codebyplan 1.13.65 → 1.13.67

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codebyplan",
-  "version": "1.13.65",
+  "version": "1.13.67",
   "description": "CLI for CodeByPlan — AI-powered development planning and tracking",
   "type": "module",
   "bin": {
@@ -52,18 +52,17 @@
     "registry": "https://registry.npmjs.org/"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=22"
   },
   "dependencies": {
     "@napi-rs/keyring": "^1.1.6",
-    "@supabase/supabase-js": "^2.106.0",
-    "ws": ">=8.20.1"
+    "@supabase/supabase-js": "^2.106.0"
   },
   "devDependencies": {
     "@eslint/js": "^9.18.0",
-    "@types/node": "^20",
+    "@types/node": "^22",
     "@vitest/eslint-plugin": "^1.1.44",
-    "esbuild": ">=0.28.1",
+    "esbuild": "^0.28.1",
     "eslint": "^9.18.0",
     "eslint-config-prettier": "^10.0.1",
     "eslint-plugin-no-secrets": "^2.2.1",

package/templates/agents/cbp-security-agent.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-security-agent
 description: Security review specialist. Checks for OWASP top 10 vulnerabilities, hardcoded secrets, SQL injection, XSS, CSRF, and dependency vulnerabilities.
 tools: Read, Glob, Grep, Bash

package/templates/agents/cbp-stripe-agent.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-stripe-agent
 description: Stripe integration specialist. Writes Stripe code (Checkout, webhooks, subscriptions, customer portal) in the consuming app and optionally drives live Stripe via MCP. Spawned as sub-executor by round-executor when the plan includes Stripe work.
 tools: Read, Write, Edit, Glob, Grep, Bash, AskUserQuestion

package/templates/agents/cbp-testing-qa-agent.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-testing-qa-agent
 description: Combined testing, QA generation, and default checklists. Runs build/lint/types/unit-tests/audit, generates auto QA items, applies default production checklists. Does NOT consume e2e screenshots or frontend-ui findings.
 tools: Read, Glob, Grep, Bash, AskUserQuestion

package/templates/hooks/cbp-skill-context-guard.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook: PreToolUse (Skill)
 # Purpose: Deny heavy close-out skills when context window exceeds the model-aware threshold:
 #          200K tokens for standard models (CBP_CONTEXT_WARN_TOKENS, default 200000);

package/templates/hooks/cbp-test-hooks.sh

@@ -374,87 +374,6 @@ fi
 
 echo ""
 
-# ===== HOOK SMOKE TESTS — cbp-mcp-caller-worktree-inject =====
-echo "## Hook Smoke Tests — cbp-mcp-caller-worktree-inject (CHK-198)"
-
-INJECT_HOOK="$HOOKS_DIR/cbp-mcp-caller-worktree-inject.sh"
-# Absolute path — the fail-open test runs the hook from a temp cwd (to isolate it
-# from this repo's git context), where the relative "$HOOKS_DIR" no longer resolves.
-INJECT_HOOK_ABS="$(cd "$HOOKS_DIR" 2>/dev/null && pwd)/cbp-mcp-caller-worktree-inject.sh"
-
-if [ ! -f "$INJECT_HOOK" ]; then
-  test_result "cbp-mcp-caller-worktree-inject.sh present" "passed" "missing"
-else
-  test_result "cbp-mcp-caller-worktree-inject.sh present" "passed" "passed"
-
-  FIRST_LINE=$(head -1 "$INJECT_HOOK")
-  if echo "$FIRST_LINE" | grep -q '^#!/'; then
-    test_result "cbp-mcp-caller-worktree-inject.sh has shebang" "passed" "passed"
-  else
-    test_result "cbp-mcp-caller-worktree-inject.sh has shebang" "passed" "missing"
-  fi
-
-  if grep -q '@scope: org-shared' "$INJECT_HOOK"; then
-    test_result "cbp-mcp-caller-worktree-inject.sh has @scope: org-shared" "passed" "passed"
-  else
-    test_result "cbp-mcp-caller-worktree-inject.sh has @scope: org-shared" "passed" "missing"
-  fi
-
-  # Fail-open: run from a non-repo temp dir with no worktree cache and no
-  # CLAUDE_PROJECT_DIR — neither the cache nor the CLI fallback can resolve a
-  # worktree, so the hook must exit 0 with empty stdout (no updatedInput).
-  ISO=$(mktemp -d)
-  OUTPUT=$( (cd "$ISO" && env -u CLAUDE_PROJECT_DIR bash "$INJECT_HOOK_ABS" <<< '{"tool_input":{"task_id":"x"}}') 2>/dev/null )
-  EXIT_CODE=$?
-  if [ "$EXIT_CODE" = "0" ] && [ -z "$OUTPUT" ]; then
-    test_result "cbp-mcp-caller-worktree-inject.sh fail-open (unresolvable) exits 0 + empty stdout" "passed" "passed"
-  else
-    test_result "cbp-mcp-caller-worktree-inject.sh fail-open (unresolvable) exits 0 + empty stdout" "passed" "failed (exit=$EXIT_CODE)"
-  fi
-  rm -rf "$ISO"
-
-  # C6 — input already carries a non-empty caller_worktree_id → never overwrite;
-  # early-return with exit 0 and empty stdout (no resolution attempted).
-  OUTPUT=$(echo '{"tool_input":{"caller_worktree_id":"11111111-1111-1111-1111-111111111111"}}' | bash "$INJECT_HOOK" 2>/dev/null)
-  EXIT_CODE=$?
-  if [ "$EXIT_CODE" = "0" ] && [ -z "$OUTPUT" ]; then
-    test_result "cbp-mcp-caller-worktree-inject.sh C6 keeps existing caller_worktree_id (exit 0 + empty stdout)" "passed" "passed"
-  else
-    test_result "cbp-mcp-caller-worktree-inject.sh C6 keeps existing caller_worktree_id (exit 0 + empty stdout)" "passed" "failed (exit=$EXIT_CODE)"
-  fi
-
-  # Injection — a worktree.local.json whose .branch matches the current git branch
-  # makes the cache fast-path resolve. Use a synthetic UUID so the assertion proves
-  # the cache value (not the live CLI) was injected. Skipped when no concrete git
-  # branch resolves (detached HEAD / non-git checkout) or jq is unavailable.
-  CUR_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
-  if [ -n "$CUR_BRANCH" ] && [ "$CUR_BRANCH" != "HEAD" ] && command -v jq >/dev/null 2>&1; then
-    ISO=$(mktemp -d)
-    mkdir -p "$ISO/.codebyplan"
-    FAKE_WT="abcdef01-2345-6789-abcd-ef0123456789"
-    jq -n --arg b "$CUR_BRANCH" --arg w "$FAKE_WT" \
-      '{worktree_id:$w, branch:$b}' > "$ISO/.codebyplan/worktree.local.json"
-    OUTPUT=$(CLAUDE_PROJECT_DIR="$ISO" bash "$INJECT_HOOK" <<< '{"tool_input":{"task_id":"x"}}' 2>/dev/null)
-    EXIT_CODE=$?
-    INJECTED=$(echo "$OUTPUT" | jq -r '.hookSpecificOutput.updatedInput.caller_worktree_id // empty' 2>/dev/null)
-    # Sibling-key survival — CC's updatedInput REPLACES tool_input wholesale (it is
-    # not a partial merge), so the hook must echo back every original field merged
-    # with caller_worktree_id. Assert the non-target sibling key (task_id) survives;
-    # this is the assertion gap that let the replace-vs-merge bug ship in round 2.
-    PRESERVED=$(echo "$OUTPUT" | jq -r '.hookSpecificOutput.updatedInput.task_id // empty' 2>/dev/null)
-    if [ "$EXIT_CODE" = "0" ] && [ "$INJECTED" = "$FAKE_WT" ] && [ "$PRESERVED" = "x" ]; then
-      test_result "cbp-mcp-caller-worktree-inject.sh injects caller_worktree_id AND preserves sibling keys" "passed" "passed"
-    else
-      test_result "cbp-mcp-caller-worktree-inject.sh injects caller_worktree_id AND preserves sibling keys" "passed" "failed (exit=$EXIT_CODE injected=$INJECTED preserved=$PRESERVED)"
-    fi
-    rm -rf "$ISO"
-  else
-    test_result "cbp-mcp-caller-worktree-inject.sh injection test (no branch resolvable — skipped)" "passed" "passed"
-  fi
-fi
-
-echo ""
-
 # ===== HOOK SMOKE TESTS — cbp-session-start-hook =====
 echo "## Hook Smoke Tests — cbp-session-start-hook (CHK-178)"
 

package/templates/hooks/validate-structure-lib.sh

@@ -103,17 +103,44 @@ has_scope_comment() {
 }
 
 # has_template_twin <rel_path_under_claude>
-# Returns 0 when the codebyplan package ships a template twin for this .claude file
-# (i.e. the file is package-MANAGED — org-shared is its implicit default and a
-# scope marker is NOT required). <rel_path_under_claude> is the path beneath
-# .claude/ (e.g. "rules/foo.md", "skills/x/SKILL.md").
-#   Monorepo: $REPO_ROOT/packages/codebyplan-package/templates/<rel>
-#   Consumer: $REPO_ROOT/node_modules/codebyplan/templates/<rel>
-# Returns non-zero when no twin is found — including when no templates dir is
-# resolvable at all. Callers treat a non-zero result as "user-created", which is
-# the conservative fallback: a scope marker is then required (legacy behavior).
+# Returns 0 when the file is package-MANAGED (a template twin exists) — org-shared
+# is its implicit default and a scope marker is NOT required. <rel_path_under_claude>
+# is the path beneath .claude/ (e.g. "rules/foo.md", "skills/x/SKILL.md").
+#
+# Resolution order:
+#   1. The install manifest (.claude/.cbp.manifest.json, with mid/legacy filename
+#      fallback). Its files[].dest entries are the authoritative record of what
+#      codebyplan installed INTO THIS repo — independent of where the package
+#      lives on disk (pnpm symlinks, hoisting, monorepo sub-packages). Requires jq.
+#   2. Filesystem probe of the package's templates dir — fallback when there is no
+#      manifest/jq, and a backstop so a stale manifest never hides a genuine twin:
+#        Monorepo: $REPO_ROOT/packages/codebyplan-package/templates/<rel>
+#        Consumer: $REPO_ROOT/node_modules/codebyplan/templates/<rel>
+# Returns non-zero when no twin is found by either path. Callers treat non-zero as
+# "user-created": a scope marker is then required (the conservative fallback).
 has_template_twin() {
   local rel="$1"
+
+  # 1. Authoritative: the install manifest lists every managed file by dest path.
+  if command -v jq >/dev/null 2>&1; then
+    local manifest
+    for manifest in \
+      "$REPO_ROOT/.claude/.cbp.manifest.json" \
+      "$REPO_ROOT/.claude/.cbp-claude.manifest.json" \
+      "$REPO_ROOT/.claude/.codebyplan-claude.manifest.json"; do
+      if [ -f "$manifest" ]; then
+        if jq -e --arg rel "$rel" 'any(.files[]?; .dest == $rel)' "$manifest" >/dev/null 2>&1; then
+          return 0
+        fi
+        # Manifest found but does not list this file — stop scanning older
+        # manifest names and fall through to the filesystem probe (a stale
+        # manifest must not hide a genuine template twin).
+        break
+      fi
+    done
+  fi
+
+  # 2. Fallback / backstop: probe the package's templates dir directly.
   [ -f "$REPO_ROOT/packages/codebyplan-package/templates/$rel" ] && return 0
   [ -f "$REPO_ROOT/node_modules/codebyplan/templates/$rel" ] && return 0
   return 1

package/templates/rules/cbp-operating-gotchas.md

@@ -25,11 +25,13 @@ SHARED tooling behavior only — repo-specific gotchas belong in that repo's own
   clobbers existing `decisions` / `discoveries` / `check_results`. Always read the current row,
   merge your change into the full object/array, then write the whole thing back.
 
-- **`resolve-worktree` empty output = a NULL `(device, path, branch)` tuple, not a broken
-  resolver.** When identity is unresolved the server can collapse the caller to the repo's main
-  worktree, so feat-locked writes get rejected. Pass `caller_worktree_id` on every MCP mutation,
-  and confirm ownership by matching the row's repo path + branch to the current directory before
-  mutating.
+- **User-level locks are invisible until a mutation they block.** `get_checkpoints` /
+  `get_tasks` succeed even when another user holds the assignment; the 403 fires only on
+  `update_*` / `complete_*`. The lock keys on the JWT user (`ctx.userId`) vs the row's
+  `assigned_user_id` (null = open). `caller_worktree_id` / `worktree_id` params are
+  accepted-and-ignored — do not thread them. Verify `assigned_user_id` matches
+  `npx codebyplan whoami` before mutating; recover a stale assignment with
+  `release_assignment` (maintainer).
 
 - **Full-repo lint/type baselines are often pre-existing red.** A round must gate on the files
   it changed, not the whole-repo baseline — scope lint/tsc checks to the round's changed set so a
@@ -42,14 +44,10 @@ SHARED tooling behavior only — repo-specific gotchas belong in that repo's own
   files or carried directory-slash round artifacts, `complete_task` can hard-fail "N files not
   approved"; fix by re-writing each affected round's `files_changed` via `update_round`.
 
-- **CLI transport uses REST (reads) and OAuth+MCP (writes) — a 502 from `codebyplan round sync-approvals` is transient MCP churn, not an outage.** The CLI exits 0 with a warning and MCP tools still work. A missing `CODEBYPLAN_API_KEY` surfaces as an `ApiError`, not a 502. `sync-approvals` can also drag untracked per-device dirs into `files_changed` — run it from the repo root or pass `--caller-worktree-id`.
+- **CLI transport uses REST (reads) and OAuth+MCP (writes) — a 502 from `codebyplan round sync-approvals` is transient MCP churn, not an outage.** The CLI exits 0 with a warning and MCP tools still work. A missing `CODEBYPLAN_API_KEY` surfaces as an `ApiError`, not a 502. `sync-approvals` can also drag untracked per-device dirs into `files_changed` — run it from the repo root.
 
 - **`codebyplan claude update` requires a TTY.** On non-TTY stdin (CI, piped) it half-applies then errors. Re-run with `--yes` to accept defaults non-interactively.
 
-- **Checkpoint locks are invisible until a mutation they block.** `get_checkpoints` / `get_tasks` succeed even when another worktree holds the lock; the 403 fires only on `update_*` / `complete_*`. Verify the row's `worktree_id` matches the caller before mutating. A null-`worktree_id` checkpoint can still be actively shipped by whichever worktree physically holds its feat branch — check `git worktree list` first.
-
-- **`update_task` accepts `caller_worktree_id` for lock-verify only — it does NOT assign ownership.** Ownership assignment goes through the web UI or the dedicated assignment path. Don't conflate `caller_worktree_id` with `assigned_worktree_id`.
-
 - **Re-run config-driven gates after merging main into a feat branch.** A merge can add or change `.codebyplan/shipment.json`, ports, branch config, `e2e.json`, and `eslint.json` — treat the post-merge state as a fresh baseline before continuing.
 
 - **MCP write calls can return 403 via Cloudflare WAF when the JSONB payload contains DDL

package/templates/rules/todo-backend.md

@@ -20,8 +20,8 @@ Defined in `supabase/migrations/20260511211900_chk111_workflow_invariants.sql` (
 | 2 | `trg_enforce_standalone_task_workflow_invariants` | A standalone task cannot be moved to `in_progress` without `assigned_user_id` (CHK-225: was `assigned_worktree_id`) |
 | 3 | `trg_enforce_task_workflow_invariants` | ≤ 1 `in_progress` task per checkpoint |
 | 4 | `trg_enforce_single_in_progress_round_per_task` | ≤ 1 `in_progress` round per task |
-| 5 | `trg_enforce_single_active_scope_per_worktree` | ≤ 1 active (checkpoint OR standalone task) per `assigned_user_id` (CHK-225: was per `worktree_id`) |
-| 6 | `trg_enforce_standalone_task_scope_per_worktree` | ≤ 1 `in_progress` standalone task per `assigned_user_id` (CHK-225: was per `assigned_worktree_id`) |
+| 5 | `trg_enforce_single_active_scope_per_worktree` | ≤ 1 active (checkpoint OR standalone task) per `branch_name` (CHK-235: was per `assigned_user_id`) |
+| 6 | `trg_enforce_standalone_task_scope_per_worktree` | ≤ 1 `in_progress` standalone task per `branch_name` (CHK-235: was per `assigned_user_id`) |
 
 The worker is a passive cross-checker (`apps/todo-worker/src/invariants/check.ts`) — if its check disagrees with the DB, the DB wins.
 
@@ -109,6 +109,8 @@ CHK-111 shipped the original todos queue as Postgres triggers + a 583-LOC `regen
 
 CHK-225 updated the invariant triggers from worktree-scoped to user-scoped (`assigned_user_id`). The trigger names were preserved for continuity; only the function bodies changed. Migration: `20260612000000_chk225_task1_user_locks.sql`.
 
+CHK-235 re-scoped the same two trigger functions from per-`assigned_user_id` to per-`branch_name`, restoring multi-worktree concurrency (one active scope per feat branch). Migration: `20260622000000_chk235_task1_active_scope_per_branch.sql`.
+
 ## 8. Deployment — Railway
 
 `apps/todo-worker` runs as a Railway service alongside `apps/backend`. Setup:

package/templates/skills/cbp-build-cc-settings/reference/cbp-permission-policy.md

@@ -24,15 +24,15 @@ Precedence is `deny > ask > allow`; arrays union across scopes (managed/user/pro
 
 - **Non-lifecycle, non-shipment `/cbp-*` skills** — authoring (`cbp-build-cc-*`), frontend (`cbp-frontend-*`), git (`cbp-git-*`, `cbp-merge-main`, `cbp-refresh-infra`), round work (`cbp-round-plan`, `cbp-verify` — `cbp-verify` is the autonomous verify stage that runs deterministic gates, proves execution, spawns the fresh-context reviewer, and routes to `cbp-round-complete` or `cbp-round-plan`, so it runs without a prompt), setup/configure (`cbp-setup-*`, `cbp-ship-configure`, `cbp-supabase-*`), task prep (`cbp-task-create`/`-start`, `cbp-standalone-task-check`/`-testing`), planning (`cbp-checkpoint-plan`/`-update`), plus `cbp-session-start` and `cbp-todo`. Invoking a skill is the intended mode of operation; the gated side effects happen inside via the Bash/MCP tools the skill calls, which carry their own tiering. The lifecycle/state-transition and plan-approval skills are the exception — they live in `ask` (next section).
 - **All `mcp__codebyplan__*` reads** (`get_*`, `list_*`, `search_*`, `health_check`, `lookup_symbol`, `resolve_library_id`, `get_chunk`).
-- **Routine workflow-write MCP tools** the pipeline calls many times per task: create/update/complete checkpoint, task, and round; session log + session-state writes; `create_worktree`, `add_library`, `flag_stale_chunk`, `update_server_config`, `update_eslint_repo_config`. Gating these with `ask` would make the autonomous workflow unusable.
-- **Read/safe CLI commands** (both `codebyplan X` and `npx codebyplan X`): `whoami`, `resolve-worktree`, `statusline`, `ports`, `tech-stack`, `eslint`, `round`, `help`, `--version`.
+- **Routine workflow-write MCP tools** the pipeline calls many times per task: create/update/complete checkpoint, task, and round; session log + session-state writes; `add_library`, `flag_stale_chunk`, `update_server_config`, `update_eslint_repo_config`. Gating these with `ask` would make the autonomous workflow unusable.
+- **Read/safe CLI commands** (both `codebyplan X` and `npx codebyplan X`): `whoami`, `docs`, `statusline`, `ports`, `tech-stack`, `eslint`, `round`, `help`, `--version`.
 
 ### `ask` — the deliberate confirm-gate
 
 - **Production-shipment skills**: `cbp-ship`, `cbp-ship-main`, `cbp-checkpoint-end` — these promote/deploy to production, so they prompt even in an otherwise auto-allowed setup.
 - **Lifecycle / state-transition skills**: `cbp-checkpoint-start`, `cbp-checkpoint-create`, `cbp-checkpoint-check`, `cbp-checkpoint-complete`, `cbp-round-complete`, `cbp-session-end`, `cbp-finalize`, `cbp-standalone-task-create`, `cbp-standalone-task-start`, `cbp-standalone-task-complete` — these open or close checkpoints, tasks, rounds, and sessions (advancing workflow state in the database), so they stop for explicit confirmation rather than running autonomously. `cbp-round-complete` is the permission-gated round finalizer (reconciles the user's `git add`s, completes the round, routes onward); its `ask` prompt is the human gate downstream of `cbp-verify` — the autonomous, `allow`-tier verify stage whose triage routes here.
 - **Plan-approval gate**: `cbp-round-build` — the round plan is approved by confirming this `ask` prompt rather than via an in-skill AskUserQuestion. `cbp-round-plan` runs its planning Q&A, then hands off to `cbp-round-build`; the permission prompt is the user's go/no-go on the plan.
-- **Destructive / admin MCP tools**: `delete_session_log`, `delete_worktree`, `create_repo`, `release_assignment`. (The launch and member-admin tools were dropped from the MCP surface in CHK-180 — those concerns are web-app only now.)
+- **Destructive / admin MCP tools**: `delete_session_log`, `create_repo`, `release_assignment`. (The launch and member-admin tools were dropped from the MCP surface in CHK-180 — those concerns are web-app only now.)
 - **Mutating / external / clobber-risk CLI commands** (both prefixes): `setup`, `login`, `logout`, `upgrade-auth`, `config` (can overwrite committed `.codebyplan/` files), `branch` (rewrites branch config), `ship`, `claude` (`install`/`update`/`uninstall` overwrite `.claude/`).
 
 ### `deny` — unchanged

package/templates/skills/cbp-checkpoint-check/SKILL.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-checkpoint-check
 description: Full re-evaluation of a checkpoint with before/after comparison
 argument-hint: [CHK-NNN]

package/templates/skills/cbp-checkpoint-end/SKILL.md

@@ -280,15 +280,21 @@ Scan the output for any `worktree` entry whose `branch` field matches `refs/head
 **Case A — the current session is NOT inside that worktree path:**
 
 ```bash
-codebyplan worktree remove <path>
+codebyplan worktree remove <abs-path>   # pass the absolute path from worktree list
 git worktree prune
 ```
 
-Record the removed path in `WORKTREES_REMOVED[]`. If `codebyplan worktree remove` exits
-non-zero, emit a non-blocking warning and continue — a failed removal does not halt shipment.
+`codebyplan worktree remove <abs-path>` handles both the git worktree removal and the
+remote feat-branch deletion (non-fatal). No separate `git push origin --delete` is needed
+here. Parse the JSON output; record `{ path, removed: true, remote_branch_deleted }` in
+`WORKTREES_REMOVED[]`. On any non-zero exit (except exit code 2 — see Case B), emit a
+non-blocking warning and continue — a failed removal does not halt shipment.
 
-**Case B — the current session IS inside that worktree path (i.e. `$PWD` starts with
-`<path>`):**
+**Case B — the current session IS inside that worktree path:**
+
+The CLI self-cwd guard fires and exits with **code 2** when `codebyplan worktree remove`
+is called from inside the target worktree. Detect this via exit code 2, OR pre-check that
+`$PWD` starts with `<path>` before calling the CLI.
 
 Do NOT self-remove. Surface a single directive (no A/B/C menu):
 

package/templates/skills/cbp-clear-continue/SKILL.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-clear-continue
 description: Resume work after /clear by reading .codebyplan/clear/handoff.md and re-invoking the previously-blocked heavy skill. Reports a friendly error if no handoff file exists.
 model: inherit

package/templates/skills/cbp-clear-prep/SKILL.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-clear-prep
 description: Capture a clear-context handoff when the context window is too large to run a heavy skill. Reads active task/round state, writes .codebyplan/clear/handoff.md, then instructs the user to run /clear and /cbp-clear-continue to resume.
 argument-hint: "[blocked-skill]"

package/templates/skills/cbp-finalize/SKILL.md

@@ -169,7 +169,7 @@ Skip the push only when nothing was committed in Step 5 AND `/cbp-merge-main` re
 
 ### Step 7: Complete Task
 
-MCP `complete_task(task_id)` — kept on MCP because the CLI `codebyplan task complete` sends an empty POST body and cannot forward `caller_worktree_id`, which the server uses to enforce the mutate-lock. `caller_worktree_id` is auto-injected by the `cbp-mcp-caller-worktree-inject.sh` PreToolUse hook (CHK-198 TASK-2); the server falls back to the repo `main` worktree only when it is absent, then enforces the mutate-lock. The server auto-clears `assigned_user_id` + `assigned_worktree_id` on the task; if this was the last sibling task, it also clears the parent checkpoint's assignment. (Per CHK-104 hard-lock.)
+MCP `complete_task(task_id)`. The server keys on the JWT user (`ctx.userId`) — no worktree param is needed. The server auto-clears `assigned_user_id` on the task; if this was the last sibling task, it also clears the parent checkpoint's assignment.
 
 ### Step 8: Run Cleanup + Migration (inline)
 
@@ -226,7 +226,7 @@ direct you to run `/cbp-clear-prep` first; otherwise checkpoint-check starts on
 - **Triggered by**: `/cbp-verify` (auto, scope=task, when it writes `verify_verdict.verdict === 'READY'`)
 - **Chain**: `/cbp-verify` (scope=task READY) → `/cbp-finalize`
 - **Reads**: `.codebyplan/state/checkpoints/*.json`, `checkpoints/<id>/tasks/*.json`, `checkpoints/<id>/tasks/<id>/rounds/*.json`, `todos.json` (local-first; `npx codebyplan sync` on miss; MCP `get_current_task`/`get_rounds`/`get_tasks` break-glass) — including each round's `verify_manifest` and `task.context.verify_verdict`
-- **Writes**: `codebyplan task update` for `files_changed` (CLI write-through; MCP `update_task` break-glass); MCP `complete_task` for task completion (kept MCP — CLI cannot forward `caller_worktree_id`)
+- **Writes**: `codebyplan task update` for `files_changed` (CLI write-through; MCP `update_task` break-glass); MCP `complete_task` for task completion
 - **Uses skills (inline, no sub-agent)**: `cleanup` (if deletions), `migration` (if exports renamed)
 - **Triggers**: Same-context transitions auto-trigger via the Skill tool (next task in checkpoint → `cbp-task-start {N}`, `allow`-tier, fires silently). Checkpoint-done → auto-triggers `cbp-checkpoint-check` via Skill tool (`ask`-tier, permission prompt IS the human gate). No-task-anywhere fallback → directive `Next: Run /clear, then /cbp-session-end.`
 - **Checkpoint-bound only** — for standalone tasks use `/cbp-standalone-task-complete`

package/templates/skills/cbp-setup-cd/SKILL.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-setup-cd
 description: Detect configured CD surfaces, write/update .codebyplan/cd.json via `codebyplan cd init`, scaffold publish.yml and release-desktop.yml GitHub Actions workflows, and walk through environment/approval/OIDC setup. Interactive, idempotent.
 argument-hint: "[--force]"

package/templates/skills/cbp-setup-ci/SKILL.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-setup-ci
 description: Detect CI platforms, write/update .codebyplan/ci.json, scaffold the GitHub Actions CI workflow, and enforce the required CI status check on the main branch. Interactive, idempotent.
 argument-hint: "[--force]"

package/templates/skills/cbp-standalone-task-complete/SKILL.md

@@ -249,6 +249,45 @@ When `branch_deleted === true` in the ship JSON:
 - If the `list_branches` call itself fails (network, auth, or non-success response): emit a non-blocking warning that the Supabase preview branch for `FEAT_BRANCH` may still exist and should be verified in the dashboard. Never treat an API failure as a not-found success.
 - Never delete the branch where `is_default` is true in the `list_branches` response (the production/parent project branch) or any other persistent/long-lived branch.
 
+#### Step 7.4 — Git-worktree cleanup (defensive)
+
+Read `FEAT_BRANCH` from the `feat_branch` field in the ship JSON (same source as Step 7.3).
+
+```bash
+git worktree list --porcelain
+```
+
+Scan for any `worktree` entry whose `branch` field matches `refs/heads/$FEAT_BRANCH`. If NO
+entry matches, skip this step silently — most standalone tasks have no dedicated worktree,
+so a no-match is the normal case.
+
+If a match exists, obtain its absolute path and apply the same Case A / Case B logic:
+
+**Case A — session cwd is NOT inside that worktree path:**
+
+```bash
+codebyplan worktree remove <abs-path>   # absolute path from worktree list
+git worktree prune
+```
+
+The CLI handles both the git removal and remote feat-branch deletion (non-fatal). Parse
+the JSON output; record `{ path, removed: true, remote_branch_deleted }` in
+`WORKTREES_REMOVED[]`. On any non-zero exit other than exit code 2, emit a non-blocking
+warning and continue.
+
+**Case B — session cwd IS inside that worktree path (CLI exits with code 2, or pre-check
+detects `$PWD` starts with `<path>`):**
+
+Do NOT self-remove. Surface a single directive:
+
+> "This session is inside the worktree at `<path>`. After switching to your main checkout,
+> run `codebyplan worktree remove <path>` to clean it up."
+
+Record `{ path, status: 'pending_manual_cleanup' }` in `WORKTREES_REMOVED[]`.
+
+In either case (and when no worktree matched — `WORKTREES_REMOVED` stays empty), include
+`worktrees_removed: WORKTREES_REMOVED` in the Step 9 summary.
+
 ### Step 7.5: Complete Standalone Task
 
 Note: completion is called only after `codebyplan ship` succeeds (no `checks_failed`) — the DB completion record reflects work that has landed in production.
@@ -280,6 +319,7 @@ Apply the `cleanup` skill inline to remove orphan references to deleted/modified
 **Version bumps**: [<name>: <current> → <next> per package, or "none"]
 **Export**: [EXPORT_RESULT.path from Step 5.6, or "skipped: <reason>"]
 **Warnings**: [any QA / file-approval warnings from Step 3, or "none"]
+**Git worktrees cleaned**: [paths from WORKTREES_REMOVED (Step 7.4), or "none"]
 ```
 
 #### Route (single directive — never a menu)

package/templates/skills/cbp-stripe/SKILL.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-stripe
 description: "Stripe integration guidance — load when implementing or reviewing payments, Checkout, subscriptions/billing, webhooks, Connect, Tax, or Treasury. Encodes the API-selection routing table, the no-payment_method_types rule, restricted-key security, and Stripe SDK conventions."
 model: inherit