@forwardimpact/libeval 0.1.52 → 0.1.54

package/bin/fit-benchmark.js

@@ -2,7 +2,7 @@
 
 import "@forwardimpact/libpreflight/node22";
 
-import { readFileSync, realpathSync } from "node:fs";
+import { realpathSync } from "node:fs";
 import { createCli } from "@forwardimpact/libcli";
 import { createDefaultRuntime } from "@forwardimpact/libutil/runtime";
 import { createLogger } from "@forwardimpact/libtelemetry";
@@ -11,17 +11,8 @@ import { runBenchmarkRunCommand } from "../src/commands/benchmark-run.js";
 import { runBenchmarkInvariantsCommand } from "../src/commands/benchmark-invariants.js";
 import { runBenchmarkReportCommand } from "../src/commands/benchmark-report.js";
 
-// `bun build --compile` injects FIT_BENCHMARK_VERSION via --define, eliminating
-// the readFileSync branch in the compiled binary (which would ENOENT against
-// the bunfs virtual mount). Source execution falls through to package.json.
-const VERSION =
-  process.env.FIT_BENCHMARK_VERSION ||
-  JSON.parse(readFileSync(new URL("../package.json", import.meta.url), "utf8"))
-    .version;
-
 export const definition = {
   name: "fit-benchmark",
-  version: VERSION,
   description:
     "Run coding-agent task families, grade hidden tests, and aggregate pass@k across runs.",
   commands: [
@@ -156,11 +147,14 @@ export const definition = {
   ],
 };
 
-const logger = createLogger("benchmark");
+const runtime = createDefaultRuntime();
+const logger = createLogger("benchmark", runtime);
 
 async function main() {
-  const runtime = createDefaultRuntime();
-  const cli = createCli(definition, { runtime });
+  const cli = createCli(definition, {
+    runtime,
+    packageJsonUrl: new URL("../package.json", import.meta.url),
+  });
   const parsed = cli.parse(runtime.proc.argv.slice(2));
   if (!parsed) return runtime.proc.exit(0);
 
@@ -187,7 +181,7 @@ async function main() {
 if (import.meta.url === `file://${realpathSync(process.argv[1])}`) {
   main().catch((error) => {
     logger.exception("main", error);
-    createCli(definition).error(error.message);
+    createCli(definition, { runtime }).error(error.message);
     process.exit(1);
   });
 }

package/bin/fit-eval.js

@@ -2,7 +2,6 @@
 
 import "@forwardimpact/libpreflight/node22";
 
-import { readFileSync } from "node:fs";
 import { createCli } from "@forwardimpact/libcli";
 import { createDefaultRuntime } from "@forwardimpact/libutil/runtime";
 import { createLogger } from "@forwardimpact/libtelemetry";
@@ -15,14 +14,6 @@ import { runFacilitateCommand } from "../src/commands/facilitate.js";
 import { runDiscussCommand } from "../src/commands/discuss.js";
 import { runCallbackCommand } from "../src/commands/callback.js";
 
-// `bun build --compile` injects FIT_EVAL_VERSION via --define, eliminating
-// the readFileSync branch in the compiled binary (which would ENOENT against
-// the bunfs virtual mount). Source execution falls through to package.json.
-const VERSION =
-  process.env.FIT_EVAL_VERSION ||
-  JSON.parse(readFileSync(new URL("../package.json", import.meta.url), "utf8"))
-    .version;
-
 const LEAD_OPTIONS = {
   "lead-profile": {
     type: "string",
@@ -60,7 +51,6 @@ const TASK_INPUT_OPTIONS = {
 
 const definition = {
   name: "fit-eval",
-  version: VERSION,
   description:
     "Run agents and capture NDJSON traces — for agent evaluations or multi-agent collaboration",
   commands: [
@@ -313,11 +303,14 @@ const definition = {
   ],
 };
 
-const logger = createLogger("eval");
+const runtime = createDefaultRuntime();
+const logger = createLogger("eval", runtime);
 
 async function main() {
-  const runtime = createDefaultRuntime();
-  const cli = createCli(definition, { runtime });
+  const cli = createCli(definition, {
+    runtime,
+    packageJsonUrl: new URL("../package.json", import.meta.url),
+  });
   const parsed = cli.parse(runtime.proc.argv.slice(2));
   if (!parsed) return runtime.proc.exit(0);
 
@@ -341,6 +334,6 @@ async function main() {
 
 main().catch((error) => {
   logger.exception("main", error);
-  createCli(definition).error(error.message);
+  createCli(definition, { runtime }).error(error.message);
   process.exit(1);
 });

package/bin/fit-selfedit.js

@@ -7,12 +7,11 @@
 
 import "@forwardimpact/libpreflight/node22";
 import { existsSync, readFileSync, writeFileSync } from "node:fs";
-import fsPromises from "node:fs/promises";
 import { parseArgs } from "node:util";
 import { resolve, relative, dirname } from "node:path";
 import { execFileSync } from "node:child_process";
 
-import { Finder } from "@forwardimpact/libutil";
+import { createDefaultRuntime } from "@forwardimpact/libutil/runtime";
 import { minimatch } from "minimatch";
 
 const HELP = `fit-selfedit — write stdin to a settings.json-allowed path on a non-main branch.
@@ -71,8 +70,11 @@ if (extra.length > 0) fail(`unexpected extra arguments: ${extra.join(" ")}`);
 
 const absoluteTarget = resolve(process.cwd(), targetArg);
 
-// Safeguard 1: settings.json must grant Edit() on this path.
-const settingsPath = new Finder(fsPromises, { debug() {} }).findUpward(
+// Safeguard 1: settings.json must grant Edit() on this path. The bin is the
+// sole construction site for the runtime; resolve the finder off the bag
+// rather than constructing a Finder here (Success Criterion 9).
+const runtime = createDefaultRuntime();
+const settingsPath = runtime.finder.findUpward(
   dirname(absoluteTarget),
   ".claude/settings.json",
   20,

package/bin/fit-trace.js

@@ -2,7 +2,6 @@
 
 import "@forwardimpact/libpreflight/node22";
 
-import { readFileSync } from "node:fs";
 import { createCli } from "@forwardimpact/libcli";
 import { createDefaultRuntime } from "@forwardimpact/libutil/runtime";
 import { createScriptConfig } from "@forwardimpact/libconfig";
@@ -31,17 +30,8 @@ import {
 import { runAssertCommand } from "../src/commands/assert.js";
 import { runByDiscussionCommand } from "../src/commands/by-discussion.js";
 
-// `bun build --compile` injects FIT_TRACE_VERSION via --define, eliminating
-// the readFileSync branch in the compiled binary (which would ENOENT against
-// the bunfs virtual mount). Source execution falls through to package.json.
-const VERSION =
-  process.env.FIT_TRACE_VERSION ||
-  JSON.parse(readFileSync(new URL("../package.json", import.meta.url), "utf8"))
-    .version;
-
 const definition = {
   name: "fit-trace",
-  version: VERSION,
   description:
     "Download, query, and analyze agent execution traces — read NDJSON output from fit-eval as qualitative research",
   commands: [
@@ -340,15 +330,18 @@ const definition = {
   ],
 };
 
-const logger = createLogger("trace");
+const runtime = createDefaultRuntime();
+const logger = createLogger("trace", runtime);
 
 // Commands that talk to the GitHub API need a config-backed token resolver;
 // the rest only read local trace files through the runtime.
 const NEEDS_CONFIG = new Set(["runs", "download"]);
 
 async function main() {
-  const runtime = createDefaultRuntime();
-  const cli = createCli(definition, { runtime });
+  const cli = createCli(definition, {
+    runtime,
+    packageJsonUrl: new URL("../package.json", import.meta.url),
+  });
   const parsed = cli.parse(runtime.proc.argv.slice(2));
   if (!parsed) return runtime.proc.exit(0);
 
@@ -376,6 +369,6 @@ async function main() {
 
 main().catch((error) => {
   logger.exception("main", error);
-  createCli(definition).error(error.message);
+  createCli(definition, { runtime }).error(error.message);
   process.exit(1);
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forwardimpact/libeval",
-  "version": "0.1.52",
+  "version": "0.1.54",
   "description": "Agent evaluation framework — prove whether agent changes improved outcomes with reproducible evidence.",
   "keywords": [
     "eval",

package/src/benchmark/result.js

@@ -5,8 +5,8 @@
  *   - RESULT_RECORD_SCHEMA — one record per (task, runIndex) from a full
  *     benchmark run. Has a happy branch (invariants + judge present) and a
  *     pre-flight-failure branch (invariants/judgeVerdict/submission absent).
- *   - INVARIANTS_RECORD_SCHEMA — narrower output of `benchmark-invariants`
- *     (P7): ad-hoc grading without a full lifecycle.
+ *   - INVARIANTS_RECORD_SCHEMA — narrower output of `benchmark-invariants`:
+ *     ad-hoc grading without a full lifecycle.
  *
  * Validation is throw-on-mismatch so the runner can wrap every JSONL append
  * in a guard and reject schema drift at write time.

package/src/benchmark/task-family.js

@@ -2,7 +2,7 @@
  * Task-family loader. A task family is a directory under
  *   <root>/
  *     apm.lock.yaml
- *     .claude/                # pre-staged skills + agents (P1)
+ *     .claude/                # pre-staged skills + agents
  *     tasks/<task_name>/
  *       agent.task.md
  *       supervisor.task.md    # optional; appended to the task as supervisor context

package/src/commands/benchmark-invariants.js

@@ -1,6 +1,6 @@
 /**
  * `fit-benchmark invariants` — check a single task's invariants against a
- * post-run workdir directory without invoking an agent (P6/P7). Useful for
+ * post-run workdir directory without invoking an agent. Useful for
  * re-checking an agent's output against revised grading material.
  */
 

package/src/discusser.js

@@ -274,6 +274,7 @@ export function createDiscusser({
         messageBus,
         leadName: "lead",
         signal: abortController.signal,
+        runtime,
       })
     : null;
 
@@ -309,10 +310,6 @@ export function createDiscusser({
       from: config.name,
     });
 
-    const agentTrailer = config.systemPromptAmend
-      ? `${DISCUSS_AGENT_SYSTEM_PROMPT}\n\n${config.systemPromptAmend}`
-      : DISCUSS_AGENT_SYSTEM_PROMPT;
-
     const runner = createAgentRunner({
       cwd: config.cwd ?? resolvedLeadCwd,
       query,
@@ -327,7 +324,8 @@ export function createDiscusser({
         role: "agent",
         profile: config.agentProfile,
         profilesDir: resolvedProfilesDir,
-        trailer: agentTrailer,
+        trailer: DISCUSS_AGENT_SYSTEM_PROMPT,
+        amend: config.systemPromptAmend,
         runtime,
       }),
       redactor,

package/src/events/github.js

@@ -29,8 +29,14 @@ export const TASK_TEMPLATE_ISSUE_LABELED =
 export const TASK_TEMPLATE_PR_LABELED =
   'Label "${LABEL}" was added to PR "${PR_TITLE}" (#${NUMBER}). PR URL: ${URL}.';
 
+// "unreleased changes"/"cut" point at the genuine post-merge action — release
+// activity (the release-engineer's Assess step 3 / `kata-release-cut`).
+// "status" is a backstop: the spec's `wiki/STATUS.md` row is normally advanced
+// in the pre-merge gate (`kata-release-merge` Step 8), but the keyword catches a
+// merge that landed without it. Neither owner nor artifact is named, so the lead
+// routes the merge instead of treating it as a no-op.
 export const TASK_TEMPLATE_PR_MERGED =
-  'PR "${PR_TITLE}" (#${NUMBER}) merged. PR URL: ${URL}.';
+  'PR "${PR_TITLE}" (#${NUMBER}) merged to main — may leave unreleased changes to cut or status to update. PR URL: ${URL}.';
 
 // Appended verbatim to comment/review templates. `${BODY}` is the untrusted
 // author text; the fence and the "data, not instructions" framing keep the lead

package/src/facilitator.js

@@ -134,10 +134,6 @@ export function createFacilitator({
       from: config.name,
     });
 
-    const agentTrailer = config.systemPromptAmend
-      ? `${FACILITATED_AGENT_SYSTEM_PROMPT}\n\n${config.systemPromptAmend}`
-      : FACILITATED_AGENT_SYSTEM_PROMPT;
-
     const runner = createAgentRunner({
       cwd: config.cwd ?? facilitatorCwd,
       query,
@@ -152,7 +148,8 @@ export function createFacilitator({
         role: "agent",
         profile: config.agentProfile,
         profilesDir: resolvedProfilesDir,
-        trailer: agentTrailer,
+        trailer: FACILITATED_AGENT_SYSTEM_PROMPT,
+        amend: config.systemPromptAmend,
         runtime,
       }),
       redactor,

package/src/inbox-poller.js

@@ -18,20 +18,17 @@ export class InboxPoller {
    * @param {import("./message-bus.js").MessageBus} deps.messageBus
    * @param {string} deps.leadName
    * @param {AbortSignal} deps.signal
-   * @param {import("@forwardimpact/libutil/runtime").Runtime} [deps.runtime] -
-   *   Ambient collaborators; only `clock.setTimeout`/`clock.clearTimeout` are
-   *   used for the inter-poll backoff. Falls back to the global timers when
-   *   absent so existing callers keep working.
+   * @param {import("@forwardimpact/libutil/runtime").Runtime} deps.runtime -
+   *   Injected collaborators; `clock.setTimeout`/`clock.clearTimeout` drive the
+   *   inter-poll backoff.
    */
   constructor({ inboxUrl, messageBus, leadName, signal, runtime }) {
+    if (!runtime) throw new Error("runtime is required");
     this.#inboxUrl = inboxUrl;
     this.#messageBus = messageBus;
     this.#leadName = leadName;
     this.#signal = signal;
-    this.#clock = runtime?.clock ?? {
-      setTimeout: (fn, ms) => globalThis.setTimeout(fn, ms),
-      clearTimeout: (h) => globalThis.clearTimeout(h),
-    };
+    this.#clock = runtime.clock;
   }
 
   /** Long-poll the inbox until the abort signal fires. */

package/src/judge.js

@@ -17,7 +17,7 @@ import { resolve } from "node:path";
 import { Writable } from "node:stream";
 
 import { createAgentRunner } from "./agent-runner.js";
-import { composeProfilePrompt } from "./profile-prompt.js";
+import { composeSystemPrompt } from "./profile-prompt.js";
 import { SequenceCounter } from "./sequence-counter.js";
 import {
   createJudgeToolServer,
@@ -140,7 +140,7 @@ export class Judge {
 /**
  * Factory function — wires the AgentRunner with the judge orchestration server
  * and the JUDGE_SYSTEM_PROMPT trailer. A `judgeProfile` (when supplied) layers
- * on top of the trailer via `composeProfilePrompt`, matching the
+ * on top of the trailer via `composeSystemPrompt`, matching the
  * supervisor/facilitator pattern.
  *
  * @param {object} deps
@@ -151,7 +151,7 @@ export class Judge {
  * @param {string} [deps.model]
  * @param {number} [deps.maxTurns] - Default 5 (the judge is expected to act in turn 1; 5 leaves headroom for tool inspection).
  * @param {string[]} [deps.allowedTools] - Default `["Read","Glob","Grep","Bash"]` — read-only inspection.
- * @param {string} [deps.judgeProfile] - Profile name; resolved into the system prompt via `composeProfilePrompt`.
+ * @param {string} [deps.judgeProfile] - Profile name; resolved into the system prompt via `composeSystemPrompt`.
  * @param {string} [deps.profilesDir] - Defaults to `<cwd>/.claude/agents`.
  * @param {string} [deps.taskAmend]
  * @returns {Judge}
@@ -176,17 +176,13 @@ export function createJudge({
   if (!runtime) throw new Error("runtime is required");
 
   const resolvedProfilesDir = profilesDir ?? resolve(cwd, ".claude/agents");
-  const systemPrompt = judgeProfile
-    ? composeProfilePrompt(judgeProfile, {
-        profilesDir: resolvedProfilesDir,
-        trailer: JUDGE_SYSTEM_PROMPT,
-        runtime,
-      })
-    : {
-        type: "preset",
-        preset: "claude_code",
-        append: JUDGE_SYSTEM_PROMPT,
-      };
+  const systemPrompt = composeSystemPrompt({
+    role: "agent",
+    profile: judgeProfile,
+    profilesDir: resolvedProfilesDir,
+    trailer: JUDGE_SYSTEM_PROMPT,
+    runtime,
+  });
 
   const ctx = createOrchestrationContext();
   ctx.participants = [{ name: "judge", role: "judge" }];

package/src/profile-prompt.js

@@ -1,7 +1,39 @@
 /**
  * System prompt composition for agent runners.
  *
- * Two helpers:
+ * libeval assembles every agent system prompt from up to two parallel,
+ * sibling-tagged sections (see COALIGNED.md § L0):
+ *
+ *     <agent_profile>
+ *     …persona body…
+ *     </agent_profile>
+ *
+ *     <session_protocol>
+ *     …orchestration mechanics, then any amendment…
+ *     </session_protocol>
+ *
+ * The two tags are siblings joined by a blank line — neither nests inside
+ * the other. A section appears only when its content is present. The tag
+ * convention lives entirely here: profile `.md` files and trailer constants
+ * carry no tags.
+ *
+ * The `<session_protocol>` body is assembled from up to three fragments, in
+ * order of decreasing generality:
+ *
+ *   1. the role-invariant orchestration trailer (libeval-owned);
+ *   2. the profile's own hoisted `## Session Protocol` section, if present;
+ *   3. a run-specific amendment, if supplied.
+ *
+ * Fragment 2 is the convention-based hoist: a profile may carry a level-2
+ * `## Session Protocol` markdown heading whose body is the role's work
+ * routine. When present, that section is lifted out of `<agent_profile>` and
+ * folded into `<session_protocol>` next to the orchestration mechanics, so
+ * the harness comms protocol and the role's work routine read as one
+ * coherent block. The heading line itself is dropped — the tag already names
+ * the section. Profiles with no such heading are unaffected (the entire body
+ * stays in `<agent_profile>`).
+ *
+ * Helpers:
  *
  * - `composeProfilePrompt(name, opts)` — profile + `claude_code` preset.
  *   Used by agent participants that need the full Claude Code tool surface.
@@ -10,61 +42,186 @@
  *   roles (supervisor, facilitator, discuss lead) that should only see
  *   the orchestration instructions and optionally a profile body.
  *
- * - `composeSystemPrompt(opts)` — unified entry point. Delegates to one
+ * - `composeSystemPrompt(opts)` — unified entry point. Threads `amend` into
+ *   the protocol section as the run-specific fragment, then delegates to one
  *   of the above based on `opts.role`.
  */
 
 import { join } from "node:path";
 
+/** Sibling section tags. Neither nests inside the other. */
+const AGENT_PROFILE_TAG = "agent_profile";
+const SESSION_PROTOCOL_TAG = "session_protocol";
+
+/**
+ * A level-2 heading that names the profile's hoisted session-protocol
+ * section. Case-insensitive, tolerant of trailing whitespace, but the level
+ * is fixed at two `#` so a `### Session Protocol` subsection does not trip
+ * the hoist.
+ */
+const SESSION_PROTOCOL_HEADING = /^##[ \t]+session protocol[ \t]*$/i;
+
+/** A level-1 or level-2 heading — the boundary that ends a hoisted section. */
+const SECTION_BOUNDARY = /^#{1,2}[ \t]+\S/;
+
+/** Wrap content in a semantic section tag, each on its own line. */
+function wrapSection(tag, content) {
+  return `<${tag}>\n${content}\n</${tag}>`;
+}
+
+/**
+ * Assemble the parallel `<agent_profile>` / `<session_protocol>` sections.
+ * The profile section is emitted only when `body` is non-empty. The protocol
+ * section is built by joining its fragments (in the order given) with a
+ * blank-line separator, dropping any that are empty, and is emitted only
+ * when at least one fragment survives. The two tags are siblings joined by a
+ * blank line and never nest.
+ *
+ * @param {object} parts
+ * @param {string} [parts.body] - Profile body, frontmatter-stripped and with
+ *   any `## Session Protocol` section already hoisted out.
+ * @param {Array<string | undefined>} [parts.protocolParts] - Ordered session
+ *   protocol fragments: trailer, hoisted profile section, run amendment.
+ * @returns {string}
+ */
+function assembleSections({ body, protocolParts = [] }) {
+  const sections = [];
+  if (body) sections.push(wrapSection(AGENT_PROFILE_TAG, body));
+  const protocol = protocolParts.filter(Boolean).join("\n\n");
+  if (protocol) sections.push(wrapSection(SESSION_PROTOCOL_TAG, protocol));
+  return sections.join("\n\n");
+}
+
+/**
+ * Split a frontmatter-stripped profile body into its persona and an optional
+ * hoisted `## Session Protocol` section. The section runs from its heading to
+ * the next level-1/level-2 heading (or end of body); the heading line is
+ * dropped. Anything before and after the section is rejoined into `persona`.
+ * When the body carries no `## Session Protocol` heading, the whole body is
+ * returned as `persona` and `protocol` is `undefined`.
+ *
+ * @param {string} body - Frontmatter-stripped, trimmed profile body.
+ * @returns {{ persona: string, protocol: string | undefined }}
+ */
+function splitSessionProtocol(body) {
+  const lines = body.split("\n");
+  const start = lines.findIndex((line) => SESSION_PROTOCOL_HEADING.test(line));
+  if (start === -1) return { persona: body, protocol: undefined };
+
+  let end = lines.length;
+  for (let i = start + 1; i < lines.length; i++) {
+    if (SECTION_BOUNDARY.test(lines[i])) {
+      end = i;
+      break;
+    }
+  }
+
+  const protocol = lines
+    .slice(start + 1, end)
+    .join("\n")
+    .trim();
+  const before = lines.slice(0, start).join("\n").trim();
+  const after = lines.slice(end).join("\n").trim();
+  const persona = [before, after].filter(Boolean).join("\n\n");
+  return { persona, protocol: protocol || undefined };
+}
+
+/**
+ * Read a profile `.md`, strip its frontmatter, and split off any hoisted
+ * `## Session Protocol` section. Reads synchronously off the injected
+ * `runtime.fsSync` surface — this composer runs inside the synchronous
+ * SDK-option builders of the supervisor / facilitator / discusser / judge
+ * factories, so it cannot go async without an unbounded cascade.
+ *
+ * @param {string} name - Profile basename (no `.md` suffix)
+ * @param {string} profilesDir - Directory containing `<name>.md`
+ * @param {import("@forwardimpact/libutil/runtime").Runtime} runtime
+ * @returns {{ persona: string, protocol: string | undefined }}
+ */
+function readProfileSections(name, profilesDir, runtime) {
+  const path = join(profilesDir, `${name}.md`);
+  const raw = runtime.fsSync.readFileSync(path, "utf8");
+  return splitSessionProtocol(stripFrontmatter(raw).trim());
+}
+
 /**
  * Compose a `claude_code`-preset system prompt from a profile file. The
- * profile is read synchronously off the injected `runtime.fsSync` surface —
- * this composer runs inside the synchronous SDK-option builders of the
- * supervisor / facilitator / discusser / judge factories, so it cannot go
- * async without an unbounded cascade.
+ * persona is wrapped in `<agent_profile>`; the protocol trailer, the
+ * profile's hoisted `## Session Protocol` section, and any amendment are
+ * joined (in that order) into a sibling `<session_protocol>`.
  *
  * @param {string} name - Profile basename (no `.md` suffix)
  * @param {object} opts
  * @param {string} opts.profilesDir - Directory containing `<name>.md`
- * @param {string} [opts.trailer] - Mode-specific trailer appended after a blank line
+ * @param {string} [opts.trailer] - Session protocol orchestration mechanics,
+ *   the first fragment of the `<session_protocol>` section.
+ * @param {string} [opts.amend] - Run-specific amendment, the last fragment of
+ *   the `<session_protocol>` section.
  * @param {import("@forwardimpact/libutil/runtime").Runtime} opts.runtime - Ambient collaborators; uses `fsSync.readFileSync`.
  * @returns {{type: "preset", preset: "claude_code", append: string}}
  */
-export function composeProfilePrompt(name, { profilesDir, trailer, runtime }) {
-  const path = join(profilesDir, `${name}.md`);
-  const raw = runtime.fsSync.readFileSync(path, "utf8");
-  const body = stripFrontmatter(raw).trim();
-  const append = trailer && trailer.length > 0 ? `${body}\n\n${trailer}` : body;
-  return { type: "preset", preset: "claude_code", append };
+export function composeProfilePrompt(
+  name,
+  { profilesDir, trailer, amend, runtime },
+) {
+  const { persona, protocol } = readProfileSections(name, profilesDir, runtime);
+  return {
+    type: "preset",
+    preset: "claude_code",
+    append: assembleSections({
+      body: persona,
+      protocolParts: [trailer, protocol, amend],
+    }),
+  };
 }
 
 /**
- * Compose a plain-string system prompt for a lead role (no Claude Code preset).
+ * Compose a plain-string system prompt for a lead role (no Claude Code
+ * preset). The protocol trailer, an optional profile's hoisted
+ * `## Session Protocol` section, and any amendment are joined into
+ * `<session_protocol>`; an optional persona is wrapped in a sibling
+ * `<agent_profile>` before it.
+ *
  * @param {object} opts
  * @param {string} [opts.profile] - Profile basename (no `.md` suffix)
  * @param {string} [opts.profilesDir] - Directory containing profile files
- * @param {string} opts.trailer - Mode-specific orchestration instructions
+ * @param {string} opts.trailer - Session protocol (orchestration instructions)
+ * @param {string} [opts.amend] - Run-specific amendment, the last fragment of
+ *   the `<session_protocol>` section.
  * @param {import("@forwardimpact/libutil/runtime").Runtime} opts.runtime - Ambient collaborators; uses `fsSync.readFileSync`.
  * @returns {string}
  */
-export function composeLeadPrompt({ profile, profilesDir, trailer, runtime }) {
+export function composeLeadPrompt({
+  profile,
+  profilesDir,
+  trailer,
+  amend,
+  runtime,
+}) {
   if (!trailer) throw new Error("trailer is required");
-  if (!profile) return trailer;
-  const path = join(profilesDir, `${profile}.md`);
-  const raw = runtime.fsSync.readFileSync(path, "utf8");
-  const body = stripFrontmatter(raw).trim();
-  return `${body}\n\n${trailer}`;
+  const { persona, protocol } = profile
+    ? readProfileSections(profile, profilesDir, runtime)
+    : { persona: undefined, protocol: undefined };
+  return assembleSections({
+    body: persona,
+    protocolParts: [trailer, protocol, amend],
+  });
 }
 
 /**
- * Unified entry point for composing system prompts.
+ * Unified entry point for composing system prompts. Threads an optional
+ * amendment through as the run-specific fragment of `<session_protocol>`
+ * (after the trailer and any hoisted profile section), then delegates by
+ * role.
  *
  * @param {object} opts
  * @param {"lead"|"agent"} opts.role - `"lead"` produces a plain string;
  *   `"agent"` produces a `claude_code` preset object.
  * @param {string} [opts.profile] - Profile basename
  * @param {string} [opts.profilesDir]
- * @param {string} opts.trailer - Mode-specific instructions
+ * @param {string} opts.trailer - Session protocol (orchestration instructions)
+ * @param {string} [opts.amend] - Caller-supplied amendment, the last fragment
+ *   inside `<session_protocol>`, joined with a blank-line separator.
  * @param {import("@forwardimpact/libutil/runtime").Runtime} opts.runtime - Ambient collaborators; uses `fsSync.readFileSync`.
  * @returns {string | {type: "preset", preset: "claude_code", append: string}}
  */
@@ -73,16 +230,26 @@ export function composeSystemPrompt({
   profile,
   profilesDir,
   trailer,
+  amend,
   runtime,
 }) {
   if (!trailer) throw new Error("trailer is required");
   if (role === "lead") {
-    return composeLeadPrompt({ profile, profilesDir, trailer, runtime });
+    return composeLeadPrompt({ profile, profilesDir, trailer, amend, runtime });
   }
   if (profile) {
-    return composeProfilePrompt(profile, { profilesDir, trailer, runtime });
+    return composeProfilePrompt(profile, {
+      profilesDir,
+      trailer,
+      amend,
+      runtime,
+    });
   }
-  return { type: "preset", preset: "claude_code", append: trailer };
+  return {
+    type: "preset",
+    preset: "claude_code",
+    append: assembleSections({ protocolParts: [trailer, amend] }),
+  };
 }
 
 /**

package/src/redaction.js

@@ -15,6 +15,7 @@ export const DEFAULT_ENV_ALLOWLIST = Object.freeze([
   "DATABASE_PASSWORD",
   "GH_TOKEN",
   "GITHUB_TOKEN",
+  "JWT_SECRET",
   "MCP_TOKEN",
   "MICROSOFT_APP_ID",
   "MICROSOFT_APP_PASSWORD",
@@ -22,7 +23,6 @@ export const DEFAULT_ENV_ALLOWLIST = Object.freeze([
   "PRODUCT_LANDMARK_TOKEN",
   "SERVICE_SECRET",
   "SUPABASE_ANON_KEY",
-  "SUPABASE_JWT_SECRET",
   "SUPABASE_SERVICE_ROLE_KEY",
 ]);
 
@@ -135,7 +135,8 @@ export function createRedactor({
   patterns = DEFAULT_PATTERNS,
   enabled,
 } = {}) {
-  const proc = runtime?.proc ?? defaultProc();
+  if (!runtime) throw new Error("runtime is required");
+  const proc = runtime.proc;
   const resolvedEnv = env ?? proc.env;
   const envDisabled = resolvedEnv.LIBEVAL_REDACTION_DISABLED === "1";
   const resolvedEnabled = enabled ?? !envDisabled;
@@ -151,20 +152,6 @@ export function createRedactor({
   return new Redactor({ envSnapshot, patterns, enabled: resolvedEnabled });
 }
 
-/**
- * Lazily build the production proc surface so callers that don't inject a
- * runtime keep working. Imported indirectly to avoid pulling the whole
- * runtime bag (and its `node:fs`/`node:child_process` imports) into modules
- * that only ever receive an injected runtime.
- * @returns {{env: Record<string, string|undefined>, stderr: {write: (s: string) => void}}}
- */
-function defaultProc() {
-  return {
-    env: globalThis.process?.env ?? {},
-    stderr: { write: (s) => globalThis.process?.stderr?.write(s) },
-  };
-}
-
 /**
  * Parse `LIBEVAL_REDACTION_ENV_VARS` into a trimmed, non-empty name list.
  * Falls back to `DEFAULT_ENV_ALLOWLIST` when unset or empty.

package/src/supervisor.js

@@ -122,6 +122,7 @@ const devNull = new Writable({
  * @param {string[]} [deps.supervisorDisallowedTools]
  * @param {string} [deps.supervisorProfile]
  * @param {string} [deps.agentProfile]
+ * @param {string} [deps.agentSystemPromptAmend] - Amendment folded into the agent's `<session_protocol>` section, after the protocol trailer.
  * @param {string} [deps.profilesDir]
  * @param {string} [deps.taskAmend]
  * @param {Record<string, object>} [deps.agentMcpServers]
@@ -141,6 +142,7 @@ export function createSupervisor({
   supervisorDisallowedTools,
   supervisorProfile,
   agentProfile,
+  agentSystemPromptAmend,
   profilesDir,
   taskAmend,
   agentMcpServers,
@@ -182,6 +184,7 @@ export function createSupervisor({
       profile: agentProfile,
       profilesDir: resolvedProfilesDir,
       trailer: AGENT_SYSTEM_PROMPT,
+      amend: agentSystemPromptAmend,
       runtime,
     }),
     mcpServers: { orchestration: agentServer, ...agentMcpServers },