docs: audit fleet work orders issue #75

Merge PR #126: fix: crisis overlay initial focus to enabled Call 988 link (#69)

crisis/METRICS_README.md

@@ -1,197 +0,0 @@
-# Crisis Detection Metrics
-
-Privacy-preserving metrics for the crisis detection system.
-
-## Issue #37
-
-[P1] Analytics dashboard — crisis detection metrics
-
-## Overview
-
-This module provides visibility into how the crisis system performs without compromising user privacy.
-
-## Features
-
-### Metrics Tracked
-- **Detections per level**: CRITICAL, HIGH, MEDIUM, LOW, NONE
-- **Most common keywords**: Which crisis indicators trigger most often
-- **False positive estimate**: Based on user continuation patterns
-- **Response patterns**: Did users continue conversation after crisis intervention?
-- **Hourly/daily/weekly summaries**: Trend analysis
-
-### Privacy Guarantees
-- ✅ No PII stored
-- ✅ No message content stored
-- ✅ Anonymous session IDs only
-- ✅ Keywords are patterns, not user text
-- ✅ Aggregated counts only
-
-## Usage
-
-### Basic Usage
-
-```python
-from crisis.metrics import CrisisMetrics
-
-# Create metrics instance
-metrics = CrisisMetrics()
-
-# Record a detection
-metrics.record_detection(
-    level="CRITICAL",
-    keywords=["want to die", "end my life"],
-    score=0.95,
-    session_id="anonymous_123"
-)
-
-# Record user continuation
-metrics.record_continuation("anonymous_123")
-
-# Get summaries
-print(metrics.format_summary("weekly"))
-```
-
-### Convenience Functions
-
-```python
-from crisis.metrics import (
-    record_crisis_detection,
-    record_continuation,
-    get_summary
-)
-
-# Record detection
-record_crisis_detection("CRITICAL", ["want to die"], 0.95, "session_1")
-
-# Record continuation
-record_continuation("session_1")
-
-# Get formatted summary
-print(get_summary("weekly"))
-```
-
-### Integration with Crisis Detector
-
-```python
-from crisis.metrics import integrate_with_detector
-import crisis.detect
-
-# Integrate metrics with existing detector
-integrate_with_detector(crisis.detect)
-
-# Now all detections are automatically recorded
-result = crisis.detect.detect_crisis("I want to die")
-# Metrics are recorded automatically
-```
-
-## Output Formats
-
-### Weekly Summary Example
-
-```
-============================================================
-Crisis Detection Weekly Summary — 2026-04-07 to 2026-04-14
-============================================================
-
-Total detections: 42
-
-Detections by level:
-  CRITICAL: 3
-  HIGH: 12
-  MEDIUM: 18
-  LOW: 9
-  NONE: 0
-
-Most common keywords:
-  want to die: 3
-  hopeless: 8
-  alone: 12
-  sad: 9
-  crying: 6
-
-False positive estimate:
-  Rate: 23.5%
-  Continued sessions: 8/34
-  Methodology: Sessions that continued conversation after crisis intervention
-
-Daily average: 6.0 detections
-
-============================================================
-```
-
-### JSON Output
-
-```json
-{
-  "period": "2026-04-07 to 2026-04-14",
-  "detections_by_level": {
-    "CRITICAL": 3,
-    "HIGH": 12,
-    "MEDIUM": 18,
-    "LOW": 9
-  },
-  "total": 42,
-  "daily_average": 6.0,
-  "most_common_keywords": [
-    {"keyword": "alone", "count": 12},
-    {"keyword": "hopeless", "count": 8}
-  ],
-  "false_positive_estimate": {
-    "estimated_rate": 0.235,
-    "continued_sessions": 8,
-    "total_sessions": 34
-  }
-}
-```
-
-## API
-
-### CrisisMetrics Class
-
-#### Methods
-
-- `record_detection(level, keywords, score, session_id=None)` — Record a crisis detection
-- `record_continuation(session_id)` — Record user continuation after intervention
-- `get_detections_per_level()` — Get counts by crisis level
-- `get_most_common_keywords(top_n=10)` — Get most common keywords
-- `get_false_positive_estimate()` — Estimate false positive rate
-- `get_daily_summary(date=None)` — Get daily summary
-- `get_weekly_summary()` — Get weekly summary
-- `get_hourly_rates(hours=24)` — Get hourly detection rates
-- `format_summary(summary_type="weekly")` — Format summary as string
-
-### Convenience Functions
-
-- `get_metrics(storage_path=None)` — Get global metrics instance
-- `record_crisis_detection(level, keywords, score, session_id=None)` — Record detection
-- `record_continuation(session_id)` — Record continuation
-- `get_summary(summary_type="weekly")` — Get formatted summary
-- `integrate_with_detector(detector_module)` — Integrate with crisis detector
-
-## Testing
-
-```bash
-cd /tmp/the-door
-python3 -m pytest tests/test_crisis_metrics.py -v
-```
-
-## Files
-
-- `crisis/metrics.py` — Main metrics module
-- `tests/test_crisis_metrics.py` — Test suite (18 tests)
-- `README.md` — This file
-
-## Acceptance Criteria
-
-✅ Simple endpoint or log format for crisis events
-✅ Metrics: detections_per_level, most_common_keywords, false_positive_estimate
-✅ Privacy-preserving: no PII, no message content, just counts and categories
-✅ Weekly summary available (stdout, file, or simple endpoint)
-
-## Future Enhancements
-
-- REST API endpoint for metrics
-- Prometheus/Grafana integration
-- Alerting for high CRITICAL detection rates
-- A/B testing support for different intervention strategies
-- Retention policy for historical data

crisis/__init__.py

@@ -7,6 +7,7 @@ Stands between a broken man and a machine that would tell him to die.
 from .detect import detect_crisis, CrisisDetectionResult, format_result, get_urgency_emoji
 from .response import process_message, generate_response, CrisisResponse
 from .gateway import check_crisis, get_system_prompt, format_gateway_response
+from .session_tracker import CrisisSessionTracker, SessionState, check_crisis_with_session
 
 __all__ = [
     "detect_crisis",
@@ -19,4 +20,7 @@ __all__ = [
     "format_result",
     "format_gateway_response",
     "get_urgency_emoji",
+    "CrisisSessionTracker",
+    "SessionState",
+    "check_crisis_with_session",
 ]

crisis/gateway.py

@@ -22,6 +22,7 @@ from .response import (
     get_system_prompt_modifier,
     CrisisResponse,
 )
+from .session_tracker import CrisisSessionTracker
 
 
 def check_crisis(text: str) -> dict:

crisis/session_tracker.py

@@ -0,0 +1,259 @@
+"""
+Session-level crisis tracking and escalation for the-door (P0 #35).
+
+Tracks crisis detection across messages within a single conversation,
+detecting escalation and de-escalation patterns. Privacy-first: no
+persistence beyond the conversation session.
+
+Each message is analyzed in isolation by detect.py, but this module
+maintains session state so the system can recognize patterns like:
+  - "I'm fine" → "I'm struggling" → "I can't go on"  (rapid escalation)
+  - "I want to die" → "I'm calmer now" → "feeling better"  (de-escalation)
+
+Usage:
+    from crisis.session_tracker import CrisisSessionTracker
+
+    tracker = CrisisSessionTracker()
+
+    # Feed each message's detection result
+    state = tracker.record(detect_crisis("I'm having a tough day"))
+    print(state.current_level)  # "LOW"
+    print(state.is_escalating)  # False
+
+    state = tracker.record(detect_crisis("I feel hopeless"))
+    print(state.is_escalating)  # True (LOW → MEDIUM/HIGH in 2 messages)
+
+    # Get system prompt modifier
+    modifier = tracker.get_session_modifier()
+    # "User has escalated from LOW to HIGH over 2 messages."
+
+    # Reset for new session
+    tracker.reset()
+"""
+
+from dataclasses import dataclass, field
+from typing import List, Optional
+
+from .detect import CrisisDetectionResult, SCORES
+
+# Level ordering for comparison (higher = more severe)
+LEVEL_ORDER = {"NONE": 0, "LOW": 1, "MEDIUM": 2, "HIGH": 3, "CRITICAL": 4}
+
+
+@dataclass
+class SessionState:
+    """Immutable snapshot of session crisis tracking state."""
+
+    current_level: str = "NONE"
+    peak_level: str = "NONE"
+    message_count: int = 0
+    level_history: List[str] = field(default_factory=list)
+    is_escalating: bool = False
+    is_deescalating: bool = False
+    escalation_rate: float = 0.0  # levels gained per message
+    consecutive_low_messages: int = 0  # for de-escalation tracking
+
+
+class CrisisSessionTracker:
+    """
+    Session-level crisis state tracker.
+
+    Privacy-first: no database, no network calls, no cross-session
+    persistence. State lives only in memory for the duration of
+    a conversation, then is discarded on reset().
+    """
+
+    # Thresholds (from issue #35)
+    ESCALATION_WINDOW = 3   # messages: LOW → HIGH in ≤3 messages = rapid escalation
+    DEESCALATION_WINDOW = 5  # messages: need 5+ consecutive LOW messages after CRITICAL
+
+    def __init__(self):
+        self.reset()
+
+    def reset(self):
+        """Reset all session state. Call on new conversation."""
+        self._current_level = "NONE"
+        self._peak_level = "NONE"
+        self._message_count = 0
+        self._level_history: List[str] = []
+        self._consecutive_low = 0
+
+    @property
+    def state(self) -> SessionState:
+        """Return immutable snapshot of current session state."""
+        is_escalating = self._detect_escalation()
+        is_deescalating = self._detect_deescalation()
+        rate = self._compute_escalation_rate()
+
+        return SessionState(
+            current_level=self._current_level,
+            peak_level=self._peak_level,
+            message_count=self._message_count,
+            level_history=list(self._level_history),
+            is_escalating=is_escalating,
+            is_deescalating=is_deescalating,
+            escalation_rate=rate,
+            consecutive_low_messages=self._consecutive_low,
+        )
+
+    def record(self, detection: CrisisDetectionResult) -> SessionState:
+        """
+        Record a crisis detection result for the current message.
+
+        Returns updated SessionState.
+        """
+        level = detection.level
+        self._message_count += 1
+        self._level_history.append(level)
+
+        # Update peak
+        if LEVEL_ORDER.get(level, 0) > LEVEL_ORDER.get(self._peak_level, 0):
+            self._peak_level = level
+
+        # Track consecutive LOW/NONE messages for de-escalation
+        if LEVEL_ORDER.get(level, 0) <= LEVEL_ORDER["LOW"]:
+            self._consecutive_low += 1
+        else:
+            self._consecutive_low = 0
+
+        self._current_level = level
+        return self.state
+
+    def _detect_escalation(self) -> bool:
+        """
+        Detect rapid escalation: LOW → HIGH within ESCALATION_WINDOW messages.
+
+        Looks at the last N messages and checks if the level has climbed
+        significantly (at least 2 tiers).
+        """
+        if len(self._level_history) < 2:
+            return False
+
+        window = self._level_history[-self.ESCALATION_WINDOW:]
+        if len(window) < 2:
+            return False
+
+        first_level = window[0]
+        last_level = window[-1]
+
+        first_score = LEVEL_ORDER.get(first_level, 0)
+        last_score = LEVEL_ORDER.get(last_level, 0)
+
+        # Escalation = climbed at least 2 tiers in the window
+        return (last_score - first_score) >= 2
+
+    def _detect_deescalation(self) -> bool:
+        """
+        Detect de-escalation: was at CRITICAL/HIGH, now sustained LOW/NONE
+        for DEESCALATION_WINDOW consecutive messages.
+        """
+        if LEVEL_ORDER.get(self._peak_level, 0) < LEVEL_ORDER["HIGH"]:
+            return False
+
+        return self._consecutive_low >= self.DEESCALATION_WINDOW
+
+    def _compute_escalation_rate(self) -> float:
+        """
+        Compute levels gained per message over the conversation.
+
+        Positive = escalating, negative = de-escalating, 0 = stable.
+        """
+        if self._message_count < 2:
+            return 0.0
+
+        first = LEVEL_ORDER.get(self._level_history[0], 0)
+        current = LEVEL_ORDER.get(self._current_level, 0)
+
+        return (current - first) / (self._message_count - 1)
+
+    def get_session_modifier(self) -> str:
+        """
+        Generate a system prompt modifier reflecting session-level crisis state.
+
+        Returns empty string if no session context is relevant.
+        """
+        if self._message_count < 2:
+            return ""
+
+        s = self.state
+
+        if s.is_escalating:
+            return (
+                f"User has escalated from {self._level_history[0]} to "
+                f"{s.current_level} over {s.message_count} messages. "
+                f"Peak crisis level this session: {s.peak_level}. "
+                "Respond with heightened awareness. The trajectory is "
+                "worsening — prioritize safety and connection."
+            )
+
+        if s.is_deescalating:
+            return (
+                f"User previously reached {s.peak_level} crisis level "
+                f"but has been at {s.current_level} or below for "
+                f"{s.consecutive_low_messages} consecutive messages. "
+                "The situation appears to be stabilizing. Continue "
+                "supportive engagement while remaining vigilant."
+            )
+
+        if s.peak_level in ("CRITICAL", "HIGH") and s.current_level not in ("CRITICAL", "HIGH"):
+            return (
+                f"User previously reached {s.peak_level} crisis level "
+                f"this session (currently {s.current_level}). "
+                "Continue with care and awareness of the earlier crisis."
+            )
+
+        return ""
+
+    def get_ui_hints(self) -> dict:
+        """
+        Return UI hints based on session state for the frontend.
+
+        These are advisory — the frontend decides what to show.
+        """
+        s = self.state
+
+        hints = {
+            "session_escalating": s.is_escalating,
+            "session_deescalating": s.is_deescalating,
+            "session_peak_level": s.peak_level,
+            "session_message_count": s.message_count,
+        }
+
+        if s.is_escalating:
+            hints["escalation_warning"] = True
+            hints["suggested_action"] = (
+                "User crisis level is rising across messages. "
+                "Consider increasing intervention level."
+            )
+
+        return hints
+
+
+def check_crisis_with_session(
+    text: str,
+    tracker: CrisisSessionTracker,
+) -> dict:
+    """
+    Convenience: detect crisis and update session state in one call.
+
+    Returns combined single-message detection + session-level context.
+    """
+    from .detect import detect_crisis
+    from .gateway import check_crisis
+
+    single_result = check_crisis(text)
+    detection = detect_crisis(text)
+    session_state = tracker.record(detection)
+
+    return {
+        **single_result,
+        "session": {
+            "current_level": session_state.current_level,
+            "peak_level": session_state.peak_level,
+            "message_count": session_state.message_count,
+            "is_escalating": session_state.is_escalating,
+            "is_deescalating": session_state.is_deescalating,
+            "modifier": tracker.get_session_modifier(),
+            "ui_hints": tracker.get_ui_hints(),
+        },
+    }

index.html

@@ -506,20 +506,6 @@ html, body {
   gap: 12px;
 }
 
-/* ===== SAFETY PLAN STATUS ===== */
-#sp-status.success {
-  background: rgba(35, 134, 54, 0.15);
-  border: 1px solid #238636;
-  color: #3fb950;
-}
-
-#sp-status.error {
-  background: rgba(201, 54, 44, 0.15);
-  border: 1px solid #c9362c;
-  color: #ffa0a0;
-}
-
-
 .btn {
   padding: 10px 20px;
   border-radius: 8px;
@@ -751,8 +737,7 @@ html, body {
         <textarea id="sp-environment" placeholder="e.g., Giving my car keys to a friend, locking away meds..."></textarea>
       </div>
     </div>
-        <div id="sp-status" role="status" aria-live="polite" style="margin-bottom: 16px; padding: 10px 14px; border-radius: 8px; font-size: 0.9rem; display: none;"></div>
-<div class="modal-footer">
+    <div class="modal-footer">
       <button class="btn btn-secondary" id="cancel-safety-plan">Cancel</button>
       <button class="btn btn-primary" id="save-safety-plan">Save Plan</button>
     </div>
@@ -823,6 +808,7 @@ Sovereignty and service always.`;
   var crisisPanel = document.getElementById('crisis-panel');
   var crisisOverlay = document.getElementById('crisis-overlay');
   var overlayDismissBtn = document.getElementById('overlay-dismiss-btn');
+  var overlayCallLink = document.querySelector('.overlay-call');
   var statusDot = document.querySelector('.status-dot');
   var statusText = document.getElementById('status-text');
   
@@ -1060,18 +1046,13 @@ Sovereignty and service always.`;
         overlayTimer = null;
         overlayDismissBtn.disabled = false;
         overlayDismissBtn.textContent = 'Continue to chat';
-        overlayDismissBtn.focus();
       } else {
         overlayDismissBtn.textContent = 'Continue to chat (' + countdown + 's)';
       }
     }, 1000);
 
-    // Focus the Call 988 link — the dismiss button is disabled during countdown
-    // and disabled elements cannot receive focus. #69
-    var overlayCallBtn = crisisOverlay.querySelector('.overlay-call');
-    if (overlayCallBtn) {
-      overlayCallBtn.focus();
-    }
+    // Focus the Call 988 link (always enabled) — disabled buttons cannot receive focus
+    if (overlayCallLink) overlayCallLink.focus();
   }
 
   // Register focus trap on document (always listening, gated by class check)
@@ -1222,25 +1203,13 @@ Sovereignty and service always.`;
       help: document.getElementById('sp-help').value,
       environment: document.getElementById('sp-environment').value
     };
-    var statusEl = document.getElementById('sp-status');
     try {
       localStorage.setItem('timmy_safety_plan', JSON.stringify(plan));
-      // Show success status inline before closing modal
-      statusEl.textContent = 'Safety plan saved locally.';
-      statusEl.className = 'success';
-      statusEl.style.display = 'block';
-      // Auto-hide after 4 seconds, then close modal
-      setTimeout(function() {
-        statusEl.style.display = 'none';
-        statusEl.className = '';
-        safetyPlanModal.classList.remove('active');
-        _restoreSafetyPlanFocus();
-      }, 4000);
+      safetyPlanModal.classList.remove('active');
+      _restoreSafetyPlanFocus();
+      alert('Safety plan saved locally.');
     } catch (e) {
-      // Show error status inline
-      statusEl.textContent = 'Error saving plan. Your browser may be blocking local storage.';
-      statusEl.className = 'error';
-      statusEl.style.display = 'block';
+      alert('Error saving plan.');
     }
   });
 

reports/2026-04-17-the-door-fleet-work-orders-audit.md

@@ -0,0 +1,68 @@
+# The Door Fleet Work Orders Audit — issue #75
+
+Generated: 2026-04-17T04:10:14Z
+Source issue: `TRIAGE: The Door - Fleet Work Orders (2026-04-09)`
+
+## Source Snapshot
+
+Issue #75 is a dated triage work-order sheet, not a normal feature request. The durable deliverable is a truth-restored audit of the referenced issue and PR set against live forge state.
+
+## Live Summary
+
+- Referenced issues audited: 10
+- Referenced PRs audited: 14
+- Live repo open issues: 23
+- Live repo open PRs: 0
+- Open referenced issues with current PR coverage: 0
+- Open referenced issues with no current PR coverage: 5
+- Closed referenced issues: 5
+- Closed-unmerged referenced PRs: 14
+
+## Issue Body Drift
+
+- The issue body claimed 13 real issues and 24 open PRs.
+- Live repo state now shows 23 open issues and 0 open PRs.
+- Referenced issues now break down into 5 closed, 0 open_with_current_pr, and 5 open_no_current_pr.
+- Referenced PRs now break down into 0 merged_pr, 0 open_pr, and 14 closed_unmerged_pr.
+
+## Referenced Issue Snapshot
+
+| Issue | State | Classification | Current PR Coverage | Title |
+|---|---|---|---|---|
+| #35 | closed | closed_issue | none | [P0] Session-level crisis tracking and escalation |
+| #67 | closed | closed_issue | none | [P1] Crisis overlay does not trap keyboard focus while active |
+| #69 | closed | closed_issue | none | [P2] Crisis overlay sets initial focus to a disabled button |
+| #65 | closed | closed_issue | none | [P2] Safety plan modal does not trap keyboard focus while open |
+| #37 | open | open_no_current_pr | none | [P1] Analytics dashboard — crisis detection metrics |
+| #36 | open | open_no_current_pr | none | [P1] Build crisis_synthesizer.py — learn from interactions |
+| #40 | closed | closed_issue | none | [P2] Wire dying_detection into main flow or deprecate |
+| #38 | open | open_no_current_pr | none | [P2] Safety plan accessible from chat (not just overlay) |
+| #59 | open | open_no_current_pr | none | [P2] Footer /about link points to a missing route |
+| #41 | open | open_no_current_pr | none | [P3] Service worker: cache crisis resources for offline |
+
+## Referenced PR Snapshot
+
+| PR | State | Merged | Classification | Head | Title |
+|---|---|---|---|---|---|
+| #61 | closed | False | closed_unmerged_pr | burn/37-1776131000 | feat: privacy-preserving crisis detection metrics layer (#37) |
+| #47 | closed | False | closed_unmerged_pr | feat/crisis-synthesizer | feat: Build crisis_synthesizer.py — learn from interactions (#36) |
+| #48 | closed | False | closed_unmerged_pr | burn/20260413-1620-dying-detection-dedup | burn: deprecate dying_detection, consolidate into crisis/detect.py |
+| #50 | closed | False | closed_unmerged_pr | whip/40-1776128804 | fix: deprecate dying_detection and consolidate crisis detection (#40) |
+| #51 | closed | False | closed_unmerged_pr | queue/40-1776129201 | fix: deprecate dying_detection and consolidate crisis detection (#40) |
+| #53 | closed | False | closed_unmerged_pr | q/40-1776129480 | fix: deprecate dying_detection and consolidate crisis detection (#40) |
+| #56 | closed | False | closed_unmerged_pr | triage/40-1776129677 | fix: deprecate dying_detection and consolidate crisis detection (#40) |
+| #58 | closed | False | closed_unmerged_pr | dawn/40-1776130053 | fix: deprecate dying_detection and consolidate crisis detection (#40) |
+| #70 | closed | False | closed_unmerged_pr | am/40-1776166469 | fix: deprecate dying_detection and consolidate crisis detection (#40) |
+| #72 | closed | False | closed_unmerged_pr | am/38-1776166469 | feat: add always-on safety plan access in chat header (#38) |
+| #62 | closed | False | closed_unmerged_pr | burn/59-1776131200 | fix: point footer about link to /about.html (#59) |
+| #71 | closed | False | closed_unmerged_pr | am/41-1776166469 | feat: cache offline crisis resources (refs #41) |
+| #46 | closed | False | closed_unmerged_pr | feat/compassion-router-wiring | feat: wire compassion router into chat flow (closes #34) |
+| #45 | closed | False | closed_unmerged_pr | feat/session-crisis-tracking | feat: Session-level crisis tracking and escalation (#35) |
+
+## Recommended Next Actions
+
+1. Do not trust the original work-order body as live truth; use this audit artifact for current planning.
+2. Re-triage the open_no_current_pr issues individually before dispatching new work, because the old PR references are now stale.
+3. Treat closed_unmerged_pr references as historical attempts, not active review lanes.
+4. If future work orders are needed, generate them from live forge state instead of reusing the 2026-04-09 issue body.
+5. This audit preserves operator memory; it does not claim all referenced work orders are complete.

scripts/crisis_metrics_report.py

@@ -1,58 +0,0 @@
-#!/usr/bin/env python3
-"""
-Crisis Detection Metrics Reporter
-
-Outputs weekly summary of crisis detection metrics.
-Privacy-preserving: no PII, no message content.
-
-Usage:
-    python3 scripts/crisis_metrics_report.py [--daily] [--json] [--output FILE]
-"""
-import argparse
-import json
-import sys
-from pathlib import Path
-
-# Add parent directory to path
-sys.path.insert(0, str(Path(__file__).parent.parent))
-
-from crisis.metrics import get_metrics, get_summary
-
-
-def main():
-    parser = argparse.ArgumentParser(description="Crisis detection metrics reporter")
-    parser.add_argument("--daily", action="store_true", help="Output daily summary instead of weekly")
-    parser.add_argument("--json", action="store_true", help="Output JSON instead of formatted text")
-    parser.add_argument("--output", "-o", help="Output to file instead of stdout")
-    parser.add_argument("--storage", help="Path to metrics storage file")
-    
-    args = parser.parse_args()
-    
-    # Get metrics instance
-    metrics = get_metrics(args.storage)
-    
-    # Get summary
-    summary_type = "daily" if args.daily else "weekly"
-    
-    if args.json:
-        # Get JSON summary
-        if summary_type == "daily":
-            summary = metrics.get_daily_summary()
-        else:
-            summary = metrics.get_weekly_summary()
-        output = json.dumps(summary, indent=2)
-    else:
-        # Get formatted summary
-        output = metrics.format_summary(summary_type)
-    
-    # Output
-    if args.output:
-        with open(args.output, 'w') as f:
-            f.write(output)
-        print(f"Summary written to {args.output}")
-    else:
-        print(output)
-
-
-if __name__ == "__main__":
-    main()

scripts/fleet_work_orders_audit.py

@@ -0,0 +1,295 @@
+#!/usr/bin/env python3
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import re
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+from urllib.request import Request, urlopen
+
+API_BASE = "https://forge.alexanderwhitestone.com/api/v1"
+ORG = "Timmy_Foundation"
+DEFAULT_TOKEN_PATH = os.path.expanduser("~/.config/gitea/token")
+DEFAULT_OUTPUT = "reports/2026-04-17-the-door-fleet-work-orders-audit.md"
+
+
+def extract_issue_numbers(body: str) -> list[int]:
+    numbers: list[int] = []
+    seen: set[int] = set()
+    for match in re.finditer(r"#(\d+)", body or ""):
+        value = int(match.group(1))
+        if value in seen:
+            continue
+        seen.add(value)
+        numbers.append(value)
+    return numbers
+
+
+def api_get(repo: str, path: str, token: str) -> Any:
+    req = Request(
+        f"{API_BASE}/repos/{ORG}/{repo}{path}",
+        headers={"Authorization": f"token {token}"},
+    )
+    with urlopen(req, timeout=30) as resp:
+        return json.loads(resp.read().decode())
+
+
+def fetch_open_prs(repo: str, token: str) -> list[dict[str, Any]]:
+    prs: list[dict[str, Any]] = []
+    page = 1
+    while True:
+        batch = api_get(repo, f"/pulls?state=open&limit=100&page={page}", token)
+        if not batch:
+            break
+        prs.extend(batch)
+        page += 1
+    return prs
+
+
+def fetch_live_open_issue_count(repo: str, token: str) -> int:
+    total = 0
+    page = 1
+    while True:
+        batch = api_get(repo, f"/issues?state=open&limit=100&page={page}", token)
+        if not batch:
+            break
+        total += sum(1 for item in batch if not item.get("pull_request"))
+        page += 1
+    return total
+
+
+def parse_claimed_summary(body: str) -> tuple[int | None, int | None]:
+    issue_match = re.search(r"has\s+(\d+)\s+real issues", body or "", flags=re.IGNORECASE)
+    pr_match = re.search(r"and\s+(\d+)\s+open PRs", body or "", flags=re.IGNORECASE)
+    claimed_open_issues = int(issue_match.group(1)) if issue_match else None
+    claimed_open_prs = int(pr_match.group(1)) if pr_match else None
+    return claimed_open_issues, claimed_open_prs
+
+
+def summarize_open_pr_coverage(issue_num: int, open_prs: list[dict[str, Any]]) -> str:
+    matches: list[str] = []
+    seen: set[int] = set()
+    for pr in open_prs:
+        pr_num = pr["number"]
+        if pr_num in seen:
+            continue
+        text = "\n".join(
+            [
+                pr.get("title") or "",
+                pr.get("body") or "",
+                (pr.get("head") or {}).get("ref") or "",
+            ]
+        )
+        if f"#{issue_num}" not in text:
+            continue
+        seen.add(pr_num)
+        matches.append(f"open PR #{pr_num}")
+    return ", ".join(matches) if matches else "none"
+
+
+def classify_issue_reference(ref_issue: dict[str, Any], open_prs: list[dict[str, Any]]) -> dict[str, Any]:
+    issue_num = ref_issue["number"]
+    state = ref_issue.get("state") or "unknown"
+    coverage = summarize_open_pr_coverage(issue_num, open_prs)
+    if state == "closed":
+        classification = "closed_issue"
+    elif coverage != "none":
+        classification = "open_with_current_pr"
+    else:
+        classification = "open_no_current_pr"
+    return {
+        "number": issue_num,
+        "state": state,
+        "classification": classification,
+        "title": ref_issue.get("title") or "",
+        "current_pr_coverage": coverage,
+        "url": ref_issue.get("html_url") or ref_issue.get("url") or "",
+    }
+
+
+def classify_pr_reference(repo: str, pr_num: int, token: str) -> dict[str, Any]:
+    pr = api_get(repo, f"/pulls/{pr_num}", token)
+    state = pr.get("state") or "unknown"
+    merged = bool(pr.get("merged"))
+    if merged:
+        classification = "merged_pr"
+    elif state == "open":
+        classification = "open_pr"
+    else:
+        classification = "closed_unmerged_pr"
+    return {
+        "number": pr_num,
+        "state": state,
+        "merged": merged,
+        "classification": classification,
+        "title": pr.get("title") or "",
+        "head": (pr.get("head") or {}).get("ref") or "",
+        "url": pr.get("html_url") or pr.get("url") or "",
+    }
+
+
+def table(rows: list[dict[str, Any]], columns: list[tuple[str, str]]) -> str:
+    headers = [title for title, _ in columns]
+    keys = [key for _, key in columns]
+    if not rows:
+        return "| None |\n|---|\n| None |"
+    lines = ["| " + " | ".join(headers) + " |", "|" + "|".join(["---"] * len(headers)) + "|"]
+    for row in rows:
+        values: list[str] = []
+        for key in keys:
+            value = row.get(key, "")
+            if key == "number" and value != "":
+                value = f"#{value}"
+            values.append(str(value).replace("\n", " "))
+        lines.append("| " + " | ".join(values) + " |")
+    return "\n".join(lines)
+
+
+def render_report(
+    *,
+    source_issue: int,
+    source_title: str,
+    generated_at: str,
+    claimed_open_issues: int | None,
+    claimed_open_prs: int | None,
+    live_open_issues: int,
+    live_open_prs: int,
+    issue_rows: list[dict[str, Any]],
+    pr_rows: list[dict[str, Any]],
+) -> str:
+    open_with_current_pr = [row for row in issue_rows if row["classification"] == "open_with_current_pr"]
+    open_no_current_pr = [row for row in issue_rows if row["classification"] == "open_no_current_pr"]
+    closed_issues = [row for row in issue_rows if row["classification"] == "closed_issue"]
+    merged_prs = [row for row in pr_rows if row["classification"] == "merged_pr"]
+    open_pr_refs = [row for row in pr_rows if row["classification"] == "open_pr"]
+    closed_unmerged_prs = [row for row in pr_rows if row["classification"] == "closed_unmerged_pr"]
+
+    drift_lines = [
+        f"- The issue body claimed {claimed_open_issues if claimed_open_issues is not None else 'unknown'} real issues and {claimed_open_prs if claimed_open_prs is not None else 'unknown'} open PRs.",
+        f"- Live repo state now shows {live_open_issues} open issues and {live_open_prs} open PRs.",
+        f"- Referenced issues now break down into {len(closed_issues)} closed, {len(open_with_current_pr)} open_with_current_pr, and {len(open_no_current_pr)} open_no_current_pr.",
+        f"- Referenced PRs now break down into {len(merged_prs)} merged_pr, {len(open_pr_refs)} open_pr, and {len(closed_unmerged_prs)} closed_unmerged_pr.",
+    ]
+
+    return "\n".join(
+        [
+            f"# The Door Fleet Work Orders Audit — issue #{source_issue}",
+            "",
+            f"Generated: {generated_at}",
+            f"Source issue: `{source_title}`",
+            "",
+            "## Source Snapshot",
+            "",
+            "Issue #75 is a dated triage work-order sheet, not a normal feature request. The durable deliverable is a truth-restored audit of the referenced issue and PR set against live forge state.",
+            "",
+            "## Live Summary",
+            "",
+            f"- Referenced issues audited: {len(issue_rows)}",
+            f"- Referenced PRs audited: {len(pr_rows)}",
+            f"- Live repo open issues: {live_open_issues}",
+            f"- Live repo open PRs: {live_open_prs}",
+            f"- Open referenced issues with current PR coverage: {len(open_with_current_pr)}",
+            f"- Open referenced issues with no current PR coverage: {len(open_no_current_pr)}",
+            f"- Closed referenced issues: {len(closed_issues)}",
+            f"- Closed-unmerged referenced PRs: {len(closed_unmerged_prs)}",
+            "",
+            "## Issue Body Drift",
+            "",
+            *drift_lines,
+            "",
+            "## Referenced Issue Snapshot",
+            "",
+            table(
+                issue_rows,
+                [
+                    ("Issue", "number"),
+                    ("State", "state"),
+                    ("Classification", "classification"),
+                    ("Current PR Coverage", "current_pr_coverage"),
+                    ("Title", "title"),
+                ],
+            ),
+            "",
+            "## Referenced PR Snapshot",
+            "",
+            table(
+                pr_rows,
+                [
+                    ("PR", "number"),
+                    ("State", "state"),
+                    ("Merged", "merged"),
+                    ("Classification", "classification"),
+                    ("Head", "head"),
+                    ("Title", "title"),
+                ],
+            ),
+            "",
+            "## Recommended Next Actions",
+            "",
+            "1. Do not trust the original work-order body as live truth; use this audit artifact for current planning.",
+            "2. Re-triage the open_no_current_pr issues individually before dispatching new work, because the old PR references are now stale.",
+            "3. Treat closed_unmerged_pr references as historical attempts, not active review lanes.",
+            "4. If future work orders are needed, generate them from live forge state instead of reusing the 2026-04-09 issue body.",
+            "5. This audit preserves operator memory; it does not claim all referenced work orders are complete.",
+        ]
+    ) + "\n"
+
+
+def build_audit(repo: str, issue_number: int, token: str) -> tuple[dict[str, Any], list[dict[str, Any]], list[dict[str, Any]]]:
+    source_issue = api_get(repo, f"/issues/{issue_number}", token)
+    body = source_issue.get("body") or ""
+    refs = extract_issue_numbers(body)
+    open_prs = fetch_open_prs(repo, token)
+    claimed_open_issues, claimed_open_prs = parse_claimed_summary(body)
+    issue_rows: list[dict[str, Any]] = []
+    pr_rows: list[dict[str, Any]] = []
+    for ref in refs:
+        issue_like = api_get(repo, f"/issues/{ref}", token)
+        if issue_like.get("pull_request"):
+            pr_rows.append(classify_pr_reference(repo, ref, token))
+        else:
+            issue_rows.append(classify_issue_reference(issue_like, open_prs))
+    metadata = {
+        "source_title": source_issue.get("title") or "",
+        "claimed_open_issues": claimed_open_issues,
+        "claimed_open_prs": claimed_open_prs,
+        "live_open_issues": fetch_live_open_issue_count(repo, token),
+        "live_open_prs": len(open_prs),
+    }
+    return metadata, issue_rows, pr_rows
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Audit The Door fleet work orders issue against live forge state.")
+    parser.add_argument("--repo", default="the-door")
+    parser.add_argument("--issue", type=int, default=75)
+    parser.add_argument("--token-file", default=DEFAULT_TOKEN_PATH)
+    parser.add_argument("--output", default=DEFAULT_OUTPUT)
+    args = parser.parse_args()
+
+    token = Path(args.token_file).read_text(encoding="utf-8").strip()
+    generated_at = datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+    metadata, issue_rows, pr_rows = build_audit(args.repo, args.issue, token)
+    report = render_report(
+        source_issue=args.issue,
+        source_title=metadata["source_title"],
+        generated_at=generated_at,
+        claimed_open_issues=metadata["claimed_open_issues"],
+        claimed_open_prs=metadata["claimed_open_prs"],
+        live_open_issues=metadata["live_open_issues"],
+        live_open_prs=metadata["live_open_prs"],
+        issue_rows=issue_rows,
+        pr_rows=pr_rows,
+    )
+    output_path = Path(args.output)
+    output_path.parent.mkdir(parents=True, exist_ok=True)
+    output_path.write_text(report, encoding="utf-8")
+    print(output_path)
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

tests/test_crisis_overlay_focus_trap.py

@@ -52,6 +52,34 @@ class TestCrisisOverlayFocusTrap(unittest.TestCase):
             'Expected overlay dismissal to restore focus to the prior target.',
         )
 
+    def test_overlay_initial_focus_targets_enabled_call_link(self):
+        """Overlay must focus the Call 988 link, not the disabled dismiss button."""
+        # Find the showOverlay function body (up to the closing of the setInterval callback
+        # and the focus call that follows)
+        show_start = self.html.find('function showOverlay()')
+        self.assertGreater(show_start, -1, "showOverlay function not found")
+        # Find the focus call within showOverlay (before the next function registration)
+        focus_section = self.html[show_start:show_start + 2000]
+        self.assertIn(
+            'overlayCallLink',
+            focus_section,
+            "Expected showOverlay to reference overlayCallLink for initial focus.",
+        )
+        # Ensure the old buggy pattern is gone
+        focus_line_region = self.html[show_start + 800:show_start + 1200]
+        self.assertNotIn(
+            'overlayDismissBtn.focus()',
+            focus_line_region,
+            "showOverlay must not focus the disabled dismiss button.",
+        )
+
+    def test_overlay_call_link_variable_is_declared(self):
+        self.assertIn(
+            "querySelector('.overlay-call')",
+            self.html,
+            "Expected a JS reference to the .overlay-call link element.",
+        )
+
 
 if __name__ == '__main__':
     unittest.main()

tests/test_fleet_work_orders_audit.py

@@ -0,0 +1,100 @@
+import importlib.util
+from pathlib import Path
+
+
+ROOT = Path(__file__).resolve().parents[1]
+SCRIPT_PATH = ROOT / "scripts" / "fleet_work_orders_audit.py"
+REPORT_PATH = ROOT / "reports" / "2026-04-17-the-door-fleet-work-orders-audit.md"
+
+
+def _load_module():
+    assert SCRIPT_PATH.exists(), f"missing {SCRIPT_PATH.relative_to(ROOT)}"
+    spec = importlib.util.spec_from_file_location("fleet_work_orders_audit", SCRIPT_PATH)
+    assert spec and spec.loader
+    module = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(module)
+    return module
+
+
+def test_extract_issue_numbers_preserves_mixed_issue_and_pr_refs() -> None:
+    body = """
+    ## P0 — Session-level crisis tracking (#35)
+    **PR #61 ready.**
+    ## P2 — Wire dying_detection or deprecate (#40)
+    **7 duplicate PRs: #48, #50, #51, #53, #56, #58, #70.**
+    """
+
+    mod = _load_module()
+
+    assert mod.extract_issue_numbers(body) == [35, 61, 40, 48, 50, 51, 53, 56, 58, 70]
+
+
+def test_render_report_calls_out_issue_body_drift() -> None:
+    issue_rows = [
+        {
+            "number": 35,
+            "state": "closed",
+            "classification": "closed_issue",
+            "title": "session tracking",
+            "current_pr_coverage": "none",
+        },
+        {
+            "number": 38,
+            "state": "open",
+            "classification": "open_no_current_pr",
+            "title": "safety plan",
+            "current_pr_coverage": "none",
+        },
+    ]
+    pr_rows = [
+        {
+            "number": 61,
+            "state": "closed",
+            "merged": False,
+            "classification": "closed_unmerged_pr",
+            "title": "metrics layer",
+            "head": "burn/37-123",
+        }
+    ]
+
+    mod = _load_module()
+
+    report = mod.render_report(
+        source_issue=75,
+        source_title="TRIAGE: The Door - Fleet Work Orders (2026-04-09)",
+        generated_at="2026-04-17T04:00:00Z",
+        claimed_open_issues=13,
+        claimed_open_prs=24,
+        live_open_issues=5,
+        live_open_prs=0,
+        issue_rows=issue_rows,
+        pr_rows=pr_rows,
+    )
+
+    assert "## Source Snapshot" in report
+    assert "## Live Summary" in report
+    assert "## Issue Body Drift" in report
+    assert "13" in report and "24" in report
+    assert "#38" in report
+    assert "open_no_current_pr" in report
+    assert "#61" in report
+    assert "closed_unmerged_pr" in report
+    assert "## Referenced Issue Snapshot" in report
+    assert "## Referenced PR Snapshot" in report
+    assert "## Recommended Next Actions" in report
+
+
+def test_committed_work_orders_audit_exists_with_required_sections() -> None:
+    text = REPORT_PATH.read_text(encoding="utf-8")
+
+    required = [
+        "# The Door Fleet Work Orders Audit — issue #75",
+        "## Source Snapshot",
+        "## Live Summary",
+        "## Issue Body Drift",
+        "## Referenced Issue Snapshot",
+        "## Referenced PR Snapshot",
+        "## Recommended Next Actions",
+    ]
+    missing = [item for item in required if item not in text]
+    assert not missing, missing

tests/test_service_worker_offline.py

@@ -50,6 +50,22 @@ class TestCrisisOfflinePage(unittest.TestCase):
         for phrase in required_phrases:
             self.assertIn(phrase, self.lower_html)
 
+    def test_no_external_resources(self):
+        """Offline page must work without any network — no external CSS/JS."""
+        import re
+        html = self.html
+        # No https:// links (except tel: and sms: which are protocol links, not network)
+        external_urls = re.findall(r'href=["\']https://|src=["\']https://', html)
+        self.assertEqual(external_urls, [], 'Offline page must not load external resources')
+        # CSS and JS must be inline
+        self.assertIn('<style>', html, 'CSS must be inline')
+        self.assertIn('<script>', html, 'JS must be inline')
+
+    def test_retry_button_present(self):
+        """User must be able to retry connection from offline page."""
+        self.assertIn('retry-connection', self.html)
+        self.assertIn('Retry connection', self.html)
+
 
 if __name__ == '__main__':
     unittest.main()

tests/test_session_tracker.py

@@ -0,0 +1,277 @@
+"""
+Tests for crisis session tracking and escalation (P0 #35).
+
+Covers: session_tracker.py
+Run with: python -m pytest tests/test_session_tracker.py -v
+"""
+
+import unittest
+import sys
+import os
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from crisis.detect import detect_crisis
+from crisis.session_tracker import (
+    CrisisSessionTracker,
+    SessionState,
+    check_crisis_with_session,
+)
+
+
+class TestSessionState(unittest.TestCase):
+    """Test SessionState defaults."""
+
+    def test_default_state(self):
+        s = SessionState()
+        self.assertEqual(s.current_level, "NONE")
+        self.assertEqual(s.peak_level, "NONE")
+        self.assertEqual(s.message_count, 0)
+        self.assertEqual(s.level_history, [])
+        self.assertFalse(s.is_escalating)
+        self.assertFalse(s.is_deescalating)
+
+
+class TestSessionTracking(unittest.TestCase):
+    """Test basic session state tracking."""
+
+    def setUp(self):
+        self.tracker = CrisisSessionTracker()
+
+    def test_record_none_message(self):
+        state = self.tracker.record(detect_crisis("Hello Timmy"))
+        self.assertEqual(state.current_level, "NONE")
+        self.assertEqual(state.message_count, 1)
+        self.assertEqual(state.peak_level, "NONE")
+
+    def test_record_low_message(self):
+        self.tracker.record(detect_crisis("Hello"))
+        state = self.tracker.record(detect_crisis("Having a rough day"))
+        self.assertIn(state.current_level, ("LOW", "NONE"))
+        self.assertEqual(state.message_count, 2)
+
+    def test_record_critical_updates_peak(self):
+        self.tracker.record(detect_crisis("Having a rough day"))
+        state = self.tracker.record(detect_crisis("I want to kill myself"))
+        self.assertEqual(state.current_level, "CRITICAL")
+        self.assertEqual(state.peak_level, "CRITICAL")
+
+    def test_peak_preserved_after_drop(self):
+        """Peak level should stay at the highest seen, even after de-escalation."""
+        self.tracker.record(detect_crisis("I want to kill myself"))
+        state = self.tracker.record(detect_crisis("I'm feeling a bit better"))
+        self.assertEqual(state.peak_level, "CRITICAL")
+
+    def test_level_history(self):
+        self.tracker.record(detect_crisis("Hello"))
+        self.tracker.record(detect_crisis("Having a rough day"))
+        state = self.tracker.record(detect_crisis("I want to die"))
+        self.assertEqual(len(state.level_history), 3)
+        self.assertEqual(state.level_history[0], "NONE")
+        self.assertEqual(state.level_history[2], "CRITICAL")
+
+    def test_reset_clears_state(self):
+        self.tracker.record(detect_crisis("I want to kill myself"))
+        self.tracker.reset()
+        state = self.tracker.state
+        self.assertEqual(state.current_level, "NONE")
+        self.assertEqual(state.peak_level, "NONE")
+        self.assertEqual(state.message_count, 0)
+        self.assertEqual(state.level_history, [])
+
+
+class TestEscalationDetection(unittest.TestCase):
+    """Test escalation detection: LOW → HIGH in ≤3 messages."""
+
+    def setUp(self):
+        self.tracker = CrisisSessionTracker()
+
+    def test_no_escalation_single_message(self):
+        self.tracker.record(detect_crisis("Hello"))
+        self.assertFalse(self.tracker.state.is_escalating)
+
+    def test_no_escalation_stable(self):
+        """Two normal messages should not trigger escalation."""
+        self.tracker.record(detect_crisis("Hello"))
+        state = self.tracker.record(detect_crisis("How are you?"))
+        self.assertFalse(state.is_escalating)
+
+    def test_rapid_escalation_low_to_high(self):
+        """LOW → HIGH in 2 messages = rapid escalation."""
+        self.tracker.record(detect_crisis("Having a rough day"))
+        state = self.tracker.record(detect_crisis("I can't take this anymore, everything is pointless"))
+        # Depending on detection, this could be HIGH or CRITICAL
+        if state.current_level in ("HIGH", "CRITICAL"):
+            self.assertTrue(state.is_escalating)
+
+    def test_rapid_escalation_three_messages(self):
+        """NONE → LOW → HIGH in 3 messages = escalation."""
+        self.tracker.record(detect_crisis("Hello"))
+        self.tracker.record(detect_crisis("Having a rough day"))
+        state = self.tracker.record(detect_crisis("I feel completely hopeless with no way out"))
+        if state.current_level in ("HIGH", "CRITICAL"):
+            self.assertTrue(state.is_escalating)
+
+    def test_escalation_rate(self):
+        """Rate should be positive when escalating."""
+        self.tracker.record(detect_crisis("Hello"))
+        self.tracker.record(detect_crisis("I want to die"))
+        state = self.tracker.state
+        self.assertGreater(state.escalation_rate, 0)
+
+
+class TestDeescalationDetection(unittest.TestCase):
+    """Test de-escalation: sustained LOW after HIGH/CRITICAL."""
+
+    def setUp(self):
+        self.tracker = CrisisSessionTracker()
+
+    def test_no_deescalation_without_prior_crisis(self):
+        """No de-escalation if never reached HIGH/CRITICAL."""
+        for _ in range(6):
+            self.tracker.record(detect_crisis("Hello"))
+        self.assertFalse(self.tracker.state.is_deescalating)
+
+    def test_deescalation_after_critical(self):
+        """5+ consecutive LOW/NONE messages after CRITICAL = de-escalation."""
+        self.tracker.record(detect_crisis("I want to kill myself"))
+        for _ in range(5):
+            self.tracker.record(detect_crisis("I'm doing better today"))
+        state = self.tracker.state
+        if state.peak_level == "CRITICAL":
+            self.assertTrue(state.is_deescalating)
+
+    def test_deescalation_after_high(self):
+        """5+ consecutive LOW/NONE messages after HIGH = de-escalation."""
+        self.tracker.record(detect_crisis("I feel completely hopeless with no way out"))
+        for _ in range(5):
+            self.tracker.record(detect_crisis("Feeling okay"))
+        state = self.tracker.state
+        if state.peak_level == "HIGH":
+            self.assertTrue(state.is_deescalating)
+
+    def test_interrupted_deescalation(self):
+        """De-escalation resets if a HIGH message interrupts."""
+        self.tracker.record(detect_crisis("I want to kill myself"))
+        for _ in range(3):
+            self.tracker.record(detect_crisis("Doing better"))
+        # Interrupt with another crisis
+        self.tracker.record(detect_crisis("I feel hopeless again"))
+        self.tracker.record(detect_crisis("Feeling okay now"))
+        state = self.tracker.state
+        # Should NOT be de-escalating yet (counter reset)
+        self.assertFalse(state.is_deescalating)
+
+
+class TestSessionModifier(unittest.TestCase):
+    """Test system prompt modifier generation."""
+
+    def setUp(self):
+        self.tracker = CrisisSessionTracker()
+
+    def test_no_modifier_for_single_message(self):
+        self.tracker.record(detect_crisis("Hello"))
+        self.assertEqual(self.tracker.get_session_modifier(), "")
+
+    def test_no_modifier_for_stable_session(self):
+        self.tracker.record(detect_crisis("Hello"))
+        self.tracker.record(detect_crisis("Good morning"))
+        self.assertEqual(self.tracker.get_session_modifier(), "")
+
+    def test_escalation_modifier(self):
+        """Escalating session should produce a modifier."""
+        self.tracker.record(detect_crisis("Hello"))
+        self.tracker.record(detect_crisis("I want to die"))
+        modifier = self.tracker.get_session_modifier()
+        if self.tracker.state.is_escalating:
+            self.assertIn("escalated", modifier.lower())
+            self.assertIn("NONE", modifier)
+            self.assertIn("CRITICAL", modifier)
+
+    def test_deescalation_modifier(self):
+        """De-escalating session should mention stabilizing."""
+        self.tracker.record(detect_crisis("I want to kill myself"))
+        for _ in range(5):
+            self.tracker.record(detect_crisis("I'm feeling okay"))
+        modifier = self.tracker.get_session_modifier()
+        if self.tracker.state.is_deescalating:
+            self.assertIn("stabilizing", modifier.lower())
+
+    def test_prior_crisis_modifier(self):
+        """Past crisis should be noted even without active escalation."""
+        self.tracker.record(detect_crisis("I want to die"))
+        self.tracker.record(detect_crisis("Feeling a bit better"))
+        modifier = self.tracker.get_session_modifier()
+        # Should note the prior CRITICAL
+        if modifier:
+            self.assertIn("CRITICAL", modifier)
+
+
+class TestUIHints(unittest.TestCase):
+    """Test UI hint generation."""
+
+    def setUp(self):
+        self.tracker = CrisisSessionTracker()
+
+    def test_ui_hints_structure(self):
+        self.tracker.record(detect_crisis("Hello"))
+        hints = self.tracker.get_ui_hints()
+        self.assertIn("session_escalating", hints)
+        self.assertIn("session_deescalating", hints)
+        self.assertIn("session_peak_level", hints)
+        self.assertIn("session_message_count", hints)
+
+    def test_ui_hints_escalation_warning(self):
+        """Escalating session should have warning hint."""
+        self.tracker.record(detect_crisis("Hello"))
+        self.tracker.record(detect_crisis("I want to die"))
+        hints = self.tracker.get_ui_hints()
+        if hints["session_escalating"]:
+            self.assertTrue(hints.get("escalation_warning"))
+            self.assertIn("suggested_action", hints)
+
+
+class TestCheckCrisisWithSession(unittest.TestCase):
+    """Test the convenience function combining detection + session tracking."""
+
+    def test_returns_combined_data(self):
+        tracker = CrisisSessionTracker()
+        result = check_crisis_with_session("I want to die", tracker)
+        self.assertIn("level", result)
+        self.assertIn("session", result)
+        self.assertIn("current_level", result["session"])
+        self.assertIn("peak_level", result["session"])
+        self.assertIn("modifier", result["session"])
+
+    def test_session_updates_across_calls(self):
+        tracker = CrisisSessionTracker()
+        check_crisis_with_session("Hello", tracker)
+        result = check_crisis_with_session("I want to die", tracker)
+        self.assertEqual(result["session"]["message_count"], 2)
+        self.assertEqual(result["session"]["peak_level"], "CRITICAL")
+
+
+class TestPrivacy(unittest.TestCase):
+    """Verify privacy-first design principles."""
+
+    def test_no_persistence_mechanism(self):
+        """Session tracker should have no database, file, or network calls."""
+        import inspect
+        source = inspect.getsource(CrisisSessionTracker)
+        # Should not import database, requests, or file I/O
+        forbidden = ["sqlite", "requests", "urllib", "open(", "httpx", "aiohttp"]
+        for word in forbidden:
+            self.assertNotIn(word, source.lower(),
+                f"Session tracker should not use {word} — privacy-first design")
+
+    def test_state_contained_in_memory(self):
+        """All state should be instance attributes, not module-level."""
+        tracker = CrisisSessionTracker()
+        tracker.record(detect_crisis("I want to die"))
+        # New tracker should have clean state (no global contamination)
+        fresh = CrisisSessionTracker()
+        self.assertEqual(fresh.state.current_level, "NONE")
+
+
+if __name__ == '__main__':
+    unittest.main()