godpowers 1.6.3 → 1.6.5

package/CHANGELOG.md

@@ -5,6 +5,62 @@ All notable changes to Godpowers will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.6.5] - 2026-05-16
+
+God Mode handoff privacy patch. Keeps the 1.6 command surface stable while
+making Codex-spawned `god-orchestrator` runs display a small safe pointer
+instead of detailed orchestration payloads.
+
+### Added
+- Added a private `.godpowers/runs/<run-id>/ORCHESTRATOR-HANDOFF.md` handoff
+  pattern for `/god-mode` orchestration context.
+- Added `god-orchestrator` instructions to read handoff files before planning
+  or mutation and keep handoff contents out of the visible transcript.
+- Added regression coverage proving agent validation ignores non-specialist
+  Pillars files under `agents/`.
+
+### Changed
+- `/god-mode` now spawns `god-orchestrator` with only a display-safe project
+  root, flags, and handoff file path.
+- Agent validation and smoke tests now inspect `agents/god-*.md` specialist
+  files while allowing Pillars context files like `agents/context.md` and
+  `agents/repo.md` to coexist.
+
+### Guardrails
+- This patch does not add slash commands, agents, workflows, recipes, schemas,
+  or public artifact formats.
+- `--yolo` still respects safe-sync and Critical harden blockers. The handoff
+  change affects transcript hygiene, not gate policy.
+
+## [1.6.4] - 2026-05-16
+
+Release gate propagation patch. Keeps the 1.6 command surface stable while
+making the safe sync and Critical harden gates apply to direct commands,
+`/god-mode`, and `/god-mode --yolo`.
+
+### Added
+- Added executable router support for `no-critical-findings`.
+- Added safe-sync prerequisites to `/god-observe`, `/god-harden`,
+  `/god-launch`, and `/god-mode`.
+- Added regression tests proving safe sync blocks direct Tier 3 commands and
+  `/god-mode`.
+- Added regression tests proving `/god-launch` blocks unresolved Critical
+  harden findings and allows passed harden gates.
+
+### Changed
+- `god-orchestrator` now explicitly evaluates router prerequisites before
+  command dispatch instead of relying only on structural tier order.
+- `/god-mode --yolo` now documents safe sync and unresolved Critical harden
+  findings as release-truth gates that cannot be bypassed.
+- Generated routing metadata now preserves per-prerequisite auto-complete
+  commands so future generated Tier 3 routes keep the safe sync gate.
+
+### Guardrails
+- This patch does not add slash commands, agents, workflows, recipes, schemas,
+  or public artifact formats.
+- `--yolo` can still auto-pick defaults, but it cannot auto-accept unresolved
+  release truth blockers.
+
 ## [1.6.3] - 2026-05-16
 
 Safe sync routing patch. Keeps the 1.6 command surface stable while making

package/README.md

@@ -2,7 +2,7 @@
 
 [![CI](https://github.com/aihxp/godpowers/actions/workflows/ci.yml/badge.svg)](https://github.com/aihxp/godpowers/actions/workflows/ci.yml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
-[![Version](https://img.shields.io/badge/version-1.6.3-blue)](CHANGELOG.md)
+[![Version](https://img.shields.io/badge/version-1.6.5-blue)](CHANGELOG.md)
 [![npm](https://img.shields.io/npm/v/godpowers.svg)](https://www.npmjs.com/package/godpowers)
 
 **Ship fast. Ship right. Ship everything. Ship accountably.**
@@ -12,10 +12,11 @@ idea to hardened production. It runs as **slash commands inside your AI coding
 tool** (Claude Code, Codex, Cursor, etc.) that orchestrate **specialist agents**
 in fresh contexts to do the work.
 
-Version 1.6.3 hardens Godpowers routing around release truth and safe sync:
-`/god-next` now routes unresolved safe-sync blockers to
-`/god-reconcile Release Truth And Safe Sync` before deploy-era work, while
-Codex installs keep per-agent TOML metadata for all 39 specialist agents.
+Version 1.6.5 keeps the stable Godpowers surface while making Codex
+`god-orchestrator` spawns transcript-safe: `/god-mode` now writes detailed
+orchestration context to a private handoff file and spawns with only a small
+display-safe pointer. Safe-sync and unresolved Critical harden findings still
+gate direct Tier 3 commands, `/god-mode`, and `/god-mode --yolo`.
 
 It fuses four disciplines into one unified workflow:
 

package/RELEASE.md

@@ -1,10 +1,11 @@
-# Godpowers 1.6.3 Release
+# Godpowers 1.6.5 Release
 
 Date: 2026-05-16
 
-Godpowers 1.6.3 hardens release-truth routing around the stable 1.6 surface.
-The goal of this patch is to make `/god-next` and `/god-deploy` honor safe
-sync blockers before Tier 3 work, without changing the public command surface.
+Godpowers 1.6.5 keeps the stable 1.6 surface while fixing Codex God Mode
+transcript hygiene. The goal of this patch is to make `god-orchestrator`
+spawn correctly from `/god-mode` and `/god-mode --yolo` without exposing the
+detailed orchestration payload in the visible transcript.
 
 ## What is stable
 
@@ -14,7 +15,8 @@ sync blockers before Tier 3 work, without changing the public command surface.
 - 36 intent recipes
 - 15-runtime installer
 - Codex installs with 39 generated `god-*.toml` agent metadata files
-- Safe-sync routing before deploy, observe, harden, or launch work
+- Safe-sync routing before deploy, observe, harden, launch, or god-mode work
+- Critical harden finding gate before launch
 - Native Pillars project context through `AGENTS.md` and `agents/*.md`
 - `.godpowers/` workflow state and artifact layout
 - Core schemas: intent, state, events, workflow, routing, recipes, extension
@@ -25,31 +27,35 @@ sync blockers before Tier 3 work, without changing the public command surface.
 
 ## What is new
 
-- `/god-next` detects `.godpowers/sync/SAFE-SYNC-PLAN.md` and routes to
-  `/god-reconcile Release Truth And Safe Sync` before `/god-deploy`.
-- `/god-next` also detects checkpoint text that marks safe sync as a blocking
-  red gate before deploy.
-- `/god-deploy` has a `safe-sync-clear` prerequisite with the same reconcile
-  route as its auto-complete command.
-- Router tests now cover unresolved safe sync plans, checkpoint blockers,
-  deploy prerequisite failure, and resolved safe sync plans.
+- `/god-mode` now writes detailed orchestration context to
+  `.godpowers/runs/<run-id>/ORCHESTRATOR-HANDOFF.md`.
+- `/god-mode` now spawns `god-orchestrator` with only a display-safe project
+  root, flags, and handoff file path.
+- `god-orchestrator` now knows to read the handoff file before planning,
+  spawning, or mutating project state.
+- `god-orchestrator` now treats handoff contents as private orchestration
+  context and keeps them out of the visible transcript.
+- Agent validation and smoke tests now inspect `agents/god-*.md` specialist
+  files while allowing Pillars context files like `agents/context.md` and
+  `agents/repo.md` to coexist.
 
-## What 1.6.3 means
+## What 1.6.5 means
 
-Godpowers 1.6.3 does not expand the public command surface. It tightens the
-runtime decision path so project truth can override the structural tier order
-when a safe-sync gate is still red.
+Godpowers 1.6.5 does not expand the public command surface. It fixes the Codex
+spawn integration path so the right specialist agent is still started, but the
+host UI only sees a small pointer to disk state instead of raw checkpoint,
+routing, and local-file details.
 
-The domain glossary remains preparation context. PRD, ARCH, ROADMAP, STACK,
-docs, and Pillars files still carry durable decisions for their own domains.
+Safe sync and unresolved Critical harden findings remain release-truth gates.
+`--yolo` can still auto-pick defaults, but it cannot bypass those blockers.
 
 ## Stability policy
 
 During the 1.x stability window, do not add broad new command families, change
 schema formats, or rename public artifacts without evidence from real use.
 
-The `v1.6.3` git tag points to the release commit that matches the npm
-`godpowers@1.6.3` package. Public publishes should prefer the tag-triggered
+The `v1.6.5` git tag points to the release commit that matches the npm
+`godpowers@1.6.5` package. Public publishes should prefer the tag-triggered
 GitHub workflow so npm provenance, git history, and release notes stay aligned.
 
 Allowed changes:

package/agents/god-orchestrator.md

@@ -21,6 +21,24 @@ You orchestrate the full Godpowers arc. You DO NOT do the heavy lifting yourself
 Your job is to spawn the right specialist agent for each sub-step, verify their
 output passes the gate, update PROGRESS.md, and move to the next step.
 
+## God Mode Handoff
+
+When spawned by `/god-mode`, the visible spawn message may include only a
+display-safe summary plus a path like
+`.godpowers/runs/<run-id>/ORCHESTRATOR-HANDOFF.md`.
+
+If a handoff path is provided:
+1. Read the handoff file before any planning, spawning, or state mutation.
+2. Treat the handoff as private orchestration context and disk evidence.
+3. Do not quote, summarize, or expose the full handoff in the user-visible
+   transcript.
+4. If the handoff conflicts with durable artifacts, prefer disk artifacts and
+   record the conflict as an open question or repair target.
+
+If no handoff path is provided, recover from durable disk state. Do not ask the
+user to restate the project when `.godpowers` artifacts, Pillars files, or
+repository evidence identify the work.
+
 ## Quarterback responsibilities (Tier 0 ownership)
 
 You and only you are responsible for:
@@ -223,6 +241,14 @@ When deciding what to spawn next, query the routing definition:
 - `standards.have-nots` -> which have-nots to verify
 - `success-path.next-recommended` -> what to suggest next
 
+Before spawning a command, evaluate `lib/router.js checkPrerequisites(command,
+projectRoot)`. Missing prerequisites are authoritative even when the tier
+order suggests the command is structurally next. If `safe-sync-clear` fails,
+route to `/god-reconcile Release Truth And Safe Sync` before deploy, observe,
+harden, launch, broad migration, or resume work. If `no-critical-findings`
+fails, launch remains blocked until harden is fixed and re-verified or risk is
+explicitly accepted in writing.
+
 Between every tier, run god-standards-check on the produced artifact (if
 the routing config has a `standards` section). Standards check uses fresh
 context, independent of the producing agent, so it catches drift the
@@ -646,11 +672,14 @@ Auto-resolve all pause categories EXCEPT:
 
 **Impossible preflight routing contradictions pause, even with --yolo.**
 
+**Unresolved safe sync blockers pause or route to reconcile, even with --yolo.**
+
 Rationale: shipping with a known Critical vulnerability is a category of risk
 that should never be auto-accepted. A preflight contradiction means the repo
 evidence does not support any safe next route. If god-harden-auditor returns
-Critical findings, or preflight cannot choose between mutually exclusive
-routes from evidence, --yolo does NOT skip. Pause for human resolution.
+Critical findings, unresolved safe sync blockers, or preflight cannot choose
+between mutually exclusive routes from evidence, --yolo does NOT skip. Pause
+for human resolution when no safe automatic reconcile route exists.
 
 These are the only --yolo carve-outs. All other pauses are auto-resolved with
 the agent's documented default, and all repairable mechanical failures are

package/lib/agent-validator.js

@@ -230,14 +230,18 @@ function crossValidate(agents, opts = {}) {
 }
 
 /**
- * Walk agents/ and audit all.
+ * Walk agents/ and audit all shipped specialist agents.
+ *
+ * Godpowers projects may also have Pillars files under agents/ (for example
+ * agents/context.md and agents/repo.md). Those are project context, not
+ * specialist agent specs, so they are intentionally excluded here.
  */
 function auditAll(projectRoot, opts = {}) {
   const agentsDir = path.join(projectRoot, 'agents');
   if (!fs.existsSync(agentsDir)) {
     return { results: [], summary: { errors: 0, warnings: 0, infos: 0 } };
   }
-  const files = fs.readdirSync(agentsDir).filter(f => f.endsWith('.md'));
+  const files = fs.readdirSync(agentsDir).filter(f => /^god-.*\.md$/.test(f));
   const agents = files.map(f => parseAgentFile(path.join(agentsDir, f)));
 
   const allFindings = [];

package/lib/router.js

@@ -19,6 +19,7 @@ const SAFE_SYNC_DONE_FILES = [
   '.godpowers/sync/SAFE-SYNC-DONE.md',
   '.godpowers/sync/SAFE-SYNC-RESOLVED.md'
 ];
+const HARDEN_FINDINGS = '.godpowers/harden/FINDINGS.md';
 
 let _cache = null;
 
@@ -116,6 +117,10 @@ function evaluateCheck(check, projectRoot) {
     return detectSafeSyncBlocker(projectRoot) === null;
   }
 
+  if (check === 'no-critical-findings') {
+    return hasNoCriticalFindings(projectRoot);
+  }
+
   // mode-A-greenfield: pass-through hint, treat as satisfiable
   if (check.includes('greenfield') || check.includes('mode-A')) {
     return !fs.existsSync(path.join(projectRoot, '.godpowers'));
@@ -303,6 +308,32 @@ function safeSyncSuggestion(reason, evidence) {
   };
 }
 
+function hasNoCriticalFindings(projectRoot) {
+  const findingsPath = path.join(projectRoot, HARDEN_FINDINGS);
+  if (!fs.existsSync(findingsPath)) return false;
+
+  const findings = fs.readFileSync(findingsPath, 'utf8');
+  if (/\*\*Launch gate\*\*:\s*PASSED/i.test(findings) || /Launch gate:\s*PASSED/i.test(findings)) {
+    return true;
+  }
+  if (/\*\*Launch gate\*\*:\s*BLOCKED/i.test(findings) || /Launch gate:\s*BLOCKED/i.test(findings)) {
+    return false;
+  }
+
+  const criticalCount = findings.match(/\|\s*Critical\s*\|\s*(\d+)\s*\|/i);
+  if (criticalCount) {
+    return Number(criticalCount[1]) === 0;
+  }
+
+  const criticalSections = findings.match(/^###\s+\[CRITICAL-[^\n]+(?:\n(?!###\s+\[).*)*/gim) || [];
+  if (criticalSections.length === 0) return true;
+
+  return criticalSections.every(section => (
+    /\*\*Status\*\*:\s*(Fixed|Accepted-Risk)/i.test(section)
+    || /Status:\s*(Fixed|Accepted-Risk)/i.test(section)
+  ));
+}
+
 /**
  * Clear cached routing (for tests).
  */
@@ -321,5 +352,6 @@ module.exports = {
   suggestNext,
   evaluateCheck,
   detectSafeSyncBlocker,
+  hasNoCriticalFindings,
   clearCache
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "godpowers",
-  "version": "1.6.3",
+  "version": "1.6.5",
   "description": "AI-powered development system: 106 slash commands and 39 specialist agents that take a project from raw idea to hardened production. Runs inside Claude Code, Codex, Cursor, Windsurf, Gemini, and 10+ other AI coding tools.",
   "bin": {
     "godpowers": "./bin/install.js"

package/routing/god-harden.yaml

@@ -10,6 +10,9 @@ prerequisites:
     - check: state:tier-2.build.status == done
       auto-complete: /god-build
       human-required: true
+    - check: safe-sync-clear
+      auto-complete: /god-reconcile Release Truth And Safe Sync
+      human-required: true
 
 execution:
   spawns: [god-harden-auditor]

package/routing/god-launch.yaml

@@ -10,6 +10,9 @@ prerequisites:
     - check: state:tier-3.harden.status == done
       auto-complete: /god-harden
       human-required: true
+    - check: safe-sync-clear
+      auto-complete: /god-reconcile Release Truth And Safe Sync
+      human-required: true
     - check: no-critical-findings
       auto-complete: /god-harden
       human-required: true

package/routing/god-mode.yaml

@@ -10,6 +10,9 @@ prerequisites:
     - check: file:.godpowers/PROGRESS.md OR mode-A-greenfield
       auto-complete: /god-init
       human-required: true
+    - check: safe-sync-clear
+      auto-complete: /god-reconcile Release Truth And Safe Sync
+      human-required: true
 
 execution:
   spawns: [god-orchestrator]

package/routing/god-observe.yaml

@@ -10,6 +10,9 @@ prerequisites:
     - check: state:tier-3.deploy.status == done
       auto-complete: /god-deploy
       human-required: true
+    - check: safe-sync-clear
+      auto-complete: /god-reconcile Release Truth And Safe Sync
+      human-required: true
 
 execution:
   spawns: [god-observability-engineer]

package/skills/god-doctor.md

@@ -48,7 +48,7 @@ GODPOWERS DOCTOR
 Install: claude (~/.claude/)
   [OK] 106 skills installed
   [OK] 39 agents installed
-  [OK] VERSION matches (1.6.3)
+  [OK] VERSION matches (1.6.5)
   [WARN] routing/god-doctor.yaml exists but skill file did not until now
 
 Project: /Users/.../my-project/.godpowers/

package/skills/god-mode.md

@@ -69,67 +69,94 @@ You are receiving a /god-mode invocation. Your job is to spawn the
    - `--bluefield` (force bluefield path)
    - `--greenfield` (force greenfield, skip archaeology even if code exists)
 
-5. Spawn the **god-orchestrator** agent via Task tool with:
-   - The user's project description, or durable intent recovered from disk
-   - The detected mode (A/B/C/E)
-   - The active flags
-   - Instruction that existing `.godpowers` state means resume, not prompt
-   - Instruction to read `.godpowers/PROGRESS.md` from disk if it exists
-   - Instruction to read `.godpowers/prep/INITIAL-FINDINGS.md` and
-     `.godpowers/prep/IMPORTED-CONTEXT.md` if present before choosing the
-     first planning or build step
-   - Instruction to read `.godpowers/preflight/PREFLIGHT.md` if present before
-     choosing the first brownfield or bluefield action
-   - Instruction to compute and load the Pillars load set before every major
-     command, because Pillars is the native project context layer
-   - Instruction to run `/god-design` after `/god-prd` and before `/god-arch`
-     when initial findings, imported planning context, the PRD, or the
-     codebase show UI or product-experience signals
-   - Instruction that a red test, typecheck, lint, build, or check command is
-     not a completed arc. It must enter the autonomous repair loop and continue
-     the same `/god-mode` run until green, except for Critical security or a
-     genuine human-only decision.
-   - Instruction that deploy, observe, harden, and launch must follow the
-     Shipping Closure Protocol: verify a real environment when available,
-     otherwise create local/CI-verifiable deploy automation and pause only for
-     one exact external access bundle.
-   - Instruction that keys, API tokens, dashboards, admin consoles, and
-     provider-specific access are last-mile inputs. The first external pause
-     should ask only for the smallest next item needed by a concrete command,
-     usually `STAGING_APP_URL=<staging-origin>`. Ask for additional provider
-     access only after a named check proves it is needed.
-   - Instruction that staging, preview, and production URLs must come from
-     direct evidence. Never infer or invent a domain from project name, package
-     name, repo name, README title, or brand name. If no deployed origin is
-     evidenced, pause for `STAGING_APP_URL=<deployed staging origin>`.
-   - Instruction that brownfield and bluefield greenfield simulation audits
-     must be acted on by god-greenfieldifier. The greenfieldifier writes
-     `.godpowers/audit/GREENFIELDIFY-PLAN.md`, pauses before risky canonical
-     artifact rewrites, and updates every affected artifact after approval.
-   - Instruction that brownfield and bluefield arcs run `/god-preflight`
-     automatically when `.godpowers/preflight/PREFLIGHT.md` is absent.
-     Greenfield arcs skip preflight unless the user explicitly requests it.
-
-6. Keep the spawn payload private. Do not echo or summarize raw Task input,
+5. Create a private disk handoff before spawning the orchestrator:
+   - Path: `.godpowers/runs/<run-id>/ORCHESTRATOR-HANDOFF.md`
+   - Create parent directories if needed.
+   - Put all detailed orchestration context in this file, including:
+     - The user's project description, or durable intent recovered from disk
+     - The detected mode (A/B/C/E)
+     - The active flags
+     - Instruction that existing `.godpowers` state means resume, not prompt
+     - Instruction to read `.godpowers/PROGRESS.md` from disk if it exists
+     - Instruction to read `.godpowers/prep/INITIAL-FINDINGS.md` and
+       `.godpowers/prep/IMPORTED-CONTEXT.md` if present before choosing the
+       first planning or build step
+     - Instruction to read `.godpowers/preflight/PREFLIGHT.md` if present
+       before choosing the first brownfield or bluefield action
+     - Instruction to compute and load the Pillars load set before every major
+       command, because Pillars is the native project context layer
+     - Instruction to run `/god-design` after `/god-prd` and before
+       `/god-arch` when initial findings, imported planning context, the PRD,
+       or the codebase show UI or product-experience signals
+     - Instruction that a red test, typecheck, lint, build, or check command
+       is not a completed arc. It must enter the autonomous repair loop and
+       continue the same `/god-mode` run until green, except for Critical
+       security or a genuine human-only decision.
+     - Instruction that deploy, observe, harden, and launch must follow the
+       Shipping Closure Protocol: verify a real environment when available,
+       otherwise create local/CI-verifiable deploy automation and pause only
+       for one exact external access bundle.
+     - Instruction that keys, API tokens, dashboards, admin consoles, and
+       provider-specific access are last-mile inputs. The first external pause
+       should ask only for the smallest next item needed by a concrete command,
+       usually `STAGING_APP_URL=<staging-origin>`. Ask for additional provider
+       access only after a named check proves it is needed.
+     - Instruction that staging, preview, and production URLs must come from
+       direct evidence. Never infer or invent a domain from project name,
+       package name, repo name, README title, or brand name. If no deployed
+       origin is evidenced, pause for
+       `STAGING_APP_URL=<deployed staging origin>`.
+     - Instruction that brownfield and bluefield greenfield simulation audits
+       must be acted on by god-greenfieldifier. The greenfieldifier writes
+       `.godpowers/audit/GREENFIELDIFY-PLAN.md`, pauses before risky canonical
+       artifact rewrites, and updates every affected artifact after approval.
+     - Instruction that brownfield and bluefield arcs run `/god-preflight`
+       automatically when `.godpowers/preflight/PREFLIGHT.md` is absent.
+       Greenfield arcs skip preflight unless the user explicitly requests it.
+     - Instruction to run routing prerequisites through `lib/router.js`
+       `checkPrerequisites` before every direct command dispatch. If
+       `safe-sync-clear` fails, run
+       `/god-reconcile Release Truth And Safe Sync` before deploy, observe,
+       harden, launch, broad migration, or resume work.
+     - Instruction that `--yolo` cannot bypass safe sync blockers or
+       unresolved Critical harden findings. These are release-truth gates, not
+       preference pauses.
+
+6. Spawn the **god-orchestrator** agent via Task tool with only a
+   display-safe payload:
+   - Name the project root.
+   - Name the invocation flags.
+   - Name the handoff file path.
+   - Say: "Read the handoff file first, then run the autonomous arc from disk
+     state. Return only user-facing progress and final status."
+
+   Do not put recovered checkpoint facts, safe-sync plans, local file lists,
+   hidden routing rules, or detailed instructions in the spawn message.
+   Assume the host UI may display the raw spawn message to the user.
+
+7. Keep the spawn payload display-safe. Do not echo or summarize raw Task input,
    "Hard instructions", hidden orchestration rules, agent prompts, file
    loadout lists, or internal routing payloads into the user-visible transcript.
    The visible transcript may say only what phase is running, what durable state
    was detected, what commands are running, what changed, and the final
    `Arc complete` or `PAUSE: external access required` block.
 
-7. Orchestrator runs the appropriate workflow:
+8. Orchestrator runs the appropriate workflow:
    - Greenfield -> full-arc
    - Brownfield -> brownfield-arc (preflight -> archaeology -> reconstruct -> debt-assess -> greenfield simulation audit -> greenfieldify plan and approved artifact updates -> proceed)
    - Bluefield -> bluefield-arc (org-context -> preflight -> greenfield simulation audit -> greenfieldify plan and approved artifact updates -> arc with constraints)
 
-8. Relay only the orchestrator's user-facing output to the user. If the
-   platform displays raw spawn details automatically, immediately follow with a
-   clean public summary and never repeat the leaked payload.
+9. Relay only the orchestrator's user-facing output to the user. If the
+   platform displays raw spawn details automatically, the displayed payload
+   should already be safe. Immediately follow with a clean public summary and
+   never repeat detailed handoff contents.
 
-9. When the orchestrator pauses, present the question to the user using the
+10. When the orchestrator pauses, present the question to the user using the
    pause format (What / Why / Options / Default).
 
-10. When the user answers, re-spawn god-orchestrator with the answer.
+11. When the user answers, append the answer to the existing handoff file or
+    create a new handoff file, then re-spawn god-orchestrator with only the
+    display-safe pointer.
 
 ## User-Visible Transcript Contract
 
@@ -145,6 +172,7 @@ Hide:
 - raw Task input
 - "Hard instructions" sections
 - spawned-agent prompt text
+- detailed handoff file contents
 - system, developer, or AGENTS.md rule recitations
 - complete file loadout lists
 - internal routing metadata unless it directly affects a user decision
@@ -177,6 +205,10 @@ and logs decisions to `.godpowers/YOLO-DECISIONS.md`. Pillar sync proposals
 generated from durable Godpowers artifact changes are auto-applied in this
 mode and logged as YOLO decisions.
 
+`--yolo` does not skip release-truth gates. If safe sync is unresolved, route
+to `/god-reconcile Release Truth And Safe Sync`. If harden has unresolved
+Critical findings, pause even under `--yolo`.
+
 For brownfield and bluefield, `--yolo` still runs `/god-preflight` first when
 `.godpowers/preflight/PREFLIGHT.md` is absent. The orchestrator then follows
 the preflight report's safest recommended route automatically, logging that

package/skills/god-next.md

@@ -242,6 +242,11 @@ states that safe sync is a blocking red gate, suggest
 The blocker is cleared when `.godpowers/sync/SAFE-SYNC-DONE.md` or
 `.godpowers/sync/SAFE-SYNC-RESOLVED.md` exists.
 
+### Critical harden findings block launch
+If `.godpowers/harden/FINDINGS.md` says the launch gate is blocked, or lists
+unresolved Critical findings, `/god-launch` prerequisites fail through
+`no-critical-findings`. This applies in default mode and `--yolo`.
+
 ### Steady state with multiple workflow options
 If lifecycle-phase = steady-state-active, route by user intent if provided
 (use the User Intent Map below).

package/skills/god-version.md

@@ -14,7 +14,7 @@ Print version and a short capability summary.
 ## Output
 
 ```
-Godpowers v1.6.3
+Godpowers v1.6.5
 Install: /Users/.../.claude/  (matches package.json)
 Surface: 106 skills, 39 agents, 13 workflows, 36 recipes
 Schema: intent.v1, state.v1, events.v1, workflow.v1, routing.v1, recipe.v1