baldart 4.24.0 → 4.24.2

package/CHANGELOG.md

@@ -5,6 +5,40 @@ All notable changes to BALDART will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.24.2] - 2026-06-10
+
+**`new2`: holistic logic review — deterministic owner_agent routing, a merge gate that no longer strands the batch, `deferralClass` end-to-end, and −N agent spawns per run.** A full logic review of `new2.js`/`new2-resolve.js`/`SKILL.md` against `/new`'s reference modules found four correctness defects and five sources of wasted spawns. The headline routing bug: the pre-flight's `ownerAgent` was passed RAW as `agentType` — the G25 "unknown→coder" rule lived only in the prompt, so any freeform value (`claude`, `backend`, a typo) was a PERMANENT spawn error → card `failed` → (combined with the merge-gate bug) the whole batch unmerged. **PATCH** (bug-fix/hardening of the EXPERIMENTAL `new2` surface only; **no `baldart.config.yml` key**, **no change to `/new`** — the schema-change propagation rule does not apply).
+
+### Fixed
+
+- **`new2.js` (A1) — deterministic owner_agent clamp in JS, not prompt.** After the pre-flight, `cardGraph[].ownerAgent` is clamped through the exact `/new` router table (`implement.md` §6b): `coder`/`ui-expert` pass through; `plan`/`visual-designer`/`motion-expert`/unknown/missing degrade to `coder`, each with a `[ROUTER]` ledger row (audit trail). The RAW value is kept for the security-relevance heuristic. Fixes the "wrong agent for the card" failure class at the code level.
+- **`new2.js` (A2) — the merge integrity gate matches its own comment.** `followup`/`blocked` cards (rolled back + tracked in the offline-safe residual ledger) no longer count as "incomplete": one failed card used to strand every committed card in an orphaned worktree with no resume path (the run wasn't `degraded`, so the skill never resumed). `failed` (crash) counts as complete ONLY when its cleanup verified the worktree clean.
+- **`new2.js` + `new2/SKILL.md` (A3) — `deferralClass` end-to-end (v4.24.1 covered only the review-blocks loop).** The ac-unmet loop now records WHY each deferral happened; `residuals[]` carry `deferralClass` and committed cards carry `deferredClasses[]`. The skill marks a deferred card DONE post-run ONLY when every class is `owner-gated`/`not-a-code-defect`/`policy-deferred-ac`; an `unresolved` class (an AC the workflow tried and failed to implement) keeps the card IN_PROGRESS and is surfaced explicitly — a genuinely unmet DoD can no longer be auto-DONE'd with a follow-up as a fig leaf (F-029).
+- **`new2.js` (A4) — crashed cards clean up after themselves.** `crashResult` now runs the rollback (whole-worktree scope — safe: all committed work lives in HEAD), so a crashed card's dirty files no longer poison the next card's E4 reconcile with a misleading `out-of-ownership` revert.
+- **`new2.js` (A5) — `${paths.backlog_dir}` instead of a hardcoded `backlog/*.yml`** in the epic-closure merge prompt (consumer portability).
+
+### Changed
+
+- **`new2.js` (B1) — per-card idempotency probe removed (−N Haiku spawns/run).** `cardGraph[].alreadyCommitted` is now probed once by the pre-flight (git-authoritative: commit in `trunk..HEAD` + validations green + no open follow-up); on a fresh worktree it costs nothing, and resume stays covered by the journal cache.
+- **`new2.js` (B2) — `security-reviewer` fan-out only when the card's files intersect `high_risk_modules`** (the bare `highRisk.length` fired it on every card of every project that configures the list); the owner-agent and brief-token triggers are unchanged.
+- **`new2.js` (B3) — review blocks and scope-expansion findings batched per kind+domain → ONE `resolve()` per group** via the existing `findings[]` contract (the same F-007 batching the final review already used). One-by-one routing was the dominant per-card cost driver (each resolve = fixer + judge + possible Tier-2 fan-out).
+- **`new2.js` (B4) — `executionMode`/`groups` removed from the pre-flight contract**: the DAG scheduler is strictly sequential (single worktree) and nothing ever read them; telemetry now reports the honest constant. Real parallelism is a future release, after A/B data.
+- **`new2.js` (B5/C) — dead code removed**: the never-populated `lessons` mechanism (every cardBrief promised batch lessons that were always `(none)`), the unreachable `resolve()` `'fatal'` branch (`new2-resolve` never returns it — v4.17.2 G1 rule), the always-empty per-card `telemetry` stub (per_card now reports `deferred`/`deferredClasses`/gate count), and the now-unused `batchFatal` flag.
+
+## [4.24.1] - 2026-06-10
+
+**`new2`: an owner-gated gate no longer destroys a completed card (silent work-loss → commit + defer).** A real `/new2` run on a schema-change card produced **zero output** despite 52 min of work: the card's only obstacle was an *owner-gated* step (`db:check-sync` needs an approved remote `db:push`). That step was correctly `policy-deferred` up front — but the **same** condition was *also* re-raised by a reviewer as a fresh `MIGRATION_NOT_DEPLOYED` blocker, which (via the review-block branch's `s !== 'resolved' → cardBlocked`) triggered `rollbackCard`'s `git clean -fd` and **erased the completed migration**. Compounding it: the `E4-file-diff` gate logged `AUTO-REVERTED` while reverting *nothing* (leaving the card's DoD-mandated ADR/ER-doc edits orphaned in the worktree — its MAY-EDIT map was narrower than the DoD), and the residual follow-up was written *inside the worktree* and marked `materialized:true` without disk proof, so it vanished when the batch didn't merge. Root cause confirmed via the gate ledger + on-disk state + two rounds of adversarial review (the obvious "E4 reverted it" diagnosis was **wrong** — E4 was a no-op; `rollbackCard` was the eraser). **PATCH** (bug-fix to the EXPERIMENTAL `new2` skill + its workflows; **no `baldart.config.yml` key** and **no change to shared `/new` prose** — the DONE-deferral is handled entirely inside `new2`'s own merge prompt + skill, so `/new` interactive is provably unaffected; the schema-change propagation rule does not apply).
+
+### Fixed
+
+- **`framework/.claude/workflows/new2.js` + `new2-resolve.js` — classification-based card-block (the primary fix, F-040).** `resolve()` now propagates a structured `deferralClass` from `new2-resolve`'s terminal-judge. A review-block that resolves to an **owner-gated / not-a-code-defect** deferral no longer sets `cardBlocked` → the card's *complete* code is committed (it is **not** rolled back); only a genuine unresolved **code** defect (or `out-of-ownership`/`baseline`/`outage`) still blocks + rolls back. A deliberately-broken migration (`db:reset` failing) is still classified code-defect → blocks, so this is not an over-match escape hatch.
+- **`new2.js` — `E4-file-diff` is honest.** The old `AUTO-REVERTED` log reverted nothing. The owner agent now reconciles out-of-ownership edits itself (per `implement.md §11b`) and reports `revertedOutOfOwnership`; the gate logs `REVERTED` / `FLAGGED` to match reality, and an unresolved violation becomes a tracked residual (never silent, never orphaned).
+- **`new2.js` pre-flight — ownership map ⊇ DoD (root cause of the E4 false positive).** A card's MAY-EDIT now = `files_likely_touched` ∪ paths **named explicitly** in its `acceptance_criteria`/`definition_of_done` (the ADR/data-model/ER doc a schema-change must touch), so editing a DoD-mandated doc is no longer a file-diff violation.
+- **`new2.js` + `new2/SKILL.md` — DONE deferred to the skill, gated on the follow-up existing on disk (closes the F-029 false-DONE the review surfaced).** A card carrying an open owner-gated/policy-deferred AC commits its code but stays **NON-DONE**; the merge agent is told to leave those cards non-DONE; the **skill** marks them DONE post-run **only after** verifying the deferral's follow-up exists on disk in the main repo (fail-loud otherwise — never DONE with a dropped requirement).
+- **`new2-resolve.js` + `new2/SKILL.md` — follow-ups are reliable.** Follow-up materialisation is best-effort inside the workflow (it rides the merge if the batch merges); the **skill is the SSOT**, verifying every residual against the **main-repo** disk and creating any missing follow-up there — so a non-merged batch never loses one. `materialized` is now advisory only.
+- **`new2.js` (Fix G) — AC-deferral dedup is text-drift-proof.** The policy-deferred-AC key is now scoped to the AC *number* (`acSig`), so a deferred AC is no longer re-routed to `resolve()` a second time when the pre-flight and implement agents word the AC text slightly differently.
+- **`new2/SKILL.md` — telemetry reconciled against disk.** Before recording, the skill verifies each `committed` card actually has a commit on trunk and never presents progress the disk does not show; adds `cards_deferred_done_pending` so the A/B record distinguishes "code landed" from "DONE".
+
 ## [4.24.0] - 2026-06-10
 
 **Atomic backlog-ID allocator — no FEAT/BUG collisions across parallel worktrees.** When several `/prd` (or `/new`/`new2` follow-up) sessions run in parallel on sibling worktrees, each branched from the same trunk, the old `max(^id: FEAT-) + 1` scan made them all land on the **same next integer**: the other session's card was in flight on an unmerged sibling branch, invisible to both the local backlog and the trunk merge-base — so two epics both became `FEAT-0024` and conflicted at rebase/merge. The `git fetch` + merge-base scan only ever covered *already-merged* IDs, never in-flight ones. A new allocator anchors a lock + per-prefix high-water mark in `$MAIN/.worktrees/` (the shared coordination point every worktree already reaches via `git rev-parse --git-common-dir`, gitignored like `registry.json`), so a reservation is atomic across every worktree **on the same machine**. The high-water mark bumped under the lock is the correctness anchor; `max()` against the real backlog + sibling-worktree backlogs + reservations log + trunk merge-base makes it **self-healing**. **MINOR** (additive capability on the `worktree-manager` skill; opt-in — callers fall back to the inline merge-base scan + `[ID-RACE-RISK]` note when the script is absent, so older installs and cross-machine cloud agents are unaffected. **No `baldart.config.yml` key** — the allocator reuses `paths.backlog_dir` + the gitignored `.worktrees/` convention, so the schema-change propagation rule does not apply).

package/VERSION

@@ -1 +1 @@
-4.24.0
+4.24.2

package/framework/.claude/skills/new2/SKILL.md

@@ -117,42 +117,64 @@ returns when the batch is done. It returns:
 
 - `report` — ready-to-show markdown batch summary.
 - `residuals` — the **OFFLINE-SAFE ledger of record**: every residual the workflow
-  could not finish, each `{ card, kind, evidence, materialized }`. A residual with
-  `materialized:false` has NO follow-up card on disk yet (e.g. the workflow hit an
-  outage where no agent could write the file). **You (the skill) must reconcile it.**
+  could not finish, each `{ card, kind, evidence, materialized }`. The `materialized`
+  flag is **advisory only** — `true` means the workflow *attempted* a write (possibly
+  into a worktree that never merged), not that a card exists on disk in the main repo.
+  **You (the skill) must reconcile EVERY residual against the main-repo disk** (Step 5.1).
 - `degraded` / `degradationReasons` — the batch stopped early under a sustained
   outage (or another degradation). The batch is NOT complete; it must be resumed.
 - `telemetry` — the Phase-8 record (`variant:"new2"`).
 
 ### Step 5 — Reconcile, resume, present, record
 
-1. **Materialise missing follow-ups (offline-safe — you have filesystem access, the
-   workflow does not).** For every `residuals[]` entry with `materialized:false`,
-   create a follow-up card `${paths.backlog_dir}/<card>-followup-<kind>.yml` (status:
-   TODO). **Delegate the write to the `prd-card-writer` agent** — the same owner the
-   workflow uses (card-template, Rule C `review_profile`, `owner_agent` routed to the
-   residual's domain, traceability) — derived from the residual (≥1 requirement;
-   `acceptance_criteria` = the verbatim residual; `files_likely_touched` from the card's
-   ownership). Do NOT hand-write a minimal stub — the offline path must match the
-   agent-path quality (F-039). It MUST pass the `/new` pre-flight field check. If
-   `prd-card-writer` itself is unavailable (total outage), fall back to a minimal valid
-   stub so the card still exists. This is the layer that guarantees **nothing is ever
-   dropped, even when every agent was dead** during the run.
-2. **Resume if degraded.** If `degraded` is true, re-invoke the workflow with
+1. **Materialise follow-ups in the MAIN repo — verify on disk, do NOT trust `materialized`
+   (F-040).** The workflow's agents run cd'd into the *worktree*, so any follow-up they wrote
+   may live in a worktree that was NOT merged (and is now gone) — `materialized:true` only means
+   "the workflow attempted a write", never proof on disk. So for **every** `residuals[]` entry
+   (regardless of the `materialized` flag), check whether a matching follow-up card actually exists
+   on disk under `${paths.backlog_dir}` in the **MAIN repo** (`<card>-followup-*.yml`). If it is
+   absent, create it by **delegating to the `prd-card-writer` agent** — the same owner the workflow
+   uses (card-template, Rule C `review_profile`, `owner_agent` routed to the residual's domain,
+   traceability) — derived from the residual (≥1 requirement; `acceptance_criteria` = the verbatim
+   residual; `files_likely_touched` from the card's ownership). Do NOT hand-write a minimal stub —
+   the offline path must match agent-path quality (F-039); it MUST pass the `/new` pre-flight field
+   check. If `prd-card-writer` is unavailable (total outage), fall back to a minimal valid stub. This
+   main-repo, **disk-verified** write is the SSOT — nothing is dropped even on a non-merged batch.
+2. **Mark deferred cards DONE — only after their follow-up exists AND every deferral class allows
+   it (F-040/H + A3).** Some committed cards were intentionally left **NON-DONE** because they carry
+   an open deferred AC: they are `perCardResults[]` entries with `deferred:true` plus a
+   `deferredClasses[]` array (also `cards_deferred_done_pending` in telemetry + the `F040-deferred`
+   ledger row). For each such card, **check the classes first**:
+   - **Every class ∈ {`owner-gated`, `not-a-code-defect`, `policy-deferred-ac`}** → the card's own
+     code is complete; the residual is an external/infra step. Now that step 1 guaranteed its
+     deferral's follow-up exists on disk in the main repo, set the card `status: DONE` +
+     `completed_date` + an implementation_note (`"DONE post-run (new2) — AC deferred to follow-up
+     <id>"`) in `${paths.backlog_dir}/<card>.yml`, and fold all of them into ONE reconciliation
+     commit in the MAIN repo.
+   - **ANY class ∈ {`unresolved`, `out-of-ownership`, `outage`} (or missing)** → the card's DoD is
+     genuinely NOT met (an AC the workflow tried and failed to implement). Leave it **IN_PROGRESS**
+     and surface it explicitly in the presentation: `"commit landed, DoD NON soddisfatta —
+     follow-up <id>"`. NEVER auto-DONE it — a follow-up tracks the gap, but DONE would lie (F-029).
+   **If a card's follow-up could NOT be created in step 1, leave it NON-DONE and surface it** —
+   fail-loud; NEVER mark a card DONE with a silently-dropped requirement (F-029).
+3. **Resume if degraded.** If `degraded` is true, re-invoke the workflow with
    `Workflow({ scriptPath, resumeFromRunId })` (same `args` + the new `ts`). The
    per-card **skip-completed** guard makes the resume idempotent — already-committed
    cards are skipped, only the incomplete/blocked ones run. Repeat until `degraded`
    is false (or the same cards stall twice → surface to the user).
-3. **Present.** Print `report` verbatim. Surface `residuals` prominently
+4. **Present.** Print `report` verbatim. Surface `residuals` prominently
    ("questi residui sono tracciati come follow-up: …") — the post-run review that
    replaced the ~25 mid-run questions. If `degraded`, say so plainly (the run was
    incomplete and resumed).
-4. **Record truthful telemetry.** Before appending `telemetry` to
-   `${metricsDir}/skill-runs.jsonl`, fill the fields the workflow could not compute:
-   `wall_clock_s` (now − kickoff `ts`) and `followups_on_disk` (count the actual
-   follow-up files on disk, NOT `residualFollowups.length` — which double-counts).
-   `total_tokens`/`agent_count` come from the workflow (`budget.spent()` delta +
-   spawn counter); if `total_tokens` is null, run the `/new` Phase-8 `-stats` script
-   to backfill real `usage`. Keep `degraded`/`degradation_reasons` in the record so
-   the A/B comparison can exclude or weight degraded runs. Do NOT re-summarise the
-   cards — the workflow already did.
+5. **Record truthful telemetry — reconciled against disk (F-040).** Before appending `telemetry`
+   to `${metricsDir}/skill-runs.jsonl`, fill the fields the workflow could not compute and
+   **reconcile the report against the real disk state** (agent `reason` strings can over-claim — a
+   residual may say "AC PASS / migration created" about a change a rollback later erased). Verify:
+   every `perCardResults` entry marked `committed` actually has a commit in `${trunk}`
+   (`git -C $MAIN log --oneline ${trunk} | grep <card>`); annotate any divergence and never present
+   progress the disk does not show. Then fill `wall_clock_s` (now − kickoff `ts`) and
+   `followups_on_disk` (count the actual follow-up files on disk in the main repo, NOT
+   `residualFollowups.length` — which double-counts). `total_tokens`/`agent_count` come from the
+   workflow; if `total_tokens` is null, run the `/new` Phase-8 `-stats` script to backfill real
+   `usage`. Keep `degraded`/`degradation_reasons` + `cards_deferred_done_pending` in the record so
+   the A/B comparison stays honest. Do NOT re-summarise the cards — the workflow already did.

package/framework/.claude/workflows/new2-resolve.js

@@ -153,12 +153,12 @@ if (kind === 'scope-expansion') {
         `If INTEGRATE: apply (you are ${fixerAgent}), re-run lint+tsc, return applied:true verified:true. If FOLLOW-UP: applied:false verified:false note:'needs-followup: <why>'.`,
       { label: `resolve:scope:${card}`, phase: 'Repair', agentType: fixerAgent, schema: FIX_SCHEMA }
     )
-  } catch (e) { if (e && e.transientExhausted) return { status: 'followup', reason: 'outage during scope-expansion', outOfScopeFindings: [] }; throw e }
+  } catch (e) { if (e && e.transientExhausted) return { status: 'followup', reason: 'outage during scope-expansion', deferralClass: 'outage', outOfScopeFindings: [] }; throw e }
   if (decide && decide.verified) {
     const ok = await judgeVerify([{ i: 1, r: decide }])
     if (ok.ok) { log('scope-expansion integrated within ownership.'); return { status: 'resolved', outOfScopeFindings: collectOOS(decide) } }
   }
-  return await materialiseFollowup('scope-expansion', (decide && decide.note) || 'outside ownership / new AC / protected', collectOOS(decide))
+  return await materialiseFollowup('scope-expansion', (decide && decide.note) || 'outside ownership / new AC / protected', collectOOS(decide), 'scope-expansion')
 }
 
 // ───────────────────────────────────────────────────────────────────────────
@@ -179,7 +179,7 @@ try {
     `Tier-1 targeted repair for card ${card} (${kind}).\n\n${brief}\n\n${gateHint}\n\nApply the minimal correct fix within MAY-EDIT only. Re-run the originating gate and report verified honestly (never claim verified without re-running it).`,
     { label: `resolve:${kind}:${card}`, phase: 'Repair', agentType: fixerAgent, schema: FIX_SCHEMA }
   )
-} catch (e) { if (e && e.transientExhausted) return { status: 'followup', reason: 'outage during tier-1', outOfScopeFindings: [] }; throw e }
+} catch (e) { if (e && e.transientExhausted) return { status: 'followup', reason: 'outage during tier-1', deferralClass: 'outage', outOfScopeFindings: [] }; throw e }
 
 // F-008 — terminal short-circuit, verified not trusted.
 if (attempt && attempt.terminal) {
@@ -197,7 +197,7 @@ if (attempt && attempt.terminal) {
       confirmed = !!(tj && tj.confirmed)
     } catch (_) { confirmed = false }
   }
-  if (confirmed) { log(`${kind} terminal (${tr}) — short-circuit to follow-up.`); return await materialiseFollowup(kind, `terminal: ${tr} — ${attempt.note || ''}`, collectOOS(attempt)) }
+  if (confirmed) { log(`${kind} terminal (${tr}) — short-circuit to follow-up.`); return await materialiseFollowup(kind, `terminal: ${tr} — ${attempt.note || ''}`, collectOOS(attempt), tr || 'unresolved') }
   log(`terminal verdict (${tr}) rejected — proceeding to multi-attempt.`)
 }
 
@@ -242,7 +242,7 @@ if (canFanOut && !protectedDomain) {
   log('budget near target — skipping tier-2 fan-out.')
 }
 
-return await materialiseFollowup(kind, (attempt && attempt.note) || 'unresolved after repair tiers', collectOOS(attempt).concat(tier2OOS))
+return await materialiseFollowup(kind, (attempt && attempt.note) || 'unresolved after repair tiers', collectOOS(attempt).concat(tier2OOS), 'unresolved')
 
 // ───────────────────────────────────────────────────────────────────────────
 // F-015/F-033 — mandatory adversarial judge + deterministic JS cross-check.
@@ -266,11 +266,20 @@ async function judgeVerify(verifiedAttempts) {
   return { ok: true, best: judge.best }
 }
 
-async function materialiseFollowup(k, reason, oos) {
+// F-040 — `deferralClass` (4th arg) classifies WHY this became a follow-up so new2.js can
+// decide whether the CARD should still commit. owner-gated / not-a-code-defect → the card's
+// own code is complete; the residual is an external step (do NOT roll the card back). Anything
+// else (unresolved code defect, out-of-ownership, baseline) → genuine block → rollback as before.
+// The classifier flows back through resolve() in new2.js; never write it into the worktree.
+async function materialiseFollowup(k, reason, oos, deferralClass) {
+  const cls = deferralClass || 'unresolved'
   let r = null
   try {
     // F-039 — backlog cards are owned by prd-card-writer (card-template + Rule C
     // review_profile + owner_agent + traceability), NOT a hand-written Haiku stub.
+    // F-040 — the workflow agent runs cd'd into the worktree, so this write is BEST-EFFORT
+    // (it rides the merge if the batch merges). The SKILL is the SSOT: it verifies/creates the
+    // card in the MAIN repo post-run, so a non-merged batch never loses the follow-up.
     r = await agentSafe(
       `Create ONE follow-up backlog card so this residual is TRACKED, not dropped (per ${REF}/completeness.md Phase 2.5b option 3). You are prd-card-writer: apply your card-template, Rule C (review_profile), owner_agent routing, and traceability rules — do NOT emit a minimal stub.\n\n${brief}\nKind: ${k}\nResidual domain: ${domain}\nReason unresolved: ${reason}\n\n` +
         `Write ${backlogDir}/${card}-followup-<gate>.yml with status: TODO, derived from the residual: requirements + acceptance_criteria (the verbatim residual as ≥1 AC), owner_agent routed to the residual domain (${domain}), review_profile per Rule C, files_likely_touched ≥1 from the card ownership / remedy files. It MUST pass the /new pre-flight field check. Return the created card id.`,
@@ -280,9 +289,9 @@ async function materialiseFollowup(k, reason, oos) {
     // F-020 — could not materialise (e.g. outage): return WITHOUT a followupCard so the
     // SKILL writes it from the offline-safe residual ledger. Never claim it was created.
     log(`follow-up materialisation failed (${String(e && e.message)}) — skill will reconcile.`)
-    return { status: 'followup', followupCard: null, reason, outOfScopeFindings: oos || [] }
+    return { status: 'followup', followupCard: null, reason, deferralClass: cls, outOfScopeFindings: oos || [] }
   }
   const followupCard = (r && r.created && r.followupCard) ? r.followupCard : null
   log(`${k} → follow-up ${followupCard || '(deferred to skill)'} (nothing dropped).`)
-  return { status: 'followup', followupCard, reason, outOfScopeFindings: oos || [] }
+  return { status: 'followup', followupCard, reason, deferralClass: cls, outOfScopeFindings: oos || [] }
 }

package/framework/.claude/workflows/new2.js

@@ -27,6 +27,10 @@ export const meta = {
 //   { report, perCardResults, gateLedger, residualFollowups, telemetry, degraded, degradationReasons, residuals }
 //   `residuals` (materialized:false) is the OFFLINE-SAFE ledger of record — the skill writes
 //   any missing follow-up YAML and, if `degraded`, resumes via Workflow({scriptPath,resumeFromRunId}).
+//   A3 — residuals[] entries carry `deferralClass` and committed perCardResults[] carry
+//   `deferred` + `deferredClasses[]`: the skill marks a deferred card DONE post-run ONLY when
+//   every class is owner-gated / not-a-code-defect / policy-deferred-ac (an 'unresolved' class
+//   = DoD genuinely unmet → the card stays IN_PROGRESS and is surfaced).
 // ───────────────────────────────────────────────────────────────────────────
 
 // F-001/F-004 — tolerate args delivered as a JSON string (parse-or-default).
@@ -53,7 +57,6 @@ const gateLedger = []        // { card, gate, decision, detail }
 const residualFollowups = [] // { card, kind, followupCard, reason }
 const residuals = []         // F-020 OFFLINE-SAFE ledger: { card, kind, evidence, materialized }
 const perCardResults = []
-let batchFatal = false
 let prodReadiness = null
 let degraded = false
 const degradationReasons = []
@@ -70,6 +73,11 @@ function sig(card, gate, evidence) {
   const e = String(evidence || '').toLowerCase().replace(/\s+/g, ' ').replace(/[0-9a-f]{7,40}/g, '#').trim().slice(0, 160)
   return `${card}::${String(gate || '').toLowerCase()}::${e}`
 }
+// F-040 (Fix G) — AC-deferral key on AC NUMBER ONLY. The full-text sig() drifted between the
+// pre-flight policyDeferredACs[].text and the implement agent's unmetACs[].text, so a policy-
+// deferred AC got re-routed to resolve() a second time (the migration-card double-routing). This
+// coarse key is scoped to ac-defer so it never collides with a freeform 'blocker' finding.
+function acSig(card, n) { return `${card}::ac-defer::ac-${String(n)}` }
 
 function ledger(card, gate, decision, detail) {
   gateLedger.push({ card, gate, decision, detail: detail || '' })
@@ -112,7 +120,7 @@ if (!cardIds.length) {
 // ───────────────────────────────────────────────────────────────────────────
 const PREFLIGHT_SCHEMA = {
   type: 'object',
-  required: ['ok', 'worktreePath', 'branch', 'baseline', 'executionMode', 'cards', 'cardGraph'],
+  required: ['ok', 'worktreePath', 'branch', 'baseline', 'cards', 'cardGraph'],
   additionalProperties: false,
   properties: {
     ok: { type: 'boolean' },
@@ -121,8 +129,9 @@ const PREFLIGHT_SCHEMA = {
     port: { type: ['number', 'string'] },
     baseline: { enum: ['pass', 'fail'] },
     baselineLog: { type: 'string' },
-    executionMode: { enum: ['sequential', 'team'] },
-    groups: { type: 'array', items: { type: 'object', additionalProperties: true } },
+    // B4 — executionMode/groups removed: the DAG scheduler is strictly sequential (single
+    // worktree); computing team-mode groups was pre-flight work nobody read. Real parallelism
+    // is a future release, after A/B data.
     cards: { type: 'array', items: { type: 'string' }, description: 'card ids cleared to run' },
     // F-021/F-024/F-025/F-016 — the dependency graph + per-card routing facts (the
     // script cannot read YAML; the pre-flight agent supplies these).
@@ -135,6 +144,10 @@ const PREFLIGHT_SCHEMA = {
           dependsOn: { type: 'array', items: { type: 'string' }, description: 'IN-BATCH deps only' },
           ownerAgent: { type: 'string', description: 'coder|ui-expert|visual-designer|motion-expert (G25: unknown→coder)' },
           reviewProfile: { enum: ['skip', 'light', 'balanced', 'deep'] },
+          // B1/F-026 — git-authoritative idempotency, probed ONCE here instead of one Haiku
+          // spawn per card in runCard (always false on a fresh run).
+          alreadyCommitted: { type: 'boolean', description: 'commit referencing the card exists in trunk..HEAD of the worktree AND validation re-runs green AND no open follow-up' },
+          alreadyCommittedSha: { type: 'string' },
           // F-016 — ACs whose only implementation file is outside the card MAY-EDIT,
           // pre-classified deferred-by-policy (never routed to resolve).
           policyDeferredACs: { type: 'array', items: { type: 'object', additionalProperties: true } },
@@ -163,6 +176,7 @@ const MERGE_SCHEMA = {
     mergeTs: { type: 'string' },
     reconciliation: { type: 'string' },
     forcedDone: { type: 'array', items: { type: 'string' }, description: 'MUST be empty — false-DONE is forbidden (F-029)' },
+    deferredLeftOpen: { type: 'array', items: { type: 'string' }, description: 'F-040 — committed cards left NON-DONE (open owner-gated AC); the skill marks them DONE post-run' },
     epicsClosed: { type: 'array', items: { type: 'string' }, description: 'Epic/parent cards marked DONE by Phase 6b step 5e (all children DONE) — NOT a forcedDone violation' },
     uncommittedLeft: { type: 'boolean', description: 'true if dirty code was left (NOT committed) + reported (F-030)' },
     note: { type: 'string' },
@@ -206,9 +220,10 @@ try {
       g3Bullet +
       `• G4 card-field validation (setup.md 1b/1c): card missing requirements/acceptance_criteria/files_likely_touched → EXCLUDE (excluded[] + reason). Never HALT for one bad card.\n` +
       `• G5 depends-on: a card whose depends_on names a non-DONE card NOT in this batch → EXCLUDE it AND every in-batch card that transitively depends on it.\n` +
-      `• cardGraph (REQUIRED, F-021): for every runnable card return { id, dependsOn:[IN-BATCH deps only], ownerAgent (the card's owner_agent; G25 unknown→'coder'), reviewProfile (the card's review_profile; default 'balanced'), policyDeferredACs }.\n` +
+      `• cardGraph (REQUIRED, F-021): for every runnable card return { id, dependsOn:[IN-BATCH deps only], ownerAgent (the card's owner_agent; G25 unknown→'coder'), reviewProfile (the card's review_profile; default 'balanced'), policyDeferredACs, alreadyCommitted, alreadyCommittedSha }.\n` +
+      `• B1/F-026 idempotency (per card, AFTER the worktree exists): set alreadyCommitted:true (+ alreadyCommittedSha) IFF ALL hold: (a) a commit referencing the card id exists in ${TRUNK}..HEAD of the worktree; (b) the card's validation_commands re-run GREEN right now; (c) NO open follow-up card for it exists in ${paths.backlog_dir || 'backlog'}. On a FRESH worktree ${TRUNK}..HEAD is empty → all false, zero extra work.\n` +
       `• F-016 AC↔ownership consistency: for each acceptance_criterion, derive the file(s) it requires editing. If those files are NOT a subset of the card's MAY-EDIT/files_likely_touched → add the AC to policyDeferredACs:[{n,text,owningCard|owningFile,reason}] (it will become ONE follow-up, never a resolve). Do the same for any AC whose remedy is an owner-gated infra action (remote db push / deploy / secret / DNS).\n` +
-      `• Complexity (setup.md 3c): decide executionMode sequential|team (+ groups for team). Build the file-ownership map → /tmp; return ownershipMapPath.\n` +
+      `• Ownership (setup.md 3c): build the file-ownership map → /tmp; return ownershipMapPath. F-040: each card's MAY-EDIT = files_likely_touched ∪ every path NAMED EXPLICITLY in that card's acceptance_criteria/definition_of_done (an ADR the DoD says to update, the data-model / ER doc for a schema-change, etc.) — so editing a DoD-mandated doc is NOT a file-diff violation. Do NOT add another card's files this way.\n` +
       `• Persist per-card architecture baselines to /tmp/arch-baseline-<CARD>.md; return archBaselinePaths.\n\n` +
       `Return the structured PREFLIGHT object. ok:false ONLY if the workspace is unworkable.`,
     { label: 'preflight', phase: 'Pre-flight', agentType: 'general-purpose', schema: PREFLIGHT_SCHEMA }
@@ -234,6 +249,20 @@ const runnableCards = preflight.cards || []
 const cardGraph = preflight.cardGraph || []
 const graphById = {}
 for (const n of cardGraph) graphById[n.id] = n
+
+// A1/G25 — deterministic owner_agent clamp, in JS not prompt. An invalid agentType is a
+// PERMANENT spawn error (→ crashResult → card 'failed'), so the /new router table
+// (implement.md §6b) must be a code-level guarantee: plan/visual-designer/motion-expert
+// degrade to coder (their briefing variant is not implemented — same as /new), anything
+// unknown/missing → coder. The RAW value is kept for the security-relevance heuristic.
+const OWNER_SPAWN = { coder: 'coder', 'ui-expert': 'ui-expert' }
+for (const n of cardGraph) {
+  const raw = String(n.ownerAgent || '').trim()
+  const spawn = OWNER_SPAWN[raw.toLowerCase()] || 'coder'
+  n.ownerAgentRaw = raw
+  n.ownerAgent = spawn
+  ledger(n.id, 'router', spawn === raw ? 'OK' : 'CLAMPED', `owner_agent='${raw || '(missing)'}' → spawn=${spawn}`)
+}
 const sharedCtx = {
   worktreePath: preflight.worktreePath,
   branch: preflight.branch,
@@ -247,8 +276,10 @@ const sharedCtx = {
 // F-016/F-010 — materialise ONE follow-up per policy-deferred AC up front; never resolve.
 for (const n of cardGraph) {
   for (const ac of (n.policyDeferredACs || [])) {
-    residuals.push({ card: n.id, kind: 'policy-deferred-ac', evidence: `AC-${ac.n}: ${ac.text} (${ac.reason || 'out-of-ownership / owner-gated'})`, materialized: false })
+    residuals.push({ card: n.id, kind: 'policy-deferred-ac', evidence: `AC-${ac.n}: ${ac.text} (${ac.reason || 'out-of-ownership / owner-gated'})`, materialized: false, deferralClass: 'policy-deferred-ac' })
     acceptedDeferrals.add(sig(n.id, 'ac-unmet', `AC-${ac.n}: ${ac.text}`))
+    acceptedDeferrals.add(acSig(n.id, ac.n)) // F-040 (Fix G) — text-drift-proof AC key
+
     ledger(n.id, 'F016-policy-defer', 'DEFERRED-BY-POLICY', `AC-${ac.n} → follow-up (owner: ${ac.owningCard || ac.owningFile || '?'})`)
   }
 }
@@ -274,11 +305,15 @@ function domainMayEdit(dom, codeScope) {
   return docPaths.length ? docPaths : codeScope // doc-only ownership; fall back to code scope if no doc paths configured
 }
 
+// F-040 — returns { status:'resolved'|'followup'|'fatal', deferralClass }. deferralClass tells
+// the caller WHY a followup happened: 'owner-gated'/'not-a-code-defect' → the card's own code is
+// complete (external/infra step remains) → caller must NOT roll the card back; anything else
+// ('unresolved'/'out-of-ownership'/'baseline-not-reached'/'outage') → genuine block → rollback.
 async function resolve(kind, card, evidence, extra) {
   const s = sig(card, kind, evidence)
   if (resolvedSignatures.has(s) || acceptedDeferrals.has(s)) {
     ledger(card, 'resolve:' + kind, 'DEDUP-SKIP', 'already resolved/deferred this run')
-    return 'resolved'
+    return { status: 'resolved', deferralClass: null }
   }
   resolvedSignatures.add(s)
   const dom = (extra && extra.domain) || 'code'
@@ -295,22 +330,25 @@ async function resolve(kind, card, evidence, extra) {
     })
   } catch (e) {
     if (e && (e.transientExhausted || isTransient(e))) noteDegraded('outage')
-    res = { status: 'followup', reason: 'resolve workflow error: ' + String(e && e.message) }
+    res = { status: 'followup', reason: 'resolve workflow error: ' + String(e && e.message), deferralClass: 'outage' }
   }
+  // C — the 'fatal' branch was removed: new2-resolve never returns it (unreachable dead code,
+  // same rule as v4.17.2 G1).
   const status = (res && res.status) || 'followup'
-  if (status === 'fatal') { batchFatal = true; ledger(card, 'resolve:' + kind, 'FATAL', (res && res.reason) || ''); return status }
+  const deferralClass = (res && res.deferralClass) || null
   if (status === 'followup') {
     acceptedDeferrals.add(s) // F-028 — a deferred residual must not be re-routed by a later gate.
     const fc = (res && res.followupCard) || null
     residualFollowups.push({ card, kind, followupCard: fc || '(pending)', reason: (res && res.reason) || '' })
-    residuals.push({ card, kind, evidence, materialized: !!fc })
+    // A3 — deferralClass rides the residual so the skill can gate DONE-reconciliation on it.
+    residuals.push({ card, kind, evidence, materialized: !!fc, deferralClass })
   }
   // F-022 — route out-of-scope findings the resolve surfaced.
   for (const osf of (res && res.outOfScopeFindings) || []) {
     residuals.push({ card, kind: 'out-of-scope', evidence: `${osf.file || ''}:${osf.line || ''} ${osf.evidence || ''}`, materialized: false })
   }
   ledger(card, 'resolve:' + kind, status, (res && (res.followupCard || res.reason)) || '')
-  return status
+  return { status, deferralClass }
 }
 
 // ───────────────────────────────────────────────────────────────────────────
@@ -321,39 +359,47 @@ async function resolve(kind, card, evidence, extra) {
 async function rollbackCard(cardId, mayEdit) {
   // F-018 — restore the card's files to HEAD so a failed card never poisons the next.
   // Safe at file granularity because the DAG guarantees all deps are already committed
-  // (HEAD contains their work); this removes only THIS card's uncommitted changes.
+  // (HEAD contains their work); this removes only THIS card's uncommitted changes. With an
+  // empty mayEdit (A4 crash path: ownership unknown) the scope is the whole worktree — still
+  // safe for the same reason: everything good is in HEAD, only the crashed card is dirty.
+  // Returns true when the cleanup VERIFIED clean (A2 uses this to un-strand the merge gate).
+  const scope = (mayEdit || []).map((p) => `'${p}'`).join(' ') || '.'
   try {
-    await agentSafe(
-      `In the worktree ${sharedCtx.worktreePath}, restore the working tree to a CLEAN state for a FAILED card: \`git restore --source=HEAD --worktree --staged -- ${(mayEdit || []).map((p) => `'${p}'`).join(' ') || '.'}\` then \`git clean -fd\` ONLY within the card MAY-EDIT paths. Do NOT touch other cards' committed work. Confirm \`git status --porcelain\` is empty for those paths.`,
+    const r = await agentSafe(
+      `In the worktree ${sharedCtx.worktreePath}, restore the working tree to a CLEAN state for a FAILED card: \`git restore --source=HEAD --worktree --staged -- ${scope}\` then \`git clean -fd ${scope === '.' ? '' : '-- ' + scope}\` (with scope '.' this cleans the whole worktree — safe: all committed work lives in HEAD). Do NOT touch other cards' committed work. Confirm \`git status --porcelain\` is empty for the scope.`,
       { label: `rollback:${cardId}`, phase: 'Implement', agentType: 'general-purpose', model: 'haiku',
         schema: { type: 'object', required: ['clean'], additionalProperties: true, properties: { clean: { type: 'boolean' }, note: { type: 'string' } } } }
     )
-  } catch (_) { /* best-effort; OUTAGE path already flagged by caller */ }
+    return !!(r && r.clean)
+  } catch (_) { return false /* best-effort; OUTAGE path already flagged by caller */ }
 }
 
-async function runCard(cardId, cardPath, lessons) {
+async function runCard(cardId, cardPath) {
   const gates = []
-  const tele = {}
   const node = graphById[cardId] || {}
   const ownerAgent = node.ownerAgent || 'coder'
   const reviewProfile = node.reviewProfile || 'balanced'
+  // F-040/H — a card carrying an open owner-gated/policy-deferred AC commits its code but stays
+  // NON-DONE; the SKILL marks it DONE post-run only after the deferral's follow-up exists on disk
+  // in the main repo. Seeded from the pre-flight policy-deferred ACs; set by any owner-gated review
+  // deferral or unmet-AC follow-up below.
+  // A3 — deferredClasses records WHY each deferral happened. The skill marks the card DONE
+  // post-run ONLY if every class is owner-gated/not-a-code-defect/policy-deferred-ac; a class
+  // like 'unresolved' (a genuinely unimplemented AC) keeps the card IN_PROGRESS — never auto-DONE.
+  let deferredOpen = ((node.policyDeferredACs) || []).length > 0
+  const deferredClasses = new Set(deferredOpen ? ['policy-deferred-ac'] : [])
   function g(name, decision, detail) { gates.push({ gate: name, decision, detail: detail || '' }); ledger(cardId, name, decision, detail) }
 
-  // F-026 — skip-completed: only if committed AND gates green for that sha AND no open follow-up.
-  // Keyed on the receipt, NOT the (unreliable) DONE flag.
-  try {
-    const probe = await agentSafe(
-      `Idempotency probe for card ${cardId} in worktree ${sharedCtx.worktreePath}. Return done:true ONLY if ALL hold: (a) a commit referencing ${cardId} exists in ${TRUNK}..HEAD; (b) the card's validation_commands re-run GREEN right now (tsc/lint/card greps); (c) NO open follow-up card for ${cardId} exists in ${paths.backlog_dir || 'backlog'}. Otherwise done:false. Do not edit anything.`,
-      { label: `probe:${cardId}`, phase: 'Implement', agentType: 'general-purpose', model: 'haiku',
-        schema: { type: 'object', required: ['done'], additionalProperties: true, properties: { done: { type: 'boolean' }, commit: { type: 'string' }, note: { type: 'string' } } } }
-    )
-    if (probe && probe.done) {
-      g('skip-completed', 'CACHED', probe.commit || 'already committed + green')
-      return { card: cardId, status: 'committed', commit: probe.commit || '-', filesChanged: [], scopeFiles: [], archBaselinePath: `/tmp/arch-baseline-${cardId}.md`, gates, telemetry: tele }
-    }
-  } catch (e) { if (e && e.transientExhausted) { noteDegraded('outage'); return { card: cardId, status: 'pending', gates, telemetry: tele } } }
+  // F-026/B1 — skip-completed from the PRE-FLIGHT's git-authoritative probe (cardGraph[].
+  // alreadyCommitted), not a per-card agent spawn: on a fresh run the old Haiku probe was N
+  // guaranteed-false spawns, and on resume the journal cache already covers it. Keyed on the
+  // receipt (commit in TRUNK..HEAD + green + no open follow-up), NOT the unreliable DONE flag.
+  if (node.alreadyCommitted) {
+    g('skip-completed', 'CACHED', node.alreadyCommittedSha || 'pre-flight: commit in trunk..HEAD + green + no open follow-up')
+    return { card: cardId, status: 'committed', commit: node.alreadyCommittedSha || '-', filesChanged: [], scopeFiles: [], archBaselinePath: `/tmp/arch-baseline-${cardId}.md`, gates }
+  }
 
-  const cardBrief = `${projectBrief}\n\nCard: ${cardId}\nCard YAML: ${cardPath}\nOwner agent: ${ownerAgent} · Review profile: ${reviewProfile}\nWorktree: ${sharedCtx.worktreePath} (cd into it)\nFile-ownership map: ${sharedCtx.ownershipMapPath}\nBatch lessons so far: ${lessons.length ? lessons.join(' | ') : '(none)'}\nArch baseline (write to /tmp/arch-baseline-${cardId}.md): reuse if present.\nNOTE: ACs already pre-classified as policy-deferred MUST NOT be implemented or routed — they are tracked as follow-ups.`
+  const cardBrief = `${projectBrief}\n\nCard: ${cardId}\nCard YAML: ${cardPath}\nOwner agent: ${ownerAgent} · Review profile: ${reviewProfile}\nWorktree: ${sharedCtx.worktreePath} (cd into it)\nFile-ownership map: ${sharedCtx.ownershipMapPath}\nArch baseline (write to /tmp/arch-baseline-${cardId}.md): reuse if present.\nNOTE: ACs already pre-classified as policy-deferred MUST NOT be implemented or routed — they are tracked as follow-ups.`
 
   // --- Phase 1+2: dispatch the card's OWNER_AGENT (F-024), not general-purpose. ---
   let impl
@@ -361,40 +407,55 @@ async function runCard(cardId, cardPath, lessons) {
     impl = await agentSafe(
       `Implement card ${cardId} per ${REF}/implement.md (Phase 1 claim+architect+plan-auditor, Phase 2 you ARE the owner_agent '${ownerAgent}') and ${REF}/completeness.md (Phase 2.5 + 2.5b AC-closure ledger). Run all gates/bash yourself.\n\n${cardBrief}\n\n` +
         `POLICIES: G26 Phase-2 lint/tsc/test/build failing after the module's retry cap → buildBlocked:true + blockedGate. Build the AC Closure Ledger (one row per AC: implemented|unmet|policy-deferred). DO NOT silently defer; report unmet rows (excluding policy-deferred). Persist arch baseline to /tmp/arch-baseline-${cardId}.md and the diff to /tmp/diff-${cardId}.txt.\n\n` +
-        `Return: { epic, buildBlocked, blockedGate, unmetACs:[{n,text}], scopeFiles, mayEditPaths, fileDiffViolation, note }`,
+        `E4 OWNERSHIP RECONCILE (implement.md §11b — do this BEFORE returning): the card's MAY-EDIT includes files_likely_touched ∪ paths NAMED EXPLICITLY in this card's acceptance_criteria/definition_of_done (e.g. an ADR the DoD says to update, the data-model / ER doc for a schema change). Editing THOSE is in-scope. For any OTHER dirty file outside MAY-EDIT (another card's file, or unrelated): \`git checkout -- <file>\` to revert it (NEVER leave it orphaned), list it in revertedOutOfOwnership. Set fileDiffViolation:true ONLY if such an edit genuinely could not be reverted (then say why in note) — it is no longer a silent label.\n\n` +
+        `Return: { epic, buildBlocked, blockedGate, unmetACs:[{n,text}], scopeFiles, mayEditPaths, revertedOutOfOwnership:[paths], fileDiffViolation, note }`,
       { label: `implement:${cardId}`, phase: 'Implement', agentType: ownerAgent,
         schema: { type: 'object', required: ['epic', 'buildBlocked', 'unmetACs', 'scopeFiles'], additionalProperties: true,
-          properties: { epic: { type: 'boolean' }, buildBlocked: { type: 'boolean' }, blockedGate: { type: 'string' }, unmetACs: { type: 'array', items: { type: 'object', additionalProperties: true } }, scopeFiles: { type: 'array', items: { type: 'string' } }, mayEditPaths: { type: 'array', items: { type: 'string' } }, fileDiffViolation: { type: 'boolean' }, note: { type: 'string' } } } }
+          properties: { epic: { type: 'boolean' }, buildBlocked: { type: 'boolean' }, blockedGate: { type: 'string' }, unmetACs: { type: 'array', items: { type: 'object', additionalProperties: true } }, scopeFiles: { type: 'array', items: { type: 'string' } }, mayEditPaths: { type: 'array', items: { type: 'string' } }, revertedOutOfOwnership: { type: 'array', items: { type: 'string' } }, fileDiffViolation: { type: 'boolean' }, note: { type: 'string' } } } }
     )
   } catch (e) {
-    if (e && e.transientExhausted) { noteDegraded('outage'); return { card: cardId, status: 'pending', gates, telemetry: tele } }
+    if (e && e.transientExhausted) { noteDegraded('outage'); return { card: cardId, status: 'pending', gates } }
     throw e
   }
 
-  if (impl && impl.epic) { g('router', 'EPIC-SKIPPED', 'epic card'); return { card: cardId, status: 'epic-skipped', gates, commit: '-', telemetry: tele } }
+  if (impl && impl.epic) { g('router', 'EPIC-SKIPPED', 'epic card'); return { card: cardId, status: 'epic-skipped', gates, commit: '-' } }
 
   const mayEdit = (impl && impl.mayEditPaths) || []
   const scopeFiles = (impl && impl.scopeFiles) || []
-  if (impl && impl.fileDiffViolation) g('E4-file-diff', 'AUTO-REVERTED', 'coder touched files outside ownership')
+  // F-040 — E4 honest label: 'AUTO-REVERTED' used to be a no-op log (files were left orphaned).
+  // Now the owner agent reconciles out-of-ownership edits itself (implement.md §11b); we report
+  // what it actually did. A genuine unresolved violation becomes a tracked residual, never silent.
+  const reverted = (impl && impl.revertedOutOfOwnership) || []
+  if (reverted.length) g('E4-file-diff', 'REVERTED', `out-of-ownership reverted: ${reverted.join(', ')}`)
+  if (impl && impl.fileDiffViolation) {
+    g('E4-file-diff', 'FLAGGED', 'unresolved out-of-ownership edit — tracked as residual')
+    residuals.push({ card: cardId, kind: 'file-diff-violation', evidence: `unresolved out-of-ownership edit: ${(impl && impl.note) || ''}`, materialized: false })
+  }
 
   if (impl && impl.buildBlocked) {
-    const s = await resolve('blocker', cardId, `Phase-2 gate failing: ${impl.blockedGate}`, { mayEditPaths: mayEdit, scopeFiles, domain: 'code' })
+    const s = (await resolve('blocker', cardId, `Phase-2 gate failing: ${impl.blockedGate}`, { mayEditPaths: mayEdit, scopeFiles, domain: 'code' })).status
     g('G26-build', s === 'resolved' ? 'RESOLVED' : 'FOLLOWUP', impl.blockedGate)
-    if (s !== 'resolved') { await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'followup', gates, commit: '-', scopeFiles, telemetry: tele } }
+    if (s !== 'resolved') { await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'followup', gates, commit: '-', scopeFiles } }
   }
 
   // F-010/F-016 — unmet ACs that are policy-deferred are skipped (already tracked).
   for (const ac of (impl && impl.unmetACs) || []) {
-    if (acceptedDeferrals.has(sig(cardId, 'ac-unmet', `AC-${ac.n}: ${ac.text}`))) { g('G7-ac-closure', 'DEFERRED-BY-POLICY', `AC-${ac.n}`); continue }
-    const s = await resolve('ac-unmet', cardId, `AC-${ac.n}: ${ac.text}`, { mayEditPaths: mayEdit, scopeFiles, domain: 'code' })
-    g('G7-ac-closure', s === 'resolved' ? 'RESOLVED' : 'FOLLOWUP', `AC-${ac.n}`)
+    if (acceptedDeferrals.has(acSig(cardId, ac.n)) || acceptedDeferrals.has(sig(cardId, 'ac-unmet', `AC-${ac.n}: ${ac.text}`))) { g('G7-ac-closure', 'DEFERRED-BY-POLICY', `AC-${ac.n}`); deferredOpen = true; deferredClasses.add('policy-deferred-ac'); continue }
+    const r = await resolve('ac-unmet', cardId, `AC-${ac.n}: ${ac.text}`, { mayEditPaths: mayEdit, scopeFiles, domain: 'code' })
+    g('G7-ac-closure', r.status === 'resolved' ? 'RESOLVED' : 'FOLLOWUP', `AC-${ac.n}`)
+    // A3 — record the deferral CLASS (v4.24.1 did this only for the blocks loop). An
+    // 'unresolved' AC still commits (never destroy completed work) but the class keeps the
+    // card from being auto-DONE by the skill — its DoD is genuinely not met.
+    if (r.status !== 'resolved') { deferredOpen = true; deferredClasses.add(r.deferralClass || 'unresolved') }
   }
 
   // --- Review fan-out (F-024/F-025): specialized agents, trimmed by review_profile. ---
   // G5 — scopeFiles tokens alone miss a security card whose files don't carry them. Also
-  // trigger security-reviewer on the card's owner_agent and its brief (title/requirements).
-  const securityRelevant = highRisk.length
-    || ownerAgent === 'security-reviewer'
+  // trigger security-reviewer on the card's RAW owner_agent and its brief (title/requirements).
+  // B2 — high_risk_modules triggers only when THIS card's files intersect them (`highRisk.length`
+  // alone fired security-reviewer on every card of every project that configures the list).
+  const securityRelevant = highRisk.some((m) => scopeFiles.some((f) => String(f).includes(String(m))))
+    || node.ownerAgentRaw === 'security-reviewer'
     || /auth|security|secret|migration|rls/i.test(`${scopeFiles.join(' ')} ${cardBrief}`)
   // v4.18.0 — at `light`, Codex is the SOLE finder (cost-shift off Claude); `code-reviewer` is the
   // fallback when the companion is unavailable. The FP-gate equivalent is preserved downstream: any
@@ -435,48 +496,89 @@ async function runCard(cardId, cardPath, lessons) {
   const blocks = reviewResults.flatMap((r) => (r.blocks || [])).filter((b) => b && b.gate && b.evidence)
   const scopeExp = reviewResults.flatMap((r) => (r.scopeExpansion || []))
   let cardBlocked = false
+  // B3 — group blocks by kind+domain → ONE resolve per group via findings[] (the same F-007
+  // batching the final review already does). One-by-one routing was the dominant per-card cost
+  // driver (each resolve = fixer + judge + possible Tier-2 fan-out). A group is homogeneous by
+  // kind+domain, so its single status/deferralClass is coherent for every block in it.
+  const blockGroups = {}
   for (const b of blocks) {
     const kind = /e2e/i.test(b.gate) ? 'e2e-blocked' : /qa/i.test(b.gate) ? 'qa-fail' : 'blocker'
-    const s = await resolve(kind, cardId, `${b.gate}: ${b.evidence}`, { mayEditPaths: mayEdit, scopeFiles, domain: b.domain || 'code' })
-    g(b.gate, s === 'resolved' ? 'RESOLVED' : 'FOLLOWUP', b.evidence)
-    if (s !== 'resolved') cardBlocked = true
+    const key = `${kind}::${b.domain || 'code'}`
+    ;(blockGroups[key] = blockGroups[key] || []).push(Object.assign({ kindResolved: kind }, b))
   }
-  for (const sx of scopeExp) {
-    const s = await resolve('scope-expansion', cardId, sx.evidence || '', { mayEditPaths: mayEdit, scopeFiles, domain: sx.domain || 'code' })
-    g('scope-expansion', s === 'resolved' ? 'INTEGRATED' : 'FOLLOWUP', sx.evidence || '')
+  for (const key of Object.keys(blockGroups)) {
+    const grp = blockGroups[key]
+    const kind = grp[0].kindResolved
+    const dom = grp[0].domain || 'code'
+    const r = await resolve(kind, cardId, grp.map((b) => `${b.gate}: ${b.evidence}`).join(' || '),
+      { mayEditPaths: mayEdit, scopeFiles, domain: dom,
+        findings: grp.map((b) => ({ kind, evidence: `${b.gate}: ${b.evidence}`, domain: b.domain || 'code' })) })
+    // F-040 — THE primary fix. An owner-gated / not-a-code-defect deferral means the card's OWN
+    // code is complete and correct; the residual is an external/infra step (e.g. a remote db push)
+    // already tracked as a follow-up. Do NOT roll the card back — it proceeds to commit, NON-DONE
+    // (the skill marks it DONE post-run once the follow-up exists on disk). This replaces the old
+    // `s !== 'resolved' → cardBlocked` which destroyed a completed migration card's work over a db:push gate.
+    // A genuine unresolved CODE defect (or out-of-ownership/baseline/outage) still blocks + rolls back.
+    const ownerGated = r.status === 'followup' && (r.deferralClass === 'owner-gated' || r.deferralClass === 'not-a-code-defect')
+    for (const b of grp) g(b.gate, r.status === 'resolved' ? 'RESOLVED' : ownerGated ? 'DEFERRED-OWNER-GATED' : 'FOLLOWUP', b.evidence)
+    if (ownerGated) { deferredOpen = true; deferredClasses.add(r.deferralClass) }
+    else if (r.status !== 'resolved') cardBlocked = true
+  }
+  // B3 — scope-expansion findings batched per domain (same rationale).
+  const sxGroups = {}
+  for (const sx of scopeExp) { const d = sx.domain || 'code'; (sxGroups[d] = sxGroups[d] || []).push(sx) }
+  for (const dom of Object.keys(sxGroups)) {
+    const grp = sxGroups[dom]
+    const s = (await resolve('scope-expansion', cardId, grp.map((x) => x.evidence || '').join(' || '),
+      { mayEditPaths: mayEdit, scopeFiles, domain: dom,
+        findings: grp.map((x) => ({ kind: 'scope-expansion', evidence: x.evidence || '', domain: dom })) })).status
+    for (const sx of grp) g('scope-expansion', s === 'resolved' ? 'INTEGRATED' : 'FOLLOWUP', sx.evidence || '')
   }
 
-  if (cardBlocked) { await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'followup', gates, commit: '-', scopeFiles, archBaselinePath: `/tmp/arch-baseline-${cardId}.md`, telemetry: tele } }
+  if (cardBlocked) { await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'followup', gates, commit: '-', scopeFiles, archBaselinePath: `/tmp/arch-baseline-${cardId}.md` } }
 
   // --- Phase 4 — commit (F-023: Haiku + git-status reconcile, never git add -A). ---
+  // F-040/H — DONE policy. A card with an OPEN owner-gated/policy-deferred AC commits its code but
+  // must NOT be marked DONE here (its own DoD isn't met yet — e.g. the remote db:push is pending).
+  // The new2 SKILL marks it DONE post-run, ONLY after the deferral's follow-up exists on disk in the
+  // main repo (so a card is never DONE with a silently-dropped requirement — F-029).
+  const doneStep = deferredOpen
+    ? `(4) DO NOT mark the card DONE: it has an OPEN owner-gated/policy-deferred AC. Keep status IN_PROGRESS and add an implementation_note "deferred — DONE pending follow-up (new2 skill reconciles post-run)". STILL add the ssot-registry row for the committed code.`
+    : `(4) mark the card DONE in its YAML + add the ssot-registry row.`
   let commitRes
   try {
     commitRes = await agentSafe(
       `Commit card ${cardId} in worktree ${sharedCtx.worktreePath}. MECHANICAL — do NOT re-read reference modules.\n` +
-        `Steps: (1) \`git status --porcelain\`; (2) stage = MAY-EDIT (${JSON.stringify(mayEdit)}) ∩ dirty — NEVER \`git add -A\`, NEVER \`git stash\`; if dirty has files OUTSIDE MAY-EDIT, do NOT stage them and set reconcileNote; (3) commit message \`[${cardId}] <concise>\`; (4) mark the card DONE in its YAML + add the ssot-registry row; (5) 'nothing to commit' = already committed (record HEAD).\n` +
+        `Steps: (1) \`git status --porcelain\`; (2) stage = MAY-EDIT (${JSON.stringify(mayEdit)}) ∩ dirty — NEVER \`git add -A\`, NEVER \`git stash\`; if dirty has files OUTSIDE MAY-EDIT, do NOT stage them and set reconcileNote; (3) commit message \`[${cardId}] <concise>\`; ${doneStep} (5) 'nothing to commit' = already committed (record HEAD).\n` +
         `On COMMIT_LOCK: clear stale lock + retry once. Still locked → committed:false.\n\n` +
         `Return: { committed, commit, filesChanged, reconcileNote }`,
       { label: `commit:${cardId}`, phase: 'Implement', agentType: 'general-purpose', model: 'haiku',
         schema: { type: 'object', required: ['committed'], additionalProperties: true, properties: { committed: { type: 'boolean' }, commit: { type: 'string' }, filesChanged: { type: 'array', items: { type: 'string' } }, reconcileNote: { type: 'string' } } } }
     )
   } catch (e) {
-    if (e && e.transientExhausted) { noteDegraded('outage'); await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'pending', gates, telemetry: tele } }
+    if (e && e.transientExhausted) { noteDegraded('outage'); await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'pending', gates } }
     throw e
   }
 
   if (!commitRes || !commitRes.committed) {
-    const s = await resolve('blocker', cardId, 'commit blocked after retries', { mayEditPaths: mayEdit, scopeFiles, domain: 'code' })
+    const s = (await resolve('blocker', cardId, 'commit blocked after retries', { mayEditPaths: mayEdit, scopeFiles, domain: 'code' })).status
     g('G16-commit', s === 'resolved' ? 'RESOLVED' : 'FOLLOWUP')
-    if (s !== 'resolved') { await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'followup', gates, commit: '-', scopeFiles, archBaselinePath: `/tmp/arch-baseline-${cardId}.md`, telemetry: tele } }
+    if (s !== 'resolved') { await rollbackCard(cardId, mayEdit); return { card: cardId, status: 'followup', gates, commit: '-', scopeFiles, archBaselinePath: `/tmp/arch-baseline-${cardId}.md` } }
   }
   if (commitRes && commitRes.reconcileNote) g('commit-reconcile', 'NOTE', commitRes.reconcileNote)
 
-  g('commit', 'COMMITTED', (commitRes && commitRes.commit) || '')
+  g('commit', 'COMMITTED', `${(commitRes && commitRes.commit) || ''}${deferredOpen ? ' (NON-DONE — deferred, skill reconciles)' : ''}`)
   return {
     card: cardId, status: 'committed',
     commit: (commitRes && commitRes.commit) || '-',
     filesChanged: (commitRes && commitRes.filesChanged) || [],
-    scopeFiles, archBaselinePath: `/tmp/arch-baseline-${cardId}.md`, gates, telemetry: tele,
+    // F-040/H — true when this committed card is intentionally left NON-DONE (open deferral). The
+    // merge agent leaves it non-DONE and the SKILL marks it DONE after its follow-up materialises —
+    // but ONLY if every class in deferredClasses is owner-gated/not-a-code-defect/policy-deferred-ac
+    // (A3): an 'unresolved' class means the DoD is genuinely unmet → the card stays IN_PROGRESS.
+    deferred: deferredOpen,
+    deferredClasses: Array.from(deferredClasses),
+    scopeFiles, archBaselinePath: `/tmp/arch-baseline-${cardId}.md`, gates,
   }
 }
 
@@ -487,7 +589,7 @@ async function runCard(cardId, cardPath, lessons) {
 // re-queue with a cap; sustained outage → stop cleanly + degraded return.
 // ───────────────────────────────────────────────────────────────────────────
 phase('Implement')
-const lessons = []
+const failedCleaned = new Set() // A4 — failed cards whose crash cleanup VERIFIED clean (un-strands the merge gate)
 const state = {}            // cardId → 'pending'|'committed'|'followup'|'epic-skipped'|'blocked'|'failed'
 const attempts = {}         // cardId → retry count (transient)
 const RETRY_CAP = 2
@@ -517,7 +619,7 @@ while (guard-- > 0) {
   const next = runnableCards.find((id) => state[id] === 'pending' && depsSatisfied(id))
   if (!next) break // nothing runnable (all done/blocked, or a cycle/stall)
 
-  const r = await runCard(next, pathById[next], lessons).catch((e) => crashResult(next, e))
+  const r = await runCard(next, pathById[next]).catch((e) => crashResult(next, e))
   if (r.status === 'pending') {
     attempts[next]++
     consecutiveOutage++
@@ -532,7 +634,6 @@ while (guard-- > 0) {
   consecutiveOutage = 0
   state[next] = r.status
   perCardResults.push(r)
-  if (r.note) lessons.push(`${next}: ${r.note}`)
 }
 
 // Any still-pending card after the loop (outage) is recorded as a residual.
@@ -540,11 +641,17 @@ for (const id of runnableCards) {
   if (state[id] === 'pending') residuals.push({ card: id, kind: 'not-reached', evidence: 'batch paused before this card ran', materialized: false })
 }
 
-function crashResult(id, e) {
-  if (e && (e.transientExhausted || isTransient(e))) { return { card: id, status: 'pending', gates: [], telemetry: {} } }
+async function crashResult(id, e) {
+  if (e && (e.transientExhausted || isTransient(e))) { return { card: id, status: 'pending', gates: [] } }
   residuals.push({ card: id, kind: 'agent-crash', evidence: String(e && e.message), materialized: false })
   ledger(id, 'runCard', 'ERROR', String(e && e.message))
-  return { card: id, status: 'failed', gates: [{ gate: 'runCard', decision: 'ERROR', detail: String(e && e.message) }], commit: '-', telemetry: {} }
+  // A4 — a crashed card used to leave its dirty files in the worktree (the NEXT card's owner
+  // agent then reverted them via E4 with a misleading 'out-of-ownership' label). Clean up here;
+  // a VERIFIED-clean failure also stops stranding the merge gate (A2).
+  const clean = await rollbackCard(id, [])
+  if (clean) failedCleaned.add(id)
+  ledger(id, 'crash-cleanup', clean ? 'CLEAN' : 'DIRTY', clean ? 'worktree restored to HEAD' : 'cleanup unverified — merge stays blocked')
+  return { card: id, status: 'failed', gates: [{ gate: 'runCard', decision: 'ERROR', detail: String(e && e.message) }], commit: '-' }
 }
 
 const committed = perCardResults.filter((r) => r.status === 'committed')
@@ -555,8 +662,8 @@ const committed = perCardResults.filter((r) => r.status === 'committed')
 // ───────────────────────────────────────────────────────────────────────────
 phase('Final')
 let finalSummary = null
-let mergeBlocked = batchFatal || degraded
-if (committed.length && !batchFatal && !degraded) {
+let mergeBlocked = degraded
+if (committed.length && !degraded) {
   const reviewScopeFiles = dedupe(committed.flatMap((r) => r.scopeFiles || []))
   const archPaths = committed.map((r) => r.archBaselinePath).filter(Boolean)
   const allArch = archPaths.length === committed.length ? archPaths : null
@@ -594,14 +701,14 @@ if (committed.length && !batchFatal && !degraded) {
     }
     for (const area of Object.keys(byArea)) {
       const group = byArea[area]
-      const s = await resolve('merge-blocker', group[0].finding_id || firstCard,
+      const s = (await resolve('merge-blocker', group[0].finding_id || firstCard,
         group.map((f) => `${f.severity} ${f.title}: ${f.evidence}`).join(' || '),
         { mayEditPaths: reviewScopeFiles, scopeFiles: reviewScopeFiles, domain: group[0].domain || 'code',
-          findings: group.map((f) => ({ kind: 'merge-blocker', evidence: `${f.title}: ${f.evidence}`, domain: f.domain || 'code' })) })
+          findings: group.map((f) => ({ kind: 'merge-blocker', evidence: `${f.title}: ${f.evidence}`, domain: f.domain || 'code' })) })).status
       if (s !== 'resolved') mergeBlocked = true
     }
     if (finalSummary && finalSummary.failingGates && finalSummary.failingGates.length) {
-      const s = await resolve('qa-fail', firstCard, `final gates failing: ${finalSummary.failingGates.join(', ')}`, { mayEditPaths: reviewScopeFiles, scopeFiles: reviewScopeFiles, domain: 'code' })
+      const s = (await resolve('qa-fail', firstCard, `final gates failing: ${finalSummary.failingGates.join(', ')}`, { mayEditPaths: reviewScopeFiles, scopeFiles: reviewScopeFiles, domain: 'code' })).status
       if (s !== 'resolved') mergeBlocked = true
     }
   } else {
@@ -609,7 +716,7 @@ if (committed.length && !batchFatal && !degraded) {
     mergeBlocked = true
   }
 } else {
-  ledger(firstCard, 'final-review', 'SKIPPED', batchFatal ? 'batch fatal' : degraded ? 'degraded (outage)' : 'no committed cards')
+  ledger(firstCard, 'final-review', 'SKIPPED', degraded ? 'degraded (outage)' : 'no committed cards')
 }
 
 // ───────────────────────────────────────────────────────────────────────────
@@ -620,8 +727,19 @@ if (committed.length && !batchFatal && !degraded) {
 // ───────────────────────────────────────────────────────────────────────────
 phase('Merge')
 let mergeResult = null
-const incomplete = runnableCards.filter((id) => state[id] !== 'committed' && state[id] !== 'epic-skipped')
-const integrityOK = committed.length > 0 && !mergeBlocked && !batchFatal && !degraded && incomplete.length === 0
+// A2 — 'followup'/'blocked' cards were rolled back and their residuals live in the offline-safe
+// ledger: the worktree holds ONLY gate-passing committed work, so they must not strand the batch
+// (the old filter contradicted the gate's own comment and orphaned the worktree with no resume
+// path — not degraded, so the skill never resumed). 'failed' counts as complete ONLY when its
+// crash cleanup VERIFIED the worktree clean (A4); an unverified crash still blocks the merge.
+const incomplete = runnableCards.filter((id) =>
+  !(state[id] === 'committed' || state[id] === 'epic-skipped' || state[id] === 'followup'
+    || state[id] === 'blocked' || (state[id] === 'failed' && failedCleaned.has(id))))
+// F-040/H — committed cards intentionally left NON-DONE (open owner-gated/policy-deferred AC). They
+// ARE merged (their code is complete), but Phase 6b must NOT force them to DONE; the SKILL does that
+// post-run once the deferral's follow-up exists on disk. They count as complete for the merge gate.
+const deferredCards = committed.filter((r) => r.deferred).map((r) => r.card)
+const integrityOK = committed.length > 0 && !mergeBlocked && !degraded && incomplete.length === 0
 if (!committed.length) {
   ledger(firstCard, 'merge', 'SKIPPED', 'no committed cards')
 } else if (!integrityOK) {
@@ -635,15 +753,23 @@ if (!committed.length) {
         `• G24 → auto-merge via merge_strategy.\n` +
         `• F-030 HARD RULE: NEVER \`git add\`/commit code that did not pass the per-card gates. If the worktree is dirty with uncommitted code → DO NOT commit it; leave it, set uncommittedLeft:true, and report. NO "safety commit". Security/migration code is NEVER swept in.\n` +
         `• F-029 HARD RULE: Phase 6b reconciliation marks a card DONE ONLY if it has a real commit in ${TRUNK}..HEAD AND its gates are green. NEVER force a non-implemented card to DONE. Return forcedDone:[] (must be empty).\n` +
-        `• EPIC CLOSURE (Phase 6b step 5e): the epic/parent card (group.is_epic:true) is NOT in the batch and stays TODO unless closed here. For each distinct group.parent of the batch cards (and any epic card in the batch itself): if EVERY child of that epic — \`grep -l "parent: <EPIC-ID>" backlog/*.yml | xargs grep -L "status: DONE"\` prints nothing — set the epic card status:DONE + completed_date + note "epic-closure gate — all children DONE" and fold into the reconciliation commit. If any child is still open → leave the epic untouched. This is NOT a forcedDone violation (the epic is a tracker, gated on all-children-DONE, not on its own commit). Return epicsClosed:[<EPIC-IDs marked DONE>].\n` +
+        `• F-040 DEFERRED CARDS — leave NON-DONE (do NOT force to DONE in Phase 6b): ${deferredCards.length ? deferredCards.join(' ') : '(none)'}. These committed their code but carry an OPEN owner-gated/policy-deferred AC (e.g. a pending remote db:push). Their YAML is INTENTIONALLY IN_PROGRESS; the new2 skill marks them DONE post-run after materialising the deferral's follow-up. They ARE part of the merge — just skip them in the DONE-reconciliation. Return deferredLeftOpen:[the ones you left non-DONE].\n` +
+        `• EPIC CLOSURE (Phase 6b step 5e): the epic/parent card (group.is_epic:true) is NOT in the batch and stays TODO unless closed here. For each distinct group.parent of the batch cards (and any epic card in the batch itself): if EVERY child of that epic — \`grep -l "parent: <EPIC-ID>" ${paths.backlog_dir || 'backlog'}/*.yml | xargs grep -L "status: DONE"\` prints nothing — set the epic card status:DONE + completed_date + note "epic-closure gate — all children DONE" and fold into the reconciliation commit. If any child is still open → leave the epic untouched. This is NOT a forcedDone violation (the epic is a tracker, gated on all-children-DONE, not on its own commit). Return epicsClosed:[<EPIC-IDs marked DONE>].\n` +
         `• G19 sync-deferred → HEAD==${TRUNK} ff-pull, else leave+report. G20 → leave+report. G21 post-batch dirty → partition-ignore framework artifacts; leave the rest + report (do NOT commit). G22 divergence → behind: ff-pull; ahead/both: leave+report; NEVER reset --hard/force-push. G23 stash restore conflict → leave intact + report.\n\n` +
-        `Return: { merged, mergeCommit, mergeTs, reconciliation, forcedDone:[], uncommittedLeft, note }`,
+        `Return: { merged, mergeCommit, mergeTs, reconciliation, forcedDone:[], deferredLeftOpen:[], uncommittedLeft, note }`,
       { label: 'merge', phase: 'Merge', agentType: 'general-purpose', schema: MERGE_SCHEMA }
     )
   } catch (e) { if (e && e.transientExhausted) noteDegraded('outage'); mergeResult = null }
   if (mergeResult && (mergeResult.forcedDone || []).length) { noteDegraded('false_done'); ledger(firstCard, 'F029-guard', 'VIOLATION', `forcedDone: ${mergeResult.forcedDone.join(' ')}`) }
   if (mergeResult && mergeResult.uncommittedLeft) ledger(firstCard, 'F030-guard', 'LEFT-UNCOMMITTED', 'dirty code left (not swept) + reported')
   if (mergeResult && (mergeResult.epicsClosed || []).length) ledger(firstCard, 'epic-closure', 'CLOSED', `epics marked DONE (all children DONE): ${mergeResult.epicsClosed.join(' ')}`)
+  if (deferredCards.length) {
+    ledger(firstCard, 'F040-deferred', 'LEFT-NON-DONE', `${deferredCards.join(' ')} — skill marks DONE post-run after follow-up materialises`)
+    // F-040 guard — catch a merge agent that ignored the instruction and force-DONE'd a deferred card.
+    const leftOpen = (mergeResult && mergeResult.deferredLeftOpen) || []
+    const wronglyDone = deferredCards.filter((c) => !leftOpen.includes(c))
+    if (mergeResult && wronglyDone.length) { noteDegraded('false_done'); ledger(firstCard, 'F040-guard', 'VIOLATION', `deferred cards force-DONE by merge: ${wronglyDone.join(' ')}`) }
+  }
   ledger(firstCard, 'G24-merge', (mergeResult && mergeResult.merged) ? 'MERGED' : 'INCOMPLETE', (mergeResult && (mergeResult.mergeCommit || mergeResult.note)) || '')
   if (mergeResult && mergeResult.reconciliation) ledger(firstCard, 'G19-23-reconcile', 'AUTO', mergeResult.reconciliation)
 }
@@ -686,6 +812,9 @@ function buildTelemetry() {
     ts: TS || null,
     cards_total: cardIds.length,
     cards_real_done: perCardResults.filter((r) => r.status === 'committed').length,
+    // F-040/H — committed cards left NON-DONE pending their owner-gated follow-up (the skill marks
+    // them DONE post-run). Surfaced so the A/B telemetry distinguishes "code landed" from "DONE".
+    cards_deferred_done_pending: perCardResults.filter((r) => r.deferred).length,
     cards_force_done: 0, // F-029 — force-DONE forbidden; always 0.
     cards_followup: perCardResults.filter((r) => r.status === 'followup').length,
     cards_blocked: runnableCards.filter((id) => state[id] === 'blocked').length,
@@ -698,12 +827,12 @@ function buildTelemetry() {
     merged: !!(mergeResult && mergeResult.merged),
     degraded,
     degradation_reasons: degradationReasons,
-    execution_mode: preflight ? preflight.executionMode : 'sequential',
+    execution_mode: 'sequential', // B4 — the scheduler is strictly sequential by design
     codex_resolved: preflight ? !!preflight.codexResolved : null, // v4.18.0 — probed for EVERY batch (drives per-card Codex-light + multi-card cross-card)
     // cost — total_tokens via budget.spent() delta; agent_count via counter; wall_clock_s stamped by the SKILL.
     total_tokens: totalTokens,
     agent_count: agentCount,
-    per_card: perCardResults.map((r) => ({ card: r.card, status: r.status, telemetry: r.telemetry || {} })),
+    per_card: perCardResults.map((r) => ({ card: r.card, status: r.status, deferred: !!r.deferred, deferredClasses: r.deferredClasses || [], gates: (r.gates || []).length })),
     stats_requested: !!FLAGS.stats,
   }
 }
@@ -711,12 +840,12 @@ function buildTelemetry() {
 function buildReport(o) {
   const L = []
   L.push(`# new2 batch — ${cardIds.join(' ')}`)
-  L.push(`Variant: **new2** · Mode: ${preflight ? preflight.executionMode : '?'} · Trunk: ${TRUNK}${degraded ? ' · ⚠️ DEGRADED (' + degradationReasons.join(',') + ')' : ''}`)
+  L.push(`Variant: **new2** · Mode: sequential · Trunk: ${TRUNK}${degraded ? ' · ⚠️ DEGRADED (' + degradationReasons.join(',') + ')' : ''}`)
   if (o.fatal) { L.push(``, `## ⛔ BATCH FATAL`, o.reason || 'workspace unworkable'); return L.join('\n') }
   L.push(``, `## Esito card`)
   L.push(`| Card | Status | Commit | File |`)
   L.push(`|------|--------|--------|------|`)
-  for (const r of perCardResults) L.push(`| ${r.card} | ${r.status} | ${r.commit || '-'} | ${(r.filesChanged || []).length} |`)
+  for (const r of perCardResults) L.push(`| ${r.card} | ${r.status}${r.deferred ? ' (NON-DONE: deferred)' : ''} | ${r.commit || '-'} | ${(r.filesChanged || []).length} |`)
   const blockedIds = runnableCards.filter((id) => state[id] === 'blocked' || state[id] === 'pending')
   for (const id of blockedIds) L.push(`| ${id} | ${state[id]} | - | 0 |`)
   if (finalSummary) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "baldart",
-  "version": "4.24.0",
+  "version": "4.24.2",
   "description": "Claude Agent Framework - Reusable framework for coordinating AI agents and humans in software projects",
   "bin": {
     "baldart": "./bin/baldart.js"