@agfpd/iapeer-memory 0.2.2 → 0.2.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agfpd/iapeer-memory",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "iapeer-memory — peer memory for the iapeer ecosystem: vault, memoryd (index/search/MCP-http), layer-5 context fragments, role doctrines. The package IS the system; the claude/codex plugins are thin session sockets (docs/10-distribution.md, ADR-009).",
   "license": "MIT",
   "type": "module",
@@ -27,7 +27,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@agfpd/iapeer-memory-core": "0.2.2"
+    "@agfpd/iapeer-memory-core": "0.2.4"
   },
   "devDependencies": {
     "@types/bun": "^1.2.0",

package/src/cli.ts

@@ -24,6 +24,7 @@ import { cmdInit } from "./commands/init.js";
 import { cmdInstallBinary } from "./commands/install-binary.js";
 import { cmdMemoryd } from "./commands/memoryd.js";
 import { cmdMigrate } from "./commands/migrate.js";
+import { cmdDreamPaths } from "./commands/dream-paths.js";
 import { cmdProvisionPeer, cmdUnprovisionPeer } from "./commands/provision-peer.js";
 import { cmdRender } from "./commands/render.js";
 import { cmdStatus } from "./commands/status.js";
@@ -52,14 +53,19 @@ Commands:
                             init step / repair path; needs package sources
   provision-peer --cwd P --runtime claude|codex --personality NAME [--occasion O]
                             merge the direct session surfaces into one peer's
-                            cwd (claude: hooks/MCP/skills; codex: project MCP;
-                            idempotent, own keys only); the iapeer core shells
-                            into this at peer birth
+                            cwd (claude: hooks/MCP/skills; codex: project MCP +
+                            hooks.json with a trust-hooks pre-seed; idempotent,
+                            own keys only); the iapeer core shells into this at
+                            peer birth
   unprovision-peer --cwd P --runtime claude|codex [--occasion O]
                             strip OUR surfaces from one peer's cwd (mirror)
   fm-update [ops] FILE...   structural frontmatter edits + attribution stamp
   migrate --source DIR      move harness auto-memory into the vault
                             (dry-run by default; --apply to execute)
+  dream-paths               tick-time DreamWeaver fan-out resolution: agent
+                            memory folders + transcript globs per runtime
+                            from the LIVE registry (the Index shells this on
+                            DREAM_TICK; read-only)
   render index|fragment|doctrine|guide
                             render one artifact explicitly (memoryd does this
                             continuously; render is the manual/scripted path)
@@ -124,8 +130,10 @@ export async function main(argv: string[]): Promise<number> {
       return cmdUpdate(rest, egress);
     case "install-binary":
       return cmdInstallBinary(rest, egress);
+    case "dream-paths":
+      return cmdDreamPaths(rest, egress);
     case "provision-peer":
-      return cmdProvisionPeer(rest);
+      return cmdProvisionPeer(rest, egress);
     case "unprovision-peer":
       return cmdUnprovisionPeer(rest);
     case "fm-update":

package/src/commands/dream-paths.ts

@@ -0,0 +1,153 @@
+/**
+ * `iapeer-memory dream-paths [--iapeer-bin P]` — tick-time resolution of the
+ * DreamWeaver fan-out (P5 §4.3, boris-accepted form (б) + source (1)).
+ *
+ * The weekly DREAM_TICK lands in a FRESH index session; the Index shells
+ * THIS verb and fans DreamWeaver out over its output — one agent-memory
+ * subfolder per task, transcript globs riding along. Resolution happens AT
+ * THE TICK, never baked into the timer registration: a baked snapshot
+ * re-creates the «фаза D мертва, glob-skip маскирует» class one layer down.
+ *
+ * SOURCE = the LIVE registry (`iapeer list --json`), not fleet.json — the
+ * freshness proof (facts, 11.06): birth-provision does NOT touch fleet.json
+ * (writeFleetMap call sites: init/update/verify --repair only) and the
+ * SessionStart kick is heartbeat-gated (silent on a healthy host), so a
+ * peer born after the last update is INVISIBLE to fleet.json for weeks —
+ * the live registry is the only source that sees it. Read-as-egress: a
+ * legitimate live channel of the prod CLI (the refusing test handle blocks
+ * it; hermetic tests pass --iapeer-bin).
+ *
+ * READ-ONLY by contract: one registry list spawn + vault readdir +
+ * realpath. No writes, no signals, no detached spawns.
+ *
+ * Transcript path forms (host facts):
+ *   claude — `~/.claude/projects/<slug(cwd)>/*.jsonl`; slug = every
+ *     non-alphanumeric of the REGISTRY cwd → '-' (live form:
+ *     /Users/macmini/.iapeer/peers/index → -Users-macmini--iapeer-peers-index;
+ *     the registry cwd verbatim, NOT realpath — claude slugs the path the
+ *     session launched in);
+ *   codex — `~/.codex/sessions/**\/rollout-*.jsonl` (HOST-WIDE pool) +
+ *     `cwdFilter` = realpath(cwd): the worker matches the payload's
+ *     session_meta.cwd — the iapeer-contract realpath rule.
+ *
+ * Folders without a live peer get `transcripts: []` — phase D skips them
+ * honestly (A–C still run); peers without a memory subfolder are not in
+ * the fan-out (nothing to consolidate).
+ */
+
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { getTaxonomy, isLocaleId } from "@agfpd/iapeer-memory-core";
+import type { Egress } from "../egress.js";
+import { queryRegistry, type FleetPeer } from "../fleet.js";
+
+/** Claude projects-dir slug — the live disk form (ls ~/.claude/projects). */
+export function claudeProjectSlug(cwd: string): string {
+  return cwd.replace(/[^A-Za-z0-9]/g, "-");
+}
+
+export type TranscriptSpec = {
+  runtime: "claude" | "codex";
+  glob: string;
+  /** codex only: the worker filters the HOST-WIDE pool by the payload's
+   *  session_meta.cwd against this realpath (iapeer contract). */
+  cwdFilter?: string;
+};
+
+export function transcriptSpecs(peer: FleetPeer, home: string): TranscriptSpec[] {
+  const specs: TranscriptSpec[] = [];
+  if (peer.runtimes.includes("claude")) {
+    specs.push({
+      runtime: "claude",
+      glob: path.join(home, ".claude", "projects", claudeProjectSlug(peer.cwd), "*.jsonl"),
+    });
+  }
+  if (peer.runtimes.includes("codex")) {
+    let real = peer.cwd;
+    try {
+      real = fs.realpathSync(peer.cwd);
+    } catch {
+      // vanished cwd — keep the registry form; the filter simply matches nothing
+    }
+    specs.push({
+      runtime: "codex",
+      glob: path.join(home, ".codex", "sessions", "**", "rollout-*.jsonl"),
+      cwdFilter: real,
+    });
+  }
+  return specs;
+}
+
+export type DreamFolder = {
+  agent: string;
+  path: string;
+  transcripts: TranscriptSpec[];
+};
+
+export function buildDreamPaths(opts: {
+  vault: string;
+  agentMemoryFolder: string;
+  peers: FleetPeer[];
+  home: string;
+}): DreamFolder[] {
+  const memoryRoot = path.join(opts.vault, opts.agentMemoryFolder);
+  let entries: fs.Dirent[];
+  try {
+    entries = fs.readdirSync(memoryRoot, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  const byPersonality = new Map(opts.peers.map((p) => [p.personality, p]));
+  return entries
+    .filter((e) => e.isDirectory() && !e.name.startsWith("."))
+    .sort((a, b) => a.name.localeCompare(b.name))
+    .map((e) => {
+      const peer = byPersonality.get(e.name);
+      return {
+        agent: e.name,
+        path: path.join(memoryRoot, e.name),
+        transcripts: peer ? transcriptSpecs(peer, opts.home) : [],
+      };
+    });
+}
+
+export function cmdDreamPaths(argv: string[], egress: Egress): number {
+  let iapeerBin: string | undefined;
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === "--iapeer-bin") iapeerBin = argv[++i];
+    else {
+      console.error(`iapeer-memory dream-paths: unknown flag: ${a}`);
+      return 2;
+    }
+  }
+
+  const vault = process.env.IAPEER_MEMORY_VAULT_PATH ?? "";
+  if (!vault) {
+    console.error("iapeer-memory dream-paths: IAPEER_MEMORY_VAULT_PATH is not set — not provisioned");
+    return 1;
+  }
+  const localeRaw = process.env.IAPEER_MEMORY_LOCALE || "en";
+  if (!isLocaleId(localeRaw)) {
+    console.error(`iapeer-memory dream-paths: unknown locale "${localeRaw}"`);
+    return 1;
+  }
+
+  const q = queryRegistry(egress, { iapeerBin });
+  if ("error" in q) {
+    // LOUD: a silent empty fan-out would re-create the masked-dead-phase
+    // class — the Index sees this line and reports instead of guessing.
+    console.error(`iapeer-memory dream-paths: live registry unavailable — ${q.error}`);
+    return 1;
+  }
+
+  const folders = buildDreamPaths({
+    vault,
+    agentMemoryFolder: getTaxonomy(localeRaw).folders.agentMemory,
+    peers: q.peers,
+    home: os.homedir(),
+  });
+  console.log(JSON.stringify({ vault, folders }, null, 2));
+  return 0;
+}

package/src/commands/hook.ts

@@ -44,13 +44,64 @@ import { memoryPaths, type MemoryPaths } from "../paths.js";
 import { DEFAULT_HEARTBEAT_STALE_MS } from "./verify.js";
 import { guardedWriteFileSync } from "@agfpd/iapeer-memory-core";
 
-/** Tools whose writes stamp frontmatter. P5 adds "apply_patch" (codex). */
+/** Tools whose writes stamp frontmatter: claude Write|Edit|MultiEdit +
+ *  codex apply_patch (Ш2; stdin-JSON is Claude-compatible — canon
+ *  «Поверхности конфигурации codex» §Хуки). */
 export const POST_WRITE_TOOLS: ReadonlySet<string> = new Set([
   "Write",
   "Edit",
   "MultiEdit",
+  "apply_patch",
 ]);
 
+/** apply_patch envelope markers (the public codex patch format) — the
+ *  deterministic path source from tool_input's patch text. */
+const PATCH_FILE_RE = /^\*\*\* (?:Update|Add) File: (.+)$/gm;
+
+/** `tool_response` status lines — the VERBATIM form established by the live
+ *  Ш2 e2e (codex-cli 0.138.0, gpt-5.5, captured stdin 11.06):
+ *  a single STRING `"Exit code: 0\nWall time: …\nOutput:\nSuccess. Updated
+ *  the following files:\nA /abs/path.md\n"` — `A`/`M`/`D` markers per file. */
+const RESPONSE_FILE_RE = /^[AMD]\s+(.+)$/;
+
+/**
+ * File-path candidates of a codex apply_patch event. Two sources, union:
+ * the envelope markers inside the patch text (scans every string value of
+ * tool_input — the live field is `command`, the name is not load-bearing)
+ * and the `A/M/D <path>` lines of the tool_response string (verbatim form
+ * above; a D path simply fails the existsSync gate downstream). Relative
+ * paths resolve against the event's `cwd` (stdin carries it — live fact).
+ */
+export function applyPatchPaths(event: {
+  cwd?: string;
+  tool_input?: unknown;
+  tool_response?: unknown;
+}): string[] {
+  const found = new Set<string>();
+  const add = (raw: string): void => {
+    const p = raw.trim();
+    if (!p) return;
+    found.add(path.isAbsolute(p) ? p : path.resolve(event.cwd ?? process.cwd(), p));
+  };
+  const input = event.tool_input;
+  if (input && typeof input === "object") {
+    for (const v of Object.values(input as Record<string, unknown>)) {
+      if (typeof v !== "string") continue;
+      for (const m of v.matchAll(PATCH_FILE_RE)) add(m[1]);
+    }
+  } else if (typeof input === "string") {
+    for (const m of input.matchAll(PATCH_FILE_RE)) add(m[1]);
+  }
+  const resp = event.tool_response;
+  if (typeof resp === "string") {
+    for (const line of resp.split("\n")) {
+      const m = RESPONSE_FILE_RE.exec(line);
+      if (m) add(m[1]);
+    }
+  }
+  return [...found];
+}
+
 /** Min interval between background verify-kicks (anti-storm). */
 export const KICK_DEBOUNCE_MS = 5 * 60_000;
 
@@ -77,7 +128,12 @@ export function runPostWrite(
 ): PostWriteResult {
   const silent: PostWriteResult = { stamped: false, output: null };
 
-  let event: { tool_name?: string; tool_input?: { file_path?: string } };
+  let event: {
+    tool_name?: string;
+    cwd?: string;
+    tool_input?: { file_path?: string };
+    tool_response?: unknown;
+  };
   try {
     event = JSON.parse(eventJson) as typeof event;
   } catch {
@@ -88,15 +144,20 @@ export function runPostWrite(
   // reference live-smoke fact; the same ordering keeps claude cheap too).
   if (!POST_WRITE_TOOLS.has(tool)) return silent;
 
-  const filePath = event.tool_input?.file_path ?? "";
-  if (!filePath.endsWith(".md")) return silent;
+  // Path candidates: claude tools carry ONE file_path; codex apply_patch
+  // carries a patch over possibly MANY files (Ш2).
+  const candidates =
+    tool === "apply_patch"
+      ? applyPatchPaths(event)
+      : [event.tool_input?.file_path ?? ""];
 
   const vault = env.IAPEER_MEMORY_VAULT_PATH ?? "";
   if (!vault) return silent; // socket without a provisioned system
-  if (!filePath.startsWith(vault.endsWith(path.sep) ? vault : vault + path.sep)) {
-    return silent; // outside the vault — никогда не трогаем чужие файлы
-  }
-  if (!fs.existsSync(filePath)) return silent; // failed write — nothing to stamp
+  const vaultPrefix = vault.endsWith(path.sep) ? vault : vault + path.sep;
+  const files = candidates.filter(
+    (p) => p.endsWith(".md") && p.startsWith(vaultPrefix) && fs.existsSync(p),
+  );
+  if (files.length === 0) return silent;
 
   // Identity: PEER_PERSONALITY → IAPEER_MEMORY_AGENT_NAME. NO cwd guessing
   // (нюанс 10 — deliberate divergence from the reference basename(PWD)).
@@ -112,7 +173,7 @@ export function runPostWrite(
     .filter(Boolean);
 
   fmUpdate({
-    files: [filePath],
+    files,
     ops: [],
     agent,
     vault,
@@ -121,12 +182,15 @@ export function runPostWrite(
     stamp: true,
   });
 
-  // Reminder: ONLY on Write (new note) in the author's OWN memory folder —
-  // an Edit-loop on one note must not spam the context (reference semantics).
+  // Reminder: ONLY on a claude Write (new note) in the author's OWN memory
+  // folder — an Edit-loop must not spam the context (reference semantics).
+  // The codex branch NEVER emits: hookSpecificOutput.additionalContext is a
+  // claude protocol — codex support is unverified (upstream issue #19385
+  // ASKS for it, which reads as «not there»; fact-checked stance, not a gap).
   const ownMemoryDir =
     path.join(vault, taxonomy.folders.agentMemory, agent) + path.sep;
   const output =
-    tool === "Write" && filePath.startsWith(ownMemoryDir)
+    tool === "Write" && files[0]!.startsWith(ownMemoryDir)
       ? JSON.stringify({
           hookSpecificOutput: {
             hookEventName: "PostToolUse",

package/src/commands/init.ts

@@ -444,7 +444,7 @@ export async function cmdInit(argv: string[], egress: Egress): Promise<number> {
       const fleet = readFleetMap(paths.fleetMapPath) ?? [];
       const locked = withProvisionLock({
         stateDir: paths.stateDir,
-        fn: () => sweepProvision({ fleet, hooksDir: paths.hooksDir, port: mcpPort() }),
+        fn: () => sweepProvision(egress, { fleet, hooksDir: paths.hooksDir, port: mcpPort(), iapeerBin: flags.iapeerBin }),
       });
       if (!locked.acquired) {
         step("surfaces", locked.detail, false);

package/src/commands/provision-peer.ts

@@ -19,12 +19,13 @@
  *     branched on.
  *
  * Runtime forms: claude — hooks + mcp + skills (surfaces/claude.ts);
- * codex — per-peer MCP via `<cwd>/.codex/config.toml` (surfaces/codex.ts;
- * hooks/skills are the P5 experiment). Exit: 0 ok, 1 a surface failed,
- * 2 usage.
+ * codex — per-peer MCP via `<cwd>/.codex/config.toml` + hooks.json with the
+ * core's trust-hooks pre-seed (surfaces/codex.ts, Ш2; skills deliberately
+ * not delivered — P5 §4.2). Exit: 0 ok, 1 a surface failed, 2 usage.
  */
 
 import fs from "node:fs";
+import type { Egress } from "../egress.js";
 import { memoryPaths } from "../paths.js";
 import {
   provisionClaudePeer,
@@ -53,6 +54,8 @@ type Flags = {
   runtime: (typeof RUNTIMES)[number];
   occasion: Occasion;
   personality: string;
+  /** Explicitly named core binary (hermetic tests; egress explicit-bin). */
+  iapeerBin?: string;
 };
 
 function parseFlags(
@@ -64,6 +67,7 @@ function parseFlags(
   let runtime = "";
   let occasion: string = defaultOccasion;
   let personality = "";
+  let iapeerBin: string | undefined;
   for (let i = 0; i < argv.length; i++) {
     const a = argv[i];
     switch (a) {
@@ -71,6 +75,7 @@ function parseFlags(
       case "--runtime": runtime = argv[++i] ?? ""; break;
       case "--occasion": occasion = argv[++i] ?? ""; break;
       case "--personality": personality = argv[++i] ?? ""; break;
+      case "--iapeer-bin": iapeerBin = argv[++i]; break;
       default:
         console.error(`iapeer-memory ${verb}: unknown flag: ${a}`);
         return null;
@@ -105,6 +110,7 @@ function parseFlags(
     runtime: runtime as Flags["runtime"],
     occasion: occasion as Occasion,
     personality,
+    iapeerBin,
   };
 }
 
@@ -124,7 +130,7 @@ function report(verb: string, flags: Flags, outcomes: SurfaceOutcome[]): number
   return failed ? 1 : 0;
 }
 
-export function cmdProvisionPeer(argv: string[]): number {
+export function cmdProvisionPeer(argv: string[], egress: Egress): number {
   const flags = parseFlags("provision-peer", argv, "sweep-on");
   if (!flags) return 2;
   if (!fs.existsSync(flags.cwd)) {
@@ -136,7 +142,12 @@ export function cmdProvisionPeer(argv: string[]): number {
     stateDir: paths.stateDir,
     fn: () =>
       flags.runtime === "codex"
-        ? provisionCodexPeer({ cwd: flags.cwd, port: mcpPort() })
+        ? provisionCodexPeer(egress, {
+            cwd: flags.cwd,
+            port: mcpPort(),
+            hooksDir: paths.hooksDir,
+            iapeerBin: flags.iapeerBin,
+          })
         : provisionClaudePeer({
             cwd: flags.cwd,
             hooksDir: paths.hooksDir,

package/src/commands/update.ts

@@ -161,7 +161,7 @@ export function cmdUpdate(argv: string[], egress: Egress): number {
     const fleet = readFleetMap(paths.fleetMapPath) ?? [];
     const locked = withProvisionLock({
       stateDir: paths.stateDir,
-      fn: () => sweepProvision({ fleet, hooksDir: paths.hooksDir, port: mcpPort() }),
+      fn: () => sweepProvision(egress, { fleet, hooksDir: paths.hooksDir, port: mcpPort(), iapeerBin }),
     });
     if (!locked.acquired) {
       step("surfaces", locked.detail, false);

package/src/commands/verify.ts

@@ -221,7 +221,7 @@ export function runVerify(egress: Egress, opts: VerifyOptions = {}): CheckResult
         detail: "fleet map unreadable — see fleet-map check",
       });
     } else {
-      const { checks, skipped } = checkFleetSurfaces({
+      const { checks, skipped } = checkFleetSurfaces(egress, {
         fleet,
         hooksDir: paths.hooksDir,
         port: mcpPort(),
@@ -247,7 +247,7 @@ export function runVerify(egress: Egress, opts: VerifyOptions = {}): CheckResult
         const badPeers = fleet.filter((p) => bad.some((b) => b.cwd === p.cwd));
         const locked = withProvisionLock({
           stateDir: paths.stateDir,
-          fn: () => sweepProvision({ fleet: badPeers, hooksDir: paths.hooksDir, port: mcpPort() }),
+          fn: () => sweepProvision(egress, { fleet: badPeers, hooksDir: paths.hooksDir, port: mcpPort(), iapeerBin: opts.iapeerBin }),
         });
         if (!locked.acquired) {
           results.push({ name: "peer-surfaces", status: "fail", detail: locked.detail });

package/src/fleet.ts

@@ -70,65 +70,72 @@ export function readFleetMap(fleetMapPath: string): FleetPeer[] | null {
   }
 }
 
-export function writeFleetMap(
+/** Live-registry query — the ONE place `iapeer list --json` is parsed.
+ *  Shared by writeFleetMap (the persisted map) and dream-paths (the
+ *  tick-time resolution; freshness fact: birth does NOT touch fleet.json
+ *  and the SessionStart kick is heartbeat-gated, so the LIVE registry is
+ *  the only source that sees a newborn before the next update). */
+export function queryRegistry(
   egress: Egress,
-  opts: {
-    fleetMapPath: string;
-    iapeerBin?: string;
-    /** Injectable for tests. */
-    nowIso?: string;
-  },
-): FleetMapResult {
+  opts: { iapeerBin?: string },
+): { peers: FleetPeer[] } | { error: string } {
   const bin = opts.iapeerBin ?? IAPEER_BIN;
   const proc = egress.spawnSync([bin, "list", "--json"], {
     explicitBin: opts.iapeerBin !== undefined,
   });
   if (proc.refused) {
-    return {
-      action: "failed",
-      count: 0,
-      detail: "live-registry query suppressed (test sandbox) — pass a fake iapeerBin",
-    };
+    return { error: "live-registry query suppressed (test sandbox) — pass a fake iapeerBin" };
   }
   if (proc.spawnError) {
-    return { action: "failed", count: 0, detail: `${bin} unavailable: ${proc.spawnError}` };
+    return { error: `${bin} unavailable: ${proc.spawnError}` };
   }
   if (proc.exitCode !== 0) {
-    return {
-      action: "failed",
-      count: 0,
-      detail: (proc.stderr.trim() || `iapeer list exited ${proc.exitCode}`).slice(0, 160),
-    };
+    return { error: (proc.stderr.trim() || `iapeer list exited ${proc.exitCode}`).slice(0, 160) };
   }
-  const stdout = proc.stdout;
-
   let listed: ListedPeer[];
   try {
-    const raw = JSON.parse(stdout) as unknown;
+    const raw = JSON.parse(proc.stdout) as unknown;
     listed = Array.isArray(raw) ? (raw as ListedPeer[]) : [];
   } catch {
-    return { action: "failed", count: 0, detail: "iapeer list --json: unparsable output" };
+    return { error: "iapeer list --json: unparsable output" };
   }
+  return {
+    peers: listed
+      .filter(
+        (p): p is ListedPeer & { personality: string; cwd: string } =>
+          typeof p.personality === "string" &&
+          p.personality.trim() !== "" &&
+          typeof p.cwd === "string" &&
+          p.cwd.trim() !== "",
+      )
+      .map((p) => ({
+        personality: p.personality.trim(),
+        cwd: p.cwd.trim(),
+        runtimes: [
+          ...new Set(
+            (Array.isArray(p.runtimes) ? p.runtimes : [])
+              .map((r) => (typeof r?.runtime === "string" ? r.runtime.trim() : ""))
+              .filter(Boolean),
+          ),
+        ],
+      })),
+  };
+}
 
-  const peers: FleetPeer[] = listed
-    .filter(
-      (p): p is ListedPeer & { personality: string; cwd: string } =>
-        typeof p.personality === "string" &&
-        p.personality.trim() !== "" &&
-        typeof p.cwd === "string" &&
-        p.cwd.trim() !== "",
-    )
-    .map((p) => ({
-      personality: p.personality.trim(),
-      cwd: p.cwd.trim(),
-      runtimes: [
-        ...new Set(
-          (Array.isArray(p.runtimes) ? p.runtimes : [])
-            .map((r) => (typeof r?.runtime === "string" ? r.runtime.trim() : ""))
-            .filter(Boolean),
-        ),
-      ],
-    }));
+export function writeFleetMap(
+  egress: Egress,
+  opts: {
+    fleetMapPath: string;
+    iapeerBin?: string;
+    /** Injectable for tests. */
+    nowIso?: string;
+  },
+): FleetMapResult {
+  const q = queryRegistry(egress, { iapeerBin: opts.iapeerBin });
+  if ("error" in q) {
+    return { action: "failed", count: 0, detail: q.error };
+  }
+  const peers = q.peers;
 
   const body =
     JSON.stringify(

package/src/surfaces/claude.ts

@@ -62,9 +62,16 @@ export function isOurHookCommand(command: string): boolean {
   return base.startsWith(HOOK_SHIM_PREFIX) && base.endsWith(".sh");
 }
 
-export type SurfaceAction = "written" | "already" | "removed" | "absent" | "failed";
+export type SurfaceAction =
+  | "written"
+  | "already"
+  | "removed"
+  | "absent"
+  | "failed"
+  /** A live-host step suppressed by the refusing egress (test sandbox). */
+  | "skipped";
 export type SurfaceOutcome = {
-  surface: "hooks" | "mcp" | "skills";
+  surface: "hooks" | "mcp" | "skills" | "trust";
   action: SurfaceAction;
   path: string;
   detail?: string;
@@ -140,7 +147,7 @@ export function expectedMcpEntry(opts: {
   };
 }
 
-type HookEntry = {
+export type HookEntry = {
   matcher?: string;
   hooks: Array<{ type: string; command: string }>;
 };
@@ -164,7 +171,7 @@ export function expectedHookEntries(
 type JsonObject = Record<string, unknown>;
 
 /** null = unreadable-as-object (refuse to clobber); {} when absent. */
-function readJsonObject(filePath: string): JsonObject | null | "absent" {
+export function readJsonObject(filePath: string): JsonObject | null | "absent" {
   let raw: string;
   try {
     raw = fs.readFileSync(filePath, "utf-8");
@@ -180,11 +187,11 @@ function readJsonObject(filePath: string): JsonObject | null | "absent" {
   }
 }
 
-function sameJson(a: unknown, b: unknown): boolean {
+export function sameJson(a: unknown, b: unknown): boolean {
   return JSON.stringify(a) === JSON.stringify(b);
 }
 
-function isOurHookEntry(entry: unknown): boolean {
+export function isOurHookEntry(entry: unknown): boolean {
   if (!entry || typeof entry !== "object") return false;
   const hooks = (entry as HookEntry).hooks;
   if (!Array.isArray(hooks)) return false;

package/src/surfaces/codex.ts

@@ -29,13 +29,22 @@
  * Merge = line-based section surgery on OUR header namespace only
  * (`[mcp_servers.iapeer-memory]` + its subsections), atomic write; unlike
  * the core's append-if-absent we REPLACE a drifted block (repair duty,
- * требование №2). Hooks/skills for codex are the P5 experiment — MCP is
- * deliberately the only codex surface here.
+ * требование №2). Hooks (Ш2) live in `<cwd>/.codex/hooks.json` below;
+ * skills for codex are deliberately NOT delivered (P5 §4.2, boris-agreed).
  */
 
 import fs from "node:fs";
 import path from "node:path";
-import type { SurfaceOutcome } from "./claude.js";
+import { IAPEER_BIN, type Egress } from "../egress.js";
+import {
+  isOurHookEntry,
+  materialiseShims,
+  readJsonObject,
+  sameJson,
+  shimPath,
+  type HookEntry,
+  type SurfaceOutcome,
+} from "./claude.js";
 import { guardedWriteFileSync, guardedUnlinkSync } from "@agfpd/iapeer-memory-core";
 
 export const CODEX_MCP_SECTION = "mcp_servers.iapeer-memory";
@@ -123,34 +132,323 @@ export function removeCodexMcp(opts: { cwd: string }): SurfaceOutcome {
   return { surface: "mcp", action: "removed", path: configPath };
 }
 
-export function provisionCodexPeer(opts: { cwd: string; port: number }): SurfaceOutcome[] {
-  return [mergeCodexMcp(opts)];
+// ── hooks surface (Ш2, P5_CODEX_ADAPTER_DESIGN §4.1) ────────────────────────
+//
+// File-based (non-plugin) hooks — live-proven by the iapeer smoke 11.06
+// (codex-cli 0.138.0): `<cwd>/.codex/hooks.json` of a TRUSTED cwd, format
+// Claude-compatible. The SAME shims serve both runtimes (all logic lives in
+// the CLI verbs; codex stdin-JSON is Claude-compatible — canon note
+// «Поверхности конфигурации codex» §Хуки).
+//
+// NO matcher ON PURPOSE: matcher inclusion in the upstream trust-hash
+// identity is unverified (canon note) and an untrusted hook in headless
+// exec SKIPS SILENTLY — the worst failure mode. Without a matcher the
+// identity walks the verified algorithm branch; the CLI's cheap tool_name
+// gate (hook.ts) filters the per-tool noise instead.
+//
+// Trust pre-seed: `iapeer trust-hooks <realpath>` (core ≥0.2.32) — the verb
+// owns the hash algorithm; we never compute it (agreed: one point of
+// truth). Cleanup of [hooks.state] on peer REMOVAL is the core's rail;
+// off-peer/off-all leave orphan records — harmless (keyed on the realpath
+// of a file we just removed; codex finds nothing to run).
+
+export function codexHooksJsonPath(cwd: string): string {
+  return path.join(cwd, ".codex", "hooks.json");
+}
+
+export function expectedCodexHookEntries(
+  hooksDir: string,
+): Record<"PostToolUse" | "SessionStart", HookEntry> {
+  return {
+    PostToolUse: {
+      hooks: [{ type: "command", command: shimPath(hooksDir, "post-write") }],
+    },
+    SessionStart: {
+      hooks: [{ type: "command", command: shimPath(hooksDir, "session-start") }],
+    },
+  };
+}
+
+export function mergeCodexHooks(opts: { cwd: string; hooksDir: string }): SurfaceOutcome {
+  const hooksJson = codexHooksJsonPath(opts.cwd);
+  const current = readJsonObject(hooksJson);
+  if (current === null) {
+    return {
+      surface: "hooks",
+      action: "failed",
+      path: hooksJson,
+      detail: "hooks.json is not a JSON object — refusing to clobber",
+    };
+  }
+  const obj: Record<string, unknown> = current === "absent" ? {} : current;
+  const hooksRaw = obj.hooks;
+  if (
+    hooksRaw !== undefined &&
+    (typeof hooksRaw !== "object" || Array.isArray(hooksRaw) || hooksRaw === null)
+  ) {
+    return {
+      surface: "hooks",
+      action: "failed",
+      path: hooksJson,
+      detail: "hooks.json `hooks` is not an object — refusing to clobber",
+    };
+  }
+  const hooks: Record<string, unknown> = (hooksRaw as Record<string, unknown> | undefined) ?? {};
+  const expected = expectedCodexHookEntries(opts.hooksDir);
+  let changed = false;
+  for (const event of ["PostToolUse", "SessionStart"] as const) {
+    const listRaw = hooks[event];
+    const list: unknown[] = Array.isArray(listRaw) ? listRaw : [];
+    const ours = list.filter(isOurHookEntry);
+    if (ours.length === 1 && sameJson(ours[0], expected[event])) continue;
+    const foreign = list.filter((e) => !isOurHookEntry(e));
+    hooks[event] = [...foreign, expected[event]];
+    changed = true;
+  }
+  if (!changed) {
+    return { surface: "hooks", action: "already", path: hooksJson };
+  }
+  obj.hooks = hooks;
+  writeFileAtomic(hooksJson, `${JSON.stringify(obj, null, 2)}\n`);
+  return { surface: "hooks", action: "written", path: hooksJson };
+}
+
+export function removeCodexHooks(opts: { cwd: string }): SurfaceOutcome {
+  const hooksJson = codexHooksJsonPath(opts.cwd);
+  const current = readJsonObject(hooksJson);
+  if (current === "absent") {
+    return { surface: "hooks", action: "absent", path: hooksJson };
+  }
+  if (current === null) {
+    return {
+      surface: "hooks",
+      action: "failed",
+      path: hooksJson,
+      detail: "hooks.json is not a JSON object — refusing to touch",
+    };
+  }
+  const hooksRaw = current.hooks;
+  if (!hooksRaw || typeof hooksRaw !== "object" || Array.isArray(hooksRaw)) {
+    return { surface: "hooks", action: "absent", path: hooksJson };
+  }
+  const hooks = hooksRaw as Record<string, unknown>;
+  let changed = false;
+  for (const event of Object.keys(hooks)) {
+    const list = hooks[event];
+    if (!Array.isArray(list)) continue;
+    const kept = list
+      .map((entry) => {
+        if (!isOurHookEntry(entry)) return entry;
+        const e = entry as HookEntry;
+        const foreignHooks = e.hooks.filter(
+          (h) => !(typeof h?.command === "string" && h.command.split("/").pop()?.startsWith("iapeer-memory.")),
+        );
+        if (foreignHooks.length === 0) return null;
+        return { ...e, hooks: foreignHooks };
+      })
+      .filter((e): e is NonNullable<typeof e> => e !== null);
+    if (kept.length !== list.length || !sameJson(kept, list)) changed = true;
+    if (kept.length === 0) delete hooks[event];
+    else hooks[event] = kept;
+  }
+  if (!changed) {
+    return { surface: "hooks", action: "absent", path: hooksJson };
+  }
+  if (Object.keys(hooks).length === 0) delete current.hooks;
+  if (Object.keys(current).length === 0) {
+    // nothing but our hooks lived here — leave the cwd exactly as found
+    guardedUnlinkSync(hooksJson);
+    return { surface: "hooks", action: "removed", path: hooksJson, detail: "file removed (empty after our entries)" };
+  }
+  writeFileAtomic(hooksJson, `${JSON.stringify(current, null, 2)}\n`);
+  return { surface: "hooks", action: "removed", path: hooksJson };
+}
+
+/** Trust pre-seed via the core verb (≥0.2.32). The refusing egress maps to
+ *  a SKIP (sandbox never touches the live host config); a failed verb is a
+ *  LOUD failure — an untrusted hook skips silently in headless, the worst
+ *  degradation mode (boris's acceptance condition: visible only). */
+export function trustCodexHooks(
+  egress: Egress,
+  opts: { hooksJsonPath: string; iapeerBin?: string },
+): SurfaceOutcome {
+  let real: string;
+  try {
+    real = fs.realpathSync(opts.hooksJsonPath); // trust keys on the REALPATH (core contract)
+  } catch {
+    return {
+      surface: "trust",
+      action: "failed",
+      path: opts.hooksJsonPath,
+      detail: "hooks.json unreadable for realpath — trust not attempted",
+    };
+  }
+  const bin = opts.iapeerBin ?? IAPEER_BIN;
+  const proc = egress.spawnSync([bin, "trust-hooks", real], {
+    explicitBin: opts.iapeerBin !== undefined,
+  });
+  if (proc.refused) {
+    return {
+      surface: "trust",
+      action: "skipped",
+      path: real,
+      detail: "suppressed (test sandbox) — live pre-seed runs on the host",
+    };
+  }
+  if (proc.spawnError) {
+    return { surface: "trust", action: "failed", path: real, detail: `${bin} unavailable: ${proc.spawnError}` };
+  }
+  if (proc.exitCode !== 0) {
+    return {
+      surface: "trust",
+      action: "failed",
+      path: real,
+      detail:
+        (proc.stderr.trim() || proc.stdout.trim() || `trust-hooks exited ${proc.exitCode}`).slice(0, 200) +
+        " — hooks stay UNTRUSTED (headless codex skips them silently); core ≥0.2.32 required",
+    };
+  }
+  const line = proc.stdout.trim().split("\n")[0] ?? "";
+  return {
+    surface: "trust",
+    action: line.toLowerCase().includes("already") ? "already" : "written",
+    path: real,
+    detail: line || undefined,
+  };
+}
+
+export function provisionCodexPeer(
+  egress: Egress,
+  opts: { cwd: string; port: number; hooksDir: string; iapeerBin?: string },
+): SurfaceOutcome[] {
+  // Shims first — the merged hooks.json must never point at a void (same
+  // ordering duty as the claude provision).
+  materialiseShims(opts.hooksDir);
+  const mcp = mergeCodexMcp({ cwd: opts.cwd, port: opts.port });
+  const hooks = mergeCodexHooks({ cwd: opts.cwd, hooksDir: opts.hooksDir });
+  const trust =
+    hooks.action === "failed"
+      ? ({
+          surface: "trust",
+          action: "failed",
+          path: codexHooksJsonPath(opts.cwd),
+          detail: "hooks surface failed — trust not attempted",
+        } as SurfaceOutcome)
+      : trustCodexHooks(egress, {
+          hooksJsonPath: codexHooksJsonPath(opts.cwd),
+          iapeerBin: opts.iapeerBin,
+        });
+  return [mcp, hooks, trust];
 }
 
 export function unprovisionCodexPeer(opts: { cwd: string }): SurfaceOutcome[] {
-  return [removeCodexMcp(opts)];
+  // [hooks.state] cleanup is the core's rail (`iapeer remove`); off-peer/
+  // off-all leave orphan records keyed on a now-absent file — harmless.
+  return [removeCodexMcp(opts), removeCodexHooks(opts)];
 }
 
-/** Read-only drift check (verify's eye, D3): the expected block must sit in
- *  the project-local config byte-exact. */
-export function checkCodexPeer(opts: {
-  cwd: string;
-  port: number;
-}): Array<{ surface: SurfaceOutcome["surface"]; ok: boolean; detail: string }> {
+/** Read-only drift check (verify's eye, D3 + Ш2): the MCP block byte-exact,
+ *  our hook entries in hooks.json, and the trust state via the core's
+ *  `trust-hooks --check` (the hash algorithm lives in ONE place — the core;
+ *  we render its verdict, never compute it). Degradation is VISIBLE by
+ *  acceptance condition: an untrusted hook skips silently in headless. */
+export function checkCodexPeer(
+  egress: Egress,
+  opts: {
+    cwd: string;
+    port: number;
+    hooksDir: string;
+    iapeerBin?: string;
+  },
+): Array<{ surface: SurfaceOutcome["surface"]; ok: boolean; detail: string }> {
+  const checks: Array<{ surface: SurfaceOutcome["surface"]; ok: boolean; detail: string }> = [];
+
   const configPath = codexConfigPath(opts.cwd);
-  let text: string;
+  let text: string | null = null;
   try {
     text = fs.readFileSync(configPath, "utf-8");
   } catch {
-    return [{ surface: "mcp", ok: false, detail: `no codex config at ${configPath}` }];
+    checks.push({ surface: "mcp", ok: false, detail: `no codex config at ${configPath}` });
   }
-  const expected = expectedCodexBlock(opts.port);
-  const ok = text.includes(expected);
-  return [
-    ok
-      ? { surface: "mcp", ok: true, detail: `[${CODEX_MCP_SECTION}] block in place` }
-      : hasOurSection(text)
-        ? { surface: "mcp", ok: false, detail: `[${CODEX_MCP_SECTION}] block drifted in ${configPath}` }
-        : { surface: "mcp", ok: false, detail: `[${CODEX_MCP_SECTION}] block missing in ${configPath}` },
-  ];
+  if (text !== null) {
+    const expected = expectedCodexBlock(opts.port);
+    checks.push(
+      text.includes(expected)
+        ? { surface: "mcp", ok: true, detail: `[${CODEX_MCP_SECTION}] block in place` }
+        : hasOurSection(text)
+          ? { surface: "mcp", ok: false, detail: `[${CODEX_MCP_SECTION}] block drifted in ${configPath}` }
+          : { surface: "mcp", ok: false, detail: `[${CODEX_MCP_SECTION}] block missing in ${configPath}` },
+    );
+  }
+
+  // hooks.json: exactly our entry per event (in-data ownership, shim basename)
+  const hooksJson = codexHooksJsonPath(opts.cwd);
+  const current = readJsonObject(hooksJson);
+  if (current === "absent" || current === null) {
+    checks.push({
+      surface: "hooks",
+      ok: false,
+      detail:
+        current === null
+          ? `hooks.json unreadable as object (${hooksJson})`
+          : `hooks.json missing (${hooksJson})`,
+    });
+  } else {
+    const expected = expectedCodexHookEntries(opts.hooksDir);
+    const hooks = (current.hooks ?? {}) as Record<string, unknown>;
+    const bad: string[] = [];
+    for (const event of ["PostToolUse", "SessionStart"] as const) {
+      const list: unknown[] = Array.isArray(hooks[event]) ? (hooks[event] as unknown[]) : [];
+      const ours = list.filter(isOurHookEntry);
+      if (!(ours.length === 1 && sameJson(ours[0], expected[event]))) bad.push(event);
+    }
+    checks.push(
+      bad.length === 0
+        ? { surface: "hooks", ok: true, detail: "our hook entries in place" }
+        : { surface: "hooks", ok: false, detail: `hook entries drifted/missing: ${bad.join(", ")} (${hooksJson})` },
+    );
+
+    // trust state — only meaningful when the entries are in place
+    if (bad.length === 0) {
+      let real: string | null = null;
+      try {
+        real = fs.realpathSync(hooksJson);
+      } catch {
+        real = null;
+      }
+      if (real === null) {
+        checks.push({ surface: "trust", ok: false, detail: "hooks.json vanished mid-check" });
+      } else {
+        const bin = opts.iapeerBin ?? IAPEER_BIN;
+        const proc = egress.spawnSync([bin, "trust-hooks", real, "--check"], {
+          explicitBin: opts.iapeerBin !== undefined,
+        });
+        if (proc.refused) {
+          checks.push({
+            surface: "trust",
+            ok: true,
+            detail: "trust check skipped (test sandbox)",
+          });
+        } else if (proc.spawnError) {
+          checks.push({
+            surface: "trust",
+            ok: false,
+            detail: `trust state UNKNOWN — ${bin} unavailable (${proc.spawnError}); untrusted hooks skip silently in headless`,
+          });
+        } else if (proc.exitCode === 0) {
+          checks.push({ surface: "trust", ok: true, detail: "hooks trusted (trust-hooks --check)" });
+        } else {
+          checks.push({
+            surface: "trust",
+            ok: false,
+            detail:
+              `hooks NOT trusted (drift/missing per trust-hooks --check): ` +
+              `${(proc.stdout.trim() || proc.stderr.trim()).slice(0, 160)} — repair: provision-peer / update`,
+          });
+        }
+      }
+    }
+  }
+
+  return checks;
 }

package/src/surfaces/sweep.ts

@@ -22,6 +22,7 @@ import {
   type SurfaceOutcome,
 } from "./claude.js";
 import { checkCodexPeer, provisionCodexPeer, unprovisionCodexPeer } from "./codex.js";
+import type { Egress } from "../egress.js";
 import type { FleetPeer } from "../fleet.js";
 
 export const SESSION_RUNTIMES = ["claude", "codex"] as const;
@@ -46,11 +47,15 @@ function sessionRuntimesOf(peer: FleetPeer): SessionRuntime[] {
   return SESSION_RUNTIMES.filter((r) => peer.runtimes.includes(r));
 }
 
-export function sweepProvision(opts: {
-  fleet: FleetPeer[];
-  hooksDir: string;
-  port: number;
-}): SweepSummary {
+export function sweepProvision(
+  egress: Egress,
+  opts: {
+    fleet: FleetPeer[];
+    hooksDir: string;
+    port: number;
+    iapeerBin?: string;
+  },
+): SweepSummary {
   const results: PeerSweepResult[] = [];
   const skipped: SweepSummary["skipped"] = [];
   for (const peer of opts.fleet) {
@@ -71,7 +76,12 @@ export function sweepProvision(opts: {
     for (const runtime of runtimes) {
       const outcomes =
         runtime === "codex"
-          ? provisionCodexPeer({ cwd: peer.cwd, port: opts.port })
+          ? provisionCodexPeer(egress, {
+              cwd: peer.cwd,
+              port: opts.port,
+              hooksDir: opts.hooksDir,
+              iapeerBin: opts.iapeerBin,
+            })
           : provisionClaudePeer({
               cwd: peer.cwd,
               hooksDir: opts.hooksDir,
@@ -125,11 +135,15 @@ export type PeerCheckResult = {
   problems: string[];
 };
 
-export function checkFleetSurfaces(opts: {
-  fleet: FleetPeer[];
-  hooksDir: string;
-  port: number;
-}): { checks: PeerCheckResult[]; skipped: Array<{ personality: string; reason: string }> } {
+export function checkFleetSurfaces(
+  egress: Egress,
+  opts: {
+    fleet: FleetPeer[];
+    hooksDir: string;
+    port: number;
+    iapeerBin?: string;
+  },
+): { checks: PeerCheckResult[]; skipped: Array<{ personality: string; reason: string }> } {
   const checks: PeerCheckResult[] = [];
   const skipped: Array<{ personality: string; reason: string }> = [];
   for (const peer of opts.fleet) {
@@ -150,7 +164,12 @@ export function checkFleetSurfaces(opts: {
     for (const runtime of runtimes) {
       const surfaceChecks =
         runtime === "codex"
-          ? checkCodexPeer({ cwd: peer.cwd, port: opts.port })
+          ? checkCodexPeer(egress, {
+              cwd: peer.cwd,
+              port: opts.port,
+              hooksDir: opts.hooksDir,
+              iapeerBin: opts.iapeerBin,
+            })
           : checkClaudePeer({
               cwd: peer.cwd,
               hooksDir: opts.hooksDir,

package/src/templates/roles-en.ts

@@ -51,13 +51,17 @@ different world.
   scriber thread stalled: place the stale drafts UNVETTED by the usual
   rules; \`needs_review: true\` already travels with each file. The
   Scriber re-vets them with the next PERMANENT_BATCH once alive.
-- **DREAM_TICK** (notifier timer, weekly) — fan out DreamWeaver over the
-  agent-memory subfolders (including your own), strictly one folder per
-  task, sequentially. DreamWeaver takes tasks ONLY from you (the one
-  exception: a folder's owner may task it on their own folder); put
-  everything it needs INTO the task. Task: \`{agent, path, mode,
-  transcripts_window_days}\` → consolidation report; archive what it
-  deprecated, act on its \`attention\` blocks yourself.
+- **DREAM_TICK** (notifier timer, weekly) — run \`iapeer-memory
+  dream-paths\` (read-only; the LIVE registry at tick time) and fan out
+  DreamWeaver over the folders of its output (including your own),
+  strictly one folder per task, sequentially. DreamWeaver takes tasks ONLY
+  from you (the one exception: a folder's owner may task it on their own
+  folder). Task: \`{agent, path, mode, transcripts_window_days,
+  transcripts}\` — copy \`transcripts\` from the verb's output AS IS
+  (globs + the codex cwdFilter; path forms are the code's zone, not
+  yours). A verb error = report to the owner, never guess the fleet. On
+  the consolidation report: archive what it deprecated, act on its
+  \`attention\` blocks yourself.
 - **Direct IAP** from agents or the human — structure questions; never
   run searches for others (they have their own vault tools).
 
@@ -237,7 +241,7 @@ on-demand from a folder's OWNER for their own folder only. One task = one
 clean window = ONE outbound message (the final consolidation report to the
 task sender). Discipline: touch ONLY the folder named in the task.
 
-Task: \`{agent, path, mode, transcripts_window_days}\`.
+Task: \`{agent, path, mode, transcripts_window_days, transcripts}\`.
 
 ## The four phases
 
@@ -253,11 +257,14 @@ Task: \`{agent, path, mode, transcripts_window_days}\`.
   mentions in bodies; read the targets; on a clear mismatch (file gone,
   function renamed) write an updated note and flip the old one to the
   outdated token. LOCAL checks only.
-- **D — Transcript scan.** Read the runtime's session transcripts for the
-  window (\`transcripts_window_days\`, adapter-scoped paths; no paths/empty
-  glob → skip the phase). Find user phrases that formulate a rule with 2+
-  explicit confirmations in different sessions; check against existing
-  feedback notes; write new notes with quotes for what's missing.
+- **D — Transcript scan.** Read the session transcripts for the window
+  (\`transcripts_window_days\`) per the task's \`transcripts\`: each entry
+  is a glob; for \`runtime: codex\` the store is HOST-WIDE — take ONLY the
+  sessions whose \`session_meta.cwd\` equals the entry's \`cwdFilter\`
+  (foreign cwds are foreign memory). No entries / empty glob → skip the
+  phase. Find user phrases that formulate a rule with 2+ explicit
+  confirmations in different sessions; check against existing feedback
+  notes; write new notes with quotes for what's missing.
 
 ## Hard limits
 

package/src/templates/roles-ru.ts

@@ -44,13 +44,16 @@ locale: ru
   НЕВЫЧИТАННЫМИ по обычным правилам; \`needs_review: true\` уже едет с
   каждым файлом. Scriber довычитает их со следующей PERMANENT_BATCH,
   когда оживёт.
-- **DREAM_TICK** (notifier-таймер, еженедельно) — fan-out DreamWeaver по
-  подпапкам оперативки (включая твою), строго одна папка на задачу,
-  последовательно. DreamWeaver берёт задачи ТОЛЬКО от тебя (единственное
-  исключение: владелец папки — на свою собственную); клади в задачу всё
-  необходимое. Задача: \`{agent, path, mode, transcripts_window_days}\` →
-  отчёт консолидации; архивируй устаревшее по его отчёту, его
-  \`attention\`-блоки отрабатывай сам.
+- **DREAM_TICK** (notifier-таймер, еженедельно) — выполни
+  \`iapeer-memory dream-paths\` (read-only; живой реестр на момент тика) и
+  fan-out DreamWeaver по папкам его вывода (включая твою), строго одна
+  папка на задачу, последовательно. DreamWeaver берёт задачи ТОЛЬКО от
+  тебя (единственное исключение: владелец папки — на свою собственную).
+  Задача: \`{agent, path, mode, transcripts_window_days, transcripts}\` —
+  \`transcripts\` перекладывай из вывода verb'а КАК ЕСТЬ (глобы + codex
+  cwdFilter; формы путей — зона кода, не твоя). Ошибка verb'а = доложи
+  владельцу, флот не угадывай. По отчёту консолидации архивируй
+  устаревшее, \`attention\`-блоки отрабатывай сам.
 - **Прямые IAP** от агентов и человека — вопросы структуры; чужие поиски
   не выполняешь (у агентов свои vault-тулы).
 
@@ -224,7 +227,7 @@ on-demand от ВЛАДЕЛЬЦА папки — только на его соб
 одно чистое окно = ОДНО исходящее (финальный отчёт консолидации
 постановщику). Дисциплина: трогай ТОЛЬКО папку из задачи.
 
-Задача: \`{agent, path, mode, transcripts_window_days}\`.
+Задача: \`{agent, path, mode, transcripts_window_days, transcripts}\`.
 
 ## Четыре фазы
 
@@ -239,11 +242,14 @@ on-demand от ВЛАДЕЛЬЦА папки — только на его соб
   env-переменных; прочитай цели; при явном расхождении (файла нет, функция
   переименована) — новая updated-заметка + старая в «устарело». Только
   ЛОКАЛЬНЫЕ проверки.
-- **D — Скан транскриптов.** Прочитай транскрипты сессий рантайма за окно
-  (\`transcripts_window_days\`, adapter-scoped пути; путей нет / glob пуст —
-  фаза пропускается). Найди user-фразы, формулирующие правило, с 2+ явными
-  подтверждениями в разных сессиях; сверь с существующими feedback-заметками;
-  недостающее — новой заметкой с цитатами.
+- **D — Скан транскриптов.** Прочитай транскрипты сессий за окно
+  (\`transcripts_window_days\`) по \`transcripts\` из задачи: для каждой
+  записи — glob; у \`runtime: codex\` хранилище HOST-WIDE, бери ТОЛЬКО
+  сессии, чей \`session_meta.cwd\` равен \`cwdFilter\` записи (чужие cwd —
+  чужая память). Записей нет / glob пуст — фаза пропускается. Найди
+  user-фразы, формулирующие правило, с 2+ явными подтверждениями в разных
+  сессиях; сверь с существующими feedback-заметками; недостающее — новой
+  заметкой с цитатами.
 
 ## Жёсткие границы
 

package/src/watcher.ts

@@ -201,9 +201,12 @@ export function dreamTimerMessage(opts?: {
   return JSON.stringify({
     when: opts?.cron ?? "0 4 * * 1",
     message:
-      "DREAM_TICK: weekly agent-memory consolidation. Fan out DreamWeaver " +
-      "over the agent-memory subfolders (including your own), strictly one " +
-      "folder per task, sequentially — per your doctrine.",
+      "DREAM_TICK: weekly agent-memory consolidation. Run `iapeer-memory " +
+      "dream-paths` (read-only) and fan out DreamWeaver over its folders — " +
+      "strictly one folder per task, sequentially, carrying that folder's " +
+      "`transcripts` (globs + codex cwdFilter) into the task — per your " +
+      "doctrine. The verb resolves the LIVE registry at tick time; an error " +
+      "line from it = report, do not guess the fleet.",
     target: opts?.target ?? "index",
     id: opts?.id ?? DREAM_TRIGGER_ID,
   });