@chllming/wave-orchestration 0.6.3 → 0.7.0

package/scripts/wave-orchestrator/wave-control-schema.mjs

@@ -0,0 +1,309 @@
+import crypto from "node:crypto";
+
+export const WAVE_CONTROL_SCHEMA_VERSION = 1;
+export const WAVE_CONTROL_EVENT_KIND = "wave-control-event";
+
+export const WAVE_CONTROL_ENTITY_TYPES = new Set([
+  "task",
+  "proof_bundle",
+  "rerun_request",
+  "attempt",
+  "human_input",
+  "wave_run",
+  "agent_run",
+  "coordination_record",
+  "gate",
+  "artifact",
+  "benchmark_run",
+  "benchmark_item",
+  "verification",
+  "review",
+]);
+
+export const WAVE_CONTROL_RUN_KINDS = new Set([
+  "roadmap",
+  "adhoc",
+  "benchmark",
+  "service",
+  "unknown",
+]);
+
+export const WAVE_CONTROL_UPLOAD_POLICIES = new Set([
+  "local-only",
+  "metadata-only",
+  "selected",
+  "full",
+]);
+
+export const WAVE_CONTROL_REPORT_MODES = new Set([
+  "disabled",
+  "metadata-only",
+  "metadata-plus-selected",
+  "full-artifact-upload",
+]);
+
+export const WAVE_CONTROL_REVIEW_VALIDITIES = new Set([
+  "comparison-valid",
+  "review-only",
+  "benchmark-invalid",
+  "harness-setup-failure",
+  "proof-blocked",
+  "trustworthy-model-failure",
+]);
+
+function normalizeText(value, fallback = null) {
+  const normalized = String(value ?? "").trim();
+  return normalized || fallback;
+}
+
+function normalizeNonNegativeInt(value, fallback = null) {
+  if (value === undefined || value === null || value === "") {
+    return fallback;
+  }
+  const parsed = Number.parseInt(String(value), 10);
+  return Number.isFinite(parsed) && parsed >= 0 ? parsed : fallback;
+}
+
+function normalizeBoolean(value, fallback = false) {
+  if (value === undefined) {
+    return fallback;
+  }
+  return value === true;
+}
+
+function normalizePlainObject(value) {
+  return value && typeof value === "object" && !Array.isArray(value)
+    ? JSON.parse(JSON.stringify(value))
+    : {};
+}
+
+function normalizeStringArray(values) {
+  if (!Array.isArray(values)) {
+    return [];
+  }
+  return Array.from(
+    new Set(
+      values
+        .map((value) => normalizeText(value, null))
+        .filter(Boolean),
+    ),
+  );
+}
+
+function assertEnum(value, allowed, label) {
+  if (!allowed.has(value)) {
+    throw new Error(`${label} must be one of ${Array.from(allowed).join(", ")} (got: ${value || "empty"})`);
+  }
+}
+
+function defaultId(prefix, value) {
+  const hash = crypto.createHash("sha1").update(String(value || "")).digest("hex").slice(0, 16);
+  return `${prefix}-${hash}`;
+}
+
+export function stableJsonStringify(value) {
+  return JSON.stringify(sortJsonValue(value));
+}
+
+function sortJsonValue(value) {
+  if (Array.isArray(value)) {
+    return value.map((entry) => sortJsonValue(entry));
+  }
+  if (value && typeof value === "object") {
+    return Object.fromEntries(
+      Object.keys(value)
+        .sort()
+        .map((key) => [key, sortJsonValue(value[key])]),
+    );
+  }
+  return value;
+}
+
+export function buildWaveControlConfigAttestationHash(value) {
+  return crypto.createHash("sha256").update(stableJsonStringify(value)).digest("hex");
+}
+
+export function normalizeWaveControlUploadPolicy(
+  value,
+  label = "waveControl.uploadPolicy",
+  fallback = "metadata-only",
+) {
+  const normalized = normalizeText(value, fallback)?.toLowerCase() || fallback;
+  assertEnum(normalized, WAVE_CONTROL_UPLOAD_POLICIES, label);
+  return normalized;
+}
+
+export function normalizeWaveControlReportMode(
+  value,
+  label = "waveControl.reportMode",
+  fallback = "metadata-plus-selected",
+) {
+  const normalized = normalizeText(value, fallback)?.toLowerCase() || fallback;
+  assertEnum(normalized, WAVE_CONTROL_REPORT_MODES, label);
+  return normalized;
+}
+
+export function normalizeWaveControlReviewValidity(
+  value,
+  label = "waveControl.reviewValidity",
+  fallback = "review-only",
+) {
+  const normalized = normalizeText(value, fallback)?.toLowerCase() || fallback;
+  assertEnum(normalized, WAVE_CONTROL_REVIEW_VALIDITIES, label);
+  return normalized;
+}
+
+export function normalizeWaveControlRunKind(
+  value,
+  label = "waveControl.runKind",
+  fallback = "unknown",
+) {
+  const normalized = normalizeText(value, fallback)?.toLowerCase() || fallback;
+  assertEnum(normalized, WAVE_CONTROL_RUN_KINDS, label);
+  return normalized;
+}
+
+export function normalizeWaveControlRunIdentity(rawIdentity = {}, defaults = {}) {
+  const source = normalizePlainObject(rawIdentity);
+  const fallback = normalizePlainObject(defaults);
+  return {
+    workspaceId: normalizeText(source.workspaceId, normalizeText(fallback.workspaceId, null)),
+    projectId: normalizeText(source.projectId, normalizeText(fallback.projectId, null)),
+    runId: normalizeText(source.runId, normalizeText(fallback.runId, null)),
+    runKind: normalizeWaveControlRunKind(
+      source.runKind,
+      "waveControl.runKind",
+      normalizeText(fallback.runKind, "unknown"),
+    ),
+    lane: normalizeText(source.lane, normalizeText(fallback.lane, null)),
+    wave: normalizeNonNegativeInt(source.wave, normalizeNonNegativeInt(fallback.wave, null)),
+    attempt: normalizeNonNegativeInt(
+      source.attempt,
+      normalizeNonNegativeInt(fallback.attempt, null),
+    ),
+    agentId: normalizeText(source.agentId, normalizeText(fallback.agentId, null)),
+    orchestratorId: normalizeText(
+      source.orchestratorId,
+      normalizeText(fallback.orchestratorId, null),
+    ),
+    runtimeVersion: normalizeText(
+      source.runtimeVersion,
+      normalizeText(fallback.runtimeVersion, null),
+    ),
+    benchmarkRunId: normalizeText(
+      source.benchmarkRunId,
+      normalizeText(fallback.benchmarkRunId, null),
+    ),
+    benchmarkItemId: normalizeText(
+      source.benchmarkItemId,
+      normalizeText(fallback.benchmarkItemId, null),
+    ),
+  };
+}
+
+export function normalizeWaveControlArtifactDescriptor(rawArtifact = {}, defaults = {}) {
+  const source = normalizePlainObject(rawArtifact);
+  const fallback = normalizePlainObject(defaults);
+  const path = normalizeText(source.path, normalizeText(fallback.path, null));
+  const kind = normalizeText(source.kind, normalizeText(fallback.kind, "artifact"));
+  const descriptor = {
+    path,
+    kind,
+    required: normalizeBoolean(source.required, Boolean(fallback.required)),
+    present:
+      source.present === undefined
+        ? normalizeBoolean(fallback.present, false)
+        : normalizeBoolean(source.present, false),
+    sha256: normalizeText(source.sha256, normalizeText(fallback.sha256, null)),
+    bytes: normalizeNonNegativeInt(source.bytes, normalizeNonNegativeInt(fallback.bytes, null)),
+    contentType: normalizeText(source.contentType, normalizeText(fallback.contentType, null)),
+    uploadPolicy: normalizeWaveControlUploadPolicy(
+      source.uploadPolicy,
+      "waveControl.artifact.uploadPolicy",
+      normalizeText(fallback.uploadPolicy, "metadata-only"),
+    ),
+    label: normalizeText(source.label, normalizeText(fallback.label, null)),
+    recordedAt: normalizeText(source.recordedAt, normalizeText(fallback.recordedAt, null)),
+  };
+  return {
+    artifactId:
+      normalizeText(source.artifactId, normalizeText(fallback.artifactId, null)) ||
+      defaultId("artifact", stableJsonStringify({ path, kind, sha256: descriptor.sha256 })),
+    ...descriptor,
+  };
+}
+
+export function normalizeWaveControlEventEnvelope(rawEvent = {}, defaults = {}) {
+  const source = normalizePlainObject(rawEvent);
+  const fallback = normalizePlainObject(defaults);
+  const entityType = normalizeText(source.entityType, normalizeText(fallback.entityType, null))?.toLowerCase();
+  assertEnum(entityType, WAVE_CONTROL_ENTITY_TYPES, "waveControl.entityType");
+  const entityId = normalizeText(source.entityId, normalizeText(fallback.entityId, null));
+  const action = normalizeText(source.action, normalizeText(fallback.action, null))?.toLowerCase();
+  if (!entityId) {
+    throw new Error("waveControl.entityId is required");
+  }
+  if (!action) {
+    throw new Error("waveControl.action is required");
+  }
+  const recordedAt = normalizeText(
+    source.recordedAt,
+    normalizeText(fallback.recordedAt, new Date().toISOString()),
+  );
+  const identity = normalizeWaveControlRunIdentity(
+    source.identity,
+    fallback.identity || {
+      workspaceId: fallback.workspaceId,
+      projectId: fallback.projectId,
+      runId: fallback.runId,
+      runKind: fallback.runKind,
+      lane: fallback.lane,
+      wave: fallback.wave,
+      attempt: fallback.attempt,
+      agentId: fallback.agentId,
+      orchestratorId: fallback.orchestratorId,
+      runtimeVersion: fallback.runtimeVersion,
+      benchmarkRunId: fallback.benchmarkRunId,
+      benchmarkItemId: fallback.benchmarkItemId,
+    },
+  );
+  const artifacts = (Array.isArray(source.artifacts) ? source.artifacts : fallback.artifacts || [])
+    .map((artifact) => normalizeWaveControlArtifactDescriptor(artifact))
+    .filter((artifact) => artifact.path || artifact.sha256 || artifact.kind);
+  const payload = {
+    schemaVersion: WAVE_CONTROL_SCHEMA_VERSION,
+    kind: WAVE_CONTROL_EVENT_KIND,
+    id:
+      normalizeText(source.id, normalizeText(fallback.id, null)) ||
+      defaultId(
+        "wctl",
+        stableJsonStringify({
+          workspaceId: identity.workspaceId,
+          projectId: identity.projectId,
+          runId: identity.runId,
+          lane: identity.lane,
+          wave: identity.wave,
+          attempt: identity.attempt,
+          orchestratorId: identity.orchestratorId,
+          runtimeVersion: identity.runtimeVersion,
+          entityType,
+          entityId,
+          action,
+          recordedAt,
+        }),
+      ),
+    category: normalizeText(source.category, normalizeText(fallback.category, "runtime")),
+    source: normalizeText(source.source, normalizeText(fallback.source, "wave")),
+    actor: normalizeText(source.actor, normalizeText(fallback.actor, null)),
+    recordedAt,
+    entityType,
+    entityId,
+    action,
+    identity,
+    tags: normalizeStringArray(source.tags ?? fallback.tags),
+    metrics: normalizePlainObject(source.metrics ?? fallback.metrics),
+    data: normalizePlainObject(source.data ?? fallback.data),
+    artifacts,
+  };
+  return payload;
+}

package/scripts/wave-orchestrator/wave-files.mjs

@@ -1866,12 +1866,24 @@ function mergeUniqueStringArrays(...lists) {
   );
 }
 
+function mergeDefinedExecutorValues(...sections) {
+  const merged = {};
+  for (const section of sections) {
+    if (!section || typeof section !== "object") {
+      continue;
+    }
+    for (const [key, value] of Object.entries(section)) {
+      if (value === null || value === undefined) {
+        continue;
+      }
+      merged[key] = cloneExecutorValue(value);
+    }
+  }
+  return merged;
+}
+
 function mergeExecutorSections(baseSection, profileSection, inlineSection, arrayKeys = []) {
-  const merged = {
-    ...(cloneExecutorValue(baseSection) || {}),
-    ...(cloneExecutorValue(profileSection) || {}),
-    ...(cloneExecutorValue(inlineSection) || {}),
-  };
+  const merged = mergeDefinedExecutorValues(baseSection, profileSection, inlineSection);
   for (const key of arrayKeys) {
     const mergedArray = mergeUniqueStringArrays(
       baseSection?.[key],

package/scripts/wave.mjs

@@ -24,7 +24,10 @@ function printHelp() {
   wave feedback [feedback options]
   wave dashboard [dashboard options]
   wave local [local executor options]
+  wave control [control-plane options]
   wave coord [coordination options]
+  wave retry [retry control options]
+  wave proof [proof registry options]
   wave dep [dependency options]
   wave benchmark [benchmark options]
 
@@ -102,6 +105,14 @@ if (["init", "upgrade", "self-update", "changelog", "doctor"].includes(subcomman
     console.error(`[wave] ${error instanceof Error ? error.message : String(error)}`);
     process.exit(1);
   }
+} else if (subcommand === "control") {
+  try {
+    const { runControlCli } = await import("./wave-orchestrator/control-cli.mjs");
+    await runControlCli(rest);
+  } catch (error) {
+    console.error(`[wave] ${error instanceof Error ? error.message : String(error)}`);
+    process.exit(1);
+  }
 } else if (subcommand === "coord") {
   try {
     const { runCoordinationCli } = await import("./wave-orchestrator/coord-cli.mjs");
@@ -110,6 +121,22 @@ if (["init", "upgrade", "self-update", "changelog", "doctor"].includes(subcomman
     console.error(`[wave] ${error instanceof Error ? error.message : String(error)}`);
     process.exit(1);
   }
+} else if (subcommand === "retry") {
+  try {
+    const { runRetryCli } = await import("./wave-orchestrator/retry-cli.mjs");
+    await runRetryCli(rest);
+  } catch (error) {
+    console.error(`[wave] ${error instanceof Error ? error.message : String(error)}`);
+    process.exit(1);
+  }
+} else if (subcommand === "proof") {
+  try {
+    const { runProofCli } = await import("./wave-orchestrator/proof-cli.mjs");
+    await runProofCli(rest);
+  } catch (error) {
+    console.error(`[wave] ${error instanceof Error ? error.message : String(error)}`);
+    process.exit(1);
+  }
 } else if (subcommand === "dep") {
   try {
     const { runDependencyCli } = await import("./wave-orchestrator/dep-cli.mjs");

package/skills/repo-coding-rules/SKILL.md

@@ -21,6 +21,7 @@ Before editing any file, confirm:
 5. If the file has a corresponding test file, you will update or extend tests to cover your change.
 6. You have checked for other files that import or depend on the symbols you are changing.
 7. If the file is a config file (JSON, YAML), you have validated the resulting structure is well-formed.
+8. You are not editing generated runtime state (coordination logs, control-plane events, proof registries, trace bundles, dashboards). These are managed by the launcher and operator tooling.
 
 ## Change Hygiene
 

package/skills/role-cont-eval/SKILL.md

@@ -31,6 +31,7 @@ Execute these steps in order:
 - Prefer **targeted changes** over broad rewrites. Each change should address a specific gap identified in the review step.
 - Never skip the rerun step. Every change must be validated.
 - If a tune step introduces a regression in another target, revert the change and record the trade-off.
+- Summaries and inboxes may refresh during execution. Re-read context before each iteration to pick up new evidence or coordination records from other agents.
 
 ## Benchmark Recording
 

package/skills/role-cont-qa/SKILL.md

@@ -16,13 +16,16 @@ Use this skill when the agent is the wave's final cont-QA closure steward.
 
 Execute these steps in order. Do not skip steps.
 
-1. **Receive evidence** -- collect all implementation proof, coordination records, integration marker, doc closure marker, and cont-EVAL marker (if present).
-2. **Review vs exit contracts** -- walk each agent's exit contract line by line. For each line, confirm a proof artifact backs it. Record pass or gap.
+1. **Receive evidence** -- collect all implementation proof, coordination records, integration marker, doc closure marker, cont-EVAL marker (if present), and security marker (if present).
+2. **Review vs exit contracts** -- walk each agent's exit contract line by line. For each line, confirm a proof artifact backs it. Record pass or gap. When the wave declares `### Proof artifacts`, verify those machine-visible artifacts are present.
 3. **Review vs promotions** -- walk each declared component promotion. Confirm evidence shows the component reached the declared target level, not just that adjacent code landed.
-4. **Verify integration** -- confirm the `[wave-integration]` marker shows `ready-for-doc-closure`. Check that no later coordination records contradict it.
-5. **Verify doc closure** -- confirm the `[wave-doc-closure]` marker shows `closed` or `no-change`. If `no-change`, verify the reasoning is valid given what the wave changed.
-6. **Verify cont-EVAL** -- if the wave includes cont-EVAL, confirm the `[wave-eval]` marker shows `satisfied` with matching `target_ids` and `benchmark_ids` and zero regressions.
-7. **Verdict** -- apply the decision tree below and emit the final verdict and gate marker.
+4. **Verify proof registry** -- check whether operator-registered proof bundles exist. Confirm they are `active` (not `revoked` or `superseded`). Only active bundles count as evidence.
+5. **Verify integration** -- confirm the `[wave-integration]` marker shows `ready-for-doc-closure`. Check that no later coordination records contradict it.
+6. **Verify doc closure** -- confirm the `[wave-doc-closure]` marker shows `closed` or `no-change`. If `no-change`, verify the reasoning is valid given what the wave changed.
+7. **Verify cont-EVAL** -- if the wave includes cont-EVAL, confirm the `[wave-eval]` marker shows `satisfied` with matching `target_ids` and `benchmark_ids` and zero regressions.
+8. **Verify security** -- if the wave includes a security review, confirm the `[wave-security]` marker shows `clear` or `concerns`. A `blocked` marker prevents closure.
+9. **Verify no pending rerun** -- confirm no active rerun request is outstanding. An uncleared rerun blocks closure.
+10. **Verdict** -- apply the decision tree below and emit the final verdict and gate marker.
 
 ## Evidence Review Checklist
 
@@ -38,6 +41,10 @@ Walk each item. Any unchecked item is a potential blocker.
 - [ ] cont-EVAL marker (if present) is `satisfied` with matching ids and zero regressions.
 - [ ] Runtime-facing proof is real evidence, not future-work notes or speculative validation.
 - [ ] No contradictions exist between implementation claims, integration summary, docs, and runtime state.
+- [ ] Declared `### Proof artifacts` (if present) exist as files.
+- [ ] Proof registry bundles are `active`, not `revoked` or `superseded`.
+- [ ] No active rerun request is pending.
+- [ ] Security marker (if present) shows `clear` or `concerns`, not `blocked`.
 
 ## Verdict Decision Tree
 

package/skills/role-deploy/SKILL.md

@@ -67,6 +67,7 @@ When rollback is necessary:
 4. Emit a `[deploy-status]` marker with `state=rolled-back`.
 5. Post a coordination record so integration and cont-QA see the rollback.
 6. Do not claim the deploy surface is healthy after a rollback. The wave's deploy exit contract is not met.
+7. If a rollback occurs, any operator-registered proof that relied on the deployed state should be superseded or revoked via `wave control proof supersede` or `wave control proof revoke`.
 
 ## Marker Format
 

package/skills/role-documentation/SKILL.md

@@ -30,6 +30,8 @@ These docs are your responsibility when the wave changes their content:
 | `docs/plans/component-cutover-matrix.md` and `.json` | Component maturity levels advance, new components are declared, or next-safe assumptions change. |
 | `docs/roadmap.md` | Roadmap items are completed, reordered, or newly added. |
 | `docs/reference/migration-*.md` | Migration steps are added, changed, or completed. |
+| `CHANGELOG.md` | Feature, fix, or behavioral changes ship in a new version. |
+| `docs/plans/wave-orchestrator.md` | Runtime behavior, CLI surface, or configuration changes. |
 
 These docs are **not** your responsibility:
 
@@ -37,6 +39,8 @@ These docs are **not** your responsibility:
 - Role definition docs under `docs/agents/` are updated by the orchestrator or planner, not by the wave documentation steward.
 - Research docs under `docs/research/` stay with the research role.
 
+When an ad-hoc run reports a shared-plan delta, documentation closure still queues the canonical shared-plan docs alongside the ad-hoc closure report.
+
 ## No-Change Protocol
 
 When a wave does not require shared-plan doc updates:

package/skills/role-implementation/SKILL.md

@@ -21,11 +21,14 @@ Follow this sequence for each deliverable in your exit contract:
    - Tests that pass and cover the changed behavior.
    - Generated artifacts (built output, schemas, configs) that exist on disk.
    - Structured markers or summaries when the deliverable is not purely code.
+   - If the wave declares `### Proof artifacts`, ensure those machine-visible local files are present before closure.
 5. **Run tests** -- execute `pnpm test` or the repo's declared test command. Fix any regressions your changes introduced.
 6. **Verify exit contract** -- walk each line of your exit contract and confirm a proof artifact backs it. If any line lacks proof, either produce it or post a coordination record explaining the gap.
 7. **Coordination record** -- post a record summarizing what landed, what proof exists, and any downstream impacts on integration or documentation.
 8. **Handoff** -- if your work affects another agent's scope (interface changes, new dependencies, shifted proof expectations), post an explicit handoff naming the affected agent, files, and fields.
 
+Note: summaries and inboxes may refresh during execution. Re-read context before major decisions rather than relying on the initial snapshot.
+
 ## Proof Standards
 
 - **Tests pass**: name the exact test file and the command that runs it. Example: "test/wave-orchestrator/planner.test.ts passes via pnpm test".
@@ -45,6 +48,7 @@ Post a coordination record immediately when any of these occur:
 - **Dependency**: your deliverable depends on another agent's work landing first.
 - **Proof gap**: you cannot produce the required proof for an exit contract line and need help.
 - **Completion**: you have finished all deliverables and want downstream agents (integration, documentation) to proceed.
+- **Helper assignment received**: you received a targeted request from another agent. Acknowledge it promptly; unacknowledged requests become overdue and may be rerouted.
 
 ## Exit Contract Verification
 

package/skills/role-infra/SKILL.md

@@ -18,7 +18,8 @@ Execute these steps for each infra surface assigned in the wave:
 2. **Verify each surface** -- check the current state of each surface against the required state.
 3. **Classify state** -- assign a status to each surface using the classification system below.
 4. **Emit markers** -- produce one `[infra-status]` marker per surface verified.
-5. **Coordinate** -- post coordination records for any surface that blocks other agents or requires human approval.
+5. **Coordinate** -- post coordination records for any surface that blocks other agents or requires human approval. Use targeted requests so the finding becomes a helper assignment with an explicit owner.
+6. **Check dependencies** -- if the wave has inbound cross-lane dependency tickets, verify they are resolved before declaring infra conformance.
 
 ## Verification Surfaces
 

package/skills/role-integration/SKILL.md

@@ -14,15 +14,17 @@
 
 Execute these steps in order:
 
-1. **Collect evidence** -- re-read the compiled shared summary, your inbox, the board projection, and all coordination records posted by implementation agents and cont-EVAL (if present).
+1. **Collect evidence** -- re-read the compiled shared summary, your inbox, the board projection, and all coordination records posted by implementation agents and cont-EVAL (if present). Summaries refresh during execution, so use the latest version.
 2. **Check contradictions** -- identify claims from different agents that conflict (e.g., two agents claiming the same file, incompatible interface assumptions, inconsistent status claims).
-3. **Verify proof gaps** -- walk each agent's exit contract and confirm proof artifacts exist. Flag any exit contract line that lacks durable evidence.
+3. **Verify proof gaps** -- walk each agent's exit contract and confirm proof artifacts exist. Flag any exit contract line that lacks durable evidence. When the wave declares `### Proof artifacts`, verify those artifacts are present. Check the proof registry for any revoked or superseded bundles that no longer satisfy closure.
 4. **Check helper assignments** -- verify that every helper assignment posted during the wave has a linked resolution or explicit follow-up.
 5. **Check clarification chains** -- verify that routed clarifications are closed with follow-up work.
-6. **Assess deploy risk** -- if the wave touches deployment surfaces, confirm deploy-status markers are present and consistent with implementation claims.
-7. **Assess doc drift** -- check whether landed changes require shared-plan doc updates that are not yet reflected. Flag drift for the documentation steward.
-8. **Produce summary** -- write a structured integration summary listing open claims, conflicts, blockers, and risks.
-9. **Emit marker** -- produce one final `[wave-integration]` marker summarizing the integration state.
+6. **Check rerun requests** -- verify that no active rerun request is pending. An uncleared rerun request blocks closure.
+7. **Check dependency tickets** -- verify that all inbound cross-lane dependency tickets are resolved or explicitly deferred with reasoning.
+8. **Assess deploy risk** -- if the wave touches deployment surfaces, confirm deploy-status markers are present and consistent with implementation claims.
+9. **Assess doc drift** -- check whether landed changes require shared-plan doc updates that are not yet reflected. Flag drift for the documentation steward.
+10. **Produce summary** -- write a structured integration summary listing open claims, conflicts, blockers, and risks.
+11. **Emit marker** -- produce one final `[wave-integration]` marker summarizing the integration state.
 
 ## Synthesis Checklist
 
@@ -37,6 +39,9 @@ Review each item. Any failure means the wave is `needs-more-work`:
 - [ ] Clarification chains are closed.
 - [ ] cont-EVAL marker (if present) shows `satisfied` with matching ids.
 - [ ] Deploy-status markers (if present) show `healthy` or have explicit downgrade reasoning.
+- [ ] Cross-lane dependency tickets are resolved or explicitly deferred.
+- [ ] No active rerun request is pending (check via `wave control rerun get`).
+- [ ] Proof registry bundles are active, not revoked or superseded.
 
 ## Contradiction Resolution
 
@@ -55,8 +60,10 @@ The integration summary should be structured and machine-readable. Include:
 1. **Open claims** -- list each unsupported claim with the agent id and exit contract line.
 2. **Conflicts** -- list each contradiction with both sources and the discrepancy.
 3. **Blockers** -- list each unresolved blocker with the owner and the condition for resolution.
-4. **Deploy risks** -- list any deploy surfaces that are not healthy or verified.
-5. **Doc drift** -- list shared-plan docs that need updates based on landed changes.
+4. **Dependencies** -- list unresolved cross-lane dependency tickets with owner lane and status.
+5. **Deploy risks** -- list any deploy surfaces that are not healthy or verified.
+6. **Doc drift** -- list shared-plan docs that need updates based on landed changes.
+7. **Proof state** -- list any proof bundles that are revoked or superseded, and any declared proof artifacts that are missing.
 
 Keep the summary concise enough to drive relaunch decisions. Do not pad with observations that do not affect closure.
 

package/skills/role-planner/SKILL.md

@@ -0,0 +1,39 @@
+# Planner Role
+
+Use this skill when the agent is producing a future wave or multi-wave roadmap packet.
+
+## Core Rules
+
+- Stay read-only during planning.
+- Turn simple requests into explicit wave contracts, not broad prose.
+- Keep maturity claims, owned slices, deliverables, proof artifacts, runtime settings, and closure docs aligned.
+- Split broad work into narrower waves instead of raising the claimed maturity level dishonestly.
+- Surface open questions when the repo does not provide enough truth to plan safely.
+
+## Planning Checklist
+
+For each proposed wave, answer these explicitly:
+
+1. What exact maturity level is being claimed?
+2. Which exact components are being promoted?
+3. Which implementation owners map to those promoted components?
+4. Which exact deliverables prove each owned slice?
+5. Which exact proof artifacts are required? Declare them in `### Proof artifacts` for machine-visible validation.
+6. Who owns live proof, if the target is `pilot-live` or above?
+7. What must A8, A9, and A0 reject if the wave lands incompletely?
+8. Which shared-plan docs must change when the wave closes?
+9. Which executor, model, budget, retry policy, and Context7 settings reduce avoidable failure?
+10. Does this work require cross-lane dependency tickets?
+
+## Maturity Rules
+
+- Default to one honest maturity jump per component per wave.
+- `repo-landed` means repo-local code, tests, and docs prove the claim.
+- `pilot-live` and above require live-proof structure, not just code plus tests.
+- Do not let “the code exists” become “the deployment works”.
+
+## Output Rules
+
+- Emit structured JSON only.
+- Prefer exact file paths, exact artifacts, exact commands, and exact owners.
+- If a wave still sounds ambitious after you write the deliverables and proof artifacts, split it again.

package/skills/role-planner/skill.json

@@ -0,0 +1,21 @@
+{
+  "id": "role-planner",
+  "title": "Planner Role",
+  "description": "Guides the read-only planner through maturity selection, wave splitting, ownership mapping, proof design, runtime pinning, and closure-ready planning output.",
+  "activation": {
+    "when": "Attach when a planner agent is generating future waves or a reviewable roadmap packet from a simple task request.",
+    "roles": [],
+    "runtimes": [],
+    "deployKinds": []
+  },
+  "termination": "Stop when the plan, verifier notes, and open questions are explicit enough for review or apply.",
+  "permissions": {
+    "network": [],
+    "shell": [],
+    "mcpServers": []
+  },
+  "trust": {
+    "tier": "repo-owned"
+  },
+  "evalCases": []
+}

package/skills/role-research/SKILL.md

@@ -53,6 +53,7 @@ Escalate to the integration steward or post a coordination record when:
 - Uncertainty is high enough that proceeding without resolution could cause rework.
 - The research question requires access to systems or files outside your declared scope.
 - An external dependency has a breaking change, deprecation, or security advisory.
+- A finding affects a cross-lane dependency that may need a dependency ticket.
 
 ## Customization
 

package/skills/role-security/SKILL.md

@@ -18,9 +18,9 @@ Execute these steps in order:
 2. **Threat model the diff** -- map trust boundaries, untrusted inputs, privileged actions, data sinks, secrets exposure, and cross-agent or external integrations.
 3. **Review high-risk patterns** -- inspect authn/authz, command execution, file access, secret handling, unsafe deserialization, external calls, logging, and approval-sensitive flows.
 4. **Check regressions** -- verify that new changes do not weaken existing controls or bypass prior approval and validation paths.
-5. **Route findings** -- for each issue, name the exact file or surface, the exploit or failure mode, the severity, and the owning agent expected to fix it.
+5. **Route findings** -- for each issue, name the exact file or surface, the exploit or failure mode, the severity, and the owning agent expected to fix it. Use targeted coordination requests so the finding becomes a helper assignment.
 6. **Record approvals** -- explicitly list approval-sensitive actions that still require human or policy sign-off.
-7. **Emit disposition** -- append the report sections in order and finish with one final `[wave-security]` marker.
+7. **Emit disposition** -- append the report sections in order and finish with one final `[wave-security]` marker. Security closure runs before integration, so a `blocked` marker prevents the entire closure sequence from advancing.
 
 ## Review Checklist
 

package/skills/runtime-claude/SKILL.md

@@ -49,11 +49,12 @@ All three layers are binding. When they conflict, prefer the compiled task promp
 
 ## Context Management
 
-- Re-read the shared summary and inbox before starting work and before emitting final markers.
+- Re-read the shared summary and inbox before starting work and before emitting final markers. Summaries and inboxes may refresh during execution via the live orchestration loop, so re-read before major decisions.
 - Use Agent for parallel research tasks that would otherwise consume main-thread context.
 - Avoid pasting large file contents into reasoning when a targeted Grep or Read with offset suffices.
 - When context grows large, summarize intermediate findings into a working note rather than re-reading raw sources.
 - Do not re-read files you have already read in the current session unless the file may have changed.
+- Do not edit files under `.tmp/` (coordination logs, control-plane events, proof registries, dashboards, traces). These are managed by the launcher and operator tooling.
 
 ## Customization