feat: add everything-claude-code ECC bundle (.claude/commands/add-or-update-skill.md)

.agents/skills/everything-claude-code/SKILL.md

@@ -230,124 +230,156 @@ Add Turkish (tr) docs and update README (#744)
 
 ### Add Or Update Skill
 
-Adds or updates a skill in the ECC system, including documentation and provenance.
+Adds or updates a skill, including its documentation and configuration.
 
-**Frequency**: ~3 times per month
+**Frequency**: ~2 times per month
 
 **Steps**:
-1. Create or update SKILL.md in the appropriate skills directory (e.g., skills/{skill-name}/SKILL.md or .claude/skills/{skill-name}/SKILL.md)
-2. Optionally add or update agent YAML files (e.g., .agents/skills/{skill-name}/agents/*.yaml)
-3. Optionally update provenance or placement policy files (e.g., schemas/provenance.schema.json, docs/SKILL-PLACEMENT-POLICY.md)
+1. Create or update .claude/commands/add-or-update-skill.md
+2. Create or update .claude/skills/<skill-name>/SKILL.md
+3. Optionally update .agents/skills/<skill-name>/SKILL.md
+4. Optionally update .agents/skills/<skill-name>/agents/*.yaml
 
 **Files typically involved**:
-- `skills/*/SKILL.md`
+- `.claude/commands/add-or-update-skill.md`
 - `.claude/skills/*/SKILL.md`
 - `.agents/skills/*/SKILL.md`
 - `.agents/skills/*/agents/*.yaml`
-- `schemas/provenance.schema.json`
-- `docs/SKILL-PLACEMENT-POLICY.md`
 
 **Example commit sequence**:
 ```
-Create or update SKILL.md in the appropriate skills directory (e.g., skills/{skill-name}/SKILL.md or .claude/skills/{skill-name}/SKILL.md)
-Optionally add or update agent YAML files (e.g., .agents/skills/{skill-name}/agents/*.yaml)
-Optionally update provenance or placement policy files (e.g., schemas/provenance.schema.json, docs/SKILL-PLACEMENT-POLICY.md)
+Create or update .claude/commands/add-or-update-skill.md
+Create or update .claude/skills/<skill-name>/SKILL.md
+Optionally update .agents/skills/<skill-name>/SKILL.md
+Optionally update .agents/skills/<skill-name>/agents/*.yaml
 ```
 
 ### Add Or Update Command Documentation
 
-Adds or updates documentation for a command, often as part of a new feature or workflow.
+Adds or updates documentation for a CLI command or workflow.
 
-**Frequency**: ~4 times per month
+**Frequency**: ~3 times per month
 
 **Steps**:
-1. Create or update .claude/commands/{command-name}.md
-2. Optionally update localized docs (e.g., docs/zh-CN/commands/{command-name}.md, docs/tr/commands/{command-name}.md, docs/pt-BR/commands/{command-name}.md)
+1. Create or update .claude/commands/<command-name>.md
 
 **Files typically involved**:
 - `.claude/commands/*.md`
-- `docs/zh-CN/commands/*.md`
-- `docs/tr/commands/*.md`
-- `docs/pt-BR/commands/*.md`
 
 **Example commit sequence**:
 ```
-Create or update .claude/commands/{command-name}.md
-Optionally update localized docs (e.g., docs/zh-CN/commands/{command-name}.md, docs/tr/commands/{command-name}.md, docs/pt-BR/commands/{command-name}.md)
+Create or update .claude/commands/<command-name>.md
 ```
 
-### Add Or Update Localized Documentation
+### Add Or Update Database Migration Patterns
 
-Adds or updates documentation in a new or existing language (localization).
+Adds or updates database migration patterns or documentation.
 
 **Frequency**: ~2 times per month
 
 **Steps**:
-1. Add or update files in docs/{locale}/ (where locale is zh-CN, tr, pt-BR, etc.)
-2. Update README.md to reflect new language support
+1. Create or update .claude/commands/database-migration.md
+2. Create or update skills/database-migrations/SKILL.md
 
 **Files typically involved**:
-- `docs/zh-CN/**/*`
-- `docs/tr/**/*`
-- `docs/pt-BR/**/*`
-- `README.md`
+- `.claude/commands/database-migration.md`
+- `skills/database-migrations/SKILL.md`
 
 **Example commit sequence**:
 ```
-Add or update files in docs/{locale}/ (where locale is zh-CN, tr, pt-BR, etc.)
-Update README.md to reflect new language support
+Create or update .claude/commands/database-migration.md
+Create or update skills/database-migrations/SKILL.md
 ```
 
-### Update Or Add Hooks
+### Add Or Update Team Or Identity Config
 
-Adds or updates hooks for validation, config protection, or workflow automation.
+Adds or updates team configuration or identity files.
 
 **Frequency**: ~2 times per month
 
 **Steps**:
-1. Edit hooks/hooks.json to add or update hook definitions
-2. Create or update scripts/hooks/*.js or .ts for hook logic
-3. Optionally update plugin files (e.g., .opencode/plugins/ecc-hooks.ts)
+1. Create or update .claude/team/everything-claude-code-team-config.json
+2. Create or update .claude/identity.json
 
 **Files typically involved**:
-- `hooks/hooks.json`
-- `scripts/hooks/*.js`
-- `.opencode/plugins/*.ts`
-
-**Example commit sequence**:
-```
-Edit hooks/hooks.json to add or update hook definitions
-Create or update scripts/hooks/*.js or .ts for hook logic
-Optionally update plugin files (e.g., .opencode/plugins/ecc-hooks.ts)
-```
-
-### Add Or Update Ecc Bundle
-
-Adds or updates a set of ECC configuration, command, or skill files as a bundle.
-
-**Frequency**: ~2 times per month
-
-**Steps**:
-1. Create or update files in .claude/ (commands, skills, rules, team, identity, etc.)
-2. Optionally update .codex/agents/*.toml and .agents/skills/*
-3. Repeat for each bundle component as needed
-
-**Files typically involved**:
-- `.claude/commands/*.md`
-- `.claude/skills/*/SKILL.md`
-- `.claude/rules/*.md`
-- `.claude/team/*.json`
+- `.claude/team/everything-claude-code-team-config.json`
 - `.claude/identity.json`
-- `.claude/ecc-tools.json`
-- `.codex/agents/*.toml`
-- `.agents/skills/*/SKILL.md`
-- `.agents/skills/*/agents/*.yaml`
 
 **Example commit sequence**:
 ```
-Create or update files in .claude/ (commands, skills, rules, team, identity, etc.)
-Optionally update .codex/agents/*.toml and .agents/skills/*
-Repeat for each bundle component as needed
+Create or update .claude/team/everything-claude-code-team-config.json
+Create or update .claude/identity.json
+```
+
+### Add Or Update Guardrails Or Controls
+
+Adds or updates project guardrails, rules, or enterprise controls.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .claude/rules/everything-claude-code-guardrails.md
+2. Create or update .claude/enterprise/controls.md
+
+**Files typically involved**:
+- `.claude/rules/everything-claude-code-guardrails.md`
+- `.claude/enterprise/controls.md`
+
+**Example commit sequence**:
+```
+Create or update .claude/rules/everything-claude-code-guardrails.md
+Create or update .claude/enterprise/controls.md
+```
+
+### Add Or Update Agent Config
+
+Adds or updates agent configuration TOML files.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .codex/agents/*.toml
+
+**Files typically involved**:
+- `.codex/agents/*.toml`
+
+**Example commit sequence**:
+```
+Create or update .codex/agents/*.toml
+```
+
+### Add Or Update Research Playbook
+
+Adds or updates research playbooks or process documentation.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .claude/research/everything-claude-code-research-playbook.md
+
+**Files typically involved**:
+- `.claude/research/everything-claude-code-research-playbook.md`
+
+**Example commit sequence**:
+```
+Create or update .claude/research/everything-claude-code-research-playbook.md
+```
+
+### Add Or Update Ecc Tools Config
+
+Adds or updates ECC tools configuration.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .claude/ecc-tools.json
+
+**Files typically involved**:
+- `.claude/ecc-tools.json`
+
+**Example commit sequence**:
+```
+Create or update .claude/ecc-tools.json
 ```
 
 

.claude/commands/add-or-update-skill-documentation.md

@@ -10,13 +10,12 @@ Use this workflow when working on **add-or-update-skill-documentation** in `ever
 
 ## Goal
 
-Adds a new skill or updates documentation for an existing skill, typically in the form of a SKILL.md file under skills/ or skills/*/SKILL.md.
+Adds a new skill or updates existing skill documentation, typically in SKILL.md under skills/<skill-name>/ or docs/<lang>/skills/<skill-name>/SKILL.md.
 
 ## Common Files
 
 - `skills/*/SKILL.md`
-- `AGENTS.md`
-- `README.md`
+- `docs/*/skills/*/SKILL.md`
 
 ## Suggested Sequence
 
@@ -27,9 +26,9 @@ Adds a new skill or updates documentation for an existing skill, typically in th
 
 ## Typical Commit Signals
 
-- Create or update skills/<skill-name>/SKILL.md
-- Optionally update AGENTS.md or README.md to reflect new skill
-- Optionally add architecture diagrams or implementation notes
+- Create or update SKILL.md in the appropriate skills/<skill-name>/ directory.
+- Optionally update language-localized documentation under docs/<lang>/skills/<skill-name>/SKILL.md.
+- Commit with a message referencing the skill and summary of the change.
 
 ## Notes
 

.claude/commands/add-or-update-skill.md

@@ -10,16 +10,14 @@ Use this workflow when working on **add-or-update-skill** in `everything-claude-
 
 ## Goal
 
-Adds or updates a skill in the ECC system, including documentation and provenance.
+Adds or updates a skill, including its documentation and configuration.
 
 ## Common Files
 
-- `skills/*/SKILL.md`
+- `.claude/commands/add-or-update-skill.md`
 - `.claude/skills/*/SKILL.md`
 - `.agents/skills/*/SKILL.md`
 - `.agents/skills/*/agents/*.yaml`
-- `schemas/provenance.schema.json`
-- `docs/SKILL-PLACEMENT-POLICY.md`
 
 ## Suggested Sequence
 
@@ -30,9 +28,10 @@ Adds or updates a skill in the ECC system, including documentation and provenanc
 
 ## Typical Commit Signals
 
-- Create or update SKILL.md in the appropriate skills directory (e.g., skills/{skill-name}/SKILL.md or .claude/skills/{skill-name}/SKILL.md)
-- Optionally add or update agent YAML files (e.g., .agents/skills/{skill-name}/agents/*.yaml)
-- Optionally update provenance or placement policy files (e.g., schemas/provenance.schema.json, docs/SKILL-PLACEMENT-POLICY.md)
+- Create or update .claude/commands/add-or-update-skill.md
+- Create or update .claude/skills/<skill-name>/SKILL.md
+- Optionally update .agents/skills/<skill-name>/SKILL.md
+- Optionally update .agents/skills/<skill-name>/agents/*.yaml
 
 ## Notes
 

.claude/ecc-tools.json

@@ -2,7 +2,7 @@
   "version": "1.3",
   "schemaVersion": "1.0",
   "generatedBy": "ecc-tools",
-  "generatedAt": "2026-03-24T10:44:06.345Z",
+  "generatedAt": "2026-03-24T10:43:54.594Z",
   "repo": "https://github.com/affaan-m/everything-claude-code",
   "profiles": {
     "requested": "full",

.claude/identity.json

@@ -10,5 +10,5 @@
     "javascript"
   ],
   "suggestedBy": "ecc-tools-repo-analysis",
-  "createdAt": "2026-03-24T10:44:20.963Z"
+  "createdAt": "2026-03-24T10:44:09.205Z"
 }

.claude/research/everything-claude-code-research-playbook.md

@@ -18,4 +18,4 @@ Use this when the task is documentation-heavy, source-sensitive, or requires bro
 
 - Primary language: JavaScript
 - Framework: Not detected
-- Workflows detected: 7
+- Workflows detected: 10

.claude/rules/everything-claude-code-guardrails.md

@@ -26,7 +26,7 @@ Generated by ECC Tools from repository history. Review before treating it as a h
 
 - database-migration: Database schema changes with migration files
 - feature-development: Standard feature implementation workflow
-- add-or-update-skill: Adds or updates a skill in the ECC system, including documentation and provenance.
+- add-or-update-skill: Adds or updates a skill, including its documentation and configuration.
 
 ## Review Reminder
 

.claude/skills/everything-claude-code/SKILL.md

@@ -230,124 +230,156 @@ Add Turkish (tr) docs and update README (#744)
 
 ### Add Or Update Skill
 
-Adds or updates a skill in the ECC system, including documentation and provenance.
+Adds or updates a skill, including its documentation and configuration.
 
-**Frequency**: ~3 times per month
+**Frequency**: ~2 times per month
 
 **Steps**:
-1. Create or update SKILL.md in the appropriate skills directory (e.g., skills/{skill-name}/SKILL.md or .claude/skills/{skill-name}/SKILL.md)
-2. Optionally add or update agent YAML files (e.g., .agents/skills/{skill-name}/agents/*.yaml)
-3. Optionally update provenance or placement policy files (e.g., schemas/provenance.schema.json, docs/SKILL-PLACEMENT-POLICY.md)
+1. Create or update .claude/commands/add-or-update-skill.md
+2. Create or update .claude/skills/<skill-name>/SKILL.md
+3. Optionally update .agents/skills/<skill-name>/SKILL.md
+4. Optionally update .agents/skills/<skill-name>/agents/*.yaml
 
 **Files typically involved**:
-- `skills/*/SKILL.md`
+- `.claude/commands/add-or-update-skill.md`
 - `.claude/skills/*/SKILL.md`
 - `.agents/skills/*/SKILL.md`
 - `.agents/skills/*/agents/*.yaml`
-- `schemas/provenance.schema.json`
-- `docs/SKILL-PLACEMENT-POLICY.md`
 
 **Example commit sequence**:
 ```
-Create or update SKILL.md in the appropriate skills directory (e.g., skills/{skill-name}/SKILL.md or .claude/skills/{skill-name}/SKILL.md)
-Optionally add or update agent YAML files (e.g., .agents/skills/{skill-name}/agents/*.yaml)
-Optionally update provenance or placement policy files (e.g., schemas/provenance.schema.json, docs/SKILL-PLACEMENT-POLICY.md)
+Create or update .claude/commands/add-or-update-skill.md
+Create or update .claude/skills/<skill-name>/SKILL.md
+Optionally update .agents/skills/<skill-name>/SKILL.md
+Optionally update .agents/skills/<skill-name>/agents/*.yaml
 ```
 
 ### Add Or Update Command Documentation
 
-Adds or updates documentation for a command, often as part of a new feature or workflow.
+Adds or updates documentation for a CLI command or workflow.
 
-**Frequency**: ~4 times per month
+**Frequency**: ~3 times per month
 
 **Steps**:
-1. Create or update .claude/commands/{command-name}.md
-2. Optionally update localized docs (e.g., docs/zh-CN/commands/{command-name}.md, docs/tr/commands/{command-name}.md, docs/pt-BR/commands/{command-name}.md)
+1. Create or update .claude/commands/<command-name>.md
 
 **Files typically involved**:
 - `.claude/commands/*.md`
-- `docs/zh-CN/commands/*.md`
-- `docs/tr/commands/*.md`
-- `docs/pt-BR/commands/*.md`
 
 **Example commit sequence**:
 ```
-Create or update .claude/commands/{command-name}.md
-Optionally update localized docs (e.g., docs/zh-CN/commands/{command-name}.md, docs/tr/commands/{command-name}.md, docs/pt-BR/commands/{command-name}.md)
+Create or update .claude/commands/<command-name>.md
 ```
 
-### Add Or Update Localized Documentation
+### Add Or Update Database Migration Patterns
 
-Adds or updates documentation in a new or existing language (localization).
+Adds or updates database migration patterns or documentation.
 
 **Frequency**: ~2 times per month
 
 **Steps**:
-1. Add or update files in docs/{locale}/ (where locale is zh-CN, tr, pt-BR, etc.)
-2. Update README.md to reflect new language support
+1. Create or update .claude/commands/database-migration.md
+2. Create or update skills/database-migrations/SKILL.md
 
 **Files typically involved**:
-- `docs/zh-CN/**/*`
-- `docs/tr/**/*`
-- `docs/pt-BR/**/*`
-- `README.md`
+- `.claude/commands/database-migration.md`
+- `skills/database-migrations/SKILL.md`
 
 **Example commit sequence**:
 ```
-Add or update files in docs/{locale}/ (where locale is zh-CN, tr, pt-BR, etc.)
-Update README.md to reflect new language support
+Create or update .claude/commands/database-migration.md
+Create or update skills/database-migrations/SKILL.md
 ```
 
-### Update Or Add Hooks
+### Add Or Update Team Or Identity Config
 
-Adds or updates hooks for validation, config protection, or workflow automation.
+Adds or updates team configuration or identity files.
 
 **Frequency**: ~2 times per month
 
 **Steps**:
-1. Edit hooks/hooks.json to add or update hook definitions
-2. Create or update scripts/hooks/*.js or .ts for hook logic
-3. Optionally update plugin files (e.g., .opencode/plugins/ecc-hooks.ts)
+1. Create or update .claude/team/everything-claude-code-team-config.json
+2. Create or update .claude/identity.json
 
 **Files typically involved**:
-- `hooks/hooks.json`
-- `scripts/hooks/*.js`
-- `.opencode/plugins/*.ts`
-
-**Example commit sequence**:
-```
-Edit hooks/hooks.json to add or update hook definitions
-Create or update scripts/hooks/*.js or .ts for hook logic
-Optionally update plugin files (e.g., .opencode/plugins/ecc-hooks.ts)
-```
-
-### Add Or Update Ecc Bundle
-
-Adds or updates a set of ECC configuration, command, or skill files as a bundle.
-
-**Frequency**: ~2 times per month
-
-**Steps**:
-1. Create or update files in .claude/ (commands, skills, rules, team, identity, etc.)
-2. Optionally update .codex/agents/*.toml and .agents/skills/*
-3. Repeat for each bundle component as needed
-
-**Files typically involved**:
-- `.claude/commands/*.md`
-- `.claude/skills/*/SKILL.md`
-- `.claude/rules/*.md`
-- `.claude/team/*.json`
+- `.claude/team/everything-claude-code-team-config.json`
 - `.claude/identity.json`
-- `.claude/ecc-tools.json`
-- `.codex/agents/*.toml`
-- `.agents/skills/*/SKILL.md`
-- `.agents/skills/*/agents/*.yaml`
 
 **Example commit sequence**:
 ```
-Create or update files in .claude/ (commands, skills, rules, team, identity, etc.)
-Optionally update .codex/agents/*.toml and .agents/skills/*
-Repeat for each bundle component as needed
+Create or update .claude/team/everything-claude-code-team-config.json
+Create or update .claude/identity.json
+```
+
+### Add Or Update Guardrails Or Controls
+
+Adds or updates project guardrails, rules, or enterprise controls.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .claude/rules/everything-claude-code-guardrails.md
+2. Create or update .claude/enterprise/controls.md
+
+**Files typically involved**:
+- `.claude/rules/everything-claude-code-guardrails.md`
+- `.claude/enterprise/controls.md`
+
+**Example commit sequence**:
+```
+Create or update .claude/rules/everything-claude-code-guardrails.md
+Create or update .claude/enterprise/controls.md
+```
+
+### Add Or Update Agent Config
+
+Adds or updates agent configuration TOML files.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .codex/agents/*.toml
+
+**Files typically involved**:
+- `.codex/agents/*.toml`
+
+**Example commit sequence**:
+```
+Create or update .codex/agents/*.toml
+```
+
+### Add Or Update Research Playbook
+
+Adds or updates research playbooks or process documentation.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .claude/research/everything-claude-code-research-playbook.md
+
+**Files typically involved**:
+- `.claude/research/everything-claude-code-research-playbook.md`
+
+**Example commit sequence**:
+```
+Create or update .claude/research/everything-claude-code-research-playbook.md
+```
+
+### Add Or Update Ecc Tools Config
+
+Adds or updates ECC tools configuration.
+
+**Frequency**: ~2 times per month
+
+**Steps**:
+1. Create or update .claude/ecc-tools.json
+
+**Files typically involved**:
+- `.claude/ecc-tools.json`
+
+**Example commit sequence**:
+```
+Create or update .claude/ecc-tools.json
 ```
 
 

.claude/team/everything-claude-code-team-config.json

@@ -11,5 +11,5 @@
     ".claude/commands/feature-development.md",
     ".claude/commands/add-or-update-skill.md"
   ],
-  "updatedAt": "2026-03-24T10:44:06.345Z"
+  "updatedAt": "2026-03-24T10:43:54.594Z"
 }

ecc2/src/config/mod.rs

@@ -2,16 +2,7 @@ use anyhow::Result;
 use serde::{Deserialize, Serialize};
 use std::path::PathBuf;
 
-#[derive(Debug, Clone, Copy, PartialEq, Serialize, Deserialize)]
-#[serde(default)]
-pub struct RiskThresholds {
-    pub review: f64,
-    pub confirm: f64,
-    pub block: f64,
-}
-
 #[derive(Debug, Clone, Serialize, Deserialize)]
-#[serde(default)]
 pub struct Config {
     pub db_path: PathBuf,
     pub worktree_root: PathBuf,
@@ -21,7 +12,6 @@ pub struct Config {
     pub heartbeat_interval_secs: u64,
     pub default_agent: String,
     pub theme: Theme,
-    pub risk_thresholds: RiskThresholds,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -42,18 +32,11 @@ impl Default for Config {
             heartbeat_interval_secs: 30,
             default_agent: "claude".to_string(),
             theme: Theme::Dark,
-            risk_thresholds: Self::RISK_THRESHOLDS,
         }
     }
 }
 
 impl Config {
-    pub const RISK_THRESHOLDS: RiskThresholds = RiskThresholds {
-        review: 0.35,
-        confirm: 0.60,
-        block: 0.85,
-    };
-
     pub fn load() -> Result<Self> {
         let config_path = dirs::home_dir()
             .unwrap_or_else(|| PathBuf::from("."))
@@ -69,40 +52,3 @@ impl Config {
         }
     }
 }
-
-impl Default for RiskThresholds {
-    fn default() -> Self {
-        Config::RISK_THRESHOLDS
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::Config;
-
-    #[test]
-    fn default_config_uses_default_risk_thresholds() {
-        let config = Config::default();
-
-        assert_eq!(config.risk_thresholds, Config::RISK_THRESHOLDS);
-    }
-
-    #[test]
-    fn deserialization_defaults_risk_thresholds() {
-        let config: Config = toml::from_str(
-            r#"
-db_path = "/tmp/ecc2.db"
-worktree_root = "/tmp/ecc-worktrees"
-max_parallel_sessions = 8
-max_parallel_worktrees = 6
-session_timeout_secs = 3600
-heartbeat_interval_secs = 30
-default_agent = "claude"
-theme = "Dark"
-"#,
-        )
-        .expect("config should deserialize");
-
-        assert_eq!(config.risk_thresholds, Config::RISK_THRESHOLDS);
-    }
-}

ecc2/src/observability/mod.rs

@@ -1,7 +1,6 @@
-use anyhow::Result;
+use anyhow::{bail, Result};
 use serde::{Deserialize, Serialize};
 
-use crate::config::RiskThresholds;
 use crate::session::store::StateStore;
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -14,278 +13,169 @@ pub struct ToolCallEvent {
     pub risk_score: f64,
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
-pub struct RiskAssessment {
-    pub score: f64,
-    pub reasons: Vec<String>,
-    pub suggested_action: SuggestedAction,
-}
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(rename_all = "snake_case")]
-pub enum SuggestedAction {
-    Allow,
-    Review,
-    RequireConfirmation,
-    Block,
-}
-
 impl ToolCallEvent {
-    /// Compute risk from the tool type and input characteristics.
-    pub fn compute_risk(
-        tool_name: &str,
-        input: &str,
-        thresholds: &RiskThresholds,
-    ) -> RiskAssessment {
-        let normalized_tool = tool_name.to_ascii_lowercase();
-        let normalized_input = input.to_ascii_lowercase();
-        let mut score = 0.0;
-        let mut reasons = Vec::new();
+    pub fn new(
+        session_id: impl Into<String>,
+        tool_name: impl Into<String>,
+        input_summary: impl Into<String>,
+        output_summary: impl Into<String>,
+        duration_ms: u64,
+    ) -> Self {
+        let tool_name = tool_name.into();
+        let input_summary = input_summary.into();
 
-        let (base_score, base_reason) = base_tool_risk(&normalized_tool);
-        score += base_score;
-        if let Some(reason) = base_reason {
-            reasons.push(reason.to_string());
+        Self {
+            session_id: session_id.into(),
+            risk_score: Self::compute_risk(&tool_name, &input_summary),
+            tool_name,
+            input_summary,
+            output_summary: output_summary.into(),
+            duration_ms,
+        }
+    }
+
+    /// Compute risk score based on tool type and input patterns.
+    pub fn compute_risk(tool_name: &str, input: &str) -> f64 {
+        let mut score: f64 = 0.0;
+
+        // Destructive tools get higher base risk
+        match tool_name {
+            "Bash" => score += 0.3,
+            "Write" => score += 0.2,
+            "Edit" => score += 0.1,
+            _ => score += 0.05,
         }
 
-        let (file_sensitivity_score, file_sensitivity_reason) =
-            assess_file_sensitivity(&normalized_input);
-        score += file_sensitivity_score;
-        if let Some(reason) = file_sensitivity_reason {
-            reasons.push(reason);
+        // Dangerous patterns in bash commands
+        if tool_name == "Bash" {
+            if input.contains("rm -rf") || input.contains("--force") {
+                score += 0.4;
+            }
+            if input.contains("git push") || input.contains("git reset") {
+                score += 0.3;
+            }
+            if input.contains("sudo") || input.contains("chmod 777") {
+                score += 0.5;
+            }
         }
 
-        let (blast_radius_score, blast_radius_reason) = assess_blast_radius(&normalized_input);
-        score += blast_radius_score;
-        if let Some(reason) = blast_radius_reason {
-            reasons.push(reason);
-        }
-
-        let (irreversibility_score, irreversibility_reason) =
-            assess_irreversibility(&normalized_input);
-        score += irreversibility_score;
-        if let Some(reason) = irreversibility_reason {
-            reasons.push(reason);
-        }
-
-        let score = score.clamp(0.0, 1.0);
-        let suggested_action = SuggestedAction::from_score(score, thresholds);
-
-        RiskAssessment {
-            score,
-            reasons,
-            suggested_action,
-        }
+        score.min(1.0)
     }
 }
 
-impl SuggestedAction {
-    fn from_score(score: f64, thresholds: &RiskThresholds) -> Self {
-        if score >= thresholds.block {
-            Self::Block
-        } else if score >= thresholds.confirm {
-            Self::RequireConfirmation
-        } else if score >= thresholds.review {
-            Self::Review
-        } else {
-            Self::Allow
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct ToolLogEntry {
+    pub id: i64,
+    pub session_id: String,
+    pub tool_name: String,
+    pub input_summary: String,
+    pub output_summary: String,
+    pub duration_ms: u64,
+    pub risk_score: f64,
+    pub timestamp: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct ToolLogPage {
+    pub entries: Vec<ToolLogEntry>,
+    pub page: u64,
+    pub page_size: u64,
+    pub total: u64,
+}
+
+pub struct ToolLogger<'a> {
+    db: &'a StateStore,
+}
+
+impl<'a> ToolLogger<'a> {
+    pub fn new(db: &'a StateStore) -> Self {
+        Self { db }
+    }
+
+    pub fn log(&self, event: &ToolCallEvent) -> Result<ToolLogEntry> {
+        let timestamp = chrono::Utc::now().to_rfc3339();
+
+        self.db.insert_tool_log(
+            &event.session_id,
+            &event.tool_name,
+            &event.input_summary,
+            &event.output_summary,
+            event.duration_ms,
+            event.risk_score,
+            &timestamp,
+        )
+    }
+
+    pub fn query(&self, session_id: &str, page: u64, page_size: u64) -> Result<ToolLogPage> {
+        if page_size == 0 {
+            bail!("page_size must be greater than 0");
         }
+
+        self.db.query_tool_logs(session_id, page.max(1), page_size)
     }
 }
 
-fn base_tool_risk(tool_name: &str) -> (f64, Option<&'static str>) {
-    match tool_name {
-        "bash" => (
-            0.20,
-            Some("shell execution can modify local or shared state"),
-        ),
-        "write" | "multiedit" => (0.15, Some("writes files directly")),
-        "edit" => (0.10, Some("modifies existing files")),
-        _ => (0.05, None),
-    }
-}
-
-fn assess_file_sensitivity(input: &str) -> (f64, Option<String>) {
-    const SECRET_PATTERNS: &[&str] = &[
-        ".env",
-        "secret",
-        "credential",
-        "token",
-        "api_key",
-        "apikey",
-        "auth",
-        "id_rsa",
-        ".pem",
-        ".key",
-    ];
-    const SHARED_INFRA_PATTERNS: &[&str] = &[
-        "cargo.toml",
-        "package.json",
-        "dockerfile",
-        ".github/workflows",
-        "schema",
-        "migration",
-        "production",
-    ];
-
-    if contains_any(input, SECRET_PATTERNS) {
-        (
-            0.25,
-            Some("targets a sensitive file or credential surface".to_string()),
-        )
-    } else if contains_any(input, SHARED_INFRA_PATTERNS) {
-        (
-            0.15,
-            Some("targets shared infrastructure or release-critical files".to_string()),
-        )
-    } else {
-        (0.0, None)
-    }
-}
-
-fn assess_blast_radius(input: &str) -> (f64, Option<String>) {
-    const LARGE_SCOPE_PATTERNS: &[&str] = &[
-        "**",
-        "/*",
-        "--all",
-        "--recursive",
-        "entire repo",
-        "all files",
-        "across src/",
-        "find ",
-        " xargs ",
-    ];
-    const SHARED_STATE_PATTERNS: &[&str] = &[
-        "git push --force",
-        "git push -f",
-        "origin main",
-        "origin master",
-        "rm -rf .",
-        "rm -rf /",
-    ];
-
-    if contains_any(input, SHARED_STATE_PATTERNS) {
-        (
-            0.35,
-            Some("has a broad blast radius across shared state or history".to_string()),
-        )
-    } else if contains_any(input, LARGE_SCOPE_PATTERNS) {
-        (
-            0.25,
-            Some("has a broad blast radius across multiple files or directories".to_string()),
-        )
-    } else {
-        (0.0, None)
-    }
-}
-
-fn assess_irreversibility(input: &str) -> (f64, Option<String>) {
-    const HIGH_IRREVERSIBILITY_PATTERNS: &[&str] = &[
-        "rm -rf",
-        "git reset --hard",
-        "git clean -fd",
-        "drop database",
-        "drop table",
-        "truncate ",
-        "shred ",
-    ];
-    const MODERATE_IRREVERSIBILITY_PATTERNS: &[&str] =
-        &["rm -f", "git push --force", "git push -f", "delete from"];
-
-    if contains_any(input, HIGH_IRREVERSIBILITY_PATTERNS) {
-        (
-            0.45,
-            Some("includes an irreversible or destructive operation".to_string()),
-        )
-    } else if contains_any(input, MODERATE_IRREVERSIBILITY_PATTERNS) {
-        (
-            0.40,
-            Some("includes an irreversible or difficult-to-undo operation".to_string()),
-        )
-    } else {
-        (0.0, None)
-    }
-}
-
-fn contains_any(input: &str, patterns: &[&str]) -> bool {
-    patterns.iter().any(|pattern| input.contains(pattern))
-}
-
-pub fn log_tool_call(db: &StateStore, event: &ToolCallEvent) -> Result<()> {
-    db.send_message(
-        &event.session_id,
-        "observability",
-        &serde_json::to_string(event)?,
-        "tool_call",
-    )?;
-    Ok(())
+pub fn log_tool_call(db: &StateStore, event: &ToolCallEvent) -> Result<ToolLogEntry> {
+    ToolLogger::new(db).log(event)
 }
 
 #[cfg(test)]
 mod tests {
-    use super::{SuggestedAction, ToolCallEvent};
-    use crate::config::Config;
+    use super::{ToolCallEvent, ToolLogger};
+    use crate::session::store::StateStore;
+    use crate::session::{Session, SessionMetrics, SessionState};
+    use std::path::PathBuf;
 
-    #[test]
-    fn computes_sensitive_file_risk() {
-        let assessment = ToolCallEvent::compute_risk(
-            "Write",
-            "Update .env.production with rotated API token",
-            &Config::RISK_THRESHOLDS,
-        );
+    fn test_db_path() -> PathBuf {
+        std::env::temp_dir().join(format!("ecc2-observability-{}.db", uuid::Uuid::new_v4()))
+    }
 
-        assert!(assessment.score >= Config::RISK_THRESHOLDS.review);
-        assert_eq!(assessment.suggested_action, SuggestedAction::Review);
-        assert!(assessment
-            .reasons
-            .iter()
-            .any(|reason| reason.contains("sensitive file")));
+    fn test_session(id: &str) -> Session {
+        let now = chrono::Utc::now();
+
+        Session {
+            id: id.to_string(),
+            task: "test task".to_string(),
+            agent_type: "claude".to_string(),
+            state: SessionState::Pending,
+            worktree: None,
+            created_at: now,
+            updated_at: now,
+            metrics: SessionMetrics::default(),
+        }
     }
 
     #[test]
-    fn computes_blast_radius_risk() {
-        let assessment = ToolCallEvent::compute_risk(
-            "Edit",
-            "Apply the same replacement across src/**/*.rs",
-            &Config::RISK_THRESHOLDS,
-        );
-
-        assert!(assessment.score >= Config::RISK_THRESHOLDS.review);
-        assert_eq!(assessment.suggested_action, SuggestedAction::Review);
-        assert!(assessment
-            .reasons
-            .iter()
-            .any(|reason| reason.contains("blast radius")));
+    fn compute_risk_caps_high_risk_bash_commands() {
+        let score = ToolCallEvent::compute_risk("Bash", "sudo rm -rf /tmp --force");
+        assert_eq!(score, 1.0);
     }
 
     #[test]
-    fn computes_irreversible_risk() {
-        let assessment = ToolCallEvent::compute_risk(
-            "Bash",
-            "rm -f /tmp/ecc-temp.txt",
-            &Config::RISK_THRESHOLDS,
-        );
+    fn logger_persists_entries_and_paginates() -> anyhow::Result<()> {
+        let db_path = test_db_path();
+        let db = StateStore::open(&db_path)?;
+        db.insert_session(&test_session("sess-1"))?;
 
-        assert!(assessment.score >= Config::RISK_THRESHOLDS.confirm);
-        assert_eq!(
-            assessment.suggested_action,
-            SuggestedAction::RequireConfirmation,
-        );
-        assert!(assessment
-            .reasons
-            .iter()
-            .any(|reason| reason.contains("irreversible")));
-    }
+        let logger = ToolLogger::new(&db);
 
-    #[test]
-    fn blocks_combined_high_risk_operations() {
-        let assessment = ToolCallEvent::compute_risk(
-            "Bash",
-            "rm -rf . && git push --force origin main",
-            &Config::RISK_THRESHOLDS,
-        );
+        logger.log(&ToolCallEvent::new("sess-1", "Read", "first", "ok", 5))?;
+        logger.log(&ToolCallEvent::new("sess-1", "Write", "second", "ok", 15))?;
+        logger.log(&ToolCallEvent::new("sess-1", "Bash", "third", "ok", 25))?;
 
-        assert!(assessment.score >= Config::RISK_THRESHOLDS.block);
-        assert_eq!(assessment.suggested_action, SuggestedAction::Block);
+        let first_page = logger.query("sess-1", 1, 2)?;
+        assert_eq!(first_page.total, 3);
+        assert_eq!(first_page.entries.len(), 2);
+        assert_eq!(first_page.entries[0].tool_name, "Bash");
+        assert_eq!(first_page.entries[1].tool_name, "Write");
+
+        let second_page = logger.query("sess-1", 2, 2)?;
+        assert_eq!(second_page.total, 3);
+        assert_eq!(second_page.entries.len(), 1);
+        assert_eq!(second_page.entries[0].tool_name, "Read");
+
+        std::fs::remove_file(&db_path).ok();
+
+        Ok(())
     }
 }

ecc2/src/session/manager.rs

@@ -4,6 +4,7 @@ use std::fmt;
 use super::store::StateStore;
 use super::{Session, SessionMetrics, SessionState};
 use crate::config::Config;
+use crate::observability::{log_tool_call, ToolCallEvent, ToolLogEntry, ToolLogPage, ToolLogger};
 use crate::worktree;
 
 pub async fn create_session(
@@ -53,6 +54,44 @@ pub async fn stop_session(db: &StateStore, id: &str) -> Result<()> {
     Ok(())
 }
 
+pub fn record_tool_call(
+    db: &StateStore,
+    session_id: &str,
+    tool_name: &str,
+    input_summary: &str,
+    output_summary: &str,
+    duration_ms: u64,
+) -> Result<ToolLogEntry> {
+    let session = db
+        .get_session(session_id)?
+        .ok_or_else(|| anyhow::anyhow!("Session not found: {session_id}"))?;
+
+    let event = ToolCallEvent::new(
+        session.id.clone(),
+        tool_name,
+        input_summary,
+        output_summary,
+        duration_ms,
+    );
+    let entry = log_tool_call(db, &event)?;
+    db.increment_tool_calls(&session.id)?;
+
+    Ok(entry)
+}
+
+pub fn query_tool_calls(
+    db: &StateStore,
+    session_id: &str,
+    page: u64,
+    page_size: u64,
+) -> Result<ToolLogPage> {
+    let session = db
+        .get_session(session_id)?
+        .ok_or_else(|| anyhow::anyhow!("Session not found: {session_id}"))?;
+
+    ToolLogger::new(db).query(&session.id, page, page_size)
+}
+
 pub struct SessionStatus(Session);
 
 impl fmt::Display for SessionStatus {
@@ -74,3 +113,41 @@ impl fmt::Display for SessionStatus {
         write!(f, "Updated: {}", s.updated_at)
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::{create_session, query_tool_calls, record_tool_call};
+    use crate::config::Config;
+    use crate::session::store::StateStore;
+
+    #[tokio::test]
+    async fn record_tool_call_updates_session_metrics() -> anyhow::Result<()> {
+        let db_path =
+            std::env::temp_dir().join(format!("ecc2-session-manager-{}.db", uuid::Uuid::new_v4()));
+        let db = StateStore::open(&db_path)?;
+
+        let cfg = Config {
+            db_path: db_path.clone(),
+            ..Config::default()
+        };
+
+        let session_id =
+            create_session(&db, &cfg, "implement tool logging", "claude", false).await?;
+
+        let entry = record_tool_call(&db, &session_id, "Bash", "git status", "clean worktree", 18)?;
+
+        assert_eq!(entry.session_id, session_id);
+        assert_eq!(entry.tool_name, "Bash");
+
+        let session = db.get_session(&session_id)?.expect("session should exist");
+        assert_eq!(session.metrics.tool_calls, 1);
+
+        let page = query_tool_calls(&db, &session_id[..4], 1, 10)?;
+        assert_eq!(page.total, 1);
+        assert_eq!(page.entries[0].output_summary, "clean worktree");
+
+        std::fs::remove_file(&db_path).ok();
+
+        Ok(())
+    }
+}

ecc2/src/session/store.rs

@@ -3,6 +3,7 @@ use rusqlite::Connection;
 use std::path::Path;
 
 use super::{Session, SessionMetrics, SessionState};
+use crate::observability::{ToolLogEntry, ToolLogPage};
 
 pub struct StateStore {
     conn: Connection,
@@ -112,6 +113,14 @@ impl StateStore {
         Ok(())
     }
 
+    pub fn increment_tool_calls(&self, session_id: &str) -> Result<()> {
+        self.conn.execute(
+            "UPDATE sessions SET tool_calls = tool_calls + 1, updated_at = ?1 WHERE id = ?2",
+            rusqlite::params![chrono::Utc::now().to_rfc3339(), session_id],
+        )?;
+        Ok(())
+    }
+
     pub fn list_sessions(&self) -> Result<Vec<Session>> {
         let mut stmt = self.conn.prepare(
             "SELECT id, task, agent_type, state, worktree_path, worktree_branch, worktree_base,
@@ -183,4 +192,86 @@ impl StateStore {
         )?;
         Ok(())
     }
+
+    pub fn insert_tool_log(
+        &self,
+        session_id: &str,
+        tool_name: &str,
+        input_summary: &str,
+        output_summary: &str,
+        duration_ms: u64,
+        risk_score: f64,
+        timestamp: &str,
+    ) -> Result<ToolLogEntry> {
+        self.conn.execute(
+            "INSERT INTO tool_log (session_id, tool_name, input_summary, output_summary, duration_ms, risk_score, timestamp)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)",
+            rusqlite::params![
+                session_id,
+                tool_name,
+                input_summary,
+                output_summary,
+                duration_ms,
+                risk_score,
+                timestamp,
+            ],
+        )?;
+
+        Ok(ToolLogEntry {
+            id: self.conn.last_insert_rowid(),
+            session_id: session_id.to_string(),
+            tool_name: tool_name.to_string(),
+            input_summary: input_summary.to_string(),
+            output_summary: output_summary.to_string(),
+            duration_ms,
+            risk_score,
+            timestamp: timestamp.to_string(),
+        })
+    }
+
+    pub fn query_tool_logs(
+        &self,
+        session_id: &str,
+        page: u64,
+        page_size: u64,
+    ) -> Result<ToolLogPage> {
+        let page = page.max(1);
+        let offset = (page - 1) * page_size;
+
+        let total: u64 = self.conn.query_row(
+            "SELECT COUNT(*) FROM tool_log WHERE session_id = ?1",
+            rusqlite::params![session_id],
+            |row| row.get(0),
+        )?;
+
+        let mut stmt = self.conn.prepare(
+            "SELECT id, session_id, tool_name, input_summary, output_summary, duration_ms, risk_score, timestamp
+             FROM tool_log
+             WHERE session_id = ?1
+             ORDER BY timestamp DESC, id DESC
+             LIMIT ?2 OFFSET ?3",
+        )?;
+
+        let entries = stmt
+            .query_map(rusqlite::params![session_id, page_size, offset], |row| {
+                Ok(ToolLogEntry {
+                    id: row.get(0)?,
+                    session_id: row.get(1)?,
+                    tool_name: row.get(2)?,
+                    input_summary: row.get::<_, Option<String>>(3)?.unwrap_or_default(),
+                    output_summary: row.get::<_, Option<String>>(4)?.unwrap_or_default(),
+                    duration_ms: row.get::<_, Option<u64>>(5)?.unwrap_or_default(),
+                    risk_score: row.get::<_, Option<f64>>(6)?.unwrap_or_default(),
+                    timestamp: row.get(7)?,
+                })
+            })?
+            .collect::<Result<Vec<_>, _>>()?;
+
+        Ok(ToolLogPage {
+            entries,
+            page,
+            page_size,
+            total,
+        })
+    }
 }