@imdeadpool/guardex 7.0.23 → 7.0.25

package/README.md

@@ -140,7 +140,7 @@ That's it. Install and update via `@imdeadpool/guardex`. Setup installs the mini
 </div>
 
 > [!NOTE]
-> In this repo, `CLAUDE.md` is a symlink to `AGENTS.md`, so Claude reads the same contract. Optional Codex/Claude companion files are installed at the user level with `gx install-agent-skills`, not copied into each repo.
+> In this repo, `CLAUDE.md` is a symlink to `AGENTS.md`, so Claude reads the same contract. Optional Codex/Claude companion files still install at the user level with `gx install-agent-skills`, while the generic repo skill catalog is available through `npx skills add recodeee/` or directly via `npx skills add recodeee/gitguardex`.
 
 ### Decision flow
 
@@ -266,7 +266,7 @@ To install the real companion into local VS Code from a GitGuardex-wired repo:
 node scripts/install-vscode-active-agents-extension.js
 ```
 
-It adds an `Active Agents` view to the Source Control container, groups each live repo into `ACTIVE AGENTS` and `CHANGES` sections, splits `ACTIVE AGENTS` into `BLOCKED`, `WORKING NOW`, `IDLE`, `STALLED`, and `DEAD` when those states are present, mirrors the selected session or active-agent count in the VS Code status bar, reads `.omx/state/active-sessions/*.json`, derives session state from git conflict markers, dirty worktree status, PID liveness, and recent file mtimes, and surfaces working/dead counts in the repo/header affordances. Reload the VS Code window after install.
+It adds a dedicated `Active Agents` Activity Bar container with a hive icon, shows the live active-agent count as a badge on that icon, groups each live repo into `ACTIVE AGENTS` and `CHANGES` sections, splits `ACTIVE AGENTS` into `BLOCKED`, `WORKING NOW`, `IDLE`, `STALLED`, and `DEAD` when those states are present, mirrors the selected session or active-agent count in the VS Code status bar, reads `.omx/state/active-sessions/*.json`, derives session state from git conflict markers, dirty worktree status, PID liveness, and recent file mtimes, and surfaces working/dead counts in the repo/header affordances. Reload the VS Code window after install.
 
 ---
 
@@ -459,6 +459,23 @@ npm i -g oh-my-claude-sisyphus@latest
 Repo: <https://github.com/Yeachan-Heo/oh-my-claudecode>
 [![GitHub stars](https://img.shields.io/github/stars/Yeachan-Heo/oh-my-claudecode?style=social)](https://github.com/Yeachan-Heo/oh-my-claudecode)
 
+### GitGuardex skills - install the repo skill catalog through `npx skills`
+
+For agents that already support the generic `skills` installer flow, GitGuardex now exposes its repo skill catalog directly. You can start from the broader `recodeee` source or jump straight into this repo's catalog.
+
+```sh
+npx skills add recodeee/
+```
+
+```sh
+npx skills add recodeee/gitguardex
+```
+
+This repo currently exposes `gitguardex` and `guardex-merge-skills-to-dev` through that flow. If the picker does not show a separate `guardex` skill, that is expected: `guardex` remains the legacy CLI alias, while the repo skill itself is named `gitguardex`. Use `gx install-agent-skills` when you want the Codex/Claude user-home startup files instead of the generic `skills` catalog.
+
+Repo: <https://github.com/recodeee/gitguardex>
+[![GitHub stars](https://img.shields.io/github/stars/recodeee/gitguardex?style=social)](https://github.com/recodeee/gitguardex)
+
 ### Caveman — output compression for long agent runs
 
 Ultra-compressed response mode for Claude/Codex-style agents. Useful when you want less output-token churn during long reviews, debug loops, or multi-agent sessions.
@@ -609,7 +626,7 @@ vscode/guardex-active-agents/README.md
 
 Legacy compatibility note: older repos may still contain repo-local workflow scripts under `scripts/`. Direct `gx branch ...`, `gx locks ...`, `gx finish`, `gx cleanup`, `gx merge`, and `gx migrate` do not require them. `gx migrate` removes those leftover workflow shims by default. The CLI still honors repo-local `scripts/review-bot-watch.sh` and `scripts/codex-agent.sh` when they are already present so older repos can keep working during migration.
 
-Optional Codex/Claude user-level companions still install with `gx install-agent-skills`; they are not copied into each repo.
+Optional Codex/Claude user-level companions still install with `gx install-agent-skills`; the generic repo skill catalog is available with `npx skills add recodeee/` or directly via `npx skills add recodeee/gitguardex`. Neither path copies those user-home files into each repo.
 
 ---
 
@@ -672,6 +689,16 @@ npm pack --dry-run
 <details>
 <summary><strong>v7.x</strong></summary>
 
+### v7.0.25
+- Bumped `@imdeadpool/guardex` from `7.0.24` to `7.0.25` so npm and GitHub Releases can ship the current `main` payload.
+- The bundled `GitGuardex Active Agents` VS Code companion now self-heals stale repo-scan ignore settings in older repos, keeps plain managed sandboxes visible in Source Control, and preserves cleanup truth so the tree matches actual sandbox state.
+- Bumped the shipped Active Agents companion manifests from `0.0.8` to `0.0.9` so local VS Code installs can pick up the newer workspace build and show the refreshed extension version from this release.
+
+### v7.0.24
+- Bumped `@imdeadpool/guardex` from `7.0.23` to `7.0.24` so GitHub Releases and the npm publish retry can advance together after `v7.0.23` landed on GitHub but not on npm.
+- Release verification no longer loses its base ref on tag-triggered runs, so the publish workflow keeps the history it needs before packing and publish checks.
+- Keep the release scoped to version and release automation metadata only; the packaged Guardex CLI payload stays aligned with the already-verified `main` branch contents.
+
 ### v7.0.23
 - Bumped `@imdeadpool/guardex` from `7.0.22` to `7.0.23` so GitHub release and npm can advance together after `7.0.22` reached npm without a matching published GitHub release.
 - Active Agents stays easier to scan and more truthful: the package repo remains the canonical source, inspect/install paths stay loadable across VS Code churn, and session rows group under worktrees with clearer merged-cleanup truth.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imdeadpool/guardex",
-  "version": "7.0.23",
+  "version": "7.0.25",
   "description": "Guardian T-Rex for your multi-agent repo. Isolated worktrees, file locks, and PR-only merges stop parallel Codex & Claude agents from overwriting each other's work. Auto-wires Oh My Codex, Oh My Claude, OpenSpec, and Caveman.",
   "license": "MIT",
   "preferGlobal": true,

package/src/cli/args.js

@@ -770,6 +770,7 @@ function parseFinishArgs(rawArgs, defaults = {}) {
     cleanup: defaults.cleanup ?? true,
     keepRemote: false,
     noAutoCommit: false,
+    parentGitlinkCommit: defaults.parentGitlinkCommit ?? true,
     failFast: false,
     commitMessage: '',
     mergeMode: defaults.mergeMode || 'pr',
@@ -865,6 +866,14 @@ function parseFinishArgs(rawArgs, defaults = {}) {
       options.noAutoCommit = true;
       continue;
     }
+    if (arg === '--parent-gitlink-commit') {
+      options.parentGitlinkCommit = true;
+      continue;
+    }
+    if (arg === '--no-parent-gitlink-commit') {
+      options.parentGitlinkCommit = false;
+      continue;
+    }
     if (arg === '--fail-fast') {
       options.failFast = true;
       continue;

package/src/cli/main.js

@@ -2431,15 +2431,20 @@ function report(rawArgs) {
   const options = parseReportArgs(rawArgs);
   const subcommand = options.subcommand || 'help';
   if (subcommand === 'help' || subcommand === '--help' || subcommand === '-h') {
+    const sessionSeverityHelpDetails = sessionSeverityReport.renderSessionSeverityHelpDetails()
+      .split('\n')
+      .map((line) => `    ${line}`)
+      .join('\n');
     console.log(
       `${TOOL_NAME} report commands:\n` +
       `  ${TOOL_NAME} report scorecard [--target <path>] [--repo github.com/<owner>/<repo>] [--scorecard-json <file>] [--output-dir <path>] [--date YYYY-MM-DD] [--dry-run] [--json]\n` +
-      `  ${TOOL_NAME} report session-severity --task-size <narrow-patch|medium-change|large-change> --tokens <count> --exec-count <count> --write-stdin-count <count> --completion-before-tail <yes|no> [--expected-bound <count>] [--fragmentation <preset|0-25>] [--finish-path <preset|0-15>] [--post-proof <preset|0-15>] [--json]\n` +
+      `  ${sessionSeverityReport.renderSessionSeverityCommand(TOOL_NAME)}\n` +
+      `${sessionSeverityHelpDetails}\n` +
       `\n` +
       `Examples:\n` +
       `  ${TOOL_NAME} report scorecard --repo github.com/recodeecom/multiagent-safety\n` +
       `  ${TOOL_NAME} report scorecard --scorecard-json ./scorecard.json --date 2026-04-10\n` +
-      `  ${TOOL_NAME} report session-severity --task-size narrow-patch --tokens 3850000 --exec-count 18 --write-stdin-count 6 --completion-before-tail yes --fragmentation 14 --finish-path 6 --post-proof 4`,
+      `  ${sessionSeverityReport.renderSessionSeverityExample(TOOL_NAME)}`,
     );
     process.exitCode = 0;
     return;

package/src/context.js

@@ -129,6 +129,14 @@ const TEMPLATE_FILES = [
   'vscode/guardex-active-agents/session-schema.js',
   'vscode/guardex-active-agents/README.md',
   'vscode/guardex-active-agents/icon.png',
+  'vscode/guardex-active-agents/fileicons/gitguardex-fileicons.json',
+  'vscode/guardex-active-agents/fileicons/icons/agent.svg',
+  'vscode/guardex-active-agents/fileicons/icons/branch.svg',
+  'vscode/guardex-active-agents/fileicons/icons/config.svg',
+  'vscode/guardex-active-agents/fileicons/icons/hook.svg',
+  'vscode/guardex-active-agents/fileicons/icons/openspec.svg',
+  'vscode/guardex-active-agents/fileicons/icons/plan.svg',
+  'vscode/guardex-active-agents/fileicons/icons/spec.svg',
 ];
 
 const PACKAGE_ROOT_SOURCE_OVERRIDES = new Set([
@@ -139,6 +147,14 @@ const PACKAGE_ROOT_SOURCE_OVERRIDES = new Set([
   'vscode/guardex-active-agents/session-schema.js',
   'vscode/guardex-active-agents/README.md',
   'vscode/guardex-active-agents/icon.png',
+  'vscode/guardex-active-agents/fileicons/gitguardex-fileicons.json',
+  'vscode/guardex-active-agents/fileicons/icons/agent.svg',
+  'vscode/guardex-active-agents/fileicons/icons/branch.svg',
+  'vscode/guardex-active-agents/fileicons/icons/config.svg',
+  'vscode/guardex-active-agents/fileicons/icons/hook.svg',
+  'vscode/guardex-active-agents/fileicons/icons/openspec.svg',
+  'vscode/guardex-active-agents/fileicons/icons/plan.svg',
+  'vscode/guardex-active-agents/fileicons/icons/spec.svg',
 ]);
 
 const LEGACY_WORKFLOW_SHIM_SPECS = [
@@ -263,8 +279,12 @@ const AGENT_WORKTREE_RELATIVE_DIRS = [
 const MANAGED_REPO_SCAN_IGNORED_FOLDERS = [
   '.omx/agent-worktrees',
   '**/.omx/agent-worktrees',
+  '.omx/.tmp-worktrees',
+  '**/.omx/.tmp-worktrees',
   '.omc/agent-worktrees',
   '**/.omc/agent-worktrees',
+  '.omc/.tmp-worktrees',
+  '**/.omc/.tmp-worktrees',
 ];
 const MANAGED_GITIGNORE_PATHS = [
   '.omx/',
@@ -427,6 +447,8 @@ const AI_SETUP_PARTS = [
       'gx branch start "<task>" "<agent>"',
       'then gx locks claim --branch "<agent-branch>" <file...> -> inspect once -> patch once -> verify once -> gx branch finish',
       'batch discovery, git/PR, and CI by phase; avoid repeated peeks or stdin loops',
+      'checkpoint after each milestone: Task -> Done -> Current status -> Next; keep only the latest checkpoint(s) in active context',
+      'summarize tool results, keep stdin/process chatter ephemeral, and keep execution log separate from reasoning context',
     ],
     execLines: [
       'gx branch start "<task>" "<agent>"',

package/src/doctor/index.js

@@ -314,6 +314,118 @@ function doctorFinishFlowIsPending(output) {
   );
 }
 
+function verifyDoctorSandboxCleanup(repoRoot, metadata) {
+  const branchExists = Boolean(metadata.branch) && gitRefExists(repoRoot, `refs/heads/${metadata.branch}`);
+  const worktreeExists = Boolean(metadata.worktreePath) && fs.existsSync(metadata.worktreePath);
+
+  if (!branchExists && !worktreeExists) {
+    return {
+      status: 'verified',
+      note: 'doctor sandbox cleanup verified',
+    };
+  }
+
+  const cleanup = cleanupProtectedBaseSandbox(repoRoot, metadata);
+  const branchStillExists = Boolean(metadata.branch) && gitRefExists(repoRoot, `refs/heads/${metadata.branch}`);
+  const worktreeStillExists = Boolean(metadata.worktreePath) && fs.existsSync(metadata.worktreePath);
+  if (branchStillExists || worktreeStillExists) {
+    return {
+      status: 'failed',
+      note:
+        'doctor sandbox cleanup incomplete ' +
+        `(branch=${branchStillExists ? 'present' : 'missing'}, worktree=${worktreeStillExists ? 'present' : 'missing'})`,
+      cleanup,
+    };
+  }
+
+  return {
+    status: 'verified',
+    note: 'doctor sandbox cleanup verified',
+    cleanup,
+  };
+}
+
+function verifyDoctorSandboxRemoteCleanup(repoRoot, metadata) {
+  if (!metadata.branch || !hasOriginRemote(repoRoot)) {
+    return {
+      status: 'skipped',
+      note: 'doctor sandbox remote cleanup skipped',
+    };
+  }
+
+  const remoteBefore = run(
+    'git',
+    ['-C', repoRoot, 'ls-remote', '--heads', 'origin', metadata.branch],
+    { timeout: 20_000 },
+  );
+  if (isSpawnFailure(remoteBefore)) {
+    throw remoteBefore.error;
+  }
+  if (remoteBefore.status !== 0) {
+    return {
+      status: 'failed',
+      note: 'doctor sandbox remote branch inspection failed',
+      stdout: remoteBefore.stdout || '',
+      stderr: remoteBefore.stderr || '',
+    };
+  }
+  if (!String(remoteBefore.stdout || '').trim()) {
+    return {
+      status: 'verified',
+      note: 'doctor sandbox remote cleanup verified',
+    };
+  }
+
+  const deleteResult = run(
+    'git',
+    ['-C', repoRoot, 'push', 'origin', '--delete', metadata.branch],
+    { timeout: 30_000 },
+  );
+  if (isSpawnFailure(deleteResult)) {
+    throw deleteResult.error;
+  }
+  if (deleteResult.status !== 0) {
+    return {
+      status: 'failed',
+      note: 'doctor sandbox remote branch cleanup failed',
+      stdout: deleteResult.stdout || '',
+      stderr: deleteResult.stderr || '',
+    };
+  }
+
+  const remoteAfter = run(
+    'git',
+    ['-C', repoRoot, 'ls-remote', '--heads', 'origin', metadata.branch],
+    { timeout: 20_000 },
+  );
+  if (isSpawnFailure(remoteAfter)) {
+    throw remoteAfter.error;
+  }
+  if (remoteAfter.status !== 0) {
+    return {
+      status: 'failed',
+      note: 'doctor sandbox remote cleanup recheck failed',
+      stdout: remoteAfter.stdout || '',
+      stderr: remoteAfter.stderr || '',
+    };
+  }
+  if (String(remoteAfter.stdout || '').trim()) {
+    return {
+      status: 'failed',
+      note: 'doctor sandbox remote branch still present after cleanup',
+      stdout: remoteAfter.stdout || '',
+      stderr: remoteAfter.stderr || '',
+    };
+  }
+
+  return {
+    status: 'verified',
+    note: 'doctor sandbox remote cleanup verified',
+    stdout: deleteResult.stdout || '',
+    stderr: deleteResult.stderr || '',
+  };
+}
+
 function finishDoctorSandboxBranch(blocked, metadata, options = {}) {
   if (!hasOriginRemote(blocked.repoRoot)) {
     return {
@@ -353,8 +465,8 @@ function finishDoctorSandboxBranch(blocked, metadata, options = {}) {
 
   const finishResult = runPackageAsset(
     'branchFinish',
-    ['--branch', metadata.branch, '--base', blocked.branch, '--via-pr', waitForMergeArg, '--cleanup'],
-    { cwd: metadata.worktreePath, timeout: finishTimeoutMs },
+    ['--branch', metadata.branch, '--base', blocked.branch, '--via-pr', waitForMergeArg, '--no-cleanup'],
+    { cwd: blocked.repoRoot, timeout: finishTimeoutMs },
   );
   if (isSpawnFailure(finishResult)) {
     return {
@@ -384,11 +496,52 @@ function finishDoctorSandboxBranch(blocked, metadata, options = {}) {
     };
   }
 
+  let cleanupVerification;
+  try {
+    cleanupVerification = verifyDoctorSandboxCleanup(blocked.repoRoot, metadata);
+  } catch (error) {
+    return {
+      status: 'failed',
+      note: `doctor sandbox cleanup verification failed: ${error.message}`,
+      stdout: finishResult.stdout || '',
+      stderr: finishResult.stderr || '',
+    };
+  }
+  if (cleanupVerification.status === 'failed') {
+    return {
+      status: 'failed',
+      note: cleanupVerification.note,
+      stdout: finishResult.stdout || '',
+      stderr: finishResult.stderr || '',
+    };
+  }
+
+  let remoteCleanupVerification;
+  try {
+    remoteCleanupVerification = verifyDoctorSandboxRemoteCleanup(blocked.repoRoot, metadata);
+  } catch (error) {
+    return {
+      status: 'failed',
+      note: `doctor sandbox remote cleanup verification failed: ${error.message}`,
+      stdout: finishResult.stdout || '',
+      stderr: finishResult.stderr || '',
+    };
+  }
+  if (remoteCleanupVerification.status === 'failed') {
+    return {
+      status: 'failed',
+      note: remoteCleanupVerification.note,
+      stdout: [finishResult.stdout || '', remoteCleanupVerification.stdout || ''].filter(Boolean).join('\n'),
+      stderr: [finishResult.stderr || '', remoteCleanupVerification.stderr || ''].filter(Boolean).join('\n'),
+    };
+  }
+
   return {
     status: 'completed',
-    note: 'doctor sandbox finish flow completed',
-    stdout: finishResult.stdout || '',
-    stderr: finishResult.stderr || '',
+    note: 'doctor sandbox finish flow completed and cleanup verified',
+    stdout: [finishResult.stdout || '', remoteCleanupVerification.stdout || ''].filter(Boolean).join('\n'),
+    stderr: [finishResult.stderr || '', remoteCleanupVerification.stderr || ''].filter(Boolean).join('\n'),
+    cleanup: cleanupVerification.cleanup,
   };
 }
 

package/src/finish/index.js

@@ -317,6 +317,7 @@ function finish(rawArgs, defaults = {}) {
       if (options.keepRemote) {
         finishArgs.push('--keep-remote-branch');
       }
+      finishArgs.push(options.parentGitlinkCommit ? '--parent-gitlink-commit' : '--no-parent-gitlink-commit');
 
       if (options.dryRun) {
         console.log(`[${TOOL_NAME}] [dry-run] Would run: gx branch finish ${finishArgs.join(' ')}`);

package/src/report/session-severity.js

@@ -4,7 +4,8 @@ const TASK_SIZE_UPPER_BOUNDS = {
   'large-change': 8_000_000,
 };
 
-const TASK_SIZE_VALUES = new Set(Object.keys(TASK_SIZE_UPPER_BOUNDS));
+const TASK_SIZE_VALUES = Object.keys(TASK_SIZE_UPPER_BOUNDS);
+const TASK_SIZE_SET = new Set(TASK_SIZE_VALUES);
 const FRAGMENTATION_PRESET_SCORES = {
   clean: 0,
   'few-extra-checks': 5,
@@ -32,6 +33,50 @@ const DRIVER_LABELS = {
   finishPath: 'finish-path discipline',
   postProof: 'post-proof drift',
 };
+const LABEL_BANDS = [
+  { max: 15, label: 'Healthy' },
+  { max: 30, label: 'Mildly fragmented' },
+  { max: 50, label: 'Inefficient' },
+  { max: 75, label: 'Runaway' },
+  { max: 100, label: 'Catastrophic' },
+];
+const SESSION_SEVERITY_SUBCOMMAND = 'session-severity';
+const SESSION_SEVERITY_USAGE_ARGS = [
+  `--task-size <${TASK_SIZE_VALUES.join('|')}>`,
+  '--tokens <count>',
+  '--exec-count <count>',
+  '--write-stdin-count <count>',
+  '--completion-before-tail <yes|no>',
+  '[--expected-bound <count>]',
+  `[--fragmentation <${Object.keys(FRAGMENTATION_PRESET_SCORES).join('|')}|0-25>]`,
+  `[--finish-path <${Object.keys(FINISH_PATH_PRESET_SCORES).join('|')}|0-15>]`,
+  `[--post-proof <${Object.keys(POST_PROOF_PRESET_SCORES).join('|')}|0-15>]`,
+  '[--json]',
+].join(' ');
+const SESSION_SEVERITY_COMMAND_TAIL = `${SESSION_SEVERITY_SUBCOMMAND} ${SESSION_SEVERITY_USAGE_ARGS}`;
+const SESSION_SEVERITY_EXAMPLE_ARGS = [
+  '--task-size',
+  'narrow-patch',
+  '--tokens',
+  '3850000',
+  '--exec-count',
+  '18',
+  '--write-stdin-count',
+  '6',
+  '--completion-before-tail',
+  'yes',
+  '--fragmentation',
+  '14',
+  '--finish-path',
+  '6',
+  '--post-proof',
+  '4',
+];
+const SESSION_SEVERITY_EXAMPLE_TAIL = `${SESSION_SEVERITY_SUBCOMMAND} ${SESSION_SEVERITY_EXAMPLE_ARGS.join(' ')}`;
+
+function formatInteger(value) {
+  return Number(value).toLocaleString('en-US');
+}
 
 function parseRequiredPositiveInteger(name, rawValue, { allowZero = true } = {}) {
   const parsed = Number.parseInt(String(rawValue || ''), 10);
@@ -58,8 +103,8 @@ function clampScore(value, min, max) {
 
 function parseTaskSize(rawTaskSize) {
   const normalized = String(rawTaskSize || '').trim();
-  if (!TASK_SIZE_VALUES.has(normalized)) {
-    throw new Error(`--task-size must be one of: ${Array.from(TASK_SIZE_VALUES).join(', ')}`);
+  if (!TASK_SIZE_SET.has(normalized)) {
+    throw new Error(`--task-size must be one of: ${TASK_SIZE_VALUES.join(', ')}`);
   }
   return normalized;
 }
@@ -123,11 +168,7 @@ function scorePostProof(completionBeforeTail, override) {
 }
 
 function labelForTotal(total) {
-  if (total <= 15) return 'Healthy';
-  if (total <= 30) return 'Mildly fragmented';
-  if (total <= 50) return 'Inefficient';
-  if (total <= 75) return 'Runaway';
-  return 'Catastrophic';
+  return LABEL_BANDS.find((band) => total <= band.max)?.label || LABEL_BANDS[LABEL_BANDS.length - 1].label;
 }
 
 function buildSessionSeverityReport(options) {
@@ -205,9 +246,37 @@ function renderSessionSeverityReport(report) {
   ].join('\n');
 }
 
+function renderSessionSeverityHelpDetails() {
+  const taskSizeDefaults = TASK_SIZE_VALUES
+    .map((taskSize) => `${taskSize}=${formatInteger(TASK_SIZE_UPPER_BOUNDS[taskSize])}`)
+    .join(', ');
+  const labelBands = LABEL_BANDS
+    .map((band, index) => {
+      const min = index === 0 ? 0 : LABEL_BANDS[index - 1].max + 1;
+      return `${band.label}=${min}-${band.max}`;
+    })
+    .join(', ');
+  return [`Task-size defaults: ${taskSizeDefaults}`, `Label bands: ${labelBands}`].join('\n');
+}
+
+function renderSessionSeverityCommand(toolName) {
+  return `${toolName} report ${SESSION_SEVERITY_COMMAND_TAIL}`;
+}
+
+function renderSessionSeverityExample(toolName) {
+  return `${toolName} report ${SESSION_SEVERITY_EXAMPLE_TAIL}`;
+}
+
 module.exports = {
+  LABEL_BANDS,
+  SESSION_SEVERITY_COMMAND_TAIL,
+  SESSION_SEVERITY_EXAMPLE_ARGS,
+  SESSION_SEVERITY_EXAMPLE_TAIL,
   TASK_SIZE_UPPER_BOUNDS,
   buildSessionSeverityReport,
   renderSessionSeverityReport,
+  renderSessionSeverityHelpDetails,
+  renderSessionSeverityCommand,
+  renderSessionSeverityExample,
   labelForTotal,
 };

package/templates/AGENTS.multiagent-safety.md

@@ -21,8 +21,11 @@ Default: less word, same proof.
 - Front-load scaffold/path discovery into one grouped inspection pass. Avoid serial `ls` / `find` / `rg` / `cat` retries that only rediscover the same path state.
 - Treat repeated `write_stdin`, repeated `sed` / `cat` peeks, and tiny diagnostic follow-up checks as strong negative signals. If they appear alongside climbing input cost, stop the probe loop and batch the next phase.
 - Tool / hook summaries stay tiny: command, status, last meaningful lines only. Drop routine hook boilerplate.
+- Keep raw terminal interaction out of long-lived context. For `write_stdin` or interactive babysitting, retain only process, action sent, current result, and next action.
+- Keep execution log separate from reasoning context: full commands/stdout belong in logs, while prompt context keeps only the latest 1-2 checkpoints plus the newest tool-result summary.
 - Treat local edit/commit, remote publish/PR, CI diagnosis, and cleanup as bounded phases. Do not spend fresh narration or approval turns on obvious safe follow-ons inside an already authorized phase unless the risk changes.
 - When a session turns fragmented, collapse back to inspect once, patch once, verify once, and summarize once.
+- Use a fixed checkpoint shape when compacting: `Task`, `Done`, `Current status`, and `Next`.
 - Keep `.omx/notepad.md` lean: live handoffs only. Use exactly `branch`, `task`, `blocker`, `next step`, and `evidence`; move narrative proof into OpenSpec artifacts, PRs, or command output.
 
 ## OMX Caveman Style

package/templates/codex/skills/guardex-merge-skills-to-dev/SKILL.md

@@ -9,6 +9,7 @@ Use this skill when you only want to promote Codex skill file updates into the b
 
 ## What this merges
 
+- `skills/**/SKILL.md`
 - `.codex/skills/**/SKILL.md`
 - `templates/codex/skills/**/SKILL.md`
 
@@ -33,7 +34,7 @@ gx branch start "merge-skill-files-to-${BASE_BRANCH}" "skill-merge" "$BASE_BRANC
 
 ```sh
 SOURCE_BRANCH="<agent-branch>"
-git checkout "$SOURCE_BRANCH" -- ':(glob).codex/skills/**/SKILL.md' ':(glob)templates/codex/skills/**/SKILL.md'
+git checkout "$SOURCE_BRANCH" -- ':(glob)skills/**/SKILL.md' ':(glob).codex/skills/**/SKILL.md' ':(glob)templates/codex/skills/**/SKILL.md'
 ```
 
 5. Verify scope before commit:
@@ -46,7 +47,7 @@ git diff --name-only
 6. Commit and merge back to base using guardex finish flow:
 
 ```sh
-git add .codex/skills templates/codex/skills
+git add skills .codex/skills templates/codex/skills
 git commit -m "Merge skill file updates into ${BASE_BRANCH}"
 gx branch finish --branch "$(git rev-parse --abbrev-ref HEAD)" --base "$BASE_BRANCH" --via-pr --wait-for-merge --cleanup
 ```