@bradheitmann/odin-sentinel 0.4.11 → 0.4.13

package/plugins/odin-scp/skills/odin-scp/references/team-bootstrap-runbook.md

@@ -0,0 +1,298 @@
+# SCP Team Bootstrap Runbook
+
+Use this when a single `EXEC PM` pane must create, operate, and tear down SCP teams in CMUX or another terminal surface manager.
+
+## Required Inputs
+
+- Objective and phase boundary.
+- Target repo/worktree/branch/SHA.
+- Pod count, default 3 federated pods unless human operator specifies otherwise.
+- Team exceptions, especially UX/design teams.
+- Allowed harness/model pool and any budget/cost priority.
+
+If any input is missing, choose the conservative default and record it in `SCP-TEAM-MANIFEST`. Ask human operator only when missing information changes authority, scope, destructive cleanup, or cost materially.
+
+## Skill Composition
+
+- Use `team-composition-patterns` to choose minimum viable pod shape.
+- Use `dispatching-parallel-agents` only after workstreams are independent and write scopes do not conflict.
+- Use `delegate` for harness/model selection, preflight probes, fallback ladder, and instruction bundles.
+- Use `handoff` for parked retained panes.
+- Use `qa-swarm-review` for cleanup or closure review.
+- Use `atlas-synthesis` for post-run SCP improvement packets.
+
+## Default Three-Pod Layout
+
+```yaml
+executive_office:
+  - pane: A/EXEC-PM
+    role: EXEC PM
+  - pane: A/EXEC-ASST
+    role: EXEC ASST
+  - pane: A/EXEC-RSCH
+    role: EXEC RSCH
+  - pane: A/EXEC-QA
+    role: EXEC QA
+pods:
+  - team: B
+    panes: [B/TEAM-PM, B/TEAM-SENTINEL, B/DEV-1, B/QA-1, B/SHADOW-1]
+  - team: C
+    panes: [C/TEAM-PM, C/TEAM-SENTINEL, C/DEV-1, C/QA-1, C/SHADOW-1]
+  - team: D
+    panes: [D/TEAM-PM, D/TEAM-SENTINEL, D/DEV-1, D/QA-1, D/SHADOW-1]
+floaters:
+  - A/INTEGRATION-STEWARD
+  - A/QUEUE-TRIAGE
+```
+
+Start smaller when the objective is narrow. Add pods horizontally only when the queue has independent work, non-overlapping write scopes, and enough QA capacity.
+
+`TEAM PM` and `TEAM SENTINEL` are separate control roles. `TEAM PM` routes pod assignments and activates workers. `TEAM SENTINEL` watches delivery, scope, role discipline, branch proof, and intervention health. Neither implements or QA-closes by default.
+
+## Terminal Setup Pattern
+
+Use live CMUX commands only after identifying the current workspace. If operating in tmux, WezTerm, iTerm2, Ghostty, Warp, Cursor, Zed, VS Code, libghostyy, or another surface manager, capture the equivalent `terminal_locator` fields and mark unsupported fields `unavailable`.
+
+If the surface manager exposes libghostty-vt or a congruent terminal-state API, also capture `vt_state_snapshot`. Keep this separate from `terminal_locator`: libghostty-vt models terminal emulator state such as terminal instances, rows/cols, active screen, cursor, scrollback, render dirty state, formatter output, semantic prompt state, and input encoding; it does not by itself define SCP team identity or CMUX-style workspace routing.
+
+```bash
+/Applications/cmux.app/Contents/Resources/bin/cmux --json --id-format both current-workspace
+/Applications/cmux.app/Contents/Resources/bin/cmux --json --id-format both identify --workspace <workspace> --surface <surface>
+/Applications/cmux.app/Contents/Resources/bin/cmux --json --id-format both list-pane-surfaces --workspace <workspace>
+/Applications/cmux.app/Contents/Resources/bin/cmux new-surface --type terminal --workspace <workspace>
+/Applications/cmux.app/Contents/Resources/bin/cmux rename-tab --workspace <workspace> --surface <surface> 'C/TEAM-SENTINEL'
+/Applications/cmux.app/Contents/Resources/bin/cmux send --workspace <workspace> --surface <surface> '<launch command or boot prompt>'
+/Applications/cmux.app/Contents/Resources/bin/cmux send-key --workspace <workspace> --surface <surface> Enter
+/Applications/cmux.app/Contents/Resources/bin/cmux read-screen --workspace <workspace> --surface <surface> --lines 80 --scrollback
+```
+
+Do not claim delivery until send, enter, read-screen, and ack state are recorded in `[SCP-CMUX-DELIVERY]` or `[SCP-TERMINAL-DELIVERY]`.
+
+Use these delivery verdicts:
+
+- `DELIVERED_ACKED`: send/enter/read-screen completed and ack observed.
+- `DELIVERED_NO_ACK`: message landed but no ack yet; poll again.
+- `INPUT_BAR_ONLY`: text was not submitted; not delivered.
+- `PANE_BLOCKED_ON_PERMISSION`: plan mode, auth, quota, modal, or permission blocker.
+- `PANE_STILL_THINKING`: instruction landed and pane is still processing.
+
+## Fast Bootstrap Mode
+
+For initial team creation, do not require every idle pane to emit the full `SCP_BOOT_RECEIPT`. Use `SCP_MIN_BOOT_RECEIPT` to park panes quickly, then require full `SCP_BOOT_RECEIPT` only before activation, dispatch, mutation, QA, commit, push, or closure language.
+
+```yaml
+SCP_MIN_BOOT_RECEIPT:
+  agent_id: c-dev-1
+  team: C
+  role: DEV WORKER
+  reports_to: C/TEAM-PM
+  cwd: <pwd or EXEC PM supplied>
+  branch: <branch or EXEC PM supplied>
+  head_sha: <sha or EXEC PM supplied>
+  may_implement: false
+  may_qa_accept: false
+  permission_mode: DEGRADED_READ_ONLY | READ_ONLY | WRITE_WHEN_ACTIVATED
+  current_state: BOOTSTRAPPED_IDLE
+```
+
+Minimal boot receipt states:
+
+- `BOOTSTRAPPED_IDLE`: pane launched, role acknowledged, no work active.
+- `BOOT_RECEIPT_PARTIAL`: minimal receipt present, full receipt deferred until activation.
+- `BOOT_RECEIPT_BLOCKED`: pane paused on permission, auth, quota, context, or plan-mode issue.
+
+When EXEC PM has exact CMUX/tmux/terminal refs, provide them in the boot prompt. Pane self-report is secondary and should not override adapter-captured locator ids.
+
+## Plan-Mode Bootstrap
+
+Claude Code and similar harnesses may pause for approval on reads or shell proof. During bootstrap-only runs:
+
+- Safe to approve or pre-supply: SCP/AGENTS/handoff reads, `pwd`, `git status --short --branch --untracked-files=all`, `git rev-parse HEAD @{u}`, `cmux identify`, `cmux read-screen`, and receipt acknowledgment.
+- Keep blocked: writes, lifecycle moves, evidence/verdict creation, implementation, QA acceptance, commits, pushes, destructive cleanup, and secret output.
+- If the pane is stuck in plan mode, EXEC PM may supply cwd/branch/SHA/locator proof and request `SCP_MIN_BOOT_RECEIPT` only.
+- Do not dispatch real work to a plan-mode pane until full receipt and activation proof are present.
+
+## SCP-TEAM-MANIFEST
+
+Record the manifest before dispatching work.
+
+During no-product-work bootstrap, the manifest may remain runtime-only in the EXEC PM transcript, screen report, or status ledger. Before dispatch, mutation, QA activation, commit, push, finish, or clean/ready claims, promote the manifest to a durable handoff, ledger, or branch-visible artifact appropriate to the run.
+
+```yaml
+SCP-TEAM-MANIFEST:
+  created_by: A/EXEC-PM
+  workspace: <semantic workspace label>
+  workspace_ref: <workspace:1 | session name | unavailable>
+  workspace_id: <uuid-or-stable-id | unavailable>
+  objective: <bounded objective>
+  branch_authority: <branch and sha>
+  executive_office:
+    - pane: A/EXEC-PM
+      agent_id: a-exec-pm
+      terminal_locator:
+        terminal_app: cmux
+        terminal_adapter: cmux
+        workspace_ref: <workspace:1>
+        workspace_id: <uuid>
+        window_ref: <window:1>
+        window_id: <uuid>
+        pane_ref: <pane>
+        pane_id: <uuid>
+        surface_ref: <surface>
+        surface_id: <uuid>
+        tab_ref: <tab>
+        tab_id: <uuid>
+        surface_type: terminal
+        title: A/EXEC-PM
+        route_command: cmux send --workspace <workspace> --surface <surface>
+        locator_source: cmux --json --id-format both identify
+        locator_captured_at: <ISO-8601 timestamp>
+      vt_state_snapshot:
+        vt_provider: unavailable
+        vt_api_stability: unknown
+        terminal_instance_ref: unavailable
+        terminal_instance_id: unavailable
+        pty_ref: unavailable
+        capture_source: cmux read-screen
+        formatter_format: plain
+        rows: unavailable
+        cols: unavailable
+        total_rows: unavailable
+        scrollback_rows: unavailable
+        width_px: unavailable
+        height_px: unavailable
+        active_screen: unavailable
+        cursor_x: unavailable
+        cursor_y: unavailable
+        cursor_visible: unavailable
+        cursor_pending_wrap: unavailable
+        title: A/EXEC-PM
+        pwd: unavailable
+        render_dirty: unavailable
+        semantic_prompt_observed: unavailable
+        semantic_input_observed: unavailable
+        semantic_output_observed: unavailable
+        paste_safety_checked: unavailable
+        paste_safe: unavailable
+        key_encoding_provider: unavailable
+        mouse_encoding_provider: unavailable
+        focus_encoding_provider: unavailable
+        snapshot_captured_at: <ISO-8601 timestamp>
+      role: EXEC PM
+      harness_model: <model/harness>
+      disposition: retain
+  pods:
+    - team: C
+      purpose: <workstream>
+      surfaces:
+        - pane: C/TEAM-PM
+          terminal_locator: <same schema>
+          role: TEAM PM
+          harness_model: <model/harness>
+          disposition: retain_or_close_on_finish
+        - pane: C/TEAM-SENTINEL
+          terminal_locator:
+            terminal_app: <cmux|tmux|wezterm|iterm2|ghostty|warp|cursor|zed|vscode|unknown>
+            terminal_adapter: <cmux|tmux|libghostyy|apple_script|cli|ide_terminal|unavailable>
+            workspace_ref: <workspace/session/ref-or-unavailable>
+            workspace_id: <uuid-or-stable-id-or-unavailable>
+            window_ref: <window-ref-or-unavailable>
+            window_id: <uuid-or-stable-id-or-unavailable>
+            pane_ref: <pane-ref-or-unavailable>
+            pane_id: <uuid-or-stable-id-or-unavailable>
+            surface_ref: <surface-ref-or-unavailable>
+            surface_id: <uuid-or-stable-id-or-unavailable>
+            tab_ref: <tab-ref-or-unavailable>
+            tab_id: <uuid-or-stable-id-or-unavailable>
+            surface_type: terminal
+            title: C/TEAM-SENTINEL
+            route_command: <non-secret route command or unavailable>
+            locator_source: <command/tool/observation used>
+            locator_captured_at: <ISO-8601 timestamp or unavailable>
+          vt_state_snapshot:
+            vt_provider: <libghostty-vt|terminal-capture|unavailable>
+            vt_api_stability: <work_in_progress_unstable|stable|unknown>
+            terminal_instance_ref: <GhosttyTerminal handle/ref or unavailable>
+            terminal_instance_id: <product-generated id or unavailable>
+            pty_ref: <pty/process route or unavailable>
+            capture_source: <formatter|render_state|grid_ref|read_screen|unavailable>
+            formatter_format: <plain|vt|html|unavailable>
+            rows: <rows or unavailable>
+            cols: <cols or unavailable>
+            total_rows: <total_rows or unavailable>
+            scrollback_rows: <scrollback_rows or unavailable>
+            width_px: <width_px or unavailable>
+            height_px: <height_px or unavailable>
+            active_screen: <primary|alternate|unavailable>
+            cursor_x: <cursor_x or unavailable>
+            cursor_y: <cursor_y or unavailable>
+            cursor_visible: <true|false|unavailable>
+            cursor_pending_wrap: <true|false|unavailable>
+            title: C/TEAM-SENTINEL
+            pwd: <pwd or unavailable>
+            render_dirty: <false|partial|full|unavailable>
+            semantic_prompt_observed: <true|false|unavailable>
+            semantic_input_observed: <true|false|unavailable>
+            semantic_output_observed: <true|false|unavailable>
+            paste_safety_checked: <true|false|unavailable>
+            paste_safe: <true|false|unavailable>
+            key_encoding_provider: <libghostty-vt|terminal|unavailable>
+            mouse_encoding_provider: <libghostty-vt|terminal|unavailable>
+            focus_encoding_provider: <libghostty-vt|terminal|unavailable>
+            snapshot_captured_at: <ISO-8601 timestamp or unavailable>
+          role: TEAM SENTINEL
+          harness_model: <model/harness>
+          disposition: retain_or_close_on_finish
+        - pane: C/DEV-1
+          terminal_locator: <same schema>
+          role: DEV WORKER
+          harness_model: <model/harness>
+          disposition: close_on_finish
+  exclusions:
+    - UX/design teams unless separately profiled
+  teardown_policy:
+    close_temp_panes_after_finish: true
+    retain_dirty_or_blocked_panes: true
+    require_approval_for_worktree_delete: true
+```
+
+## Harness Launch Rules
+
+Before launching a harness:
+
+1. Run the `delegate` preflight for that harness/model.
+2. Prefer cached successful model/harness choices for the same task class.
+3. Use high-reasoning/costly models for executive, sentinel, architecture, integration, and high-risk QA.
+4. Use cheaper/bounded models for DEV, routine QA, scans, and shadow review.
+5. If a harness fails, substitute by role contract, not by pane identity.
+
+Each launched pane must receive:
+
+- role-specific boot prompt,
+- `SCP_MIN_BOOT_RECEIPT` requirements for initial parking,
+- full `SCP_BOOT_RECEIPT` requirements for activation or mutation,
+- write/read/prohibited scopes,
+- reports-to chain,
+- `may_implement` and `may_qa_accept`,
+- exact current objective,
+- first expected receipt.
+
+## Dispatch Rules
+
+`EXEC PM` dispatches to `TEAM PM`; `TEAM PM` activates and routes pod workers; `TEAM SENTINEL` monitors, polls, intervenes, and may relay corrective prompts. Workers do not self-select work.
+
+Every downstream assignment requires `[SCP-DELEGATE]` and `[SCP-CMUX-DELIVERY]` or `[SCP-TERMINAL-DELIVERY]` with a delivery verdict. During active work, each sentinel emits `[SCP-POLL]` on the assigned cadence.
+
+## Teardown Rules
+
+On `$odin-scp --finish`:
+
+1. `EXEC PM` broadcasts finish to all manifest panes.
+2. Every pane emits `[SCP-FINISH]` or is recorded as non-responsive.
+3. `EXEC ASST` captures final read-screen snapshots and pane list.
+4. `EXEC QA` or a QA swarm reviews cleanup evidence.
+5. Close only panes marked `close_on_finish` and only after their state is captured.
+6. Retain UX/design, dirty, blocked, or explicitly parked panes.
+7. Record a final manifest with closed/retained/deferred disposition.
+
+Never delete worktrees or local files during automated teardown unless exact entries were approved and proof was captured.

package/plugins/odin-scp/skills/odin-scp/scripts/sync-installations.sh

@@ -0,0 +1,233 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+MASTER="${SCP_SKILL_MASTER:-${HOME}/.agents/skills/odin-scp}"
+VERIFY_ONLY=false
+DRY_RUN=false
+REPORT_PATH=""
+
+usage() {
+  cat <<'USAGE'
+Usage: sync-installations.sh [--verify-only] [--dry-run] [--emit-report PATH]
+
+Syncs the master odin-scp skill to runtime copies and
+verifies required markers. --verify-only checks current copies without writing.
+--dry-run previews rsync changes without writing.
+
+Environment overrides:
+  SCP_SKILL_MASTER        Master skill directory. Defaults to ~/.agents/skills/odin-scp
+  SCP_SKILL_TARGETS_FILE  Optional newline-delimited native target directory list.
+  SCP_ADAPTER_TARGETS_FILE Optional newline-delimited adapter file list.
+USAGE
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --verify-only)
+      VERIFY_ONLY=true
+      shift
+      ;;
+    --dry-run)
+      DRY_RUN=true
+      shift
+      ;;
+    --emit-report)
+      if [[ $# -lt 2 ]]; then
+        echo "--emit-report requires a path" >&2
+        exit 2
+      fi
+      REPORT_PATH="$2"
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "unknown argument: $1" >&2
+      usage >&2
+      exit 2
+      ;;
+  esac
+done
+
+if [[ "$VERIFY_ONLY" == true && "$DRY_RUN" == true ]]; then
+  echo "--verify-only and --dry-run are mutually exclusive" >&2
+  exit 2
+fi
+
+if [[ -n "$REPORT_PATH" ]]; then
+  mkdir -p "$(dirname "$REPORT_PATH")"
+  : > "$REPORT_PATH"
+fi
+
+emit() {
+  if [[ -n "$REPORT_PATH" ]]; then
+    printf '%s\n' "$*" | tee -a "$REPORT_PATH"
+  else
+    printf '%s\n' "$*"
+  fi
+}
+
+TARGETS=(
+  "${HOME}/.codex/skills/odin-scp"
+  "${HOME}/.claude/skills/odin-scp"
+  "${HOME}/.config/goose/skills/odin-scp"
+  "${HOME}/.config/opencode/skills/odin-scp"
+  "${HOME}/.opencode/skills/odin-scp"
+  "${HOME}/.crush/skills/odin-scp"
+  "${HOME}/.cursor/skills/odin-scp"
+  "${HOME}/.cursor/skills-cursor/odin-scp"
+  "${HOME}/.kilocode/skills/odin-scp"
+  "${HOME}/.openhands/skills/odin-scp"
+  "${HOME}/.pi/agent/skills/odin-scp"
+  "${HOME}/.zed/skills/odin-scp"
+)
+
+ADAPTERS=(
+  "${HOME}/.config/droid/prompts/odin-scp.md"
+  "${HOME}/.droid/prompts/odin-scp.md"
+  "${HOME}/.crush/commands/odin-scp.md"
+)
+
+read_targets_file() {
+  target_var="$1"
+  target_file="$2"
+
+  if [[ ! -f "$target_file" ]]; then
+    echo "missing targets file: $target_file" >&2
+    exit 1
+  fi
+
+  eval "$target_var=()"
+  while IFS= read -r line || [[ -n "$line" ]]; do
+    case "$line" in
+      ""|\#*) continue ;;
+      ~/*) line="${HOME}/${line#~/}" ;;
+    esac
+    eval "$target_var+=(\"\$line\")"
+  done < "$target_file"
+}
+
+if [[ -n "${SCP_SKILL_TARGETS_FILE:-}" ]]; then
+  read_targets_file TARGETS "$SCP_SKILL_TARGETS_FILE"
+fi
+
+if [[ -n "${SCP_ADAPTER_TARGETS_FILE:-}" ]]; then
+  read_targets_file ADAPTERS "$SCP_ADAPTER_TARGETS_FILE"
+fi
+
+MARKERS=(
+  "SCP_BOOT_RECEIPT"
+  "SCP-TEAM-MANIFEST"
+  "self-bootstrap"
+  "terminal_locator"
+  "vt_state_snapshot"
+  "terminal_instance_ref"
+  "active_screen"
+  "cursor_x"
+  "cursor_y"
+  "scrollback_rows"
+  "render_dirty"
+  "workspace_ref"
+  "workspace_id"
+  "pane_ref"
+  "pane_id"
+  "surface_ref"
+  "surface_id"
+  "authority_layer"
+  "may_implement"
+  "worker_exception_authority"
+  "control-plane non-implementation"
+  "[SCP-DELEGATE]"
+  "[SCP-TERMINAL-DELIVERY]"
+  "[SCP-CMUX-DELIVERY]"
+  "[SCP-COORDINATION]"
+  "[SCP-FINISH]"
+  "\$odin-scp --finish"
+  "HOOK-EXCEPTION"
+  "BLOCKED_BY_LIMIT"
+  "post-run hygiene reset"
+  "active canonical SCP skill directory"
+)
+
+if [[ ! -f "$MASTER/SKILL.md" ]]; then
+  echo "missing master SKILL.md: $MASTER/SKILL.md" >&2
+  exit 1
+fi
+
+for marker in "${MARKERS[@]}"; do
+  grep -Fq "$marker" "$MASTER/SKILL.md" || {
+    echo "missing marker in master SKILL.md: $marker" >&2
+    exit 1
+  }
+done
+
+for adapter in "${ADAPTERS[@]}"; do
+  if [[ ! -f "$adapter" ]]; then
+    echo "missing adapter: $adapter" >&2
+    exit 1
+  fi
+  for marker in "${MARKERS[@]}"; do
+    grep -Fq "$marker" "$adapter" || {
+      echo "missing marker in adapter $adapter: $marker" >&2
+      exit 1
+    }
+  done
+done
+
+rsync_args=(-a --delete)
+if [[ "$DRY_RUN" == true ]]; then
+  rsync_args+=(--dry-run)
+fi
+
+if [[ "$VERIFY_ONLY" == false ]]; then
+  for target in "${TARGETS[@]}"; do
+    mkdir -p "$target"
+    if [[ "$DRY_RUN" == true ]]; then
+      emit "DRY-RUN target: $target"
+      rsync "${rsync_args[@]}" "$MASTER/" "$target/" | while IFS= read -r line; do
+        emit "  $line"
+      done
+    else
+      rsync "${rsync_args[@]}" "$MASTER/" "$target/"
+    fi
+  done
+fi
+
+master_hash="$(shasum -a 256 "$MASTER/SKILL.md" | awk '{print $1}')"
+hash_mismatch=false
+for target in "${TARGETS[@]}"; do
+  if [[ ! -f "$target/SKILL.md" ]]; then
+    emit "missing target SKILL.md: $target/SKILL.md"
+    hash_mismatch=true
+    continue
+  fi
+  target_hash="$(shasum -a 256 "$target/SKILL.md" | awk '{print $1}')"
+  if [[ "$target_hash" != "$master_hash" ]]; then
+    emit "hash mismatch: $target/SKILL.md"
+    emit "  master=$master_hash target=$target_hash"
+    hash_mismatch=true
+  fi
+done
+
+if [[ "$hash_mismatch" == true && "$DRY_RUN" == false ]]; then
+  exit 1
+fi
+
+mode="sync"
+if [[ "$VERIFY_ONLY" == true ]]; then
+  mode="verify-only"
+elif [[ "$DRY_RUN" == true ]]; then
+  mode="dry-run"
+fi
+
+emit "SCP skill sync verified"
+emit "mode: $mode"
+emit "master: $MASTER"
+emit "skill_sha256: $master_hash"
+emit "native_targets: ${#TARGETS[@]}"
+emit "adapter_targets: ${#ADAPTERS[@]}"
+if [[ -n "$REPORT_PATH" ]]; then
+  emit "report: $REPORT_PATH"
+fi

package/protocol/SCP.md

@@ -1,8 +1,8 @@
 # ODIN Sentinel Coordination Protocol
 
-Version: 0.4.11
+Version: 0.4.13
 
-SCP_PUBLIC_VERSION: 0.4.11
+SCP_PUBLIC_VERSION: 0.4.13
 MIN_COMPATIBLE_CHILD_MCP: 0.4.5
 
 ODIN Sentinel is a portable coordination layer for visible multi-agent teams.
@@ -74,7 +74,7 @@ inference credentials (`BLOCKED_BY_API_KEY` / `AUTH_PROVIDER_BLOCKED` / `BLOCKED
 inference stalls (`MODEL_STALLED` / `MODEL_REASONING_ONLY` / `STREAMING_PROTOCOL_MISMATCH`) before
 launch. A harness without MCP, native SCP skill, or full injected protocol text is
 `NON_GOVERNED_ONE_SHOT_ONLY` and must not hold a persistent governed role. Skill-capable harnesses
-should install the sentinel-coordination-protocol skill before governed launch. Probe via
+should install the odin-scp skill before governed launch. Probe via
 `odin.get_harness_probe_matrix` with zero-secret output. Droid exposes `droid mcp` and
 `--auto <low|medium|high>`: read-only `droid exec` is allowed without write authority, but mission
 or high-autonomy work requires `--auto high`. Crush has no MCP management command and its auth-header

package/protocol/bootstrap-skill.md

@@ -1,5 +1,5 @@
 ---
-name: sentinel-coordination-protocol
+name: odin-scp
 description: "Operate and improve SCP governance for multi-agent teams: self-bootstrap and teardown of federated pods, generic role topology, TEAM PM / TEAM ODIN separation, minimal bootstrap receipts, terminal locator identity, control-plane non-implementation, delegation receipts, terminal/CMUX delivery proof and verdicts, heartbeat cadence, branch-visible claims, adversarial QA, finish audit, and safe skill dissemination. Use when introducing SCP v3.5; installing SCP skills/adapters for Codex, Claude Code, OpenCode, Droid, Crush, OpenHands, Goose, KiloCode, Cursor, Zed, Pi, or other local coding agents; assigning EXEC/TEAM/WORKER roles; or preventing premature activation from an uncommitted draft artifact."
 version: 3.6.1
 updated: 2026-05-11
@@ -7,7 +7,7 @@ updated: 2026-05-11
 
 # Sentinel Coordination Protocol
 
-SCP_PUBLIC_VERSION: 0.4.11
+SCP_PUBLIC_VERSION: 0.4.13
 MIN_COMPATIBLE_CHILD_MCP: 0.4.5
 
 Public install readiness: configure the ODIN MCP server, install native skill context where supported or use full prompt fallback, keep governed team roles in CMUX, verify auth/account readiness without printing secrets, smoke-test local inference if used, and validate role compatibility before launch. Private local skill copies may differ intentionally; public release checks compare repo-internal public artifacts only.
@@ -20,6 +20,8 @@ Master editable source:
 
 - the repository-distributed SCP protocol bundle, or an operator-declared canonical SCP skill source outside this public package.
 
+The active canonical SCP skill directory is the directory that contains this `SKILL.md` plus its `references/`, `agents/`, and `scripts/` support files.
+
 All installed copies are synchronized runtime snapshots, not independent policy forks. Any agent modifying SCP policy must edit the declared source first, then propagate the full skill/protocol bundle to the installed harness targets and verify matching hashes.
 
 Use the operator-declared sync procedure after edits. Do not hand-edit generated runtime copies except as a temporary emergency patch that is immediately backported to the declared source and resynced.
@@ -64,7 +66,7 @@ SCP is a standing control loop, not a one-time boot banner. Read or re-invoke th
 - before QA activation or QA verdict language,
 - before any claim, lifecycle mutation, commit, push, or finish report,
 - when a hook, validator, permission mode, quota limit, dirty state, or branch mismatch appears,
-- when `$sentinel-coordination-protocol --finish` or `$sentinel-coordination-protocol --session-closeout` is invoked.
+- when `$odin-scp --finish` or `$odin-scp --session-closeout` is invoked.
 
 If an agent cannot state its current SCP role, authority layer, `may_implement`, `may_qa_accept`, reports-to chain, and next receipt type, it must stop and re-emit `SCP_BOOT_RECEIPT`.
 
@@ -540,7 +542,7 @@ role_model_fallback_ladders:
   - model: Claude Opus
    harnesses: [claude]
    reasoning: high
-   condition: Brad_authorized_high_risk_exception_only
+   condition: operator_authorized_high_risk_exception_only
 
  QUEUE_TRIAGE:
   - model: Kimi K2.6
@@ -561,7 +563,7 @@ model_mix_policy:
  scarce_quota_pools:
   - chatgpt_codex
   - claude_code
- locally_disallowed_without_brad_reauth:
+ locally_disallowed_without_operator_reauth:
   - gemini
  hidden_subagents_allowed: false
  role_slot_closure_allowed: false
@@ -626,7 +628,7 @@ Some harnesses, especially Claude Code, may enter plan mode or pause for approva
 
 Teardown sequence:
 
-1. Broadcast `$sentinel-coordination-protocol --finish`.
+1. Broadcast `$odin-scp --finish`.
 2. Collect `[SCP-FINISH]`, snapshots, handoffs, dirty state, and blocker state.
 3. Snapshot official topology before cleanup, classify each surface as official role slot vs temporary/ad hoc, and list any proposed closures.
 4. Run post-run hygiene and cleanup QA.
@@ -1035,7 +1037,7 @@ Required fields:
 - `scope`
 - `duration_or_expiry`
 - `risk_if_not_added`
-- `brad_authorization_required: true`
+- `operator_authorization_required: true`
 
 ### `[SCP-EXCEPTION]`
 
@@ -1097,14 +1099,14 @@ Required fields:
 - `confidence_downgrade`
 - `corrective_actions`
 - `unresolved_risks`
-- `brad_decisions_needed`
+- `operator_decisions_needed`
 - `final_claim_allowed: true|false`
 
 Exceptions do not implicitly authorize implementation, QA acceptance, evidence writing, push, merge, cleanup, lifecycle mutation, closure, or finish claims unless those actions are explicitly named.
 
 ## Session Closeout Metrics And Improvement Lifecycle
 
-Session closeout is an explicit SCP lifecycle phase. It begins when objectives are achieved or intentionally paused, branch/repo state is clean or classified, QA/quality gates are complete or blocked with owner, next-session path is clear, and `EXEC PM` is ready to hand off. the user may also trigger closeout with `$sentinel-coordination-protocol --finish` or `$sentinel-coordination-protocol --session-closeout`.
+Session closeout is an explicit SCP lifecycle phase. It begins when objectives are achieved or intentionally paused, branch/repo state is clean or classified, QA/quality gates are complete or blocked with owner, next-session path is clear, and `EXEC PM` is ready to hand off. the user may also trigger closeout with `$odin-scp --finish` or `$odin-scp --session-closeout`.
 
 At bootstrap, `EXEC PM` must record a `SESSION_OBJECTIVES` contract before broad dispatch:
 
@@ -1174,7 +1176,7 @@ Skill edits are the last closeout action after session data, `EXEC_PM_SESSION_RE
 
 ### `[SCP-FINISH]`
 
-Emit when `$sentinel-coordination-protocol --finish` is invoked or relayed:
+Emit when `$odin-scp --finish` is invoked or relayed:
 
 - `final_state`
 - `pushed_commits`
@@ -1288,7 +1290,7 @@ Provider/token-pool metrics must record provider, token pool, raw tokens, token
 
 ## Finish And Self-Improvement Loop
 
-`$sentinel-coordination-protocol --finish` starts controlled closeout, not product work.
+`$odin-scp --finish` starts controlled closeout, not product work.
 
 Close-out is not just cleanup. Close-out must prove the coordination process itself was followed, and must diagnose any agent that failed to deliver what it was told to deliver before declaring the run governed or complete.
 
@@ -1373,7 +1375,7 @@ Allowed pre-acceptance states:
 - `ROLE_SLOT_CLOSURE_VIOLATION`: role-named pane/surface was closed or deleted without explicit the user authorization.
 - `MODEL_MIX_VIOLATION`: active model/harness assignment violates the declared model mix policy.
 - `TOPOLOGY_EXPANSION_REQUESTED`: new role slot, pane, pod, floater, or specialized model/harness has been requested and awaits the user decision.
-- `TOPOLOGY_EXPANSION_BLOCKED_PENDING_BRAD`: topology expansion is blocked until the user explicitly authorizes it.
+- `TOPOLOGY_EXPANSION_BLOCKED_PENDING_OPERATOR`: topology expansion is blocked until the user explicitly authorizes it.
 
 If repo mechanics require moving a DEV slice to `done/` before independent QA, the handoff and ledger must say `DEV_COMPLETE_QA_PENDING`; it is not lifecycle closure.
 
@@ -1442,7 +1444,7 @@ Before implementation, QA acceptance, or ACTIVE_WATCH work, an activated role mu
 
 ## Harness Readiness Probes
 
-Installed is not provisioned. Probe harnesses before governed launch and record multi-dimensional readiness (`installed_binary`, `authenticated`, `mcp_configured`, `mcp_tool_hydration`, `governed_role_ready`) via `odin.get_harness_probe_matrix`. Classify permission, login, API-key/auth, and local-inference stalls before assigning roles. A harness lacking MCP, native SCP skill, or full injected protocol text is `NON_GOVERNED_ONE_SHOT_ONLY` and must not hold a persistent governed role. Skill-capable harnesses should install the sentinel-coordination-protocol skill before governed launch. Droid: read-only `droid exec` needs no write authority, but mission/high-autonomy requires `--auto high`, and `droid mcp` is required for governed readiness. Crush: no MCP management command (`MCP_UNAVAILABLE`) and auth-header failures (`unauthorized: Authentication parameter not received in Header`) are auth blockers.
+Installed is not provisioned. Probe harnesses before governed launch and record multi-dimensional readiness (`installed_binary`, `authenticated`, `mcp_configured`, `mcp_tool_hydration`, `governed_role_ready`) via `odin.get_harness_probe_matrix`. Classify permission, login, API-key/auth, and local-inference stalls before assigning roles. A harness lacking MCP, native SCP skill, or full injected protocol text is `NON_GOVERNED_ONE_SHOT_ONLY` and must not hold a persistent governed role. Skill-capable harnesses should install the odin-scp skill before governed launch. Droid: read-only `droid exec` needs no write authority, but mission/high-autonomy requires `--auto high`, and `droid mcp` is required for governed readiness. Crush: no MCP management command (`MCP_UNAVAILABLE`) and auth-header failures (`unauthorized: Authentication parameter not received in Header`) are auth blockers.
 
 ## Core Workflow
 
@@ -1506,4 +1508,11 @@ This recursion is why the same protocol governs both code work and organizationa
 - `references/boot-receipt-examples.md`: canonical `SCP_BOOT_RECEIPT` examples for `EXEC PM`, `TEAM ODIN`, `DEV WORKER`, and `QA WORKER`.
 - `references/team-bootstrap-runbook.md`: terminal/CMUX self-bootstrap, harness launch, pod setup, teardown, and hygiene runbook for one-pane-to-many-pod operation.
 
+MCP-only or non-native harnesses can load the same material from:
+
+- `odin://protocol/skill-references/canonical-introduction-prompt`
+- `odin://protocol/skill-references/harness-skill-targets`
+- `odin://protocol/skill-references/boot-receipt-examples`
+- `odin://protocol/skill-references/team-bootstrap-runbook`
+
 Load the prompt reference when the user asks for the official SCP introduction prompt or asks the `EXEC PM` pane to implement/disseminate SCP.