@bradheitmann/odin-sentinel 0.4.5 → 0.4.7

package/docs/reference/public-surface-audit.md

@@ -2,132 +2,53 @@
 
 This document records the current public-release audit scope for ODIN Sentinel.
 
-## Current Tree Result
-
-Current tracked source, docs, protocol files, tests, and package metadata pass
-the public-surface audit:
+## Audit Commands
 
 ```bash
 pnpm run audit:public
+pnpm run test:package
+pnpm run validate
 ```
 
-The audit checks for:
-
-- local home-directory paths
-- local agent configuration paths
-- legacy extension terminology from adjacent agent systems
-- secret-looking assignments
-
-## Named External Concepts
-
-ODIN Sentinel intentionally names these external concepts:
-
-- MCP / Model Context Protocol
-- stdio
-- Node.js
-- TypeScript / JavaScript
-- pnpm / npm / npx
-- Codex CLI
-- Claude Code
-- Droid
-- Crush
-- Goose
-- Zed
-- OpenCode
-- Cursor
-- Rust
-- Go
-- Zig
-- WebAssembly / WASM
-- Homebrew
-
-These are examples, runtimes, package managers, languages, or harnesses. They
-are not bundled dependencies unless listed in `package.json`.
-
-## Named ODIN Concepts
-
-- ODIN Sentinel
-- ODIN
-- SCP / Sentinel Coordination Protocol
-- CMUX-compatible terminal-pane teams
-- EXEC PM
-- EXEC ODIN
-- EXEC ASST
-- EXEC RSCH
-- EXEC QA
-- TEAM PM
-- TEAM ODIN
-- DEV WORKER
-- QA WORKER
-- SHADOW REVIEWER
-
-## Local Paths
-
-ODIN Sentinel intentionally mentions these project-local paths:
-
-- `docs/handoffs/`
-- `.odin/handoffs/`
-- `.odin/audit/`
-
-These are caller-created paths for projects that use ODIN. They are not bundled
-private state.
-
-Docs also use placeholder install paths such as:
+The audits check public distribution files for local home paths, private project
+markers, local evidence paths, stale public versions, missing package metadata,
+telemetry wording drift, and package contents that should not ship.
 
-- `/absolute/path/to/odin-sentinel/dist/src/bin/index.js`
-- `/path/to/odin-sentinel/dist/src/bin/index.js`
+## Public Distribution Files
 
-These are examples, not real local paths.
+The intended public package includes:
 
-## Scripts Mentioned
+- `dist/`
+- `docs/`
+- `protocol/`
+- `templates/`
+- `scripts/audit/`
+- `AGENTS.md`
+- `CLAUDE.md`
+- `README.md`
+- `LICENSE`
+- `package.json`
 
-Repo scripts in `package.json`:
+Private planning workspaces and local evidence directories are optional local
+operator spaces. They are not public product internals and must not be packaged.
 
-- `pnpm run clean`
-- `pnpm run build`
-- `pnpm run dev`
-- `pnpm run audit:public`
-- `pnpm run test:package`
-- `pnpm test`
-- `pnpm run typecheck`
-- `pnpm run validate`
-
-Referenced local script files:
-
-- `scripts/audit/public-surface.mjs`
-- `scripts/audit/verify-pack.mjs`
-
-No missing repo-local scripts are known.
-
-External commands mentioned in docs:
-
-- `node`
-- `pnpm`
-- `npm`
-- `npx`
-- `codex mcp add`
-- `droid mcp add`
-
-These are external user-installed tools, not files this repository must provide.
-
-## Snapshot Tools
-
-Current MCP snapshot tool:
-
-- `odin.export_protocol_snapshot`
+## Named External Concepts
 
-No external local extension is required for ODIN Sentinel to work.
+ODIN Sentinel intentionally names MCP, stdio, Node.js, TypeScript, pnpm, npm,
+npx, CMUX, Codex, Claude Code, Droid, Crush, Goose, Zed, OpenCode, Cursor,
+Rust, Go, Zig, and WebAssembly as examples, runtimes, package managers,
+languages, or harnesses.
 
-## Git History Warning
+## Current Public Surface
 
-The current tree is sanitized, but this private development repository has older
-commits that contain removed terminology and experimental paths.
+- Public package/server version: `0.4.7`
+- Minimum compatible child MCP version: `0.4.5`
+- MCP resources: 9
+- MCP tools: 23
+- Optional telemetry tools: user-invoked, not automatic collection
 
-Do not make this private development history public as-is. For an open-source
-release, publish from a fresh repository, a squashed root commit, or a sanitized
-history rewrite after re-running:
+## Release Drift Rule
 
-```bash
-pnpm run validate
-pnpm run audit:public
-```
+Public repo/package/plugin/skill artifacts must be updated together when public
+protocol semantics change. Private local skill copies may differ, but release
+checks must not depend on private local paths.

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@bradheitmann/odin-sentinel",
-  "version": "0.4.5",
+  "version": "0.4.7",
   "publishConfig": {
     "access": "public"
   },
-  "description": "Multi-harness terminal-pane team builder and orchestrator over MCP.",
+  "description": "Portable MCP governance protocol for multi-agent terminal teams: 23 tools, 9 resources, readiness gates, ODIN watchers, receipts, delegation, and closeout over stdio.",
   "type": "module",
   "main": "./dist/src/protocol/index.js",
   "types": "./dist/src/protocol/index.d.ts",
@@ -27,7 +27,10 @@
     "dist",
     "docs",
     "protocol",
+    "templates",
     "scripts",
+    "AGENTS.md",
+    "CLAUDE.md",
     "README.md",
     "LICENSE"
   ],
@@ -41,9 +44,9 @@
   "author": "ODIN Sentinel contributors",
   "license": "MIT",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.29.0",
-    "yaml": "^2.8.2",
-    "zod": "^4.1.12"
+    "@modelcontextprotocol/sdk": "1.29.0",
+    "yaml": "2.8.4",
+    "zod": "4.4.3"
   },
   "devDependencies": {
     "@types/node": "^24.10.1",
@@ -53,7 +56,20 @@
     "vitest": "4.1.5"
   },
   "engines": {
-    "node": ">=22.13.0"
+    "node": ">=22.13.0",
+    "pnpm": ">=11.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/bradheitmann/odin-sentinel.git"
+  },
+  "homepage": "https://github.com/bradheitmann/odin-sentinel#readme",
+  "bugs": {
+    "url": "https://github.com/bradheitmann/odin-sentinel/issues"
+  },
+  "odin": {
+    "publicVersion": "0.4.7",
+    "minimumCompatibleChildMcpVersion": "0.4.5"
   },
   "scripts": {
     "clean": "node -e \"require('node:fs').rmSync('dist',{recursive:true,force:true})\"",

package/protocol/SCP.md

@@ -1,6 +1,9 @@
 # ODIN Sentinel Coordination Protocol
 
-Version: 0.3.0
+Version: 0.4.7
+
+SCP_PUBLIC_VERSION: 0.4.7
+MIN_COMPATIBLE_CHILD_MCP: 0.4.5
 
 ODIN Sentinel is a portable coordination layer for visible multi-agent teams.
 SCP means Sentinel Coordination Protocol in this repository. It is not Secure
@@ -10,6 +13,10 @@ manifest validation, native visible-role delegation packets, closeout
 checklists, surface layout rules, and fallback protocol snapshots through an
 MCP server.
 
+## Public Release And Readiness
+
+Public repo, npm package, plugin, bootstrap skill, templates, and docs must be updated together when public protocol semantics change. Private local skill copies may differ intentionally, but release checks must not depend on private local paths. Governed team mode requires CMUX; without CMUX, ODIN may still expose MCP resources and validation tools, but the visible team-management experience is not active governed mode. MCP supplies tools/resources; native skills improve automatic invocation; plugin install paths may package both; full prompt injection is fallback only.
+
 ## Principles
 
 - Visible role slots are the audit surface.

package/protocol/bootstrap-skill.md

@@ -7,19 +7,24 @@ updated: 2026-05-11
 
 # Sentinel Coordination Protocol
 
+SCP_PUBLIC_VERSION: 0.4.7
+MIN_COMPATIBLE_CHILD_MCP: 0.4.5
+
+Public install readiness: configure the ODIN MCP server, install native skill context where supported or use full prompt fallback, keep governed team roles in CMUX, verify auth/account readiness without printing secrets, smoke-test local inference if used, and validate role compatibility before launch. Private local skill copies may differ intentionally; public release checks compare repo-internal public artifacts only.
+
 Use this skill for SCP policy introduction, repo landing, adoption-gate proof, controlled dissemination, active multi-agent control loops, and automated team lifecycle management. SCP is a governance layer for multi-team agent operation; it complements other coordination layers and `AGENTS.md` files where present. It sits above them after activation.
 
 ## Source Of Truth
 
 Master editable source:
 
-- the active canonical SCP skill directory for the local installation, normally `~/.agents/skills/sentinel-coordination-protocol/`.
+- the repository-distributed SCP protocol bundle, or an operator-declared canonical SCP skill source outside this public package.
 
-All other installed copies are synchronized runtime snapshots, not independent policy forks. Any agent modifying this skill must edit the master first, then propagate the full skill directory to the installed harness targets and verify matching hashes.
+All installed copies are synchronized runtime snapshots, not independent policy forks. Any agent modifying SCP policy must edit the declared source first, then propagate the full skill/protocol bundle to the installed harness targets and verify matching hashes.
 
-Use `scripts/sync-installations.sh` from the master directory after edits. Do not hand-edit a runtime copy under `~/.codex`, `~/.claude`, `~/.config/goose`, `~/.config/opencode`, `~/.opencode`, `~/.crush`, `~/.cursor`, `~/.kilocode`, `~/.openhands`, `~/.pi`, or `~/.zed` except as a temporary emergency patch that is immediately backported to the master and resynced.
+Use the operator-declared sync procedure after edits. Do not hand-edit generated runtime copies except as a temporary emergency patch that is immediately backported to the declared source and resynced.
 
-Portable curated skill/session records may live under the skill directory, for example `decisions/YYYY-MM-DD-<slug>.md` and optionally `CHANGELOG.md`. Raw evidence belongs under `.odin/local/audit/<session-id>/` or the declared `evidence_path`. Do not create empty folders just to satisfy policy; create `decisions/` only when writing the first curated decision record.
+Portable curated skill/session records may live under the declared source, for example `decisions/YYYY-MM-DD-<slug>.md` and optionally `CHANGELOG.md`. Raw audit evidence belongs under `.odin/audit/<session-id>/` or the declared `evidence_path`. Do not create empty folders just to satisfy policy; create `decisions/` only when writing the first curated decision record.
 
 ## Non-Negotiables
 
@@ -267,7 +272,7 @@ Team PMs and team ODINs may coordinate laterally when needed, but lateral messag
 
 ODINs must establish a lateral ODIN mesh at bootstrap. `A/EXEC-ODIN` and each `TEAM ODIN` must exchange a short introduction containing role, team, reports-to/coordinates-with chain, team composition, active agent occupants, model/harness/cost tier, known blockers, and next poll time. This is a meta-communication layer, not command authority.
 
-During active execution, `A/EXEC-ODIN` should run an ODIN round-robin health pass on a declared cadence, default 10 minutes unless the user or `EXEC PM` sets another cadence. The executive ODIN starts with its own executive-office health note, sends it to the first team ODIN, and instructs each team ODIN to append its short team composition/status/health note and forward to the next ODIN. The final team ODIN returns the appended packet to `A/EXEC-ODIN`. `A/EXEC-ODIN` compiles the packet, may ask `EXEC DISPATCH` / `SWITCHBOARD` for outstanding communication or waiting-agent notes, then sends a concise status report to `EXEC PM`.
+During active execution, `A/EXEC-ODIN` should run an ODIN round-robin health pass on a declared cadence, default 30 seconds unless the user or `EXEC PM` sets another cadence. The executive ODIN starts with its own executive-office health note, sends it to the first team ODIN, and instructs each team ODIN to append its short team composition/status/health note and forward to the next ODIN. The final team ODIN returns the appended packet to `A/EXEC-ODIN`. `A/EXEC-ODIN` compiles the packet, may ask `EXEC DISPATCH` / `SWITCHBOARD` for outstanding communication or waiting-agent notes, then sends a concise status report to `EXEC PM`.
 
 ODIN mesh reports must stay short by default and include: team, active occupants, provider/model/harness mix, blocked agents, permission waits, plan-mode/quota/provider failures, role breaches, delivery failures, outstanding relays, and recommended intervention. ODINs may request temporary secondment of another control-plane agent through `EXEC PM` when a PM/ODIN lane fails, but they must not directly reassign agents or expand topology without authorization.
 
@@ -660,7 +665,7 @@ If a control-plane pane begins product/source/test implementation, authors worke
 
 Editing canonical skills, adapters, runtime skill copies, sync scripts, lifecycle ledgers, branch state, or policy text is a control-plane governance mutation and requires `[SCP-CONTROL-PLANE-MUTATION]` before or with the mutation. ODIN/control-plane roles must not self-accept governance mutations they authored. Acceptance requires independent QA, user ratification, or explicitly named `EXEC PM` ratification after evidence review. An authorized control-plane mutation may be reported as implemented and validation complete, but remains pending ratification until the named ratifier accepts the evidence.
 
-Canonical SCP audit, research, ODIN, and control-plane outputs must be written under a durable governance path such as `.odin/local/audit/<audit-id>/` or another declared `evidence_path`. `/tmp` may be used for intermediate captures, cache, delivery-proof repair, or mirrors only. Before `[SCP-FINISH]`, any `/tmp` artifact used for a claim must be copied, summarized, hashed, or explicitly declared non-canonical in the durable audit ledger.
+Canonical SCP audit, research, ODIN, and control-plane outputs must be written under a durable governance path such as `.odin/audit/<audit-id>/` or another declared `evidence_path`. `/tmp` may be used for intermediate captures, cache, delivery-proof repair, or mirrors only. Before `[SCP-FINISH]`, any `/tmp` artifact used for a claim must be copied, summarized, hashed, or explicitly declared non-canonical in the durable audit ledger.
 
 `repo_clean` must not be used as shorthand for `governance_clean`. Governance-surface mutations outside the active repository require separate reporting: `external_skill_paths_touched`, `runtime_targets`, `hash_before_after_or_current_hash`, `sync_log_path`, `validation_command`, and `unsynced_or_dirty_runtime_paths`. A clean git worktree proves only the repository checkout state. It does not prove canonical skill, Codex skill, Claude skill, adapter, CMUX runtime, or `/tmp` artifact state.
 
@@ -694,7 +699,7 @@ Continuing past a HALT without remediation is itself a protocol breach. ODIN mus
 
 ### Health Escalation
 
-The ODIN mesh runs round-robin health checks per `odin_mesh.health_round_robin_minutes` (default 10). Per-agent escalation ladder:
+The ODIN mesh runs round-robin health checks per `odin_mesh.health_round_robin_seconds` (default 30). Per-agent escalation ladder:
 
 - **1 missed heartbeat** — warn the affected agent.
 - **2 missed heartbeats** — escalate to `A/EXEC-ODIN` via the mesh aggregator.
@@ -1410,7 +1415,7 @@ git diff --cached --name-status
 
 If upstream is not the declared branch authority, stop before mutation. If `HEAD` and `@{u}` differ for a branch-visible closure claim, stop before mutation.
 
-If excluded or out-of-scope debris appears, especially `project/planning/story-reviews/**`, runtime logs, holdout paths, design artifacts, external memory paths, or non-branchable paths, stop and require `EXEC PM` classification before lifecycle mutation or evidence verdict.
+If excluded or out-of-scope debris appears, especially private story-review planning paths, runtime logs, holdout paths, design artifacts, external memory paths, or non-branchable paths, stop and require `EXEC PM` classification before lifecycle mutation or evidence verdict.
 
 Before any `status: Done`, `PHASE: VERIFIED`, `VERDICT: PASS`, active-to-done move, commit, or push, run the slice/evidence validators required by the dispatch. At minimum for slice/evidence work:
 
@@ -1432,14 +1437,14 @@ If a closure/evidence hook fails after a lifecycle move or verdict attempt, mark
   - Read `00-SCP-protocol.md`, especially sections 0, 6, 7, 8, 10, 18, and 20.
 
 2. Land the package, but do not activate it.
-  - Canonical package path: `project/planning/org/agentic-executive-mgmt/`.
+  - Canonical package path: the operator-declared governance planning package path.
   - Package landing branch: use a deterministic ops branch unless the user supplies another branch.
   - Ledger branch: `ops/ledger` for `ledger.yaml`.
   - If branch topology is ambiguous or conflicts with current repo state, stop and ask the user.
 
 3. Create adoption-gate scaffolding.
-  - `project/planning/org/agentic-executive-mgmt/artifacts/adoption/adoption-gate.md`
-  - `project/planning/org/agentic-executive-mgmt/ledger.yaml`
+  - governance adoption gate artifact
+  - governance ledger artifact
   - `tools/agentic-executive-mgmt/audit/banned-phrases.txt`
   - `tools/agentic-executive-mgmt/qa-review/RUBRIC.md`
   - Other artifact directories required by the SCP package.

package/protocol/closeout.yaml

@@ -1,4 +1,10 @@
-version: 0.2.1
+version: 0.4.7
+active_watch_terminal_states:
+  - RELEASED_BY_OPERATOR
+  - HANDED_OFF
+  - PARKED_IDLE
+  - FAILED
+  - WATCH_UNSUPPORTED
 modes:
   PARK_FOR_CONTINUITY:
     description: Keep role slots open, park occupants, save handoffs, and preserve continuity.

package/protocol/delegation.yaml

@@ -1,4 +1,4 @@
-version: 0.3.0
+version: 0.4.7
 delegation_contract:
   required_fields:
     - receipt_type

package/protocol/model-profiles.yaml

@@ -1,7 +1,61 @@
-version: 0.2.1
+version: 0.4.7
 policy:
   semantics: Recommended starter profiles, not bundled dependencies or availability guarantees.
   runtime_requirement: Users must install and configure their own harnesses. Launchers must verify local harness/model availability before dispatch and apply fallbacks when unavailable.
+  governed_launch_probe_required: true
+  visible_output_timeout_seconds_default: 60
+  provisioning_prompt: Are all intended harnesses provisioned with accounts, plans, API keys, or local inference credentials so they will not malfunction when spun up?
+  zero_secret_output: true
+  secret_provider_status_only:
+    - Doppler
+    - 1Password CLI (op)
+    - environment variable names
+    - direnv
+    - mise
+    - dotenv-style file presence
+    - GitHub auth
+    - local provider config files
+  model_responsiveness_statuses:
+    - MODEL_READY
+    - MODEL_SLOW
+    - MODEL_STALLED
+    - MODEL_REASONING_ONLY
+    - STREAMING_PROTOCOL_MISMATCH
+    - MODEL_UNREACHABLE
+harness_capabilities:
+  Codex:
+    can_hydrate_deferred_mcp_tools_at_boot: true
+    native_skill_invocation: true
+    scp_skill_recommended: true
+  Claude Code:
+    can_hydrate_deferred_mcp_tools_at_boot: true
+    native_skill_invocation: true
+    scp_skill_recommended: true
+  Droid:
+    can_hydrate_deferred_mcp_tools_at_boot: true
+    native_skill_invocation: false
+    scp_skill_recommended: false
+  Goose:
+    local_inference_smoke_test_required: true
+    visible_content_required_within_seconds: 60
+    reasoning_content_only_class: MODEL_REASONING_ONLY
+    streaming_mismatch_class: STREAMING_PROTOCOL_MISMATCH
+  Crush:
+    permission_prompt_class: BLOCKED_BY_PERMISSION
+  OpenHands:
+    missing_inference_credentials_class: BLOCKED_BY_API_KEY
+    provider_config_blocker_class: AUTH_PROVIDER_BLOCKED
+  KiloCode:
+    login_commands:
+      - kilo auth login
+      - /connect
+    login_blocker_class: BLOCKED_BY_LOGIN
+  Pi:
+    role_compatibility_failure_class: ROLE_COMPATIBILITY_FAILED
+  Aider:
+    auth_probe_required: true
+  NanoCoder:
+    auth_probe_required: true
 profiles:
   A/EXEC-PM:
     model: GPT-5.5-class frontier reasoning model

package/protocol/receipts/boot-receipt.yaml

@@ -13,6 +13,42 @@ required_fields:
   - write_scope
   - evidence_path
   - current_task
+receipt_types:
+  - SCP_BOOT_RECEIPT
+  - SCP_MIN_BOOT_RECEIPT
+minimum_compatible_mcp_version: 0.4.5
+field_types:
+  role: string
+  authority_layer: string
+  team: string
+  terminal_locator: string
+  branch: string
+  cwd: string
+  model_harness: string
+  permission_mode: string
+  may_implement: boolean
+  may_qa_accept: boolean
+  reports_to: string
+  write_scope: string_array
+  evidence_path: string
+  current_task: string
+write_scope_policy:
+  empty_array_valid_for:
+    - no current write assignment
+    - may_implement false roles
+    - DEV roles in BOOTSTRAPPED_IDLE before assignment
+  null_policy: invalid; use [] for unassigned scope
+allowed_lifecycle_states:
+  - SURFACE_PROVISIONED
+  - BOOTSTRAPPED_IDLE
+  - ACTIVE_WATCH
+  - VACANT_ROLE_SLOT
+  - AGENT_SUBSTITUTION_REQUIRED
+  - RELEASED_BY_OPERATOR
+  - HANDED_OFF
+  - PARKED_IDLE
+  - FAILED
+  - WATCH_UNSUPPORTED
 recommended_fields:
   - upstream
   - head_sha
@@ -25,6 +61,12 @@ recommended_fields:
   - parent_surface_ref
   - column_index
   - team_letter
+  - lifecycle_state
+  - mcp_version
+  - scp_context_source
+receipt_type_policy:
+  SCP_BOOT_RECEIPT: full governed occupant receipt after role/context/readiness are known
+  SCP_MIN_BOOT_RECEIPT: minimal bootstrap-only receipt for orientation or pre-dispatch identity proof
 staffing_audit:
   description: >-
     For any role outside the executive office (team != "A"), the boot receipt

package/protocol/receipts/team-manifest.yaml

@@ -7,3 +7,44 @@ required_fields:
   - model_profile
   - handoff_sources
   - startup_objectives
+role_slot_schema:
+  required_fields:
+    - role_slot
+    - harness
+    - readiness_status
+    - layout_locator
+    - scp_context_source
+  layout_locator_fields:
+    - workspace
+    - pane
+    - surface
+  readiness_statuses:
+    - PASS
+    - FAIL
+    - WAIVED_BY_EXEC_PM
+    - SUBSTITUTION_APPROVED_BY_EXEC_PM
+    - NON_GOVERNED_ONE_SHOT_ONLY
+    - VACANT_ROLE_SLOT
+watcher_assignments:
+  A/EXEC-ODIN:
+    watches:
+      - executive_office
+      - team_odins
+      - cross_team_drift
+      - missing_receipts
+      - stale_proof
+  TEAM_ODIN:
+    watches:
+      - own_team_pm
+      - own_dev_slots
+      - own_qa_slots
+      - own_shadow_slots
+  A/EXEC-ASST:
+    may_maintain:
+      - delivery_proof_ledger
+      - heartbeat_ledger
+minimum_compatible_mcp_version: 0.4.5
+scp_context_sources:
+  - native sentinel-coordination-protocol skill
+  - odin-sentinel MCP at or above minimum version
+  - full injected SCP protocol text

package/protocol/roles.yaml

@@ -1,10 +1,13 @@
-version: 0.3.0
+version: 0.4.7
 roles:
   EXEC_PM:
     title: EXEC PM
     layer: executive
     may_implement_default: false
     may_qa_accept_default: false
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: executive
     purpose: Intent, priority, authorization, escalation, and claim framing.
     authority:
       sole_staffing_authority:
@@ -38,6 +41,28 @@ roles:
     layer: meta_control
     may_implement_default: false
     may_qa_accept_default: false
+    must_actively_watch: true
+    may_intervene: true
+    authority_layer: meta_control
+    normal_successor_state_after_receipt: ACTIVE_WATCH
+    watch_contract:
+      default_poll_interval_seconds: 30
+      watch_warn_after_seconds: 300
+      stalled_after_seconds: 600
+      watches:
+        - executive_office_health
+        - team_odin_health
+        - cross_team_drift
+        - stale_proof
+        - blocked_panes
+        - context_exhaustion
+        - missing_receipts
+      may_inject_corrective_prompts: true
+      forbidden:
+        - implement product work
+        - QA-accept work
+        - route business priorities
+        - override EXEC PM launch/activation authority
     purpose: Governance health, polling, delivery proof, role boundaries, and closeout hygiene.
     authority:
       intervention_authority:
@@ -80,24 +105,36 @@ roles:
     layer: executive_support
     may_implement_default: false
     may_qa_accept_default: false
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: executive_support
     purpose: Ledger, reminders, pane inventory, artifact index, and delivery checks.
   EXEC_RSCH:
     title: EXEC RSCH
     layer: research
     may_implement_default: false
     may_qa_accept_default: false
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: research
     purpose: Read-only strategy, alternatives, context recovery, and risk analysis.
   EXEC_QA:
     title: EXEC QA
     layer: quality
     may_implement_default: false
     may_qa_accept_default: true
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: quality
     purpose: Independent adversarial audit of process, evidence, closure language, and drift.
   TEAM_PM:
     title: TEAM PM
     layer: pod_control
     may_implement_default: false
     may_qa_accept_default: false
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: pod_control
     purpose: Pod task routing, worker activation, and reporting.
     forbidden_actions:
       - spawn agents on own pod or any other pod
@@ -118,6 +155,28 @@ roles:
     layer: meta_control
     may_implement_default: false
     may_qa_accept_default: false
+    must_actively_watch: true
+    may_intervene: true
+    authority_layer: meta_control
+    normal_successor_state_after_receipt: ACTIVE_WATCH
+    watch_contract:
+      default_poll_interval_seconds: 30
+      watch_warn_after_seconds: 300
+      stalled_after_seconds: 600
+      watches:
+        - own_team_pm
+        - own_dev_slots
+        - own_qa_slots
+        - own_shadow_slots
+      reports_to:
+        - own TEAM PM
+        - A/EXEC-ODIN
+      may_inject_corrective_prompts: true
+      forbidden:
+        - implement product work
+        - QA-accept work
+        - route business priorities
+        - override EXEC PM launch/activation authority
     purpose: Pod health monitoring, polling, blockers, freezes, and lateral ODIN mesh awareness.
     authority:
       intervention_authority:
@@ -152,16 +211,25 @@ roles:
     layer: implementation
     may_implement_default: true
     may_qa_accept_default: false
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: implementation
     purpose: Bounded implementation inside exact write scope with evidence.
   QA_WORKER:
     title: QA WORKER
     layer: quality
     may_implement_default: false
     may_qa_accept_default: true
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: quality
     purpose: Independent verification of worker evidence and acceptance criteria.
   SHADOW_REVIEWER:
     title: SHADOW REVIEWER
     layer: review
     may_implement_default: false
     may_qa_accept_default: false
+    must_actively_watch: false
+    may_intervene: false
+    authority_layer: review
     purpose: Independent critique, risk surfacing, and second-pass review.