@open-agent-toolkit/cli 0.1.50 → 0.1.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/assets/agents/oat-phase-implementer.md +16 -5
  2. package/assets/docs/cli-utilities/configuration.md +1 -1
  3. package/assets/docs/cli-utilities/workflow-gates.md +1 -1
  4. package/assets/docs/provider-sync/commands.md +29 -1
  5. package/assets/docs/provider-sync/providers.md +13 -4
  6. package/assets/docs/provider-sync/scope-and-surface.md +13 -0
  7. package/assets/docs/reference/cli-reference.md +2 -2
  8. package/assets/docs/workflows/projects/hill-checkpoints.md +1 -1
  9. package/assets/docs/workflows/projects/implementation-execution.md +34 -3
  10. package/assets/docs/workflows/projects/lifecycle.md +9 -0
  11. package/assets/docs/workflows/projects/reviews.md +18 -1
  12. package/assets/public-package-versions.json +4 -4
  13. package/assets/skills/oat-agent-instructions-analyze/references/docs/provider-reference.md +8 -2
  14. package/assets/skills/oat-agent-instructions-apply/references/docs/provider-reference.md +8 -2
  15. package/assets/skills/oat-project-implement/SKILL.md +196 -67
  16. package/assets/skills/oat-project-import-plan/SKILL.md +6 -6
  17. package/assets/skills/oat-project-next/SKILL.md +8 -1
  18. package/assets/skills/oat-project-plan/SKILL.md +6 -6
  19. package/assets/skills/oat-project-plan-writing/SKILL.md +13 -10
  20. package/assets/skills/oat-project-pr-final/SKILL.md +8 -1
  21. package/assets/skills/oat-project-quick-start/SKILL.md +5 -5
  22. package/assets/skills/oat-project-review-provide/SKILL.md +27 -9
  23. package/dist/commands/config/index.d.ts.map +1 -1
  24. package/dist/commands/config/index.js +34 -9
  25. package/dist/commands/doctor/index.d.ts.map +1 -1
  26. package/dist/commands/doctor/index.js +148 -85
  27. package/dist/commands/gate/index.js +1 -1
  28. package/dist/commands/project/dispatch-ceiling/index.d.ts.map +1 -1
  29. package/dist/commands/project/dispatch-ceiling/index.js +80 -0
  30. package/dist/commands/providers/codex/materialize.d.ts.map +1 -1
  31. package/dist/commands/providers/codex/materialize.js +31 -15
  32. package/dist/config/oat-config.d.ts +9 -1
  33. package/dist/config/oat-config.d.ts.map +1 -1
  34. package/dist/config/oat-config.js +55 -4
  35. package/dist/config/resolve.d.ts.map +1 -1
  36. package/dist/config/resolve.js +7 -3
  37. package/dist/providers/codex/codec/config-merge.d.ts +8 -2
  38. package/dist/providers/codex/codec/config-merge.d.ts.map +1 -1
  39. package/dist/providers/codex/codec/config-merge.js +17 -2
  40. package/dist/providers/codex/codec/sync-extension.d.ts.map +1 -1
  41. package/dist/providers/codex/codec/sync-extension.js +14 -4
  42. package/package.json +2 -2
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: oat-phase-implementer
3
- version: 1.0.4
3
+ version: 1.0.5
4
4
  description: Acts as a phase coordinator that dispatches one exact target-pinned task worker at a time, or executes exactly one bounded Task Scope when dispatched as a worker. Used by oat-project-implement.
5
5
  tools: Read, Write, Edit, Bash, Grep, Glob, Task
6
6
  color: cyan
@@ -148,10 +148,12 @@ downgrade for a managed task.
148
148
 
149
149
  #### 4. Build the Exact Invocation Before Logging
150
150
 
151
- - Codex: use `providers.codex.dispatchArgs.variant` as the actual `agent_type`.
152
- If the native host cannot select that registered role, launch a fresh Codex
153
- child pinned to `selection.target.model` and `selection.target.effort` with
154
- these canonical instructions and the Task Scope. If neither exact route is
151
+ - Codex: use `providers.codex.dispatchArgs.variant` as the actual `agent_type`
152
+ and attempt the exact materialized `agent_type` first. Only explicit
153
+ pre-start native role-selection rejection of that exact `agent_type`, before
154
+ any child starts, permits a fresh pinned fallback: launch a fresh Codex child
155
+ pinned to `selection.target.model` and `selection.target.effort` with these
156
+ canonical instructions and the Task Scope. If neither exact route is
155
157
  available, block.
156
158
  - Claude: pass `providers.claude.dispatchArgs.model` as the actual Task `model`.
157
159
  - Cursor: pass `providers.cursor.dispatchArgs.model` byte-for-byte as the actual
@@ -163,6 +165,15 @@ transient retry must reuse the same exact role/model/effort payload. A
163
165
  substantive escalation must re-resolve another configured candidate without
164
166
  exceeding the same named maximum.
165
167
 
168
+ The launcher-owned `target`, `model_axis`, and `effort_axis` come only from the
169
+ resolver output and constructed invocation payload. They are immutable and
170
+ must not be populated, replaced, or contradicted by worker self-report. Spawn
171
+ acceptance confirms that configured invocation; worker output is only task
172
+ outcome data. Missing telemetry, missing self-report, and accepted terminal
173
+ results including `BLOCKED` never trigger fallback. Once a child starts, every
174
+ terminal result is authoritative for that attempt and is not native
175
+ role-selection rejection.
176
+
166
177
  #### 5. Dispatch and Verify Serially
167
178
 
168
179
  Run one exact task worker at a time, serially in the same worktree:
@@ -453,7 +453,7 @@ Workflow preference keys live under the `workflow.*` namespace:
453
453
  - `workflow.hillCheckpointDefault` — `every` or `final`. Default HiLL checkpoint behavior in `oat-project-implement`: pause after every phase or only after the last phase. When unset, the skill prompts.
454
454
  - `workflow.archiveOnComplete` — boolean. Skip the "Archive after completion?" prompt in `oat-project-complete`. When unset, the skill prompts.
455
455
  - `workflow.createPrOnComplete` — boolean. Skip the "Open a PR?" prompt in `oat-project-complete`; when true, completion auto-triggers PR creation. When unset, the skill prompts.
456
- - `workflow.postImplementSequence` — `wait`, `summary`, `pr`, or `docs-pr`. Controls what `oat-project-implement` chains after final review passes. `wait` stops without auto-chaining, `summary` runs only `oat-project-summary`, `pr` runs `oat-project-pr-final` (which auto-generates summary), `docs-pr` runs `oat-project-document` then `oat-project-pr-final`. When unset, the skill prompts.
456
+ - `workflow.postImplementSequence` — legacy `wait`, `summary`, `pr`, or `docs-pr`, or `{ "preApproval": [...], "postApproval": [...] }`. Legacy values remain strings; structured arrays contain ordered, globally unique `summary`, `document`, and `pr` steps. Pre-approval steps run after final review and before final HiLL approval; post-approval steps run only after that approval. Plain retrieval keeps legacy strings and prints structured values as compact JSON; `--json` returns the raw value.
457
457
  - `workflow.reviewExecutionModel` — `subagent`, `inline`, or `fresh-session`. Default final-review execution model in `oat-project-implement`. `subagent` and `inline` run automatically. `fresh-session` is a soft preference: the skill prints guidance to run the review in another session but still offers escape hatches to `subagent` or `inline` if you change your mind. When unset, the skill prompts.
458
458
  - `workflow.autoReviewAtHillCheckpoints` — boolean. Automatically run the extra lifecycle review when a HiLL checkpoint is reached. This does not control Tier 1 per-phase `oat-reviewer` gates, which run after each phase in Tier 1 regardless of this setting. When unset, the skill prompts.
459
459
  - `workflow.autoNarrowReReviewScope` — boolean. Auto-narrow re-review scope to fix-task commits only in `oat-project-review-provide`. When unset, the skill prompts.
@@ -518,7 +518,7 @@ Gate failure behavior is owned by the gate-aware skill:
518
518
  available target. Once a target actually runs, its exit code is the gate result;
519
519
  OAT does not try another target after a failed review.
520
520
 
521
- Gate target execution has a child-process timeout (default 10 minutes, override
521
+ Gate target execution has a child-process timeout (default 15 minutes, override
522
522
  with `OAT_GATE_EXEC_TIMEOUT_MS`). When a review target times out, JSON output
523
523
  reports `status: review_failed`, `outcome: review_did_not_complete`,
524
524
  `timedOut: true`, and the timeout value so automation can distinguish a hung
@@ -21,7 +21,7 @@ These command definitions inherit the cross-cutting CLI conventions in:
21
21
 
22
22
  - What it does: defines the day-to-day provider-sync command surface for inspecting state, reconciling provider views, and changing provider enablement.
23
23
  - When to use it: after you have canonical assets in place and need to check sync state, write provider views, or change provider config.
24
- - Primary commands: `oat status`, `oat sync`, `oat providers list`, `oat providers inspect`, `oat providers set`
24
+ - Primary commands: `oat status`, `oat sync`, `oat providers list`, `oat providers inspect`, `oat providers set`, `oat providers codex materialize`
25
25
 
26
26
  ## `oat status`
27
27
 
@@ -71,6 +71,34 @@ Key behavior:
71
71
  - Options: `--enabled <providers>`, `--disabled <providers>` (comma-separated)
72
72
  - Changes take effect on next `oat sync`
73
73
 
74
+ ## `oat providers codex materialize`
75
+
76
+ Purpose:
77
+
78
+ - Materialize one canonical Markdown agent as a Codex TOML role and register it
79
+ in Codex configuration
80
+
81
+ Required operands:
82
+
83
+ ```bash
84
+ oat providers codex materialize <agent-name> \
85
+ --model <model-id> \
86
+ --effort <reasoning-effort>
87
+ ```
88
+
89
+ Key behavior:
90
+
91
+ - Project scope is the default and writes only `.codex/config.toml` plus the
92
+ project role file; `--scope user` writes only under `~/.codex`
93
+ - `--agent-path` selects a specific canonical agent and `--role-name` overrides
94
+ the generated role name
95
+ - Managed role registration enables multi-agent support and merges an
96
+ `agents.max_depth` floor of `2`
97
+ - Project writes preserve a higher existing project depth or inherited user
98
+ depth without mutating user configuration; user writes do not inspect or
99
+ mutate project configuration
100
+ - Existing unrelated Codex configuration and custom roles are preserved
101
+
74
102
  ## Notes
75
103
 
76
104
  - `oat init --scope project` is commonly used before provider-interop commands because it initializes `.oat/sync/config.json`.
@@ -61,6 +61,9 @@ description: 'Provider-specific path mappings for Claude, Cursor, Copilot, Gemin
61
61
  - Codex `max` is a first-class dispatch effort. It is present only for the Sol family in the committed supported catalogue, for both implementer and reviewer roles.
62
62
  - Codex multi-agent dispatch uses config-defined roles (`[agents.<name>]`) and `agent_type`
63
63
  - Codex subagent workflows require `[features] multi_agent = true` in active Codex config layers
64
+ - Managed Codex roles require `agents.max_depth >= 2` for the native topology: root (depth 0) → phase coordinator (depth 1) → task worker (depth 2). Sync and direct materialization merge that floor without lowering a higher target value; project writes also preserve a higher inherited user value.
65
+ - Project sync or materialization writes only the project's `.codex/config.toml`; explicit user-scope materialization writes only `~/.codex/config.toml`. Project scope may read the lower-precedence user depth, but never mutates user configuration.
66
+ - When managed roles exist and effective depth is missing, invalid, or below `2`, `oat doctor` and managed implementation preflight explain the topology and recommend `oat sync --scope project` or `oat sync --scope user` for the affected scope. Direct materialization with the same scope is the single-role repair path.
64
67
  - `oat-phase-implementer` is dual-mode: Phase Scope makes it a phase coordinator, while Task Scope makes the exact materialized variant a one-task worker. The coordinator does not implement ordinary tasks itself.
65
68
 
66
69
  ## Managed dispatch views
@@ -84,10 +87,16 @@ that repository change.
84
87
 
85
88
  At implementation time, the phase coordinator passes the recorded named
86
89
  maximum through invocation-only `--ceiling-tier`, resolves one exact candidate
87
- per bounded task, and dispatches one task worker at a time. Codex uses the
88
- resolver-returned materialized role. Claude and Cursor bind the exact model
89
- arguments described above. A missing or unselectable managed target blocks
90
- rather than falling back to the coordinator or a base role.
90
+ per bounded task, and dispatches one task worker at a time. Codex first
91
+ attempts the resolver-returned materialized role as the native `agent_type`.
92
+ The launcher records the target, model axis, and effort axis from that resolved
93
+ payload; worker self-report is not provenance and cannot replace those values.
94
+ Only an explicit pre-start native role-selection rejection permits a fresh
95
+ pinned-child fallback. An accepted child, including one that later returns
96
+ `BLOCKED` or lacks telemetry, is a task outcome rather than a fallback signal.
97
+ Claude and Cursor bind the exact model arguments described above. A missing or
98
+ unselectable managed target blocks rather than falling back to the coordinator
99
+ or a base role.
91
100
 
92
101
  ## Scope rules
93
102
 
@@ -48,9 +48,22 @@ Rules are currently project-scoped canonical content. Unlike skills and agents,
48
48
  - `oat init --scope project` (interactive) prompts for supported providers and persists explicit true/false values.
49
49
  - `oat sync --scope project` uses config-aware provider activation and can prompt to remediate detected mismatches.
50
50
  - Codex project-scope subagent sync writes `.codex/config.toml` and `.codex/agents/*.toml` at command layer after path-mapping sync. Every generated project Codex variant and registration is repository-owned, version-controlled provider output. OAT provides no automatic ignore mechanism for this project output; collaborators review and commit it like other project configuration.
51
+ - Managed Codex roles require an effective `agents.max_depth` of at least `2` for `root (0) → phase coordinator (1) → task worker (2)`. Sync and direct materialization apply that floor without lowering a higher target value. A project write may read a higher lower-precedence user value and preserves it in the project configuration; it writes only project `.codex/config.toml`. User scope writes only `~/.codex/config.toml` and does not read or change project configuration.
52
+ - If a managed role has missing, invalid, or insufficient effective depth, `oat doctor` and managed implementation preflight report the topology and give a scope-specific repair: `oat sync --scope project` for project scope or `oat sync --scope user` for user scope. For a single role, use `oat providers codex materialize` with the same explicit scope.
51
53
  - Codex aggregate config drift is reported via sync/status extension metadata (`aggregateConfigHash`); it is not persisted as a separate manifest schema entry.
52
54
  - Codex user-config materialization writes user-owned implementer and reviewer roles under the user provider directory, `~/.codex`; it does not write those roles into the repository.
53
55
 
56
+ ## Codex managed dispatch
57
+
58
+ For managed Codex work, the resolver-returned materialized role is attempted as
59
+ the native `agent_type` first. The launcher owns the resulting target, model,
60
+ and reasoning-effort provenance, derived from the resolved candidate and
61
+ compiled invocation payload; worker output cannot populate or overwrite it.
62
+ A fresh pinned child is allowed only after explicit pre-start native
63
+ role-selection rejection. Missing runtime telemetry, missing self-report, or a
64
+ child accepted by the native route that later returns `BLOCKED` are not
65
+ role-selection rejection and do not permit fallback.
66
+
54
67
  ## Non-interop namespaces in the same CLI
55
68
 
56
69
  - `oat project new <name>` (workflow/project scaffolding)
@@ -66,7 +66,7 @@ Notable commands introduced in the current CLI surface:
66
66
  - `oat project complete-state <project-path>` - apply the canonical completed-state mutation to a project's `state.md`; used by `oat-project-complete` during lifecycle closeout
67
67
  - `oat project archive [project-path]` - archive a tracked project through the same local move, summary export, and optional S3 upload path used by completion. When omitted, the project path falls back to the active project.
68
68
  - `oat repo archive sync [project-name]` - hydrate archived project snapshots from the configured repo-scoped S3 archive into `.oat/projects/archived/`. The old `oat project archive sync` path remains as a deprecated shim.
69
- - `oat project validate-plan --project-path <path>` - validates `oat_plan_parallel_groups` metadata in `plan.md`; exits non-zero on invalid. See [Implementation Execution](../workflows/projects/implementation-execution.md#validating-plan-metadata).
69
+ - `oat project validate-plan --project-path <path>` - validates `oat_plan_parallel_groups` metadata in `plan.md`; exits non-zero on invalid. See [Implementation Execution](../workflows/projects/implementation-execution.md#plan-declared-parallelism).
70
70
  - `oat project set-mode` — deprecated no-op. Execution mode is no longer user-selectable; emits a deprecation warning and preserves the `--json` contract.
71
71
  - `oat gate review <prompt...>` - run a stateful OAT review through the target registry, parse the produced review artifact, and exit nonzero for configured blocking findings. With `--json`, the result envelope on exit is the canonical completion signal: `status` is `ok` | `blocked` | `review_failed` | `artifact_validation_failed` | `targeting_correlation_failed`, alongside `runId`, `generatedAt`, and `artifactPath` when available. Invoke `oat-project-review-receive` only when all three conditions hold: `status` is `ok` or `blocked`, `receiveEligible` is `true`, and `handoff` is non-null. For `artifact_validation_failed`, correct the artifact and rerun the gate for successful revalidation before receive. `targeting_correlation_failed` sets `receiveEligible: false`; do not run review-receive even if it reports an artifact path. Orchestrators should read the structured result rather than poll the filesystem. The command runs standalone (for example, `--review-scope final`), not only inside `oat-project-implement`. See [Workflow Gates → Gate completion signal](../cli-utilities/workflow-gates.md#gate-completion-signal).
72
72
  - `oat gate target set <id> --invocation-model <model|provider-default> --invocation-reasoning-effort <effort|provider-default>` - persist optional configured invocation metadata alongside an exec target without inferring it from the target command.
@@ -92,7 +92,7 @@ The `workflow.*` namespace holds user-facing workflow preferences that let you a
92
92
  - `workflow.hillCheckpointDefault` (`every` | `final`) — default HiLL checkpoint behavior in `oat-project-implement`
93
93
  - `workflow.archiveOnComplete` (`boolean`) — skip the archive prompt in `oat-project-complete`
94
94
  - `workflow.createPrOnComplete` (`boolean`) — skip the "Open a PR?" prompt in `oat-project-complete`
95
- - `workflow.postImplementSequence` (`wait` | `summary` | `pr` | `docs-pr`) — post-implementation chaining behavior
95
+ - `workflow.postImplementSequence` (legacy `wait` | `summary` | `pr` | `docs-pr`, or structured `{preApproval, postApproval}` arrays) — approval-aware post-implementation chaining
96
96
  - `workflow.reviewExecutionModel` (`subagent` | `inline` | `fresh-session`) — default final-review execution model
97
97
  - `workflow.autoReviewAtHillCheckpoints` (`boolean`) — auto-run the extra lifecycle review at HiLL checkpoints
98
98
  - `workflow.autoNarrowReReviewScope` (`boolean`) — auto-narrow re-review scope to fix-task commits
@@ -10,7 +10,7 @@ OAT supports two checkpoint classes:
10
10
  - Workflow phase checkpoints
11
11
  - Plan phase checkpoints
12
12
 
13
- The [phase review gate](reviews.md#phase-review-gate) (`oat_phase_review_gate`) is a separate, non-pausing mechanism — it does not pause on a passing gate and never modifies the HiLL keys below (`oat_hill_completed`, `oat_plan_hill_phases`).
13
+ The [Phase gate review](reviews.md#phase-review-gate) (`oat_phase_review_gate`) is a separate, non-pausing mechanism — it does not pause on a passing gate and never modifies the HiLL keys below (`oat_hill_completed`, `oat_plan_hill_phases`).
14
14
 
15
15
  ## Workflow checkpoints (`state.md`)
16
16
 
@@ -113,6 +113,19 @@ An unresolved non-interactive preflight blocks. Managed `Uncapped` and
113
113
  `Inherit Host Defaults` are explicit modes; omitted policy state is not an
114
114
  implicit fallback.
115
115
 
116
+ For a managed Codex implementer, preflight also resolves the effective
117
+ `agents.max_depth`. Native `root (0) → phase coordinator (1) → task worker (2)`
118
+ execution requires a depth of at least `2`. Missing, invalid, or lower values
119
+ block before dispatch and identify the owning scope:
120
+
121
+ - Project scope: run `oat sync --scope project`
122
+ - User scope: run `oat sync --scope user`
123
+ - Single-role repair: rerun `oat providers codex materialize` with the required
124
+ agent name, model, effort, and matching scope
125
+
126
+ Project preflight may inherit a valid higher user depth, but remediation never
127
+ writes across the project/user boundary.
128
+
116
129
  ## Resolve the Effective Named Maximum
117
130
 
118
131
  For each phase, the orchestrator determines the task maximum:
@@ -202,9 +215,14 @@ candidate above the maximum or absent from the configured ladder blocks.
202
215
  Build the complete host payload before writing dispatch logs:
203
216
 
204
217
  - **Codex:** use `providers.codex.dispatchArgs.variant` as the actual
205
- `agent_type`. If the registered role cannot be selected, launch a fresh Codex
206
- child pinned to `selection.target.model` and `selection.target.effort` with
207
- canonical `oat-phase-implementer` instructions and the Task Scope.
218
+ `agent_type`. An accepted launch with that exact materialized role is
219
+ authoritative evidence of the configured invocation for coordinators and
220
+ task workers. A fresh Codex child pinned to `selection.target.model` and
221
+ `selection.target.effort` is permitted only after an actual native
222
+ role-selection rejection; missing self-reporting or model/effort telemetry
223
+ does not justify the fallback. An accepted child, including one that later
224
+ returns `BLOCKED`, is a task outcome and never triggers another pinned-child
225
+ fallback.
208
226
  - **Claude:** pass `providers.claude.dispatchArgs.model` as the actual Task
209
227
  `model`. Its separate effort axis is `not-applicable`.
210
228
  - **Cursor:** pass `providers.cursor.dispatchArgs.model` byte-for-byte as the
@@ -238,6 +256,14 @@ Configured defaults and configured gate invocation remain distinct from runtime
238
256
  identity; when runtime identity is not observed, the report says so without
239
257
  weakening exact requested model or effort controls.
240
258
 
259
+ After constructing the complete payload, the launcher records the selected
260
+ target and requested model/effort controls in the report. Those configured
261
+ invocation fields are launcher-owned and derive from resolver output plus the
262
+ actual payload; worker output cannot populate or overwrite them. Optional
263
+ coordinator or worker self-report remains non-authoritative runtime evidence.
264
+ Runtime attestation, when available, is separate host-generated metadata rather
265
+ than an agent claim.
266
+
241
267
  ## Task Scope and Commit Verification
242
268
 
243
269
  Each worker receives only one task:
@@ -348,6 +374,11 @@ context. An unresolved or verification-failing conflict stops fan-in.
348
374
 
349
375
  ## Phase Review Gate and HiLL
350
376
 
377
+ Phase gate review is independent from HiLL: a configured passing gate continues
378
+ automatically, while a HiLL checkpoint pauses for human approval. For the final
379
+ phase, approval-aware post-implementation sequences run pre-approval work only
380
+ after final review and post-approval work only after the recorded approval.
381
+
351
382
  After standard review passes and bookkeeping is committed, an enabled
352
383
  `oat_phase_review_gate` may run a target-neutral external review for the phase.
353
384
  Passing artifacts are still received for durable disposition; blocking
@@ -84,6 +84,15 @@ This distinction matters during completion: `oat-project-complete` can skip the
84
84
 
85
85
  ### Auto-review at HiLL checkpoints
86
86
 
87
+ ### Approval-aware post-implementation sequencing
88
+
89
+ `workflow.postImplementSequence` can use the legacy string values or a structured
90
+ `{ preApproval, postApproval }` value. After the final review passes, OAT
91
+ snapshots the effective sequence, runs ordered pre-approval steps, records final
92
+ HiLL approval, and only then runs post-approval steps. The snapshot is
93
+ restart-safe: an incomplete sequence routes back to implementation and resumes
94
+ from its first incomplete step.
95
+
87
96
  When `workflow.autoReviewAtHillCheckpoints` is enabled or `plan.md` frontmatter sets `oat_auto_review_at_hill_checkpoints`, completing a HiLL checkpoint automatically runs the extra lifecycle review scoped to every implementation phase not already covered by a passed whole-phase code review, through the just-completed checkpoint. Mid-implementation multi-phase reviews use inclusive phase-range scopes such as `p02-p03`; the final implementation checkpoint uses `code final`. The review uses auto-disposition mode (minors auto-converted to fix tasks, no user prompts). Disabled by default. Legacy `autoReviewAtCheckpoints` and `oat_auto_review_at_checkpoints` are still read as fallbacks. This does not control Tier 1 per-phase `oat-reviewer` gates.
88
97
 
89
98
  ### Phase-review setup during planning
@@ -207,7 +207,24 @@ Final review `passed` gate requires:
207
207
  - Project-scope Codex role files are generated from canonical `.agents/agents/*.md` during `oat sync --scope project`.
208
208
  - User-config Codex roles materialize under `~/.codex`; project-config and supported-catalogue roles remain in the project-scoped, version-controlled `.codex` view.
209
209
  - Some Codex hosts require explicit user authorization before the skill may call `spawn_agent`. In those hosts, `oat-project-review-provide` should ask whether to delegate to `oat-reviewer` instead of reporting the reviewer as unresolved.
210
- - If subagent dispatch is unavailable, follow the existing fallback path (fresh session preferred, inline reset as fallback).
210
+ - An accepted launch using the exact materialized `agent_type` is authoritative
211
+ configured-invocation evidence for a reviewer. After the complete payload
212
+ is built, the launcher records its `target`, `model_axis`, and
213
+ `effort_axis`; reviewer self-report cannot supply or overwrite those
214
+ fields. Optional self-report is non-authoritative, while runtime
215
+ attestation is host-generated metadata.
216
+ - A fresh pinned CLI child is a fallback only for an actual native
217
+ role-selection rejection, never for absent self-reporting or model/effort
218
+ telemetry. A child accepted by the native host, including one that later
219
+ returns `BLOCKED`, has produced a review outcome and cannot trigger the
220
+ fallback.
221
+ - An accepted reviewer that returns `BLOCKED` blocks the relevant review. It
222
+ cannot trigger the pinned fallback, and absent findings in that blocked
223
+ outcome cannot be interpreted as a pass.
224
+ - For unmanaged review dispatch, if subagent dispatch is unavailable, follow
225
+ the existing fallback path (fresh session preferred, inline reset as
226
+ fallback). This generic fallback does not override managed exact-target
227
+ rules: a managed reviewer that cannot be launched exactly blocks the review.
211
228
 
212
229
  ## Reference artifacts
213
230
 
@@ -1,6 +1,6 @@
1
1
  {
2
- "cli": "0.1.50",
3
- "docs-config": "0.1.50",
4
- "docs-theme": "0.1.50",
5
- "docs-transforms": "0.1.50"
2
+ "cli": "0.1.52",
3
+ "docs-config": "0.1.52",
4
+ "docs-theme": "0.1.52",
5
+ "docs-transforms": "0.1.52"
6
6
  }
@@ -220,6 +220,8 @@ The package manager for the agent skills ecosystem. Installs skills across 27+ a
220
220
  - Enable feature flag in config:
221
221
  - `[features]`
222
222
  - `multi_agent = true`
223
+ - For OAT's nested root → coordinator → worker topology, configure
224
+ `[agents] max_depth = 2` or higher.
223
225
  - Define role(s) in config:
224
226
  - `[agents.oat-reviewer]` (or role names your workflow dispatches)
225
227
  - Dispatch by role name using `agent_type` (not `subagent_type`).
@@ -228,8 +230,12 @@ The package manager for the agent skills ecosystem. Installs skills across 27+ a
228
230
  **Note on OAT provider sync:**
229
231
 
230
232
  - Codex runtime dispatch is config-role based (`[agents.<name>]`) and TOML-backed.
231
- - OAT currently does not sync canonical markdown agents into `.codex/agents`.
232
- - Canonical markdown agent definitions require a markdown→TOML adapter to become Codex-executable role configs.
233
+ - OAT sync exports canonical Markdown agents as `.codex/agents/*.toml` role
234
+ configs and registers them in `.codex/config.toml`.
235
+ - Project-scoped output is repository-owned and version controlled. Explicit
236
+ user-scope materialization writes under `~/.codex` instead.
237
+ - Sync and direct materialization merge an `agents.max_depth` floor of `2`
238
+ without lowering a higher project or inherited user value.
233
239
 
234
240
  ### Other Codex Resources
235
241
 
@@ -220,6 +220,8 @@ The package manager for the agent skills ecosystem. Installs skills across 27+ a
220
220
  - Enable feature flag in config:
221
221
  - `[features]`
222
222
  - `multi_agent = true`
223
+ - For OAT's nested root → coordinator → worker topology, configure
224
+ `[agents] max_depth = 2` or higher.
223
225
  - Define role(s) in config:
224
226
  - `[agents.oat-reviewer]` (or role names your workflow dispatches)
225
227
  - Dispatch by role name using `agent_type` (not `subagent_type`).
@@ -228,8 +230,12 @@ The package manager for the agent skills ecosystem. Installs skills across 27+ a
228
230
  **Note on OAT provider sync:**
229
231
 
230
232
  - Codex runtime dispatch is config-role based (`[agents.<name>]`) and TOML-backed.
231
- - OAT currently does not sync canonical markdown agents into `.codex/agents`.
232
- - Canonical markdown agent definitions require a markdown→TOML adapter to become Codex-executable role configs.
233
+ - OAT sync exports canonical Markdown agents as `.codex/agents/*.toml` role
234
+ configs and registers them in `.codex/config.toml`.
235
+ - Project-scoped output is repository-owned and version controlled. Explicit
236
+ user-scope materialization writes under `~/.codex` instead.
237
+ - Sync and direct materialization merge an `agents.max_depth` floor of `2`
238
+ without lowering a higher project or inherited user value.
233
239
 
234
240
  ### Other Codex Resources
235
241