azclaude-copilot 0.7.5 → 0.7.7

package/.claude-plugin/marketplace.json

@@ -9,7 +9,7 @@
     {
       "name": "azclaude",
       "description": "AZCLAUDE is a complete AI coding environment for Claude Code. It installs 40 commands, 10 auto-invoked skills, 15 specialized agents, 5 hooks, a real-time pipeline visualizer, and a persistent memory system — in one command.\n\nKey features:\n• Memory across sessions — goals.md + checkpoints injected automatically before every session\n• Self-improving loop — /reflect fixes stale CLAUDE.md rules, /reflexes learns from tool-use patterns, /evolve creates agents from git evidence\n• Autonomous copilot mode — /copilot runs a three-tier team (orchestrator → problem-architect → milestone-builder) across sessions until the product ships\n• Spec-driven workflow — /constitute writes project rules, /spec writes structured ACs, /analyze detects plan drift and ghost milestones, /blueprint traces every milestone to a spec\n• Security layer — 111-rule environment scan (/sentinel), pre-write secret blocking, pre-ship credential audit\n• Progressive levels 0–10 — start with CLAUDE.md, grow into multi-agent pipelines and self-evolving environments\n• Zero dependencies — no npm packages, no external APIs, no vector databases. Plain markdown files and Claude Code's native architecture.\n• Smart install — npx azclaude-copilot@latest auto-detects first install vs upgrade vs verify. Context-aware onboarding shows the right next command for your project state.\n\nExample use cases:\n• /setup — scan an existing project, detect stack + domain + scale, fill CLAUDE.md, generate project-specific skills and agents automatically\n• /copilot \"Build a compliance SaaS with trilingual support\" — walk away, come back to working code across multiple sessions\n• /sentinel — run a scored security audit (0–100, grade A–F) across hooks, permissions, MCP servers, agent configs, and secrets\n• /evolve — detect gaps in the environment, generate new skills and agents from git co-change evidence, report score delta (e.g. 42/100 → 68/100)\n• /constitute — write your project's constitution (non-negotiables, architectural commitments, definition of done) — gates all future AI actions\n• /analyze — cross-artifact consistency check: ghost milestones, spec vs. code drift, unplanned commits\n• /reflect — find stale, missing, or contradicting rules in CLAUDE.md and propose exact fixes\n• /debate \"REST vs GraphQL for this project\" — adversarial evidence-based decision with order-independent scoring, logged to decisions.md",
-      "version": "0.7.5",
+      "version": "0.7.6",
       "source": {
         "source": "github",
         "repo": "haytamAroui/AZ-CLAUDE-COPILOT",

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "azclaude",
-  "version": "0.7.5",
+  "version": "0.7.6",
   "description": "AZCLAUDE is a complete AI coding environment for Claude Code. It installs 40 commands, 10 auto-invoked skills, 15 specialized agents, 5 hooks, a real-time pipeline visualizer, and a persistent memory system — in one command.\n\nKey features:\n• Memory across sessions — goals.md + checkpoints injected automatically before every session\n• Self-improving loop — /reflect fixes stale CLAUDE.md rules, /reflexes learns from tool-use patterns, /evolve creates agents from git evidence\n• Autonomous copilot mode — /copilot runs a three-tier team (orchestrator → problem-architect → milestone-builder) across sessions until the product ships\n• Spec-driven workflow — /constitute writes project rules, /spec writes structured ACs, /analyze detects plan drift and ghost milestones, /blueprint traces every milestone to a spec\n• Security layer — 111-rule environment scan (/sentinel), pre-write secret blocking, pre-ship credential audit\n• Progressive levels 0–10 — start with CLAUDE.md, grow into multi-agent pipelines and self-evolving environments\n• Zero dependencies — no npm packages, no external APIs, no vector databases. Plain markdown files and Claude Code's native architecture.\n• Smart install — npx azclaude-copilot@latest auto-detects first install vs upgrade vs verify. Context-aware onboarding shows the right next command for your project state.\n\nExample use cases:\n• /setup — scan an existing project, detect stack + domain + scale, fill CLAUDE.md, generate project-specific skills and agents automatically\n• /copilot \"Build a compliance SaaS with trilingual support\" — walk away, come back to working code across multiple sessions\n• /sentinel — run a scored security audit (0–100, grade A–F) across hooks, permissions, MCP servers, agent configs, and secrets\n• /evolve — detect gaps in the environment, generate new skills and agents from git co-change evidence, report score delta (e.g. 42/100 → 68/100)\n• /constitute — write your project's constitution (non-negotiables, architectural commitments, definition of done) — gates all future AI actions\n• /analyze — cross-artifact consistency check: ghost milestones, spec vs. code drift, unplanned commits\n• /reflect — find stale, missing, or contradicting rules in CLAUDE.md and propose exact fixes\n• /debate \"REST vs GraphQL for this project\" — adversarial evidence-based decision with order-independent scoring, logged to decisions.md",
   "author": {
     "name": "haytamAroui",

package/README.md

@@ -637,11 +637,11 @@ AZCLAUDE is a lazy-loaded environment of 48 capability modules. It only loads wh
 
 ## Verified
 
-1958 tests. Every template, command, capability, agent, hook, and CLI feature verified.
+1998 tests. Every template, command, capability, agent, hook, and CLI feature verified.
 
 ```bash
 bash tests/test-features.sh
-# Results: 1958 passed, 0 failed, 1958 total
+# Results: 1998 passed, 0 failed, 1998 total
 ```
 
 ---

package/bin/cli.js

@@ -6,6 +6,14 @@ const os            = require('os');
 const crypto        = require('crypto');
 const { execSync }  = require('child_process');
 
+// Strip --cli <value> from argv early so it doesn't interfere with positional args
+const cliArgIdx = process.argv.indexOf('--cli');
+let CLI_OVERRIDE = null;
+if (cliArgIdx !== -1 && process.argv[cliArgIdx + 1]) {
+  CLI_OVERRIDE = process.argv[cliArgIdx + 1];
+  process.argv.splice(cliArgIdx, 2); // remove --cli and its value from argv
+}
+
 const TEMPLATE_DIR = path.join(__dirname, '..', 'templates');
 const CORE_COMMANDS     = ['setup', 'fix', 'add', 'audit', 'test', 'blueprint', 'ship', 'pulse', 'explain', 'snapshot', 'persist'];
 const EXTENDED_COMMANDS = ['dream', 'refactor', 'doc', 'loop', 'migrate', 'deps', 'find', 'create', 'reflect', 'hookify', 'sentinel', 'clarify', 'spec', 'analyze', 'constitute', 'tasks', 'issues', 'driven', 'mcp', 'verify', 'inoculate', 'ghost-test', 'visualize'];
@@ -73,7 +81,19 @@ const CLI_TABLE = [
 ];
 
 function detectCLI() {
-  // 0. Env override (for testing / explicit selection)
+  // 0. --cli flag override (stripped from argv at top of file)
+  if (CLI_OVERRIDE) {
+    const v = CLI_OVERRIDE.toLowerCase();
+    const forced = CLI_TABLE.find(c =>
+      c.name.toLowerCase().replace(/\s/g,'') === v
+      || c.exe === v
+      || c.cfg === `.${v}`
+    );
+    if (forced) return forced;
+    console.log(`  ⚠ Unknown CLI "${CLI_OVERRIDE}". Valid: ${CLI_TABLE.map(c => c.exe).join(', ')}`);
+  }
+
+  // 0a. Env override (for testing / explicit selection)
   if (process.env.AZCLAUDE_CLI) {
     const forced = CLI_TABLE.find(c => c.name.toLowerCase().replace(/\s/g,'') === process.env.AZCLAUDE_CLI.toLowerCase());
     if (forced) return forced;
@@ -116,6 +136,36 @@ function substitutePaths(content, cfg) {
   return content.replace(/\.claude\//g, `${cfg}/`);
 }
 
+// Adapt command frontmatter for non-Claude CLIs.
+// Claude Code: keeps all fields as-is.
+// OpenCode:    keeps description, strips Claude-specific fields (allowed-tools, disable-model-invocation, argument-hint).
+// Codex CLI:   keeps description, strips Claude-specific fields.
+// Gemini CLI:  converts to TOML format (handled separately in installCommandsGemini).
+function adaptCommandContent(content, cliName) {
+  if (cliName === 'Claude Code') return content;
+
+  // Parse frontmatter
+  const fmMatch = content.match(/^---\n([\s\S]*?)\n---\n([\s\S]*)$/);
+  if (!fmMatch) return content; // no frontmatter, return as-is
+
+  const fmBlock = fmMatch[1];
+  const body    = fmMatch[2];
+
+  // Extract description (may be multi-line with >)
+  const descMatch = fmBlock.match(/description:\s*>?\s*\n?([\s\S]*?)(?=\n\w|\n---|\s*$)/);
+  const descSimple = fmBlock.match(/description:\s*"?([^"\n]+)"?\s*$/m);
+  let description = '';
+  if (descMatch) {
+    description = descMatch[1].split('\n').map(l => l.trim()).filter(Boolean).join(' ');
+  } else if (descSimple) {
+    description = descSimple[1].trim();
+  }
+
+  // For OpenCode / Codex: rebuild frontmatter with only supported fields
+  const newFm = description ? `---\ndescription: ${description}\n---` : '---\n---';
+  return `${newFm}\n${body}`;
+}
+
 // ─── Hook Scripts ─────────────────────────────────────────────────────────────
 
 const HOOK_SCRIPTS = ['user-prompt.js', 'stop.js', 'post-tool-use.js', 'pre-tool-use.js', 'visualizer-hook.js'];
@@ -365,7 +415,7 @@ function installCapabilities(projectDir, cfg, full) {
 
 // ─── Commands (Skills) ────────────────────────────────────────────────────────
 
-function installCommands(projectDir, cfg) {
+function installCommands(projectDir, cfg, cliName) {
   const commandsDir = path.join(projectDir, cfg, 'commands');
   fs.mkdirSync(commandsDir, { recursive: true });
 
@@ -374,14 +424,19 @@ function installCommands(projectDir, cfg) {
     const dst = path.join(commandsDir, `${cmd}.md`);
     if (!fs.existsSync(src)) continue;
     if (!fs.existsSync(dst)) {
-      fs.copyFileSync(src, dst);
+      let content = fs.readFileSync(src, 'utf8');
+      content = substitutePaths(content, cfg);
+      content = adaptCommandContent(content, cliName || 'Claude Code');
+      fs.writeFileSync(dst, content);
       ok(`/${cmd} installed`);
     } else if (forceUpdate) {
       // --update: overwrite with latest template
-      const srcContent = fs.readFileSync(src, 'utf8');
+      let srcContent = fs.readFileSync(src, 'utf8');
+      srcContent = substitutePaths(srcContent, cfg);
+      srcContent = adaptCommandContent(srcContent, cliName || 'Claude Code');
       const dstContent = fs.readFileSync(dst, 'utf8');
       if (srcContent !== dstContent) {
-        fs.copyFileSync(src, dst);
+        fs.writeFileSync(dst, srcContent);
         ok(`/${cmd} updated (--update)`);
       }
     } else {
@@ -1273,7 +1328,7 @@ if (cli.cfg === '.claude') {
   installGlobalHooks(cli);
 }
 installCapabilities(projectDir, cli.cfg, fullInstall);
-installCommands(projectDir, cli.cfg);
+installCommands(projectDir, cli.cfg, cli.name);
 installSkills(projectDir, cli.cfg);
 installScripts(projectDir, cli.cfg);
 installVisualizer(projectDir, cli.cfg);
@@ -1401,4 +1456,6 @@ console.log('');
 console.log('  ─────────────────────────────────────────────');
 console.log('  all commands: /help  ·  docs: github.com/haytamAroui/AZ-CLAUDE-COPILOT');
 console.log('  upgrade:      npx azclaude-copilot@latest');
+console.log('  other CLI:    npx azclaude-copilot --cli opencode');
+console.log('                (claude, opencode, gemini, codex, cursor)');
 console.log('════════════════════════════════════════════════\n');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "azclaude-copilot",
-  "version": "0.7.5",
+  "version": "0.7.7",
   "description": "AI coding environment — 40 commands, 10 skills, 15 agents, real-time visualizer, memory, reflexes, evolution. Install: npx azclaude-copilot@latest, then open Claude Code.",
   "bin": {
     "azclaude": "bin/cli.js",

package/templates/agents/milestone-builder.md

@@ -60,6 +60,23 @@ Do NOT skip pre-reads. Context-blind implementation is the most common failure m
 
 ---
 
+### Step 1b: Web Research (if Team Spec says REQUIRED)
+
+Check your prompt for `## Web Research`. If it says `REQUIRED`:
+1. Run the search queries listed (WebSearch for best practices, common pitfalls)
+2. Fetch official docs if a URL is provided (WebFetch)
+3. Note findings that affect your implementation:
+   - Deprecated methods → use the replacement
+   - Breaking changes → adapt code to current API
+   - Common pitfalls → add to your anti-patterns for this milestone
+4. If a search reveals the Team Spec's approach is outdated → report to orchestrator before proceeding
+
+If `SKIP` or no Web Research section → proceed directly to Step 2.
+
+**Why:** Claude's training data is frozen. A 30-second web search prevents hours of debugging deprecated code.
+
+---
+
 ### Step 2: Implement
 
 If TDD active:

package/templates/agents/orchestrator.md

@@ -30,6 +30,7 @@ Read these files (skip if absent):
 - `.claude/memory/decisions.md` — prior architecture choices
 - `.claude/memory/patterns.md` — established conventions
 - `.claude/constitution.md` — non-negotiables and required patterns (if present)
+- `capabilities/shared/strategies.md` — load if plan.md has `strategy:` field (dispatch ordering)
 
 If no plan.md → run `/blueprint` first.
 If CLAUDE.md unfilled → run `/setup` with intent from copilot-intent.md first.
@@ -130,7 +131,20 @@ If any two candidates share a written file → dispatch the conflicting one sequ
 | Standard | Writes to unique files | Parallel with worktree isolation |
 
 **Max parallel agents:** 6 (default). Override with `max_parallel` in plan.md frontmatter.
-If ready milestones exceed max_parallel → dispatch highest-priority first, queue the rest.
+
+**Strategy-based dispatch ordering:**
+Check plan.md frontmatter for `strategy:` field (risk_first, value_first, simple_first, complex_first).
+If present → load `capabilities/shared/strategies.md`, score each ready milestone, sort descending.
+If absent → dispatch by milestone ID order (M2 before M3).
+
+```bash
+grep -m1 "^strategy:" .claude/plan.md 2>/dev/null || echo "no strategy"
+```
+
+Scoring uses each milestone's `Risk:`, `Value:`, and `Complexity:` fields from plan.md.
+If a milestone is missing an attribute, default: Risk=3, Value=3, Complexity=MEDIUM.
+
+If ready milestones exceed max_parallel → dispatch highest-scored first, queue the rest.
 
 - All done → SHIP
 - All remaining blocked → BLOCKER RECOVERY
@@ -239,6 +253,14 @@ Pre-conditions verified:
 Complexity: {SIMPLE|MEDIUM|COMPLEX}
 Fix attempts: {2 for SIMPLE/MEDIUM, 3 for COMPLEX}
 
+## Web Research (from Team Spec)
+{REQUIRED or SKIP}
+{If REQUIRED, include the search queries from the Team Spec:}
+- Search: "{technology} {version} best practices {year}"
+- Search: "{technology} common pitfalls {year}"
+- Fetch: {docs URL}
+Run these searches BEFORE writing any code. Include findings in your implementation decisions.
+
 Only read files NOT listed in Pre-loaded Context.
 When done, report: files changed + test status + new patterns/anti-patterns.
 ```

package/templates/agents/problem-architect.md

@@ -87,6 +87,19 @@ If milestone crosses 2+ agent boundaries → recommend sequential: agent-A first
   (e.g., GraphQL, Stripe, i18n, accessibility, ML pipeline), mark it as MISSING in the Team Spec.
   The orchestrator will use skill-creator to generate it before dispatch.
 
+**Web Research — classify this milestone:**
+Scan the milestone for external dependencies (imports, API calls, library usage):
+```bash
+# Check what the milestone's files import
+grep -r "import\|require\|from " src/ --include="*.ts" --include="*.py" --include="*.js" -l 2>/dev/null | head -10
+# Check package.json / requirements.txt for external deps
+cat package.json 2>/dev/null | grep -E '"dependencies"' -A 50 | head -30
+```
+- If milestone touches ANY external API, library, or framework → `Web Research: REQUIRED`
+- If milestone is pure internal code (no imports from node_modules, no API calls) → `Web Research: SKIP`
+- If milestone creates a new skill or agent for external technology → `Web Research: REQUIRED`
+- Include specific search queries the builder should run (technology + version + year)
+
 **Pre-Read Files:**
 - Schema files (if touching DB)
 - API specs (if touching endpoints)
@@ -136,6 +149,16 @@ Output this EXACT format — the orchestrator parses it:
 - {domain/technology}: needed because {reason} — use skill-creator to generate
   (omit this section if all needed skills are installed)
 
+### Web Research
+REQUIRED | SKIP
+If REQUIRED:
+- Search: "{technology} {version} best practices {year}"
+- Search: "{technology} common pitfalls {year}"
+- Fetch: {official docs URL if known}
+- Reason: {why this milestone needs current info — e.g. "uses Stripe webhook v2025 signatures"}
+If SKIP: reason = {pure internal code, no external dependencies}
+The milestone-builder runs these searches BEFORE writing code. Orchestrator includes this in the prompt.
+
 ### Pre-Read Files
 - {file-path}: for {specific context reason}
 

package/templates/capabilities/manifest.md

@@ -31,6 +31,7 @@ Load only the files that match the current task. Never load the full list.
 | shared/ultrathink.md | $ARGUMENTS contains --deep, or command needs extended thinking for complex analysis | ~80 |
 | shared/context-relay.md | About to spawn a subagent — pass pre-read files to eliminate redundant reads across agent boundaries | ~300 |
 | shared/toolchain-gate.md | /copilot dispatch, /parallel, agent verify, env-scan — stack detection, verify commands, toolchain bootstrap, 3-tier verification, log protocol | ~500 |
+| shared/strategies.md | /tasks --strategy flag, or orchestrator reading plan.md with strategy: field — milestone dispatch ordering within waves | ~120 |
 
 ## Level Builders — load ONE at a time
 | File | When to load | Tokens |

package/templates/capabilities/shared/plan-tracker.md

@@ -23,6 +23,8 @@ Every plan.md must follow this structure exactly. The copilot runner parses it.
 - Dirs: {top-level directories this milestone owns — e.g. src/auth/, tests/auth/}
 - Depends: {M-numbers this depends on, or "none"}
 - Parallel: {yes|no} — yes = safe to run alongside other same-wave milestones
+- Risk: {1-5} — failure cost (5 = highest risk, run first in risk_first strategy)
+- Value: {1-5} — business impact (5 = core feature, run first in value_first strategy)
 - Commit: {expected commit message}
 
 ### M2: {title}
@@ -32,6 +34,8 @@ Every plan.md must follow this structure exactly. The copilot runner parses it.
 - Dirs: src/users/, tests/users/
 - Depends: M1
 - Parallel: yes
+- Risk: {1-5}
+- Value: {1-5}
 - Commit: ...
 
 ## Summary
@@ -51,6 +55,8 @@ Waves: {N} (max parallel in one wave: {N})
 | `Files:` | Expected file paths to create/modify. Blueprint's estimate — problem-architect refines to `Files Written:`. |
 | `Parallel: yes` | Orchestrator may dispatch with worktree isolation alongside other Wave N milestones. |
 | `Parallel: no` | Reasons: touches shared config, schema change, or has runtime dep on sibling milestone. |
+| `Risk: 1-5` | Dispatch priority score. 5 = highest risk (fail fast in `risk_first` strategy). Default: 3. |
+| `Value: 1-5` | Business value score. 5 = highest value (ship first in `value_first` strategy). Default: 3. |
 
 ## Status Values
 

package/templates/capabilities/shared/strategies.md

@@ -0,0 +1,90 @@
+---
+name: dispatch-strategies
+description: >
+  Pluggable scoring strategies for milestone dispatch ordering within the same wave.
+  Load when: orchestrator reads plan.md with strategy: field set, or /tasks called with --strategy flag.
+  NOT loaded by default — only when strategy-based ranking is active.
+tokens: ~120
+---
+
+# Dispatch Strategies
+
+Milestones in the same wave have no dependency between them — they CAN run in any order.
+Strategies decide which order is BEST by scoring each milestone on its attributes.
+
+---
+
+## Milestone Attributes (scored by problem-architect or /blueprint)
+
+| Attribute | Scale | Meaning |
+|-----------|-------|---------|
+| `Risk: 1-5` | 1 = safe, 5 = likely to fail or cascade | Failure cost. Higher = more dangerous. |
+| `Value: 1-5` | 1 = nice-to-have, 5 = core feature | Business impact. Higher = more important. |
+| `Complexity:` | SIMPLE / MEDIUM / COMPLEX | Effort estimate. Maps to 1 / 2 / 3 for scoring. |
+
+If a milestone is missing an attribute, default: Risk=3, Value=3, Complexity=MEDIUM.
+
+---
+
+## Strategies
+
+### risk_first (default for /copilot)
+
+```
+score = Risk × 2 + Complexity_int
+```
+
+Dispatch highest score first. Surfaces dangerous milestones early — fail fast while there's still room to pivot. If M3 has Risk:5 and M4 has Risk:2, run M3 first.
+
+### value_first
+
+```
+score = Value × 2 + (6 - Risk)
+```
+
+Dispatch highest score first. Delivers the most impactful features early. Low-risk, high-value milestones rank highest — ship what matters.
+
+### simple_first
+
+```
+score = (4 - Complexity_int) × 2 + (6 - Risk)
+```
+
+Dispatch highest score first. Clears easy wins, builds momentum, unblocks dependents cheaply. Best for greenfield projects where early confidence matters.
+
+### complex_first
+
+```
+score = Complexity_int × 2 + Risk
+```
+
+Dispatch highest score first. Front-loads the hardest work while energy and context are fresh. Best for late-stage projects where derisking matters most.
+
+---
+
+## How to Set a Strategy
+
+**In plan.md frontmatter:**
+```markdown
+---
+strategy: risk_first
+---
+```
+
+**Via /tasks flag:**
+```
+/tasks --strategy value_first
+```
+
+**Orchestrator behavior:**
+- If plan.md has `strategy:` → use it for all wave dispatch ordering
+- If no `strategy:` field → no scoring, dispatch by milestone ID order (current default)
+- Strategy applies ONLY within a wave — cross-wave ordering is always dependency-driven
+
+---
+
+## Tie-Breaking
+
+When two milestones have the same score:
+1. Higher Risk breaks the tie (surface problems early)
+2. If still tied, lower milestone ID first (M2 before M3)

package/templates/commands/blueprint.md

@@ -414,6 +414,8 @@ When running inside `/copilot` (detected by: `.claude/copilot-intent.md` exists)
 - Each milestone = one logical unit of work (1-3 files, one commit)
 - Include `Depends:` for milestones that require prior work
 - Include `Files:` with expected paths
+- Include `Risk: 1-5` — failure cost (1=safe, 5=likely to fail or cascade). Score based on: touches shared state? new pattern? external dependency?
+- Include `Value: 1-5` — business impact (1=nice-to-have, 5=core feature). Score based on: user-facing? blocks other features? revenue impact?
 - Include `Commit:` with conventional commit format
 - Write `## Summary` with counts at the bottom
 

package/templates/commands/tasks.md

@@ -24,6 +24,19 @@ $ARGUMENTS
 
 ---
 
+## Strategy Detection
+
+If `$ARGUMENTS` contains `--strategy`:
+1. Strip `--strategy {name}` from arguments before processing
+2. Valid strategies: `risk_first`, `value_first`, `simple_first`, `complex_first`
+3. Load `capabilities/shared/strategies.md` for scoring formulas
+4. Apply strategy scoring in Step 4b (after wave grouping, before output)
+
+If no `--strategy` flag → check plan.md frontmatter for `strategy:` field.
+If neither → no scoring, display milestones in ID order within each wave (current default).
+
+---
+
 ## Step 1: Find the Source
 
 ```bash
@@ -87,6 +100,24 @@ Algorithm:
 
 ---
 
+## Step 4b: Strategy Scoring (if active)
+
+If a strategy was detected (from `--strategy` flag or plan.md `strategy:` field):
+
+For each pending milestone, read its `Risk:`, `Value:`, and `Complexity:` fields.
+Map Complexity to integer: SIMPLE=1, MEDIUM=2, COMPLEX=3. Default missing values: Risk=3, Value=3, Complexity=MEDIUM.
+
+Apply the scoring formula from `capabilities/shared/strategies.md`:
+- `risk_first`: score = Risk × 2 + Complexity_int
+- `value_first`: score = Value × 2 + (6 - Risk)
+- `simple_first`: score = (4 - Complexity_int) × 2 + (6 - Risk)
+- `complex_first`: score = Complexity_int × 2 + Risk
+
+Sort milestones within each wave by score (descending). Ties broken by higher Risk, then lower ID.
+Add a `Score: {N}` column to the output in Step 5.
+
+---
+
 ## Step 5: Output the Task Graph
 
 ```
@@ -96,13 +127,13 @@ Source: {file}
 Total tasks: {N}  |  Done: {N}  |  Pending: {N}  |  Blocked: {N}
 
 ── Wave 1 (can start now) ──────────────────────────────────────
-  ▶ M1  {title}                     [Files: src/auth/login.ts]
-  ▶ M2  {title}                     [Files: src/models/user.ts]
-  ▶ M3  {title}                     [Files: tests/auth/]
+  ▶ M1  {title}                     [Files: src/auth/login.ts]  {Score: N — if strategy active}
+  ▶ M2  {title}                     [Files: src/models/user.ts] {Score: N — if strategy active}
+  ▶ M3  {title}                     [Files: tests/auth/]        {Score: N — if strategy active}
 
 ── Wave 2 (after Wave 1) ───────────────────────────────────────
-  ▶ M4  {title}   ←depends M1       [Files: src/api/routes.ts]
-  ▶ M5  {title}   ←depends M2       [Files: src/services/]
+  ▶ M4  {title}   ←depends M1       [Files: src/api/routes.ts]  {Score: N}
+  ▶ M5  {title}   ←depends M2       [Files: src/services/]      {Score: N}
 
 ── Wave 3 (after Wave 2) ───────────────────────────────────────
   ▶ M6  {title}   ←depends M4,M5    [Files: src/app.ts]
@@ -126,10 +157,13 @@ Critical path length: {N waves minimum to complete}
 File collision pairs: {N pairs that cannot run simultaneously}
 DAG dispatch mode: merge-on-complete (agents unblock dependents immediately)
 
+Dispatch strategy: {strategy name or "none (ID order)"}
+
 Suggested dispatch order for /copilot:
   1. Foundation first (shared files: models, schemas) — sequential
   2. Launch all ready tasks simultaneously (DAG readiness, not wave number)
-  3. As each task completes → merge → check for newly-unblocked → dispatch immediately
+  3. Within each wave, dispatch by strategy score (highest first)
+  4. As each task completes → merge → check for newly-unblocked → dispatch immediately
 ```
 
 ---