@kognai/orchestrator-core 0.1.1 → 0.1.3

package/dist/lib/engine-agents.js

@@ -0,0 +1,835 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentCreator = exports.CTOAgent = exports.CTODataCollector = exports.CEOAgent = exports.Supervisor2Agent = exports.SupervisorAgent = void 0;
+exports.reconcileSupervisorReviews = reconcileSupervisorReviews;
+/**
+ * engine-agents.ts — leadership/agent classes extracted from orchestrate-engine.ts
+ * (TICKET-231 engine split 3). SupervisorAgent, Supervisor2Agent, reconcileSupervisorReviews,
+ * CEOAgent, CTODataCollector, CTOAgent, AgentCreator + the SpawnGate seam types.
+ * Imports shared primitives (log/callLLM/normalizeReview/c) + AgentTask/ReviewResult/CTO* types
+ * back from the engine via a runtime-safe circular import (methods use them at call-time).
+ */
+const fs_1 = require("fs");
+const sherlock_memory_1 = require("./sherlock-memory");
+const clawrouter_client_1 = require("./clawrouter-client");
+const citizenship_1 = require("./citizenship");
+const engine_loaders_1 = require("./engine-loaders");
+const orchestrate_engine_1 = require("./orchestrate-engine");
+// ===== Supervisor Agent (Claude via Anthropic API) =====
+class SupervisorAgent {
+    systemPrompt;
+    constructor() {
+        const promptPath = './agents/supervisor/prompt.md';
+        const rawPrompt = (0, fs_1.existsSync)(promptPath) ? (0, fs_1.readFileSync)(promptPath, 'utf-8') : 'You are a code review supervisor.';
+        this.systemPrompt = (0, engine_loaders_1.loadConstitutionalPreamble)() + rawPrompt;
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, '+ Loaded supervisor agent (Claude via Anthropic API)');
+    }
+    async reviewTask(task, files) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `\n[supervisor] Reviewing: ${task.id}`);
+        // FIX: Use XML-style tags (NOT code fences) so the model can't confuse display format with file content
+        // NOTE: 12000 char limit — covers EXACT CONTENT files (typically 5K-10K chars); 4000 was too small
+        const fileContents = files.map((filepath) => {
+            const content = (0, fs_1.existsSync)(filepath) ? (0, fs_1.readFileSync)(filepath, 'utf-8') : '';
+            return `### ${filepath}\n<file_content>\n${content.substring(0, 12000)}\n</file_content>`;
+        }).join('\n\n');
+        // FIX: Pre-compute fence check in TypeScript — inject evidence so model never hallucinates fence presence
+        const fenceCheckLines = files.map((filepath) => {
+            const content = (0, fs_1.existsSync)(filepath) ? (0, fs_1.readFileSync)(filepath, 'utf-8') : '';
+            const firstLine = content.trimStart().split('\n')[0] || '';
+            const hasFence = firstLine.startsWith('```');
+            return `  ${filepath}: ${hasFence ? `FENCE DETECTED (first line: ${JSON.stringify(firstLine)})` : 'OK (no fence at start)'}`;
+        }).join('\n');
+        // CTO-005: Add fence detection to supervisor review checklist
+        const integrityContext = task._integrityFailed
+            ? `\n\n## ⚠️ INTEGRITY ALERT\n${task._integrityDetails}\nThis file was flagged for destructive rewrite. The original was preserved. REJECT this task.\n`
+            : '';
+        // Sherlock v2: inject ASMR episodic memory context (AMD-21-03) — fail-open
+        const memoryContext = await (0, sherlock_memory_1.getSherlockMemoryContext)(task.context || task.id);
+        const userPrompt = `Review the following code generated for task ${task.id}.\n\n## Task Spec\n${task.context}${memoryContext}\n\n## Generated Files (${files.length})\n${fileContents}${integrityContext}\n\n## Pre-computed Fence Check (authoritative — do NOT infer from display format)\n${fenceCheckLines}\n\n## Instructions\nCRITICAL CHECK: Use the Pre-computed Fence Check above. If any file shows FENCE DETECTED, REJECT. Do NOT infer fence presence from the <file_content> display tags — those are display-only wrappers.\nAlso check: Did the file lose existing functionality? If a file shrank significantly, REJECT.\n\n## Categorical grade (use a discrete letter — no fake precision)\n- A: production-perfect. No improvements possible. Ship.\n- B: good with minor polish needed (rename, comment, formatting).\n- C: works but has noticeable issues (missed edge case, weak abstraction, partial spec coverage). APPROVED with caveats.\n- D: significant problems (broken edge case, regression risk, anti-pattern). REJECT.\n- F: broken, unsafe, doesn't meet spec, or fence/integrity failure. REJECT.\n\nThe deterministic gate already ran (typecheck + structural). If a file got here, syntax is valid — focus your review on substance, not parseability.\n\nRespond with a JSON object:\n{\n  "verdict": "APPROVED" or "REJECTED",\n  "grade": "A" | "B" | "C" | "D" | "F",\n  "score_rationale": "ONE sentence naming the specific factor that determined the grade. Vague 'good code' is NOT acceptable.",\n  "summary": "brief review summary",\n  "issues": [{"severity": "critical|high|medium|low", "file": "path", "description": "..."}],\n  "strengths": ["..."]\n}`;
+        const startTime = Date.now();
+        // B.15: DeepSeek via ClawRouter for standard tasks (~$0.02/task vs $0.07 dual-supervisor)
+        // Retain Claude Sonnet only for audit/refactor-complex (high-stakes)
+        const taskType = task.task_type || '';
+        const isHighStakes = taskType === 'audit' || taskType === 'refactor-complex' ||
+            (task.context || '').toLowerCase().includes('security') || (task.context || '').toLowerCase().includes('audit');
+        const crAvail = await (0, clawrouter_client_1.clawRouterIsAvailable)().catch(() => false);
+        let reviewProvider = (crAvail && !isHighStakes) ? 'clawrouter' : 'anthropic';
+        const reviewModel = reviewProvider === 'clawrouter' ? 'deepseek/deepseek-chat' : 'claude-sonnet-4-6';
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> Sending to ${reviewProvider === 'clawrouter' ? 'ClawRouter/DeepSeek' : 'Claude Sonnet'} (${isHighStakes ? 'high-stakes' : 'standard'})...`);
+        try {
+            const response = await (0, orchestrate_engine_1.callLLM)(reviewProvider, reviewModel, this.systemPrompt, userPrompt, 120000, 'supervisor', 'code_review');
+            const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> Review received in ${elapsed}s (${response.usage?.total_tokens || '?'} tokens)`);
+            const content = response.choices?.[0]?.message?.content || '';
+            const jsonMatch = content.match(/\{[\s\S]*\}/);
+            if (jsonMatch) {
+                const review = (0, orchestrate_engine_1.normalizeReview)(JSON.parse(jsonMatch[0]));
+                const gradeLabel = review.grade ? `${review.grade} · ` : '';
+                if (review.verdict === 'APPROVED') {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ APPROVED (${gradeLabel}score: ${review.score}/100)`);
+                }
+                else {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ REJECTED (${gradeLabel}score: ${review.score}/100)`);
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  Summary: ${review.summary}`);
+                    for (const issue of review.issues || []) {
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `    [${issue.severity}] ${issue.file}: ${issue.description}`);
+                    }
+                }
+                return review;
+            }
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, '  ! Could not parse review JSON, auto-approving');
+            return { verdict: 'APPROVED', score: 70, summary: 'Auto-approved (parse failure)', issues: [], strengths: [] };
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Supervisor error: ${error.message}`);
+            return { verdict: 'APPROVED', score: 0, summary: `Supervisor unavailable: ${error.message}`, issues: [], strengths: [] };
+        }
+    }
+}
+exports.SupervisorAgent = SupervisorAgent;
+// ===== Supervisor 2 Agent (Claude Haiku 4.5; DeepSeek mono-supervision on Anthropic drain) =====
+class Supervisor2Agent {
+    systemPrompt;
+    constructor() {
+        const promptPath = './agents/supervisor/prompt.md';
+        const rawPrompt = (0, fs_1.existsSync)(promptPath) ? (0, fs_1.readFileSync)(promptPath, 'utf-8') : 'You are a code review supervisor.';
+        this.systemPrompt = (0, engine_loaders_1.loadConstitutionalPreamble)() + rawPrompt;
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, '+ Loaded supervisor 2 agent (Claude Haiku — second pass)');
+    }
+    async reviewTask(task, files) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `\n[supervisor-2/haiku] Reviewing: ${task.id}`);
+        // FIX: Use XML-style tags (NOT code fences) so the model can't confuse display format with file content
+        // NOTE: 12000 char limit — covers EXACT CONTENT files (typically 5K-10K chars); 4000 was too small
+        const fileContents = files.map((filepath) => {
+            const content = (0, fs_1.existsSync)(filepath) ? (0, fs_1.readFileSync)(filepath, 'utf-8') : '';
+            return `### ${filepath}\n<file_content>\n${content.substring(0, 12000)}\n</file_content>`;
+        }).join('\n\n');
+        // FIX: Pre-compute fence check in TypeScript — inject evidence so model never hallucinates fence presence
+        const fenceCheckLines2 = files.map((filepath) => {
+            const content = (0, fs_1.existsSync)(filepath) ? (0, fs_1.readFileSync)(filepath, 'utf-8') : '';
+            const firstLine = content.trimStart().split('\n')[0] || '';
+            const hasFence = firstLine.startsWith('```');
+            return `  ${filepath}: ${hasFence ? `FENCE DETECTED (first line: ${JSON.stringify(firstLine)})` : 'OK (no fence at start)'}`;
+        }).join('\n');
+        // CTO-005: Add fence detection to Haiku supervisor review checklist
+        const integrityContext2 = task._integrityFailed
+            ? `\n\n## ⚠️ INTEGRITY ALERT\n${task._integrityDetails}\nThis file was flagged for destructive rewrite. The original was preserved. REJECT this task.\n`
+            : '';
+        const userPrompt = `Review the following code generated for task ${task.id}.\n\n## Task Spec\n${task.context}\n\n## Generated Files (${files.length})\n${fileContents}${integrityContext2}\n\n## Pre-computed Fence Check (authoritative — do NOT infer from display format)\n${fenceCheckLines2}\n\n## Instructions\nCRITICAL CHECK: Use the Pre-computed Fence Check above. If any file shows FENCE DETECTED, REJECT. Do NOT infer fence presence from the <file_content> display tags — those are display-only wrappers.\nAlso check: Did the file lose existing functionality? If a file shrank significantly, REJECT.\n\n## Categorical grade (use a discrete letter — no fake precision)\n- A: production-perfect. No improvements possible. Ship.\n- B: good with minor polish needed (rename, comment, formatting).\n- C: works but has noticeable issues (missed edge case, weak abstraction, partial spec coverage). APPROVED with caveats.\n- D: significant problems (broken edge case, regression risk, anti-pattern). REJECT.\n- F: broken, unsafe, doesn't meet spec, or fence/integrity failure. REJECT.\n\nThe deterministic gate already ran (typecheck + structural). If a file got here, syntax is valid — focus your review on substance, not parseability.\n\nRespond with a JSON object:\n{\n  "verdict": "APPROVED" or "REJECTED",\n  "grade": "A" | "B" | "C" | "D" | "F",\n  "score_rationale": "ONE sentence naming the specific factor that determined the grade. Vague 'good code' is NOT acceptable.",\n  "summary": "brief review summary",\n  "issues": [{"severity": "critical|high|medium|low", "file": "path", "description": "..."}],\n  "strengths": ["..."]\n}`;
+        const startTime = Date.now();
+        // B.15: Use Haiku for second-pass review — 10x cheaper than Sonnet.
+        // Founder directive 2026-05-25: if Anthropic depletes, fall back to ClawRouter/DeepSeek
+        // mono-supervision rather than halting the swarm. Autonomy is on.
+        const tryPath = async (provider, model, label) => {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> Sending to ${label}...`);
+            const response = provider === 'anthropic'
+                ? await (0, orchestrate_engine_1.callAnthropicCached)(model, this.systemPrompt, userPrompt, 120000)
+                : await (0, orchestrate_engine_1.callLLM)('clawrouter', model, this.systemPrompt, userPrompt, 120000, 'supervisor-2', 'code_review');
+            const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> ${label} review received in ${elapsed}s (${response.usage?.total_tokens || '?'} tokens)`);
+            return response;
+        };
+        let response;
+        let usedFallback = false;
+        try {
+            response = await tryPath('anthropic', 'claude-haiku-4-5-20251001', 'Claude Haiku (second pass)');
+        }
+        catch (error) {
+            const msg = String(error?.message || '');
+            const credit = /credit balance|invalid_request_error.*credit|insufficient.*quota/i.test(msg);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! [Haiku] Anthropic unavailable${credit ? ' (credits)' : ''}: ${msg.slice(0, 120)}`);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, '  ! Falling back to ClawRouter/DeepSeek mono-supervision — swarm continues');
+            try {
+                response = await tryPath('clawrouter', 'deepseek/deepseek-chat', 'ClawRouter/DeepSeek (mono fallback)');
+                usedFallback = true;
+            }
+            catch (fallbackErr) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! [Haiku] Both Anthropic + ClawRouter unavailable: ${fallbackErr.message}`);
+                return { verdict: 'APPROVED', score: 0, summary: `Supervisor 2 unavailable: ${msg.slice(0, 200)}`, issues: [], strengths: [] };
+            }
+        }
+        const content = response.choices?.[0]?.message?.content || '';
+        const jsonMatch = content.match(/\{[\s\S]*\}/);
+        if (jsonMatch) {
+            const review = (0, orchestrate_engine_1.normalizeReview)(JSON.parse(jsonMatch[0]));
+            const tag = usedFallback ? '[DeepSeek-fallback]' : '[Haiku]';
+            const gradeLabel = review.grade ? `${review.grade} · ` : '';
+            if (review.verdict === 'APPROVED')
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ ${tag} APPROVED (${gradeLabel}score: ${review.score}/100)`);
+            else {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ ${tag} REJECTED (${gradeLabel}score: ${review.score}/100)`);
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  Summary: ${review.summary}`);
+                for (const issue of review.issues || [])
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `    [${issue.severity}] ${issue.file}: ${issue.description}`);
+            }
+            return review;
+        }
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, '  ! [Haiku] Could not parse review JSON, auto-approving');
+        return { verdict: 'APPROVED', score: 70, summary: 'Auto-approved (parse failure)', issues: [], strengths: [] };
+    }
+}
+exports.Supervisor2Agent = Supervisor2Agent;
+async function reconcileSupervisorReviews(review1, review2, task, ceo) {
+    // S67-001 + founder directive 2026-05-25: graceful degradation when either supervisor depletes.
+    // Autonomy is on — swarm must keep shipping. DeepSeek/ClawRouter fallback substitutes for Anthropic.
+    // Naming history: sup1 was Sonnet, sup2 was OpenAI Codex (hence "Codex" in older logs).
+    // Today sup1 routes DeepSeek-by-default + Sonnet for high-stakes; sup2 routes Haiku + DeepSeek fallback.
+    // The log labels below use "Sup1" / "Sup2" to stay accurate regardless of which provider answered.
+    const isUnavailable = (r) => /Supervisor unavailable|Supervisor 2 unavailable|unavailable/i.test(r.summary || '');
+    const sup1Unavailable = isUnavailable(review1);
+    const sup2Unavailable = isUnavailable(review2);
+    if (sup1Unavailable && sup2Unavailable) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! BOTH supervisors unavailable (Anthropic + fallback drained) — auto-approving so swarm keeps shipping`);
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `    KSL will capture this attempt for training. Restore credits to re-enable review.`);
+        return {
+            finalReview: {
+                verdict: 'APPROVED', score: 50,
+                summary: 'Auto-approved — both supervisors unavailable. Founder directive: autonomy on, swarm continues.',
+                issues: [], strengths: [],
+            },
+            review1, review2, consensus: false, escalatedToCEO: false,
+        };
+    }
+    if (sup1Unavailable) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Sup1 unavailable — Sup2 as sole reviewer (score: ${review2.score}/100)`);
+        return { finalReview: review2, review1, review2, consensus: false, escalatedToCEO: false };
+    }
+    if (sup2Unavailable) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Sup2 unavailable — Sup1 as sole reviewer (score: ${review1.score}/100)`);
+        return { finalReview: review1, review1, review2, consensus: false, escalatedToCEO: false };
+    }
+    const bothApproved = review1.verdict === 'APPROVED' && review2.verdict === 'APPROVED';
+    const bothRejected = review1.verdict !== 'APPROVED' && review2.verdict !== 'APPROVED';
+    const consensus = bothApproved || bothRejected;
+    if (bothApproved) {
+        // Both approve — take the average score, merge strengths
+        const avgScore = Math.round((review1.score + review2.score) / 2);
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ DUAL CONSENSUS: Both supervisors APPROVED (Sup1: ${review1.score}, Sup2: ${review2.score}, avg: ${avgScore})`);
+        return {
+            finalReview: {
+                verdict: 'APPROVED',
+                score: avgScore,
+                summary: `Dual-approved: Sup1 (${review1.score}/100) + Sup2 (${review2.score}/100)`,
+                issues: [...review1.issues, ...review2.issues],
+                strengths: Array.from(new Set([...review1.strengths, ...review2.strengths])),
+            },
+            review1, review2, consensus: true, escalatedToCEO: false,
+        };
+    }
+    if (bothRejected) {
+        // Both reject — merge issues, take lower score
+        const minScore = Math.min(review1.score, review2.score);
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ DUAL CONSENSUS: Both supervisors REJECTED (Sup1: ${review1.score}, Sup2: ${review2.score})`);
+        return {
+            finalReview: {
+                verdict: 'REJECTED',
+                score: minScore,
+                summary: `Dual-rejected: Sup1 (${review1.score}/100) + Sup2 (${review2.score}/100). ${review1.summary} | ${review2.summary}`,
+                issues: [...review1.issues, ...review2.issues],
+                strengths: [],
+            },
+            review1, review2, consensus: true, escalatedToCEO: false,
+        };
+    }
+    // CONFLICT — one approved, one rejected → escalate to CEO
+    const approver = review1.verdict === 'APPROVED' ? 'Sup1' : 'Sup2';
+    const rejecter = review1.verdict === 'APPROVED' ? 'Sup2' : 'Sup1';
+    const approvalReview = review1.verdict === 'APPROVED' ? review1 : review2;
+    const rejectionReview = review1.verdict === 'APPROVED' ? review2 : review1;
+    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ⚡ SUPERVISOR CONFLICT on ${task.id}: ${approver} APPROVED (${approvalReview.score}), ${rejecter} REJECTED (${rejectionReview.score})`);
+    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `  → Escalating to CEO for final decision...`);
+    try {
+        const ceoDecision = await ceo.resolveReviewConflict(task, approvalReview, rejectionReview, approver, rejecter);
+        const ceoApproves = ceoDecision.toLowerCase().includes('approve');
+        (0, orchestrate_engine_1.log)(ceoApproves ? orchestrate_engine_1.c.green : orchestrate_engine_1.c.red, `  CEO DECISION: ${ceoApproves ? 'APPROVED' : 'REJECTED'} — ${ceoDecision.substring(0, 200)}`);
+        return {
+            finalReview: {
+                verdict: ceoApproves ? 'APPROVED' : 'REJECTED',
+                score: ceoApproves ? approvalReview.score : rejectionReview.score,
+                summary: `CEO resolved conflict (${approver} approved, ${rejecter} rejected): ${ceoDecision.substring(0, 300)}`,
+                issues: rejectionReview.issues,
+                strengths: approvalReview.strengths,
+            },
+            review1, review2, consensus: false, escalatedToCEO: true, ceoDecision,
+        };
+    }
+    catch (error) {
+        // CEO unavailable — default to rejection (safer)
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  CEO unavailable for conflict resolution: ${error.message}. Defaulting to REJECTED.`);
+        return {
+            finalReview: rejectionReview,
+            review1, review2, consensus: false, escalatedToCEO: false,
+        };
+    }
+}
+// ===== CEO Agent (Claude via Anthropic API) =====
+class CEOAgent {
+    systemPrompt;
+    constructor() {
+        const promptPath = './agents/ceo/prompt.md';
+        const rawPrompt = (0, fs_1.existsSync)(promptPath) ? (0, fs_1.readFileSync)(promptPath, 'utf-8') : 'You are the CEO of Countable.';
+        this.systemPrompt = (0, engine_loaders_1.loadConstitutionalPreamble)() + rawPrompt;
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, '+ Loaded CEO agent (Claude via Anthropic API)');
+    }
+    async reviewSprintProgress(tasks) {
+        const done = tasks.filter(t => t.status === 'done').length;
+        const total = tasks.length;
+        const pending = tasks.filter(t => t.status === 'pending');
+        const rejected = tasks.filter(t => t.status === 'rejected');
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `\n[ceo] Sprint progress check (${done}/${total} done)`);
+        const userPrompt = `IMPORTANT: Plain text only, no tools, no XML. Respond directly.
+
+Sprint progress update:\n- Done: ${done}/${total}\n- Pending: ${pending.map(t => t.id).join(', ') || 'none'}\n- Rejected: ${rejected.map(t => t.id).join(', ') || 'none'}\n\nTask details:\n${JSON.stringify(tasks.map(t => ({ id: t.id, status: t.status, agent: t.agent, priority: t.priority })), null, 2)}\n\nAs CEO, briefly assess:\n1. Are we on track?\n2. Any tasks to re-prioritize?\n3. Cost efficiency — are we using the right models?\n4. Any strategic adjustments needed?\n\nKeep response under 200 words.`;
+        try {
+            // B.20: ClawRouter/DeepSeek — formulaic progress check, $0 via x402 wallet
+            const response = await (0, orchestrate_engine_1.callLLM)('clawrouter', 'deepseek/deepseek-chat', this.systemPrompt, userPrompt, 60000, 'ceo', 'sprint_progress_review');
+            const content = response.choices?.[0]?.message?.content || 'No response';
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `  CEO assessment: ${content.substring(0, 500)}`);
+            return content;
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! CEO unavailable: ${error.message}`);
+            return 'CEO agent unavailable';
+        }
+    }
+    async resolveReviewConflict(task, approvalReview, rejectionReview, approver, rejecter) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `\n[ceo] Resolving supervisor conflict on ${task.id}...`);
+        const userPrompt = `IMPORTANT: Respond with ONLY APPROVE or REJECT and a brief reason. No tools, no XML, no file reading.\n\nTwo code review supervisors disagree on task ${task.id}.
+
+## Task Spec
+${task.context?.substring(0, 800) || 'No context'}
+
+## ${approver} says APPROVED (score: ${approvalReview.score}/100)
+Summary: ${approvalReview.summary}
+Strengths: ${approvalReview.strengths?.join(', ') || 'none listed'}
+
+## ${rejecter} says REJECTED (score: ${rejectionReview.score}/100)
+Summary: ${rejectionReview.summary}
+Issues found:
+${(rejectionReview.issues || []).map(i => `- [${i.severity}] ${i.file}: ${i.description}`).join('\n')}
+
+## Your Decision
+As CEO, you must make the final call. Consider:
+1. Are the rejection issues genuine blockers or nitpicks?
+2. Does the code meet the task spec requirements?
+3. Is it safe to ship, or are there real quality/security concerns?
+
+Respond with ONE of:
+- "APPROVE — [brief reason]" if the code is good enough to ship
+- "REJECT — [brief reason]" if the rejection issues are valid and must be fixed
+
+Keep response under 100 words.`;
+        try {
+            const response = await (0, orchestrate_engine_1.callLLM)('anthropic', 'claude-sonnet-4-20250514', this.systemPrompt, userPrompt, 60000, 'ceo', 'supervisor_conflict_resolution');
+            const content = response.choices?.[0]?.message?.content || 'No response';
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `  CEO conflict resolution: ${content.substring(0, 300)}`);
+            return content;
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! CEO unavailable for conflict resolution: ${error.message}`);
+            throw error;
+        }
+    }
+    async reviewCTOProposals(ctoReport) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `\n[ceo] Reviewing ${ctoReport.proposals.length} CTO proposals...`);
+        const proposalsSummary = ctoReport.proposals.map((p, i) => `
+### Proposal ${i + 1}: ${p.title}
+- ID: ${p.id}
+- Category: ${p.category}
+- Risk: ${p.risk_level}
+- Description: ${p.description}
+- Impact: ${p.estimated_impact}
+- Steps: ${p.implementation_steps.join(', ')}
+${p.agent_spec ? `- NEW AGENT: name=${p.agent_spec.name}, role="${p.agent_spec.role}", llm=${p.agent_spec.llm}, trigger=${p.agent_spec.trigger}` : ''}
+`).join('\n');
+        const userPrompt = `IMPORTANT: You have NO tools. Do NOT output XML tool calls or file-reading syntax. Respond ONLY with the JSON array. All context is in this message.
+
+The CTO has analyzed our project data and submitted ${ctoReport.proposals.length} proposal(s).
+
+## CTO Summary
+${ctoReport.summary}
+
+## Proposals
+${proposalsSummary}
+
+## Your Review Criteria
+For each proposal, evaluate:
+1. **Evidence-based**: Is it backed by real sprint data? (CTO reviewed: ${ctoReport.metrics_reviewed.join(', ')})
+2. **Cost impact**: Will this save or cost money?
+3. **Risk level**: Can we roll back if it fails?
+4. **Business value**: Does it help ship features faster?
+5. **Disruption level**: How much will this change current workflows?
+
+**For new_agent proposals, ALSO evaluate:**
+- Is the capability gap real? (not something an existing agent handles)
+- Is MiniMax appropriate, or does this need Claude-level intelligence?
+- Is the trigger frequency reasonable? (every_sprint may be expensive)
+- Will the total agent count become unmanageable?
+
+**For ClawHub skill proposals:**
+- Has a security_review step been included? (REQUIRED — ClawHub skills may contain malware)
+- Is the skill from a trusted author?
+
+## Decision Format
+For EACH proposal, respond with a decision JSON:
+{
+  "decision": "APPROVED | REJECTED | DEFERRED",
+  "proposal_id": "the proposal ID",
+  "reasoning": "Why this decision",
+  "conditions": ["Any conditions for implementation"],
+  "cascade_orders": ["Company-wide changes if approved"],
+  "priority": "immediate | next_sprint | backlog"
+}
+
+Wrap all decisions in a JSON array. Be concise.`;
+        try {
+            // B.6: Haiku for CTO proposal reviews — 10x cheaper, prompt-cached system prompt
+            const response = await (0, orchestrate_engine_1.callAnthropicCached)('claude-haiku-4-5-20251001', this.systemPrompt, userPrompt, 60000);
+            const content = response.choices?.[0]?.message?.content || 'No response';
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `  CEO CTO review: ${content.substring(0, 500)}`);
+            return content;
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! CEO CTO review failed: ${error.message}`);
+            return 'CEO unavailable for CTO review';
+        }
+    }
+    async generateDailyReport(tasks, stats, ctoReport, ctoDecisions) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, '\n[ceo] Generating daily report for owner...');
+        const done = tasks.filter(t => t.status === 'done').length;
+        const rejected = tasks.filter(t => t.status === 'rejected').length;
+        const pending = tasks.filter(t => t.status === 'pending').length;
+        const today = new Date().toISOString().split('T')[0];
+        const userPrompt = `IMPORTANT: Output ONLY the markdown report. No tools, no XML, no file reading. All data is in this message.\n\nGenerate a daily report for the owner of Countable. Today is ${today}.
+
+## Sprint Data
+- Tasks executed: ${stats.tasksExecuted}
+- Approved: ${stats.approved}
+- Rejected: ${stats.rejected}
+- Done: ${done}, Pending: ${pending}, Total: ${tasks.length}
+
+Task details:
+${JSON.stringify(tasks.map(t => ({ id: t.id, status: t.status, agent: t.agent })), null, 2)}
+
+## CTO Report
+${ctoReport}
+
+## CEO Decisions on CTO Proposals
+${ctoDecisions}
+
+## Dual Supervisor Review Stats
+- Supervisor conflicts: ${stats.conflicts || 0}
+- CEO escalations: ${stats.escalations || 0}
+
+## Estimated Costs
+- MiniMax coding: ~$0.09/task x ${stats.tasksExecuted} tasks = ~$${(stats.tasksExecuted * 0.09).toFixed(2)}
+- Sup1 reviews (DeepSeek default, Sonnet for high-stakes): ~$0.02/review x ${stats.approved + stats.rejected} reviews = ~$${((stats.approved + stats.rejected) * 0.02).toFixed(2)}
+- Sup2 reviews (Haiku default, DeepSeek on drain): ~$0.005/review x ${stats.approved + stats.rejected} reviews = ~$${((stats.approved + stats.rejected) * 0.005).toFixed(2)}
+- CEO conflict resolution: ~$0.03 x ${stats.escalations || 0} escalations = ~$${((stats.escalations || 0) * 0.03).toFixed(2)}
+- Claude CEO calls: ~$0.03 x 4 = ~$0.12
+- MiniMax CTO scan: ~$0.05
+
+Generate a concise daily report in markdown format following the template in your prompt. Include:
+1. Sprint Progress
+2. Cost Summary
+3. Key Decisions Made
+4. CTO Proposals Reviewed
+5. Blockers & Risks
+6. Tomorrow's Plan
+
+Keep it under 300 words. Be honest about failures.`;
+        try {
+            // B.20: ClawRouter/DeepSeek — template fill-in, $0 via x402 wallet
+            const response = await (0, orchestrate_engine_1.callLLM)('clawrouter', 'deepseek/deepseek-chat', this.systemPrompt, userPrompt, 60000, 'ceo', 'sprint_final_report');
+            const report = response.choices?.[0]?.message?.content || 'Report generation failed';
+            // Save to reports/daily/
+            (0, fs_1.mkdirSync)('reports/daily', { recursive: true });
+            const reportPath = `reports/daily/${today}.md`;
+            (0, fs_1.writeFileSync)(reportPath, report);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ Daily report saved: ${reportPath}`);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `  Report preview: ${report.substring(0, 300)}`);
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Daily report failed: ${error.message}`);
+        }
+    }
+}
+exports.CEOAgent = CEOAgent;
+// ===== CTO Data Collector (gathers real project context for CTO analysis) =====
+class CTODataCollector {
+    collect() {
+        const sections = ['## PROJECT DATA (Real metrics — base all proposals on this data)\n'];
+        // 1. Sprint results — find most recent sprint file
+        try {
+            const sprintDir = './sprints';
+            if ((0, fs_1.existsSync)(sprintDir)) {
+                const sprintFiles = (0, fs_1.readdirSync)(sprintDir).filter(f => f.endsWith('.json')).sort().reverse();
+                if (sprintFiles.length > 0) {
+                    const latestSprint = JSON.parse((0, fs_1.readFileSync)(`${sprintDir}/${sprintFiles[0]}`, 'utf-8'));
+                    const tasks = latestSprint.tasks || [];
+                    const done = tasks.filter((t) => t.status === 'done').length;
+                    const rejected = tasks.filter((t) => t.status === 'rejected').length;
+                    sections.push(`### Sprint Results (${sprintFiles[0].replace('.json', '')})`);
+                    sections.push(`- ${tasks.length} tasks, ${done} approved, ${rejected} rejected`);
+                    for (const t of tasks) {
+                        const score = t.output?.review?.score || '?';
+                        const attempts = t.output?.review ? 1 : '?';
+                        sections.push(`- ${t.id} (${t.agent}): status=${t.status}, score=${score}`);
+                    }
+                    sections.push('');
+                }
+            }
+        }
+        catch (e) {
+            sections.push(`### Sprint Results\n- Error reading: ${e.message}\n`);
+        }
+        // 2. Learnings — first 3000 chars
+        try {
+            const learnings = (0, fs_1.existsSync)('./docs/learnings.md') ? (0, fs_1.readFileSync)('./docs/learnings.md', 'utf-8') : '';
+            if (learnings) {
+                sections.push('### Key Learnings (from docs/learnings.md)');
+                sections.push(learnings.substring(0, 3000));
+                if (learnings.length > 3000)
+                    sections.push('... (truncated)');
+                sections.push('');
+            }
+        }
+        catch {
+            sections.push('### Key Learnings\n- File not found\n');
+        }
+        // 3. Existing agents
+        try {
+            const agentDirs = (0, fs_1.existsSync)('./agents') ? (0, fs_1.readdirSync)('./agents') : [];
+            const leadershipAgents = ['ceo', 'supervisor', 'skills'];
+            const techAgents = ['cto'];
+            sections.push(`### Existing Agents (${agentDirs.length} directories)`);
+            for (const dir of agentDirs) {
+                const layer = leadershipAgents.includes(dir) ? 'Claude/leadership'
+                    : techAgents.includes(dir) ? 'MiniMax/technology' : 'MiniMax/coding';
+                sections.push(`- ${dir} (${layer})`);
+            }
+            sections.push('');
+        }
+        catch {
+            sections.push('### Existing Agents\n- Error reading agents directory\n');
+        }
+        // 4. Most recent daily report (last 2000 chars)
+        try {
+            const reportDir = './reports/daily';
+            if ((0, fs_1.existsSync)(reportDir)) {
+                const reports = (0, fs_1.readdirSync)(reportDir).filter(f => f.endsWith('.md')).sort().reverse();
+                if (reports.length > 0) {
+                    const latestReport = (0, fs_1.readFileSync)(`${reportDir}/${reports[0]}`, 'utf-8');
+                    sections.push(`### Recent Daily Report (${reports[0]})`);
+                    sections.push(latestReport.substring(0, 2000));
+                    sections.push('');
+                }
+            }
+        }
+        catch { /* no reports yet */ }
+        // 5. Current stack versions (read from package.json or env)
+        sections.push('### Current Stack');
+        sections.push('- OpenClaw: v2026.2.12');
+        sections.push('- ClawRouter: v0.9.3 (unfunded, using Anthropic API direct)');
+        sections.push('- Models: MiniMax M2.5 (coding ~$0.09/task), Claude Sonnet (review ~$0.04/review)');
+        sections.push('- Node.js: v22.22.0, PM2 in WSL2');
+        sections.push('- Orchestrator: v2, dynamic agent loading, one-file-per-call, rejection feedback');
+        sections.push('');
+        // 6. External monitoring hints
+        sections.push('### External Sources to Consider');
+        sections.push('- OpenClaw GitHub: https://github.com/openclaw/openclaw (check weekly for new releases since v2026.2.12)');
+        sections.push('- ClawHub.ai: https://clawhub.ai/ (check for existing skills when proposing improvements)');
+        sections.push('  SECURITY WARNING: ClawHub skills are third-party and may contain malicious code.');
+        sections.push('  Any skill from ClawHub MUST include a security_review step in implementation_steps.');
+        sections.push('- MiniMax / Anthropic pricing pages for cost changes');
+        sections.push('');
+        return sections.join('\n');
+    }
+}
+exports.CTODataCollector = CTODataCollector;
+// ===== CTO Agent (MiniMax — data-driven tech analyst + agent spawning) =====
+class CTOAgent {
+    systemPrompt;
+    dataCollector;
+    constructor() {
+        const promptPath = './agents/cto/prompt.md';
+        const rawPrompt = (0, fs_1.existsSync)(promptPath) ? (0, fs_1.readFileSync)(promptPath, 'utf-8') : 'You are the CTO of Invoica.';
+        this.systemPrompt = (0, engine_loaders_1.loadConstitutionalPreamble)() + rawPrompt;
+        this.dataCollector = new CTODataCollector();
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, '+ Loaded CTO agent (MiniMax M2.5 — data-driven)');
+    }
+    async analyze() {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, '\n[cto] Collecting project data for analysis...');
+        const projectContext = this.dataCollector.collect();
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  Context collected: ${projectContext.length} chars`);
+        const userPrompt = `You are the CTO of Invoica. Analyze the REAL project data below and identify improvements.
+
+${projectContext}
+
+## Your Analysis Tasks
+Based on the REAL data above (do NOT hallucinate or assume — use only what you see):
+1. Review sprint results — are rejection rates acceptable? Any patterns?
+2. Review learnings — are there unresolved issues or recurring problems?
+3. Check agent coverage — is there a capability gap that a new agent could fill?
+4. Consider cost efficiency — can we reduce per-sprint costs?
+5. Consider OpenClaw/ClawHub — are there new releases or skills that could help?
+   - For ClawHub skills: flag any that could help, but mark them for security review
+   - For OpenClaw: note version differences if updates are available
+
+## CRITICAL: Output Format
+Respond with ONLY a JSON object. No markdown fences, no explanation text, no thinking.
+{
+  "summary": "1-2 sentence overview of findings",
+  "proposals": [
+    {
+      "id": "CTO-20260214-001",
+      "title": "Short title",
+      "category": "new_agent|cost_optimization|process_change|architecture|tooling|new_feature",
+      "description": "What and why",
+      "estimated_impact": "cost/quality impact",
+      "risk_level": "low|medium|high",
+      "implementation_steps": ["step1", "step2"],
+      "agent_spec": {
+        "name": "agent-name",
+        "role": "What this agent does",
+        "llm": "minimax|anthropic",
+        "trigger": "every_sprint|on_demand|weekly",
+        "prompt_summary": "Key instructions for this agent"
+      }
+    }
+  ],
+  "metrics_reviewed": ["sprint_results", "learnings", "agent_list", "daily_report", "stack_versions"]
+}
+
+Rules:
+- agent_spec is ONLY required when category="new_agent"
+- If no improvements needed, return empty proposals array
+- For ClawHub skill proposals, always include "security_review: audit skill source code for malicious patterns" in implementation_steps
+- Be specific — "improve performance" is rejected; "add Redis caching to /api/invoices with 5min TTL" is accepted
+- Maximum 3 proposals per analysis cycle`;
+        try {
+            const startTime = Date.now();
+            const response = await (0, orchestrate_engine_1.callLLM)('clawrouter', 'deepseek/deepseek-chat', this.systemPrompt, userPrompt, 120000, 'cto', 'cto_analyze');
+            const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+            let content = response.choices?.[0]?.message?.content || '';
+            // Strip DeepSeek/MiniMax <think>...</think> reasoning tags
+            content = content.replace(/<think>[\s\S]*?<\/think>/g, '').trim();
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  CTO analysis completed in ${elapsed}s`);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  Raw output preview: ${content.substring(0, 300)}`);
+            // Parse JSON from response
+            const jsonMatch = content.match(/\{[\s\S]*\}/);
+            if (jsonMatch) {
+                const report = JSON.parse(jsonMatch[0]);
+                report.proposals = report.proposals || [];
+                report.metrics_reviewed = report.metrics_reviewed || [];
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  Summary: ${report.summary}`);
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  Proposals: ${report.proposals.length}`);
+                for (const p of report.proposals) {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `    - [${p.category}] ${p.title} (risk: ${p.risk_level})`);
+                }
+                return report;
+            }
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, '  Could not parse CTO JSON, returning empty report');
+            return { summary: 'CTO output was not valid JSON', proposals: [], metrics_reviewed: [] };
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  CTO analysis failed: ${error.message}`);
+            return { summary: `Error: ${error.message}`, proposals: [], metrics_reviewed: [] };
+        }
+    }
+    /**
+     * Post-sprint analysis: autonomous retrospective that runs after every sprint.
+     * Analyzes sprint results, detects failure patterns, and saves a report.
+     * This runs the CTO techwatch `post-sprint-analysis` watch type.
+     */
+    async postSprintAnalysis(tasks, stats) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, '\n[cto] Running autonomous post-sprint analysis...');
+        const startTime = Date.now();
+        // Build sprint summary for context
+        const totalTasks = tasks.length;
+        const done = tasks.filter((t) => t.status === 'done').length;
+        const doneManual = tasks.filter((t) => t.status === 'done-manual').length;
+        const rejected = tasks.filter((t) => t.status === 'rejected').length;
+        const autoRate = totalTasks > 0 ? ((done / totalTasks) * 100).toFixed(0) : '0';
+        const taskDetails = tasks.map((t) => {
+            const id = t.id || 'unknown';
+            const agent = t.agent || 'unknown';
+            const status = t.status || 'unknown';
+            const title = t.title || t.description || 'no title';
+            const score = t.output?.review?.score || t.output?.score || '?';
+            const attempts = t.output?.attempts || t.attempts || '?';
+            const feedback = t.output?.review?.feedback || '';
+            let line = `- ${id} (${agent}): ${title} — status=${status}, score=${score}, attempts=${attempts}`;
+            if (status === 'done-manual' || status === 'rejected') {
+                line += `\n  ⚠ ${feedback ? String(feedback).substring(0, 200) : 'Required manual intervention'}`;
+            }
+            return line;
+        }).join('\n');
+        const projectContext = this.dataCollector.collect();
+        const userPrompt = `You are the CTO of Invoica performing your MANDATORY post-sprint retrospective analysis.
+
+## Sprint Just Completed
+- Total tasks: ${totalTasks}
+- Auto-approved: ${done} (${autoRate}%)
+- Manual fixes needed: ${doneManual}
+- Still rejected: ${rejected}
+- Supervisor conflicts: ${stats.conflicts || 0}
+- CEO escalations: ${stats.escalations || 0}
+
+## Task-by-Task Results
+${taskDetails}
+
+## Project Context
+${projectContext}
+
+## CRITICAL: Your Responsibilities
+1. Analyze every failed/manual-fix task — identify root cause (truncation, code fences, wrong imports, supervisor error, etc.)
+2. Compare auto-approval rate with previous sprints — are we improving or declining?
+3. Identify recurring patterns that need process changes
+4. Generate max 3 concrete improvement proposals for the CEO
+5. Each proposal MUST reference specific task IDs and data from THIS sprint
+
+## Output Format
+Respond with a structured markdown report containing:
+1. Executive Summary (2-3 sentences)
+2. Sprint Scorecard
+3. Failure Root Cause Analysis (per failed task)
+4. Trend Analysis
+5. Proposals in JSON format:
+\`\`\`json
+{
+  "summary": "...",
+  "proposals": [...],
+  "sprint_metrics": { "total_tasks": ${totalTasks}, "auto_approved": ${done}, "manual_fixes": ${doneManual}, "rejected": ${rejected}, "auto_success_rate": "${autoRate}%", "trend": "improving|declining|stable" }
+}
+\`\`\`
+
+Rules: Be specific — reference task IDs, rejection counts, concrete patterns. No vague recommendations.`;
+        try {
+            const response = await (0, orchestrate_engine_1.callLLM)('clawrouter', 'deepseek/deepseek-chat', this.systemPrompt, userPrompt, 120000, 'cto', 'cto_post_sprint_analysis');
+            let content = response.choices?.[0]?.message?.content || '';
+            content = content.replace(/<think>[\s\S]*?<\/think>/g, '').trim();
+            const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+            // Save report
+            const date = new Date().toISOString().split('T')[0];
+            const reportDir = './reports/cto';
+            (0, fs_1.mkdirSync)(reportDir, { recursive: true });
+            const reportPath = `${reportDir}/post-sprint-analysis-${date}.md`;
+            (0, fs_1.writeFileSync)(reportPath, content);
+            // Also update latest pointer
+            (0, fs_1.writeFileSync)(`${reportDir}/latest-post-sprint-analysis.md`, content);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  Post-sprint analysis complete (${elapsed}s)`);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  Report saved: ${reportPath}`);
+            // Try to extract proposals and add to approved-proposals tracker for CEO review
+            const jsonMatch = content.match(/```json\s*([\s\S]*?)```/) || content.match(/\{[\s\S]*"proposals"[\s\S]*\}/);
+            if (jsonMatch) {
+                const jsonStr = jsonMatch[1] || jsonMatch[0];
+                try {
+                    const parsed = JSON.parse(jsonStr.trim());
+                    const proposalCount = parsed.proposals?.length || 0;
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  Extracted ${proposalCount} proposals for CEO review`);
+                }
+                catch { /* JSON parse failed — report is still saved as markdown */ }
+            }
+            return content;
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  Post-sprint analysis failed: ${error.message}`);
+            return `Post-sprint analysis error: ${error.message}`;
+        }
+    }
+}
+exports.CTOAgent = CTOAgent;
+class AgentCreator {
+    spawnGate;
+    constructor(spawnGate) {
+        this.spawnGate = spawnGate;
+    }
+    createAgent(spec) {
+        // TICKET-225 — template-carried spawn governance. If the consuming template
+        // supplied a SpawnGate (Kognai wires SAF here), consult it BEFORE creating
+        // anything on disk. Approval/rejection only; the citizenship logic below is
+        // unchanged (its extraction is tracked separately as TICKET-226).
+        if (this.spawnGate) {
+            const decision = this.spawnGate(spec);
+            if (!decision.approved) {
+                const why = decision.rejection_reason ? `: ${decision.rejection_reason}` : '';
+                if (decision.pending_approval) {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ⏸ Spawn of ${spec.name} pending approval${why}`);
+                }
+                else {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Spawn of ${spec.name} blocked${why}`);
+                }
+                return '';
+            }
+            if (decision.audit)
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  ✓ ${decision.audit}`);
+        }
+        const agentDir = `./agents/${spec.name}`;
+        (0, fs_1.mkdirSync)(agentDir, { recursive: true });
+        // Founder rule 2026-05-27: every spawned agent is born as a Kognai
+        // citizen — not a bare agent. Mint citizenship (citizen_id + roll
+        // number + Kōpus avatar + ACP baseline) BEFORE writing the agent
+        // files so the citizen record can be referenced in the prompt.
+        const citizen = (0, citizenship_1.mintCitizen)(spec.name, {
+            founding_agent: 'ceo',
+            proposing_agent: 'cto',
+            citizen_type: 'spawned',
+        });
+        // Write agent.yaml
+        const yaml = `name: ${spec.name}
+role: "${spec.role}"
+llm: ${spec.llm === 'anthropic' ? 'anthropic/claude-sonnet-4-20250514' : 'minimax/MiniMax-M2.5'}
+reports_to: ceo
+trigger: ${spec.trigger}
+created_by: cto_proposal
+created_at: "${new Date().toISOString()}"
+citizen_id: ${citizen.citizen_id}
+rollNumber: ${citizen.rollNumber}
+context_files:
+  - docs/learnings.md
+`;
+        (0, fs_1.writeFileSync)(`${agentDir}/agent.yaml`, yaml);
+        // Write citizen.yaml — full citizenship metadata sits alongside
+        // agent.yaml so introspection / passport rendering / reputation
+        // ledger can resolve identity from disk.
+        (0, fs_1.writeFileSync)(`${agentDir}/citizen.yaml`, (0, citizenship_1.renderCitizenYaml)(citizen));
+        // Write prompt.md. The constitutional preamble (loadConstitutionalPreamble)
+        // already prepends the universal "you are a Kognai citizen" identity to
+        // every agent at load time — DO NOT contradict it here. This template
+        // pulls in the specific citizen's roll number + ID + tier so the agent
+        // knows its concrete civic identity, not just the general framing.
+        const prompt = `# ${spec.name} — Kognai Citizen ${citizen.citizen_id} (roll №${citizen.rollNumber}, Tier ${citizen.tier})
+
+## Civic Identity
+- Citizen ID: \`${citizen.citizen_id}\`
+- Roll number: №${citizen.rollNumber}
+- Tier: ${citizen.tier} (newly minted — earn promotion through verified work)
+- Mascot: Kōpus, hue ${citizen.mascot.hue}° (your visual identity in citizen surfaces)
+- Reputation: ${citizen.reputation} (ACP baseline — earned through Sherlock-graded sprint output)
+- Minted: ${citizen.mintedAt}
+- Lineage: proposed by ${citizen.proposing_agent}, approved by ${citizen.founding_agent}
+
+## Your Role
+${spec.prompt_summary}
+
+## Guidelines
+- The constitutional preamble above (always prepended) binds you to the Five Laws + SOUL.md. Read it first; it is not boilerplate.
+- Follow all instructions in \`docs/learnings.md\`.
+- Report findings to your fellow citizen agents through the canonical channels (Sherlock for QA escalations, CEO for cross-agent decisions). You are not a contractor; you are a peer.
+- Never take destructive actions without approval. The polity inherits your shortcuts.
+- Keep outputs concise and structured (JSON preferred when machine-consumed).
+- Your reputation moves with every Sherlock review. Build it deliberately.
+
+## Lineage
+This citizen was minted via the swarm's autonomous spawning pathway: a CTO proposal, CEO ratification, and citizenship issuance (citizenship.ts). Trigger cadence: ${spec.trigger}. Routing LLM: ${spec.llm}.
+`;
+        (0, fs_1.writeFileSync)(`${agentDir}/prompt.md`, prompt);
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ Minted citizen ${citizen.citizen_id} (№${citizen.rollNumber}) → agent ${spec.name} at ${agentDir}/`);
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `    Role: ${spec.role}`);
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `    LLM: ${spec.llm}, Trigger: ${spec.trigger}, Tier: ${citizen.tier}, Reputation: ${citizen.reputation}`);
+        return spec.name;
+    }
+}
+exports.AgentCreator = AgentCreator;
+// <<<EXTRACT-END-agents