@ai-dev-methodologies/rlp-desk 0.12.0 → 0.13.0

package/docs/plans/spicy-booping-galaxy.md

@@ -0,0 +1,322 @@
+# Plan — Claude worker `.claude/` sensitive prompt hang 수정
+
+> **Source bug report**: `/Users/kyjin/dev/doul/bos/docs/exec-plans/active/2026-05-01-rlp-desk-bug-report.md`
+> **Severity**: HIGH — `--mode tmux` + `--worker-model sonnet/haiku/opus` 조합에서 모든 campaign blocking
+> **Target version**: 0.13.0 (breaking — project-local sentinel 경로 이동)
+
+---
+
+## 1. Context
+
+### 문제
+
+`<project>/.claude/ralph-desk/memos/<slug>-done-claim.json` 등 sentinel 작성 시
+Claude Code가 `.claude/` 경로를 self-modification suspect로 hardcoded 처리하여
+permission prompt를 띄움. `--dangerously-skip-permissions`로도 우회 X.
+Worker hang → Leader pollForSignal 30분 timeout → BLOCKED(`infra_failure`).
+
+Codex worker(gpt-5.5:* 등)에서는 미발생 — Claude Code의 sensitive 정책 외부.
+즉 **현재는 Claude 계열 worker가 사실상 사용 불가**.
+
+### 핵심 결정
+
+프로젝트-로컬 runtime 디렉토리를 `<project>/.claude/ralph-desk/`에서
+`<project>/.rlp-desk/`로 이동.
+
+**근거**:
+- Claude Code의 sensitive 검사 트리거는 `.claude/` 디렉토리명 자체.
+- 디렉토리명만 바꾸면 회피 (영감 출처 design-desk도 `.claude/` 안에 sentinel을 두지 않음).
+- `~/.claude/ralph-desk/`(설치 위치 + cross-project analytics)는 변경 없음 — Leader가
+  자기 자신의 install dir을 self-modify할 일은 없으므로 sensitive 검사 트리거 안 함.
+
+### 비-목표
+
+- `~/.claude/ralph-desk/` 설치 경로 변경 (registry, analytics, leader binaries 유지)
+- `--mode agent` 폐지 (Fix-1로 자동 해결되므로 그대로 유지)
+
+---
+
+## 2. Approach (3단계)
+
+### Phase 1 — Fix-1: 프로젝트-로컬 sentinel 경로 이동 (`.claude/ralph-desk/` → `.rlp-desk/`)
+
+**변경 대상 파일** (Explore 결과):
+
+| File | 위치 | 변경 내용 |
+|------|------|----------|
+| `src/node/init/campaign-initializer.mjs` | L5, L13 | `GITIGNORE_RULE` + `deskRoot` 상수 |
+| `src/scripts/init_ralph_desk.zsh` | L77, L1091, L1100, L1105-1137 | `DESK` 변수 + permission marker 패턴 |
+| `src/scripts/run_ralph_desk.zsh` | L255 | `DESK` 변수 |
+| `src/scripts/lib_ralph_desk.zsh` | L57 | 홈 디렉토리 변수 주석 명확화 (변경 없음, 주석만) |
+| `src/node/runner/campaign-main-loop.mjs` | L44-80 | 경로 빌드 함수 |
+| `src/commands/rlp-desk.md` | 24개 라인 | 모든 `.claude/ralph-desk/` → `.rlp-desk/` 참조 |
+| `src/governance.md` | 6개 라인 | 경로 문서화 |
+
+**유지(변경 없음)**:
+- `src/node/runner/leader-registry.mjs` (홈 디렉토리 `~/.claude/ralph-desk/registry.jsonl`)
+- `install.sh`, `scripts/postinstall.js` (홈 디렉토리 설치)
+
+**Worker/Verifier `--add-dir` whitelist**:
+- 기존: `--add-dir "$HOME/.claude/ralph-desk" "$ROOT"` (lib_ralph_desk.zsh:57-58).
+- `$ROOT`가 이미 whitelist이므로 `$ROOT/.rlp-desk`는 **자동 포함** — 별도 추가 불필요.
+- 핵심은 디렉토리명 변경 자체로 sensitive 검사 trigger를 회피하는 것이지, sandbox/permission 변경이 아님.
+
+**Runtime dir override (Synthesis — 미래 회피책)**:
+
+`deskRoot`를 환경변수 `RLP_DESK_RUNTIME_DIR`로 외부화. 기본값 `.rlp-desk/`. 향후 platform이 또 sensitive 검사를 확장하면 사용자가 즉시 `RLP_DESK_RUNTIME_DIR=.rlp-runtime/` 등으로 우회 가능. P1(don't fight platform)을 코드 단에 영속화.
+
+**Migration race-safety (atomic — Codex Critic 반영)**:
+
+이 절차는 **init 모드 진입 시에만** 실행. run 모드는 §2 Phase 3 정책대로 자동 mv 수행 안 함(경고 + 수동 안내).
+
+- 락 파일 위치: `<project>/.rlp-desk-migration.lock` (target dir 외부 — target dir이 아직 없을 수 있으므로 parent `<project>/`에 둠).
+- 락 획득: `fs.openSync(lockPath, 'wx')` (exclusive create — TOCTOU 없음). 이미 존재하면 "다른 프로세스가 마이그레이션 중" 에러로 즉시 abort.
+- init 모드 마이그레이션 절차 (락 보유 상태):
+  1. 양쪽(legacy `.claude/ralph-desk/` + new `.rlp-desk/`) 존재 여부 검사.
+  2. 둘 다 존재 → 자동 mv **거부** + 사용자 정리 안내 (pre-mortem #1 binding).
+  3. legacy만 존재 → `fs.renameSync(legacy, new)` (원자적, 같은 파일시스템 내).
+  4. 둘 다 없음 → noop (정상 init).
+- run 모드(legacy 발견 시): mv 시도하지 않고 비-zero exit + 수동 명령 안내. 진행 중 캠페인 보호.
+- 락 해제: `try/finally`로 `fs.unlinkSync(lockPath)` 보장. 프로세스 crash 시 다음 실행에서 stale 락 감지(mtime > N분) 시 경고 후 제거.
+- `fresh` 모드(`campaign-initializer.mjs:20`의 `fs.rm({recursive:true})`)는 마이그레이션 완료 후 새 경로에서만 실행.
+
+### Phase 2 — Fix-2: Claude worker + tmux 조합 경고
+
+**위치**: `src/node/cli/command-builder.mjs` (이미 `CLAUDE_MODELS = Set(['haiku','sonnet','opus'])` 존재).
+
+**로직**: `parseRunOptions()` (`src/node/run.mjs:101-180`) 파싱 후
+`runRunCommand` 진입 시점에 다음 검증 추가:
+
+```js
+// src/node/run.mjs (파싱 후 검증 단계)
+if (mode === 'tmux' && isClaudeEngine(workerModel)) {
+  console.warn(
+    'WARNING: Claude worker in tmux mode may hang on .claude/ sentinel writes.\n' +
+    'After v0.13.0, sentinels live in <project>/.rlp-desk/ which avoids this.\n' +
+    'If hang persists, switch to --worker-model gpt-5.5:high (codex) or --mode agent.'
+  );
+}
+```
+
+PRD brainstorm 플로우(`src/commands/rlp-desk.md`)에도 동일 경고 문구 노출.
+
+**Observability — sentinel hang early-detect 휴리스틱** (Architect synthesis):
+
+기존 Leader pollForSignal은 30분 timeout으로만 감지 → silent failure. 보강:
+- Worker pane stdout에 `Do you want to ` / `❯ 1. Yes` 등 prompt 시그니처 grep → 즉시 BLOCKED + `category=permission_prompt`로 라벨링.
+- 위치: `src/node/runner/prompt-dismisser.mjs` 또는 별도 `prompt-detector.mjs`.
+- 효과: 다음 platform 변화 시에도 30분이 아니라 수 초 내 발견.
+
+### Phase 3 — 마이그레이션 도우미 (legacy `.claude/ralph-desk/` 감지)
+
+**위치**: `src/node/init/campaign-initializer.mjs` 진입 시 + `src/node/runner/campaign-main-loop.mjs` `ensureScaffold()` 직전.
+
+**로직**:
+1. `<project>/.claude/ralph-desk/`가 존재하고 `<project>/.rlp-desk/`가 없으면
+   감지 후 다음 중 하나:
+   - **자동 mv** (init 모드): scaffold가 새로 만들어지는 단계라면 §2 Migration race-safety 절차로 자동 이동.
+   - **경고 + 수동 명령 안내** (run 모드): 비-zero exit + "기존 캠페인이 있습니다. `mv .claude/ralph-desk .rlp-desk` 후 재실행하세요."
+2. 양쪽 다 존재 시 — 모드 무관하게 자동 mv **거부** + 비-zero exit + 사용자 정리 안내(stderr에 "both directories exist" 포함). §2 Migration race-safety + §3a MEDIUM-B 검증과 일치.
+3. `.gitignore`에서 `.claude/ralph-desk/` 라인 제거 + `.rlp-desk/` 라인 추가 (init 시점, mv 성공 후).
+
+---
+
+## 3. Verification
+
+CLAUDE.md mandate에 따라 commit 전 다음을 모두 통과해야 함:
+
+### 3a. Self-Verification (6 scenarios — `src/governance.md`/`init_ralph_desk.zsh` 변경 시 mandatory; executable commands)
+
+각 시나리오: Worker(execution_steps) → Verifier(reasoning, 5 categories) → PASS.
+
+#### LOW (단위 — `isClaudeEngine()` + env 해석)
+```bash
+node --test tests/node/test-claude-engine-detect.mjs
+# expected: tests passed; isClaudeEngine('sonnet') === true; resolveDeskRoot(env={RLP_DESK_RUNTIME_DIR:'.x'}) === '.x'
+```
+
+#### MEDIUM-A (auto-mv 정상 케이스 — pre-mortem #2 part)
+```bash
+TMP=$(mktemp -d); cd "$TMP"; git init -q
+mkdir -p .claude/ralph-desk/memos && echo data > .claude/ralph-desk/memos/x.md
+node ~/.claude/ralph-desk/node/run.mjs init testslug --autonomous
+test ! -d .claude/ralph-desk && test -f .rlp-desk/memos/x.md && \
+  grep -q '"Read(.rlp-desk/\*\*)"' .claude/settings.local.json
+# expected: exit 0, all assertions PASS
+```
+
+#### MEDIUM-B (conflict 거부 — pre-mortem #1 binding)
+```bash
+TMP=$(mktemp -d); cd "$TMP"; git init -q
+mkdir -p .claude/ralph-desk .rlp-desk
+node ~/.claude/ralph-desk/node/run.mjs init testslug --autonomous 2> stderr.log
+test $? -ne 0 && grep -q 'both directories exist' stderr.log
+# expected: non-zero exit, conflict 안내
+```
+
+#### HIGH-A (claude+tmux E2E — AC4 binding, primary fix 검증)
+```bash
+TMP=$(mktemp -d); cd "$TMP"; git init -q
+node ~/.claude/ralph-desk/node/run.mjs init testslug --autonomous
+timeout 600 node ~/.claude/ralph-desk/node/run.mjs run testslug \
+  --mode tmux --worker-model sonnet --max-iter 1 --iter-timeout 300
+test $? -eq 0 && test -f .rlp-desk/memos/testslug-done-claim.json
+# expected: exit 0, sentinel hang 없이 완료
+```
+
+#### HIGH-B (codex+tmux 회귀 — AC5 binding, P3 first-class)
+```bash
+TMP=$(mktemp -d); cd "$TMP"; git init -q
+node ~/.claude/ralph-desk/node/run.mjs init testslug --autonomous
+timeout 600 node ~/.claude/ralph-desk/node/run.mjs run testslug \
+  --mode tmux --worker-model gpt-5.5:high --max-iter 1 --iter-timeout 300
+test $? -eq 0 && test -f .rlp-desk/memos/testslug-done-claim.json
+# expected: exit 0, codex worker 회귀 없음
+```
+
+#### OBSERVABILITY (prompt 조기 감지 — AC6 binding)
+```bash
+# 모의 worker stdout에 "❯ 1. Yes" 라인 주입 → prompt-detector가 5초 이내 BLOCKED 작성
+node tests/node/test-prompt-detector-e2e.mjs
+jq -r .category .rlp-desk/memos/testslug-blocked.json
+# expected: "permission_prompt"
+```
+
+### 3b. Review
+
+- **ralplan** (Planner→Architect→Critic): governance/template 변경이므로 mandatory.
+- **codex review**: 0 issue 도달까지 반복 (CLAUDE.md mandate).
+
+### 3c. Local sync 검증
+
+CLAUDE.md `Local File Sync` 섹션의 banner-aware verification 절차로
+모든 `src/` 변경분이 `~/.claude/ralph-desk/`에 sync되었는지 확인:
+
+```bash
+diff -rq src/node ~/.claude/ralph-desk/node | grep -v 'DO NOT EDIT'
+# expected: empty output (모든 파일이 banner 차이 외에 동일)
+```
+
+### 3d. 수동 reproduction (버그 리포터 시나리오 재현)
+
+```bash
+# legacy 경로 시뮬레이션
+mkdir -p /tmp/test-rlp-desk/.claude/ralph-desk
+cd /tmp/test-rlp-desk
+
+# init → 마이그레이션 또는 신규 .rlp-desk 생성 확인
+node ~/.claude/ralph-desk/node/run.mjs init test-slug --autonomous
+
+# 검증: .rlp-desk/ 존재 + .gitignore 갱신
+test -d .rlp-desk && echo PASS || echo FAIL
+grep -q '^.rlp-desk/$' .gitignore && echo PASS || echo FAIL
+
+# 1-iter campaign with claude worker
+node ~/.claude/ralph-desk/node/run.mjs run test-slug \
+  --mode tmux --worker-model sonnet --max-iter 1 --iter-timeout 600
+# 기대: sentinel hang 없이 1 iteration 완료
+```
+
+---
+
+## 4. Release Plan
+
+- **버전**: `0.13.0` (npm minor bump — 자동 마이그레이션 + run 모드 명확한 안내로 사용자 영향 흡수).
+- **Release notes** (user-facing only — CLAUDE.md mandate; 최상단에 BREAKING 라벨 강조):
+  - **BREAKING**: project-local runtime이 `.claude/ralph-desk/` → `.rlp-desk/`로 이동.
+    init 모드는 자동 마이그레이션, run 모드는 경고 + 수동 `mv .claude/ralph-desk .rlp-desk` 안내.
+  - **NEW**: `RLP_DESK_RUNTIME_DIR` 환경변수로 runtime 디렉토리 override 가능 (미래 platform 변화 회피용).
+  - **FIX**: Claude worker + tmux 조합 sentinel write hang 해결.
+  - **NEW**: claude worker + tmux 조합 경고 + permission prompt 조기 감지(BLOCKED `category=permission_prompt`).
+  - **Roadmap note**: 1.0.0에서 legacy 감지 로직 deprecation 예정 (deprecation cycle 약속).
+
+---
+
+## 5. Critical files (이 plan 실행 시 수정 대상 요약)
+
+```
+src/node/init/campaign-initializer.mjs       # deskRoot 상수 + GITIGNORE_RULE + 마이그레이션 감지
+src/node/runner/campaign-main-loop.mjs       # 경로 빌드 함수 + ensureScaffold() 전 legacy 검사
+src/node/cli/command-builder.mjs             # isClaudeEngine() helper export
+src/node/run.mjs                             # parseRunOptions() 후 tmux+claude 경고
+src/scripts/init_ralph_desk.zsh              # DESK 변수 + permission marker (.rlp-desk/**)
+src/scripts/run_ralph_desk.zsh               # DESK 변수
+src/scripts/lib_ralph_desk.zsh               # 변경 없음 ($ROOT 이미 whitelist이므로 .rlp-desk 자동 포함; 주석만 명확화)
+src/commands/rlp-desk.md                     # 24개 라인 경로 참조 갱신
+src/governance.md                            # 6개 라인 경로 문서화
+package.json                                 # version 0.13.0
+```
+
+---
+
+## 6. Resolved decisions (사용자 확정 — 추천안)
+
+- **마이그레이션 정책**: init 모드 = 자동 mv, run 모드 = 경고 + 수동 mv 안내. 사용자 데이터(memos, plans)
+  존재 시 init은 새 scaffold가 만들어지는 시점이라 안전하게 이동 가능, run은 진행 중인 campaign일 수
+  있으므로 명시적 사용자 확인 필요.
+- **버전 강도**: `0.13.0` (npm minor). Project-local 경로 변경은 breaking이지만 자동 마이그레이션
+  도우미 + run 모드 명확한 안내가 있으므로 minor로 충분. major(1.0.0)는 후속 안정화 단계에서.
+- **`--mode agent` 처리**: Fix-1(경로 이동)으로 자동 해결. agent mode worker도 동일하게 `.rlp-desk/`에
+  쓰므로 Claude Code sensitive trigger 발생 안 함. 별도 작업 불필요.
+
+---
+
+## 7. RALPLAN-DR Deliberation Summary
+
+### Principles
+
+1. **Don't fight platform-reserved namespaces** — Claude Code hardcoded sensitive policy 우회 불가; 회피만이 답.
+2. **Project-local runtime은 git 트리에 머물러야** — 캠페인 memory/plans는 iteration 간 영속 필요.
+3. **Cross-engine fallback은 first-class** — codex worker는 영구적 회피책이 아닌 동등한 옵션.
+4. **마이그레이션 안전성 우선, 자동화는 명확히 안전한 시점에만** — init 모드는 fresh scaffold 시점이라 자동 mv, run 모드는 진행 중 캠페인 보호를 위해 경고 + 수동 mv. "default 자동"이 아닌 "context-aware 자동/수동 선택".
+
+### Decision Drivers (top 3)
+
+1. **Unblock HIGH severity blocker** — claude-worker + tmux 모든 캠페인 차단 중.
+2. **Minimize breaking surface** — 진행 중 campaign 손실 방지.
+3. **Reference parity** — design-desk(영감 출처)도 sentinel을 `.claude/` 밖에 둠.
+
+### Viable Options
+
+| Option | Pros | Cons |
+|---|---|---|
+| **A. `.rlp-desk/` 이동 (권장)** | `.claude/` trigger 완전 회피, design-desk 패턴 일치, git 트리 유지 | 모든 사용자 마이그레이션 필요 (자동화로 완화) |
+| **B. `.claude/ralph-desk/` 유지 + 권한 escape** | 경로 변경 없음 | 사용자 repro에서 permission allowlist도 우회 실패. Claude Code 내부 동작 의존 → brittle |
+| **C. `$TMPDIR/rlp-desk-<slug>/`** | 프로젝트 트리 청결 | git 추적 끊김, campaign memory 영속성 깨짐, resume 취약 |
+
+### Invalidation rationale
+
+- **B**: 버그 리포트 §2 표에서 `Read/Edit/Write(.claude/ralph-desk/**)` allowlist 추가가 실패함이 입증. Claude Code의 sensitive 게이트는 일반 permission 시스템과 별도로 동작 → 의존 불가.
+- **C**: campaign memory(`memos/<slug>-memory.md` 등)는 iteration 간 영속이 핵심 설계. tmpfs 기반은 OS 재부팅/clean 시 유실되어 resume 불가능.
+
+→ **A가 유일한 viable option**.
+
+### Pre-mortem (3 scenarios — verification §3a에 명시 binding)
+
+1. **자동 mv가 사용자 데이터 덮어쓰기**: 양쪽 디렉토리 모두 존재 시 mv 충돌 → mitigation: §2 Phase 3의 atomic lock + 충돌 거부. **검증**: §3a MEDIUM-B.
+2. **권한 marker 누락**: `.rlp-desk/**` permission이 `init_ralph_desk.zsh`에 추가 안 되면 worker가 새 경로에서도 prompt 발생 → mitigation: permission marker 패턴 갱신 + assertion. **검증**: §3a MEDIUM-A의 `grep -q '"Read(.rlp-desk/\*\*)"' .claude/settings.local.json` 단언 + §3a HIGH-A의 1-iter 캠페인 sentinel write 성공(end-to-end).
+3. **Sandbox `--add-dir` 미커버**: `$ROOT`가 이미 whitelist이므로 자동 포함이지만, 만약 `--add-dir` 인자 변경으로 회귀하면 sandbox가 새 경로 거부 → mitigation: 통합 테스트에서 worker 명령 빌드 결과 단언. **검증**: §3a HIGH-A의 worker spawn 단계에서 `claude --add-dir "$ROOT" ...` 명시 확인 + §3d 수동 1-iter 재현.
+
+### Acceptance Criteria (자동 검증 가능 — pass 신호 명시)
+
+- [ ] **AC1** — `<project>/.rlp-desk/`만 사용. 검증: `find . -type d -path '*.claude/ralph-desk' -newer <campaign-start-marker> | wc -l` == 0.
+- [ ] **AC2** — Legacy `.claude/ralph-desk/` 존재 시 init은 자동 mv 후 `.gitignore`에 `.rlp-desk/` 라인 존재. 검증: `test ! -d .claude/ralph-desk && test -d .rlp-desk && grep -q '^\.rlp-desk/$' .gitignore`.
+- [ ] **AC3** — Run 모드에서 legacy 발견 시 비-zero exit + stderr에 `mv .claude/ralph-desk .rlp-desk` 안내 문자열 포함. 검증: `node run.mjs run ...; echo $? != 0; grep -q "mv .claude/ralph-desk" stderr.log`.
+- [ ] **AC4** — `--mode tmux --worker-model sonnet` 1-iter 캠페인 600초 이내 종료 + `done-claim.json` 존재 + exit 0. 검증: `timeout 600 node run.mjs run ... --max-iter 1; test $? == 0 && test -f .rlp-desk/memos/<slug>-done-claim.json`.
+- [ ] **AC5** — `--worker-model gpt-5.5:high` 1-iter 캠페인 동일 단언(AC4 패턴) — 회귀 없음.
+- [ ] **AC6** — Permission prompt 조기 감지: worker에 mock prompt 주입 시 5초 이내 BLOCKED + sentinel `category=permission_prompt`. 검증: `jq -r .category .rlp-desk/memos/<slug>-blocked.json == "permission_prompt"`.
+
+---
+
+## 8. ADR (Architectural Decision Record)
+
+- **Decision**: Project-local sentinel/runtime을 `.claude/ralph-desk/` → `.rlp-desk/`로 이동.
+- **Drivers**: Claude Code hardcoded sensitive policy로 worker hang. 우회 불가 → 디렉토리 명 변경.
+- **Alternatives considered**: B(`.claude/` 유지 + escape) — 사용자 repro에서 입증 실패. C(`$TMPDIR/`) — campaign memory 영속성 손상.
+- **Why chosen**: A는 design-desk 참조 패턴과 일치하고, sensitive trigger의 root cause(`.claude/` 디렉토리명)를 직접 회피. 자동 마이그레이션으로 사용자 영향 최소화.
+- **Consequences**: 0.13.0 minor breaking. 모든 사용자 `.gitignore` + 디렉토리 갱신 필요(자동화). 문서 업데이트 광범위(rlp-desk.md 24 lines, governance.md 6 lines).
+- **Follow-ups**:
+  1. **1.0.0 deprecation cycle**: legacy `.claude/ralph-desk/` 감지 로직 제거 (사용자에게 1 minor 사이클 마이그레이션 시간 확보).
+  2. **`~/.claude/ralph-desk/` 이동 검토**: 현재 sensitive trigger 미발생이지만 platform 변화 대비 1.x에서 검토.
+  3. **Permission prompt 조기 감지**: `prompt-detector.mjs` 추가 후 다른 platform-shaped silent failure에도 재사용 (예: codex CLI의 미래 정책 변화).
+  4. **Steelman 대응**: Architect 지적("`.rlp-desk/`도 미래 sensitive화 가능") — `RLP_DESK_RUNTIME_DIR` env 외부화로 기술적 대응 완료. 정책 모니터링은 운영 영역.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@ai-dev-methodologies/rlp-desk",
-  "version": "0.12.0",
-  "description": "Fresh-context iterative loops for Claude Code — autonomous task completion with independent verification",
+  "version": "0.13.0",
+  "description": "Fresh-context iterative loops for Claude Code \u2014 autonomous task completion with independent verification",
   "scripts": {
     "postinstall": "node scripts/postinstall.js",
     "uninstall": "node scripts/uninstall.js",

package/src/commands/rlp-desk.md

@@ -135,7 +135,7 @@ After all items are confirmed:
    Present the score table to the user before proceeding.
 2. Present the full contract summary.
 3. **Self-Verification** — Ask: "Enable self-verification? Worker records step-by-step evidence, Verifier cross-validates process. Recommended for MEDIUM+ risk." Default: yes for HIGH/CRITICAL, no for LOW/MEDIUM.
-4. **Re-execution check**: After slug is confirmed, check if `.claude/ralph-desk/plans/prd-<slug>.md` already exists. If a PRD already exists for this slug, ask: "A PRD already exists for this slug. Improve the existing PRD or start fresh (delete and recreate)?"
+4. **Re-execution check**: After slug is confirmed, check if `.rlp-desk/plans/prd-<slug>.md` already exists. If a PRD already exists for this slug, ask: "A PRD already exists for this slug. Improve the existing PRD or start fresh (delete and recreate)?"
    - "improve" → pass `--mode improve` to init
    - "start fresh" → pass `--mode fresh` to init
    - If no PRD exists: standard first-run (no --mode needed)
@@ -282,7 +282,7 @@ Parse the `--mode` flag. If absent or `agent`, use the Agent() path below. If `t
 
 When `--mode tmux` is specified (v0.12.0+ — v5.7 §4.1 routes to Node leader for flywheel + SV support):
 
-1. **Validate scaffold** — same as Agent() mode: check `.claude/ralph-desk/prompts/<slug>.worker.prompt.md` etc.
+1. **Validate scaffold** — same as Agent() mode: check `.rlp-desk/prompts/<slug>.worker.prompt.md` etc.
 2. **Check sentinels** — same as Agent() mode.
 3. **Check prerequisites** — verify `tmux`, `jq`, and `node` (>= 16) are installed. If not, report what is missing and stop.
 4. **Locate Node leader** — find `~/.claude/ralph-desk/node/run.mjs`. If not found, tell the user to reinstall (`npm install` or `bash install.sh`).
@@ -348,11 +348,11 @@ prompt at the SDK level, the call hangs indefinitely with no rlp-desk-side
 watchdog. Use `--mode tmux` if you need bounded execution time.
 
 ### Preparation
-1. Validate scaffold: `.claude/ralph-desk/prompts/<slug>.worker.prompt.md` etc.
+1. Validate scaffold: `.rlp-desk/prompts/<slug>.worker.prompt.md` etc.
 2. **Codex CLI pre-validation**: If `--consensus` is not `off` OR `--worker-model` uses codex format (contains `:`) OR `--verifier-model` / `--final-verifier-model` / `--consensus-model` / `--final-consensus-model` uses codex format, check that `codex` CLI exists in PATH. If codex CLI not found → STOP immediately, print install instructions (`npm install -g @openai/codex`), do not start the loop.
 3. Check sentinels (complete/blocked). Found → tell user `/rlp-desk clean <slug>`.
 4. Clean previous `done-claim.json`, `verify-verdict.json`.
-5. **Always**: write baseline log entry to `.claude/ralph-desk/logs/<slug>/baseline.log`: `[timestamp] iter=0 phase=start slug=<slug> worker_model=<model> verifier_model=<model>`. Baseline.log captures 1 line per iteration for lightweight post-mortem (always-on, no flag needed).
+5. **Always**: write baseline log entry to `.rlp-desk/logs/<slug>/baseline.log`: `[timestamp] iter=0 phase=start slug=<slug> worker_model=<model> verifier_model=<model>`. Baseline.log captures 1 line per iteration for lightweight post-mortem (always-on, no flag needed).
 6. If `--debug`: also create/clear `~/.claude/ralph-desk/analytics/<slug>/debug.log`. Define a helper: to "debug_log" means append a timestamped line to this file via `Bash("echo \"[$(date '+%Y-%m-%d %H:%M:%S')] $msg\" >> ~/.claude/ralph-desk/analytics/<slug>/debug.log")`. When `--debug` is active, debug.log contains all baseline.log fields plus detailed phase logs.
    - **4-category log system**: all debug_log entries use exactly one of: `[GOV]` (governance checks: IL enforcement, CB triggers, scope lock, verdict evaluation), `[DECIDE]` (leader decisions: model selection, fix contracts, escalation), `[OPTION]` (configuration snapshot at loop start: thresholds, modes, models), `[FLOW]` (execution progress: worker/verifier dispatch, signal reads, phase transitions)
    - **Re-execution versioning**: If `debug.log` already exists at `--debug` start, rename it to `debug-v{N}.log` (N = next available integer ≥ 1) before creating a fresh `debug.log`.
@@ -378,14 +378,14 @@ For each iteration (1 to max_iter):
 
 **① Check sentinels**
 ```bash
-test -f .claude/ralph-desk/memos/<slug>-complete.md  # → done
-test -f .claude/ralph-desk/memos/<slug>-blocked.md   # → stop
+test -f .rlp-desk/memos/<slug>-complete.md  # → done
+test -f .rlp-desk/memos/<slug>-blocked.md   # → stop
 ```
 
 **①½ Prep-stage cleanup**
 ```bash
-rm -f .claude/ralph-desk/memos/<slug>-done-claim.json
-rm -f .claude/ralph-desk/memos/<slug>-verify-verdict.json
+rm -f .rlp-desk/memos/<slug>-done-claim.json
+rm -f .rlp-desk/memos/<slug>-verify-verdict.json
 ```
 
 **② Read memory.md** → Stop Status, Next Iteration Contract
@@ -401,15 +401,15 @@ rm -f .claude/ralph-desk/memos/<slug>-verify-verdict.json
 
 **④ Build worker prompt (Prompt Assembly Protocol)**
 1. Capture `WORKING_DIR` once: use `$PWD` from when `/rlp-desk run` was invoked. Store for all prompt construction.
-2. Read `.claude/ralph-desk/prompts/<slug>.worker.prompt.md` — use its content **verbatim**. Do NOT rewrite, paraphrase, or regenerate paths. The prompt file contains correct absolute paths from init.
+2. Read `.rlp-desk/prompts/<slug>.worker.prompt.md` — use its content **verbatim**. Do NOT rewrite, paraphrase, or regenerate paths. The prompt file contains correct absolute paths from init.
 2a. **Per-US PRD injection** (when targeting a specific `us_id`, not "ALL"):
-   - Check if `.claude/ralph-desk/plans/prd-<slug>-{us_id}.md` exists (created by init split)
+   - Check if `.rlp-desk/plans/prd-<slug>-{us_id}.md` exists (created by init split)
    - If yes: in the assembled prompt text, replace the full PRD reference (`prd-<slug>.md`) with the per-US file path (`prd-<slug>-{us_id}.md`) — so Worker reads only the relevant US section
    - If no per-US file: fall back to full PRD (`prd-<slug>.md`) with no change needed
    - Note: this absolute-path substitution is permitted — only absolute→relative rewrites are forbidden.
 3. Prepend meta comment: `## WORKING_DIR: {absolute path}` — Worker must use this as its working directory.
 4. Append iteration number + memory contract.
-5. Write to `.claude/ralph-desk/logs/<slug>/iter-NNN.worker-prompt.md` (audit trail).
+5. Write to `.rlp-desk/logs/<slug>/iter-NNN.worker-prompt.md` (audit trail).
 - Note: Worker ALWAYS records execution_steps in done-claim.json per governance §1f. No flag needed.
 - **Rewriting paths from absolute to relative WILL break worktree campaigns. Only additions (WORKING_DIR header, iteration context) are allowed.**
 
@@ -660,7 +660,7 @@ When `--consensus` is not `off`, also track in `status.json`:
 ---
 
 ## `status <slug>`
-Read `.claude/ralph-desk/logs/<slug>/runtime/status.json` and display a detailed report:
+Read `.rlp-desk/logs/<slug>/runtime/status.json` and display a detailed report:
 
 ```
 Campaign: <slug>
@@ -683,22 +683,22 @@ Read the last `verify-verdict.json` to show the most recent verdict summary and
 
 ## `clean <slug> [--kill-session]`
 Remove:
-- `.claude/ralph-desk/memos/<slug>-complete.md`
-- `.claude/ralph-desk/memos/<slug>-blocked.md`
-- `.claude/ralph-desk/memos/<slug>-done-claim.json`
-- `.claude/ralph-desk/memos/<slug>-verify-verdict.json`
-- `.claude/ralph-desk/memos/<slug>-iter-signal.json`
-- `.claude/ralph-desk/logs/<slug>/circuit-breaker.json`
-- `.claude/ralph-desk/logs/<slug>/runtime/session-config.json`
-- `.claude/ralph-desk/logs/<slug>/runtime/worker-heartbeat.json`
-- `.claude/ralph-desk/logs/<slug>/runtime/verifier-heartbeat.json`
-- `.claude/ralph-desk/memos/<slug>-escalation.md`
+- `.rlp-desk/memos/<slug>-complete.md`
+- `.rlp-desk/memos/<slug>-blocked.md`
+- `.rlp-desk/memos/<slug>-done-claim.json`
+- `.rlp-desk/memos/<slug>-verify-verdict.json`
+- `.rlp-desk/memos/<slug>-iter-signal.json`
+- `.rlp-desk/logs/<slug>/circuit-breaker.json`
+- `.rlp-desk/logs/<slug>/runtime/session-config.json`
+- `.rlp-desk/logs/<slug>/runtime/worker-heartbeat.json`
+- `.rlp-desk/logs/<slug>/runtime/verifier-heartbeat.json`
+- `.rlp-desk/memos/<slug>-escalation.md`
 Note: `campaign-report.md`, `campaign-report-v{N}.md`, `iter-NNN-done-claim.json`, and `iter-NNN-verify-verdict.json` are intentionally preserved across clean for historical comparison. Analytics files (`debug.log`, `campaign.jsonl`, `self-verification-data.json`, `self-verification-report-NNN.md`) at `~/.claude/ralph-desk/analytics/<slug>/` are NOT affected by project-level clean.
 
 If `--kill-session` is passed, clean up Worker/Verifier tmux panes using session-config.json:
 ```bash
 # Read pane IDs from session-config.json (safe — targets only Worker/Verifier panes)
-SESSION_CONFIG=".claude/ralph-desk/logs/<slug>/runtime/session-config.json"
+SESSION_CONFIG=".rlp-desk/logs/<slug>/runtime/session-config.json"
 if [ -f "$SESSION_CONFIG" ] && command -v jq &>/dev/null; then
   WORKER_PANE=$(jq -r '.panes.worker // empty' "$SESSION_CONFIG")
   VERIFIER_PANE=$(jq -r '.panes.verifier // empty' "$SESSION_CONFIG")
@@ -738,8 +738,8 @@ Data sources:
 
 Resume a previously interrupted campaign. Equivalent to `run <slug>` but explicitly restores state:
 
-1. Read `.claude/ralph-desk/logs/<slug>/runtime/status.json` for `verified_us`, `iteration`, `consecutive_failures`
-2. Read `.claude/ralph-desk/memos/<slug>-memory.md` for completed stories and next iteration contract
+1. Read `.rlp-desk/logs/<slug>/runtime/status.json` for `verified_us`, `iteration`, `consecutive_failures`
+2. Read `.rlp-desk/memos/<slug>-memory.md` for completed stories and next iteration contract
 3. Check for sentinels (`complete.md`, `blocked.md`) — if present, inform user and stop
 4. If no sentinels, invoke `run <slug>` with the same options from the previous session (stored in status.json fields: `worker_model`, `verifier_model`, `final_verifier_model`, `verify_mode`, `consensus_mode`)
 5. The runner automatically restores `verified_us` from memory or status.json on startup

package/src/governance.md

@@ -509,7 +509,7 @@ Characteristics:
 
 ### Project-local
 ```
-.claude/ralph-desk/
+.rlp-desk/
 ├── prompts/
 │   ├── <slug>.worker.prompt.md      # Worker base prompt (regenerated on re-execution)
 │   └── <slug>.verifier.prompt.md    # Verifier base prompt (regenerated on re-execution)

package/src/node/cli/command-builder.mjs

@@ -5,6 +5,24 @@ const CLAUDE_BIN = 'claude';
 const CODEX_BIN = 'codex';
 const CLAUDE_MODELS = new Set(['haiku', 'sonnet', 'opus']);
 
+// v0.13.0: surface engine classification for tmux+claude warning + observability.
+export function isClaudeEngine(modelFlag) {
+  if (typeof modelFlag !== 'string' || modelFlag.length === 0) {
+    return false;
+  }
+
+  const head = modelFlag.split(':', 1)[0];
+  if (!head) {
+    return false;
+  }
+
+  if (CLAUDE_MODELS.has(head)) {
+    return true;
+  }
+
+  return head.startsWith('claude-');
+}
+
 function assertTuiMode(mode, builderName) {
   if (mode !== 'tui') {
     throw new Error(`${builderName} unknown mode '${mode}'`);

package/src/node/init/campaign-initializer.mjs

@@ -1,8 +1,79 @@
 import fs from 'node:fs/promises';
+import fsSync from 'node:fs';
 import path from 'node:path';
 
+import { LEGACY_DESK_REL, resolveDeskRoot } from '../util/desk-root.mjs';
+
 const GITIGNORE_MARKER = '# RLP Desk runtime artifacts';
-const GITIGNORE_RULE = '.claude/ralph-desk/';
+const GITIGNORE_RULE = '.rlp-desk/';
+const LEGACY_GITIGNORE_RULE = '.claude/ralph-desk/';
+const MIGRATION_LOCK_FILE = '.rlp-desk-migration.lock';
+const STALE_LOCK_MS = 5 * 60 * 1000;
+
+export function migrateLegacyDesk(rootDir, env = process.env) {
+  const legacyPath = path.join(rootDir, LEGACY_DESK_REL);
+  const newPath = resolveDeskRoot(rootDir, env);
+  const lockPath = path.join(rootDir, MIGRATION_LOCK_FILE);
+
+  // Pre-lock cheap check: skip the lock entirely when there is nothing to do.
+  // Re-check the same conditions inside the lock — a competing process may
+  // have moved or created files between this check and the lock acquisition.
+  if (!fsSync.existsSync(legacyPath)) {
+    return { action: 'noop', reason: fsSync.existsSync(newPath) ? 'new-only' : 'neither-exists' };
+  }
+
+  let lockFd;
+  try {
+    lockFd = fsSync.openSync(lockPath, 'wx');
+  } catch (error) {
+    if (error.code === 'EEXIST') {
+      try {
+        const stats = fsSync.statSync(lockPath);
+        const age = Date.now() - stats.mtimeMs;
+        if (age > STALE_LOCK_MS) {
+          fsSync.unlinkSync(lockPath);
+          lockFd = fsSync.openSync(lockPath, 'wx');
+        } else {
+          throw new Error(`Migration already in progress (lock at ${lockPath}, age ${Math.round(age / 1000)}s)`);
+        }
+      } catch (statError) {
+        if (statError.code === 'ENOENT') {
+          lockFd = fsSync.openSync(lockPath, 'wx');
+        } else {
+          throw statError;
+        }
+      }
+    } else {
+      throw error;
+    }
+  }
+
+  try {
+    fsSync.writeSync(lockFd, String(process.pid));
+
+    // Re-check inside the lock — another process may have already migrated
+    // while we were waiting for the lock.
+    const legacyExistsLocked = fsSync.existsSync(legacyPath);
+    const newExistsLocked = fsSync.existsSync(newPath);
+
+    if (!legacyExistsLocked) {
+      return { action: 'noop', reason: newExistsLocked ? 'new-only' : 'neither-exists' };
+    }
+
+    if (newExistsLocked) {
+      throw new Error(
+        `Migration aborted: both directories exist. Remove one before re-run. legacy=${legacyPath}, new=${newPath}`,
+      );
+    }
+
+    fsSync.mkdirSync(path.dirname(newPath), { recursive: true });
+    fsSync.renameSync(legacyPath, newPath);
+    return { action: 'migrated', from: legacyPath, to: newPath };
+  } finally {
+    try { fsSync.closeSync(lockFd); } catch (_) { /* noop */ }
+    try { fsSync.unlinkSync(lockPath); } catch (_) { /* noop */ }
+  }
+}
 
 export async function initCampaign(slug, objective, options = {}) {
   const normalizedSlug = normalizeSlug(slug);
@@ -10,17 +81,21 @@ export async function initCampaign(slug, objective, options = {}) {
   const mode = options.mode ?? 'agent';
   const rootDir = path.resolve(options.rootDir ?? process.cwd());
   const tmuxEnv = options.tmuxEnv ?? process.env.TMUX ?? '';
-  const deskRoot = path.join(rootDir, '.claude', 'ralph-desk');
+  const env = options.env ?? process.env;
 
   if (mode === 'tmux' && !tmuxEnv) {
     throw new Error('tmux required');
   }
 
+  migrateLegacyDesk(rootDir, env);
+
+  const deskRoot = resolveDeskRoot(rootDir, env);
+
   if (mode === 'fresh') {
     await fs.rm(deskRoot, { recursive: true, force: true });
   }
 
-  const paths = buildPaths(rootDir, normalizedSlug);
+  const paths = buildPaths(rootDir, normalizedSlug, env);
   await ensureDirectories(paths);
   await ensureGitignore(rootDir);
 
@@ -55,8 +130,8 @@ function normalizeSlug(value) {
   return slug;
 }
 
-function buildPaths(rootDir, slug) {
-  const deskRoot = path.join(rootDir, '.claude', 'ralph-desk');
+function buildPaths(rootDir, slug, env = process.env) {
+  const deskRoot = resolveDeskRoot(rootDir, env);
   const promptsDir = path.join(deskRoot, 'prompts');
   const plansDir = path.join(deskRoot, 'plans');
   const memosDir = path.join(deskRoot, 'memos');
@@ -105,13 +180,28 @@ async function ensureGitignore(rootDir) {
     }
   }
 
-  if (content.includes(GITIGNORE_MARKER) && content.includes(GITIGNORE_RULE)) {
-    return;
+  let updated = content;
+  let changed = false;
+
+  // v0.13.0: drop the legacy .claude/ralph-desk/ rule if present.
+  if (updated.includes(LEGACY_GITIGNORE_RULE)) {
+    const legacyLineRegex = new RegExp(
+      `^${LEGACY_GITIGNORE_RULE.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\r?\\n`,
+      'gm',
+    );
+    updated = updated.replace(legacyLineRegex, '');
+    changed = true;
   }
 
-  const prefix = content.length > 0 && !content.endsWith('\n') ? '\n' : '';
-  const block = `${prefix}${GITIGNORE_MARKER}\n${GITIGNORE_RULE}\n`;
-  await fs.writeFile(gitignorePath, `${content}${block}`, 'utf8');
+  if (!(updated.includes(GITIGNORE_MARKER) && updated.includes(GITIGNORE_RULE))) {
+    const prefix = updated.length > 0 && !updated.endsWith('\n') ? '\n' : '';
+    updated = `${updated}${prefix}${GITIGNORE_MARKER}\n${GITIGNORE_RULE}\n`;
+    changed = true;
+  }
+
+  if (changed) {
+    await fs.writeFile(gitignorePath, updated, 'utf8');
+  }
 }
 
 async function writeIfMissing(targetPath, content) {

package/src/node/polling/signal-poller.mjs

@@ -143,6 +143,26 @@ export async function pollForSignal(
     // v5.7 §4.17 (Node parity): default-No prompts must NOT be auto-Entered;
     // they raise a PromptBlockedError so the caller writes BLOCKED and aborts.
     if (paneId) {
+      // v0.13.0: detect Claude Code self-modification permission prompts in
+      // pane stdout BEFORE attempting auto-dismiss. These cannot be dismissed
+      // by --dangerously-skip-permissions and would otherwise hang the worker
+      // for the full pollForSignal timeout.
+      try {
+        const paneContent = await capturePane(paneId);
+        const { detectPermissionPrompt } = await import('../runner/prompt-detector.mjs');
+        if (detectPermissionPrompt(paneContent)) {
+          throw new PromptBlockedError(
+            `Permission prompt detected on pane ${paneId} (Claude Code self-modification gate)`,
+            { paneId, category: 'permission_prompt', snippet: paneContent.split(/\r?\n/).slice(-10).join('\n') },
+          );
+        }
+      } catch (err) {
+        if (err instanceof PromptBlockedError) {
+          throw err;
+        }
+        // capture failure is non-fatal; fall through to auto-dismiss path.
+      }
+
       await autoDismissPrompts(paneId, {
         capturePane,
         sendKeys,

package/src/node/reporting/campaign-reporting.mjs

@@ -3,6 +3,8 @@ import path from 'node:path';
 import { execFile } from 'node:child_process';
 import { promisify } from 'node:util';
 
+import { resolveDeskRoot } from '../util/desk-root.mjs';
+
 const execFileAsync = promisify(execFile);
 const REQUIRED_ANALYTICS_FIELDS = [
   'iter',
@@ -596,7 +598,9 @@ export async function generateSVReport({
 
 export async function readStatus(slug, options = {}) {
   const rootDir = path.resolve(options.rootDir ?? process.cwd());
-  const statusFile = path.join(rootDir, '.claude', 'ralph-desk', 'logs', slug, 'runtime', 'status.json');
+  const env = options.env ?? process.env;
+  const deskRoot = resolveDeskRoot(rootDir, env);
+  const statusFile = path.join(deskRoot, 'logs', slug, 'runtime', 'status.json');
 
   if (!(await exists(statusFile))) {
     return `No active campaign for ${slug}.`;

package/src/node/run.mjs

@@ -4,6 +4,7 @@ import { fileURLToPath } from 'node:url';
 import { initCampaign } from './init/campaign-initializer.mjs';
 import { readStatus } from './reporting/campaign-reporting.mjs';
 import { run as runCampaignMain } from './runner/campaign-main-loop.mjs';
+import { isClaudeEngine } from './cli/command-builder.mjs';
 
 const RUN_DEFAULTS = {
   mode: 'agent',
@@ -194,8 +195,9 @@ async function runInit(args, deps) {
 
   const slug = args[0];
   const objective = args.slice(1).join(' ').trim() || 'TBD - fill in the objective';
-  await deps.initCampaign(slug, objective, { rootDir: deps.cwd });
-  write(deps.stdout, `Initialized ${slug} in ${path.join(deps.cwd, '.claude', 'ralph-desk')}`);
+  const result = await deps.initCampaign(slug, objective, { rootDir: deps.cwd });
+  const deskRoot = result?.paths?.deskRoot ?? path.join(deps.cwd, '.rlp-desk');
+  write(deps.stdout, `Initialized ${slug} in ${deskRoot}`);
   return 0;
 }
 
@@ -221,6 +223,33 @@ async function runRunCommand(args, deps) {
 
   const slug = args[0];
   const options = parseRunOptions(args.slice(1), deps.cwd);
+
+  // v0.13.0: warn when Claude worker runs in tmux mode. Claude Code's
+  // hardcoded sensitive policy used to hang sentinel writes inside
+  // <project>/.claude/. After v0.13.0, sentinels live in
+  // <project>/.rlp-desk/, but if the user pinned RLP_DESK_RUNTIME_DIR
+  // back inside .claude/, the hang can return — surface the warning so
+  // they can switch to gpt-5.5:* or --mode agent quickly.
+  if (
+    !process.env.RLP_DESK_QUIET_WARNINGS
+    && process.env.NODE_ENV !== 'test'
+    && options.mode === 'tmux'
+    && isClaudeEngine(options.workerModel)
+  ) {
+    write(
+      deps.stderr,
+      'WARNING: Claude worker in tmux mode may hang on .claude/ sentinel writes.',
+    );
+    write(
+      deps.stderr,
+      'After v0.13.0, sentinels live in <project>/.rlp-desk/ which avoids this.',
+    );
+    write(
+      deps.stderr,
+      'If hang persists, switch to --worker-model gpt-5.5:high (codex) or --mode agent.',
+    );
+  }
+
   const result = await deps.runCampaign(slug, options);
   // governance §1f BLOCKED Surfacing: surface the blocked reason on stderr so
   // the operator (or wrapper script) does not have to grep memo files.

package/src/node/runner/campaign-main-loop.mjs

@@ -1,4 +1,5 @@
 import fs from 'node:fs/promises';
+import fsSync from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
 import { execFile } from 'node:child_process';
@@ -8,6 +9,7 @@ import { buildClaudeCmd, buildCodexCmd, parseModelFlag } from '../cli/command-bu
 import { shellQuote } from '../util/shell-quote.mjs';
 import { OPUS_1M_BETA, isOpusModel } from '../constants.mjs';
 import { initCampaign } from '../init/campaign-initializer.mjs';
+import { LEGACY_DESK_REL, resolveDeskRoot } from '../util/desk-root.mjs';
 import { writeSentinelExclusive } from '../shared/fs.mjs';
 import {
   TimeoutError,
@@ -41,8 +43,23 @@ const MODEL_UPGRADES = {
   'gpt-5.3-codex-spark:xhigh': 'BLOCKED',
 };
 
-function buildPaths(rootDir, slug) {
-  const deskRoot = path.join(rootDir, '.claude', 'ralph-desk');
+// v0.13.0: legacy .claude/ralph-desk/ guidance for run mode (no auto-mv).
+export function detectLegacyDeskInRunMode(rootDir, env = process.env) {
+  const legacyPath = path.join(rootDir, LEGACY_DESK_REL);
+  if (!fsSync.existsSync(legacyPath)) {
+    return null;
+  }
+
+  const newPath = resolveDeskRoot(rootDir, env);
+  const newRel = path.relative(rootDir, newPath) || path.basename(newPath);
+  const message =
+    `Legacy ${LEGACY_DESK_REL}/ detected. Run mode does not auto-migrate to protect in-flight campaigns. ` +
+    `Run: mv ${LEGACY_DESK_REL} ${newRel} then re-run.`;
+  return { legacyPath, newPath, message };
+}
+
+function buildPaths(rootDir, slug, env = process.env) {
+  const deskRoot = resolveDeskRoot(rootDir, env);
   const campaignLogDir = path.join(deskRoot, 'logs', slug);
 
   return {
@@ -448,6 +465,10 @@ export const BLOCK_TAGS = Object.freeze({
   GUARD_EXITED: 'guard_pane_exited_without_artifacts',
   // Auto-Enter unsafe (default-No prompt)
   PROMPT_BLOCKED: 'prompt_blocked',
+  // v0.13.0: Claude Code self-modification permission prompt (cannot be
+  // dismissed by --dangerously-skip-permissions). Surfaced separately so
+  // wrappers know to switch worker engine, not retry.
+  PERMISSION_PROMPT: 'permission_prompt',
   // Persistent timeout without exit (different from EXITED)
   WORKER_TIMEOUT: 'worker_timeout',
   VERIFIER_TIMEOUT: 'verifier_timeout',
@@ -509,6 +530,13 @@ function _classifyBlock(source, { verdict, state, slug } = {}) {
       action = 'manual_prompt_response';
       failureCategory = 'prompt_blocked';
       break;
+    // v0.13.0: Claude Code self-modification gate — switch worker engine.
+    case BLOCK_TAGS.PERMISSION_PROMPT:
+      category = 'infra_failure';
+      recoverable = false;
+      action = 'switch_worker_to_codex_or_use_agent_mode';
+      failureCategory = 'permission_prompt';
+      break;
     // Persistent timeout (no exit detected) — different from EXITED.
     case BLOCK_TAGS.WORKER_TIMEOUT:
     case BLOCK_TAGS.VERIFIER_TIMEOUT:
@@ -582,8 +610,16 @@ async function _handlePollFailure(error, ctx) {
     })[role] ?? BLOCK_TAGS.WORKER_EXITED;
     reason = `${error.reason ?? 'pane exited without artifacts'}: ${error.message}`;
   } else if (error instanceof PromptBlockedError) {
-    tag = BLOCK_TAGS.PROMPT_BLOCKED;
-    reason = `${error.reason ?? 'default-No prompt'}: ${error.message}`;
+    // v0.13.0: error.category is set by signal-poller when Claude Code
+    // self-modification prompt is detected. Distinct tag drives a different
+    // failure_category + suggested_action than the default-No prompt path.
+    if (error.category === 'permission_prompt') {
+      tag = BLOCK_TAGS.PERMISSION_PROMPT;
+      reason = `${error.reason ?? 'permission prompt'}: ${error.message}`;
+    } else {
+      tag = BLOCK_TAGS.PROMPT_BLOCKED;
+      reason = `${error.reason ?? 'default-No prompt'}: ${error.message}`;
+    }
   } else if (error instanceof MalformedArtifactError) {
     tag = BLOCK_TAGS.MALFORMED_ARTIFACT;
     reason = `Malformed artifact at ${error.field}: expected ${error.expected}, got ${error.got}`;
@@ -896,7 +932,19 @@ export function shouldRunGuard(flywheelGuard, state, usId) {
 
 export async function run(slug, options = {}) {
   const rootDir = path.resolve(options.rootDir ?? process.cwd());
-  const paths = buildPaths(rootDir, slug);
+  const env = options.env ?? process.env;
+
+  // v0.13.0: refuse to run when legacy .claude/ralph-desk/ is present.
+  // init mode auto-migrates; run mode protects in-flight campaigns and
+  // surfaces a clear manual command to the operator.
+  const legacy = detectLegacyDeskInRunMode(rootDir, env);
+  if (legacy) {
+    const err = new Error(legacy.message);
+    err.code = 'LEGACY_DESK_DETECTED';
+    throw err;
+  }
+
+  const paths = buildPaths(rootDir, slug, env);
   // v5.7 §4.24 §1g — runtime invariant: every terminal exit of run() MUST
   // leave exactly one sentinel on disk (blocked.md XOR complete.md). The
   // try/finally below is the last-resort backstop that writes a synthetic

package/src/node/runner/prompt-detector.mjs

@@ -0,0 +1,41 @@
+// v0.13.0: early-detect Claude Code permission prompts in worker stdout.
+// Pre-v0.13.0 the leader only noticed via 30-min pollForSignal timeout, which
+// hid the failure category. Now we surface BLOCKED with category=permission_prompt
+// within seconds so wrappers can react.
+
+const SIGNATURES = [
+  /Do you want to /,
+  /\u276F\s*1\.\s*Yes/,
+  /allow Claude to edit its own settings/,
+  /1\.\s*Yes(?:,?\s*and allow Claude)/,
+];
+
+export function detectPermissionPrompt(chunk) {
+  if (typeof chunk !== 'string' || chunk.length === 0) {
+    return false;
+  }
+
+  for (const pattern of SIGNATURES) {
+    if (pattern.test(chunk)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+export const PERMISSION_PROMPT_CATEGORY = 'permission_prompt';
+
+export function buildPermissionPromptBlocked(slug, iteration, snippet) {
+  const trimmedSnippet = typeof snippet === 'string'
+    ? snippet.split(/\r?\n/).slice(0, 5).join('\n').slice(0, 600)
+    : '';
+  return {
+    slug,
+    iteration: iteration ?? 0,
+    reason_category: 'infra_failure',
+    failure_category: PERMISSION_PROMPT_CATEGORY,
+    recoverable: false,
+    suggested_action: 'switch_worker_to_codex_or_use_agent_mode',
+    evidence_snippet: trimmedSnippet,
+  };
+}

package/src/node/util/desk-root.mjs

@@ -0,0 +1,24 @@
+import path from 'node:path';
+
+export const DEFAULT_DESK_REL = '.rlp-desk';
+export const LEGACY_DESK_REL = path.join('.claude', 'ralph-desk');
+
+export function resolveDeskRoot(rootDir, env = process.env) {
+  const override = (env && typeof env.RLP_DESK_RUNTIME_DIR === 'string') ? env.RLP_DESK_RUNTIME_DIR : '';
+  const trimmed = override.trim();
+
+  if (!trimmed) {
+    return path.join(rootDir, DEFAULT_DESK_REL);
+  }
+
+  if (path.isAbsolute(trimmed)) {
+    throw new Error('RLP_DESK_RUNTIME_DIR must be relative to project root, not absolute');
+  }
+
+  const segments = trimmed.split(/[\\/]/);
+  if (segments.includes('..')) {
+    throw new Error('RLP_DESK_RUNTIME_DIR must not contain parent traversal (..)');
+  }
+
+  return path.join(rootDir, trimmed);
+}