## ADDED Requirements

### Requirement: MCP middleware captures tool calls to buffer
The MCP server SHALL provide injectable middleware that intercepts every tool call response and appends a structured record to `audit_buffer.jsonl` in the configured audit directory.

#### Scenario: PostToolUse captures tool name and summary
- **WHEN** any MCP tool completes execution
- **THEN** middleware SHALL write a JSONL record with `{timestamp, tool, session, summary}` to `audit_buffer.jsonl`
- **THEN** `tool` SHALL be the MCP tool name
- **THEN** `summary` for Bash tools SHALL be the first non-comment command line (truncated to 200 chars)
- **THEN** `summary` for Write/Edit tools SHALL be the file path

#### Scenario: Buffer is size-limited
- **WHEN** tool call output exceeds 1MB
- **THEN** middleware SHALL truncate input to 1MB via `head -c 1048576` before processing

#### Scenario: Buffer directory is auto-created
- **WHEN** first tool call is captured
- **THEN** middleware SHALL create the audit runs directory with `mkdir -p`

#### Scenario: Failures do not block tool execution
- **WHEN** buffer write fails (disk full, permission denied)
- **THEN** middleware SHALL silently skip logging and allow the tool response to proceed

### Requirement: Session flush archives buffer to trail
The MCP middleware SHALL provide a flush mechanism that moves buffered records into session-specific audit trail files.

#### Scenario: Flush moves buffer to session trail
- **WHEN** middleware flush is triggered (on session end or explicit flush call)
- **THEN** system SHALL read `audit_buffer.jsonl` + `audit_pending.jsonl`
- **THEN** system SHALL concatenate them into `{session_id}/audit_trail.jsonl`
- **THEN** system SHALL clear both buffer files

#### Scenario: Auto-session for unstarted sessions
- **WHEN** no active session exists and flush is triggered
- **THEN** system SHALL auto-generate session ID `auto_{YYYYMMDD_HHMM}` and continue

#### Scenario: Session ID via handshake file
- **WHEN** a session is active via `/start`
- **THEN** `{auditDir}/.current_session` SHALL contain the session ID
- **THEN** flush SHALL read this file to determine the target session directory

### Requirement: Context injection on each request
The MCP middleware SHALL inject current session context into every incoming request's metadata.

#### Scenario: Session context injected at request start
- **WHEN** any MCP request arrives
- **THEN** middleware SHALL add `{audit.session_id, audit.record_count, audit.status}` to the request context

#### Scenario: CRITICAL alerts injected
- **WHEN** `index.json` contains entries with `max_anomaly_level: "CRITICAL"`
- **THEN** middleware SHALL append CRITICAL alert details to the injected context

#### Scenario: Context injection is configurable
- **WHEN** `audit.contextInjection` is set to `false`
- **THEN** middleware SHALL skip context injection entirely