Atomic change control

Atomic change control tools (advanced / diagnostic)¶

Tool	Key parameters	Purpose
`manage_change_intent`	`action`, `root`, `run_id`, `intent_id`, `scope`, `on_conflict`, `ttl_seconds`, `lease_seconds`, `changed_files` or `diff_ref`	Intent lifecycle: declare, get, check, clear, renew, promote, list_workspace, gc_workspace, recover, reset_workspace. Use for queue/promote/recover operations alongside workflow tools
`get_blast_radius`	`run_id`, `files`, `depth`, `include`	Pre-change risk boundary: full transitive graph, custom include filters
`get_relevant_memory`	`root`, `scope`, `intent_id`, `symbols`, `max_records`, `include_stale`, `include_drafts`, `detail_level`	Ranked engineering memory for declared edit scope. `trajectories[]` excludes routine `run:*` workflows by default (same semantics as `include_routine=false` on retrieval). For explicit routine control use `query_engineering_memory` trajectory modes with `filters.include_routine`. Compact by default: bounded record/trajectory subjects plus typed `records`, `experiences`, `trajectories`, and `coverage` lanes. Auto-bootstraps store when `mcp_sync_policy=bootstrap_if_missing` (default). See Engineering Memory
`query_engineering_memory`	`root`, `mode`, …, optional `semantic` (search only), `detail_level`	Mode router: search, get, for_path, for_symbol, stale, drafts, coverage, status, trajectory_status, trajectory_search, trajectory_get, trajectory_anomalies, trajectory_agents, trajectory_dashboard. List/search modes default compact; `get`, `trajectory_get`, or `detail_level=full` are explicit drill-down. `filters` supports `types`, `statuses`, `confidences`, and `match_mode` (`any`\|`all`) for search. `semantic=true` blends LanceDB proximity when `[tool.codeclone.memory.semantic] enabled` and index built (default off). See Engineering Memory
`manage_engineering_memory`	`root`, `action`, …	Agent-side: `refresh_from_run`, `record_candidate`, `promote_experience`, `validate_claims`, `propose_from_receipt`, `rebuild_semantic_index`, `rebuild_trajectories`, `enqueue_projection_rebuild`, `projection_rebuild_status`, `run_projection_jobs_once`. `promote_experience` creates a human-reviewable draft; human approve/reject/archive remains VS Code/CLI only. See Engineering Memory
`check_patch_contract`	`mode`, `run_id`, `before_run_id`, `after_run_id`, `intent_id`, `strictness`, `changed_files` or `diff_ref`	Manual budget query or step-by-step verification
`create_review_receipt`	`run_id`, `intent_id`, `format`, `include_blast_radius`, `include_patch_contract`	Manual receipt generation
`validate_review_claims`	`text`, `run_id`, `require_citations`, `patch_health_delta`	Standalone citation-based overclaim detection; pass `patch_health_delta` from verify when using the atomic workflow

Blast radius: do_not_touch vs review_context

do_not_touch is limited to actionable negative context: baselines, generated CodeClone state, explicit forbidden paths. Report-only signals such as security boundary inventory and overloaded-module candidates are returned as review_context — information, not edit prohibitions. Long context sections include total, shown, and truncated summaries.

Patch contract modes

Budget reads one stored run and optional intent. Shows regression headroom per quality dimension before editing. Queued intents return edit_allowed=false. Verify compares explicit before/after stored runs, previews gates, validates scope, and reports baseline-abuse signals. When intent_id is provided but before_run_id is omitted, verify auto-resolves the before-run from the intent record. Missing runs return status="unverified". Identical before/after runs for python_structural / governance_config return reason="after_run_not_new". Non-accepted responses include a next_step hint and claim_validation_recommended flag.

Verify regressions are run-relative, not baseline-novelty-relative: a finding absent from the clean before-run and present in the after-run is a patch regression even when its fingerprint is novelty="known" against the trusted baseline.

When a change intent is active, verify mode attributes regressions and gate changes to the declared scope. Intent-scope regressions produce contract violations; external regressions are reported as informational context. Queued intents are rejected with reason="intent_not_active". See Scope-Aware Patch Contract Verification and Verify Ergonomics.