@a5c-ai/babysitter-opencode 5.0.1-staging.9e5052f8bc95 → 5.0.1-staging.a2865ee1a2da

package/bin/install-shared.js

@@ -29,7 +29,7 @@ function writeFileIfChanged(filePath, contents) {
   try {
     const existing = fs.readFileSync(filePath, 'utf8');
     if (existing === contents) return false;
-  } catch {}
+  } catch (e) { process.stderr.write('[extension-mux] file read failed for ' + filePath + ', overwriting: ' + (e instanceof Error ? e.message : String(e)) + '\n'); }
   fs.mkdirSync(path.dirname(filePath), { recursive: true });
   fs.writeFileSync(filePath, contents);
   return true;
@@ -82,7 +82,7 @@ function writeJson(filePath, value) {
 function ensureExecutable(filePath) {
   try {
     fs.chmodSync(filePath, 0o755);
-  } catch {}
+  } catch (e) { process.stderr.write('[extension-mux] chmod failed for ' + filePath + ': ' + (e instanceof Error ? e.message : String(e)) + '\n'); }
 }
 
 function normalizeMarketplaceSourcePath(source, marketplacePath) {
@@ -104,7 +104,7 @@ function ensureMarketplaceEntry(marketplacePath, pluginRoot) {
     name: PLUGIN_NAME,
     source: relSource,
     description: "Orchestrate complex, multi-step workflows with event-sourced state management, hook-based extensibility, and human-in-the-loop approval",
-    version: "5.0.1-staging.9e5052f8bc95",
+    version: "5.0.1-staging.a2865ee1a2da",
     author: { name: "a5c.ai" },
   };
   if (idx >= 0) marketplace.plugins[idx] = entry;
@@ -147,7 +147,7 @@ function resolveCliCommand(packageRoot) {
   const versionsPath = path.join(packageRoot, 'versions.json');
   const versions = readJson(versionsPath) || {};
   const ver = versions.sdkVersion || 'latest';
-  return `npx -y @a5c-ai/babysitter-sdk@${ver}`;
+  return `npm exec --yes --package @a5c-ai/babysitter-sdk@${ver} -- babysitter`;
 }
 
 function runCli(packageRoot, cliArgs, options = {}) {

package/commands/check-forbidden-markers.md

@@ -0,0 +1,68 @@
+---
+description: Pre-deploy gate that scans built JS chunks for forbidden substring markers (saga-era / obsolete code paths) listed in a project-local forbidden-markers.txt
+argument-hint: "[--markers-file <path>] [--chunks-dir <path>] [--json] Optional overrides; defaults are project-relative."
+allowed-tools: Read, Grep, Write, Task, Bash, Edit, Grep, Glob, WebFetch, WebSearch, Search, AskUserQuestion, TodoWrite, TodoRead, Skill, BashOutput, KillShell, MultiEdit, LS
+---
+
+Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md). Compose the gate from the shared helper at `library/processes/shared/forbidden-markers-scanner.js` (issue #477).
+
+## What this gate does
+
+Reads a list of literal substring markers from `scripts/forbidden-markers.txt` (blank lines and `#`-prefixed comments stripped) and greps every `.js` chunk under `.vercel/output/static/_next/static/chunks/` (Next.js / Vercel default; configurable) for any occurrence. Reports structured hits per `(marker, chunk)` pair with occurrence counts. Designed to chain between `vercel build --prod` and `vercel deploy --prod`.
+
+Use this gate when a refactor or restart-from-baseline replaced load-bearing code paths and you need a structural guarantee the obsolete symbols never re-ship. Burned-in evidence: cookbook VI-9 / VI-12 near-miss revivals during the 2026-05 iOS-Safari saga; the prototype lives at `cookbook/scripts/check-no-forbidden.mjs` and shipped two upstream contributions before being generalized as this gate.
+
+## When to use
+
+- **Pre-deploy.** Insert after build, before deploy. Block the deploy when `ok: false`.
+- **Post-restart.** After a baseline rollback + step-by-step re-add, snapshot the saga-era markers in `forbidden-markers.txt` and let CI hold the line.
+- **Post-refactor.** When old helper / handler / module names must not coexist with the new ones in the same bundle.
+
+## Expected config locations
+
+- `scripts/forbidden-markers.txt` — one marker per line, `#` for comments. The list is the contract; the gate is mechanical. Commit this file to source control.
+- `.vercel/output/static/_next/static/chunks/` — default scan target. Override for non-Vercel frameworks via the `--chunks-dir` flag or the `chunksDir` task input.
+
+A missing markers file is a no-op (`ok: true`, `reason: 'missing-markers-file'`) — misconfiguration is never a deploy block. A missing chunks directory is likewise a no-op (`reason: 'missing-chunks-dir'`) so the gate is safe to chain into `check:all` before the build runs.
+
+## Exit semantics
+
+| Reason                  | `ok`   | Deploy decision                |
+|-------------------------|--------|--------------------------------|
+| `missing-markers-file`  | true   | Pass (no gate active)          |
+| `missing-chunks-dir`    | true   | Pass (run before build)        |
+| `empty-markers`         | true   | Pass (list is empty)           |
+| `no-chunks`             | true   | Pass (nothing to scan)         |
+| `clean`                 | true   | Pass — proceed to deploy       |
+| `hits`                  | false  | **BLOCK** — surface hits, ask for triage |
+
+For each hit, the gate emits `{ marker, chunk, count }` so the operator sees the exact marker string, the absolute chunk path, and the number of occurrences in that chunk. Multiple hits across chunks for the same marker are reported separately.
+
+## Programmatic surface
+
+```js
+import { scanForbiddenMarkers, checkForbiddenMarkersTask } from '@a5c-ai/babysitter-library/processes/shared';
+
+// Direct call:
+const result = await scanForbiddenMarkers({
+  markersFile: 'scripts/forbidden-markers.txt',
+  chunksDir:   '.vercel/output/static/_next/static/chunks',
+});
+if (!result.ok) {
+  // result.hits: Array<{ marker, chunk, count }>
+  // result.reason === 'hits'
+  process.exit(1);
+}
+
+// Or dispatched as a babysitter task:
+const gate = await ctx.task(checkForbiddenMarkersTask, {
+  projectDir: '.',
+  // markersFile / chunksDir are inferred from projectDir if omitted
+});
+```
+
+## Reference
+
+- Issue: https://github.com/a5c-ai/babysitter/issues/477
+- Helper module: `library/processes/shared/forbidden-markers-scanner.js`
+- Origin (cookbook prototype): `cookbook/scripts/check-no-forbidden.mjs` (81 lines)

package/commands/cleanup.md

@@ -6,7 +6,13 @@ allowed-tools: Read, Grep, Write, Task, Bash, Edit, Grep, Glob, WebFetch, WebSea
 
 Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md).
 
-Create and run a cleanup process using the process at `skills\babysit\process\cradle\cleanup-runs.js/processes/cleanup-runs.js`.
+Resolve the active process library with:
+
+```bash
+babysitter process-library:active --json
+```
+
+Read `binding.dir` from that JSON and create/run the cleanup process from `cradle/cleanup-runs.js#process` relative to that active library root. Do not use plugin-cache-relative cradle paths.
 
 Implementation notes (for the process):
 - Parse arguments for `--dry-run` flag (if present, set dryRun: true in inputs) and `--keep-days N` (default: 7)

package/commands/help.md

@@ -233,7 +233,8 @@ SECONDARY COMMANDS
   How it works: Runs npx @a5c-ai/babysitter-observer-dashboard@latest which watches
   the .a5c/runs/ directory (or a parent directory containing multiple projects) and
   serves a live dashboard. The process is blocking -- it runs until you stop it, and
-  it prints the local URL to share with the user.
+  it prints the local URL to share with the user. Do not use `babysitter observe`
+  as a fallback; the core Babysitter CLI does not expose that subcommand.
 
   Example: /babysitter:observe
   (opens browser showing all runs with live-updating task

package/commands/observe.md

@@ -7,6 +7,11 @@ allowed-tools: Read, Grep, Write, Task, Bash
 Run the babysitter observer dashboard:
 
 1. Determine the watch directory — this is usually the project's container directory (the parent of the project dir), or the current working directory if not specified.
-2. Launch the dashboard: `npx -y @a5c-ai/babysitter-observer-dashboard@latest --watch-dir <dir>`
+2. Launch the standalone dashboard package: `npx -y @a5c-ai/babysitter-observer-dashboard@latest --watch-dir <dir>`.
 3. This is a blocking process — it will keep running until stopped.
 4. Report the URL printed by the dashboard to the user, then open it in the browser.
+
+Do not fall back to `babysitter observe`; the core Babysitter CLI does not expose
+that subcommand. Some harness runtimes may provide a separate
+`agent-platform observe` surface, but this skill uses the verified standalone
+dashboard package.

package/commands/plan.md

@@ -4,4 +4,14 @@ argument-hint: Specific instructions for the run.
 allowed-tools: Read, Grep, Write, Task, Bash, Edit, Grep, Glob, WebFetch, WebSearch, Search, AskUserQuestion, TodoWrite, TodoRead, Skill, BashOutput, KillShell, MultiEdit, LS
 ---
 
-Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md). focus on creating the best process possible, but without creating and running the actual run.
+Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md). Focus on creating the best process possible, but without creating and running the actual run.
+
+Before drafting the process, run Phase 0 -- REUSE-AUDIT: extract keyword nouns and verbs from the request, scan for matching existing migrations, API routes, environment variables, SDK dependencies, and imports, honor `.a5c/reuse-audit.json` when present, and put a `Reuse-audit findings (REVIEW BEFORE PROCEEDING)` block before Phase 1 of the plan.
+
+## Process Shape Selection
+
+Choose the process shape before authoring `process.js`:
+
+- Use a flat phase list when the spec is well-defined, the work is wiring or composition, the bug class is already known if this is a fix, and execution should proceed sequentially through clear phases.
+- Use a HYPOTHESES tree when the bug class is unknown, forensics are required, multiple causal models compete, and each hypothesis needs its own observations, falsifying observations, and follow-up phases.
+- Rule of thumb: if the first phase is "investigate", use HYPOTHESES-tree mode. If the first phase is "implement X", use flat-phase-list mode.

package/commands/yolo.md

@@ -4,7 +4,7 @@ argument-hint: Specific instructions for the run.
 allowed-tools: Read, Grep, Write, Task, Bash, Edit, Grep, Glob, WebFetch, WebSearch, Search, AskUserQuestion, TodoWrite, TodoRead, Skill, BashOutput, KillShell, MultiEdit, LS
 ---
 
-Start the Babysitter run directly through the CLI, without any user interaction or breakpoints. Do not invoke the Skill tool and do not run an instructions-only command. In Claude Code, use Bash to run `babysitter harness:yolo --harness claude-code --workspace "$PWD" --prompt "<user arguments>" --json`; in Codex, run `babysitter harness:yolo --harness codex --workspace "$PWD" --prompt "<user arguments>" --json`; in other harnesses, use the same command with that harness id. Replace `<user arguments>` with the arguments shown below, wait for the command to finish, and treat the CLI completion proof as the result.
+Run the Babysitter orchestration instructions directly through the CLI, without any user interaction or breakpoints. In Claude Code, use Bash to run `babysitter instructions:babysit-skill --harness claude-code --no-interactive`; in Codex, run `babysitter instructions:babysit-skill --harness codex --no-interactive`; in other harnesses, use the same command with that harness id. Then follow the returned instructions in this same turn until completion proof is produced. Do not stop after reading the instructions, do not invoke the Skill tool first, and use the non-interactive/no-breakpoints path when the instructions offer a mode choice.
 
 User arguments for this command:
 

package/hooks/babysitter-proxied-session-created.js

@@ -6,7 +6,7 @@ var readFileSync = require("fs").readFileSync;
 
 var PLUGIN_ROOT = process.env.PLUGIN_ROOT || process.env.PLUGIN_ROOT || path.resolve(__dirname, "..");
 var stdin = "";
-try { stdin = readFileSync(0, "utf8"); } catch {}
+try { stdin = readFileSync(0, "utf8"); } catch (e) { process.stderr.write("[extension-mux] stdin read failed: " + (e instanceof Error ? e.message : String(e)) + "\n"); }
 try {
   var result = execSync("bash " + JSON.stringify(path.join(PLUGIN_ROOT, "hooks/session-start.sh")), {
     input: stdin,
@@ -20,5 +20,7 @@ try {
   });
   process.stdout.write(result);
 } catch (e) {
-  process.stdout.write("{}\n");
+  process.stderr.write("[extension-mux] hook execution failed: " + (e instanceof Error ? e.message : String(e)) + "\n");
+  process.stdout.write(JSON.stringify({ error: e instanceof Error ? e.message : String(e) }) + "\n");
+  process.exit(1);
 }

package/hooks/babysitter-proxied-shell-env.js

@@ -6,7 +6,7 @@ var readFileSync = require("fs").readFileSync;
 
 var PLUGIN_ROOT = process.env.PLUGIN_ROOT || process.env.PLUGIN_ROOT || path.resolve(__dirname, "..");
 var stdin = "";
-try { stdin = readFileSync(0, "utf8"); } catch {}
+try { stdin = readFileSync(0, "utf8"); } catch (e) { process.stderr.write("[extension-mux] stdin read failed: " + (e instanceof Error ? e.message : String(e)) + "\n"); }
 try {
   var result = execSync("bash " + JSON.stringify(path.join(PLUGIN_ROOT, "hooks/shell-env.sh")), {
     input: stdin,
@@ -20,5 +20,7 @@ try {
   });
   process.stdout.write(result);
 } catch (e) {
-  process.stdout.write("{}\n");
+  process.stderr.write("[extension-mux] hook execution failed: " + (e instanceof Error ? e.message : String(e)) + "\n");
+  process.stdout.write(JSON.stringify({ error: e instanceof Error ? e.message : String(e) }) + "\n");
+  process.exit(1);
 }

package/hooks/babysitter-proxied-tool-execute-after.js

@@ -6,7 +6,7 @@ var readFileSync = require("fs").readFileSync;
 
 var PLUGIN_ROOT = process.env.PLUGIN_ROOT || process.env.PLUGIN_ROOT || path.resolve(__dirname, "..");
 var stdin = "";
-try { stdin = readFileSync(0, "utf8"); } catch {}
+try { stdin = readFileSync(0, "utf8"); } catch (e) { process.stderr.write("[extension-mux] stdin read failed: " + (e instanceof Error ? e.message : String(e)) + "\n"); }
 try {
   var result = execSync("bash " + JSON.stringify(path.join(PLUGIN_ROOT, "hooks/post-tool-use.sh")), {
     input: stdin,
@@ -20,5 +20,7 @@ try {
   });
   process.stdout.write(result);
 } catch (e) {
-  process.stdout.write("{}\n");
+  process.stderr.write("[extension-mux] hook execution failed: " + (e instanceof Error ? e.message : String(e)) + "\n");
+  process.stdout.write(JSON.stringify({ error: e instanceof Error ? e.message : String(e) }) + "\n");
+  process.exit(1);
 }

package/hooks/babysitter-proxied-tool-execute-before.js

@@ -6,7 +6,7 @@ var readFileSync = require("fs").readFileSync;
 
 var PLUGIN_ROOT = process.env.PLUGIN_ROOT || process.env.PLUGIN_ROOT || path.resolve(__dirname, "..");
 var stdin = "";
-try { stdin = readFileSync(0, "utf8"); } catch {}
+try { stdin = readFileSync(0, "utf8"); } catch (e) { process.stderr.write("[extension-mux] stdin read failed: " + (e instanceof Error ? e.message : String(e)) + "\n"); }
 try {
   var result = execSync("bash " + JSON.stringify(path.join(PLUGIN_ROOT, "hooks/pre-tool-use.sh")), {
     input: stdin,
@@ -20,5 +20,7 @@ try {
   });
   process.stdout.write(result);
 } catch (e) {
-  process.stdout.write("{}\n");
+  process.stderr.write("[extension-mux] hook execution failed: " + (e instanceof Error ? e.message : String(e)) + "\n");
+  process.stdout.write(JSON.stringify({ error: e instanceof Error ? e.message : String(e) }) + "\n");
+  process.exit(1);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a5c-ai/babysitter-opencode",
-  "version": "5.0.1-staging.9e5052f8bc95",
+  "version": "5.0.1-staging.a2865ee1a2da",
   "description": "Orchestrate complex, multi-step workflows with event-sourced state management, hook-based extensibility, and human-in-the-loop approval",
   "scripts": {
     "deploy": "npm publish --access public",
@@ -35,7 +35,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@a5c-ai/babysitter-sdk": "5.0.1-staging.9e5052f8bc95"
+    "@a5c-ai/babysitter-sdk": "5.0.1-staging.a2865ee1a2da"
   },
   "repository": {
     "type": "git",

package/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "babysitter",
-  "version": "5.0.1-staging.9e5052f8bc95",
+  "version": "5.0.1-staging.a2865ee1a2da",
   "description": "Orchestrate complex, multi-step workflows with event-sourced state management, hook-based extensibility, and human-in-the-loop approval",
   "author": "a5c.ai",
   "license": "MIT",

package/skills/accomplish-status/SKILL.md

@@ -32,9 +32,15 @@ Read the SDK version from `versions.json` to ensure version compatibility:
 SDK_VERSION=$(node -e "try{const fs=require('fs');const probes=['./plugins/babysitter-unified/versions.json','./node_modules/@a5c-ai/babysitter-opencode/versions.json'];for(const probe of probes){if(fs.existsSync(probe)){console.log(JSON.parse(fs.readFileSync(probe,'utf8')).sdkVersion||'latest');process.exit(0)}}console.log('latest')}catch{console.log('latest')}")
 npm i -g @a5c-ai/babysitter-sdk@$SDK_VERSION
 
-CLI="npx -y @a5c-ai/babysitter-sdk@$SDK_VERSION"
+if command -v babysitter >/dev/null 2>&1 && babysitter --version >/dev/null 2>&1; then
+  CLI="babysitter"
+else
+  CLI="npm exec --yes --package @a5c-ai/babysitter-sdk@$SDK_VERSION -- babysitter"
+fi
 ```
 
+If a stale or broken global shim fails with `MODULE_NOT_FOUND`, repair it with `npm rm -g @a5c-ai/babysitter @a5c-ai/babysitter-sdk && npm i -g @a5c-ai/babysitter-sdk@$SDK_VERSION`, then re-run `babysitter --version`.
+
 ## Instructions
 
 ### 1. Resolve the status directory

package/skills/babysit/SKILL.md

@@ -1,11 +1,12 @@
 ---
 name: babysit
-description: Orchestrate via @babysitter. Use this skill when asked to babysit a run, orchestrate a process or whenever it is called explicitly. (babysit, babysitter, orchestrate, orchestrate a run, workflow, etc.)
+description: >-
+  Execute via @babysitter. Use this skill when asked to babysit a task, do anything that is structured process-driven (even a loop) or whenever it is called explicitly. (babysit, babysitter, with a process, orchestrate, orchestrate a run, workflow, loop until, etc.)
 ---
 
 # babysit
 
-Orchestrate `.a5c/runs/<runId>/` through iterative execution.
+Follow the commands below exactly. but apply judgement and creativity to get the job done. no matter how small or simple the task may seem, you must use the babysitter SDK and run lifecycle to execute it. This is non-negotiable. If you are asked to do something that seems like it could be done with a simple tool call, you must still use the babysitter SDK to create a run, define tasks, execute them, and complete the run. This is how you will learn and demonstrate mastery of the babysitter system. Always follow the full process, even for trivial tasks.
 
 ## Dependencies
 
@@ -17,21 +18,27 @@ Read the SDK version from `versions.json` to ensure version compatibility:
 SDK_VERSION=$(node -e "try{const fs=require('fs');const probes=['./plugins/babysitter-unified/versions.json','./node_modules/@a5c-ai/babysitter-opencode/versions.json'];for(const probe of probes){if(fs.existsSync(probe)){console.log(JSON.parse(fs.readFileSync(probe,'utf8')).sdkVersion||'latest');process.exit(0)}}console.log('latest')}catch{console.log('latest')}")
 
 npm i -g @a5c-ai/babysitter-sdk@$SDK_VERSION
-CLI="npx -y @a5c-ai/babysitter-sdk@$SDK_VERSION"
+if command -v babysitter >/dev/null 2>&1 && babysitter --version >/dev/null 2>&1; then
+  CLI="babysitter"
+else
+  CLI="npm exec --yes --package @a5c-ai/babysitter-sdk@$SDK_VERSION -- babysitter"
+fi
 ```
 
+If a stale or broken global shim fails with `MODULE_NOT_FOUND`, repair it with `npm rm -g @a5c-ai/babysitter @a5c-ai/babysitter-sdk && npm i -g @a5c-ai/babysitter-sdk@$SDK_VERSION`, then re-run `babysitter --version`.
+
 ## Instructions
 
 Run the following command to get full orchestration instructions:
 
 ```bash
-babysitter instructions:babysit-skill --harness opencode --interactive
+$CLI instructions:babysit-skill --harness opencode --interactive
 ```
 
 For non-interactive mode:
 
 ```bash
-babysitter instructions:babysit-skill --harness opencode --no-interactive
+$CLI instructions:babysit-skill --harness opencode --no-interactive
 ```
 
 Follow the instructions returned by the command above to orchestrate the run.

package/skills/check-forbidden-markers/SKILL.md

@@ -0,0 +1,69 @@
+---
+name: check-forbidden-markers
+description: Pre-deploy gate that scans built JS chunks for forbidden substring markers (saga-era / obsolete code paths) listed in a project-local forbidden-markers.txt
+---
+
+# check-forbidden-markers
+
+Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md). Compose the gate from the shared helper at `library/processes/shared/forbidden-markers-scanner.js` (issue #477).
+
+## What this gate does
+
+Reads a list of literal substring markers from `scripts/forbidden-markers.txt` (blank lines and `#`-prefixed comments stripped) and greps every `.js` chunk under `.vercel/output/static/_next/static/chunks/` (Next.js / Vercel default; configurable) for any occurrence. Reports structured hits per `(marker, chunk)` pair with occurrence counts. Designed to chain between `vercel build --prod` and `vercel deploy --prod`.
+
+Use this gate when a refactor or restart-from-baseline replaced load-bearing code paths and you need a structural guarantee the obsolete symbols never re-ship. Burned-in evidence: cookbook VI-9 / VI-12 near-miss revivals during the 2026-05 iOS-Safari saga; the prototype lives at `cookbook/scripts/check-no-forbidden.mjs` and shipped two upstream contributions before being generalized as this gate.
+
+## When to use
+
+- **Pre-deploy.** Insert after build, before deploy. Block the deploy when `ok: false`.
+- **Post-restart.** After a baseline rollback + step-by-step re-add, snapshot the saga-era markers in `forbidden-markers.txt` and let CI hold the line.
+- **Post-refactor.** When old helper / handler / module names must not coexist with the new ones in the same bundle.
+
+## Expected config locations
+
+- `scripts/forbidden-markers.txt` — one marker per line, `#` for comments. The list is the contract; the gate is mechanical. Commit this file to source control.
+- `.vercel/output/static/_next/static/chunks/` — default scan target. Override for non-Vercel frameworks via the `--chunks-dir` flag or the `chunksDir` task input.
+
+A missing markers file is a no-op (`ok: true`, `reason: 'missing-markers-file'`) — misconfiguration is never a deploy block. A missing chunks directory is likewise a no-op (`reason: 'missing-chunks-dir'`) so the gate is safe to chain into `check:all` before the build runs.
+
+## Exit semantics
+
+| Reason                  | `ok`   | Deploy decision                |
+|-------------------------|--------|--------------------------------|
+| `missing-markers-file`  | true   | Pass (no gate active)          |
+| `missing-chunks-dir`    | true   | Pass (run before build)        |
+| `empty-markers`         | true   | Pass (list is empty)           |
+| `no-chunks`             | true   | Pass (nothing to scan)         |
+| `clean`                 | true   | Pass — proceed to deploy       |
+| `hits`                  | false  | **BLOCK** — surface hits, ask for triage |
+
+For each hit, the gate emits `{ marker, chunk, count }` so the operator sees the exact marker string, the absolute chunk path, and the number of occurrences in that chunk. Multiple hits across chunks for the same marker are reported separately.
+
+## Programmatic surface
+
+```js
+import { scanForbiddenMarkers, checkForbiddenMarkersTask } from '@a5c-ai/babysitter-library/processes/shared';
+
+// Direct call:
+const result = await scanForbiddenMarkers({
+  markersFile: 'scripts/forbidden-markers.txt',
+  chunksDir:   '.vercel/output/static/_next/static/chunks',
+});
+if (!result.ok) {
+  // result.hits: Array<{ marker, chunk, count }>
+  // result.reason === 'hits'
+  process.exit(1);
+}
+
+// Or dispatched as a babysitter task:
+const gate = await ctx.task(checkForbiddenMarkersTask, {
+  projectDir: '.',
+  // markersFile / chunksDir are inferred from projectDir if omitted
+});
+```
+
+## Reference
+
+- Issue: https://github.com/a5c-ai/babysitter/issues/477
+- Helper module: `library/processes/shared/forbidden-markers-scanner.js`
+- Origin (cookbook prototype): `cookbook/scripts/check-no-forbidden.mjs` (81 lines)

package/skills/cleanup/SKILL.md

@@ -7,7 +7,13 @@ description: Clean up .a5c/runs and .a5c/processes directories. Aggregates insig
 
 Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md).
 
-Create and run a cleanup process using the process at `skills\babysit\process\cradle\cleanup-runs.js/processes/cleanup-runs.js`.
+Resolve the active process library with:
+
+```bash
+babysitter process-library:active --json
+```
+
+Read `binding.dir` from that JSON and create/run the cleanup process from `cradle/cleanup-runs.js#process` relative to that active library root. Do not use plugin-cache-relative cradle paths.
 
 Implementation notes (for the process):
 - Parse arguments for `--dry-run` flag (if present, set dryRun: true in inputs) and `--keep-days N` (default: 7)

package/skills/help/SKILL.md

@@ -234,7 +234,8 @@ SECONDARY COMMANDS
   How it works: Runs npx @a5c-ai/babysitter-observer-dashboard@latest which watches
   the .a5c/runs/ directory (or a parent directory containing multiple projects) and
   serves a live dashboard. The process is blocking -- it runs until you stop it, and
-  it prints the local URL to share with the user.
+  it prints the local URL to share with the user. Do not use `babysitter observe`
+  as a fallback; the core Babysitter CLI does not expose that subcommand.
 
   Example: /babysitter:observe
   (opens browser showing all runs with live-updating task

package/skills/observe/SKILL.md

@@ -8,6 +8,11 @@ description: Launch the babysitter observer dashboard. Installs and runs the rea
 Run the babysitter observer dashboard:
 
 1. Determine the watch directory — this is usually the project's container directory (the parent of the project dir), or the current working directory if not specified.
-2. Launch the dashboard: `npx -y @a5c-ai/babysitter-observer-dashboard@latest --watch-dir <dir>`
+2. Launch the standalone dashboard package: `npx -y @a5c-ai/babysitter-observer-dashboard@latest --watch-dir <dir>`.
 3. This is a blocking process — it will keep running until stopped.
 4. Report the URL printed by the dashboard to the user, then open it in the browser.
+
+Do not fall back to `babysitter observe`; the core Babysitter CLI does not expose
+that subcommand. Some harness runtimes may provide a separate
+`agent-platform observe` surface, but this skill uses the verified standalone
+dashboard package.

package/skills/plan/SKILL.md

@@ -5,4 +5,14 @@ description: Plan a babysitter run. use this command to plan a complex workflow,
 
 # plan
 
-Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md). focus on creating the best process possible, but without creating and running the actual run.
+Invoke the babysitter:babysit skill (using the Skill tool) and follow its instructions (SKILL.md). Focus on creating the best process possible, but without creating and running the actual run.
+
+Before drafting the process, run Phase 0 -- REUSE-AUDIT: extract keyword nouns and verbs from the request, scan for matching existing migrations, API routes, environment variables, SDK dependencies, and imports, honor `.a5c/reuse-audit.json` when present, and put a `Reuse-audit findings (REVIEW BEFORE PROCEEDING)` block before Phase 1 of the plan.
+
+## Process Shape Selection
+
+Choose the process shape before authoring `process.js`:
+
+- Use a flat phase list when the spec is well-defined, the work is wiring or composition, the bug class is already known if this is a fix, and execution should proceed sequentially through clear phases.
+- Use a HYPOTHESES tree when the bug class is unknown, forensics are required, multiple causal models compete, and each hypothesis needs its own observations, falsifying observations, and follow-up phases.
+- Rule of thumb: if the first phase is "investigate", use HYPOTHESES-tree mode. If the first phase is "implement X", use flat-phase-list mode.

package/skills/yolo/SKILL.md

@@ -5,7 +5,7 @@ description: Orchestrate a babysitter run. use this command to start babysitting
 
 # yolo
 
-Start the Babysitter run directly through the CLI, without any user interaction or breakpoints. Do not invoke the Skill tool and do not run an instructions-only command. In Claude Code, use Bash to run `babysitter harness:yolo --harness claude-code --workspace "$PWD" --prompt "<user arguments>" --json`; in Codex, run `babysitter harness:yolo --harness codex --workspace "$PWD" --prompt "<user arguments>" --json`; in other harnesses, use the same command with that harness id. Replace `<user arguments>` with the arguments shown below, wait for the command to finish, and treat the CLI completion proof as the result.
+Run the Babysitter orchestration instructions directly through the CLI, without any user interaction or breakpoints. In Claude Code, use Bash to run `babysitter instructions:babysit-skill --harness claude-code --no-interactive`; in Codex, run `babysitter instructions:babysit-skill --harness codex --no-interactive`; in other harnesses, use the same command with that harness id. Then follow the returned instructions in this same turn until completion proof is produced. Do not stop after reading the instructions, do not invoke the Skill tool first, and use the non-interactive/no-breakpoints path when the instructions offer a mode choice.
 
 User arguments for this command:
 

package/versions.json

@@ -1,4 +1,4 @@
 {
-  "sdkVersion": "5.0.1-staging.9e5052f8bc95",
-  "extensionVersion": "5.0.1-staging.9e5052f8bc95"
+  "sdkVersion": "5.0.1-staging.a2865ee1a2da",
+  "extensionVersion": "5.0.1-staging.a2865ee1a2da"
 }