kairos-chain 3.27.0 → 3.28.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0eb600b698a295c1d826f77fd01e7b557608b8771b1d40593406d6027b345d51
-  data.tar.gz: 6428da295ba73bcb338cfd545510cb14980288d381eac0e64eabaca9941ee354
+  metadata.gz: 603eca51c926a1987575ae63a1266a34840fc59e7a3603685e03c37676ba23ba
+  data.tar.gz: c4da91a87396d878a62465219d80fa4e26219766f4ca8389ea132a0c7828d873
 SHA512:
-  metadata.gz: 492d3c12ed01371fa093b1504fc137499a4ad1e9fac6168e3ccff8d9c3bbdc5c8b4bdf127bc8bfa6dae70f87f8bf4e8fa94a7ee8c6ecb9acd805193efede861d
-  data.tar.gz: 923e4189b8b60e1d313296513187143b63ea96ae9099e944b4ccb15ee72ec1dca82d6117bc235093dcac57a92eba82f4b6c15921992674edf57ffde2c2aa7a48
+  metadata.gz: ea9230f6dbe43986f6a2f81c0c77a549567110dda38205d769f0802c4ccb8418db4c5dee8e3ac037ae91082eab5cb5b5d890feb823119f0182980abf92e217c9
+  data.tar.gz: 906f320cc565a68ac28d644978c35a8234d1aecc0cb50f828260d407d425f90f3f514c968c0f391e46b69f2db2842ecd33ae31ed85760d4d2b4410723f7ca509

data/lib/kairos_mcp/resource_registry.rb

@@ -310,9 +310,11 @@ module KairosMcp
     end
 
     def read_l2_resource(parsed)
-      session_id = parsed[:session]
       name = parsed[:name]
-      return nil unless session_id && name
+      return nil unless name
+
+      session_id = parsed[:session] || find_session_for_context(name)
+      return nil unless session_id
 
       context_dir = File.join(@context_dir, session_id, name)
       return nil unless File.directory?(context_dir)
@@ -336,7 +338,11 @@ module KairosMcp
 
     def parse_context_uri(path)
       parts = path.split('/')
-      return nil if parts.length < 2
+      return nil if parts.empty?
+
+      if parts.length < 2
+        return { scheme: 'context', session: nil, name: parts[0] }
+      end
 
       session_id = parts[0]
       name = parts[1]
@@ -488,6 +494,14 @@ module KairosMcp
       }
     end
 
+    def find_session_for_context(name)
+      session_dirs.sort.reverse.each do |session_dir|
+        candidate = File.join(session_dir, name)
+        return File.basename(session_dir) if File.directory?(candidate)
+      end
+      nil
+    end
+
     def knowledge_dirs
       Dir[File.join(@knowledge_dir, '*')].select do |f|
         File.directory?(f) && !File.basename(f).match?(KnowledgeProvider::BACKUP_DIR_PATTERN)

data/lib/kairos_mcp/version.rb

@@ -1,4 +1,4 @@
 module KairosMcp
-  VERSION = "3.27.0"
+  VERSION = "3.28.1"
   CHANGELOG_URL = "https://github.com/masaomi/KairosChain_2026/blob/main/CHANGELOG.md"
 end

data/templates/knowledge/multi_llm_review_workflow/multi_llm_review_workflow.md

@@ -1,7 +1,7 @@
 ---
 name: multi_llm_review_workflow
 description: "Multi-LLM review methodology and execution — workflow pattern, CLI tooling, consensus analysis, Persona Assembly. Applicable to design, implementation, documentation, or any artifact."
-version: "3.3"
+version: "3.4"
 tags:
   - workflow
   - review
@@ -168,12 +168,46 @@ Pick the right one for your environment:
 
 | Question | Answer |
 |----------|--------|
-| Are you in an interactive Claude Code session and just need one review? | **Path A** |
+| **Default**: Is the `multi_llm_review` MCP tool available? | **Path B** (roster from config, orchestrator exclusion automatic) |
+| MCP tool unavailable or user explicitly requests manual execution? | **Path A** (fallback — roster construction is the orchestrator's responsibility) |
 | Do you need this to work in Cursor / autonomous mode / other MCP host? | **Path B** |
 | Do you want the consensus result inside the MCP tool response? | **Path B** |
 | Did you observe `XX shells` in the statusbar last time it worked? | That was Path A |
 | Did the run produce a `collect_token` and a `pending/<token>/` directory? | That was Path B |
 
+**Why Path B is the default**: Path A delegates roster construction to the
+orchestrating LLM, which must correctly extract reviewer count, model assignments,
+orchestrator exclusion rules, and convergence thresholds from this skill and
+`multi_llm_reviewer_evaluation`. Empirically, LLMs misread these parameters —
+e.g., confusing "exclude orchestrator from subprocess" with "exclude orchestrator
+model from all reviewers" (the Agent Team Personas are *designed* to use the
+orchestrator's own model for persona diversity). Path B enforces the correct
+configuration from `config/multi_llm_review.yml`, eliminating this error class.
+
+### Pre-flight checklist (Path A only)
+
+If Path B is unavailable and you must use Path A, extract these values **before
+starting** and verify each against `config/multi_llm_review.yml`:
+
+```
+- [ ] Your model (orchestrator): ___
+- [ ] Agent Team Personas model: = orchestrator model (NOT a different model)
+- [ ] Subprocess CLI model: opposite Opus (4.6 if you are 4.7, vice versa)
+- [ ] Codex models: gpt-5.4 AND gpt-5.5 (both, not either/or)
+- [ ] Cursor model: default (composer-2.5, no --model flag)
+- [ ] Total reviewer count: 5 (or 4 after orchestrator exclusion from subprocess)
+- [ ] Convergence rule: 3/5 APPROVE (full) or 3/4 APPROVE (after exclusion)
+```
+
+### Common mistakes (Path A)
+
+| Mistake | Correct behavior | Why it happens |
+|---------|-----------------|----------------|
+| Exclude orchestrator model from Agent Team Personas | Agent Team uses orchestrator model — they provide persona diversity, not epistemic diversity | LLM misreads "do not assign yourself as a reviewer" as applying to Agent Team; it applies only to subprocess CLI |
+| Run only Codex GPT-5.4, skip 5.5 | Run both — they catch different things (5.5 found §5 schema contradiction in Phase 2 Case A that no other reviewer caught) | Cost-saving heuristic; roster has both for a reason |
+| Use a smaller/cheaper model as Agent Team substitute | Use the orchestrator's own model with different personas | Confusing "model diversity" with "persona diversity" — Agent Team is the latter |
+| Run 3 reviewers instead of 5 (or 4 after exclusion) | Use the full roster from config | Ad-hoc "3 is enough" reasoning; config specifies 5 for empirical reasons |
+
 ## Roles
 
 | Role | Who | Responsibility |
@@ -377,7 +411,7 @@ which claude 2>/dev/null && echo "claude: available" || echo "claude: NOT FOUND"
 | Tool | Command | Prompt Input | Output Collection | Model |
 |------|---------|-------------|-------------------|-------|
 | **Codex** | `codex exec` | stdin pipe: `cat prompt.md \| codex exec -` | `-o /path/output.md` | GPT-5.4 (default) |
-| **Cursor Agent** | `agent -p` | File reference (stdin NOT supported) | stdout redirect: `> output.md` | Composer-2 (default) |
+| **Cursor Agent** | `agent -p` | File reference (stdin NOT supported) | stdout redirect: `> output.md` | Composer-2.5 (default) |
 | **Claude Code** | Agent tool (internal) | Direct prompt string | Write to workspace file | Opus 4.6 (session) |
 | **Claude CLI (4.7)** | `claude -p --model claude-opus-4-7 --bare` | stdin pipe: `cat prompt.md \| claude -p --model claude-opus-4-7 --bare` | stdout redirect: `> output.md` | Opus 4.7 |
 
@@ -393,7 +427,7 @@ Based on cross-evaluation experiment (7 models × 4 tasks + Nomic, 518 CLI calls
 | **Coding sub-agent** | Opus 4.7 | `--effort medium` | Cost-effective default; use `high` for complex tasks |
 | **Design sub-agent** | Opus 4.7 | `--effort medium` | Cost-effective default; use `high` for complex tasks |
 | **Codex** | GPT-5.4 | (no flag) | Fixed effort |
-| **Cursor Agent** | Composer-2 | (no flag) | Fixed effort |
+| **Cursor Agent** | Composer-2.5 | (no flag) | Fixed effort |
 
 Key findings:
 - **Opus 4.6** high effort improves Evaluator/Strategy (+0.43/+0.200 Nomic), not Response
@@ -675,7 +709,7 @@ Step 1: Generate review prompt
 Step 2: Detect environment and models
   - Run: which codex && which agent && which claude
   - Detect default models
-  - Report: "Auto mode: Codex (gpt-5.4), Agent (composer-2), Claude (opus-4.6), Claude CLI (opus-4.7)"
+  - Report: "Auto mode: Codex (gpt-5.4), Agent (composer-2.5), Claude (opus-4.6), Claude CLI (opus-4.7)"
 
 Step 3: Execute N reviews in parallel (default 4 reviewers)
   - Bash(background): cat prompt.md | codex exec -C workspace -o log/review_codex.md -

data/templates/knowledge/multi_llm_reviewer_evaluation/multi_llm_reviewer_evaluation.md

@@ -1,7 +1,7 @@
 ---
 name: multi_llm_reviewer_evaluation
 description: "Multi-LLM reviewer performance evaluation — strengths, weaknesses, value-system biases, and recommended workflows. Based on 185+ reviews (Phase 1, 2026-02 to 03) + Phase 2 Case A 4-round Codex bias study (2026-05-04)."
-version: "1.3"
+version: "1.4"
 tags:
   - multi-llm
   - review
@@ -22,7 +22,7 @@ Based on 185+ review files across KairosChain development (2026-02-24 to 2026-03
 | Claude Team Opus 4.6 | 53 | 3/18-3/28 | 0% | Persona assembly review |
 | Codex GPT-5.4 | 49 | 3/19-3/28 | 27% | Auto review |
 | Codex GPT-5.5 | 4 (Phase 2 Case A) | 2026-05-04 | 100% | Auto review |
-| Cursor Composer-2 | 27 | 3/20-3/28 | 0% | Auto review |
+| Cursor Composer-2.5 | 27 | 3/20-3/28 | 0% | Auto review |
 | Cursor GPT-5.4 | 16 | 3/21-3/25 | 12% | Manual review (Codex fallback) |
 | Cursor Premium | 26 | 3/19-3/21 | 12% | Manual review |
 | Claude CLI Opus 4.7 | 2 | 4/19- | 0% | Auto review (CLI) |
@@ -35,12 +35,12 @@ Based on 185+ review files across KairosChain development (2026-02-24 to 2026-03
 | Security design | Claude Opus 4.6 | Cursor Premium | Codex GPT-5.4 |
 | Implementation bugs | Codex GPT-5.4 | Cursor Premium | Claude Opus 4.6 |
 | State transition/config | Codex GPT-5.4 | Cursor GPT-5.4 | — |
-| Overall design coherence | Composer-2 | Claude Team | Gemini 3.1 |
+| Overall design coherence | Composer-2.5 | Claude Team | Gemini 3.1 |
 | Philosophical alignment | Gemini 3.1 | Claude Team | — |
-| Future extensibility | Gemini 3.1 | Composer-2 | — |
-| Deployment/ops | Composer-2 | Cursor GPT-5.4 | — |
+| Future extensibility | Gemini 3.1 | Composer-2.5 | — |
+| Deployment/ops | Composer-2.5 | Cursor GPT-5.4 | — |
 | Test adequacy | Codex GPT-5.4 | Cursor GPT-5.4 | Cursor Premium |
-| Design-implementation seam | Codex GPT-5.4 | Claude Opus 4.6 | Composer-2 |
+| Design-implementation seam | Codex GPT-5.4 | Claude Opus 4.6 | Composer-2.5 |
 | Fail-open/fail-closed detection | Codex GPT-5.4 | Claude Opus 4.6 | — |
 
 > Claude CLI Opus 4.7: not yet ranked. Pending evaluation data (added 2026-04-19).
@@ -81,7 +81,7 @@ Based on 185+ review files across KairosChain development (2026-02-24 to 2026-03
 - **Verdict bias**: REJECT-default; convergence behavior similar to GPT-5.4 but slower
 - **Provisional**: Profile based on Phase 2 Case A 4-round data only. Will refine after additional sessions
 
-### Cursor Composer-2
+### Cursor Composer-2.5
 
 - **Strength**: High-level design coherence, protocol correctness, practical deployability, balanced architecture + pragmatics
 - **Weakness**: Less detail on cryptographic edge cases and thread safety
@@ -190,10 +190,10 @@ Codex effectively is **not** silencing it but classifying its output.
 Across the Attestation Nudge session (4 rounds, 12 reviews), Codex demonstrated a distinctive convergence pattern:
 
 ```
-Design R1:       Codex REJECT  | Composer-2 APPROVE+ | Claude APPROVE+
-Design R2:       Codex REJECT  | Composer-2 APPROVE+ | Claude APPROVE+
-Impl Review:     Codex REJECT  | Composer-2 APPROVE+ | Claude APPROVE+
-Final Review:    Codex APPROVE | Composer-2 APPROVE+ | Claude APPROVE+
+Design R1:       Codex REJECT  | Composer-2.5 APPROVE+ | Claude APPROVE+
+Design R2:       Codex REJECT  | Composer-2.5 APPROVE+ | Claude APPROVE+
+Impl Review:     Codex REJECT  | Composer-2.5 APPROVE+ | Claude APPROVE+
+Final Review:    Codex APPROVE | Composer-2.5 APPROVE+ | Claude APPROVE+
 ```
 
 **Key observations**:
@@ -250,7 +250,7 @@ toward the rule below.
 | Cursor Premium | 55min | 4/5 | 5/5 | 2/5 | Excellent |
 | Codex GPT-5.4 | 60min | 3/5 | 5/5 | 1/5 | Excellent |
 | Gemini 3.1 | 50min | 3/5 | 2/5 | 5/5 | Good |
-| Composer-2 | 40min | 2/5 | 3/5 | 2/5 | Good |
+| Composer-2.5 | 40min | 2/5 | 3/5 | 2/5 | Good |
 | Claude Team | 90min | 3/5 | 3/5 | 4/5 | Fair |
 | Cursor GPT-5.4 | 35min | 2/5 | 3/5 | 1/5 | Fair |
 
@@ -259,11 +259,11 @@ toward the rule below.
 > Note: Workflows updated for 4-reviewer default (Opus 4.7 added 2026-04-19). Opus 4.7 profile is provisional pending evaluation data.
 
 ```
-Design phase:       Claude Opus 4.6 + Claude CLI Opus 4.7 + Codex GPT-5.4 + Composer-2
-Implementation:     Codex GPT-5.4 + Composer-2 + Claude Opus 4.6 + Claude CLI Opus 4.7
-Final merge gate:   Codex GPT-5.4 + Composer-2 + Claude Opus 4.6 Assembly + Claude CLI Opus 4.7
+Design phase:       Claude Opus 4.6 + Claude CLI Opus 4.7 + Codex GPT-5.4 + Composer-2.5
+Implementation:     Codex GPT-5.4 + Composer-2.5 + Claude Opus 4.6 + Claude CLI Opus 4.7
+Final merge gate:   Codex GPT-5.4 + Composer-2.5 + Claude Opus 4.6 Assembly + Claude CLI Opus 4.7
 Philosophy/Grant:   Gemini 3.1 + Claude Team
-Deployment:         Composer-2 or Cursor GPT-5.4
+Deployment:         Composer-2.5 or Cursor GPT-5.4
 ```
 
 ## One-Line Summaries
@@ -274,7 +274,7 @@ Deployment:         Composer-2 or Cursor GPT-5.4
 | Codex GPT-5.4 | Strictest judge. Classify findings (a)/(b)/(c) before treating REJECT as blocking; APPROVE is a strong signal **when reachable**, not a mandatory gate (see Phase 2 Case A caveat) |
 | Codex GPT-5.5 | Stricter sibling of 5.4. Same value-system divergence (3 biases); apply the same classification discipline |
 | Cursor Premium | Implementation craftsman. Bug hunter for concurrency and resource management |
-| Composer-2 | Fastest pragmatist. First to determine if something is deployable |
+| Composer-2.5 | Fastest pragmatist. First to determine if something is deployable |
 | Cursor GPT-5.4 | Binary sword. Clear approve-or-reject, strictest on test coverage |
 | Claude Team | Consensus philosopher. Best at integrating multiple viewpoints |
 | Claude CLI Opus 4.7 | Operability guardian. Finds auth, stderr, and execution-layer issues internal reviewers miss |

data/templates/skillsets/agent/plugin/SKILL.md

@@ -22,6 +22,35 @@ Manage autonomous agent sessions with observe-orient-decide-act-reflect cycles.
 3. `agent_status` — check progress at any time
 4. `agent_stop` — terminate when done or if paused
 
+## Capabilities
+
+### External LLM Invocation (via `llm_call` adapter chain)
+
+The agent's OODA phases invoke `llm_call` (from the `llm_client` dependency)
+which spawns external LLMs as subprocesses via adapter classes:
+
+| Adapter | Subprocess command | Use case |
+|---------|-------------------|----------|
+| `ClaudeCodeAdapter` | `claude -p --output-format json` | Sub-author (4.6), persona reviewers |
+| `CodexAdapter` | `codex exec --sandbox read-only` | Codex review |
+| `CursorAdapter` | `agent -p` | Cursor review |
+| `AnthropicAdapter` | Direct API (no subprocess) | Anthropic API calls |
+| `OpenaiAdapter` | Direct API | OpenAI API calls |
+
+The agent CAN orchestrate multi-LLM review, invoke sub-author processes,
+and leverage cross-provider reviewers — all from within the governed OODA
+loop with blockchain recording of each step.
+
+### File Operations (via `external_tools` SkillSet)
+
+`SafeFileWrite` and `SafeFileEdit` are available via `invoke_tool`, enabling
+the agent to write design drafts to `docs/drafts/` or other project paths.
+
+### MCP Tool Access
+
+All KairosChain MCP tools (`context_save`, `multi_llm_review`, `chain_record`,
+`knowledge_get`, etc.) are available via `invoke_tool` in the Act phase.
+
 ## Sub-Agents
 
 ### `/kairos-chain:agent-monitor`

data/templates/skillsets/agent/skillset.json

@@ -1,7 +1,7 @@
 {
   "name": "agent",
   "version": "0.1.0",
-  "description": "Governed autonomous OODA loop combining llm_client, autonomos, and autoexec into a cognitive agent. Observe-Orient-Decide-Act-Reflect with human checkpoints.",
+  "description": "Governed autonomous OODA loop combining llm_client, autonomos, and autoexec into a cognitive agent. Observe-Orient-Decide-Act-Reflect with human checkpoints. External LLM invocation (claude -p, codex, cursor) available via llm_call adapter chain. File operations via SafeFileWrite/SafeFileEdit.",
   "author": "Masaomi Hatakeyama",
   "layer": "L1",
   "depends_on": ["llm_client", "autonomos", "autoexec"],

data/templates/skillsets/kairos_hook_projector/lib/boot_time_assertion.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'digest'
+
+module KairosMcp
+  module SkillSets
+    module KairosHookProjector
+      # Structural guarantee of zero side effect on a configurable set of
+      # watched paths, per design v0.2 §7.2 DoD-0-4 and Inv-6.
+      #
+      # Usage:
+      #   assertion = BootTimeAssertion.new(watch_paths: [...])
+      #   assertion.snapshot_pre!
+      #   <do read-only work>
+      #   assertion.verify_post!   # raises StructuralAssertionFailure on any drift
+      #
+      # The assertion captures (sha256, mtime_ns, size) for each watched path,
+      # or :absent if the path does not exist. Any pre/post mismatch is treated
+      # as a structural violation: absent->present, present->absent,
+      # content change, or mtime advance.
+      class BootTimeAssertion
+        class StructuralAssertionFailure < StandardError; end
+
+        attr_reader :watch_paths
+
+        def initialize(watch_paths:)
+          @watch_paths = Array(watch_paths).map(&:to_s)
+          @pre = nil
+          @post = nil
+        end
+
+        def snapshot_pre!
+          @pre = snapshot
+          self
+        end
+
+        def verify_post!
+          raise 'snapshot_pre! must be called before verify_post!' if @pre.nil?
+
+          @post = snapshot
+          diffs = diff(@pre, @post)
+          return self if diffs.empty?
+
+          raise StructuralAssertionFailure,
+                "stage 0 side-effect-zero violation: #{diffs.inspect}"
+        end
+
+        def snapshots
+          { pre: @pre, post: @post }
+        end
+
+        private
+
+        def snapshot
+          @watch_paths.each_with_object({}) do |path, acc|
+            acc[path] = if File.exist?(path)
+                         { sha256: Digest::SHA256.file(path).hexdigest,
+                           mtime_ns: File.stat(path).mtime.to_r * 1_000_000_000,
+                           size: File.size(path) }
+                       else
+                         :absent
+                       end
+          end
+        end
+
+        def diff(pre, post)
+          pre.keys.each_with_object([]) do |path, drifts|
+            a = pre[path]
+            b = post[path]
+            next if a == b
+
+            drifts << { path: path, pre: a, post: b }
+          end
+        end
+      end
+    end
+  end
+end

data/templates/skillsets/kairos_hook_projector/mode_hooks/_schema.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "$id": "https://kairoschain.dev/schemas/kairos_hook_projector/mode_hooks/v0.json",
+  "title": "mode_hooks definition (kairos_hook_projector stage 0)",
+  "description": "Schema for mode_hooks YAML/JSON definitions. Stage 0 validates the outer envelope (mode_name, version) and reserves composition fields (extends, conflict_policy) per design v0.2 §7.2. The internal shape of `hooks` is permissive at this stage; the stage 1 compiler will become the source of truth for hook entry structure.",
+  "type": "object",
+  "required": ["mode_name", "version"],
+  "additionalProperties": false,
+  "properties": {
+    "mode_name": {
+      "type": "string",
+      "minLength": 1,
+      "description": "The instruction mode this hooks definition applies to (e.g. 'masa', 'tutorial')."
+    },
+    "version": {
+      "type": "string",
+      "minLength": 1,
+      "description": "Schema version of this mode_hooks document. Used by the compiler to dispatch to the correct parser."
+    },
+    "hooks": {
+      "type": "object",
+      "description": "Optional (composite-only variants may omit). Map of event name to hook entries. Inner shape is intentionally unvalidated in stage 0; locked down in stage 1.",
+      "additionalProperties": true
+    },
+    "extends": {
+      "type": "array",
+      "description": "Optional composition field (reserved per Inv-C6). Names of variant SkillSets this definition composes from. Reference resolution and dangling-reference detection are compile-time concerns (Inv-C7), not schema concerns.",
+      "items": {
+        "type": "string",
+        "minLength": 1
+      },
+      "uniqueItems": true
+    },
+    "conflict_policy": {
+      "type": "string",
+      "minLength": 1,
+      "default": "error",
+      "description": "Optional composition field (reserved per Inv-C4). Conflict resolution policy for composing extends inputs. Default 'error' means human judgment is required (Inv-5). Auto-resolution policies are warn-but-accept at schema level in stage 0; activation requires operator consent chain_record (Inv-C10). The specific enum of allowed policy values is intentionally deferred to §11 backlog."
+    }
+  }
+}

data/templates/skillsets/kairos_hook_projector/plugin/SKILL.md

@@ -12,8 +12,26 @@ mode_hooks YAML → `plugin/hooks.json` → `.claude/settings.json` (via `plugin
 
 ## Stage
 
-v0.1 stage 0: skeleton + schema + `hooks_status` (read-only). Zero side effect.
-Later stages add compile / project / unproject / composition.
+v0.1 stage 0: skeleton + schema + `hooks_status` (read-only). Zero side effect,
+structurally guaranteed via boot-time hash/mtime assertion on projection target
+files (DoD-0-4). Later stages add compile / project / unproject / composition.
+
+## Tools
+
+### `hooks_status` (read-only)
+
+Inspect current state of `kairos_hook_projector`. Reports stage, schema
+location, and mode_hooks document inventory. Each invocation runs a pre/post
+hash+mtime assertion over the watched projection targets
+(`.claude/settings.json` and the SkillSet's own `plugin/hooks.json`); any
+drift fails the call with `StructuralAssertionFailure`. This is the
+structural side-effect-zero guarantee for stage 0, not a convention.
+
+## Schema
+
+`mode_hooks/_schema.json` defines the envelope for mode_hooks definitions
+(JSON Schema draft-04). Required: `mode_name`, `version`. Optional: `hooks`,
+plus reserved composition fields (`extends`, `conflict_policy`).
 
 ## Design
 

data/templates/skillsets/kairos_hook_projector/skillset.json

@@ -14,7 +14,9 @@
     "mode_hooks_schema",
     "hooks_status_readonly"
   ],
-  "tool_classes": [],
+  "tool_classes": [
+    "KairosMcp::SkillSets::KairosHookProjector::Tools::HooksStatus"
+  ],
   "config_files": [],
   "knowledge_dirs": [],
   "min_core_version": "3.25.0"

data/templates/skillsets/kairos_hook_projector/test/test_boot_time_assertion.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+require 'minitest/autorun'
+require 'tmpdir'
+require 'fileutils'
+require_relative '../lib/boot_time_assertion'
+
+# Stage 0 commit 3: BootTimeAssertion tests.
+#
+# Design reference: docs/drafts/kairos_hook_projector_design_v0.2_draft.md
+#   - Inv-6: stage 0 side-effect-zero is structurally guaranteed (not by
+#     convention) via boot-time verification.
+#   - DoD-0-4: read-only status tool with boot-time hash/mtime assertion
+#     fails fast on any drift in watched projection target files.
+#
+# Watched target categories the assertion must cover:
+#   - existing file unchanged across pre/post -> passes
+#   - existing file content changed -> raises (content drift)
+#   - absent file stays absent -> passes
+#   - absent file appears between pre/post -> raises (absent->present drift)
+class TestBootTimeAssertion < Minitest::Test
+  AssertionClass = ::KairosMcp::SkillSets::KairosHookProjector::BootTimeAssertion
+  FailureClass = AssertionClass::StructuralAssertionFailure
+
+  def setup
+    @tmpdir = Dir.mktmpdir('kairos_hook_projector_boot_time_assertion_')
+  end
+
+  def teardown
+    FileUtils.remove_entry(@tmpdir) if @tmpdir && File.directory?(@tmpdir)
+  end
+
+  # Test 1: empty watch_paths is a no-op that always passes.
+  # Establishes that the assertion does not require any watched file to exist.
+  def test_empty_watch_paths_passes
+    assertion = AssertionClass.new(watch_paths: [])
+    assertion.snapshot_pre!
+    assertion.verify_post!
+    assert_empty assertion.snapshots[:pre]
+    assert_empty assertion.snapshots[:post]
+  end
+
+  # Test 2: existing file unchanged between pre and post -> passes.
+  # This is the success path for the read-only tool wrapping its body.
+  def test_unchanged_existing_file_passes
+    path = File.join(@tmpdir, 'untouched.json')
+    File.write(path, '{"hooks":{}}')
+    assertion = AssertionClass.new(watch_paths: [path])
+    assertion.snapshot_pre!
+    # body does nothing
+    assertion.verify_post!
+    pre = assertion.snapshots[:pre][path]
+    post = assertion.snapshots[:post][path]
+    assert_equal pre, post,
+                 'unchanged file must produce identical pre/post snapshots'
+    refute_equal :absent, pre
+  end
+
+  # Test 3: file content modified between pre and post -> raises with diff
+  # detail. This is the positive control proving the assertion actually
+  # catches stage 0 side-effect-zero violations.
+  def test_modified_existing_file_raises
+    path = File.join(@tmpdir, 'mutated.json')
+    File.write(path, '{"hooks":{}}')
+    # Ensure mtime resolution does not mask the change on fast filesystems.
+    File.utime(Time.now - 60, Time.now - 60, path)
+
+    assertion = AssertionClass.new(watch_paths: [path])
+    assertion.snapshot_pre!
+    File.write(path, '{"hooks":{"PostToolUse":[]}}')
+
+    error = assert_raises(FailureClass) { assertion.verify_post! }
+    assert_includes error.message, 'stage 0 side-effect-zero violation'
+    assert_includes error.message, path
+  end
+
+  # Test 4: absent file appearing between pre and post -> raises. Stage 0
+  # demands that .claude/settings.json which does not exist must remain
+  # non-existent for the duration of the tool call.
+  def test_absent_file_appearing_raises
+    path = File.join(@tmpdir, 'not_yet_present.json')
+    refute File.exist?(path), 'precondition: file must be absent'
+
+    assertion = AssertionClass.new(watch_paths: [path])
+    assertion.snapshot_pre!
+    assert_equal :absent, assertion.snapshots[:pre][path]
+
+    File.write(path, '{"created":"by violation"}')
+
+    error = assert_raises(FailureClass) { assertion.verify_post! }
+    assert_includes error.message, path
+  end
+
+  # Test 5 (control): absent file that stays absent -> passes. Confirms the
+  # assertion does not spuriously fire for projection targets that legitimately
+  # do not exist during stage 0.
+  def test_absent_file_staying_absent_passes
+    path = File.join(@tmpdir, 'stays_absent.json')
+    assertion = AssertionClass.new(watch_paths: [path])
+    assertion.snapshot_pre!
+    assertion.verify_post!
+    assert_equal :absent, assertion.snapshots[:pre][path]
+    assert_equal :absent, assertion.snapshots[:post][path]
+  end
+
+  # Test 6: verify_post! without snapshot_pre! raises. Sanity check on the
+  # contract that pre/post calls are ordered.
+  def test_verify_post_without_pre_raises
+    assertion = AssertionClass.new(watch_paths: [])
+    error = assert_raises(RuntimeError) { assertion.verify_post! }
+    assert_includes error.message, 'snapshot_pre!'
+  end
+end

data/templates/skillsets/kairos_hook_projector/test/test_hooks_status.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require 'minitest/autorun'
+require 'tmpdir'
+require 'fileutils'
+require 'json'
+
+# Stage 0 commit 3 smoke test: HooksStatus tool returns a well-formed
+# response and the boot-time assertion reports passed when the tool body
+# does not touch any watched file.
+#
+# This test deliberately stubs the BaseTool dependency rather than loading
+# the full KairosChain MCP server gem, so that the SkillSet's stage 0 surface
+# can be validated in isolation. Integration with the gem-level tool
+# registration is verified at gem build / install time, not here.
+
+module KairosMcp
+  module Tools
+    # Minimal stub of KairosMcp::Tools::BaseTool sufficient for stage 0
+    # smoke testing. The real implementation lives in
+    # KairosChain_mcp_server/lib/kairos_mcp/tools/base_tool.rb.
+    class BaseTool
+      def initialize(safety = nil, registry: nil); end
+
+      def text_content(text)
+        [{ type: 'text', text: text }]
+      end
+    end
+  end
+end unless defined?(::KairosMcp::Tools::BaseTool)
+
+# Stub the KairosMcp module project_root accessor so the tool can resolve
+# .claude/settings.json against our tmpdir.
+module KairosMcp
+  class << self
+    attr_accessor :project_root unless method_defined?(:project_root)
+  end
+end
+
+require_relative '../tools/hooks_status'
+
+class TestHooksStatus < Minitest::Test
+  ToolClass = ::KairosMcp::SkillSets::KairosHookProjector::Tools::HooksStatus
+
+  def setup
+    @tmpdir = Dir.mktmpdir('kairos_hook_projector_smoke_')
+    ::KairosMcp.project_root = @tmpdir
+  end
+
+  def teardown
+    FileUtils.remove_entry(@tmpdir) if @tmpdir && File.directory?(@tmpdir)
+    ::KairosMcp.project_root = nil
+  end
+
+  def test_tool_returns_well_formed_response_with_assertion_passed
+    response = ToolClass.new.call({})
+    assert_kind_of Array, response
+    assert_equal 'text', response.first[:type]
+
+    body = JSON.parse(response.first[:text])
+
+    # Shape invariants
+    assert_equal 'kairos_hook_projector', body['skillset']
+    assert_match(/stage 0/, body['stage'])
+    assert_equal @tmpdir, body['project_root']
+    assert body['schema']['present'],
+           'stage 0 schema (_schema.json) must be present after commit 2'
+    assert_kind_of Integer, body['mode_hooks']['count']
+    assert_kind_of Array, body['mode_hooks']['files']
+
+    # Boot-time assertion outcome
+    assert_equal 'passed', body['boot_time_assertion']['status']
+    watched = body['boot_time_assertion']['watched_paths']
+    assert_kind_of Array, watched
+    refute_empty watched
+    assert(watched.any? { |p| p.end_with?('settings.json') },
+           'must watch .claude/settings.json projection target')
+    assert(watched.any? { |p| p.end_with?('hooks.json') },
+           "must watch the skillset's own plugin/hooks.json")
+  end
+end

data/templates/skillsets/kairos_hook_projector/test/test_mode_hooks_schema.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'minitest/autorun'
+require 'json'
+require 'json-schema'
+
+# Stage 0 commit 2: mode_hooks/_schema.json self-validation tests.
+#
+# Design reference: docs/drafts/kairos_hook_projector_design_v0.2_draft.md
+#   - DoD-0-2: mode_hooks schema is self-validating.
+#   - DoD-0-3: composition fields are validation targets; syntactically valid
+#     declarations are accepted; syntactically invalid ones are rejected.
+#   - §7.2 schema invariants: mode_name/version required, hooks optional,
+#     composition fields optional but accepted.
+class TestModeHooksSchema < Minitest::Test
+  SKILLSET_ROOT = File.expand_path('..', __dir__)
+  SCHEMA_PATH = File.join(SKILLSET_ROOT, 'mode_hooks', '_schema.json')
+
+  def setup
+    @schema = JSON.parse(File.read(SCHEMA_PATH))
+  end
+
+  # Test 1 (happy path, DoD-0-2): a minimal valid document with only the
+  # required fields validates clean.
+  def test_minimal_valid_document_accepted
+    doc = { 'mode_name' => 'masa', 'version' => '0.1' }
+    errors = JSON::Validator.fully_validate(@schema, doc)
+    assert_empty errors,
+                 "Minimal valid document {mode_name, version} must validate clean. Got: #{errors.inspect}"
+  end
+
+  # Test 2 (reject path, DoD-0-3 second half): a document missing a required
+  # field is rejected. Document also exercises a syntactically invalid
+  # composition field (extends with non-string entry) to confirm composition
+  # fields are real validation targets, not silently passed through.
+  def test_syntactically_invalid_document_rejected
+    missing_version = { 'mode_name' => 'masa' }
+    errors_a = JSON::Validator.fully_validate(@schema, missing_version)
+    refute_empty errors_a, "Document missing 'version' must be rejected"
+    assert errors_a.any? { |e| e.include?('version') },
+           "Rejection error must mention the missing 'version' field. Got: #{errors_a.inspect}"
+
+    bad_extends = {
+      'mode_name' => 'masa', 'version' => '0.1',
+      'extends' => ['conservative', 42] # 42 is not a string
+    }
+    errors_b = JSON::Validator.fully_validate(@schema, bad_extends)
+    refute_empty errors_b,
+                 "Document with non-string entry in 'extends' must be rejected (composition field is a real validation target, not warn-but-accept)"
+  end
+
+  # Test 3 (composition optional + accepted, DoD-0-3 first half + §7.2): a
+  # document carrying syntactically valid composition fields (extends,
+  # conflict_policy) is accepted. This is the "reservation" invariant — the
+  # fields exist in the schema and validate, but stage 0 does not yet attach
+  # any compile-time semantics to them.
+  def test_composition_fields_optional_and_accepted_when_valid
+    doc = {
+      'mode_name' => 'masa',
+      'version' => '0.1',
+      'extends' => %w[conservative agent_aggressive],
+      'conflict_policy' => 'error'
+    }
+    errors = JSON::Validator.fully_validate(@schema, doc)
+    assert_empty errors,
+                 "Composition fields (extends, conflict_policy) must be accepted when syntactically valid. Got: #{errors.inspect}"
+  end
+end

data/templates/skillsets/kairos_hook_projector/tools/hooks_status.rb

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+require 'json'
+require_relative '../lib/boot_time_assertion'
+
+module KairosMcp
+  module SkillSets
+    module KairosHookProjector
+      module Tools
+        # Read-only inspection of `kairos_hook_projector` state.
+        # Wraps its read-only body with a BootTimeAssertion that captures
+        # pre/post hash+mtime of projection target files, providing structural
+        # (not conventional) guarantee of stage 0 side-effect-zero per design
+        # v0.2 §7.2 DoD-0-4 and DoD-0-6.
+        #
+        # The watched target set in stage 0:
+        #   - <project_root>/.claude/settings.json  (Stage 2+ projection target)
+        #   - <skillset_root>/plugin/hooks.json     (intermediate target)
+        #
+        # If either file drifts between pre and post snapshots, the tool
+        # raises and the caller receives a fail-fast error rather than a
+        # successful response. This is the structural guarantee.
+        class HooksStatus < ::KairosMcp::Tools::BaseTool
+          SKILLSET_ROOT = File.expand_path('..', __dir__)
+          SKILLSET_NAME = 'kairos_hook_projector'
+          STAGE_MARKER = 'stage 0 (skeleton + schema + status)'
+
+          def name
+            'hooks_status'
+          end
+
+          def description
+            'Read-only inspection of kairos_hook_projector state. ' \
+              'Reports stage, schema location, and mode_hooks document inventory. ' \
+              'Structurally guarantees zero side effect on projection targets via ' \
+              'a pre/post hash+mtime boot-time assertion (DoD-0-4).'
+          end
+
+          def category
+            :meta
+          end
+
+          def usecase_tags
+            %w[hooks status read-only stage0 self-referential]
+          end
+
+          def related_tools
+            %w[plugin_project skills_audit]
+          end
+
+          def input_schema
+            {
+              type: 'object',
+              properties: {},
+              additionalProperties: false
+            }
+          end
+
+          def call(_arguments)
+            project_root = resolve_project_root
+            watch_paths = compute_watch_paths(project_root)
+
+            assertion = BootTimeAssertion.new(watch_paths: watch_paths)
+            assertion.snapshot_pre!
+
+            body = compose_status_body(project_root: project_root,
+                                       watch_paths: watch_paths)
+
+            assertion.verify_post!
+
+            text_content(JSON.pretty_generate(
+                           body.merge(boot_time_assertion: {
+                                        status: 'passed',
+                                        watched_paths: watch_paths,
+                                        snapshots: assertion.snapshots
+                                      })
+                         ))
+          rescue BootTimeAssertion::StructuralAssertionFailure => e
+            text_content(JSON.pretty_generate({
+                                                error: 'StructuralAssertionFailure',
+                                                detail: e.message,
+                                                skillset: SKILLSET_NAME,
+                                                stage: STAGE_MARKER
+                                              }))
+          rescue StandardError => e
+            text_content(JSON.pretty_generate({
+                                                error: e.class.name,
+                                                detail: e.message,
+                                                backtrace: e.backtrace&.first(3)
+                                              }))
+          end
+
+          private
+
+          def resolve_project_root
+            if defined?(::KairosMcp) && ::KairosMcp.respond_to?(:project_root)
+              ::KairosMcp.project_root
+            else
+              Dir.pwd
+            end
+          end
+
+          def compute_watch_paths(project_root)
+            [
+              File.join(project_root.to_s, '.claude', 'settings.json'),
+              File.join(SKILLSET_ROOT, 'plugin', 'hooks.json')
+            ]
+          end
+
+          def compose_status_body(project_root:, watch_paths:)
+            mode_hooks_dir = File.join(SKILLSET_ROOT, 'mode_hooks')
+            schema_path = File.join(mode_hooks_dir, '_schema.json')
+            mode_files = Dir.glob(File.join(mode_hooks_dir, '*'))
+                            .reject { |p| File.basename(p).start_with?('_') }
+                            .map { |p| File.basename(p) }
+                            .sort
+
+            {
+              skillset: SKILLSET_NAME,
+              stage: STAGE_MARKER,
+              project_root: project_root.to_s,
+              schema: {
+                path: schema_path,
+                present: File.exist?(schema_path)
+              },
+              mode_hooks: {
+                count: mode_files.size,
+                files: mode_files
+              },
+              note: 'Read-only. Stage 0 emits no projections; see ' \
+                    'docs/drafts/kairos_hook_projector_design_v0.2_draft.md'
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/templates/skillsets/multi_llm_review/config/multi_llm_review.yml

@@ -5,7 +5,7 @@
 
 # Convergence rules
 # Roster has 5 reviewers (claude_team_opus4.7, claude_cli_opus4.6,
-# codex_gpt5.4, codex_gpt5.5, cursor_composer2). Rules are ratio-based
+# codex_gpt5.4, codex_gpt5.5, cursor_composer2.5). Rules are ratio-based
 # (parser interprets "N/M" as N/M fraction applied to successful count),
 # so the literal numerator/denominator is informational; what matters is
 # the ratio.
@@ -108,8 +108,8 @@ reviewers:
     role_label: codex_gpt5.5
 
   - provider: cursor
-    role_label: cursor_composer2
-    # No `model` key → cursor adapter omits --model → cursor's default (composer2).
+    role_label: cursor_composer2.5
+    # No `model` key → cursor adapter omits --model → cursor's default (composer-2.5-fast as of 2026-05).
     # This entry preserves the original 5-reviewer roster behavior.
 
   # ----------------------------------------------------------------------

data/templates/skillsets/multi_llm_review/tools/multi_llm_review.rb

@@ -712,12 +712,13 @@ module KairosMcp
           end
 
           def symbolize_keys(hash)
+            hash = coerce_to_hash(hash)
             hash.transform_keys(&:to_sym)
           end
 
           def symbolize_findings(findings)
             return nil unless findings.is_a?(Array)
-            findings.map { |f| f.transform_keys(&:to_sym) }
+            findings.map { |f| coerce_to_hash(f).transform_keys(&:to_sym) }
           end
 
           def hash_to_string_keys(hash)
@@ -725,6 +726,14 @@ module KairosMcp
             hash.transform_keys(&:to_s)
           end
 
+          def coerce_to_hash(obj)
+            return obj if obj.is_a?(Hash)
+            return JSON.parse(obj) if obj.is_a?(String)
+            obj
+          rescue JSON::ParserError
+            { '_raw' => obj.to_s }
+          end
+
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kairos-chain
 version: !ruby/object:Gem::Version
-  version: 3.27.0
+  version: 3.28.1
 platform: ruby
 authors:
 - Masaomi Hatakeyama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-05-19 00:00:00.000000000 Z
+date: 2026-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -411,10 +411,16 @@ files:
 - templates/skillsets/introspection/tools/introspection_check.rb
 - templates/skillsets/introspection/tools/introspection_health.rb
 - templates/skillsets/introspection/tools/introspection_safety.rb
+- templates/skillsets/kairos_hook_projector/lib/boot_time_assertion.rb
+- templates/skillsets/kairos_hook_projector/mode_hooks/_schema.json
 - templates/skillsets/kairos_hook_projector/plugin/SKILL.md
 - templates/skillsets/kairos_hook_projector/plugin/hooks.json
 - templates/skillsets/kairos_hook_projector/skillset.json
+- templates/skillsets/kairos_hook_projector/test/test_boot_time_assertion.rb
+- templates/skillsets/kairos_hook_projector/test/test_hooks_status.rb
+- templates/skillsets/kairos_hook_projector/test/test_mode_hooks_schema.rb
 - templates/skillsets/kairos_hook_projector/test/test_skillset_json.rb
+- templates/skillsets/kairos_hook_projector/tools/hooks_status.rb
 - templates/skillsets/knowledge_creator/config/knowledge_creator.yml
 - templates/skillsets/knowledge_creator/knowledge/creation_guide/creation_guide.md
 - templates/skillsets/knowledge_creator/knowledge/quality_criteria/quality_criteria.md