codebyplan 1.13.44 → 1.13.45

package/templates/skills/cbp-checkpoint-create/SKILL.md

@@ -88,14 +88,22 @@ This is the first identity-stamping point — when claiming, passing `worktree_i
 
 Read `.codebyplan/git.json` `branch_config.production` (default `"main"`) as `BASE`. codebyplan repos are main-only — never create or branch from a `development`/integration branch.
 
+Compute the slug deterministically:
+
+```bash
+SLUG=$(codebyplan slug "{checkpoint title}")
+```
+
+Then create and push the branch:
+
 ```bash
 git fetch origin "$BASE" 2>/dev/null || true
-git checkout -b "feat/CHK-{NNN}-{slug}" "origin/$BASE" 2>/dev/null \
-  || git checkout -b "feat/CHK-{NNN}-{slug}" "$BASE"
-git push -u origin "feat/CHK-{NNN}-{slug}"
+git checkout -b "feat/CHK-{NNN}-$SLUG" "origin/$BASE" 2>/dev/null \
+  || git checkout -b "feat/CHK-{NNN}-$SLUG" "$BASE"
+git push -u origin "feat/CHK-{NNN}-$SLUG"
 ```
 
-Slug: lowercase, dash-joined, punctuation dropped, ≤40 chars. Persist the branch via `codebyplan checkpoint update --id <checkpoint-id> --branch-name "feat/CHK-{NNN}-{slug}"` (CLI write-through; break-glass: MCP `update_checkpoint`). (The dedicated `/cbp-git-branch-feat-create` skill is the canonical config-driven helper if you prefer to delegate.)
+Persist the branch via `codebyplan checkpoint update --id <checkpoint-id> --branch-name "feat/CHK-{NNN}-$SLUG"` (CLI write-through; break-glass: MCP `update_checkpoint`). (The dedicated `/cbp-git-branch-feat-create` skill is the canonical config-driven helper if you prefer to delegate.)
 
 **Note — Supabase preview branch**: no Supabase branch is created here. Creation is lazy — it happens on the first DB change when `/cbp-supabase-migrate` runs on this feat branch, which provisions a Supabase branch named identically to the git branch. See `cbp-supabase-migrate` Step 2.3 for the creation protocol.
 

package/templates/skills/cbp-checkpoint-end/SKILL.md

@@ -166,12 +166,19 @@ Only after both the local and remote git delete above succeed, run a conditional
 
 > Lifecycle contract: see [[supabase-branch-lifecycle]].
 
-- Call `mcp__supabase__list_branches` with `project_id: rrvtrumtkhrsbhcyrwvf`.
-- Scan the returned list for an entry whose `name` exactly equals `$BRANCH`.
-- If found: call `mcp__supabase__delete_branch` with its `branch_id`. Record the branch name in `SUPABASE_BRANCHES_DELETED[]`.
-- If not found: no-op silently — the GitHub integration may have already removed it on PR close; not-found is success, NOT an error.
-- If the `list_branches` call itself fails (network, auth, or a non-success response — distinct from a successful lookup that returns no match): emit a non-blocking warning that the Supabase preview branch for `$BRANCH` may still exist and should be verified in the dashboard. Do not treat an API failure as a not-found success.
-- Never delete the parent project `rrvtrumtkhrsbhcyrwvf` itself or any persistent/production branch.
+- Resolve the parent project ref and apply the lifecycle guard in one deterministic call:
+
+  ```bash
+  codebyplan supabase teardown-preview "$BRANCH"
+  ```
+
+  Parse its JSON `{ status, parent_ref, project_ref, reason }`. The command never deletes anything — it reads the parent ref from `.codebyplan/shipment.json` (`.shipment.surfaces.supabase.project_ref`) and applies the protected / production / parent-ref guard from [[supabase-branch-lifecycle]].
+- If `status === "rejected"`: STOP the teardown for this branch and surface `reason` — never delete a production / protected / integration branch or one whose preview ref equals the parent.
+- Otherwise (`allowed` or `not_found`), use `parent_ref` for the live existence check — `mcp__supabase__list_branches` with `project_id: <parent_ref>`, then scan for an entry whose `name` exactly equals `$BRANCH`:
+  - If found: call `mcp__supabase__delete_branch` with its `branch_id`. Record the branch name in `SUPABASE_BRANCHES_DELETED[]`.
+  - If not found: no-op silently — the GitHub integration may have already removed it on PR close; not-found is success, NOT an error.
+  - If the `list_branches` call itself fails (network, auth, or a non-success response — distinct from a successful lookup that returns no match): emit a non-blocking warning that the Supabase preview branch for `$BRANCH` may still exist and should be verified in the dashboard. Do not treat an API failure as a not-found success.
+- Never delete the parent project (`parent_ref` from `codebyplan supabase teardown-preview`) itself or any persistent/production branch — the `teardown-preview` guard enforces this.
 
 Accumulate all Supabase branch names removed across the loop in `SUPABASE_BRANCHES_DELETED`.
 
@@ -198,11 +205,12 @@ git push origin --delete "$FEAT_BRANCH"
 
 After the feat branch git delete, run the same conditional Supabase teardown for `$FEAT_BRANCH`:
 
-- Call `mcp__supabase__list_branches` with `project_id: rrvtrumtkhrsbhcyrwvf`.
-- Scan for an entry whose `name` exactly equals `$FEAT_BRANCH`.
-- If found: call `mcp__supabase__delete_branch` with its `branch_id`. Add `$FEAT_BRANCH` to `SUPABASE_BRANCHES_DELETED[]`.
-- If not found: no-op silently — idempotent, not-found is success.
-- If the `list_branches` call itself fails (network, auth, or a non-success response — distinct from a successful lookup that returns no match): emit a non-blocking warning that the Supabase preview branch for `$FEAT_BRANCH` may still exist and should be verified in the dashboard. Do not treat an API failure as a not-found success.
+- Run `codebyplan supabase teardown-preview "$FEAT_BRANCH"` and parse its JSON `{ status, parent_ref, project_ref, reason }` (reads the parent ref from `.codebyplan/shipment.json`, applies the lifecycle guard, never deletes).
+- If `status === "rejected"`: STOP the teardown and surface `reason` — never delete a production / protected / integration branch or one whose preview ref equals the parent.
+- Otherwise (`allowed` or `not_found`), use `parent_ref` for the live existence check — `mcp__supabase__list_branches` with `project_id: <parent_ref>`, then scan for an entry whose `name` exactly equals `$FEAT_BRANCH`:
+  - If found: call `mcp__supabase__delete_branch` with its `branch_id`. Add `$FEAT_BRANCH` to `SUPABASE_BRANCHES_DELETED[]`.
+  - If not found: no-op silently — idempotent, not-found is success.
+  - If the `list_branches` call itself fails (network, auth, or a non-success response — distinct from a successful lookup that returns no match): emit a non-blocking warning that the Supabase preview branch for `$FEAT_BRANCH` may still exist and should be verified in the dashboard. Do not treat an API failure as a not-found success.
 
 ### Step 10: Save Shipment Results and Summary
 

package/templates/skills/cbp-git-commit/SKILL.md

@@ -108,21 +108,19 @@ REPO_PATH="$(git rev-parse --show-toplevel)"
 
 **If `--files` provided:** Use the manual file list.
 
-**If `--scope-task`:** Resolve via local state + intersection.
+**If `--scope-task`:** Resolve via the deterministic CLI.
+
+First, read `task.files_changed[].path` (local-first from `.codebyplan/state/checkpoints/*/tasks/*.json`; on miss run `npx codebyplan sync` once, then re-read; MCP `get_current_task` as documented break-glass when the state dir is absent and sync fails) and format as a CSV string. Then compute the intersection:
 
 ```bash
-# 1. Read task.files_changed[] from local state (glob for active task file)
-#    On miss: npx codebyplan sync once, then re-read.
-#    MCP get_current_task as documented break-glass when state dir absent + sync fails.
-task_paths=$(cat .codebyplan/state/checkpoints/*/tasks/*.json 2>/dev/null \
-  | jq -r 'select(.status=="in_progress") | .files_changed[].path' | head -n 200)
-# 2. Read staged paths
-staged_paths=$(git diff --cached --name-only)
-# 3. Compute intersection
-intersect=$(comm -12 <(echo "$task_paths" | sort) <(echo "$staged_paths" | sort))
+TASK_FILES_CSV="path1,path2,path3"  # CSV string of task.files_changed[].path (local-first)
+SCOPE_RESULT=$(codebyplan commit --scope-task --task-files "$TASK_FILES_CSV")
+# Parse JSON: { files: string[], count: number }
+FILES=$(echo "$SCOPE_RESULT" | jq -r '.files[]')
+COUNT=$(echo "$SCOPE_RESULT" | jq -r '.count')
 ```
 
-If `intersect` is empty: emit error and STOP.
+If `COUNT === 0` (empty `files[]`): emit error and STOP.
 
 ```
 ## Error: No Task Files Staged
@@ -135,7 +133,7 @@ Options:
 - Or use --all to commit the foreign-staged files instead.
 ```
 
-If non-empty: use `intersect` as the file list for Step 5.
+If `COUNT > 0`: use `FILES` as the file list for Step 5.
 
 **If `--task`, `--all`, or no scope:** No filtering — all staged files committed.
 

package/templates/skills/cbp-git-worktree-create/SKILL.md

@@ -159,59 +159,18 @@ If the main repo has no `.codebyplan/e2e.env` yet, provision it after setup by r
 cd "$WORKTREE_PATH" && git push -u origin "$BRANCH_NAME"
 ```
 
-### Step 9: Register Worktree in CodeByPlan
+### Step 9: Register Worktree and Write `.codebyplan/` Config
 
-Get the repo ID from CLAUDE.md (`Repo ID` in Key References table).
+Run `codebyplan worktree create "$BRANCH_NAME" --path "$WORKTREE_PATH"` and parse the JSON output (`{ worktree_files_written: boolean, mcp_registered: boolean, worktree_id?, warn? }`):
 
-Use MCP `create_worktree` to register the worktree in the CodeByPlan database:
+- If `warn` is present: surface it as a non-blocking warning.
+- Save the returned `worktree_id` for reference (if present).
 
-```
-MCP create_worktree:
-  repo_id: [repo-id from CLAUDE.md]
-  name: $BRANCH_NAME
-  path: $WORKTREE_PATH
-  status: "active"
-```
-
-Save the returned `worktree_id` for reference.
-
-### Step 10: Write `.codebyplan/` directory
-
-Create the `.codebyplan/` directory in the worktree root and write per-concern config stubs:
-
-```bash
-mkdir -p "$WORKTREE_PATH/.codebyplan"
-```
-
-Write `.codebyplan/repo.json` with the correct `repo_id`:
-
-```json
-{
-  "repo_id": "[repo-id from CLAUDE.md]"
-}
-```
-
-Write stubs for the other per-concern files (populated by `npx codebyplan sync` on first run):
-
-```bash
-# .codebyplan/server.json — server port and type config
-echo '{}' > "$WORKTREE_PATH/.codebyplan/server.json"
-
-# .codebyplan/git.json — branch config
-echo '{}' > "$WORKTREE_PATH/.codebyplan/git.json"
-
-# .codebyplan/shipment.json — surface shipment config
-echo '{}' > "$WORKTREE_PATH/.codebyplan/shipment.json"
-
-# .codebyplan/vendor.json — vendor docs path
-echo '{}' > "$WORKTREE_PATH/.codebyplan/vendor.json"
-```
-
-The `.codebyplan/device.local.json` file is created by `npx codebyplan setup` on the device (gitignored). The `worktree_id` is never COMMITTED; it may be cached per-device in the gitignored `.codebyplan/worktree.local.json` (branch-keyed, re-derivable via `codebyplan resolve-worktree --cache`), otherwise resolved at runtime from the `(device_id, repo path, branch)` tuple via `npx codebyplan resolve-worktree`.
+The CLI atomically writes the `.codebyplan/` directory with per-concern config stubs and registers the worktree in the CodeByPlan database. The `.codebyplan/device.local.json` file is created by `npx codebyplan setup` on the device (gitignored). The `worktree_id` is never COMMITTED; it may be cached per-device in the gitignored `.codebyplan/worktree.local.json` (branch-keyed, re-derivable via `codebyplan resolve-worktree --cache`), otherwise resolved at runtime from the `(device_id, repo path, branch)` tuple via `npx codebyplan resolve-worktree`.
 
 No need to mark as `skip-worktree` — the committed files are merge-safe per CHK-108 and CHK-120.
 
-### Step 11: Show Result
+### Step 10: Show Result
 
 ```
 ## Worktree Created
@@ -238,4 +197,4 @@ No need to mark as `skip-worktree` — the committed files are merge-safe per CH
 ## Integration
 
 - **Related**: `/cbp-git-worktree-remove` (cleanup and deregister)
-- **MCP tools**: `create_worktree`
+- **CLI**: `codebyplan worktree create <name> --path <abs>` (Step 9 — writes `.codebyplan/` config and registers worktree)

package/templates/skills/cbp-git-worktree-remove/SKILL.md

@@ -49,31 +49,17 @@ Set:
 - `WORKTREE_PATH` = resolved path
 - `BRANCH_NAME` = branch checked out in that worktree
 
-### Step 4: Look Up Worktree in CodeByPlan
+### Step 4: Look Up and Deregister Worktree in CodeByPlan
 
-Get the repo ID from CLAUDE.md (`Repo ID` in Key References table).
+Run `codebyplan worktree remove "$BRANCH_NAME"` and parse the JSON output (`{ mcp_deregistered: boolean, warn? }`):
 
-Use MCP `get_worktrees` to find the worktree record:
-
-```
-MCP get_worktrees:
-  repo_id: [repo-id from CLAUDE.md]
-  status: "active"
-```
-
-Match by `name` = `$BRANCH_NAME` or `path` = `$WORKTREE_PATH`.
-
-Set `WORKTREE_ID` = matched worktree's `id`.
-
-If not found in CodeByPlan, note it and continue with local removal.
+- If `warn` is present: surface it as a non-blocking warning. The worktree was not found in CodeByPlan or deregistration failed, but local removal will proceed.
+- If `mcp_deregistered === true`: worktree was successfully deregistered.
+- If `mcp_deregistered === false`: worktree was not registered or deregistration failed; continue with local removal.
 
 ### Step 5: Check for Assigned Checkpoints
 
-If `WORKTREE_ID` was found, warn if any checkpoints are assigned to this worktree:
-
-```
-⚠ This worktree has [N] checkpoint(s) assigned. They will become unassigned.
-```
+If the worktree was successfully deregistered in Step 4 (`mcp_deregistered === true`), any checkpoints that were assigned to it will become unassigned. This is expected behavior and requires no additional action.
 
 ### Step 6: Confirm with User
 
@@ -92,16 +78,7 @@ Ask:
 2. Remove worktree and delete branch
 3. Cancel
 
-### Step 7: Deregister from CodeByPlan
-
-If `WORKTREE_ID` was found, delete the worktree record:
-
-```
-MCP delete_worktree:
-  worktree_id: [worktree-id]
-```
-
-### Step 8: Remove Git Worktree
+### Step 7: Remove Git Worktree
 
 ```bash
 git worktree remove "$WORKTREE_PATH"
@@ -114,7 +91,7 @@ git worktree remove --force "$WORKTREE_PATH"
 
 Only use `--force` if the user confirms.
 
-### Step 9: Delete Branch (if requested)
+### Step 8: Delete Branch (if requested)
 
 **Protected branch check:** Read the protected set from `.codebyplan/git.json`:
 ```bash
@@ -135,15 +112,21 @@ After the git branch delete succeeds, run a conditional Supabase preview-branch
 
 > Lifecycle contract: see [[supabase-branch-lifecycle]].
 
-- Resolve the parent project ref: read `.codebyplan/shipment.json` `.shipment.surfaces.supabase.project_ref`; if absent or empty, read the first line of `supabase/.temp/project-ref`. Use that resolved ref as the `project_id`.
-- Call `mcp__supabase__list_branches` with the resolved `project_id`.
-- Scan the returned list for an entry whose `name` exactly equals `$BRANCH_NAME`.
-- If found: call `mcp__supabase__delete_branch` with its `branch_id`. Report "Supabase preview branch deleted: `$BRANCH_NAME`".
-- If not found: no-op silently — the GitHub integration may have already removed it on PR close; not-found is success, NOT an error.
-- If the `list_branches` call itself fails (network, auth, or a non-success response — distinct from a successful lookup that returns no match): emit a non-blocking warning that the Supabase preview branch for `$BRANCH_NAME` may still exist and should be verified in the dashboard. Do not treat an API failure as a not-found success.
-- Never delete the branch where `is_default` is true in the `list_branches` response (the production/parent project branch) or any other persistent/long-lived branch.
+- Resolve the parent project ref and apply the lifecycle guard in one deterministic call:
+
+  ```bash
+  codebyplan supabase teardown-preview "$BRANCH_NAME"
+  ```
+
+  Parse its JSON `{ status, parent_ref, project_ref, reason }`. The command never deletes anything — it reads the parent ref from `.codebyplan/shipment.json` (`.shipment.surfaces.supabase.project_ref`) and applies the protected / production / parent-ref guard from [[supabase-branch-lifecycle]].
+- If `status === "rejected"`: STOP the teardown and surface `reason` — never delete a production / protected / integration branch or one whose preview ref equals the parent.
+- Otherwise (`allowed` or `not_found`), use `parent_ref` for the live existence check — `mcp__supabase__list_branches` with `project_id: <parent_ref>`, then scan for an entry whose `name` exactly equals `$BRANCH_NAME`:
+  - If found: call `mcp__supabase__delete_branch` with its `branch_id`. Report "Supabase preview branch deleted: `$BRANCH_NAME`".
+  - If not found: no-op silently — the GitHub integration may have already removed it on PR close; not-found is success, NOT an error.
+  - If the `list_branches` call itself fails (network, auth, or a non-success response — distinct from a successful lookup that returns no match): emit a non-blocking warning that the Supabase preview branch for `$BRANCH_NAME` may still exist and should be verified in the dashboard. Do not treat an API failure as a not-found success.
+- Never delete the parent project (`parent_ref` from `codebyplan supabase teardown-preview`) itself or any persistent/production branch — the `teardown-preview` guard enforces this.
 
-### Step 10: Show Result
+### Step 9: Show Result
 
 ```
 ## Worktree Removed
@@ -159,4 +142,4 @@ After the git branch delete succeeds, run a conditional Supabase preview-branch
 ## Integration
 
 - **Related**: `/cbp-git-worktree-create` (create and register)
-- **MCP tools**: `get_worktrees`, `delete_worktree`
+- **CLI**: `codebyplan worktree remove <name>` (Step 4 — deregister from CodeByPlan)

package/templates/skills/cbp-map-architecture/SKILL.md

@@ -1,6 +1,7 @@
 ---
 scope: org-shared
 name: cbp-map-architecture
+effort: xhigh
 description: Orchestrate architecture map generation for one or all modules. Spawns the cbp-map-architecture agent per module, writes per-module .md files to .claude/architecture/, regenerates INDEX.md and graph.md, and stamps each module via the CLI. Idempotent — safe to re-run.
 argument-hint: '[--module <path>] [--deep <path,...>]'
 allowed-tools: Read, Write, Edit, Glob, Grep, Bash, Task

package/templates/skills/cbp-merge-main/SKILL.md

@@ -69,36 +69,24 @@ Triggered by `/cbp-task-start` (Step 3.6, optional stale-check), `/cbp-task-comp
 
 Supabase migrations are version-keyed by their numeric filename prefix. Two files sharing a prefix break `supabase db push`: the schema_migrations table records ONE version per prefix, the second file at the same prefix becomes orphaned, and every subsequent migration stalls — surfacing as the Supabase Preview check failing with `MIGRATIONS_FAILED`. Catch this BEFORE committing the merge, while a clean rollback is one `git merge --abort` away.
 
-1. Probe both sides of the would-be merge. Use `git ls-files` for the HEAD side so any in-progress `git mv` staged in the index (e.g. a rename produced by step 5 of a prior pass through this section) is reflected — `git ls-tree HEAD` would still see the committed-only state and re-trigger the collision. Use `git ls-tree origin/{BASE}` for the main side since we want the committed remote state, not anything locally staged:
+1. Probe both sides of the would-be merge via the deterministic CLI:
 
    ```bash
-   git ls-files supabase/migrations/ 2>/dev/null \
-     | sed 's|.*/||' | sort > /tmp/cbp-merge-our-names.txt
-   git ls-tree -r --name-only origin/{BASE} supabase/migrations/ 2>/dev/null \
-     | sed 's|.*/||' | sort > /tmp/cbp-merge-their-names.txt
+   PROBE=$(codebyplan migration-collisions --base "$BASE" --json)
+   # Parse JSON: { base, collisions: [{ prefix, ours: string[], theirs: string[] }] }
+   COLLISIONS=$(echo "$PROBE" | jq '.collisions')
    ```
 
-2. A true collision is a numeric prefix that appears on BOTH sides with DIFFERENT filenames. A shared filename (same prefix, same basename — i.e. an already-merged migration) is NOT a collision. Compute the unique-to-each-side basenames first, then look for shared prefixes within that unique set:
+2. If `COLLISIONS` is empty (`[]`), proceed silently to Step 2.
 
-   ```bash
-   # Files unique to each side (same-named files are NOT collisions)
-   comm -23 /tmp/cbp-merge-our-names.txt /tmp/cbp-merge-their-names.txt > /tmp/cbp-merge-only-ours.txt
-   comm -13 /tmp/cbp-merge-our-names.txt /tmp/cbp-merge-their-names.txt > /tmp/cbp-merge-only-theirs.txt
-   # True collision: a prefix in only-ours also appears in only-theirs (same prefix, different basename)
-   COLLISIONS=$(cat /tmp/cbp-merge-only-ours.txt /tmp/cbp-merge-only-theirs.txt \
-     | sed 's|_.*||' | sort | uniq -d)
-   ```
-
-3. If `COLLISIONS` is empty, proceed silently to Step 2.
-
-4. If `COLLISIONS` is non-empty, for each colliding prefix list both file paths (one from `HEAD`, one from `origin/{BASE}`) and surface via AskUserQuestion:
+3. If `COLLISIONS` is non-empty, for each colliding prefix in the array (each element has `prefix`, `ours[]`, `theirs[]`) surface via AskUserQuestion:
 
    - **Rename HEAD-side (Recommended when a main migration is already applied to a shared remote)** — rename the local file to a fresh, sequential timestamp that respects existing apply-order dependencies (probe `supabase migration list --db-url <preview>` if a preview branch exists, or inspect FK references in surrounding migrations). The orchestrator runs `git mv <old> <new>` itself; the rename lands in the git index and is picked up by the re-probe at step 5.
    - **Rename main-side (manual, OUT-OF-SKILL)** — only when the main file definitely has not been applied anywhere yet AND the user has write access to `{BASE}`. This skill does NOT touch the main branch: it runs on a feat branch (Step 0 enforces this) and the Key Rules below forbid any push from this skill. The user must, in a separate terminal: `git checkout {BASE} && git mv <old> <new> && git commit -m "fix(migration): rename to resolve collision with feat/..." && git push origin {BASE}`. After that push is confirmed remote-side, re-invoke `/cbp-merge-main` — Step 1 will fetch the updated main tip and Step 1.5 will re-probe with the rename in place.
    - **Defer to a new task in the active checkpoint** — `git merge --abort` is unnecessary because Step 2 has not started. Create a CHK-bound task per `cbp-round-end` reference `findings-presentation.md` "Infra Issue Absorption Contract — Resolve-in-Current-Scope by Default" and STOP `/cbp-merge-main`. Resume after the task completes.
    - **Abort merge** — STOP the skill. User decides later.
 
-5. After any HEAD-side rename action, re-execute Step 1.5 (collisions may chain — fixing one can expose another). The HEAD-side probe at step 1 uses `git ls-files` rather than `git ls-tree HEAD`, so the freshly-staged `git mv` is visible without requiring a commit. Main-side renames require a fresh `/cbp-merge-main` invocation (the user manually fetched and re-ran per option 2 above), not an in-skill loop.
+4. After any HEAD-side rename action, re-execute Step 1.5 (collisions may chain — fixing one can expose another). The CLI probes the HEAD side via `git ls-files` (so staged renames are visible), matching the documented re-probe behavior. Main-side renames require a fresh `/cbp-merge-main` invocation (the user manually fetched and re-ran per option 2 above), not an in-skill loop.
 
 This check is intentionally placed BEFORE Step 2's `git merge`: catching collisions pre-merge means no merge commit to revert, no conflict-resolution work to throw away, no Supabase Preview poll to fail.
 
@@ -165,27 +153,34 @@ This check is intentionally placed BEFORE Step 2's `git merge`: catching collisi
 
 Run a scoped subset of the testing-qa check matrix INLINE (no agent spawn — this skill stays lightweight):
 
-1. `pnpm -w lint` — always. On non-zero exit, surface stdout/stderr and AskUserQuestion:
+1. From the repo root, run:
+
+   ```bash
+   codebyplan check --scope merged --json
+   ```
+
+   `--scope merged` runs `gate6`, `lint`, `typecheck`, and `tests` (no `audit` — that is `task` scope only). The runner is **whole-repo + baseline**: it runs `turbo run lint|typecheck|test` across every package and diffs against the committed `.check-baseline.json`, so only NEW per-package failures fail a check (`status: 'fail'` with a non-empty `new_failures`). `gate6` (sibling-identity parity) is ALWAYS hard-fail and never baselined. Capture the JSON result.
+
+2. For each result entry where `status === 'fail'`, surface its `stdout`/`stderr` and present an AskUserQuestion:
    - **Continue (commit-as-is)** — leave the merge committed; flag QA failure in output.
    - **Abort merge** — `git reset --hard HEAD~1` to revert just the merge commit. Stop the skill.
    - **Skip (mark warn)** — leave the merge committed; treat as warn, not fail.
 
-2. `pnpm exec tsc --noEmit` — only if any merged file matches `*.ts` or `*.tsx`. Same three-option prompt on failure.
-
-3. `pnpm test --run` — only if any merged file matches typical source globs (`src/**`, `apps/**/src/**`, `packages/**/src/**`). Same three-option prompt on failure.
-
-4. Build a `qa_summary` object:
+3. Build a `qa_summary` object from the runner's results array:
 
    ```
    {
+     "gate6": "pass" | "fail" | "warn" | "skipped",
      "lint": "pass" | "fail" | "warn" | "skipped",
-     "tsc": "pass" | "fail" | "warn" | "skipped",
+     "typecheck": "pass" | "fail" | "warn" | "skipped",
      "tests": "pass" | "fail" | "warn" | "skipped",
      "merged_files_count": N,
      "user_choice_on_failure": "continue" | "abort" | "skip" | null
    }
    ```
 
+   Map runner `status` values: `"pass"` → `"pass"`, `"skipped"` → `"skipped"`, `"fail"` → `"fail"` or `"warn"` per the user's choice above.
+
 Do NOT auto-revert without user consent. User-driven gating is the contract.
 
 ### Step 5: Output

package/templates/skills/cbp-refresh-arch-map/SKILL.md

@@ -1,6 +1,7 @@
 ---
 scope: org-shared
 name: cbp-refresh-arch-map
+effort: high
 description: Drift-scoped refresh of the .claude/architecture/ map — re-runs the cbp-map-architecture agent for ONLY the modules whose stamped git SHA has changed, regenerates INDEX.md + graph.md, and re-stamps. Idempotent; no-op when no module has drifted.
 argument-hint: '[--module <path>]'
 allowed-tools: Read, Write, Edit, Glob, Grep, Bash, Task

package/templates/skills/cbp-round-check/SKILL.md

@@ -30,7 +30,7 @@ Set `KIND` for the rest of this skill. MCP tool names vary by KIND:
 
 # Round Check Command
 
-Run automated checks independently with mandatory execution. Updates round QA. Hard fails if mandatory checks (build/lint/types) fail.
+Run automated checks independently with mandatory execution. Updates round QA. Hard fails if mandatory checks (gate6/lint/typecheck/tests) fail.
 
 ## Instructions
 
@@ -41,80 +41,80 @@ Use Kind Detection above to set KIND. Then:
 - **checkpoint KIND**: Read `.codebyplan/state/checkpoints/<checkpointId>/tasks/<taskId>.json` (local-first) to find active task, then read `.codebyplan/state/checkpoints/<checkpointId>/tasks/<taskId>/rounds/<roundId>.json` to find the in-progress round. If missing/stale, run `npx codebyplan sync` once and re-read. Break-glass fallback: MCP `get_current_task(repo_id)` + `get_rounds(task_id)` when state dir is absent and sync fails.
 - **standalone KIND**: MCP `get_current_standalone_task(repo_id)` to find active task, then `get_standalone_rounds(standalone_task_id)` to find the in-progress round. (Standalone KIND still uses MCP until a later task.)
 
-### Step 2: Determine Project Root
+### Step 2: Run Core Check Matrix
+
+From the repo root, run:
 
-Find the correct app directory:
 ```bash
-REPO_ROOT="$(git rev-parse --show-toplevel)"
+codebyplan check --scope round --json
 ```
-Identify app dir from project structure (e.g., `apps/web/` for Next.js).
 
-### Step 3: Execute Mandatory Checks (Hard Fail)
+Capture the JSON output. The runner is **whole-repo + baseline**: it runs `turbo run lint|typecheck|test` across every package and diffs each per-package result against the committed `.check-baseline.json`, so a pre-existing failure in an unrelated package does NOT fail the check — only a NEW failure does. The result shape is:
 
-For each check, EXECUTE the command and capture stdout + stderr. Log execution status.
+```json
+{
+  "results": [
+    {"check": "gate6"|"lint"|"typecheck"|"tests"|"audit", "status": "pass"|"fail"|"skipped",
+     "exit_code": number|null, "command": string, "stdout": string, "stderr": string,
+     "executed": boolean, "new_failures"?: string[]}
+  ],
+  "any_failed": boolean,
+  "hard_fail_checks": [ ...names of checks that FAILED ]
+}
+```
 
-| Check | Command | Hard Fail |
-|-------|---------|-----------|
-| **Build** | `cd {app_dir} && npm run build 2>&1` | YES |
-| **Lint** | `cd {app_dir} && npm run lint 2>&1` | YES |
-| **Types** | `cd {app_dir} && npx tsc --noEmit 2>&1` | YES |
+Five checks run in order: `gate6` (sibling-identity parity — `node scripts/check-sibling-identity.mjs`), `lint`, `typecheck`, `tests`, `audit`. For the baselined checks (`lint`/`typecheck`/`tests`) `new_failures` lists the packages that newly fail (not in the baseline); `status` is `pass` when `new_failures` is empty **even if the underlying command exited non-zero** (those failures are pre-existing/baselined). `audit.new_failures` lists new GHSA advisory ids not in the allowlist. **`gate6` is ALWAYS hard-fail — it is never baselined**; its `new_failures` field is omitted (absent/`undefined` in the JSON, not `null`), and a sibling-parity divergence fails the round regardless of the baseline.
 
-For each:
-- Run the command via Bash tool
-- Log `EXECUTED: <command>` or `FAILED: <command> (exit code: N)`
-- If skipping (infrastructure-only changes): log `SKIPPED: <command> (reason: no app code changed)`
+`hard_fail_checks` is dynamic — it lists only the checks that failed (`[]` when all pass; e.g. `["gate6"]` or `["typecheck","tests"]`), drawn from `results[].check`. The hard-fail checks for `--scope round` are `gate6`, `lint`, `typecheck`, and `tests` (`audit` is `--scope task` only). If `any_failed === true` (equivalently, `hard_fail_checks` is non-empty), this is a **hard fail** — surface each failing result's `stdout`/`stderr` (and `new_failures`) and stop.
 
-### Step 4: Execute Conditional Checks
+### Step 3: Execute Conditional Checks
 
 | Check | Command | Condition |
 |-------|---------|-----------|
-| **Tests** | `cd {app_dir} && npx vitest --run 2>&1` | Test files exist |
 | **A11y** | Static check (aria, alt, focus) | UI files changed |
 | **API Health** | `curl -s -o /dev/null -w "%{http_code}" http://localhost:{PORT}/` | API routes changed |
 | **Visual** | Visual check flow (page-map + visual-check) | UI work + dev server running |
 
-### Step 5: Analyze Build Output
+### Step 4: Analyze Output
 
-Scan all captured output for:
+Scan each runner result's `stdout`/`stderr` for:
 - **Warnings** (not just errors)
 - **Deprecation notices** (`grep -i "deprecat"` in output)
 - **Console.log in changed files**: `grep -rn "console\.\(log\|debug\|info\)" {changed_files}` (exclude tests)
 - **Bundle size warnings**
 
-### Step 6: Save QA Results
+### Step 5: Save QA Results
 
 Update round QA:
 - **checkpoint KIND**: `codebyplan round update --id <round_id> --task-id <task_id> --checkpoint-id <checkpoint_id> --qa '<json>'` (CLI write-through: local state file + REST). Break-glass fallback: MCP `update_round(round_id, qa: ...)` when the CLI is unavailable.
 - **standalone KIND**: MCP `update_standalone_round(standalone_round_id, qa: ...)`. (Standalone KIND still uses MCP until a later task.)
 
+Map each runner result entry to a QA item:
+
 ```json
 {
   "items": [
-    {"type": "auto", "check": "build", "status": "pass", "ran_at": "...", "notes": null, "executed": true},
-    {"type": "auto", "check": "lint", "status": "fail", "ran_at": "...", "notes": "3 errors", "executed": true},
-    {"type": "auto", "check": "types", "status": "pass", "ran_at": "...", "notes": null, "executed": true},
-    {"type": "auto", "check": "tests", "status": "skipped", "ran_at": "...", "notes": "no test files", "executed": false}
+    {"type": "auto", "check": "gate6", "status": "pass", "ran_at": "...", "notes": null, "executed": true},
+    {"type": "auto", "check": "lint", "status": "pass", "ran_at": "...", "notes": null, "executed": true},
+    {"type": "auto", "check": "typecheck", "status": "fail", "ran_at": "...", "notes": "1 new failing package", "executed": true},
+    {"type": "auto", "check": "tests", "status": "pass", "ran_at": "...", "notes": "no new failures (baselined)", "executed": true}
   ]
 }
 ```
 
-### Step 7: Show Results
+### Step 6: Show Results
 
 ```
 ## Round Check Results
 
 | Check | Status | Executed | Notes |
 |-------|--------|----------|-------|
-| Build | pass | yes | - |
-| Lint | fail | yes | 3 errors |
-| Types | pass | yes | - |
-| Tests | skipped | no | no test files |
-| Visual | pass | yes | screenshots saved |
-
-### Build Analysis
-- Warnings: [N]
-- Deprecations: [N]
-- Console.logs in code: [N]
+| gate6 | pass   | yes      | sibling-identity OK |
+| lint  | pass   | yes      | -     |
+| typecheck | fail | yes    | 1 new failing package |
+| tests | pass   | yes      | no new failures (baselined) |
+| A11y  | pass   | yes      | -     |
+| Visual| pass   | yes      | screenshots saved |
 
 **Result**: [N] passed, [N] failed, [N] skipped
 **Hard fail**: [yes/no]
@@ -129,4 +129,5 @@ If soft failures only: `Run /cbp-round-start to trigger auto-fix, or fix manuall
 - **Reads (standalone KIND)**: MCP `get_current_standalone_task` / `get_standalone_rounds` (standalone KIND still uses MCP until a later task)
 - **Writes (checkpoint KIND)**: `codebyplan round update` (qa field). Break-glass: MCP `update_round`.
 - **Writes (standalone KIND)**: MCP `update_standalone_round` (qa field). (Standalone KIND still uses MCP until a later task.)
+- **Runner**: `codebyplan check --scope round --json` (whole-repo + baseline via `turbo run`; runs gate6 + lint + typecheck + tests; `--files` is accepted but ignored in whole-repo mode)
 - **Standalone**: Can be run independently at any time

package/templates/skills/cbp-round-execute/SKILL.md

@@ -178,7 +178,13 @@ Per-wave hard-fail signal — true when ANY hold:
 
 - `testing_qa_output.totals.hard_fail === true`.
 - For any framework `f` in `round.context.e2e_outputs`: `e2e_outputs[f].status === 'failed'` OR `e2e_outputs[f].test_results?.failed > 0`.
-- **`e2e_eligible_skipped`**: any framework in `round.context.e2e_eligible[]` for which no specialist output exists in `round.context.e2e_outputs` AND no valid skip reason is recorded (per the `rules/e2e-mandatory.md` valid-skip list). A silently-skipped eligible framework is a hard-fail.
+- **E2E deterministic gate** (replaces the former judgment-based `e2e_eligible_skipped` evaluation): when `round.context.e2e_eligible[]` is non-empty, first persist `e2e_eligible` / `e2e_outputs` to round context via MCP `update_round` (the Step 7 write, pulled forward — the CLI reads the round row from the DB), then run:
+
+  ```bash
+  codebyplan e2e verify-round --round-id <round_id> --task-id <task_id>
+  ```
+
+  Exit 0 = e2e pass. Exit 1 = one or more deterministic hard-fails — the stdout JSON's `failed_checks[]` identifies which (`e2e_eligible_skipped`, `zero_assertion_run`, `empty_gallery`); the `rules/e2e-mandatory.md` valid-skip list and the vscode-test empty-gallery exception are honored by the CLI. When `e2e_eligible[]` is empty, skip the CLI call — nothing to verify.
 
 **All waves hard_fail: false** → proceed to Step 7. **Any wave hard_fail: true**:
 
@@ -197,9 +203,9 @@ When `cbp-testing-qa-agent` spawn fails OR the resolved `testing_profile` is `cl
 
 `codebyplan round update --id <round-id> --task-id <uuid> --checkpoint-id <uuid> --context <json>` (CLI write-through: local state at `.codebyplan/state/checkpoints/<checkpointId>/tasks/<taskId>/rounds/<roundId>.json` + REST). Break-glass fallback: MCP `update_round` when the CLI is unavailable.
 
-- `context`: { ...existing, executor_output, testing_qa_output, e2e_eligible, e2e_outputs, frontend_ui_review }
+- `context`: { ...existing, executor_output, testing_qa_output, e2e_eligible, e2e_outputs, frontend_ui_review } — when e2e ran, `e2e_eligible` / `e2e_outputs` were already persisted by the Step 6 pull-forward write; re-include them in this merge payload (the `update_round` REPLACE contract requires re-sending every field that should remain — this is a consolidating merge, not a second write of new data).
 
-`e2e_outputs` (a framework-keyed map of specialist outputs, e.g. `{ playwright: {...}, maestro: {...} }`) and `frontend_ui_review` are present only when the gates above admitted them (≥1 eligible framework ran AND Step 5b ran). `e2e_eligible[]` records which frameworks were eligible this round and drives the Step 6 `e2e_eligible_skipped` check.
+`e2e_outputs` (a framework-keyed map of specialist outputs, e.g. `{ playwright: {...}, maestro: {...} }`) is present when ≥1 eligible framework ran. `frontend_ui_review` is present only when ≥1 eligible framework ran AND Step 5b ran (non-empty screenshots). `e2e_eligible[]` records which frameworks were eligible this round and drives the Step 6 E2E deterministic gate.
 
 ### Step 8: Auto-trigger Round End