@hegemonart/get-design-done 1.59.7 → 1.59.9

package/sdk/mcp/gdd-state/server.js

@@ -197,6 +197,7 @@ __export(get_exports, {
 // sdk/state/index.ts
 var import_node_fs2 = require("node:fs");
 var import_node_path = require("node:path");
+var import_node_module = require("node:module");
 
 // sdk/state/lockfile.ts
 var import_node_fs = require("node:fs");
@@ -263,6 +264,14 @@ async function acquire(path2, opts = {}) {
       }
       const parsed = parseLock(existing);
       if (parsed !== null && isStale(parsed, staleMs)) {
+        const confirm = readLockSafe(lockPath);
+        if (confirm === null) {
+          continue;
+        }
+        if (confirm !== existing) {
+          await sleep(pollMs);
+          continue;
+        }
         try {
           (0, import_node_fs.unlinkSync)(lockPath);
         } catch (delErr) {
@@ -321,10 +330,14 @@ function parseLock(raw) {
   }
 }
 function isStale(payload, staleMs) {
-  if (!isPidAlive(payload.pid, payload.host)) return true;
-  const acquiredAt = Date.parse(payload.acquired_at);
-  if (!Number.isFinite(acquiredAt)) return true;
-  return Date.now() - acquiredAt > staleMs;
+  const pidRecorded = typeof payload.pid === "number" && Number.isInteger(payload.pid) && payload.pid > 0;
+  if (!pidRecorded) {
+    const acquiredAt = Date.parse(payload.acquired_at);
+    if (!Number.isFinite(acquiredAt)) return true;
+    return Date.now() - acquiredAt > staleMs;
+  }
+  if (isPidAlive(payload.pid, payload.host)) return false;
+  return true;
 }
 function isPidAlive(pid, host) {
   if (host !== (0, import_node_os.hostname)()) {
@@ -1731,6 +1744,8 @@ function gateFor(from, to) {
 }
 
 // sdk/state/index.ts
+var _moduleDir = typeof __dirname !== "undefined" ? __dirname : (0, import_node_path.dirname)(process.argv[1] || process.cwd());
+var _require = typeof require !== "undefined" ? require : (0, import_node_module.createRequire)(process.argv[1] || process.cwd());
 function _findPackageRoot(startDir) {
   let dir = (0, import_node_path.resolve)(startDir);
   let firstWithPkg = null;
@@ -1738,7 +1753,7 @@ function _findPackageRoot(startDir) {
     const pkgPath = (0, import_node_path.join)(dir, "package.json");
     if ((0, import_node_fs2.existsSync)(pkgPath)) {
       try {
-        const pkg = require(pkgPath);
+        const pkg = _require(pkgPath);
         if (firstWithPkg === null) firstWithPkg = dir;
         if (pkg.name === "@hegemonart/get-design-done") return dir;
       } catch {
@@ -1755,7 +1770,7 @@ var _backendCache = null;
 function _loadBackend() {
   if (_backendCache !== null) return _backendCache === false ? null : _backendCache;
   try {
-    const pkgRoot = _findPackageRoot(__dirname);
+    const pkgRoot = _findPackageRoot(_moduleDir);
     if (pkgRoot === null) {
       _backendCache = false;
       return null;
@@ -1765,7 +1780,7 @@ function _loadBackend() {
       _backendCache = false;
       return null;
     }
-    _backendCache = require(backendPath);
+    _backendCache = _require(backendPath);
     return _backendCache;
   } catch {
     _backendCache = false;
@@ -1890,20 +1905,47 @@ async function transition(path2, toStage) {
     throw new TransitionGateFailed(toStage, gateResult.blockers);
   }
   const nowIso = (/* @__PURE__ */ new Date()).toISOString();
-  const nextState = await mutate(path2, (s) => {
-    s.frontmatter.stage = toStage;
-    s.frontmatter.last_checkpoint = nowIso;
-    s.position.stage = toStage;
-    s.timestamps[`${toStage}_started_at`] = nowIso;
-    return s;
-  });
-  return { pass: true, blockers: gateResult.blockers, state: nextState };
+  let lockedFailure = null;
+  let lockedBlockers = gateResult.blockers;
+  try {
+    const nextState = await mutate(path2, (s) => {
+      const fromNow = s.position.stage;
+      if (!isStage(fromNow)) {
+        lockedFailure = new TransitionGateFailed(toStage, [
+          `Invalid transition: from="${fromNow}" is not a recognized Stage (changed under lock)`
+        ]);
+        throw lockedFailure;
+      }
+      const gateNow = gateFor(fromNow, toStage);
+      if (gateNow === null) {
+        lockedFailure = new TransitionGateFailed(toStage, [
+          `Invalid transition: ${fromNow} \u2192 ${toStage} (changed under lock)`
+        ]);
+        throw lockedFailure;
+      }
+      const resultNow = gateNow(s);
+      if (!resultNow.pass) {
+        lockedFailure = new TransitionGateFailed(toStage, resultNow.blockers);
+        throw lockedFailure;
+      }
+      lockedBlockers = resultNow.blockers;
+      s.frontmatter.stage = toStage;
+      s.frontmatter.last_checkpoint = nowIso;
+      s.position.stage = toStage;
+      s.timestamps[`${toStage}_started_at`] = nowIso;
+      return s;
+    });
+    return { pass: true, blockers: lockedBlockers, state: nextState };
+  } catch (err) {
+    if (lockedFailure !== null && err === lockedFailure) throw lockedFailure;
+    throw err;
+  }
 }
 
 // sdk/mcp/gdd-state/tools/shared.ts
 var import_node_path3 = __toESM(require("node:path"));
 var import_node_fs4 = require("node:fs");
-var import_node_module2 = require("node:module");
+var import_node_module3 = require("node:module");
 
 // sdk/event-stream/index.ts
 var import_node_os2 = require("node:os");
@@ -1952,40 +1994,64 @@ var EventBus = class extends import_node_events.EventEmitter {
 // sdk/event-stream/writer.ts
 var import_node_fs3 = require("node:fs");
 var import_node_path2 = require("node:path");
-var import_node_module = require("node:module");
+var import_node_module2 = require("node:module");
 function _findRepoRoot() {
-  let dir = process.cwd();
-  for (let i = 0; i < 8; i++) {
+  return _walkToPackageJson(process.cwd());
+}
+function _walkToPackageJson(startDir) {
+  let dir = startDir;
+  for (let i = 0; i < 12; i++) {
     if ((0, import_node_fs3.existsSync)((0, import_node_path2.join)(dir, "package.json"))) return dir;
     const parent = (0, import_node_path2.dirname)(dir);
     if (parent === dir) break;
     dir = parent;
   }
-  return process.cwd();
+  return startDir;
 }
-var _redact;
-try {
-  const _root = _findRepoRoot();
-  const _candidate = (0, import_node_path2.resolve)(_root, "scripts/lib/redact.cjs");
-  if ((0, import_node_fs3.existsSync)(_candidate)) {
-    const _redactRequire = (0, import_node_module.createRequire)((0, import_node_path2.join)(_root, "package.json"));
-    const _mod = _redactRequire(_candidate);
-    _redact = _mod.redact;
-  } else {
-    const _altRoot = (0, import_node_path2.resolve)(_root, "..", "..");
-    const _altCandidate = (0, import_node_path2.resolve)(_altRoot, "scripts/lib/redact.cjs");
-    if ((0, import_node_fs3.existsSync)(_altCandidate)) {
-      const _altRequire = (0, import_node_module.createRequire)((0, import_node_path2.join)(_altRoot, "package.json"));
-      const _altMod = _altRequire(_altCandidate);
-      _redact = _altMod.redact;
-    } else {
-      _redact = (v) => v;
+var _redactWarned = false;
+function _warnRedactUnavailable() {
+  if (_redactWarned) return;
+  _redactWarned = true;
+  try {
+    process.stderr.write(
+      "[event-stream] WARNING: scripts/lib/redact.cjs could not be loaded \u2014 failing CLOSED: event payloads are dropped (envelope-only) to avoid writing unscrubbed secrets. Run the event writer from inside the plugin tree or set the redact lib on PATH to restore full payloads.\n"
+    );
+  } catch {
+  }
+}
+function _loadRedact() {
+  const candidates = [];
+  const entry = process.argv[1];
+  if (typeof entry === "string" && entry.length > 0) {
+    const entryAbs = (0, import_node_path2.isAbsolute)(entry) ? entry : (0, import_node_path2.resolve)(entry);
+    const entryRoot = _walkToPackageJson((0, import_node_path2.dirname)(entryAbs));
+    candidates.push((0, import_node_path2.resolve)(entryRoot, "scripts/lib/redact.cjs"));
+  }
+  const repoRoot = _findRepoRoot();
+  candidates.push((0, import_node_path2.resolve)(repoRoot, "scripts/lib/redact.cjs"));
+  candidates.push((0, import_node_path2.resolve)(repoRoot, "..", "..", "scripts/lib/redact.cjs"));
+  for (const candidate of candidates) {
+    try {
+      if (!(0, import_node_fs3.existsSync)(candidate)) continue;
+      const req = (0, import_node_module2.createRequire)(candidate);
+      const mod = req(candidate);
+      if (mod && typeof mod.redact === "function") return mod.redact;
+    } catch {
     }
   }
-} catch {
-  _redact = (v) => v;
+  return null;
 }
-var redact = _redact;
+var _realRedact = _loadRedact();
+var redact = _realRedact !== null ? _realRedact : (v) => {
+  _warnRedactUnavailable();
+  if (v !== null && typeof v === "object") {
+    const ev = v;
+    const out = { ...ev };
+    out["payload"] = { _redaction_unavailable: true };
+    return out;
+  }
+  return { _redaction_unavailable: true };
+};
 var DEFAULT_EVENTS_PATH = ".design/telemetry/events.jsonl";
 var DEFAULT_MAX_LINE_BYTES = 64 * 1024;
 var EventWriter = class {
@@ -2132,7 +2198,7 @@ var _worktree = (() => {
     const root = _findRepoRoot2();
     const candidate = import_node_path3.default.resolve(root, "scripts/lib/worktree-resolve.cjs");
     if (!(0, import_node_fs4.existsSync)(candidate)) return null;
-    const req = (0, import_node_module2.createRequire)(import_node_path3.default.join(root, "package.json"));
+    const req = (0, import_node_module3.createRequire)(import_node_path3.default.join(root, "package.json"));
     return req(candidate);
   } catch {
     return null;

package/sdk/primitives/lockfile.cjs

@@ -82,8 +82,16 @@ async function acquire(path, opts) {
       // reads (EACCES/EPERM/EBUSY), and clearing under that condition
       // would let two writers race and lose increments.
       if (parsed !== null && isStale(parsed, staleMs)) {
+        // Audit D3 (TOCTOU): confirm the on-disk bytes STILL match the exact
+        // stale payload we just read before unlinking. If a different writer
+        // replaced the lock in the read→unlink window, do NOT unlink (that
+        // would steal a fresh lock); loop and re-evaluate the new holder.
+        const confirm = readLockSafe(lockPath);
+        if (confirm === null) continue; // already gone — race for wx-create
+        if (confirm !== existing) { await sleep(pollMs); continue; }
         // Clear stale lock; race-tolerant — if it's already gone we get
-        // ENOENT, no-op.
+        // ENOENT, no-op. The wx-create below is atomic (O_CREAT|O_EXCL), so
+        // even if two waiters both unlink, only one wins the recreate.
         try { fs.unlinkSync(lockPath); } catch { /* ignore */ }
         continue;
       }
@@ -155,10 +163,23 @@ function parseLock(raw) {
 }
 
 function isStale(payload, staleMs) {
-  if (!isPidAlive(payload.pid, payload.host)) return true;
-  const t = Date.parse(payload.acquired_at);
-  if (!Number.isFinite(t)) return true;
-  return Date.now() - t > staleMs;
+  // Audit D3: PID-liveness is AUTHORITATIVE. A lock whose holder PID is still
+  // alive on this host is NEVER stale, regardless of age — a legitimate
+  // long-running mutation must not have its lock stolen. The age-based
+  // fallback applies ONLY when liveness cannot be confirmed: a dead PID, or a
+  // missing/invalid pid field. (isPidAlive conservatively reports alive for
+  // cross-host and unsignalable holders, so those are also never aged out.)
+  const pidRecorded =
+    typeof payload.pid === 'number' &&
+    Number.isInteger(payload.pid) &&
+    payload.pid > 0;
+  if (!pidRecorded) {
+    const t = Date.parse(payload.acquired_at);
+    if (!Number.isFinite(t)) return true;
+    return Date.now() - t > staleMs;
+  }
+  if (isPidAlive(payload.pid, payload.host)) return false;
+  return true;
 }
 
 function isPidAlive(pid, host) {

package/sdk/state/index.ts

@@ -37,6 +37,33 @@ import {
 } from 'node:fs';
 import { dirname, join, resolve } from 'node:path';
 import { pathToFileURL } from 'node:url';
+import { createRequire } from 'node:module';
+
+// Audit D1: this .ts compiles to CommonJS via tsc (Node16 module mode), where
+// `import.meta` is FORBIDDEN (error TS1470). But under Node's
+// --experimental-strip-types the same file runs as ESM, where the CommonJS
+// globals `require` and `__dirname` are UNDEFINED -- a bare reference to either
+// THROWS a ReferenceError, so we cannot name them directly. We satisfy BOTH
+// targets by probing with `typeof` (safe in ESM) and falling back to the entry
+// script (`process.argv[1]`) when the CJS globals are absent. This mirrors the
+// process.argv[1] anchoring used by sibling `sdk/event-stream/writer.ts` and
+// avoids `import.meta` entirely.
+//   * `_require` -- a CJS-style require, used to load the optional .cjs backend
+//     (state-backend.cjs) and package.json files. In compiled CJS output the
+//     real `require` is used; under strip-types ESM we synthesize one anchored
+//     on the entry script via createRequire.
+//   * `_moduleDir` -- the walk-up anchor formerly spelled `__dirname`. In
+//     compiled CJS `__dirname` is used; under ESM we derive a directory from
+//     the entry script. Either way `_loadBackend` can resolve the optional
+//     native backend in BOTH compiled and source modes.
+const _moduleDir: string =
+  typeof __dirname !== 'undefined'
+    ? __dirname
+    : dirname(process.argv[1] || process.cwd());
+const _require =
+  typeof require !== 'undefined'
+    ? require
+    : createRequire(process.argv[1] || process.cwd());
 
 import { acquire, acquireSqliteLock } from './lockfile.ts';
 import { parse } from './parser.ts';
@@ -69,8 +96,8 @@ function _findPackageRoot(startDir: string): string | null {
     const pkgPath = join(dir, 'package.json');
     if (existsSync(pkgPath)) {
       try {
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
-        const pkg = require(pkgPath) as { name?: string };
+        // D1: createRequire-bound require (bare `require` is undefined in ESM).
+        const pkg = _require(pkgPath) as { name?: string };
         if (firstWithPkg === null) firstWithPkg = dir;
         if (pkg.name === '@hegemonart/get-design-done') return dir;
       } catch {
@@ -85,9 +112,16 @@ function _findPackageRoot(startDir: string): string | null {
 }
 
 // ---------------------------------------------------------------------------
-// Phase 57: backend probe (loaded once via require, memoized).
-// state-backend.cjs is a CommonJS module; require() works from .ts under
-// Node 22 --experimental-strip-types (only type-erasable syntax is used).
+// Phase 57: backend probe (loaded once via createRequire, memoized).
+// state-backend.cjs is a CommonJS module. Audit D1 correction: a BARE
+// `require()` does NOT work from this .ts under Node's --experimental-strip-
+// types — this module is loaded as ESM, where `require` is undefined and a
+// bare call throws ReferenceError (silently caught below, killing the backend
+// path). We load via `_require` -- the real CJS `require` in compiled output,
+// or a createRequire anchored on the entry script under strip-types ESM --
+// which DOES resolve the optional .cjs backend in both modes. The graceful-null
+// fallback is preserved for the genuinely-absent
+// dependency (e.g. better-sqlite3 not installed).
 // ---------------------------------------------------------------------------
 
 interface StateBackendMod {
@@ -111,12 +145,13 @@ let _backendCache: StateBackendMod | null | false = null;
 function _loadBackend(): StateBackendMod | null {
   if (_backendCache !== null) return _backendCache === false ? null : _backendCache as StateBackendMod;
   try {
-    const pkgRoot = _findPackageRoot(__dirname);
+    const pkgRoot = _findPackageRoot(_moduleDir);
     if (pkgRoot === null) { _backendCache = false; return null; }
     const backendPath = join(pkgRoot, 'scripts', 'lib', 'state', 'state-backend.cjs');
     if (!existsSync(backendPath)) { _backendCache = false; return null; }
-    // eslint-disable-next-line @typescript-eslint/no-require-imports
-    _backendCache = require(backendPath) as StateBackendMod;
+    // D1: createRequire-bound require so the optional native backend can
+    // actually load from this ESM (.ts strip-types) context.
+    _backendCache = _require(backendPath) as StateBackendMod;
     return _backendCache as StateBackendMod;
   } catch {
     _backendCache = false;
@@ -144,7 +179,7 @@ let _storeCache: StateStoreMod | null | false = null;
 async function _loadStore(): Promise<StateStoreMod | null> {
   if (_storeCache !== null) return _storeCache === false ? null : _storeCache as StateStoreMod;
   try {
-    const pkgRoot = _findPackageRoot(__dirname);
+    const pkgRoot = _findPackageRoot(_moduleDir);
     if (pkgRoot === null) { _storeCache = false; return null; }
     const storePath = join(pkgRoot, 'scripts', 'lib', 'state', 'state-store.cjs');
     if (!existsSync(storePath)) { _storeCache = false; return null; }
@@ -420,12 +455,51 @@ export async function transition(
     throw new TransitionGateFailed(toStage, gateResult.blockers);
   }
   const nowIso: string = new Date().toISOString();
-  const nextState = await mutate(path, (s): ParsedState => {
-    s.frontmatter.stage = toStage;
-    s.frontmatter.last_checkpoint = nowIso;
-    s.position.stage = toStage;
-    s.timestamps[`${toStage}_started_at`] = nowIso;
-    return s;
-  });
-  return { pass: true, blockers: gateResult.blockers, state: nextState };
+  // Audit D4: the gate above was evaluated against a PRE-LOCK read. A
+  // concurrent stage change between that read and the locked mutate could make
+  // the transition invalid (e.g. another writer already advanced the stage, so
+  // `from` is no longer the current stage, or the gate's preconditions no
+  // longer hold). Re-evaluate the gate INSIDE the locked mutate against the
+  // freshly-read `s`, and abort the transition if it no longer holds. The
+  // mutate() lock serializes us against other writers, so this re-check is
+  // race-free: nothing can change `s` between this check and the write.
+  //
+  // We capture the locked re-check failure and re-throw it OUTSIDE mutate so
+  // the caller sees a TransitionGateFailed rather than a generic mutate error.
+  let lockedFailure: TransitionGateFailed | null = null;
+  let lockedBlockers: string[] = gateResult.blockers;
+  try {
+    const nextState = await mutate(path, (s): ParsedState => {
+      const fromNow: string = s.position.stage;
+      if (!isStage(fromNow)) {
+        lockedFailure = new TransitionGateFailed(toStage, [
+          `Invalid transition: from="${fromNow}" is not a recognized Stage (changed under lock)`,
+        ]);
+        throw lockedFailure;
+      }
+      const gateNow = gateFor(fromNow, toStage);
+      if (gateNow === null) {
+        lockedFailure = new TransitionGateFailed(toStage, [
+          `Invalid transition: ${fromNow} → ${toStage} (changed under lock)`,
+        ]);
+        throw lockedFailure;
+      }
+      const resultNow = gateNow(s);
+      if (!resultNow.pass) {
+        lockedFailure = new TransitionGateFailed(toStage, resultNow.blockers);
+        throw lockedFailure;
+      }
+      lockedBlockers = resultNow.blockers;
+      s.frontmatter.stage = toStage;
+      s.frontmatter.last_checkpoint = nowIso;
+      s.position.stage = toStage;
+      s.timestamps[`${toStage}_started_at`] = nowIso;
+      return s;
+    });
+    return { pass: true, blockers: lockedBlockers, state: nextState };
+  } catch (err) {
+    // If the in-lock re-check vetoed, surface the gate failure verbatim.
+    if (lockedFailure !== null && err === lockedFailure) throw lockedFailure;
+    throw err;
+  }
 }

package/sdk/state/lockfile.ts

@@ -99,7 +99,25 @@ export async function acquire(
 
       const parsed: LockPayload | null = parseLock(existing);
       if (parsed !== null && isStale(parsed, staleMs)) {
-        // Clear stale lock and retry.
+        // Audit D3 (TOCTOU): two waiters could each observe the same stale
+        // lock and both unlink+recreate, or one could unlink a DIFFERENT,
+        // freshly-acquired lock that replaced the stale one in the read→unlink
+        // window. Guard by confirming the on-disk bytes STILL match the exact
+        // stale payload we observed immediately before unlinking; if they
+        // changed (a new holder wrote a fresh lock), abandon the clear and
+        // loop — the next iteration re-reads and re-evaluates the new holder.
+        const confirm: string | null = readLockSafe(lockPath);
+        if (confirm === null) {
+          // Already gone — someone cleared it first. Retry immediately to
+          // race for the wx-create.
+          continue;
+        }
+        if (confirm !== existing) {
+          // A different writer replaced the lock between our read and now.
+          // Do NOT unlink — that would steal a (potentially fresh) lock.
+          await sleep(pollMs);
+          continue;
+        }
         try {
           unlinkSync(lockPath);
         } catch (delErr) {
@@ -108,6 +126,9 @@ export async function acquire(
             // Someone else cleared it first; fall through to retry.
           }
         }
+        // The wx-create on the next iteration is itself atomic (O_CREAT|O_EXCL),
+        // so even if two waiters both reach the unlink, only ONE wins the
+        // recreate; the loser sees EEXIST and re-evaluates.
         continue;
       }
 
@@ -181,13 +202,31 @@ function parseLock(raw: string): LockPayload | null {
 }
 
 function isStale(payload: LockPayload, staleMs: number): boolean {
-  // 1) PID check — if the process is dead, the lock is stale.
-  if (!isPidAlive(payload.pid, payload.host)) return true;
-  // 2) Age check — acquired_at older than staleMs is stale even if the
-  //    PID is reused by something else.
-  const acquiredAt = Date.parse(payload.acquired_at);
-  if (!Number.isFinite(acquiredAt)) return true; // garbage timestamp
-  return Date.now() - acquiredAt > staleMs;
+  // Audit D3: PID-liveness is AUTHORITATIVE. A lock whose holder PID is still
+  // alive on this host is NEVER stale, regardless of age — a legitimate
+  // long-running mutation (e.g. a >60s transaction) must not have its lock
+  // stolen out from under it. The age-based fallback only applies when we
+  // CANNOT confirm liveness: a dead PID, a missing/invalid pid field, a
+  // cross-host holder, or an unsignalable PID.
+  //
+  // Note: `isPidAlive` already returns true for the conservative
+  // can't-introspect cases (different host, EPERM). For those, the holder is
+  // treated as alive and the lock is held until released — we do NOT fall
+  // through to age-staleness, because doing so reintroduces the steal. Stale
+  // reclamation for genuinely-abandoned cross-host/unsignalable locks is left
+  // to manual cleanup, which is strictly safer than racing a live writer.
+  const pidRecorded =
+    typeof payload.pid === 'number' && Number.isInteger(payload.pid) && payload.pid > 0;
+  if (!pidRecorded) {
+    // No usable pid → cannot prove liveness. Fall back to age-staleness.
+    const acquiredAt = Date.parse(payload.acquired_at);
+    if (!Number.isFinite(acquiredAt)) return true; // garbage timestamp
+    return Date.now() - acquiredAt > staleMs;
+  }
+  // A recorded, live PID is decisive: NOT stale at any age.
+  if (isPidAlive(payload.pid, payload.host)) return false;
+  // PID is recorded but confirmed dead (ESRCH on this host) → stale.
+  return true;
 }
 
 /**

package/skills/bandit-reset/SKILL.md

@@ -31,6 +31,8 @@ No posterior file found at `.design/telemetry/posterior.json` — nothing to res
 The next bandit pull with `adaptive_mode: full` will bootstrap a fresh posterior from informed priors. See `reference/bandit-integration.md`.
 ```
 
+> Note: the posterior only learns (updates from outcomes) on the SDK / headless `session-runner` path. In interactive Claude Code with `adaptive_mode: full`, the bandit samples from the configured priors but does not currently update them in-session. A reset therefore re-bootstraps the priors the SDK path will subsequently learn from. See `reference/bandit-integration.md` ("Where adaptive routing actually learns").
+
 If present, count the arms (`arms.length`, treating a missing/non-array `arms` as `0`) so the confirmation and receipt can report what will be cleared. A corrupted/unparseable file is still resettable - report `arms: unknown (file unparseable)` and continue.
 
 ### 2. Require explicit confirmation

package/skills/bandit-status/SKILL.md

@@ -33,10 +33,13 @@ Possible reasons:
 - `adaptive_mode` is `static` or `hedge` (bandit silent — see `.design/budget.json`).
 - No spawns have fired since Phase 27.5 wiring landed.
 - Posterior was cleared via `/gdd:bandit-reset`.
+- You are running in interactive Claude Code: the posterior is updated (learns) only on the SDK / headless `session-runner` path. In interactive `adaptive_mode: full` the bandit samples from configured priors but does not learn from in-session outcomes.
 
-See `reference/bandit-integration.md` for setup guidance.
+See `reference/bandit-integration.md` ("Where adaptive routing actually learns") for setup guidance.
 ```
 
+> Note: the posterior only moves (learns) on the SDK / headless `session-runner` path. In interactive Claude Code with `adaptive_mode: full`, the bandit samples from the configured priors but does not currently update them in-session. See `reference/bandit-integration.md`.
+
 Skip to Section 4 (Record). Parse failure (truncated/corrupted) → emit `Posterior file exists but is unparseable. Run /gdd:bandit-reset to start fresh, or restore from a backup.`
 
 ### 2. Parse the posterior

package/skills/darkmode/SKILL.md

@@ -29,7 +29,7 @@ Output artifact prefix `DARKMODE-AUDIT` is distinct from the pipeline namespace
 
 ## Pre-Flight
 
-Confirm source root exists. Try in order: `src/` (preferred), `app/` (Next.js App Router), `lib/` (libraries), `pages/` (Next.js Pages Router). Set `SRC_ROOT` to the first that exists. If none exist, abort: `"No source directory detected. Run /get-design-done scan first."`
+Confirm source root exists. Try in order: `src/` (preferred), `app/` (Next.js App Router), `lib/` (libraries), `pages/` (Next.js Pages Router). Set `SRC_ROOT` to the first that exists. If none exist, abort: `"No source directory detected. Run /get-design-done explore first."`
 
 Confirm `.design/` exists (create if absent: `mkdir -p .design/`).
 

package/skills/graphify/SKILL.md

@@ -5,7 +5,7 @@ description: "Manage the Graphify knowledge graph for the current project. Build
 
 # gdd-graphify
 
-Thin command wrapper around the GSD graphify tools integration.
+Thin command wrapper around the get-design-done (GDD) graphify tools integration.
 
 ## Usage
 
@@ -30,10 +30,10 @@ Thin command wrapper around the GSD graphify tools integration.
    ```
    STOP.
 4. Execute the requested subcommand via the native CLI:
-   - build:  `node bin/gdd-graph build`
-   - query:  `node bin/gdd-graph query "<term>" --budget 2000`
-   - status: `node bin/gdd-graph status`
-   - diff:   `node bin/gdd-graph diff`
+   - build:  `node "${CLAUDE_PLUGIN_ROOT}/bin/gdd-graph" build`
+   - query:  `node "${CLAUDE_PLUGIN_ROOT}/bin/gdd-graph" query "<term>" --budget 2000`
+   - status: `node "${CLAUDE_PLUGIN_ROOT}/bin/gdd-graph" status`
+   - diff:   `node "${CLAUDE_PLUGIN_ROOT}/bin/gdd-graph" diff`
 5. After `build` completes, update `.design/STATE.md` `<connections>`: `graphify: available`
 
 ## Required Reading
@@ -43,7 +43,7 @@ Thin command wrapper around the GSD graphify tools integration.
 
 ## Notes
 
-- Graphify is optional. The native CLI ships in this repo at `bin/gdd-graph` (no external install - Node only).
+- Graphify is optional. The native CLI ships with the plugin at `${CLAUDE_PLUGIN_ROOT}/bin/gdd-graph` (no external install - Node only).
 - Graph is stored at `.design/graph/graph.json` (Ajv-validated against `scripts/lib/graph/schema.json`).
 - Graph covers source code (`src/`, `components/`). It does NOT index `.design/` artifacts by default.
 - Use `query` with node IDs from the graph schema: `component:<name>`, `token:color/<name>`, `decision:D-<nn>`, etc.

package/skills/quick/SKILL.md

@@ -26,10 +26,12 @@ Fast pipeline run. Skips optional-quality agents for speed while keeping the cor
    - Optional stage name (defaults to full pipeline from the current STATE.md position).
    - `--skip <agent-name>` (repeatable) adds to the skip list.
 2. Read `.design/STATE.md` to determine entry stage if none was passed.
-3. For each stage to execute, spawn the stage skill with a `quick_mode: true` flag and the effective skip list in the spawn context. Stage skills read this flag and route around the listed agents.
+3. For each stage to execute, invoke the stage skill but spawn it with the optional agents in the effective skip list **omitted from the spawn graph** - this skill is the orchestrator, so it simply does not call those agents (the stage skills do not read a `quick_mode` flag; the skipping happens here, by not spawning them). The kept agents run exactly as in the full pipeline.
 4. After each stage, print: "Stage <name> done. Skipped: <list>."
 5. Final summary prints which agents were skipped across the full run.
 
+Mechanism note: `/gdd:quick` is a lighter-touch *invocation* of the normal stages, not a special stage mode. It reduces ceremony by leaving the listed optional-quality agents out of the spawn graph it orchestrates. There is no flag the stage skills parse - if invoked directly (not via this skill) the stages run their full agent set.
+
 ## Use When
 
 - You trust the problem scope (no need for fresh research).

package/skills/reflect/SKILL.md

@@ -37,7 +37,7 @@ Run `design-reflector` on demand against the current (or specified) cycle. Produ
    See @skills/reflect/procedures/capability-gap-scan.md for the full procedure.
    The `design-reflector` agent runs the scan automatically as part of its reflection pass; this step lets users dry-run it independently with:
    ```
-   node scripts/lib/reflector/capability-gap-scan.cjs --dry-run
+   node "${CLAUDE_PLUGIN_ROOT}/scripts/lib/reflector/capability-gap-scan.cjs" --dry-run
    ```
    The scan emits `capability_gap` events (`source: "reflector_pattern"`) for recurring patterns lacking a dedicated executable owner; Plan 29-03 aggregates these for `/gdd:apply-reflections`.
 

package/skills/router/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: gdd-router
-description: "Routes a /gdd command to fast|quick|full path + S|M|L|XL complexity_class and returns {path, complexity_class, model_tier_overrides, resolved_models, estimated_cost_usd, cache_hits}. Deterministic - no model call. Invoked once at command entry before any Agent spawn. Read by hooks/budget-enforcer.ts."
+description: "Routes a /gdd command to fast|quick|full path + S|M|L|XL complexity_class and returns {path, complexity_class, model_tier_overrides, resolved_models, estimated_cost_usd, cache_hits}. A SKILL.md prompt the model executes to emit a routing-decision JSON from rule tables (no separate agent spawn). Optional/advisory - invoked only by the skills that opt into routing; the budget-enforcer hook tolerates its absence. Read by hooks/budget-enforcer.ts."
 argument-hint: "<intent-string> [<target-artifacts-csv>]"
 tools: Read, Bash, Grep
 ---
@@ -69,7 +69,9 @@ Delegate to `skills/cache-manager/SKILL.md` (Plan 10.1-02). The router lists can
 
 ## Integration Point
 
-Every `/gdd:*` SKILL.md's first substantive step is: spawn the router via `Task` or inline invocation; receive the JSON blob; pass it to downstream agents as context so the budget-enforcer hook has the router decision available in tool_input metadata when the first Agent spawn fires.
+The router is **optional and advisory**, not a universal first step. Only the handful of skills that explicitly opt into routing reference it (today: the root pipeline `SKILL.md` / `/gdd:handoff`, and `/gdd:style` documents that it deliberately does *not* invoke the router because it is a leaf invocation). The pipeline stage skills (explore / plan / design / verify) do **not** spawn the router. When a skill does invoke it, the flow is: invoke the router via `Task` or inline invocation; receive the JSON blob; pass it to downstream agents as context so the budget-enforcer hook has the router decision available in tool_input metadata when the first Agent spawn fires.
+
+When no skill supplies a router decision, the budget-enforcer hook reads `tool_input.context.router_decision` as absent and falls back to its legacy back-compat path - the router's absence is tolerated by design, never an error.
 
 ## Failure Modes