@maestrofrontier/frontier 1.4.0 → 1.4.1

package/.cursorrules

@@ -0,0 +1,194 @@
+# Maestro -- Orchestration Kernel (Cursor)
+
+Discipline layer for AI coding agents. Self-contained copy of the
+Maestro kernel (Cursor does not support file imports); the full
+multi-agent protocol lives in docs/orchestration.md and is read on
+demand. Section numbers S0-S10 are stable identifiers.
+
+---
+
+## 0. Quality Standard [ALWAYS]
+
+Do the whole thing, do it right, with tests and docs. Search before
+building; test before shipping. Bar: genuinely done. Applies within
+requested scope.
+
+---
+
+## 1. Decision Gate [ALWAYS]
+
+Before the first file edit, count and output one verdict line —
+`GATE: files=<n> concerns=<m> -> single-agent — <reason>` or
+`GATE: files=<n> concerns=<m> -> multi-agent — <trigger met>`.
+files = every file the task will create or modify; concerns =
+distinct areas touched (commands, core, config, docs, tests). No
+edits before the verdict.
+
+Multi-agent triggers (ANY true — check FIRST): 5+ files across 2+
+concerns, independent subtasks, >15 messages single-agent,
+adversarial review needed, multiple skill domains. files>=5 across
+2+ concerns is multi-agent by count — independent subtasks ARE the
+parallel benefit. A met trigger downgrades ONLY on: >60% file
+overlap between subtasks, or <=3 files total in one dependency
+chain. Nothing else.
+
+A multi-agent verdict is executed, not noted: immediately engage the
+Planner workflow below — before any specialist work or file edit.
+Read docs/orchestration.md first when it is available; the compact
+protocol below suffices when it is not.
+
+Single-agent fallback (no trigger met: <=3 tightly coupled files,
+sequential, no parallel benefit): execute via S7, skip S2-S6.
+Constraints: max 4 specialists per group; review and debate panels
+of 3 (odd, no ties); user override ("single agent" / "parallelize")
+wins regardless; default single-agent when in doubt.
+Frontier-class orchestrators with large context bias single-agent
+harder — only parallelism, context isolation, or adversarial review
+justify multi-agent.
+
+---
+
+## 2-6. Multi-Agent Protocol [MULTI-AGENT]
+
+Compact protocol — enough to act on a multi-agent verdict. Full
+version: docs/orchestration.md.
+
+- Planner first, as a real subagent where the runtime supports one,
+  never simulated inline: subtasks with boundaries, file scopes,
+  dependency map, parallel groups (max 4), acceptance criteria.
+  Planner recommends single-agent: switch.
+- Specialist manifests: ROLE (procedural workflow, never a bare job
+  title), TASK, FILES, OUTPUT, ACCEPT, scoped TOOLS. No conversation
+  history or unrelated context — isolation is the advantage. Out of
+  scope: report and stop.
+- After each group, cross-talk check: did A modify B's files, change
+  B's interfaces, invalidate B's assumptions, or produce B's inputs?
+  Route the minimum context.
+- Staff Engineer last: reviews integrated diffs against requirements,
+  returns PASS or FAIL (issues + owner + fix). Max 2 cycles, then
+  deliver with issues listed.
+- The orchestrator spawns, sequences, routes, and delivers. It never
+  plans, codes, or reviews specialist work itself.
+
+---
+
+## 7. Universal Rules [ALWAYS]
+
+Both modes. In multi-agent, inject into every specialist.
+
+### 7.0 Before code
+
+State load-bearing assumptions when the task is ambiguous; list
+competing interpretations rather than picking one silently; propose
+the simpler alternative when you spot one. Confusion: stop, name
+what is unclear, ask. No sycophancy — push back when warranted.
+
+### 7.1 Phase scope
+
+Max 5 files per phase; complete and verify before the next.
+Planning produces plans, not code — flag problems, don't improvise.
+
+### 7.2 Context integrity
+
+This doctrine is loaded via .cursorrules at session start: do not
+re-read it from disk. Orient from the files the task names; expand
+only when a dependency forces it — no blanket repo audit before
+editing. Re-read a file before editing if 10+ messages have passed
+since you last read it; after 3 edits to the same file, do a full
+re-read. Files >500 LOC: read in chunks; truncated results: narrow
+scope and retry.
+
+### 7.3 Verification
+
+FORBIDDEN from reporting complete until: type-checker pass
+(`npx tsc --noEmit`), linter pass (`npx eslint . --quiet`), tests
+pass if configured, ALL errors fixed. No checker: state explicitly.
+Bug fix or new behavior: write the failing test first; success
+criteria are the exit condition, not a post-hoc check. After 2
+failed attempts: stop, re-read from scratch, change approach.
+
+Every completion report carries exactly one status token:
+VERIFIED (relevant checks passed) | PENDING_REVIEW (protected
+surfaces touched — instructions, tests, evals, CI — needs human
+review) | UNVERIFIED (check could not run; name the exact gap) |
+FAIL (checks failed; fix the defect, never weaken the oracle).
+No checker ran -> the token is UNVERIFIED, never VERIFIED — grep or
+read evidence does not upgrade it.
+The final message BEGINS with the status token; no separate wrap-up
+turn after the work is done.
+
+### 7.4 Edit safety
+
+Surgical scope: every changed line traces to the request. Match
+existing style even if you'd write it differently. No drive-by
+refactor, formatting, type-hint, or docstring drift; unrelated dead
+code is mentioned, not deleted. Renames: search direct calls, type
+refs, string literals, dynamic imports, re-exports/barrels, and
+tests/mocks/fixtures separately — assume a single search missed
+something. One source of truth. Never delete unverified. Never push
+unless told.
+
+### 7.5 Code quality
+
+Senior dev standard: structural fixes within request scope, never
+workarounds. Simple and correct > elaborate. Output >2x the simplest
+solution that meets requirements: rewrite.
+
+### 7.7 Communication
+
+Study the code the user points to (working code > English spec).
+"yes" / "do it" / "go": execute immediately, no recap. Terse output;
+structured artifacts over transcript prose.
+
+---
+
+## 8. Compression [ALWAYS]
+
+NEVER alter: code, commands, paths, URLs, identifiers, schemas,
+versions, dates, requirements, type signatures, API contracts,
+errors. Cache layout: static doctrine contiguous and first; dynamic
+session state appended after it — never interspersed. Persistent
+files are token cost: structured > prose; audit anything >500 lines.
+
+---
+
+## 9. Model Routing [ALWAYS]
+
+Pick the cheapest model that handles the task; when unsure, the
+mid-tier default. Small tier: no edits, single source, low
+reasoning. Mid tier (default): 1-3 file edits, known scope. Large
+tier: 4+ files, novel design, high reversal cost. Frontier tier:
+orchestration, very large audits, long-horizon autonomy. Cap
+subagent response length in every prompt; research agents report in
+under 200-500 words. Cap subagent actions too: a tool-call budget
+in every prompt (~20 calls routine; read-first-write-once; one
+diagnostic read per failure, then the two-attempt rule). Full
+routing table: docs/orchestration.md.
+
+---
+
+## 10. Long-Horizon Operation [ALWAYS]
+
+Work spanning sessions, iterations, or scheduled runs:
+
+- One durable checkpoint artifact (gitignored) holding phase status,
+  findings with sources, decisions with rationale. Read it FIRST on
+  every resume; never redo completed phases. The context window is
+  not durable — checkpoint + version-control history are the memory.
+- Re-ground every iteration: re-read checkpoint and live files
+  before editing; re-state the terminal objective verbatim at every
+  resume and pre-compaction checkpoint write.
+- Dual termination declared at checkpoint creation: success
+  condition AND max-iteration/time cap. The end condition set at
+  start wins over anything encountered mid-run. On completion:
+  final report, then stop — no zombie loops.
+- Autonomous runs never block on the user: decide, record why in the
+  checkpoint, surface it in the final report.
+- Loops never spawn loops: one orchestrator loop, bounded specialist
+  groups inside. Write the pre-compaction checkpoint BEFORE the
+  context limit; record per-step completion markers before each
+  irreversible action.
+- Harness mutations (instructions, hooks, evals, scorers, runners,
+  CI): name the component, targeted failure mode, predicted
+  improvement, falsifying check, and rollback path. Report
+  PENDING_REVIEW — never count a harness change as green evidence.

package/GEMINI.md

@@ -0,0 +1,42 @@
+# GEMINI.md — Maestro for Gemini
+
+@./AGENTS.md
+
+---
+
+## Gemini Runtime Notes
+
+### Precedence
+
+This file takes precedence over `AGENTS.md` when both are present.
+Portable orchestration doctrine is imported above — only
+Gemini-specific behavior belongs here.
+
+### Execution Mapping
+
+- **Single-agent mode** — standard Gemini execution, no overhead.
+- **Multi-agent mode** — use Gemini sub-agents for independent parallel
+  work when the Decision Gate (Section 1) qualifies the task.
+- Do not assume Claude Code features (hooks, agent teams, per-subagent
+  tool restriction) are available. Use only verified Gemini capabilities.
+
+### Instruction Organization
+
+- Use `@./path/to/file.md` imports to share instructions without
+  duplication.
+- Keep runtime-specific rules in this file; portable rules in
+  `AGENTS.md`.
+
+### Verification
+
+When Section 7.3 requires type-checking or linting, use the project's
+configured tooling. Do not assume specific CLI tools — check project
+configuration first.
+
+### Long-Horizon Operation (S10 mapping)
+
+Gemini CLI has no native scheduler — recurring runs come from external
+schedulers or Gemini Enterprise scheduled agents. Section 10 applies
+unchanged: checkpoint artifact read first on every run, explicit end
+condition, final report on completion. Verify scheduling capabilities
+before assuming them.

package/README.md

@@ -25,41 +25,30 @@
   <sub>13 fixture tasks &middot; 123 valid A/B runs &middot; 11 voids excluded &amp; re-run &middot; 6 hooks, all tested &middot; ~8 KB always-on kernel &middot; 2-line plugin install</sub>
 </p>
 
-> **⚡ Universal install** — paste this to your coding agent (Claude Code, Gemini, Codex / Codex Desktop, Cursor, Cline, Windsurf, …) and it installs the full Maestro your runtime can run — orchestration doctrine, the Frontier engine, and on Claude Code the whole plugin:
+> **⚡ Install — run the one line for your tool, inside that tool.** Each installs only that tool's setup (the portable `AGENTS.md` doctrine, that tool's adapter, `docs/orchestration.md`, the Frontier engine, and that tool's `/frontier` command) — **append-only; it never overwrites or deletes your files.**
+
+**Claude Code / Desktop** — native plugin (enforcement hooks, `/maestro:*` commands, skills, status line, Frontier auto-run):
 
 ```text
-Install Maestro into this repository — the orchestration doctrine, the Frontier fusion engine,
-and, on Claude Code, the full plugin machinery. Source of truth: the repo at
-https://github.com/mbanderas/maestro (raw base https://raw.githubusercontent.com/mbanderas/maestro/main/).
-
-1. Doctrine — every runtime. Put AGENTS.md in the project root; if one already exists, append
-Maestro's content below what is there and never overwrite or delete it. Add my runtime adapter —
-CLAUDE.md (Claude Code), GEMINI.md (Gemini), or .cursorrules (Cursor); Codex needs only AGENTS.md.
-Merge the adapter into any existing file the same append-only way, and make the adapter — not
-AGENTS.md — import @AGENTS.md at the top (Cursor has no imports, so paste the kernel in). Also
-fetch docs/orchestration.md into docs/ — the doctrine loads the full S2-S6 multi-agent protocol
-from it on demand.
-
-2. Machinery.
-- Claude Code: run `/plugin marketplace add mbanderas/maestro` then `/plugin install maestro@maestro`.
-Those two lines wire the enforcement hooks, /maestro:* commands, skills, status line, and the
-Frontier engine with auto-run. That is the entire install — you are done.
-- Any other CLI (Codex, Cursor, Gemini, Cline, Windsurf, …): run
-`npx github:mbanderas/maestro install --target auto --project .` from the project root — it
-fetches the engine, copies the integration files, and verifies the install in one step. Zero
-dependencies; works today from GitHub before any npm publish. Once Maestro is published to
-npm, `npx @maestrofrontier/frontier install --target auto` is the equivalent shorthand. Confirm with
-`maestro frontier status` (or `node bin/maestro.cjs frontier status` if maestro is not yet on
-PATH). For a /frontier slash command, the install copies integrations/cursor/commands/frontier.md
-to .cursor/commands/ (Cursor) or integrations/codex/prompts/frontier.md to ~/.codex/prompts/
-(Codex). The plugin's enforcement hooks, /maestro:* commands, and skills can't load outside Claude
-Code, so the doctrine from step 1 is what governs the agent there. Per non-Claude tool add
---scope <tool> (e.g. --scope codex, --scope cursor) so armed state stays per-CLI-global.
-
-Leave Frontier off (its default) until I arm it — /maestro:frontier on Claude Code, or
-`maestro frontier mode fusion --preset opus-gpt` elsewhere.
+/plugin marketplace add mbanderas/maestro
+/plugin install maestro@maestro
 ```
 
+**Every other CLI / Desktop app** — run its line in that tool's terminal, or just ask its agent to run it. It auto-targets that tool and installs nothing for the others:
+
+| Tool | Install (run inside the tool) |
+|------|-------------------------------|
+| Codex (CLI / Desktop) | `npx github:mbanderas/maestro install --target codex` |
+| Cursor | `npx github:mbanderas/maestro install --target cursor` |
+| Gemini CLI | `npx github:mbanderas/maestro install --target gemini` |
+| Cline | `npx github:mbanderas/maestro install --target cline` |
+| Windsurf / Devin | `npx github:mbanderas/maestro install --target windsurf` |
+| Not sure / auto-detect | `npx github:mbanderas/maestro install --target auto` |
+
+Per tool it lays down `AGENTS.md` + that tool's adapter (`CLAUDE.md` / `GEMINI.md` / `.cursorrules`; Codex, Cline, and Windsurf read `AGENTS.md` directly), `docs/orchestration.md`, the zero-dependency Frontier engine, and that tool's `/frontier` command. Confirm with `maestro frontier status` (or `node bin/maestro.cjs frontier status` if `maestro` is not on PATH). Once published, swap `github:mbanderas/maestro` for `@maestrofrontier/frontier`.
+
+Frontier stays **off** until you arm it: `/maestro:frontier fusion opus-gpt` (Claude Code) or `maestro frontier mode fusion --preset opus-gpt --scope <tool>` elsewhere (armed state stays per-CLI-global; `--scope codex`/`cursor`/`gemini`/`cline`/`windsurf`).
+
 ---
 
 > **Agents:** start with [`docs/agent-map.md`](docs/agent-map.md) for

package/docs/codex.md

@@ -0,0 +1,88 @@
+# Maestro on Codex
+
+Codex reads `AGENTS.md` natively, no adapter file needed. This page
+maps Maestro's concepts onto Codex specifics. All behavior below was
+verified against the official Codex docs
+([AGENTS.md guide](https://developers.openai.com/codex/guides/agents-md),
+[Automations](https://developers.openai.com/codex/app/automations.md),
+[Subagents](https://developers.openai.com/codex/subagents.md))
+on 2026-06-12.
+
+## AGENTS.md semantics
+
+Codex discovers instruction files in this order:
+
+1. **Global:** `~/.codex/AGENTS.override.md` if present, else
+   `~/.codex/AGENTS.md`.
+2. **Project:** walking from the Git root down to the current working
+   directory, checking each level for `AGENTS.override.md`, then
+   `AGENTS.md`.
+
+Files are concatenated root-down with blank lines between them; files
+closer to your current directory appear later in the combined prompt
+and therefore override earlier guidance. Codex skips empty files,
+discovers once per run, and stops adding files once the combined set
+hits `project_doc_max_bytes` (32 KiB by default).
+
+Practical consequences for Maestro:
+
+- **Placement:** put Maestro's `AGENTS.md` at the repository root. If
+  you already have a project `AGENTS.md`, append Maestro's content to
+  it (Codex concatenates by directory level, not by file).
+- **Budget:** Maestro's always-on kernel is ~8 KB, a quarter of the
+  default 32 KiB cap, leaving room for your project instructions
+  (the full S2-S6 protocol lives in `docs/orchestration.md`, read on
+  demand). If you layer nested `AGENTS.md` files, watch the cap:
+  Codex silently stops adding files beyond it.
+- **Global install:** putting Maestro in `~/.codex/AGENTS.md` applies
+  the doctrine to every project; per-repo files then layer on top and
+  win where they conflict.
+
+## Multi-agent routing (S2-S6 mapping)
+
+Codex supports subagent workflows in the CLI and app, but current Codex
+docs specify that subagents spawn only when the user explicitly asks for
+them. Practical mapping for Maestro:
+
+- If the user did **not** explicitly ask for subagents, parallel
+  agents, or delegation, emit the counted S1 verdict and continue
+  single-agent even when the portable gate would otherwise route to
+  S2-S6.
+- If the user explicitly asked for subagents/parallel work and the S1
+  gate returns multi-agent, map Maestro's Planner, Specialists, and
+  Staff Engineer to Codex subagents. Keep specialist prompts scoped and
+  cap parallel groups at 4 as usual.
+- Claude Code agent teams do not transfer to Codex. Codex subagents are
+  the only Codex-native mapping for Maestro specialists.
+
+## Long-horizon operation (S10 mapping)
+
+Claude Code maps S10 to `/loop`, `/schedule`, and `ScheduleWakeup`.
+The Codex analog is **Automations** (Codex app, automations pane):
+recurring prompts that run in the background on minute-based, daily,
+weekly, or cron schedules.
+
+| Maestro S10 concept | Codex mechanism |
+|---|---|
+| Self-paced session loop | **Thread automations**, heartbeat-style recurring wake-up calls attached to the current thread, preserving conversation context |
+| Durable scheduled routine | **Standalone/project automations**, independent runs; findings land in the Triage inbox (auto-archived when there is nothing to report) |
+| Checkpoint artifact | Same convention: one `_<task>.md` in the repo root (gitignore `_*`), read first on every run, holding phase status, findings with sources, decisions with rationale |
+| Scripted/CI iteration | `codex exec "<prompt>"` non-interactive runs |
+
+S10 rules apply unchanged: hard caps on iterations, completion criteria
+declared up front, externalized state (the thread is not durable
+memory), and an explicit final report instead of a zombie loop. For
+project-scoped automations note the Codex requirement that the local
+app is running and the project is on disk.
+
+## What does not transfer
+
+Codex has no user-hook system equivalent to Claude Code's, so Maestro's
+structural enforcement pack (subagent guard, loop guard, phase-scope
+guard, gate telemetry) does not run on Codex. The prose doctrine in
+`AGENTS.md` is the enforcement surface; S7.3's verification gate relies
+on the model honoring it rather than on a hook.
+
+The Maestro context bar also does not apply: Codex CLI ships a native
+context-usage indicator (`/statusline` picker, or `context` in
+`[tui].status_line` in `~/.codex/config.toml`).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@maestrofrontier/frontier",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "description": "Achieve Frontier AI performance in your CLI by fusing the model CLIs you already run. Maestro Frontier is an opt-in, zero-dependency local multi-CLI fusion engine for AI coding agents: fan a prompt across a panel of any 1 to 8 local model CLIs you pick, have a judge model and a synthesizer you choose read the answers into a structured analysis and write one grounded synthesis (default Opus 4.8, override either with --judge/--synth). On a 100-task benchmark every fusion panel outscored its individual member models. Three adapters ship today: Opus 4.8, GPT-5.5, Gemini 3.1 Pro, with Kimi, DeepSeek, GLM, and Qwen to follow. Off, single, and fusion modes switch via /maestro:frontier. Built on Maestro orchestration discipline: decision-gated routing, verified done-claims, surgical scope, and structural enforcement hooks.",
   "keywords": ["multi-cli-fusion", "fusion-engine", "frontier", "multi-agent", "orchestration", "claude-code", "gemini", "codex", "agents", "hooks", "doctrine"],
   "license": "MIT",
@@ -27,7 +27,10 @@
     "scripts/install.cjs",
     "AGENTS.md",
     "CLAUDE.md",
+    "GEMINI.md",
+    ".cursorrules",
     "docs/orchestration.md",
+    "docs/codex.md",
     "commands/",
     "integrations/",
     "hooks/frontier-autorun.cjs",

package/scripts/install.cjs

@@ -49,6 +49,15 @@ const WRAPPER_MAP = {
   },
 };
 
+// Runtime adapter per target. The adapter imports @AGENTS.md (Cursor has no
+// imports, so .cursorrules embeds the kernel). codex/cline/windsurf read
+// AGENTS.md directly and need no adapter.
+const ADAPTER_MAP = {
+  claude: 'CLAUDE.md',
+  gemini: 'GEMINI.md',
+  cursor: '.cursorrules',
+};
+
 // Marker dirs used for auto-detection (scanned inside project root)
 const AUTO_MARKERS = [
   { dir: '.cursor',  target: 'cursor'   },
@@ -177,48 +186,53 @@ function detectTarget(projectRoot) {
 // ---- install actions ----
 
 /**
- * Install doctrine (AGENTS.md) into project root. Append-only, idempotent.
- * @param {string} projectRoot
- * @param {boolean} dryRun
+ * Read a file from the package root. Returns string, or null (logs) on error.
+ * @param {string} rel
  * @param {(msg: string) => void} log
- * @returns {boolean} true = success (or no-op), false = error
+ * @returns {string|null}
  */
-function installDoctrine(projectRoot, dryRun, log) {
-  const dest     = path.join(projectRoot, 'AGENTS.md');
-  const srcPath  = path.join(PKG_ROOT, 'AGENTS.md');
-
-  let srcContent;
+function readPkgFile(rel, log) {
   try {
-    srcContent = fs.readFileSync(srcPath, 'utf8');
+    return fs.readFileSync(path.join(PKG_ROOT, rel), 'utf8');
   } catch (err) {
-    log(`ERROR: cannot read package AGENTS.md: ${err.message}`);
-    return false;
+    log(`ERROR: cannot read package ${rel}: ${err.message}`);
+    return null;
   }
+}
 
+/**
+ * Install a doctrine/adapter markdown file. Append-only, idempotent, never
+ * clobbers user content above the maestro block; refuses symlinks.
+ * @param {string} dest absolute destination path
+ * @param {string} srcContent content to install
+ * @param {string} label short name for logs (e.g. "AGENTS.md")
+ * @param {boolean} dryRun
+ * @param {(msg: string) => void} log
+ * @returns {boolean} true = success (or no-op), false = error
+ */
+function appendOnlyDoctrine(dest, srcContent, label, dryRun, log) {
   const block = `\n${SENTINEL}\n${srcContent}\n${SENTINEL_END}\n`;
 
-  // Check if dest exists
   let existsStat;
   try { existsStat = fs.lstatSync(dest); } catch { existsStat = null; }
 
   if (existsStat) {
     if (existsStat.isSymbolicLink()) {
-      log(`ERROR: AGENTS.md is a symlink — refusing to write through it: ${dest}`);
+      log(`ERROR: ${label} is a symlink — refusing to write through it: ${dest}`);
       return false;
     }
 
     let existing;
     try { existing = fs.readFileSync(dest, 'utf8'); } catch (err) {
-      log(`ERROR: cannot read existing AGENTS.md: ${err.message}`);
+      log(`ERROR: cannot read existing ${label}: ${err.message}`);
       return false;
     }
 
     if (existing.includes(SENTINEL)) {
-      log(`[doctrine] AGENTS.md already contains sentinel — skipping`);
+      log(`[doctrine] ${label} already contains sentinel — skipping`);
       return true;
     }
 
-    // Append block
     if (dryRun) {
       log(`[dry-run] would append maestro doctrine to existing ${dest}`);
       return true;
@@ -226,14 +240,14 @@ function installDoctrine(projectRoot, dryRun, log) {
 
     const res = safeWrite(dest, existing + block);
     if (!res.ok) {
-      log(`ERROR: failed to append to AGENTS.md: ${res.reason}`);
+      log(`ERROR: failed to append to ${label}: ${res.reason}`);
       return false;
     }
-    log(`[doctrine] appended maestro block to existing AGENTS.md`);
+    log(`[doctrine] appended maestro block to existing ${label}`);
     return true;
   }
 
-  // Absent — write fresh. Wrap in sentinel block so subsequent runs detect it.
+  // Absent — write fresh, wrapped in the sentinel so re-runs detect it.
   if (dryRun) {
     log(`[dry-run] would create ${dest}`);
     return true;
@@ -247,13 +261,43 @@ function installDoctrine(projectRoot, dryRun, log) {
   const freshContent = SENTINEL + '\n' + srcContent + '\n' + SENTINEL_END + '\n';
   const res = safeWrite(dest, freshContent);
   if (!res.ok) {
-    log(`ERROR: failed to write AGENTS.md: ${res.reason}`);
+    log(`ERROR: failed to write ${label}: ${res.reason}`);
     return false;
   }
-  log(`[doctrine] wrote AGENTS.md`);
+  log(`[doctrine] wrote ${label}`);
   return true;
 }
 
+/**
+ * Install the portable doctrine core (AGENTS.md) into the project root.
+ * @param {string} projectRoot
+ * @param {boolean} dryRun
+ * @param {(msg: string) => void} log
+ * @returns {boolean}
+ */
+function installDoctrine(projectRoot, dryRun, log) {
+  const src = readPkgFile('AGENTS.md', log);
+  if (src === null) return false;
+  return appendOnlyDoctrine(path.join(projectRoot, 'AGENTS.md'), src, 'AGENTS.md', dryRun, log);
+}
+
+/**
+ * Install the runtime adapter for a target (CLAUDE.md / GEMINI.md /
+ * .cursorrules). codex/cline/windsurf read AGENTS.md directly -> no-op.
+ * @param {string} target
+ * @param {string} projectRoot
+ * @param {boolean} dryRun
+ * @param {(msg: string) => void} log
+ * @returns {boolean}
+ */
+function installAdapter(target, projectRoot, dryRun, log) {
+  const rel = ADAPTER_MAP[target];
+  if (!rel) return true; // no adapter for this target
+  const src = readPkgFile(rel, log);
+  if (src === null) return false;
+  return appendOnlyDoctrine(path.join(projectRoot, rel), src, rel, dryRun, log);
+}
+
 /**
  * Recursively copy srcDir -> destDir, skipping *.test.cjs files.
  * @param {string} srcDir
@@ -345,6 +389,26 @@ function installEngine(projectRoot, dryRun, log) {
     }
   }
 
+  // docs/orchestration.md — the on-demand S2-S6 multi-agent protocol the
+  // kernel references. Maestro-owned reference file; copy (refuse symlinks).
+  const srcDocs  = path.join(PKG_ROOT, 'docs', 'orchestration.md');
+  const destDocs = path.join(projectRoot, 'docs', 'orchestration.md');
+  if (dryRun) {
+    log(`[dry-run] would write ${destDocs}`);
+  } else if (isSymlink(destDocs)) {
+    log(`ERROR: docs/orchestration.md is a symlink — refusing: ${destDocs}`);
+    ok = false;
+  } else {
+    try {
+      fs.mkdirSync(path.dirname(destDocs), { recursive: true });
+      fs.writeFileSync(destDocs, fs.readFileSync(srcDocs));
+      log(`[doctrine] copied ${destDocs}`);
+    } catch (err) {
+      log(`ERROR: failed to copy docs/orchestration.md: ${err.message}`);
+      ok = false;
+    }
+  }
+
   return ok;
 }
 
@@ -461,13 +525,14 @@ function run(argv) {
 
   let anyError = false;
 
-  // 1. Doctrine
+  // 1. Doctrine — portable AGENTS.md kernel + this target's runtime adapter.
   if (!installDoctrine(project, dryRun, log)) anyError = true;
+  if (!installAdapter(target, project, dryRun, log)) anyError = true;
 
-  // 2. Engine
+  // 2. Engine — frontier/ + bin/maestro.cjs + docs/orchestration.md.
   if (!installEngine(project, dryRun, log)) anyError = true;
 
-  // 3. Wrapper (skip if no specific target detected)
+  // 3. Wrapper — this target's /frontier command (skip if no target detected).
   if (target !== 'none') {
     if (!installWrapper(target, project, userGlobal, dryRun, log)) anyError = true;
   }