropped, and their results never sent. The channel receiver must drain whatever was sent, but the caller must treat a cancelled region's results as incomplete — never assume all N results arrived. Document per call site whether partial results are safe to process or whether the entire batch should be discarded on cancellation.
+
+Audit every `join_all` call site for all four assumptions before choosing the pattern.
+
+Note: The exact result-collection pattern depends on asupersync's region API. If `scope.spawn()` returns a `JoinHandle<T>`, prefer collecting handles and awaiting them (preserves ordering and simplifies error handling).
+
+This is the biggest payoff: if Ctrl+C fires during a prefetch batch, the region cancels all in-flight HTTP requests with bounded cleanup instead of silently dropping them.
+
+**Estimated signature changes:** ~15 functions gain a `cx: &Cx` parameter.
+
+**Phasing the Cx threading (risk reduction):** Rather than threading `cx` through all ~15 functions at once, split into two steps:
+
+- **Step 1:** Thread `cx` through the orchestration path only (`main.rs` dispatch → `run_sync`/`run_ingest` → orchestrator functions). This is where region-wrapping `join_all` batches happens — the actual cancellation payoff. Verify invariants pass.
+- **Step 2:** Widen to the command layer and embedding pipeline (`run_embed`, `embed_documents`, `embed_batch_group`, `sync_surgical`). These are lower-risk since they don't have the same fan-out patterns.
+
+This reduces the blast radius of Step 1 and provides an earlier validation checkpoint. If Step 1 surfaces problems, Step 2 hasn't been started yet.
+
+---
+
+## Phase 4: Test Migration
+
+### Keep on `#[tokio::test]` (wiremock tests -- 42 tests)
+
+No changes. `tokio` is in `[dev-dependencies]` with `features = ["rt", "macros"]`.
+
+**Coverage gap:** These tests validate protocol correctness (request format, response parsing, status code handling, pagination) through the adapter layer, but they do NOT exercise asupersync's runtime behavior (timeouts, connection pooling, cancellation). This is acceptable because:
+1. Protocol correctness is the higher-value test target — it catches most regressions
+2. Runtime-specific behavior is covered by the new cancellation integration tests (below)
+3. The adapter layer is thin enough that runtime differences are unlikely to affect request/response semantics
+
+**Adapter-layer test gap:** The 42 wiremock tests validate protocol correctness (request format, response parsing) but run on tokio, not asupersync. This means the adapter's actual behavior under the production runtime is untested by mocked-response tests. To close this gap, add 3-5 asupersync-native integration tests that exercise the adapter against a simple HTTP server (e.g., `hyper` or a raw TCP listener) rather than wiremock:
+
+1. **GET with headers + JSON response** — verify header passing and JSON deserialization through the adapter.
+2. **POST with JSON body** — verify Content-Type injection and body serialization.
+3. **429 + Retry-After** — verify the adapter surfaces rate-limit responses correctly.
+4. **Timeout** — verify the adapter's `asupersync::time::timeout` wrapper fires.
+5. **Large response rejection** — verify the body size guard triggers.
+
+These tests are cheap to write (~50 LOC each) and close the "works on tokio but does it work on asupersync?" gap that GPT 5.3 flagged.
+
+| File | Tests |
+|------|-------|
+| `gitlab/graphql_tests.rs` | 30 |
+| `gitlab/client_tests.rs` | 4 |
+| `embedding/pipeline_tests.rs` | 4 |
+| `ingestion/surgical_tests.rs` | 4 |
+
+### Switch to `#[asupersync::test]` (no wiremock -- 13 tests)
+
+| File | Tests |
+|------|-------|
+| `core/timeline_seed_tests.rs` | 13 |
+
+### Already `#[test]` (sync -- ~35 files)
+
+No changes needed.
+
+### New: Cancellation integration tests (asupersync-native)
+
+Wiremock tests on tokio validate protocol/serialization correctness but cannot test asupersync's cancellation and region semantics. Add asupersync-native integration tests for:
+
+1. **Ctrl+C during fan-out:** Simulate cancellation mid-batch in orchestrator. Verify all in-flight tasks are drained, no task leaks, no obligation leaks.
+2. **Region quiescence:** Verify that after a region completes (normal or cancelled), no background tasks remain running.
+3. **Transaction integrity under cancellation:** Cancel during an ingestion batch that has fetched data but not yet written to DB. Verify no partial data is committed.
+
+These tests use asupersync's deterministic lab runtime, which is one of the primary motivations for this migration.
+
+---
+
+## Phase 5: Verify and Harden
+
+### Verification checklist
+
+```bash
+cargo check --all-targets
+cargo clippy --all-targets -- -D warnings
+cargo fmt --check
+cargo test
+```
+
+### Specific things to verify
+
+1. **async-stream on nightly** -- Does `async_stream 0.3` compile on current nightly?
+2. **TLS root certs on macOS** -- Does `tls-native-roots` pick up system CA certs?
+3. **Connection pool under concurrency** -- Do `join_all` batches (4-8 concurrent requests to same host) work without pool deadlock?
+4. **Pagination streams** -- Do `async_stream::stream!` pagination generators work unchanged?
+5. **Wiremock test isolation** -- Do wiremock tests pass with tokio only in dev-deps?
+
+### HTTP behavior parity acceptance criteria
+
+reqwest provides several implicit behaviors that asupersync's h1 client may not. Each must pass a concrete acceptance test before the migration is considered complete:
+
+| reqwest default | Acceptance criterion | Pass/Fail test |
+|-----------------|---------------------|----------------|
+| Automatic redirect following (up to 10) | If GitLab returns 3xx, gitlore must not silently lose the response. Either follow the redirect or surface a clear error. | Send a request to wiremock returning 301 → verify adapter returns the redirect status (not an opaque failure) |
+| Automatic gzip/deflate decompression | Not required — JSON responses are small. | N/A (no test needed) |
+| Proxy from `HTTP_PROXY`/`HTTPS_PROXY` env | If `HTTP_PROXY` is set, requests must route through it. If asupersync lacks proxy support, document this as a known limitation. | Set `HTTP_PROXY=http://127.0.0.1:9999` → verify connection attempt targets the proxy, or document that proxy is unsupported |
+| Connection keep-alive | Pagination batches (4-8 sequential requests to same host) must reuse connections. | Measure with `ss`/`netstat`: 8 paginated requests should use ≤2 TCP connections |
+| System DNS resolution | Hostnames must resolve via OS resolver. | Verify `lore sync` works against a hostname (not just IP) |
+| Request body Content-Length | POST requests must include Content-Length header (some proxies/WAFs require it). | Inspect outgoing request headers in wiremock test |
+| TLS certificate validation | HTTPS requests must validate server certificates using system CA store. | Verify `lore sync` succeeds against production GitLab (valid cert) and fails against self-signed cert |
+
+### Cancellation + DB transaction invariants
+
+Region-based cancellation stops HTTP tasks cleanly, but partial ingestion can leave the database in an inconsistent state if cancellation fires between "fetched data" and "wrote to DB". The following invariants must hold and be tested:
+
+**INV-1: Atomic batch writes.** Each ingestion batch (issues, MRs, discussions) writes to the DB inside a single `unchecked_transaction()`. If the transaction is not committed, no partial data from that batch is visible. This is already the case for most ingestion paths — audit all paths and fix any that write outside a transaction.
+
+**INV-2: Region cancellation cannot corrupt committed data.** A cancelled region may abandon in-flight HTTP requests, but it must not interrupt a DB transaction mid-write. This holds naturally because SQLite transactions are synchronous (not async) — once `tx.execute()` starts, it runs to completion on the current thread regardless of task cancellation. Verify this assumption holds for WAL mode.
+
+**Hard rule: no `.await` between transaction open and commit/rollback.** Cancellation can fire at any `.await` point. If an `.await` exists between `unchecked_transaction()` and `tx.commit()`, a cancelled region could drop the transaction guard mid-batch, rolling back partial writes silently. Audit all ingestion paths to confirm this invariant holds. If any path must do async work mid-transaction (e.g., fetching related data), restructure to fetch-then-write: complete all async work first, then open the transaction, write synchronously, and commit.
+
+**INV-3: No partial batch visibility.** If cancellation fires after fetching N items but before the batch transaction commits, zero items from that batch are persisted. The next sync picks up where it left off using cursor-based pagination.
+
+**INV-4: ShutdownSignal + region cancellation are complementary.** The existing `ShutdownSignal` check-before-write pattern in orchestrator loops (`if signal.is_cancelled() { break; }`) remains the first line of defense. Region cancellation is the second — it ensures in-flight HTTP tasks are drained even if the orchestrator loop has already moved past the signal check. Both mechanisms must remain active.
+
+**Test plan for invariants:**
+- INV-1: Cancellation integration test — cancel mid-batch, verify DB has zero partial rows from that batch
+- INV-2: Verify `unchecked_transaction()` commit is not interruptible by task cancellation (lab runtime test)
+- INV-3: Cancel after fetch, re-run sync, verify no duplicates and no gaps
+- INV-4: Verify both ShutdownSignal and region cancellation are triggered on Ctrl+C
+
+---
+
+## File Change Summary
+
+| File | Change | LOC |
+|------|--------|-----|
+| `Cargo.toml` | Swap deps | ~10 |
+| `rust-toolchain.toml` | NEW -- set nightly | 3 |
+| `src/http.rs` | NEW -- adapter layer | ~100 |
+| `src/main.rs` | Entrypoint macro, Cx threading, remove 4 signal handlers | ~40 |
+| `src/core/shutdown.rs` | Extract + rewrite signal handler | ~20 |
+| `src/core/error.rs` | Remove reqwest::Error, change GitLabNetworkError (Phase 0d) | ~10 |
+| `src/gitlab/client.rs` | Replace reqwest, remove tokio imports, adapt all methods | ~80 |
+| `src/gitlab/graphql.rs` | Replace reqwest | ~20 |
+| `src/embedding/ollama.rs` | Replace reqwest | ~20 |
+| `src/cli/commands/sync.rs` | Add Cx param | ~5 |
+| `src/cli/commands/ingest.rs` | Add Cx param | ~5 |
+| `src/cli/commands/embed.rs` | Add Cx param | ~5 |
+| `src/cli/commands/sync_surgical.rs` | Add Cx param | ~5 |
+| `src/ingestion/orchestrator.rs` | Add Cx param, region-wrap join_all | ~30 |
+| `src/ingestion/surgical.rs` | Add Cx param | ~10 |
+| `src/embedding/pipeline.rs` | Add Cx param | ~10 |
+| `src/core/timeline_seed_tests.rs` | Swap test macro | ~13 |
+
+**Total: ~16 files modified, 1 new file, ~400-500 LOC changed.**
+
+---
+
+## Execution Order
+
+```
+Phase 0a-0c (prep, safe, independent)
+  |
+  v
+Phase 0d (error type migration -- required before adapter compiles)
+  |
+  v
+DECISION GATE: verify nightly + asupersync + tls-native-roots compile AND behavioral smoke tests pass
+  |
+  v
+Phase 1 (adapter layer, compiles but unused) ----+
+  |                                               |
+  v                                               |  These 3 are one
+Phase 2 (migrate 3 HTTP modules to adapter) ------+  atomic commit
+  |                                               |
+  v                                               |
+Phase 3 (swap runtime, Cx threading) ------------+
+  |
+  v
+Phase 4 (test migration)
+  |
+  v
+Phase 5 (verify + harden)
+```
+
+Phase 0a-0c can be committed independently (good cleanup regardless).
+Phase 0d (error types) can also land independently, but MUST precede the adapter layer.
+**Decision gate:** After Phase 0d, create `rust-toolchain.toml` with nightly pin and verify `asupersync = "0.2"` compiles with `tls-native-roots` on macOS. Then run behavioral smoke tests in a throwaway binary or integration test:
+
+1. **TLS validation:** HTTPS GET to a public endpoint (e.g., `https://gitlab.com/api/v4/version`) succeeds with valid cert.
+2. **DNS resolution:** Request using hostname (not IP) resolves correctly.
+3. **Redirect handling:** GET to a 301/302 endpoint — verify the adapter returns the redirect status (not an opaque error) so call sites can decide whether to follow.
+4. **Timeout behavior:** Request to a slow/non-responsive endpoint times out within the configured duration.
+5. **Connection pooling:** 4 sequential requests to the same host reuse connections (verify via debug logging or `ss`/`netstat`).
+
+If compilation fails or any behavioral test reveals a showstopper (e.g., TLS doesn't work on macOS, timeouts don't fire), stop and evaluate the tokio CancellationToken fallback before investing in Phases 1-3.
+
+Compile-only gating is insufficient — this migration's failure modes are semantic (HTTP behavior parity), not just syntactic.
+
+Phases 1-3 must land together (removing reqwest requires both the adapter AND the new runtime).
+Phases 4-5 are cleanup that can be incremental.
+
+---
+
+## Rollback Strategy
+
+If the migration stalls or asupersync proves unviable after partial completion:
+
+- **Phase 0a-0c completed:** No rollback needed. These are independently valuable cleanup regardless of runtime choice.
+- **Phase 0d completed:** `GitLabNetworkError { detail }` is runtime-agnostic. Keep it.
+- **Phases 1-3 partially completed:** These must land atomically. If any phase in 1-3 fails, revert the entire atomic commit. The adapter layer (Phase 1) imports asupersync types, so it cannot exist without the runtime.
+- **Full rollback to tokio:** If asupersync is abandoned entirely, the fallback path is tokio + `CancellationToken` + `JoinSet` (see "Why not tokio CancellationToken + JoinSet?" above). The adapter layer design is still valid — swap `asupersync::http` for `reqwest` behind the same `crate::http::Client` API.
+
+**Decision point:** After Phase 0 is complete, verify asupersync compiles on the pinned nightly with `tls-native-roots` before committing to Phases 1-3. If TLS or nightly issues surface, stop and evaluate the tokio fallback.
+
+**Concrete escape hatch triggers (abandon asupersync, fall back to tokio + CancellationToken + JoinSet):**
+1. **Nightly breakage > 7 days:** If the pinned nightly breaks and no newer nightly restores compilation within 7 days, abort.
+2. **TLS incompatibility:** If `tls-native-roots` cannot validate certificates on macOS (system CA store) and `tls-webpki-roots` also fails, abort.
+3. **API instability:** If asupersync releases a breaking change to `HttpClient`, `region()`, or `Cx` APIs before our migration is complete, evaluate migration cost. If > 2 days of rework, abort.
+4. **Wiremock incompatibility:** If keeping wiremock tests on tokio while production runs asupersync causes test failures or flaky behavior that cannot be resolved in 1 day, abort.
+
+---
+
+## Risks
+
+| Risk | Severity | Mitigation |
+|------|----------|------------|
+| asupersync pre-1.0 API changes | High | Adapter layer isolates call sites. Pin exact version. |
+| Nightly Rust breakage | Medium-High | Pin nightly date in rust-toolchain.toml. CI tests on nightly. Coupling runtime + toolchain migration amplifies risk — escape hatch triggers defined in Rollback Strategy. |
+| TLS cert issues on macOS | Medium | Test early in Phase 5. Fallback: `tls-webpki-roots` (Mozilla bundle). |
+| Connection pool behavior under load | Medium | Stress test with `join_all` of 8+ concurrent requests in Phase 5. |
+| async-stream nightly compat | Low | Widely used crate, likely fine. Fallback: manual Stream impl. |
+| Build time increase | Low | Measure before/after. asupersync may be heavier than tokio. |
+| Reqwest behavioral drift | Medium | reqwest has implicit redirect/proxy/compression handling. Audit each (see Phase 5 table). GitLab API doesn't redirect, so low actual risk. |
+| Partial ingestion on cancel | Medium | Region cancellation can fire between HTTP fetch and DB write. Verify transaction boundaries align with region scope (see Phase 5). |
+| Unbounded response body buffering | Low | Adapter buffers full response bodies. Mitigated by 64 MiB size guard in adapter `execute()`. |
+| Manual URL/header handling correctness | Low-Medium | `append_query_params` and case-insensitive header scans replicate reqwest behavior manually. Mitigated by unit tests for edge cases (existing query params, fragments, repeated keys, case folding). |

plans/gitlab-todos-notifications-integration.md

@@ -0,0 +1,652 @@
+---
+plan: true
+title: "GitLab TODOs Integration"
+status: proposed
+iteration: 4
+target_iterations: 4
+beads_revision: 1
+related_plans: []
+created: 2026-02-23
+updated: 2026-02-26
+audit_revision: 4
+---
+
+# GitLab TODOs Integration
+
+## Summary
+
+Add GitLab TODO support to lore. Todos are fetched during sync, stored locally, and surfaced through a standalone `lore todos` command and integration into the `lore me` dashboard.
+
+**Scope:** Read-only. No mark-as-done operations.
+
+---
+
+## Workflows
+
+### Workflow 1: Morning Triage (Human)
+
+1. User runs `lore me` to see personal dashboard
+2. Summary header shows "5 pending todos" alongside issue/MR counts
+3. Todos section groups items: 2 Assignments, 2 Mentions, 1 Approval Required
+4. User scans Assignments — sees issue #42 assigned by @manager
+5. User runs `lore todos` for full detail with body snippets
+6. User clicks target URL to address highest-priority item
+7. After marking done in GitLab, next `lore sync` removes it locally
+
+### Workflow 2: Agent Polling (Robot Mode)
+
+1. Agent runs `lore --robot health` as pre-flight check
+2. Agent runs `lore --robot me --fields minimal` for dashboard
+3. Agent extracts `pending_todo_count` from summary — if 0, skip todos
+4. If count > 0, agent runs `lore --robot todos`
+5. Agent iterates `data.todos[]`, filtering by `action` type
+6. Agent prioritizes `approval_required` and `build_failed` for immediate attention
+7. Agent logs external todos (`is_external: true`) for manual review
+
+### Workflow 3: Cross-Project Visibility
+
+1. User is mentioned in a project they don't sync (e.g., company-wide repo)
+2. `lore sync` fetches the todo anyway (account-wide fetch)
+3. `lore todos` shows item with `[external]` indicator and project path
+4. User can still click target URL to view in GitLab
+5. Target title may be unavailable — graceful fallback to "Untitled"
+
+---
+
+## Acceptance Criteria
+
+Behavioral contract. Each AC is a single testable statement.
+
+### Storage
+
+| ID | Behavior |
+|----|----------|
+| AC-1 | Todos are persisted locally in SQLite |
+| AC-2 | Each todo is uniquely identified by its GitLab todo ID |
+| AC-3 | Todos from non-synced projects are stored with their project path |
+
+### Sync
+
+| ID | Behavior |
+|----|----------|
+| AC-4 | `lore sync` fetches all pending todos from GitLab |
+| AC-5 | Sync fetches todos account-wide, not per-project |
+| AC-6 | Todos marked done in GitLab are removed locally on next sync |
+| AC-7 | Transient sync errors do not delete valid local todos |
+| AC-8 | `lore sync --no-todos` skips todo fetching |
+| AC-9 | Sync logs todo statistics (fetched, inserted, updated, deleted) |
+
+### `lore todos` Command
+
+| ID | Behavior |
+|----|----------|
+| AC-10 | `lore todos` displays all pending todos |
+| AC-11 | Todos are grouped by action type: Assignments, Mentions, Approvals, Build Issues |
+| AC-12 | Each todo shows: target title, project path, author, age |
+| AC-13 | Non-synced project todos display `[external]` indicator |
+| AC-14 | `lore todos --limit N` limits output to N todos |
+| AC-15 | `lore --robot todos` returns JSON with standard `{ok, data, meta}` envelope |
+| AC-16 | `lore --robot todos --fields minimal` returns reduced field set |
+| AC-17 | `todo` and `td` are recognized as aliases for `todos` |
+
+### `lore me` Integration
+
+| ID | Behavior |
+|----|----------|
+| AC-18 | `lore me` summary includes pending todo count |
+| AC-19 | `lore me` includes a todos section in the full dashboard |
+| AC-20 | `lore me --todos` shows only the todos section |
+| AC-21 | Todos are NOT filtered by `--project` flag (always account-wide) |
+| AC-22 | Warning is displayed if `--project` is passed with `--todos` |
+| AC-23 | Todo events appear in the activity feed for local entities |
+
+### Action Types
+
+| ID | Behavior |
+|----|----------|
+| AC-24 | Core actions are displayed: assigned, mentioned, directly_addressed, approval_required, build_failed, unmergeable |
+| AC-25 | Niche actions are stored but not displayed: merge_train_removed, member_access_requested, marked |
+
+### Attention State
+
+| ID | Behavior |
+|----|----------|
+| AC-26 | Todos do not affect attention state calculation |
+| AC-27 | Todos do not appear in "since last check" cursor-based inbox |
+
+### Error Handling
+
+| ID | Behavior |
+|----|----------|
+| AC-28 | 403 Forbidden on todos API logs warning and continues sync |
+| AC-29 | 429 Rate Limited respects Retry-After header |
+| AC-30 | Malformed todo JSON logs warning, skips that item, and disables purge for that sync |
+
+### Documentation
+
+| ID | Behavior |
+|----|----------|
+| AC-31 | `lore todos` appears in CLI help |
+| AC-32 | `lore robot-docs` includes todos schema |
+| AC-33 | CLAUDE.md documents the todos command |
+
+### Quality
+
+| ID | Behavior |
+|----|----------|
+| AC-34 | All quality gates pass: check, clippy, fmt, test |
+
+---
+
+## Architecture
+
+Designed to fulfill the acceptance criteria above.
+
+### Module Structure
+
+```
+src/
+├── gitlab/
+│   ├── client.rs      # fetch_todos() method (AC-4, AC-5)
+│   └── types.rs       # GitLabTodo struct
+├── ingestion/
+│   └── todos.rs       # sync_todos(), purge-safe deletion (AC-6, AC-7)
+├── cli/commands/
+│   ├── todos.rs       # lore todos command (AC-10-17)
+│   └── me/
+│       ├── types.rs   # MeTodo, extend MeSummary (AC-18)
+│       └── queries.rs # query_todos() (AC-19, AC-23)
+└── core/
+    └── db.rs          # Migration 028 (AC-1, AC-2, AC-3)
+```
+
+### Data Flow
+
+```
+GitLab API                Local SQLite              CLI Output
+───────────               ────────────              ──────────
+GET /api/v4/todos    →    todos table          →   lore todos
+(account-wide)            (purge-safe sync)        lore me --todos
+```
+
+### Key Design Decisions
+
+| Decision | Rationale | ACs |
+|----------|-----------|-----|
+| Account-wide fetch | GitLab todos API is user-scoped, not project-scoped | AC-5, AC-21 |
+| Purge-safe deletion | Transient errors should not delete valid data | AC-7 |
+| Separate from attention | Todos are notifications, not engagement signals | AC-26, AC-27 |
+| Store all actions, display core | Future-proofs for new action types | AC-24, AC-25 |
+
+### Existing Code to Extend
+
+| Type | Location | Extension |
+|------|----------|-----------|
+| `MeSummary` | `src/cli/commands/me/types.rs` | Add `pending_todo_count` field |
+| `ActivityEventType` | `src/cli/commands/me/types.rs` | Add `Todo` variant |
+| `MeDashboard` | `src/cli/commands/me/types.rs` | Add `todos: Vec<MeTodo>` field |
+| `SyncArgs` | `src/cli/mod.rs` | Add `--no-todos` flag |
+| `MeArgs` | `src/cli/mod.rs` | Add `--todos` flag |
+
+---
+
+## Implementation Specifications
+
+Each IMP section details HOW to fulfill specific ACs.
+
+### IMP-1: Database Schema
+
+**Fulfills:** AC-1, AC-2, AC-3
+
+**Migration 028:**
+
+```sql
+CREATE TABLE todos (
+    id INTEGER PRIMARY KEY,
+    gitlab_todo_id INTEGER NOT NULL UNIQUE,
+    project_id INTEGER REFERENCES projects(id) ON DELETE SET NULL,
+    gitlab_project_id INTEGER,
+    target_type TEXT NOT NULL,
+    target_id TEXT,
+    target_iid INTEGER,
+    target_url TEXT NOT NULL,
+    target_title TEXT,
+    action_name TEXT NOT NULL,
+    author_id INTEGER,
+    author_username TEXT,
+    body TEXT,
+    created_at INTEGER NOT NULL,
+    updated_at INTEGER NOT NULL,
+    synced_at INTEGER NOT NULL,
+    sync_generation INTEGER NOT NULL DEFAULT 0,
+    project_path TEXT
+);
+
+CREATE INDEX idx_todos_action_created ON todos(action_name, created_at DESC);
+CREATE INDEX idx_todos_target ON todos(target_type, target_id);
+CREATE INDEX idx_todos_created ON todos(created_at DESC);
+CREATE INDEX idx_todos_sync_gen ON todos(sync_generation);
+CREATE INDEX idx_todos_gitlab_project ON todos(gitlab_project_id);
+CREATE INDEX idx_todos_target_lookup ON todos(target_type, project_id, target_iid);
+```
+
+**Notes:**
+- `project_id` nullable for non-synced projects (AC-3)
+- `gitlab_project_id` nullable — TODO targets include non-project entities (Namespace, etc.)
+- No `state` column — we only store pending todos
+- `sync_generation` enables two-generation grace purge (AC-7)
+
+---
+
+### IMP-2: GitLab API Client
+
+**Fulfills:** AC-4, AC-5
+
+**Endpoint:** `GET /api/v4/todos?state=pending`
+
+**Types to add in `src/gitlab/types.rs`:**
+
+```rust
+#[derive(Debug, Deserialize)]
+pub struct GitLabTodo {
+    pub id: i64,
+    pub project: Option<GitLabTodoProject>,
+    pub author: Option<GitLabTodoAuthor>,
+    pub action_name: String,
+    pub target_type: String,
+    pub target: Option<GitLabTodoTarget>,
+    pub target_url: String,
+    pub body: Option<String>,
+    pub state: String,
+    pub created_at: String,
+    pub updated_at: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct GitLabTodoProject {
+    pub id: i64,
+    pub path_with_namespace: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct GitLabTodoTarget {
+    pub id: serde_json::Value,  // i64 or String (commit SHA)
+    pub iid: Option<i64>,
+    pub title: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct GitLabTodoAuthor {
+    pub id: i64,
+    pub username: String,
+}
+```
+
+**Client method in `src/gitlab/client.rs`:**
+
+```rust
+pub fn fetch_todos(&self) -> impl Stream<Item = Result<GitLabTodo>> {
+    self.paginate("/api/v4/todos?state=pending")
+}
+```
+
+---
+
+### IMP-3: Sync Pipeline Integration
+
+**Fulfills:** AC-4, AC-5, AC-6, AC-7, AC-8, AC-9
+
+**New file: `src/ingestion/todos.rs`**
+
+**Sync position:** Account-wide step after per-project sync and status enrichment.
+
+```
+Sync order:
+1. Issues (per project)
+2. MRs (per project)
+3. Status enrichment (account-wide GraphQL)
+4. Todos (account-wide REST) ← NEW
+```
+
+**Purge-safe deletion pattern:**
+
+```rust
+pub struct TodoSyncResult {
+    pub fetched: usize,
+    pub upserted: usize,
+    pub deleted: usize,
+    pub generation: i64,
+    pub purge_allowed: bool,
+}
+
+pub fn sync_todos(conn: &Connection, client: &GitLabClient) -> Result<TodoSyncResult> {
+    // 1. Get next generation
+    let generation: i64 = conn.query_row(
+        "SELECT COALESCE(MAX(sync_generation), 0) + 1 FROM todos",
+        [], |r| r.get(0)
+    )?;
+
+    let mut fetched = 0;
+    let mut purge_allowed = true;
+
+    // 2. Fetch and upsert all todos
+    for result in client.fetch_todos()? {
+        match result {
+            Ok(todo) => {
+                upsert_todo_guarded(conn, &todo, generation)?;
+                fetched += 1;
+            }
+            Err(e) => {
+                // Malformed JSON: log warning, skip item, disable purge
+                warn!("Skipping malformed todo: {e}");
+                purge_allowed = false;
+            }
+        }
+    }
+
+    // 3. Two-generation grace purge: delete only if missing for 2+ consecutive syncs
+    // This protects against pagination drift (new todos inserted during traversal)
+    let deleted = if purge_allowed {
+        conn.execute("DELETE FROM todos WHERE sync_generation < ? - 1", [generation])?
+    } else {
+        0
+    };
+
+    Ok(TodoSyncResult { fetched, upserted: fetched, deleted, generation, purge_allowed })
+}
+```
+
+**Concurrent-safe upsert:**
+
+```sql
+INSERT INTO todos (..., sync_generation) VALUES (?, ..., ?)
+ON CONFLICT(gitlab_todo_id) DO UPDATE SET
+    ...,
+    sync_generation = excluded.sync_generation,
+    synced_at = excluded.synced_at
+WHERE excluded.sync_generation >= todos.sync_generation;
+```
+
+**"Success" for purge (all must be true):**
+- Every page fetch completed without error
+- Every todo JSON decoded successfully (any decode failure sets `purge_allowed=false`)
+- Pagination traversal completed (not interrupted)
+- Response was not 401/403
+- Zero todos IS valid for purge when above conditions met
+
+**Two-generation grace purge:**
+Todos are deleted only if missing for 2 consecutive successful syncs (`sync_generation < current - 1`).
+This protects against false deletions from pagination drift (new todos inserted during traversal).
+
+---
+
+### IMP-4: Project Path Extraction
+
+**Fulfills:** AC-3, AC-13
+
+```rust
+use once_cell::sync::Lazy;
+use regex::Regex;
+
+pub fn extract_project_path(url: &str) -> Option<&str> {
+    static RE: Lazy<Regex> = Lazy::new(|| {
+        Regex::new(r"https?://[^/]+/(.+?)/-/(?:issues|merge_requests|epics|commits)/")
+            .expect("valid regex")
+    });
+
+    RE.captures(url)
+        .and_then(|c| c.get(1))
+        .map(|m| m.as_str())
+}
+```
+
+**Usage:** Prefer `project.path_with_namespace` from API when available. Fall back to URL extraction for external projects.
+
+---
+
+### IMP-5: `lore todos` Command
+
+**Fulfills:** AC-10, AC-11, AC-12, AC-13, AC-14, AC-15, AC-16, AC-17
+
+**New file: `src/cli/commands/todos.rs`**
+
+**Args:**
+
+```rust
+#[derive(Parser)]
+#[command(alias = "todo")]
+pub struct TodosArgs {
+    #[arg(short = 'n', long)]
+    pub limit: Option<usize>,
+}
+```
+
+**Autocorrect aliases in `src/cli/mod.rs`:**
+
+```rust
+("td", "todos"),
+("todo", "todos"),
+```
+
+**Action type grouping:**
+
+| Group | Actions |
+|-------|---------|
+| Assignments | `assigned` |
+| Mentions | `mentioned`, `directly_addressed` |
+| Approvals | `approval_required` |
+| Build Issues | `build_failed`, `unmergeable` |
+
+**Robot mode schema:**
+
+```json
+{
+  "ok": true,
+  "data": {
+    "todos": [{
+      "id": 123,
+      "gitlab_todo_id": 456,
+      "action": "mentioned",
+      "target_type": "Issue",
+      "target_iid": 42,
+      "target_title": "Fix login bug",
+      "target_url": "https://...",
+      "project_path": "group/repo",
+      "author_username": "jdoe",
+      "body": "Hey @you, can you look at this?",
+      "created_at_iso": "2026-02-20T10:00:00Z",
+      "is_external": false
+    }],
+    "counts": {
+      "total": 8,
+      "assigned": 2,
+      "mentioned": 5,
+      "approval_required": 1,
+      "build_failed": 0,
+      "unmergeable": 0,
+      "other": 0
+    }
+  },
+  "meta": {"elapsed_ms": 42}
+}
+```
+
+**Minimal fields:** `gitlab_todo_id`, `action`, `target_type`, `target_iid`, `project_path`, `is_external`
+
+---
+
+### IMP-6: `lore me` Integration
+
+**Fulfills:** AC-18, AC-19, AC-20, AC-21, AC-22, AC-23
+
+**Types to add/extend in `src/cli/commands/me/types.rs`:**
+
+```rust
+// EXTEND
+pub struct MeSummary {
+    // ... existing fields ...
+    pub pending_todo_count: usize,  // ADD
+}
+
+// EXTEND
+pub enum ActivityEventType {
+    // ... existing variants ...
+    Todo,  // ADD
+}
+
+// EXTEND
+pub struct MeDashboard {
+    // ... existing fields ...
+    pub todos: Vec<MeTodo>,  // ADD
+}
+
+// NEW
+pub struct MeTodo {
+    pub id: i64,
+    pub gitlab_todo_id: i64,
+    pub action: String,
+    pub target_type: String,
+    pub target_iid: Option<i64>,
+    pub target_title: Option<String>,
+    pub target_url: String,
+    pub project_path: String,
+    pub author_username: Option<String>,
+    pub body: Option<String>,
+    pub created_at: i64,
+    pub is_external: bool,
+}
+```
+
+**Warning for `--project` with `--todos` (AC-22):**
+
+```rust
+if args.todos && args.project.is_some() {
+    eprintln!("Warning: Todos are account-wide; project filter not applied");
+}
+```
+
+---
+
+### IMP-7: Error Handling
+
+**Fulfills:** AC-28, AC-29, AC-30
+
+| Error | Behavior |
+|-------|----------|
+| 403 Forbidden | Log warning, skip todo sync, continue with other entities |
+| 429 Rate Limited | Respect `Retry-After` header using existing retry policy |
+| Malformed JSON | Log warning with todo ID, skip item, set `purge_allowed=false`, continue batch |
+
+**Rationale for purge disable on malformed JSON:** If we can't decode a todo, we don't know its `gitlab_todo_id`. Without that, we might accidentally purge a valid todo that was simply malformed in transit. Disabling purge for that sync is the safe choice.
+
+---
+
+### IMP-8: Test Fixtures
+
+**Fulfills:** AC-34
+
+**Location:** `tests/fixtures/todos/`
+
+**`todos_pending.json`:**
+```json
+[
+  {
+    "id": 102,
+    "project": {"id": 2, "path_with_namespace": "diaspora/client"},
+    "author": {"id": 1, "username": "admin"},
+    "action_name": "mentioned",
+    "target_type": "Issue",
+    "target": {"id": 11, "iid": 4, "title": "Inventory system"},
+    "target_url": "https://gitlab.example.com/diaspora/client/-/issues/4",
+    "body": "@user please review",
+    "state": "pending",
+    "created_at": "2026-02-20T10:00:00.000Z",
+    "updated_at": "2026-02-20T10:00:00.000Z"
+  }
+]
+```
+
+**`todos_empty.json`:** `[]`
+
+**`todos_commit_target.json`:** (target.id is string SHA)
+
+**`todos_niche_actions.json`:** (merge_train_removed, etc.)
+
+---
+
+## Rollout Slices
+
+### Dependency Graph
+
+```
+Slice A ──────► Slice B ──────┬──────► Slice C
+(Schema)        (Sync)        │        (`lore todos`)
+                              │
+                              └──────► Slice D
+                                       (`lore me`)
+
+                 Slice C ───┬───► Slice E
+                 Slice D ───┘    (Polish)
+```
+
+### Slice A: Schema + Client
+
+**ACs:** AC-1, AC-2, AC-3, AC-4, AC-5
+**IMPs:** IMP-1, IMP-2, IMP-4
+**Deliverable:** Migration + client method + deserialization tests pass
+
+### Slice B: Sync Integration
+
+**ACs:** AC-6, AC-7, AC-8, AC-9, AC-28, AC-29, AC-30
+**IMPs:** IMP-3, IMP-7
+**Deliverable:** `lore sync` fetches todos; `--no-todos` works
+
+### Slice C: `lore todos` Command
+
+**ACs:** AC-10, AC-11, AC-12, AC-13, AC-14, AC-15, AC-16, AC-17, AC-24, AC-25
+**IMPs:** IMP-5
+**Deliverable:** `lore todos` and `lore --robot todos` work
+
+### Slice D: `lore me` Integration
+
+**ACs:** AC-18, AC-19, AC-20, AC-21, AC-22, AC-23, AC-26, AC-27
+**IMPs:** IMP-6
+**Deliverable:** `lore me --todos` works; summary shows count
+
+### Slice E: Polish
+
+**ACs:** AC-31, AC-32, AC-33, AC-34
+**IMPs:** IMP-8
+**Deliverable:** Docs updated; all quality gates pass
+
+---
+
+## Design Decisions
+
+| Decision | Choice | Rationale |
+|----------|--------|-----------|
+| Write operations | Read-only | Complexity; glab handles writes |
+| Storage | SQLite | Consistent with existing architecture |
+| Project filter | Account-wide only | GitLab API is user-scoped |
+| Action type display | Core only | Reduce noise; store all for future |
+| Attention state | Separate signal | Todos are notifications, not engagement |
+| History | Pending only | Simplicity; done todos have no value locally |
+| Grouping | By action type | Matches GitLab UI; aids triage |
+| Purge strategy | Two-generation grace | Protects against pagination drift during sync |
+
+---
+
+## Out of Scope
+
+- Write operations (mark as done)
+- Done todo history tracking
+- Filters beyond `--limit`
+- Todo-based attention state boosting
+- Notification settings API
+
+---
+
+## References
+
+- [GitLab To-Do List API](https://docs.gitlab.com/api/todos/)
+- [GitLab User Todos](https://docs.gitlab.com/user/todos/)

plans/init-refresh-flag.md

@@ -0,0 +1,137 @@
+# Plan: `lore init --refresh`
+
+**Created:** 2026-03-02
+**Status:** Complete
+
+## Problem
+
+When new repos are added to the config file, `lore sync` doesn't pick them up because project discovery only happens during `lore init`. Currently, users must use `--force` to overwrite their config, which is awkward.
+
+## Solution
+
+Add `--refresh` flag to `lore init` that reads the existing config and updates the database to match, without overwriting the config file.
+
+---
+
+## Implementation Plan
+
+### 1. CLI Changes (`src/cli/mod.rs`)
+
+Add to init subcommand:
+- `--refresh` flag (conflicts with `--force`)
+- Ensure `--robot` / `-J` propagates to init
+
+### 2. Update `InitOptions` struct
+
+```rust
+pub struct InitOptions {
+    pub config_path: Option<String>,
+    pub force: bool,
+    pub non_interactive: bool,
+    pub refresh: bool,       // NEW
+    pub robot_mode: bool,    // NEW
+}
+```
+
+### 3. New `RefreshResult` struct
+
+```rust
+pub struct RefreshResult {
+    pub user: UserInfo,
+    pub projects_registered: Vec<ProjectInfo>,
+    pub projects_failed: Vec<ProjectFailure>,  // path + error message
+    pub orphans_found: Vec<String>,            // paths in DB but not config
+    pub orphans_deleted: Vec<String>,          // if user said yes
+}
+
+pub struct ProjectFailure {
+    pub path: String,
+    pub error: String,
+}
+```
+
+### 4. Main logic: `run_init_refresh()` (new function)
+
+```
+1. Load config via Config::load()
+2. Resolve token, call get_current_user() → validate auth
+3. For each project in config.projects:
+   - Call client.get_project(path)
+   - On success: collect for DB upsert
+   - On failure: collect in projects_failed
+4. Query DB for all existing projects
+5. Compute orphans = DB projects - config projects
+6. If orphans exist:
+   - Robot mode: include in output, no prompt, no delete
+   - Interactive: prompt "Delete N orphan projects? [y/N]"
+     - Default N → skip deletion
+     - Y → delete from DB
+7. Upsert validated projects into DB
+8. Return RefreshResult
+```
+
+### 5. Improve existing init error message
+
+In `run_init()`, when config exists and neither `--refresh` nor `--force`:
+
+**Current:**
+> Config file exists at ~/.config/lore/config.json. Use --force to overwrite.
+
+**New:**
+> Config already exists at ~/.config/lore/config.json.
+> - Use `--refresh` to register new projects from config
+> - Use `--force` to overwrite the config file
+
+### 6. Robot mode output
+
+```json
+{
+  "ok": true,
+  "data": {
+    "mode": "refresh",
+    "user": { "username": "...", "name": "..." },
+    "projects_registered": [...],
+    "projects_failed": [...],
+    "orphans_found": ["old/project"],
+    "orphans_deleted": []
+  },
+  "meta": { "elapsed_ms": 123 }
+}
+```
+
+### 7. Human output
+
+```
+  ✓ Authenticated as @username (Full Name)
+
+  Projects
+    ✓ group/project-a          registered
+    ✓ group/project-b          registered
+    ✗ group/nonexistent        not found
+
+  Orphans
+    • old/removed-project
+
+  Delete 1 orphan project from database? [y/N]: n
+
+  Registered 2 projects (1 failed, 1 orphan kept)
+```
+
+---
+
+## Files to Touch
+
+1. **`src/cli/mod.rs`** — add `--refresh` and `--robot` to init subcommand args
+2. **`src/cli/commands/init.rs`** — add `RefreshResult`, `run_init_refresh()`, update error message
+3. **`src/main.rs`** (or CLI dispatch) — route `--refresh` to new function
+
+---
+
+## Acceptance Criteria
+
+- [x] `lore init --refresh` reads existing config and registers projects
+- [x] Validates GitLab auth before processing
+- [x] Orphan projects prompt with default N (interactive mode)
+- [x] Robot mode outputs JSON, no prompts, includes orphans in output
+- [x] Existing `lore init` (no flags) suggests `--refresh` when config exists
+- [x] `--refresh` and `--force` are mutually exclusive

plans/lore-service.feedback-1.md

@@ -1,186 +0,0 @@
-1. **Isolate scheduled behavior from manual `sync`**
-Reasoning: Your current plan injects backoff into `handle_sync_cmd`, which affects all `lore sync` calls (including manual recovery runs). Scheduled behavior should be isolated so humans aren’t unexpectedly blocked by service backoff.
-
-```diff
-@@ Context
--`lore sync` runs a 4-stage pipeline (issues, MRs, docs, embeddings) that takes 2-4 minutes.
-+`lore sync` remains the manual/operator command.
-+`lore service run` (hidden/internal) is the scheduled execution entrypoint.
-
-@@ Commands & User Journeys
-+### `lore service run` (hidden/internal)
-+**What it does:** Executes one scheduled sync attempt with service-only policy:
-+- applies service backoff policy
-+- records service run state
-+- invokes sync pipeline with configured profile
-+- updates retry state on success/failure
-+
-+**Invocation:** scheduler always runs:
-+`lore --robot service run --reason timer`
-
-@@ Backoff Integration into `handle_sync_cmd`
--Insert **after** config load but **before** the dry_run check:
-+Do not add backoff checks to `handle_sync_cmd`.
-+Backoff logic lives only in `handle_service_run`.
-```
-
-2. **Use DB as source-of-truth for service state (not a standalone JSON status file)**
-Reasoning: You already have `sync_runs` in SQLite. A separate JSON status file creates split-brain and race/corruption risk. Keep JSON as optional cache/export only.
-
-```diff
-@@ Status File
--Location: `{get_data_dir()}/sync-status.json`
-+Primary state location: SQLite (`service_state` table) + existing `sync_runs`.
-+Optional mirror file: `{get_data_dir()}/sync-status.json` (best-effort export only).
-
-@@ File-by-File Implementation Details
--### `src/core/sync_status.rs` (NEW)
-+### `migrations/015_service_state.sql` (NEW)
-+CREATE TABLE service_state (
-+  id INTEGER PRIMARY KEY CHECK (id = 1),
-+  installed INTEGER NOT NULL DEFAULT 0,
-+  platform TEXT,
-+  interval_seconds INTEGER,
-+  profile TEXT NOT NULL DEFAULT 'balanced',
-+  consecutive_failures INTEGER NOT NULL DEFAULT 0,
-+  next_retry_at_ms INTEGER,
-+  last_error_code TEXT,
-+  last_error_message TEXT,
-+  updated_at_ms INTEGER NOT NULL
-+);
-+
-+### `src/core/service_state.rs` (NEW)
-+- read/write state row
-+- derive backoff/next_retry
-+- join with latest `sync_runs` for status output
-```
-
-3. **Backoff policy should be configurable, jittered, and error-aware**
-Reasoning: Fixed hardcoded backoff (`base=1800`) is wrong when user sets another interval. Also permanent failures (bad token/config) should not burn retries forever; they should enter paused/error state.
-
-```diff
-@@ Backoff Logic
--// Exponential: base * 2^failures, capped at 4 hours
-+// Exponential with jitter: base * 2^(failures-1), capped, ±20% jitter
-+// Applies only to transient errors.
-+// Permanent errors set `paused_reason` and stop retries until user action.
-
-@@ CLI Definition Changes
-+ServiceCommand::Resume,   // clear paused state / failures
-+ServiceCommand::Run,      // hidden
-
-@@ Error Types
-+ServicePaused,            // scheduler paused due to permanent error
-+ServiceCommandFailed,     // OS command failure with stderr context
-```
-
-4. **Add a pipeline-level single-flight lock**
-Reasoning: Current locking is in ingest stages; there’s still overlap risk across full sync pipelines (docs/embed can overlap with another run). Add a top-level lock for scheduled/manual sync pipeline execution.
-
-```diff
-@@ Architecture
-+Add `sync_pipeline` lock at top-level sync execution.
-+Keep existing ingest lock (`sync`) for ingest internals.
-
-@@ Backoff Integration into `handle_sync_cmd`
-+Before starting sync pipeline, acquire `AppLock` with:
-+name = "sync_pipeline"
-+stale_lock_minutes = config.sync.stale_lock_minutes
-+heartbeat_interval_seconds = config.sync.heartbeat_interval_seconds
-```
-
-5. **Don’t embed token in service files by default**
-Reasoning: Embedding PAT into unit/plist is a high-risk secret leak path. Make secure storage explicit and default-safe.
-
-```diff
-@@ `lore service install [--interval 30m]`
-+`lore service install [--interval 30m] [--token-source env-file|embedded]`
-+Default: `env-file` (0600 perms, user-owned)
-+`embedded` allowed only with explicit opt-in and warning
-
-@@ Robot output
--    "token_embedded": true
-+    "token_source": "env_file"
-
-@@ Human output
--  Note: Your GITLAB_TOKEN is embedded in the service file.
-+  Note: Token is stored in a user-private env file (0600).
-```
-
-6. **Introduce a command-runner abstraction with timeout + stderr capture**
-Reasoning: `launchctl/systemctl/schtasks` calls are failure-prone; you need consistent error mapping and deterministic tests.
-
-```diff
-@@ Platform Backends
--exports free functions that dispatch via `#[cfg(target_os)]`
-+exports backend + shared `CommandRunner`:
-+- run(cmd, args, timeout)
-+- capture stdout/stderr/exit code
-+- map failure to `ServiceCommandFailed { cmd, exit_code, stderr }`
-```
-
-7. **Persist install manifest to avoid brittle file parsing**
-Reasoning: Parsing timer/plist for interval/state is fragile and platform-format dependent. Persist a manifest with checksums and expected artifacts.
-
-```diff
-@@ Platform Backends
--Same pattern for ... `get_interval_seconds()`
-+Add manifest: `{data_dir}/service-manifest.json`
-+Stores platform, interval, profile, generated files, and command.
-+`service status` reads manifest first, then verifies platform state.
-
-@@ Acceptance criteria
-+Install is idempotent:
-+- if manifest+files already match, report `no_change: true`
-+- if drift detected, reconcile and rewrite
-```
-
-8. **Make schedule profile explicit (`fast|balanced|full`)**
-Reasoning: This makes the feature more useful and performance-tunable without requiring users to understand internal flags.
-
-```diff
-@@ `lore service install [--interval 30m]`
-+`lore service install [--interval 30m] [--profile fast|balanced|full]`
-+
-+Profiles:
-+- fast: `sync --no-docs --no-embed`
-+- balanced (default): `sync --no-embed`
-+- full: `sync`
-```
-
-9. **Upgrade `service status` to include scheduler health + recent run summary**
-Reasoning: Single last-sync snapshot is too shallow. Include recent attempts and whether scheduler is paused/backing off/running.
-
-```diff
-@@ `lore service status`
--What it does: Shows whether the service is installed, its configuration, last sync result, and next scheduled run.
-+What it does: Shows install state, scheduler state (running/backoff/paused), recent runs, and next run estimate.
-
-@@ Robot output
--    "last_sync": { ... },
--    "backoff": null
-+    "scheduler_state": "running|backoff|paused|idle",
-+    "last_sync": { ... },
-+    "recent_runs": [{"run_id":"...","status":"...","started_at_iso":"..."}],
-+    "backoff": null,
-+    "paused_reason": null
-```
-
-10. **Strengthen tests around determinism and cross-platform generation**
-Reasoning: Time-based backoff and shell quoting are classic flaky points. Add fake clock + fake command runner for deterministic tests.
-
-```diff
-@@ Testing Strategy
-+Add deterministic test seams:
-+- `Clock` trait for backoff/now calculations
-+- `CommandRunner` trait for backend command execution
-+
-+Add tests:
-+- transient vs permanent error classification
-+- backoff schedule with jitter bounds
-+- manifest drift reconciliation
-+- quoting/escaping for paths with spaces and special chars
-+- `service run` does not modify manual `sync` behavior
-```
-
-If you want, I can rewrite your full plan as a single clean revised document with these changes already integrated (instead of patch fragments).

plans/lore-service.feedback-2.md

@@ -1,182 +0,0 @@
-**High-Impact Revisions (ordered by priority)**
-
-1. **Make service identity project-scoped (avoid collisions across repos/users)**
-Analysis: Current fixed names (`com.gitlore.sync`, `LoreSync`, `lore-sync.timer`) will collide when users run multiple gitlore workspaces. This causes silent overwrites and broken uninstall/status behavior.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Commands & User Journeys / install
-- lore service install [--interval 30m] [--profile balanced] [--token-source env-file]
-+ lore service install [--interval 30m] [--profile balanced] [--token-source auto] [--name <optional>]
-@@ Install Manifest Schema
-+    /// Stable per-install identity (default derived from project root hash)
-+    pub service_id: String,
-@@ Platform Backends
-- Label: com.gitlore.sync
-+ Label: com.gitlore.sync.{service_id}
-- Task name: LoreSync
-+ Task name: LoreSync-{service_id}
-- ~/.config/systemd/user/lore-sync.service
-+ ~/.config/systemd/user/lore-sync-{service_id}.service
-```
-
-2. **Replace token model with secure per-OS defaults**
-Analysis: The current “env-file default” is not actually secure on macOS launchd (token still ends up in plist). On Windows, assumptions about inherited environment are fragile. Use OS-native secure stores by default and keep `embedded` as explicit opt-in only.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Token storage strategies
--| env-file (default) | ...
-+| auto (default) | macOS: Keychain, Linux: env-file (0600), Windows: Credential Manager |
-+| env-file | Linux/systemd only |
- | embedded | ... explicit warning ...
-@@ macOS launchd section
-- env-file strategy stores canonical token in service-env but embeds token in plist
-+ default strategy is Keychain lookup at runtime; no token persisted in plist
-+ env-file is not offered on macOS
-@@ Windows schtasks section
-- token must be in user's system environment
-+ default strategy stores token in Windows Credential Manager and injects at runtime
-```
-
-3. **Version and atomically persist manifest/status**
-Analysis: `Option<Self>` on read hides corruption, and non-atomic writes risk truncated JSON on crashes. This will create false “not installed” and scheduler confusion.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Install Manifest Schema
-+    pub schema_version: u32, // start at 1
-+    pub updated_at_iso: String,
-@@ Status File Schema
-+    pub schema_version: u32, // start at 1
-+    pub updated_at_iso: String,
-@@ Read/Write
-- read(path) -> Option<Self>
-+ read(path) -> Result<Option<Self>, LoreError>
-- write(...) -> std::io::Result<()>
-+ write_atomic(...) -> std::io::Result<()> // tmp file + fsync + rename
-```
-
-4. **Persist `next_retry_at_ms` instead of recomputing jitter**
-Analysis: Deterministic jitter from timestamp modulo is predictable and can herd retries. Persisting `next_retry_at_ms` at failure time makes status accurate, stable, and cheap to compute.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ SyncStatusFile
-     pub consecutive_failures: u32,
-+    pub next_retry_at_ms: Option<i64>,
-@@ Backoff Logic
-- compute backoff from last_run.timestamp_ms and deterministic jitter each read
-+ compute backoff once on failure, store next_retry_at_ms, read-only comparison afterward
-+ jitter algorithm: full jitter in [0, cap], injectable RNG for tests
-```
-
-5. **Add circuit breaker for repeated transient failures**
-Analysis: Infinite transient retries can run forever on systemic failures (DB corruption, bad network policy). After N transient failures, pause with actionable reason.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Scheduler states
-- backoff — transient failures, waiting to retry
-+ backoff — transient failures, waiting to retry
-+ paused — permanent error OR circuit breaker tripped after N transient failures
-@@ Service run flow
-- On transient failure: increment failures, compute backoff
-+ On transient failure: increment failures, compute backoff, if failures >= max_transient_failures -> pause
-```
-
-6. **Stage-aware outcome policy (core freshness over all-or-nothing)**
-Analysis: Failing embeddings/docs should not block issues/MRs freshness. Split stage outcomes and only treat core stages as hard-fail by default. This improves reliability and practical usefulness.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Context
-- lore sync runs a 4-stage pipeline ... treated as one run result
-+ lore service run records per-stage outcomes (issues, mrs, docs, embeddings)
-@@ Status File Schema
-+    pub stage_results: Vec<StageResult>,
-@@ service run flow
-- Execute sync pipeline with flags derived from profile
-+ Execute stage-by-stage and classify severity:
-+   - critical: issues, mrs
-+   - optional: docs, embeddings
-+ optional stage failures mark run as degraded, not failed
-```
-
-7. **Replace cfg free-function backend with trait-based backend**
-Analysis: Current backend API is hard to test end-to-end without real OS commands. A `SchedulerBackend` trait enables deterministic integration tests and cleaner architecture.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Platform Backends / Architecture
-- exports free functions dispatched via #[cfg]
-+ define trait SchedulerBackend { install, uninstall, state, file_paths, next_run }
-+ provide LaunchdBackend, SystemdBackend, SchtasksBackend implementations
-+ include FakeBackend for integration tests
-```
-
-8. **Harden platform units and detect scheduler prerequisites**
-Analysis: systemd user timers often fail silently without user manager/linger; launchd context can be wrong in headless sessions. Add explicit diagnostics and unit hardening.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Linux systemd unit
- [Service]
- Type=oneshot
- ExecStart=...
-+TimeoutStartSec=900
-+NoNewPrivileges=true
-+PrivateTmp=true
-+ProtectSystem=strict
-+ProtectHome=read-only
-@@ Linux install/status
-+ detect user manager availability and linger state; surface warning/action
-@@ macOS install/status
-+ detect non-GUI bootstrap context and return actionable error
-```
-
-9. **Add operational commands: `trigger`, `doctor`, and non-interactive log tail**
-Analysis: `logs` opening an editor is weak for automation and incident response. Operators need a preflight and immediate controlled run.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ ServiceCommand
-+ Trigger, // run one attempt through service policy now
-+ Doctor,  // validate scheduler, token, paths, permissions
-@@ logs
-- opens editor
-+ supports --tail <n> and --follow in human mode
-+ robot mode can return last_n lines optionally
-```
-
-10. **Fix plan inconsistencies and edge-case correctness**
-Analysis: There are internal mismatches that will cause implementation drift.  
-Diff:
-```diff
---- a/plan.md
-+++ b/plan.md
-@@ Interval Parsing
-- supports 's' suffix
-+ remove 's' suffix (acceptance only allows 5m..24h)
-@@ uninstall acceptance
-- removes ALL service files only
-+ explicitly also remove service-manifest and service-env (status/logs retained)
-@@ SyncStatusFile schema
-- pub last_run: SyncRunRecord
-+ pub last_run: Option<SyncRunRecord> // matches idle/no runs state
-```
-
----
-
-**Recommended Architecture Upgrade Summary**
-
-The strongest improvement set is: **(1) project-scoped IDs, (2) secure token defaults, (3) atomic/versioned state, (4) persisted retry schedule + circuit breaker, (5) stage-aware outcomes**. That combination materially improves correctness, multi-repo safety, security, operability, and real-world reliability without changing your core manual-vs-scheduled separation principle.

plans/lore-service.feedback-3.md

@@ -1,174 +0,0 @@
-Below are the highest-impact revisions I’d make, ordered by severity/ROI. These focus on correctness first, then security, then operability and UX.
-
-1. **Fix multi-install ambiguity (`service_id` exists, but commands can’t target one explicitly)**
-Analysis: The plan introduces `service-manifest-{service_id}.json`, but `status/uninstall/resume/logs` have no selector. In a multi-workspace or multi-name install scenario, behavior becomes ambiguous and error-prone. Add explicit targeting plus discovery.
-```diff
-@@ ## Commands & User Journeys
-+### `lore service list`
-+Lists installed services discovered from `{data_dir}/service-manifest-*.json`.
-+Robot output includes `service_id`, `platform`, `interval_seconds`, `profile`, `installed_at_iso`.
-
-@@ ### `lore service uninstall`
--### `lore service uninstall`
-+### `lore service uninstall [--service <service_id|name>] [--all]`
-@@
--2. CLI reads install manifest to find `service_id`
-+2. CLI resolves target service via `--service` or current-project-derived default.
-+3. If multiple candidates and no selector, return actionable error.
-
-@@ ### `lore service status`
--### `lore service status`
-+### `lore service status [--service <service_id|name>]`
-```
-
-2. **Make status state service-scoped (not global)**
-Analysis: A single `sync-status.json` for all services causes cross-service contamination (pause/backoff/outcome from one profile affecting another). Keep lock global, but state per service.
-```diff
-@@ ## Status File
--### Location
--`{get_data_dir()}/sync-status.json`
-+### Location
-+`{get_data_dir()}/sync-status-{service_id}.json`
-
-@@ ## Paths Module Additions
--pub fn get_service_status_path() -> PathBuf {
--    get_data_dir().join("sync-status.json")
-+pub fn get_service_status_path(service_id: &str) -> PathBuf {
-+    get_data_dir().join(format!("sync-status-{service_id}.json"))
-}
-@@
--Note: `sync-status.json` is NOT scoped by `service_id`
-+Note: status is scoped by `service_id`; lock remains global (`sync_pipeline`) to prevent overlapping writes.
-```
-
-3. **Stop classifying permanence via string matching**
-Analysis: Matching `"401 Unauthorized"` in strings is brittle and will misclassify edge cases. Carry machine codes through stage results and classify by `ErrorCode` only.
-```diff
-@@ pub struct StageResult {
--    pub error: Option<String>,
-+    pub error: Option<String>,
-+    pub error_code: Option<String>, // e.g., AUTH_FAILED, NETWORK_ERROR
-}
-@@ Error classification helpers
--fn is_permanent_error_message(msg: Option<&str>) -> bool { ...string contains... }
-+fn is_permanent_error_code(code: Option<&str>) -> bool {
-+    matches!(code, Some("TOKEN_NOT_SET" | "AUTH_FAILED" | "CONFIG_NOT_FOUND" | "CONFIG_INVALID" | "MIGRATION_FAILED"))
-+}
-```
-
-4. **Install should be transactional (manifest written last)**
-Analysis: Current order writes manifest before scheduler enable. If enable fails, you persist a false “installed” state. Use two-phase install with rollback.
-```diff
-@@ ### `lore service install` User journey
--9. CLI writes install manifest ...
--10. CLI runs the platform-specific enable command
-+9. CLI runs the platform-specific enable command
-+10. On success, CLI writes install manifest atomically
-+11. On failure, CLI removes generated files and returns `ServiceCommandFailed`
-```
-
-5. **Fix launchd token security gap (env-file currently still embeds token)**
-Analysis: Current “env-file” on macOS still writes token into plist, defeating the main security goal. Generate a private wrapper script that reads env file at runtime and execs `lore`.
-```diff
-@@ ### macOS: launchd
--<key>ProgramArguments</key>
--<array>
--    <string>{binary_path}</string>
--    <string>--robot</string>
--    <string>service</string>
--    <string>run</string>
--</array>
-+<key>ProgramArguments</key>
-+<array>
-+    <string>{data_dir}/service-run-{service_id}.sh</string>
-+</array>
-@@
--`env-file`: ... token value must still appear in plist ...
-+`env-file`: token never appears in plist; wrapper loads `{data_dir}/service-env-{service_id}` at runtime.
-```
-
-6. **Improve backoff math and add half-open circuit recovery**
-Analysis: Current jitter + min clamp makes first retry deterministic and can over-pause. Also circuit-breaker requires manual resume forever. Add cooldown + half-open probe to self-heal.
-```diff
-@@ Backoff Logic
--let backoff_secs = ((base_backoff as f64) * jitter_factor) as u64;
--let backoff_secs = backoff_secs.max(base_interval_seconds);
-+let max_backoff = base_backoff;
-+let min_backoff = base_interval_seconds;
-+let span = max_backoff.saturating_sub(min_backoff);
-+let backoff_secs = min_backoff + ((span as f64) * jitter_factor) as u64;
-
-@@ Scheduler states
--- `paused` — permanent error ... OR circuit breaker tripped ...
-+- `paused` — permanent error requiring intervention
-+- `half_open` — probe state after circuit cooldown; one trial run allowed
-
-@@ Circuit breaker
--... transitions to `paused` ... Run: lore service resume
-+... transitions to `half_open` after cooldown (default 30m). Successful probe closes breaker automatically; failed probe returns to backoff/paused.
-```
-
-7. **Promote backend trait to v1 (not v2) for deterministic integration tests**
-Analysis: This is a reliability-critical feature spanning OS schedulers. A trait abstraction now gives true behavior tests and safer refactors.
-```diff
-@@ ### Platform Backends
--> Future architecture note: A `SchedulerBackend` trait ... for v2.
-+Adopt `SchedulerBackend` trait in v1 with real backends (`launchd/systemd/schtasks`) and `FakeBackend` for tests.
-+This enables deterministic install/uninstall/status/run-path integration tests without touching host scheduler.
-```
-
-8. **Harden `run_cmd` timeout behavior**
-Analysis: If timeout occurs, child process must be killed and reaped. Otherwise you leak processes and can wedge repeated runs.
-```diff
-@@ fn run_cmd(...)
--// Wait with timeout
--let output = wait_with_timeout(output, timeout_secs)?;
-+// Wait with timeout; on timeout kill child and wait to reap
-+let output = wait_with_timeout_kill_and_reap(child, timeout_secs)?;
-```
-
-9. **Add manual control commands (`pause`, `trigger`, `repair`)**
-Analysis: These are high-utility operational controls. `trigger` helps immediate sync without waiting interval. `pause` supports maintenance windows. `repair` avoids manual file deletion for corrupt state.
-```diff
-@@ pub enum ServiceCommand {
-+    /// Pause scheduled execution without uninstalling
-+    Pause { #[arg(long)] reason: Option<String> },
-+    /// Trigger an immediate one-off run using installed profile
-+    Trigger { #[arg(long)] ignore_backoff: bool },
-+    /// Repair corrupt manifest/status by backing up and reinitializing
-+    Repair { #[arg(long)] service: Option<String> },
-}
-```
-
-10. **Make `logs` default non-interactive and add rotation policy**
-Analysis: Opening editor by default is awkward for automation/SSH and slower for normal diagnosis. Defaulting to `tail` is more practical; `--open` can preserve editor behavior.
-```diff
-@@ ### `lore service logs`
--By default, opens in the user's preferred editor.
-+By default, prints last 100 lines to stdout.
-+Use `--open` to open editor.
-@@
-+Log rotation: rotate `service-stdout.log` / `service-stderr.log` at 10 MB, keep 5 files.
-```
-
-11. **Remove destructive/shell-unsafe suggested action**
-Analysis: `actions(): ["rm {path}", ...]` is unsafe (shell injection + destructive guidance). Replace with safe command path.
-```diff
-@@ LoreError::actions()
--Self::ServiceCorruptState { path, .. } => vec![&format!("rm {path}"), "lore service install"],
-+Self::ServiceCorruptState { .. } => vec!["lore service repair", "lore service install"],
-```
-
-12. **Tighten scheduler units for real-world reliability**
-Analysis: Add explicit working directory and success-exit handling to reduce environment drift and edge failures.
-```diff
-@@ systemd service unit
- [Service]
- Type=oneshot
- ExecStart={binary_path} --robot service run
-+WorkingDirectory={data_dir}
-+SuccessExitStatus=0
- TimeoutStartSec=900
-```
-
-If you want, I can produce a single consolidated “v3 plan” markdown with these revisions already merged into your original structure.

plans/lore-service.feedback-4.md

@@ -1,190 +0,0 @@
-No `## Rejected Recommendations` section was present in the plan you shared, so the proposals below are all net-new.
-
-1. **Make scheduled runs explicitly target a single service instance**
-Analysis: right now `service run` has no selector, but the plan supports multiple installed services. That creates ambiguity and incorrect manifest/status selection. This is the most important architectural fix.
-
-```diff
-@@ `lore service install` What it does
-- runs `lore --robot service run` at the specified interval
-+ runs `lore --robot service run --service-id <service_id>` at the specified interval
-
-@@ Robot output (`install`)
-- "sync_command": "/usr/local/bin/lore --robot service run",
-+ "sync_command": "/usr/local/bin/lore --robot service run --service-id a1b2c3d4",
-
-@@ `ServiceCommand` enum
-- #[command(hide = true)]
-- Run,
-+ #[command(hide = true)]
-+ Run {
-+     /// Internal selector injected by scheduler backend
-+     #[arg(long, hide = true)]
-+     service_id: String,
-+ },
-
-@@ `handle_service_run` signature
--pub fn handle_service_run(start: std::time::Instant) -> Result<(), Box<dyn std::error::Error>>
-+pub fn handle_service_run(service_id: &str, start: std::time::Instant) -> Result<(), Box<dyn std::error::Error>>
-
-@@ run flow step 1
-- Read install manifest
-+ Read install manifest for `service_id`
-```
-
-2. **Strengthen `service_id` derivation to avoid cross-workspace collisions**
-Analysis: hashing config path alone can collide when many workspaces share one global config. Identity should represent what is being synced, not only where config lives.
-
-```diff
-@@ Key Design Principles / Project-Scoped Service Identity
-- derive from a stable hash of the config file path
-+ derive from a stable fingerprint of:
-+ - canonical workspace root
-+ - normalized configured GitLab project URLs
-+ - canonical config path
-+ then take first 12 hex chars of SHA-256
-
-@@ `compute_service_id`
-- Returns first 8 hex chars of SHA-256 of the canonical config path.
-+ Returns first 12 hex chars of SHA-256 of a canonical identity tuple
-+ (workspace_root + sorted project URLs + config_path).
-```
-
-3. **Introduce a service-state machine with a dedicated admin lock**
-Analysis: install/uninstall/pause/resume/repair/status can race each other. A lock and explicit transition table prevents invalid states and file races.
-
-```diff
-@@ New section: Service State Model
-+ All state mutations are serialized by `AppLock("service-admin-{service_id}")`.
-+ Legal transitions:
-+ - idle -> running -> success|degraded|backoff|paused
-+ - backoff -> running|paused
-+ - paused -> half_open|running (resume)
-+ - half_open -> running|paused
-+ Any invalid transition is rejected with `ServiceCorruptState`.
-
-@@ `handle_install`, `handle_uninstall`, `handle_pause`, `handle_resume`, `handle_repair`
-+ Acquire `service-admin-{service_id}` before mutating manifest/status/service files.
-```
-
-4. **Unify manual and scheduled sync execution behind one orchestrator**
-Analysis: the plan currently duplicates stage logic and error classification in `service run`, increasing drift risk. A shared orchestrator gives one authoritative pipeline behavior.
-
-```diff
-@@ Key Design Principles
-+ #### 6. Single Sync Orchestrator
-+ Both `lore sync` and `lore service run` call `SyncOrchestrator`.
-+ Service mode adds policy (backoff/circuit-breaker); manual mode bypasses policy.
-
-@@ Service Run Implementation
-- execute_sync_stages(&sync_args)
-+ SyncOrchestrator::run(SyncMode::Service { profile, policy })
-
-@@ manual sync
-- separate pipeline path
-+ SyncOrchestrator::run(SyncMode::Manual { flags })
-```
-
-5. **Add bounded in-run retries for transient core-stage failures**
-Analysis: single-shot failure handling will over-trigger backoff on temporary network blips. One short retry per core stage significantly improves freshness without much extra runtime.
-
-```diff
-@@ Stage-aware execution
-+ Core stages (`issues`, `mrs`) get up to 1 immediate retry on transient errors
-+ (jittered 1-5s). Permanent errors are never retried.
-+ Optional stages keep best-effort semantics.
-
-@@ Acceptance criteria (`service run`)
-+ Retries transient core stage failures once before counting run as failed.
-```
-
-6. **Harden persistence with full crash-safety semantics**
-Analysis: current atomic write description is good but incomplete for power-loss durability. You should fsync parent directory after rename and include lightweight integrity metadata.
-
-```diff
-@@ `write_atomic`
-- tmp file + fsync + rename
-+ tmp file + fsync(file) + rename + fsync(parent_dir)
-
-@@ `ServiceManifest` and `SyncStatusFile`
-+ pub write_seq: u64,
-+ pub content_sha256: String, // optional integrity guard for repair/doctor
-```
-
-7. **Fix token handling to avoid shell/env injection and add secure-store mode**
-Analysis: sourcing env files in shell is brittle if token contains special chars/newlines. Also, secure OS credential stores should be first-class for production reliability/security.
-
-```diff
-@@ Token storage strategies
--| `env-file` (default) ...
-+| `auto` (default) | use secure-store when available, else env-file |
-+| `secure-store` | macOS Keychain / libsecret / Windows Credential Manager |
-+| `env-file` | explicit fallback |
-
-@@ macOS wrapper script
--. "{data_dir}/service-env-{service_id}"
--export {token_env_var}
-+TOKEN_VALUE="$(cat "{data_dir}/service-token-{service_id}" )"
-+export {token_env_var}="$TOKEN_VALUE"
-
-@@ Acceptance criteria
-+ Reject token values containing `\0` or newline for env-file mode.
-+ Never eval/source untrusted token content.
-```
-
-8. **Correct platform/runtime implementation hazards**
-Analysis: there are a few correctness risks that should be fixed in-plan now.
-
-```diff
-@@ macOS install steps
-- Get UID via `unsafe { libc::getuid() }`
-+ Get UID via safe API (`nix::unistd::Uid::current()` or equivalent safe helper)
-
-@@ Command Runner Helper
-- poll try_wait and read stdout/stderr after exit
-+ avoid potential pipe backpressure deadlock:
-+ use wait-with-timeout + concurrent stdout/stderr draining
-
-@@ Linux timer
-- OnUnitActiveSec={interval_seconds}s
-+ OnUnitInactiveSec={interval_seconds}s
-+ AccuracySec=1min
-```
-
-9. **Make logs fully service-scoped**
-Analysis: you already scoped manifest/status by `service_id`; logs are still global in several places. Multi-service installs will overwrite each other’s logs.
-
-```diff
-@@ Paths Module Additions
--pub fn get_service_log_path() -> PathBuf
-+pub fn get_service_log_path(service_id: &str, stream: LogStream) -> PathBuf
-
-@@ log filenames
-- logs/service-stderr.log
-- logs/service-stdout.log
-+ logs/service-{service_id}-stderr.log
-+ logs/service-{service_id}-stdout.log
-
-@@ `service logs`
-- default path: `{data_dir}/logs/service-stderr.log`
-+ default path: `{data_dir}/logs/service-{service_id}-stderr.log`
-```
-
-10. **Resolve internal spec contradictions and rollback gaps**
-Analysis: there are a few contradictory statements and incomplete rollback behavior that will cause implementation churn.
-
-```diff
-@@ `service logs` behavior
-- default (no flags): open in editor (human)
-+ default (no flags): print last 100 lines (human and robot metadata mode)
-+ `--open` is explicit opt-in
-
-@@ install rollback
-- On failure: removes generated service files
-+ On failure: removes generated service files, env file, wrapper script, and temp manifest
-
-@@ `handle_service_run` sample code
-- let manifest_path = get_service_manifest_path();
-+ let manifest_path = get_service_manifest_path(service_id);
-```
-
-If you want, I can take these revisions and produce a single consolidated “Iteration 4” replacement plan block with all sections rewritten coherently so it’s ready to hand to an implementer.

plans/plan-to-beads-v2-draft.md

@@ -0,0 +1,250 @@
+# plan-to-beads v2 — Draft for Review
+
+This is a draft of the improved skill. Review before applying to `~/.claude/skills/plan-to-beads/SKILL.md`.
+
+---
+
+```markdown
+---
+name: plan-to-beads
+description: Transforms markdown implementation plans into granular, agent-ready beads with dependency graphs. Each bead is fully self-contained — an agent can execute it with zero external context. Triggers on "break down this plan", "create beads from", "convert to beads", "make issues from plan".
+argument-hint: "[path/to/plan.md]"
+---
+
+# Plan to Beads Conversion
+
+## The Prime Directive
+
+**Every bead must be executable by an agent that has ONLY the bead description.** No plan document. No Slack context. No "see the PRD." The bead IS the spec. If an agent can't start coding within 60 seconds of reading the bead, it's not ready.
+
+## Workflow
+
+```
+┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐
+│ 1. PARSE │──▶│ 2. MINE  │──▶│ 3. BUILD │──▶│ 4. LINK  │──▶│ 5. AUDIT │
+│ Structure│   │ Context  │   │ Beads    │   │ Deps     │   │ Quality  │
+└──────────┘   └──────────┘   └──────────┘   └──────────┘   └──────────┘
+```
+
+### 1. Parse Structure
+
+Read the plan document. Identify:
+- **Epics**: Major sections / phases / milestones
+- **Tasks**: Implementable units with clear outcomes (1-4 hour scope)
+- **Subtasks**: Granular steps within tasks
+
+### 2. Mine Context
+
+This is the critical step. For EACH identified task, extract everything an implementing agent will need.
+
+#### From the plan document:
+
+| Extract | Where to look | Example |
+|---------|--------------|---------|
+| **Rationale** | Intro paragraphs, "why" sections | "We need this because the current approach causes N+1 queries" |
+| **Approach details** | Implementation notes, code snippets, architecture decisions | "Use a 5-stage pipeline: SEED → HYDRATE → ..." |
+| **Test requirements** | TDD sections, acceptance criteria, "verify by" notes | "Test that empty input returns empty vec" |
+| **Edge cases & risks** | Warnings, gotchas, "watch out for" notes | "Multi-byte UTF-8 chars can cause panics at byte boundaries" |
+| **Data shapes** | Type definitions, struct descriptions, API contracts | "TimelineEvent { kind: EventKind, timestamp: DateTime, ... }" |
+| **File paths** | Explicit mentions or inferable from module structure | "src/core/timeline_seed.rs" |
+| **Dependencies on other tasks** | "requires X", "after Y is done", "uses Z from step N" | "Consumes the TimelineEvent struct from the types task" |
+| **Verification commands** | Test commands, CLI invocations, expected outputs | "cargo test timeline_seed -- --nocapture" |
+
+#### From the codebase:
+
+Search the codebase to supplement what the plan says:
+- Find existing files mentioned or implied by the plan
+- Discover patterns the task should follow (e.g., how existing similar modules are structured)
+- Check test files for naming conventions and test infrastructure in use
+- Confirm exact file paths rather than guessing
+
+Use codebase search tools (WarpGrep, Explore agent, or targeted Grep/Glob) appropriate to the scope of what you need to find.
+
+### 3. Build Beads
+
+Use `br` exclusively.
+
+| Type | Priority | Command |
+|------|----------|---------|
+| Epic | 1 | `br create "Epic: [Title]" -p 1` |
+| Task | 2-3 | `br create "[Verb] [Object]" -p 2` |
+| Subtask | 3-4 | `br q "[Verb] [Object]"` |
+
+**Granularity target**: Each bead completable in 1-4 hours by one agent.
+
+#### Description Templates
+
+Use the **full template** for all task-level beads. Use the **light template** only for trivially small tasks (config change, single-line fix, add a re-export).
+
+##### Full Template (default)
+
+```
+## Background
+[WHY this exists. What problem it solves. How it fits into the larger system.
+Include enough context that an agent unfamiliar with the project understands
+the purpose. Reference architectural patterns in use.]
+
+## Approach
+[HOW to implement. Be specific:
+- Data structures / types to create or use (include field names and types)
+- Algorithms or patterns to follow
+- Code snippets from the plan if available
+- Which existing code to reference for patterns (exact file paths)]
+
+## Acceptance Criteria
+
+### Specified (from plan — implement as-is)
+- [ ] <criteria explicitly stated in the plan>
+- [ ] <criteria explicitly stated in the plan>
+
+### Proposed (inferred — confirm with user before implementing) [?]
+- [ ] [?] <criteria the agent inferred but the plan didn't specify>
+- [ ] [?] <criteria the agent inferred but the plan didn't specify>
+
+**ASSUMPTION RULE**: If proposed criteria exceed ~30% of total, STOP.
+The bead needs human input before it's ready for implementation. Flag it
+in the audit output and ask the user to refine the ACs.
+
+## Files
+[Exact paths to create or modify. Confirmed by searching the codebase.]
+- CREATE: src/foo/bar.rs
+- MODIFY: src/foo/mod.rs (add pub mod bar)
+- MODIFY: tests/foo_tests.rs (add test module)
+
+## TDD Anchor
+[The first test to write. This grounds the agent's work.]
+RED: Write `test_<name>` in `<test_file>` that asserts <specific behavior>.
+GREEN: Implement the minimal code to make it pass.
+VERIFY: <project's test command> <pattern>
+
+[If the plan specifies additional tests, list them all:]
+- test_empty_input_returns_empty_vec
+- test_single_issue_produces_one_event
+- test_handles_missing_fields_gracefully
+
+## Edge Cases
+[Gotchas, risks, things that aren't obvious. Pulled from the plan's warnings,
+known issues, or your analysis of the approach.]
+- <edge case 1>
+- <edge case 2>
+
+## Dependency Context
+[For each dependency, explain WHAT it provides that this bead consumes.
+Not just "depends on bd-xyz" but "uses the `TimelineEvent` struct and
+`SeedConfig` type defined in bd-xyz".]
+```
+
+##### Light Template (trivially small tasks only)
+
+Use this ONLY when the task is a one-liner or pure mechanical change (add a re-export, flip a config flag, rename a constant). If there's any ambiguity about approach, use the full template.
+
+```
+## What
+[One sentence: what to do and where.]
+
+## Acceptance Criteria
+- [ ] <single binary criterion>
+
+## Files
+- MODIFY: <exact path>
+```
+
+### 4. Link Dependencies
+
+```bash
+br dep add [blocker-id] [blocked-id]
+```
+
+Dependency patterns:
+- Types/structs → code that uses them
+- Infrastructure (DB, config) → features that need them
+- Core logic → extensions/enhancements
+- Tests may depend on test helpers
+
+**Critical**: When linking deps, update the "Dependency Context" section in the blocked bead to describe exactly what it receives from the blocker.
+
+### 5. Audit Quality
+
+Before reporting, review EVERY bead against this checklist:
+
+| Check | Pass criteria |
+|-------|--------------|
+| **Self-contained?** | Agent can start coding in 60 seconds with ONLY this description |
+| **TDD anchor?** | First test to write is named and described |
+| **Binary criteria?** | Every acceptance criterion is pass/fail, not subjective |
+| **Exact paths?** | File paths verified against codebase, not guessed |
+| **Edge cases?** | At least 1 non-obvious gotcha identified |
+| **Dep context?** | Each dependency explains WHAT it provides, not just its ID |
+| **Approach specifics?** | Types, field names, patterns — not "implement the thing" |
+| **Assumption budget?** | Proposed [?] criteria are <30% of total ACs |
+
+If a bead fails any check, fix it before moving on. If the assumption budget is exceeded, flag the bead for human review rather than inventing more ACs.
+
+## Assumption & AC Guidance
+
+Agents filling in beads will inevitably encounter gaps in the plan. The rules:
+
+1. **Never silently fill gaps.** If the plan doesn't specify a behavior, don't assume one and bury it in the ACs. Mark it `[?]` so the implementing agent knows to ask.
+
+2. **Specify provenance on every AC.** Specified = from the plan. Proposed = your inference. The implementing agent treats these differently:
+   - **Specified**: implement without question
+   - **Proposed [?]**: pause and confirm with the user before implementing
+
+3. **The 30% rule.** If more than ~30% of ACs on a bead are proposed/inferred, the plan was too vague for this task. Don't create the bead as-is. Instead:
+   - Create it with status noting "needs AC refinement"
+   - List the open questions explicitly
+   - Flag it in the output report under "Beads Needing Human Input"
+
+4. **Prefer smaller scope over more assumptions.** If you're unsure whether a task should handle edge case X, make the bead's scope explicitly exclude it and note it as a potential follow-up. A bead that does less but does it right beats one that guesses wrong.
+
+5. **Implementing agents: honor the markers.** When you encounter `[?]` on an AC, you MUST ask the user before implementing that behavior. Do not silently resolve it in either direction.
+
+## Output Format
+
+After completion, report:
+
+```
+## Beads Created: N total (X epics, Y tasks, Z subtasks)
+
+### Quality Audit
+- Beads scoring 4+: N/N (target: 100%)
+- [list any beads that needed extra attention and why]
+
+### Beads Needing Human Input
+[List any beads where proposed ACs exceeded 30%, or where significant
+ambiguity in the plan made self-contained descriptions impossible.
+Include the specific open questions for each.]
+
+### Critical Path
+[blocker] → [blocked] → [blocked]
+
+### Ready to Start
+- bd-xxx: [Title] — [one-line summary of what agent will do]
+- bd-yyy: [Title] — [one-line summary of what agent will do]
+
+### Dependency Graph
+[Brief visualization or description of the dep structure]
+```
+
+## Risk Tiers
+
+| Operation | Tier | Behavior |
+|-----------|------|----------|
+| `br create` | SAFE | Auto-proceed |
+| `br dep add` | SAFE | Auto-proceed |
+| `br update --description` | CAUTION | Verify content |
+| Bulk creation (>20 beads) | CAUTION | Confirm count first |
+
+## Anti-Patterns
+
+| Anti-Pattern | Why it's bad | Fix |
+|-------------|-------------|-----|
+| "Implement the pipeline stage" | Agent doesn't know WHAT to implement | Name the types, the function signatures, the test |
+| "See plan for details" | Plan isn't available to the agent | Copy the relevant details INTO the bead |
+| "Files: probably src/foo/" | Agent wastes time finding the right file | Search the codebase, confirm exact paths |
+| "Should work correctly" | Not binary, not testable | "test_x passes" or "output matches Y" |
+| No TDD anchor | Agent doesn't know where to start | Always specify the first test to write |
+| "Depends on bd-xyz" (without context) | Agent doesn't know what bd-xyz provides | "Uses FooStruct and bar() function from bd-xyz" |
+| Single-line description | Score 1 bead, agent is stuck | Use the full template, every section |
+| Silently invented ACs | User surprised by implementation choices | Mark inferred ACs with [?], honor the 30% rule |
+```