@jaggerxtrm/specialists 3.16.0 → 3.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (257) hide show
  1. package/README.md +268 -132
  2. package/config/mandatory-rules/json-only-final-output.md +13 -0
  3. package/config/mandatory-rules/research-tool-routing.md +4 -0
  4. package/config/mandatory-rules/service-skills-diff-scan-mandatory.md +26 -0
  5. package/config/mandatory-rules/service-skills-gitnexus-triage.md +5 -0
  6. package/config/mandatory-rules/test-runner-execution-scope.md +1 -1
  7. package/config/skills/setup-specialists/SKILL.md +556 -0
  8. package/config/skills/specialists-creator/SKILL.md +160 -5
  9. package/config/skills/specialists-creator/scripts/audit-spec-uniformity.mjs +1 -1
  10. package/config/skills/using-specialists-auto/SKILL.md +1 -1
  11. package/config/skills/using-specialists-v2/SKILL.md +7 -7
  12. package/config/skills/using-specialists-v3/SKILL.md +223 -147
  13. package/config/specialists/bare.specialist.json +3 -3
  14. package/config/specialists/changelog-drafter.specialist.json +9 -6
  15. package/config/specialists/changelog-keeper.specialist.json +10 -7
  16. package/config/specialists/debugger.specialist.json +8 -6
  17. package/config/specialists/executor.specialist.json +9 -7
  18. package/config/specialists/explorer.specialist.json +8 -6
  19. package/config/specialists/memory-processor.specialist.json +7 -5
  20. package/config/specialists/node-coordinator.specialist.json +7 -5
  21. package/config/specialists/obligations-scanner.specialist.json +149 -0
  22. package/config/specialists/overthinker.specialist.json +7 -5
  23. package/config/specialists/planner.specialist.json +8 -6
  24. package/config/specialists/quant-methodologist.specialist.json +145 -0
  25. package/config/specialists/quant-researcher.specialist.json +144 -0
  26. package/config/specialists/researcher.specialist.json +14 -9
  27. package/config/specialists/reviewer.specialist.json +11 -9
  28. package/config/specialists/seconder.specialist.json +170 -0
  29. package/config/specialists/security-auditor.specialist.json +6 -4
  30. package/config/specialists/service-skills-sync.specialist.json +93 -0
  31. package/config/specialists/specialists-creator.specialist.json +9 -7
  32. package/config/specialists/sync-docs.specialist.json +6 -4
  33. package/config/specialists/test-engineer.specialist.json +134 -0
  34. package/config/specialists/test-runner.specialist.json +11 -9
  35. package/config/specialists/transcriber.specialist.json +59 -0
  36. package/config/specialists/xt-merge.specialist.json +7 -5
  37. package/dist/asset-contract.json +39 -8
  38. package/dist/index.js +37083 -26912
  39. package/dist/lib.js +9850 -6147
  40. package/dist/types/cli/console/components.d.ts +83 -0
  41. package/dist/types/cli/console/components.d.ts.map +1 -0
  42. package/dist/types/cli/console/config-source.d.ts +58 -0
  43. package/dist/types/cli/console/config-source.d.ts.map +1 -0
  44. package/dist/types/cli/console/forensic.d.ts +11 -0
  45. package/dist/types/cli/console/forensic.d.ts.map +1 -0
  46. package/dist/types/cli/console/git.d.ts +28 -0
  47. package/dist/types/cli/console/git.d.ts.map +1 -0
  48. package/dist/types/cli/console/help.d.ts +2 -0
  49. package/dist/types/cli/console/help.d.ts.map +1 -0
  50. package/dist/types/cli/console/log.d.ts +13 -0
  51. package/dist/types/cli/console/log.d.ts.map +1 -0
  52. package/dist/types/cli/console/repo-config.d.ts +26 -0
  53. package/dist/types/cli/console/repo-config.d.ts.map +1 -0
  54. package/dist/types/cli/console/repo-discovery.d.ts +12 -0
  55. package/dist/types/cli/console/repo-discovery.d.ts.map +1 -0
  56. package/dist/types/cli/console/runtime.d.ts +12 -0
  57. package/dist/types/cli/console/runtime.d.ts.map +1 -0
  58. package/dist/types/cli/console/subscribe-prototype.d.ts +18 -0
  59. package/dist/types/cli/console/subscribe-prototype.d.ts.map +1 -0
  60. package/dist/types/cli/console/theme.d.ts +91 -0
  61. package/dist/types/cli/console/theme.d.ts.map +1 -0
  62. package/dist/types/cli/console/types.d.ts +231 -0
  63. package/dist/types/cli/console/types.d.ts.map +1 -0
  64. package/dist/types/cli/console/view-model.d.ts +252 -0
  65. package/dist/types/cli/console/view-model.d.ts.map +1 -0
  66. package/dist/types/cli/console.d.ts +2 -0
  67. package/dist/types/cli/console.d.ts.map +1 -0
  68. package/dist/types/cli/db.d.ts.map +1 -1
  69. package/dist/types/cli/doctor.d.ts.map +1 -1
  70. package/dist/types/cli/edit.d.ts.map +1 -1
  71. package/dist/types/cli/epic.d.ts.map +1 -1
  72. package/dist/types/cli/feed.d.ts.map +1 -1
  73. package/dist/types/cli/forensic.d.ts +2 -0
  74. package/dist/types/cli/forensic.d.ts.map +1 -0
  75. package/dist/types/cli/format-helpers.d.ts +4 -2
  76. package/dist/types/cli/format-helpers.d.ts.map +1 -1
  77. package/dist/types/cli/help.d.ts.map +1 -1
  78. package/dist/types/cli/init.d.ts +10 -0
  79. package/dist/types/cli/init.d.ts.map +1 -1
  80. package/dist/types/cli/list.d.ts.map +1 -1
  81. package/dist/types/cli/log.d.ts +2 -0
  82. package/dist/types/cli/log.d.ts.map +1 -0
  83. package/dist/types/cli/metrics.d.ts +2 -0
  84. package/dist/types/cli/metrics.d.ts.map +1 -0
  85. package/dist/types/cli/ps.d.ts.map +1 -1
  86. package/dist/types/cli/result.d.ts.map +1 -1
  87. package/dist/types/cli/resume.d.ts.map +1 -1
  88. package/dist/types/cli/run.d.ts +1 -0
  89. package/dist/types/cli/run.d.ts.map +1 -1
  90. package/dist/types/cli/script.d.ts +3 -0
  91. package/dist/types/cli/script.d.ts.map +1 -1
  92. package/dist/types/cli/serve.d.ts.map +1 -1
  93. package/dist/types/cli/setup.d.ts +19 -1
  94. package/dist/types/cli/setup.d.ts.map +1 -1
  95. package/dist/types/cli/status.d.ts.map +1 -1
  96. package/dist/types/cli/steer.d.ts.map +1 -1
  97. package/dist/types/cli/version-check.d.ts +1 -0
  98. package/dist/types/cli/version-check.d.ts.map +1 -1
  99. package/dist/types/index.d.ts +1 -1
  100. package/dist/types/pi/session.d.ts +11 -1
  101. package/dist/types/pi/session.d.ts.map +1 -1
  102. package/dist/types/server.d.ts +15 -0
  103. package/dist/types/server.d.ts.map +1 -1
  104. package/dist/types/specialist/benchmarks.d.ts +37 -0
  105. package/dist/types/specialist/benchmarks.d.ts.map +1 -0
  106. package/dist/types/specialist/chain-identity.d.ts +7 -1
  107. package/dist/types/specialist/chain-identity.d.ts.map +1 -1
  108. package/dist/types/specialist/control.d.ts.map +1 -1
  109. package/dist/types/specialist/forensic-events.d.ts +138 -0
  110. package/dist/types/specialist/forensic-events.d.ts.map +1 -0
  111. package/dist/types/specialist/forensic-renderer.d.ts +34 -0
  112. package/dist/types/specialist/forensic-renderer.d.ts.map +1 -0
  113. package/dist/types/specialist/git-diff-evidence.d.ts +28 -0
  114. package/dist/types/specialist/git-diff-evidence.d.ts.map +1 -0
  115. package/dist/types/specialist/global-config.d.ts +389 -0
  116. package/dist/types/specialist/global-config.d.ts.map +1 -0
  117. package/dist/types/specialist/job-file-output.d.ts +2 -0
  118. package/dist/types/specialist/job-file-output.d.ts.map +1 -1
  119. package/dist/types/specialist/launch.d.ts +1 -0
  120. package/dist/types/specialist/launch.d.ts.map +1 -1
  121. package/dist/types/specialist/live-aggregates.d.ts +46 -0
  122. package/dist/types/specialist/live-aggregates.d.ts.map +1 -0
  123. package/dist/types/specialist/loader.d.ts +50 -1
  124. package/dist/types/specialist/loader.d.ts.map +1 -1
  125. package/dist/types/specialist/model-chain.d.ts +7 -0
  126. package/dist/types/specialist/model-chain.d.ts.map +1 -0
  127. package/dist/types/specialist/model-probes.d.ts +28 -0
  128. package/dist/types/specialist/model-probes.d.ts.map +1 -0
  129. package/dist/types/specialist/node-contract.d.ts +18 -18
  130. package/dist/types/specialist/node-supervisor.d.ts.map +1 -1
  131. package/dist/types/specialist/observability-db.d.ts +1 -1
  132. package/dist/types/specialist/observability-db.d.ts.map +1 -1
  133. package/dist/types/specialist/observability-sqlite.d.ts +25 -0
  134. package/dist/types/specialist/observability-sqlite.d.ts.map +1 -1
  135. package/dist/types/specialist/preset-resolver.d.ts +56 -0
  136. package/dist/types/specialist/preset-resolver.d.ts.map +1 -0
  137. package/dist/types/specialist/prometheus-projection.d.ts +25 -0
  138. package/dist/types/specialist/prometheus-projection.d.ts.map +1 -0
  139. package/dist/types/specialist/runner.d.ts +29 -1
  140. package/dist/types/specialist/runner.d.ts.map +1 -1
  141. package/dist/types/specialist/schema.d.ts +181 -63
  142. package/dist/types/specialist/schema.d.ts.map +1 -1
  143. package/dist/types/specialist/script-runner.d.ts +5 -1
  144. package/dist/types/specialist/script-runner.d.ts.map +1 -1
  145. package/dist/types/specialist/snapshot-diff.d.ts +8 -0
  146. package/dist/types/specialist/snapshot-diff.d.ts.map +1 -0
  147. package/dist/types/specialist/source-queue.d.ts +13 -0
  148. package/dist/types/specialist/source-queue.d.ts.map +1 -0
  149. package/dist/types/specialist/supervisor.d.ts +39 -2
  150. package/dist/types/specialist/supervisor.d.ts.map +1 -1
  151. package/dist/types/specialist/timeline-events.d.ts +88 -2
  152. package/dist/types/specialist/timeline-events.d.ts.map +1 -1
  153. package/dist/types/tools/specialist/resume_specialist.tool.d.ts +4 -4
  154. package/dist/types/tools/specialist/specialist_status.tool.d.ts +1 -1
  155. package/dist/types/tools/specialist/steer_specialist.tool.d.ts +4 -4
  156. package/dist/types/tools/specialist/use_specialist.tool.d.ts +16 -16
  157. package/docs/ARCHITECTURE.md +1176 -0
  158. package/docs/TODO.md +9 -0
  159. package/docs/architecture.md +11 -0
  160. package/docs/archive/2026-03-13-bd-decision-context-template-plan.md +96 -0
  161. package/docs/archive/AGENT-HANDOFF.md +351 -0
  162. package/docs/archive/PARITY-ANALYSIS.md +296 -0
  163. package/docs/archive/SPECIALISTS_REFACTOR.md.md +30 -0
  164. package/docs/archive/cc-programmatic.md +216 -0
  165. package/docs/archive/claude-agent-sdk.md +594 -0
  166. package/docs/archive/decision-specialist-directory.md +41 -0
  167. package/docs/archive/discoveries.md +148 -0
  168. package/docs/archive/executor-benchmark-protocol.md +198 -0
  169. package/docs/archive/future-features.md +66 -0
  170. package/docs/archive/gzrx-completion-critique.md +183 -0
  171. package/docs/archive/gzrx-research-notes.md +401 -0
  172. package/docs/archive/gzrx-tool-catalog.md +760 -0
  173. package/docs/archive/iron-review-hardening-qa-chain-substrate.md +322 -0
  174. package/docs/archive/iron-review-hardening.html +1004 -0
  175. package/docs/archive/issuetracking.md +312 -0
  176. package/docs/archive/qa-v3.0.2.md +220 -0
  177. package/docs/archive/restructure.md +231 -0
  178. package/docs/archive/script-specialists.md +1254 -0
  179. package/docs/archive/spec-v3.md +792 -0
  180. package/docs/archive/specialist-stats.md +127 -0
  181. package/docs/archive/specialists-friction-audit.md +1347 -0
  182. package/docs/archive/specialists-runtime-critique.md +170 -0
  183. package/docs/archive/specialists-service-evaluation.md +713 -0
  184. package/docs/archive/specialists-substrate-alignment.md +255 -0
  185. package/docs/archive/substrate-review.md +1288 -0
  186. package/docs/archive/test-writer-specialist.md +254 -0
  187. package/docs/archive/using-specialists-v3-improvements-2026-05-09.md +600 -0
  188. package/docs/archive/xtrm-specialists-analysis.md +314 -0
  189. package/docs/authoring.md +701 -0
  190. package/docs/background-jobs.md +203 -0
  191. package/docs/bare-specialists.md +83 -0
  192. package/docs/benchmarks/executor-benchmark-runner.md +66 -0
  193. package/docs/bootstrap.md +161 -0
  194. package/docs/cli-reference.md +1645 -0
  195. package/docs/deploying-alongside.md +155 -0
  196. package/docs/design/README.md +36 -0
  197. package/docs/design/darth-feedor-migration.md +290 -0
  198. package/docs/design/roadmap/README.md +32 -0
  199. package/docs/design/roadmap/chain-templates/README.md +146 -0
  200. package/docs/design/roadmap/chain-templates/code-quick.formula.json +27 -0
  201. package/docs/design/roadmap/chain-templates/code-standard.formula.json +126 -0
  202. package/docs/design/roadmap/chain-templates/code-with-advisors.formula.json +128 -0
  203. package/docs/design/roadmap/chain-templates/code-with-tests.formula.json +76 -0
  204. package/docs/design/roadmap/chain-templates/debug.formula.json +128 -0
  205. package/docs/design/roadmap/chain-templates/doc-sync.formula.json +28 -0
  206. package/docs/design/roadmap/chain-templates/memory-hygiene.formula.json +27 -0
  207. package/docs/design/roadmap/chain-templates/planning.formula.json +27 -0
  208. package/docs/design/roadmap/chain-templates/premortem.formula.json +26 -0
  209. package/docs/design/roadmap/chain-templates/release-prep.formula.json +36 -0
  210. package/docs/design/roadmap/chain-templates/research-only.formula.json +28 -0
  211. package/docs/design/roadmap/chain-templates/restitch.formula.json +125 -0
  212. package/docs/design/roadmap/chain-templates/security-deep.formula.json +161 -0
  213. package/docs/design/roadmap/chain-templates/test-only.formula.json +52 -0
  214. package/docs/design/roadmap/chain-templates/triage.formula.json +35 -0
  215. package/docs/design/roadmap/history/handoff-from-substrate-design.md +87 -0
  216. package/docs/design/roadmap/history/substrate-reconciliation.md +105 -0
  217. package/docs/design/roadmap/specialists-roadmap.md +1193 -0
  218. package/docs/design/sp-console-subscribe-via-materializer.md +231 -0
  219. package/docs/design/sp-console-tui-mock-v2.html +293 -0
  220. package/docs/design/sp-console-tui-mock.html +120 -0
  221. package/docs/design/sp-console-tui.md +340 -0
  222. package/docs/design/specialist-agentops-suite.md +323 -0
  223. package/docs/design/substrate/channels.md +14 -0
  224. package/docs/design/substrate/devops-platform-engineering-prd.md +446 -0
  225. package/docs/design/substrate/html-design-example.md +339 -0
  226. package/docs/design/xtrm-tiers-architecture.svg +132 -0
  227. package/docs/devops/dependency-verdict-materialization.md +46 -0
  228. package/docs/epic-readiness.md +75 -0
  229. package/docs/examples/mercury-atomic-summarizer.specialist.json +26 -0
  230. package/docs/examples/smoke-echo-text-expected-keys.specialist.json +25 -0
  231. package/docs/examples/smoke-echo.specialist.json +25 -0
  232. package/docs/features.md +1577 -0
  233. package/docs/hooks.md +81 -0
  234. package/docs/installation.md +142 -0
  235. package/docs/manifest.md +184 -0
  236. package/docs/mcp-servers.md +73 -0
  237. package/docs/mcp-tools.md +71 -0
  238. package/docs/nodes.md +231 -0
  239. package/docs/observability-metrics.md +152 -0
  240. package/docs/operator/sp-console-v2-walkthrough.md +410 -0
  241. package/docs/overrides-guide.md +306 -0
  242. package/docs/pi-rpc-boundary.md +118 -0
  243. package/docs/pi-session.md +195 -0
  244. package/docs/release.md +22 -0
  245. package/docs/skills.md +132 -0
  246. package/docs/specialists/handoff-schema.md +181 -0
  247. package/docs/specialists-catalog.md +99 -0
  248. package/docs/specialists-service-install.md +226 -0
  249. package/docs/specialists-service.md +363 -0
  250. package/docs/surface-ownership.md +138 -0
  251. package/docs/upgrade-notes/kan-90-global-user-config.md +114 -0
  252. package/docs/upgrade-notes/kan-91-expanded-overrides.md +261 -0
  253. package/docs/workflow.md +114 -0
  254. package/docs/worktree.md +71 -0
  255. package/docs/worktrees.md +309 -0
  256. package/package.json +17 -12
  257. package/config/specialists/code-sanity.specialist.json +0 -108
@@ -7,7 +7,7 @@ description: >
7
7
  security checks, multi-step chains, integration-phase reconciliation,
8
8
  debugger-restitch on conflicting chains, pre-dispatch conflict-cluster
9
9
  mapping, test-failure-map epics, and questions about specialist workflow.
10
- version: 3.4
10
+ version: 3.5
11
11
  ---
12
12
 
13
13
  # Using Specialists v3
@@ -82,7 +82,7 @@ You are an orchestrator, not a hero. Move slowly enough to be correct.
82
82
  - Re-read the bead before dispatch. If you cannot defend each contract field out loud, the bead is not ready.
83
83
  - Never dispatch a chain you cannot describe end-to-end (which specialist, which bead, which workspace, which merge target).
84
84
  - Verify worktree and job state before and after each dispatch with `sp ps` and `git worktree list`. Drift is silent until merge.
85
- - Treat reviewer `PARTIAL` and code-sanity `FINDINGS` as mandatory fix loops, not advisory noise.
85
+ - Treat reviewer `PARTIAL` and seconder `FINDINGS` as mandatory fix loops, not advisory noise.
86
86
  - When unsure, prefer extra explorer/debugger passes over an over-eager executor. Wrong code merged is more expensive than slow research.
87
87
 
88
88
  ## Project-Specific Specialists
@@ -94,32 +94,52 @@ Users define their own specialists in `.specialists/user/*.specialist.json` to f
94
94
  - Pick the project-specific specialist when its role matches the task shape. Do not fall back to a generic role just because it is more familiar.
95
95
  - If the task does not match any project-specific role, use the package default and consider whether a new project-specific specialist would help (use `specialists-creator` skill).
96
96
 
97
- ## Advisory Passes Are Part Of Every Chain
97
+ ## Mandatory Gates: Seconder, Obligations, Security (Iron-style)
98
98
 
99
- For any substantive diff, the chain shape is:
99
+ For any substantive production diff, the chain shape is the canonical pipeline from [`docs/design/chain-templates.md` §2](../../../docs/design/chain-templates.md#2-the-canonical-pipeline):
100
100
 
101
101
  ```
102
- executor → code-sanity (if smell) → security-auditor (if risk surface) → reviewer → merge
102
+ writer (executor/debugger)seconder → test-engineer test-runner → security-auditor (if surface) → obligations-scanner → reviewer → Release Checklist
103
103
  ```
104
104
 
105
- Triggers:
105
+ Reviewer consumes final QA evidence together with Iron gates: test-engineer output, test-runner classification, smoke/E2E proof, telemetry/log assertions, obligations-scanner, and security-auditor when applicable.
106
106
 
107
- - `code-sanity` cheap simplification and type-safety screen. Run when diff smells overcomplicated, brittle, or duplicates logic. Output is advisory; reviewer still gates merge.
108
- - `security-auditor` — scan-only risk surface review. Run when diff touches auth, secrets, input handling (user/network/file), dependency lockfiles, agent/MCP/config surfaces, or token-storage paths. Output is advisory; executor applies fixes.
109
- - Both run with their own bead and `--job <exec-job>` so they enter the executor workspace.
107
+ `seconder`, `test-engineer`, `test-runner`, `obligations-scanner`, and `reviewer` are mandatory on production diffs (shipped via Opp 14 / `unitAI-sfwe1` + Opp 15 / `unitAI-4e194`). `security-auditor` is mandatory when the diff touches a sensitive surface. Reviewer follows canon §2.2 SCRUTINY as a chain-property, not reviewer input.
110
108
 
111
- Routing patterns (cross-referenced from Integration / Restitch / E2E sections):
109
+ ### Seconder Gate `seconder`
112
110
 
113
- - **Cherry-pick integration**: advisory passes run on the last executor job in each chain BEFORE the squash-commit step.
114
- - **Debugger-restitch**: advisory passes run on the debugger's job AFTER the restitch turn, BEFORE reviewer.
115
- - **E2E smoke phase**: security-auditor runs on the cumulative integrated diff if any landed chain touched a sensitive surface, BEFORE smoke completes.
116
- - **Reviewer rebuttal**: code-sanity / security-auditor findings count as legitimate evidence to support or rebut a reviewer verdict.
111
+ Mandatory READ_ONLY scope/compliance + smell/type-safety/simplicity dual-verdict gate (canon §2.3). Every change gets one cheap second pair of eyes before QA and reviewer. If `overall_verdict` is FAIL or UNCLEAR where not allowed, route back to writer.
117
112
 
118
- Skipping triggers:
113
+ - Skip permitted ONLY for: test-only diffs (entirely under `test/`, `tests/`, `__tests__/`, `*.spec.*`, `*.test.*`, `*.fixture.*`) or new-file-only diffs (no modifications to existing symbols).
114
+ - Any other skip = escalation event. Small diffs hide the worst regressions.
119
115
 
120
- - Diff is purely additive (new files only, no existing-symbol modifications) → advisory passes optional; note new-file scope in the chain handoff.
121
- - Test-only diffs (entirely under `test/` or `tests/`) → skip security-auditor by default; still run code-sanity if test logic is non-trivial.
122
- - Anything else, skipping is an escalation event — never skip security-auditor on auth/secrets/input changes "because the diff looks small." Small diffs hide the worst regressions.
116
+ ### Obligations Gate `obligations-scanner`
117
+
118
+ Mandatory READ_ONLY marker scan. Catches new TODO/FIXME/HACK/XXX/TEMP/WIP/NOTE(release) in production code that would otherwise leak unaccounted. Cheap (<30s, gpt-5.4-mini, bare).
119
+
120
+ - Accepts structured `// TODO(<bead-id>): reason` markers if the linked bead exists and is in current bead's NON_GOALS.
121
+ - Rejects unstructured markers in production code → reviewer issues PARTIAL "obligation: must resolve or accept".
122
+ - Markers under test/fixture/mock/e2e/docs paths are noted but never block.
123
+
124
+ The scanner produces JSON; the reviewer consumes its output directly via job feed.
125
+
126
+ ### Security Gate — `security-auditor`
127
+
128
+ Mandatory when diff touches: auth, secrets, input handling (user/network/file), dependency lockfiles, agent/MCP/config surfaces, token-storage paths, migrations, permissions/hooks. Scan-only; recommendations only; executor applies fixes.
129
+
130
+ - Never skip on sensitive-surface diff "because the diff looks small."
131
+ - Auto-triggered by reviewer's SCRUTINY auto-escalation table when surface patterns match.
132
+
133
+ ### Dispatch mechanics for all three gates
134
+
135
+ All run with their own bead and `--job <exec-job>` so they enter the executor workspace.
136
+
137
+ Routing across chain phases:
138
+
139
+ - **Per-chain dispatch**: gates run on the chain's job in canon order: seconder → test-engineer → test-runner → security-auditor (if surface) → obligations-scanner → reviewer. Seconder FAIL/UNCLEAR routes back to writer; test-runner misclassifications route to test-engineer or writer per canon §2.5.
140
+ - **Debugger-restitch**: same gate order on the debugger's job AFTER the restitch turn, BEFORE reviewer.
141
+ - **E2E smoke phase**: cross-cutting security-auditor on cumulative integrated diff if any landed chain touched a sensitive surface.
142
+ - **Reviewer rebuttal**: seconder OK and security-auditor "no findings" are legitimate evidence in reviewer rebuttals (cite the advisory job id).
123
143
 
124
144
  ## Monitoring Long-Running Jobs: Sleep Timers Are Mandatory
125
145
 
@@ -137,7 +157,7 @@ Then cycle sleeps based on average completion time per role, checking `sp ps` ea
137
157
  | Role | Typical duration | Initial sleep cycle |
138
158
  |------|------------------|---------------------|
139
159
  | sync-docs, changelog-keeper | 60–180s | `sleep 60` then `sleep 60` |
140
- | code-sanity, security-auditor | 60–180s | `sleep 60` then `sleep 60` |
160
+ | seconder, security-auditor | 60–180s | `sleep 60` then `sleep 60` |
141
161
  | reviewer | 90–240s | `sleep 90` then `sleep 60` |
142
162
  | explorer, debugger, planner, overthinker | 120–300s | `sleep 120` then `sleep 90` |
143
163
  | executor | 180–600s+ | `sleep 180` then `sleep 120` |
@@ -154,7 +174,7 @@ You are not "done" until every dispatched job is `completed` or `failed` and con
154
174
 
155
175
  ## Worktree Cleanup After Merge
156
176
 
157
- `sp merge` and `sp epic merge` clean up automatically when they succeed. If you fall back to manual `git merge` (e.g., doc-only chains), you own cleanup.
177
+ Merge is now manual (see `Merge And Publication` below). You own cleanup after every merge.
158
178
 
159
179
  After every merge, verify:
160
180
 
@@ -164,14 +184,14 @@ sp ps # any leftover jobs?
164
184
  git worktree prune # drop stale worktree metadata
165
185
  ```
166
186
 
167
- If a feature/epic worktree remains after merge, remove it explicitly:
187
+ Always remove the merged feature/epic worktree explicitly:
168
188
 
169
189
  ```bash
170
190
  git worktree remove <path>
171
- git branch -d <merged-branch> # only after confirming merged
191
+ git branch -d <merged-branch> # only after confirming merged into target
172
192
  ```
173
193
 
174
- `sp ps` must have no active jobs and no unresolved terminal problems before session close. If it only shows old terminal history that you have intentionally acknowledged, run `sp clean --ps --dry-run` and then `sp clean --ps` to soft-hide those rows from the default dashboard. This does not delete SQLite history or change job status; use `sp ps --include-cleaned` or `sp ps --all` for audit visibility. Stale worktrees and stale jobs both block future dispatches via the stale-base guard.
194
+ `sp ps` must have no active jobs and no unresolved terminal problems before session close. If it only shows old terminal history that you have intentionally acknowledged, run `sp clean --ps --dry-run` and then `sp clean --ps` to soft-hide those rows from the default dashboard. This does not delete SQLite history or change job status; use `sp ps --include-cleaned` or `sp ps --all` for audit visibility. Stale worktrees and stale jobs both block future dispatches.
175
195
 
176
196
  ## When To Delegate
177
197
 
@@ -189,11 +209,12 @@ Do small deterministic edits directly when scope is already obvious and delegati
189
209
  6. Executor starts only when scope, constraints, and validation are clear.
190
210
  7. Reviewer uses its own bead and executor workspace via `--job <exec-job>`.
191
211
  8. Keep executor/debugger jobs alive through review so they can be resumed.
192
- 9. Merge specialist-owned work with `sp merge` or `sp epic merge`, not manual `git merge`.
212
+ 9. Merge specialist-owned work via the documented manual git workflow (Cherry-Pick Playbook / FF / `git merge --no-ff`). Do NOT use `sp merge` or `sp epic merge` — both are known broken and awaiting a separate rework epic. The skill does not document their usage; if you find them in `sp help` output, ignore.
193
213
  10. Specialists must not perform destructive or irreversible operations.
194
214
  11. Treat tests as evidence: classify failures as in-scope, pre-existing, or infrastructure before starting fix loop.
195
215
  12. Drive routine stages autonomously once task is clear. Escalate only for human judgment, destructive actions, repeated crashes, or reviewer `FAIL`.
196
- 13. The orchestrator NEVER edits code directly. Conflict resolution, even mechanical, goes through a debugger or executor specialist. Manual conflict resolution always escalates to the operator.
216
+ 13. The orchestrator NEVER edits code directly. Conflict resolution, even mechanical, goes through a debugger or executor specialist. Manual conflict resolution always escalates to the operator. (Exception: epics that explicitly restructure the specialists themselves — bootstrapping via the specialists they restructure is circular. Such epics are operator-authorized manual-orchestrator-direct work and must say so up-front.)
217
+ 14. Before dispatching any chain whose work depends on prior chain output, verify git state per the Git State Precondition section: `git status` clean, HEAD contains prior chain commits, no orphaned worktrees. Stale-base dispatch produces guaranteed debugger-restitch loops downstream.
197
218
 
198
219
  ## Escalation Matrix
199
220
 
@@ -206,9 +227,12 @@ Do small deterministic edits directly when scope is already obvious and delegati
206
227
  | Branch delete | Never | Always |
207
228
  | Stash pop where conflict expected | Auto | Stash conflict that destroys session-start state |
208
229
  | `bd dolt fsck --revive-journal-with-data-loss` | Never | Always — explicit data-loss warning |
209
- | `sp epic merge` | Auto if all children PASSed | Skip if any child reviewer-FAILed |
210
- | Skip `code-sanity` on substantive diff | Auto-skip only on test-only or new-file-only diffs | Always escalate before skipping on multi-file production diff |
211
- | Skip `security-auditor` on diff touching auth/secrets/input/agent-config | Never | Always — sensitive-surface diffs always get the pass |
230
+ | `sp merge` / `sp epic merge` | Never (prohibited per rule #9; both known broken) | Always if you reach for these, stop and use manual git workflow |
231
+ | Skip `seconder` (mandatory seconder) on production diff | Auto-skip only on test-only or new-file-only diffs | Always escalate on any other skip seconder OK is reviewer pre-condition |
232
+ | Skip `obligations-scanner` on production diff | Auto-skip only on test-only or new-file-only diffs | Always escalate on any other skip |
233
+ | Skip `security-auditor` on diff touching auth/secrets/input/agent-config/lockfiles/migrations | Never | Always — sensitive-surface diffs always get the pass |
234
+ | Manual merge with conflicts | Never auto-resolve | Always escalate to operator (rule #13) |
235
+ | Dispatch chain on stale base (HEAD lacks prior chain commit) | Never | Always — fix base first per Git State Precondition |
212
236
  | `sp stop <job>` | Auto when job is done/stale | Never on actively-running unless context blown |
213
237
  | `git push origin <branch>` | Auto for chain branches | Force-push or delete-remote always |
214
238
  | `npm publish` | Never | Always |
@@ -234,12 +258,9 @@ sp result --help
234
258
  sp resume --help
235
259
  sp steer --help
236
260
  sp stop --help
237
- sp finalize --help
238
- sp merge --help
239
- sp epic --help
240
261
  ```
241
262
 
242
- Do not rely on stale remembered flags when help is available.
263
+ Do not rely on stale remembered flags when help is available. (Omitted: `sp finalize`, `sp merge`, `sp epic` — see rule #9. They exist in the binary but the skill prohibits their use.)
243
264
 
244
265
  ## Writing Bead Contracts Well
245
266
 
@@ -279,6 +300,59 @@ Fix three bad smells fast:
279
300
 
280
301
  What differs: orchestrator writes contract before dispatch, so specialist does less guessing and more useful work.
281
302
 
303
+ ## SCRUTINY taxonomy (Iron-style)
304
+
305
+ `SCRUTINY` is a chain-property from canon §2.2, not reviewer input and not a quality tier. Every substantive bead must declare it at creation. It modulates chain structure only; quality stays invariant. New beads without it are invalid unless read-only / none-chain work.
306
+
307
+ ```
308
+ SCRUTINY: none | low | medium | high | critical
309
+ ```
310
+
311
+ | Level | Chain-structure modulation | When to use |
312
+ |---|---|---|
313
+ | `none` | Read-only / design chains only. No production-diff pipeline. | planning, premortem, research-only, triage, doc-sync, memory-hygiene |
314
+ | `low` | Minimal production diff. Keep pipeline light. | tiny isolated fixes |
315
+ | `medium` | Default production-diff chain. | most implementation beads |
316
+ | `high` | Heavier review / evidence floor. | cross-cutting, boundary, public API, persistence, orchestration |
317
+ | `critical` | Max structural gating. | auth, money, irreversible state, security-sensitive work |
318
+
319
+ Floor rule: author sets the minimum; dispatcher/reviewer can raise it on sensitive surfaces per canon §2.4, never lower it.
320
+
321
+ Cross-ref: [`docs/design/chain-templates.md` §2.2](../../../docs/design/chain-templates.md#22-scrutiny-is-a-chain-property--it-modulates-structure-not-quality), [`§2.3`](../../../docs/design/chain-templates.md#23-roles-in-the-canonical-pipeline), [`§2.5`](../../../docs/design/chain-templates.md#25-the-behavioral-validation-contract), [`§2.6`](../../../docs/design/chain-templates.md#26-the-release-checklist), roadmap Opp 15.
322
+
323
+ ## Git State Precondition (before any chain dispatch)
324
+
325
+ Specialist worktrees fork from the current HEAD of the orchestrator's branch at dispatch time. If prior chain edits aren't merged in yet, the new chain works on a stale base, will conflict at integration, and debugger-restitch becomes mandatory. The fix is upstream: don't dispatch until prior work has landed.
326
+
327
+ Required pre-flight before dispatching any chain that depends on prior chain output:
328
+
329
+ ```bash
330
+ # 1. Working tree clean — no uncommitted edits to inherit or lose
331
+ git status # MUST report "working tree clean"
332
+
333
+ # 2. HEAD contains prior chain's work
334
+ git log -1 --oneline # confirm latest commit
335
+ git log main..HEAD --oneline # confirm prior chain branch merged in
336
+
337
+ # 3. No orphaned worktrees from prior chains
338
+ git worktree list # all prior chain worktrees should be removed
339
+ git worktree prune # drop stale metadata
340
+
341
+ # 4. If on an integration branch
342
+ git log integration/<date>..HEAD # MUST be empty (in sync with integration target)
343
+ ```
344
+
345
+ Decision rule: if any of the four checks fail, finish the merge/commit/cleanup first. Do not dispatch. A specialist forked from a stale base produces conflict work that costs more turns than the time saved by dispatching early.
346
+
347
+ Strictness by scenario:
348
+
349
+ | Scenario | Strictness |
350
+ |---|---|
351
+ | Sequential chains where child.B depends on child.A's edits | **Strict.** child.A merged before child.B dispatch. |
352
+ | Parallel chains in same epic with disjoint file scopes | Relaxed. Each dispatches off the shared base; integration reconciles. |
353
+ | Chain after orchestrator-direct edit (rule #13 exception epics) | **Strict.** Orchestrator commits + pushes their direct edits before dispatching any dependent chain. |
354
+ | Standalone chain (no upstream dependency) | Relaxed. Just `git status` clean. |
355
+
282
356
  ## Dependency Linking And Relationship Vocabulary
283
357
 
284
358
  Link beads with correct edge shape. The edge tells orchestrator what blocks execution, what only preserves context, which bead verifies another, and which issue has been replaced. Do not overload `blocks` for follow-ups, root-cause links, verification pairs, duplicates, or restitch replacements.
@@ -292,7 +366,7 @@ Core commands:
292
366
  - `bd create --parent <epic-id>`: epic-child edge; auto-names child `.1`, `.2`, … and adds parent ownership. Use for chain members that must live under an epic. [source: bd create --help]
293
367
  - `bd create --deps discovered-from:<id>` or `bd dep add <new> <source> --type discovered-from`: follow-up work discovered from a source bead.
294
368
  - `bd duplicate <new> --of <canonical>`: close duplicate issue and point at canonical. Use when two beads describe the same required work.
295
- - `bd duplicates` / `bd find-duplicates --status open --method mechanical --json`: cheap duplicate prefilter before dispatching parallel chains. For semantic clustering, use the `issue-triage` skill path (mechanical prefilter + bv graph signals + explorer/GitNexus overlap + overthinker recommendations), not `bd --method ai`.
369
+ - `bd duplicates` / `bd find-duplicates --status open --method ai --json`: find exact or semantic duplicates before dispatching parallel chains.
296
370
  - `bd supersede <old> --with <new>` or `bd dep add <new> <old> --type supersedes`: mark a replacement when a better-scoped fix bead replaces an obsolete/abandoned one.
297
371
  - `bd dep cycles`, `bd dep tree <id>`, and `bd graph <id>`: sanity-check the execution graph before merge/publication.
298
372
 
@@ -307,7 +381,7 @@ Relationship vocabulary for specialist chains:
307
381
  | `discovered-from` | Reviewer, debugger, explorer, or test-runner surfaces new follow-up work from a run. | `bd dep add <follow-up> <reviewer-bead> --type discovered-from` |
308
382
  | `until` | Time-bounded or event-bounded precondition that blocks only until a stated condition lands. | `bd dep add <chain> <precondition> --type until` |
309
383
  | `caused-by` | Failure bead points to the root-cause bead/cluster that explains it. Makes test-failure-map epics navigable. | `bd dep add <failing-test> <root-cause> --type caused-by` |
310
- | `validates` | Reviewer, test-runner, code-sanity, or security-auditor bead verifies an implementation/debugger bead. | `bd dep add <review> <impl> --type validates` |
384
+ | `validates` | Reviewer, test-runner, seconder, or security-auditor bead verifies an implementation/debugger bead. | `bd dep add <review> <impl> --type validates` |
311
385
  | `relates-to` | Bidirectional context edge for conflict clusters, sibling designs, or rebuttal patterns. Prefer dedicated relate command. | `bd dep relate <chain-a> <chain-b>` |
312
386
  | `supersedes` | New fix/design/restitch bead replaces an older bead that should no longer be executed or merged. Prefer `bd supersede`. | `bd supersede <old> --with <new>` |
313
387
 
@@ -345,58 +419,22 @@ Use each form for a different reason:
345
419
  - `parent-child` / `--parent` for epic ownership and child naming.
346
420
  - `supersedes` / `bd supersede` for replacement work; `duplicate` for same-work issues.
347
421
 
348
- Cross-repo consistency: keep this vocabulary aligned with the xtrm-tools `issue-triage` and `planning` skills; all three should use the same relationship names when creating or rewiring issue graphs.
422
+ Cross-repo consistency: keep this vocabulary aligned with the xtrm-tools triaging skill and sibling triage bead `xtrm-drkk`; both should use the same relationship names when rewiring issue graphs.
349
423
 
350
424
  What differs: orchestrator chooses edge type deliberately, so graph stays correct for chain execution, epic publish, duplicate cleanup, root-cause navigation, verification evidence, and follow-up traceability.
351
425
 
352
- ## Swarm Validation For Epic Readiness
353
-
354
- Use `bd swarm` as graph-level readiness instrumentation for multi-chain epics. It does **not** replace specialists jobs, `sp epic status`, or `sp epic merge`; it validates and summarizes the bead DAG so you know whether the epic is shaped for parallel execution before spending specialist tokens.
355
-
356
- Command surface:
357
-
358
- ```bash
359
- bd swarm validate <epic-id> [--verbose] [--json]
360
- bd swarm status <epic-or-swarm-id> [--json]
361
- bd swarm list [--json]
362
- bd swarm create <epic-id> [--coordinator=<addr>] [--force]
363
- ```
364
-
365
- What each command is for:
366
-
367
- | Command | Use it when | Output / decision |
368
- | --- | --- | --- |
369
- | `bd swarm validate <epic>` | Before launching a multi-chain epic, after graph rewrites, and before `sp epic merge` | Finds dependency-direction mistakes, orphan/disconnected children, cycles, ready fronts, estimated worker sessions, and max parallelism |
370
- | `bd swarm status <epic-or-swarm>` | During orchestration | Shows computed completed / active / ready / blocked groups from live bead state |
371
- | `bd swarm list` | Operator wants all active swarm molecules | Inventory of swarm molecules with epic/progress summary |
372
- | `bd swarm create <epic>` | Operator explicitly wants a swarm molecule/coordinator handoff | Mutates board state; confirm first. If passed a task, bd may auto-wrap it in an epic. |
373
-
374
- Where it fits in orchestration:
375
-
376
- 1. **After planning / before dispatch**: run `bd swarm validate <epic-id> --json` for epics with 3+ children or intended parallel execution. Treat warnings as graph-shaping feedback; fix relationship types or split/merge beads before launching specialists.
377
- 2. **During execution**: use `bd swarm status <epic-id> --json` alongside `sp ps`. `sp ps` tells you job/runtime state; swarm status tells you issue-graph state (ready vs blocked fronts).
378
- 3. **Before publication**: run `bd swarm validate <epic-id>` plus `bd dep cycles` and `sp epic status <epic-id>`. Do not `sp epic merge` if swarm validation reports cycles, disconnected graph, or suspicious dependency direction.
379
- 4. **Optional coordinator handoff**: run `bd swarm create <epic-id> --coordinator=<addr>` only after operator confirmation. Creating a swarm molecule is a tracked mutation, not a default read-only check.
380
-
381
- Example gate before parallel dispatch:
382
-
383
- ```bash
384
- bd dep cycles
385
- bd swarm validate <epic-id> --json > .triage/swarm-<epic-id>.json
386
- sp epic status <epic-id>
387
- ```
388
-
389
- If validation says max parallelism is 1, do not pretend the epic is parallel; dispatch serially or fix the graph. If it reports multiple ready fronts, use that as the wave plan for specialist launches.
390
-
391
426
  ## Bead Contract By Bead Type
392
427
 
393
428
  Use shape that fits specialist.
394
429
 
430
+ > **SCRUTINY field is universal.** Every substantive bead should carry `SCRUTINY: none|low|medium|high|critical` at creation. It is a chain-property, not reviewer behavior; it controls chain structure and gate strictness per the SCRUTINY taxonomy section and canon §2.2. Reviewer may auto-escalate but never lower it. Canon refs: §2.2, §2.3, §2.5, §2.6.
431
+
395
432
  Task/epic bead:
396
433
 
397
434
  ```text
398
435
  PROBLEM: User-facing or project-facing objective.
399
436
  SUCCESS: End-state across all child beads.
437
+ SCRUTINY: none|low|medium|high|critical # required at creation; chain-property, not reviewer input
400
438
  SCOPE: Area of project affected.
401
439
  REFERENCES: Optional files, skills, or docs specialist reads only if work needs them.
402
440
  NON_GOALS: Boundaries for entire effort.
@@ -443,8 +481,9 @@ Executor bead:
443
481
  ```text
444
482
  PROBLEM: Exact behavior or artifact to change.
445
483
  SUCCESS: Observable acceptance criteria.
484
+ SCRUTINY: none|low|medium|high|critical # required at creation; chain-property, not reviewer input
446
485
  SCOPE: Target files/symbols; include do-not-touch boundaries.
447
- NON_GOALS: Related improvements explicitly excluded.
486
+ NON_GOALS: Related improvements explicitly excluded. (Include any accepted in-code obligation markers tracked in follow-up beads.)
448
487
  CONSTRAINTS: API compatibility, style, migrations, safety.
449
488
  VALIDATION: Lint/typecheck/tests or manual checks.
450
489
  OUTPUT: Changed files, verification, residual risks.
@@ -454,12 +493,13 @@ Reviewer bead:
454
493
 
455
494
  ```text
456
495
  PROBLEM: Verify executor output against requirements.
457
- SUCCESS: PASS only if requirements and validation are satisfied.
496
+ SUCCESS: PASS only if requirements + validation + Release Checklist satisfied.
497
+ SCRUTINY: none|low|medium|high|critical # required at creation; chain-property, not reviewer input
458
498
  SCOPE: Executor job, diff, task bead, acceptance criteria.
459
499
  NON_GOALS: Do not rewrite unless explicitly asked.
460
- CONSTRAINTS: Code-review mindset; findings first.
461
- VALIDATION: Run or inspect required checks where feasible.
462
- OUTPUT: PASS/PARTIAL/FAIL with file/line findings.
500
+ CONSTRAINTS: Code-review mindset; findings first; emit Release Checklist.
501
+ VALIDATION: Run or inspect required checks; consume obligations-scanner output.
502
+ OUTPUT: PASS/PARTIAL/FAIL with file/line findings + Release Checklist block.
463
503
  ```
464
504
 
465
505
  Test bead:
@@ -502,9 +542,9 @@ Run `specialists list` if you need live registry. Choose by task, not habit.
502
542
  | Design/tradeoffs | `overthinker` | Approach is risky, ambiguous, or needs critique |
503
543
  | Implementation | `executor` | Contract is clear enough to write code or docs |
504
544
  | Compliance/code review | `reviewer` | Executor/debugger produced changes that need final PASS/PARTIAL/FAIL |
505
- | Implementation sanity | `code-sanity` | Diff smells overcomplicated, brittle, or type-risky |
506
- | Security/dependency audit | `security-auditor` | Need threat modeling, secure-code review, or agent/config security scan |
507
- | Multiple review perspectives | `parallel-review` | Critical diff needs independent review passes |
545
+ | Seconder gate (mandatory) | `seconder` | Production diff fused scope/compliance + quality gate; reviewer pre-condition |
546
+ | Obligations gate (mandatory) | `obligations-scanner` | Production diff scans for unstructured TODO/FIXME/HACK/XXX/TEMP/WIP/NOTE(release) markers |
547
+ | Security/dependency audit | `security-auditor` | Diff touches auth/secrets/input/lockfiles/migrations/agent-config |
508
548
  | Test execution | `test-runner` | Need suites run and failures interpreted |
509
549
  | Docs audit/sync | `sync-docs` | Docs may be stale or need targeted synchronization |
510
550
  | External/live research | `researcher` | Any library/API/framework/CLI question — dispatch BEFORE answering from training data |
@@ -523,6 +563,7 @@ Selection rules:
523
563
  - Sync-docs is for audit/sync; executor is for heavy doc rewrites.
524
564
  - Researcher is for current external info, not repo archaeology. **Dispatch BEFORE answering any library/API/framework/CLI question from training data** — your knowledge is stale by months and APIs drift silently. The cost is one CLI call; the alternative is shipping wrong API usage.
525
565
  - Specialists-creator should precede specialist config/schema edits.
566
+ - `parallel-review` is deprecated — old design that doesn't fit current sp shape. Do not reach for it. Use `overthinker` for independent second opinion or queue a second `reviewer` turn manually if needed.
526
567
 
527
568
  ## Bug Diagnosis Chain
528
569
 
@@ -534,33 +575,33 @@ Default chain:
534
575
  2. **debugger** reproduces the symptom, writes 3–5 falsifiable hypotheses, and tests one variable at a time. Any temporary instrumentation must be tagged `[DEBUG-<id>]` and removed before completion.
535
576
  3. **debugger** applies the minimal root-cause fix on the fault line and verifies via targeted lint/typecheck plus the focused repro.
536
577
  4. **test-runner** reruns the original repro/regression command (full-suite validation is its job, not debugger's).
537
- 5. **code-sanity** runs if the fix smells brittle, overcomplicated, or type-risky. **security-auditor** runs if the fix touches auth/session/secrets/input handling, dependency logic, or agent/MCP/hook config.
578
+ 5. **seconder** runs if the fix smells brittle, overcomplicated, or type-risky. **security-auditor** runs if the fix touches auth/session/secrets/input handling, dependency logic, or agent/MCP/hook config.
538
579
  6. **reviewer** gates the final diff against the bead contract.
539
580
  7. If no correct regression-test seam exists, route the architecture/testability finding to **overthinker** or **planner** — do not force a brittle test just to close the loop.
540
581
 
541
582
  Explorer is useful before diagnosis only when no concrete symptom exists and architecture is unknown. For real bugs with a symptom, use debugger.
542
583
 
543
- ## Code-sanity
584
+ ## Seconder
544
585
 
545
- Use code-sanity when diff smells overcomplicated, brittle, or type-risky, but not yet broken enough for debugger. Use it before final review when you want cheap simplification check without blocking merge.
586
+ The mandatory post-writer gate (canon §2.3): one READ_ONLY dual-verdict pass over the writer's diff that checks **scope/compliance** (does the diff satisfy the bead contract sections?) and **implementation quality** (complexity, duplication, type safety, brittle async/error handling) together, before test-engineer and reviewer.
546
587
 
547
588
  Bead shape:
548
589
 
549
590
  ```text
550
- PROBLEM: Diff has complexity, duplication, or type-safety smell that could hide bugs.
551
- SUCCESS: Findings isolate concrete smell or confirm clean shape.
552
- SCOPE: Executor diff, risky files, and any nearby helpers.
553
- NON_GOALS: No edits, no broad refactor, no merge gate decision.
554
- CONSTRAINTS: READ_ONLY, keep feedback cheap, cite exact lines or symbols.
555
- VALIDATION: Findings name concrete improvement or say OK.
556
- OUTPUT: FINDINGS with severity, or OK with caveats.
591
+ PROBLEM: Verify the writer diff satisfies the bead contract and is implementation-sound before expensive QA.
592
+ SUCCESS: Dual-verdict isolates any scope or quality issue, or confirms the diff is clean.
593
+ SCOPE: Writer diff, risky files, and any nearby helpers.
594
+ NON_GOALS: No edits, no broad refactor, no release blessing, no security audit, no broad reviewer phase-2.
595
+ CONSTRAINTS: READ_ONLY, keep feedback cheap, cite exact sections/lines/symbols.
596
+ VALIDATION: scope_verdict + quality_verdict + overall_verdict with concrete findings.
597
+ OUTPUT: JSON dual-verdict (scope_verdict / scope_findings / quality_verdict / quality_findings / overall_verdict).
557
598
  ```
558
599
 
559
- Use `sp resume <exec-job> "Code-sanity findings: ..."` or `sp resume <exec-job> "Code-sanity OK; continue to reviewer."` to hand findings back.
600
+ The chain reducer reads `overall_verdict`: PASS advances to test-engineer; FAIL routes back to the writer. Hand findings back with `sp resume <exec-job> "Seconder overall_verdict=FAIL scope: ...; quality: ..."`.
560
601
 
561
- OK is not reviewer PASS. It is advisory only.
602
+ A seconder PASS is the upstream scope gate for the reviewer; it is not itself a reviewer PASS.
562
603
 
563
- What differs: orchestrator uses code-sanity as cheap smell screen, not as merge gate.
604
+ What differs: orchestrator uses seconder as cheap smell screen, not as merge gate.
564
605
 
565
606
  ## Security-auditor
566
607
 
@@ -597,7 +638,7 @@ task -> explore -> impl -> review
597
638
  Fix loop:
598
639
 
599
640
  ```text
600
- debug -> exec -> code-sanity? -> security-auditor? -> reviewer
641
+ debug -> exec -> seconder? -> security-auditor? -> reviewer
601
642
  ^ |
602
643
  |------ resume PARTIAL --------------|
603
644
  ```
@@ -645,7 +686,7 @@ bd supersede <old-chain-a> --with <unified-chain>
645
686
  bd supersede <old-chain-b> --with <unified-chain>
646
687
  ```
647
688
 
648
- Default heuristic: if 3+ chains touch the same file, **serial-dispatch them**. Conflict-resolution time at integration usually exceeds the time saved by parallel dispatch. Before launching a large wave, run mechanical duplicate prefiltering and semantic clustering through `issue-triage` (or its core path: `bd find-duplicates --method mechanical` + `bv --robot-triage/alerts` + explorer/GitNexus overlap + overthinker recommendations); merge or supersede duplicate work before specialists spend tokens on it.
689
+ Default heuristic: if 3+ chains touch the same file, **serial-dispatch them**. Conflict-resolution time at integration usually exceeds the time saved by parallel dispatch. Run `bd find-duplicates --status open --method ai --json` before launching a large wave; merge or supersede duplicate work before specialists spend tokens on it.
649
690
 
650
691
  ## Pre-Epic: Test-Failure-Map Pattern
651
692
 
@@ -710,7 +751,7 @@ specialists result <exec-job>
710
751
  # 4. Advisory passes when diff smells risky
711
752
  bd create --title "Sanity check token retry diff" --type task --priority 2 --description "PROBLEM: auth retry diff has control-flow and state-handling smell that could hide bug. SUCCESS: findings identify concrete simplification or confirm clean shape. SCOPE: executor diff in auth refresh and login flow. NON_GOALS: no edits, no merge gate decision. CONSTRAINTS: READ_ONLY, keep feedback cheap, cite exact lines or symbols. VALIDATION: findings name concrete improvement or say OK. OUTPUT: FINDINGS with severity or OK with caveats."
712
753
  bd dep add <sanity-bead> <impl> --type validates
713
- specialists run code-sanity --bead <sanity-bead> --job <exec-job> --context-depth 3
754
+ specialists run seconder --bead <sanity-bead> --job <exec-job> --context-depth 3
714
755
 
715
756
  bd create --title "Security scan token retry diff" --type task --priority 2 --description "PROBLEM: auth refresh code touches secrets and session handling, so security regression is possible. SUCCESS: findings isolate real risk surface or confirm no obvious issue. SCOPE: executor diff in auth, token storage, and login path. NON_GOALS: no edits, no package updates, no destructive scans, no live exploit tests. CONSTRAINTS: LOW permissions, scan-only, recommendations only. VALIDATION: findings cite auth/secrets/input surface and why it matters. OUTPUT: recommendations for executor to apply in separate bead."
716
757
  bd dep add <security-bead> <impl> --type validates
@@ -722,15 +763,18 @@ bd dep add <review> <impl> --type validates
722
763
  specialists run reviewer --bead <review> --job <exec-job> --context-depth 3
723
764
  specialists result <review-job>
724
765
 
725
- # 6. Cascade-finalize the chain after reviewer PASS
726
- # (auto-finalize fires automatically when reviewer PASS appears in
727
- # streaming output. PASS delivered via `sp resume` does not stream —
728
- # run sp finalize to close any waiting keep-alive members.)
729
- sp finalize <review-job> # accepts any chain member; cascades to all waiting members
730
-
731
- # 7. Publish
732
- sp merge <impl>
733
- bd close <task> --reason "Reviewer PASS; merged."
766
+ # 6. Close any waiting keep-alive specialists explicitly
767
+ sp ps # confirm which jobs are still waiting
768
+ sp stop <waiting-job-id> # repeat per waiting job
769
+
770
+ # 7. Publish via manual git merge (rule #9 sp merge is prohibited)
771
+ git checkout master
772
+ git pull --ff-only origin master
773
+ git merge --no-ff feature/<impl-bead>-<slug> -m "Merge <impl-bead>: <summary>"
774
+ git push origin master
775
+ git worktree remove <chain-worktree-path>
776
+ git branch -d feature/<impl-bead>-<slug>
777
+ bd close <task> --reason "Reviewer PASS; merged to master."
734
778
  ```
735
779
 
736
780
  Edit-capable specialists with `--bead` auto-provision a clean git worktree. This does **not** provision ignored project dependency artifacts (`node_modules/`, `.venv/`, build caches). If validation tools are missing inside that worktree, have the specialist run the repo's standard bootstrap command (`make bootstrap`, `just setup`, `npm ci`, `uv sync`, etc.) or report that bootstrap is required; do not solve it by tracking dependency directories. `--worktree` is accepted for clarity but usually unnecessary. Use `--job <exec-job>` for reviewer/fix passes that must enter existing executor workspace.
@@ -743,7 +787,7 @@ Use epic when multiple implementation chains publish together.
743
787
 
744
788
  ```bash
745
789
  # Epic bead
746
- bd create --title "Epic: auth refresh hardening" --type epic --priority 2 --description "PROBLEM: login and refresh flow have retry drift, weak error surfacing, and unclear follow-up ownership. SUCCESS: epic closes with stable retry behavior, tests, docs, and clean publish. SCOPE: src/auth/*, src/cli/login.ts, tests/unit/auth/*, docs/auth-refresh.md. NON_GOALS: no auth provider swap, no storage migration, no unrelated session revamp. CONSTRAINTS: preserve token format, keep login compatible, sequence risky fixes before merge, use child beads for parallelizable slices. VALIDATION: targeted tests, code-sanity or security pass if risk appears, final reviewer PASS. OUTPUT: merged chain set with notes on remaining gaps."
790
+ bd create --title "Epic: auth refresh hardening" --type epic --priority 2 --description "PROBLEM: login and refresh flow have retry drift, weak error surfacing, and unclear follow-up ownership. SUCCESS: epic closes with stable retry behavior, tests, docs, and clean publish. SCOPE: src/auth/*, src/cli/login.ts, tests/unit/auth/*, docs/auth-refresh.md. NON_GOALS: no auth provider swap, no storage migration, no unrelated session revamp. CONSTRAINTS: preserve token format, keep login compatible, sequence risky fixes before merge, use child beads for parallelizable slices. VALIDATION: targeted tests, seconder or security pass if risk appears, final reviewer PASS. OUTPUT: merged chain set with notes on remaining gaps."
747
791
 
748
792
  # Planner bead
749
793
  bd create --parent <epic> --title "Plan auth refresh split" --type task --priority 2 --description "PROBLEM: epic needs disjoint chains before executor starts. SUCCESS: child beads, dependency edges, and file ownership split are explicit. SCOPE: auth refresh epic area. NON_GOALS: no code changes. CONSTRAINTS: keep chains disjoint, identify security-sensitive slice, name review order. VALIDATION: plan names beads and edges. OUTPUT: parallel-ready plan with risk notes."
@@ -762,15 +806,18 @@ bd dep add <review-b> <impl-b> --type validates
762
806
  specialists run reviewer --bead <review-a> --job <exec-a-job> --context-depth 3
763
807
  specialists run reviewer --bead <review-b> --job <exec-b-job> --context-depth 3
764
808
 
765
- # Per-chain cascade-finalize (only needed if PASS arrived via sp resume;
766
- # auto-finalize handles the streaming case automatically)
767
- sp finalize <review-a-job>
768
- sp finalize <review-b-job>
769
-
770
- # Publish
771
- bd dep cycles # stop if relationship rewiring introduced a cycle
772
- sp epic status <epic> # verify derived state shows merge_ready
773
- sp epic merge <epic> # batch publish all chains in dependency order with tsc gate per merge
809
+ # Close waiting keep-alive specialists explicitly (per chain)
810
+ sp ps # see what's still waiting
811
+ sp stop <waiting-job-id> # repeat per waiting job in each chain
812
+
813
+ # Publish via Cherry-Pick Playbook (canonical multi-chain merge — see Integration Phase section)
814
+ bd dep cycles # stop if relationship rewiring introduced a cycle
815
+ git checkout -b integration/$(date +%Y%m%d)-$EPIC_TAG
816
+ # For each PASS chain in dependency order:
817
+ git merge --squash feature/<chain-bead>-<slug>
818
+ git restore --staged .beads .pi AGENTS.md CLAUDE.md # noise filter
819
+ git commit -m "<type>(<scope>): <summary> (<bead-id>)"
820
+ # Operator FF-merges integration → master when satisfied.
774
821
  ```
775
822
 
776
823
  Use `--epic <id>` when job belongs to epic but bead is not direct child. Avoid parallel executors on same file; sequence them or consolidate work.
@@ -783,11 +830,11 @@ A chain stays alive until merged or abandoned.
783
830
 
784
831
  ```text
785
832
  executor/debugger -> waiting
786
- optional code-sanity/security-auditor -> advisory findings
833
+ optional seconder/security-auditor -> advisory findings
787
834
  reviewer -> PASS | PARTIAL | FAIL
788
835
  ```
789
836
 
790
- - `PASS`: verify expected commit/diff. If reviewer's PASS appeared in its streaming output, auto-finalize already closed the chain — go straight to `sp merge` / `sp epic merge`. If PASS arrived via `sp resume`, run `sp finalize <any-chain-job-id>` first to cascade-close any waiting keep-alive members, then publish.
837
+ - `PASS`: verify expected commit/diff + clean Release Checklist. Close any waiting keep-alive jobs explicitly with `sp stop <job-id>`. Then publish via manual git workflow (per-chain `git merge --no-ff` or Cherry-Pick Playbook for multi-chain epics).
791
838
  - `PARTIAL`: resume same executor/debugger with exact findings, then re-review (`sp resume <reviewer-job>`).
792
839
  - `FAIL`: stop and decide whether to replace chain, re-scope bead, or ask operator if judgment is required. If replacing a bad chain with a narrower one, use `bd supersede <failed-impl> --with <replacement>`; if reviewer discovered separate follow-up work, use `bd dep add <follow-up> <reviewer-bead> --type discovered-from`.
793
840
 
@@ -797,7 +844,7 @@ Prefer resume over new fix executor when original job is waiting and context is
797
844
  sp resume <exec-job> "Reviewer PARTIAL. Fix only these findings: ..."
798
845
  ```
799
846
 
800
- Do not treat job completion, code-sanity OK, security no-findings, or test-runner pass as equivalent to reviewer PASS.
847
+ Do not treat job completion, seconder OK, security no-findings, or test-runner pass as equivalent to reviewer PASS.
801
848
 
802
849
  What differs: orchestrator uses PASS/PARTIAL/FAIL as real control flow, not just status labels.
803
850
 
@@ -889,7 +936,7 @@ Several specialists default to over-cautious verdicts when an evidence gate look
889
936
 
890
937
  ### General rule
891
938
 
892
- Resume with explicit ammunition: file/line refs, exact rerun output, link to the bead memory documenting the rebuttal pattern. Don't argue from authority; argue from new evidence. **Findings from code-sanity / security-auditor are legitimate rebuttal evidence** — a clean code-sanity OK or a security-auditor "no findings" is concrete proof against a reviewer's "looks too complex" or "may have security risk" gate. Cite the advisory job id when rebutting on this axis.
939
+ Resume with explicit ammunition: file/line refs, exact rerun output, link to the bead memory documenting the rebuttal pattern. Don't argue from authority; argue from new evidence. **Findings from seconder / security-auditor are legitimate rebuttal evidence** — a clean seconder OK or a security-auditor "no findings" is concrete proof against a reviewer's "looks too complex" or "may have security risk" gate. Cite the advisory job id when rebutting on this axis.
893
940
 
894
941
  **One rebuttal per reviewer is the limit.** Second FAIL after rebuttal means stop and report. After a successful rebuttal, save the rebuttal text to `bd remember "<key>"` so the next session inherits it.
895
942
 
@@ -994,41 +1041,67 @@ Source: latest xt report + `xt --help`; keep commands here, not full CLI surface
994
1041
  - `memory-processor` — memory synthesis specialist; see `/documenting`.
995
1042
  - `xt-merge` — defer merge-queue internals to `/xt-merge`.
996
1043
 
997
- ## Merge And Publication
1044
+ ## Merge And Publication (manual git is canonical)
1045
+
1046
+ > **Rule #9:** `sp merge` and `sp epic merge` are prohibited — known broken, awaiting a separate rework epic. Even if `sp help` shows them, do not use. The Cherry-Pick Playbook below is the canonical merge path for specialist-owned work.
998
1047
 
999
- Per-chain merge (works for standalone chains AND for any PASS chain inside an active epic):
1048
+ ### Per-chain merge (standalone or one chain at a time inside an epic)
1049
+
1050
+ After reviewer PASS on a chain whose work lives in `feature/<bead-id>-<slug>` worktree:
1000
1051
 
1001
1052
  ```bash
1002
- sp merge <chain-root-bead>
1053
+ # 1. Verify reviewer PASS verdict was recorded (Release Checklist clean)
1054
+ bd show <bead-id> # check notes for the verdict
1055
+
1056
+ # 2. Verify the chain's gates passed:
1057
+ # seconder OK | obligations-scanner CLEAN | security-auditor clean (if surface)
1058
+ # Reviewer's Release Checklist block enumerates these.
1059
+
1060
+ # 3. Switch to target branch (master or integration/<date>) and FF or merge
1061
+ git checkout <target>
1062
+ git pull --ff-only origin <target>
1063
+ git merge --no-ff feature/<bead-id>-<slug> -m "Merge <bead-id>: <summary>"
1064
+ git push origin <target>
1065
+
1066
+ # 4. Cleanup the chain worktree + branch
1067
+ git worktree remove <chain-worktree-path>
1068
+ git branch -d feature/<bead-id>-<slug>
1069
+ git worktree prune
1003
1070
  ```
1004
1071
 
1005
- Batch publish all chains in an epic in dependency order with tsc gate between each:
1072
+ Use `git update-ref` for FF-equivalent when checkout is blocked by transient working-tree state (e.g., bd auto-export churn on `.beads/issues.jsonl`):
1006
1073
 
1007
1074
  ```bash
1008
- bd dep cycles
1009
- sp epic status <epic-id>
1010
- sp epic merge <epic-id>
1075
+ git merge-base --is-ancestor <target> feature/<bead-id>-<slug> && \
1076
+ git update-ref refs/heads/<target> feature/<bead-id>-<slug> && \
1077
+ git push origin <target>
1011
1078
  ```
1012
1079
 
1013
- Manual finalizer fallback when reviewer PASS arrived via resume (auto-finalize only fires on streaming output):
1080
+ ### Multi-chain epic merge
1081
+
1082
+ Use the Cherry-Pick Playbook (below). Each chain lands as one squash commit on an integration branch (visible to operator before main), then operator FF-merges integration → main when satisfied.
1083
+
1084
+ ### Closing the keep-alive specialists
1085
+
1086
+ If reviewer/executor jobs are still `waiting` after PASS:
1014
1087
 
1015
1088
  ```bash
1016
- sp finalize <any-chain-job-id> # cascades: closes ALL waiting keep-alive members of the chain
1089
+ sp stop <waiting-job-id> # explicit close per job; verify with sp ps before
1017
1090
  ```
1018
1091
 
1019
- Rules:
1092
+ No automatic cascade-finalizer. Close each waiting job explicitly. (Yes, this is more ceremony than `sp finalize` provided — but `sp finalize` lived inside the broken sp merge path.)
1093
+
1094
+ ### Rules
1020
1095
 
1021
- - Merge only after reviewer PASS unless operator explicitly accepts draft for follow-up work.
1022
- - Per-chain `sp merge` is allowed for any PASS chain regardless of sibling-epic state. Use `sp epic merge` only when batching all epic chains together (atomic publish, topological order, tsc gate per merge).
1023
- - Do not manually `git merge` specialist branches the redesign removed the conditions that previously forced manual fallback (sticky FAILED, inverted merge gates, missing PASS finalizer).
1024
- - If merge refuses because a chain job is still `waiting`, run `sp finalize <any-job-in-chain>` — it cascades to close every waiting keep-alive member of that chain via `supervisor.finalizeWaitingJob()`.
1025
- - If a previous `sp epic merge` failed (rebase conflict, dirty worktree) and persisted a soft `failed` marker, the next attempt retries fresh — only `merged` and `abandoned` are truly terminal. Just clear the conflict source.
1026
- - If merge reports dirty worktree, inspect that worktree. Revert generated noise only when clearly unrelated; otherwise ask or re-dispatch.
1027
- - Run or confirm required gates before closing root bead or epic.
1096
+ - Merge only after reviewer PASS + clean Release Checklist unless operator explicitly accepts a draft.
1097
+ - Always use `git merge --no-ff` for chain merges to keep the chain branch visible in history.
1098
+ - If merge reports a dirty worktree on the target branch, inspect what's dirty. Revert generated noise (e.g., `.beads/issues.jsonl` churn) only when clearly unrelated; otherwise ask the operator.
1099
+ - After merge, always remove the chain worktree + delete the branch + prune.
1100
+ - Stale-base failures: per Git State Precondition section, dispatch chains only when target branch HEAD contains all prior dependent chains' commits.
1028
1101
 
1029
- ## Integration Phase — Cherry-Pick Playbook
1102
+ ## Integration Phase — Cherry-Pick Playbook (canonical multi-chain merge)
1030
1103
 
1031
- Use when `sp merge` / `sp epic merge` is not the right path: chains forked from a non-`origin/HEAD` baseline (pass `--target-branch` first if it's a known integration branch), operator wants visibility before publish, or multiple chains must land into an integration branch before main.
1104
+ The canonical path for landing multiple specialist chains. Operator gets visibility on an integration branch before the work hits main.
1032
1105
 
1033
1106
  ### Step-by-step
1034
1107
 
@@ -1037,16 +1110,16 @@ Use when `sp merge` / `sp epic merge` is not the right path: chains forked from
1037
1110
  3. For each non-overlapping chain (security/critical first, then test-baseline, then features):
1038
1111
  - `git merge --squash <chain-branch>`
1039
1112
  - Restore noise files (see "Chain noise filter checklist" below)
1040
- - **Advisory passes** before commit: if the staged diff smells overcomplicated/duplicative/type-risky, dispatch `code-sanity --job <last-exec-job-of-chain>`; if it touches auth/secrets/input/agent-config, dispatch `security-auditor --job <last-exec-job-of-chain>`. Link those beads with `bd dep add <advisory-bead> <chain-bead> --type validates`. Apply findings or document why skipped.
1113
+ - **Advisory passes** before commit: if the staged diff smells overcomplicated/duplicative/type-risky, dispatch `seconder --job <last-exec-job-of-chain>`; if it touches auth/secrets/input/agent-config, dispatch `security-auditor --job <last-exec-job-of-chain>`. Link those beads with `bd dep add <advisory-bead> <chain-bead> --type validates`. Apply findings or document why skipped.
1041
1114
  - `git commit -m "<type>(<scope>): <summary> (<bead-id>)"` — one squash commit per chain.
1042
1115
  4. For each overlapping chain, add `bd dep relate <overlap-a> <overlap-b>` if not already linked, then switch to the **debugger-restitch** pattern (next section).
1043
- 5. Before publication, run `bd dep cycles`; fix any accidental cycle before `sp epic merge` or operator FF-merge.
1116
+ 5. Before publication, run `bd dep cycles`; fix any accidental cycle before operator FF-merges integration main.
1044
1117
  6. After all chains land, run E2E smoke phase (below) before declaring done.
1045
1118
  7. Operator FF-merges integration → main when satisfied.
1046
1119
 
1047
1120
  ### Chain noise filter checklist
1048
1121
 
1049
- `sp merge` ignores `.beads/` and `.xtrm/skills/active/**` via `MERGE_DIRTY_IGNORE_PREFIXES`. For manual cherry-pick / squash flows, additionally unstage these before committing:
1122
+ For manual cherry-pick / squash flows, unstage these before committing (otherwise the chain commit will carry orchestrator-bookkeeping noise):
1050
1123
 
1051
1124
  - `.pi/npm` — accidentally created by xt commands inside worktrees
1052
1125
  - `cli/pnpm-lock.yaml`, `cli/pnpm-workspace.yaml` — pnpm side-effects
@@ -1085,7 +1158,7 @@ When chain X conflicts with already-landed chain Y on shared files, raw `git che
1085
1158
  git diff integration/<date>...feature/<X>-debugger -- <key-files>
1086
1159
  ```
1087
1160
  Confirm the debugger's diff is **additive** — no reverts of Y's lines.
1088
- 5. **Advisory passes**: before landing the restitch, dispatch `code-sanity --job <debugger-job>` if the restitch added control-flow complexity, and `security-auditor --job <debugger-job>` if it touched a sensitive surface. Link each advisory bead back with `bd dep add <advisory> <X-restitch-or-X> --type validates`. Restitched diffs are higher-risk than fresh executor diffs because the debugger had to thread around already-landed work.
1161
+ 5. **Advisory passes**: before landing the restitch, dispatch `seconder --job <debugger-job>` if the restitch added control-flow complexity, and `security-auditor --job <debugger-job>` if it touched a sensitive surface. Link each advisory bead back with `bd dep add <advisory> <X-restitch-or-X> --type validates`. Restitched diffs are higher-risk than fresh executor diffs because the debugger had to thread around already-landed work.
1089
1162
  6. **Land via FF or cherry-pick the named commit** (NOT the checkpoint commit). Look for the commit with the proper `<type>(<scope>):` message; ignore `checkpoint(debugger):` commits above it.
1090
1163
  7. **Verify tests** before marking done.
1091
1164
 
@@ -1162,9 +1235,9 @@ Then choose one action:
1162
1235
 
1163
1236
  | Symptom | Cause | Fix |
1164
1237
  |---|---|---|
1165
- | `sp merge` refuses with "non-terminal chain jobs" after reviewer PASS | Auto-finalize did not fire (PASS arrived via `sp resume`, not streaming) | `sp finalize <any-chain-job-id>` cascades to close every waiting keep-alive member |
1166
- | `sp epic merge` says epic is "in terminal state 'failed'" | Prior `sp epic merge` hit a transient error (rebase conflict, dirty worktree) and persisted a soft `failed` marker | Clear the original conflict source, then re-run `sp epic merge` — it retries fresh, only `merged`/`abandoned` truly block |
1167
- | `sp epic merge` says "rebase failed: unstaged changes" in a worktree | bd auto-export or other tooling left uncommitted changes inside the worktree | `cd .worktrees/<bead>/<bead>-executor && git stash push -u -m epic-merge-prep`, then re-run from main repo |
1238
+ | `git checkout <branch>` aborts with "would overwrite untracked/changes" mid-orchestration | bd auto-export keeps re-staging `.beads/issues.jsonl` after every bd op | Use `git update-ref refs/heads/<target> <source>` for FF-equivalent without checkout; or commit the .beads churn as a separate "chore(beads): export state" commit before switching |
1239
+ | Stale `.git/index.lock` blocks git commands | bd hooks or other tooling crashed mid-operation | Check no real git process is running (`ps -ef \| grep "git "`); if clear, `rm -f .git/index.lock` and retry |
1240
+ | `git add .beads/issues.jsonl` says "ignored by gitignore" but `git status` shows it modified | File is in `.git/info/exclude` but already tracked in the index | The staged change can still be committed directly (`git commit` without `git add`); don't fight the exclude |
1168
1241
  | Validation fails with `command not found`, `vitest: not found`, missing Python tools, or `ERR_MODULE_NOT_FOUND` in a fresh worktree | Normal git worktree behavior: ignored dependency dirs (`node_modules/`, `.venv/`) are not copied into new worktrees | Run the repo's standard bootstrap inside that worktree (`make bootstrap`, `just setup`, `npm ci`, `uv sync`, etc.) or report bootstrap-required. Do not track dependency artifacts. |
1169
1242
  | `sp ps` shows old terminal jobs after a session | Default dashboard keeps unresolved terminal problems visible until acknowledged | `sp clean --ps --dry-run`, then `sp clean --ps` to soft-hide from default ps; use `sp ps --include-cleaned`/`--all` for audit history |
1170
1243
  | Reviewer keeps returning PARTIAL on functional contracts already met | Reviewer demanding tool-event evidence — typically obsoleted after the gate relaxation, but if it persists check the executor's `gitnexus_detect_changes` ran and use the rebuttal pattern (see Specialist Rebuttal As Routine) | Rebut with cited evidence; second FAIL = escalate |
@@ -1187,5 +1260,8 @@ Then choose one action:
1187
1260
  - Smokes every npm script and entry point before declaring integration done; runs cross-cutting security-auditor on cumulative diff when sensitive surfaces were touched.
1188
1261
  - Commits debugger-restitch results via FF or cherry-pick of the named commit, not the checkpoint commit above it.
1189
1262
  - Closes finished chain's bead BEFORE committing that worktree when other chains still in_progress (project-wide commit-gate).
1263
+ - Applies SCRUTINY field on every substantive bead; lets reviewer auto-escalate.
1264
+ - Verifies Git State Precondition before every dependent-chain dispatch.
1265
+ - Merges specialist work via manual git workflow (Cherry-Pick Playbook); never `sp merge` / `sp epic merge` (rule #9 — known broken).
1190
1266
  - Runs `/session-close-report` at session end and only then declares done.
1191
1267
  - Keeps memory-processor, xt-merge, session-close-report, and releasing out of this skill on purpose — each has its own.