codebyplan 1.13.28 → 1.13.30

package/templates/skills/cbp-round-update/SKILL.md

@@ -1,9 +1,9 @@
 ---
 scope: org-shared
 name: cbp-round-update
-description: Check file approvals, complete round, and route to next step
+description: Triage a finished round (Claude-only) and route to round-complete or round-input
 argument-hint: [chk-task-round | task-round]
-triggers: [cbp-round-input, cbp-task-check, cbp-standalone-task-check]
+triggers: [cbp-round-complete, cbp-round-input]
 effort: low
 ---
 
@@ -17,28 +17,24 @@ Inspect the resolved identifier from argument parsing to determine the task kind
 | `{chk}-{task}-{round}` (3-segment, e.g. `141-3-1`) | `checkpoint` |
 | _(empty / free-text)_ | Check `get_current_standalone_task` first; if found → `standalone`. Else → `checkpoint` via `get_current_task`. |
 
-Set `KIND` for the rest of this skill. MCP tool names vary by KIND:
+Set `KIND` for the rest of this skill. round-update is **read + triage only** — it reads round state and routes; it never completes the round or writes file approvals. MCP read/audit tool names vary by KIND:
 
 | Operation | `checkpoint` KIND | `standalone` KIND |
 |-----------|------------------|-------------------|
 | Get task | `get_current_task(repo_id)` | `get_current_standalone_task(repo_id)` |
 | Get rounds | `get_rounds(task_id)` | `get_standalone_rounds(standalone_task_id)` |
-| Add round | `add_round(task_id, ...)` | `add_standalone_round(standalone_task_id, ...)` |
-| Update round | `update_round(round_id, ...)` | `update_standalone_round(standalone_round_id, ...)` |
-| Complete round | `complete_round(round_id, duration_minutes?)` | `complete_standalone_round(standalone_round_id, duration_minutes?, caller_worktree_id)` ⚠️ `caller_worktree_id` is REQUIRED for standalone |
-| Update task | `update_task(task_id, ...)` | `update_standalone_task(standalone_task_id, ...)` |
+| Update round (audit only) | `update_round(round_id, ...)` | `update_standalone_round(standalone_round_id, ...)` |
 
-# Round Update Command
-
-Checks file approval status, completes the round, and routes to next step. NEVER asks the user to git add or stage anything — it only reads current state.
+The completion + file-approval reconcile (`sync-approvals`, `complete_round` / `complete_standalone_round`) now lives in `/cbp-round-complete`.
 
-## HARD GATE — Every Step Must Execute
+# Round Update Command
 
-Step 2 (sync-approvals CLI) MUST exit 0. If it fails, do NOT proceed to Step 3. Before completing the round, verify:
+**Claude-only, autonomous triage.** round-update inspects a finished round's automated state — which files Claude approved (`claude_approved`), whether testing-QA hard-failed, and whether `improve-round` left outstanding findings — and routes to exactly one next step. It makes **no writes** beyond an audit breadcrumb and **never prompts the user**: it is auto-triggered by `/cbp-round-end` and runs without a confirmation gate. The user-facing confirmation has moved to `/cbp-round-complete` (an `ask`-tier permission prompt). round-update NEVER reads or touches git staging — user approval is reconciled later by `/cbp-round-complete`.
 
-- [ ] `codebyplan round sync-approvals` exited 0
+## Routing in one line
 
-If this is false: DO NOT proceed to Step 3.
+- **Round is clean** → trigger `/cbp-round-complete` (the permission-gated finalizer reconciles your `git add`s and completes the round).
+- **Round needs more work** → trigger `/cbp-round-input` (more changes / planning).
 
 ## Instructions
 
@@ -82,147 +78,39 @@ Given the parse from Step 1:
 
 If no task found: `No active task. Nothing to update.`
 
-### Step 1.6: Permission Gate
-
-Step 1 (parse) and Step 1.5 (resolve task + round) are read-only. Step 2 onward mutates state — the `sync-approvals` CLI write, `complete_round`, and the auto-trigger of the next step. Before any of that, confirm the user wants this skill to run.
-
-This gate fires on **every** invocation — manual, auto-triggered by `/cbp-round-end`, and on every iteration of the Step 4 auto-loop. There is no bypass. It sits **before** and is independent of the top-of-file HARD GATE (which governs Step 2's exit code, not user consent), and it is distinct from the Branch A clean-exit route choice in Step 5 (that one picks where to go next; this one authorizes running at all).
-
-Ask via AskUserQuestion, naming the resolved round and disclosing the actions:
-
-> Update ROUND-{N} of TASK-{M}?
-> This will sync the git diff + file approvals, complete the round, and route to the next step (which may auto-start a new round).
->
-> - **Proceed** — run the skill
-> - **Cancel** — do nothing
-
-- **Proceed** → continue to Step 2.
-- **Cancel** → abort cleanly: make NO writes (no `sync-approvals`, no `complete_round`, no auto-trigger) and exit with one line: `Cancelled by user — ROUND-{N} not updated.`
-
-### Step 2: Sync git diff + approvals via CLI
-
-Run:
-
-```
-npx codebyplan round sync-approvals --round-id <round_id> --task-id <task_id>
-```
-
-The CLI auto-resolves the caller worktree id with the following precedence:
-1. `--caller-worktree-id <uuid>` override (if passed — skips all resolution)
-2. Per-device branch-keyed cache (`.codebyplan/worktree.local.json`)
-3. In-process tuple API call: `POST /worktrees/resolve` using `(device_id, repo_path, branch)`
-
-On the write path (non `--dry-run`), if the worktree id cannot be resolved the CLI **hard-fails with exit 1** and prints an actionable message. To pre-populate the cache:
-
-```
-npx codebyplan resolve-worktree --cache
-```
-
-If this worktree is not yet registered, run `npx codebyplan setup` first, then re-run `/cbp-round-update`.
-
-The CLI parses `git status --short`, merges drift + staging + web-UI flag, and writes both round and task (forwarding `caller_worktree_id` on both writes so the server honors the feat-worktree lock).
-
-Read the stdout JSON: `{ added, stale_marked, reactivated, total_files }`.
-
-If the command exits non-zero, surface the stderr and STOP. Do NOT proceed to Step 3.
-
-### Step 3: Complete Round
-
-Calculate duration from `started_at` to now in minutes.
-
-- **checkpoint KIND**: MCP `complete_round(round_id, duration_minutes)`.
-- **standalone KIND**: MCP `complete_standalone_round(standalone_round_id, duration_minutes, caller_worktree_id)`. ⚠️ `caller_worktree_id` is REQUIRED — resolve via `CALLER_WT=$(npx codebyplan resolve-worktree 2>/dev/null)`. If `CALLER_WT` is empty, surface this warning and ask user to confirm before proceeding:
-
-  ```
-  Warning: could not resolve caller_worktree_id (npx codebyplan resolve-worktree returned empty).
-  The complete_standalone_round call may be rejected by the pre-guard. Proceed anyway? (yes / no)
-  ```
+This step is **read-only**. There is no permission gate — round-update is autonomous (see the Key Rules below).
 
-  If user confirms yes, proceed with `caller_worktree_id: ""`. If no, stop.
+### Step 2: Triage the Round
 
-### Step 4: Auto-Loop Decision
+Read the latest round's context: `round.context.testing_qa_output.totals.hard_fail`, `round.context.improve_round_findings[]`, `round.context.round_type`, and `round.files_changed[]` (each entry's `claude_approved`). Compute a single `clean` verdict:
 
-Read the latest round's `improve_round_findings[]` and `testing_qa_output.totals.hard_fail`. If EITHER is non-clean (findings non-empty OR `hard_fail === true`), the auto-loop must spawn the next round automatically.
+- **Survey round** (`round.context.round_type === 'survey'`): no file diff exists, so QA/approval predicates do not apply. `clean = improve_round_findings[]` is empty.
+- **Normal round**: `clean = (every file in files_changed[] has claude_approved === true) AND testing_qa_output.totals.hard_fail === false AND improve_round_findings[]` is empty.
 
-Procedure:
+Display a one-line triage summary, e.g. `"ROUND-N triage: clean"` or `"ROUND-N triage: N findings / hard_fail=true → needs another round"`. round-update reads `claude_approved` only — it does **not** read git staging or `user_approved`; those belong to `/cbp-round-complete`.
 
-1. Compute `next_index = (round.context.auto_loop_index ?? 0) + 1`.
-2. **If `next_index > (round.context.auto_loop_cap ?? 5)`**: surface the cap-exhausted prompt via AskUserQuestion (options: extend cap, stop loop / drop into round-input, close task as-is). Persist `round.context.auto_loop_cap_exhausted = { user_choice, decided_at }` and route per choice.
-3. **Otherwise**: persist `round.context.auto_loop_decision = { spawned_next: true, next_index, decided_at }` on the CURRENT round via `update_round` / `update_standalone_round` per KIND (audit trail), then auto-trigger `/cbp-round-input` with NO AskUserQuestion. Pass `auto_loop_mode: true`, `auto_loop_index: next_index`, `auto_loop_cap: (prior cap ?? 5)` forward — round-start Step 4 persists them on the new round.
+### Step 3: Route
 
-> **Permission-gate note**: the "NO AskUserQuestion" in item 3 governs only the auto-loop's decision to spawn `/cbp-round-input` — it does not add a prompt for that hand-off. It is NOT a bypass of the Step 1.6 permission gate: when the spawned round eventually re-enters `/cbp-round-update`, Step 1.6 prompts again (the gate always fires, including inside the auto-loop).
-
-If BOTH signals are clean, fall through to Step 5 (exit routing).
-
-### Step 5: Exit Routing
-
-**5a: Count files** — Display: `"Files: X total, Y approved, Z pending"`
-
-**5b: Route with four branches** (Step 4 already handled the dirty-loop case; Step 5 is the clean-exit path).
-
-**Branch D — IF `round.context.round_type === 'survey'` (checked FIRST):**
-
-Survey rounds produce no file diff; A/B/C predicates assume `files_changed[]` non-empty. Survey routing is decided by `improve_round_findings[]` instead:
-
-- `improve_round_findings[]` non-empty → auto-trigger `/cbp-round-input`
-- `improve_round_findings[]` empty → checkpoint KIND: auto-trigger `/cbp-task-check`; standalone KIND: auto-trigger `/cbp-standalone-task-check`
-
-Output: `"## Round [N] Complete — Survey Round"` with duration, files=0, findings count, routing message. Skip Branches A/B/C.
-
-**Branch A — ELSE IF all files have `user_approved: true`:**
-
-```
-## Round [N] Complete - All Files Approved
-
-**Duration**: [N] minutes
-**Files**: [X] total, [X] approved, 0 pending
-```
-
-Surface AskUserQuestion (clean-exit user-gate):
-
-- **(a) close & complete round** → checkpoint KIND: auto-trigger `/cbp-task-check`; standalone KIND: auto-trigger `/cbp-standalone-task-check`
-- **(b) start new round** → auto-trigger `/cbp-round-input`
-
-Persist `round.context.auto_loop_exit = { staged_count, unstaged_count, route, decided_at }`.
-
-**Branch B — ELSE IF unapproved files exist AND every unapproved file has `claude_approved: true` AND `testing_qa_output.totals.hard_fail: false` AND no `improve_round_findings[]`:**
-
-The clean-but-unstaged staging-gate case. Mode-dependent:
-
-- **Auto-loop exit** (the completed round had `auto_loop_mode === true` on its context AND Step 4 fell through here with BOTH signals clean): surface the Branch A clean-exit user-gate — do NOT auto-trigger `/cbp-round-input`. Branch B's entry condition already requires `no improve_round_findings[]`, so the auto-loop's verbatim-from-findings procedure has no input to formulate requirements from; auto-triggering round-input would loop on an empty input. Persist `round.context.auto_loop_exit.degenerate_empty_findings: true` (degenerate sub-case: no findings to feed round-input, so surface the clean-exit user-gate above instead of auto-triggering).
-- **Manual round**: emit staging-gate prompt and STOP. User stages files (never-git-add rule) and re-invokes; command then falls into Branch A.
-
-Manual-mode prompt:
-
-```
-## Round [N] Complete — Files Pending Staging
-
-**Files**: [X] total, [Y] approved, [Z] pending
-
-### Pending (passed all checks; not yet staged):
-- [path]
-
-Stage them (`git add <path>`) and re-run `/cbp-round-update` to proceed.
-Waiting for user to stage files.
-```
+**3a — Clean → `/cbp-round-complete`.** Auto-trigger `/cbp-round-complete`. round-complete is `ask`-tier: the harness shows a permission prompt (the user's confirmation to finalize the round). round-complete then reconciles the user's `git add`s, completes the round, and routes onward (all files staged → task-check; some withheld → round-input). round-update writes nothing here beyond the Step 2 summary. In `auto_loop_mode`, a clean triage is the loop's success exit — the loop continues only via the not-clean path in 3b; round-complete owns the degenerate clean-but-unstaged guard.
 
-**Branch C — ELSE (unapproved AND outstanding findings or `claude_approved: false`):**
+**3b — Not clean → `/cbp-round-input`.** More changes or planning are needed. Routing is **independent of git staging** — round-input is reachable whether or not the user has staged anything (it performs its own deep analysis of the unapproved files). Two sub-cases:
 
-Unreachable in the auto-loop path — Step 4 catches it first. Retained for MANUAL invocation. Output `## Round [N] Complete - [Z] Files Pending` with file counts and list of unapproved paths; auto-trigger `/cbp-round-input`.
+- **Auto-loop** (`round.context.auto_loop_mode === true`): compute `next_index = (round.context.auto_loop_index ?? 0) + 1`.
+  - If `next_index > (round.context.auto_loop_cap ?? 5)`: surface the cap-exhausted prompt via AskUserQuestion (a genuine multi-option user decision — keep it). Options: extend cap, stop loop / drop into round-input, close task as-is. Persist `round.context.auto_loop_cap_exhausted = { user_choice, decided_at }` and route per choice.
+  - Otherwise: persist `round.context.auto_loop_decision = { spawned_next: true, next_index, decided_at }` on the current round via `update_round` / `update_standalone_round` (audit trail), then auto-trigger `/cbp-round-input` with NO prompt. Pass `auto_loop_mode: true`, `auto_loop_index: next_index`, `auto_loop_cap: (prior cap ?? 5)` forward — round-start Step 4 persists them on the new round.
+- **Manual round**: auto-trigger `/cbp-round-input` directly (no prompt).
 
 ## Key Rules
 
-- **Step 1.6 permission gate fires first** — every invocation (incl. auto-trigger and the Step 4 auto-loop) asks the user to confirm before any write; **Cancel** is a clean abort (no `sync-approvals`, no `complete_round`, no auto-trigger).
-- **Step 2 (CLI) must exit 0** — if it fails, STOP. The merge semantics are enforced by the CLI.
-- **Step 4 owns the dirty-loop case**; Step 5 owns the clean-exit case. Step 5 Branch C is for manual invocation only.
-- **NEVER ask user to git add files** — only reads staging status. **NEVER stage files** — Claude does not touch git staging area.
-- Auto-triggered by `/cbp-round-end`, or run manually by user.
-- **standalone KIND Step 3**: `caller_worktree_id` is REQUIRED for `complete_standalone_round` — always resolve and pass it.
+- **Autonomous + Claude-only** — round-update never prompts before running. It is auto-triggered by `/cbp-round-end`. The confirmation step is `/cbp-round-complete`'s `ask`-tier permission prompt, not an AskUserQuestion here. (The auto-loop cap-exhausted AskUserQuestion in Step 3b is a genuine user decision, not a run gate.)
+- **Triage, never finalize** — round-update does NOT call `sync-approvals`, `complete_round`, or `complete_standalone_round`, and does NOT write file approvals. All of that is `/cbp-round-complete`.
+- **Never touches git** — round-update reads `claude_approved` from the DB only; it never reads staging, asks the user to `git add`, or stages files.
+- **git-add independence** — the "needs more work" route to `/cbp-round-input` fires regardless of whether files are staged. There is no clean-but-unstaged dead-end.
+- **standalone parity** — KIND detection governs which read/audit tools are used; the clean→`/cbp-round-complete` and not-clean→`/cbp-round-input` routing is identical for both KINDs (round-complete and round-input self-detect KIND).
 
 ## Integration
 
-- **Gates**: Step 1.6 permission gate — asks the user to confirm before any side effect; **Cancel** aborts cleanly with no writes. Fires on every invocation incl. the Step 4 auto-loop; sits before and independent of the top-of-file Step 2 hard gate.
 - **Triggered by**: `/cbp-round-end` (auto), or user manually
-- **Reads**: MCP `get_current_task` / `get_current_standalone_task`, `get_rounds` / `get_standalone_rounds` (per KIND); delegates git+approval sync to `npx codebyplan round sync-approvals`
-- **Writes**: MCP `update_round` / `update_standalone_round` (auto_loop_decision / auto_loop_exit / auto_loop_cap_exhausted); `complete_round` / `complete_standalone_round` (per KIND); round+task files_changed written by CLI
-- **Triggers**: `/cbp-round-input` (Step 4 dirty-loop spawn; Branch A 'b' choice; Branch B auto-loop-exit; Branch C manual), `/cbp-task-check` (Branch A 'a' choice per checkpoint KIND; Branch D survey-clean per checkpoint KIND), `/cbp-standalone-task-check` (Branch A 'a' choice per standalone KIND; Branch D survey-clean per standalone KIND), staging-gate stop (Branch B manual mode), cap-exhausted prompt routes from Step 4 (any of the three options)
+- **Reads**: MCP `get_current_task` / `get_current_standalone_task`, `get_rounds` / `get_standalone_rounds` (per KIND); round context (`testing_qa_output`, `improve_round_findings`, `round_type`, `files_changed[].claude_approved`)
+- **Writes**: MCP `update_round` / `update_standalone_round` — audit only (`auto_loop_decision` / `auto_loop_cap_exhausted`). No completion, no file-approval writes.
+- **Triggers**: `/cbp-round-complete` (clean triage — `ask`-tier permission prompt is the user confirmation), `/cbp-round-input` (not-clean triage: outstanding findings, hard-fail, or unapproved Claude checks — fires independent of git staging; also the auto-loop dirty spawn), cap-exhausted prompt routes from Step 3b (any of the three options)

package/templates/skills/cbp-standalone-task-check/SKILL.md

@@ -17,7 +17,7 @@ If the `cbp-task-check` agent spawn fails for any reason, follow the canonical i
 
 ## When Used
 
-- After all rounds complete and all files approved (auto-triggered by `/cbp-round-update`)
+- After all rounds complete and all files approved (auto-triggered by `/cbp-round-complete`)
 - Before `/cbp-standalone-task-testing`
 - Never skippable
 
@@ -149,4 +149,4 @@ Suggest: Approve files, then re-run `/cbp-standalone-task-check {task}`. Stop
 - **Reads**: MCP `get_current_standalone_task`, `get_standalone_tasks`, `get_standalone_rounds`, all changed files (via agent)
 - **Writes**: MCP `update_standalone_task` (context.check_verdict)
 - **Triggers**: emits directive `Next: /clear, then /cbp-standalone-task-testing {task}` on READY + satisfied
-- **Triggered by**: `/cbp-round-update` (auto, when all files approved)
+- **Triggered by**: `/cbp-round-complete` (auto, when all files approved)

package/templates/skills/cbp-standalone-task-complete/SKILL.md

@@ -10,6 +10,8 @@ effort: xhigh
 
 Complete a standalone task. Auto-triggered by `/cbp-standalone-task-testing` when all tests pass. Can also be run manually.
 
+This skill is gated by an `ask`-tier `Skill(cbp-standalone-task-complete)` permission rule in `settings.json` (shipped templates). **The permission prompt IS the user confirmation** — there is NO completion-confirmation AskUserQuestion inside this skill (the Step 7.5 `caller_worktree_id` guard is a separate environmental safety prompt, not a flow-control confirmation). A declined permission is a clean no-op (nothing committed, merged, pushed, or completed).
+
 ## Instructions
 
 ### Step 1: Parse `$ARGUMENTS`
@@ -84,9 +86,7 @@ Load `task.qa` and `task.files_changed`:
 1. **QA**: count items by status (pass / fail / pending / skipped). If any item has status `fail` or `pending`, warn the user.
 2. **Files**: list any file with `user_approved === false` and warn.
 
-**If issues exist**, AskUserQuestion: `Complete anyway` / `Run QA first` / `Cancel`. On `Run QA first` or `Cancel`, stop. On `Complete anyway`, continue.
-
-**If no issues**, AskUserQuestion to confirm: `Ready to complete standalone TASK-[N]: [title] — [N] rounds, [N] files. Proceed?`
+If any QA item is `fail`/`pending` or any file is unapproved, **surface the warnings in the output and continue** — record them for the Step 9 summary. There is NO confirmation AskUserQuestion here: `Skill(cbp-standalone-task-complete)` is `ask`-tier, so the harness permission prompt that gated this skill IS the user's confirmation to complete. The hard gates in Steps 2–2.6 (all rounds completed, ≥1 round has `testing_qa_output`, `check_verdict` READY, `task_testing_output.all_passed`) already block completion when prerequisites are unmet; these QA / file-approval items are warnings, not blockers.
 
 ### Step 4: Aggregate Files Changed
 
@@ -169,6 +169,7 @@ Apply the `cleanup` skill inline to remove orphan references to deleted/modified
 **Files**: [N] changed
 **Commit**: [hash]
 **Branch merged**: [feat-branch] → {PRODUCTION}
+**Warnings**: [any QA / file-approval warnings from Step 3, or "none"]
 ```
 
 #### Route (single directive — never a menu)

package/templates/skills/cbp-standalone-task-testing/SKILL.md

@@ -9,7 +9,7 @@ effort: xhigh
 
 # Standalone Task Testing Command
 
-Comprehensive task-level testing for standalone tasks — runs all automated tests and walks the user through manual testing one-by-one. Tests the entire delivered feature holistically after all rounds are complete. Runs inline — no sub-agent.
+Comprehensive task-level testing for standalone tasks — the **cross-round double-check** run once after all rounds complete. Per-round QA (per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret grep, `pnpm audit`) is owned by each round's `testing-qa-agent`; this skill does NOT re-run it. It tests the entire delivered feature holistically across the full task diff — catching cross-package and cross-round problems no single round can see. Runs inline — no sub-agent.
 
 ## When Used
 
@@ -19,7 +19,7 @@ Comprehensive task-level testing for standalone tasks — runs all automated tes
 
 ## Scope vs Round-Level Validation
 
-Per-wave `testing-qa-agent` runs inside `/cbp-round-execute` Step 5. This skill adds the cross-cutting layer visible only across the full task diff: full-repo lint, workspace tsc, full test suite, `pnpm audit`, and full-diff security scan.
+Per-wave `testing-qa-agent` runs inside `/cbp-round-execute` Step 5 and **owns per-round QA**: per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret full-diff grep, and `pnpm audit`. This skill does NOT repeat them. It adds only the cross-round layer invisible within a single round: workspace-wide lint, workspace tsc, and the full test suite (which catch cross-package breakage), plus the cross-round code review (Step 6.5) and the user manual walkthrough (Step 8).
 
 ## Instructions
 
@@ -93,9 +93,9 @@ Capture stdout and stderr for each check.
 | Full-repo lint | `pnpm -w lint` | Always |
 | Full-repo types | `pnpm exec tsc --noEmit` | Source files changed |
 | Full-repo unit tests | `pnpm test --run` | Source files in aggregated_files |
-| Full-repo audit | `pnpm audit` | Always |
 | Per-package E2E | `pnpm --filter <pkg> e2e:test` | UI files in aggregated_files |
-| Full-diff security scan | inline grep or `security-agent` | Always |
+
+These are the workspace-wide / cross-package checks only — per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret grep, and `pnpm audit` already ran per-round inside `testing-qa-agent` and are NOT repeated here.
 
 **Soft tests** (report, don't block):
 

package/templates/skills/cbp-task-check/SKILL.md

@@ -9,7 +9,7 @@ effort: high
 
 # Task Check Command
 
-AI-driven production readiness review. Spawns the `cbp-task-check` agent for thorough verification including user satisfaction discussion. This command is a thin orchestrator — the agent does the heavy lifting.
+AI-driven production readiness review. Spawns the `cbp-task-check` agent for thorough verification including user satisfaction discussion. This command is a thin orchestrator — the agent does the heavy lifting. It is the **cross-round double-check**: rounds already own per-round QA (debug scan, security grep, audit, per-app build/lint/types), so this layer focuses on holistic concerns visible only across the full task diff — requirements traceability, checkpoint alignment, shippability, holistic code review, and scope drift — never re-running per-round checks.
 
 ## Inline-Fallback for Spawn Failure
 
@@ -27,7 +27,7 @@ Inline-fallback is NOT a quality downgrade trapdoor — every Phase from the age
 
 ## When Used
 
-- After all rounds complete and all files approved (auto-triggered by `/cbp-round-update`)
+- After all rounds complete and all files approved (auto-triggered by `/cbp-round-complete`)
 - Before `/cbp-task-testing`
 - `/cbp-task-check` is NEVER skippable
 
@@ -163,4 +163,4 @@ Suggest: Approve files, then re-run `/cbp-task-check`. **STOP HERE** — wait fo
 - **Reads**: MCP `get_current_task`, `get_rounds`, all changed files (via agent)
 - **Writes**: MCP `update_task` (context.check_verdict)
 - **Triggers**: emits directive `Next: /clear, then /cbp-task-testing {chk-task}` on READY + satisfied (cross-context — testing is heavyweight, fresh context helps)
-- **Triggered by**: `/cbp-round-update` (auto, when all files approved)
+- **Triggered by**: `/cbp-round-complete` (auto, when all files approved)

package/templates/skills/cbp-task-complete/SKILL.md

@@ -10,6 +10,8 @@ effort: xhigh
 
 Complete the current task. Auto-triggered by `/cbp-task-testing` when all tests pass. Can also be run manually.
 
+This skill is gated by an `ask`-tier `Skill(cbp-task-complete)` permission rule in `settings.json`. **The permission prompt IS the user confirmation** — there is NO AskUserQuestion inside this skill. A declined permission is a clean no-op (nothing committed, merged, pushed, or completed).
+
 ## Instructions
 
 ### Step 1: Parse `$ARGUMENTS`
@@ -90,12 +92,10 @@ Stop here.
 
 Load `task.qa` and `task.files_changed`:
 
-1. **QA**: count items by status (pass / fail / pending / skipped) across all types. If any item has status `fail` or `pending` (including default checklists), warn the user.
-2. **Files**: list any file with `user_approved === false` and warn.
-
-**If issues exist**, AskUserQuestion: `Complete anyway` / `Run QA first` (suggest `/cbp-task-check`) / `Cancel`. On `Run QA first` or `Cancel`, stop. On `Complete anyway`, continue.
+1. **QA**: count items by status (pass / fail / pending / skipped) across all types.
+2. **Files**: list any file with `user_approved === false`.
 
-**If no issues**, AskUserQuestion to confirm: `Ready to complete TASK-[N]: [title] — [N] rounds, [N] files. Proceed?`
+If any QA item is `fail`/`pending` or any file is unapproved, **surface the warnings in the output and continue** — record them for the Step 9 summary. There is NO confirmation AskUserQuestion here: `Skill(cbp-task-complete)` is `ask`-tier, so the harness permission prompt that gated this skill IS the user's confirmation to complete. The hard gates in Steps 2–2.6 (all rounds completed, ≥1 round has `testing_qa_output`, `check_verdict` READY, `task_testing_output.all_passed`) already block completion when prerequisites are unmet; these QA / file-approval items are warnings, not blockers.
 
 ### Step 4: Aggregate Files Changed
 
@@ -142,7 +142,7 @@ Call `complete_task(task_id)`. The server resolves the caller's worktree identit
 
 Apply the `cleanup` skill inline to remove orphan references to deleted/modified files. Then apply `migration` to propagate renames/moves to consumers. Both run without sub-agent spawns. Skip cleanup if no deletions/modifications; skip migration if cleanup handled everything.
 
-### Step 9: Show Result and Route (User-Confirmed)
+### Step 9: Show Result and Route
 
 Show the completion summary:
 
@@ -153,6 +153,7 @@ Show the completion summary:
 **Rounds**: [N] completed
 **Files**: [N] changed
 **Commit**: [hash]
+**Warnings**: [any QA / file-approval warnings from Step 3, or "none"]
 ```
 
 Then route. Same-context transitions (next task in this checkpoint) auto-trigger via the Skill tool. Cross-context transitions (checkpoint done → /cbp-checkpoint-check, session end) surface as a single directive 'Next: /clear, then /cbp-X' for the user to invoke after refreshing context.

package/templates/skills/cbp-task-testing/SKILL.md

@@ -9,7 +9,7 @@ effort: xhigh
 
 # Task Testing Command
 
-Comprehensive task-level testing — runs all automated tests and walks the user through manual testing one-by-one. Distinct from round-level testing (`testing-qa-agent`): this tests the **entire delivered feature holistically** after all rounds are complete. Runs inline — no sub-agent.
+Comprehensive task-level testing — the **cross-round double-check** run once after all rounds complete. Per-round QA (per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret grep, `pnpm audit`) is owned by each round's `testing-qa-agent`; this skill does NOT re-run it. Instead it tests the **entire delivered feature holistically** across the full task diff — catching cross-package and cross-round problems no single round can see. Runs inline — no sub-agent.
 
 ## When Used
 
@@ -19,7 +19,7 @@ Comprehensive task-level testing — runs all automated tests and walks the user
 
 ## Scope vs Round-Level Validation
 
-Per-wave `testing-qa-agent` runs inside `/cbp-round-execute` Step 5. This skill adds the cross-cutting layer that is only visible across the full task diff: full-repo lint, workspace tsc, full test suite, `pnpm audit`, and full-diff security scan — each run once here, not per-round.
+Per-wave `testing-qa-agent` runs inside `/cbp-round-execute` Step 5 and **owns per-round QA**: per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret full-diff grep, and `pnpm audit`. This skill does NOT repeat them. It adds only the cross-round layer invisible within a single round: workspace-wide lint, workspace tsc, and the full test suite (which catch cross-package breakage), plus the cross-round code review (Step 6.5), the autonomous sim screenshot loop (Step 6.x), and the user manual walkthrough (Step 8).
 
 ## Instructions
 
@@ -109,11 +109,9 @@ Capture stdout and stderr for each check.
 | Full-repo lint          | `pnpm -w lint`                  | Always                           |
 | Full-repo types         | `pnpm exec tsc --noEmit`        | Source files changed             |
 | Full-repo unit tests    | `pnpm test --run`               | Source files in aggregated_files |
-| Full-repo audit         | `pnpm audit`                    | Always                           |
 | Per-package E2E         | `pnpm --filter <pkg> e2e:test`  | UI files in aggregated_files     |
-| Full-diff security scan | inline grep or `security-agent` | Always                           |
 
-Per-file lint + format are enforced by `lint-format-on-edit.sh` hook per edit. This step catches cross-package issues invisible to per-wave checks.
+These are the workspace-wide / cross-package checks only — per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret grep, and `pnpm audit` already ran per-round inside `testing-qa-agent` and are NOT repeated here. Per-file lint + format are enforced by `lint-format-on-edit.sh` per edit. This step catches cross-package issues invisible to per-wave checks.
 
 **Soft tests** (report, don't block):
 

package/templates/skills/cbp-todo/SKILL.md

@@ -133,7 +133,7 @@ Once the gates pass, load the context the head command needs. This ensures `/cle
 | `/cbp-checkpoint-start` | Load checkpoint via MCP `get_checkpoints` + `get_tasks(checkpoint_id)`. Display checkpoint title, status, claim state, first pending task |
 | `/cbp-task-start [N]` | Load via MCP `get_current_task`. Display checkpoint title + task title/requirements summary |
 | `/cbp-round-start` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + round count + last round summary |
-| `/cbp-round-update` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + files_changed approval summary |
+| `/cbp-round-update` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + files_changed triage summary (claude_approved, findings, hard_fail) |
 | `/cbp-round-input` | **Full context load** (see Step 2b) |
 | `/cbp-task-check` | Load via MCP `get_current_task`. Display checkpoint + task + files summary |
 | `/cbp-task-testing` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + testing status summary |

package/templates/skills/cbp-build-cc-memory/SKILL.md

@@ -1,201 +0,0 @@
----
-scope: org-shared
-name: cbp-build-cc-memory
-description: Create or update an auto-memory entry under the Claude Code auto-memory directory per the official spec. Handles path-slug encoding, per-repo redirection via autoMemoryDirectory, MEMORY.md index, and per-entry typing (user/feedback/project/reference).
-argument-hint: "[entry-name] [--type=user|feedback|project|reference] [--repo-local]"
-allowed-tools: Read, Write, Edit, Glob, Grep, Bash(mkdir *), Bash(cat *), Bash(ls *), Bash(jq *)
-effort: xhigh
----
-
-# Build Claude Code Auto-Memory Entry
-
-Create or update an entry in Claude Code's auto-memory directory per the official Claude Code memory spec (section _Auto memory_).
-
-Auto memory is machine-local knowledge Claude accumulates across sessions. Only the first 200 lines or 25KB of `MEMORY.md` load at session start.
-
-## Arguments
-
-`$ARGUMENTS` — entry name (kebab-case, used as filename). Flags: `--type=user|feedback|project|reference` (see [reference/memory-types.md](reference/memory-types.md)), `--repo-local` (store at `.claude/memory/` via user-scope `autoMemoryDirectory` override; see Step 1).
-
-## When to Use
-
-| Situation                                                    | Action                                 |
-| ------------------------------------------------------------ | -------------------------------------- |
-| User tells you something about themselves                    | Save as `user` memory                  |
-| User corrects you, or confirms a non-obvious approach worked | Save as `feedback` memory              |
-| User shares project info (deadline, stakeholder, WHY)        | Save as `project` memory               |
-| User points to external system (Linear, Slack, dashboard)    | Save as `reference` memory             |
-| User says "remember this" / "save this"                      | Save immediately, pick type by content |
-| User says "forget X"                                         | Find and delete the entry              |
-
-Do **NOT** save:
-
-- Things derivable from `git log`, `git blame`, or reading the current code
-- Debugging fixes (they're already in the commit)
-- CLAUDE.md content (different mechanism)
-- Ephemeral task/conversation state
-
-## Instructions
-
-### Step 1 — Locate the memory directory
-
-**Default (global auto-memory):** `~/.claude/projects/<project-slug>/memory/`.
-
-The `<project-slug>` is the **absolute git repo path with `/` replaced by `-`**, e.g. repo at `/Users/alice/my-app` → slug `-Users-alice-my-app`. The `<project>` placeholder in the docs is not a friendly name — it's this slug.
-
-Resolve it deterministically:
-
-```bash
-REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
-SLUG="$(echo "$REPO_ROOT" | sed 's|/|-|g')"
-DEFAULT_DIR="$HOME/.claude/projects/$SLUG/memory"
-```
-
-Worktrees get a separate slug (the spec says all worktrees share one dir, but the runtime slugs by path — verify with `ls ~/.claude/projects/ | grep "$SLUG"`).
-
-**Override (`autoMemoryDirectory`):** the runtime reads this key only from **user, local, or managed-policy** settings — never from project settings. Resolve in that priority order, then fall back to the default path.
-
-```bash
-# Check overrides in priority order
-for f in "$HOME/.claude/settings.json" ".claude/settings.local.json"; do
-  override=$(jq -r '.autoMemoryDirectory // empty' "$f" 2>/dev/null)
-  [ -n "$override" ] && MEMORY_DIR="${override/#\~/$HOME}" && break
-done
-MEMORY_DIR="${MEMORY_DIR:-$DEFAULT_DIR}"
-mkdir -p "$MEMORY_DIR"
-```
-
-### Step 2 — Pick scope: global vs repo-local vs user-global
-
-Three valid configurations (decide before writing):
-
-| Scope                        | Where it lives                      | How to enable                                                                    | When to use                                          |
-| ---------------------------- | ----------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------- |
-| Global auto-memory (default) | `~/.claude/projects/<slug>/memory/` | No config — works by default                                                     | Personal learnings specific to this repo             |
-| Repo-local                   | `<repo>/.claude/memory/`            | Set `autoMemoryDirectory` in `.claude/settings.local.json` (NOT `settings.json`) | Team-shared repo memory; also gitignore if sensitive |
-| User-global                  | `~/my-notes/` or similar            | Set `autoMemoryDirectory` in `~/.claude/settings.json`                           | One memory pool across all your projects             |
-
-**CBP default: global.** Switch to repo-local only when (a) the memory would help a teammate on the same repo, (b) isn't already in CLAUDE.md, and (c) you're comfortable committing it (or gitignoring deliberately). Prefer global for automatic feedback-type memories.
-
-**Never save credentials, secrets, or PII** to any memory scope. Memory is loaded into every session.
-
-**Memory vs CLAUDE.md vs rules:**
-
-| Destination              | What belongs                                                                           |
-| ------------------------ | -------------------------------------------------------------------------------------- |
-| CLAUDE.md                | Stable, team-shared facts needed every session (tech stack, branch strategy, repo IDs) |
-| `.claude/rules/`         | Behavioural constraints enforced on specific files (paths-scoped)                      |
-| Auto-memory (global)     | Personal learnings, user's working style, past corrections                             |
-| Auto-memory (repo-local) | Team facts not yet stable enough for CLAUDE.md                                         |
-
-Don't duplicate across destinations.
-
-**Repo-local setup** (if `--repo-local` or user asks):
-
-1. Invoke `/cbp-build-cc-settings` to add `"autoMemoryDirectory": "./.claude/memory"` to `.claude/settings.local.json` (user-scope is also accepted). Project-scope `settings.json` is **rejected** by the runtime.
-2. Create the directory: `mkdir -p .claude/memory`
-3. Decide: commit to git (team-shared) or add to `.gitignore` (personal in-repo).
-
-### Step 3 — Read the existing MEMORY.md
-
-```bash
-cat "$MEMORY_DIR/MEMORY.md" 2>/dev/null || echo "(no MEMORY.md yet)"
-```
-
-MEMORY.md is the **index**, not a store. One-line pointer per entry, under ~150 chars. It's loaded every session (first 200 lines / 25KB). Keep it tight.
-
-### Step 4 — Check for an existing entry
-
-```bash
-ls "$MEMORY_DIR" | grep -i "{topic-keyword}"
-```
-
-If a related entry exists:
-
-- Updating an existing fact → edit that file
-- Same topic, different angle → edit or merge
-- New but adjacent → create new file, cross-link from MEMORY.md
-
-Never duplicate.
-
-### Step 5 — Classify the entry
-
-Pick the right type. Details: [reference/memory-types.md](reference/memory-types.md).
-
-| Type        | Saves                         | Example trigger                           |
-| ----------- | ----------------------------- | ----------------------------------------- |
-| `user`      | Who they are, how they work   | "I've been writing Go for 10 years"       |
-| `feedback`  | Corrections AND confirmations | "stop summarizing", "yeah that was right" |
-| `project`   | Work context, deadlines, WHY  | "we're freezing after Thursday"           |
-| `reference` | Pointers to external systems  | "bugs live in Linear project INGEST"      |
-
-### Step 6 — Write the entry file
-
-Read `${CLAUDE_SKILL_DIR}/templates/memory-entry.md` for the canonical format.
-
-Filename convention: `{type}_{topic}.md` (e.g. `feedback_testing.md`, `user_role.md`, `project_q1_freeze.md`).
-
-Frontmatter:
-
-```yaml
----
-name: Human-readable entry name
-description: One-line relevance hint — used to judge if this memory matters in a new conversation
-type: user | feedback | project | reference
----
-```
-
-For `feedback` and `project` types, structure the body as:
-
-1. Lead line — the rule or fact itself
-2. **Why:** — reason the user gave (incident, preference, deadline)
-3. **How to apply:** — when this guidance kicks in
-
-See [examples/feedback-memory.md](examples/feedback-memory.md) and [examples/project-memory.md](examples/project-memory.md).
-
-### Step 7 — Update MEMORY.md
-
-MEMORY.md is an index, not a memory. No frontmatter. One line per entry:
-
-```markdown
-# Memory
-
-- [Title](file.md) — one-line hook
-- [Another title](another.md) — one-line hook
-```
-
-Keep each line under ~150 characters. Organize by topic, not chronology.
-
-### Step 8 — Handle absolute dates
-
-Convert relative dates to absolute when saving:
-
-| User said      | Save as                     |
-| -------------- | --------------------------- |
-| "by Thursday"  | `2026-04-23` (today + days) |
-| "next week"    | `2026-04-29 to 2026-05-05`  |
-| "last quarter" | `2026-Q1`                   |
-
-Memories persist — relative dates rot.
-
-### Step 9 — Verify with `/memory`
-
-Run `/memory` in Claude Code to browse the directory. New entries appear immediately in the index load (on next session).
-
-## Integration
-
-- **Triggered by**: user asking to remember, feedback during work
-- **Reads**: `${CLAUDE_SKILL_DIR}/templates/*.md`, `${CLAUDE_SKILL_DIR}/reference/*.md`
-- **Writes**: resolved `$MEMORY_DIR` (default `~/.claude/projects/<slug>/memory/`, or `autoMemoryDirectory` override)
-- **Related skills**: `/cbp-build-cc-settings` (configure `autoMemoryDirectory`), `/cbp-build-cc-claude-file` (team-shared facts → CLAUDE.md, not memory), `/cbp-build-cc-rule` (behavioural constraints → rules)
-
-## Key Rules
-
-- `<project>` in the docs is a **slug** (`/` → `-`), not a friendly name
-- `autoMemoryDirectory` is **rejected** from project `settings.json` — only user / local / managed-policy accept it
-- MEMORY.md is an **index** — pointer lines only, no frontmatter, no long content
-- Lines after 200 (or 25KB) are not loaded at session start — keep MEMORY.md concise
-- Global auto memory is machine-local; for team-shared use repo-local and commit to git
-- Verify facts before recommending — memory can go stale; re-read the code when acting
-- When the user says "don't use memory," do not cite or act on it for this session
-- For a memory that names a file/function/flag — grep before relying on it