cclaw-cli 0.51.18 → 0.51.21

package/dist/artifact-linter.js

@@ -485,15 +485,39 @@ const SCOPE_MODE_SHORT_TOKEN_REGEX = /\b(?:hold(?:[\s_-]?scope)?|selective(?:[\s
 // not the wording of the rationale.
 const NEXT_STAGE_HANDOFF_REGEX = /(?:`(?:design|spec)`|\bdesign\b|\bspec\b|next[-\s_]stage|next stage|handoff|hand[-\s]off)/iu;
 function hasCanonicalScopeMode(body) {
-    if (SCOPE_MODE_FULL_REGEX.test(body))
-        return true;
+    // Strict: a Mode: / Selected mode: line that picks exactly ONE canonical mode
+    // is the strongest signal. The template scaffolding contains all four mode
+    // tokens inside an instructional `(one of ...)` placeholder; we ignore that
+    // line so authors who never replace the scaffolding still fail validation.
     for (const match of body.matchAll(new RegExp(SCOPE_MODE_LINE_REGEX, "giu"))) {
-        const value = match[1] ?? "";
-        if (SCOPE_MODE_SHORT_TOKEN_REGEX.test(value))
+        const raw = (match[1] ?? "").trim();
+        const sanitized = raw.replace(/\(.*?\)/gu, "").trim();
+        if (sanitized.length === 0)
+            continue;
+        if (countCanonicalModeMentions(sanitized) === 1)
+            return true;
+        if (countCanonicalModeMentions(sanitized) === 0 && SCOPE_MODE_SHORT_TOKEN_REGEX.test(sanitized))
+            return true;
+    }
+    // Fallback: any line outside an instructional `(one of ...)` placeholder
+    // names exactly one mode. Block lines that list multiple modes (the
+    // unfilled template) or are wrapped in an instructional parenthetical.
+    for (const rawLine of body.split(/\r?\n/u)) {
+        const line = rawLine.trim();
+        if (line.length === 0)
+            continue;
+        if (/\(\s*one\s+of\b/iu.test(line))
+            continue;
+        const sanitized = line.replace(/\(.*?\)/gu, "");
+        if (countCanonicalModeMentions(sanitized) === 1)
             return true;
     }
     return false;
 }
+function countCanonicalModeMentions(text) {
+    const matches = text.match(new RegExp(SCOPE_MODE_FULL_REGEX, "giu"));
+    return matches ? matches.length : 0;
+}
 function validatePremiseChallenge(sectionBody) {
     // gstack-style premise challenge requires a real Q/A structure (table or
     // list), not free-form prose. The validation is *structural* only — we do
@@ -1051,10 +1075,12 @@ function validateTddGreenEvidence(sectionBody) {
     };
 }
 function validateVerificationLadder(sectionBody) {
-    if (!/highest tier reached/iu.test(sectionBody)) {
+    const hasTextLine = /highest tier reached/iu.test(sectionBody);
+    const hasCanonicalTable = hasVerificationLadderTableRow(sectionBody);
+    if (!hasTextLine && !hasCanonicalTable) {
         return {
             ok: false,
-            details: "Verification Ladder must include a 'Highest tier reached' line."
+            details: "Verification Ladder must include either a 'Highest tier reached' line or a canonical table row (Slice | Tier reached | Evidence) with non-empty tier and evidence."
         };
     }
     if (!/\b(static|command|behavioral|human)\b/iu.test(sectionBody)) {
@@ -1074,6 +1100,49 @@ function validateVerificationLadder(sectionBody) {
         details: "Verification Ladder includes tier + evidence fields."
     };
 }
+function hasVerificationLadderTableRow(sectionBody) {
+    const lines = sectionBody.split(/\r?\n/u);
+    let sawHeader = false;
+    let sawSeparator = false;
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed.startsWith("|")) {
+            sawHeader = false;
+            sawSeparator = false;
+            continue;
+        }
+        const cells = trimmed
+            .replace(/^\|/u, "")
+            .replace(/\|$/u, "")
+            .split("|")
+            .map((cell) => cell.trim());
+        if (!sawHeader) {
+            const lowered = cells.map((cell) => cell.toLowerCase());
+            const hasTierColumn = lowered.some((cell) => /tier(?:\s+reached)?/u.test(cell));
+            const hasEvidenceColumn = lowered.some((cell) => cell.includes("evidence"));
+            if (hasTierColumn && hasEvidenceColumn) {
+                sawHeader = true;
+                continue;
+            }
+            continue;
+        }
+        if (!sawSeparator) {
+            if (cells.every((cell) => /^[:\-\s]+$/u.test(cell))) {
+                sawSeparator = true;
+                continue;
+            }
+            sawHeader = false;
+            continue;
+        }
+        if (cells.length >= 2 && cells.some((cell) => /\b(static|command|behavioral|human)\b/iu.test(cell))) {
+            const evidenceCellHasContent = cells.some((cell) => cell.length > 0 && !/^\s*$/u.test(cell) && !/^[:\-\s]+$/u.test(cell));
+            if (evidenceCellHasContent) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
 const LEARNING_TYPE_SET = new Set(["rule", "pattern", "lesson", "compound"]);
 const LEARNING_CONFIDENCE_SET = new Set(["high", "medium", "low"]);
 const LEARNING_SEVERITY_SET = new Set(["critical", "important", "suggestion"]);
@@ -1786,6 +1855,20 @@ export async function lintArtifact(projectRoot, stage, track = "standard") {
                         ? "Selected Direction is traceable to prior user reaction."
                         : "Selected Direction is not traceable to user reaction. Add `## Approach Reaction` before it, or mention the user's reaction/concerns in the rationale."
                 });
+                // Track-aware handoff: standard track goes to `scope`; medium track
+                // goes directly to `spec`; the quick track skips brainstorm entirely.
+                // We accept either canonical successor token plus a generic
+                // `next-stage` / `handoff` phrase to preserve i18n flexibility.
+                const handoffTrace = /(?:`(?:scope|spec)`|\bscope\b|\bspec\b|next[-\s_]stage|next stage|\bhandoff\b|hand[-\s]off)/iu.test(directionBody);
+                findings.push({
+                    section: "Direction Next-Stage Handoff",
+                    required: true,
+                    rule: "Selected Direction must record the track-aware next-stage handoff (mention `scope` for standard, `spec` for medium, or include a `Next-stage handoff:` line).",
+                    found: handoffTrace,
+                    details: handoffTrace
+                        ? "Selected Direction names the next-stage handoff."
+                        : "Selected Direction is missing a next-stage handoff token. Mention `scope` (standard) or `spec` (medium), or add a `Next-stage handoff:` line so downstream stages can trace the contract."
+                });
             }
         }
         const shortCircuitBody = brainstormShortCircuitBody;

package/dist/content/examples.js

@@ -48,6 +48,7 @@ const STAGE_EXAMPLES = {
 - **Approach:** A — Reusable validation module
 - **Rationale:** based on user reaction favoring fast delivery and lower complexity, shared TS module gives consistent behavior in CI/local, avoids script duplication, and stays within the no-new-dependency constraint.
 - **Approval:** approved
+- **Next-stage handoff:** \`scope\` — carry the locked stack constraints and the validator module boundary forward.
 
 ## Design
 

package/dist/content/hook-events.js

@@ -1,8 +1,5 @@
-import { HOOK_MANIFEST_HARNESSES, semanticEventCoverage } from "./hook-manifest.js";
+import { semanticEventCoverage } from "./hook-manifest.js";
 export { HOOK_SEMANTIC_EVENTS } from "./hook-manifest.js";
-function isManifestHarness(value) {
-    return HOOK_MANIFEST_HARNESSES.includes(value);
-}
 /**
  * OpenCode is covered by the inline plugin (`opencode-plugin.ts`), not
  * by the generated `run-hook.mjs` dispatcher. We keep its semantic
@@ -28,4 +25,3 @@ export const HOOK_EVENTS_BY_HARNESS = Object.freeze({
     codex: semanticEventCoverage("codex"),
     opencode: OPENCODE_SEMANTIC_COVERAGE
 });
-void isManifestHarness;

package/dist/content/node-hooks.js

@@ -265,15 +265,6 @@ async function writeJsonFile(filePath, value) {
   });
 }
 
-async function fileExists(filePath) {
-  try {
-    await fs.stat(filePath);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
 async function readTextFile(filePath, fallback = "") {
   try {
     return await fs.readFile(filePath, "utf8");
@@ -625,7 +616,7 @@ function isCodeLikePath(rawPath) {
 }
 
 function isMutatingTool(toolLower) {
-  return /^(write|edit|multiedit|multi_edit|delete|applypatch|apply_patch)$/u.test(toolLower);
+  return /^(write|edit|multiedit|multi_edit|delete|applypatch|apply_patch|notebookedit|notebook_edit)$/u.test(toolLower);
 }
 
 function isExecutionOrMutatingTool(toolLower) {
@@ -871,8 +862,6 @@ async function buildKnowledgeDigest(root, currentStage, prereadRaw) {
       const action = typeof row.action === "string" ? row.action : "action";
       return "- [" + confidence + " • " + stage + " • " + domain + "] " + trigger + " -> " + action;
     });
-  const body =
-    relevant.length > 0 ? relevant.join("\\n") : "(no matching entries for current stage)";
   return {
     digestLines: relevant,
     learningsCount
@@ -1164,7 +1153,7 @@ async function handlePromptGuard(runtime) {
   const payloadLower = toLower(payloadText);
   const reasons = [];
 
-  if (/^(write|edit|multiedit|multi_edit|delete|applypatch|runcommand|shell|terminal|execcommand)$/u.test(toolLower)) {
+  if (/^(write|edit|multiedit|multi_edit|delete|applypatch|notebookedit|runcommand|shell|terminal|execcommand)$/u.test(toolLower)) {
     // Artifacts, runs, and knowledge writes are part of normal stage flow.
     // Guard only managed internals that should be mutated via installer/CLI.
     if (/\\.cclaw\\/(state|hooks|skills|commands|agents)/u.test(payloadLower)) {

package/dist/content/observe.js

@@ -1,5 +1,5 @@
 import { RUNTIME_ROOT } from "../constants.js";
-import { HOOK_MANIFEST, groupBindingsByEvent } from "./hook-manifest.js";
+import { groupBindingsByEvent } from "./hook-manifest.js";
 function hookDispatcherCommand(hookName) {
     // Dispatch through the polyglot .cmd wrapper so Windows harnesses can run
     // hooks even when command execution happens under CMD-style shells.
@@ -78,9 +78,7 @@ export function codexHooksJsonWithObservation() {
  * manifest without importing the private generator helpers.
  */
 export function hookManifestSnapshot() {
-    return (HOOK_MANIFEST.length === 0
-        ? ["claude", "cursor", "codex"]
-        : ["claude", "cursor", "codex"]).map((harness) => ({
+    return ["claude", "cursor", "codex"].map((harness) => ({
         harness,
         events: groupBindingsByEvent(harness)
     }));

package/dist/content/opencode-plugin.js

@@ -463,11 +463,10 @@ export default function cclawPlugin(ctx) {
    * \`DEFAULT_STRICTNESS = advisory\`, so the plugin can no longer
    * accidentally be the stricter half of a mismatched pair.
    */
-  function readConfigStrictness() {
+  async function readConfigStrictness() {
     try {
       if (!existsSync(configPath)) return "";
-      const { readFileSync } = require("node:fs");
-      const raw = readFileSync(configPath, "utf8");
+      const raw = await readFileText(configPath);
       if (typeof raw !== "string" || raw.length === 0) return "";
       const match = raw.match(/^\\s*strictness\\s*:\\s*([A-Za-z0-9_-]+)/m);
       return match && typeof match[1] === "string" ? match[1].trim().toLowerCase() : "";
@@ -476,7 +475,7 @@ export default function cclawPlugin(ctx) {
     }
   }
 
-  function resolveStrictness() {
+  async function resolveStrictness() {
     const envRaw = typeof process.env.CCLAW_STRICTNESS === "string"
       ? process.env.CCLAW_STRICTNESS.trim().toLowerCase()
       : "";
@@ -484,7 +483,7 @@ export default function cclawPlugin(ctx) {
     if (envRaw === "advisory" || envRaw === "off" || envRaw === "disabled" || envRaw === "none") {
       return "advisory";
     }
-    const fileRaw = readConfigStrictness();
+    const fileRaw = await readConfigStrictness();
     if (fileRaw === "strict") return "strict";
     return "advisory";
   }
@@ -683,7 +682,7 @@ export default function cclawPlugin(ctx) {
           );
           return;
         }
-        const strictness = resolveStrictness();
+        const strictness = await resolveStrictness();
         if (strictness !== "strict") {
           // Advisory mode (the default) — every guard refusal is a hint,
           // not a hard stop. Users report the "failure" as a log line

package/dist/content/stage-schema.d.ts

@@ -47,7 +47,6 @@ export declare function stageSchema(stage: FlowStage, track?: FlowTrack): StageS
 export declare function orderedStageSchemas(track?: FlowTrack): StageSchema[];
 export declare function stageGateIds(stage: FlowStage, track?: FlowTrack): string[];
 export declare function stageRecommendedGateIds(stage: FlowStage, track?: FlowTrack): string[];
-export declare function nextCclawCommand(stage: FlowStage): string;
 export declare function buildTransitionRules(): TransitionRule[];
 export declare function stagePolicyNeedles(stage: FlowStage, track?: FlowTrack): string[];
 export declare function stageTrackRenderContext(track?: FlowTrack): import("./track-render-context.js").TrackRenderContext;

package/dist/content/stage-schema.js

@@ -258,7 +258,7 @@ const REQUIRED_ARTIFACT_SECTIONS = {
         "Deployment & Rollout",
         "Completion Dashboard"
     ],
-    spec: ["Acceptance Criteria", "Edge Cases", "Assumptions Before Finalization", "Testability Map", "Approval"],
+    spec: ["Acceptance Criteria", "Edge Cases", "Assumptions Before Finalization", "Acceptance Mapping", "Approval"],
     plan: ["Task List", "Dependency Batches", "Acceptance Mapping", "Execution Posture", "WAIT_FOR_CONFIRM"],
     tdd: ["Test Discovery", "System-Wide Impact Check", "RED Evidence", "GREEN Evidence", "REFACTOR Notes", "Traceability", "Verification Ladder"],
     review: ["Layer 1 Verdict", "Review Findings Contract", "Severity Summary", "Final Verdict"],
@@ -577,10 +577,6 @@ export function stageRecommendedGateIds(stage, track = "standard") {
         .filter((gate) => gate.tier === "recommended")
         .map((gate) => gate.id);
 }
-export function nextCclawCommand(stage) {
-    const next = stageSchema(stage).next;
-    return next === "done" ? "none" : `/cc-${next}`;
-}
 export function buildTransitionRules() {
     const rules = [];
     const seen = new Set();

package/dist/content/start-command.js

@@ -92,7 +92,7 @@ ${conversationLanguagePolicyMarkdown()}
 12. Load the **first-stage skill for the chosen track** and its command file:
     - quick → \`.cclaw/skills/specification-authoring/SKILL.md\`
     - medium/standard → \`.cclaw/skills/brainstorming/SKILL.md\`
-    - trivial fast-path → design or spec skill per Phase 0 decision.
+    - trivial fast-path → spec skill per Phase 0 decision.
 13. Execute that stage with the prompt + Phase 1/Phase 2 + seed context as initial input.
 
 ### Reclassification on discovery

package/dist/content/subagent-context-skills.d.ts

@@ -0,0 +1,4 @@
+import type { StageAutoSubagentDispatch } from "./stages/schema-types.js";
+type SubagentContextSkillId = NonNullable<StageAutoSubagentDispatch["skill"]>;
+export declare const SUBAGENT_CONTEXT_SKILLS: Record<SubagentContextSkillId, string>;
+export {};

package/dist/content/subagent-context-skills.js

@@ -0,0 +1,122 @@
+function skillFrontmatter(name, description) {
+    return [
+        "---",
+        `name: ${name}`,
+        `description: ${JSON.stringify(description)}`,
+        "---",
+        ""
+    ].join("\n");
+}
+function tddCycleEvidenceSkill() {
+    return `${skillFrontmatter("tdd-cycle-evidence", "Evidence contract for the mandatory test-author delegation during RED/GREEN/REFACTOR.")}# TDD Cycle Evidence
+
+Use with the \`test-author\` delegation in the \`tdd\` stage.
+
+## Required Output
+
+- RED evidence: failing test command, failing assertion/error, and why it fails for the intended reason.
+- GREEN evidence: implementation summary plus relevant passing command.
+- REFACTOR evidence: changed/unchanged behavior statement plus full-suite or highest available verification command.
+- Trace refs: plan task ID, acceptance criterion ID, and touched test files.
+
+## Guardrails
+
+- No production code before RED evidence exists.
+- If a RED test cannot be expressed, stop and route back to design/spec with the blocker.
+- Record command output summaries, not just "tests passed".
+`;
+}
+function reviewSpecPassSkill() {
+    return `${skillFrontmatter("review-spec-pass", "Spec compliance pass for the mandatory reviewer delegation during review.")}# Review Spec Pass
+
+Use with the \`reviewer\` delegation in the \`review\` stage before broader code-quality findings.
+
+## Required Output
+
+- For each acceptance criterion: PASS / PARTIAL / FAIL.
+- Evidence refs grounded in files, tests, artifacts, or command output.
+- Any mismatch between scope/design/spec/plan and implementation.
+- Explicit list of Critical/Important blockers before ship.
+
+## Guardrails
+
+- Do not trust implementer summaries; verify by reading artifacts/code.
+- Keep spec compliance separate from style suggestions.
+`;
+}
+function securityAuditSkill() {
+    return `${skillFrontmatter("security-audit", "Mandatory security sweep contract for the security-reviewer delegation.")}# Security Audit
+
+Use with the \`security-reviewer\` delegation in the \`review\` stage.
+
+## Required Output
+
+- Trust-boundary map: auth/authz, input validation, secrets, filesystem/network/process access, third-party calls.
+- Findings with severity, exploitability, affected file/path, and concrete mitigation.
+- NO_CHANGE_ATTESTATION when no security-relevant surface moved, with evidence for why.
+
+## Guardrails
+
+- Pattern-scan the diff and touched modules before attesting no change.
+- Security is mandatory in review even for small diffs.
+`;
+}
+function adversarialReviewSkill() {
+    return `${skillFrontmatter("adversarial-review", "Second-opinion reviewer lens for high-risk review scenarios.")}# Adversarial Review
+
+Use only when the review dispatch trigger says risk justifies a second opinion.
+
+## Required Output
+
+- Attack the implementation assumptions, not the author.
+- Look for hidden coupling, rollback gaps, data loss, race conditions, and untested edge cases.
+- Mark each finding as confirmed, disproven, or needs-human-decision.
+
+## Guardrails
+
+- Do not duplicate the mandatory reviewer pass.
+- If no additional risk is found, say so explicitly and cite what was checked.
+`;
+}
+function receivingCodeReviewSkill() {
+    return `${skillFrontmatter("receiving-code-review", "Workflow for triaging external reviewer, bot, or CI feedback during review.")}# Receiving Code Review
+
+Use when external comments, bot findings, or CI annotations appear after the initial review pass.
+
+## Required Output
+
+- Queue every feedback item with source, severity, requested change, and evidence.
+- Disposition: accepted, rejected-with-evidence, accepted-risk, duplicate, or needs-user-decision.
+- Mirror the queue into the review artifact so unresolved feedback cannot disappear.
+
+## Guardrails
+
+- Do not silently dismiss bot/CI feedback.
+- Re-run relevant checks after accepted fixes.
+`;
+}
+function stackAwareReviewSkill() {
+    return `${skillFrontmatter("stack-aware-review", "Language/runtime-specific review lens selected from detected repo signals.")}# Stack-Aware Review
+
+Use after the default reviewer/security-reviewer passes when repo signals identify a relevant stack.
+
+## Required Output
+
+- Detected stack signal and why this lens applies.
+- Stack-specific risks checked: package/build/test config, type/runtime boundaries, framework conventions, and deployment assumptions.
+- Findings with evidence and whether they affect ship readiness.
+
+## Guardrails
+
+- Do not run every stack lens unconditionally.
+- Keep the default general reviewer pass intact; this is additive context, not a replacement.
+`;
+}
+export const SUBAGENT_CONTEXT_SKILLS = {
+    "tdd-cycle-evidence": tddCycleEvidenceSkill(),
+    "review-spec-pass": reviewSpecPassSkill(),
+    "security-audit": securityAuditSkill(),
+    "adversarial-review": adversarialReviewSkill(),
+    "receiving-code-review": receivingCodeReviewSkill(),
+    "stack-aware-review": stackAwareReviewSkill()
+};

package/dist/content/templates.js

@@ -510,7 +510,7 @@ ${SEED_SHELF_SECTION}
 |---|---|---|---|
 |  |  |  | accepted/rejected/open |
 
-## Testability Map
+## Acceptance Mapping
 | Criterion ID | Verification approach | Command/manual steps |
 |---|---|---|
 | AC-1 |  |  |

package/dist/delegation.d.ts

@@ -93,7 +93,6 @@ export declare function checkMandatoryDelegations(projectRoot: string, stage: Fl
     satisfied: boolean;
     missing: string[];
     waived: string[];
-    autoWaived: string[];
     staleIgnored: string[];
     /** Delegation rows missing required evidence under a role-switch fallback. */
     missingEvidence: string[];

package/dist/delegation.js

@@ -268,7 +268,6 @@ export async function checkMandatoryDelegations(projectRoot, stage, options = {}
         .map((e) => `${e.agent}(runId=${e.runId ?? "unknown"})`);
     const missing = [];
     const waived = [];
-    const autoWaived = [];
     const missingEvidence = [];
     const config = await readConfig(projectRoot).catch(() => null);
     const harnesses = config?.harnesses ?? [];
@@ -277,7 +276,7 @@ export async function checkMandatoryDelegations(projectRoot, stage, options = {}
     for (const agent of mandatory) {
         const rows = forRun.filter((e) => e.agent === agent);
         const completedRows = rows.filter((e) => e.status === "completed");
-        const waivedRows = rows.filter((e) => e.status === "waived");
+        const waivedRows = rows.filter((e) => e.status === "waived" && e.mode === "mandatory");
         const hasCompleted = completedRows.length >= 1;
         const hasWaived = waivedRows.length > 0;
         const ok = hasWaived || hasCompleted;
@@ -301,7 +300,6 @@ export async function checkMandatoryDelegations(projectRoot, stage, options = {}
         satisfied: missing.length === 0 && missingEvidence.length === 0,
         missing,
         waived,
-        autoWaived,
         staleIgnored,
         missingEvidence,
         expectedMode

package/dist/doctor.js

@@ -1461,9 +1461,7 @@ export async function doctorChecks(projectRoot, options = {}) {
         name: "warning:delegation:waived",
         ok: true,
         details: delegation.waived.length > 0
-            ? `warning: waived mandatory delegations for stage "${flowState.currentStage}": ${delegation.waived.join(", ")}${delegation.autoWaived.length > 0
-                ? ` (auto-waived due to harness limitation: ${delegation.autoWaived.join(", ")})`
-                : ""}`
+            ? `warning: waived mandatory delegations for stage "${flowState.currentStage}": ${delegation.waived.join(", ")}`
             : "no waived mandatory delegations for current stage"
     });
     checks.push({

package/dist/install.js

@@ -21,6 +21,7 @@ import { REVIEW_PROMPTS } from "./content/review-prompts.js";
 import { stageSkillFolder, stageSkillMarkdown } from "./content/skills.js";
 import { LANGUAGE_RULE_PACK_DIR, LANGUAGE_RULE_PACK_FILES, LANGUAGE_RULE_PACK_GENERATORS, LEGACY_LANGUAGE_RULE_PACK_FOLDERS } from "./content/utility-skills.js";
 import { RESEARCH_PLAYBOOKS } from "./content/research-playbooks.js";
+import { SUBAGENT_CONTEXT_SKILLS } from "./content/subagent-context-skills.js";
 import { createInitialFlowState } from "./flow-state.js";
 import { ensureDir, exists, writeFileSafe } from "./fs-utils.js";
 import { ensureGitignore, removeGitignorePatterns } from "./gitignore.js";
@@ -70,12 +71,9 @@ const DEPRECATED_UTILITY_SKILL_FOLDERS = [
     "source-driven-development",
     "frontend-accessibility",
     "landscape-check",
-    "adversarial-review",
-    "security-audit",
     "knowledge-curation",
     "retrospective",
     "document-review",
-    "receiving-code-review",
     "flow-status",
     "flow-tree",
     "flow-diff"
@@ -387,18 +385,45 @@ async function writeSkills(projectRoot, config) {
     for (const [fileName, markdown] of Object.entries(REVIEW_PROMPTS)) {
         await writeFileSafe(runtimePath(projectRoot, "skills", "review-prompts", fileName), markdown);
     }
+    for (const [folderName, markdown] of Object.entries(SUBAGENT_CONTEXT_SKILLS)) {
+        await writeFileSafe(runtimePath(projectRoot, "skills", folderName, "SKILL.md"), markdown);
+    }
     // Language rule packs live under .cclaw/rules/lang/<pack>.md. They are opt-in:
     // only the packs listed in config.languageRulePacks are materialised. Any
     // legacy per-language skill folders from v0.7.0 (.cclaw/skills/language-*)
     // are cleaned up below so the new rules/lang layout is the only truth.
     const enabledPacks = config?.languageRulePacks ?? [];
+    const enabledPackFileNames = new Set();
     for (const pack of enabledPacks) {
         const fileName = LANGUAGE_RULE_PACK_FILES[pack];
         const generator = LANGUAGE_RULE_PACK_GENERATORS[pack];
         if (!fileName || !generator)
             continue;
+        enabledPackFileNames.add(fileName);
         await writeFileSafe(runtimePath(projectRoot, ...LANGUAGE_RULE_PACK_DIR, fileName), generator());
     }
+    // Strict idempotence: once a pack is removed from config, its generated
+    // file under .cclaw/rules/lang/ must disappear on the next sync. Without
+    // this loop the directory accumulates a superset of every pack ever
+    // enabled, which silently keeps stale guidance alive.
+    const langDir = runtimePath(projectRoot, ...LANGUAGE_RULE_PACK_DIR);
+    if (await exists(langDir)) {
+        const knownPackFileNames = new Set(Object.values(LANGUAGE_RULE_PACK_FILES));
+        let entries = [];
+        try {
+            entries = await fs.readdir(langDir);
+        }
+        catch {
+            entries = [];
+        }
+        for (const entry of entries) {
+            if (!knownPackFileNames.has(entry))
+                continue;
+            if (enabledPackFileNames.has(entry))
+                continue;
+            await fs.rm(path.join(langDir, entry), { force: true });
+        }
+    }
     for (const legacyFolder of LEGACY_LANGUAGE_RULE_PACK_FOLDERS) {
         const legacyPath = runtimePath(projectRoot, "skills", legacyFolder);
         if (await exists(legacyPath)) {

package/dist/run-persistence.js

@@ -1,7 +1,7 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { RUNTIME_ROOT } from "./constants.js";
-import { canTransition, createInitialCloseoutState, createInitialFlowState, FLOW_STATE_SCHEMA_VERSION, isFlowTrack, skippedStagesForTrack, SHIP_SUBSTATES } from "./flow-state.js";
+import { nextStage, createInitialCloseoutState, createInitialFlowState, FLOW_STATE_SCHEMA_VERSION, isFlowTrack, skippedStagesForTrack, SHIP_SUBSTATES } from "./flow-state.js";
 import { ensureDir, exists, withDirectoryLock, writeFileSafe } from "./fs-utils.js";
 import { FLOW_STAGES } from "./types.js";
 export class InvalidStageTransitionError extends Error {
@@ -38,8 +38,11 @@ function validateFlowTransition(prev, next) {
     if (prev.currentStage === next.currentStage) {
         return;
     }
-    if (!canTransition(prev.currentStage, next.currentStage)) {
-        throw new InvalidStageTransitionError(prev.currentStage, next.currentStage, `no transition rule allows "${prev.currentStage}" -> "${next.currentStage}". Use /cc-next to advance stages or archive the run to reset.`);
+    const naturalForward = nextStage(prev.currentStage, prev.track);
+    const isNaturalForward = naturalForward === next.currentStage;
+    const isReviewRewind = prev.currentStage === "review" && next.currentStage === "tdd";
+    if (!isNaturalForward && !isReviewRewind) {
+        throw new InvalidStageTransitionError(prev.currentStage, next.currentStage, `no transition rule allows "${prev.currentStage}" -> "${next.currentStage}" for track "${prev.track}". Use /cc-next to advance stages or archive the run to reset.`);
     }
 }
 function flowStatePath(projectRoot) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cclaw-cli",
-  "version": "0.51.18",
+  "version": "0.51.21",
   "description": "Installer-first flow toolkit for coding agents",
   "type": "module",
   "bin": {