@aperant/framework 0.7.4 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/CHANGELOG.md +41 -0
  2. package/agents/apt-executor.md +12 -0
  3. package/agents/apt-team-docs-narrator.md +11 -0
  4. package/dist/cli/ci-watch/stop-matrix.d.mts +17 -4
  5. package/dist/cli/ci-watch/stop-matrix.d.mts.map +1 -1
  6. package/dist/cli/ci-watch/stop-matrix.mjs +41 -4
  7. package/dist/cli/ci-watch/stop-matrix.mjs.map +1 -1
  8. package/dist/cli/commands/fan-out.d.mts +2 -0
  9. package/dist/cli/commands/fan-out.d.mts.map +1 -0
  10. package/dist/cli/commands/fan-out.mjs +123 -0
  11. package/dist/cli/commands/fan-out.mjs.map +1 -0
  12. package/dist/cli/commands/modes.d.mts +22 -0
  13. package/dist/cli/commands/modes.d.mts.map +1 -1
  14. package/dist/cli/commands/modes.mjs +4 -1
  15. package/dist/cli/commands/modes.mjs.map +1 -1
  16. package/dist/cli/commands/pr-review-audit-fixer.d.mts.map +1 -1
  17. package/dist/cli/commands/pr-review-audit-fixer.mjs +86 -6
  18. package/dist/cli/commands/pr-review-audit-fixer.mjs.map +1 -1
  19. package/dist/cli/commands/roadmap.d.mts +1 -1
  20. package/dist/cli/commands/roadmap.d.mts.map +1 -1
  21. package/dist/cli/commands/roadmap.mjs +47 -4
  22. package/dist/cli/commands/roadmap.mjs.map +1 -1
  23. package/dist/cli/commands/task.d.mts.map +1 -1
  24. package/dist/cli/commands/task.mjs +15 -0
  25. package/dist/cli/commands/task.mjs.map +1 -1
  26. package/dist/cli/commands/validate-evidence.d.mts +1 -1
  27. package/dist/cli/commands/validate-evidence.d.mts.map +1 -1
  28. package/dist/cli/commands/validate-evidence.mjs +72 -47
  29. package/dist/cli/commands/validate-evidence.mjs.map +1 -1
  30. package/dist/cli/commands/wave.d.mts.map +1 -1
  31. package/dist/cli/commands/wave.mjs +91 -61
  32. package/dist/cli/commands/wave.mjs.map +1 -1
  33. package/dist/cli/commands/worktree.mjs +62 -3
  34. package/dist/cli/commands/worktree.mjs.map +1 -1
  35. package/dist/cli/config/load.mjs +1 -1
  36. package/dist/cli/config/load.mjs.map +1 -1
  37. package/dist/cli/config/parallelization.d.mts +14 -0
  38. package/dist/cli/config/parallelization.d.mts.map +1 -0
  39. package/dist/cli/config/parallelization.mjs +19 -0
  40. package/dist/cli/config/parallelization.mjs.map +1 -0
  41. package/dist/cli/coordination/agent-identity.d.mts.map +1 -1
  42. package/dist/cli/coordination/agent-identity.mjs +7 -1
  43. package/dist/cli/coordination/agent-identity.mjs.map +1 -1
  44. package/dist/cli/dispatch.d.mts.map +1 -1
  45. package/dist/cli/dispatch.mjs +2 -0
  46. package/dist/cli/dispatch.mjs.map +1 -1
  47. package/dist/cli/roadmap/convex-mirror.d.mts +21 -0
  48. package/dist/cli/roadmap/convex-mirror.d.mts.map +1 -0
  49. package/dist/cli/roadmap/convex-mirror.mjs +133 -0
  50. package/dist/cli/roadmap/convex-mirror.mjs.map +1 -0
  51. package/dist/cli/roadmap/lifecycle.d.mts +1 -1
  52. package/dist/cli/roadmap/lifecycle.d.mts.map +1 -1
  53. package/dist/cli/roadmap/lifecycle.mjs +54 -0
  54. package/dist/cli/roadmap/lifecycle.mjs.map +1 -1
  55. package/dist/cli/wfrun/unit-shape.d.mts +27 -0
  56. package/dist/cli/wfrun/unit-shape.d.mts.map +1 -0
  57. package/dist/cli/wfrun/unit-shape.mjs +38 -0
  58. package/dist/cli/wfrun/unit-shape.mjs.map +1 -0
  59. package/package.json +133 -133
  60. package/skills/apt-execute/SKILL.md +13 -0
  61. package/skills/apt-fan-out/SKILL.md +124 -0
  62. package/skills/apt-review/SKILL.md +4 -0
  63. package/skills/apt-run/SKILL.md +20 -5
  64. package/skills/apt-spar/SKILL.md +12 -9
  65. package/skills/apt-verify/SKILL.md +11 -0
  66. package/skills/apt-watch-ci/SKILL.md +2 -2
  67. package/src/cli/ci-watch/stop-matrix.mjs +44 -4
  68. package/src/cli/commands/fan-out.mjs +129 -0
  69. package/src/cli/commands/modes.mjs +4 -1
  70. package/src/cli/commands/pr-review-audit-fixer.mjs +82 -6
  71. package/src/cli/commands/roadmap.mjs +48 -4
  72. package/src/cli/commands/task.mjs +15 -0
  73. package/src/cli/commands/validate-evidence.mjs +75 -50
  74. package/src/cli/commands/wave.mjs +91 -58
  75. package/src/cli/commands/worktree.mjs +56 -3
  76. package/src/cli/config/load.mjs +1 -1
  77. package/src/cli/config/parallelization.mjs +18 -0
  78. package/src/cli/coordination/agent-identity.mjs +9 -1
  79. package/src/cli/dispatch.mjs +2 -0
  80. package/src/cli/roadmap/convex-mirror.mjs +131 -0
  81. package/src/cli/roadmap/lifecycle.mjs +48 -0
  82. package/src/cli/wfrun/unit-shape.mjs +39 -0
  83. package/templates/config.json +1 -1
package/package.json CHANGED
@@ -1,134 +1,134 @@
1
1
  {
2
- "name": "@aperant/framework",
3
- "version": "0.7.4",
4
- "description": "AI coding framework — composable skills for planning, executing, verifying, and reviewing code with any LLM provider. Works as Claude Code commands, Codex tasks, or programmatically.",
5
- "author": "Mikalsen AI <hello@mikalsen.ai>",
6
- "type": "module",
7
- "main": "./dist/index.js",
8
- "types": "./dist/index.d.ts",
9
- "bin": {
10
- "framework": "./bin/apt-tools.mjs",
11
- "apt-tools": "./bin/apt-tools.mjs",
12
- "apt-proof-video": "./bin/apt-proof-video.mjs"
13
- },
14
- "exports": {
15
- ".": {
16
- "types": "./dist/index.d.ts",
17
- "import": "./dist/index.js"
18
- },
19
- "./types": {
20
- "types": "./dist/types/index.d.ts",
21
- "import": "./dist/types/index.js"
22
- },
23
- "./cost": {
24
- "types": "./dist/cost/index.d.ts",
25
- "import": "./dist/cost/index.js"
26
- },
27
- "./mappers": {
28
- "types": "./dist/mappers/index.d.ts",
29
- "import": "./dist/mappers/index.js"
30
- },
31
- "./schemas": {
32
- "types": "./dist/schemas/index.d.ts",
33
- "import": "./dist/schemas/index.js"
34
- },
35
- "./standalone": {
36
- "types": "./dist/standalone/index.d.ts",
37
- "import": "./dist/standalone/index.js"
38
- },
39
- "./coordination/event-schema": {
40
- "types": "./src/cli/coordination/event-schema.d.ts",
41
- "import": "./src/cli/coordination/event-schema.mjs"
42
- },
43
- "./roadmap/conductor-view": {
44
- "types": "./src/cli/roadmap/conductor-view.d.ts",
45
- "import": "./src/cli/roadmap/conductor-view.mjs"
46
- },
47
- "./design/scan": {
48
- "import": "./src/cli/design/scan.mjs"
49
- },
50
- "./design/extract-repo": {
51
- "import": "./src/cli/design/extract-repo.mjs"
52
- },
53
- "./design/synthesize": {
54
- "import": "./src/cli/design/synthesize.mjs"
55
- }
56
- },
57
- "files": [
58
- "dist/",
59
- "bin/",
60
- "src/cli/",
61
- "src/cost/",
62
- "commands/",
63
- "skills/",
64
- "agents/",
65
- "prompts/",
66
- "templates/",
67
- "context/",
68
- "workflows/",
69
- "examples/",
70
- "LICENSE",
71
- "README.md",
72
- "CHANGELOG.md",
73
- "!**/__tests__/**",
74
- "!**/*.test.*",
75
- "!**/*.spec.*",
76
- "!**/*.test.d.ts.map",
77
- "!**/*.test.js.map"
78
- ],
79
- "keywords": [
80
- "ai",
81
- "framework",
82
- "coding-assistant",
83
- "claude-code",
84
- "codex",
85
- "aperant"
86
- ],
87
- "license": "AGPL-3.0-only",
88
- "homepage": "https://github.com/Mikalsen-AI/aperant-cloud-desktop/tree/main/packages/framework#readme",
89
- "bugs": {
90
- "url": "https://github.com/Mikalsen-AI/aperant-cloud-desktop/issues"
91
- },
92
- "repository": {
93
- "type": "git",
94
- "url": "https://github.com/Mikalsen-AI/aperant-cloud-desktop.git",
95
- "directory": "packages/framework"
96
- },
97
- "engines": {
98
- "node": ">=18.0.0"
99
- },
100
- "publishConfig": {
101
- "access": "public"
102
- },
103
- "dependencies": {
104
- "@clack/prompts": "^1.2.0",
105
- "proper-lockfile": "^4.1.2",
106
- "yaml": "^2.8.3",
107
- "zod": "^4.3.6"
108
- },
109
- "optionalDependencies": {
110
- "@babel/parser": "^7.29.2",
111
- "@babel/traverse": "^7.29.0",
112
- "@google/genai": "^1.50.1",
113
- "css-tree": "^3.2.1",
114
- "playwright": "^1.59.1"
115
- },
116
- "devDependencies": {
117
- "@vitest/coverage-v8": "^4.1.5"
118
- },
119
- "scripts": {
120
- "build": "tsc && node scripts/extract-personas-schema.mjs",
121
- "dev": "tsc --watch --preserveWatchOutput",
122
- "typecheck": "tsc --noEmit",
123
- "lint": "biome check . --diagnostic-level=error",
124
- "lint:fix": "biome check --write . --diagnostic-level=error",
125
- "clean": "rm -rf dist",
126
- "test": "vitest run",
127
- "c28:cutover": "node scripts/c28-cutover.mjs",
128
- "build-plugin": "node scripts/build-plugin.mjs",
129
- "publish-plugin": "node scripts/publish-plugin.mjs",
130
- "publish:verdaccio": "node scripts/publish-verdaccio.mjs",
131
- "release:verdaccio": "pnpm build && pnpm publish:verdaccio",
132
- "ship:verdaccio": "npm version patch --no-git-tag-version && pnpm build && pnpm publish:verdaccio"
133
- }
134
- }
2
+ "name": "@aperant/framework",
3
+ "version": "0.8.0",
4
+ "description": "AI coding framework — composable skills for planning, executing, verifying, and reviewing code with any LLM provider. Works as Claude Code commands, Codex tasks, or programmatically.",
5
+ "author": "Mikalsen AI <hello@mikalsen.ai>",
6
+ "type": "module",
7
+ "main": "./dist/index.js",
8
+ "types": "./dist/index.d.ts",
9
+ "bin": {
10
+ "framework": "./bin/apt-tools.mjs",
11
+ "apt-tools": "./bin/apt-tools.mjs",
12
+ "apt-proof-video": "./bin/apt-proof-video.mjs"
13
+ },
14
+ "exports": {
15
+ ".": {
16
+ "types": "./dist/index.d.ts",
17
+ "import": "./dist/index.js"
18
+ },
19
+ "./types": {
20
+ "types": "./dist/types/index.d.ts",
21
+ "import": "./dist/types/index.js"
22
+ },
23
+ "./cost": {
24
+ "types": "./dist/cost/index.d.ts",
25
+ "import": "./dist/cost/index.js"
26
+ },
27
+ "./mappers": {
28
+ "types": "./dist/mappers/index.d.ts",
29
+ "import": "./dist/mappers/index.js"
30
+ },
31
+ "./schemas": {
32
+ "types": "./dist/schemas/index.d.ts",
33
+ "import": "./dist/schemas/index.js"
34
+ },
35
+ "./standalone": {
36
+ "types": "./dist/standalone/index.d.ts",
37
+ "import": "./dist/standalone/index.js"
38
+ },
39
+ "./coordination/event-schema": {
40
+ "types": "./src/cli/coordination/event-schema.d.ts",
41
+ "import": "./src/cli/coordination/event-schema.mjs"
42
+ },
43
+ "./roadmap/conductor-view": {
44
+ "types": "./src/cli/roadmap/conductor-view.d.ts",
45
+ "import": "./src/cli/roadmap/conductor-view.mjs"
46
+ },
47
+ "./design/scan": {
48
+ "import": "./src/cli/design/scan.mjs"
49
+ },
50
+ "./design/extract-repo": {
51
+ "import": "./src/cli/design/extract-repo.mjs"
52
+ },
53
+ "./design/synthesize": {
54
+ "import": "./src/cli/design/synthesize.mjs"
55
+ }
56
+ },
57
+ "scripts": {
58
+ "build": "tsc && node scripts/extract-personas-schema.mjs",
59
+ "dev": "tsc --watch --preserveWatchOutput",
60
+ "typecheck": "tsc --noEmit",
61
+ "lint": "biome check . --diagnostic-level=error",
62
+ "lint:fix": "biome check --write . --diagnostic-level=error",
63
+ "clean": "rm -rf dist",
64
+ "test": "vitest run",
65
+ "c28:cutover": "node scripts/c28-cutover.mjs",
66
+ "build-plugin": "node scripts/build-plugin.mjs",
67
+ "publish-plugin": "node scripts/publish-plugin.mjs",
68
+ "publish:verdaccio": "node scripts/publish-verdaccio.mjs",
69
+ "release:verdaccio": "pnpm build && pnpm publish:verdaccio",
70
+ "ship:verdaccio": "npm version patch --no-git-tag-version && pnpm build && pnpm publish:verdaccio"
71
+ },
72
+ "files": [
73
+ "dist/",
74
+ "bin/",
75
+ "src/cli/",
76
+ "src/cost/",
77
+ "commands/",
78
+ "skills/",
79
+ "agents/",
80
+ "prompts/",
81
+ "templates/",
82
+ "context/",
83
+ "workflows/",
84
+ "examples/",
85
+ "LICENSE",
86
+ "README.md",
87
+ "CHANGELOG.md",
88
+ "!**/__tests__/**",
89
+ "!**/*.test.*",
90
+ "!**/*.spec.*",
91
+ "!**/*.test.d.ts.map",
92
+ "!**/*.test.js.map"
93
+ ],
94
+ "keywords": [
95
+ "ai",
96
+ "framework",
97
+ "coding-assistant",
98
+ "claude-code",
99
+ "codex",
100
+ "aperant"
101
+ ],
102
+ "license": "AGPL-3.0-only",
103
+ "homepage": "https://github.com/Mikalsen-AI/aperant-cloud-desktop/tree/main/packages/framework#readme",
104
+ "bugs": {
105
+ "url": "https://github.com/Mikalsen-AI/aperant-cloud-desktop/issues"
106
+ },
107
+ "repository": {
108
+ "type": "git",
109
+ "url": "https://github.com/Mikalsen-AI/aperant-cloud-desktop.git",
110
+ "directory": "packages/framework"
111
+ },
112
+ "engines": {
113
+ "node": ">=18.0.0"
114
+ },
115
+ "publishConfig": {
116
+ "access": "public"
117
+ },
118
+ "dependencies": {
119
+ "@clack/prompts": "^1.2.0",
120
+ "proper-lockfile": "^4.1.2",
121
+ "yaml": "^2.8.3",
122
+ "zod": "^4.3.6"
123
+ },
124
+ "optionalDependencies": {
125
+ "@babel/parser": "^7.29.2",
126
+ "@babel/traverse": "^7.29.0",
127
+ "@google/genai": "^1.50.1",
128
+ "css-tree": "^3.2.1",
129
+ "playwright": "^1.59.1"
130
+ },
131
+ "devDependencies": {
132
+ "@vitest/coverage-v8": "^4.1.5"
133
+ }
134
+ }
@@ -453,6 +453,19 @@ After all subtasks are completed:
453
453
  node packages/framework/bin/apt-tools.mjs commit "build: all subtasks complete" --files implementation_plan.json build-progress.json
454
454
  ```
455
455
 
456
+ ### Mark lifecycle phase as `verifying`
457
+
458
+ Flip the task's lifecycle phase at the success-end boundary so the next stage
459
+ (`/apt:verify`) finds the task in the correct from-state. Mirror the same CLI
460
+ shape as the start-boundary call in Section 2 — quick tasks (no phase linkage)
461
+ silently no-op, and the update is idempotent so it is safe to re-run on
462
+ `--continue`. Skip this step if any subtask ended in `"blocked"` — only the
463
+ all-subtasks-completed branch should advance the phase.
464
+
465
+ ```bash
466
+ node packages/framework/bin/apt-tools.mjs task update . --id {task-id} --lifecycle-phase verifying
467
+ ```
468
+
456
469
  Output:
457
470
  ```
458
471
  Execution complete:
@@ -0,0 +1,124 @@
1
+ ---
2
+ name: apt:fan-out
3
+ description: "Cross-task fan-out — spawn N apt-executor workers from one conductor terminal, each in its own worktree"
4
+ apt-skill-version: {{APT_VERSION}}
5
+ stage: execute
6
+ intent: x-fan-out
7
+ when_to_use: "You have N pre-planned, independent tasks (no file overlap, no cross-dependencies) and want to run them concurrently from a single host CLI session."
8
+ user_invocable: true
9
+ internal: false
10
+ spawns_agent: true
11
+ agent_name: "apt-executor"
12
+ task_context: require-existing
13
+ default_execution_mode: auto
14
+ execution_modes:
15
+ - auto
16
+ - step
17
+ allowed-tools: "Bash, Read, Write, Task"
18
+ argument-hint: "apt:fan-out --tasks <id,id,id> [--phases <m/p,m/p>] [--unblocked]"
19
+ gates: []
20
+ ---
21
+ <objective>
22
+ Run N pre-planned Aperant tasks concurrently from one conductor terminal. This skill is a thin orchestrator over the generalized wave engine (`unit_kind: "task"` path, see ADR-0003) and the existing primitives: `apt-tools worktree create --task`, `apt-tools lock claim`, `apt-tools event append`, and the `parallelization.max_tasks` quota. No daemon, no job queue, no in-skill scheduling. The host CLI's main thread is the conductor (ADR-0001); each spawned apt-executor subagent runs in its own worktree (ADR-0002).
23
+
24
+ This is the "I have 16 unblocked tasks in this phase, run them all" surface. It replaces the old workaround of opening 16 sibling terminals manually.
25
+ </objective>
26
+
27
+ <your_environment>
28
+ - **Working directory:** Project root (where you were invoked).
29
+ - **apt-tools path:** `node packages/framework/bin/apt-tools.mjs` (or `node .aperant/deps/node_modules/@aperant/framework/bin/apt-tools.mjs` when running from an install mirror).
30
+ - **Concurrency cap:** `parallelization.max_tasks` from `.aperant/config.json` (default 4, no paternalism cap per D-07). Read via `cli/config/parallelization.mjs:getMaxTasks(config)`.
31
+ - **Worker identity:** Each spawned worker exports `APT_AGENT_ID=fanout-${batch_id}-${task_id}` before any `apt-tools ...` invocation (per FRAMEWORK-BUG-033 defect 3). This pins their `team-status/{agentId}.json` rows across short-lived CLI calls.
32
+ - **Constitution:** Read `AGENTS.md` if it exists.
33
+ </your_environment>
34
+
35
+ <state_files>
36
+ ## State Files
37
+
38
+ **Reads:**
39
+ - `.aperant/state.json` — `active_tasks[*]` filtered when `--phases` or `--unblocked` resolves the task list.
40
+ - `.aperant/roadmap/{scope}/milestones.json` — milestone/phase membership for `--phases`.
41
+ - `.aperant/config.json:parallelization.max_tasks` — concurrency cap.
42
+
43
+ **Writes (indirectly via spawned workers):**
44
+ - `.aperant/team-status/fanout-${batch_id}-${task_id}.json` — one stable file per worker (per FRAMEWORK-BUG-033 defect 3 fix).
45
+ - `.aperant/state.json:active_tasks[*].assigned_to` — workers stamp their `APT_AGENT_ID` on claim (per FRAMEWORK-BUG-033 defect 2 fix).
46
+ - `.aperant/events/{today}.jsonl` — `task-claimed`, `wave-started`, `wave-completed` events.
47
+
48
+ **No filesystem state of its own.** The skill body is pure orchestration glue; all heavy lifting reuses existing primitives.
49
+ </state_files>
50
+
51
+ <process>
52
+
53
+ ## 1. Resolve the batch — canonical task ID list
54
+
55
+ The three input forms (`--tasks`, `--phases`, `--unblocked`) all resolve to a canonical `task_ids: [...]` list via the apt-tools helper:
56
+
57
+ ```bash
58
+ node packages/framework/bin/apt-tools.mjs fan-out resolve . --tasks T1,T2,T3,T4
59
+ # OR
60
+ node packages/framework/bin/apt-tools.mjs fan-out resolve . --phases m1/p1,m1/p2
61
+ # OR
62
+ node packages/framework/bin/apt-tools.mjs fan-out resolve . --unblocked
63
+ ```
64
+
65
+ Returns:
66
+ ```json
67
+ {
68
+ "status": "ok",
69
+ "command": "fan-out-resolve",
70
+ "task_ids": ["T1", "T2", "T3", "T4"],
71
+ "source": "tasks",
72
+ "batch_id": "fanout-20260519-abc123"
73
+ }
74
+ ```
75
+
76
+ If `--tasks` IDs fail the `/^[a-z0-9_-]+$/i` validation regex, the helper returns `status: error` and the skill body MUST abort.
77
+
78
+ ## 2. Ensure each task has a worktree
79
+
80
+ For each `task_id` in the batch:
81
+
82
+ ```bash
83
+ node packages/framework/bin/apt-tools.mjs worktree create --task ${task_id}
84
+ ```
85
+
86
+ (Skip if `state.active_tasks[task_id].worktree_path` is already set — the create command is idempotent.)
87
+
88
+ ## 3. Spawn N apt-executor subagents
89
+
90
+ Read the `parallelization.max_tasks` cap from `.aperant/config.json` (or default 4). Slice `task_ids` into batches of size `min(cap, task_ids.length)`. For each task in the current batch, dispatch via the host CLI's `Task` tool with `run_in_background: true`:
91
+
92
+ - `subagent: apt-executor`
93
+ - `prompt` includes:
94
+ - `batch_id` (from step 1)
95
+ - `task_id`
96
+ - The worktree path for this task
97
+ - A reminder: "Export `APT_AGENT_ID=fanout-${batch_id}-${task_id}` in every Bash invocation that runs `apt-tools` — see `packages/framework/agents/apt-executor.md` §0a."
98
+
99
+ The executor agent's `<process>` §0a already documents the env-export rule; the spawn prompt just has to seed `batch_id` and `task_id`.
100
+
101
+ ## 4. Poll team-status until all workers reach a terminal state
102
+
103
+ ```bash
104
+ node packages/framework/bin/apt-tools.mjs team list .
105
+ ```
106
+
107
+ Each worker's row uses its `APT_AGENT_ID=fanout-${batch_id}-${task_id}`. A worker is "done" when its corresponding task's `lifecycle_phase` is one of `closed`, `shipped-pending-merge`, or `blocked`.
108
+
109
+ ## 5. Report
110
+
111
+ When all workers reach a terminal state, emit one consolidated summary: which tasks closed (verdict + PR URL), which are awaiting merge, which blocked. Recommend `/apt:close-task --all` for the post-merge sweep.
112
+
113
+ </process>
114
+
115
+ ## Design references
116
+
117
+ - **ADR-0001** — Host CLI main thread is the conductor; no daemon, no in-skill queue.
118
+ - **ADR-0002** — One worktree per task; workers run independent feature branches.
119
+ - **ADR-0003** — Wave engine accepts `unit_kind: "task"` so cross-task fan-out reuses the same primitives as intra-task subtask waves.
120
+
121
+ ## Config keys
122
+
123
+ - `parallelization.max_tasks` (default 4) — concurrency cap for the spawn loop.
124
+ - `parallelization.max_agents` (default 4) — global agent quota; the spawn loop respects whichever cap is lower.
@@ -333,6 +333,10 @@ Scores: logic={n} security={n} quality={n} architecture={n} performance={n}
333
333
  Report: {task_dir}/review.json
334
334
  ```
335
335
 
336
+ `lifecycle_phase` remains at `reviewing` after /apt:review completes — this is
337
+ the from-state /apt:ship expects for its atomic `reviewing → shipped-pending-merge`
338
+ flip, so no further `task update --lifecycle-phase` call is needed here.
339
+
336
340
  **Always end with a "What's Next" recommendation:**
337
341
 
338
342
  ```
@@ -159,6 +159,10 @@ Execute the apt:execute workflow inline:
159
159
  d. Commit atomically
160
160
  e. Update subtask status to "completed"
161
161
  3. Write build-progress.json
162
+ 4. Flip lifecycle to `verifying` so Stage 3 finds the task in the correct from-state (idempotent; quick tasks no-op):
163
+ ```bash
164
+ node packages/framework/bin/apt-tools.mjs task update . --id {task-id} --lifecycle-phase verifying
165
+ ```
162
166
 
163
167
  **Checkpoint state:** `build-progress.json` is written after every subtask. That file is the durable resume point — do NOT self-estimate context and do NOT voluntarily exit. Keep executing until the plan is complete or a risk gate stops you. If the harness auto-compacts mid-pipeline, re-read `implementation_plan.json` + `build-progress.json` and continue from the next pending subtask. The `--continue` flag exists for human-initiated resumes (`/apt:pause` + new session), not for agent-initiated bailouts.
164
168
 
@@ -189,6 +193,10 @@ Execute the apt:verify workflow inline:
189
193
  6. Score on 4 dimensions (completeness, correctness, quality, coverage)
190
194
  7. Fix all issues found — every severity, not just critical (up to 4 iterations: first 2 discovery, last 2 verification-only)
191
195
  8. Write qa_signoff.json
196
+ 9. If `status` is `approved` or `approved-with-notes`, flip lifecycle to `reviewing` so Stage 4 (or `/apt:ship` when review is skipped) finds the task in the correct from-state. Skip this step entirely on `rejected`:
197
+ ```bash
198
+ node packages/framework/bin/apt-tools.mjs task update . --id {task-id} --lifecycle-phase reviewing
199
+ ```
192
200
 
193
201
  **Output:** qa_signoff.json with status
194
202
 
@@ -224,6 +232,8 @@ Execute the apt:review workflow inline (see `apt-review/SKILL.md`):
224
232
  4. Update task documentation — review.json, qa_signoff.json (re-score if fixes changed quality), build-progress.json
225
233
  5. Write review.json with final findings and assessment. The `docs_policy` at `.aperant/config.json.docs_policy` controls per-surface behavior; defaults in `packages/framework/templates/docs-policy-defaults.json`.
226
234
 
235
+ `lifecycle_phase` stays at `reviewing` after this stage — /apt:ship handles the next transition (`reviewing → shipped-pending-merge`).
236
+
227
237
  **Output:** review.json (written to task directory)
228
238
 
229
239
  **This is the task review, not the PR review.** It runs inline without sub-agents. For heavy multi-agent PR review, use `/apt:pr-review` separately.
@@ -269,11 +279,16 @@ node packages/framework/bin/apt-tools.mjs commit "pipeline: complete {task}" --f
269
279
 
270
280
  ## 8. Lifecycle transitions
271
281
 
272
- Lifecycle phase transitions are handled by the child skills themselves:
273
- `apt:execute` calls `task update --lifecycle-phase executing` (which flips a
274
- phase-linked task from `planned` `in-progress`), and `apt:ship` calls
275
- `task close --verdict approved` (which flips it to `completed`). The
276
- pipeline wrapper does not need to record or drain anything.
282
+ Lifecycle phase transitions are handled by the child skills themselves.
283
+ `apt:execute` flips `planned` `in-progress` at start (lifecycle = `executing`)
284
+ and at success-end (lifecycle = `verifying`). `apt:verify` flips lifecycle =
285
+ `reviewing` on the approved verdict (skipped on `rejected`). `apt:review`
286
+ leaves lifecycle at `reviewing` the from-state `/apt:ship` expects for its
287
+ atomic `reviewing → shipped-pending-merge` flip. `/apt:ship` then flips
288
+ `reviewing → shipped-pending-merge`, and `/apt:close-task` later flips
289
+ `shipped-pending-merge → completed` after the PR merges. The pipeline wrapper
290
+ does not need to record or drain anything beyond ensuring each child-skill
291
+ stage runs to its success-end.
277
292
 
278
293
  </process>
279
294
  </output>
@@ -90,7 +90,7 @@ Parse `$ARGUMENTS`. Extract:
90
90
  `[apt:spar] --rounds clamped to 3 (hard cap, see SPAR-05)`
91
91
  and proceed with N=3. If N<1, clamp to 1 and print:
92
92
  `[apt:spar] --rounds clamped to 1 (minimum)`
93
- - `--timeout-ms N` — per-partner Bash timeout in milliseconds, default 90000 (90s). Capped at 600000 (10m, the Bash tool's own ceiling).
93
+ - `--timeout-ms N` — per-partner Bash timeout in milliseconds, default 300000 (5 min). Capped at 600000 (10 min, the Bash tool's own ceiling).
94
94
  - `[topic]` — the remaining text after flags. If empty, frame the round from the **last N conversation turns** as the context.
95
95
 
96
96
  Also read (best-effort, skip silently if missing):
@@ -135,7 +135,7 @@ Do NOT proceed; self-sparring is sycophancy by construction (the host cannot obj
135
135
  2. **Rung 2 — Plugin shim** (`${CLAUDE_PLUGIN_ROOT}/scripts/<partner>-companion.mjs`). Codex only (claude / gemini have no plugin shim).
136
136
  3. **Rung 3 — Raw CLI on `$PATH`** (`codex exec`, `claude -p`, `gemini -m`).
137
137
 
138
- Walk the ladder in order; pick the first rung with `detected: true` (or `"runtime-host-only"` for MCP). **MCP rung has a hard timeout** — default 60000ms, configurable via `apt-spar.mcp_timeout_ms` in `.aperant/config.json`. Empirical: the Codex MCP `claude_code` tool has been observed to hang past 120s. On MCP timeout, **automatically fall through to rung 2 or rung 3** — do NOT fail the whole spar. Treat MCP timeout as "rung unavailable for this invocation."
138
+ Walk the ladder in order; pick the first rung with `detected: true` (or `"runtime-host-only"` for MCP). **MCP rung has a hard timeout** — default 900000ms (15 min), configurable via `apt-spar.mcp_timeout_ms` in `.aperant/config.json`. The MCP rung is a structured tool call, NOT a Bash invocation, so the Bash tool's 600000ms ceiling does NOT apply — the MCP rung can carry heavy-research partner runs (e.g. Claude Code partner doing multiple minutes of Read/Grep/Bash) where the Bash rungs would hit the host ceiling. On MCP timeout, **automatically fall through to rung 2 or rung 3** — do NOT fail the whole spar. Treat MCP timeout as "rung unavailable for this invocation."
139
139
 
140
140
  If all three rungs are unavailable (every rung `detected: false`, or MCP `runtime-host-only` timed out AND rungs 2+3 are `detected: false`), print:
141
141
 
@@ -163,13 +163,14 @@ You are the sparring partner in an apt:spar round. Your job:
163
163
  - Identify the strongest objection.
164
164
  - Cite specific evidence where possible (file:line, test output, doc reference).
165
165
  - Be specific, not generic — "this might fail" is not a finding; "this fails when X because Y" is.
166
+ - After your main objection, provide NEXT_WEAKEST_POINT: one additional independent objection that would still matter if your first point is resolved. This populates the next round's frame.
166
167
  ```
167
168
 
168
169
  The frame is one shot per round — no multi-turn conversation with the partner inside a single round.
169
170
 
170
171
  ## 5. Invoke Partner (with timeout)
171
172
 
172
- **Wrap every partner Bash call with an explicit timeout** (default 90000ms, override via `--timeout-ms`). The empirical reason: the Codex MCP `claude_code` tool has been observed to hang past 120s while the `claude -p` CLI returns in seconds. A hung partner CLI must NOT stall the spar loop.
173
+ **Wrap every partner Bash call with an explicit timeout** (default 300000ms (5 min), override via `--timeout-ms`). The empirical reason: heavy-research partner CLIs (especially Claude Code in `--with claude` mode) routinely spend multiple minutes doing genuine Read/Grep/Bash investigation per round, and a hung partner CLI must NOT stall the spar loop indefinitely.
173
174
 
174
175
  The table below shows the canonical command shape per (partner × rung); the actual invocation for shell-based rungs (plugin shim, raw CLI) MUST use the heredoc pattern in the next subsection — never raw double-quoted interpolation. The MCP rung is a structured tool call — no shell quoting concern applies.
175
176
 
@@ -182,19 +183,19 @@ The table below shows the canonical command shape per (partner × rung); the act
182
183
 
183
184
  | Partner | Rung | Command | Notes |
184
185
  |---|---|---|---|
185
- | codex | mcp | tool call: `mcp__codex-mcp__codex({prompt})` | Preferred. 60s timeout (configurable `apt-spar.mcp_timeout_ms`); on timeout fall through to plugin then CLI. |
186
+ | codex | mcp | tool call: `mcp__codex-mcp__codex({prompt})` | Preferred. 900000ms (15 min) timeout (configurable `apt-spar.mcp_timeout_ms`); on timeout fall through to plugin then CLI. |
186
187
  | codex | plugin | `node "${CLAUDE_PLUGIN_ROOT}/scripts/codex-companion.mjs" task "$(cat <<'APT_SPAR_PROMPT_EOF' ... APT_SPAR_PROMPT_EOF\n)"` | **NO `--write`. NO `--effort` override.** Per SPAR-04 — spar is conversation, not patching. |
187
188
  | codex | cli | `codex exec "$(cat <<'APT_SPAR_PROMPT_EOF' ... APT_SPAR_PROMPT_EOF\n)"` | Precedent: `apt-pr-review/SKILL.md:1084`. Verify with `codex --help`. |
188
- | claude | mcp | tool call: `mcp__claude-code-mcp__claude_code({prompt})` | Preferred. Same 60s timeout + fallthrough rule. |
189
+ | claude | mcp | tool call: `mcp__claude-code-mcp__claude_code({prompt})` | Preferred. Same 900000ms (15 min) timeout + fallthrough rule. |
189
190
  | claude | plugin | n/a | No plugin shim exists for Claude. Skip this rung. |
190
191
  | claude | cli | `claude -p "$(cat <<'APT_SPAR_PROMPT_EOF' ... APT_SPAR_PROMPT_EOF\n)" --output-format text` | Symmetric. Claude has no `--write` equivalent — asymmetric flags are a smell. |
191
- | gemini | mcp | tool call: `mcp__gemini-mcp__*({prompt})` | Preferred. Same 60s timeout + fallthrough rule. Any `mcp__gemini-mcp__*` tool satisfies the rung. |
192
+ | gemini | mcp | tool call: `mcp__gemini-mcp__*({prompt})` | Preferred. Same 900000ms (15 min) timeout + fallthrough rule. Any `mcp__gemini-mcp__*` tool satisfies the rung. |
192
193
  | gemini | plugin | n/a | No plugin shim exists for Gemini. Skip this rung. |
193
194
  | gemini | cli | `gemini -m <model-from-router.llm.providers.gemini-cli> "$(cat <<'APT_SPAR_PROMPT_EOF' ... APT_SPAR_PROMPT_EOF\n)"` | Read the exact model name from `.aperant/config.json` at runtime — do not hardcode. |
194
195
 
195
- Set the Bash tool's `timeout` parameter to `--timeout-ms` (default 90000).
196
+ Set the Bash tool's `timeout` parameter to `--timeout-ms` (default 300000).
196
197
 
197
- **Timeout calibration.** The 90s default is a conservative ceiling sized for worst-case Codex hangs (empirical: the `claude_code` MCP tool has been observed timing out at 120s while `claude -p` returns in seconds). A single unified ceiling simplifies the loop-control logic and avoids per-partner special-casing in v1. For tighter budgets, pass `--timeout-ms` explicitly; future versions may introduce per-partner defaults.
198
+ **Timeout calibration.** The 5-min Bash-rung default and 15-min MCP-rung default are sized for heavy-research partner runs — modern partner CLIs commonly spend multiple minutes doing real Read/Grep/Bash investigation before producing a round response. The two defaults are intentionally asymmetric: the Bash rungs (plugin shim, raw CLI) are capped at the Claude Code Bash tool's 600000ms (10 min) host ceiling, while the MCP rung — a structured tool call rather than a Bash invocation — has no host ceiling and can carry the worst-case 15-min Claude Code partner. For tighter budgets (e.g. CI), pass `--timeout-ms` explicitly. The MCP-rung override is downward-only: if you observe consistent partner-CLI wedges (auth handshakes, hosted-API stalls, CI lanes wanting fast failure), set `apt-spar.mcp_timeout_ms` BELOW the 15-min default in `.aperant/config.json` (e.g. `120000` for a 2-min fast-fail budget) — raising it above 15 min is unnecessary because the default already covers the documented worst case. Future versions may introduce per-partner defaults.
198
199
 
199
200
  **Prompt-quoting safety.** The prompt is user-controlled (it comes from `[topic]` and/or conversation context) and may legitimately contain double quotes, dollar signs, backticks, or `$(...)` substitution that bash would otherwise expand or break on. NEVER interpolate `<prompt>` directly inside a double-quoted shell argument. Instead, pipe via a here-document so the shell treats the body as opaque text:
200
201
 
@@ -284,7 +285,9 @@ After each round, print a verdict block (one of these four, exact format):
284
285
 
285
286
  ## 8. Loop Control (max 3 rounds)
286
287
 
287
- - If `verdict=cede` **converge, terminate** unilaterally. The host has accepted the partner's prior claim with cited evidence; no second partner turn is needed.
288
+ - If `verdict=cede` AND `--rounds 1` was explicit terminate this round.
289
+ - If `verdict=cede` AND `--rounds >= 2` (default) → emit `next-round` regardless: convergence requires TWO consecutive rounds with the same disposition AND no materially new evidence. Round 1 alone cannot terminate as converged.
290
+ - The host's `next-round` payload for Round 2 MUST include: (a) the cited evidence that confirmed the partner's Round 1 point, (b) a request to challenge the host's cited evidence with the partner's NEXT_WEAKEST_POINT.
288
291
  - If `verdict=hold` → only triggers `next-round` (partner gets the new evidence). There is no terminal `hold` convergence in a single round. If the round cap is reached with hold still active, the held position stands and the loop exits via the round-cap path below.
289
292
  - If `verdict=next-round` → invoke the partner again with the new evidence the host just cited, go to Step 4.
290
293
  - If the round counter hits **3 rounds** (or whatever `--rounds N` clamped to) → **terminate** with:
@@ -302,6 +302,17 @@ The `status` field is derived from the minimum dimension score:
302
302
  node packages/framework/bin/apt-tools.mjs commit "qa: verification {status}" --files qa_signoff.json
303
303
  ```
304
304
 
305
+ ### Mark lifecycle phase as `reviewing` (approved path only)
306
+
307
+ If `status` is `approved` or `approved-with-notes`, flip the task's lifecycle
308
+ phase so the next stage (`/apt:review`, or `/apt:ship` if review is skipped)
309
+ finds the task in the correct from-state. Skip this transition entirely on
310
+ `rejected` — the task stays in `verifying` until the user re-runs after fixes.
311
+
312
+ ```bash
313
+ node packages/framework/bin/apt-tools.mjs task update . --id {task-id} --lifecycle-phase reviewing
314
+ ```
315
+
305
316
  ## 8. Report
306
317
 
307
318
  Output:
@@ -69,7 +69,7 @@ Watcher already running for PR {N} (held by sessionId={x}, pid={y}); exiting.
69
69
 
70
70
  For the `--tick` mode, execute exactly the following sequence — once — inside this single skill invocation:
71
71
 
72
- 1. **Poll.** Call `gh pr checks <N> --json name,bucket,state,conclusion,detailsUrl` and `gh pr view <N> --json state,reviewDecision`. Combine both JSON outputs into a single file shaped `{checks: <pr-checks-json>, prMetadata: <pr-view-json>}` (for example with `jq -s '{checks: .[0], prMetadata: .[1]}'`) and save it as `{captured.json}` (any path under the worktree is fine). On any `gh` failure, omit the file and let the cmd's `tick` route to `infra-backoff` (it surfaces the same action when no payload is available).
72
+ 1. **Poll.** Call `gh pr checks <N> --json name,bucket,state,link,workflow,completedAt` and `gh pr view <N> --json state,reviewDecision`. Combine both JSON outputs into a single file shaped `{checks: <pr-checks-json>, prMetadata: <pr-view-json>}` (for example with `jq -s '{checks: .[0], prMetadata: .[1]}'`) and save it as `{captured.json}` (any path under the worktree is fine). On any `gh` failure, omit the file and let the cmd's `tick` route to `infra-backoff` (it surfaces the same action when no payload is available). <!-- FRAMEWORK-BUG-016 (spec.md §D3): gh 2.65+'s `pr checks --json` schema dropped two legacy fields that the watcher previously requested; per-check status now lives in `state` (uppercase: SUCCESS / FAILURE / SKIPPED / IN_PROGRESS / …) and the failed-run URL lives in `link`. Do NOT re-introduce the legacy field names — gh exits non-zero ("Unknown JSON field") and the watcher falls into infra-backoff forever. -->
73
73
  2. **Classify + state update.** Call `apt-tools ci-watch tick {worktree} --pr {N} --payload-file {captured.json}`. The cmd reads `{captured.json}` from disk and runs the classifier — it does NOT shell out to `gh` itself (that boundary stays with the orchestrator skill; see commands/ci-watch.mjs:15). The cmd internally:
74
74
  - acquires the per-PR lock (BUSY → exit 2 → step §2);
75
75
  - reads the per-PR state file;
@@ -111,7 +111,7 @@ In all terminal cases:
111
111
 
112
112
  When `action === 'fix'` (or `diverged-rebased`/`diverged-bailed`):
113
113
 
114
- 1. **Fetch the failed-check log.** From the gh payload, find the failed check's `detailsUrl` and call `gh run view {runId} --log` to capture the log into a temp file.
114
+ 1. **Fetch the failed-check log.** From the gh payload, find the failed check's `link` field (see FRAMEWORK-BUG-016 / §D3 for the gh 2.65+ field migration) and call `gh run view {runId} --log` to capture the log into a temp file.
115
115
  2. **Shell out to the host CLI** to fix it. The watcher does NOT inline a custom fix prompt; it hands the worktree + failed-log to the same CLI binary that's running this skill (detected by `apt-tools host-detect`). Pseudocode:
116
116
 
117
117
  ```bash