codebyplan 1.13.52 → 1.13.54

package/templates/github-workflows/ci.yml

@@ -0,0 +1,104 @@
+# Generated by: codebyplan ci scaffold-workflow
+#
+# This workflow runs lint, typecheck, tests, and build on every pull request.
+# It is intentionally generic and works as-is for any pnpm + Turborepo project.
+#
+# By design this gates on FULL-REPO GREEN: `pnpm turbo <task>` runs the task
+# across every package with no `--filter`, so a shallow checkout (fetch-depth:1)
+# is fine — git history is not needed for affected-package detection. Per-package
+# / changed-path scoping (`scope: per_app_changed` in .codebyplan/ci.json) is
+# applied by the local CodeByPlan round/testing skills, NOT by this workflow.
+# Do not add turbo `--filter=[HEAD^]` here without also setting fetch-depth: 0.
+#
+# Two values you can adjust via `codebyplan ci scaffold-workflow`:
+#   --pnpm-version <v>   pnpm version (current: {{PNPM_VERSION}})
+#   --node-version <v>   Node.js version (current: {{NODE_VERSION}})
+#
+# Two jobs:
+#   ci         SOFT tier (authoritative required check) — the baseline-tolerant
+#              inner loop: lint, typecheck, test, build across the repo.
+#   ci-strict  HARDCORE tier (report-only) — whole-repo ABSOLUTE GREEN via
+#              `codebyplan check --scope merged --no-baseline`. Non-blocking for
+#              now; flip to a required check once the repo is absolute-green.
+
+name: CI
+
+on:
+  pull_request:
+
+# Cancel an in-progress run when a newer commit is pushed to the same PR/ref,
+# so superseded full-repo runs don't queue up and waste runner minutes.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  ci:
+    name: Lint + typecheck + test + build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: "{{PNPM_VERSION}}"
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "{{NODE_VERSION}}"
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Lint
+        run: pnpm turbo lint
+
+      - name: Typecheck
+        run: pnpm turbo typecheck
+
+      - name: Test
+        run: pnpm turbo test
+
+      - name: Build
+        run: pnpm turbo build
+
+  # ── HARDCORE strict tier (report-only) ──────────────────────────────────────
+  # Whole-repo ABSOLUTE GREEN: `codebyplan check --scope merged --no-baseline`
+  # ignores .check-baseline.json entirely, so ANY failing package (lint,
+  # typecheck, test) fails this job. This is the future checkpoint→main gate.
+  #
+  # report-only until apps/web baseline is burned down; flip to required after.
+  # `continue-on-error: true` keeps it non-blocking — the `ci` job above stays
+  # the authoritative required check. Do NOT wire this job as a branch-protection
+  # required check until the whole repo is absolute-green.
+  ci-strict:
+    name: Strict whole-repo green (report-only)
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: "{{PNPM_VERSION}}"
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "{{NODE_VERSION}}"
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Strict check (no baseline)
+        run: pnpm exec codebyplan check --scope merged --no-baseline

package/templates/github-workflows/publish.yml

@@ -1,34 +1,16 @@
-# Generated by: codebyplan scaffold-publish-workflow
-#
-# This workflow publishes the codebyplan npm package on every merge to main
-# where the committed package.json version exceeds the version currently on npm.
-# It also auto-publishes prerelease versions (e.g. 1.14.0-beta.1) from feat/**
-# branches to a scoped dist-tag (e.g. --tag beta) — see the beta channel docs
-# for the full workflow. No release PR, no conventional-commit parsing — the
-# version committed in the feat branch is the version that ships.
-#
-# Two values a consuming repo must adjust:
-#   1. paths: — set to the package directory whose package.json drives versioning
-#              (current value: 'packages/codebyplan-package/**')
-#   2. npm view <package-name> — replace `codebyplan` with the actual package name
-#              in the "Check version vs published" and exact-version check steps
-#
-# Everything else (OIDC auth, pnpm 10.12.4, Node 20, build:npm → publish) is
-# intentionally generic and works as-is for any single-package npm publish.
-
 name: Publish codebyplan to npm
 
 on:
   push:
     branches:
       - main
-      - "feat/**"
+      - 'feat/**'
     paths:
-      - "packages/codebyplan-package/**"
+      - 'packages/codebyplan-package/**'
   workflow_dispatch:
     inputs:
       dry_run:
-        description: "Print what would be published without actually publishing"
+        description: 'Print what would be published without actually publishing'
         type: boolean
         default: false
 
@@ -182,7 +164,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 22
           cache: pnpm
 
       - name: Install dependencies
@@ -210,11 +192,10 @@ jobs:
       # short-lived publish token. Requires a Trusted Publisher configured for
       # this repo + workflow on npmjs.com.
       #
-      # NO --provenance by default: npm provenance attestation only supports
-      # PUBLIC source repositories (the registry returns E422 "Unsupported
-      # source repository visibility: private" otherwise). This works for both
-      # public and private repos. If your source repo is PUBLIC and you want
-      # supply-chain attestation, add `--provenance` to the command below.
+      # NO --provenance: npm provenance attestation only supports PUBLIC source
+      # repositories (registry returns E422 "Unsupported source repository
+      # visibility: private" otherwise). This repo is private, so provenance is
+      # omitted. Re-add `--provenance` only if the source repo becomes public.
       #
       # --tag: routes stable publishes to "latest" and prerelease publishes to
       # the prerelease id (e.g. "beta", "rc"). C1 guarantee: betas never land on

package/templates/github-workflows/release-desktop.yml

@@ -0,0 +1,215 @@
+name: Release Desktop App
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "apps/desktop/**"
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+
+jobs:
+  check-version:
+    name: Check if release needed
+    runs-on: ubuntu-latest
+    outputs:
+      should_release: ${{ steps.check.outputs.should_release }}
+      version: ${{ steps.check.outputs.version }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check version tag
+        id: check
+        run: |
+          VERSION=$(jq -r '.version' apps/desktop/src-tauri/tauri.conf.json)
+          TAG="desktop-v${VERSION}"
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+
+          if git ls-remote --tags origin "refs/tags/${TAG}" | grep -q "${TAG}"; then
+            echo "Tag ${TAG} already exists - skipping release"
+            echo "should_release=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "Tag ${TAG} does not exist - will release"
+            echo "should_release=true" >> "$GITHUB_OUTPUT"
+          fi
+
+  build:
+    needs: check-version
+    if: needs.check-version.outputs.should_release == 'true'
+    # `secrets` is not allowed in `if:` expressions — map presence to a job-level
+    # env (where `secrets` IS permitted) and test that in the step condition.
+    env:
+      HAS_WINDOWS_CERT: ${{ secrets.WINDOWS_CERTIFICATE != '' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: macos-latest
+            target: aarch64-apple-darwin
+            label: macOS (Apple Silicon)
+          - platform: macos-latest
+            target: x86_64-apple-darwin
+            label: macOS (Intel)
+          - platform: windows-latest
+            target: x86_64-pc-windows-msvc
+            label: Windows (x86_64)
+
+    name: Build ${{ matrix.label }}
+    runs-on: ${{ matrix.platform }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.target }}
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Write Apple API key to file
+        if: runner.os == 'macOS'
+        run: |
+          mkdir -p ~/private_keys
+          printf '%s' "$APPLE_API_KEY_CONTENT" > ~/private_keys/AuthKey.p8
+        env:
+          APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY_CONTENT }}
+
+      - name: Build desktop app
+        # Pinned for supply-chain safety. Review before bumping:
+        # https://github.com/tauri-apps/tauri-action/releases
+        #
+        # Windows leg skipped when WINDOWS_CERTIFICATE secret is absent — lets
+        # macOS-only notarized releases ship while the Windows EV cert is being
+        # procured. When the secret is present but the build fails for any other
+        # reason (network, tauri-action bug, etc.), the step still fails loudly.
+        if: ${{ runner.os != 'Windows' || env.HAS_WINDOWS_CERT == 'true' }}
+        uses: tauri-apps/tauri-action@84b9d35b5fc46c1e45415bdb6144030364f7ebc5 # action-v0.6.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Tauri updater artifact signing (required for latest.json signatures on all platforms)
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+          # Apple Developer signing (macOS only — empty on Windows, tauri-action ignores)
+          APPLE_CERTIFICATE: ${{ runner.os == 'macOS' && secrets.APPLE_CERTIFICATE || '' }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ runner.os == 'macOS' && secrets.APPLE_CERTIFICATE_PASSWORD || '' }}
+          APPLE_SIGNING_IDENTITY: ${{ runner.os == 'macOS' && secrets.APPLE_SIGNING_IDENTITY || '' }}
+          APPLE_API_ISSUER: ${{ runner.os == 'macOS' && secrets.APPLE_API_ISSUER || '' }}
+          APPLE_API_KEY: ${{ runner.os == 'macOS' && secrets.APPLE_API_KEY || '' }}
+          APPLE_API_KEY_PATH: ${{ runner.os == 'macOS' && '~/private_keys/AuthKey.p8' || '' }}
+          # Windows code signing (Windows only — empty on macOS, tauri-action ignores)
+          WINDOWS_CERTIFICATE: ${{ runner.os == 'Windows' && secrets.WINDOWS_CERTIFICATE || '' }}
+          WINDOWS_CERTIFICATE_PASSWORD: ${{ runner.os == 'Windows' && secrets.WINDOWS_CERTIFICATE_PASSWORD || '' }}
+        with:
+          projectPath: apps/desktop
+          tauriScript: pnpm tauri
+          args: --target ${{ matrix.target }}
+          tagName: desktop-v${{ needs.check-version.outputs.version }}
+          releaseName: "CodeByPlan Desktop v${{ needs.check-version.outputs.version }}"
+          releaseBody: |
+            ## CodeByPlan Desktop v${{ needs.check-version.outputs.version }}
+
+            Download the appropriate installer for your platform:
+            - **macOS Apple Silicon** (.dmg) - For M1/M2/M3/M4 Macs
+            - **macOS Intel** (.dmg) - For older Intel-based Macs
+            - **Windows** (.msi) - For Windows 10/11 x64
+
+            ### Installation
+
+            **macOS:**
+            1. Download the `.dmg` file for your Mac
+            2. Open the `.dmg` and drag CodeByPlan to Applications
+            3. Launch CodeByPlan from Applications
+
+            **Windows:**
+            1. Download the `.msi` file
+            2. Run the installer and follow the prompts
+            3. Launch CodeByPlan from the Start Menu
+          releaseDraft: false
+          prerelease: false
+          includeUpdaterJson: true
+
+  notify:
+    needs: [check-version, build]
+    if: needs.check-version.outputs.should_release == 'true' && needs.build.result == 'success'
+    runs-on: ubuntu-latest
+    name: Register Release
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download latest.json from GitHub Release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ needs.check-version.outputs.version }}
+        run: |
+          TAG="desktop-v${VERSION}"
+          gh release download "${TAG}" --pattern "latest.json" --dir .
+
+      - name: Post release metadata to API
+        env:
+          CBP_API_KEY: ${{ secrets.CODEBYPLAN_API_KEY }}
+          VERSION: ${{ needs.check-version.outputs.version }}
+        run: |
+          TAG="desktop-v${VERSION}"
+          REPO="${{ github.repository }}"
+          BASE_URL="https://github.com/${REPO}/releases/download/${TAG}"
+
+          # Read the latest.json generated by tauri-action
+          MANIFEST=$(cat latest.json)
+          echo "Manifest: ${MANIFEST}"
+
+          # Build download URLs (for website download page)
+          AARCH64_DMG_URL="${BASE_URL}/CodeByPlan_${VERSION}_aarch64.dmg"
+          X86_64_DMG_URL="${BASE_URL}/CodeByPlan_${VERSION}_x64.dmg"
+          WINDOWS_X86_64_MSI_URL="${BASE_URL}/CodeByPlan_${VERSION}_x64_en-US.msi"
+
+          # Extract updater data from latest.json and merge with installer URLs
+          PLATFORMS=$(echo "${MANIFEST}" | jq \
+            --arg aarch64_dmg "${AARCH64_DMG_URL}" \
+            --arg x86_64_dmg "${X86_64_DMG_URL}" \
+            --arg windows_x86_64_msi "${WINDOWS_X86_64_MSI_URL}" '
+            .platforms | to_entries | map(
+              .value += (
+                if .key == "darwin-aarch64" then { "dmg_url": $aarch64_dmg }
+                elif .key == "darwin-x86_64" then { "dmg_url": $x86_64_dmg }
+                elif .key == "windows-x86_64" then { "msi_url": $windows_x86_64_msi }
+                else {}
+                end
+              )
+            ) | from_entries
+          ')
+
+          NOTES=$(echo "${MANIFEST}" | jq -r '.notes // "CodeByPlan Desktop v'"${VERSION}"'"')
+          PUB_DATE=$(echo "${MANIFEST}" | jq -r '.pub_date // empty')
+          if [ -z "${PUB_DATE}" ]; then
+            PUB_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          fi
+
+          # POST to our API
+          curl -fL -X POST \
+            "https://www.codebyplan.com/api/desktop/releases" \
+            -H "Content-Type: application/json" \
+            -H "x-api-key: ${CBP_API_KEY}" \
+            -d "$(jq -n \
+              --arg version "${VERSION}" \
+              --arg notes "${NOTES}" \
+              --arg pub_date "${PUB_DATE}" \
+              --argjson platforms "${PLATFORMS}" \
+              '{version: $version, notes: $notes, pub_date: $pub_date, platforms: $platforms}'
+            )"

package/templates/hooks/cbp-skill-context-guard.sh

@@ -21,7 +21,7 @@ THRESHOLD="${CBP_CONTEXT_WARN_TOKENS:-200000}"
 
 # Heavy close-out allowlist (cbp-clear-prep + cbp-clear-continue deliberately excluded so
 # they always run even when context > threshold).
-HEAVY_SKILLS="cbp-round-execute cbp-task-testing cbp-standalone-task-testing cbp-checkpoint-check cbp-checkpoint-end"
+HEAVY_SKILLS="cbp-round-build cbp-verify cbp-standalone-task-testing cbp-checkpoint-check cbp-checkpoint-end"
 
 # Cheap allowlist check before summing tokens
 IS_HEAVY=false

package/templates/hooks/cbp-test-hooks.sh

@@ -537,18 +537,18 @@ if [ ! -f "$GUARD_HOOK" ]; then
   test_result "cbp-skill-context-guard.sh present" "passed" "missing"
 else
 
-  # Case 1: over-threshold + cbp-round-execute (heavy) → permissionDecision=deny
+  # Case 1: over-threshold + cbp-round-build (heavy) → permissionDecision=deny
   STDIN=$(jq -n \
     --arg t "$FIXTURES_GUARD/over-threshold.jsonl" \
-    --arg s "cbp-round-execute" \
+    --arg s "cbp-round-build" \
     '{transcript_path:$t,tool_input:{skill:$s}}')
   OUTPUT=$(echo "$STDIN" | CBP_CONTEXT_WARN_TOKENS=200000 bash "$GUARD_HOOK" 2>/dev/null)
   EXIT_CODE=$?
   if [ "$EXIT_CODE" = "0" ] \
      && echo "$OUTPUT" | jq -e '.hookSpecificOutput.permissionDecision == "deny"' >/dev/null 2>&1; then
-    test_result "cbp-skill-context-guard.sh over-threshold + cbp-round-execute → deny" "passed" "passed"
+    test_result "cbp-skill-context-guard.sh over-threshold + cbp-round-build → deny" "passed" "passed"
   else
-    test_result "cbp-skill-context-guard.sh over-threshold + cbp-round-execute → deny" "passed" "failed (exit=$EXIT_CODE output=$(echo "$OUTPUT" | head -c 80))"
+    test_result "cbp-skill-context-guard.sh over-threshold + cbp-round-build → deny" "passed" "failed (exit=$EXIT_CODE output=$(echo "$OUTPUT" | head -c 80))"
   fi
 
   # Case 2: over-threshold + cbp-clear-prep (exempt) → empty stdout, exit 0
@@ -577,17 +577,17 @@ else
     test_result "cbp-skill-context-guard.sh over-threshold + cbp-clear-continue (exempt) → empty stdout" "passed" "failed (exit=$EXIT_CODE)"
   fi
 
-  # Case 4: under-threshold + cbp-round-execute → empty stdout, exit 0
+  # Case 4: under-threshold + cbp-round-build → empty stdout, exit 0
   STDIN=$(jq -n \
     --arg t "$FIXTURES_GUARD/under-threshold.jsonl" \
-    --arg s "cbp-round-execute" \
+    --arg s "cbp-round-build" \
     '{transcript_path:$t,tool_input:{skill:$s}}')
   OUTPUT=$(echo "$STDIN" | CBP_CONTEXT_WARN_TOKENS=200000 bash "$GUARD_HOOK" 2>/dev/null)
   EXIT_CODE=$?
   if [ "$EXIT_CODE" = "0" ] && [ -z "$OUTPUT" ]; then
-    test_result "cbp-skill-context-guard.sh under-threshold + cbp-round-execute → empty stdout" "passed" "passed"
+    test_result "cbp-skill-context-guard.sh under-threshold + cbp-round-build → empty stdout" "passed" "passed"
   else
-    test_result "cbp-skill-context-guard.sh under-threshold + cbp-round-execute → empty stdout" "passed" "failed (exit=$EXIT_CODE)"
+    test_result "cbp-skill-context-guard.sh under-threshold + cbp-round-build → empty stdout" "passed" "failed (exit=$EXIT_CODE)"
   fi
 
   # Case 5: empty skill_name → empty stdout, exit 0
@@ -603,7 +603,7 @@ else
   fi
 
   # Case 6: missing transcript_path → empty stdout, exit 0 (fast-path)
-  STDIN=$(jq -n --arg s "cbp-round-execute" '{tool_input:{skill:$s}}')
+  STDIN=$(jq -n --arg s "cbp-round-build" '{tool_input:{skill:$s}}')
   OUTPUT=$(echo "$STDIN" | CBP_CONTEXT_WARN_TOKENS=200000 bash "$GUARD_HOOK" 2>/dev/null)
   EXIT_CODE=$?
   if [ "$EXIT_CODE" = "0" ] && [ -z "$OUTPUT" ]; then

package/templates/hooks/validate-structure-lengths.sh

@@ -12,7 +12,7 @@ _get_limit() {
     # Documented exceptions — higher budget
     /docs/templates/*/task.md)                          echo "450 900"; return;;
     /.claude/docs/architecture/development.md)          echo "1200 2000"; return;;
-    /.claude/skills/cbp-round-start/SKILL.md)           echo "600 1000"; return;;
+    /.claude/skills/cbp-round-plan/SKILL.md)            echo "600 1000"; return;;
     /.claude/rules/development-workflow.md)             echo "250 400"; return;;
     # Unlimited files
     /CHANGELOG.md|*/CHANGELOG.md|*/user-input.md|/.claude/docs/research/*) echo ""; return;;

package/templates/hooks/validate-structure-patterns.sh

@@ -39,7 +39,7 @@ if match_path '^/\.claude/docs/stack/' \
 fi
 
 # Notation consistency (warn-only): flag bare-colon command notation in .claude/ markdown
-# See: cbp-round-start Step 0 "CHK / TASK / ROUND Identifier Notation Vocabulary" — all command refs must use /cbp-* form
+# See: cbp-round-plan Step 0 "CHK / TASK / ROUND Identifier Notation Vocabulary" — all command refs must use /cbp-* form
 if match_path '^/\.claude/(rules|skills|agents)/' && match_path '\.md$'; then
   CONTENT=$(read_input_content)
   [ -z "$CONTENT" ] && [ -f "$FILE_PATH" ] && CONTENT=$(cat "$FILE_PATH" 2>/dev/null || true)

package/templates/rules/README.md

@@ -34,7 +34,7 @@ The `install`/`update`/`uninstall` flow handles these files identically to how i
 
 ## Current status
 
-Nine rules are shipped:
+Eight rules are shipped:
 
 | Rule file | Scope | Summary |
 |---|---|---|
@@ -45,7 +45,6 @@ Nine rules are shipped:
 | `agent-claim-verification.md` | `org-shared` | Verify an agent's claimed outcomes against ground truth (git, filesystem, tool results) before trusting them |
 | `e2e-mandatory.md` | `org-shared` | E2E is opt-out: an eligible framework whose source changed in a round must run its specialist or record a valid skip |
 | `parallel-waves.md` | `org-shared` | Wave-dispatch contract for parallel round execution — topological ordering and per-wave testing |
-| `task-routing-recommendation.md` | `repo-only:codebyplan` | Two-family command surface (checkpoint-bound vs standalone) and identifier-format routing — installed only in codebyplan-family repos |
 | `cbp-operating-gotchas.md` | `org-shared` | Cross-repo CBP-tooling traps (ship/timeout/MCP-replace/worktree/lint-baseline/approval-reconcile) + behavioral prefs, inherited once by all consumers |
 
 ## Contributing a rule

package/templates/rules/agent-claim-verification.md

@@ -10,7 +10,7 @@ paths:
 <!-- Delivery: subagents receive this rule via the [[agent-claim-verification]] pointer in each
      agent's .md file. The `paths:` frontmatter surfaces it when an agent file is being *edited*,
      not when the agent is *running* — both mechanisms are intentional, so don't drop the pointer.
-     Scope is agents-only by design (cbp-round-executor, cbp-research); skill files are out of
+     Scope is agents-only by design (cbp-round-builder, cbp-research); skill files are out of
      scope this round. -->
 
 Subagents routinely emit tool calls and explanatory text that depend on a named thing *existing* — a JSON config key, a schema field, an environment-variable name, an external API's request/response shape. When that name is recalled from memory instead of read from the source, it is often subtly wrong: a renamed field, a key that moved to a different file, an API shape from an older version. Those hallucinated names cost correction rounds.

package/templates/rules/context-file-loading.md

@@ -12,20 +12,20 @@ paths:
 
 | Context File | Loaded By | Phase | Purpose |
 |--------------|-----------|-------|---------|
-| `context/testing/unit.md` | `cbp-round-executor` | Step 3.6 | Unit test patterns per framework |
+| `context/testing/unit.md` | `cbp-round-builder` | Step 3.6 | Unit test patterns per framework |
 | `context/testing/e2e.md` | `cbp-e2e-playwright`, `cbp-e2e-maestro`, `cbp-e2e-tauri`, `cbp-e2e-vscode`, `cbp-e2e-xcuitest` | Entry | Shared contract: Input/Output, preflight, failure classification, dispatch routing |
 | `context/testing/e2e.md` | `cbp-testing-qa-agent` | Preflight | Env var list per framework |
 | `context/testing/e2e.md` | `cbp-checkpoint-plan` | Step 4 | Discovery probe dispatch contract |
-| `context/testing/e2e.md` | `cbp-round-execute` | Step 5 | E2E specialist dispatch routing |
+| `context/testing/e2e.md` | `cbp-round-build` | Step 5 | E2E specialist dispatch routing |
 | `context/testing/e2e.md` | `cbp-checkpoint-check` | Step 5b | Whole-checkpoint e2e dispatch |
-| `context/testing/eslint.md` | `cbp-task-planner` | Phase 1.5 | ESLint Compliance Checklist |
-| `context/testing/eslint.md` | `cbp-improve-round` | Phase 1.5 | Config-file compliance audit |
-| `context/mcp-docs.md` | `cbp-task-planner` | Phase 2.6 | MCP library doc lookup contract — per-dependency consultation via DocsByPlan MCP tools (resolve_library_id → search_chunks/lookup_symbol → get_chunk) |
-| `context/mcp-docs.md` | `cbp-round-executor` | Step 3.4 | Library-specific reference — pre-write API verification via DocsByPlan MCP tools |
+| `context/testing/eslint.md` | `cbp-round-planner` | Phase 1.5 | ESLint Compliance Checklist |
+| `context/testing/eslint.md` | `cbp-verify-reviewer` | Config-File Mode | Config-file compliance audit |
+| `context/mcp-docs.md` | `cbp-round-planner` | Phase 2.6 | MCP library doc lookup contract — per-dependency consultation via DocsByPlan MCP tools (resolve_library_id → search_chunks/lookup_symbol → get_chunk) |
+| `context/mcp-docs.md` | `cbp-round-builder` | Step 3.4 | Library-specific reference — pre-write API verification via DocsByPlan MCP tools |
 | `context/architecture/arch-map-spec.md` | `cbp-map-architecture` | Entry | Canonical architecture-map artifact format — per-module frontmatter + sections, INDEX.md row format, dependency-graph format |
-| `context/architecture-map.md` | `cbp-task-planner` | Phase 3 | Architecture map consultation contract — when + how to read per-module maps before finalizing scope |
-| `context/architecture-map.md` | `cbp-round-executor` | Step 2.4 | Architecture map consultation contract — when + how to read per-module maps before editing files |
-| `rules/parallel-waves.md` | `cbp-task-planner` | Phase 5.6 | Wave schema, invariants (3..15 file-count), and the proximity-split algorithm (a `rules/` file, not `context/**`; listed here for consumer discoverability) |
+| `context/architecture-map.md` | `cbp-round-planner` | Phase 3 | Architecture map consultation contract — when + how to read per-module maps before finalizing scope |
+| `context/architecture-map.md` | `cbp-round-builder` | Step 2.4 | Architecture map consultation contract — when + how to read per-module maps before editing files |
+| `rules/parallel-waves.md` | `cbp-round-planner` | Phase 5.6 | Wave schema, invariants (3..15 file-count), and the proximity-split algorithm (a `rules/` file, not `context/**`; listed here for consumer discoverability) |
 
 New context files MUST be added here in the same change that introduces the consumer — or the file is orphan infrastructure.
 
@@ -37,7 +37,7 @@ New context files MUST be added here in the same change that introduces the cons
 
 ## Why Fail Loudly
 
-Silent fallback hides drift. A rename or deletion of `context/testing/unit.md` would let `cbp-round-executor` keep writing tests from memory, drifting from the canonical recipe. A failed agent surfaces the drift on the first invocation; silent fallback lets it compound.
+Silent fallback hides drift. A rename or deletion of `context/testing/unit.md` would let `cbp-round-builder` keep writing tests from memory, drifting from the canonical recipe. A failed agent surfaces the drift on the first invocation; silent fallback lets it compound.
 
 ## Path Convention
 

package/templates/rules/development-workflow.md

@@ -0,0 +1,73 @@
+---
+description: The full CodeByPlan development loop — session, planning, the round build/verify cycle, and checkpoint ship — as a concise skill map.
+paths:
+  - ".claude/skills/cbp-session-start/**"
+  - ".claude/skills/cbp-todo/**"
+  - ".claude/skills/cbp-round-plan/**"
+  - ".claude/skills/cbp-verify/**"
+  - ".claude/skills/cbp-finalize/**"
+---
+
+# Development Workflow
+
+The full pipeline, as a map (not a tutorial). Each arrow is an auto-trigger or a single `Next:`
+directive — never an A/B/C menu (`feedback-close-out-routing.md`). Skill names below are the
+canonical post-redesign names.
+
+## Session Frame
+
+```
+/cbp-session-start   →   ... work ...   →   /cbp-session-end
+```
+
+`/cbp-todo` answers "what do I work on next" inside a session.
+
+## Planning a Unit of Work
+
+```
+checkpoint-bound:  /cbp-checkpoint-create → /cbp-checkpoint-plan → /cbp-checkpoint-start
+standalone:        /cbp-standalone-task-create → /cbp-standalone-task-start
+```
+
+`cbp-checkpoint-create` is mechanical (checkpoint row + feat branch, zero tasks);
+`cbp-checkpoint-plan` does the deep planning (tasks as vertical slices); `cbp-checkpoint-start`
+activates + claims. Standalone work skips checkpoint shipment entirely.
+
+## The Round Cycle (per task)
+
+```
+/cbp-round-plan  →  /cbp-round-build  →  /cbp-verify (scope=round)  →  /cbp-round-complete
+       ↑                                                                      │
+       └──────────────── more work wanted on the task ───────────────────────┘
+```
+
+- **`/cbp-round-plan`** — round planning entry (round-1 planning + the folded-in round-input
+  deep-analysis role). Spawns `cbp-round-planner`.
+- **`/cbp-round-build`** — owns the plan-approval gate + per-wave execution. Spawns
+  `cbp-round-builder`; auto-triggers `/cbp-verify`.
+- **`/cbp-verify` (round scope)** — unified verify stage: deterministic gates +
+  real-execution proof + fresh-context review (`cbp-verify-reviewer`). Any fail → `/cbp-round-plan`
+  fix round.
+- **`/cbp-round-complete`** — the separate `ask`-tier, `disable-model-invocation` human git-add
+  finalizer. The user stages approved files; it reconciles + completes the round.
+
+## Closing the Task → Checkpoint
+
+On the **last clean round** of a task, verify escalates to task scope and finalizes:
+
+```
+/cbp-verify (scope=task)  →  /cbp-finalize  →  /cbp-checkpoint-check  →  /cbp-checkpoint-end
+```
+
+- **`/cbp-verify` (scope=task)** — whole-repo `codebyplan check --scope task`, holistic reviewer,
+  one batched human walkthrough, writes `task.context.verify_verdict={verdict:'READY'}`.
+- **`/cbp-finalize`** — task-level ship finalizer.
+- **`/cbp-checkpoint-check`** then **`/cbp-checkpoint-end`** — checkpoint re-evaluation +
+  shipment (hardcore CI tier, `rules/two-tier-ci.md`).
+
+## Cross-References
+
+- `rules/two-tier-ci.md` — soft (round/task) vs hardcore (checkpoint) gate strictness.
+- `rules/execution-proof.md` — the committed-artifact obligation at every verify.
+- `rules/spawn-failure-is-gate-failure.md` — agent spawn failure is a STOP, not a self-grade.
+- `rules/task-routing-recommendation.md` — checkpoint-bound vs standalone command families.

package/templates/rules/e2e-mandatory.md

@@ -14,7 +14,7 @@ A framework is **eligible** in a round when ALL hold:
 - The framework's `app` source path intersects the round's `files_changed` (repo root for
   single-app repos).
 
-When eligible, `/cbp-round-execute` Step 5 spawns the matching specialist in parallel with
+When eligible, `/cbp-round-build` Step 5 spawns the matching specialist in parallel with
 `cbp-testing-qa-agent`; `/cbp-checkpoint-check` Step 5b does the same against the aggregated
 file union with `whole_checkpoint_mode: true`.
 
@@ -28,8 +28,8 @@ no hard-fail fires.
 ## `e2e_eligible_skipped` Hard-Fail
 
 If a framework was eligible this round but no specialist ran AND no valid skip reason is
-recorded, the round **hard-fails** and `/cbp-round-execute` Step 6 auto-triggers
-`/cbp-round-input`. Silent skips are bugs, not conveniences — this is the enforcement behind
+recorded, the round **hard-fails** and `/cbp-round-build` Step 6 auto-triggers
+`/cbp-round-plan`. Silent skips are bugs, not conveniences — this is the enforcement behind
 the opt-out contract.
 
 **Valid skip reasons** (must be recorded in `round.context.e2e_outputs[framework]` or the
@@ -54,8 +54,8 @@ check. Pre-flight (`context/testing/e2e.md` Step 6.5.1) is the only mechanism fo
 env-conditional skipping.
 
 A spec that ran with `passed === 0 && skipped > 0` for any path touching `files_changed` is a
-**hard fail**, not a pass — `cbp-task-check` (`agents/cbp-task-check.md`) refuses a READY
-verdict on a zero-assertion e2e run and routes to a fix round per this rule.
+**hard fail**, not a pass — `cbp-verify-reviewer` (`agents/cbp-verify-reviewer.md`) refuses a
+READY verdict on a zero-assertion e2e run and routes to a fix round per this rule.
 
 ## Committed-Screenshot Enforcement
 
@@ -64,7 +64,7 @@ path it touched is a defect — not a valid pass. Every framework must write at
 PNG to its committed dir (per the table in `context/testing/e2e.md` § Committed-Screenshot
 Mandate) and `git add` it before reporting `status: 'completed'`.
 
-`cbp-task-check` refuses a READY verdict when `e2e_gallery[]` is empty AND the round
+`cbp-verify-reviewer` refuses a READY verdict when `e2e_gallery[]` is empty AND the round
 touched UI source paths for an eligible framework — sole exception: `vscode-test`-only
 rounds (SD-3, behavior-only extensions; see below). The fix path is the same as for a
 zero-assertion run: open a fix round that captures the missing committed screenshots.
@@ -77,7 +77,7 @@ has no visual output (behavior-only tests). Agents must still define the dir and
 
 - `context/testing/e2e.md` — Input/Output contract, pre-flight loop, failure classification,
   committed-screenshot mandate, auto-new/gated-changed model, and dispatch routing table.
-- `agents/cbp-task-check.md` — enforces the zero-assertion hard-fail and the empty
+- `agents/cbp-verify-reviewer.md` — enforces the zero-assertion hard-fail and the empty
   `e2e_gallery[]` hard-fail at verdict time.
-- `skills/cbp-round-execute/SKILL.md` Step 5/6, `skills/cbp-checkpoint-check/SKILL.md` Step 5b
+- `skills/cbp-round-build/SKILL.md` Step 5/6, `skills/cbp-checkpoint-check/SKILL.md` Step 5b
   — the config-driven dispatch and `e2e_eligible_skipped` gate implementations.