cclaw-cli 0.51.21 → 0.51.22

package/dist/config.d.ts

@@ -1,4 +1,11 @@
 import type { CclawConfig, FlowTrack, HarnessId, LanguageRulePack } from "./types.js";
+export interface ConfigWarningState {
+    emitted: Set<string>;
+}
+export interface ReadConfigOptions {
+    warningState?: ConfigWarningState;
+}
+export declare function createConfigWarningState(): ConfigWarningState;
 export declare class InvalidConfigError extends Error {
     constructor(message: string);
 }
@@ -34,7 +41,7 @@ export declare function createDefaultConfig(harnesses?: HarnessId[], defaultTrac
  * never surprise a user who intentionally cleared the list.
  */
 export declare function detectLanguageRulePacks(projectRoot: string): Promise<LanguageRulePack[]>;
-export declare function readConfig(projectRoot: string): Promise<CclawConfig>;
+export declare function readConfig(projectRoot: string, options?: ReadConfigOptions): Promise<CclawConfig>;
 /**
  * Fields that live on the populated runtime `CclawConfig` but are considered
  * "advanced" — we keep them in the in-memory object so downstream callers

package/dist/config.js

@@ -56,13 +56,15 @@ const MINIMAL_CONFIG_KEYS = [
 ];
 const DEFAULT_SLICE_REVIEW_THRESHOLD = 5;
 const DEFAULT_SLICE_REVIEW_TRACKS = ["standard"];
-const emittedConfigWarnings = new Set();
-function emitConfigWarningOnce(code, message) {
+export function createConfigWarningState() {
+    return { emitted: new Set() };
+}
+function emitConfigWarningOnce(warningState, code, message) {
     const key = `${code}:${message}`;
-    if (emittedConfigWarnings.has(key)) {
+    if (warningState.emitted.has(key)) {
         return;
     }
-    emittedConfigWarnings.add(key);
+    warningState.emitted.add(key);
     process.emitWarning(message, { code });
 }
 function sameStringArray(a, b) {
@@ -196,7 +198,8 @@ export async function detectLanguageRulePacks(projectRoot) {
     }
     return [...new Set(detected)];
 }
-export async function readConfig(projectRoot) {
+export async function readConfig(projectRoot, options = {}) {
+    const warningState = options.warningState ?? createConfigWarningState();
     const fullPath = configPath(projectRoot);
     if (!(await exists(fullPath))) {
         return createDefaultConfig();
@@ -269,7 +272,7 @@ export async function readConfig(projectRoot) {
     if (tddTestGlobsRaw !== undefined &&
         explicitTddTestPathPatterns !== undefined &&
         !sameStringArray(tddTestGlobs, explicitTddTestPathPatterns)) {
-        emitConfigWarningOnce("CCLAW_CONFIG_DEPRECATED_TDD_TEST_GLOBS", `[cclaw] Both "tddTestGlobs" (deprecated) and "tdd.testPathPatterns" are set in ${fullPath}. ` +
+        emitConfigWarningOnce(warningState, "CCLAW_CONFIG_DEPRECATED_TDD_TEST_GLOBS", `[cclaw] Both "tddTestGlobs" (deprecated) and "tdd.testPathPatterns" are set in ${fullPath}. ` +
             `Using "tdd.testPathPatterns".`);
     }
     const resolvedTddTestPathPatterns = [

package/dist/content/hook-manifest.d.ts

@@ -45,14 +45,12 @@ export interface HookHandlerSpec {
     description: string;
     /**
      * Semantic event id used by `HOOK_EVENTS_BY_HARNESS` / docs.
-     * `null` means this handler contributes no semantic coverage row
-     * (e.g. `verify-current-state` on codex is a supplementary guard,
-     * not a top-level semantic event).
+     * `null` means this handler contributes no semantic coverage row.
      */
     semantic: HookSemanticEvent | null;
     bindings: Partial<Record<HookManifestHarness, HookBinding[]>>;
 }
-export declare const HOOK_SEMANTIC_EVENTS: readonly ["session_rehydrate", "pre_tool_prompt_guard", "pre_tool_workflow_guard", "post_tool_context_monitor", "stop_handoff", "precompact_compat"];
+export declare const HOOK_SEMANTIC_EVENTS: readonly ["session_rehydrate", "pre_tool_prompt_guard", "pre_tool_workflow_guard", "post_tool_context_monitor", "stop_handoff", "precompact_compat", "strict_state_verify"];
 export type HookSemanticEvent = (typeof HOOK_SEMANTIC_EVENTS)[number];
 export declare const HOOK_MANIFEST: readonly HookHandlerSpec[];
 export interface EventGroup {

package/dist/content/hook-manifest.js

@@ -35,7 +35,8 @@ export const HOOK_SEMANTIC_EVENTS = [
     "pre_tool_workflow_guard",
     "post_tool_context_monitor",
     "stop_handoff",
-    "precompact_compat"
+    "precompact_compat",
+    "strict_state_verify"
 ];
 export const HOOK_MANIFEST = [
     {
@@ -112,8 +113,8 @@ export const HOOK_MANIFEST = [
     },
     {
         handler: "verify-current-state",
-        description: "Supplementary codex guard that runs on UserPromptSubmit to assert the live state matches the flow.",
-        semantic: null,
+        description: "Supplementary Codex strict-mode guard that runs on UserPromptSubmit to assert the live state matches the flow.",
+        semantic: "strict_state_verify",
         bindings: {
             codex: [{ event: "UserPromptSubmit" }]
         }

package/dist/content/meta-skill.js

@@ -14,7 +14,7 @@ description: "Routing brain for cclaw. Decide whether to start/resume a stage, a
 1. User message in current turn.
 2. Active stage skill and command contract.
 3. This routing file.
-4. Contextual utility skills.
+4. Generated cclaw helper skills, research playbooks, and enabled rule packs.
 5. Default model behavior.
 
 If the user explicitly overrides a stage rule, record it in the artifact.
@@ -25,9 +25,7 @@ ${conversationLanguagePolicyMarkdown()}
 If \`.cclaw/state/flow-state.json\` exists and \`currentStage\` is set,
 load the matching stage SKILL before producing **substantive** work
 (artifact edits, code, structured clarifying questions). Do not improvise
-from memory. Also load a contextual utility skill when the task clearly
-triggers it (security, performance, debugging, docs, finishing-a-branch,
-verification-before-completion).
+from memory. Load only generated helper surfaces that actually exist in this install: \`subagent-dev\`, \`parallel-dispatch\`, \`session\`, \`iron-laws\`, research playbooks, review prompts, or enabled language rule packs under \`.cclaw/rules/lang/\`. Do not invent helper-skill names beyond those generated surfaces.
 
 Substantive vs. non-substantive:
 
@@ -70,7 +68,7 @@ Task arrives
 | Class | Route |
 |---|---|
 | non-trivial software work | \`/cc <idea>\` |
-| trivial software fix | \`/cc <idea>\` (quick/medium track as recommended) |
+| trivial software fix | \`/cc <idea>\` (quick track) |
 | bugfix with clear repro | \`/cc <idea>\` and enforce RED-first in tdd |
 | pure question / conversation | answer directly |
 | non-software work | answer directly |
@@ -115,10 +113,10 @@ Use the current stage skill plus \`.cclaw/state/flow-state.json\` for orientatio
 
 Use built-in judgment only when triggered by the current task:
 
-- security, performance, debugging, docs, and CI/CD review lenses
-- verification discipline before completion claims
-- branch-finishing discipline during ship/finalization
-- iron-laws as policy arbitration when instructions conflict
+- generated subagent context skills for mandatory review/delegation contracts
+- research playbooks and review prompts when a stage explicitly calls for them
+- inline verification and ship/finalization sections in the active stage skill
+- \`iron-laws\` as policy arbitration when instructions conflict
 - language rule packs from \`.cclaw/config.yaml\` when enabled
 
 ## Protocol Behavior

package/dist/content/next-command.js

@@ -112,7 +112,7 @@ ${ralphLoopContractSnippet()}
 - If \`track === "quick"\`, the critical path is **spec → tdd → review → ship**. When advancing, skip any stage listed in \`skippedStages\` — i.e. after the current stage completes, pick the next stage that is NOT in \`skippedStages\`.
 - If \`track === "medium"\`, the critical path is **brainstorm → spec → plan → tdd → review → ship**. Scope and design are intentionally skipped unless the run is reclassified to standard.
 - If \`track === "standard"\`, advance through all 8 stages in their natural order.
-- Never reintroduce a skipped stage mid-run. If the user wants upstream scoping work, they must archive the run and start a new one with \`track: "standard"\`.
+- Never manually reintroduce a skipped stage mid-run. If evidence shows the track was wrong, stop and use the managed start-flow helper with \`--reclassify\`; only that managed reclassification may add upstream stages back into the active track.
 
 ## Resume Semantics
 
@@ -130,7 +130,7 @@ When orchestrated by another skill/subagent, emit exactly one JSON envelope and
 no narrative text:
 
 \`\`\`json
-{"version":"1","kind":"gate-result","stage":"review","payload":{"command":"/cc-next","decision":"resume_or_advance","nextStage":"ship"},"emittedAt":"<ISO-8601>"}
+{"version":"1","kind":"gate-result","stage":"<currentStage>","payload":{"command":"/cc-next","decision":"resume_or_advance","nextStage":"<nextStage>"},"emittedAt":"<ISO-8601>"}
 \`\`\`
 
 Validate envelopes with:

package/dist/content/node-hooks.js

@@ -1117,12 +1117,21 @@ async function handleStopHandoff(runtime) {
     return 1;
   }
 
+  const closeoutObj = toObject(state.raw.closeout) || {};
+  const shipSubstate = typeof closeoutObj.shipSubstate === "string" ? closeoutObj.shipSubstate : "idle";
+  const closeoutContext =
+    state.currentStage === "ship" || shipSubstate !== "idle"
+      ? " closeout.shipSubstate=" + shipSubstate + "; closeout chain=retro -> compound -> archive; continue closeout with /cc-next."
+      : "";
+
   const message =
     "Cclaw: session ending (stage=" +
     state.currentStage +
     ", run=" +
     state.activeRunId +
-    "). Active artifacts stay in " +
+    ")." +
+    closeoutContext +
+    " Active artifacts stay in " +
     RUNTIME_ROOT +
     "/artifacts until archive. Before stopping: (1) confirm flow-state reflects reality, (2) ensure artifact changes match current intent, (3) if you discovered a non-obvious rule/pattern during stage work, add it to the current artifact ## Learnings section so stage-complete can harvest it, (4) commit or revert pending changes.";
 
@@ -1650,9 +1659,10 @@ async function handleVerifyCurrentState(runtime) {
 function normalizeHookName(rawName) {
   const value = normalizeText(rawName).toLowerCase();
   if (value === "session-start") return "session-start";
-  if (value === "stop-handoff") return "stop-handoff";
+  if (value === "stop-handoff" || value === "stop") return "stop-handoff";
   if (value === "stop-checkpoint") return "stop-handoff";
-  if (value === "pre-compact") return "pre-compact";
+  if (value === "pre-compact" || value === "precompact") return "pre-compact";
+  if (value === "session-rehydrate") return "session-start";
   if (value === "prompt-guard") return "prompt-guard";
   if (value === "workflow-guard") return "workflow-guard";
   if (value === "context-monitor") return "context-monitor";

package/dist/content/review-loop.js

@@ -456,6 +456,9 @@ export function buildReviewLoopEnvelope(args) {
 function formatScore(value) {
     return clampScore(value).toFixed(3);
 }
+function reviewLoopHeading(stage) {
+    return stage === "scope" ? "Scope Outside Voice Loop" : "Design Outside Voice Loop";
+}
 function finalEnvelopeScore(envelope) {
     if (envelope.iterations.length === 0)
         return 0;
@@ -486,7 +489,8 @@ export function renderReviewLoopSummarySection(envelope) {
         })
             .join("\n")
         : "| 0 | 0.000 | 0 |";
-    return `## Spec Review Loop
+    const heading = reviewLoopHeading(envelope.stage);
+    return `## ${heading}
 | Iteration | Quality Score | Findings |
 |---|---|---|
 ${rows}
@@ -498,9 +502,14 @@ ${rows}
 export function upsertReviewLoopSummary(markdown, envelope) {
     const withHeader = upsertReviewLoopHeader(markdown, envelope);
     const section = renderReviewLoopSummarySection(envelope);
-    const headingRe = /^##\s+Spec Review Loop\s*$/m;
-    const match = headingRe.exec(withHeader);
-    if (!match || match.index < 0) {
+    const headingCandidates = [reviewLoopHeading(envelope.stage), "Spec Review Loop"];
+    const match = headingCandidates
+        .map((heading) => {
+        const escapedHeading = heading.replace(/[.*+?^${}()|[\]\\]/gu, "\\$&");
+        return new RegExp(`^##\\s+${escapedHeading}\\s*$`, "m").exec(withHeader);
+    })
+        .find((candidate) => candidate !== null && candidate.index >= 0);
+    if (!match) {
         const needsBreak = withHeader.endsWith("\n") ? "" : "\n";
         return `${withHeader}${needsBreak}\n${section}\n`;
     }
@@ -613,7 +622,8 @@ function parseHeaderMeta(markdown) {
     };
 }
 export function extractReviewLoopEnvelopeFromArtifact(markdown, stage, artifactPath) {
-    const sectionBody = extractH2Section(markdown, "Spec Review Loop");
+    const sectionBody = extractH2Section(markdown, reviewLoopHeading(stage))
+        ?? extractH2Section(markdown, "Spec Review Loop");
     if (!sectionBody)
         return null;
     const iterations = parseIterationsTable(sectionBody);

package/dist/content/review-prompts.js

@@ -57,7 +57,7 @@ value. Do not nitpick wording.
 
 ## Output
 
-Record in \`## Outside Voice Findings\` or \`## Spec Review Loop\`:
+Record in \`## Outside Voice Findings\` or the stage-specific outside voice loop section:
 
 \`\`\`markdown
 | ID | Dimension | Finding | Disposition | Rationale |

package/dist/content/skills.js

@@ -168,7 +168,7 @@ Apply concise turn announces: one announce per batch boundary (or when risk/plan
 changes materially), then execute tasks without repetitive boilerplate.
 
 Detailed walkthrough:
-Use the current plan artifact for batch order and keep RED -> GREEN -> REFACTOR evidence in the TDD artifact.
+Use the active track's upstream artifact for ordering: plan slices on standard/medium, or spec acceptance items / bug reproduction slices on quick. Keep RED -> GREEN -> REFACTOR evidence in the TDD artifact.
 `;
 }
 function crossStageTraceBlock(trace) {
@@ -386,6 +386,7 @@ ${philosophy.purpose}
 
 ## Complexity Tier
 - Active tier: \`${schema.complexityTier}\`
+- Scale-to-complexity rule: execute required gates and artifact sections, but keep optional/deep sections compact unless risk, novelty, or configuration triggers them. Do not mechanically expand lightweight work into a strategy workshop.
 - Mandatory delegations at this tier: ${mandatoryDelegationSummary}
 - Track render context: \`${trackContext.track}\` (${trackContext.usesPlanTerminology ? "plan-first wording" : "acceptance-first wording"})
 
@@ -452,7 +453,7 @@ ${reviewLens.outputs.map((item) => `- ${item}`).join("\n")}
 ${reviewSectionsBlock(reviewLens.reviewSections)}
 
 ## Shared Stage Guidance
-- Follow the handoff menu: advance, revise, pause, rewind, or archive only when the user explicitly chooses it.
+- At STOP/closeout points, offer the shared handoff choices only when a user decision is needed.
 - Carry upstream decisions forward explicitly; record drift instead of silently changing direction.
 - Before closeout, fill \`## Learnings\` with \`- None this stage.\` or 1-3 strict JSON bullets.
 - Keep decisions explicit: context, options, chosen option, rationale, risk, and rollback.

package/dist/content/stage-schema.js

@@ -227,6 +227,7 @@ const REQUIRED_GATE_IDS = {
     review: (track) => [
         "review_layer1_spec_compliance",
         "review_layer2_security",
+        "review_layer_coverage_complete",
         "review_criticals_resolved",
         "review_army_json_valid",
         ...(track === "quick" ? [] : ["review_trace_matrix_clean"])

package/dist/content/stages/brainstorm.js

@@ -40,10 +40,10 @@ export const BRAINSTORM = {
             "**Classify depth and scope** — pick Lightweight / Standard / Deep; decompose independent subsystems before deeper work.",
             "**Premise check (one pass)** — answer the three gstack-style questions in the artifact body: *Right problem? Direct path? What if we do nothing?* Take a position; do not hedge.",
             "**Reframe with How Might We** — write a single `How Might We …?` line that names the user, the desired outcome, and the constraint. This is the altitude check before approaches.",
-            "**Sharpening questions (3-5)** — capture decision-changing question/answer pairs in the `Sharpening Questions` table with the actual decision impact; if a question would not change architecture/scope/UX, state the assumption and skip it.",
+            "**Sharpening questions (3-5)** — capture decision-changing question/answer pairs in the `Sharpening Questions` table with the actual decision impact; only non-critical preference/default assumptions may continue. STOP and ask on scope, architecture, security, data loss, public API, migration, auth/pricing, or user-approval uncertainty.",
             "**Use compact discovery for simple apps** — for concrete low-risk asks (todo app, landing page, local widget), do one context pass, compare one baseline and one challenger, then ask for one explicit approval; do not drag the user through a full workshop.",
             "**Short-circuit concrete asks** — for unambiguous implementation-only requests, write a compact brainstorm stub (context, problem, approved intent, constraints, assumptions) and ask for one explicit approval.",
-            "**Ask only decision-changing questions** — one at a time; if answers would not change approach, state the assumption and continue.",
+            "**Ask only decision-changing questions** — one at a time; if answers would not change approach and are non-critical preference/default assumptions, state the assumption and continue; STOP on scope, architecture, security, data loss, public API, migration, auth/pricing, or user approval uncertainty.",
             "**Compare 2-3 distinct approaches with stable Role/Upside columns** — Role values are `baseline` | `challenger` | `wild-card`; Upside is `low` | `modest` | `high` | `higher`; include real trade-offs and reuse notes; include exactly one challenger with explicit `high` or `higher` upside.",
             "**Collect reaction before recommending** — ask which option feels closest and what concern remains, then recommend based on that reaction.",
             "**Write the `Not Doing` list** — name 3-5 things this brainstorm explicitly is not committing to (vs. deferred). This protects scope from silent enlargement and the next stage from rework.",
@@ -55,7 +55,7 @@ export const BRAINSTORM = {
             "Start from observed project context; if the idea is vague, first narrow the project type with **one** structured question, then keep going.",
             "Lead with the premise check (right problem / direct path / what if nothing) and the `How Might We` reframing before approaches; both go in the artifact, not just the chat.",
             "Ask at most one question per turn, only when decision-changing; if using a structured question tool, send exactly one question object, not a multi-question form.",
-            "If likely answers do not change architecture or scope boundaries, choose the default and state the assumption inline.",
+            "Only non-critical preference/default assumptions may continue inline. STOP and ask when uncertainty affects scope, architecture, security, data loss, public API, migration, auth/pricing, or user approval.",
             "For simple greenfield web apps, present a compact A/B choice with one recommended path and one higher-upside challenger; keep the artifact concise but structurally complete (Context, Premise, How Might We, Sharpening Questions, Approaches, Reaction, Selected Direction, Not Doing).",
             "Show approaches before the recommendation; include a higher-upside challenger and gather reaction first.",
             "Self-review before approval: re-read the artifact, fix contradictions/placeholders/weak trade-offs, then ask for approval. Do not ask for approval on a draft you have not re-read.",

package/dist/content/stages/design.js

@@ -6,7 +6,7 @@ import { decisionProtocolInstruction } from "../decision-protocol.js";
 export const DESIGN = {
     schemaShape: "v2",
     stage: "design",
-    complexityTier: "deep",
+    complexityTier: "standard",
     skillFolder: "engineering-design-lock",
     skillName: "engineering-design-lock",
     skillDescription: "Engineering lock-in stage. Build a concrete technical spine before spec and planning, with section-by-section interactive review.",
@@ -42,7 +42,7 @@ export const DESIGN = {
         checklist: [
             "Compact design lock — for simple greenfield/product slices, produce a tight but complete design spine: codebase investigation, architecture boundary, one labeled diagram, data flow, failure/rescue table, test/perf expectations, and handoff. Do not run a sprawling workshop when a strong engineering lock fits on one page.",
             "Trivial-Change Escape Hatch — for <=3 files, no new interfaces, and no cross-module data flow, produce a mini-design (rationale, changed files, one risk) and proceed to spec.",
-            "Tiered Research Fleet — run `research/research-fleet.md` before lock; record `.cclaw/artifacts/02a-research.md` and summarize concrete decisions in `## Research Fleet Synthesis`.",
+            "Tiered Research — for simple/medium work, do compact inline codebase/research synthesis in `Research Fleet Synthesis`; write `.cclaw/artifacts/02a-research.md` and run the full fleet only for deep/high-risk work or when external framework/architecture uncertainty exists.",
             "Design Doc Check — read upstream artifacts and current design docs; latest superseding doc wins.",
             "Investigator pass — before design decisions, read blast-radius code and record touched files, responsibilities, reuse candidates, and existing patterns.",
             "Scope Challenge + Search Before Building — find existing solutions, minimum change set, and complexity smells before custom architecture.",
@@ -59,14 +59,14 @@ export const DESIGN = {
             "If a section has no issues, say 'No issues found' and move on.",
             "Do not skip failure-mode mapping; use Method/Exception/Rescue/UserSees and treat silent user impact without rescue as critical.",
             "Take a firm position, push back on weak framing, and call out suboptimal architecture with concrete alternatives.",
-            "Classify ambiguity before acting: ask, enumerate-and-pick, or propose a hypothesis with validation path.",
+            "Classify ambiguity before acting. Only non-critical preference/default assumptions may continue; STOP on uncertainty about scope, architecture, security, data loss, public API, migration, auth/pricing, or required user approval. Design hypotheses must name validation path, rollback trigger, and owner before they can be carried forward.",
             "Before final approval, run the critic pass, reconcile material findings, and bound retries with the review-loop policy.",
             "For baseline approval, present the full design plus exact spec handoff and **STOP** until explicit approval.",
             "**STOP BEFORE ADVANCE.** Mandatory delegation `planner` must be completed or explicitly waived, then close via `node .cclaw/hooks/stage-complete.mjs design`."
         ],
         process: [
             "Read upstream artifacts and current design docs.",
-            "Run tiered research fleet and write `.cclaw/artifacts/02a-research.md` before architecture lock.",
+            "Run compact research by default; write `.cclaw/artifacts/02a-research.md` only when deep/high-risk uncertainty requires a separate research artifact.",
             "Run investigator pass plus scope challenge/search-before-building.",
             "Walk review sections interactively and lock boundaries, data flow, state transitions, edge cases, and failure modes.",
             "Cover security, observability, deployment, tests, and performance for Standard+ changes.",
@@ -76,17 +76,17 @@ export const DESIGN = {
             "Write design lock artifact for downstream spec/plan."
         ],
         requiredGates: [
-            { id: "design_research_complete", description: "Parallel research artifact is complete and synthesized into design decisions." },
+            { id: "design_research_complete", description: "Research is complete: compact inline synthesis by default, or a separate research artifact for deep/high-risk work, and findings are mapped to design decisions." },
             { id: "design_architecture_locked", description: "Architecture boundaries are explicit and approved." },
             { id: "design_data_flow_mapped", description: "Data/state flow includes edge-case paths." },
             { id: "design_failure_modes_mapped", description: "Failure modes and mitigations are documented." },
             { id: "design_test_and_perf_defined", description: "Test strategy and performance budget are defined." }
         ],
         requiredEvidence: [
-            "Research artifact written to `.cclaw/artifacts/02a-research.md` with stack/features/architecture/pitfalls sections plus synthesis.",
+            "Research Fleet Synthesis is filled in `03-design.md`; for deep/high-risk work, `.cclaw/artifacts/02a-research.md` is also written with stack/features/architecture/pitfalls sections plus synthesis.",
             "Artifact written to `.cclaw/artifacts/03-design-<slug>.md`.",
             "Failure-mode table exists in Method/Exception/Rescue/UserSees format.",
-            "Tier-required diagram markers are present: architecture (all tiers), +shadow/error (Standard+), +state-machine/rollback/deployment-sequence (Deep).",
+            "Tier-required diagram markers are present: architecture (all tiers). Standard/Deep add-ons (shadow/error) and Deep add-ons (state-machine/rollback/deployment-sequence) are included only when risk warrants them.",
             "When `.cclaw/config.yaml::optInAudits.staleDiagramAudit` is true, stale diagram audit finding is clear (no blast-radius file newer than diagram markers without explicit update).",
             "Security & threat model findings are documented with mitigations.",
             "Observability and deployment plans are explicit for critical flows.",
@@ -101,7 +101,7 @@ export const DESIGN = {
         ],
         inputs: ["scope agreement artifact", "system constraints", "non-functional requirements"],
         requiredContext: [
-            "parallel research synthesis from `.cclaw/artifacts/02a-research.md`",
+            "compact inline Research Fleet Synthesis, plus `.cclaw/artifacts/02a-research.md` only when deep/high-risk research was needed",
             "existing architecture and boundaries",
             "operational constraints",
             "security and reliability expectations"
@@ -143,16 +143,16 @@ export const DESIGN = {
         },
         artifactValidation: [
             { section: "Upstream Handoff", required: false, validationRule: "Summarizes scope/research decisions, constraints, open questions, and explicit drift before design choices." },
-            { section: "Research Fleet Synthesis", required: true, validationRule: "Must summarize the tiered lenses actually run (Lightweight=pitfalls, Standard=architecture+pitfalls, Deep=all four) and map findings to concrete design decisions." },
+            { section: "Research Fleet Synthesis", required: true, validationRule: "Must summarize the tiered lenses actually run and map findings to concrete design decisions. Default may be compact inline synthesis; full separate research pack is Deep/high-risk only." },
             { section: "Codebase Investigation", required: false, validationRule: "Investigator pass: list blast-radius files with current responsibilities, discovered patterns, and reuse candidates." },
             { section: "Search Before Building", required: false, validationRule: "For each technical choice: Layer 1 (exact match), Layer 2 (partial match), Layer 3 (inspiration), EUREKA labels with reuse-first default." },
             { section: "Architecture Boundaries", required: true, validationRule: "Must list component boundaries with ownership." },
             { section: "Architecture Diagram", required: true, validationRule: "Must include `<!-- diagram: architecture -->` marker. Diagram must label concrete nodes, label arrows, mark direction, distinguish sync/async edges, and include at least one failure/degraded edge." },
-            { section: "Data-Flow Shadow Paths", required: false, validationRule: "Standard/Deep: include `<!-- diagram: data-flow-shadow-paths -->` marker plus a table for high-risk choices: chosen path, shadow alternative, switch trigger, fallback/degrade behavior, and verification evidence." },
-            { section: "Error Flow Diagram", required: false, validationRule: "Standard/Deep: include `<!-- diagram: error-flow -->` marker and failure-detection -> rescue -> user-visible outcome flow." },
-            { section: "State Machine Diagram", required: false, validationRule: "Deep: include `<!-- diagram: state-machine -->` marker and state transitions for critical flow lifecycle." },
-            { section: "Rollback Flowchart", required: false, validationRule: "Deep: include `<!-- diagram: rollback-flowchart -->` marker with trigger -> rollback actions -> verification." },
-            { section: "Deployment Sequence Diagram", required: false, validationRule: "Deep: include `<!-- diagram: deployment-sequence -->` marker with rollout order and guard checks." },
+            { section: "Data-Flow Shadow Paths", required: false, validationRule: "Standard/Deep add-on: include `<!-- diagram: data-flow-shadow-paths -->` marker plus a table for high-risk choices: chosen path, shadow alternative, switch trigger, fallback/degrade behavior, and verification evidence." },
+            { section: "Error Flow Diagram", required: false, validationRule: "Standard/Deep add-on: include `<!-- diagram: error-flow -->` marker and failure-detection -> rescue -> user-visible outcome flow." },
+            { section: "State Machine Diagram", required: false, validationRule: "Deep add-on: include `<!-- diagram: state-machine -->` marker and state transitions for critical flow lifecycle." },
+            { section: "Rollback Flowchart", required: false, validationRule: "Deep add-on: include `<!-- diagram: rollback-flowchart -->` marker with trigger -> rollback actions -> verification." },
+            { section: "Deployment Sequence Diagram", required: false, validationRule: "Deep add-on: include `<!-- diagram: deployment-sequence -->` marker with rollout order and guard checks." },
             { section: "Data Flow", required: false, validationRule: "Must include happy path, nil input, empty input, upstream error paths, plus Interaction Edge Case matrix rows for: double-click, nav-away-mid-request, 10K-result dataset, background-job abandonment, zombie connection. Each row must declare handled yes/no and deferred item when not handled." },
             { section: "Stale Diagram Audit", required: false, validationRule: "When `.cclaw/config.yaml::optInAudits.staleDiagramAudit` is true: blast-radius files from Codebase Investigation must not be newer than the current design diagram-marker baseline unless explicitly refreshed." },
             { section: "Failure Mode Table", required: true, validationRule: "Use Method/Exception/Rescue/UserSees columns and treat silent user impact without rescue as critical." },
@@ -163,10 +163,11 @@ export const DESIGN = {
             { section: "Deployment & Rollout", required: true, validationRule: "Must define migration/flag strategy, rollback plan, and post-deploy verification steps." },
             { section: "What Already Exists", required: false, validationRule: "For each sub-problem: existing code/library found (Layer 1-3/EUREKA label), reuse decision, and adaptation needed." },
             { section: "Outside Voice Findings", required: false, validationRule: "Critic pass: list adversarial findings and disposition (accept/reject/defer) with rationale per material finding." },
-            { section: "Spec Review Loop", required: false, validationRule: `Record iteration table with quality score per iteration, stop reason, and unresolved concerns. Enforce ${reviewLoopPolicySummary("design")}` },
+            { section: "Design Outside Voice Loop", required: false, validationRule: `Record iteration table with quality score per iteration, stop reason, and unresolved concerns. Enforce ${reviewLoopPolicySummary("design")}` },
             { section: "NOT in scope", required: false, validationRule: "Work considered and explicitly deferred with one-line rationale." },
-            { section: "Parallelization Strategy", required: false, validationRule: "If multi-module: dependency table, parallel lanes, conflict flags." },
-            { section: "Unresolved Decisions", required: false, validationRule: "If any: what info is missing, who provides it, default if unanswered." },
+            { section: "Parallelization Strategy", required: false, validationRule: "Standard/Deep add-on when multi-module: dependency table, parallel lanes, conflict flags." },
+            { section: "Interface Contracts", required: false, validationRule: "Standard/Deep add-on when module boundaries or APIs change: producers, consumers, and payload/interface expectations." },
+            { section: "Unresolved Decisions", required: false, validationRule: "Standard/Deep add-on if any: what info is missing, who provides it, default if unanswered." },
             { section: "Completion Dashboard", required: true, validationRule: "Lists every review section with status (clear / issues-found-resolved / issues-open), critical/open gap counts, decision count, and unresolved items (or 'None')." }
         ],
         trivialOverrideSections: ["Architecture Boundaries", "NOT in scope", "Completion Dashboard"]

package/dist/content/stages/plan.js

@@ -49,7 +49,7 @@ export const PLAN = {
             "Map scope Locked Decisions — every LD#hash anchor from scope is referenced by at least one plan task (or explicitly marked deferred with reason).",
             "Run anti-placeholder + anti-scope-reduction scans — block `TODO/TBD/...` and phrasing like `v1`, `for now`, `later` for locked boundaries.",
             "Define validation points — mark where progress must be checked before continuing, with concrete command and expected evidence.",
-            "Define execution posture — record whether execution should be sequential, dependency-batched, parallel-safe, or blocked; include risk triggers and RED/GREEN/REFACTOR checkpoint/commit expectations when the repo workflow supports them.",
+            "Define execution posture — record whether execution should be sequential, dependency-batched, parallel-safe, or blocked; include risk triggers and RED/GREEN/REFACTOR checkpoint/commit expectations when the repo workflow supports them. This fulfills the `plan_execution_posture_recorded` gate.",
             "WAIT_FOR_CONFIRM — write plan artifact and explicitly pause. **STOP.** Do NOT proceed until user confirms. Then close the stage with `node .cclaw/hooks/stage-complete.mjs plan` and tell user to run `/cc-next`."
         ],
         interactionProtocol: [
@@ -75,6 +75,7 @@ export const PLAN = {
             { id: "plan_tasks_sliced_2_5_min", description: "Tasks are small, executable slices." },
             { id: "plan_dependency_batches_defined", description: "Tasks are grouped into executable batches with gate checks and execution posture." },
             { id: "plan_acceptance_mapped", description: "Each task maps to a spec acceptance criterion." },
+            { id: "plan_execution_posture_recorded", description: "Execution posture is recorded before implementation handoff." },
             { id: "plan_wait_for_confirm", description: "Execution blocked until explicit user confirmation." }
         ],
         requiredEvidence: [

package/dist/content/stages/review.js

@@ -35,8 +35,8 @@ export const REVIEW = {
             "Diff Scope — Run `git diff` against base branch. If no diff, exit early with APPROVED (no changes to review). Scope the review to changed files unless blast-radius analysis requires wider inspection.",
             "Change-Size Check — ~100 lines = normal. ~300 lines = consider splitting. ~1000+ lines = strongly recommend stacked PRs. Flag large diffs to the user.",
             "Risk-Based Second Opinion — compute changed-line count, files-touched count, and trust-boundary movement. Dispatch an adversarial reviewer only when trust boundaries changed, Critical/Important ambiguity remains, or the diff is both large and high-risk; otherwise record `not triggered`.",
-            "Load upstream evidence — read TDD artifact (RED + GREEN + REFACTOR), spec, and plan. Verify evidence chain is unbroken.",
-            "Run traceability matrix — execute `cclaw internal trace-matrix` (or equivalent helper) and confirm there are no orphaned criteria/tasks/tests before declaring ship readiness.",
+            "Load upstream evidence — read TDD artifact (RED + GREEN + REFACTOR), spec, and plan when present. On quick track, use spec acceptance items / bug reproduction slices instead of nonexistent plan artifacts.",
+            "Run traceability matrix when plan artifacts exist or the active track enforces it; on quick, confirm spec acceptance/reproduction slices are covered without requiring plan-task coverage.",
             "Layer 1: Spec Compliance — check every acceptance criterion against implementation. Verdict: pass/fail per criterion.",
             "Layer 2: Integrated findings — one structured pass tagged by category: correctness, security, performance, architecture, external-safety.",
             "Security sweep — mandatory dedicated security-reviewer pass across diff + touched modules. A zero-finding pass must include `NO_CHANGE_ATTESTATION` with rationale.",
@@ -45,14 +45,14 @@ export const REVIEW = {
             "Meta-Review — Were tests actually run? Do test names match what they test? Are there real assertions?",
             "Classify findings — Critical (blocks ship), Important (should fix), Suggestion (optional improvement).",
             "Produce verdict — APPROVED, APPROVED_WITH_CONCERNS, or BLOCKED.",
-            "If verdict is BLOCKED, emit remediation route token `ROUTE_BACK_TO_TDD` and include `cclaw internal rewind tdd \"review_blocked_by_critical\"` with the blocking finding IDs."
+            "If verdict is BLOCKED, emit remediation route token `ROUTE_BACK_TO_TDD`, include `cclaw internal rewind tdd \"review_blocked_by_critical\"` with the blocking finding IDs, and satisfy the special transition guard `review_verdict_blocked` instead of `review_criticals_resolved`."
         ],
         interactionProtocol: [
             "Run Layer 1 (spec compliance) completely before starting Layer 2.",
             "In each review section, present findings ONE AT A TIME. Do NOT batch.",
             "Classify every finding as Critical, Important, or Suggestion.",
             decisionProtocolInstruction("each Critical finding", "present resolution options (A/B/C) with trade-offs, and mark one as (recommended)", "recommend the option that fully closes the finding with no carry-over risk and the smallest blast radius", STRUCTURED_ASK_TOOL_LIST_REVIEW),
-            "Resolve all critical blockers before ship.",
+            "Resolve all critical blockers before ship. If verdict is BLOCKED, do not pass `review_criticals_resolved`; pass only the remediation route gate `review_verdict_blocked` when routing back to TDD.",
             "When verdict is BLOCKED, do not end with a passive stop: explicitly route remediation to TDD via `ROUTE_BACK_TO_TDD` and point to `cclaw internal rewind tdd` with the blocking IDs.",
             structuredAskSingleChoiceInstruction("final verdict", "verdict (APPROVED / APPROVED_WITH_CONCERNS / BLOCKED)"),
             "**STOP.** Do NOT proceed to ship until the user provides an explicit verdict."
@@ -70,7 +70,7 @@ export const REVIEW = {
             { id: "review_layer1_spec_compliance", description: "Spec compliance check completed with per-criterion verdict." },
             { id: "review_layer2_security", description: "Security review completed." },
             { id: "review_layer_coverage_complete", description: "Layer coverage map in 07-review-army.json confirms spec/correctness/security/performance/architecture/external-safety tags were considered." },
-            { id: "review_criticals_resolved", description: "No unresolved critical blockers remain." },
+            { id: "review_criticals_resolved", description: "Normal APPROVED or APPROVED_WITH_CONCERNS path only: no unresolved critical blockers remain. BLOCKED routes use review_verdict_blocked instead." },
             { id: "review_army_json_valid", description: "07-review-army.json passes schema validation (validateReviewArmy)." },
             { id: "review_trace_matrix_clean", description: "Trace matrix has no orphaned criteria/tasks/test slices for the active run, and evidence cites a discovered real test command before ship handoff." }
         ],
@@ -79,7 +79,7 @@ export const REVIEW = {
             "Artifact written to `.cclaw/artifacts/07-review-army.json`.",
             "Traceability matrix run recorded (no orphaned criteria/tasks/tests for enforced tracks).",
             "Layer 1 verdict captured with per-criterion pass/fail.",
-            "Layer 2 sections completed with findings.",
+            "Layer 2 sections completed across correctness, security, performance, architecture, and external-safety findings.",
             "Severity log includes critical/important/suggestion buckets.",
             "Explicit final verdict: APPROVED, APPROVED_WITH_CONCERNS, or BLOCKED.",
             "Fresh verification command discovery recorded, and the command cited in `review_trace_matrix_clean` evidence before ship handoff.",
@@ -95,8 +95,8 @@ export const REVIEW = {
         exitCriteria: [
             "both layers completed",
             "all review sections evaluated",
-            "critical blockers resolved",
-            "ship readiness explicitly stated"
+            "critical blockers resolved for APPROVED paths, or BLOCKED routes through review_verdict_blocked",
+            "ship readiness or remediation route explicitly stated"
         ],
         platformNotes: [
             "When citing file locations in findings, use repo-relative forward-slash paths with a line number (`src/foo/bar.ts:42`). Avoid IDE-generated hyperlinks that embed absolute machine-specific paths.",
@@ -115,7 +115,7 @@ export const REVIEW = {
         artifactValidation: [
             { section: "Upstream Handoff", required: false, validationRule: "Summarizes spec/plan/tdd decisions, constraints, open questions, and explicit drift before review verdicts." },
             { section: "Layer 1 Verdict", required: true, validationRule: "Per-criterion pass/fail with references." },
-            { section: "Layer 2 Findings", required: false, validationRule: "Each finding has severity, description, and resolution status. Security coverage must include either explicit security findings or `NO_CHANGE_ATTESTATION: <reason>` when no security-relevant changes were found." },
+            { section: "Layer 2 Findings", required: false, validationRule: "Each finding has severity, description, and resolution status across correctness, security, performance, architecture, and external-safety. Security coverage must include either explicit security findings or `NO_CHANGE_ATTESTATION: <reason>` when no security-relevant changes were found." },
             { section: "Review Findings Contract", required: true, validationRule: "Structured findings in 07-review-army.json include id/severity/confidence/fingerprint/reportedBy/status and source tags from {spec, correctness, security, performance, architecture, external-safety} with dedup reconciliation summary." },
             { section: "Review Readiness Snapshot", required: false, validationRule: "Optional compact summary: completed checks, delegation-log status, staleness signal, open critical blockers, and ship recommendation." },
             { section: "Completeness Snapshot", required: false, validationRule: "Optional compact coverage summary for AC coverage, task coverage, test-slice coverage, and adversarial-review status when triggered." },
@@ -140,7 +140,7 @@ export const REVIEW = {
                 stopGate: true
             },
             {
-                title: "Layer 2: Integrated Correctness / Performance / Architecture",
+                title: "Layer 2: Integrated Correctness / Security / Performance / Architecture / External-Safety",
                 evaluationPoints: [
                     "Logic errors and boundary violations",
                     "Race conditions and concurrency issues",