@deftai/directive-content 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (250) hide show
  1. package/.agents/skills/deft/SKILL.md +6 -0
  2. package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
  3. package/.agents/skills/deft-directive-build/SKILL.md +10 -0
  4. package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
  5. package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
  6. package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
  7. package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
  8. package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
  9. package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
  10. package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
  11. package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
  12. package/.agents/skills/deft-directive-release/SKILL.md +12 -0
  13. package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
  14. package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
  15. package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
  16. package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
  17. package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
  18. package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
  19. package/LICENSE.md +22 -0
  20. package/QUICK-START.md +167 -0
  21. package/UPGRADING.md +517 -0
  22. package/coding/build-output.md +28 -0
  23. package/coding/coding.md +235 -0
  24. package/coding/debugging.md +110 -0
  25. package/coding/holzmann.md +96 -0
  26. package/coding/hygiene.md +127 -0
  27. package/coding/security.md +158 -0
  28. package/coding/testing.md +162 -0
  29. package/coding/toolchain.md +44 -0
  30. package/commands.md +300 -0
  31. package/context/context.md +57 -0
  32. package/context/deterministic-split.md +67 -0
  33. package/context/examples.md +26 -0
  34. package/context/fractal-summaries.md +69 -0
  35. package/context/long-horizon.md +46 -0
  36. package/context/spec-deltas.md +177 -0
  37. package/context/tool-design.md +34 -0
  38. package/context/working-memory.md +62 -0
  39. package/contracts/boundary-maps.md +65 -0
  40. package/contracts/deterministic-questions.md +59 -0
  41. package/contracts/hierarchy.md +77 -0
  42. package/conventions/content-manifest.json +399 -0
  43. package/conventions/machine-generated-banner.md +130 -0
  44. package/conventions/references.md +120 -0
  45. package/conventions/rule-ownership.json +382 -0
  46. package/conventions/task-caching.md +43 -0
  47. package/conventions/vbrief-filenames.md +70 -0
  48. package/deployments/README.md +37 -0
  49. package/deployments/agentuity/README.md +138 -0
  50. package/deployments/agentuity/via-cli.md +380 -0
  51. package/deployments/agentuity/via-cloud.md +425 -0
  52. package/deployments/agentuity/via-github-actions.md +664 -0
  53. package/deployments/agentuity/via-gravity-network.md +606 -0
  54. package/deployments/agentuity/via-vpc.md +607 -0
  55. package/deployments/aws/README.md +38 -0
  56. package/deployments/aws/via-app-runner.md +612 -0
  57. package/deployments/aws/via-ecs-fargate.md +561 -0
  58. package/deployments/aws/via-elastic-beanstalk.md +628 -0
  59. package/deployments/aws/via-lambda.md +649 -0
  60. package/deployments/azure/README.md +37 -0
  61. package/deployments/azure/via-aks.md +390 -0
  62. package/deployments/azure/via-app-service.md +564 -0
  63. package/deployments/azure/via-container-apps.md +599 -0
  64. package/deployments/azure/via-functions.md +552 -0
  65. package/deployments/cloud-gov/README.md +63 -0
  66. package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
  67. package/deployments/cloud-gov/agents.md +39 -0
  68. package/deployments/cloud-gov/cicd.md +64 -0
  69. package/deployments/cloud-gov/deployment.md +150 -0
  70. package/deployments/cloud-gov/logging.md +43 -0
  71. package/deployments/cloud-gov/manifest.md +121 -0
  72. package/deployments/cloud-gov/overview.md +58 -0
  73. package/deployments/cloud-gov/security.md +46 -0
  74. package/deployments/cloud-gov/services.md +72 -0
  75. package/deployments/cloud-gov/upstream/README.md +18 -0
  76. package/deployments/cloudflare/README.md +33 -0
  77. package/deployments/cloudflare/via-dashboard.md +83 -0
  78. package/deployments/cloudflare/via-git.md +90 -0
  79. package/deployments/cloudflare/via-github-actions.md +185 -0
  80. package/deployments/cloudflare/via-terraform.md +157 -0
  81. package/deployments/cloudflare/via-wrangler.md +165 -0
  82. package/deployments/fly-io/README.md +37 -0
  83. package/deployments/fly-io/via-dockerfile.md +648 -0
  84. package/deployments/fly-io/via-flyctl.md +653 -0
  85. package/deployments/fly-io/via-github-actions.md +695 -0
  86. package/deployments/fly-io/via-multi-region.md +598 -0
  87. package/deployments/google/README.md +34 -0
  88. package/deployments/google/via-app-engine.md +42 -0
  89. package/deployments/google/via-cloud-functions.md +23 -0
  90. package/deployments/google/via-cloud-run.md +330 -0
  91. package/deployments/google/via-gke.md +23 -0
  92. package/deployments/netlify/README.md +99 -0
  93. package/deployments/netlify/via-cli.md +17 -0
  94. package/deployments/netlify/via-functions.md +19 -0
  95. package/deployments/netlify/via-git.md +25 -0
  96. package/deployments/vercel/README.md +90 -0
  97. package/deployments/vercel/via-api.md +16 -0
  98. package/deployments/vercel/via-cli.md +17 -0
  99. package/deployments/vercel/via-git.md +24 -0
  100. package/docs/BROWNFIELD.md +179 -0
  101. package/docs/getting-started.md +137 -0
  102. package/docs/good-agents-md.md +137 -0
  103. package/events/README.md +89 -0
  104. package/events/event-record.schema.json +26 -0
  105. package/events/registry.json +166 -0
  106. package/events/registry.schema.json +71 -0
  107. package/glossary.md +145 -0
  108. package/incidents/README.md +81 -0
  109. package/incidents/_template.md +38 -0
  110. package/interfaces/cli.md +104 -0
  111. package/interfaces/rest.md +212 -0
  112. package/interfaces/tui.md +242 -0
  113. package/interfaces/web.md +123 -0
  114. package/languages/6502-DASM.md +132 -0
  115. package/languages/c.md +235 -0
  116. package/languages/commands.md +23 -0
  117. package/languages/cpp.md +132 -0
  118. package/languages/csharp.md +259 -0
  119. package/languages/dart.md +183 -0
  120. package/languages/delphi.md +218 -0
  121. package/languages/elixir.md +208 -0
  122. package/languages/go.md +78 -0
  123. package/languages/java.md +278 -0
  124. package/languages/javascript.md +163 -0
  125. package/languages/julia.md +175 -0
  126. package/languages/kotlin.md +193 -0
  127. package/languages/markdown.md +168 -0
  128. package/languages/mermaid.md +146 -0
  129. package/languages/officejs.md +392 -0
  130. package/languages/python.md +209 -0
  131. package/languages/r.md +163 -0
  132. package/languages/rust.md +216 -0
  133. package/languages/sql.md +216 -0
  134. package/languages/swift.md +153 -0
  135. package/languages/typescript.md +132 -0
  136. package/languages/vba.md +279 -0
  137. package/languages/vhdl.md +180 -0
  138. package/languages/visual-basic.md +151 -0
  139. package/languages/zig.md +196 -0
  140. package/meta/SOUL.md +27 -0
  141. package/meta/code-field.md +44 -0
  142. package/meta/morals.md +40 -0
  143. package/meta/philosophy.md +39 -0
  144. package/meta/project.md +49 -0
  145. package/meta/ralph.md +223 -0
  146. package/meta/security.md +80 -0
  147. package/meta/versioning.md +326 -0
  148. package/package.json +22 -0
  149. package/packs/lessons/lessons-pack-0.1.json +553 -0
  150. package/packs/patterns/patterns-pack-0.1.json +57 -0
  151. package/packs/rules/rules-pack-0.1.json +4767 -0
  152. package/packs/skills/skills-pack-0.1.json +262 -0
  153. package/packs/strategies/strategies-pack-0.1.json +167 -0
  154. package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
  155. package/patterns/executor-layer-credentials.md +227 -0
  156. package/patterns/llm-app.md +156 -0
  157. package/patterns/multi-agent.md +278 -0
  158. package/patterns/prompt-assembly-layer-ordering.md +154 -0
  159. package/patterns/role-as-overlay.md +179 -0
  160. package/platforms/2600.md +137 -0
  161. package/platforms/unity.md +329 -0
  162. package/references/composer-skill-porting.md +152 -0
  163. package/references/cost-models.md +163 -0
  164. package/references/ip-risk.md +246 -0
  165. package/references/plain-english-ux.md +275 -0
  166. package/resilience/context-pruning.md +67 -0
  167. package/resilience/continue-here.md +62 -0
  168. package/scm/changelog.md +276 -0
  169. package/scm/git.md +139 -0
  170. package/scm/github.md +265 -0
  171. package/secrets/.gitkeep +0 -0
  172. package/skills/deft-build/SKILL.md +20 -0
  173. package/skills/deft-directive-article-review/SKILL.md +156 -0
  174. package/skills/deft-directive-build/SKILL.md +302 -0
  175. package/skills/deft-directive-cost/SKILL.md +201 -0
  176. package/skills/deft-directive-debug/SKILL.md +140 -0
  177. package/skills/deft-directive-decompose/SKILL.md +96 -0
  178. package/skills/deft-directive-gh-arch/SKILL.md +160 -0
  179. package/skills/deft-directive-gh-slice/SKILL.md +199 -0
  180. package/skills/deft-directive-glossary/SKILL.md +118 -0
  181. package/skills/deft-directive-interview/SKILL.md +528 -0
  182. package/skills/deft-directive-pre-pr/SKILL.md +131 -0
  183. package/skills/deft-directive-probe/SKILL.md +127 -0
  184. package/skills/deft-directive-refinement/SKILL.md +403 -0
  185. package/skills/deft-directive-release/SKILL.md +266 -0
  186. package/skills/deft-directive-review-cycle/SKILL.md +401 -0
  187. package/skills/deft-directive-setup/SKILL.md +717 -0
  188. package/skills/deft-directive-swarm/SKILL.md +989 -0
  189. package/skills/deft-directive-sync/SKILL.md +288 -0
  190. package/skills/deft-directive-triage/SKILL.md +137 -0
  191. package/skills/deft-directive-write-skill/SKILL.md +169 -0
  192. package/skills/deft-interview/SKILL.md +16 -0
  193. package/skills/deft-pre-pr/SKILL.md +16 -0
  194. package/skills/deft-review-cycle/SKILL.md +16 -0
  195. package/skills/deft-roadmap-refresh/SKILL.md +16 -0
  196. package/skills/deft-setup/SKILL.md +20 -0
  197. package/skills/deft-swarm/SKILL.md +16 -0
  198. package/skills/deft-sync/SKILL.md +16 -0
  199. package/strategies/README.md +83 -0
  200. package/strategies/artifact-guards.md +85 -0
  201. package/strategies/bdd.md +115 -0
  202. package/strategies/brownfield.md +7 -0
  203. package/strategies/discuss.md +129 -0
  204. package/strategies/emit-hints.md +69 -0
  205. package/strategies/enterprise.md +193 -0
  206. package/strategies/interview.md +551 -0
  207. package/strategies/map.md +179 -0
  208. package/strategies/probe.md +151 -0
  209. package/strategies/rapid.md +155 -0
  210. package/strategies/research.md +155 -0
  211. package/strategies/roadmap.md +9 -0
  212. package/strategies/speckit.md +437 -0
  213. package/strategies/v0-20-contract.md +134 -0
  214. package/strategies/yolo.md +169 -0
  215. package/swarm/swarm.md +300 -0
  216. package/templates/COST-ESTIMATE.md +114 -0
  217. package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
  218. package/templates/agent-prompt-preamble.md +409 -0
  219. package/templates/agents-entry.md +211 -0
  220. package/templates/agents-entry.placeholders.md +75 -0
  221. package/templates/embed.go +20 -0
  222. package/templates/embed_test.go +36 -0
  223. package/templates/make-spec-example.md +9 -0
  224. package/templates/make-spec.md +246 -0
  225. package/templates/project.md.template +52 -0
  226. package/templates/specification.md +1 -0
  227. package/templates/swarm-greptile-poller-prompt.md +556 -0
  228. package/templates/user.md.template +31 -0
  229. package/tools/RWLDL.md +80 -0
  230. package/tools/greptile.md +141 -0
  231. package/tools/installer.md +23 -0
  232. package/tools/taskfile-migration.md +32 -0
  233. package/tools/taskfile.md +185 -0
  234. package/tools/telemetry.md +285 -0
  235. package/vbrief/schemas/cache-meta.schema.json +137 -0
  236. package/vbrief/schemas/candidates.schema.json +130 -0
  237. package/vbrief/schemas/codebase-map.schema.json +213 -0
  238. package/vbrief/schemas/lessons-pack.schema.json +134 -0
  239. package/vbrief/schemas/patterns-pack.schema.json +84 -0
  240. package/vbrief/schemas/rules-pack.schema.json +105 -0
  241. package/vbrief/schemas/skills-pack.schema.json +94 -0
  242. package/vbrief/schemas/slices.schema.json +87 -0
  243. package/vbrief/schemas/strategies-pack.schema.json +89 -0
  244. package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
  245. package/vbrief/schemas/vbrief-core.schema.json +1022 -0
  246. package/vbrief/vbrief.md +684 -0
  247. package/verification/integration.md +76 -0
  248. package/verification/plan-checking.md +85 -0
  249. package/verification/uat.md +60 -0
  250. package/verification/verification.md +117 -0
@@ -0,0 +1,989 @@
1
+ ---
2
+ name: deft-directive-swarm
3
+ description: >-
4
+ Parallel local agent orchestration. Use when running multiple agents on
5
+ story-level vBRIEFs simultaneously — to scan active/ for allocatable work,
6
+ set up isolated worktrees, launch agents with proven prompts, monitor
7
+ progress, handle stalled review cycles, and close out PRs cleanly.
8
+ ---
9
+ <!-- AUTO-GENERATED by task packs:render -- DO NOT EDIT MANUALLY -->
10
+ <!-- Purpose: rendered skill -->
11
+ <!-- Source of truth: packs/skills/skills-pack-0.1.json -->
12
+ <!-- Regenerate with: task packs:render -->
13
+ <!-- Edit the source, not this file. Slice instead of loading every SKILL.md: task packs:slice skills by-trigger --trigger <kw> (or list) -->
14
+
15
+ # Deft Directive Swarm
16
+
17
+ Structured workflow for a monitor agent to orchestrate N parallel local agents working on story-level vBRIEFs from `vbrief/active/`.
18
+
19
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
20
+
21
+ **⚠️ See also**: [swarm.md](../../swarm/swarm.md) | [deft-directive-review-cycle](../deft-directive-review-cycle/SKILL.md)
22
+
23
+ ## Platform Requirements
24
+
25
+ ! This skill requires **GitHub** as the SCM platform and the **GitHub CLI (`gh`)** to be installed and authenticated. Issue fetching, PR creation, and post-merge verification all depend on `gh`.
26
+
27
+ ## Branch-Protection Policy Guard
28
+
29
+ ! Before any state mutation (creating worktrees, dispatching sub-agents, opening PRs), run the skill-level branch-policy guard documented in `scripts/policy.py` / `scripts/preflight_branch.py` (#746 / #747). Halt with the actionable disclosure message when the project's `plan.policy.allowDirectCommitsToMaster` is unresolvable AND `DEFT_ALLOW_DEFAULT_BRANCH_COMMIT` is unset:
30
+
31
+ ```
32
+ uv run python scripts/preflight_branch.py --project-root . --quiet || exit 1
33
+ ```
34
+
35
+ or invoke `task verify:branch`. The swarm skill creates branches per agent so the guard is mostly informational here, but a malformed PROJECT-DEFINITION (missing `plan.policy` block AND no legacy narrative) is a fail-closed signal worth surfacing before the swarm spawns N agents.
36
+
37
+ ## Deterministic Questions Contract
38
+
39
+ ! Every numbered-menu prompt rendered in this skill (Phase 0 Step 0 queue-driven promote prompts (#1142 / N2), Step 0.5 bridge approval gate, Step 5 final-approval gate, Phase 1 Step 3 file-overlap audit gate, Phase 5->6 ready-to-merge gate) MUST follow [`../../contracts/deterministic-questions.md`](../../contracts/deterministic-questions.md): render the canonical numbered menu in chat unless the host UI visibly preserves numeric option labels and returns numeric selections or exact displayed option text. The final two numbered options MUST be `Discuss` and `Back`, in that order. The Discuss-pause semantic is documented verbatim there -- on `Discuss` selection the agent MUST halt the in-progress sequence immediately, prompt `What would you like to discuss?`, and resume only on an explicit user signal. Implicit resumption is forbidden, and fallback chat replies MUST map only to the displayed number or exact displayed option text.
40
+
41
+ ## When to Use
42
+
43
+ - User says "run agents", "parallel agents", "swarm", or "launch N agents on stories"
44
+ - Multiple independent story-level vBRIEFs in `vbrief/active/` need to be worked on simultaneously
45
+ - A batch of stories are ready and have no mutual dependencies
46
+
47
+ ## Running Swarms in Grok Build / Non-Warp Environments
48
+
49
+ Minimal runtime contract for the Grok Build dispatch-provider path (one supported backend among several -- see Phase 3 Step 1b for provider-neutral heterogeneous routing):
50
+
51
+ - One isolated git worktree per agent (identical to the Warp path — see Phase 2)
52
+ - Workers launched via `spawn_subagent` dispatch (Phase 3 Step 2d)
53
+ - Monitor coordination via worktree-state polling (`git status`, `git log`) and `get_command_or_subagent_output`
54
+ - Review-cycle sub-agents spawned via `spawn_subagent` (not `start_agent`)
55
+
56
+ This path became first-class in #1342 (platform adapter slices 1-3) and is fully documented in Phase 3 Step 2d and Phase 4. Grok Build + Windows users should also see #1353 (§3.5 in `templates/agent-prompt-preamble.md`) for shell output capture limitations that affect `get_command_or_subagent_output` in PowerShell 5.1 contexts. Refs #1342, #1331.
57
+
58
+ ~ **Windows + Grok Build (#1353):** When issuing shell commands via `run_terminal_command` on this platform, avoid `|`, `>`, or `2>&1` in the command string — use Python `pathlib`/`subprocess` or plain `task` targets instead to avoid wrapper leakage. See `templates/agent-prompt-preamble.md` §3.5 for the full escape hatch list.
59
+
60
+ ## Prerequisites
61
+
62
+ - ! `vbrief/active/` contains one or more story-level vBRIEFs with status `running`
63
+ - ! GitHub CLI (`gh`) is authenticated
64
+ - ! `git` supports worktrees (`git worktree` available)
65
+ - ~ `oz` CLI available (for `oz agent run-cloud` cloud launch — see Phase 3 Step 2c)
66
+
67
+ ## Phase 0 — Allocate
68
+
69
+ ! Before assigning work to agents, build the cohort from the triage queue (queue-driven per #1142 / N2; see Step 0 below), then read project state and plan allocation against the activated cohort.
70
+
71
+ ### Headless cohort fast-path: low-ceremony launch (C1 / #1387)
72
+
73
+ ! When the operator supplies a **pre-approved cohort** via the **C1** `task swarm:launch` CLI, Phase 0 runs in headless / low-ceremony mode: the per-phase interactive approval gates (the Step 0c promote-fill prompts, the Step 0.5 lifecycle-bridge approval, and the Step 4/5 allocation approval) collapse into a SINGLE consent -- the `## Allocation context` token (#1378) carried in the dispatch envelope. The interactive promote-fill loop (Step 0a -- 0d below) is SKIPPED.
74
+ ! The **C1** signature is `task swarm:launch -- --stories <ids|paths> [--group <label>] [--worktree-map <path>] [--base-branch <branch>] [--autonomous]`. `--stories` names the pre-approved story ids or vBRIEF paths; `--group` is an optional cohort label; `--worktree-map` points at the pre-created **C3** worktree-map JSON consumed in Phase 2; `--base-branch` overrides the default `master`; `--autonomous` runs without the interactive launch confirmation.
75
+ ! The SINGLE consent is the #1378 `## Allocation context` token with `dispatch_kind: swarm-cohort` and a NON-NULL `allocation_plan_id` AND `batching_rationale` (the recognition contract in `templates/agent-prompt-preamble.md` § 2.5). That token IS the batched approval for the whole cohort -- the deterministic-question gates the interactive path runs (per [`../../contracts/deterministic-questions.md`](../../contracts/deterministic-questions.md)) are bypassed wholesale on the headless path, not asked once per phase.
76
+ ⊗ Re-prompt the operator for per-phase batching approval, or run the interactive promote-fill loop (Step 0a -- 0d), when a pre-approved cohort is supplied via `task swarm:launch` -- the headless path's single #1378 consent already authorizes the batch, and re-prompting mid-cohort violates the all-or-nothing dispatch-envelope rule (#954).
77
+ ? The interactive queue-driven path (Step 0 below) remains the DEFAULT when no pre-approved cohort is supplied; the headless fast-path is the opt-in low-ceremony route for a cohort the operator has already curated and approved upstream.
78
+
79
+ ### Step 0: Queue-driven cohort selection (#1142 / N2)
80
+
81
+ ! Phase 0 is queue-driven: consult the triage cache (D2 / #1122 + D11 / #1128) for the ranked promotion candidates, then fill the WIP cap. Do NOT pick the cohort by hand from `vbrief/pending/` or `vbrief/active/` -- the queue is the canonical record of "what's next?" per AGENTS.md `## Cache-as-authoritative work selection (#1149)`. The four sub-phases below run in canonical order; existing Step 0.5 (lifecycle bridge) and Steps 1-5 (readiness / blockers / allocation / present / approval) proceed unchanged after Phase 0d.
82
+
83
+ #### Phase 0a -- State overview via `task triage:summary` (D2 / #1122)
84
+
85
+ - ! Run `task triage:summary` to emit the current triage-cache one-liner (`[triage] N untriaged ... WIP X/Y [⚠]`). The monitor uses the result to:
86
+ - confirm the cache is fresh enough to act on (the D5 / #1127 `task verify:cache-fresh` warning is silent on a fresh cache; D2's one-liner is the human-readable parallel for the operator);
87
+ - read the current `pending/ + active/` count against the configured `wipCap` (default 10 per umbrella #1119 Current Shape v3, exposed via `plan.policy.wipCap`).
88
+ - ! If the summary reports an empty cache (no candidates ever ingested), surface the bootstrap remediation (`task triage:bootstrap` or the N3 / #1143 onboarding ritual `task triage:welcome`) and HALT Phase 0 -- there is no queue to drive cohort selection from.
89
+
90
+ ```pwsh path=null start=null
91
+ task triage:summary
92
+ # [triage] 12 untriaged · 3 in-flight · WIP 4/10
93
+ ```
94
+
95
+ #### Phase 0b -- Ranked candidates via `task triage:queue` (D11 / #1128)
96
+
97
+ - ! Run `task triage:queue --state=accept --limit=20` to surface the top-20 ranked promotion candidates. The queue is grouped (`[RESUME] -> [URGENT] -> untriaged -> other`) and ordered by `updated_at` within group (D11); the `--state=accept` filter restricts to issues whose latest triage decision is `accept` (the canonical "promote-ready" subset).
98
+ - ! Treat the queue as authoritative. Do NOT supplement the list with agent recall, open-GitHub-issue intuition, or memory of recent commits -- the queue is the rank; swarm does not re-rank.
99
+ - ! Present the candidate list to the operator as a numbered table (issue number, title, age in queue, top-line ranking rationale).
100
+
101
+ ```pwsh path=null start=null
102
+ task triage:queue --state=accept --limit=20
103
+ ```
104
+
105
+ #### Phase 0c -- Promote-fill-cap loop
106
+
107
+ ! While `pending/ + active/` count < `wipCap` AND the queue is non-empty, prompt the operator to promote the next ranked candidate to `vbrief/pending/`.
108
+
109
+ Loop body, per candidate (top-of-queue first):
110
+
111
+ 1. ! Render the next queue candidate with brief context (issue title, labels, top-1 ranking rationale).
112
+ 2. ! Prompt the operator: `Promote #<N> to vbrief/pending/? [yes/skip/stop]`. The final two numbered options remain `Discuss` and `Back` per [`../../contracts/deterministic-questions.md`](../../contracts/deterministic-questions.md).
113
+ 3. On `yes` -- promote via the canonical lifecycle verb:
114
+
115
+ ```pwsh path=null start=null
116
+ # D18 #1136 fallback: the eventual --from-issue=<N> shape is OPEN but not
117
+ # yet implemented. Until #1136 lands, the monitor resolves the candidate's
118
+ # vBRIEF file from the issue number (file lives in vbrief/proposed/ from a
119
+ # prior triage:accept step, D10 / #1129) and passes the path to
120
+ # `task scope:promote`. Same lifecycle command, just routed through the
121
+ # file path rather than the issue-number shortcut.
122
+ task scope:promote vbrief/proposed/<file>.vbrief.json
123
+ # TODO(#1136): when D18 ships, replace the two-step (resolve file from #N,
124
+ # then pass to `task scope:promote`) with the deterministic one-step
125
+ # `task scope:promote --from-issue=<N>` invocation. The integration point
126
+ # is this Phase 0c loop body; the operator-facing prompt collapses from
127
+ # "Promote #<N>? [resolved to <path>]" to "Promote #<N>?" with the path
128
+ # resolution done inside the task.
129
+ ```
130
+
131
+ Re-run `task triage:summary` (or read the post-promote count directly) to refresh the `pending/ + active/` total before the next loop iteration.
132
+ 4. On `skip` -- drop this candidate from the current session's cohort; it stays in the queue for the next session. Advance to the next ranked candidate.
133
+ 5. On `stop` -- exit the loop early; the partial cohort proceeds to Phase 0d.
134
+
135
+ ! **D18 #1136 integration point**: the eventual `task scope:promote --from-issue=<N>` shape (D18 / #1136) is OPEN but not yet implemented. When it lands, the prompt above will be replaced with a deterministic `task scope:promote --from-issue=<N>` invocation; the operator no longer needs to resolve the vBRIEF file path manually. Until then, the file-path fallback above is the canonical Phase 0c verb -- it is the same `task scope:promote` lifecycle command, just routed through the file path rather than the issue-number shortcut. Track via #1136.
136
+
137
+ ! **WIP-cap exit-clean prose**: When WIP cap is reached, swarm Phase 0 stops adding to the cohort and exits cleanly with a count of what was filled. Operator can demote (D1 / #1121, `task scope:demote <existing>` or `task scope:demote --batch --older-than-days 30`) to free slots or `--force` to override (the override is audit-logged as `wip_cap_override` in `vbrief/.eval/scope-lifecycle.jsonl` per D4 / #1124).
138
+
139
+ ! **Cohort recovery on cap-fill exit**: If the queue surfaces 10 candidates but the cap allows only 4 more slots, the unpicked 6 stay queued for the next session. No state is lost; the queue is the canonical record. The operator can free a slot via `task scope:demote <existing>` (D1 / #1121) before re-running Phase 0, or accept the smaller cohort for this session.
140
+
141
+ #### Phase 0d -- Cohort dispatch
142
+
143
+ - ! After the promote-fill loop exits (cap reached, queue empty, or operator `stop`), `vbrief/pending/` now holds the cohort. On the interactive path, Phase 0e below captures the intended sub-agent backend before Step 0.5 hardens lifecycle state. Then the existing Step 0.5 (Lifecycle Bridge -- Promote and Activate Proposed Scope vBRIEFs, #1025) moves the cohort `pending/ -> active/`, and Steps 1-5 (readiness report, blockers, allocation, present, approval) proceed against the activated set. Existing swarm Phase 1+ (Select, Setup, Launch, Monitor, Review, Close) proceeds unchanged.
144
+
145
+ #### Phase 0e -- Interactive sub-agent backend selection (#1568)
146
+
147
+ ! On the **interactive** swarm path, before Step 0.5 hardens lifecycle state and before any `task swarm:launch` / headless launch-manifest handoff is attempted, run `task policy:subagent-backends` and inspect `plan.policy.swarmSubagentBackend`.
148
+
149
+ ! If `plan.policy.swarmSubagentBackend` is unset, ask the operator which subagent backend they intend to use. This question captures operator preference; probe availability is supporting evidence only. Display all stable backend choices with their probed status, but do NOT rank the menu by availability and do NOT imply `cursor-cloud` is the default just because it is probe-available.
150
+
151
+ Render the backend-selection prompt as a deterministic numbered menu in chat (or via a host UI that visibly preserves the same numeric option labels and exact displayed option text) with `Discuss` and `Back` final per [`../../contracts/deterministic-questions.md`](../../contracts/deterministic-questions.md):
152
+
153
+ 1. Local Composer/Cursor subagents (`composer`) -- intended local Composer-class coding agents; probe status: `<available|unavailable|unknown>`.
154
+ 2. Cursor cloud agents (`cursor-cloud`) -- intended remote/cloud agents; probe status: `<available|unavailable|unknown>`.
155
+ 3. Grok Build subagents (`grok-build`) -- intended `spawn_subagent` workers; probe status: `<available|unavailable|unknown>`.
156
+ 4. Discuss
157
+ 5. Back
158
+
159
+ ! After the operator selects a backend, ask whether to persist it to project policy with `task policy:subagent-backend -- <id>` or record it as a per-run launch-context choice for this swarm only. Render the persistence/per-run follow-up as a deterministic numbered menu with `Discuss` and `Back` as the final two options:
160
+
161
+ 1. Persist backend to project policy with `task policy:subagent-backend -- <id>` -- use this backend for future swarms.
162
+ 2. Record backend as a per-run launch-context choice for this swarm only -- do not change project policy.
163
+ 3. Discuss
164
+ 4. Back
165
+
166
+ ! If the operator chooses a backend whose probe status is unavailable or unknown, surface the remediation or uncertainty for that backend (for example, switch runtime, enable `spawn_subagent`, inject cloud credentials, or rerun the probe in the target environment) and stop before launch planning unless the operator explicitly records a per-run launch-context choice for a later environment where that backend will be available or verifiable.
167
+
168
+ ⊗ Treat probe availability as operator intent. A single probe-available backend is not a recommendation, default, or consent token; the operator must choose the intended backend in the interactive path when policy is unset.
169
+
170
+ ⊗ Add an interactive prompt to the headless / autonomous `task swarm:launch` path. Autonomous/headless launch remains fail-closed when neither `plan.policy.swarmSubagentBackend` nor an explicit launch-context backend choice is present; `scripts/swarm_launch.py` is the guardrail, not a prompt surface.
171
+
172
+ #### Phase 0f -- Greenfield swarm-ready bootstrap (#1053)
173
+
174
+ ! Before allocation on a greenfield or just-setup project, run a **greenfield swarm-ready bootstrap** check that states project infrastructure is separate from machine-tool availability. A host may have `task`, `uv`, `python`, `gh`, and `git` installed (the #1187 machine-tool lane) while the project is still not swarm-ready.
175
+
176
+ ! Check the project infrastructure needed by swarm launch: a git repository, GitHub remote visibility for later PR handoff, Taskfile wiring for `task swarm:*` / lifecycle gates, install layout consistency between source and consumer projections, `.gitignore` coverage for `.deft-scratch/`, and scratch/worktree readiness under `.deft-scratch/worktrees/`.
177
+
178
+ ! When any required project infrastructure is missing, surface the exact remediation path and ask for explicit approval before creating or changing repo, remote, Taskfile, install layout, or gitignore state. Do not silently initialize a repository, add a remote, rewrite task includes, or create ignored scratch paths on the operator's behalf.
179
+
180
+ ! When all in-scope candidates are freshly setup-created candidates from the same setup session, present one explicit batch confirmation before promoting and activating the full set through Step 0.5. The confirmation must name the candidate list and the lifecycle transition (`proposed/` or `pending/` -> `active/`) so the setup handoff is swarm-ready without asking once per file.
181
+
182
+ ~ Setup-side handoff language SHOULD point here: after setup creates initial scope vBRIEFs, tell the operator that the swarm skill will verify or offer to create the remaining project infrastructure before allocation. #1187 remains the dependency for missing executable tools; #1053 owns the greenfield project-infrastructure bridge.
183
+
184
+ ⊗ Treat #1187 machine-tool success as proof that a greenfield project is swarm-ready -- repo, remote, Taskfile wiring, install layout, gitignore, and scratch/worktree readiness are separate checks (#1053).
185
+
186
+ #### Manual / GitHub-issue escape hatch
187
+
188
+ ? When the operator explicitly opts out of the queue (e.g. a one-off ad-hoc cohort that has not been ingested into the triage cache yet, or a swarm batch driven from a hand-supplied list of issue numbers), the monitor MAY fall back to the legacy GitHub-issue path:
189
+
190
+ 1. ! Fetch issue data: `gh api repos/<owner>/<repo>/issues/<N>` (REST per `templates/agent-prompt-preamble.md` § 5; never the GraphQL `gh issue view --json` surface).
191
+ 2. ! Generate a minimal vBRIEF in `vbrief/proposed/` following the `YYYY-MM-DD-descriptive-slug.vbrief.json` naming convention (slug rules: [`../../conventions/vbrief-filenames.md`](../../conventions/vbrief-filenames.md)) and conforming to the canonical v0.6 schema (`vbrief/schemas/vbrief-core.schema.json`, strict `const: "0.6"`; see [`../../conventions/references.md`](../../conventions/references.md)).
192
+ 3. ! Promote through the canonical lifecycle (`task scope:promote -- <path>` then `task scope:activate -- <path>`), respecting the WIP cap and the same `--force` audit-logged override semantics as the queue-driven loop.
193
+ 4. ! Surface the opt-out reason in the Step 4 (Present Analysis) summary so a reviewer can see WHY the queue was bypassed.
194
+
195
+ ⊗ Default to the manual escape hatch when the queue is non-empty -- the cache-as-authoritative directive (AGENTS.md `## Cache-as-authoritative work selection (#1149)`) requires consulting the queue first.
196
+
197
+ ### Step 0.5: Lifecycle Bridge -- Promote and Activate Proposed Scope vBRIEFs (#1025)
198
+
199
+ ! Before running the Step 1 preflight gate, scan `vbrief/proposed/` and `vbrief/pending/` for candidate scope vBRIEFs and bridge them to `vbrief/active/`. The deft-directive-setup skill Phase 3 (Output -- Light Path / Output -- Full Path) deposits new scope vBRIEFs in `vbrief/proposed/`; the deft-directive-refinement skill Phase 4 (Promote/Demote) deposits them in `vbrief/pending/`. The swarm Phase 0 Step 1 preflight gate (`task vbrief:preflight`) only accepts vBRIEFs in `vbrief/active/` with `plan.status == "running"`, so candidates in `proposed/` or `pending/` MUST be bridged through the canonical lifecycle (`proposed -> pending -> active`) before allocation. Without this bridge, the monitor discovers the gap at runtime as a wholesale preflight rejection (`Invalid transition: 'activate' requires file in pending/`), as in the originating 2026-05-10 first-session consumer swarm.
200
+
201
+ ! **Scan**: list every `*.vbrief.json` under `vbrief/proposed/` and `vbrief/pending/`. Cross-reference each candidate against the user's stated swarm scope (the issue numbers / vBRIEF filenames the user asked the monitor to swarm on). Candidates outside the stated scope MUST NOT be promoted or activated by this bridge -- they may be in a deliberate refinement queue owned by `skills/deft-directive-refinement/SKILL.md` Phase 4.
202
+
203
+ ! **Present**: render a numbered list of in-scope candidates to the user with their current lifecycle folder (`proposed/` vs `pending/`) and `plan.status`. Render the canonical numbered menu in chat unless the host UI visibly preserves the same numeric option labels and returns numeric selections or exact displayed option text. The final two numbered options MUST be `Discuss` and `Back` per [`../../contracts/deterministic-questions.md`](../../contracts/deterministic-questions.md).
204
+
205
+ ! **Approve**: wait for explicit user approval (`yes`, `confirmed`, `approve`) before any lifecycle mutation. Broad affirmative continuation phrases (`proceed`, `do it`, `go ahead`) are NOT authorisation -- the bridge MUST be explicitly confirmed because promoting + activating a scope vBRIEF is a lifecycle commitment that flips `plan.status` to `running` and clears the #810 implementation-intent gate for downstream agent dispatch.
206
+
207
+ ! **Bridge**: for each approved candidate, run the canonical lifecycle commands in order:
208
+
209
+ - For candidates in `vbrief/proposed/`: `task scope:promote -- <path>` (moves to `pending/`, status `pending`), THEN `task scope:activate -- <path-in-pending>` (moves to `active/`, status `running`).
210
+ - For candidates already in `vbrief/pending/`: `task scope:activate -- <path>` alone (moves to `active/`, status `running`).
211
+
212
+ Both commands are idempotent: a same-folder move with matching status is a no-op (see `scripts/scope_lifecycle.py`). If either command exits non-zero, surface the exit message verbatim, do NOT attempt to allocate against the failed candidate, and ask the user how to route.
213
+
214
+ ! **Verify**: re-run the scan and confirm each approved candidate now lives in `vbrief/active/` with `plan.status == "running"`. Only candidates that pass this verification advance to Step 1 (Read Project State); the rest stay surfaced as preflight rejections.
215
+
216
+ ⊗ Auto-promote + activate every candidate in `vbrief/proposed/` or `vbrief/pending/` without explicit user approval -- proposed-stage vBRIEFs may be in a deliberate refinement queue (`skills/deft-directive-refinement/SKILL.md` Phase 4) and silent promotion bypasses the user's lifecycle intent.
217
+
218
+ ⊗ Skip the lifecycle bridge and let the Step 1 preflight gate (`task vbrief:preflight`) reject the candidates wholesale -- the gate's exit message tells the user WHAT failed but not WHY the source folder was wrong; the bridge is the contract that prevents that confusion before it surfaces.
219
+
220
+ ⊗ Promote candidates outside the user's stated swarm scope. The bridge is scope-bounded by what the user asked the monitor to swarm on; out-of-scope candidates remain in `proposed/` / `pending/` for the refinement skill to own.
221
+
222
+ Cross-references:
223
+ - Setup-side deposit point: `skills/deft-directive-setup/SKILL.md` Phase 3 Output -- Light Path / Output -- Full Path (scope vBRIEFs land in `vbrief/proposed/`).
224
+ - Refinement-side deposit point: `skills/deft-directive-refinement/SKILL.md` Phase 4 -- Promote/Demote (lifecycle transitions via the same `task scope:promote` / `task scope:activate` surface).
225
+ - Underlying CLI: `scripts/scope_lifecycle.py` (the deterministic state machine; idempotent on same-folder moves; three-state exit 0 / 1 / 2).
226
+ - Recurrence record: issue #1025 (2026-05-10 first-session consumer tic-tac-toe swarm; monitor hit `Invalid transition: 'activate' requires file in pending/` on all four candidate vBRIEFs because they were still in `proposed/`).
227
+
228
+ ### Step 1: Read Project State and Readiness Report
229
+
230
+ - ! Scan `vbrief/active/` for candidate vBRIEFs (files matching `*.vbrief.json`)
231
+ - ! For each candidate vBRIEF, MUST run `task vbrief:preflight -- <path>` (the structural intent gate, #810; wraps `scripts/preflight_implementation.py` so the same invocation works whether deft is the project root or installed as a `deft/` subdirectory) to validate lifecycle eligibility before allocation work. Skip any vBRIEF that exits non-zero -- the helper's stderr message is the actionable redirect (`task vbrief:activate <path>`). Surface the exit message in the Phase 0 Step 4 analysis so the user can route the lifecycle move; do NOT attempt to allocate, dispatch, or implement against a vBRIEF that fails the preflight.
232
+ - ! Run `task swarm:readiness -- vbrief/active/*.vbrief.json` before any agent allocation. This deterministic report is the allocator's source of truth for ready stories, blocked stories, decomposition-needed epics/phases, dependency waves, conflict groups, file overlap matrix, and missing fields.
233
+ - ! Treat `plan.metadata.kind = "epic"` and `plan.metadata.kind = "phase"` as **needs decomposition**, not merely incomplete. Route broad scopes to `skills/deft-directive-decompose/SKILL.md` instead of assigning them to workers.
234
+ - ! Read only readiness-approved story fields for allocation: `plan.title`, `plan.status`, non-empty `plan.items`, `planRef`, `references`, `plan.metadata.kind`, and `plan.metadata.swarm`.
235
+ - ! Read `vbrief/PROJECT-DEFINITION.vbrief.json` for project-wide context (narratives, scope registry)
236
+ - ! Determine the base branch: ask the user which branch to target for worktree creation, PR targets, and rebase cascade (default: `master`). Record this as the **configured base branch** for all subsequent phases.
237
+ - ⊗ Spawn an implementation agent (via `start_agent`, `oz agent run`, Warp tab dispatch, or any other path) for a vBRIEF that has not passed `task vbrief:preflight` (which wraps `scripts/preflight_implementation.py`) -- the gate is the only authorization signal; affirmative continuation phrases and workflow-shape vocabulary are NOT (#810).
238
+ - ⊗ Allocate concurrent workers unless candidates are swarm-ready `kind=story` vBRIEFs with non-empty executable `plan.items` and `task swarm:readiness` exits 0.
239
+ - ⊗ Use manual file-overlap reasoning as the only safety check; use the readiness report first, then explain any additional human judgment.
240
+
241
+ ### Step 2: Surface Blockers
242
+
243
+ - ! Identify blocked vBRIEFs (status `blocked`) and their blocking reasons (check `narrative` fields)
244
+ - ! Identify vBRIEFs with incomplete acceptance criteria (no `plan.items` or empty items array)
245
+ - ! Identify epic/phase scope vBRIEFs from the readiness report and route them to decomposition
246
+ - ! Identify dependency conflicts between candidate vBRIEFs (e.g. story A depends on story B via `planRef` or `edges`, but B is assigned to a different agent or is incomplete)
247
+ - ! Flag any candidate vBRIEFs whose prerequisites are unmet
248
+
249
+ ### Step 3: Plan Allocation
250
+
251
+ ! The monitor allocates one or more vBRIEFs to each agent based on scope, complexity, and dependencies. There is no fixed per-agent limit.
252
+
253
+ - ! **Small/independent stories** can be batched to a single agent only after explicit operator approval or an approved allocation plan -- group related or low-complexity vBRIEFs together and record the batching rationale
254
+ - ! **Large/complex stories** get dedicated agents — a story with broad file scope or high acceptance criteria count should not share an agent
255
+ - ! **Dependency-aware grouping** — vBRIEFs that share `planRef` to the same epic or have `edges` between them should be assigned to the same agent when possible, OR sequenced with clear ordering
256
+ - ! The monitor decides allocation dynamically — no hardcoded 1:1 rule
257
+ - ! **WIP cap awareness (#1124 / D4 of #1119)** — the cohort + any bridge-promoted candidates (Step 0.5) MUST fit within `plan.policy.wipCap` (default 10 per umbrella #1119 Current Shape v3). When `pending/ + active/` count is at-or-above the cap, `task scope:promote` refuses with an error message naming `task scope:demote <existing>` and `task scope:demote --batch --older-than-days 30` as the relief valves. The monitor MUST drain the WIP set via `task scope:demote` (D1 / #1121) before promoting more candidates, OR open a per-promote `task scope:promote <file> --force` (audit-logged as `wip_cap_override` in `vbrief/.eval/scope-lifecycle.jsonl`) for the genuinely time-critical case. `task triage:summary` (D2 / #1122) surfaces the cap as `WIP X/Y` with a warning glyph when at-or-above cap.
258
+
259
+ ### Step 4: Present Analysis
260
+
261
+ ! Present a summary to the user containing:
262
+
263
+ - **Candidate vBRIEFs**: story-level vBRIEFs eligible for assignment (with titles, statuses, and origin references)
264
+ - **Readiness report**: ready stories, blocked stories, decomposition-needed epics/phases, dependency waves, conflict groups, file overlap matrix, and missing fields from `task swarm:readiness`.
265
+ - **Preflight rejections (#810)**: any vBRIEFs that failed `task vbrief:preflight` (wraps `scripts/preflight_implementation.py`) in Step 1 -- include the file path AND the helper's exit message verbatim so the user can route the appropriate `task vbrief:activate <path>` move. These vBRIEFs MUST NOT be allocated until they pass the preflight on a re-run.
266
+ - **Blockers found**: blocked vBRIEFs, unresolved dependencies, items requiring design decisions
267
+ - **Decomposition needed**: epic/phase scopes that must go through `skills/deft-directive-decompose/SKILL.md` before swarm allocation
268
+ - **Incomplete vBRIEFs**: stories with missing or empty acceptance criteria
269
+ - **Allocation plan**: which agent gets which vBRIEF(s), with reasoning for batching decisions; multi-story batching is allowed only after explicit operator approval or approval of this allocation plan
270
+ - **Tentative version bump**: current version (from CHANGELOG.md or latest git tag) and proposed next version (patch/minor/major) based on the scope and nature of candidate items — this is advisory and will be confirmed before merge cascade
271
+
272
+ ### Step 5: Get User Approval
273
+
274
+ - ! Wait for explicit user approval (`yes`, `confirmed`, `approve`) before proceeding to Phase 1 (Select)
275
+ - ! If the user requests changes to the allocation plan, re-analyze and re-present
276
+ - ⊗ Proceed to Phase 1 (Select) without completing the allocate phase and receiving explicit user approval
277
+
278
+ ## Phase 1 — Select
279
+
280
+ ! Finalize assignments from the allocation plan. Each agent gets a coherent set of related work.
281
+
282
+ ### Step 1: Confirm Candidates
283
+
284
+ - ! Use the allocation plan and vBRIEF analysis from Phase 0 as the starting point
285
+ - ! Re-read `vbrief/active/` only if Phase 0 was skipped (user override) or context was lost
286
+ - ! For each candidate vBRIEF, verify its `plan.status` is `running` (not `blocked` or `completed`)
287
+ - ! Exclude vBRIEFs that are blocked, have unresolved dependencies, or require design decisions
288
+
289
+ ### Step 2: File-Overlap Audit
290
+
291
+ ! Before assigning tasks to agents, start from the `task swarm:readiness` file-overlap matrix and conflict groups, then list every file each vBRIEF's acceptance criteria are expected to touch.
292
+
293
+ - ! Verify ZERO file overlap between agents — no two agents may modify the same file
294
+ - ! Check **transitive** file touches, not just primary scope — trace each vBRIEF's acceptance criteria to specific files. A task may require changes to files outside its obvious scope (e.g., an enforcement task adding an anti-pattern to a skill file owned by another agent).
295
+ - ! Shared files (CHANGELOG.md) are exceptions — each agent adds entries but does not edit existing content
296
+ - ! If overlap exists, reassign tasks until overlap is eliminated
297
+
298
+ ⊗ Proceed to Phase 2 while any file overlap exists between agents (excluding shared append-only files).
299
+ ⊗ Assume a task only touches files in its primary scope — always check acceptance criteria for cross-file requirements.
300
+
301
+ ### Step 3: Present Assignment
302
+
303
+ - ! Show the user: agent number, branch name, assigned vBRIEF(s) (with origin issue numbers), and files each agent will touch
304
+ - ~ Wait for user approval unless the user explicitly said to proceed autonomously
305
+
306
+ ## Phase 2 — Setup
307
+
308
+ ### Step 1: Create Worktrees
309
+
310
+ ! **Two modes (C3 / #1387):** Phase 2 either CONSUMES a **pre-created worktree map** (the headless path, when `task swarm:launch --worktree-map <path>` supplied one) or creates worktrees itself (the interactive path). Mode A is preferred whenever a map is present; Mode B is the default otherwise.
311
+
312
+ #### Mode A -- Pre-created worktree map (C3, headless via `--worktree-map`)
313
+
314
+ - ! When `task swarm:launch -- ... --worktree-map <path>` supplied a **pre-created worktree map** (**C3**), Phase 2 CONSUMES it instead of running `git worktree add` per agent. The C3 map is a JSON array of `{ "story_id": str, "worktree_path": str, "base_branch": str }`.
315
+ - ! The launch engine resolves the map via `resolve_worktree_map(mapping, base_branch, create_missing=True)` in `scripts/swarm_worktrees.py`, which returns normalized C3 records and RAISES on same-path collisions or base-branch mismatches. The monitor MUST surface any such raise verbatim and HALT setup -- a same-path collision means two agents would share one worktree (the Duplicate-Agent Failure Mode in Phase 4).
316
+ - ! Each resolved record's `worktree_path` and `base_branch` feed straight into Phase 3 dispatch and MUST match the **C2** launch-manifest's `worktree_path` / `branch` fields for the same `story_id`.
317
+
318
+ #### Mode B -- Monitor-created worktrees (interactive path)
319
+
320
+ For each agent, create an isolated git worktree:
321
+
322
+ ```
323
+ git worktree add <path> -b <branch-name> <configured-base-branch>
324
+ ```
325
+
326
+ - ! One worktree per agent under deterministic ignored scratch paths by default: `.deft-scratch/worktrees/<story-id>`. This matches the headless `task swarm:launch` default and keeps interactive swarms from cluttering sibling checkout directories in the user's projects folder.
327
+ - ! If the C2 launch manifest is present, use the launch manifest's resolved `worktree_path` for that story instead of inventing a new path.
328
+ - ? `%TEMP%` or another OS temp location is an explicit override only for throwaway CI or rehearsal runs. When using OS temp, say that the worktree may disappear with temp cleanup and is not the durable default.
329
+ - ! Branch naming: `agent<N>/<type>/<issue-numbers>-<short-description>` (e.g. `agent1/cleanup/31-50-23-strategy-consolidation`) — the agent number prefix aids traceability since GitHub PR numbers won't match agent numbers
330
+ - ! All worktrees branch from the same base (the configured base branch from Phase 0)
331
+
332
+ ### Step 2: Generate Prompt Files
333
+
334
+ ! Create a `launch-agent.ps1` (Windows) or `launch-agent.sh` (Unix) in each worktree using the Prompt Template below.
335
+
336
+ ~ Also prepare plain-text prompt versions for pasting into Warp agent chat or other terminal interfaces.
337
+
338
+ ## Phase 3 — Launch
339
+
340
+ ### Step 0: Populate the allocation-context consent token (#1378)
341
+
342
+ ! Before dispatching ANY worker prompt -- swarm cohort OR solo -- the dispatcher MUST populate a `## Allocation context` section (the frozen schema defined in `templates/agent-prompt-preamble.md`, Story A of #1378) in every launched agent's dispatch envelope. Populate all five fields in order: `dispatch_kind` (`solo` | `swarm-cohort`), `allocation_plan_id`, `batching_rationale`, `cohort_vbriefs`, and `operator_approval_evidence`.
343
+
344
+ - ! For a **swarm cohort**, set `dispatch_kind: swarm-cohort` with a non-null `allocation_plan_id` (the Phase 0 allocation-plan snapshot path or the monitor session id) AND a non-null `batching_rationale` (the one-line rationale from the Phase 0 Step 4 allocation plan), and list the full cohort in `cohort_vbriefs`. This is the structured consent token the worker's build-skill Step 0 recognizes mechanically (#1378 Story B), so the worker processes its cohort without re-prompting the parent for batching approval mid-cohort.
345
+ - ! For a **solo dispatch**, set `dispatch_kind: solo` and list the single assigned vBRIEF in `cohort_vbriefs`; `allocation_plan_id` and `batching_rationale` MAY be null. Populating the section even for solo dispatches keeps the recognition surface uniform across every launch path.
346
+
347
+ ⊗ Dispatch a worker prompt (cohort or solo) without a populated `## Allocation context` section -- an absent section forces the worker back onto the #1371 prose carve-out fallback and forfeits the deterministic consent-token recognition the structured section enables (#1378).
348
+
349
+ ### Step 0.5: Consume the launch-manifest before dispatch (headless path, C2 / #1387)
350
+
351
+ ! On the headless path, before dispatching ANY worker, the monitor consumes the **C2** launch-manifest emitted by `task swarm:launch` -- a JSON array of `{ "story_id": str, "vbrief_path": str, "worktree_path": str, "branch": str, "allocation_context": {...} }`, where each record's `allocation_context` is the #1378 token (its five fields `dispatch_kind`, `allocation_plan_id`, `batching_rationale`, `cohort_vbriefs`, `operator_approval_evidence`, per `templates/agent-prompt-preamble.md` § 2.5). Each record carries everything one worker dispatch needs.
352
+ ! On the headless path the manifest's per-record `allocation_context` already satisfies Step 0 above -- the consent token is pre-populated, so the monitor READS it from the manifest rather than re-assembling the `## Allocation context` section by hand.
353
+ ! **Manifest consumption is PREP ONLY.** It supplies the per-agent dispatch parameters (`worktree_path`, `branch`, `vbrief_path`, `allocation_context`); the spawn itself remains agent-driven via the runtime-detected launch path (Step 2a `start_agent` / Step 2d `spawn_subagent`). `task swarm:launch` emits the manifest and STOPS -- it does NOT spawn agents.
354
+ ⊗ Treat the C2 launch-manifest as the spawn itself -- it is dispatch-prep / handoff data, not an agent-launch primitive. The actual dispatch still goes through the platform adapter (Step 2a / 2d per the runtime detection below); the manifest replaces the manual per-agent parameter assembly, NOT the spawn primitive.
355
+ ? On the interactive path (no `task swarm:launch`, no manifest), the monitor assembles each dispatch's parameters from the Phase 1 assignment plus the Step 0 token by hand, as before.
356
+
357
+ ### Step 1: Runtime Capability Detection
358
+
359
+ ! Before selecting a launch method, probe the environment to determine the best available path.
360
+
361
+ 1. ! **Probe for `start_agent` tool** — check the available tool set for `start_agent` (or equivalent agent-orchestration tool). Its presence indicates a Warp environment with native orchestration support.
362
+ 2. ! **Probe for Warp environment** — if `start_agent` is not available, check for `WARP_*` environment variables (e.g. `WARP_TERMINAL_SESSION`, `WARP_IS_WARP_TERMINAL`). Their presence indicates Warp without orchestration.
363
+ 3. ! **Probe for `spawn_subagent` tool** — when neither `start_agent` nor `WARP_*` is present, check for `spawn_subagent` (Grok Build / non-Warp TUI launch adapter, #1342 slice 2). Its presence indicates the grok-build platform.
364
+ 4. ! **Select launch path automatically** based on detection results — do NOT present static options:
365
+ - **`start_agent` available** → Orchestrated launch (Step 2a) — preferred path, fully automated, no manual tab management
366
+ - **`start_agent` unavailable, Warp detected** → Interactive Warp tabs (Step 2b) — full MCP, global rules, warm index; requires manual tab management
367
+ - **`grok-build` (`spawn_subagent` available, no `start_agent`, no `WARP_*`)** → Grok Build launch (Step 2d) — first-class non-Warp path
368
+ - **No orchestration primitive detected** → `generic-terminal` degraded launch. Offer a **Serial self-execution downgrade** first: with explicit operator consent, the monitor may execute the prepared worker prompts itself one story at a time from the isolated worktrees. This preserves forward progress but is not true concurrent swarm execution.
369
+ 5. ! **Return a stable platform descriptor** for downstream phases — one of `warp-orchestrated` (start_agent available), `warp-manual` (Warp without start_agent), `grok-build` (spawn_subagent available, non-Warp), or `generic-terminal` (no orchestration primitives). The detection matrix MUST include explicit absence checks for `start_agent` and `WARP_*` so the four descriptors are unambiguous. Phase 4 monitoring and Phase 6 sub-agent dispatch read this stable platform descriptor as a single source of truth instead of re-running detection per call.
370
+ 6. ? **Cloud escape hatch** — use `oz agent run-cloud` (Step 2c) ONLY if the user explicitly requests cloud execution. Never default to cloud.
371
+
372
+ ! In `generic-terminal` mode, if the operator declines serial self-execution, the manual terminal prompt-paste fallback remains available: the user can paste each generated prompt into any terminal or agent interface with access to the matching worktree. Surface the tradeoff clearly: manual paste preserves user control but requires tab/process management and is still not automated orchestration.
373
+
374
+ ⊗ Do not describe this downgrade as a swarm, parallel execution, or concurrent orchestration. It is serial fallback execution: one story at a time, same gates, same isolated worktrees, lower coordination value (#1053).
375
+
376
+ ⊗ Present static launch options (A/B/C) instead of detecting capabilities at runtime.
377
+ ⊗ Offer Warp-specific launch paths (tabs, `start_agent`) when not running inside Warp — gate on `WARP_*` environment variables or `start_agent` tool presence.
378
+
379
+ ### Step 1a: Worker Runtime and GitHub Auth Preflight (#1557)
380
+
381
+ ! Before dispatching workers that will call `gh`, probe the **worker execution envelope** (not the parent monitor shell) for runtime mode and GitHub credential readiness. The read-only capability probe (`scripts/platform_capabilities.py`, #1557a) and auth validator (`scripts/github_auth_modes.py`, #1557b) MUST run from the same environment the worker will use.
382
+
383
+ 1. ! **Classify runtime mode** — run the capability probe from each worker worktree (or dispatch target):
384
+
385
+ ```pwsh path=null start=null
386
+ uv --project . run python scripts/platform_capabilities.py --json
387
+ ```
388
+
389
+ The probe returns one of:
390
+
391
+ - `local-unsandboxed` — interactive local shell without Cursor native sandbox
392
+ - `cursor-native-sandbox` — Cursor native sandbox; effective UID 0 inside the worker is a sandbox identity, not host root
393
+ - `cloud-headless` — cloud or headless agent runtime without local host context
394
+
395
+ 2. ! **Interpret Cursor sandbox UID remap** — when `sandbox_uid_remap` is true, effective UID 0 inside the worker is **remapped to the host user**, not real root. The probe sets `identity_kind` to `sandbox-remapped-local-user`. Do NOT present sandbox UID 0 or sandbox-root ownership as proof of host-root access — cwd ownership and `/proc/self/uid_map` are interpreted as a **sandbox view** of the host filesystem, not as the host running as root.
396
+
397
+ 3. ! **Validate GitHub auth from the worker environment** — run auth validation from the same envelope:
398
+
399
+ ```pwsh path=null start=null
400
+ uv --project . run python scripts/github_auth_modes.py --json
401
+ ```
402
+
403
+ Modes:
404
+
405
+ - `host-gh` (default for `local-unsandboxed` and `cursor-native-sandbox`) — requires `gh auth status` and a minimal GitHub API reachability check from the worker environment
406
+ - `injected-token` (default for `cloud-headless`) — requires `GH_TOKEN`, `GITHUB_TOKEN`, or `GH_ENTERPRISE_TOKEN`; **fails closed** with `missing_injected_token` when absent and never falls back to host `gh` credential store
407
+
408
+ 4. ! **Surface remediation when parent host auth works but worker auth fails** — a common failure mode is the parent shell passing `gh auth status` while the worker sandbox cannot authenticate or reach GitHub. When validation reports `gh_auth_failed`, `api_unreachable`, or `repo_access_denied` in `cursor-native-sandbox`, surface these remediation paths to the operator (token values MUST NOT enter prompts or transcripts):
409
+
410
+ - **Full-access execution** — run the GitHub step with full filesystem/network access so the worker shares the host `gh` credential store
411
+ - **Trusted `gh` command allowlisting** — allowlist the trusted `gh` command path for the worker sandbox
412
+ - **Injected-token handoff** — bind credentials at the invocation layer (`GH_TOKEN` / `GITHUB_TOKEN`) without pasting token values into dispatch envelopes
413
+
414
+ 5. ! **Cloud/headless injected-token failure** — when runtime mode is `cloud-headless` and no injected token is available, validation fails with `missing_injected_token`. Do NOT assume host `gh` state is visible to cloud workers; re-dispatch with injected-token handoff or switch to a local interactive runtime.
415
+
416
+ ⊗ Assume parent-shell `gh auth status` proves worker-environment readiness — always validate from the worker envelope (#1557).
417
+ ⊗ Present sandbox UID 0 or sandbox-root cwd ownership as host-root access — UID remap means sandbox identity is a view of the host user (#1557).
418
+ ⊗ Paste `GH_TOKEN` / `GITHUB_TOKEN` values into worker prompts or dispatch envelopes — use invocation-layer handoff only (#1557).
419
+
420
+ Cross-references: `scripts/platform_capabilities.py` (#1557a), `scripts/github_auth_modes.py` (#1557b), `tests/cli/test_platform_capabilities.py`, `tests/cli/test_github_auth_modes.py`, `docs/subagent-heartbeat.md` (runtime/auth troubleshooting). Refs #1557.
421
+
422
+ ### Step 1b: Provider-neutral sub-agent routing (#1531)
423
+
424
+ ! **Heterogeneous dispatch is provider-neutral.** Tiered / heterogeneous swarm topology is an opt-in extension of the platform adapter (#1342 / #1331), not a Grok Build-only path. When routing leaf workers, the monitor separates three concerns that MUST NOT be collapsed:
425
+
426
+ 1. **Dispatch provider** — the runtime primitive or adapter that launches the child worker (e.g. `spawn_subagent`, `start_agent`, Cursor Composer/task agents, cloud agents, or a future adapter).
427
+ 2. **Worker role** — what the child is permitted to do: leaf implementation, orchestrator/strategist, review-cycle monitor, conflict-resolution rebase, merge, or release gate. Role boundaries are load-bearing regardless of which dispatch provider is active.
428
+ 3. **Model or agent selection** — the operator or harness policy that maps role plus vBRIEF attributes to a concrete agent/model. deft stays model-agnostic at dispatch time; the harness or provider backend resolves the concrete model.
429
+
430
+ ! **Supported backend examples (none mandatory):** Composer-class coding agents, Grok Build `spawn_subagent` workers, Cursor/cloud agents, and future adapters are all first-class examples. No single backend is required — Grok Build is one implementation of provider-neutral routing, not the only target.
431
+
432
+ ~ **Policy surface (#1531a):** `plan.policy.swarmSubagentBackend` (set via `task policy:subagent-backend`) records the operator's preferred coding sub-agent provider for leaf workers; `task policy:subagent-backends` probes stable provider IDs and role capabilities. The policy complements — does not replace — per-dispatch provider selection at launch time.
433
+
434
+ ! **Operator model routing (#1739, supersedes the swarmSubagentBackend enum):** the concrete per-role model lives in the gitignored, per-machine `.deft/routing.local.json`, keyed by `(dispatch_provider, worker_role)`. Record a decision with `task swarm:routing-set -- --role <role> (--model <slug> | --harness-default)`. `task swarm:launch` resolves the active provider's route and stamps `resolved_model` + `model_source` into each C2 manifest record. When `resolved_model` is non-null, the monitor MUST pass it as the **model argument of the actual dispatch primitive** (e.g. the Task tool's `model` field for a Cursor sub-agent) — stamping the manifest is prep; a recorded model that never reaches the spawn call is the bug #1739 closes. Run `task verify:routing` before dispatching a cohort (pre-dispatch hard gate; fails when a dispatched role is undecided) and `task verify:routing -- --advise` at session start (non-blocking disclosure). For harness-bound providers (e.g. `grok`) only `--harness-default` is recordable and `resolved_model` stays null.
435
+
436
+ ! **Role boundaries for cheaper leaf agents:** Cheaper, high-context leaf agents are appropriate for **leaf implementation** work in isolated worktrees when vBRIEF scope is tight and gates (`task check`, Greptile review cycle) hold. The following roles MUST remain on strong, review-capable agents regardless of backend availability:
437
+
438
+ - orchestration and cohort monitoring (the monitor / strategist conversation)
439
+ - review-cycle decisions (fix-or-defer judgment, P0/P1 triage)
440
+ - conflict-resolution rebase during merge cascades
441
+ - merge cascade execution and protected-issue gates
442
+ - release gates (Phase 5->6 version bump approval, `task release` surfaces)
443
+
444
+ ⊗ Treat Grok Build `spawn_subagent` as the only supported sub-agent backend in swarm guidance — provider-neutral routing explicitly includes Composer-class coding agents, Cursor/cloud agents, and future adapters (#1531).
445
+ ⊗ Route orchestration, review-cycle decisions, conflict-resolution rebase, merge cascade, or release gates to cheaper leaf agents — irreversible-damage surfaces stay on strong/review-capable agents (#1531).
446
+
447
+ Cross-references: `scripts/policy.py` (`KNOWN_SUBAGENT_BACKEND_IDS`, `SWARM_WORKER_ROLES`), `templates/agent-prompt-preamble.md` (dispatch envelope metadata), `docs/the-harness-is-everything.md` (orchestrator -> commodity-coder layering). Refs #1531.
448
+
449
+
450
+ ### Orchestrator dispatch doctrine (#1880)
451
+
452
+ ! **Deliberate model routing before ANY dispatch:** Before launching ANY worker in this phase (cohort OR solo), run `task verify:routing` and resolve each `(dispatch_provider, worker_role)` via `task swarm:routing-set` / `.deft/routing.local.json`. Populate `## Worker metadata` per `templates/agent-prompt-preamble.md` §2.6 and pass `resolved_model` into the actual dispatch primitive when non-null. Never silently inherit the monitor's model. Deterministic gate enforcement is #1877; this rule is behavioral doctrine (#1880).
453
+
454
+ ! **Worker-owns-lifecycle (Gap C):** Every implementation-worker dispatch prompt MUST declare the unit-of-work boundary: `stop-at: pr-open` OR `drive-to: merge-ready` (default for story vBRIEF work). Workers scoped `drive-to: merge-ready` own pre-PR, push, PR open, Greptile review-cycle poll/fix, and the #1259 Step 6 fail-closed exit as ONE dispatch — they spawn their own review poller per `skills/deft-directive-review-cycle/SKILL.md` monitoring tiers. The monitor MUST NOT plan a separate post-PR review leaf for a worker already scoped merge-ready.
455
+
456
+ ! **Background / independent dispatch (Gap D):** Dispatch implementation, fix, and review-cycle workers independently / in the background when the platform supports it. On Cursor, use the Task tool background path (`run_in_background: true`) so the monitor conversation stays interactive. Foreground dispatch is for short tasks (<~3 min) only.
457
+
458
+ ⊗ Hand back at PR-open and re-dispatch separate review-monitor or fix leaf agents for a worker whose envelope scoped `drive-to: merge-ready` (#1880 Gap C).
459
+
460
+ ⊗ Foreground/blocking dispatch for long-running implementation, fix, or review-cycle workers when background dispatch is available (#1880 Gap D).
461
+
462
+ ### Step 2a: Orchestrated Launch (start_agent available)
463
+
464
+ ! When `start_agent` is detected in the tool set, use it directly to launch each agent.
465
+
466
+ - ! Launch one agent per worktree using `start_agent` with the generated prompt and worktree path as the working directory
467
+ - ! Agents inherit the current environment's MCP servers, Warp Drive rules, and codebase index — equivalent to interactive Warp tabs but without manual tab management
468
+ - ! No user intervention needed — launch is fully automated
469
+ - ~ This is the preferred path: richest context with zero manual overhead
470
+
471
+ ### Step 2b: Interactive Warp Tabs (start_agent unavailable, Warp detected)
472
+
473
+ ! When `start_agent` is not available but Warp is detected (via `WARP_*` environment variables), fall back to manual Warp tab launch — briefly note that orchestrated launch is not available in this session, then proceed with the tab instructions below.
474
+
475
+ ! **Warp tabs cannot be opened programmatically.** There is no API or CLI command to open a new Warp terminal tab from an agent or script.
476
+
477
+ Ask the user to open N new Warp terminal tabs. For each tab, the user:
478
+ 1. Navigates to the worktree: `cd <worktree>`
479
+ 2. Pastes the prompt directly into the **Warp agent chat input** (not the terminal)
480
+
481
+ **Context advantages of Warp tabs:**
482
+ - Global Warp Drive rules (personal rules auto-injected)
483
+ - MCP servers via UUID (GitHub, etc. — zero-config)
484
+ - Warp Drive notebooks, workflows, and other auto-injected context
485
+ - Warm codebase index from the active Warp session (no cold-start delay)
486
+ - Agent is interruptible and steerable mid-run
487
+
488
+ **Tradeoff:** Requires the user to manually open and manage one Warp tab per agent.
489
+
490
+ ? If not running inside Warp at all (no `WARP_*` variables, no `start_agent`), use the same tab approach but with any terminal emulator — the user pastes prompts into their preferred terminal or agent interface.
491
+
492
+ ### Step 2c: Cloud Agents (explicit user request only)
493
+
494
+ ! Use `oz agent run-cloud` ONLY when the user explicitly requests cloud execution. Never default to this path.
495
+
496
+ ```powershell
497
+ oz agent run-cloud --prompt "TASK: You must complete..."
498
+ ```
499
+
500
+ Agents execute on remote VMs without local MCP servers, codebase indexing, or Warp Drive rules. Agents MUST use `gh` CLI for GitHub operations. `AGENTS.md` is the only behavioral control surface.
501
+
502
+ **Tradeoff:** Fully automated with zero tab management, but context-starved — no MCP, no Warp Drive rules, no codebase indexing. Best for self-contained tasks that don't need rich local context.
503
+
504
+ ⊗ Default to cloud launch — it is an escape hatch, not a default path.
505
+ ⊗ Use `oz agent run-cloud` when the user expects local execution — `run-cloud` routes to remote VMs with no local context.
506
+
507
+ ### Step 2d: Grok Build Launch (spawn_subagent available)
508
+
509
+ ! When the platform descriptor is `grok-build` (spawn_subagent detected, no start_agent, no WARP_*), dispatch each worker via `spawn_subagent` with:
510
+ 1. The canonical `templates/agent-prompt-preamble.md` content as the preamble
511
+ 2. The standard worktree prompt (STEP 1-6 from the Prompt Template below), adapted to use `get_command_or_subagent_output` for polling rather than `start_agent` lifecycle events
512
+ 3. The worktree path set to the agent's isolated git worktree
513
+
514
+ ~ This is the first-class non-Warp path. Workers use worktree state polling (`git status`, `git log`) and `get_command_or_subagent_output` as their coordination channel instead of Warp tab state.
515
+
516
+ ## Phase 4 — Monitor
517
+
518
+ ### Polling Cadence
519
+
520
+ - ~ Check each agent's worktree every 2–3 minutes: `git status --short` and `git log --oneline -3`
521
+ - ~ After 5 minutes with no changes, check if the agent process is still running
522
+
523
+ ### Heartbeat liveness check (#1365)
524
+
525
+ ! On the Grok Build hybrid path (`spawn_subagent` dispatch, no native lifecycle channel back to the monitor), worktree git state alone is INSUFFICIENT to distinguish a healthy mid-poll sub-agent from a stalled one. Long-running review-cycle pollers spend most of their wall-clock waiting on Greptile and emit no commits during that wait -- the #1166 swarm session is the recurrence record (two of three dispatched pollers went silent with zero observable signals; the monitor could not tell).
526
+
527
+ ! The canonical alive-check on the Grok Build hybrid path is the heartbeat contract documented in `docs/subagent-heartbeat.md`. Every long-running sub-agent (pollers, watchdogs, implementation agents whose tool loop exceeds ~3 min) writes a JSON heartbeat to `.deft-scratch/subagent-status/<agent-id>.json` per the canonical poller template + agent preamble; the monitor reads those records via `scripts/subagent_monitor.py` (three-state exit 0 ok / 1 stale-or-malformed / 2 config error). Default threshold is 30 minutes; `--threshold-minutes` overrides.
528
+
529
+ ```pwsh path=null start=null
530
+ # Scan all worktrees in the cohort
531
+ uv --project . run python scripts/subagent_monitor.py \
532
+ --scratch-dir <worktree-1>/.deft-scratch/subagent-status \
533
+ --scratch-dir <worktree-2>/.deft-scratch/subagent-status
534
+ ```
535
+
536
+ ! Run the heartbeat sweep alongside the worktree git checks at every monitor polling iteration (~2-3 min). When a record is reported STALE (mid-flight, terminal_state unpopulated, age > threshold), treat it as a candidate for the Takeover Triggers below; when it is reported MALFORMED, surface the diagnostics to the user and re-dispatch the agent with a fresh prompt that re-establishes the heartbeat contract. A TERMINAL record (terminal_state set) is NEVER stale -- the agent reached its exit on its own terms.
537
+
538
+ ~ The heartbeat is filesystem-only by design; a network partition or rate-limit ceiling cannot mask agent liveness. Pair the on-disk sweep with the worktree git checks (`git status --short`, `git log --oneline -3`) and the per-PR readiness gate (`task pr:merge-ready`) for the full alive + progressing + clean picture.
539
+
540
+ ⊗ Spawn a replacement sub-agent for a worktree where the heartbeat record reports OK or TERMINAL -- the agent is alive (or finished cleanly) and a replacement would re-trigger the Duplicate-Agent Failure Mode below.
541
+
542
+ ⊗ Treat the absence of a `.deft-scratch/subagent-status/<agent-id>.json` record on the Grok Build hybrid path as "agent is alive but quiet" -- a sub-agent that never wrote a heartbeat is either pre-startup (acceptable for the first ~30s) OR violated the contract (treat as stalled and verify via worktree state before any replacement decision).
543
+
544
+ ### Checkpoints
545
+
546
+ Track each agent through these stages:
547
+
548
+ 1. **Reading** — agent is loading AGENTS.md, vBRIEF files, project files (no file changes yet)
549
+ 2. **Implementing** — working tree shows modified files
550
+ 3. **Validating** — agent running `task check`
551
+ 4. **Committed** — new commit(s) in `git log`
552
+ 5. **Pushed** — branch exists on `origin`
553
+ 6. **PR Created** — PR visible via `gh pr list --head <branch>`
554
+ 7. **Review Cycling** — additional commits after PR creation (Greptile fix rounds)
555
+
556
+ ### Takeover Triggers
557
+
558
+ ! **Pre-spawn verification:** Before spawning a replacement agent, verify the original is truly unresponsive by waiting for an idle/blocked lifecycle event — verified via worktree state (`git status`, `git log --oneline -3`) and sub-agent lifecycle signals showing no in-flight work (for grok-build / spawn_subagent agents: polling is via worktree state + `get_command_or_subagent_output` rather than tab observation). Do NOT spawn a replacement based solely on message timing, absence of recent commits, or a perceived delay — original agents (Warp tabs or spawn_subagent processes) can resume after apparent failure, and spawning a new agent creates two concurrent agents on the same worktree (see Duplicate-Tab Failure Mode below).
559
+
560
+ ! Take over an agent's workflow if ANY of these occur:
561
+
562
+ - Agent process has exited and PR has not been created
563
+ - Agent process has exited and Greptile review cycle was not started
564
+ - Agent is idle for >5 minutes after PR creation with no review activity
565
+ - Agent is stuck in an error loop (same error 3+ times)
566
+
567
+ When taking over: read the agent's current state (git log, diff, PR comments), complete remaining steps manually following the same deft process.
568
+
569
+ ### Duplicate-Agent Failure Mode (a.k.a. Duplicate-Tab Failure Mode)
570
+
571
+ ⚠️ **Root cause of #261 and #263 (generalized for #1342 slice 3):** This is the **Duplicate-Agent Failure Mode** -- it fires on every platform descriptor, not just Warp tabs. Original Warp agent tabs may resume after apparent failure (network hiccup, temporary Warp UI freeze, context window pressure); the same failure mode applies to `spawn_subagent`-launched grok-build sub-agents that appear stalled but later resume. If the monitor spawns a new agent for the same worktree, two concurrent agents execute on the same branch simultaneously. This corrupts the `tool_use`/`tool_result` message chain — both agents issue tool calls, but responses are interleaved unpredictably, causing one or both agents to act on stale or incorrect state.
572
+
573
+ **Recovery guidance:**
574
+ - ! Keep original agents active until their PR is merged — do not terminate agent processes that appear stalled (for Warp tabs: keep the tab open; for grok-build / spawn_subagent agents: verify via `get_command_or_subagent_output` before replacing)
575
+ - ! If an agent appears stalled, attempt to resume it in its original context (for Warp: go to the original Warp tab and say "continue from where you left off"; for grok-build: re-query via `get_command_or_subagent_output` or send a resume message) rather than spawning a replacement
576
+ - ! If the original agent is truly unrecoverable (Warp crash, tab closed, or spawn_subagent process terminated), only then create a new agent — and first verify the worktree state (`git status`, `git log`, `gh pr list`) to avoid conflicting with any in-flight work
577
+
578
+ ### Context-Length Warning
579
+
580
+ ! Long monitoring sessions accumulate large conversation history (hundreds of tool_use/tool_result pairs) and are susceptible to conversation corruption — the tool_use/tool_result mismatch observed in #263 occurred at approximately message 158 in a single monitor conversation. To mitigate:
581
+
582
+ - ! Offload rebase, review-watch, and merge sub-tasks to ephemeral sub-agents using the tiered approach from `skills/deft-directive-review-cycle/SKILL.md` (spawn via the platform adapter's dispatch primitive when available (e.g. `spawn_subagent` for Grok Build), discrete tool calls with yield otherwise) — this keeps the monitor conversation shallow
583
+ - ~ Target <100 tool-call round-trips in any single monitor conversation before considering a fresh session handoff
584
+ - ! If the monitor detects degraded output (repeated errors, inconsistent state references, tool call failures), stop and hand off to a fresh session with a state summary rather than continuing in a corrupted context
585
+
586
+ ## Phase 5 — Review & Complete
587
+
588
+ ### Verify Review Cycle Completion
589
+
590
+ For each agent's PR:
591
+
592
+ 1. ! Check that Greptile has reviewed the latest commit (compare "Last reviewed commit" SHA to branch HEAD)
593
+ 2. ! Verify Greptile confidence score > 3
594
+ 3. ! Verify no P0 or P1 issues remain (P2 are non-blocking style suggestions)
595
+ 4. ! **Worker-owns-lifecycle fallback (#1880):** Prefer workers scoped `drive-to: merge-ready` so this step is rare. When a worker exits at PR-open without reaching merge-ready, the monitor MAY run `skills/deft-directive-review-cycle/SKILL.md` itself or dispatch ONE review-cycle owner — but MUST NOT split review polling and fix batches across separate leaf agents for the same PR (#727 + #1880 Gap C).
596
+
597
+ ### Complete vBRIEFs
598
+
599
+ ! The cohort's story vBRIEFs are completed by the deterministic **cohort completion sweep** in Phase 6 (`task swarm:complete-cohort`, Phase 6 Step 1.5 below), which runs AFTER the merge cascade. Do NOT move story vBRIEFs out of `vbrief/active/` before their PRs merge — a pre-merge move creates premature state if the merge cascade fails. This section is where the monitor records, per story, what the post-merge sweep will finalize:
600
+
601
+ 1. ! For each story vBRIEF an agent's PR fully resolves, note that it is ready to complete (`vbrief/active/` -> `vbrief/completed/`, status `completed`). The underlying primitive is `task scope:complete <file>`; the Phase 6 sweep wraps it across the whole cohort so nothing is missed on the headless / multi-worker path.
602
+ 2. ! If a story carries a `planRef` to a parent epic, the sweep also completes that epic once ALL its children are settled — you do NOT reconcile epic parents by hand, and you do NOT manually repair parent/child references (the lifecycle helper keeps `task vbrief:validate` green via the #1485 / #1487 reference maintenance).
603
+
604
+ ⚠️ Both the vBRIEF lifecycle moves AND origin/issue closure happen in Phase 6 (after merge), not here — completing vBRIEFs or closing issues before merge creates premature state if the merge cascade fails.
605
+
606
+ ### Exit Condition
607
+
608
+ All PRs meet ALL of:
609
+ - Greptile confidence > 3
610
+ - No P0 or P1 issues remain (P2 issues are non-blocking style suggestions)
611
+ - `task check` passed (or equivalent validation completed)
612
+ - CHANGELOG entries present under `[Unreleased]`
613
+
614
+ ! **Mandatory cohort verifier (#1364):** After every poller (Phase 6 review-cycle sub-agent) reports back, the monitor MUST run `task swarm:verify-review-clean -- <pr-numbers...>` (script: `scripts/swarm_verify_review_clean.py`) and confirm exit 0 BEFORE evaluating the rest of the Exit Condition or surfacing the Phase 5 -> 6 gate. The verifier re-uses the Greptile rolling-summary parser from `scripts/pr_merge_readiness.py` so the per-PR merge gate and the cohort gate stay in lockstep (a parser fix lands in both surfaces at once). Exit codes: 0 (cohort CLEAN -- all PRs simultaneously have SHA match + confidence > 3 + zero P0/P1 + not errored on current HEAD); 1 (one or more PRs unclean with per-PR diagnostics -- re-dispatch the poller for the unclean PR or address findings, then re-run the verifier); 2 (config error -- empty cohort, malformed vBRIEF glob, gh missing). The verifier is the structural answer to the #1166 swarm execution recurrence where multiple pollers exited with `clean_gate_holdout=confidence` (confidence == 3) and the monitor still raised the Phase 5 -> 6 gate because the trigger keyed on "all pollers have reported back" rather than "every PR in the cohort is objectively CLEAN".
615
+
616
+ ! **Resilient long-running monitor (#1368):** When a Phase 5 monitor needs to wait on an in-flight PR for an extended window (cascade rebase + re-review, late Greptile pass, CI sweep), use `scripts/monitor_pr.py <N> --repo <owner>/<repo>` as the canonical wait-until-ready helper. The script loops `scripts/pr_merge_readiness.py` with adaptive cadence (~1m for the first 3 polls, ~3m next, ~5m thereafter), routes subprocess capture through `_safe_subprocess.run_text` (#1366), and tolerates layered fallback responses without going blind on a transient gh failure. Exit codes: 0 (PR reached primary/fallback1 CLEAN), 1 (poll cap reached -- escalate to operator), 2 (config error -- gh missing / invalid args), 3 (PR merged or closed out from under the monitor before reaching CLEAN). The helper writes one terse status line per poll to stderr so the orchestrator transcript shows progress; the final verdict (JSON when `--json` is passed) lands on stdout.
617
+
618
+ ! **Fallback-chain discriminator semantics (#1368):** `scripts/pr_merge_readiness.py --json` ALWAYS emits a `via` discriminator on every response. `via="primary"` and `via="fallback1"` are authoritative -- a `merge_ready: true` verdict on either is CLEAN. `via="fallback2"` is the coarse PR-view + check-run last-resort signal: it surfaces the PR's `state` / `merged` / `mergeable` / flattened check-run summary so a monitor can keep stepping forward through transient gh failures, but it is NEVER CLEAN -- the failure list carries the sentinel `"fallback2 is a coarse signal, not a CLEAN verdict ..."` and the merge cascade MUST keep waiting for a primary/fallback1 CLEAN. `via="error"` (every layer failed) is also non-CLEAN; the response carries `error` (one-line summary) + `partial_data` (per-layer diagnostics) so the monitor can step forward without blinding. Both `task swarm:verify-review-clean` and `task pr:merge-ready` treat fallback2 and error as merge-blocked.
619
+
620
+ ⊗ Surface or discuss the Phase 5 -> 6 merge cascade gate while `task swarm:verify-review-clean` has not yet exited 0 on the current cohort (#1364). Keying the transition on poller lifecycle completion alone -- i.e. treating "every poller sub-agent returned a terminal message" as sufficient -- is the exact recurrence pattern this rule closes. The verifier is the only authoritative cohort-level CLEAN signal; a poller's `clean_gate_holdout=confidence` / `clean_gate_holdout=has_blocking` / `clean_gate_holdout=sha_match` / `clean_gate_holdout=errored` exit IS a non-CLEAN report and MUST hold the gate even if every sub-agent has technically returned.
621
+
622
+ ⊗ Treat a `via="fallback2"` or `via="error"` response from `scripts/pr_merge_readiness.py` as CLEAN, regardless of the surrounding `merge_ready` field (#1368). Fallback2 is structurally never CLEAN -- the Greptile rolling-summary comment was unreachable on both the primary and fallback1 paths, so any merge taken on the basis of the coarse signal alone bypasses the SUCCESS-with-findings blind spot the per-PR gate was designed to close (#796 / #652). The merge cascade MUST keep waiting for a primary/fallback1 CLEAN.
623
+
624
+ ### Phase 5→6 Gate: Release Decision Checkpoint
625
+
626
+ ! Before proceeding to Phase 6 (Close), the monitor MUST present the proposed release scope and version bump to the user for confirmation.
627
+
628
+ ⊗ **Context-pressure bypass prohibition:** Even under long-context or time pressure (large conversation history, many tool calls, approaching context limits), this gate MUST NOT be bypassed. The Phase 5→6 gate is mandatory regardless of conversation length, elapsed time, or perceived urgency. If the monitor's context is degraded, hand off to a fresh session rather than skipping the gate.
629
+
630
+ 1. ! Present a summary containing:
631
+ - **PRs ready to merge**: list of PRs with titles, issue numbers, and current review status
632
+ - **Proposed version bump**: the tentative version from Phase 0 (patch/minor/major) with rationale — updated if scope changed during implementation
633
+ - **Release scope**: brief description of what this batch of changes represents
634
+ 2. ! **Merge-readiness checklist:** Before any `gh pr merge` call, the monitor MUST emit a structured checklist confirming each PR is merge-ready. For each PR, verify and explicitly confirm:
635
+ - Greptile confidence score > 3
636
+ - No P0 or P1 issues remaining
637
+ - `task check` passed on the branch
638
+ - CHANGELOG.md entry present under `[Unreleased]`
639
+ - Explicit user approval received for this merge cascade
640
+
641
+ ! **Cohort gate (#1364):** Before the merge-readiness checklist is even emitted, the monitor MUST have already passed `task swarm:verify-review-clean -- <pr-numbers...>` per the Phase 5 Exit Condition above. The cohort gate is the structural pre-condition for this entire Phase 5 -> 6 sequence -- without exit 0 on the verifier, the checklist below MUST NOT be presented to the user. The per-merge `task pr:merge-ready` gate below remains the merge-time freshness-window-atomic check; the cohort verifier is the once-after-pollers gate that gates the discussion at all.
642
+
643
+ ! **Programmatic gate:** Before each `gh pr merge` call, the monitor MUST run `task pr:merge-ready -- <N>` (script: `scripts/pr_merge_readiness.py`) and abort the cascade on non-zero exit. The Taskfile target parses the Greptile rolling-summary comment **body** (confidence, P0 / P1 badge counts, errored sentinel, HEAD-SHA freshness) -- not the GitHub CheckRun status. The CheckRun goes green when Greptile finishes its review pass, irrespective of findings; relying on it alone is the SUCCESS-with-findings blind spot that started the PR #652 incident merge cascade against `Confidence: 3/5 + 1×P1 + 2×P2`.
644
+
645
+ ! **Atomic gate (freshness window):** The monitor MUST invoke `task pr:merge-ready -- <N>` and `gh pr merge <N>` in the same shell call (e.g. `task pr:merge-ready -- <N> && gh pr merge <N> --squash --delete-branch --admin`) so no time elapses between verdict and merge. A readiness check more than ~60 seconds stale is a Mode-1 false-positive risk: in the elapsed window an unrelated commit may land on master, auto-rebase trigger a fresh Greptile pass, and the new pass surface a P1 the cached verdict did not see. Re-invoking the gate is cheap (single `gh api` call); the shell-`&&` chain makes the freshness window structurally enforceable rather than prose-trust.
646
+
647
+ ⊗ Merge on the basis of a SUCCESS Greptile CheckRun alone. The CheckRun signals review **completion**, not review **approval**. Parse the comment body (confidence + P0/P1 count) via `task pr:merge-ready -- <N>` before merging.
648
+
649
+ ⊗ Run `task pr:merge-ready -- <N>` upstream of `gh pr merge <N>` (e.g. as a separate batched check during cascade prep, then later run `gh pr merge` after intervening rebase / sub-agent dispatch / user discussion). Stale verdicts risk Mode-1 false positives -- always chain readiness and merge in the same shell call.
650
+ 3. ! Wait for explicit user approval (`yes`, `confirmed`, `approve`) before proceeding to Phase 6 merge cascade
651
+ 4. ! If the user requests changes (e.g. different version bump, defer a PR), adjust and re-present
652
+
653
+ ⊗ Begin merge cascade without presenting the version bump proposal and receiving explicit user approval.
654
+
655
+ ## Phase 6 — Close
656
+
657
+ ### Sub-Agent Role Separation (#727)
658
+
659
+ ! **Post-PR sub-agents are review-cycle agents (#727):** Sub-agents addressing review findings, waiting for re-review, and iterating to clean MUST embody `skills/deft-directive-review-cycle/SKILL.md` end-to-end as a single coherent role. Do NOT split the review-cycle into separate "poll" and "fix" agents -- pollers that spawn separate fix agents create cross-agent state-handoff hazards and double the chance of an agent exiting at the wrong lifecycle boundary.
660
+
661
+ ! **Sub-agents MUST emit a heartbeat (#1365):** every long-running review-cycle / poller sub-agent dispatched under Phase 6 MUST write a heartbeat record to `.deft-scratch/subagent-status/<agent-id>.json` per the contract in `docs/subagent-heartbeat.md`. The canonical poller template (`templates/swarm-greptile-poller-prompt.md` bounded poll loop) already encodes the per-iteration heartbeat write and the final terminal heartbeat, and the canonical orchestrator preamble (`templates/agent-prompt-preamble.md` § 10.5) restates the contract for any non-poller long-running sub-agent. The monitor watches via `scripts/subagent_monitor.py` -- see Phase 4 Heartbeat liveness check. Without the heartbeat, a `spawn_subagent`-dispatched poller that stalls is indistinguishable from a healthy mid-poll one (the #1166 recurrence).
662
+
663
+ ! **Post-PR monitoring runs in a fresh sub-agent (#727):** Post-PR monitoring (Greptile, CI checks, downloadCount drift, lifecycle events, etc.) MUST be done by spawning a fresh short-lived sub-agent via the platform adapter's dispatch primitive for the detected runtime (e.g. `spawn_subagent` when the Grok Build / non-Warp platform is active, `start_agent` for Warp-orchestrated environments). The parent yields with no tool calls and waits for the sub-agent's messages -- this preserves conversation steerability so the user can interrupt or redirect while the watch is pending. The platform adapter (introduced in slices 1-3 of #1342) supplies the appropriate async callback channel and spawn surface per the runtime capability detection matrix; every Taskfile / shell-sleep / `time.sleep` / synchronous tool-call alternative blocks the parent's turn for the duration of the watch.
664
+
665
+ ! **Canonical poller template (#727):** When delegating to a poller / review-cycle sub-agent, MUST use the canonical poller-prompt template at `templates/swarm-greptile-poller-prompt.md` with placeholders (`{pr_number}`, `{repo}`, `{poll_interval_seconds}`, `{poll_cap_minutes}`, `{parent_agent_id}`) filled in. Do NOT hand-author per-watch prompts -- the template encodes parsing fixes (markdown-link `Last reviewed commit:` regex, badge-based / negation-aware P0/P1 detection) that hand-authored variants have repeatedly missed (Agent D, post-#721 swarm; #727 comment 2).
666
+
667
+ ! **Destructive commands run alone (#727):** Sub-agent prompts MUST instruct the agent to run destructive commands (`rm`, `Remove-Item`, `del`, `git clean`, etc.) in their OWN shell call, never chained with non-destructive commands. Chaining poisons Warp's `is_risky` classification on the entire pipeline and forces manual approval on every otherwise-safe operation -- a multi-commit branch hits the user N times per agent.
668
+
669
+ ! **Commit-message temp file is leave-alone (#727):** When using the canonical PowerShell UTF-8-safe commit-message pattern (`create_file <tmp>` -> `git commit -F <tmp>`), MUST NOT clean up the temp file in the same shell call. Leave it orphaned -- worktree teardown or `git clean -fd` reclaims it. The two-step value (separate cleanup) is not worth the per-commit approval prompt the chained `rm` triggers.
670
+
671
+ ⊗ Run a poll loop in the parent's own turn (via `task`, shell sleep, `time.sleep`, or any synchronous tool call). The conversation must remain user-steerable while watches are pending.
672
+
673
+ ⊗ Bundle "watch for Greptile" / "monitor CI" instructions into an implementation agent's dispatch prompt (regardless of the platform adapter's spawn primitive) -- implementation agents exit at PR-open via the `succeeded` lifecycle, so any post-exit monitoring instruction is unreachable.
674
+
675
+ ⊗ Spawn a "pure poller" sub-agent for a PR that has likely findings. Pure pollers are appropriate ONLY when no fixes are expected (CI watch on known-good HEAD, post-merge state checks, lifecycle observers). Default for post-PR work is review-cycle, NOT poller.
676
+
677
+ ⊗ Chain `rm` (or any destructive command) with `git commit` / `git push` / any non-destructive command in a single shell pipeline.
678
+
679
+ ### Step 1: Merge
680
+
681
+ ! **Per-PR sub-agent identity gate:** Before acting on any PR (merge, force-push, status check), query the specific sub-agent responsible for that PR for live status. Do not infer a PR's status from a different agent's tab, from message timing, or from the absence of recent commits. If the responsible agent is unreachable, verify PR state directly via `gh pr view <number>` and `gh pr checks <number>` before proceeding.
682
+
683
+ ! **Idempotent pre-check pattern:** Before each action in the merge cascade, verify the current PR/branch state to ensure the action is still needed and safe to execute. Check: is this PR already merged (`gh pr view <number> --json state --jq .state`)? Is this branch already rebased onto the latest master? Has this issue already been closed? This makes recovery re-runs safe — a crash mid-cascade can resume from any point without duplicate actions or errors.
684
+
685
+ ! **Pre-merge protected-issue link inspection (Layer 3, #701):** Before any `gh pr merge` call where a referenced issue MUST remain OPEN (umbrella, anchor, follow-up tracker), inspect GitHub's persistent linked-issue list:
686
+
687
+ ```bash
688
+ gh pr view <N> --repo <owner/repo> --json closingIssuesReferences --jq '.closingIssuesReferences[].number'
689
+ ```
690
+
691
+ The optional `task pr:check-protected-issues -- <pr-number> --protected <N1,N2,...>` Taskfile target (`tasks/pr.yml`) wraps this inspection and exits non-zero if any protected issue is GitHub-side linked.
692
+
693
+ ! **Layer 0 (prevention) cross-reference (#737):** before reaching this Layer 3 recovery surface, the operator should already have run `task pr:check-closing-keywords -- --pr <N>` per `skills/deft-directive-pre-pr/SKILL.md` Phase 4 (Diff). Layer 0 scans the PR body + every commit message for closing-keyword tokens in negation / quotation / example / code-block contexts and refuses to push when findings surface; Layer 3 (this rule) is the persistent-link recovery for cases where Layer 0 was bypassed OR the link was attached via the Development sidebar. The two layers complement each other -- Layer 0 prevents the false-positive from being authored, Layer 3 catches the durable-link case Layer 0 cannot see.
694
+
695
+ If any protected (umbrella / staying-OPEN) issue number appears in the output, the link is persistent in GitHub's database from a prior PR body revision (or a manual sidebar attachment) and survives subsequent body edits; on squash merge, GitHub will close the issue regardless of the current PR body, commit messages, or explicit `--subject` / `--body-file` overrides. The merger MUST manually unlink via the PR's Development sidebar panel (web UI -> PR -> right-side Development section -> X next to the linked issue) before merging. The `gh` CLI does not expose a direct unlink mutation; the GraphQL surface (`disconnectPullRequestFromIssue` and friends) shifts over time -- the web UI is the reliable path. See `meta/lessons.md` `## GitHub Closing-Keyword False-Positive Layer 3` for the incident history (PR #700 closed #233; PR #401 closed #642).
696
+
697
+ ! **Merge authority:** Monitor proposes merge order and executes merges; user approves before the first merge. Do not merge without explicit user approval.
698
+
699
+ ! **Rebase cascade ownership:** Monitor owns rebase cascade sequencing. Swarm agents do not rebase -- by the time merges begin, swarm agents are idle or complete. The monitor fetches the updated configured base branch, rebases each remaining branch, resolves conflicts, and force-pushes.
700
+
701
+ ! **Read-back verification after conflict resolution:** After resolving any rebase conflict and BEFORE running `git add`, re-read the resolved file and verify structural integrity:
702
+ - ! No conflict markers remain (`<<<<<<<`, `=======`, `>>>>>>>`)
703
+ - ! No collapsed or missing lines (compare line count to pre-rebase version if feasible)
704
+ - ! No encoding artifacts (BOM injection, mojibake, replacement characters)
705
+ - ! For `CHANGELOG.md` `[Unreleased]`-section conflicts: the canonical resolution path is `task changelog:resolve-unreleased` (#911) -- it union-merges HEAD entries with branch entries, deduplicates by `(#NNN)` issue-number heuristic, and atomically writes back. Three-state exit (0 resolved / 1 unresolvable / 2 config error). The 2026-05-04 v0.25.1 cascade (PRs #909 -> #907 -> #908 -> #906) honoured the `edit_files` rule below but used a HEAD-take-and-discard pattern that silently dropped each rebasing branch's CHANGELOG entry on every cascade rebase (PR #908 lost #900's entry; PR #906 lost #901's). The helper closes that recurrence by codifying the union-merge pattern. **Manual fallback** (when the helper exits 1 -- e.g. nested markers, conflicts inside a released `## [0.X.Y]` section, or non-trivial structural conflicts the helper cannot mechanize): use `edit_files` over shell regex (`sed`, `Select-String -replace`) for resolution -- edit_files preserves encoding and provides exact match verification, while regex substitutions risk silent line collapse or encoding corruption. The manual path MUST still apply the union-merge pattern (keep ALL HEAD entries; prepend each branch entry whose `(#NNN)` set does not overlap an existing HEAD entry under the same `### subsection`), NOT the legacy HEAD-take-and-discard.
706
+ - ⊗ Run `git add` on a conflict-resolved file without first re-reading it and verifying structural integrity
707
+ - ⊗ Resolve a `CHANGELOG.md` `[Unreleased]` conflict by HEAD-take-and-discard (taking only the HEAD side of each conflict block and discarding the branch side). The rebasing branch's new CHANGELOG entry MUST land in the resolved file -- run `task changelog:resolve-unreleased` for the canonical union-merge, or apply the union-merge pattern manually when the helper cannot mechanize the conflict (#911)
708
+
709
+ ! **Non-interactive rebase:** Monitor MUST set `GIT_EDITOR=true` (Unix/WSL/Git Bash) or `$env:GIT_EDITOR="echo"` (Windows PowerShell) before running `git rebase --continue` during merge cascade to prevent the default editor from blocking the agent.
710
+
711
+ ! **Merge cascade warning:** Shared append-only files (CHANGELOG.md) cause merge conflicts when PRs are merged sequentially — each merge changes the insertion point, conflicting remaining PRs. Each conflict requires rebase → push → wait for checks (~3 min) + ~2-5 min Greptile re-review per rebase. Plan for N-1 rebase cycles × ~3 min CI + ~2-5 min Greptile re-review per rebase when merging N PRs.
712
+
713
+ ! **Greptile re-review on rebase force-push:** Force-pushing a rebased branch triggers a **full** Greptile re-review (not an incremental diff), even if the rebase introduced no logic changes. Expected latency is ~2-5 minutes per PR in the cascade. Factor this into merge sequencing.
714
+
715
+ ! **Autonomous re-review monitoring after force-push:** After each `--force-with-lease` push of a rebased branch in the cascade, the monitor MUST autonomously wait for the Greptile re-review to complete before proceeding to the next merge. Use the tiered monitoring approach defined in `skills/deft-directive-review-cycle/SKILL.md` Step 4 Review Monitoring (Approach 1: spawn sub-agent via the platform adapter's dispatch primitive (e.g. `spawn_subagent` or `start_agent`) to poll and report back; Approach 2 fallback: discrete `run_shell_command` wait-mode calls with yield between polls, adaptive cadence -- see deft-directive-review-cycle SKILL.md). Do NOT duplicate the full monitoring logic here -- follow the canonical skill.
716
+
717
+ ~ **Resilient wait-until-ready helper (#1368):** For the in-cascade wait between a force-push and the next merge, the canonical surface is `scripts/monitor_pr.py <N> --repo <owner>/<repo> --cap-minutes <M>`. It loops `scripts/pr_merge_readiness.py` with adaptive cadence (~1m -> 3m -> 5m), routes through `_safe_subprocess.run_text` (#1366), tolerates `via="fallback1"` / `via="fallback2"` / `via="error"` responses without blinding, and exits 0 only on a primary or fallback1 CLEAN (never fallback2 -- the coarse signal is a monitor heartbeat, not a merge gate). A `via="fallback2"` payload reporting `partial_data.merged == true` short-circuits the loop with exit code 3 (PR-TERMINAL) so a cascade can detect a sibling-merged-out-from-under-us state without burning the full cap. Use this in place of hand-rolled `time.sleep` polling loops in long-running cascade waits.
718
+
719
+ ! **Cascade automation surface (#1369):** The canonical one-verb compose-point for "wait until PR <N> is mergeable, then squash-merge with admin" is `task pr:wait-mergeable-and-merge -- <N> --repo <owner>/<repo>` (script: `scripts/pr_wait_mergeable.py`). The helper wraps `scripts/monitor_pr.py` (#1368) for the resilient wait loop and `scripts/pr_check_protected_issues.py` (#701) for the Layer-3 protected-issue link inspection AHEAD of any merge call, then invokes `gh pr merge <N> --squash --delete-branch --admin` only after the wait loop exits CLEAN on the current HEAD. Three-state exit (0 merged / 1 timeout-or-escalation / 2 config error) mirrors every other framework verb. Pass `--protected <issue-numbers>` for the Layer-3 chain when the PR is known to reference any umbrella / staying-OPEN issue -- the helper short-circuits with exit 1 BEFORE the merge call if a persistent `closingIssuesReferences` link is detected. The Wave-3 surface is the automated cascade wrapper; the per-PR atomic gate (`task pr:merge-ready -- <N> && gh pr merge <N>`) documented above remains the manual freshness-window-atomic check the monitor MUST use when running merges by hand. The two co-exist -- the cascade surface is the automation, the per-PR atomic gate is the manual fall-through. See AGENTS.md `## Cascade automation surface (#1369)`.
720
+
721
+ ⊗ Hand-roll a cascade `while ...; do task pr:merge-ready ...; done` shell loop (or equivalent ad-hoc Python monitor) when `task pr:wait-mergeable-and-merge` is available (#1369). The Wave-1+2 hardening (`_safe_subprocess.run_text` #1366, `pr_merge_readiness.py` layered fallbacks #1368, `monitor_pr.py` resilient wait loop #1368) is composed inside the helper; hand-rolled loops re-introduce the `head: None` / babysit-each-PR failure mode #1369 closes.
722
+
723
+ ! **Gate:** Do NOT proceed to the next merge in the cascade until the Greptile review for the rebased branch is current (pushed SHA matches "Last reviewed commit" SHA) AND the exit condition is met (confidence > 3, no P0/P1 issues remaining). A stale or in-progress review is not sufficient; an errored review is also not sufficient; follow the escalation procedure below.
724
+
725
+ ! **Greptile service errored state (#526):** If the Greptile comment on the current HEAD is the exact string "Greptile encountered an error while reviewing this PR", treat the review as errored (distinct from stale, in-progress, or ready). The GitHub CheckRun will read COMPLETED/NEUTRAL; do NOT interpret that as passing.
726
+
727
+ Retry ONCE via an `@greptileai review` comment with a 10-minute cap. If the retry also errors, escalate to the user with a three-way choice:
728
+
729
+ (a) wait longer (another ~15-20 min in case the service recovers);
730
+ (b) push an empty `chore: retrigger greptile` commit to force a fresh review pass;
731
+ (c) merge with documented override, where the rationale MUST be recorded in the merge commit body (not just the PR body) citing prior Greptile success on a pre-rebase SHA, CI/Go + CI/Python success on the current SHA, and the rebase being a pure conflict-resolution merge with no new business logic.
732
+
733
+ ⊗ Loop the monitor indefinitely on the errored state. The monitor MUST detect the "Greptile encountered an error" comment body and exit with an explicit `errored` report so the parent swarm monitor can route to the escalation procedure above.
734
+
735
+ ⊗ Merge on the basis of the NEUTRAL CheckRun alone -- the service-side failure is indistinguishable from a clean pass at the CheckRun level.
736
+
737
+ ! **Polling sub-agent contract for errored state (#526):** Short-lived polling sub-agents spawned under Phase 6 MUST detect the "Greptile encountered an error" comment body on the current HEAD and emit a distinct "PR #<N> Greptile errored" message back to the parent, rather than silently continuing to poll or timing out. Sub-agents MUST separately track "Greptile last-reviewed SHA" and "Greptile errored on current HEAD" so an errored state on the current HEAD is not masked by a successful review on a prior SHA.
738
+
739
+ ? **Rebase-only annotation:** If the force-push contains no logic changes (pure rebase onto updated master), the monitor MAY post a brief PR comment noting "rebase-only, no logic changes" to give Greptile context and help reviewers triage the re-review.
740
+
741
+ ~ To minimize cascades: rebase ALL remaining PRs onto latest master before starting any merges, then merge in rapid succession.
742
+
743
+ ~ **Parallel rebase + review monitoring (platform dispatch available):** When the platform adapter reports a dispatch primitive is available during the merge cascade, the monitor MAY launch parallel sub-agents to overlap rebase and review monitoring work. For example: while Greptile re-reviews PR #A after a rebase push, spawn a sub-agent to begin rebasing PR #B onto the latest master. Each sub-agent reports back via `send_message_to_agent` when its task (rebase complete, review passed) is done. This reduces total cascade wall-clock time from serial (rebase + review per PR) to overlapped. The gate remains: do NOT merge PR #B until its own Greptile review passes the exit condition.
744
+
745
+ - ! Undraft PRs: `gh pr ready <number> --repo <owner/repo>`
746
+ - ! Squash merge: `gh pr merge <number> --squash --delete-branch --admin` (if branch protection requires)
747
+ - ! Use descriptive squash subject: `type(scope): description (#issues)`
748
+ - ! After each merge, rebase remaining PRs onto the updated configured base branch before merging the next
749
+
750
+ ! **Post-merge protected-issue reopen sweep (Layer 3, #701):** After every squash-merge of a PR that referenced any umbrella / staying-OPEN issue (`Refs #N` with N a protected issue), verify each protected issue's post-merge state and reopen on regression:
751
+
752
+ ```bash
753
+ for n in <protected-issue-numbers>; do
754
+ state=$(gh issue view "$n" --json state --jq .state)
755
+ if [ "$state" != "OPEN" ]; then
756
+ gh issue reopen "$n" --comment "Reopened: closing-keyword Layer 3 false-positive on squash merge of PR #<N>; issue is umbrella for ongoing work. See #701."
757
+ fi
758
+ done
759
+ ```
760
+
761
+ This is defense in depth -- run it even when the pre-merge inspection above passed, because a sidebar-attached link not visible to a body scan, or a missed protected issue in the protected-issue list, can still slip through. The reopen comment MUST cite #701 and the PR that triggered the false-positive so future operators tracing the closed-then-reopened churn can find the root cause.
762
+
763
+ ### Step 1.5: Cohort Completion Sweep (#1487)
764
+
765
+ ! **REQUIRED.** Once the cohort's PRs are merged (Step 1 complete), the monitor MUST run the deterministic cohort completion sweep so the finished swarm leaves NO stranded vBRIEFs. This step closes the gap where a completed cohort left its story vBRIEFs in `vbrief/active/` and their decompose-created epic parents in `vbrief/pending/` -- nothing in the swarm flow swept them to `completed/` (observed in the 2026-06-03 swarm: after the cohort's PRs merged, the child story vBRIEFs stayed in `active/` and their epic parents stayed in `pending/`).
766
+
767
+ ```pwsh path=null start=null
768
+ # Sweep the whole cohort by glob (typical close-out)...
769
+ task swarm:complete-cohort -- --cohort 'vbrief/active/*.vbrief.json'
770
+ # ...or name the cohort's story vBRIEFs explicitly:
771
+ task swarm:complete-cohort -- vbrief/active/<story-a>.vbrief.json vbrief/active/<story-b>.vbrief.json
772
+ ```
773
+
774
+ What the sweep does (script: `scripts/swarm_complete_cohort.py`):
775
+
776
+ 1. ! **Stage 1 -- stories:** every cohort story vBRIEF still in `vbrief/active/` is completed (`active/` -> `completed/`, status `completed`). A story already terminal (`completed/` / `cancelled/`) is an idempotent no-op, so the sweep is safe to re-run.
777
+ 2. ! **Stage 2 -- epic parents:** each decompose-created epic parent is completed once ALL of its `x-vbrief/plan` children are settled (in `completed/` or `cancelled/`). A parent in `pending/` is bridged `activate` -> `complete`; a parent in `active/` is completed directly. The sweep iterates to a fixpoint, so nested decomposition (phase -> epic -> story) collapses bottom-up. A parent with even one still-active sibling outside the cohort is left untouched.
778
+ 3. ! **D4 stays green automatically:** every move routes through `scripts/scope_lifecycle.py`, which keeps the decomposed parent<->child references in sync on BOTH directions -- child moves update the parent's forward `x-vbrief/plan` reference (#1485) and parent moves update each child's `planRef` back-pointer (#1487). Do NOT hand-edit references to "fix" linkage; the helper already does it.
779
+ 4. ! After the sweep, the monitor MUST run `task vbrief:validate` and confirm it exits 0 (no D4 regressions). Exit codes for the sweep itself: 0 (sweep clean), 1 (one or more transitions failed -- per-item diagnostics printed), 2 (config error -- empty cohort or missing `vbrief/`).
780
+
781
+ ! **Interactive path:** the monitor runs `task swarm:complete-cohort` by hand (or `--dry-run` first to preview the planned transitions) once the merge cascade finishes, then runs `task vbrief:validate`.
782
+
783
+ ! **Headless / multi-worker path:** the cohort sweep is NOT optional here -- it is the structural fix for the #1487 recurrence where the multi-worker close-out never executed the per-cohort completion. The launching monitor (or the close-out automation that follows `task pr:wait-mergeable-and-merge`, #1369) MUST invoke `task swarm:complete-cohort -- --cohort '<cohort-glob>'` after the last cohort PR merges and MUST gate on its exit 0 plus a green `task vbrief:validate` before declaring the swarm closed. The `--json` flag emits a structured verdict for a parent monitor agent to consume.
784
+
785
+ ⊗ Declare a swarm closed while any cohort story vBRIEF remains in `vbrief/active/` or any fully-childless decompose-created epic parent remains in `vbrief/pending/` -- run `task swarm:complete-cohort` and confirm `task vbrief:validate` is green first (#1487).
786
+
787
+ ### Step 2: Close Issues and Update Origins
788
+
789
+ - ! Close resolved issues with a comment referencing the PR
790
+ - ~ Issues with "Closes #N" in PR body auto-close on squash merge
791
+ - ! After each squash merge, verify issues actually closed: `gh issue view <N> --json state --jq .state`. If not closed, close manually with a comment referencing the merged PR. Squash merge + closing keywords can silently fail to close issues (#167).
792
+ - ! For each completed vBRIEF: read its `references` array and update each origin:
793
+ - For `github-issue` references: verify the issue is closed (auto-close from PR body or Phase 6 Step 2 above); if not, close with `gh issue close <N> --comment "Completed in #<PR>"`
794
+ - For other reference types: document the completion as appropriate
795
+
796
+ ### Step 2b: Commit and Push the Post-Merge Lifecycle Record (#1358)
797
+
798
+ ! **REQUIRED.** After all cohort PRs have merged (Step 1) and the Cohort Completion Sweep (Step 1.5) has moved every finished story vBRIEF `vbrief/active/` -> `vbrief/completed/` (and bridged its epic parents), the monitor MUST commit and push those lifecycle moves so they become the **authoritative post-swarm lifecycle record** on the base branch. Without this step the moves sit uncommitted in the merger's worktree until an operator hand-runs `task scope:complete` and a `chore(vbrief)` commit by hand -- the exact manual closeout performed after the 2026-06-16 swarm (the #1358 recurrence this step closes).
799
+
800
+ The monitor MUST, from its OWN worktree and on the configured base branch:
801
+
802
+ 0. ! **Fast-forward the local base branch FIRST:** `git fetch origin && git merge --ff-only origin/<configured-base-branch>` (equivalently `git pull --ff-only origin <configured-base-branch>`). The merge cascade (Step 1) advanced the REMOTE base branch by N squash-merge commits, but the local base branch in this worktree has not yet been pulled (Step 3's canonical pull runs AFTER this step). Without this fast-forward the commit below is built on a stale base and the push in step 4 is rejected as non-fast-forward, stranding the agent. Doing the `--ff-only` sync first makes the subsequent commit + push fast-forward by construction; a non-fast-forward `--ff-only` failure here means an unexpected divergence -- stop and reconcile rather than force-push.
803
+ 1. ! Confirm the lifecycle moves are present (the Step 1.5 sweep already ran `task scope:complete <file>` per story, `active/` -> `completed/`). If the sweep was skipped, run `task swarm:complete-cohort` now -- do NOT hand-move vBRIEF files.
804
+ 2. ! Stage ALL lifecycle moves: `git add -A vbrief/` -- this captures both the `active/` deletions and the `completed/` additions, plus any parent/child `planRef` / `x-vbrief/plan` reference edits `scripts/scope_lifecycle.py` wrote during the sweep.
805
+ 3. ! Commit them in a SINGLE commit on the base branch: `git commit -m "chore(vbrief): complete <slugs> post-merge"`, where `<slugs>` enumerates the completed story vBRIEF slugs (or the cohort label) so the commit is self-describing.
806
+ 4. ! Push to origin: `git push origin <configured-base-branch>`. Because step 0 fast-forwarded the local base ahead of the commit, this push is a fast-forward and will not be rejected.
807
+
808
+ ! **Authoritative lifecycle record (#1358):** this commit is what keeps the release ceremony's vBRIEF-lifecycle-sync gate green. The release pipeline's deterministic gate (`scripts/release.py::check_vbrief_lifecycle_sync`) and the release skill's Phase 1 sync gate (`skills/deft-directive-release/SKILL.md` Phase 1 -- `task reconcile:issues -- --apply-lifecycle-fixes`) both refuse to cut a release while a closed-issue vBRIEF still sits outside `vbrief/completed/`. Committing the moves here, at swarm close-out, is the **prevention** so the next release does not have to reconcile drift the swarm itself created. If drift is nevertheless detected later, `task reconcile:issues -- --apply-lifecycle-fixes` (script: `scripts/reconcile_issues.py`) is the recovery path -- but the post-merge commit in this step is what stops the drift from being authored in the first place.
809
+
810
+ ⊗ Declare a swarm closed while the cohort's `active/` -> `completed/` lifecycle moves remain uncommitted in the merger's worktree -- an uncommitted lifecycle record is invisible to every other clone and re-surfaces as `check_vbrief_lifecycle_sync` drift at the next release (#1358). The Step 1.5 sweep moves the files; this step makes the move durable.
811
+
812
+ ### Step 3: Update Master
813
+
814
+ - ! Pull merged changes: `git pull origin <configured-base-branch>` from the merger's OWN worktree only.
815
+ - ⊗ Run `git checkout` (any branch) in a worktree the merging agent does not own. Post-merge `git pull origin <base-branch>` semantics MUST be performed via `git fetch origin <base-branch>` from the merger's own worktree, OR by leaving the master update entirely to the human operator. NEVER touch HEAD of a sibling worktree another agent is using.
816
+ - ! After a successful squash merge, the merger MAY remove its own worktree via `git worktree remove <path>` and delete the now-orphaned local feature branch via `git branch -D <branch>`. The merger MUST NOT alter any other worktree's HEAD or branch state.
817
+ - ! **Worktree-boundary discipline (#800, companion to #727):** the `⊗` rule above extends the same boundary discipline as the `### Sub-Agent Role Separation (#727)` companion rules earlier in Phase 6 -- #727 codifies sub-agent spawn shape; #800 codifies worktree HEAD operations. Recurrence record: PR #797 merge session (2026-05-01) -- Agent B (the merger) ran `cd C:\repos\Deft\directive; git checkout master --quiet` against Agent A's sibling worktree after merging its own PR; HEAD detached on Agent A's branch and was retroactively restored. No work was lost (Agent A had pushed) but recovery was incident-driven, not preventative.
818
+
819
+ ### Step 4: Clean Up
820
+
821
+ - ! Remove worktrees: `git worktree remove <path>`
822
+ - ! Delete local branches: `git branch -D <branch>`
823
+ - ~ Delete launch scripts if still present
824
+ - ? If worktree removal fails (locked files from open terminals), note for manual cleanup
825
+
826
+ ### Step 5: Generate Slack Release Announcement
827
+
828
+ ! After creating the GitHub release (or after the final merge if no formal release is created), generate a standard Slack announcement block and present it to the user for copy-paste into the team channel.
829
+
830
+ ! The announcement block MUST include all of the following fields:
831
+
832
+ ```
833
+ :rocket: *{Project Name} {version}* -- {release title}
834
+
835
+ *Summary*: {one-sentence description of the release scope}
836
+
837
+ *Key Changes*:
838
+ - {bullet per significant change, 3-5 items max}
839
+
840
+ *Stats*: {N} agents | ~{duration} elapsed | {N} PRs merged
841
+ *PRs*: {#PR1, #PR2, ...}
842
+ *Override merges*: {#PRX: <one-line rationale from merge commit body>, ...} -- omit this line only if no PR in the release used the Greptile-service-errored override path
843
+ *Release*: {GitHub release URL}
844
+ ```
845
+
846
+ - ! Populate version from the CHANGELOG promotion commit or git tag
847
+ - ! Populate release title from the CHANGELOG section heading or GitHub release title
848
+ - ! Key changes summarized from CHANGELOG `[Unreleased]` entries (not raw commit messages)
849
+ - ! Agent count and approximate duration from the swarm session (Phase 3 launch to Phase 6 close)
850
+ - ! PR numbers from the merged PRs in this swarm run
851
+ - ! **Override merges line (#526):** For any PR in the release that was merged via the Greptile-service-errored override path (Phase 6 Step 1 choice (c)), explicitly call it out in the announcement with the one-line rationale taken from the merge commit body so downstream readers of the release notes can trace the documented rationale. Detect override merges by scanning each merged PR's merge commit body for the override rationale footprint (prior Greptile success on a pre-rebase SHA + CI green on current SHA + pure conflict-resolution rebase). Omit the `*Override merges*` line only when no merged PR in this release used the override path.
852
+ - ~ **Cascade automation citation (#1369):** When the release used `task pr:wait-mergeable-and-merge` to drive the merge cascade (the canonical Wave-3 surface introduced by #1369), the operator MAY include a one-line announcement footnote -- e.g. `_Merge cascade automated via task pr:wait-mergeable-and-merge (#1369)._` -- so downstream readers of the release notes know the cascade ran through the deterministic three-state-exit surface rather than a hand-rolled monitor. The per-PR atomic gate (`task pr:merge-ready && gh pr merge`) remains the manual fall-through and does NOT need to be cited; only the automated cascade path warrants the explicit footnote.
853
+ - ! GitHub release URL from the `gh release create` output (or `gh release view --json url` if already created)
854
+ - ~ Present the block as a code-fenced snippet the user can copy directly
855
+ - ? If no formal GitHub release was created (e.g. user deferred), still generate the announcement with a placeholder URL and note that the release is pending
856
+
857
+ ## Crash Recovery
858
+
859
+ When a monitor session crashes or a new session must take over an in-progress swarm, follow these steps to safely reconstruct and continue.
860
+
861
+ ### Checkpoint Guidance
862
+
863
+ ! At each major Phase 6 milestone, record progress so a new session can reconstruct state:
864
+
865
+ - **PR merged** — note the PR number, merge commit SHA, and which issues it closes
866
+ - **Rebase done** — note which branches have been rebased onto the latest master
867
+ - **Review passed** — note which PRs have passed the Greptile exit condition post-rebase
868
+
869
+ ~ Use a brief structured note (in the conversation or a scratch file) after each milestone — this is the checkpoint a recovery session will read.
870
+
871
+ ### Recovery Steps
872
+
873
+ ! On a fresh session taking over a swarm, reconstruct the cascade state before taking any action:
874
+
875
+ 1. ! Run `gh pr list --repo <owner>/<repo> --state all` to see all PRs from the swarm (filter by branch prefix, e.g. `agent1/`, `agent2/`)
876
+ 2. ! For each PR, run `gh pr view <number> --json state,mergeCommit,headRefName,title` to determine:
877
+ - Is this PR already merged? (state = MERGED) → skip, move to issue verification
878
+ - Is this PR still open? → check if it needs rebase, re-review, or merge
879
+ - Is this PR closed without merge? → investigate (was it superseded?)
880
+ 3. ! For open PRs, check rebase status: `git --no-pager log --oneline <branch> ^origin/<configured-base-branch> -5` — if empty, the branch is already up-to-date with the configured base branch
881
+ 4. ! For open PRs, check review status: `gh pr checks <number>` and `gh pr view <number> --comments` to verify Greptile review state
882
+ 5. ! Resume the cascade from the first incomplete step — the idempotent pre-check pattern (see Step 1 above) ensures re-running any step on an already-completed PR is safe
883
+
884
+ ### Idempotent Safety
885
+
886
+ ! Every Phase 6 action MUST be safe to re-run:
887
+ - Merging an already-merged PR → `gh pr merge` will report "already merged" and exit cleanly
888
+ - Rebasing a branch already on latest configured base branch → rebase is a no-op
889
+ - Closing an already-closed issue → `gh issue close` will report "already closed"
890
+ - Force-pushing a branch that hasn't changed → push reports "Everything up-to-date"
891
+
892
+ ## Prompt Template
893
+
894
+ ! Use this template for all agent prompts. The first line MUST be an imperative task statement.
895
+
896
+ ```
897
+ TASK: You must complete N [type] fixes on this branch ([branch-name]) in the deft directive repo.
898
+ This is a git worktree. Do NOT just read files and stop — you must implement all changes,
899
+ run task check, commit, push, create a PR, and run the review cycle.
900
+ DO NOT STOP until all steps are complete.
901
+
902
+ STEP 1 — Read directives: Read AGENTS.md, vbrief/vbrief.md, and the assigned vBRIEF(s) from vbrief/active/.
903
+ Read skills/deft-directive-review-cycle/SKILL.md.
904
+
905
+ STEP 2 — Implement these N tasks (see assigned vBRIEF(s) for full acceptance criteria):
906
+
907
+ Task A (vBRIEF: [filename], issue #[N]): [one-paragraph description with specific acceptance criteria]
908
+
909
+ Task B (vBRIEF: [filename], issue #[N]): [one-paragraph description with specific acceptance criteria]
910
+
911
+ [...repeat for each task...]
912
+
913
+ STEP 3 — Validate: Run task check. Fix any failures.
914
+
915
+ STEP 4 — Commit: Add CHANGELOG.md entries under [Unreleased].
916
+ Commit with message: [type]([scope]): [description] — with bullet-point body.
917
+
918
+ STEP 5 — Push and PR: Push branch to origin. Create PR targeting <configured-base-branch> using gh CLI.
919
+ Note: --body-file must use a temp file in the OS temp directory ($env:TEMP on PowerShell,
920
+ $TMPDIR or /tmp on Unix) -- do NOT write temp files in the worktree. See scm/github.md.
921
+
922
+ STEP 6 — Review cycle: Follow skills/deft-directive-review-cycle/SKILL.md to run the
923
+ Greptile review cycle on the PR. Do NOT merge — leave for human review.
924
+
925
+ CONSTRAINTS:
926
+ - Do not touch [list files other agents are working on]
927
+ - New source files (scripts/, src/, cmd/, *.py, *.go) must have corresponding test files in the same PR
928
+ - Use conventional commits: type(scope): description
929
+ - Run task check before every commit
930
+ - Never force-push
931
+ ```
932
+
933
+ ### Template Rules
934
+
935
+ - ! First line MUST start with `TASK:` followed by an imperative statement
936
+ - ! Include `DO NOT STOP until all steps are complete` in the preamble
937
+ - ! Each task MUST include its vBRIEF filename and origin issue number
938
+ - ! CONSTRAINTS section MUST list files the agent must not touch (other agents' scope)
939
+ - ! Review cycle step MUST reference `skills/deft-directive-review-cycle/SKILL.md` explicitly
940
+ - ⊗ Start the prompt with context ("You are working in...") — agents treat this as passive setup and may stop after reading
941
+
942
+ ## Push Autonomy
943
+
944
+ ! Swarm agents operating under this skill with a monitor agent may push, create PRs, and run review cycles autonomously after passing `task check`. The global "never push/commit without explicit user instruction" convention does not apply to swarm agents executing the full STEP 1-6 prompt workflow -- the skill's quality gates (`task check`, Greptile review cycle) replace the interactive confirmation gate.
945
+
946
+ ## Anti-Patterns
947
+
948
+ - ⊗ Start prompts with context or description instead of an imperative TASK directive
949
+ - ⊗ Use `--mcp` with Warp MCP server UUIDs from standalone (non-Warp) terminals
950
+ - ⊗ Assign overlapping files to multiple agents
951
+ - ⊗ Merge PRs before Greptile exit condition is met (score > 3, no P0/P1)
952
+ - ⊗ Assume agents will complete the full workflow — always verify review cycle completion
953
+ - ⊗ Launch agents without checking vBRIEF acceptance criteria first
954
+ - ⊗ Skip the file-overlap audit in Phase 1
955
+ - ⊗ Use `git reset --hard` or force-push in any worktree (swarm agents only -- monitor may `--force-with-lease` after rebase cascade per Phase 6 Step 1)
956
+ - ⊗ Present static launch options (A/B/C) instead of detecting capabilities at runtime — always probe for `start_agent` and Warp environment variables before choosing a launch path
957
+ - ⊗ Offer Warp-specific launch paths (tabs, `start_agent`) when not running inside Warp — gate on `WARP_*` environment variables or `start_agent` tool presence
958
+ - ⊗ Default to `oz agent run-cloud` — cloud is an explicit user-requested escape hatch, not a default path
959
+ - ⊗ Use `oz agent run-cloud` when the user expects local execution — `run-cloud` routes to remote VMs with no local context
960
+ - ⊗ Proceed to Phase 1 (Select) without completing Phase 0 (Allocate) and receiving explicit user approval
961
+ - ⊗ Begin merge cascade without presenting the version bump proposal and receiving explicit user approval — the Phase 5→6 gate is mandatory
962
+ - ⊗ Ignore Greptile re-review latency when planning merge cascade timing -- each rebase force-push triggers a full re-review (~2-5 min), not an incremental diff
963
+ - ⊗ Proceed to the next merge in the rebase cascade before confirming the Greptile re-review is current (SHA match) and exit condition is met (confidence > 3, no P0/P1) on the rebased branch -- see `skills/deft-directive-review-cycle/SKILL.md` Step 4 for the monitoring approach
964
+ - ⊗ Spawn a replacement sub-agent without confirming the original is unresponsive via a lifecycle event (idle/blocked) — original agents (Warp tabs or Grok Build / spawn_subagent processes) can resume after apparent failure, and two concurrent agents on the same worktree will corrupt the tool_use/tool_result call chain (#261, #263)
965
+ - ⊗ Hardcode `start_agent` (or any single primitive) for Phase 6 review-cycle poller / post-PR sub-agent dispatch -- always delegate spawn to the platform adapter (per runtime detection from slices 1-3) so Grok Build / spawn_subagent and future platforms are first-class (#1342 Phase 6 unification)
966
+ - ⊗ Skip Phase 5 or the Phase 5→6 confirmation gate under time pressure or due to long context — the gate is mandatory regardless of conversation length, elapsed time, or context-window pressure
967
+ - ⊗ Run `git add` on a conflict-resolved file without re-reading and verifying structural integrity (no conflict markers, no collapsed lines, no encoding artifacts) -- see Phase 6 Step 1 read-back verification rule (#288)
968
+ - ⊗ Use shell regex (`sed`, `Select-String -replace`) to resolve `CHANGELOG.md` rebase conflicts -- prefer `task changelog:resolve-unreleased` (#911) for `[Unreleased]` conflicts; fall back to `edit_files` for encoding safety and exact match verification when the helper exits 1 (#288, #911)
969
+ - ⊗ Resolve a `CHANGELOG.md` `[Unreleased]` conflict by HEAD-take-and-discard -- the rebasing branch's new entry MUST land in the resolved file. Use `task changelog:resolve-unreleased` (#911) for the canonical union-merge or apply the union-merge pattern manually when the helper cannot mechanize the conflict
970
+ - ⊗ Hardcode a 1:1 vBRIEF-per-agent allocation rule — the monitor decides allocation dynamically based on scope, complexity, and dependencies
971
+ - ⊗ Complete a story without moving its vBRIEF from `active/` to `completed/` and updating its origin references
972
+ - ⊗ Declare a swarm closed without running the Phase 6 Step 1.5 cohort completion sweep (`task swarm:complete-cohort`) and confirming `task vbrief:validate` is green -- skipping it leaves the cohort's story vBRIEFs stranded in `active/` and their decompose-created epic parents stranded in `pending/`, the exact #1487 recurrence (the headless / multi-worker close-out is where the sweep was historically missed)
973
+ - ⊗ Declare a swarm closed while the cohort's `active/` -> `completed/` lifecycle moves remain uncommitted -- after the Step 1.5 sweep the monitor MUST commit them in a single `chore(vbrief): complete <slugs> post-merge` commit on the base branch and `git push origin <configured-base-branch>` (Phase 6 Step 2b). An uncommitted lifecycle record is invisible to every other clone and re-surfaces as `scripts/release.py::check_vbrief_lifecycle_sync` drift at the next release; the post-merge commit is the prevention, `task reconcile:issues -- --apply-lifecycle-fixes` is only the recovery (#1358)
974
+ - ⊗ Hardcode `master` as the base branch -- always use the configured base branch from Phase 0
975
+ - ⊗ Treat a Greptile GitHub CheckRun of COMPLETED/NEUTRAL as equivalent to a passing review without inspecting the comment body. NEUTRAL is the result both when Greptile intentionally has nothing to say AND when it errored out mid-review; the two cases require opposite responses (#526)
976
+ - ⊗ Loop the monitor indefinitely on the Greptile-service-errored state or time out silently at the poll cap -- detect the "Greptile encountered an error" comment body, retry once via `@greptileai review` with a 10-minute cap, and on second error escalate to the user with the three-way choice (wait / empty retrigger commit / documented override) per Phase 6 Step 1 (#526)
977
+ - ⊗ Merge a rebased PR on the basis of the NEUTRAL CheckRun alone when the Greptile comment body is the error sentinel -- the service-side failure is indistinguishable from a clean pass at the CheckRun level, and any merge taken must be recorded as a documented override in the merge commit body (#526)
978
+ - ⊗ Omit override-merged PRs from the Phase 6 Step 5 Slack release announcement -- any merge that used the Greptile-service-errored override path MUST be called out with its one-line rationale so downstream readers can trace the documented override trail (#526)
979
+ - ⊗ Run `gh pr merge` on a PR that has any protected (umbrella / staying-OPEN) issue listed in `gh pr view <N> --json closingIssuesReferences` -- the link is persistent in GitHub's database from a prior PR body revision (or sidebar attachment) and survives body edits, commit-message edits, and explicit `--subject` / `--body-file` overrides; manually unlink via the PR's Development sidebar panel before merging (Layer 3, #701)
980
+ - ⊗ Skip the post-merge protected-issue reopen sweep for any squash merge that referenced an umbrella / staying-OPEN issue -- defense in depth catches Layer 3 false-positives the pre-merge inspection missed (#701)
981
+ - ⊗ Merge on the basis of a SUCCESS Greptile CheckRun alone -- the CheckRun signals review **completion**, not review **approval** (PR #652 incident; symmetric blind spot to the NEUTRAL CheckRun #526 case). Always run `task pr:merge-ready -- <N>` before `gh pr merge` to parse the comment body for confidence + P0 / P1 findings
982
+ - ⊗ Run `git checkout` (any branch) -- including the brief `cd <other-worktree>; git checkout master --quiet` shape -- in a worktree the merging agent does not own during Phase 6 Step 3 (Update Master) or Step 4 (Clean Up). Post-merge state-update semantics MUST be performed via `git fetch origin <base-branch>` from the merger's OWN worktree, never by switching HEAD on a sibling worktree another agent is actively using. Recurrence record: PR #797 merge session (2026-05-01); companion to the Sub-Agent Role Separation rules (#727) -- this anti-pattern extends the same boundary discipline from sub-agent spawn shape to worktree HEAD operations (#800)
983
+ - ⊗ Skip the Phase 0 Step 0.5 lifecycle bridge (#1025) and let the Step 1 preflight gate reject candidate scope vBRIEFs wholesale. The setup skill deposits scope vBRIEFs in `vbrief/proposed/` and the refinement skill leaves them in `vbrief/pending/`; the swarm Phase 0 Step 1 preflight only accepts `vbrief/active/` with `plan.status == "running"`. The bridge step (`task scope:promote -- <path>` then `task scope:activate -- <path>`) is the contract that converts proposed/pending candidates to active before allocation -- bypassing it re-surfaces the originating 2026-05-10 first-session consumer-swarm failure mode (`Invalid transition: 'activate' requires file in pending/`)
984
+ - ⊗ Auto-promote + activate every candidate in `vbrief/proposed/` or `vbrief/pending/` during the Phase 0 Step 0.5 bridge without explicit user approval (#1025). Proposed-stage vBRIEFs may be in a deliberate refinement queue (`skills/deft-directive-refinement/SKILL.md` Phase 4); silent promotion bypasses the user's lifecycle intent and may flip `plan.status` to `running` on scopes the user has not yet refined. Broad affirmatives (`proceed`, `do it`, `go ahead`) do NOT satisfy the bridge approval gate -- require an explicit `yes` / `confirmed` / `approve`
985
+ - ⊗ Describe heterogeneous sub-agent routing as Grok Build-only — provider-neutral dispatch separates dispatch provider, worker role, and model or agent selection; Composer-class coding agents, Cursor/cloud agents, and future adapters are first-class backends alongside Grok Build `spawn_subagent` (#1531)
986
+ - ⊗ Assume parent-shell `gh auth status` proves a worker sandbox can authenticate or reach GitHub — always run `scripts/github_auth_modes.py` from the worker envelope and surface full-access execution, trusted `gh` allowlisting, or injected-token handoff when sandbox auth fails (#1557)
987
+ - ⊗ Present Cursor sandbox UID 0 or sandbox-root cwd ownership as host-root access — `sandbox_uid_remap` means the sandbox identity is remapped to the host user, not real root (#1557)
988
+ - ⊗ Fall through to the manual-terminal fallback (Step 2b) when spawn_subagent is available -- Step 2d is the first-class grok-build launch path; manual terminal is for environments with no orchestration primitive at all (#1331)
989
+ - ⊗ Surface, propose, or discuss the Phase 5 -> 6 merge cascade gate while `task swarm:verify-review-clean -- <pr-numbers...>` has not yet exited 0 on the current cohort (#1364). Keying the transition on poller lifecycle completion alone -- i.e. treating "every poller sub-agent returned a terminal message" as sufficient to surface the merge gate -- is the recurrence pattern from the #1166 swarm execution where multiple pollers exited with `clean_gate_holdout=confidence` (confidence == 3) and the monitor still raised the Phase 5 -> 6 gate. The cohort verifier is the only authoritative CLEAN signal at the cohort level; a poller's `clean_gate_holdout=*` exit IS a non-CLEAN report and MUST hold the gate even when every sub-agent has technically returned