@kognai/orchestrator-core 0.1.1 → 0.1.3

package/dist/lib/engine-coding-agent.js

@@ -0,0 +1,890 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CodingAgent = void 0;
+/**
+ * engine-coding-agent.ts — CodingAgent extracted from orchestrate-engine.ts
+ * (TICKET-231 engine split). Imports shared primitives (log/callLLM/etc.) + the
+ * AgentTask/ReviewResult types back from the engine via a runtime-safe circular import.
+ */
+const fs_1 = require("fs");
+const child_process_1 = require("child_process");
+const failure_library_1 = require("./failure-library");
+const orchestrate_engine_1 = require("./orchestrate-engine");
+class CodingAgent {
+    name;
+    systemPrompt;
+    constructor(name, systemPrompt) { this.name = name; this.systemPrompt = systemPrompt; }
+    async execute(task, previousReview) {
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `\n[${this.name}] Executing: ${task.id} (${task.priority})`);
+        const deliverables = [...(task.deliverables.code || []), ...(task.deliverables.tests || []), ...(task.deliverables.docs || [])];
+        // Complexity-aware model routing:
+        // Claude Sonnet → complex tasks (many files, complex keywords, large existing files)
+        // MiniMax M2.5  → simple tasks (small edits, config, stubs) + truncation retry as safety net
+        let { provider, model, routingReason } = await (0, orchestrate_engine_1.assessTaskComplexity)(task, deliverables);
+        // 2026-05-28 model-escalation pact (consumes flag set in Orchestrator.executeTask
+        // after a TRUNCATION or INTEGRITY_FAILED rejection). When the cheap default
+        // (DeepSeek) couldn't hold the file's contract on a prior attempt, upgrade
+        // THIS attempt to Sonnet via ClawRouter — deterministic, no LLM round-trip,
+        // routed through the existing x402 wallet rail. Cleared after consumption so
+        // a subsequent un-escalated reason doesn't piggyback off the upgrade.
+        const escalation = task._escalateNext;
+        if (escalation) {
+            provider = 'clawrouter';
+            model = 'anthropic/claude-sonnet-4.6';
+            routingReason = `ESCALATE: prior attempt ${escalation} → ClawRouter/Sonnet (was: ${routingReason})`;
+            delete task._escalateNext;
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.magenta, `  ⤴ [ESCALATE] ${task.id}: prior ${escalation} → upgrading to ${model}`);
+        }
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> Using ${model} [${routingReason}]`);
+        // B.12: Compress context before cloud calls to reduce token spend 70-80%
+        if (provider === 'clawrouter' || provider === 'anthropic') {
+            task = { ...task, context: await (0, orchestrate_engine_1.compressContext)(task.context) };
+        }
+        // Sprint-063: Emit JSONL routing log (non-fatal — never block execution)
+        try {
+            (0, fs_1.mkdirSync)('logs/routing', { recursive: true });
+            const { generateExecutionId, logRoutingDecision } = await Promise.resolve().then(() => __importStar(require('./task-router')));
+            const sprintId = task.sprint_id ?? 'unknown';
+            const execId = task.execution_id ?? generateExecutionId(sprintId, task.id);
+            logRoutingDecision({
+                execution_id: execId,
+                sprint_id: sprintId,
+                task_id: task.id,
+                task_target: (task.task_target ?? 'cloud-code'),
+                provider,
+                model,
+                queued_at: task.queued_at ?? new Date().toISOString(),
+                execution_source: 'orchestrate-agents-v2',
+            });
+        }
+        catch (err) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  [WARN] Routing log write failed: ${err.message}`);
+        }
+        // Pre-flight: only enforce pre-existence for tasks that genuinely modify
+        // existing files in place. Everything else (create / research / feature /
+        // docs / content / audit / setup / etc.) is allowed to produce new files.
+        // Inverted from the prior opt-out list because new task types kept being
+        // added that legitimately create files (research, content_creation, audit,
+        // implementation, setup) and tripped pre-flight by default — sprint-1548
+        // amd24_research being the recent example.
+        const MODIFY_TYPES = new Set(['modify', 'bugfix', 'fix', 'edit', 'refactor', 'enhancement']);
+        if (MODIFY_TYPES.has(task.type)) {
+            const missing = deliverables.filter(f => !(0, fs_1.existsSync)(f));
+            if (missing.length > 0) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Pre-flight FAILED: File(s) not found: ${missing.join(', ')}`);
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Skipping task ${task.id} — deliverable files do not exist in repo`);
+                throw new Error(`PREFLIGHT_FAILED: Files not found: ${missing.join(', ')}`);
+            }
+        }
+        // Pre-flight: validate new-file paths are inside real project directories
+        // CEO sometimes hallucinates paths like 'agents/src/core/' or 'packages/agents/src/'
+        // which don't exist. Catch these before generating anything.
+        const VALID_PATH_PREFIXES = [
+            'backend/', 'frontend/', 'agents/', 'scripts/', 'shared/',
+            'website/', 'docs-site/', 'apps/', 'sdk/', 'x402-base/', 'x402-evm/', 'x402-test/',
+            'supabase/', 'infrastructure/',
+            // Kognai v16 directories (S68)
+            'acp/', 'codebook/', 'failure-library/', 'skills/', 'skill-bank/',
+            // Kognai runtime paths (S66-002)
+            'runtime/', 'dashboard/', 'kognai-agents/', 'workspace/', 'docs/', 'logs/', 'tests/',
+            // Public surfaces + npm packages (sprint-1548, sprint-1549)
+            'landing/', 'packages/', 'data/',
+            // Smart contracts (sprint-1571 — KognaiSkin ERC-721 + EIP-5192 soulbound)
+            'contracts/',
+        ];
+        // Invalid patterns: paths that look like monorepo sub-dirs that don't exist
+        const INVALID_PATH_PATTERNS = [
+            /^agents\/src\//, // agents/src/... — real agent dirs are agents/<name>/
+            /^src\/agents\//, // no src/agents/ dir
+        ];
+        for (const filepath of deliverables) {
+            // Root-level dotfiles, config files, and absolute paths are always valid.
+            // Absolute paths (starting with /) indicate cross-project tasks (e.g., Voxight).
+            const isRootFile = !filepath.includes('/') || filepath.startsWith('.') || filepath.startsWith('/');
+            const isValidPrefix = isRootFile || VALID_PATH_PREFIXES.some(p => filepath.startsWith(p));
+            const isInvalidPattern = INVALID_PATH_PATTERNS.some(r => r.test(filepath));
+            if (!isValidPrefix || isInvalidPattern) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Path validation FAILED: "${filepath}" is not in a valid project directory`);
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Valid prefixes: ${VALID_PATH_PREFIXES.join(', ')}`);
+                throw new Error(`INVALID_PATH: "${filepath}" is not in a recognized project directory`);
+            }
+        }
+        let rejectionContext = '';
+        if (previousReview && previousReview.verdict !== 'APPROVED') {
+            const issueList = (previousReview.issues || []).map(i => `- [${i.severity}] ${i.file}: ${i.description}`).join('\n');
+            rejectionContext = `\n## IMPORTANT: Previous Attempt Was REJECTED\nScore: ${previousReview.score}/100. Reason: ${previousReview.summary}\n\nSpecific issues to fix:\n${issueList}\n\nYou MUST address ALL issues.\n`;
+        }
+        // TICKET-152 Gap 2: cross-run failure memory. `previousReview` only remembers
+        // THIS run's attempts; the failure-library remembers every prior rejection of
+        // this task across all sprints (e.g. ksl_batch_runner's 75 truncation rejects).
+        // Inject the persistent avoidance brief so a task that has failed before sees
+        // its own history — even on attempt 1 of a fresh run. Bounded (≤5 attempts,
+        // truncated reasons) and best-effort: retrieval must never block execution.
+        try {
+            const prior = (0, failure_library_1.retrieveTaskFailures)(task.id);
+            if (prior.brief)
+                rejectionContext += `\n${prior.brief}\n`;
+        }
+        catch { /* non-fatal — never block execution on retrieval */ }
+        const createdFiles = [];
+        for (let i = 0; i < deliverables.length; i++) {
+            const filepath = deliverables[i];
+            // TICKET-090: EDIT-MODE — for surgical-edit tasks on existing files, ask
+            // the LLM for a list of {old, new} substitutions instead of regenerating
+            // the whole file. Drops output tokens ~10× (4kB file rewrite → ~200B
+            // diff) and slashes wall-clock under the 25-min PER_RUN_HARD_TIMEOUT.
+            //
+            // TICKET-209 (2026-05-29): broadened engagement. Previously gated behind
+            // ~9 narrow-scope context keywords AND file ≥50 lines, so founder-authored
+            // modify tasks (TICKET-204, TICKET-207) that didn't use the exact magic
+            // phrases fell into regenerate-mode and blew the 100k token budget
+            // (~313k tokens spent on a 5-edit task to a 700-line file).
+            //
+            // Now engages when:
+            //   (a) file exists AND is at least 50 lines (unchanged)
+            //   (b) EITHER task.type is in MODIFY_TYPES (new default for all modify tasks)
+            //       OR task context contains the legacy narrow-scope keywords
+            //       ("ONE LINE EDIT", "SINGLE FIELD", "MINIMAL EDIT", "rename only",
+            //        "single property", "verify-only", "literal-string",
+            //        "DO NOT regenerate", "surgical", "no-op verify", "MUST still start")
+            // Falls back to regenerate-mode if the LLM's edit response is malformed
+            // or any `old` substring isn't uniquely present in the file.
+            const existingLineCount = (0, fs_1.existsSync)(filepath)
+                ? (0, fs_1.readFileSync)(filepath, 'utf-8').split('\n').length
+                : 0;
+            const hasNarrowScopeKeywords = /\b(ONE LINE EDIT|SINGLE FIELD|MINIMAL EDIT|rename only|single property|verify-only|literal[- ]string|DO NOT regenerate|surgical|no-op verify|MUST still start)\b/i.test(task.context || '');
+            const isModifyTask = MODIFY_TYPES.has(task.type);
+            const editModeEligible = (0, fs_1.existsSync)(filepath)
+                && existingLineCount >= 50
+                && (isModifyTask || hasNarrowScopeKeywords);
+            if (editModeEligible) {
+                const edited = await this.tryEditMode(filepath, task, rejectionContext, provider, model);
+                if (edited !== null) {
+                    createdFiles.push({ path: filepath, content: edited });
+                    continue; // success, skip regenerate-mode for this file
+                }
+                // 2026-05-27 diagnostic patch: for MODIFY tasks on large files, refuse
+                // the regenerate-mode fallback. Regeneration of a 200+ line file from
+                // scratch trips the integrity-check (which preserves the original on
+                // disk) — net result is a silent no-op. Better to surface the failure
+                // with a structured reason than to log "No files produced" with no
+                // context. Founder triage: split the file, not the task.
+                const existingLines = (0, fs_1.existsSync)(filepath) ? (0, fs_1.readFileSync)(filepath, 'utf-8').split('\n').length : 0;
+                if (MODIFY_TYPES.has(task.type) && existingLines > 150) {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Edit-mode FAILED and regenerate-mode REFUSED for ${filepath} (${existingLines} lines, MODIFY task — split file, not task)`);
+                    task._failureReasons = [
+                        ...(task._failureReasons || []),
+                        `edit-mode-empty:${filepath}:${existingLines}lines`,
+                    ];
+                    continue; // skip this deliverable — surfaces via silent-failure enrichment upstream
+                }
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Edit-mode fell back to regenerate-mode for ${filepath}`);
+            }
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> Generating file ${i + 1}/${deliverables.length}: ${filepath}`);
+            const priorCtx = createdFiles.length > 0
+                ? '\n## Already Generated Files\n' + createdFiles.map(f => `### ${f.path}\n\`\`\`typescript\n${f.content.substring(0, 2000)}\n\`\`\``).join('\n\n') + '\n'
+                : '';
+            const fileList = deliverables.map((f, idx) => `${idx + 1}. ${f}${f === filepath ? ' ← THIS ONE' : ''}`).join('\n');
+            const isTestFile = filepath.includes('test') || filepath.includes('spec');
+            const existingLines = (0, fs_1.existsSync)(filepath) ? (0, fs_1.readFileSync)(filepath, 'utf-8').split('\n').length : 0;
+            const existingContent = (0, fs_1.existsSync)(filepath)
+                ? `\n\n## EXISTING FILE — SURGICAL EDIT ONLY\nDo NOT rewrite the entire file. Output the COMPLETE updated file with your changes merged in.\nIf you add a function, append it. If you edit a line, change only that line.\nFile has ${existingLines} lines — preserve ALL existing code.\n\n### Current Content\n\`\`\`typescript\n${(0, fs_1.readFileSync)(filepath, 'utf-8').substring(0, 3000)}\n\`\`\`\n`
+                : `\n\n## Note: This is a NEW file — create it from scratch.\n`;
+            const testConstraint = isTestFile
+                ? `\n\n## CRITICAL: TEST FILE SIZE LIMIT
+This is a test file. You MUST keep it SHORT to avoid truncation:
+- Maximum 5-6 test cases (describe + it blocks)
+- Maximum 80 lines total
+- NO verbose setup — use inline mocks
+- NO redundant tests — one test per behavior
+- Cover: happy path, error case, edge case, defaults — that's it
+- If you write more than 80 lines, the file WILL be truncated and REJECTED\n`
+                : '';
+            // EXACT CONTENT mode: task description contains code block(s) with the exact file content.
+            // Extract them deterministically and bypass LLM to prevent model hallucination.
+            // This is the correct fix for "EXACT CONTENT:" tasks — the model must NOT interpret
+            // the spec, it must copy it verbatim. Bypass the LLM entirely for these tasks.
+            // NOTE: check task.description first — when sprint JSON has BOTH description AND context fields,
+            // the normalization at loadTasks() only copies description→context when context is absent.
+            // EXACT CONTENT blocks always live in the description field.
+            const rawSpec = task.description ?? task.context;
+            const exactBlocks = [...rawSpec.matchAll(/EXACT CONTENT:\s*\n\n?```[\w.+-]*\n([\s\S]*?)```(?:\n|$)/g)]
+                .map((m) => m[1].trimEnd());
+            if (exactBlocks.length > 0) {
+                // Use block[i] for deliverable[i] when multiple blocks present; else use block[0]
+                const exactFileContent = exactBlocks.length > i ? exactBlocks[i] : exactBlocks[0];
+                const blockLabel = `block ${Math.min(i, exactBlocks.length - 1) + 1}/${exactBlocks.length}`;
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  -> EXACT CONTENT mode: ${filepath} (${blockLabel}) — deterministic, no LLM`);
+                createdFiles.push({ path: filepath, content: exactFileContent });
+                continue;
+            }
+            const userPrompt = `You are ${this.name}, a coding agent at Countable.
+${rejectionContext}
+## Task
+${task.context}
+
+## All Deliverable Files
+${fileList}
+
+## Generate ONLY: ${filepath}
+${existingContent}${priorCtx}${testConstraint}
+Write ONLY the content for "${filepath}". Rules:
+- S64-001: Output the raw file content using FILE: format as described in the system prompt
+- Do NOT wrap output in markdown code fences (\`\`\`) — for .md files especially, output RAW markdown text, NOT inside a \`\`\`markdown or \`\`\`typescript block
+- For .sh/.bash scripts, start with #!/bin/bash — do NOT wrap in a code fence
+- Production quality, no TODOs or placeholders
+- Include all imports, types, error handling
+- If this file depends on others listed above, import from them correctly
+- No explanatory text — output file content only`;
+            try {
+                const startTime = Date.now();
+                const response = await (0, orchestrate_engine_1.callLLM)(provider, model, this.systemPrompt, userPrompt, 480000, this.name, task.id); // 8 min — qwen3:14b needs time for large files
+                const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+                let content = response.choices?.[0]?.message?.content || '';
+                // Strip MiniMax <think>...</think> tags that leak into responses
+                content = content.replace(/<think>[\s\S]*?<\/think>/g, '').trim();
+                const tokens = response.usage?.total_tokens || 0;
+                // Check for MiniMax errors
+                if (response.base_resp?.status_code && response.base_resp.status_code !== 0) {
+                    throw new Error(`MiniMax API error: ${response.base_resp.status_msg}`);
+                }
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> Response: ${elapsed}s, ${tokens} tokens, ${content.length} chars`);
+                // CTO-005: Extract code from fenced block with enhanced fence stripping
+                const codeBlocks = this.extractCodeBlocks(content);
+                let fileContent;
+                if (codeBlocks.length === 0) {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! No code block found for ${filepath}, using raw content (with fence strip)`);
+                    fileContent = this.stripResidualFences(content);
+                }
+                else {
+                    fileContent = codeBlocks[0];
+                }
+                // CTO-005: Final fence sanitization BEFORE adding to createdFiles
+                // CEO condition: stripping must happen BEFORE file is written to disk
+                fileContent = this.stripResidualFences(fileContent);
+                // Last-resort nuclear strip: if content still starts with a fence, skip all leading
+                // fence lines and trailing fence. Handles MiniMax ```typescript{ (no newline) pattern.
+                if (/^\s*```/.test(fileContent)) {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Residual fence detected after stripResidualFences — applying nuclear strip for ${filepath}`);
+                    const lines = fileContent.split('\n');
+                    const firstContentLine = lines.findIndex(l => !l.trim().startsWith('```') && l.trim() !== '');
+                    if (firstContentLine > 0) {
+                        fileContent = lines.slice(firstContentLine).join('\n').replace(/\n\s*```\s*$/, '').trim();
+                    }
+                    else if (firstContentLine === -1) {
+                        fileContent = lines.filter(l => !l.trim().startsWith('```')).join('\n').trim();
+                    }
+                }
+                // File-type-aware post-processing: final safety net per file extension
+                fileContent = this.postProcessContent(fileContent, filepath);
+                // B.13: For JSON files that are still invalid after postProcessContent, try qwen3:0.6b repair
+                if (filepath.endsWith('.json')) {
+                    try {
+                        JSON.parse(fileContent);
+                    }
+                    catch {
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! JSON invalid in ${filepath} — attempting qwen3:0.6b repair`);
+                        fileContent = await this.fixJsonWithOllama(fileContent, filepath);
+                    }
+                }
+                // TRUNCATION PRE-CHECK: Detect if MiniMax cut off output mid-function
+                // If code ends inside an open block (unclosed braces) or with an incomplete statement,
+                // retry once with a "continue" prompt before sending to supervisor review.
+                const truncationDetected = this.detectTruncation(fileContent);
+                if (truncationDetected && (provider === 'clawrouter' || provider === 'ollama')) {
+                    (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! TRUNCATION detected in ${filepath} — retrying with continuation prompt...`);
+                    const continuationPrompt = `The previous response for "${filepath}" was TRUNCATED — it ended mid-function or with an incomplete block. Here is what was generated so far:
+
+\`\`\`typescript
+${fileContent.substring(fileContent.length - 1500)}
+\`\`\`
+
+Continue from where it left off and output ONLY the remaining code (no duplicated content). Output a COMPLETE, valid TypeScript/JavaScript file ending with the final closing brace.`;
+                    try {
+                        const contResponse = await (0, orchestrate_engine_1.callLLM)(provider, model, this.systemPrompt, continuationPrompt, 120000, this.name, `${task.id}_continuation`);
+                        let contContent = contResponse.choices?.[0]?.message?.content || '';
+                        contContent = contContent.replace(/<think>[\s\S]*?<\/think>/g, '').trim();
+                        const contBlocks = this.extractCodeBlocks(contContent);
+                        const continuation = contBlocks.length > 0 ? contBlocks[0] : this.stripResidualFences(contContent);
+                        if (continuation.length > 50) {
+                            // Merge: use the original up to the last complete line, then append continuation
+                            fileContent = fileContent + '\n' + continuation;
+                            fileContent = this.stripResidualFences(fileContent);
+                            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ Continuation merged for ${filepath} (+${continuation.length} chars)`);
+                        }
+                    }
+                    catch (contErr) {
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Continuation failed: ${contErr.message}`);
+                    }
+                }
+                createdFiles.push({ path: filepath, content: fileContent });
+            }
+            catch (error) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Failed to generate ${filepath}: ${error.message}`);
+                // Create minimal placeholder so build doesn't break
+                createdFiles.push({ path: filepath, content: `// ERROR: Generation failed - ${error.message}\n// Task: ${task.id}\n` });
+            }
+        }
+        // CTO-004: File integrity check — detect destructive MiniMax rewrites
+        // For bugfix tasks (and feature tasks editing existing files), reject if new file
+        // is <50% the size of the original. Configurable threshold.
+        const INTEGRITY_THRESHOLD = 0.5; // Reject if new < 50% of original
+        const integrityCheckTypes = ['bugfix']; // Task types that always get integrity check
+        const integrityCheckAllExisting = true; // Also check feature tasks editing existing files
+        for (const file of createdFiles) {
+            if ((0, fs_1.existsSync)(file.path)) {
+                try {
+                    const originalContent = (0, fs_1.readFileSync)(file.path, 'utf-8');
+                    const originalLines = originalContent.split('\n').length;
+                    const newLines = file.content.split('\n').length;
+                    const ratio = originalLines > 0 ? newLines / originalLines : 1;
+                    const shouldCheck = integrityCheckTypes.includes(task.type) ||
+                        (integrityCheckAllExisting && originalLines > 10);
+                    if (shouldCheck && ratio < INTEGRITY_THRESHOLD) {
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ INTEGRITY CHECK FAILED: ${file.path}`);
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `    Original: ${originalLines} lines → New: ${newLines} lines (${(ratio * 100).toFixed(0)}%)`);
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `    Possible destructive rewrite detected — file shrank from ${originalLines} to ${newLines} lines`);
+                        // TICKET-091 FIX: ACTUALLY preserve the original. Prior version
+                        // assigned a warning comment to file.content, which the writer
+                        // then wrote to disk as a 4-line stub — destroying the original.
+                        // Read on-disk original so the subsequent writeFileSync is a no-op.
+                        try {
+                            file.content = (0, fs_1.readFileSync)(file.path, 'utf-8');
+                            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `    Original file restored from disk (${originalLines} lines preserved)`);
+                        }
+                        catch (readErr) {
+                            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `    WARN: could not read original from disk: ${(readErr?.message || '').slice(0, 100)}`);
+                        }
+                        task._integrityFailed = true;
+                        task._integrityDetails = `File ${file.path} shrank from ${originalLines} to ${newLines} lines (${(ratio * 100).toFixed(0)}%). Possible destructive rewrite. Original preserved on disk; task should be rejected and retried with edit-mode constraint.`;
+                    }
+                    else if (originalLines > 0) {
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `  -> Integrity OK: ${file.path} (${originalLines} → ${newLines} lines, ${(ratio * 100).toFixed(0)}%)`);
+                    }
+                }
+                catch { /* File exists but can't read — skip check */ }
+            }
+        }
+        // FP-007: File size guard — refuse writes to files >2000 lines
+        // Prevents swarm from destructively rewriting large files (telegram-bot.ts disaster)
+        const FP007_LINE_LIMIT = 2000;
+        for (const file of createdFiles) {
+            if ((0, fs_1.existsSync)(file.path)) {
+                try {
+                    const existingLines = (0, fs_1.readFileSync)(file.path, 'utf-8').split('\n').length;
+                    if (existingLines > FP007_LINE_LIMIT) {
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ FP-007 GUARD: ${file.path} has ${existingLines} lines (limit: ${FP007_LINE_LIMIT})`);
+                        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `    Refusing write — file too large for safe swarm edit. Use plumber edits or split.`);
+                        // BUG-2 (TICKET-231): FP-007 refuses by making the write a NO-OP — preserve the
+                        // original; NEVER write a stub over the file (the TICKET-091 pattern, previously
+                        // only applied to the integrity check above). The task is still rejected via _fp007Blocked.
+                        file.content = (0, fs_1.readFileSync)(file.path, 'utf-8');
+                        task._fp007Blocked = true;
+                    }
+                }
+                catch { /* can't read — allow write */ }
+            }
+        }
+        // Write all files to disk
+        const writtenFiles = [];
+        for (const file of createdFiles) {
+            try {
+                const dir = file.path.substring(0, file.path.lastIndexOf('/'));
+                if (dir)
+                    (0, fs_1.mkdirSync)(dir, { recursive: true });
+                (0, fs_1.writeFileSync)(file.path, file.content);
+                writtenFiles.push(file.path);
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ Written: ${file.path} (${file.content.length} chars)`);
+            }
+            catch (error) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ Write failed: ${file.path}: ${error.message}`);
+            }
+        }
+        // TICKET-205: stub-detection guard. The integrity check at line 2459 only
+        // catches destructive shrink of EXISTING files. For NEW files (type=create),
+        // a coder agent producing a near-empty stub passes through and gets committed
+        // BEFORE dual-review fires. Live incident 2026-05-29: docs/specs/
+        // orchestrator-workspace.md generated as 98-byte stub, dual-rejected 3× at
+        // 20/100, but commit 3ca603315 landed it on main anyway. This guard skips the
+        // commit when any written file is suspiciously small for its type — the file
+        // stays on disk so dual-review can inspect + reject it on its own merits.
+        const STUB_MIN_BYTES = {
+            '.md': 1500, // markdown specs typically ask for many sections
+            '.ts': 200,
+            '.tsx': 200,
+            '.js': 200,
+            '.jsx': 200,
+            '.yaml': 100,
+            '.yml': 100,
+            '.json': 100,
+            '.html': 100,
+            '.css': 100,
+        };
+        const DEFAULT_STUB_MIN = 200;
+        let stubPath = null;
+        let stubSize = 0;
+        let stubMin = 0;
+        for (const path of writtenFiles) {
+            const dotIdx = path.lastIndexOf('.');
+            const ext = dotIdx >= 0 ? path.slice(dotIdx) : '';
+            let min = STUB_MIN_BYTES[ext] ?? DEFAULT_STUB_MIN;
+            // .md only enforces the high threshold when the task context is substantial
+            // (a real spec ask); for short asks (e.g. README scaffolds), use 300.
+            if (ext === '.md' && (task.context?.length ?? 0) < 1500)
+                min = 300;
+            try {
+                const size = (0, fs_1.statSync)(path).size;
+                if (size < min) {
+                    stubPath = path;
+                    stubSize = size;
+                    stubMin = min;
+                    break;
+                }
+            }
+            catch { /* can't stat, skip */ }
+        }
+        if (stubPath) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.red, `  ✗ STUB DETECTED: ${stubPath} (${stubSize} bytes < ${stubMin} expected for ${task.type})`);
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `    Skipping commit — file stays on disk for dual-review to reject. Task will retry.`);
+            task._stubDetected = true;
+            task._stubReason = `Generated file ${stubPath} is ${stubSize} bytes; expected ≥${stubMin} for type=${task.type}`;
+            return { files: writtenFiles, model };
+        }
+        // Commit changes
+        this.commitChanges(task, writtenFiles);
+        return { files: writtenFiles, model };
+    }
+    // TICKET-090: EDIT-MODE — ask the LLM for {old, new} substitutions on an
+    // existing file, instead of regenerating the whole file. Returns the post-
+    // edit file content on success, or null to fall back to regenerate-mode.
+    //
+    // Failure modes that trigger fallback (null):
+    //   - LLM response isn't parseable JSON
+    //   - "edits" key missing or empty
+    //   - any old_str isn't found in the file (typo / hallucination)
+    //   - any old_str appears more than once (ambiguous edit)
+    //   - any edit's "old" is identical to its "new" (no-op disguised)
+    async tryEditMode(filepath, task, rejectionContext, provider, model) {
+        const originalContent = (0, fs_1.readFileSync)(filepath, 'utf-8');
+        const lineCount = originalContent.split('\n').length;
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.cyan, `  -> EDIT-MODE: ${filepath} (${lineCount} lines, surgical-edit task) — diff-only output`);
+        const userPrompt = `You are ${this.name}, a coding agent at Countable, applying a SURGICAL EDIT to an existing file.
+
+${rejectionContext}
+## Task
+${task.context}
+
+## File: ${filepath}
+\`\`\`typescript
+${originalContent}
+\`\`\`
+
+## Output format — JSON object only, no commentary, no fences
+
+{
+  "edits": [
+    {"old": "<exact substring currently in the file>", "new": "<replacement>"}
+  ]
+}
+
+## Rules — VIOLATIONS WILL CAUSE THE TASK TO BE REJECTED
+
+1. Each "old" string MUST appear EXACTLY ONCE in the file. If you need to edit a non-unique substring, include enough surrounding context (a few extra characters before and after) to make it unique.
+2. Each "old" string MUST match the file VERBATIM — same whitespace, same quote style, same indentation. Do not paraphrase.
+3. "new" must be different from "old". No-op edits are rejected.
+4. Prefer FEWER, LARGER edits. 1-3 edits is ideal. 10+ edits suggests you're rewriting — switch to a different approach.
+5. Output ONLY the JSON object. No \`\`\`json fences. No prose before or after.`;
+        let response;
+        try {
+            const startTime = Date.now();
+            response = await (0, orchestrate_engine_1.callLLM)(provider, model, this.systemPrompt, userPrompt, 120_000, this.name, task.id);
+            const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+            const tokens = response.usage?.total_tokens || 0;
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `     edit response: ${elapsed}s, ${tokens} tokens`);
+        }
+        catch (e) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode LLM call failed: ${(e.message || '').slice(0, 120)}`);
+            return null;
+        }
+        let raw = (response.choices?.[0]?.message?.content || '').replace(/<think>[\s\S]*?<\/think>/g, '').trim();
+        // Strip any fences the model added despite instructions (json/jsonc/none)
+        const fenced = raw.match(/```(?:json|jsonc)?\s*([\s\S]*?)```/);
+        if (fenced)
+            raw = fenced[1].trim();
+        // TICKET-092 FIX: walk forward from first `{` tracking brace depth through
+        // string literals (with escape-char handling), extract the FIRST balanced
+        // JSON object. Prior slice(firstBrace,lastBrace+1) caught multi-object
+        // responses + trailing prose as one mega-string and broke JSON.parse.
+        const firstBrace = raw.indexOf('{');
+        if (firstBrace < 0) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: no JSON object in response`);
+            return null;
+        }
+        let depth = 0, inStr = false, strChar = '', escape = false, end = -1;
+        for (let i = firstBrace; i < raw.length; i++) {
+            const ch = raw[i];
+            if (escape) {
+                escape = false;
+                continue;
+            }
+            if (inStr) {
+                if (ch === '\\')
+                    escape = true;
+                else if (ch === strChar)
+                    inStr = false;
+                continue;
+            }
+            if (ch === '"' || ch === "'") {
+                inStr = true;
+                strChar = ch;
+                continue;
+            }
+            if (ch === '{')
+                depth++;
+            else if (ch === '}') {
+                depth--;
+                if (depth === 0) {
+                    end = i;
+                    break;
+                }
+            }
+        }
+        if (end < 0) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: unterminated JSON object (no matching closing brace)`);
+            return null;
+        }
+        raw = raw.slice(firstBrace, end + 1);
+        let parsed;
+        try {
+            parsed = JSON.parse(raw);
+        }
+        catch (e) {
+            // Trailing-comma forgiveness retry (common LLM quirk).
+            try {
+                parsed = JSON.parse(raw.replace(/,(\s*[}\]])/g, '$1'));
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `     edit-mode: trailing-comma repair applied`);
+            }
+            catch {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: JSON parse failed: ${(e.message || '').slice(0, 80)}`);
+                return null;
+            }
+        }
+        const edits = parsed.edits;
+        if (!Array.isArray(edits) || edits.length === 0) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: no edits array or empty`);
+            return null;
+        }
+        let working = originalContent;
+        for (const e of edits) {
+            if (typeof e.old !== 'string' || typeof e.new !== 'string') {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: edit missing string fields`);
+                return null;
+            }
+            if (e.old === e.new) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: no-op edit (old===new): ${e.old.slice(0, 60)}`);
+                return null;
+            }
+            // TICKET-100: per-edit suspicious-shrink guard. If `new` is dramatically
+            // shorter than `old`, the LLM likely matched too greedy a chunk (e.g.
+            // captured the trailing portion of the file in `old` and only included
+            // the first part in `new`, silently truncating). 43475fd56 broke prod
+            // exactly this way: edit removed the tail of generateReport function.
+            // Threshold: if old is >= 200 chars AND new < 30% of old length, reject.
+            if (e.old.length >= 200 && e.new.length < e.old.length * 0.3) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: suspicious shrink — old=${e.old.length} chars, new=${e.new.length} chars (< 30%). Rejecting to avoid truncation.`);
+                return null;
+            }
+            const occurrences = working.split(e.old).length - 1;
+            if (occurrences === 0) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: old_str not found in file: "${e.old.slice(0, 80)}"`);
+                return null;
+            }
+            if (occurrences > 1) {
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: old_str appears ${occurrences}× (must be unique): "${e.old.slice(0, 80)}"`);
+                return null;
+            }
+            working = working.replace(e.old, e.new);
+        }
+        // TICKET-100: post-edit integrity check. Same INTEGRITY_THRESHOLD pattern
+        // localQAGate uses for regen-mode results — if the post-edit content is
+        // dramatically shorter than the original (>30% loss), reject as suspicious
+        // truncation. Catches the case where individual edits each look reasonable
+        // but cumulatively destroy the file.
+        const INTEGRITY_THRESHOLD = 0.7; // must retain at least 70% of original lines
+        const newLineCount = working.split('\n').length;
+        const lineRatio = lineCount > 0 ? newLineCount / lineCount : 1;
+        if (lineRatio < INTEGRITY_THRESHOLD) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: post-edit integrity FAIL — ${lineCount} → ${newLineCount} lines (${(lineRatio * 100).toFixed(0)}%). Rejecting to avoid destructive write.`);
+            return null;
+        }
+        // TICKET-100: detect mid-statement truncation. If the last non-empty line
+        // doesn't end with a structural terminator (} ; > etc.), the file likely
+        // got cut mid-expression. Catches LLM output that stops mid-call.
+        const lastNonEmpty = working.split('\n').reverse().find(l => l.trim().length > 0) || '';
+        const last = lastNonEmpty.trim();
+        const terminatorOk = /[}\];>)\.]\s*$|^\/\/|^\/\*|^\*\//.test(last);
+        if (!terminatorOk && working.length > 200) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `     edit-mode: last line "${last.slice(-60)}" doesn't end with a terminator — possible mid-statement truncation. Rejecting.`);
+            return null;
+        }
+        const deltaLines = newLineCount - lineCount;
+        (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `     ✓ edit-mode applied ${edits.length} edit(s) (${deltaLines >= 0 ? '+' : ''}${deltaLines} lines)`);
+        return working;
+    }
+    // CTO-005: Enhanced code fence stripping — handles all MiniMax output variants
+    // Catches: ```tsx, ```typescript, leading whitespace, fences at any position,
+    // markdown headers before code, and incomplete closing fences
+    extractCodeBlocks(content) {
+        const blocks = [];
+        // Normalize: MiniMax sometimes outputs ```typescript{ with no newline — insert one
+        const normalized = content.replace(/```([\w.+-]*)\s*([^\s\n`])/g, '```$1\n$2');
+        // Broader regex: optional whitespace before fences, any language tag, flexible spacing
+        const regex = /^\s*```[\w.+-]*\s*\n([\s\S]*?)^\s*```\s*$/gm;
+        let match;
+        while ((match = regex.exec(normalized)) !== null) {
+            if (match[1].trim().length > 0)
+                blocks.push(match[1].trim());
+        }
+        // Fallback: try simpler pattern if multiline didn't match
+        if (blocks.length === 0) {
+            // S64-001: Added python|py|toml|env|sql|xml|md|markdown — MiniMax/qwen3 often labels files incorrectly
+            const simpleRegex = /```(?:typescript|tsx|ts|javascript|jsx|js|json|yaml|yml|dockerfile|sh|bash|python|py|toml|env|sql|xml|md|markdown|css|html|scss|less|txt)?\s*\n([\s\S]*?)```/g;
+            while ((match = simpleRegex.exec(normalized)) !== null) {
+                if (match[1].trim().length > 0)
+                    blocks.push(match[1].trim());
+            }
+        }
+        return blocks;
+    }
+    // CTO-005: Aggressive fence sanitization — strips ANY remaining fences from content
+    // Applied BEFORE file is written to disk (CEO condition)
+    stripResidualFences(content) {
+        let cleaned = content;
+        // Remove lines that are ONLY a fence marker (with optional language tag)
+        cleaned = cleaned.replace(/^\s*```[\w.+-]*\s*$/gm, '');
+        // TICKET-096: if the response contains a `FILE: <path>` marker line
+        // anywhere in the first 20 lines, slice from the line AFTER it. This
+        // catches the "prose explanation + FILE: <path> + real content" pattern
+        // that the v12r_citizen_mock_state agent produced (broke prod 2026-05-27
+        // 09:23 with line 1 = "The current file already has `state: 'idle'`...").
+        // The prior loop only recognized prose openers like "Here", "Below",
+        // "The following" — anything else broke through. FILE marker is the
+        // canonical separator per the agent system prompt; trust it.
+        const linesForFile = cleaned.split('\n');
+        let fileMarkerIdx = -1;
+        for (let i = 0; i < Math.min(linesForFile.length, 20); i++) {
+            if (/^\s*FILE:\s+\S+/.test(linesForFile[i])) {
+                fileMarkerIdx = i;
+                break;
+            }
+        }
+        if (fileMarkerIdx >= 0) {
+            cleaned = linesForFile.slice(fileMarkerIdx + 1).join('\n');
+        }
+        // Legacy: also strip simple prose prefixes from the FIRST 5 lines for
+        // responses that don't use the FILE marker convention.
+        const lines = cleaned.split('\n');
+        let firstCodeLine = 0;
+        for (let i = 0; i < Math.min(lines.length, 5); i++) {
+            const line = lines[i].trim();
+            if ((line.startsWith('#') && !line.startsWith('#!')) || line.startsWith('Here') || line.startsWith('Below') ||
+                line.startsWith('The following') || line.startsWith('FILE:') || line === '') {
+                firstCodeLine = i + 1;
+            }
+            else {
+                break;
+            }
+        }
+        if (firstCodeLine > 0) {
+            cleaned = lines.slice(firstCodeLine).join('\n');
+        }
+        // Remove trailing fence if present at end
+        cleaned = cleaned.replace(/\n\s*```\s*$/, '');
+        return cleaned.trim();
+    }
+    // B.13: T0 NANO JSON repair via ClawRouter v2.0 — called when postProcessContent still yields invalid JSON
+    async fixJsonWithOllama(content, _filepath) {
+        try {
+            const repairPrompt = `Fix this malformed JSON so it is syntactically valid. Return ONLY the corrected JSON, no explanation or markdown fences:\n\n${content.substring(0, 3000)}`;
+            const result = await (0, orchestrate_engine_1.routeCall)({
+                task_type: 'json_repair', tier_class: 'text', complexity: 'nano',
+                context_tokens: Math.ceil(repairPrompt.length / 4), constitutional_flag: false,
+                agent_id: 'json-repair',
+                payload: { prompt: repairPrompt, max_tokens: 2048 },
+            });
+            const fixed = result.content.trim();
+            try {
+                JSON.parse(fixed);
+                return fixed;
+            }
+            catch {
+                return content;
+            }
+        }
+        catch {
+            return content;
+        }
+    }
+    // File-type-aware post-processing: validates and cleans content per file extension.
+    // This is the FINAL safety net after all fence stripping has run.
+    postProcessContent(content, filepath) {
+        const filename = filepath.split('/').pop() || '';
+        const ext = filename.includes('.') ? filename.split('.').pop().toLowerCase() : '';
+        // .gitkeep must ALWAYS be completely empty — no exceptions
+        if (filename === '.gitkeep' || filepath.endsWith('.gitkeep')) {
+            return '';
+        }
+        // JSON files: ensure the content is valid JSON, strip any fence artifacts
+        if (ext === 'json') {
+            try {
+                JSON.parse(content);
+                return content; // already valid
+            }
+            catch { /* fall through to extraction */ }
+            // Try to extract a JSON object or array
+            const jsonMatch = content.match(/(\{[\s\S]*\}|\[[\s\S]*\])/);
+            if (jsonMatch) {
+                try {
+                    JSON.parse(jsonMatch[1]);
+                    return jsonMatch[1];
+                }
+                catch { /* fall through */ }
+            }
+            // Strip all fence lines and retry
+            const stripped = content.replace(/^\s*```[\w.+-]*\s*$/gm, '').trim();
+            try {
+                JSON.parse(stripped);
+                return stripped;
+            }
+            catch { /* fall through */ }
+            return stripped; // return best effort even if not valid JSON
+        }
+        // Code/script/markdown files: strip any remaining fence markers aggressively
+        if (['sh', 'bash', 'py', 'ts', 'js', 'tsx', 'jsx', 'mts', 'mjs', 'md', 'markdown'].includes(ext)) {
+            return content.replace(/^\s*```[\w.+-]*\s*$/gm, '').trim();
+        }
+        return content;
+    }
+    // TRUNCATION DETECTION: Check if generated code ends mid-function
+    // Returns true if the code appears to be truncated (open braces, incomplete statement, etc.)
+    detectTruncation(content) {
+        if (!content || content.length < 100)
+            return false;
+        const trimmed = content.trimEnd();
+        const lastLine = trimmed.split('\n').pop()?.trim() || '';
+        const last200 = trimmed.substring(Math.max(0, trimmed.length - 200));
+        // Signs of truncation:
+        // 1. Ends with a partial statement (no semicolon, no closing brace on last line)
+        const endsAbruptly = lastLine.length > 0 && !lastLine.match(/^[}\]);,]/);
+        // 2. Ends mid-string or mid-comment
+        const endsMidString = (trimmed.match(/`/g) || []).length % 2 !== 0;
+        // 3. Significantly more open braces than close braces (>3 imbalance)
+        const openBraces = (content.match(/\{/g) || []).length;
+        const closeBraces = (content.match(/\}/g) || []).length;
+        const braceImbalance = openBraces - closeBraces;
+        // 4. Last meaningful content is a function signature or opening block
+        const endsOnOpener = /(\{|=>|then\(|catch\(|=>\s*)$/.test(last200.trimEnd());
+        if (braceImbalance > 3) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Truncation signal: brace imbalance ${openBraces} open vs ${closeBraces} close`);
+            return true;
+        }
+        if (endsMidString) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Truncation signal: odd number of backticks (mid-template-string)`);
+            return true;
+        }
+        if (endsOnOpener && endsAbruptly) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Truncation signal: ends on opener with no closing`);
+            return true;
+        }
+        return false;
+    }
+    commitChanges(task, files) {
+        if (files.length === 0)
+            return;
+        // Branch-isolation guard: the runner's `git commit` lands on whichever
+        // branch is currently checked out. If a developer has a feature branch
+        // checked out while the runner is alive (per the PR #18 incident
+        // 2026-05-21, where swarm commits polluted fix/clawrouter-*), DO NOT
+        // commit — the deliverables stay on disk, the orchestrator continues,
+        // and the user can rebase/cherry-pick onto main when they're done.
+        // Always-safe vs cleverness: skipping a commit is recoverable; polluting
+        // a feature branch is not. See feedback_branch_hygiene_during_sprint_runner.md.
+        let currentBranch = 'unknown';
+        try {
+            currentBranch = (0, child_process_1.execSync)('git rev-parse --abbrev-ref HEAD', { timeout: 5000 }).toString().trim();
+        }
+        catch { /* if git itself is broken, the commit below will fail; let it */ }
+        if (currentBranch !== 'main') {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Commit skipped — checkout is on '${currentBranch}', not 'main'. Files left on disk for ${task.id}; rebase to main manually if you want them committed. (branch-isolation guard)`);
+            return;
+        }
+        try {
+            const filesList = files.join(' ');
+            (0, child_process_1.execSync)(`git add ${filesList}`, { timeout: 10000 });
+            // No --no-verify: pre-commit hooks (secret scan, lint, etc) get to run.
+            // If this ever blocks legitimate commits, fix the hook — don't bypass.
+            (0, child_process_1.execSync)(`git commit -m "feat(${task.agent}): ${task.id} - ${task.type}"`, { timeout: 15000 });
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.green, `  ✓ Committed: ${files.length} files for ${task.id}`);
+            // TICKET-093 FIX: actually push. Prior version committed but never
+            // pushed — 25 commits stranded local overnight. Best-effort.
+            //
+            // TICKET-095 (REVERTED 2026-05-27): tried `git pull --rebase` on
+            // non-fast-forward rejection but that resets working-tree files to
+            // origin. The sprint JSON file (mid-flight pending → done status
+            // updates written by sprint-runner sync) is uncommitted, so the
+            // rebase nuked it back to the all-pending state committed at sprint
+            // start. Net effect: a single divergent push CAUSED the disk-state
+            // revert TICKET-094 was supposed to fix. Removing the rebase
+            // entirely — failed pushes stay local, founder reconciles manually.
+            // The cost (some lost autonomy on divergent remotes) is lower than
+            // the cost (silent destruction of sprint-state tracking).
+            try {
+                (0, child_process_1.execSync)('git push origin main', { timeout: 30000, stdio: 'pipe' });
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.gray, `    → pushed to origin/main`);
+            }
+            catch (pushErr) {
+                const msg = (pushErr?.stderr?.toString() || pushErr?.message || '').slice(0, 200).replace(/\s+/g, ' ');
+                (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `    ! Push failed: ${msg.slice(0, 150)} (commit local; founder reconciles)`);
+            }
+        }
+        catch (error) {
+            (0, orchestrate_engine_1.log)(orchestrate_engine_1.c.yellow, `  ! Commit skipped: ${error.message?.substring(0, 100)}`);
+        }
+    }
+}
+exports.CodingAgent = CodingAgent;
+// ===== Orchestrator (Dynamic Agent Pipeline) =====
+// <<<EXTRACT-END-coding-agent