diff --git a/.claude/commands/audit-gha-settings.md b/.claude/commands/audit-gha-settings.md
index 7ce9368..6ce21eb 100644
--- a/.claude/commands/audit-gha-settings.md
+++ b/.claude/commands/audit-gha-settings.md
@@ -15,9 +15,10 @@ If no arguments given, audit the canonical fleet repo list:
 - `SocketDev/socket-sdk-js`
 - `SocketDev/socket-sdxgen`
 - `SocketDev/socket-stuie`
+- `SocketDev/socket-vscode`
+- `SocketDev/socket-webext`
 - `SocketDev/socket-wheelhouse`
 - `SocketDev/ultrathink`
-- `SocketDev/vscode-socket-security`
 
 ## Process
 
diff --git a/.claude/hooks/actionlint-on-workflow-edit/index.mts b/.claude/hooks/actionlint-on-workflow-edit/index.mts
index 7046a30..5e21b15 100644
--- a/.claude/hooks/actionlint-on-workflow-edit/index.mts
+++ b/.claude/hooks/actionlint-on-workflow-edit/index.mts
@@ -13,7 +13,7 @@
 // No-op when actionlint isn't on PATH — most fleet machines have it via
 // brew, CI runners have it preinstalled, but downstreams may not.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import process from 'node:process'
 
 import { readStdin } from '../_shared/transcript.mts'
diff --git a/.claude/hooks/actionlint-on-workflow-edit/test/index.test.mts b/.claude/hooks/actionlint-on-workflow-edit/test/index.test.mts
index 167087d..bc748e7 100644
--- a/.claude/hooks/actionlint-on-workflow-edit/test/index.test.mts
+++ b/.claude/hooks/actionlint-on-workflow-edit/test/index.test.mts
@@ -1,6 +1,6 @@
 // node --test specs for the actionlint-on-workflow-edit hook.
 
-import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import test from 'node:test'
@@ -13,6 +13,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/ask-suppression-reminder/test/index.test.mts b/.claude/hooks/ask-suppression-reminder/test/index.test.mts
index 9e49bf1..f39fee1 100644
--- a/.claude/hooks/ask-suppression-reminder/test/index.test.mts
+++ b/.claude/hooks/ask-suppression-reminder/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -28,6 +28,11 @@ function writeTranscript(userTurns: string[]): string {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/auth-rotation-reminder/index.mts b/.claude/hooks/auth-rotation-reminder/index.mts
index 5da5864..a408abf 100644
--- a/.claude/hooks/auth-rotation-reminder/index.mts
+++ b/.claude/hooks/auth-rotation-reminder/index.mts
@@ -40,7 +40,7 @@
 //   SOCKET_AUTH_ROTATION_DISABLED        default: unset
 //     If set to a truthy value, skip the hook entirely.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import {
   existsSync,
   mkdirSync,
@@ -54,7 +54,7 @@ import path from 'node:path'
 import process from 'node:process'
 
 import { errorMessage } from '@socketsecurity/lib-stable/errors'
-import { safeDelete } from '@socketsecurity/lib-stable/fs'
+import { safeDelete } from '@socketsecurity/lib-stable/fs/safe'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
 
 import {
diff --git a/.claude/hooks/auth-rotation-reminder/test/auth-rotation-reminder.test.mts b/.claude/hooks/auth-rotation-reminder/test/auth-rotation-reminder.test.mts
index 2f25192..54f457e 100644
--- a/.claude/hooks/auth-rotation-reminder/test/auth-rotation-reminder.test.mts
+++ b/.claude/hooks/auth-rotation-reminder/test/auth-rotation-reminder.test.mts
@@ -1,7 +1,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { existsSync, mkdirSync, mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -9,7 +9,7 @@ import { fileURLToPath } from 'node:url'
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
 
-import { safeDelete } from '@socketsecurity/lib-stable/fs'
+import { safeDelete } from '@socketsecurity/lib-stable/fs/safe'
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url))
 const HOOK = path.resolve(__dirname, '..', 'index.mts')
@@ -36,6 +36,11 @@ function runHook(
         ...opts.env,
       },
     })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/check-new-deps/audit.mts b/.claude/hooks/check-new-deps/audit.mts
index fa78ab7..be3f3fb 100644
--- a/.claude/hooks/check-new-deps/audit.mts
+++ b/.claude/hooks/check-new-deps/audit.mts
@@ -26,8 +26,8 @@ import path from 'node:path'
 
 import { stringify } from '@socketregistry/packageurl-js-stable'
 import type { PackageURL } from '@socketregistry/packageurl-js-stable'
-import { createTtlCache } from '@socketsecurity/lib-stable/cache-with-ttl'
-import type { TtlCache } from '@socketsecurity/lib-stable/cache-with-ttl'
+import { createTtlCache } from '@socketsecurity/lib-stable/ttl-cache/cache'
+import type { TtlCache } from '@socketsecurity/lib-stable/ttl-cache/types'
 import { errorMessage } from '@socketsecurity/lib-stable/errors'
 
 import type {
diff --git a/.claude/hooks/claude-md-section-size-guard/README.md b/.claude/hooks/claude-md-section-size-guard/README.md
index 444027e..54c4b97 100644
--- a/.claude/hooks/claude-md-section-size-guard/README.md
+++ b/.claude/hooks/claude-md-section-size-guard/README.md
@@ -4,7 +4,7 @@ PreToolUse hook that caps the body length of individual `### ` sections inside t
 
 ## What it does
 
-Complements `claude-md-size-guard` (40KB byte cap on the whole block) by enforcing a per-section line cap inside the block. Each `### Section heading` inside the `<!-- BEGIN/END FLEET-CANONICAL -->` markers gets at most **8 body lines** (configurable via `CLAUDE_MD_FLEET_SECTION_MAX_LINES`).
+Complements `claude-md-size-guard` (48KB byte cap on the whole block) by enforcing a per-section line cap inside the block. Each `### Section heading` inside the `<!-- BEGIN/END FLEET-CANONICAL -->` markers gets at most **8 body lines** (configurable via `CLAUDE_MD_FLEET_SECTION_MAX_LINES`).
 
 Sections that exceed 8 lines should have a long-form companion at `docs/claude.md/fleet/<topic>.md` and the inline body should shrink to 1-2 sentences plus a link. The cap was 20 initially (during the bootstrap when several fleet sections were 12-19 lines); it tightened to 8 once those sections were outsourced.
 
@@ -24,7 +24,7 @@ When a section exceeds the cap, the hook prints:
 
 ## Why a per-section cap, not just the byte cap
 
-The failure mode this hook addresses: an operator can grow a single rule from 2 lines to 60 lines of detailed prose without ever tripping the 40KB byte cap — until enough other sections accrete that an unrelated 1-line addition breaks the build. The per-section cap catches this directly, at the moment the long content is written, when the operator has the long-form text in hand and can immediately drop it into a `docs/claude.md/fleet/<topic>.md` companion.
+The failure mode this hook addresses: an operator can grow a single rule from 2 lines to 60 lines of detailed prose without ever tripping the 48KB byte cap — until enough other sections accrete that an unrelated 1-line addition breaks the build. The per-section cap catches this directly, at the moment the long content is written, when the operator has the long-form text in hand and can immediately drop it into a `docs/claude.md/fleet/<topic>.md` companion.
 
 ## Override
 
diff --git a/.claude/hooks/claude-md-section-size-guard/test/index.test.mts b/.claude/hooks/claude-md-section-size-guard/test/index.test.mts
index 5910406..3a6fc1e 100644
--- a/.claude/hooks/claude-md-section-size-guard/test/index.test.mts
+++ b/.claude/hooks/claude-md-section-size-guard/test/index.test.mts
@@ -5,7 +5,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -22,6 +22,11 @@ async function runHook(
     stdio: 'pipe',
     env: { ...process.env, ...env },
   })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/claude-md-size-guard/README.md b/.claude/hooks/claude-md-size-guard/README.md
index ead7e36..910c722 100644
--- a/.claude/hooks/claude-md-size-guard/README.md
+++ b/.claude/hooks/claude-md-size-guard/README.md
@@ -1,10 +1,10 @@
 # claude-md-size-guard
 
-PreToolUse Edit/Write hook that blocks CLAUDE.md edits which would push the **fleet-canonical block** (between `<!-- BEGIN FLEET-CANONICAL -->` / `<!-- END FLEET-CANONICAL -->` markers) above 40 KB.
+PreToolUse Edit/Write hook that blocks CLAUDE.md edits which would push the **fleet-canonical block** (between `<!-- BEGIN FLEET-CANONICAL -->` / `<!-- END FLEET-CANONICAL -->` markers) above 48 KB.
 
 ## Why
 
-The fleet block is byte-identical across every `socket-*` repo. Every byte added there costs N copies of in-context tokens fleet-wide. Per-repo content outside the markers is paid once. Capping the fleet block at 40 KB:
+The fleet block is byte-identical across every `socket-*` repo. Every byte added there costs N copies of in-context tokens fleet-wide. Per-repo content outside the markers is paid once. Capping the fleet block at 48 KB:
 
 - Forces new fleet rules to be **terse + reference-deferred** (link to `docs/references/<topic>.md`).
 - Leaves headroom for per-repo content. Per-repo CLAUDE.md additions are NOT capped here.
@@ -16,7 +16,7 @@ The hook fires on Edit/Write tool calls. For Write, it inspects `content`. For E
 
 ## Cap
 
-- **Default:** 40 KB (40 960 bytes).
+- **Default:** 48 KB (49 152 bytes). Sized to leave per-repo CLAUDE.md additions ample room outside the fleet block.
 - **Override:** set `CLAUDE_MD_FLEET_BLOCK_BYTES=<n>` in env (rarely needed; bumping the cap should be a deliberate fleet-wide decision).
 
 ## Failing open
diff --git a/.claude/hooks/claude-md-size-guard/index.mts b/.claude/hooks/claude-md-size-guard/index.mts
index 06338ef..efd5011 100644
--- a/.claude/hooks/claude-md-size-guard/index.mts
+++ b/.claude/hooks/claude-md-size-guard/index.mts
@@ -2,7 +2,7 @@
 // Claude Code PreToolUse hook — claude-md-size-guard.
 //
 // Blocks Edit/Write tool calls that would push the CLAUDE.md
-// fleet-canonical block above the 40KB size cap. The fleet block lives
+// fleet-canonical block above the 48KB size cap. The fleet block lives
 // between `<!-- BEGIN FLEET-CANONICAL -->` and `<!-- END FLEET-CANONICAL -->`
 // markers; everything outside is per-repo content owned by the host
 // repo (different cap, evaluated separately).
@@ -24,8 +24,9 @@
 //      remediation (move detail into `docs/references/<topic>.md`).
 //
 // Cap policy:
-//   - Default: 40 KB (40_960 bytes). Override per-repo by setting
-//     `CLAUDE_MD_FLEET_BLOCK_BYTES` in the env (rarely needed).
+//   - Default: 48 KB (49_152 bytes). Sized to leave room for per-repo
+//     CLAUDE.md additions outside the fleet block. Override per-repo by
+//     setting `CLAUDE_MD_FLEET_BLOCK_BYTES` in the env (rarely needed).
 //   - Whole-file cap: NOT enforced here. Per-repo content can grow
 //     freely; this hook only protects the fleet block.
 //
@@ -44,7 +45,7 @@ import process from 'node:process'
 
 import { readStdin } from '../_shared/transcript.mts'
 
-const DEFAULT_CAP_BYTES = 40 * 1024
+const DEFAULT_CAP_BYTES = 48 * 1024
 const FLEET_BEGIN_MARKER = '<!-- BEGIN FLEET-CANONICAL'
 const FLEET_END_MARKER = '<!-- END FLEET-CANONICAL'
 
diff --git a/.claude/hooks/claude-md-size-guard/test/index.test.mts b/.claude/hooks/claude-md-size-guard/test/index.test.mts
index 6ea4d1e..61db387 100644
--- a/.claude/hooks/claude-md-size-guard/test/index.test.mts
+++ b/.claude/hooks/claude-md-size-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -24,6 +24,11 @@ async function runHook(
     stdio: 'pipe',
     env: { ...process.env, ...envOverride },
   })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
@@ -64,17 +69,17 @@ test('Write of small fleet block is allowed', async () => {
   assert.strictEqual(result.code, 0)
 })
 
-test('Write of fleet block at exactly 40KB is allowed', async () => {
+test('Write of fleet block at exactly 48KB is allowed', async () => {
   const result = await runHook({
-    tool_input: { content: fleetBlock(40 * 1024), file_path: 'CLAUDE.md' },
+    tool_input: { content: fleetBlock(48 * 1024), file_path: 'CLAUDE.md' },
     tool_name: 'Write',
   })
   assert.strictEqual(result.code, 0)
 })
 
-test('Write of fleet block over 40KB is blocked', async () => {
+test('Write of fleet block over 48KB is blocked', async () => {
   const result = await runHook({
-    tool_input: { content: fleetBlock(45 * 1024), file_path: 'CLAUDE.md' },
+    tool_input: { content: fleetBlock(53 * 1024), file_path: 'CLAUDE.md' },
     tool_name: 'Write',
   })
   assert.strictEqual(result.code, 2)
diff --git a/.claude/hooks/codex-no-write-guard/test/index.test.mts b/.claude/hooks/codex-no-write-guard/test/index.test.mts
index e48fc17..1669436 100644
--- a/.claude/hooks/codex-no-write-guard/test/index.test.mts
+++ b/.claude/hooks/codex-no-write-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -18,6 +18,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/comment-tone-reminder/test/index.test.mts b/.claude/hooks/comment-tone-reminder/test/index.test.mts
index 9159238..53692bc 100644
--- a/.claude/hooks/comment-tone-reminder/test/index.test.mts
+++ b/.claude/hooks/comment-tone-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -32,7 +32,6 @@ function runHook(transcriptPath: string): {
   exitCode: number
 } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return {
@@ -107,7 +106,6 @@ test('disabled env var short-circuits', () => {
   const { path: p, cleanup } = makeTranscript('Note that we should skip this.')
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: p }),
       env: { ...process.env, SOCKET_COMMENT_TONE_REMINDER_DISABLED: '1' },
     })
diff --git a/.claude/hooks/commit-author-guard/index.mts b/.claude/hooks/commit-author-guard/index.mts
index 7f5a182..5a06fe5 100644
--- a/.claude/hooks/commit-author-guard/index.mts
+++ b/.claude/hooks/commit-author-guard/index.mts
@@ -36,7 +36,7 @@
 // Bypass: type "Allow commit-author bypass" in a recent user message,
 // or set SOCKET_COMMIT_AUTHOR_GUARD_DISABLED=1.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { existsSync, readFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
diff --git a/.claude/hooks/commit-author-guard/test/index.test.mts b/.claude/hooks/commit-author-guard/test/index.test.mts
index 7de655a..0203b46 100644
--- a/.claude/hooks/commit-author-guard/test/index.test.mts
+++ b/.claude/hooks/commit-author-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -60,7 +60,6 @@ function runHook(
   extraEnv: Record<string, string> = {},
 ): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
     env: { ...process.env, HOME: home, ...extraEnv },
   })
@@ -333,7 +332,6 @@ test('fails open when no canonical email is configured anywhere', () => {
     // fails open; if it's set to the user's real email, this test's
     // imposter email gets blocked. Either way, the hook should not crash.
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({
         tool_name: 'Bash',
         tool_input: { command: 'git commit -m "fix"' },
diff --git a/.claude/hooks/commit-pr-reminder/test/index.test.mts b/.claude/hooks/commit-pr-reminder/test/index.test.mts
index 3882f93..768a9b7 100644
--- a/.claude/hooks/commit-pr-reminder/test/index.test.mts
+++ b/.claude/hooks/commit-pr-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -23,7 +23,6 @@ function makeTranscript(assistantText: string): string {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -72,7 +71,6 @@ test('does NOT fire on the word "generated" without "claude" nearby', () => {
 test('disabled env var short-circuits', () => {
   const t = makeTranscript('Generated with Claude Code')
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: t }),
     env: { ...process.env, SOCKET_COMMIT_PR_REMINDER_DISABLED: '1' },
   })
diff --git a/.claude/hooks/compound-lessons-reminder/test/index.test.mts b/.claude/hooks/compound-lessons-reminder/test/index.test.mts
index 3559d79..974a5ae 100644
--- a/.claude/hooks/compound-lessons-reminder/test/index.test.mts
+++ b/.claude/hooks/compound-lessons-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -46,7 +46,6 @@ function makeTranscript(
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -182,7 +181,6 @@ test('disabled env var short-circuits', () => {
   const { path: p, cleanup } = makeTranscript('Hitting this again.')
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: p }),
       env: { ...process.env, SOCKET_COMPOUND_LESSONS_REMINDER_DISABLED: '1' },
     })
diff --git a/.claude/hooks/concurrent-cargo-build-guard/index.mts b/.claude/hooks/concurrent-cargo-build-guard/index.mts
index 83809de..5998868 100644
--- a/.claude/hooks/concurrent-cargo-build-guard/index.mts
+++ b/.claude/hooks/concurrent-cargo-build-guard/index.mts
@@ -20,7 +20,7 @@
 // Fires only on cargo / build-prod commands, so a no-op in repos that
 // don't use cargo.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import process from 'node:process'
 
 import { bypassPhrasePresent, readStdin } from '../_shared/transcript.mts'
diff --git a/.claude/hooks/concurrent-cargo-build-guard/test/index.test.mts b/.claude/hooks/concurrent-cargo-build-guard/test/index.test.mts
index 64ebe17..e9695f5 100644
--- a/.claude/hooks/concurrent-cargo-build-guard/test/index.test.mts
+++ b/.claude/hooks/concurrent-cargo-build-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { fileURLToPath } from 'node:url'
 import path from 'node:path'
 import test from 'node:test'
@@ -16,6 +16,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/consumer-grep-reminder/test/index.test.mts b/.claude/hooks/consumer-grep-reminder/test/index.test.mts
index 86f007d..1bcf9ab 100644
--- a/.claude/hooks/consumer-grep-reminder/test/index.test.mts
+++ b/.claude/hooks/consumer-grep-reminder/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -27,6 +27,11 @@ function mkRepo(opts: { consumerDirs?: string[] | undefined } = {}): string {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/cross-repo-guard/index.mts b/.claude/hooks/cross-repo-guard/index.mts
index 4478506..9d85e08 100644
--- a/.claude/hooks/cross-repo-guard/index.mts
+++ b/.claude/hooks/cross-repo-guard/index.mts
@@ -59,8 +59,9 @@ const FLEET_REPO_NAMES = [
   'socket-sdk-js',
   'socket-sdxgen',
   'socket-stuie',
+  'socket-vscode',
+  'socket-webext',
   'ultrathink',
-  'vscode-socket-security',
 ] as const
 
 const FLEET_RE_FRAGMENT = FLEET_REPO_NAMES.join('|')
diff --git a/.claude/hooks/cross-repo-guard/test/cross-repo-guard.test.mts b/.claude/hooks/cross-repo-guard/test/cross-repo-guard.test.mts
index c7340d8..8f327c8 100644
--- a/.claude/hooks/cross-repo-guard/test/cross-repo-guard.test.mts
+++ b/.claude/hooks/cross-repo-guard/test/cross-repo-guard.test.mts
@@ -1,7 +1,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import { test } from 'node:test'
@@ -24,6 +24,11 @@ function runHook(payload: Payload): Promise<{ code: number; stderr: string }> {
     const child = spawn(process.execPath, [HOOK], {
       stdio: ['pipe', 'ignore', 'pipe'],
     })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/default-branch-guard/test/index.test.mts b/.claude/hooks/default-branch-guard/test/index.test.mts
index c988cd0..3886c6a 100644
--- a/.claude/hooks/default-branch-guard/test/index.test.mts
+++ b/.claude/hooks/default-branch-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -25,7 +25,6 @@ function runHook(
   extraEnv: Record<string, string> = {},
 ): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({
       tool_name: 'Bash',
       tool_input: { command },
@@ -89,7 +88,6 @@ test('ALLOWS the canonical lookup pattern', () => {
 
 test('IGNORES non-Bash tools', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({
       tool_name: 'Write',
       tool_input: { command: 'BASE=main' },
diff --git a/.claude/hooks/dont-stop-mid-queue-reminder/test/index.test.mts b/.claude/hooks/dont-stop-mid-queue-reminder/test/index.test.mts
index e79528a..a2b55f6 100644
--- a/.claude/hooks/dont-stop-mid-queue-reminder/test/index.test.mts
+++ b/.claude/hooks/dont-stop-mid-queue-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -31,7 +31,6 @@ function runHook(
   extraEnv: Record<string, string> = {},
 ): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
     env: { ...process.env, ...extraEnv },
   })
@@ -347,7 +346,6 @@ test('disabled env var short-circuits', () => {
 
 test('does not crash on missing transcript_path', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({}),
   })
   assert.equal(result.status, 0)
@@ -355,7 +353,6 @@ test('does not crash on missing transcript_path', () => {
 
 test('does not crash on malformed payload', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: 'not-json',
   })
   assert.equal(result.status, 0)
diff --git a/.claude/hooks/drift-check-reminder/test/index.test.mts b/.claude/hooks/drift-check-reminder/test/index.test.mts
index ceab96a..8a8103e 100644
--- a/.claude/hooks/drift-check-reminder/test/index.test.mts
+++ b/.claude/hooks/drift-check-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -23,7 +23,6 @@ function makeTranscript(assistantText: string): string {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -91,7 +90,6 @@ test('does NOT fire on non-drift edits', () => {
 test('disabled env var short-circuits', () => {
   const t = makeTranscript('Bumped external-tools.json.')
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: t }),
     env: { ...process.env, SOCKET_DRIFT_CHECK_REMINDER_DISABLED: '1' },
   })
diff --git a/.claude/hooks/error-message-quality-reminder/test/index.test.mts b/.claude/hooks/error-message-quality-reminder/test/index.test.mts
index 40b1f99..b1ddf0a 100644
--- a/.claude/hooks/error-message-quality-reminder/test/index.test.mts
+++ b/.claude/hooks/error-message-quality-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -28,7 +28,6 @@ function makeTranscript(assistantText: string): {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -165,7 +164,6 @@ test('disabled env var short-circuits', () => {
   )
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: p }),
       env: {
         ...process.env,
diff --git a/.claude/hooks/excuse-detector/test/index.test.mts b/.claude/hooks/excuse-detector/test/index.test.mts
index 7df0c7c..2f2ed82 100644
--- a/.claude/hooks/excuse-detector/test/index.test.mts
+++ b/.claude/hooks/excuse-detector/test/index.test.mts
@@ -7,7 +7,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -66,6 +66,11 @@ async function runHook(
   const transcript = setupTranscript(rawContent)
   try {
     const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     const payload: Record<string, unknown> = {
       transcript_path: transcript.transcriptPath,
     }
diff --git a/.claude/hooks/file-size-reminder/test/index.test.mts b/.claude/hooks/file-size-reminder/test/index.test.mts
index ecbb2c1..1971520 100644
--- a/.claude/hooks/file-size-reminder/test/index.test.mts
+++ b/.claude/hooks/file-size-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -49,7 +49,6 @@ function writeLines(filePath: string, n: number): void {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -186,7 +185,6 @@ test('disabled env var short-circuits', () => {
       { name: 'Write', input: { file_path: target, content: '...' } },
     ])
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: transcript }),
       env: { ...process.env, SOCKET_FILE_SIZE_REMINDER_DISABLED: '1' },
     })
diff --git a/.claude/hooks/gitmodules-comment-guard/test/index.test.mts b/.claude/hooks/gitmodules-comment-guard/test/index.test.mts
index a86723c..1acce17 100644
--- a/.claude/hooks/gitmodules-comment-guard/test/index.test.mts
+++ b/.claude/hooks/gitmodules-comment-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -9,7 +9,6 @@ const HOOK_PATH = path.join(__dirname, '..', 'index.mts')
 
 function runHook(payload: object): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -130,7 +129,6 @@ test('handles multiple submodules, blocks only the orphan', () => {
 
 test('fails open on malformed JSON', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: 'not-json',
   })
   assert.equal(result.status, 0)
diff --git a/.claude/hooks/identifying-users-reminder/test/index.test.mts b/.claude/hooks/identifying-users-reminder/test/index.test.mts
index 36d8974..a25b0ba 100644
--- a/.claude/hooks/identifying-users-reminder/test/index.test.mts
+++ b/.claude/hooks/identifying-users-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -30,7 +30,6 @@ function makeTranscript(assistantText: string): {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -154,7 +153,6 @@ test('disabled env var short-circuits', () => {
   const { path: p, cleanup } = makeTranscript('The user wants this.')
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: p }),
       env: { ...process.env, SOCKET_IDENTIFYING_USERS_REMINDER_DISABLED: '1' },
     })
diff --git a/.claude/hooks/inline-script-defer-guard/test/index.test.mts b/.claude/hooks/inline-script-defer-guard/test/index.test.mts
index 9c0db71..103207e 100644
--- a/.claude/hooks/inline-script-defer-guard/test/index.test.mts
+++ b/.claude/hooks/inline-script-defer-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -18,6 +18,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/judgment-reminder/test/index.test.mts b/.claude/hooks/judgment-reminder/test/index.test.mts
index 098edc9..bdfffed 100644
--- a/.claude/hooks/judgment-reminder/test/index.test.mts
+++ b/.claude/hooks/judgment-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -28,7 +28,6 @@ function makeTranscript(assistantText: string): {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -130,7 +129,6 @@ test('disabled env var short-circuits', () => {
   const { path: p, cleanup } = makeTranscript("I'm not sure which approach.")
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: p }),
       env: { ...process.env, SOCKET_JUDGMENT_REMINDER_DISABLED: '1' },
     })
diff --git a/.claude/hooks/lock-step-ref-guard/test/index.test.mts b/.claude/hooks/lock-step-ref-guard/test/index.test.mts
index 9b3d534..edcdbc4 100644
--- a/.claude/hooks/lock-step-ref-guard/test/index.test.mts
+++ b/.claude/hooks/lock-step-ref-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -62,7 +62,6 @@ function runHook(
     payload['cwd'] = options.cwd
   }
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
     env: { ...process.env, ...(options.env ?? {}) },
   })
@@ -282,7 +281,6 @@ test('BYPASS via SOCKET_LOCK_STEP_REF_GUARD_DISABLED=1', () => {
 
 test('exits 0 on invalid JSON payload', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: 'not-json',
   })
   assert.equal(result.status, 0)
@@ -290,7 +288,6 @@ test('exits 0 on invalid JSON payload', () => {
 
 test('exits 0 on missing tool_input', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ tool_name: 'Write' }),
   })
   assert.equal(result.status, 0)
diff --git a/.claude/hooks/logger-guard/test/logger-guard.test.mts b/.claude/hooks/logger-guard/test/logger-guard.test.mts
index 285f50d..080a214 100644
--- a/.claude/hooks/logger-guard/test/logger-guard.test.mts
+++ b/.claude/hooks/logger-guard/test/logger-guard.test.mts
@@ -1,7 +1,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import { test } from 'node:test'
@@ -24,6 +24,11 @@ function runHook(payload: Payload): Promise<{ code: number; stderr: string }> {
     const child = spawn(process.execPath, [HOOK], {
       stdio: ['pipe', 'ignore', 'pipe'],
     })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/markdown-filename-guard/test/index.test.mts b/.claude/hooks/markdown-filename-guard/test/index.test.mts
index 906454b..855934e 100644
--- a/.claude/hooks/markdown-filename-guard/test/index.test.mts
+++ b/.claude/hooks/markdown-filename-guard/test/index.test.mts
@@ -5,7 +5,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -16,6 +16,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/marketplace-comment-guard/test/index.test.mts b/.claude/hooks/marketplace-comment-guard/test/index.test.mts
index 74c1b68..7ee3a8e 100644
--- a/.claude/hooks/marketplace-comment-guard/test/index.test.mts
+++ b/.claude/hooks/marketplace-comment-guard/test/index.test.mts
@@ -3,19 +3,18 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: sync-required — test flow is sync.
 // prefer-spawn-over-execsync: required — uses encoding/input options
 // not exposed on the lib spawnSync wrapper.
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
-import { safeDeleteSync } from '@socketsecurity/lib-stable/fs'
+import { safeDeleteSync } from '@socketsecurity/lib-stable/fs/safe'
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url))
 const HOOK_PATH = path.join(__dirname, '..', 'index.mts')
 
 function runHook(payload: object): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
diff --git a/.claude/hooks/minify-mcp-output/test/index.test.mts b/.claude/hooks/minify-mcp-output/test/index.test.mts
index 22b61d8..e64c558 100644
--- a/.claude/hooks/minify-mcp-output/test/index.test.mts
+++ b/.claude/hooks/minify-mcp-output/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -14,7 +14,6 @@ function runHook(payload: object): {
   exitCode: number
 } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
   })
   return { stdout: String(result.stdout), exitCode: result.status ?? -1 }
@@ -158,7 +157,6 @@ test('hook: emits updatedMCPToolOutput for MCP tool with string-shaped response'
 
 test('hook: fails open on malformed stdin', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: '{not json',
   })
   assert.equal(result.status, 0)
diff --git a/.claude/hooks/minimum-release-age-guard/test/index.test.mts b/.claude/hooks/minimum-release-age-guard/test/index.test.mts
index 2f9a768..97a98f7 100644
--- a/.claude/hooks/minimum-release-age-guard/test/index.test.mts
+++ b/.claude/hooks/minimum-release-age-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -25,6 +25,11 @@ function tmpYaml(content: string): string {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/new-hook-claude-md-guard/test/index.test.mts b/.claude/hooks/new-hook-claude-md-guard/test/index.test.mts
index 13c85e2..c1445e2 100644
--- a/.claude/hooks/new-hook-claude-md-guard/test/index.test.mts
+++ b/.claude/hooks/new-hook-claude-md-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -45,7 +45,6 @@ function makeTranscript(dir: string, bypassPhrase?: string): string {
 
 function runHook(payload: object): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -220,7 +219,6 @@ test('disabled env var short-circuits', () => {
   const repo = makeFakeRepo('# no reference')
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({
         tool_name: 'Write',
         tool_input: { file_path: repo.hookIndexPath('my-new-hook') },
diff --git a/.claude/hooks/no-blind-keychain-read-guard/README.md b/.claude/hooks/no-blind-keychain-read-guard/README.md
new file mode 100644
index 0000000..1d7d79b
--- /dev/null
+++ b/.claude/hooks/no-blind-keychain-read-guard/README.md
@@ -0,0 +1,65 @@
+# no-blind-keychain-read-guard
+
+`PreToolUse(Bash)` blocker that refuses direct keychain READ calls
+from Bash. The keychain APIs surface a UI auth prompt per call;
+reading three times costs three prompts. The fleet's canonical
+in-process resolver (`api-token.mts.findApiToken()`) caches the
+value module-scoped after the first hit, so subsequent code paths
+should never need to re-read the keychain.
+
+## Detected reads
+
+| Platform        | Pattern                                     |
+| --------------- | ------------------------------------------- |
+| macOS           | `security find-{generic,internet}-password` |
+| Linux           | `secret-tool lookup` / `secret-tool search` |
+| Windows         | `Get-StoredCredential`                      |
+| Windows         | `Get-Credential … \| ConvertFrom-SecureString` |
+| cross-platform  | `keyring get`                               |
+
+## Allowed (not flagged)
+
+Writes and deletes — these only happen during operator-driven
+setup / rotation, never on hot paths:
+
+- `security add-generic-password` / `security delete-generic-password`
+- `secret-tool store` / `secret-tool clear`
+- `New-StoredCredential` / `Remove-StoredCredential`
+- `keyring set` / `keyring del`
+
+## Bypass
+
+Type the canonical phrase verbatim in your next user turn:
+
+```
+Allow blind-keychain-read bypass
+```
+
+Use when you genuinely need a fresh keychain read — operator-invoked
+diagnostics, verifying an entry exists, etc.
+
+## Why
+
+`security find-generic-password` on macOS prompts the user every call
+unless the calling process is on the entry's ACL. Claude Code's Bash
+tool spawns a fresh process per call, so each `security` invocation
+re-prompts. The same shape exists on Linux (`secret-tool` against
+gnome-keyring / kwallet) and Windows (`Get-StoredCredential` against
+the CredentialManager UI).
+
+The right answer is to read the cached value from process state:
+
+```ts
+import { findApiToken } from '../setup-security-tools/lib/api-token.mts'
+const { token } = findApiToken() // module-cached after first call
+```
+
+Or from a child process spawned by hooks:
+
+```bash
+echo "$SOCKET_API_KEY"   # populated by wheelhouse shell-rc bridge
+```
+
+The bridge writes the token to `~/.zshenv` (or platform equivalent)
+so every new shell exports `SOCKET_API_KEY` + `SOCKET_API_TOKEN`
+without a keychain read.
diff --git a/.claude/hooks/no-blind-keychain-read-guard/index.mts b/.claude/hooks/no-blind-keychain-read-guard/index.mts
new file mode 100644
index 0000000..0264af7
--- /dev/null
+++ b/.claude/hooks/no-blind-keychain-read-guard/index.mts
@@ -0,0 +1,243 @@
+#!/usr/bin/env node
+// Claude Code PreToolUse hook — no-blind-keychain-read-guard.
+//
+// Blocks Bash invocations that READ a credential from the OS
+// keychain. Reading via the platform CLI surfaces a per-call UI auth
+// prompt on the user's screen ("this app wants to access your
+// keychain"), and the prompt fires once per call — a hook chain that
+// reads the keychain three times costs three prompts. Tokens are
+// already cached in process memory after the first resolution; the
+// fleet's canonical resolver (`api-token.mts.findApiToken()`) hits
+// the cache, then env, then keychain, in that order. Bash callers
+// that go straight to `security find-generic-password` skip all of
+// that and re-prompt the user every time.
+//
+// Detects (case-sensitive, structural — not just substring):
+//
+//   macOS:
+//     security find-generic-password
+//     security find-internet-password
+//
+//   Linux:
+//     secret-tool lookup
+//     secret-tool search
+//
+//   Windows (PowerShell):
+//     Get-StoredCredential          (CredentialManager module)
+//     Get-Credential                (when piping to ConvertFrom-SecureString)
+//
+//   Cross-platform (Python keyring CLI):
+//     keyring get
+//
+// Allowed (writes / deletes — necessary for operator-driven setup /
+// rotation, never on hot paths):
+//
+//   security add-generic-password   security delete-generic-password
+//   secret-tool store               secret-tool clear
+//   New-StoredCredential            Remove-StoredCredential
+//   keyring set                     keyring del
+//
+// Bypass: `Allow blind-keychain-read bypass` in a recent user turn.
+// Use when you genuinely need to verify a keychain entry exists
+// (e.g. operator-invoked diagnostics).
+//
+// Exit codes:
+//   0 — pass.
+//   2 — block.
+//
+// Fails open on malformed payloads (exit 0 + stderr log) — the fleet's
+// hook contract.
+
+import process from 'node:process'
+
+import { bypassPhrasePresent } from '../_shared/transcript.mts'
+
+interface ToolInput {
+  readonly tool_input?:
+    | {
+        readonly command?: string | undefined
+      }
+    | undefined
+  readonly tool_name?: string | undefined
+  readonly transcript_path?: string | undefined
+}
+
+interface Hit {
+  readonly tool: string
+  readonly platform: 'macos' | 'linux' | 'windows' | 'cross-platform'
+  readonly snippet: string
+}
+
+const BYPASS_PHRASE = 'Allow blind-keychain-read bypass'
+
+// Token-bearing read patterns. Each entry: the literal verb that
+// surfaces a UI prompt + a label for the error message. Writes /
+// deletes are intentionally absent from this list.
+const READ_PATTERNS: ReadonlyArray<{
+  readonly re: RegExp
+  readonly tool: string
+  readonly platform: Hit['platform']
+}> = [
+  // macOS — `security(1)`. The `-w` flag prints the password to
+  // stdout, but even the metadata-only form triggers the ACL prompt.
+  {
+    re: /\bsecurity\s+(?:find-generic-password|find-internet-password)\b/,
+    tool: 'security find-*-password',
+    platform: 'macos',
+  },
+  // Linux — `secret-tool`. `lookup` returns the password; `search`
+  // lists matches (also surfaces the libsecret prompt).
+  {
+    re: /\bsecret-tool\s+(?:lookup|search)\b/,
+    tool: 'secret-tool lookup/search',
+    platform: 'linux',
+  },
+  // Windows PowerShell — CredentialManager module. The
+  // `Get-StoredCredential` cmdlet returns a PSCredential; reading
+  // `.Password | ConvertFrom-SecureString` is the read pattern.
+  {
+    re: /\bGet-StoredCredential\b/,
+    tool: 'Get-StoredCredential',
+    platform: 'windows',
+  },
+  // PowerShell `Get-Credential -Credential` piped to
+  // `ConvertFrom-SecureString -AsPlainText` is the readback shape.
+  // The bare `Get-Credential` (no pipe) is a fresh-prompt-the-user
+  // flow and not the issue here — match only the readback pipe.
+  {
+    re: /\bGet-Credential\b[^|]*\|\s*ConvertFrom-SecureString\b/,
+    tool: 'Get-Credential | ConvertFrom-SecureString',
+    platform: 'windows',
+  },
+  // Python `keyring` CLI — `keyring get <service> <username>`.
+  {
+    re: /\bkeyring\s+get\b/,
+    tool: 'keyring get',
+    platform: 'cross-platform',
+  },
+]
+
+/**
+ * Scan a Bash command string for keychain READ patterns. Returns one hit per
+ * matching subcommand so the error message can name them all (a `&&`-chained
+ * command might have multiple).
+ */
+export function findKeychainReads(command: string): Hit[] {
+  const hits: Hit[] = []
+  for (let i = 0, { length } = READ_PATTERNS; i < length; i += 1) {
+    const entry = READ_PATTERNS[i]!
+    const m = entry.re.exec(command)
+    if (!m) {
+      continue
+    }
+    // Pull a short snippet around the match (up to 80 chars) so the
+    // operator can see the context. Centered on the match start.
+    const start = Math.max(0, m.index - 10)
+    const end = Math.min(command.length, m.index + m[0].length + 50)
+    const snippet = command.slice(start, end)
+    hits.push({
+      tool: entry.tool,
+      platform: entry.platform,
+      snippet: snippet.length < command.length ? `…${snippet}…` : snippet,
+    })
+  }
+  return hits
+}
+
+function handlePayload(payloadRaw: string): number {
+  let payload: ToolInput
+  try {
+    payload = JSON.parse(payloadRaw) as ToolInput
+  } catch {
+    return 0
+  }
+  if (payload.tool_name !== 'Bash') {
+    return 0
+  }
+  const command = payload.tool_input?.command ?? ''
+  if (!command) {
+    return 0
+  }
+  const hits = findKeychainReads(command)
+  if (hits.length === 0) {
+    return 0
+  }
+  if (bypassPhrasePresent(payload.transcript_path, BYPASS_PHRASE)) {
+    return 0
+  }
+  const lines: string[] = []
+  lines.push(
+    '[no-blind-keychain-read-guard] Blocked: direct keychain READ from Bash.',
+  )
+  lines.push('')
+  for (let i = 0, { length } = hits; i < length; i += 1) {
+    const h = hits[i]!
+    lines.push(`  ${h.platform.padEnd(15)} ${h.tool}`)
+    lines.push(`    Saw: ${h.snippet}`)
+  }
+  lines.push('')
+  lines.push(
+    '  Reading the keychain via the platform CLI surfaces a UI auth',
+  )
+  lines.push(
+    "  prompt on the user's screen — and the prompt fires once per",
+  )
+  lines.push(
+    '  call. A hook chain that reads three times costs three prompts.',
+  )
+  lines.push('')
+  lines.push('  The token is almost certainly already available without a')
+  lines.push('  keychain read:')
+  lines.push('')
+  lines.push(
+    '    - In-process: call findApiToken() from setup-security-tools/',
+  )
+  lines.push(
+    '      lib/api-token.mts. It returns the module-cached value from',
+  )
+  lines.push('      the first call onward, then env, then keychain.')
+  lines.push('')
+  lines.push('    - From Bash: read process.env.SOCKET_API_KEY or')
+  lines.push(
+    '      process.env.SOCKET_API_TOKEN. The wheelhouse shell-rc bridge',
+  )
+  lines.push('      exports both for every new shell session.')
+  lines.push('')
+  lines.push(
+    '  Writes / deletes (security add-generic-password / secret-tool',
+  )
+  lines.push(
+    '  store / New-StoredCredential / etc.) are allowed — they only',
+  )
+  lines.push('  happen during operator-driven setup / rotation.')
+  lines.push('')
+  lines.push('  Bypass (e.g. operator-invoked diagnostics that need a fresh')
+  lines.push('  keychain read):')
+  lines.push(`    Type "${BYPASS_PHRASE}" in your next message.`)
+  process.stderr.write(lines.join('\n') + '\n')
+  return 2
+}
+
+export { handlePayload }
+
+// CLI entrypoint — only fires when this file is the main module.
+// During tests the importer pulls `findKeychainReads` without triggering
+// the stdin reader (which would never see an `end` event in test env
+// and hang the process).
+if (process.argv[1] && process.argv[1].endsWith('index.mts')) {
+  let payloadRaw = ''
+  process.stdin.setEncoding('utf8')
+  process.stdin.on('data', chunk => {
+    payloadRaw += chunk
+  })
+  process.stdin.on('end', () => {
+    try {
+      process.exit(handlePayload(payloadRaw))
+    } catch (e) {
+      process.stderr.write(
+        `[no-blind-keychain-read-guard] hook error (allowing): ${e}\n`,
+      )
+      process.exit(0)
+    }
+  })
+}
diff --git a/.claude/hooks/no-blind-keychain-read-guard/package.json b/.claude/hooks/no-blind-keychain-read-guard/package.json
new file mode 100644
index 0000000..819429b
--- /dev/null
+++ b/.claude/hooks/no-blind-keychain-read-guard/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "hook-no-blind-keychain-read-guard",
+  "private": true,
+  "type": "module",
+  "main": "./index.mts",
+  "exports": {
+    ".": "./index.mts"
+  },
+  "scripts": {
+    "test": "node --test test/*.test.mts"
+  },
+  "devDependencies": {
+    "@types/node": "catalog:"
+  }
+}
diff --git a/.claude/hooks/no-blind-keychain-read-guard/test/index.test.mts b/.claude/hooks/no-blind-keychain-read-guard/test/index.test.mts
new file mode 100644
index 0000000..2816b87
--- /dev/null
+++ b/.claude/hooks/no-blind-keychain-read-guard/test/index.test.mts
@@ -0,0 +1,142 @@
+/**
+ * @file Unit tests for findKeychainReads — the structural matcher that
+ *   classifies a Bash command string into keychain READ hits (vs writes,
+ *   deletes, and unrelated commands).
+ */
+
+import test from 'node:test'
+import assert from 'node:assert/strict'
+
+import { findKeychainReads } from '../index.mts'
+
+test('macOS find-generic-password is flagged', () => {
+  const hits = findKeychainReads(
+    'security find-generic-password -s socket-cli -a SOCKET_API_KEY -w',
+  )
+  assert.equal(hits.length, 1)
+  assert.equal(hits[0]!.platform, 'macos')
+})
+
+test('macOS find-internet-password is flagged', () => {
+  const hits = findKeychainReads(
+    'security find-internet-password -s example.com -a user',
+  )
+  assert.equal(hits.length, 1)
+  assert.equal(hits[0]!.platform, 'macos')
+})
+
+test('macOS add-generic-password is NOT flagged (write)', () => {
+  const hits = findKeychainReads(
+    'security add-generic-password -U -s socket-cli -a SOCKET_API_KEY -w xxx',
+  )
+  assert.equal(hits.length, 0)
+})
+
+test('macOS delete-generic-password is NOT flagged (delete)', () => {
+  const hits = findKeychainReads(
+    'security delete-generic-password -s socket-cli -a SOCKET_API_KEY',
+  )
+  assert.equal(hits.length, 0)
+})
+
+test('Linux secret-tool lookup is flagged', () => {
+  const hits = findKeychainReads(
+    'secret-tool lookup service socket-cli user SOCKET_API_KEY',
+  )
+  assert.equal(hits.length, 1)
+  assert.equal(hits[0]!.platform, 'linux')
+})
+
+test('Linux secret-tool search is flagged', () => {
+  const hits = findKeychainReads('secret-tool search service socket-cli')
+  assert.equal(hits.length, 1)
+  assert.equal(hits[0]!.platform, 'linux')
+})
+
+test('Linux secret-tool store is NOT flagged (write)', () => {
+  const hits = findKeychainReads(
+    'secret-tool store --label="Socket API token" service socket-cli user SOCKET_API_KEY',
+  )
+  assert.equal(hits.length, 0)
+})
+
+test('Linux secret-tool clear is NOT flagged (delete)', () => {
+  const hits = findKeychainReads(
+    'secret-tool clear service socket-cli user SOCKET_API_KEY',
+  )
+  assert.equal(hits.length, 0)
+})
+
+test('Windows Get-StoredCredential is flagged', () => {
+  const hits = findKeychainReads(
+    "powershell -Command \"(Get-StoredCredential -Target 'socket-cli:SOCKET_API_KEY').Password\"",
+  )
+  assert.equal(hits.length, 1)
+  assert.equal(hits[0]!.platform, 'windows')
+})
+
+test('Windows Get-Credential | ConvertFrom-SecureString is flagged', () => {
+  const hits = findKeychainReads(
+    'Get-Credential -Credential admin | ConvertFrom-SecureString -AsPlainText',
+  )
+  assert.equal(hits.length, 1)
+  assert.equal(hits[0]!.platform, 'windows')
+})
+
+test('Windows Get-Credential WITHOUT pipe is NOT flagged (fresh prompt)', () => {
+  // Bare Get-Credential is an interactive fresh-prompt flow, not a
+  // readback of a stored credential. Don't block.
+  const hits = findKeychainReads('$cred = Get-Credential -Credential admin')
+  assert.equal(hits.length, 0)
+})
+
+test('Windows New-StoredCredential is NOT flagged (write)', () => {
+  const hits = findKeychainReads(
+    "New-StoredCredential -Target 'socket-cli:SOCKET_API_KEY' -UserName x -SecurePassword $s",
+  )
+  assert.equal(hits.length, 0)
+})
+
+test('keyring get is flagged', () => {
+  const hits = findKeychainReads('keyring get socket-cli SOCKET_API_KEY')
+  assert.equal(hits.length, 1)
+  assert.equal(hits[0]!.platform, 'cross-platform')
+})
+
+test('keyring set is NOT flagged (write)', () => {
+  const hits = findKeychainReads('keyring set socket-cli SOCKET_API_KEY')
+  assert.equal(hits.length, 0)
+})
+
+test('chained reads count separately', () => {
+  // && chain with two reads
+  const hits = findKeychainReads(
+    'security find-generic-password -s a -a b -w && secret-tool lookup service a user b',
+  )
+  assert.equal(hits.length, 2)
+})
+
+test('unrelated commands are not flagged', () => {
+  for (const cmd of [
+    'ls -la',
+    "git log --oneline -5",
+    'echo $SOCKET_API_KEY',
+    'pnpm install',
+    'grep security file.txt',
+    'security delete-keychain ~/Library/Keychains/foo.keychain',
+  ]) {
+    const hits = findKeychainReads(cmd)
+    assert.equal(hits.length, 0, `should not flag: ${cmd}`)
+  }
+})
+
+test('command substitution wrapping is still flagged', () => {
+  // The structural matcher is intentionally a regex, not an AST. This
+  // catches the common subshell shape — verifying the inner verb is
+  // detected even inside `$(...)`. AST-based parsing is overkill for
+  // a non-security-critical reminder hook.
+  const hits = findKeychainReads(
+    'TOKEN="$(security find-generic-password -s socket-cli -a SOCKET_API_KEY -w)" && echo done',
+  )
+  assert.equal(hits.length, 1)
+})
diff --git a/.claude/hooks/no-blind-keychain-read-guard/tsconfig.json b/.claude/hooks/no-blind-keychain-read-guard/tsconfig.json
new file mode 100644
index 0000000..19458cf
--- /dev/null
+++ b/.claude/hooks/no-blind-keychain-read-guard/tsconfig.json
@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "declarationMap": false,
+    "erasableSyntaxOnly": true,
+    "module": "nodenext",
+    "moduleResolution": "nodenext",
+    "noEmit": true,
+    "rewriteRelativeImportExtensions": true,
+    "skipLibCheck": true,
+    "sourceMap": false,
+    "strict": true,
+    "target": "esnext",
+    "types": ["node"],
+    "verbatimModuleSyntax": true
+  }
+}
diff --git a/.claude/hooks/no-empty-commit-guard/README.md b/.claude/hooks/no-empty-commit-guard/README.md
new file mode 100644
index 0000000..c43b041
--- /dev/null
+++ b/.claude/hooks/no-empty-commit-guard/README.md
@@ -0,0 +1,40 @@
+# no-empty-commit-guard
+
+PreToolUse hook that blocks two empty-commit shapes the fleet bans
+(see CLAUDE.md "Commits & PRs → No empty commits"):
+
+1. `git commit --allow-empty` (with or without `-m`, also covers
+   `--allow-empty-message`).
+2. `git cherry-pick --allow-empty` / `--keep-redundant-commits` —
+   replaying a no-content commit forward.
+
+## Why blocking
+
+Empty commits pollute `git log`, break CHANGELOG generators (which
+expect each commit to carry a diff), and hide intent: a future
+reader can't tell whether the author meant to amend the previous
+commit, anchor a tag, or something else.
+
+The canonical way to anchor a release tag forward is
+`git tag -f vX.Y.Z <real-content-commit>` against an actual content
+commit, not a fake "anchor" commit with no diff. Force-moving the
+tag is a cleaner mechanism than synthesising history.
+
+## Bypass
+
+Type `Allow empty-commit bypass` verbatim in a recent user turn,
+then retry. The phrase authorises the next blocked `git commit`
+or `git cherry-pick` invocation within the conversation window.
+
+## Skipped silently
+
+- `tool_name !== 'Bash'`.
+- Commands that don't contain `git commit` or `git cherry-pick`.
+- `--allow-empty` appearing inside a quoted string (e.g. inside a
+  `-m` commit-message body that mentions the flag).
+
+## Failure mode
+
+Fails open: any internal error logs to stderr and exits 0. The hook
+is a quality gate, not a hard dependency — it never wedges the
+operator's flow.
diff --git a/.claude/hooks/no-empty-commit-guard/index.mts b/.claude/hooks/no-empty-commit-guard/index.mts
new file mode 100644
index 0000000..82f103b
--- /dev/null
+++ b/.claude/hooks/no-empty-commit-guard/index.mts
@@ -0,0 +1,133 @@
+#!/usr/bin/env node
+// Claude Code PreToolUse hook — no-empty-commit-guard.
+//
+// Blocks two empty-commit shapes the fleet bans (see CLAUDE.md
+// "Commits & PRs → No empty commits"):
+//
+//   1. `git commit --allow-empty` (with or without `-m`).
+//   2. `git cherry-pick --allow-empty` / `--keep-redundant-commits`
+//      against a ref whose patch is empty relative to HEAD.
+//
+// Why blocking, not reminder: empty commits pollute `git log`, break
+// CHANGELOG generators (which expect each commit to carry a diff),
+// and hide intent ("did the author mean to anchor a tag? amend a
+// previous commit? something else?"). The canonical way to anchor
+// a release tag forward is `git tag -f vX.Y.Z` against the actual
+// content commit, not a fake "anchor" commit with no diff.
+//
+// Skipped silently:
+//   - tool_name !== 'Bash'.
+//   - Command doesn't contain `git commit` or `git cherry-pick`.
+//   - Bypass phrase present in recent transcript turns.
+//
+// Reads a Claude Code PreToolUse JSON payload from stdin:
+//   { "tool_name": "Bash",
+//     "tool_input": { "command": "..." },
+//     "transcript_path": "/path/to/jsonl",  // optional
+//     ... }
+//
+// Exit codes:
+//   0  — allow.
+//   2  — block. Stderr carries the operator-facing message.
+//
+// Fails open on any internal error (exit 0 + stderr log) so the
+// hook never wedges the operator's flow.
+
+import process from 'node:process'
+
+import { containsOutsideQuotes } from '../_shared/bash-quote-mask.mts'
+import { bypassPhrasePresent } from '../_shared/transcript.mts'
+
+interface ToolInput {
+  readonly tool_input?: { readonly command?: string | undefined } | undefined
+  readonly tool_name?: string | undefined
+  readonly transcript_path?: string | undefined
+}
+
+const BYPASS_PHRASE = 'Allow empty-commit bypass'
+
+/**
+ * Detect `git commit --allow-empty` (and `--allow-empty-message`, which is the
+ * same antipattern — both produce a no-op commit). Matches outside quoted
+ * strings so a literal `--allow-empty` in a commit-message body doesn't
+ * false-positive.
+ */
+export function isAllowEmptyCommit(command: string): boolean {
+  if (!containsOutsideQuotes(command, /\bgit\s+commit\b/)) {
+    return false
+  }
+  return containsOutsideQuotes(command, /--allow-empty(?:-message)?\b/)
+}
+
+/**
+ * Detect `git cherry-pick --allow-empty` or `--keep-redundant-commits` — both
+ * replay a no-content commit forward into the current branch, which is exactly
+ * the empty-commit pattern the rule bans.
+ */
+export function isCherryPickAllowEmpty(command: string): boolean {
+  if (!containsOutsideQuotes(command, /\bgit\s+cherry-pick\b/)) {
+    return false
+  }
+  return containsOutsideQuotes(
+    command,
+    /--(?:allow-empty|keep-redundant-commits)\b/,
+  )
+}
+
+let payloadRaw = ''
+process.stdin.setEncoding('utf8')
+process.stdin.on('data', chunk => {
+  payloadRaw += chunk
+})
+process.stdin.on('end', () => {
+  try {
+    let payload: ToolInput
+    try {
+      payload = JSON.parse(payloadRaw) as ToolInput
+    } catch {
+      process.exit(0)
+    }
+    if (payload.tool_name !== 'Bash') {
+      process.exit(0)
+    }
+    const command = payload.tool_input?.command ?? ''
+    if (!command) {
+      process.exit(0)
+    }
+
+    const allowEmptyCommit = isAllowEmptyCommit(command)
+    const allowEmptyCherryPick = isCherryPickAllowEmpty(command)
+    if (!allowEmptyCommit && !allowEmptyCherryPick) {
+      process.exit(0)
+    }
+
+    // Operator bypass — `Allow empty-commit bypass` in a recent turn.
+    if (bypassPhrasePresent(payload.transcript_path, BYPASS_PHRASE)) {
+      process.exit(0)
+    }
+
+    const flag = allowEmptyCommit
+      ? '--allow-empty (or --allow-empty-message)'
+      : '--allow-empty / --keep-redundant-commits'
+    process.stderr.write(
+      [
+        `[no-empty-commit-guard] Blocked: git ${allowEmptyCommit ? 'commit' : 'cherry-pick'} ${flag}`,
+        '',
+        '  Empty commits pollute `git log`, break CHANGELOG generators',
+        '  (which expect each commit to carry a diff), and hide intent.',
+        '',
+        '  If you are anchoring a release tag forward, use:',
+        '    git tag -f vX.Y.Z <real-content-commit>',
+        '    git push origin --force-with-lease vX.Y.Z',
+        '',
+        '  If you genuinely need to record a no-content waypoint, type',
+        `  "${BYPASS_PHRASE}" in chat, then retry.`,
+        '',
+      ].join('\n'),
+    )
+    process.exit(2)
+  } catch (e) {
+    process.stderr.write(`[no-empty-commit-guard] hook error (allowing): ${e}\n`)
+    process.exit(0)
+  }
+})
diff --git a/.claude/hooks/no-empty-commit-guard/package.json b/.claude/hooks/no-empty-commit-guard/package.json
new file mode 100644
index 0000000..b78fb04
--- /dev/null
+++ b/.claude/hooks/no-empty-commit-guard/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "hook-no-empty-commit-guard",
+  "private": true,
+  "type": "module",
+  "main": "./index.mts",
+  "exports": {
+    ".": "./index.mts"
+  },
+  "scripts": {
+    "test": "node --test test/*.test.mts"
+  },
+  "devDependencies": {
+    "@types/node": "catalog:"
+  }
+}
diff --git a/.claude/hooks/no-empty-commit-guard/test/index.test.mts b/.claude/hooks/no-empty-commit-guard/test/index.test.mts
new file mode 100644
index 0000000..9ce2c95
--- /dev/null
+++ b/.claude/hooks/no-empty-commit-guard/test/index.test.mts
@@ -0,0 +1,112 @@
+// node --test specs for the no-empty-commit-guard hook.
+
+// prefer-async-spawn: streaming-stdio-required — test spawns child
+// subprocess and pipes stdin/stdout/stderr; Node spawn returns the
+// ChildProcess streaming surface the lib promise wrapper does not.
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+import test from 'node:test'
+import assert from 'node:assert/strict'
+
+const here = path.dirname(fileURLToPath(import.meta.url))
+const HOOK = path.join(here, '..', 'index.mts')
+
+type Result = { code: number; stderr: string }
+
+async function runHook(payload: Record<string, unknown>): Promise<Result> {
+  const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
+  child.stdin!.end(JSON.stringify(payload))
+  let stderr = ''
+  child.process.stderr!.on('data', chunk => {
+    stderr += chunk.toString('utf8')
+  })
+  return new Promise(resolve => {
+    child.process.on('exit', code => {
+      resolve({ code: code ?? 0, stderr })
+    })
+  })
+}
+
+test('non-Bash tool calls pass through silently', async () => {
+  const result = await runHook({
+    tool_input: { file_path: 'foo.ts', new_string: 'x' },
+    tool_name: 'Edit',
+  })
+  assert.strictEqual(result.code, 0)
+  assert.strictEqual(result.stderr, '')
+})
+
+test('plain git commit passes through silently', async () => {
+  const result = await runHook({
+    tool_input: { command: 'git commit -m "real change"' },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 0)
+  assert.strictEqual(result.stderr, '')
+})
+
+test('git commit --allow-empty is blocked', async () => {
+  const result = await runHook({
+    tool_input: {
+      command: 'git commit --allow-empty -m "anchor v1.0.0 tag"',
+    },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 2)
+  assert.match(result.stderr, /no-empty-commit-guard.*Blocked/)
+})
+
+test('git commit --allow-empty-message is blocked', async () => {
+  const result = await runHook({
+    tool_input: { command: 'git commit --allow-empty-message -m ""' },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 2)
+  assert.match(result.stderr, /no-empty-commit-guard.*Blocked/)
+})
+
+test('git cherry-pick --allow-empty is blocked', async () => {
+  const result = await runHook({
+    tool_input: { command: 'git cherry-pick --allow-empty abc1234' },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 2)
+  assert.match(result.stderr, /no-empty-commit-guard.*Blocked/)
+})
+
+test('git cherry-pick --keep-redundant-commits is blocked', async () => {
+  const result = await runHook({
+    tool_input: {
+      command: 'git cherry-pick --keep-redundant-commits abc1234',
+    },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 2)
+  assert.match(result.stderr, /no-empty-commit-guard.*Blocked/)
+})
+
+test('plain git cherry-pick passes through silently', async () => {
+  const result = await runHook({
+    tool_input: { command: 'git cherry-pick abc1234' },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 0)
+  assert.strictEqual(result.stderr, '')
+})
+
+test('commit message bodies mentioning --allow-empty are skipped (quote-aware)', async () => {
+  const result = await runHook({
+    tool_input: {
+      command: `git commit -m "docs: forbid git commit --allow-empty in fleet"`,
+    },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 0)
+  assert.strictEqual(result.stderr, '')
+})
diff --git a/.claude/hooks/no-empty-commit-guard/tsconfig.json b/.claude/hooks/no-empty-commit-guard/tsconfig.json
new file mode 100644
index 0000000..19458cf
--- /dev/null
+++ b/.claude/hooks/no-empty-commit-guard/tsconfig.json
@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "declarationMap": false,
+    "erasableSyntaxOnly": true,
+    "module": "nodenext",
+    "moduleResolution": "nodenext",
+    "noEmit": true,
+    "rewriteRelativeImportExtensions": true,
+    "skipLibCheck": true,
+    "sourceMap": false,
+    "strict": true,
+    "target": "esnext",
+    "types": ["node"],
+    "verbatimModuleSyntax": true
+  }
+}
diff --git a/.claude/hooks/no-experimental-strip-types-guard/test/index.test.mts b/.claude/hooks/no-experimental-strip-types-guard/test/index.test.mts
index fb4a2e9..4c130c7 100644
--- a/.claude/hooks/no-experimental-strip-types-guard/test/index.test.mts
+++ b/.claude/hooks/no-experimental-strip-types-guard/test/index.test.mts
@@ -6,7 +6,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import test from 'node:test'
@@ -22,6 +22,11 @@ interface Result {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/no-external-issue-ref-guard/test/index.test.mts b/.claude/hooks/no-external-issue-ref-guard/test/index.test.mts
index 0899da2..316a95d 100644
--- a/.claude/hooks/no-external-issue-ref-guard/test/index.test.mts
+++ b/.claude/hooks/no-external-issue-ref-guard/test/index.test.mts
@@ -6,7 +6,7 @@
  */
 
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import { describe, test } from 'node:test'
@@ -21,7 +21,6 @@ interface RunResult {
 
 function runHook(payload: object): RunResult {
   const r = spawnSync('node', [HOOK], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
   })
   return {
@@ -157,7 +156,6 @@ EOF
 
   test('fails open on invalid JSON', () => {
     const r = spawnSync('node', [HOOK], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: 'not json',
     })
     assert.equal(r.status, 0)
@@ -165,7 +163,6 @@ EOF
 
   test('fails open on empty stdin', () => {
     const r = spawnSync('node', [HOOK], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: '',
     })
     assert.equal(r.status, 0)
diff --git a/.claude/hooks/no-fleet-fork-guard/test/index.test.mts b/.claude/hooks/no-fleet-fork-guard/test/index.test.mts
index a1826bb..8a4595a 100644
--- a/.claude/hooks/no-fleet-fork-guard/test/index.test.mts
+++ b/.claude/hooks/no-fleet-fork-guard/test/index.test.mts
@@ -11,7 +11,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -36,6 +36,11 @@ async function runHook(
     payload['transcript_path'] = transcriptPath
   }
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/no-meta-comments-guard/test/index.test.mts b/.claude/hooks/no-meta-comments-guard/test/index.test.mts
index 0ec5c61..a92b61c 100644
--- a/.claude/hooks/no-meta-comments-guard/test/index.test.mts
+++ b/.claude/hooks/no-meta-comments-guard/test/index.test.mts
@@ -5,7 +5,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -16,6 +16,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/no-orphaned-staging/index.mts b/.claude/hooks/no-orphaned-staging/index.mts
index 0b9e373..0a8989f 100644
--- a/.claude/hooks/no-orphaned-staging/index.mts
+++ b/.claude/hooks/no-orphaned-staging/index.mts
@@ -34,7 +34,7 @@
 //
 // Disabled via `SOCKET_NO_ORPHANED_STAGING_DISABLED=1`.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import process from 'node:process'
 
 export async function drainStdin(): Promise<void> {
diff --git a/.claude/hooks/no-orphaned-staging/test/index.test.mts b/.claude/hooks/no-orphaned-staging/test/index.test.mts
index c60a34c..3838dd6 100644
--- a/.claude/hooks/no-orphaned-staging/test/index.test.mts
+++ b/.claude/hooks/no-orphaned-staging/test/index.test.mts
@@ -5,7 +5,7 @@
  */
 
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -22,7 +22,6 @@ interface RunResult {
 
 function runHook(env: Record<string, string>): RunResult {
   const r = spawnSync('node', [HOOK], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: '{}',
     env: { ...process.env, ...env },
   })
@@ -120,7 +119,6 @@ describe('no-orphaned-staging', () => {
     // Empty stdin would normally drain; verifying the hook doesn't
     // crash on missing-env-vars or other edge cases.
     const r = spawnSync('node', [HOOK], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: '',
       env: { ...process.env, CLAUDE_PROJECT_DIR: '/nonexistent/path' },
     })
diff --git a/.claude/hooks/no-revert-guard/test/index.test.mts b/.claude/hooks/no-revert-guard/test/index.test.mts
index 950f9a7..b247579 100644
--- a/.claude/hooks/no-revert-guard/test/index.test.mts
+++ b/.claude/hooks/no-revert-guard/test/index.test.mts
@@ -6,7 +6,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -31,6 +31,11 @@ async function runHook(
     payload['transcript_path'] = transcriptPath
   }
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/no-structured-clone-prefer-json-guard/test/index.test.mts b/.claude/hooks/no-structured-clone-prefer-json-guard/test/index.test.mts
index 6d96666..2fa2661 100644
--- a/.claude/hooks/no-structured-clone-prefer-json-guard/test/index.test.mts
+++ b/.claude/hooks/no-structured-clone-prefer-json-guard/test/index.test.mts
@@ -4,7 +4,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { describe, test } from 'node:test'
 import { fileURLToPath } from 'node:url'
@@ -20,6 +20,11 @@ interface RunResult {
 function runHook(payload: object): Promise<RunResult> {
   return new Promise((resolve, reject) => {
     const child = spawn('node', [HOOK], { stdio: ['pipe', 'pipe', 'pipe'] })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/no-token-in-dotenv-guard/test/index.test.mts b/.claude/hooks/no-token-in-dotenv-guard/test/index.test.mts
index a7b198e..13c6b1d 100644
--- a/.claude/hooks/no-token-in-dotenv-guard/test/index.test.mts
+++ b/.claude/hooks/no-token-in-dotenv-guard/test/index.test.mts
@@ -5,7 +5,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -16,6 +16,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/no-underscore-identifier-guard/test/index.test.mts b/.claude/hooks/no-underscore-identifier-guard/test/index.test.mts
index 37acc50..282b5d2 100644
--- a/.claude/hooks/no-underscore-identifier-guard/test/index.test.mts
+++ b/.claude/hooks/no-underscore-identifier-guard/test/index.test.mts
@@ -5,7 +5,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -16,6 +16,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/node-modules-staging-guard/test/index.test.mts b/.claude/hooks/node-modules-staging-guard/test/index.test.mts
index 818b9da..694a5ca 100644
--- a/.claude/hooks/node-modules-staging-guard/test/index.test.mts
+++ b/.claude/hooks/node-modules-staging-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -18,6 +18,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/overeager-staging-guard/index.mts b/.claude/hooks/overeager-staging-guard/index.mts
index 5420390..f8c47e3 100644
--- a/.claude/hooks/overeager-staging-guard/index.mts
+++ b/.claude/hooks/overeager-staging-guard/index.mts
@@ -36,7 +36,7 @@
 //     "tool_input": { "command": "..." },
 //     "transcript_path": "/.../session.jsonl" }
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { readFileSync } from 'node:fs'
 import path from 'node:path'
 import process from 'node:process'
diff --git a/.claude/hooks/overeager-staging-guard/test/index.test.mts b/.claude/hooks/overeager-staging-guard/test/index.test.mts
index c0b8475..2784f9e 100644
--- a/.claude/hooks/overeager-staging-guard/test/index.test.mts
+++ b/.claude/hooks/overeager-staging-guard/test/index.test.mts
@@ -7,7 +7,7 @@
  */
 
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -36,7 +36,6 @@ function runHook(
     transcript_path: options.transcriptPath,
   }
   const r = spawnSync('node', [HOOK], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
     env: {
       ...process.env,
@@ -255,7 +254,6 @@ test('git commit silent when index files match transcript git-add history', () =
 
 test('non-Bash tool_name is ignored', () => {
   const r = spawnSync('node', [HOOK], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({
       tool_name: 'Edit',
       tool_input: { file_path: '/tmp/foo' },
@@ -266,7 +264,6 @@ test('non-Bash tool_name is ignored', () => {
 
 test('malformed payload is ignored (fail-open)', () => {
   const r = spawnSync('node', [HOOK], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: 'not-json',
   })
   assert.equal(r.status, 0)
diff --git a/.claude/hooks/path-guard/README.md b/.claude/hooks/path-guard/README.md
index 72ef970..bec03c1 100644
--- a/.claude/hooks/path-guard/README.md
+++ b/.claude/hooks/path-guard/README.md
@@ -73,11 +73,10 @@ The hook recognizes Rule B traversals only when the next segment
 after `..` is a known fleet package name:
 
 `binflate`, `binject`, `binpress`, `bin-infra`, `build-infra`,
-`codet5-models-builder`, `curl-builder`, `iocraft-builder`,
-`ink-builder`, `libpq-builder`, `lief-builder`, `minilm-builder`,
-`models`, `napi-go`, `node-smol-builder`, `onnxruntime-builder`,
-`opentui-builder`, `stubs-builder`, `ultraviolet-builder`,
-`yoga-layout-builder`
+`codet5-models-builder`, `curl-builder`, `libpq-builder`,
+`lief-builder`, `minilm-builder`, `models`, `napi-go`,
+`node-smol-builder`, `onnxruntime-builder`, `opentui-builder`,
+`stubs-builder`, `ultraviolet-builder`, `yoga-layout-builder`
 
 When a new package joins the workspace, add it to
 `KNOWN_SIBLING_PACKAGES` in `index.mts`.
diff --git a/.claude/hooks/path-guard/segments.mts b/.claude/hooks/path-guard/segments.mts
index d680eb8..c4eb78e 100644
--- a/.claude/hooks/path-guard/segments.mts
+++ b/.claude/hooks/path-guard/segments.mts
@@ -54,8 +54,6 @@ export const KNOWN_SIBLING_PACKAGES = new Set([
   'codet5-models-builder',
   'core',
   'curl-builder',
-  'ink-builder',
-  'iocraft-builder',
   'libpq-builder',
   'lief-builder',
   'minilm-builder',
diff --git a/.claude/hooks/path-guard/test/path-guard.test.mts b/.claude/hooks/path-guard/test/path-guard.test.mts
index 0da895b..dbef944 100644
--- a/.claude/hooks/path-guard/test/path-guard.test.mts
+++ b/.claude/hooks/path-guard/test/path-guard.test.mts
@@ -5,7 +5,7 @@
 // Run: pnpm --filter hook-path-guard test
 //      (or directly: node --test test/*.test.mts)
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import process from 'node:process'
 import { fileURLToPath } from 'node:url'
@@ -30,7 +30,6 @@ const runHook = (
         : { file_path: filePath, content: source },
   })
   const result = spawnSync(process.execPath, [HOOK], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: payload,
   })
   return {
@@ -298,7 +297,6 @@ describe('path-guard — tool-name filter', () => {
 describe('path-guard — bug-tolerance (fails open)', () => {
   it('passes through invalid JSON payload', () => {
     const result = spawnSync(process.execPath, [HOOK], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: 'not json at all',
     })
     assert.equal(result.status, 0)
@@ -306,7 +304,6 @@ describe('path-guard — bug-tolerance (fails open)', () => {
 
   it('passes through empty stdin', () => {
     const result = spawnSync(process.execPath, [HOOK], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: '',
     })
     assert.equal(result.status, 0)
diff --git a/.claude/hooks/paths-mts-inherit-guard/test/index.test.mts b/.claude/hooks/paths-mts-inherit-guard/test/index.test.mts
index a336d94..4dd400a 100644
--- a/.claude/hooks/paths-mts-inherit-guard/test/index.test.mts
+++ b/.claude/hooks/paths-mts-inherit-guard/test/index.test.mts
@@ -5,7 +5,7 @@
  */
 
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -22,7 +22,6 @@ interface RunResult {
 
 function runHook(payload: object): RunResult {
   const r = spawnSync('node', [HOOK], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
   })
   return {
@@ -170,7 +169,6 @@ describe('paths-mts-inherit-guard', () => {
 
   test('fails open on invalid JSON', () => {
     const r = spawnSync('node', [HOOK], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: 'not json',
     })
     assert.equal(r.status, 0)
@@ -178,7 +176,6 @@ describe('paths-mts-inherit-guard', () => {
 
   test('fails open on empty stdin', () => {
     const r = spawnSync('node', [HOOK], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: '',
     })
     assert.equal(r.status, 0)
diff --git a/.claude/hooks/perfectionist-reminder/test/index.test.mts b/.claude/hooks/perfectionist-reminder/test/index.test.mts
index e091d35..42541fb 100644
--- a/.claude/hooks/perfectionist-reminder/test/index.test.mts
+++ b/.claude/hooks/perfectionist-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -28,7 +28,6 @@ function makeTranscript(assistantText: string): {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -127,7 +126,6 @@ test('disabled env var short-circuits', () => {
   )
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: p }),
       env: { ...process.env, SOCKET_PERFECTIONIST_REMINDER_DISABLED: '1' },
     })
diff --git a/.claude/hooks/plan-location-guard/test/index.test.mts b/.claude/hooks/plan-location-guard/test/index.test.mts
index 0af717f..63f0927 100644
--- a/.claude/hooks/plan-location-guard/test/index.test.mts
+++ b/.claude/hooks/plan-location-guard/test/index.test.mts
@@ -5,7 +5,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -16,6 +16,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/plan-review-reminder/test/index.test.mts b/.claude/hooks/plan-review-reminder/test/index.test.mts
index cbff9ca..096a559 100644
--- a/.claude/hooks/plan-review-reminder/test/index.test.mts
+++ b/.claude/hooks/plan-review-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -23,7 +23,6 @@ function makeTranscript(assistantText: string): string {
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -78,7 +77,6 @@ test('does NOT fire on plain non-plan prose', () => {
 test('disabled env var short-circuits', () => {
   const t = makeTranscript("Here's the plan: do stuff.")
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: t }),
     env: { ...process.env, SOCKET_PLAN_REVIEW_REMINDER_DISABLED: '1' },
   })
diff --git a/.claude/hooks/pointer-comment-guard/test/index.test.mts b/.claude/hooks/pointer-comment-guard/test/index.test.mts
index d3743d0..0e51b72 100644
--- a/.claude/hooks/pointer-comment-guard/test/index.test.mts
+++ b/.claude/hooks/pointer-comment-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -36,7 +36,6 @@ function runHook(
     payload['transcript_path'] = options.transcriptPath
   }
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
     env: { ...process.env, ...(options.env ?? {}) },
   })
@@ -196,7 +195,6 @@ test('handles block comments — pointer + claim in /* … */ passes', () => {
 
 test('does not crash on malformed payload', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: 'not-json',
   })
   assert.equal(result.status, 0)
@@ -204,7 +202,6 @@ test('does not crash on malformed payload', () => {
 
 test('does not crash when content is missing', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({
       tool_name: 'Write',
       tool_input: { file_path: '/repo/src/foo.ts' },
diff --git a/.claude/hooks/pr-vs-push-default-reminder/index.mts b/.claude/hooks/pr-vs-push-default-reminder/index.mts
index 4abeee7..db11b32 100644
--- a/.claude/hooks/pr-vs-push-default-reminder/index.mts
+++ b/.claude/hooks/pr-vs-push-default-reminder/index.mts
@@ -15,7 +15,7 @@
 // Skipped when the branch isn't main/master (feature branches always
 // PR via the wheelhouse push-fallback policy).
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { readFileSync } from 'node:fs'
 import process from 'node:process'
 
diff --git a/.claude/hooks/pr-vs-push-default-reminder/test/index.test.mts b/.claude/hooks/pr-vs-push-default-reminder/test/index.test.mts
index faad65a..38282d4 100644
--- a/.claude/hooks/pr-vs-push-default-reminder/test/index.test.mts
+++ b/.claude/hooks/pr-vs-push-default-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 // node --test specs for the pr-vs-push-default-reminder hook.
 
-import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -36,6 +36,11 @@ function mkTranscript(userTurns: string[]): string {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/prefer-rebase-over-revert-guard/index.mts b/.claude/hooks/prefer-rebase-over-revert-guard/index.mts
index 97090e6..cdc8f90 100644
--- a/.claude/hooks/prefer-rebase-over-revert-guard/index.mts
+++ b/.claude/hooks/prefer-rebase-over-revert-guard/index.mts
@@ -30,7 +30,7 @@
 //
 // Fails open on any internal error (exit 0 + stderr log).
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import process from 'node:process'
 
 import { containsOutsideQuotes } from '../_shared/bash-quote-mask.mts'
diff --git a/.claude/hooks/prefer-rebase-over-revert-guard/test/index.test.mts b/.claude/hooks/prefer-rebase-over-revert-guard/test/index.test.mts
index 65266a1..67de5c3 100644
--- a/.claude/hooks/prefer-rebase-over-revert-guard/test/index.test.mts
+++ b/.claude/hooks/prefer-rebase-over-revert-guard/test/index.test.mts
@@ -11,7 +11,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import test from 'node:test'
@@ -24,6 +24,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/private-name-guard/test/private-name-guard.test.mts b/.claude/hooks/private-name-guard/test/private-name-guard.test.mts
index f092bac..dae327b 100644
--- a/.claude/hooks/private-name-guard/test/private-name-guard.test.mts
+++ b/.claude/hooks/private-name-guard/test/private-name-guard.test.mts
@@ -2,7 +2,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { test } from 'node:test'
 import { fileURLToPath } from 'node:url'
@@ -24,6 +24,11 @@ function runHook(payload: Payload): Promise<{ code: number; stderr: string }> {
     const child = spawn(process.execPath, [HOOK], {
       stdio: ['pipe', 'ignore', 'pipe'],
     })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/public-surface-reminder/test/public-surface-reminder.test.mts b/.claude/hooks/public-surface-reminder/test/public-surface-reminder.test.mts
index e947183..4a747c0 100644
--- a/.claude/hooks/public-surface-reminder/test/public-surface-reminder.test.mts
+++ b/.claude/hooks/public-surface-reminder/test/public-surface-reminder.test.mts
@@ -2,7 +2,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { test } from 'node:test'
 import { fileURLToPath } from 'node:url'
@@ -24,6 +24,11 @@ function runHook(payload: Payload): Promise<{ code: number; stderr: string }> {
     const child = spawn(process.execPath, [HOOK], {
       stdio: ['pipe', 'ignore', 'pipe'],
     })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/pull-request-target-guard/test/index.test.mts b/.claude/hooks/pull-request-target-guard/test/index.test.mts
index 424788b..0f65a2f 100644
--- a/.claude/hooks/pull-request-target-guard/test/index.test.mts
+++ b/.claude/hooks/pull-request-target-guard/test/index.test.mts
@@ -5,7 +5,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -16,6 +16,11 @@ type Result = { code: number; stderr: string }
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/readme-fleet-shape-guard/README.md b/.claude/hooks/readme-fleet-shape-guard/README.md
new file mode 100644
index 0000000..20f19c6
--- /dev/null
+++ b/.claude/hooks/readme-fleet-shape-guard/README.md
@@ -0,0 +1,36 @@
+# readme-fleet-shape-guard
+
+PreToolUse Edit/Write hook that blocks edits to the **root `README.md`** when the resulting content violates the canonical fleet skeleton.
+
+## Why
+
+Root READMEs across fleet repos drift in three predictable ways: (a) the canonical 5-section structure gets reordered or partially missing, (b) `socket-wheelhouse` (a private repo) leaks into prose or links, (c) commands invoke sibling-repo relative paths (`node ../socket-foo/scripts/...`) that outside readers can't follow. All three are public-facing failure modes.
+
+The fleet has matching surfaces at three layers:
+
+- **Lint-time** — `template/.config/markdownlint-rules/socket-{readme-required-sections, no-private-wheelhouse-leak, no-relative-sibling-script}.mjs`.
+- **Sync-time** — `scripts/sync-scaffolding/checks/readme-skeleton-drift.mts` (report-only; no autofix because README content is contextual).
+- **Edit-time** — this hook. Fires at the earliest surface, before the drift can be committed or pushed.
+
+## How
+
+On `Edit` / `MultiEdit` / `Write` whose `file_path` resolves to the repo-root `README.md`, the hook:
+
+1. Reconstructs the post-edit text (Write → `content`; Edit → splice `old_string` → `new_string` against the on-disk file).
+2. Runs three checks: section list (5 required, in order); `socket-wheelhouse` mention (outside fenced code blocks); sibling-repo relative path patterns.
+3. If any check fires AND the user hasn't typed the bypass phrase, exits 2 with a stderr explaining which rule was hit, the canonical fix, and the bypass instructions.
+
+Nested READMEs (`packages/*/README.md`, `docs/*/README.md`, etc.) are silently ignored — they're scoped docs with their own shape.
+
+## Bypass
+
+User types **`Allow readme-fleet-shape bypass`** verbatim in a recent message (within the last 8 user turns). Case-sensitive; paraphrases don't count.
+
+## Failing open
+
+The hook fails open on its own bugs (exit 0 + stderr log) so a buggy hook can't brick the session. The trade-off: a bug means the check silently doesn't apply for that edit. The sync-time check and the lint-time check still catch the drift later.
+
+## Related
+
+- `.claude/hooks/no-meta-comments-guard/` — structural template; same `_shared/transcript.mts` bypass pattern.
+- `.claude/hooks/plan-location-guard/` — same PreToolUse + bypass shape, blocking on file-path classification.
diff --git a/.claude/hooks/readme-fleet-shape-guard/index.mts b/.claude/hooks/readme-fleet-shape-guard/index.mts
new file mode 100644
index 0000000..ef5198a
--- /dev/null
+++ b/.claude/hooks/readme-fleet-shape-guard/index.mts
@@ -0,0 +1,334 @@
+#!/usr/bin/env node
+// Claude Code PreToolUse hook — readme-fleet-shape-guard.
+//
+// Blocks Edit/Write of the root README.md when the resulting content
+// violates the canonical fleet skeleton:
+//
+//   (a) Missing or out-of-order canonical section. The 5 level-2
+//       sections must appear in this order:
+//         Why this repo exists / Install / Usage / Development / License
+//
+//   (b) Mentions `socket-wheelhouse` outside fenced code blocks.
+//       socket-wheelhouse is a private repo; the link 404s for outside
+//       readers.
+//
+//   (c) Invokes a command against a sibling-repo relative path.
+//       `node ../socket-foo/scripts/...` and similar shapes assume the
+//       reader has the sibling repo checked out at exactly the right
+//       relative level — almost never true for an outside user.
+//
+// Only fires on the REPO-ROOT README.md (basename === 'README.md' AND
+// directory is repo root). Nested READMEs (packages/, docs/, .claude/,
+// etc.) are scoped docs with their own shape; this hook is silent for
+// them.
+//
+// Bypass phrase: `Allow readme-fleet-shape bypass`. Reading recent user
+// turns follows the same pattern as no-revert-guard, plan-location-guard.
+//
+// Companion to:
+//   - scripts/sync-scaffolding/checks/readme-skeleton-drift.mts
+//     (sync-time check, no autofix)
+//   - template/.config/markdownlint-rules/socket-{readme-required-sections,
+//     no-private-wheelhouse-leak, no-relative-sibling-script}.mjs
+//     (lint-time check)
+//
+// This hook is the edit-time enforcement — it fires when the README is
+// being written, catching the failure mode at its earliest surface.
+//
+// Reads a Claude Code PreToolUse JSON payload from stdin:
+//   { "tool_name": "Edit" | "MultiEdit" | "Write",
+//     "tool_input": { "file_path": "...",
+//                     "content"?: "...",
+//                     "new_string"?: "...",
+//                     "old_string"?: "..." },
+//     "transcript_path": "/.../session.jsonl" }
+//
+// Exits:
+//   0 — allowed.
+//   2 — blocked (with stderr message that explains rule + fix + bypass).
+//   0 (with stderr log) — fail-open on hook bugs.
+
+import { existsSync, readFileSync } from 'node:fs'
+import path from 'node:path'
+import process from 'node:process'
+
+import { bypassPhrasePresent, readStdin } from '../_shared/transcript.mts'
+
+type ToolInput = {
+  tool_input?:
+    | {
+        content?: string | undefined
+        file_path?: string | undefined
+        new_string?: string | undefined
+        old_string?: string | undefined
+      }
+    | undefined
+  tool_name?: string | undefined
+  transcript_path?: string | undefined
+}
+
+const BYPASS_PHRASE = 'Allow readme-fleet-shape bypass'
+const BYPASS_LOOKBACK_USER_TURNS = 8
+
+const REQUIRED_SECTIONS = [
+  'Why this repo exists',
+  'Install',
+  'Usage',
+  'Development',
+  'License',
+] as const
+
+const WHEELHOUSE_LEAK_RE = /socket-wheelhouse/i
+const SIBLING_PATH_RES: readonly RegExp[] = [
+  /\b(?:bun|deno|node|npm|pnpm|yarn)\s+\.\.\/[\w@-]+\//,
+  // socket-hook: allow regex-alternation-order
+  /(?:^|\s)\.\.\/socket-[\w-]+\//i,
+  // socket-hook: allow regex-alternation-order
+  /(?:^|\s)\.\.\/sdxgen\//,
+  // socket-hook: allow regex-alternation-order
+  /(?:^|\s)\.\.\/stuie\//,
+]
+
+/**
+ * Repo-root README detection. The hook only fires on the root README.md,
+ * not nested READMEs. The check is path-shape only — basename match +
+ * parent directory ≠ another README's parent.
+ */
+export function isRootReadme(filePath: string): boolean {
+  const normalized = filePath.replace(/\\/g, '/')
+  if (path.basename(normalized) !== 'README.md') {
+    return false
+  }
+  const dir = path.dirname(normalized)
+  // Nested-README markers: any path segment that says "this is a
+  // scoped doc, not the repo root."
+  const segments = dir.split('/').filter(Boolean)
+  const SCOPED_PARENTS = new Set([
+    '.claude',
+    'apps',
+    'crates',
+    'docs',
+    'examples',
+    'packages',
+    'pkg-node',
+    'scripts',
+    'template',
+    'test',
+    'tests',
+  ])
+  for (const seg of segments) {
+    if (SCOPED_PARENTS.has(seg)) {
+      return false
+    }
+  }
+  return true
+}
+
+/**
+ * Compute the post-edit text for an Edit (splice old_string → new_string
+ * against the on-disk file) or a Write (just `content`). Returns
+ * undefined when the post-edit text can't be reliably computed (Edit
+ * against a file that doesn't exist, or old_string not found).
+ */
+export function computePostEditText(
+  toolName: string,
+  filePath: string,
+  newString: string | undefined,
+  oldString: string | undefined,
+  content: string | undefined,
+): string | undefined {
+  if (toolName === 'Write') {
+    return content
+  }
+  if (toolName === 'Edit' || toolName === 'MultiEdit') {
+    if (!existsSync(filePath)) {
+      // Edit against a non-existent file is unusual; let it through.
+      return undefined
+    }
+    let onDisk: string
+    try {
+      onDisk = readFileSync(filePath, 'utf8')
+    } catch {
+      return undefined
+    }
+    if (oldString === undefined || newString === undefined) {
+      return undefined
+    }
+    const idx = onDisk.indexOf(oldString)
+    if (idx === -1) {
+      return undefined
+    }
+    return (
+      onDisk.slice(0, idx) + newString + onDisk.slice(idx + oldString.length)
+    )
+  }
+  return undefined
+}
+
+interface ShapeFinding {
+  kind: 'missing-section' | 'wheelhouse-leak' | 'relative-sibling'
+  detail: string
+}
+
+export function findShapeViolations(text: string): ShapeFinding[] {
+  const lines = text.split('\n')
+  const findings: ShapeFinding[] = []
+
+  const headings: string[] = []
+  for (let i = 0, { length } = lines; i < length; i += 1) {
+    const m = /^##\s+(.+?)\s*$/.exec(lines[i] ?? '')
+    if (m && m[1]) {
+      headings.push(m[1])
+    }
+  }
+  let cursor = 0
+  for (let r = 0, { length } = REQUIRED_SECTIONS; r < length; r += 1) {
+    const want = REQUIRED_SECTIONS[r]
+    let found = -1
+    for (let h = cursor; h < headings.length; h += 1) {
+      if (headings[h] === want) {
+        found = h
+        break
+      }
+    }
+    if (found === -1) {
+      findings.push({
+        kind: 'missing-section',
+        detail: `Missing canonical section "## ${want}" (or out of order)`,
+      })
+      break
+    }
+    cursor = found + 1
+  }
+
+  let inFence = false
+  for (let i = 0, { length } = lines; i < length; i += 1) {
+    const line = lines[i] ?? ''
+    if (/^\s*(?:```|~~~)/.test(line)) {
+      inFence = !inFence
+      continue
+    }
+    if (inFence) {
+      continue
+    }
+    if (WHEELHOUSE_LEAK_RE.test(line)) {
+      findings.push({
+        kind: 'wheelhouse-leak',
+        detail: `Line ${i + 1} mentions socket-wheelhouse: ${line.trim().slice(0, 120)}`,
+      })
+      break
+    }
+  }
+
+  for (let i = 0, { length } = lines; i < length; i += 1) {
+    const line = lines[i] ?? ''
+    let matched = false
+    for (let j = 0, jl = SIBLING_PATH_RES.length; j < jl; j += 1) {
+      if (SIBLING_PATH_RES[j]!.test(line)) {
+        matched = true
+        break
+      }
+    }
+    if (matched) {
+      findings.push({
+        kind: 'relative-sibling',
+        detail: `Line ${i + 1} invokes a sibling-relative path: ${line.trim().slice(0, 120)}`,
+      })
+      break
+    }
+  }
+
+  return findings
+}
+
+async function main(): Promise<number> {
+  const raw = await readStdin()
+  if (!raw.trim()) {
+    return 0
+  }
+
+  let payload: ToolInput
+  try {
+    payload = JSON.parse(raw) as ToolInput
+  } catch {
+    process.stderr.write(
+      'readme-fleet-shape-guard: failed to parse stdin payload — fail-open\n',
+    )
+    return 0
+  }
+
+  const tool = payload.tool_name
+  if (tool !== 'Edit' && tool !== 'MultiEdit' && tool !== 'Write') {
+    return 0
+  }
+
+  const filePath = payload.tool_input?.file_path
+  if (!filePath || !isRootReadme(filePath)) {
+    return 0
+  }
+
+  const postEdit = computePostEditText(
+    tool,
+    filePath,
+    payload.tool_input?.new_string,
+    payload.tool_input?.old_string,
+    payload.tool_input?.content,
+  )
+  if (postEdit === undefined) {
+    return 0
+  }
+
+  const findings = findShapeViolations(postEdit)
+  if (findings.length === 0) {
+    return 0
+  }
+
+  if (
+    bypassPhrasePresent(
+      payload.transcript_path,
+      BYPASS_PHRASE,
+      BYPASS_LOOKBACK_USER_TURNS,
+    )
+  ) {
+    return 0
+  }
+
+  const lines: string[] = [
+    `🚨 readme-fleet-shape-guard: blocked Edit/Write of root README.md.`,
+    ``,
+    `File: ${filePath}`,
+    ``,
+    `Violations:`,
+  ]
+  for (let i = 0, { length } = findings; i < length; i += 1) {
+    lines.push(`  - ${findings[i]!.detail}`)
+  }
+  lines.push(``)
+  lines.push(
+    `Per the fleet "Canonical README" rule (CLAUDE.md → Canonical README),`,
+  )
+  lines.push(`root README.md must follow the skeleton at:`)
+  lines.push(`  socket-wheelhouse/template/README.md`)
+  lines.push(``)
+  lines.push(`Required sections in order:`)
+  for (let i = 0, { length } = REQUIRED_SECTIONS; i < length; i += 1) {
+    lines.push(`  ${i + 1}. ## ${REQUIRED_SECTIONS[i]}`)
+  }
+  lines.push(``)
+  lines.push(
+    `One-shot bypass (rare): user types "${BYPASS_PHRASE}" verbatim in a recent message.`,
+  )
+  lines.push(``)
+  process.stderr.write(`${lines.join('\n')}`)
+  return 2
+}
+
+main().then(
+  code => process.exit(code),
+  err => {
+    process.stderr.write(
+      `readme-fleet-shape-guard: hook error — fail-open: ${String(err)}\n`,
+    )
+    process.exit(0)
+  },
+)
diff --git a/.claude/hooks/readme-fleet-shape-guard/package.json b/.claude/hooks/readme-fleet-shape-guard/package.json
new file mode 100644
index 0000000..5aa4206
--- /dev/null
+++ b/.claude/hooks/readme-fleet-shape-guard/package.json
@@ -0,0 +1,18 @@
+{
+  "name": "hook-readme-fleet-shape-guard",
+  "private": true,
+  "type": "module",
+  "main": "./index.mts",
+  "exports": {
+    ".": "./index.mts"
+  },
+  "scripts": {
+    "test": "node --test test/*.test.mts"
+  },
+  "dependencies": {
+    "@socketsecurity/lib-stable": "catalog:"
+  },
+  "devDependencies": {
+    "@types/node": "catalog:"
+  }
+}
diff --git a/.claude/hooks/readme-fleet-shape-guard/test/index.test.mts b/.claude/hooks/readme-fleet-shape-guard/test/index.test.mts
new file mode 100644
index 0000000..a524fff
--- /dev/null
+++ b/.claude/hooks/readme-fleet-shape-guard/test/index.test.mts
@@ -0,0 +1,139 @@
+// node --test specs for the readme-fleet-shape-guard hook.
+
+import test from 'node:test'
+import assert from 'node:assert/strict'
+// prefer-async-spawn: streaming-stdio-required — test spawns child
+// subprocess and pipes stdin/stdout/stderr; Node spawn returns the
+// ChildProcess streaming surface the lib promise wrapper does not.
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+const here = path.dirname(fileURLToPath(import.meta.url))
+const HOOK = path.join(here, '..', 'index.mts')
+
+type Result = { code: number; stderr: string }
+
+async function runHook(payload: Record<string, unknown>): Promise<Result> {
+  const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
+  child.stdin!.end(JSON.stringify(payload))
+  let stderr = ''
+  child.process.stderr!.on('data', chunk => {
+    stderr += chunk.toString('utf8')
+  })
+  return new Promise(resolve => {
+    child.process.on('exit', code => {
+      resolve({ code: code ?? 0, stderr })
+    })
+  })
+}
+
+const CANONICAL_README = [
+  '# foo',
+  '',
+  '## Why this repo exists',
+  '',
+  'A thing.',
+  '',
+  '## Install',
+  '',
+  '```sh',
+  'npm install foo',
+  '```',
+  '',
+  '## Usage',
+  '',
+  '```js',
+  'const foo = require("foo")',
+  '```',
+  '',
+  '## Development',
+  '',
+  'pnpm install',
+  '',
+  '## License',
+  '',
+  'MIT',
+  '',
+].join('\n')
+
+test('non-Edit/Write tool calls pass through', async () => {
+  const result = await runHook({
+    tool_input: { command: 'ls' },
+    tool_name: 'Bash',
+  })
+  assert.strictEqual(result.code, 0)
+})
+
+test('nested README is ignored', async () => {
+  const result = await runHook({
+    tool_input: {
+      file_path: '/Users/x/projects/foo/packages/bar/README.md',
+      content: '# bar\n\nNo canonical sections at all.\n',
+    },
+    tool_name: 'Write',
+  })
+  assert.strictEqual(result.code, 0)
+})
+
+test('canonical root README passes', async () => {
+  const result = await runHook({
+    tool_input: {
+      file_path: '/Users/x/projects/foo/README.md',
+      content: CANONICAL_README,
+    },
+    tool_name: 'Write',
+  })
+  assert.strictEqual(result.code, 0)
+})
+
+test('missing canonical section is blocked', async () => {
+  const broken = CANONICAL_README.replace('## Install', '## Setup')
+  const result = await runHook({
+    tool_input: {
+      file_path: '/Users/x/projects/foo/README.md',
+      content: broken,
+    },
+    tool_name: 'Write',
+  })
+  assert.strictEqual(result.code, 2)
+  assert.match(result.stderr, /readme-fleet-shape-guard/)
+  assert.match(result.stderr, /Missing canonical section "## Install"/)
+})
+
+test('socket-wheelhouse mention is blocked', async () => {
+  const leaky = CANONICAL_README.replace(
+    'A thing.',
+    'A thing. See socket-wheelhouse for details.',
+  )
+  const result = await runHook({
+    tool_input: {
+      file_path: '/Users/x/projects/foo/README.md',
+      content: leaky,
+    },
+    tool_name: 'Write',
+  })
+  assert.strictEqual(result.code, 2)
+  assert.match(result.stderr, /socket-wheelhouse/)
+})
+
+test('relative sibling script is blocked', async () => {
+  const sibling = CANONICAL_README.replace(
+    'pnpm install',
+    'node ../socket-bar/scripts/foo.mts',
+  )
+  const result = await runHook({
+    tool_input: {
+      file_path: '/Users/x/projects/foo/README.md',
+      content: sibling,
+    },
+    tool_name: 'Write',
+  })
+  assert.strictEqual(result.code, 2)
+  assert.match(result.stderr, /sibling-relative path/)
+})
diff --git a/.claude/hooks/readme-fleet-shape-guard/tsconfig.json b/.claude/hooks/readme-fleet-shape-guard/tsconfig.json
new file mode 100644
index 0000000..19458cf
--- /dev/null
+++ b/.claude/hooks/readme-fleet-shape-guard/tsconfig.json
@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "declarationMap": false,
+    "erasableSyntaxOnly": true,
+    "module": "nodenext",
+    "moduleResolution": "nodenext",
+    "noEmit": true,
+    "rewriteRelativeImportExtensions": true,
+    "skipLibCheck": true,
+    "sourceMap": false,
+    "strict": true,
+    "target": "esnext",
+    "types": ["node"],
+    "verbatimModuleSyntax": true
+  }
+}
diff --git a/.claude/hooks/release-workflow-guard/test/release-workflow-guard.test.mts b/.claude/hooks/release-workflow-guard/test/release-workflow-guard.test.mts
index f2a319a..5abc3bf 100644
--- a/.claude/hooks/release-workflow-guard/test/release-workflow-guard.test.mts
+++ b/.claude/hooks/release-workflow-guard/test/release-workflow-guard.test.mts
@@ -15,8 +15,9 @@ import process, { execPath } from 'node:process'
 import { afterEach, describe, it } from 'node:test'
 import assert from 'node:assert/strict'
 
-import { safeDelete } from '@socketsecurity/lib-stable/fs'
-import { isSpawnError, spawn } from '@socketsecurity/lib-stable/spawn'
+import { safeDelete } from '@socketsecurity/lib-stable/fs/safe'
+import { isSpawnError } from '@socketsecurity/lib-stable/spawn/errors'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
 const hookScript = new URL('../index.mts', import.meta.url).pathname
 
diff --git a/.claude/hooks/setup-security-tools/index.mts b/.claude/hooks/setup-security-tools/index.mts
index ca59de9..32e961a 100644
--- a/.claude/hooks/setup-security-tools/index.mts
+++ b/.claude/hooks/setup-security-tools/index.mts
@@ -38,7 +38,7 @@
 // Fails open on every error (exit 0 + stderr log). The hook must
 // not block the conversation on its own bugs.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { existsSync, promises as fs } from 'node:fs'
 import path from 'node:path'
 import process from 'node:process'
diff --git a/.claude/hooks/setup-security-tools/lib/installers.mts b/.claude/hooks/setup-security-tools/lib/installers.mts
index dedd5e5..b8d893a 100644
--- a/.claude/hooks/setup-security-tools/lib/installers.mts
+++ b/.claude/hooks/setup-security-tools/lib/installers.mts
@@ -21,15 +21,15 @@ import { fileURLToPath } from 'node:url'
 import { PackageURL } from '@socketregistry/packageurl-js-stable'
 import { Type } from '@sinclair/typebox'
 
-import { whichSync } from '@socketsecurity/lib-stable/bin'
+import { whichSync } from '@socketsecurity/lib-stable/bin/which'
 import { downloadBinary } from '@socketsecurity/lib-stable/dlx/binary'
 import { downloadPackage } from '@socketsecurity/lib-stable/dlx/package'
 import { errorMessage } from '@socketsecurity/lib-stable/errors'
-import { safeDelete } from '@socketsecurity/lib-stable/fs'
+import { safeDelete } from '@socketsecurity/lib-stable/fs/safe'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
 import { normalizePath } from '@socketsecurity/lib-stable/paths/normalize'
 import { getSocketHomePath } from '@socketsecurity/lib-stable/paths/socket'
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { parseSchema } from '@socketsecurity/lib-stable/schema/parse'
 
 const logger = getDefaultLogger()
@@ -90,10 +90,7 @@ const JANUS = config.tools['janus']!
 export async function checkZizmorVersion(binPath: string): Promise<boolean> {
   try {
     const result = await spawn(binPath, ['--version'], { stdio: 'pipe' })
-    const output =
-      typeof result.stdout === 'string'
-        ? result.stdout.trim()
-        : result.stdout.toString().trim()
+    const output = String(result.stdout).trim()
     return ZIZMOR.version ? output.includes(ZIZMOR.version) : false
   } catch {
     return false
diff --git a/.claude/hooks/setup-security-tools/lib/token-storage.mts b/.claude/hooks/setup-security-tools/lib/token-storage.mts
index a96f9d6..a6e9951 100644
--- a/.claude/hooks/setup-security-tools/lib/token-storage.mts
+++ b/.claude/hooks/setup-security-tools/lib/token-storage.mts
@@ -17,7 +17,7 @@
  *   persistence failed.
  */
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import {
   existsSync,
   mkdirSync,
@@ -292,7 +292,6 @@ export function writeLinux(token: string, account: string): void {
     'secret-tool',
     ['store', '--label=Socket API token', 'service', SERVICE, 'user', account],
     {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: token,
       stdio: ['pipe', 'pipe', 'pipe'],
     },
@@ -389,7 +388,6 @@ export function writeWindows(token: string, account: string): void {
     } catch { exit 1 }
   `
   const ps = spawnSync('powershell', ['-NoProfile', '-Command', psScript], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: token,
     stdio: ['pipe', 'pipe', 'pipe'],
   })
@@ -420,7 +418,6 @@ export function writeWindowsDpapiFile(token: string): void {
     [Convert]::ToBase64String($protected) | Set-Content -Path '${filePath.replace(/'/g, "''")}' -NoNewline
   `
   const ps = spawnSync('powershell', ['-NoProfile', '-Command', psScript], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: token,
     stdio: ['pipe', 'pipe', 'pipe'],
   })
diff --git a/.claude/hooks/setup-security-tools/test/setup-security-tools.test.mts b/.claude/hooks/setup-security-tools/test/setup-security-tools.test.mts
index d249e8f..97e260c 100644
--- a/.claude/hooks/setup-security-tools/test/setup-security-tools.test.mts
+++ b/.claude/hooks/setup-security-tools/test/setup-security-tools.test.mts
@@ -2,7 +2,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import os from 'node:os'
 import path from 'node:path'
 import { test } from 'node:test'
@@ -24,6 +24,11 @@ test('parses without syntax errors (node --check)', async () => {
     const child = spawn(process.execPath, ['--check', SCRIPT], {
       stdio: ['ignore', 'ignore', 'pipe'],
     })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/soak-exclude-date-annotation-guard/test/index.test.mts b/.claude/hooks/soak-exclude-date-annotation-guard/test/index.test.mts
index d3aa28e..c66102f 100644
--- a/.claude/hooks/soak-exclude-date-annotation-guard/test/index.test.mts
+++ b/.claude/hooks/soak-exclude-date-annotation-guard/test/index.test.mts
@@ -4,7 +4,7 @@ import assert from 'node:assert/strict'
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { describe, test } from 'node:test'
 import { fileURLToPath } from 'node:url'
@@ -20,6 +20,11 @@ interface RunResult {
 function runHook(payload: object): Promise<RunResult> {
   return new Promise((resolve, reject) => {
     const child = spawn('node', [HOOK], { stdio: ['pipe', 'pipe', 'pipe'] })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/socket-token-minifier-start/index.mts b/.claude/hooks/socket-token-minifier-start/index.mts
index a51b35b..dabc3f9 100644
--- a/.claude/hooks/socket-token-minifier-start/index.mts
+++ b/.claude/hooks/socket-token-minifier-start/index.mts
@@ -17,7 +17,7 @@
 // Time budget: ~3 seconds total. Anything slower than that holds the
 // SessionStart hook chain and the user feels it.
 
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { appendFileSync, existsSync } from 'node:fs'
 import http from 'node:http'
 import path from 'node:path'
diff --git a/.claude/hooks/squash-history-reminder/README.md b/.claude/hooks/squash-history-reminder/README.md
new file mode 100644
index 0000000..22d6140
--- /dev/null
+++ b/.claude/hooks/squash-history-reminder/README.md
@@ -0,0 +1,36 @@
+# squash-history-reminder
+
+Stop hook that nudges the operator toward the `squashing-history` skill when an opted-in fleet repo's default branch has grown beyond a configurable commit threshold.
+
+## Why
+
+A subset of fleet repos (currently `socket-addon`, `socket-bin`, `socket-btm`, `sdxgen`, `stuie`) periodically squash the default branch to a single "Initial commit" — the convention exists for repos where deep history is more confusing than useful (binary publishing forwards, scratchpad tooling, etc.). The opt-in is declared centrally in `template/.claude/skills/cascading-fleet/lib/fleet-repos.json` under each repo's `optIns: ['squash-history']` array.
+
+The hook is a soft reminder, not a blocker. It fires at end-of-turn when all three are true:
+
+1. The current repo is on the opt-in list.
+2. The current branch is the repo's default branch (`main` / `master` — resolved per the fleet's _Default branch fallback_ rule).
+3. The default branch has > `SOCKET_SQUASH_HISTORY_COMMIT_THRESHOLD` commits (default 50).
+
+When all three fire, stderr emits a one-paragraph reminder pointing at the `squashing-history` skill.
+
+## Bypass
+
+User types **`Allow squash-history-reminder bypass`** verbatim in a recent message (within the last 8 user turns). Case-sensitive; paraphrases don't count.
+
+Or set `SOCKET_SQUASH_HISTORY_REMINDER_DISABLED=1` in the env to disable entirely.
+
+## Configuration
+
+- `SOCKET_SQUASH_HISTORY_COMMIT_THRESHOLD` — integer; default 50. Below this count, the hook stays silent.
+- `SOCKET_SQUASH_HISTORY_REMINDER_DISABLED` — any truthy value short-circuits the hook.
+
+## Failing open
+
+The hook fails open on its own bugs (the catch in `main()`). A buggy hook can never block the session.
+
+## Related
+
+- `.claude/skills/squashing-history/SKILL.md` — the canonical squash-history skill (does the actual work).
+- `.claude/skills/cascading-fleet/lib/fleet-repos.json` — the roster + opt-in declarations.
+- `.claude/hooks/default-branch-guard/` — sibling hook that enforces `main → master` fallback wherever the default branch is hard-coded.
diff --git a/.claude/hooks/squash-history-reminder/index.mts b/.claude/hooks/squash-history-reminder/index.mts
new file mode 100644
index 0000000..cf3b5a7
--- /dev/null
+++ b/.claude/hooks/squash-history-reminder/index.mts
@@ -0,0 +1,221 @@
+#!/usr/bin/env node
+// Claude Code Stop hook — squash-history-reminder.
+//
+// Reminds the operator about the `squashing-history` skill when:
+//   1. The current repo's `name` (from the local git remote OR
+//      basename of the working tree) is listed in the fleet
+//      roster's `optIns: ['squash-history']` set.
+//   2. The current branch is the repo's default branch (per the
+//      fleet's _Default branch fallback_ rule — main → master).
+//   3. The default branch has more than HISTORY_COMMIT_THRESHOLD
+//      commits (default 50). Tunable via env.
+//
+// The reminder is a soft one-liner; pairs with the
+// `template/.claude/skills/squashing-history/SKILL.md` skill that
+// does the actual squash.
+//
+// Bypass phrase: `Allow squash-history-reminder bypass`. Disable
+// entirely via SOCKET_SQUASH_HISTORY_REMINDER_DISABLED.
+
+import { existsSync, readFileSync } from 'node:fs'
+import path from 'node:path'
+import process from 'node:process'
+import { execSync } from 'node:child_process'
+
+import { bypassPhrasePresent, readStdin } from '../_shared/transcript.mts'
+
+const BYPASS_PHRASE = 'Allow squash-history-reminder bypass'
+const BYPASS_LOOKBACK_USER_TURNS = 8
+const HISTORY_COMMIT_THRESHOLD = Number.parseInt(
+  process.env['SOCKET_SQUASH_HISTORY_COMMIT_THRESHOLD'] ?? '50',
+  10,
+)
+
+interface StopPayload {
+  readonly transcript_path?: string | undefined
+  readonly cwd?: string | undefined
+}
+
+interface FleetRepo {
+  readonly name: string
+  readonly optIns?: readonly string[] | undefined
+}
+
+interface FleetRoster {
+  readonly repos: readonly FleetRepo[]
+}
+
+function gitSafe(cwd: string, args: string[]): string | undefined {
+  try {
+    return execSync(`git ${args.join(' ')}`, {
+      cwd,
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+    }).trim()
+  } catch {
+    return undefined
+  }
+}
+
+/**
+ * Identify the canonical repo name. Prefer the GitHub remote (handles
+ * checkout dir renames like `socket-cli-fix-foo`); fall back to the
+ * working-tree basename.
+ */
+export function resolveRepoName(cwd: string): string | undefined {
+  const remote = gitSafe(cwd, ['config', '--get', 'remote.origin.url'])
+  if (remote) {
+    // git@github.com:Org/repo.git OR https://github.com/Org/repo(.git)?
+    const m = /[/:]([^/:]+?)(?:\.git)?$/.exec(remote)
+    if (m && m[1]) {
+      return m[1]
+    }
+  }
+  const base = path.basename(cwd)
+  return base || undefined
+}
+
+export function readRoster(rosterPath: string): FleetRoster | undefined {
+  if (!existsSync(rosterPath)) {
+    return undefined
+  }
+  try {
+    const raw = readFileSync(rosterPath, 'utf8')
+    return JSON.parse(raw) as FleetRoster
+  } catch {
+    return undefined
+  }
+}
+
+export function isOptedIn(
+  roster: FleetRoster,
+  repoName: string,
+  optIn: string,
+): boolean {
+  for (let i = 0, { length } = roster.repos; i < length; i += 1) {
+    const r = roster.repos[i]!
+    if (r.name === repoName) {
+      return (r.optIns ?? []).includes(optIn)
+    }
+  }
+  return false
+}
+
+function defaultBranch(cwd: string): string {
+  const sym = gitSafe(cwd, ['symbolic-ref', 'refs/remotes/origin/HEAD'])
+  if (sym) {
+    return sym.replace(/^refs\/remotes\/origin\//, '')
+  }
+  for (const candidate of ['main', 'master']) {
+    if (
+      gitSafe(cwd, [
+        'show-ref',
+        '--verify',
+        '--quiet',
+        `refs/remotes/origin/${candidate}`,
+      ]) !== undefined
+    ) {
+      return candidate
+    }
+  }
+  return 'main'
+}
+
+function currentBranch(cwd: string): string | undefined {
+  return gitSafe(cwd, ['branch', '--show-current'])
+}
+
+function commitCount(cwd: string, ref: string): number {
+  const out = gitSafe(cwd, ['rev-list', '--count', ref])
+  if (out === undefined) {
+    return 0
+  }
+  const n = Number.parseInt(out, 10)
+  return Number.isFinite(n) ? n : 0
+}
+
+async function main(): Promise<void> {
+  if (process.env['SOCKET_SQUASH_HISTORY_REMINDER_DISABLED']) {
+    return
+  }
+  const raw = await readStdin()
+  if (!raw.trim()) {
+    return
+  }
+  let payload: StopPayload
+  try {
+    payload = JSON.parse(raw) as StopPayload
+  } catch {
+    return
+  }
+  const cwd = payload.cwd ?? process.cwd()
+
+  const repoRoot = gitSafe(cwd, ['rev-parse', '--show-toplevel']) ?? cwd
+  const rosterCandidates = [
+    path.join(
+      repoRoot,
+      'template/.claude/skills/cascading-fleet/lib/fleet-repos.json',
+    ),
+    path.join(
+      repoRoot,
+      '.claude/skills/cascading-fleet/lib/fleet-repos.json',
+    ),
+  ]
+  let roster: FleetRoster | undefined
+  for (let i = 0, { length } = rosterCandidates; i < length; i += 1) {
+    roster = readRoster(rosterCandidates[i]!)
+    if (roster) {
+      break
+    }
+  }
+  if (!roster) {
+    return
+  }
+
+  const repoName = resolveRepoName(repoRoot)
+  if (!repoName) {
+    return
+  }
+  if (!isOptedIn(roster, repoName, 'squash-history')) {
+    return
+  }
+
+  const branch = currentBranch(repoRoot)
+  const base = defaultBranch(repoRoot)
+  if (branch !== base) {
+    return
+  }
+
+  const count = commitCount(repoRoot, branch)
+  if (count <= HISTORY_COMMIT_THRESHOLD) {
+    return
+  }
+
+  if (
+    bypassPhrasePresent(
+      payload.transcript_path,
+      BYPASS_PHRASE,
+      BYPASS_LOOKBACK_USER_TURNS,
+    )
+  ) {
+    return
+  }
+
+  process.stderr.write(
+    [
+      `💡 squash-history-reminder: ${repoName} is opted into the squash-history convention.`,
+      `   The default branch \`${branch}\` has ${count} commits (threshold ${HISTORY_COMMIT_THRESHOLD}).`,
+      `   Consider running the \`squashing-history\` skill to collapse to a single Initial commit.`,
+      `   Skill: .claude/skills/squashing-history/SKILL.md`,
+      `   Suppress for this session: type "${BYPASS_PHRASE}" verbatim, or set`,
+      `   SOCKET_SQUASH_HISTORY_REMINDER_DISABLED=1 to disable entirely.`,
+      '',
+    ].join('\n'),
+  )
+}
+
+main().catch(e => {
+  process.stderr.write(
+    `squash-history-reminder: hook error (continuing): ${(e as Error).message}\n`,
+  )
+})
diff --git a/.claude/hooks/squash-history-reminder/package.json b/.claude/hooks/squash-history-reminder/package.json
new file mode 100644
index 0000000..e3f4af7
--- /dev/null
+++ b/.claude/hooks/squash-history-reminder/package.json
@@ -0,0 +1,18 @@
+{
+  "name": "hook-squash-history-reminder",
+  "private": true,
+  "type": "module",
+  "main": "./index.mts",
+  "exports": {
+    ".": "./index.mts"
+  },
+  "scripts": {
+    "test": "node --test test/*.test.mts"
+  },
+  "dependencies": {
+    "@socketsecurity/lib-stable": "catalog:"
+  },
+  "devDependencies": {
+    "@types/node": "catalog:"
+  }
+}
diff --git a/.claude/hooks/squash-history-reminder/test/index.test.mts b/.claude/hooks/squash-history-reminder/test/index.test.mts
new file mode 100644
index 0000000..189593c
--- /dev/null
+++ b/.claude/hooks/squash-history-reminder/test/index.test.mts
@@ -0,0 +1,51 @@
+// node --test specs for squash-history-reminder hook helpers.
+
+import test from 'node:test'
+import assert from 'node:assert/strict'
+
+import { isOptedIn, resolveRepoName } from '../index.mts'
+
+test('isOptedIn returns true for an opted-in repo', () => {
+  const roster = {
+    repos: [
+      { name: 'socket-btm', optIns: ['squash-history'] },
+      { name: 'socket-cli' },
+    ],
+  }
+  assert.strictEqual(isOptedIn(roster, 'socket-btm', 'squash-history'), true)
+})
+
+test('isOptedIn returns false for a non-opted-in repo', () => {
+  const roster = {
+    repos: [
+      { name: 'socket-btm', optIns: ['squash-history'] },
+      { name: 'socket-cli' },
+    ],
+  }
+  assert.strictEqual(isOptedIn(roster, 'socket-cli', 'squash-history'), false)
+})
+
+test('isOptedIn returns false for a repo missing from the roster', () => {
+  const roster = {
+    repos: [{ name: 'socket-btm', optIns: ['squash-history'] }],
+  }
+  assert.strictEqual(isOptedIn(roster, 'unknown-repo', 'squash-history'), false)
+})
+
+test('isOptedIn returns false for a different opt-in name', () => {
+  const roster = {
+    repos: [{ name: 'socket-btm', optIns: ['squash-history'] }],
+  }
+  assert.strictEqual(isOptedIn(roster, 'socket-btm', 'other-opt-in'), false)
+})
+
+test('resolveRepoName falls back to cwd basename if no git remote', () => {
+  // Use a real path to verify basename extraction; the function tries
+  // git first but will silently fail in /tmp (no remote configured).
+  const result = resolveRepoName('/tmp/socket-imaginary')
+  // Result is either the basename OR a real remote name if /tmp happens
+  // to be inside a git checkout (unlikely). Both are valid; the
+  // important thing is the function returns *something* string-shaped.
+  assert.strictEqual(typeof result, 'string')
+  assert.ok((result?.length ?? 0) > 0)
+})
diff --git a/.claude/hooks/squash-history-reminder/tsconfig.json b/.claude/hooks/squash-history-reminder/tsconfig.json
new file mode 100644
index 0000000..19458cf
--- /dev/null
+++ b/.claude/hooks/squash-history-reminder/tsconfig.json
@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "declarationMap": false,
+    "erasableSyntaxOnly": true,
+    "module": "nodenext",
+    "moduleResolution": "nodenext",
+    "noEmit": true,
+    "rewriteRelativeImportExtensions": true,
+    "skipLibCheck": true,
+    "sourceMap": false,
+    "strict": true,
+    "target": "esnext",
+    "types": ["node"],
+    "verbatimModuleSyntax": true
+  }
+}
diff --git a/.claude/hooks/stale-process-sweeper/index.mts b/.claude/hooks/stale-process-sweeper/index.mts
index 5f476df..fc99568 100644
--- a/.claude/hooks/stale-process-sweeper/index.mts
+++ b/.claude/hooks/stale-process-sweeper/index.mts
@@ -31,7 +31,7 @@
 // Stop hooks receive JSON on stdin (we don't read it; the body
 // shape is irrelevant to our work) and exit code is advisory.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import process from 'node:process'
 
 // Process-name patterns that indicate a stale test/build worker.
diff --git a/.claude/hooks/stale-process-sweeper/test/stale-process-sweeper.test.mts b/.claude/hooks/stale-process-sweeper/test/stale-process-sweeper.test.mts
index 4f7adfa..be79c41 100644
--- a/.claude/hooks/stale-process-sweeper/test/stale-process-sweeper.test.mts
+++ b/.claude/hooks/stale-process-sweeper/test/stale-process-sweeper.test.mts
@@ -1,7 +1,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { fileURLToPath } from 'node:url'
 import path from 'node:path'
 import { test } from 'node:test'
@@ -17,6 +17,11 @@ function runHook(): Promise<{ code: number; stderr: string }> {
     const child = spawn(process.execPath, [HOOK], {
       stdio: ['pipe', 'ignore', 'pipe'],
     })
+    // v6 lib-stable spawn returns an enriched Promise that rejects on
+    // non-zero exit; this test reads stderr + exit via manual listeners
+    // instead. Swallow the Promise rejection so it doesn't race the
+    // listener-based resolve and trigger "async activity after test ended".
+    void child.catch(() => undefined)
     let stderr = ''
     child.process.stderr!.on('data', d => {
       stderr += d.toString()
diff --git a/.claude/hooks/token-guard/test/token-guard.test.mts b/.claude/hooks/token-guard/test/token-guard.test.mts
index 1270e34..681de7c 100644
--- a/.claude/hooks/token-guard/test/token-guard.test.mts
+++ b/.claude/hooks/token-guard/test/token-guard.test.mts
@@ -8,8 +8,8 @@
 import { describe, it } from 'node:test'
 import assert from 'node:assert/strict'
 
-import { whichSync } from '@socketsecurity/lib-stable/bin'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { whichSync } from '@socketsecurity/lib-stable/bin/which'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 
 const hookScript = new URL('../index.mts', import.meta.url).pathname
 const nodeBinRaw = whichSync('node')
@@ -31,7 +31,6 @@ function runHook(
     tool_input: { command },
   })
   const result = spawnSync(nodeBin, [hookScript], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input,
     timeout: 5_000,
     stdio: ['pipe', 'pipe', 'pipe'],
@@ -196,7 +195,6 @@ describe('token-guard hook', () => {
   describe('fails open on malformed input', () => {
     it('empty stdin', () => {
       const r = spawnSync(nodeBin, [hookScript], {
-        // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
         input: '',
         timeout: 5_000,
         stdio: ['pipe', 'pipe', 'pipe'],
@@ -205,7 +203,6 @@ describe('token-guard hook', () => {
     })
     it('non-JSON stdin', () => {
       const r = spawnSync(nodeBin, [hookScript], {
-        // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
         input: 'not json',
         timeout: 5_000,
         stdio: ['pipe', 'pipe', 'pipe'],
diff --git a/.claude/hooks/variant-analysis-reminder/test/index.test.mts b/.claude/hooks/variant-analysis-reminder/test/index.test.mts
index c73bb08..207f471 100644
--- a/.claude/hooks/variant-analysis-reminder/test/index.test.mts
+++ b/.claude/hooks/variant-analysis-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -46,7 +46,6 @@ function makeTranscript(
 
 function runHook(transcriptPath: string): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({ transcript_path: transcriptPath }),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -172,7 +171,6 @@ test('disabled env var short-circuits', () => {
   const { path: p, cleanup } = makeTranscript('Critical: bug found')
   try {
     const result = spawnSync('node', [HOOK_PATH], {
-      // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
       input: JSON.stringify({ transcript_path: p }),
       env: { ...process.env, SOCKET_VARIANT_ANALYSIS_REMINDER_DISABLED: '1' },
     })
diff --git a/.claude/hooks/verify-rendered-output-before-commit-reminder/index.mts b/.claude/hooks/verify-rendered-output-before-commit-reminder/index.mts
index 333beef..fa723c6 100644
--- a/.claude/hooks/verify-rendered-output-before-commit-reminder/index.mts
+++ b/.claude/hooks/verify-rendered-output-before-commit-reminder/index.mts
@@ -18,7 +18,7 @@
 //
 // No-op when the staged set is purely non-UI source.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { readFileSync } from 'node:fs'
 import process from 'node:process'
 
diff --git a/.claude/hooks/verify-rendered-output-before-commit-reminder/test/index.test.mts b/.claude/hooks/verify-rendered-output-before-commit-reminder/test/index.test.mts
index fbaefb7..eedc019 100644
--- a/.claude/hooks/verify-rendered-output-before-commit-reminder/test/index.test.mts
+++ b/.claude/hooks/verify-rendered-output-before-commit-reminder/test/index.test.mts
@@ -1,6 +1,6 @@
 // node --test specs for the verify-rendered-output-before-commit-reminder hook.
 
-import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -37,6 +37,11 @@ function mkTranscript(entries: object[]): string {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/version-bump-order-guard/index.mts b/.claude/hooks/version-bump-order-guard/index.mts
index 130e328..ee0f76a 100644
--- a/.claude/hooks/version-bump-order-guard/index.mts
+++ b/.claude/hooks/version-bump-order-guard/index.mts
@@ -21,7 +21,7 @@
 // Bypass: "Allow version-bump-order bypass" in a recent user turn, or
 // SOCKET_VERSION_BUMP_ORDER_GUARD_DISABLED=1.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import process from 'node:process'
 
 import { bypassPhrasePresent, readStdin } from '../_shared/transcript.mts'
diff --git a/.claude/hooks/version-bump-order-guard/test/index.test.mts b/.claude/hooks/version-bump-order-guard/test/index.test.mts
index 2e3c810..12cc706 100644
--- a/.claude/hooks/version-bump-order-guard/test/index.test.mts
+++ b/.claude/hooks/version-bump-order-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -46,7 +46,6 @@ function runHook(
   extraEnv: Record<string, string> = {},
 ): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({
       tool_name: 'Bash',
       tool_input: { command },
@@ -112,7 +111,6 @@ test('ALLOWS git tag with non-version label (no enforcement)', () => {
 
 test('IGNORES non-Bash tools', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify({
       tool_name: 'Write',
       tool_input: { command: 'git tag v1.0.0' },
diff --git a/.claude/hooks/vitest-include-vs-node-test-guard/test/index.test.mts b/.claude/hooks/vitest-include-vs-node-test-guard/test/index.test.mts
index b58e240..86f6cb7 100644
--- a/.claude/hooks/vitest-include-vs-node-test-guard/test/index.test.mts
+++ b/.claude/hooks/vitest-include-vs-node-test-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -40,6 +40,11 @@ function makeFixture(opts: FixtureOpts): {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/hooks/workflow-uses-comment-guard/test/index.test.mts b/.claude/hooks/workflow-uses-comment-guard/test/index.test.mts
index 2558e3c..d61fa99 100644
--- a/.claude/hooks/workflow-uses-comment-guard/test/index.test.mts
+++ b/.claude/hooks/workflow-uses-comment-guard/test/index.test.mts
@@ -1,6 +1,6 @@
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
@@ -9,7 +9,6 @@ const HOOK_PATH = path.join(__dirname, '..', 'index.mts')
 
 function runHook(payload: object): { stderr: string; exitCode: number } {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: JSON.stringify(payload),
   })
   return { stderr: String(result.stderr), exitCode: result.status ?? -1 }
@@ -127,7 +126,6 @@ test('ignores non-Edit/Write tool calls', () => {
 
 test('fails open on bad JSON', () => {
   const result = spawnSync('node', [HOOK_PATH], {
-    // @ts-expect-error TS2353 -- lib v5 SpawnSyncOptions omits "input"; v6 exposes it. Runtime accepts it.
     input: '{not-json}',
   })
   assert.equal(result.status, 0)
diff --git a/.claude/hooks/workflow-yaml-multiline-body-guard/test/index.test.mts b/.claude/hooks/workflow-yaml-multiline-body-guard/test/index.test.mts
index 2432a67..ca580eb 100644
--- a/.claude/hooks/workflow-yaml-multiline-body-guard/test/index.test.mts
+++ b/.claude/hooks/workflow-yaml-multiline-body-guard/test/index.test.mts
@@ -3,7 +3,7 @@
 // prefer-async-spawn: streaming-stdio-required — test spawns child
 // subprocess and pipes stdin/stdout/stderr; Node spawn returns the
 // ChildProcess streaming surface the lib promise wrapper does not.
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
@@ -27,6 +27,11 @@ function tmpWorkflow(content: string): string {
 
 async function runHook(payload: Record<string, unknown>): Promise<Result> {
   const child = spawn(process.execPath, [HOOK], { stdio: 'pipe' })
+  // v6 lib-stable spawn returns an enriched Promise that rejects on
+  // non-zero exit; this test reads stderr + exit via manual listeners
+  // instead. Swallow the Promise rejection so it doesn't race the
+  // listener-based resolve and trigger "async activity after test ended".
+  void child.catch(() => undefined)
   child.stdin!.end(JSON.stringify(payload))
   let stderr = ''
   child.process.stderr!.on('data', chunk => {
diff --git a/.claude/settings.json b/.claude/settings.json
index b07aef2..e4a71f0 100644
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -80,6 +80,10 @@
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/pull-request-target-guard/index.mts"
           },
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/readme-fleet-shape-guard/index.mts"
+          },
           {
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/workflow-uses-comment-guard/index.mts"
@@ -155,10 +159,18 @@
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/default-branch-guard/index.mts"
           },
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/no-blind-keychain-read-guard/index.mts"
+          },
           {
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/no-experimental-strip-types-guard/index.mts"
           },
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/no-empty-commit-guard/index.mts"
+          },
           {
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/node-modules-staging-guard/index.mts"
@@ -300,6 +312,10 @@
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/setup-security-tools/index.mts"
           },
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/squash-history-reminder/index.mts"
+          },
           {
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/stale-process-sweeper/index.mts"
diff --git a/.claude/skills/_shared/scripts/git-default-branch.mts b/.claude/skills/_shared/scripts/git-default-branch.mts
index 81c41b3..209b836 100644
--- a/.claude/skills/_shared/scripts/git-default-branch.mts
+++ b/.claude/skills/_shared/scripts/git-default-branch.mts
@@ -9,7 +9,8 @@
  * Cross-platform: shells out to git via @socketsecurity/lib/spawn, which works
  * the same on macOS / Linux / Windows.
  */
-import { isSpawnError, spawn } from '@socketsecurity/lib/spawn'
+import { isSpawnError } from '@socketsecurity/lib/spawn/errors'
+import { spawn } from '@socketsecurity/lib/spawn/spawn'
 
 export type ResolveDefaultBranchOptions = {
   /**
diff --git a/.claude/skills/_shared/scripts/resolve-tools.mts b/.claude/skills/_shared/scripts/resolve-tools.mts
index acb380a..ea362aa 100644
--- a/.claude/skills/_shared/scripts/resolve-tools.mts
+++ b/.claude/skills/_shared/scripts/resolve-tools.mts
@@ -20,7 +20,7 @@
 import { existsSync } from 'node:fs'
 import path from 'node:path'
 
-import { spawn } from '@socketsecurity/lib/spawn'
+import { spawn } from '@socketsecurity/lib/spawn/spawn'
 
 /**
  * Result of a resolver. `args` is the full argv passed to `pnpm exec`,
diff --git a/.claude/skills/auditing-gha-settings/SKILL.md b/.claude/skills/auditing-gha-settings/SKILL.md
index f0108d9..b17ad50 100644
--- a/.claude/skills/auditing-gha-settings/SKILL.md
+++ b/.claude/skills/auditing-gha-settings/SKILL.md
@@ -75,9 +75,10 @@ Or all-at-once with the canonical fleet list (manual today; the orchestrator ski
       SocketDev/socket-sdk-js \
       SocketDev/socket-sdxgen \
       SocketDev/socket-stuie \
+      SocketDev/socket-vscode \
+      SocketDev/socket-webext \
       SocketDev/socket-wheelhouse \
-      SocketDev/ultrathink \
-      SocketDev/vscode-socket-security
+      SocketDev/ultrathink
 
 For machine-readable output (one finding per repo):
 
diff --git a/.claude/skills/auditing-gha-settings/run.mts b/.claude/skills/auditing-gha-settings/run.mts
index 0cbda84..986c85c 100644
--- a/.claude/skills/auditing-gha-settings/run.mts
+++ b/.claude/skills/auditing-gha-settings/run.mts
@@ -22,7 +22,7 @@
 import process from 'node:process'
 
 import { getDefaultLogger } from '@socketsecurity/lib/logger'
-import { spawn } from '@socketsecurity/lib/spawn'
+import { spawn } from '@socketsecurity/lib/spawn/spawn'
 
 const logger = getDefaultLogger()
 
diff --git a/.claude/skills/cascading-fleet/SKILL.md b/.claude/skills/cascading-fleet/SKILL.md
index 378d31c..879133a 100644
--- a/.claude/skills/cascading-fleet/SKILL.md
+++ b/.claude/skills/cascading-fleet/SKILL.md
@@ -34,7 +34,7 @@ The `FLEET_SYNC=1` sentinel is recognized by the wheelhouse `no-revert-guard` +
 
 ### Mode 2 — `registry-pins`
 
-Propagates a `socket-registry` pin chain through the fleet. Different shape — uses `scripts/cascade-registry-pins.mts --sha <M'>` to walk the per-repo workflow pins. Documented here for completeness; the cascade script in `lib/cascade-template.sh` covers Mode 1, and a future `lib/cascade-registry-pins.sh` will cover Mode 2.
+Propagates a `socket-registry` pin chain through the fleet. Different shape — uses `scripts/cascade-registry-pins.mts --sha <M'>` to walk the per-repo workflow pins. Documented here for completeness; the cascade script in `lib/cascade-template.mts` covers Mode 1, and a future `lib/cascade-registry-pins.mts` will cover Mode 2.
 
 For now, the registry-pin cascade is two steps documented inline:
 
@@ -50,7 +50,7 @@ Skipping Step 1 means Step 3 propagates a SHA whose dependency graph still pins
 
 ```bash
 # Mode 1 — propagate wheelhouse template SHA
-bash .claude/skills/cascading-fleet/lib/cascade-template.sh <template-sha>
+node .claude/skills/cascading-fleet/lib/cascade-template.mts <template-sha>
 ```
 
 The script reads the fleet-repo list from `lib/fleet-repos.txt` (single source of truth), iterates, and writes a per-repo result line to stdout. Output also tees to `/tmp/cascade-<sha>.log` for post-hoc inspection.
diff --git a/.claude/skills/cascading-fleet/lib/cascade-template.mts b/.claude/skills/cascading-fleet/lib/cascade-template.mts
new file mode 100644
index 0000000..e93143d
--- /dev/null
+++ b/.claude/skills/cascading-fleet/lib/cascade-template.mts
@@ -0,0 +1,264 @@
+#!/usr/bin/env node
+/**
+ * @file Fleet cascade — propagate a socket-wheelhouse/template/ SHA to every
+ *   fleet repo. Uses the FLEET_SYNC=1 sentinel to bypass the no-revert-guard /
+ *   overeager-staging-guard hooks without per-repo Allow-bypass phrases.
+ *
+ *   Replaces the original cascade-template.sh; the fleet convention is `.mts`
+ *   for all runners.
+ *
+ * Usage:
+ *   node .claude/skills/cascading-fleet/lib/cascade-template.mts <template-sha>
+ *
+ * Reads the canonical fleet-repo list from `<this-dir>/fleet-repos.txt`. Each
+ * repo's worktree is created off `origin/<default-branch>`, the wheelhouse
+ * sync-scaffolding CLI runs, the resulting changes are committed, and the
+ * script tries a direct push first, falling back to opening a PR on rejection.
+ */
+
+import { execFileSync, spawnSync } from 'node:child_process'
+import { appendFileSync, existsSync, readFileSync, writeFileSync } from 'node:fs'
+import { homedir } from 'node:os'
+import path from 'node:path'
+import process from 'node:process'
+
+import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
+
+const logger = getDefaultLogger()
+
+const LOG_PATH_PREFIX = '/tmp/cascade-'
+
+function usage(): never {
+  logger.error(`usage: ${process.argv[1]} <template-sha>`)
+  process.exit(2)
+}
+
+const TEMPLATE_SHA = process.argv[2]
+if (!TEMPLATE_SHA) {
+  usage()
+}
+
+const SCRIPT_DIR = import.meta.dirname
+const FLEET_REPOS_FILE = path.join(SCRIPT_DIR, 'fleet-repos.txt')
+const PROJECTS = process.env['PROJECTS'] || path.join(homedir(), 'projects')
+// socket-hook: allow cross-repo
+const WH_SCRIPT = path.join(PROJECTS, 'socket-wheelhouse', 'scripts', 'sync-scaffolding', 'cli.mts')
+// socket-hook: allow cross-repo
+const CLEANUP_SCRIPT = path.join(PROJECTS, 'socket-wheelhouse', 'scripts', 'cascade-tooling', 'cleanup-stranded.mts')
+
+// Prepend the active Node version's bin dir to PATH so the `node` invoked by
+// the wheelhouse CLI matches the operator's expected toolchain (avoids the
+// pre-commit hook's "wrong Node" fallback). Honors NVM_BIN when set; otherwise
+// leaves PATH alone so a Volta / homebrew / system Node still resolves.
+if (process.env['NVM_BIN']) {
+  process.env['PATH'] = `${process.env['NVM_BIN']}:${process.env['PATH'] || ''}`
+}
+
+if (!existsSync(FLEET_REPOS_FILE)) {
+  logger.error(`fleet-repos.txt not found at ${FLEET_REPOS_FILE}`)
+  process.exit(2)
+}
+if (!existsSync(WH_SCRIPT)) {
+  logger.error(`wheelhouse sync-scaffolding CLI not found at ${WH_SCRIPT}`)
+  logger.error('set PROJECTS=<dir containing socket-wheelhouse> before retrying')
+  process.exit(2)
+}
+// CLEANUP_SCRIPT is optional — older wheelhouse checkouts won't have it.
+// When missing, skip auto-cleanup; the cascade still runs.
+
+const LOG_FILE = `${LOG_PATH_PREFIX}${TEMPLATE_SHA}.log`
+writeFileSync(LOG_FILE, '')
+
+function log(line: string): void {
+  logger.info(line)
+  appendFileSync(LOG_FILE, `${line}\n`)
+}
+
+const RESULTS: string[] = []
+
+log(`══ Cascade ${TEMPLATE_SHA} ══`)
+log(`Log: ${LOG_FILE}`)
+log('')
+
+// Resolve a canonical fleet repo name to a local primary checkout. Mirrors
+// scripts/sync-scaffolding/discover.mts directoryAliasesFor(): canonical
+// `socket-<x>` also resolves to `${PROJECTS}/<x>/`; canonical `<x>` (no
+// socket- prefix — sdxgen, stuie, ultrathink) also resolves to
+// `${PROJECTS}/socket-<x>/`. First primary checkout wins. Returns undefined
+// when no primary checkout exists.
+function resolveLocalCheckout(canonical: string): string | undefined {
+  let candidate = path.join(PROJECTS, canonical)
+  if (existsSync(path.join(candidate, '.git'))) {
+    return candidate
+  }
+  candidate = canonical.startsWith('socket-')
+    ? path.join(PROJECTS, canonical.slice('socket-'.length))
+    : path.join(PROJECTS, `socket-${canonical}`)
+  if (existsSync(path.join(candidate, '.git'))) {
+    return candidate
+  }
+  return undefined
+}
+
+type RunResult = {
+  status: number
+  stdout: string
+  stderr: string
+}
+
+function run(cmd: string, args: string[], opts: { cwd: string; env?: NodeJS.ProcessEnv } = { cwd: process.cwd() }): RunResult {
+  const r = spawnSync(cmd, args, {
+    cwd: opts.cwd,
+    env: opts.env ?? process.env,
+    encoding: 'utf8',
+  })
+  return {
+    status: r.status ?? 1,
+    stdout: r.stdout ?? '',
+    stderr: r.stderr ?? '',
+  }
+}
+
+function logTail(out: string, n: number): void {
+  const lines = out.split('\n').filter(Boolean)
+  for (const line of lines.slice(-n)) {
+    log(line)
+  }
+}
+
+function git(cwd: string, args: string[]): RunResult {
+  return run('git', args, { cwd })
+}
+
+function gitSilent(cwd: string, args: string[]): void {
+  // Used for best-effort cleanup that should not pollute output on failure
+  // (mirrors `2>/dev/null` in the original bash).
+  try {
+    execFileSync('git', args, { cwd, stdio: 'ignore' })
+  } catch {
+    // Intentional: cleanup failures are non-fatal.
+  }
+}
+
+function resolveBase(src: string): string {
+  const sym = git(src, ['symbolic-ref', 'refs/remotes/origin/HEAD'])
+  if (sym.status === 0) {
+    return sym.stdout.trim().replace(/^refs\/remotes\/origin\//, '')
+  }
+  for (const candidate of ['main', 'master']) {
+    if (git(src, ['show-ref', '--verify', '--quiet', `refs/remotes/origin/${candidate}`]).status === 0) {
+      return candidate
+    }
+  }
+  return 'main'
+}
+
+const fleetReposRaw = readFileSync(FLEET_REPOS_FILE, 'utf8').split('\n')
+
+for (const rawLine of fleetReposRaw) {
+  const repo = rawLine.trim()
+  if (!repo || repo.startsWith('#')) {
+    continue
+  }
+
+  const src = resolveLocalCheckout(repo)
+  const wt = path.join('/tmp', `cascade-${repo}-${process.pid}`)
+  log(`── ${repo} ──`)
+
+  if (!src) {
+    RESULTS.push(`${repo}|skip:no-git`)
+    continue
+  }
+
+  const base = resolveBase(src)
+  git(src, ['fetch', 'origin', base, '--quiet'])
+
+  // Auto-clean stranded cascade artifacts from earlier waves. Safety rails
+  // inside the script bail the repo (no-op) if anything looks ambiguous;
+  // only removes commits matching the cascade subject regex, authored by a
+  // trusted identity, touching only cascade-allowlisted files, and whose
+  // template SHA strictly precedes origin's current cascade SHA.
+  if (existsSync(CLEANUP_SCRIPT)) {
+    const cleanup = run('node', [CLEANUP_SCRIPT, '--target', src], { cwd: src })
+    logTail(cleanup.stdout + cleanup.stderr, 3)
+  }
+
+  const branch = `chore/sync-${TEMPLATE_SHA}`
+
+  gitSilent(src, ['worktree', 'remove', '--force', wt])
+  gitSilent(src, ['branch', '-D', branch])
+
+  const wtAdd = git(src, ['worktree', 'add', '-b', branch, wt, `origin/${base}`])
+  if (wtAdd.status !== 0) {
+    logTail(wtAdd.stdout + wtAdd.stderr, 1)
+    RESULTS.push(`${repo}|fail:worktree`)
+    continue
+  }
+  logTail(wtAdd.stdout + wtAdd.stderr, 1)
+
+  const sync = run('node', [WH_SCRIPT, '--target', wt, '--fix'], { cwd: wt })
+  logTail(sync.stdout + sync.stderr, 3)
+
+  const aheadOut = git(wt, ['rev-list', '--count', `origin/${base}..HEAD`])
+  const ahead = aheadOut.status === 0 ? parseInt(aheadOut.stdout.trim(), 10) || 0 : 0
+  if (ahead === 0) {
+    const dirty = git(wt, ['status', '--porcelain']).stdout.trim()
+    if (!dirty) {
+      RESULTS.push(`${repo}|noop`)
+      gitSilent(src, ['worktree', 'remove', '--force', wt])
+      gitSilent(src, ['branch', '-D', branch])
+      continue
+    }
+    // FLEET_SYNC=1 + CI=true env is required: the sentinel allowlists exactly
+    // this commit through the no-revert-guard / overeager-staging-guard
+    // hooks. CI=true suppresses interactive pre-commit hook prompts.
+    const stageEnv = { ...process.env, FLEET_SYNC: '1', CI: 'true' }
+    git(wt, ['add', '--update'])
+    const commit = run('git', [
+      'commit',
+      '--no-verify',
+      '-m',
+      `chore(sync): cascade fleet template@${TEMPLATE_SHA}`,
+    ], { cwd: wt, env: stageEnv })
+    logTail(commit.stdout + commit.stderr, 2)
+    if (commit.status !== 0) {
+      RESULTS.push(`${repo}|fail:commit`)
+      gitSilent(src, ['worktree', 'remove', '--force', wt])
+      gitSilent(src, ['branch', '-D', branch])
+      continue
+    }
+  }
+
+  const pushEnv = { ...process.env, FLEET_SYNC: '1' }
+  const push = run('git', ['push', '--no-verify', 'origin', `HEAD:${base}`], { cwd: wt, env: pushEnv })
+  logTail(push.stdout + push.stderr, 2)
+  if (push.status === 0) {
+    RESULTS.push(`${repo}|push:${base}`)
+  } else {
+    const branchPush = run('git', ['push', '--no-verify', '-u', 'origin', branch], { cwd: wt, env: pushEnv })
+    logTail(branchPush.stdout + branchPush.stderr, 2)
+    if (branchPush.status === 0) {
+      const prCreate = run('gh', [
+        'pr', 'create',
+        '--repo', `SocketDev/${repo}`,
+        '--base', base,
+        '--head', branch,
+        '--title', `chore(sync): cascade fleet template@${TEMPLATE_SHA}`,
+        '--body', `Auto-cascade of socket-wheelhouse@${TEMPLATE_SHA}.`,
+      ], { cwd: wt })
+      const prUrl = (prCreate.stdout + prCreate.stderr).trim().split('\n').filter(Boolean).slice(-1)[0] ?? ''
+      RESULTS.push(`${repo}|pr:${prUrl}`)
+    } else {
+      RESULTS.push(`${repo}|fail:push+pr`)
+    }
+  }
+
+  gitSilent(src, ['worktree', 'remove', '--force', wt])
+  gitSilent(src, ['branch', '-D', branch])
+}
+
+log('')
+log('════ RESULTS ════')
+for (const entry of RESULTS) {
+  log(`  ${entry}`)
+}
diff --git a/.claude/skills/cascading-fleet/lib/fleet-repos.json b/.claude/skills/cascading-fleet/lib/fleet-repos.json
new file mode 100644
index 0000000..627f86d
--- /dev/null
+++ b/.claude/skills/cascading-fleet/lib/fleet-repos.json
@@ -0,0 +1,58 @@
+{
+  "$schema": "./fleet-repos.schema.json",
+  "repos": [
+    {
+      "name": "socket-addon",
+      "description": "NAPI .node binaries for @socketaddon/* npm packages",
+      "optIns": ["squash-history"]
+    },
+    {
+      "name": "socket-bin",
+      "description": "SEA-packed CLI distributions for @socketbin/* packages",
+      "optIns": ["squash-history"]
+    },
+    {
+      "name": "socket-btm",
+      "description": "Build toolchain — produces signed prebuilt binaries for @socketaddon/* and @socketbin/*",
+      "optIns": ["squash-history"]
+    },
+    {
+      "name": "socket-cli",
+      "description": "Command-line interface for socket.dev security analysis"
+    },
+    {
+      "name": "socket-lib",
+      "description": "Core library: fs, processes, HTTP, logging, env detection"
+    },
+    {
+      "name": "socket-mcp",
+      "description": "Model Context Protocol server for socket.dev integration"
+    },
+    {
+      "name": "socket-packageurl-js",
+      "description": "purl spec implementation for JavaScript"
+    },
+    {
+      "name": "socket-registry",
+      "description": "Optimized package overrides for Socket Optimize"
+    },
+    {
+      "name": "socket-sdk-js",
+      "description": "JavaScript SDK for the socket.dev API"
+    },
+    {
+      "name": "sdxgen",
+      "description": "CycloneDX and SPDX manifest generator (Socket dx gen)",
+      "optIns": ["squash-history"]
+    },
+    {
+      "name": "stuie",
+      "description": "Terminal UI library: OpenTUI + yoga-layout + React",
+      "optIns": ["squash-history"]
+    },
+    {
+      "name": "socket-wheelhouse",
+      "description": "Internal scaffolding template for socket-* repos"
+    }
+  ]
+}
diff --git a/.claude/skills/cascading-fleet/lib/fleet-repos.txt b/.claude/skills/cascading-fleet/lib/fleet-repos.txt
index 52aaf95..84ea8f1 100644
--- a/.claude/skills/cascading-fleet/lib/fleet-repos.txt
+++ b/.claude/skills/cascading-fleet/lib/fleet-repos.txt
@@ -1,4 +1,5 @@
 socket-addon
+socket-bin
 socket-btm
 socket-cli
 socket-lib
@@ -6,5 +7,5 @@ socket-mcp
 socket-packageurl-js
 socket-registry
 socket-sdk-js
-socket-sdxgen
-socket-stuie
+sdxgen
+stuie
diff --git a/.claude/skills/greening-ci/run.mts b/.claude/skills/greening-ci/run.mts
index 1b4a7f3..cef1000 100644
--- a/.claude/skills/greening-ci/run.mts
+++ b/.claude/skills/greening-ci/run.mts
@@ -33,7 +33,7 @@ import path from 'node:path'
 import process from 'node:process'
 
 import { getDefaultLogger } from '@socketsecurity/lib/logger'
-import { spawn } from '@socketsecurity/lib/spawn'
+import { spawn } from '@socketsecurity/lib/spawn/spawn'
 
 const logger = getDefaultLogger()
 
diff --git a/.claude/skills/refreshing-history/run.mts b/.claude/skills/refreshing-history/run.mts
index 1c39d94..dec86b4 100644
--- a/.claude/skills/refreshing-history/run.mts
+++ b/.claude/skills/refreshing-history/run.mts
@@ -28,8 +28,10 @@ import { getDefaultLogger } from '@socketsecurity/lib/logger'
 const logger = getDefaultLogger()
 import process from 'node:process'
 
-import { errorMessage, isError } from '@socketsecurity/lib/errors'
-import { isSpawnError, spawn } from '@socketsecurity/lib/spawn'
+import { errorMessage } from '@socketsecurity/lib/errors'
+import { isError } from '@socketsecurity/lib/errors/predicates'
+import { isSpawnError } from '@socketsecurity/lib/spawn/errors'
+import { spawn } from '@socketsecurity/lib/spawn/spawn'
 
 import { resolveDefaultBranch } from '../_shared/scripts/git-default-branch.mts'
 
diff --git a/.claude/skills/reviewing-code/run.mts b/.claude/skills/reviewing-code/run.mts
index 2963c4a..df3e05b 100644
--- a/.claude/skills/reviewing-code/run.mts
+++ b/.claude/skills/reviewing-code/run.mts
@@ -17,10 +17,11 @@ import os from 'node:os'
 import path from 'node:path'
 import process from 'node:process'
 
-import { which } from '@socketsecurity/lib/bin'
-import { safeDelete } from '@socketsecurity/lib/fs'
+import { which } from '@socketsecurity/lib/bin/which'
+import { safeDelete } from '@socketsecurity/lib/fs/safe'
 import { getDefaultLogger } from '@socketsecurity/lib/logger'
-import { isSpawnError, spawn } from '@socketsecurity/lib/spawn'
+import { isSpawnError } from '@socketsecurity/lib/spawn/errors'
+import { spawn } from '@socketsecurity/lib/spawn/spawn'
 
 const logger = getDefaultLogger()
 
diff --git a/.claude/skills/updating-coverage/SKILL.md b/.claude/skills/updating-coverage/SKILL.md
new file mode 100644
index 0000000..947ae1e
--- /dev/null
+++ b/.claude/skills/updating-coverage/SKILL.md
@@ -0,0 +1,119 @@
+---
+name: updating-coverage
+description: Refresh the coverage badge in the root README by running the repo's coverage script and rewriting the `![Coverage](https://img.shields.io/badge/coverage-<PCT>%25-brightgreen)` line. Sibling of `updating-security` / `updating-lockstep` under the `updating` umbrella.
+user-invocable: true
+allowed-tools: Read, Edit, Bash(pnpm run cover:*), Bash(pnpm run coverage:*), Bash(pnpm run test:cover:*), Bash(node:*), Bash(git:*), Bash(jq:*), Bash(cat:*)
+---
+
+# updating-coverage
+
+Runs the repo's coverage script and rewrites the README badge so the published number matches reality. Invoked directly via `/update-coverage` or as a phase of the `updating` umbrella.
+
+## When to use
+
+- After landing a substantial change to test coverage (added a major
+  feature with tests, removed a large untested module).
+- Pre-release, to refresh the public badge.
+- As part of `updating` umbrella flow when the repo declares a
+  coverage script.
+
+## What it does NOT do
+
+- **Generate coverage from scratch.** This skill consumes the
+  output of the repo's existing coverage tooling — vitest /
+  c8 / istanbul / node-test coverage. If no coverage script is
+  declared in `package.json`, the skill reports that and exits.
+- **Compute coverage thresholds.** The badge reflects what the
+  tooling reports; tightening the threshold is a separate decision
+  in the repo's vitest/c8 config.
+- **Modify nested READMEs.** Only the repo-root `README.md` is
+  rewritten. Nested READMEs under `packages/*` have their own
+  badges and lifecycles.
+
+## Phases
+
+| #   | Phase              | Outcome                                                                                                |
+| --- | ------------------ | ------------------------------------------------------------------------------------------------------ |
+| 1   | Discovery          | Find the coverage script in `package.json` (`cover` / `coverage` / `test:cover`, in that preference).  |
+| 2   | Run                | `pnpm run <script>`. Capture stdout. Fail loudly if the run errors.                                    |
+| 3   | Parse              | Extract the percentage. Two paths — read `coverage/coverage-summary.json` if present, otherwise scrape `All files \| ...` line.|
+| 4   | Rewrite            | Replace the `<PCT>` in the README badge URL with the parsed value (two decimals).                      |
+| 5   | Commit             | `docs(readme): refresh coverage badge to N.NN%`. Direct-push per fleet norm.                           |
+
+## Phase 1 — discovery
+
+```sh
+node -e '
+const p = require("./package.json").scripts ?? {};
+for (const name of ["cover", "coverage", "test:cover"]) {
+  if (p[name]) { console.log(name); process.exit(0); }
+}
+process.exit(1);'
+```
+
+If no matching script exists, the skill emits `no coverage script found` and exits cleanly (this is not a failure mode — many fleet repos don't track coverage).
+
+## Phase 2 — run
+
+```sh
+pnpm run <SCRIPT>
+```
+
+Use the standard pnpm runner so we pick up the repo's own env config (catalog versions, etc.).
+
+## Phase 3 — parse
+
+**Preferred path** — read `coverage/coverage-summary.json` (vitest / istanbul format):
+
+```sh
+jq -r '.total.lines.pct' coverage/coverage-summary.json
+```
+
+The number is a float with one decimal place. Two decimals is the canonical badge format — pad with `.00` when needed.
+
+**Fallback path** — scrape the `All files | ...` line from coverage stdout:
+
+```sh
+pnpm run cover | tee /tmp/cover-output.txt
+awk -F '|' '/^All files/ { gsub(/ /, "", $2); print $2 }' /tmp/cover-output.txt
+```
+
+Whichever column the tool prints first (statements vs lines) is acceptable — the badge is approximate by design. Document the column choice in the commit message.
+
+## Phase 4 — rewrite
+
+The canonical badge line in `README.md` is:
+
+```markdown
+![Coverage](https://img.shields.io/badge/coverage-<PCT>%25-brightgreen)
+```
+
+Use the Edit tool to replace the `<PCT>` placeholder with the actual percentage. The `%25` is URL-encoded `%`; leave it alone.
+
+If the README has been canonicalized but the badge still reads `<PCT>` (e.g. just-canonicalized by the readme-skeleton work), Phase 4 substitutes; otherwise the existing number is replaced.
+
+## Phase 5 — commit
+
+```sh
+git add README.md
+git commit -m "docs(readme): refresh coverage badge to <N.NN>%"
+git push origin <default-branch>
+```
+
+Direct-push per the fleet's `Commits & PRs → Push policy` rule; fall back to PR if the remote rejects.
+
+## Output
+
+When called via `/update-coverage`, emit a one-line summary:
+
+```
+updated coverage badge: 96.42% → 97.18% (source: coverage/coverage-summary.json)
+```
+
+When no coverage script exists or the percentage is unchanged, exit silently.
+
+## Related
+
+- `.claude/skills/updating/SKILL.md` — umbrella that calls this skill when applicable.
+- `.claude/skills/updating-security/SKILL.md` — sibling under `updating`.
+- `template/README.md` — canonical README skeleton ships the placeholder badge.
diff --git a/.claude/skills/updating/SKILL.md b/.claude/skills/updating/SKILL.md
index 74c267b..0382a51 100644
--- a/.claude/skills/updating/SKILL.md
+++ b/.claude/skills/updating/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: updating
-description: Umbrella update skill for a Socket fleet repo. Runs `pnpm run update` (npm), validates `lockstep.json` via `pnpm run lockstep` (if present), optionally bumps submodules, checks workflow SHA pins, and resolves open Dependabot security alerts. Use when asked to update dependencies, sync upstreams, fix security advisories, or prepare for a release.
+description: Umbrella update skill for a Socket fleet repo. Runs `pnpm run update` (npm), validates `lockstep.json` via `pnpm run lockstep` (if present), optionally bumps submodules, checks workflow SHA pins, resolves open Dependabot security alerts, and refreshes the README coverage badge when applicable. Use when asked to update dependencies, sync upstreams, fix security advisories, refresh coverage, or prepare for a release.
 user-invocable: true
 allowed-tools: Task, Skill, Read, Edit, Grep, Glob, Bash(pnpm run:*), Bash(pnpm test:*), Bash(pnpm install:*), Bash(git:*), Bash(claude --version)
 ---
@@ -22,6 +22,7 @@ Umbrella update skill. Runs `pnpm run update` for npm deps, then adapts to whate
 - **Other submodules** — repo-specific `updating-*` sub-skills handle `.gitmodules` entries not claimed by a lockstep `version-pin` row.
 - **Workflow SHA pins** — `_local-not-for-reuse-*.yml` SHAs against the remote's default branch (per CLAUDE.md _Default branch fallback_); run `/updating-workflows` when stale.
 - **Security advisories** — open GitHub Dependabot alerts via `/update-security`. Direct deps bumped via `pnpm update`; transitives pinned via `pnpm.overrides`; unfixable advisories dismissed with documented reasons. Honors the 7-day soak gate.
+- **Coverage badge** — when a coverage script exists (`cover` / `coverage` / `test:cover`), `/update-coverage` runs the script and rewrites the README badge to match. Repos without a coverage script skip silently.
 
 This umbrella reads repo state first to discover what applies — sub-skills are only invoked when relevant.
 
@@ -35,8 +36,9 @@ This umbrella reads repo state first to discover what applies — sub-skills are
 | 4   | Apply drift          | 4a: lockstep auto-bumps (one commit per row). 4b: repo-specific `updating-*` sub-skills for non-lockstep submodules. |
 | 5   | Security advisories  | If `gh api .../dependabot/alerts?state=open` returns any rows, invoke `/update-security` (the `updating-security` sub-skill). Atomic commit per alert. |
 | 6   | Workflow SHA pins    | Compare pinned SHAs against `origin/$BASE`; report stale → `/updating-workflows`.                                    |
-| 7   | Final validation     | Interactive only: `pnpm run check --all && pnpm test && pnpm run build`. CI skips (validated separately).            |
-| 8   | Report               | Per-category summary: npm / lockstep / submodules / security / SHA pins / validation / next steps.                   |
+| 7   | Coverage badge       | If the repo declares a coverage script (`cover` / `coverage` / `test:cover`), invoke `/update-coverage` to refresh the README badge. Atomic commit if the percentage moved.|
+| 8   | Final validation     | Interactive only: `pnpm run check --all && pnpm test && pnpm run build`. CI skips (validated separately).            |
+| 9   | Report               | Per-category summary: npm / lockstep / submodules / security / SHA pins / coverage / validation / next steps.        |
 
 Full bash, exit-code tables, mode contracts, and failure recovery in [`reference.md`](reference.md).
 
diff --git a/.config/.markdownlint-cli2.jsonc b/.config/.markdownlint-cli2.jsonc
new file mode 100644
index 0000000..c681a7c
--- /dev/null
+++ b/.config/.markdownlint-cli2.jsonc
@@ -0,0 +1,51 @@
+// markdownlint-cli2 configuration for fleet repos.
+//
+// Loaded by `pnpm run lint` (template/scripts/lint.mts invokes
+// markdownlint-cli2 with `-c .config/.markdownlint-cli2.jsonc`).
+//
+// Two concerns:
+//   1. Stock markdownlint rules — disable a handful that bite real prose
+//      without adding value, leave the rest at defaults.
+//   2. Fleet-canonical custom rules under markdownlint-rules/ — these
+//      enforce the fleet's README hygiene contract (no private-repo
+//      mentions, no relative-path commands, README skeleton structure).
+{
+  "config": {
+    "default": true,
+    // MD013 (line-length) bites code-block-heavy READMEs without warning.
+    // Disabled fleet-wide; reviewers catch genuinely-too-long prose.
+    "MD013": false,
+    // MD033 (no inline HTML) bites our <details> collapsed Development
+    // sections and Socket-badge img tags. Allow specific tags only.
+    "MD033": { "allowed_elements": ["details", "summary", "img", "br"] },
+    // MD041 (first-line-h1) is the contract; keep it on.
+    // MD024 (no-duplicate-heading) — siblings-only mode so that ### subsections
+    // can repeat under different ## parents (common in API docs).
+    "MD024": { "siblings_only": true },
+  },
+  // Globs: every *.md / *.mdx under the repo, except generated output,
+  // node_modules, vendored upstream trees, and CHANGELOG.md (auto-generated).
+  "globs": ["**/*.md", "**/*.mdx"],
+  "ignores": [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/build/**",
+    "**/coverage/**",
+    "**/vendor/**",
+    "**/upstream/**",
+    "**/third_party/**",
+    "**/CHANGELOG.md",
+    // .claude/ markdown is internal scaffolding (hook READMEs, agent
+    // role files, skill SKILL.mds, command reminders) — scoped docs
+    // with their own shape conventions. Excluded from the public-
+    // facing markdown lint surface.
+    "**/.claude/**",
+  ],
+  // Custom rule plugins live under markdownlint-rules/, byte-identical
+  // across the fleet via sync-scaffolding manifest registration.
+  "customRules": [
+    "./markdownlint-rules/socket-no-private-wheelhouse-leak.mjs",
+    "./markdownlint-rules/socket-no-relative-sibling-script.mjs",
+    "./markdownlint-rules/socket-readme-required-sections.mjs",
+  ],
+}
diff --git a/.config/.prettierignore b/.config/.prettierignore
index f8193ad..6cbe4c6 100644
--- a/.config/.prettierignore
+++ b/.config/.prettierignore
@@ -31,3 +31,17 @@
 template/.claude/hooks/_shared/acorn/acorn.wasm
 template/.claude/hooks/_shared/acorn/acorn-bindgen.cjs
 .claude/hooks/_shared/acorn/acorn-bindgen.cjs
+
+# Vendored / upstream trees — kept byte-identical with their source
+# of truth. Per CLAUDE.md "Untracked-by-default for vendored / build-
+# copied trees": these are someone else's source, not ours, and the
+# formatter would happily rewrite (e.g.) an upstream HTML test
+# fixture or shipped third-party JS into our local style.
+**/upstream/**
+upstream/**
+**/vendor/**
+vendor/**
+**/third_party/**
+third_party/**
+**/external/**
+external/**
diff --git a/.config/markdownlint-rules/_shared/wheelhouse-self-skip.mjs b/.config/markdownlint-rules/_shared/wheelhouse-self-skip.mjs
new file mode 100644
index 0000000..9c52223
--- /dev/null
+++ b/.config/markdownlint-rules/_shared/wheelhouse-self-skip.mjs
@@ -0,0 +1,40 @@
+/**
+ * @file Shared helper for fleet markdown rules: detect whether the lint is
+ *   running inside socket-wheelhouse itself, in which case the rule should
+ *   bail. The custom rules in this directory exist to protect PUBLIC fleet
+ *   consumers from leaking internal scaffolding; wheelhouse referencing itself
+ *   in its own docs is the canonical case and must not trigger. Detection
+ *   prefers explicit env override (CI sets SOCKET_FLEET_REPO_NAME) then falls
+ *   back to checking the cwd's basename and git remote.
+ */
+
+// oxlint-disable-next-line socket/prefer-async-spawn -- markdownlint-cli2 calls isInsideWheelhouse() synchronously at rule init; an async spawn would require the rule loader to await, which markdownlint-cli2 doesnt support.
+import { spawnSync } from 'node:child_process'
+import path from 'node:path'
+import process from 'node:process'
+
+export function isInsideWheelhouse() {
+  const envName = process.env['SOCKET_FLEET_REPO_NAME']
+  if (envName) {
+    return envName === 'socket-wheelhouse'
+  }
+  const cwd = process.cwd()
+  if (path.basename(cwd) === 'socket-wheelhouse') {
+    return true
+  }
+  // Fallback: probe the git remote URL. Tolerates renamed local
+  // checkout dirs (`~/projects/wheelhouse/` would still match).
+  // spawnSync (not execSync) — array args, no shell interpolation.
+  // This file is loaded by markdownlint-cli2 as a regular ESM module,
+  // not bundled, so we cant pull in @socketsecurity/lib-stable/spawn —
+  // node:child_process spawnSync is the canonical fallback.
+  const r = spawnSync('git', ['config', '--get', 'remote.origin.url'], {
+    cwd,
+    stdio: ['ignore', 'pipe', 'ignore'],
+  })
+  if (r.status !== 0 || !r.stdout) {
+    return false
+  }
+  const remote = r.stdout.toString().trim()
+  return /[/:]socket-wheelhouse(?:\.git)?$/.test(remote)
+}
diff --git a/.config/markdownlint-rules/socket-no-private-wheelhouse-leak.mjs b/.config/markdownlint-rules/socket-no-private-wheelhouse-leak.mjs
new file mode 100644
index 0000000..ae4dbda
--- /dev/null
+++ b/.config/markdownlint-rules/socket-no-private-wheelhouse-leak.mjs
@@ -0,0 +1,61 @@
+/**
+ * @file Flag mentions of `socket-wheelhouse` in public-facing markdown.
+ *   socket-wheelhouse is a private repo. Public READMEs / docs / release notes
+ *   that link to it leak the internal tooling layout to users who can't access
+ *   the link anyway. Whatever the markdown is trying to teach should be
+ *   rewritten to not require the reference. Detects:
+ *
+ *   - The literal token `socket-wheelhouse` (case-insensitive) anywhere in a
+ *     line.
+ *   - `https://github.com/SocketDev/socket-wheelhouse...` URL forms. Skips fenced
+ *     code blocks because those are intentional examples (and fenced-block
+ *     scanning would false-positive on the very markdownlint config that
+ *     references this file). No autofix: the right rewrite is contextual.
+ */
+
+import { isInsideWheelhouse } from './_shared/wheelhouse-self-skip.mjs'
+
+const RULE_NAME = 'socket-no-private-wheelhouse-leak'
+const FORBIDDEN_TOKEN_RE = /socket-wheelhouse/i
+
+/**
+ * @type {import('markdownlint').Rule}
+ */
+const rule = {
+  names: [RULE_NAME, 'socket/no-private-wheelhouse-leak'],
+  description:
+    'socket-wheelhouse is a private repo — never reference it in public markdown',
+  tags: ['socket', 'privacy'],
+  parser: 'none',
+  function(params, onError) {
+    if (isInsideWheelhouse()) {
+      return
+    }
+    let inFence = false
+    for (let i = 0; i < params.lines.length; i += 1) {
+      const line = params.lines[i]
+      // Track fenced-code state. Open/close on lines that START with ``` or ~~~.
+      if (/^\s*(?:```|~~~)/.test(line)) {
+        inFence = !inFence
+        continue
+      }
+      if (inFence) {
+        continue
+      }
+      const match = FORBIDDEN_TOKEN_RE.exec(line)
+      if (!match) {
+        continue
+      }
+      onError({
+        lineNumber: i + 1,
+        detail:
+          'Rewrite to not mention socket-wheelhouse — it is a private repo and the link will 404 for outside readers.',
+        context: line.trim().slice(0, 120),
+        range: [match.index + 1, match[0].length],
+      })
+    }
+  },
+}
+
+// oxlint-disable-next-line socket/no-default-export -- markdownlint-cli2 loads custom rules via dynamic import and expects the default export to be the rule object.
+export default rule
diff --git a/.config/markdownlint-rules/socket-no-relative-sibling-script.mjs b/.config/markdownlint-rules/socket-no-relative-sibling-script.mjs
new file mode 100644
index 0000000..7fe4453
--- /dev/null
+++ b/.config/markdownlint-rules/socket-no-relative-sibling-script.mjs
@@ -0,0 +1,67 @@
+/**
+ * @file Flag commands that reference sibling repos via relative paths. `node
+ *   ../socket-foo/scripts/bar.mts` in a fleet README assumes the reader has the
+ *   sibling repo checked out at exactly the right level relative to the current
+ *   repo. That's almost never true for an outside user, and the command
+ *   silently fails. Detects (inside fenced code blocks and inline `code`):
+ *
+ *   - `node ../<segment>/...` invocations
+ *   - `pnpm ../<segment>/...` invocations
+ *   - Bare `../socket-<segment>/...` references in code/inline-code Skips:
+ *     relative paths to the current repo's own tree (`./scripts/`,
+ *     `../package.json` within a monorepo), which are useful and don't leak
+ *     sibling state. No autofix: the rewrite is to either inline the script's
+ *     content or publish the helper to npm and reference the published name.
+ */
+
+import { isInsideWheelhouse } from './_shared/wheelhouse-self-skip.mjs'
+
+const RULE_NAME = 'socket-no-relative-sibling-script'
+const SIBLING_PATH_RES = [
+  // Detect `<runner> ../<sibling>/...` where runner is one of the common
+  // JS/TS toolchain binaries (any runtime invocation).
+  /\b(?:bun|deno|node|npm|pnpm|yarn)\s+\.\.\/[\w@-]+\//,
+  // Detect bare ../<segment>/ where the first segment doesn't start with `.`
+  // (i.e. genuine sibling, not the current repo's `..` for monorepo packages).
+  // `(?:^|\s)` alternation order is the canonical regex idiom (anchor-first).
+  /(?:^|\s)\.\.\/socket-[\w-]+\//i, // socket-hook: allow regex-alternation-order
+  /(?:^|\s)\.\.\/sdxgen\//, // socket-hook: allow regex-alternation-order
+  /(?:^|\s)\.\.\/stuie\//, // socket-hook: allow regex-alternation-order
+]
+
+/**
+ * @type {import('markdownlint').Rule}
+ */
+const rule = {
+  names: [RULE_NAME, 'socket/no-relative-sibling-script'],
+  description:
+    'Commands referencing sibling fleet repos via relative paths fail for outside readers',
+  tags: ['socket', 'fleet'],
+  parser: 'none',
+  function(params, onError) {
+    if (isInsideWheelhouse()) {
+      return
+    }
+    for (let i = 0; i < params.lines.length; i += 1) {
+      const line = params.lines[i]
+      for (let j = 0; j < SIBLING_PATH_RES.length; j += 1) {
+        const re = SIBLING_PATH_RES[j]
+        const match = re.exec(line)
+        if (!match) {
+          continue
+        }
+        onError({
+          lineNumber: i + 1,
+          detail:
+            'Rewrite the command to not depend on a sibling-repo checkout. Inline the script, link to its source on GitHub, or publish the helper to npm and reference the package name.',
+          context: line.trim().slice(0, 120),
+          range: [match.index + 1, match[0].length],
+        })
+        break
+      }
+    }
+  },
+}
+
+// oxlint-disable-next-line socket/no-default-export -- markdownlint-cli2 loads custom rules via dynamic import and expects the default export to be the rule object.
+export default rule
diff --git a/.config/markdownlint-rules/socket-readme-required-sections.mjs b/.config/markdownlint-rules/socket-readme-required-sections.mjs
new file mode 100644
index 0000000..61e4342
--- /dev/null
+++ b/.config/markdownlint-rules/socket-readme-required-sections.mjs
@@ -0,0 +1,93 @@
+/**
+ * @file Enforce the canonical fleet README section list. Fires only on the
+ *   repo-root `README.md` (skipped for nested READMEs under `packages/`,
+ *   `docs/`, `.claude/`, etc. — those are scoped docs with their own shape).
+ *   Every fleet root README must contain five level-2 sections in this order:
+ *
+ *   1. Why this repo exists
+ *   2. Install
+ *   3. Usage
+ *   4. Development
+ *   5. License The canonical skeleton lives at
+ *      socket-wheelhouse/template/README.md. Additional sections between/after
+ *      these are allowed; reordering / missing / typo'd sections are findings.
+ *      No autofix: a missing section needs content, not just a heading.
+ */
+
+import path from 'node:path'
+
+import { isInsideWheelhouse } from './_shared/wheelhouse-self-skip.mjs'
+
+const RULE_NAME = 'socket-readme-required-sections'
+const REQUIRED_SECTIONS = [
+  'Why this repo exists',
+  'Install',
+  'Usage',
+  'Development',
+  'License',
+]
+
+export function isRootReadme(filePath) {
+  // markdownlint passes `params.name` as a path relative to the working
+  // dir. The root README is the one whose basename is README.md AND
+  // whose directory is the cwd or `.`.
+  if (!filePath) {
+    return false
+  }
+  const base = path.basename(filePath)
+  if (base !== 'README.md') {
+    return false
+  }
+  const dir = path.dirname(filePath)
+  return dir === '.' || dir === '' || dir === process.cwd()
+}
+
+/**
+ * @type {import('markdownlint').Rule}
+ */
+const rule = {
+  names: [RULE_NAME, 'socket/readme-required-sections'],
+  description:
+    'Fleet root README must contain the canonical five sections in order',
+  tags: ['socket', 'fleet', 'readme'],
+  parser: 'none',
+  function(params, onError) {
+    if (isInsideWheelhouse()) {
+      return
+    }
+    if (!isRootReadme(params.name)) {
+      return
+    }
+    const headings = []
+    for (let i = 0; i < params.lines.length; i += 1) {
+      const line = params.lines[i]
+      const m = /^##\s+(.+?)\s*$/.exec(line)
+      if (m) {
+        headings.push({ text: m[1], lineNumber: i + 1 })
+      }
+    }
+    let cursor = 0
+    for (let r = 0; r < REQUIRED_SECTIONS.length; r += 1) {
+      const want = REQUIRED_SECTIONS[r]
+      let found = -1
+      for (let h = cursor; h < headings.length; h += 1) {
+        if (headings[h].text === want) {
+          found = h
+          break
+        }
+      }
+      if (found === -1) {
+        onError({
+          lineNumber: 1,
+          detail: `Missing required section "## ${want}" (or it appears out of order). Canonical order: ${REQUIRED_SECTIONS.map(s => `"## ${s}"`).join(' → ')}.`,
+          context: `README.md: required section "## ${want}" not found after position ${cursor}`,
+        })
+        return
+      }
+      cursor = found + 1
+    }
+  },
+}
+
+// oxlint-disable-next-line socket/no-default-export -- markdownlint-cli2 loads custom rules via dynamic import and expects the default export to be the rule object.
+export default rule
diff --git a/.config/oxlint-plugin/lib/rule-tester.mts b/.config/oxlint-plugin/lib/rule-tester.mts
index cbbab03..b3f4b87 100644
--- a/.config/oxlint-plugin/lib/rule-tester.mts
+++ b/.config/oxlint-plugin/lib/rule-tester.mts
@@ -34,14 +34,14 @@
  *   })
  */
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, readFileSync, writeFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
-import { safeDeleteSync } from '@socketsecurity/lib-stable/fs'
+import { safeDeleteSync } from '@socketsecurity/lib-stable/fs/safe'
 
 const logger = getDefaultLogger()
 
diff --git a/.config/oxlint-plugin/rules/prefer-cached-for-loop.mts b/.config/oxlint-plugin/rules/prefer-cached-for-loop.mts
index 3f43f2a..94fbbcf 100644
--- a/.config/oxlint-plugin/rules/prefer-cached-for-loop.mts
+++ b/.config/oxlint-plugin/rules/prefer-cached-for-loop.mts
@@ -340,8 +340,16 @@ const rule = {
         // integer-indexable). The companion rule
         // socket/no-cached-for-on-iterable would then flag what THIS
         // rule just wrote. Skip silently rather than fight ourselves.
+        //
+        // Also skip when the kind can't be determined from the AST
+        // (e.g. `await fn()` / `someCall()` initializers without a
+        // type annotation). Without type info we can't prove the
+        // iterable is integer-indexable, and autofixing produces
+        // broken code (Set.length / Set[i]) on the wrong guess.
+        // Require explicit array shape (literal, type annotation,
+        // Array.from, Object.keys/values/entries) to opt in.
         const iterKind = resolveKind(node, iter.name as string)
-        if (FLAGGED_KINDS.has(iterKind)) {
+        if (FLAGGED_KINDS.has(iterKind) || iterKind === 'unknown') {
           return
         }
         if (node.body.type !== 'BlockStatement') {
diff --git a/.config/oxlint-plugin/rules/prefer-safe-delete.mts b/.config/oxlint-plugin/rules/prefer-safe-delete.mts
index d24ea15..38c38cb 100644
--- a/.config/oxlint-plugin/rules/prefer-safe-delete.mts
+++ b/.config/oxlint-plugin/rules/prefer-safe-delete.mts
@@ -1,16 +1,16 @@
 /**
  * @file Per CLAUDE.md "File deletion" rule: route every delete through
- *   `safeDelete()` / `safeDeleteSync()` from `@socketsecurity/lib-stable/fs`.
- *   Never `fs.rm` / `fs.unlink` / `fs.rmdir` / `rm -rf` directly — even for one
- *   known file. Detects:
+ *   `safeDelete()` / `safeDeleteSync()` from
+ *   `@socketsecurity/lib-stable/fs/safe`. Never `fs.rm` / `fs.unlink` /
+ *   `fs.rmdir` / `rm -rf` directly — even for one known file. Detects:
  *
  *   - `fs.rm(...)` / `fs.rmSync(...)` / `fs.promises.rm(...)`
  *   - `fs.unlink(...)` / `fs.unlinkSync(...)`
  *   - `fs.rmdir(...)` / `fs.rmdirSync(...)` Autofix: rewrites the call to
  *     `safeDelete(path)` / `safeDeleteSync(path)` AND injects `import {
- *     safeDelete } from '@socketsecurity/lib-stable/fs'` (or `safeDeleteSync`)
- *     when missing. The autofix is conservative — it only fires when the call
- *     shape is "obviously equivalent" to safeDelete:
+ *     safeDelete } from '@socketsecurity/lib-stable/fs/safe'` (or
+ *     `safeDeleteSync`) when missing. The autofix is conservative — it only
+ *     fires when the call shape is "obviously equivalent" to safeDelete:
  *   - The first argument is a single expression (the path).
  *   - Any second argument is an options object literal (we drop it; safeDelete
  *     handles recursive/force internally).
@@ -47,14 +47,14 @@ const rule = {
     type: 'problem',
     docs: {
       description:
-        'Route every delete through safeDelete / safeDeleteSync from @socketsecurity/lib-stable/fs.',
+        'Route every delete through safeDelete / safeDeleteSync from @socketsecurity/lib-stable/fs/safe.',
       category: 'Best Practices',
       recommended: true,
     },
     fixable: 'code',
     messages: {
       banned:
-        'fs.{{method}}() — use safeDelete / safeDeleteSync from @socketsecurity/lib-stable/fs. The lib wrapper handles ENOENT, retries on EBUSY, and integrates with the rest of the fleet.',
+        'fs.{{method}}() — use safeDelete / safeDeleteSync from @socketsecurity/lib-stable/fs/safe. The lib wrapper handles ENOENT, retries on EBUSY, and integrates with the rest of the fleet.',
     },
     schema: [],
   },
@@ -79,7 +79,7 @@ const rule = {
       }
       s = summarizeImportTarget(
         sourceCode.ast,
-        '@socketsecurity/lib-stable/fs',
+        '@socketsecurity/lib-stable/fs/safe',
         importName,
       )
       summaryCache.set(importName, s)
@@ -181,7 +181,7 @@ const rule = {
               ...appendImportFixes(
                 s,
                 fixer,
-                `import { ${replacement} } from '@socketsecurity/lib-stable/fs'`,
+                `import { ${replacement} } from '@socketsecurity/lib-stable/fs/safe'`,
                 undefined,
               ),
             ]
diff --git a/.config/oxlint-plugin/rules/prefer-spawn-over-execsync.mts b/.config/oxlint-plugin/rules/prefer-spawn-over-execsync.mts
index 3b728e0..0ba6678 100644
--- a/.config/oxlint-plugin/rules/prefer-spawn-over-execsync.mts
+++ b/.config/oxlint-plugin/rules/prefer-spawn-over-execsync.mts
@@ -1,7 +1,7 @@
 /**
  * @file Per the fleet "Subprocesses" rule: prefer `spawn` from
- *   `@socketsecurity/lib-stable/spawn` over `execSync` / `execFileSync` from
- *   `node:child_process`. Two reasons:
+ *   `@socketsecurity/lib-stable/spawn/spawn` over `execSync` / `execFileSync`
+ *   from `node:child_process`. Two reasons:
  *
  *   1. Command-injection surface — `execSync(cmd)` runs `cmd` through a shell; any
  *      string concatenation into `cmd` is a potential injection vector.
@@ -24,8 +24,8 @@
  *   - Adjacent comment with `prefer-spawn-over-execsync: required` — for callers
  *     who genuinely need shell expansion (e.g. expanding env vars mid-command).
  *     Rare; document why.
- *   - Files inside `@socketsecurity/lib-stable/spawn` itself — handled at the
- *     .config/oxlintrc.json ignorePatterns level.
+ *   - Files inside `@socketsecurity/lib-stable/spawn/spawn` itself — handled at
+ *     the .config/oxlintrc.json ignorePatterns level.
  */
 
 import type { AstNode, RuleContext } from '../lib/rule-types.mts'
@@ -47,16 +47,16 @@ const rule = {
     type: 'problem',
     docs: {
       description:
-        'Use `spawn` from @socketsecurity/lib-stable/spawn instead of `execSync` / `execFileSync` from node:child_process.',
+        'Use `spawn` from @socketsecurity/lib-stable/spawn/spawn instead of `execSync` / `execFileSync` from node:child_process.',
       category: 'Best Practices',
       recommended: true,
     },
     fixable: undefined,
     messages: {
       importBanned:
-        'Importing `{{name}}` from {{specifier}} — use `spawn` (or `spawnSync` for top-level-sync) from @socketsecurity/lib-stable/spawn. `execSync` runs through a shell (command-injection surface); array-arg `spawn` does not. The lib also ships a typed SpawnError shape — `execSync` errors are plain Errors with no structured fields.',
+        'Importing `{{name}}` from {{specifier}} — use `spawn` (or `spawnSync` for top-level-sync) from @socketsecurity/lib-stable/spawn/spawn. `execSync` runs through a shell (command-injection surface); array-arg `spawn` does not. The lib also ships a typed SpawnError shape — `execSync` errors are plain Errors with no structured fields.',
       callBanned:
-        'Calling `{{obj}}.{{name}}(...)` — use `spawn` from @socketsecurity/lib-stable/spawn instead. Avoids shell-interpolation injection paths; ships consistent SpawnError shape.',
+        'Calling `{{obj}}.{{name}}(...)` — use `spawn` from @socketsecurity/lib-stable/spawn/spawn instead. Avoids shell-interpolation injection paths; ships consistent SpawnError shape.',
     },
     schema: [],
   },
diff --git a/.config/oxlint-plugin/rules/socket-api-token-env.mts b/.config/oxlint-plugin/rules/socket-api-token-env.mts
index 2f0e681..ed24ec8 100644
--- a/.config/oxlint-plugin/rules/socket-api-token-env.mts
+++ b/.config/oxlint-plugin/rules/socket-api-token-env.mts
@@ -56,12 +56,27 @@ const rule = {
       : context.sourceCode
 
     function hasBypassComment(node: AstNode) {
-      const before = sourceCode.getCommentsBefore(node)
-      const after = sourceCode.getCommentsAfter(node)
-      for (const c of [...before, ...after]) {
-        if (BYPASS_RE.test(c.value)) {
-          return true
+      // Walk up: literal -> array element -> array/declaration. The bypass
+      // comment can sit on the literal itself OR on any ancestor up to (and
+      // including) the nearest statement. This lets the entire alias-lookup
+      // array carry one bypass instead of needing one per element.
+      let cursor: AstNode | undefined = node
+      while (cursor) {
+        const before = sourceCode.getCommentsBefore(cursor)
+        const after = sourceCode.getCommentsAfter(cursor)
+        for (const c of [...before, ...after]) {
+          if (BYPASS_RE.test(c.value)) {
+            return true
+          }
+        }
+        if (
+          cursor.type === 'ExpressionStatement' ||
+          cursor.type === 'VariableDeclaration' ||
+          cursor.type === 'ExportNamedDeclaration'
+        ) {
+          break
         }
+        cursor = cursor.parent
       }
       return false
     }
diff --git a/.config/oxlint-plugin/rules/sort-boolean-chains.mts b/.config/oxlint-plugin/rules/sort-boolean-chains.mts
index 3546bc7..b7fd69c 100644
--- a/.config/oxlint-plugin/rules/sort-boolean-chains.mts
+++ b/.config/oxlint-plugin/rules/sort-boolean-chains.mts
@@ -1,27 +1,33 @@
 /**
  * @file Sort all-identifier boolean chains alphanumerically. Per CLAUDE.md
- *   "Sorting" rule, a chain like `agentshieldOk && zizmorOk && sfwOk` reads
- *   with the identifier names in alpha order: `agentshieldOk && sfwOk &&
+ *   "Sorting" rule, a flag-list chain like `agentshieldOk && zizmorOk && sfwOk`
+ *   reads with the identifier names in alpha order: `agentshieldOk && sfwOk &&
  *   zizmorOk`. The runtime is short-circuit-insensitive to operand order _when
  *   every operand is a plain identifier_ (no calls, no member access with
  *   getters) — so reordering doesn't change semantics. Sorting reduces diff
  *   churn when adding a new flag and makes "is everything ready?" checks
- *   visually consistent. Detects: chains of `&&` or `||` whose operands are ALL
- *   bare Identifiers (length ≥ 2, no duplicates, uniform operator across the
- *   flattened chain). Skipped (not reported, autofix-safe stays narrow):
+ *   visually consistent. Scope: lists of flags, not guard pairs. The rule ONLY
+ *   fires on chains of length ≥ 3. Two-operand chains like `useHttp &&
+ *   oauthEnabled` are guard patterns — the order carries narrative ("in HTTP
+ *   mode, did OAuth get enabled?") that alpha-sort destroys. Three or more bare
+ *   identifiers in a single chain is the structural signal that it's a flag
+ *   list, not a guard. Detects: chains of `&&` or `||` whose operands are ALL
+ *   bare Identifiers (length ≥ 3, no duplicates, uniform operator across the
+ *   flattened chain). Skipped (not reported):
  *
+ *   - Length 2 — guard patterns; narrative order is intentional.
  *   - Any operand isn't a bare `Identifier` (Calls / member-access / literals /
  *     negations / nested non-uniform logical exprs short-circuit, and a
  *     `getter` on a member-access can have side effects — reordering would be
  *     observable).
  *   - Duplicate identifiers in the chain (rare, but rewriting through the
  *     duplicate would silently drop one).
- *   - Comments live between operands (autofix would relocate them).
- *   - Chain length < 2 (nothing to sort). Why a separate rule from
- *     sort-equality-disjunctions: that rule sorts the right-hand string-literal
- *     of an equality chain (`x === 'a' || x === 'b'`); this rule sorts the
- *     bare-identifier operands of a pure-identifier chain. Structurally
- *     different ASTs, semantically different safety arguments.
+ *   - Comments live between operands (autofix would relocate them). Why a
+ *     separate rule from sort-equality-disjunctions: that rule sorts the
+ *     right-hand string-literal of an equality chain (`x === 'a' || x ===
+ *     'b'`); this rule sorts the bare-identifier operands of a pure-identifier
+ *     chain. Structurally different ASTs, semantically different safety
+ *     arguments.
  */
 
 /**
@@ -103,7 +109,10 @@ const rule = {
 
       const leaves: AstNode[] = []
       flatten(rootNode, op, leaves)
-      if (leaves.length < 2) {
+      // Length 2 chains are guard patterns (`useHttp && oauthEnabled`)
+      // where order carries narrative; only length 3+ chains are flag
+      // lists where alpha-sort is unambiguously a readability win.
+      if (leaves.length < 3) {
         return
       }
 
diff --git a/.config/oxlint-plugin/test/no-underscore-identifier.test.mts b/.config/oxlint-plugin/test/no-underscore-identifier.test.mts
index 55c0baa..bffa1bf 100644
--- a/.config/oxlint-plugin/test/no-underscore-identifier.test.mts
+++ b/.config/oxlint-plugin/test/no-underscore-identifier.test.mts
@@ -1,9 +1,9 @@
 /**
- * @file Unit tests for the no-underscore-identifier oxlint rule.
- *   Spawns the real oxlint binary against fixture files in a tmp
- *   dir (see lib/rule-tester.mts). Skips silently when `oxlint`
- *   isn't on PATH so a fresh-laptop checkout doesn't false-fail
- *   before `pnpm install` materializes the bin link.
+ * @file Unit tests for the no-underscore-identifier oxlint rule. Spawns the
+ *   real oxlint binary against fixture files in a tmp dir (see
+ *   lib/rule-tester.mts). Skips silently when `oxlint` isn't on PATH so a
+ *   fresh-laptop checkout doesn't false-fail before `pnpm install` materializes
+ *   the bin link.
  */
 
 import { describe, test } from 'node:test'
diff --git a/.config/oxlint-plugin/test/prefer-cached-for-loop.test.mts b/.config/oxlint-plugin/test/prefer-cached-for-loop.test.mts
index e848573..a24f962 100644
--- a/.config/oxlint-plugin/test/prefer-cached-for-loop.test.mts
+++ b/.config/oxlint-plugin/test/prefer-cached-for-loop.test.mts
@@ -19,6 +19,14 @@ describe('socket/prefer-cached-for-loop', () => {
           name: 'for-of',
           code: 'for (const x of [1,2,3]) {}\n',
         },
+        {
+          name: 'for-of over awaited value — unknown kind, skip autofix',
+          code:
+            'async function f() {\n' +
+            '  const items = await getThings()\n' +
+            '  for (const x of items) { console.log(x) }\n' +
+            '}\n',
+        },
       ],
       invalid: [
         {
diff --git a/.config/oxlint-plugin/test/prefer-spawn-over-execsync.test.mts b/.config/oxlint-plugin/test/prefer-spawn-over-execsync.test.mts
index 71d2f42..ed26996 100644
--- a/.config/oxlint-plugin/test/prefer-spawn-over-execsync.test.mts
+++ b/.config/oxlint-plugin/test/prefer-spawn-over-execsync.test.mts
@@ -1,9 +1,9 @@
 /**
- * @file Unit tests for the prefer-spawn-over-execsync oxlint rule.
- *   Spawns the real oxlint binary against fixture files in a tmp
- *   dir (see lib/rule-tester.mts). Skips silently when `oxlint`
- *   isn't on PATH so a fresh-laptop checkout doesn't false-fail
- *   before `pnpm install` materializes the bin link.
+ * @file Unit tests for the prefer-spawn-over-execsync oxlint rule. Spawns the
+ *   real oxlint binary against fixture files in a tmp dir (see
+ *   lib/rule-tester.mts). Skips silently when `oxlint` isn't on PATH so a
+ *   fresh-laptop checkout doesn't false-fail before `pnpm install` materializes
+ *   the bin link.
  */
 
 import { describe, test } from 'node:test'
@@ -17,13 +17,11 @@ describe('socket/prefer-spawn-over-execsync', () => {
       valid: [
         {
           name: 'lib-stable spawn import',
-          code:
-            "import { spawn } from '@socketsecurity/lib-stable/spawn'\n",
+          code: "import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'\n",
         },
         {
           name: 'lib-stable spawnSync import',
-          code:
-            "import { spawnSync } from '@socketsecurity/lib-stable/spawn'\n",
+          code: "import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'\n",
         },
         {
           name: 'node:child_process spawn (not exec*Sync) is acceptable',
@@ -41,18 +39,13 @@ describe('socket/prefer-spawn-over-execsync', () => {
         },
         {
           name: 'execFileSync from node:child_process',
-          code:
-            "import { execFileSync } from 'node:child_process'\n",
+          code: "import { execFileSync } from 'node:child_process'\n",
           errors: [{ messageId: 'preferSpawn' }],
         },
         {
           name: 'mixed execSync + execFileSync',
-          code:
-            "import { execSync, execFileSync } from 'node:child_process'\n",
-          errors: [
-            { messageId: 'preferSpawn' },
-            { messageId: 'preferSpawn' },
-          ],
+          code: "import { execSync, execFileSync } from 'node:child_process'\n",
+          errors: [{ messageId: 'preferSpawn' }, { messageId: 'preferSpawn' }],
         },
       ],
     })
diff --git a/.config/oxlint-plugin/test/socket-api-token-env.test.mts b/.config/oxlint-plugin/test/socket-api-token-env.test.mts
index dcfb34b..550bbca 100644
--- a/.config/oxlint-plugin/test/socket-api-token-env.test.mts
+++ b/.config/oxlint-plugin/test/socket-api-token-env.test.mts
@@ -15,6 +15,13 @@ describe('socket/socket-api-token-env', () => {
           name: 'canonical SOCKET_API_TOKEN',
           code: 'const t = process.env["SOCKET_API_TOKEN"]\nconsole.log(t)\n',
         },
+        {
+          name: 'alias-lookup array with declaration-level bypass comment',
+          code:
+            '// socket-api-token-env: bootstrap -- alias-normalization shim.\n' +
+            "const ALIASES = ['SOCKET_API_TOKEN', 'SOCKET_API_KEY', 'SOCKET_SECURITY_API_TOKEN'] as const\n" +
+            'console.log(ALIASES)\n',
+        },
       ],
       invalid: [
         {
diff --git a/.config/oxlint-plugin/test/sort-boolean-chains.test.mts b/.config/oxlint-plugin/test/sort-boolean-chains.test.mts
index 7c04eab..6f12230 100644
--- a/.config/oxlint-plugin/test/sort-boolean-chains.test.mts
+++ b/.config/oxlint-plugin/test/sort-boolean-chains.test.mts
@@ -31,6 +31,14 @@ describe('socket/sort-boolean-chains', () => {
           name: 'single operand — not a chain',
           code: 'export const r = (a: boolean) => a\n',
         },
+        {
+          name: 'two-operand guard pair — narrative order preserved',
+          code: 'export const r = (useHttp: boolean, oauthEnabled: boolean) => useHttp && oauthEnabled\n',
+        },
+        {
+          name: 'two-operand reversed guard pair — still not sorted',
+          code: 'export const r = (b: boolean, a: boolean) => b && a\n',
+        },
         {
           name: 'duplicates skipped',
           code: 'export const r = (b: boolean, a: boolean) => b && a && b\n',
diff --git a/.git-hooks/_helpers.mts b/.git-hooks/_helpers.mts
index 39ad910..99271c6 100644
--- a/.git-hooks/_helpers.mts
+++ b/.git-hooks/_helpers.mts
@@ -443,6 +443,110 @@ export const scanNpxDlx = (text: string): LineHit[] =>
     suggest: suggestNpxReplacement,
   })
 
+// ── pnpm-first docs scanner ────────────────────────────────────────
+//
+// Fleet rule: user-facing documentation that shows install commands
+// should LEAD with the pnpm form (`pnpm install <pkg>`, `pnpm add
+// <pkg>`). npm / yarn fallbacks are fine, but they should appear
+// after the pnpm form — or in a sibling code block introduced as a
+// fallback for users who don't have pnpm.
+//
+// This scanner walks fenced markdown code blocks (``` or ~~~) and
+// emits a warning for any fence whose first install-shape line is
+// npm/yarn rather than pnpm. Warning-only — never fails a commit.
+// Inline backtick spans (a single `npm install foo` in prose) are
+// NOT scanned; only block-level fences.
+//
+// Suppression: a line containing `socket-hook: allow pnpm-first`
+// anywhere in the fence (or just above it) skips that block.
+
+// Match shell install commands at line start (allowing leading
+// whitespace + `$` prompt). Captures the package manager so the
+// caller can tell which form was seen first.
+const PNPM_INSTALL_LINE_RE = /^\s*\$?\s*pnpm\s+(?:install|add|i)\b/
+const NPM_YARN_INSTALL_LINE_RE =
+  /^\s*\$?\s*(?:(npm)\s+(?:install|add|i)|(?:yarn)\s+(?:install|add)|(?:yarn))\s/
+
+// Markdown fence opener: ``` or ~~~ at line start, optionally followed
+// by an info string (language hint). We don't require closing match —
+// just count fences as we go and treat alternating opens/closes.
+const FENCE_OPEN_RE = /^\s*(?:```|~~~)/
+
+const PNPM_FIRST_SUPPRESS_RE = /socket-hook:\s*allow\s+pnpm-first\b/
+
+export const scanDocsPnpmFirst = (text: string): LineHit[] => {
+  const hits: LineHit[] = []
+  const lines = splitLines(text)
+  let inFence = false
+  let fenceStartLine = -1
+  let fenceHasPnpm = false
+  let fenceHasSuppress = false
+  let fenceFirstNpmYarnHit: LineHit | undefined
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]!
+    if (FENCE_OPEN_RE.test(line)) {
+      // Closing fence: flush any pending hit if no pnpm form was seen
+      // and the block wasn't suppressed.
+      if (inFence) {
+        if (fenceFirstNpmYarnHit && !fenceHasPnpm && !fenceHasSuppress) {
+          hits.push(fenceFirstNpmYarnHit)
+        }
+        inFence = false
+        fenceStartLine = -1
+        fenceHasPnpm = false
+        fenceHasSuppress = false
+        fenceFirstNpmYarnHit = undefined
+      } else {
+        inFence = true
+        fenceStartLine = i + 1
+      }
+      continue
+    }
+    if (!inFence) {
+      // Suppression marker on a comment line just above the fence is
+      // also honored (some docs prefer keeping markers outside the
+      // rendered code block).
+      if (PNPM_FIRST_SUPPRESS_RE.test(line)) {
+        // Look ahead one line for a fence open; if it's there, mark
+        // the upcoming block as suppressed.
+        const next = lines[i + 1]
+        if (next !== undefined && FENCE_OPEN_RE.test(next)) {
+          fenceHasSuppress = true
+        }
+      }
+      continue
+    }
+    if (PNPM_FIRST_SUPPRESS_RE.test(line)) {
+      fenceHasSuppress = true
+      continue
+    }
+    if (PNPM_INSTALL_LINE_RE.test(line)) {
+      fenceHasPnpm = true
+      continue
+    }
+    if (
+      NPM_YARN_INSTALL_LINE_RE.test(line) &&
+      fenceFirstNpmYarnHit === undefined
+    ) {
+      fenceFirstNpmYarnHit = {
+        lineNumber: i + 1,
+        line,
+        suggested: line.replace(/\b(npm|yarn)\s+(install|add|i)\b/, 'pnpm $2'),
+      }
+    }
+  }
+  // Unclosed fence at EOF — flush whatever's pending.
+  if (inFence && fenceFirstNpmYarnHit && !fenceHasPnpm && !fenceHasSuppress) {
+    hits.push(fenceFirstNpmYarnHit)
+  }
+  // Reference fenceStartLine to suppress unused-variable lints; the
+  // value is useful for future enhancements (e.g. block-level
+  // diagnostics) but the current per-line LineHit shape carries the
+  // offending line number directly.
+  void fenceStartLine
+  return hits
+}
+
 // ── Logger leak scanner ────────────────────────────────────────────
 //
 // The fleet rule: source code uses `getDefaultLogger()` from
@@ -508,8 +612,9 @@ const FLEET_REPO_NAMES = [
   'socket-sdk-js',
   'socket-sdxgen',
   'socket-stuie',
+  'socket-vscode',
+  'socket-webext',
   'ultrathink',
-  'vscode-socket-security',
 ] as const
 
 // `../<repo>/…` or `../../<repo>/…` etc. — relative path that walks
diff --git a/.git-hooks/pre-commit.mts b/.git-hooks/pre-commit.mts
index b6f179a..920b942 100644
--- a/.git-hooks/pre-commit.mts
+++ b/.git-hooks/pre-commit.mts
@@ -19,6 +19,7 @@ import {
   readFileForScan,
   scanAwsKeys,
   scanCrossRepoPaths,
+  scanDocsPnpmFirst,
   scanGitHubTokens,
   scanLoggerLeaks,
   scanNpxDlx,
@@ -217,6 +218,41 @@ const main = (): number => {
     }
   }
 
+  // Documentation pnpm-first scanner (warning, not blocking).
+  //
+  // Fleet rule: user-facing install commands in docs lead with the
+  // pnpm form. npm/yarn fallbacks come after. Block-only — inline
+  // backtick spans are not scanned. Suppress per-block with
+  // `socket-hook: allow pnpm-first`.
+  logger.info('Checking docs lead with pnpm install commands...')
+  for (const file of stagedFiles) {
+    if (shouldSkipFile(file)) {
+      continue
+    }
+    if (!/\.(md|mdx)$/i.test(file)) {
+      continue
+    }
+    const text = readFileForScan(file)
+    if (!text) {
+      continue
+    }
+    const hits = scanDocsPnpmFirst(text)
+    if (hits.length > 0) {
+      logger.warn(`docs without pnpm-first install command: ${file}`)
+      for (const h of hits.slice(0, 3)) {
+        logger.info(`${h.lineNumber}: ${h.line.trim()}`)
+        if (h.suggested && h.suggested !== h.line) {
+          logger.info(`     fix: ${h.suggested.trim()}`)
+        }
+      }
+      logger.info(
+        'Lead with the pnpm form; keep npm/yarn as fallbacks. To ' +
+          'suppress a fenced block, include `socket-hook: allow ' +
+          'pnpm-first` anywhere in the block.',
+      )
+    }
+  }
+
   // Direct stream writes (process.stderr.write, process.stdout.write,
   // console.*) in source files. Source code uses getDefaultLogger()
   // from @socketsecurity/lib-stable/logger; the logger-guard PreToolUse hook
diff --git a/.git-hooks/test/_helpers.test.mts b/.git-hooks/test/_helpers.test.mts
index 5e05c45..c2ed34f 100644
--- a/.git-hooks/test/_helpers.test.mts
+++ b/.git-hooks/test/_helpers.test.mts
@@ -24,6 +24,7 @@ import {
   normalizePath,
   scanAwsKeys,
   scanCrossRepoPaths,
+  scanDocsPnpmFirst,
   scanGitHubTokens,
   scanLinearRefs,
   scanPersonalPaths,
@@ -585,3 +586,92 @@ test('gitOrThrow: throws on non-zero exit', () => {
     /git this-subcommand-does-not-exist:/,
   )
 })
+
+// ── scanDocsPnpmFirst ─────────────────────────────────────────────
+
+test('scanDocsPnpmFirst: flags fence with only npm install', () => {
+  const md = ['# Install', '', '```sh', 'npm install lodash', '```'].join('\n')
+  const hits = scanDocsPnpmFirst(md)
+  assert.strictEqual(hits.length, 1)
+  assert.strictEqual(hits[0]!.line, 'npm install lodash')
+  assert.strictEqual(hits[0]!.suggested, 'pnpm install lodash')
+})
+
+test('scanDocsPnpmFirst: accepts fence with pnpm leading npm', () => {
+  const md = [
+    '```sh',
+    'pnpm install lodash',
+    '# or for npm users:',
+    'npm install lodash',
+    '```',
+  ].join('\n')
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 0)
+})
+
+test('scanDocsPnpmFirst: flags yarn add without pnpm form', () => {
+  const md = ['```bash', 'yarn add typescript', '```'].join('\n')
+  const hits = scanDocsPnpmFirst(md)
+  assert.strictEqual(hits.length, 1)
+  assert.match(hits[0]!.line, /yarn add/)
+})
+
+test('scanDocsPnpmFirst: accepts tilde-fenced block', () => {
+  const md = ['~~~sh', 'pnpm add react', 'npm install react', '~~~'].join('\n')
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 0)
+})
+
+test('scanDocsPnpmFirst: ignores inline backtick spans', () => {
+  // Inline `npm install foo` in prose is NOT a fenced block — out of
+  // scope for this scanner.
+  const md = 'Run `npm install lodash` to install lodash.'
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 0)
+})
+
+test('scanDocsPnpmFirst: per-block suppression marker', () => {
+  const md = [
+    '```sh',
+    '# socket-hook: allow pnpm-first',
+    'npm install lodash',
+    '```',
+  ].join('\n')
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 0)
+})
+
+test('scanDocsPnpmFirst: suppression marker on line above fence', () => {
+  const md = [
+    '<!-- socket-hook: allow pnpm-first -->',
+    '```sh',
+    'npm install lodash',
+    '```',
+  ].join('\n')
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 0)
+})
+
+test('scanDocsPnpmFirst: handles multiple fences independently', () => {
+  const md = [
+    '```sh',
+    'pnpm add foo',
+    '```',
+    '',
+    'And here is a fallback:',
+    '',
+    '```sh',
+    'npm install foo',
+    '```',
+  ].join('\n')
+  // First fence has pnpm form → ok. Second fence is bare npm with no
+  // pnpm leader → one warning.
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 1)
+})
+
+test('scanDocsPnpmFirst: handles $-prefixed prompt lines', () => {
+  const md = ['```sh', '$ npm install foo', '```'].join('\n')
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 1)
+})
+
+test('scanDocsPnpmFirst: ignores non-install npm commands', () => {
+  // `npm run build` is not an install — out of scope for the leader
+  // rule (which is about how users *get* a package).
+  const md = ['```sh', 'npm run build', '```'].join('\n')
+  assert.strictEqual(scanDocsPnpmFirst(md).length, 0)
+})
diff --git a/docs/claude.md/fleet/sorting.md b/docs/claude.md/fleet/sorting.md
index 2f7b5cc..9ea6ea6 100644
--- a/docs/claude.md/fleet/sorting.md
+++ b/docs/claude.md/fleet/sorting.md
@@ -12,7 +12,7 @@ Sort lists alphanumerically (literal byte order, ASCII before letters).
 - **`Set` constructor arguments** — `new Set([...])` and `new SafeSet([...])` literals. The runtime is order-insensitive, so source order is alphanumeric. Same rationale as Array literals: predictable diffs, no merge conflicts on insertions.
 - **Regex alternation groups** — `(foo|bar|baz)` reads as `(bar|baz|foo)`. Capturing, non-capturing, and named-capture groups all follow the rule. Auto-fixable when every alternative is a simple literal. The exception is order-bearing alternations where the regex engine MUST try one alternative before another (rare; the canonical example is markup parsers where `<!--|-->` would silently mismatch if reordered) — append `// socket-hook: allow regex-alternation-order` on those lines.
 - **String-equality disjunctions** — `x === 'a' || x === 'b' || x === 'c'` reads with the comparand strings in alpha order. The De Morgan dual `x !== 'a' && x !== 'b'` (negative-membership check) follows the same rule. The `||` chain short-circuits regardless of operand order; sorting reduces diff churn when adding new comparands and makes "is X in this set?" checks visually consistent. Auto-fixable when every clause has the same left operand and uses string-literal comparands. Mixed shape (different left, different operator, non-string right) is skipped — those are usually genuine ordering-sensitive predicates and the autofix would change semantics.
-- **Boolean identifier chains** — `agentshieldOk && zizmorOk && sfwOk` reads with the names in alpha order: `agentshieldOk && sfwOk && zizmorOk`. Same rule for `||` chains. The lint rule fires only when every leaf is a bare `Identifier` (no calls, no member access, no literals, no negations) — those have side-effect or short-circuit semantics where order can be observable. Duplicate identifiers and chains with interior comments are skipped (the autofix would lose information). Enforced by `socket/sort-boolean-chains`.
+- **Boolean identifier chains** — `agentshieldOk && zizmorOk && sfwOk` reads with the names in alpha order: `agentshieldOk && sfwOk && zizmorOk`. Same rule for `||` chains. The lint rule fires only when (1) every leaf is a bare `Identifier` (no calls, no member access, no literals, no negations) — those have side-effect or short-circuit semantics where order can be observable — AND (2) the chain has **3 or more operands**. Two-operand chains like `useHttp && oauthEnabled` are guard patterns where order carries narrative ("in HTTP mode, did OAuth get enabled?") that alpha-sort would destroy; only length-3+ chains are unambiguously flag lists. Duplicate identifiers and chains with interior comments are skipped (the autofix would lose information). Enforced by `socket/sort-boolean-chains`.
 - **TypeScript union of string literals** — `type Source = 'download' | 'path' | 'vfs'` (not `'vfs' | 'path' | 'download'`). Members are interchangeable at the type level; alpha order makes "which values can this take?" answerable without scanning. Applies to type aliases, inline parameter unions, and template-literal type alternatives. Position-bearing unions (rare — e.g. a discriminator where order encodes priority) keep their meaningful order; append `// socket-hook: allow union-order` on those lines.
 
 ## Default
diff --git a/packages/build-infra/lib/release-checksums/consumer.mts b/packages/build-infra/lib/release-checksums/consumer.mts
index 33222be..e7b34d8 100644
--- a/packages/build-infra/lib/release-checksums/consumer.mts
+++ b/packages/build-infra/lib/release-checksums/consumer.mts
@@ -17,9 +17,9 @@ import path from 'node:path'
 import process from 'node:process'
 
 import { errorMessage } from '@socketsecurity/lib/errors'
-import { safeMkdir } from '@socketsecurity/lib/fs'
+import { safeMkdir } from '@socketsecurity/lib/fs/safe'
 import { getDefaultLogger } from '@socketsecurity/lib/logger'
-import { getLatestRelease } from '@socketsecurity/lib/releases/github-api'
+import { getLatestRelease } from '@socketsecurity/lib/releases/github-listing'
 import { downloadReleaseAsset } from '@socketsecurity/lib/releases/github-downloads'
 import type { RepoConfig } from '@socketsecurity/lib/releases/github-types'
 
@@ -35,34 +35,41 @@ export interface ChecksumsResult {
 
 const checksumCache = new Map<string, ChecksumsResult>()
 
+/**
+ * Clear the checksum cache. Useful for testing or forcing re-download.
+ */
+export function clearChecksumCache(): void {
+  checksumCache.clear()
+}
+
 interface GetChecksumsOptions {
   /**
    * The producing repo whose releases we're verifying against.
    */
   repoConfig: RepoConfig
   /**
-   * Tool name prefix used in the producing repo's release tag (e.g. `iocraft`).
+   * Tool name prefix used in the producing repo's release tag (e.g. `lief`).
    */
   tool: string
   /**
    * Specific tag to fetch. If omitted, uses the embedded tag, then `latest`.
    */
-  releaseTag?: string
+  releaseTag?: string | undefined
   /**
    * Where to cache the downloaded `checksums.txt`. Defaults to
    * `<cwd>/build/temp`.
    */
-  tempDir?: string
+  tempDir?: string | undefined
   /**
    * Suppress info/warn logging (errors still log).
    */
-  quiet?: boolean
+  quiet?: boolean | undefined
   /**
    * If true (default), use embedded checksums when available even if a network
    * fetch could find newer ones. Set false to force a network fetch — useful
    * when bumping checksums.
    */
-  preferEmbedded?: boolean
+  preferEmbedded?: boolean | undefined
 }
 
 /**
@@ -208,10 +215,3 @@ export async function getReleaseChecksums(
     return { checksums: {}, source: 'network', tag }
   }
 }
-
-/**
- * Clear the checksum cache. Useful for testing or forcing re-download.
- */
-export function clearChecksumCache(): void {
-  checksumCache.clear()
-}
diff --git a/packages/build-infra/lib/release-checksums/core.mts b/packages/build-infra/lib/release-checksums/core.mts
index 7be5e63..aaa1ae5 100644
--- a/packages/build-infra/lib/release-checksums/core.mts
+++ b/packages/build-infra/lib/release-checksums/core.mts
@@ -29,7 +29,7 @@ const __dirname = path.dirname(__filename)
 // ---------------------------------------------------------------------------
 
 export interface ToolConfig {
-  description?: string
+  description?: string | undefined
   tag: string
   checksums: Record<string, string>
 }
@@ -37,10 +37,10 @@ export interface ToolConfig {
 export type EmbeddedChecksums = Record<string, ToolConfig>
 
 export interface VerifyResult {
-  actual?: string
-  expected?: string
-  source?: string
-  skipped?: boolean
+  actual?: string | undefined
+  expected?: string | undefined
+  source?: string | undefined
+  skipped?: boolean | undefined
   valid: boolean
 }
 
@@ -55,27 +55,16 @@ export interface VerifyResult {
 
 let embeddedChecksums: EmbeddedChecksums | undefined | null
 
-export function getEmbeddedChecksums(): EmbeddedChecksums | undefined {
-  if (embeddedChecksums === null) {
-    return undefined
-  }
-  if (embeddedChecksums === undefined) {
-    try {
-      const checksumPath = path.join(
-        __dirname,
-        '..',
-        '..',
-        'release-assets.json',
-      )
-      embeddedChecksums = JSON.parse(
-        readFileSync(checksumPath, 'utf8'),
-      ) as EmbeddedChecksums
-    } catch {
-      embeddedChecksums = null
-      return undefined
-    }
+/**
+ * Compute SHA256 hash of a file as lowercase hex.
+ */
+export async function computeFileHash(filePath: string): Promise<string> {
+  const hash = crypto.createHash('sha256')
+  const stream = createReadStream(filePath)
+  for await (const chunk of stream) {
+    hash.update(chunk)
   }
-  return embeddedChecksums
+  return hash.digest('hex')
 }
 
 export function getEmbeddedChecksum(
@@ -97,20 +86,27 @@ export function getEmbeddedChecksum(
   return { checksum, tag: toolConfig.tag }
 }
 
-// ---------------------------------------------------------------------------
-// Format primitives.
-// ---------------------------------------------------------------------------
-
-/**
- * Compute SHA256 hash of a file as lowercase hex.
- */
-export async function computeFileHash(filePath: string): Promise<string> {
-  const hash = crypto.createHash('sha256')
-  const stream = createReadStream(filePath)
-  for await (const chunk of stream) {
-    hash.update(chunk)
+export function getEmbeddedChecksums(): EmbeddedChecksums | undefined {
+  if (embeddedChecksums === null) {
+    return undefined
   }
-  return hash.digest('hex')
+  if (embeddedChecksums === undefined) {
+    try {
+      const checksumPath = path.join(
+        __dirname,
+        '..',
+        '..',
+        'release-assets.json',
+      )
+      embeddedChecksums = JSON.parse(
+        readFileSync(checksumPath, 'utf8'),
+      ) as EmbeddedChecksums
+    } catch {
+      embeddedChecksums = undefined
+      return undefined
+    }
+  }
+  return embeddedChecksums
 }
 
 /**
@@ -136,15 +132,11 @@ export function parseChecksums(content: string): Record<string, string> {
   return checksums
 }
 
-// ---------------------------------------------------------------------------
-// Verify.
-// ---------------------------------------------------------------------------
-
 interface VerifyOptions {
   filePath: string
   assetName: string
   tool: string
-  quiet?: boolean
+  quiet?: boolean | undefined
 }
 
 /**
diff --git a/packages/build-infra/release-assets.schema.json b/packages/build-infra/release-assets.schema.json
index d049c86..4044659 100644
--- a/packages/build-infra/release-assets.schema.json
+++ b/packages/build-infra/release-assets.schema.json
@@ -29,7 +29,7 @@
         },
         "tag": {
           "type": "string",
-          "description": "Full release tag, including the tool prefix (e.g. `iocraft-20260424-18f0f46`).",
+          "description": "Full release tag, including the tool prefix (e.g. `lief-20260507-76c1796`).",
           "minLength": 1
         },
         "checksums": {
diff --git a/scripts/ai-lint-fix/cli.mts b/scripts/ai-lint-fix/cli.mts
index 51df308..bdcea6e 100644
--- a/scripts/ai-lint-fix/cli.mts
+++ b/scripts/ai-lint-fix/cli.mts
@@ -36,7 +36,8 @@ import path from 'node:path'
 import process from 'node:process'
 
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
-import { isSpawnError, spawn } from '@socketsecurity/lib-stable/spawn'
+import { isSpawnError } from '@socketsecurity/lib-stable/spawn/errors'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
 import { AI_HANDLED_RULES, RULE_GUIDANCE } from './rule-guidance.mts'
 
diff --git a/scripts/ai-lint-fix/rule-guidance.mts b/scripts/ai-lint-fix/rule-guidance.mts
index 2847584..12dd301 100644
--- a/scripts/ai-lint-fix/rule-guidance.mts
+++ b/scripts/ai-lint-fix/rule-guidance.mts
@@ -54,18 +54,18 @@ export const RULE_GUIDANCE: Readonly<Record<string, string>> = {
     'Rewrite `fs.access` / `fs.stat` existence-checks to `existsSync(p)` from `node:fs`. Common shapes: `try { await fs.access(p); return true } catch { return false }` → `return existsSync(p)`. `await fs.access(p).then(() => true).catch(() => false)` → `existsSync(p)`. `if (await fs.stat(p))` → `if (existsSync(p))`. When the stat result is destructured for metadata (`s.size`, `s.mtime`, `s.isDirectory()`), KEEP the stat call and add a one-line comment stating intent — that is not an existence check. Trace back through callers: if the caller awaited a Promise<boolean>, the rewrite collapses to a sync boolean and the await becomes a no-op (safe).',
   'socket/prefer-node-builtin-imports':
     "Rewrite `import fs from 'node:fs'` / `import * as fs from 'node:fs'` to `import { … } from 'node:fs'` with the names actually used in the file. Change every `fs.X` reference to bare `X`. If `fs` is passed as a value (e.g. `someApi(fs)`), keep the namespace import and add a `// prefer-node-builtin-imports: passed-as-value` comment.",
-  'socket/prefer-async-spawn': `Replace \`node:child_process\` spawn calls with their \`@socketsecurity/lib-stable/spawn\` equivalents. The lib re-exports BOTH names so a sync caller keeps using \`spawnSync\` and only the import source changes; only convert sync → async when the enclosing function is already async (or can be safely made async) AND every caller of that function is async-ready.
+  'socket/prefer-async-spawn': `Replace \`node:child_process\` spawn calls with their \`@socketsecurity/lib-stable/spawn/spawn\` equivalents. The lib re-exports BOTH names so a sync caller keeps using \`spawnSync\` and only the import source changes; only convert sync → async when the enclosing function is already async (or can be safely made async) AND every caller of that function is async-ready.
 
 <process>
   1. List every spawn-family callsite in the file: \`spawnSync(\`, \`spawn(\`, \`child_process.spawnSync(\`, \`cp.spawnSync(\`. Note which names are actually used.
   2. For each callsite, decide: (a) keep sync semantics — use \`spawnSync\` from the lib (drop-in, same args, same return shape \`{ status, stdout, stderr }\`); or (b) convert to async — use \`spawn\` from the lib (returns a Promise of \`{ code, stdout, stderr }\`, requires \`await\`, requires async enclosing context, return shape uses \`.code\` not \`.status\`). Default to (a) unless you can verify (b) is safe — sync → async is a contract change.
-  3. Update the import line. If every callsite stays sync: \`import { spawnSync } from '@socketsecurity/lib-stable/spawn'\`. If every callsite becomes async: \`import { spawn } from '@socketsecurity/lib-stable/spawn'\`. If mixed: \`import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn'\`.
-  4. Self-verify before stopping: re-read the file. Confirm EVERY \`spawnSync(\` callsite is satisfied by the new import (either the name is in the import list OR you converted that callsite to \`await spawn(\`). A file with \`import { spawn } from '@socketsecurity/lib-stable/spawn'\` and a body containing \`spawnSync(\` is broken — fix it before you declare done.
+  3. Update the import line. If every callsite stays sync: \`import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'\`. If every callsite becomes async: \`import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'\`. If mixed: \`import { spawn, spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'\`.
+  4. Self-verify before stopping: re-read the file. Confirm EVERY \`spawnSync(\` callsite is satisfied by the new import (either the name is in the import list OR you converted that callsite to \`await spawn(\`). A file with \`import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'\` and a body containing \`spawnSync(\` is broken — fix it before you declare done.
 </process>
 
 <good-fix description="Sync caller; safest path is keeping sync semantics by importing spawnSync from the lib.">
 - import { spawnSync } from 'node:child_process'
-+ import { spawnSync } from '@socketsecurity/lib-stable/spawn'
++ import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 
   function run(cmd) {
     const r = spawnSync(cmd, [], { encoding: 'utf8' })
@@ -75,7 +75,7 @@ export const RULE_GUIDANCE: Readonly<Record<string, string>> = {
 
 <bad-fix description="What you must NOT do: rename the import without updating callsites.">
 - import { spawnSync } from 'node:child_process'
-+ import { spawn } from '@socketsecurity/lib-stable/spawn'
++ import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
   function run(cmd) {
     const r = spawnSync(cmd, [], { encoding: 'utf8' })  // ❌ spawnSync is no longer imported — runtime ReferenceError
@@ -85,7 +85,7 @@ export const RULE_GUIDANCE: Readonly<Record<string, string>> = {
 
 <good-fix description="Async caller; can switch to lib's async spawn AND update return-shape access.">
 - import { spawnSync } from 'node:child_process'
-+ import { spawn } from '@socketsecurity/lib-stable/spawn'
++ import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
   async function run(cmd) {
     const r = await spawn(cmd, [], { stdio: 'pipe' })
diff --git a/scripts/check-prompt-less-setup.mts b/scripts/check-prompt-less-setup.mts
index 0edd986..7cecaa4 100644
--- a/scripts/check-prompt-less-setup.mts
+++ b/scripts/check-prompt-less-setup.mts
@@ -26,7 +26,7 @@
  *      signing/keychain prompt surprises you.
  */
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { existsSync, readFileSync } from 'node:fs'
 import os from 'node:os'
 import path from 'node:path'
diff --git a/scripts/fix.mts b/scripts/fix.mts
index c57d75c..d79bc8e 100644
--- a/scripts/fix.mts
+++ b/scripts/fix.mts
@@ -20,7 +20,7 @@ import { existsSync } from 'node:fs'
 import process from 'node:process'
 
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
 const WIN32 = process.platform === 'win32'
 const logger = getDefaultLogger()
diff --git a/scripts/install-claude-plugins.mts b/scripts/install-claude-plugins.mts
index 2563205..47ba52a 100644
--- a/scripts/install-claude-plugins.mts
+++ b/scripts/install-claude-plugins.mts
@@ -26,7 +26,7 @@
  *      matching version + sha + ISO date.
  */
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { existsSync, readFileSync } from 'node:fs'
 import path from 'node:path'
 import process from 'node:process'
diff --git a/scripts/install-git-hooks.mts b/scripts/install-git-hooks.mts
index 24420ea..bae3fef 100644
--- a/scripts/install-git-hooks.mts
+++ b/scripts/install-git-hooks.mts
@@ -10,7 +10,7 @@
  *     into this repo yet).
  */
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { existsSync } from 'node:fs'
 import path from 'node:path'
 import process from 'node:process'
diff --git a/scripts/install-sfw.mts b/scripts/install-sfw.mts
index 8689c23..552ed9c 100644
--- a/scripts/install-sfw.mts
+++ b/scripts/install-sfw.mts
@@ -37,7 +37,7 @@ import { parseArgs } from 'node:util'
 import { WIN32, getArch } from '@socketsecurity/lib-stable/constants/platform'
 import { downloadBinary } from '@socketsecurity/lib-stable/dlx/binary'
 import { errorMessage } from '@socketsecurity/lib-stable/errors'
-import { safeDelete, safeMkdirSync } from '@socketsecurity/lib-stable/fs'
+import { safeDelete, safeMkdirSync } from '@socketsecurity/lib-stable/fs/safe'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
 import {
   getSocketAppDir,
diff --git a/scripts/install-token-minifier.mts b/scripts/install-token-minifier.mts
index 2430a2e..f5a9f57 100644
--- a/scripts/install-token-minifier.mts
+++ b/scripts/install-token-minifier.mts
@@ -34,10 +34,10 @@ import { fileURLToPath } from 'node:url'
 import { parseArgs } from 'node:util'
 
 import { errorMessage } from '@socketsecurity/lib-stable/errors'
-import { safeMkdirSync } from '@socketsecurity/lib-stable/fs'
+import { safeMkdirSync } from '@socketsecurity/lib-stable/fs/safe'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
 import { getSocketAppDir } from '@socketsecurity/lib-stable/paths/socket'
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 
 const logger = getDefaultLogger()
 
@@ -94,7 +94,7 @@ interface CatalogYamlMap {
  * line-shaped (key: value) and we only need the @socketsecurity/* entries the
  * proxy actually references.
  */
-function readNeededCatalogEntries(): CatalogYamlMap {
+export function readNeededCatalogEntries(): CatalogYamlMap {
   const yamlPath = path.join(WHEELHOUSE_ROOT, 'pnpm-workspace.yaml')
   const text = readFileSync(yamlPath, 'utf8')
   const lines = text.split('\n')
@@ -140,7 +140,7 @@ function readNeededCatalogEntries(): CatalogYamlMap {
  * catalog aliases the package source declares. Keeps imports of
  * `@socketsecurity/lib-stable/...` resolvable from inside the install.
  */
-function writeInstallWorkspaceYaml(catalog: CatalogYamlMap): void {
+export function writeInstallWorkspaceYaml(catalog: CatalogYamlMap): void {
   const lines = ['catalog:']
   for (const [k, v] of Object.entries(catalog)) {
     // Quote values that aren't bare versions (e.g. `npm:foo@1.0.0`).
@@ -161,7 +161,7 @@ function writeInstallWorkspaceYaml(catalog: CatalogYamlMap): void {
  * Stripping `bin`/`exports` keeps pnpm from trying to wire global binaries at
  * install time — we drop our own shim explicitly.
  */
-function writeInstallPackageJson(sourceVersion: string): void {
+export function writeInstallPackageJson(sourceVersion: string): void {
   const sourcePkg = JSON.parse(
     readFileSync(path.join(PKG_SOURCE_DIR, 'package.json'), 'utf8'),
   )
@@ -190,7 +190,7 @@ function writeInstallPackageJson(sourceVersion: string): void {
  * `fs.cp` with recursive + force is the cross-platform equivalent of `cp -r`.
  * Force overwrites stale files on reinstall.
  */
-function copySource(): void {
+export function copySource(): void {
   // Use sync fs API for consistency with the rest of the script — this
   // is a one-shot install, not a hot path. `cpSync` exists since
   // Node 20; the recursive option is required for directories.
@@ -207,14 +207,14 @@ function copySource(): void {
  * when the recorded x-source-version in the dest's package.json differs from
  * the source.
  */
-function readSourceVersion(): string {
+export function readSourceVersion(): string {
   const pkg = JSON.parse(
     readFileSync(path.join(PKG_SOURCE_DIR, 'package.json'), 'utf8'),
   )
   return pkg.version ?? '0.0.0'
 }
 
-function readInstalledVersion(): string | undefined {
+export function readInstalledVersion(): string | undefined {
   const installedPkgPath = path.join(INSTALL_DIR, 'package.json')
   if (!existsSync(installedPkgPath)) {
     return undefined
@@ -227,7 +227,7 @@ function readInstalledVersion(): string | undefined {
   }
 }
 
-function pnpmInstallAtDest(quiet: boolean): void {
+export function pnpmInstallAtDest(quiet: boolean): void {
   const result = spawnSync(
     'pnpm',
     [
@@ -248,7 +248,7 @@ function pnpmInstallAtDest(quiet: boolean): void {
   }
 }
 
-function writeBinShim(): void {
+export function writeBinShim(): void {
   // Shim execs the proxy's top-level bin/ entry. Source lives at
   // INSTALL_DIR/bin/, NOT under node_modules/ — so Node 22+ can strip
   // types from the .mts file at runtime. `node` is on PATH on every
diff --git a/scripts/janus.mts b/scripts/janus.mts
index 1e369e5..539eb7e 100644
--- a/scripts/janus.mts
+++ b/scripts/janus.mts
@@ -27,7 +27,7 @@ import { fileURLToPath } from 'node:url'
 import { WIN32 } from '@socketsecurity/lib-stable/constants/platform'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
 import { getSocketHomePath } from '@socketsecurity/lib-stable/paths/socket'
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
 const logger = getDefaultLogger()
 
diff --git a/scripts/lint-github-settings.mts b/scripts/lint-github-settings.mts
index ab504c0..ff28721 100644
--- a/scripts/lint-github-settings.mts
+++ b/scripts/lint-github-settings.mts
@@ -22,7 +22,7 @@
  *   scripts/lint-github-settings.mts --json # machine-readable.
  */
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
 import path from 'node:path'
 import process from 'node:process'
diff --git a/scripts/lockstep/emit-schema.mts b/scripts/lockstep/emit-schema.mts
index bec79ef..84c65da 100644
--- a/scripts/lockstep/emit-schema.mts
+++ b/scripts/lockstep/emit-schema.mts
@@ -10,7 +10,7 @@ import { writeFileSync } from 'node:fs'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
 
 import { LockstepManifestSchema } from './schema.mts'
diff --git a/scripts/lockstep/git.mts b/scripts/lockstep/git.mts
index 1a9f8e8..42d785a 100644
--- a/scripts/lockstep/git.mts
+++ b/scripts/lockstep/git.mts
@@ -10,7 +10,7 @@
  *   helpers write to.
  */
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 
 import type { Upstream } from './schema.mts'
 import type { DriftCommit, Manifest } from './types.mts'
diff --git a/scripts/power-state.mts b/scripts/power-state.mts
index 2e75287..9418340 100644
--- a/scripts/power-state.mts
+++ b/scripts/power-state.mts
@@ -29,7 +29,7 @@ import { isBuiltin } from 'node:module'
 import path from 'node:path'
 import process from 'node:process'
 
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
 // Probe for node:smol-power. Lives in socket-btm's node-smol binary
 // — `isBuiltin()` returns true on those builds and false on system
diff --git a/scripts/security.mts b/scripts/security.mts
index 426f51a..d04ae92 100644
--- a/scripts/security.mts
+++ b/scripts/security.mts
@@ -20,10 +20,10 @@
 
 import process from 'node:process'
 
-import { which } from '@socketsecurity/lib-stable/bin'
+import { which } from '@socketsecurity/lib-stable/bin/which'
 import { WIN32 } from '@socketsecurity/lib-stable/constants/platform'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
 const logger = getDefaultLogger()
 
diff --git a/scripts/socket-wheelhouse-emit-schema.mts b/scripts/socket-wheelhouse-emit-schema.mts
index adc84b5..5a60c30 100644
--- a/scripts/socket-wheelhouse-emit-schema.mts
+++ b/scripts/socket-wheelhouse-emit-schema.mts
@@ -8,7 +8,7 @@ import { writeFileSync } from 'node:fs'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 import { getDefaultLogger } from '@socketsecurity/lib-stable/logger'
 
 import { SocketWheelhouseConfigSchema } from './socket-wheelhouse-schema.mts'
diff --git a/scripts/test/check-lock-step-header.test.mts b/scripts/test/check-lock-step-header.test.mts
index 605763f..ea783bb 100644
--- a/scripts/test/check-lock-step-header.test.mts
+++ b/scripts/test/check-lock-step-header.test.mts
@@ -9,7 +9,7 @@
 // whose header lists peers + the peer files themselves, vary the
 // peers' headers, and inspect exit code + stderr.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import path from 'node:path'
 import os from 'node:os'
diff --git a/scripts/test/check-lock-step-refs.test.mts b/scripts/test/check-lock-step-refs.test.mts
index 2c7ad42..6958a85 100644
--- a/scripts/test/check-lock-step-refs.test.mts
+++ b/scripts/test/check-lock-step-refs.test.mts
@@ -11,7 +11,7 @@
 // script from that cwd and inspect exit code + stderr/stdout. Each test
 // owns its own tmpdir to avoid cross-pollution.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import path from 'node:path'
 import os from 'node:os'
diff --git a/scripts/test/install-git-hooks.test.mts b/scripts/test/install-git-hooks.test.mts
index 6b8e451..81ca3dd 100644
--- a/scripts/test/install-git-hooks.test.mts
+++ b/scripts/test/install-git-hooks.test.mts
@@ -18,7 +18,7 @@
 // resolve REPO_ROOT to the real repo and write to the real git config
 // instead of the tmpdir, which is what we want to verify.
 
-import { spawnSync } from '@socketsecurity/lib-stable/spawn'
+import { spawnSync } from '@socketsecurity/lib-stable/spawn/spawn'
 import {
   copyFileSync,
   mkdirSync,
diff --git a/scripts/update.mts b/scripts/update.mts
index f384b58..f90b857 100644
--- a/scripts/update.mts
+++ b/scripts/update.mts
@@ -19,7 +19,7 @@
  * scripts/ dir and wire it in via a `"update": "node scripts/update.mts"`
  * package.json entry.
  */
-import { spawn } from '@socketsecurity/lib-stable/spawn'
+import { spawn } from '@socketsecurity/lib-stable/spawn/spawn'
 
 async function run(cmd: string, args: string[]): Promise<boolean> {
   try {
diff --git a/scripts/validate-bundle-deps.mts b/scripts/validate-bundle-deps.mts
index 111007b..c71bb93 100644
--- a/scripts/validate-bundle-deps.mts
+++ b/scripts/validate-bundle-deps.mts
@@ -23,10 +23,15 @@ const logger = getDefaultLogger()
 const __dirname = path.dirname(fileURLToPath(import.meta.url))
 const rootPath = path.join(__dirname, '..')
 
-// Node.js builtins to ignore (including node: prefix variants)
+// Node.js builtins to ignore (including node: prefix variants).
+// node:smol-* are Socket SEA-bundled optional builtins (smol-util, smol-primordial);
+// they appear in dist behind `mod.isBuiltin('node:smol-util')` guards and are only
+// resolvable in SEA binaries, so they should never be expected in dependencies.
+const SOCKET_SEA_BUILTINS = ['node:smol-util', 'node:smol-primordial']
 const BUILTIN_MODULES = new Set([
   ...builtinModules,
   ...builtinModules.map(m => `node:${m}`),
+  ...SOCKET_SEA_BUILTINS,
 ])
 
 /**
@@ -364,16 +369,14 @@ async function validateBundleDeps(): Promise<ValidationResult> {
 
     // externals + bundled are Set<string> — use for...of, the
     // canonical fix for set / map / iterable iteration.
-    for (let i = 0, { length } = externals; i < length; i += 1) {
-      const ext = externals[i]!
+    for (const ext of externals) {
       const packageName = getPackageName(ext)
       if (packageName && !BUILTIN_MODULES.has(packageName)) {
         allExternals.add(packageName)
       }
     }
 
-    for (let i = 0, { length } = bundled; i < length; i += 1) {
-      const bun = bundled[i]!
+    for (const bun of bundled) {
       allBundled.add(bun)
     }
   }
diff --git a/scripts/validate-file-size.mts b/scripts/validate-file-size.mts
index 19b624a..41b3bcc 100644
--- a/scripts/validate-file-size.mts
+++ b/scripts/validate-file-size.mts
@@ -23,6 +23,19 @@ const rootPath = path.join(__dirname, '..')
 // Maximum file size: 2MB (2,097,152 bytes)
 const MAX_FILE_SIZE = 2 * 1024 * 1024
 
+// Allowlisted large files: fleet-canonical assets whose size is bounded by
+// the upstream they ship, not by repo authoring. acorn.wasm is the AST
+// parser shared by AST-based oxlint plugin rules + hooks; its ~3MB is the
+// upstream build artifact. Two paths because socket-lib vendors its own
+// copy at vendor/acorn-wasm/ (so the lib package's own AST helpers can
+// load without a node_modules round-trip). Adding a path here is
+// intentional — it should only happen for files the fleet jointly owns,
+// not per-repo binary leaks.
+const ALLOWED_LARGE_FILES = new Set<string>([
+  '.claude/hooks/_shared/acorn/acorn.wasm',
+  'vendor/acorn-wasm/acorn.wasm',
+])
+
 // Directories to skip
 const SKIP_DIRS = new Set([
   '.cache',
@@ -95,6 +108,9 @@ async function scanDirectory(
           const stats = await fs.stat(fullPath)
           if (stats.size > MAX_FILE_SIZE) {
             const relativePath = path.relative(rootPath, fullPath)
+            if (ALLOWED_LARGE_FILES.has(relativePath)) {
+              continue
+            }
             violations.push({
               file: relativePath,
               size: stats.size,