job-forge 2.14.13 → 2.14.15

package/.codex/config.toml

@@ -25,6 +25,5 @@ args = ["-y", "@razroo/gmail-mcp"]
 env = { DISABLE_HTTP = "true" }
 
 [mcp_servers.state-trace]
-command = "uvx"
-args = ["--from", "state-trace[mcp]", "state-trace-mcp"]
+command = "state-trace-mcp"
 env = { STATE_TRACE_STORAGE_PATH = ".state-trace/memory.db", STATE_TRACE_NAMESPACE = "job-forge", STATE_TRACE_CAPACITY_LIMIT = "256" }

package/.cursor/mcp.json

@@ -18,12 +18,7 @@
       }
     },
     "state-trace": {
-      "command": "uvx",
-      "args": [
-        "--from",
-        "state-trace[mcp]",
-        "state-trace-mcp"
-      ],
+      "command": "state-trace-mcp",
       "env": {
         "STATE_TRACE_STORAGE_PATH": ".state-trace/memory.db",
         "STATE_TRACE_NAMESPACE": "job-forge",

package/.cursor/rules/main.mdc

@@ -56,6 +56,9 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [D6] Pick the mode from the **Routing** table below AND name it explicitly in your first response (e.g., "running auto-pipeline mode", "this is a `compare` request"). If no row matches the user's intent, ask which mode fits; do not guess.
   why: silent mode picks mis-route work (a "negotiation" question answered in `offer` mode produces the wrong report shape); naming the mode out loud makes the routing decision reviewable and gives downstream dispatches a reliable anchor
 
+- [D7] For standalone `batch` runs, prefer `batch/batch-runner.sh` instead of hand-rolling the loop. It delegates to `@razroo/iso-orchestrator`, persists workflow records in `.jobforge-runs/`, caps bundle fan-out, and mutexes state/report-number writes. Use `JOBFORGE_LEGACY_BATCH_RUNNER=1` only as a fallback.
+  why: the old Bash loop encoded resumability and parallelism manually; the iso-orchestrator path makes the durable control state inspectable and prevents report-number collisions under parallel bundles
+
 ## Procedure
 
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.

package/.mcp.json

@@ -18,12 +18,7 @@
       }
     },
     "state-trace": {
-      "command": "uvx",
-      "args": [
-        "--from",
-        "state-trace[mcp]",
-        "state-trace-mcp"
-      ],
+      "command": "state-trace-mcp",
       "env": {
         "STATE_TRACE_STORAGE_PATH": ".state-trace/memory.db",
         "STATE_TRACE_NAMESPACE": "job-forge",

package/AGENTS.md

@@ -51,6 +51,9 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [D6] Pick the mode from the **Routing** table below AND name it explicitly in your first response (e.g., "running auto-pipeline mode", "this is a `compare` request"). If no row matches the user's intent, ask which mode fits; do not guess.
   why: silent mode picks mis-route work (a "negotiation" question answered in `offer` mode produces the wrong report shape); naming the mode out loud makes the routing decision reviewable and gives downstream dispatches a reliable anchor
 
+- [D7] For standalone `batch` runs, prefer `batch/batch-runner.sh` instead of hand-rolling the loop. It delegates to `@razroo/iso-orchestrator`, persists workflow records in `.jobforge-runs/`, caps bundle fan-out, and mutexes state/report-number writes. Use `JOBFORGE_LEGACY_BATCH_RUNNER=1` only as a fallback.
+  why: the old Bash loop encoded resumability and parallelism manually; the iso-orchestrator path makes the durable control state inspectable and prevents report-number collisions under parallel bundles
+
 ## Procedure
 
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.

package/CLAUDE.md

@@ -51,6 +51,9 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [D6] Pick the mode from the **Routing** table below AND name it explicitly in your first response (e.g., "running auto-pipeline mode", "this is a `compare` request"). If no row matches the user's intent, ask which mode fits; do not guess.
   why: silent mode picks mis-route work (a "negotiation" question answered in `offer` mode produces the wrong report shape); naming the mode out loud makes the routing decision reviewable and gives downstream dispatches a reliable anchor
 
+- [D7] For standalone `batch` runs, prefer `batch/batch-runner.sh` instead of hand-rolling the loop. It delegates to `@razroo/iso-orchestrator`, persists workflow records in `.jobforge-runs/`, caps bundle fan-out, and mutexes state/report-number writes. Use `JOBFORGE_LEGACY_BATCH_RUNNER=1` only as a fallback.
+  why: the old Bash loop encoded resumability and parallelism manually; the iso-orchestrator path makes the durable control state inspectable and prevents report-number collisions under parallel bundles
+
 ## Procedure
 
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.

package/README.md

@@ -29,7 +29,7 @@ The scaffolded `opencode.json` already has three MCPs wired up — they launch a
 
 - **Geometra** — browser automation + PDF generation
 - **Gmail** — reads replies from recruiters
-- **state-trace** — typed working memory for cross-session context (resumed batches, recent decisions, repeated portal quirks). Spawned via `uvx`; install once with `brew install uv` (or `pipx install uv`) — no other setup.
+- **state-trace** — typed working memory for cross-session context (resumed batches, recent decisions, repeated portal quirks). Install once with `python3 -m pip install "state-trace[mcp]"`; the MCP command is `state-trace-mcp`.
 
 `npm install` also materializes symlinks for every supported agent harness — OpenCode, Cursor, Claude Code, and Codex — so you can run `opencode`, `cursor`, `claude`, or `codex` in the same project and each picks up the shared MCP config and instructions.
 
@@ -73,9 +73,10 @@ JobForge turns opencode into a full job search command center. Instead of manual
 | **Smart LinkedIn Outreach** | Reads evaluation reports to craft targeted messages using top proof points |
 | **Portal Scanner** | 45+ companies pre-configured with fuzzy dedup for reposts |
 | **Batch Processing** | Parallel evaluation with `opencode run` workers, with honest verification flagging |
+| **Durable Batch Orchestration** | `batch-runner.sh` uses `@razroo/iso-orchestrator` for resumable bundle execution, bounded fan-out, mutexed state writes, and workflow records in `.jobforge-runs/`. |
 | **Pipeline Integrity** | Automated merge, dedup, status normalization, health checks |
 | **Cost-Aware Agent Routing** | Three subagents (`@general-free`, `@general-paid`, `@glm-minimal`) with per-task tool surfaces. On OpenCode, JobForge pins all tiers to `opencode-go/deepseek-v4-flash` so application runs avoid overloaded free-model pools. See [Subagent Routing in AGENTS.md](AGENTS.md) for the task-to-agent mapping. |
-| **Trace + Telemetry** | `job-forge trace:*` exposes local OpenCode transcripts, and `job-forge telemetry:*` summarizes runs, child outcomes, provider errors, and pending tracker TSVs. |
+| **Trace + Telemetry + Guard** | `job-forge trace:*` exposes local OpenCode transcripts, `job-forge telemetry:*` summarizes runs, and `job-forge guard:*` audits deterministic JobForge policy rules with `@razroo/iso-guard`. |
 | **Token Cost Visibility** | `job-forge tokens --days 1` for per-session breakdown; `job-forge session-report --since-minutes 60 --log` to flag sessions over budget and append history to `data/token-usage.tsv`. Auto-logged after every batch run. |
 
 ## Usage
@@ -144,6 +145,7 @@ my-search/
 ├── data/                         # applications, pipeline, scan history (personal, gitignored)
 ├── reports/                      # generated evaluation reports (personal, gitignored)
 ├── batch/{batch-input,batch-state}.tsv, tracker-additions/, logs/   # personal
+├── .jobforge-runs/                # durable batch workflow records (generated)
 ├── AGENTS.md                     # personal overrides (opencode + codex)
 ├── CLAUDE.md                     # personal overrides (Claude Code), @-imports CLAUDE.harness.md
 │
@@ -187,6 +189,7 @@ JobForge/
 ├── config/profile.example.yml    # template for consumer's profile.yml
 ├── batch/{batch-prompt.md,batch-runner.sh}   # batch orchestrator
 ├── scripts/
+│   ├── batch-orchestrator.mjs    # iso-orchestrator-backed batch control loop
 │   ├── token-usage-report.mjs    # opencode cost analyzer
 │   └── release/check-source.mjs  # version gate for npm publish
 ├── tracker-lib.mjs / merge-tracker.mjs / dedup-tracker.mjs / verify-pipeline.mjs

package/batch/README.md

@@ -6,13 +6,20 @@ The `batch/` folder holds the **parallel batch runner** for processing 10+ job U
 
 | Path | Role |
 |------|------|
-| `batch-runner.sh` | Orchestrator: parallelism, state, retries, resume |
+| `batch-runner.sh` | Compatibility entrypoint; delegates to the durable Node orchestrator by default |
 | `batch-prompt.md` | Prompt template passed to each worker (keep evaluation and scoring instructions aligned with the canonical model in [`modes/_shared.md`](../modes/_shared.md) so batch scores match single-offer runs) |
 | `README.md` | This file |
 
 ## Local-only files (gitignored when present)
 
-Per [`.gitignore`](../.gitignore): `batch-input.tsv`, `batch-state.tsv`, `logs/*`, and `tracker-additions/*.tsv`. Empty dirs (`logs/`, `tracker-additions/`) use `.gitkeep` so the tree exists in a fresh clone.
+Per [`.gitignore`](../.gitignore): `batch-input.tsv`, `batch-state.tsv`, `logs/*`, `tracker-additions/*.tsv`, and `.jobforge-runs/`. Empty dirs (`logs/`, `tracker-additions/`) use `.gitkeep` so the tree exists in a fresh clone.
+
+The default runner uses `@razroo/iso-orchestrator` through
+`scripts/batch-orchestrator.mjs`. It persists bundle steps and events in
+`.jobforge-runs/`, caps worker fan-out with `workflow.forEach`, and serializes
+state/report-number writes while parallel bundles run. Use
+`JOBFORGE_LEGACY_BATCH_RUNNER=1 ./batch/batch-runner.sh` only to fall back to
+the old shell loop.
 
 ## Input: `batch-input.tsv`
 

package/batch/batch-runner.sh

@@ -6,8 +6,24 @@ set -euo pipefail
 # tracks state in batch-state.tsv for resumability.
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
-BATCH_DIR="$SCRIPT_DIR"
+PROJECT_DIR="${JOB_FORGE_PROJECT:-$(cd "$SCRIPT_DIR/.." && pwd)}"
+
+# Default path: delegate to the durable Node orchestrator. Keep the legacy
+# shell implementation below as an escape hatch while the new runner settles.
+SOURCE="${BASH_SOURCE[0]}"
+while [[ -L "$SOURCE" ]]; do
+  SOURCE_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ "$SOURCE" != /* ]] && SOURCE="$SOURCE_DIR/$SOURCE"
+done
+HARNESS_BATCH_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+HARNESS_DIR="$(cd "$HARNESS_BATCH_DIR/.." && pwd)"
+if [[ "${JOBFORGE_LEGACY_BATCH_RUNNER:-}" != "1" && -f "$HARNESS_DIR/scripts/batch-orchestrator.mjs" ]]; then
+  export JOB_FORGE_PROJECT="$PROJECT_DIR"
+  exec node "$HARNESS_DIR/scripts/batch-orchestrator.mjs" "$@"
+fi
+
+BATCH_DIR="$PROJECT_DIR/batch"
 INPUT_FILE="$BATCH_DIR/batch-input.tsv"
 STATE_FILE="$BATCH_DIR/batch-state.tsv"
 PROMPT_FILE="$BATCH_DIR/batch-prompt.md"

package/bin/create-job-forge.mjs

@@ -117,6 +117,8 @@ const consumerPkg = {
     'telemetry:status': 'job-forge telemetry:status',
     'telemetry:show': 'job-forge telemetry:show',
     'telemetry:watch': 'job-forge telemetry:watch',
+    'guard:audit': 'job-forge guard:audit',
+    'guard:explain': 'job-forge guard:explain',
     // One command to pull the latest harness and any locally-pinned MCP
     // packages. npm update is a no-op on packages not in package.json, so
     // listing @razroo/gmail-mcp + @geometra/mcp is safe for consumers that

package/bin/job-forge.mjs

@@ -19,6 +19,7 @@
  *   tokens         Run scripts/token-usage-report.mjs
  *   trace:*        Inspect local agent transcripts via iso-trace
  *   telemetry:*    Summarize JobForge pipeline status from traces + tracker files
+ *   guard:*        Audit JobForge trace policy with iso-guard
  *   sync           Re-run the harness symlink sync (bin/sync.mjs)
  *   help, --help   Show this message
  */
@@ -68,6 +69,11 @@ const telemetryAliases = {
   'telemetry:watch': 'watch',
 };
 
+const guardAliases = {
+  'guard:audit': 'audit',
+  'guard:explain': 'explain',
+};
+
 const [, , cmd, ...rest] = process.argv;
 
 function printHelp() {
@@ -92,6 +98,8 @@ Commands:
   telemetry:status  Show latest JobForge run + pending tracker state
   telemetry:show ID Show one run with child sessions, provider errors, next actions
   telemetry:watch   Watch latest run status
+  guard:audit        Audit latest/local trace policy with iso-guard
+  guard:explain      Show the active iso-guard policy
   sync           Re-create harness symlinks in the current project
 
 Deterministic helpers (prefer these over LLM-derived values):
@@ -118,6 +126,8 @@ Pass --help after a command to see its own flags, e.g.:
   job-forge trace:show ses_...
   job-forge telemetry:status
   job-forge telemetry:show ses_...
+  job-forge guard:audit
+  job-forge guard:explain
 
 Project directory resolves to $JOB_FORGE_PROJECT or cwd.`);
 }
@@ -157,6 +167,21 @@ if (cmd === 'telemetry' || telemetryAliases[cmd]) {
   process.exit(result.status ?? 1);
 }
 
+if (cmd === 'guard' || guardAliases[cmd]) {
+  const guardArgs = cmd === 'guard'
+    ? (rest.length === 0 ? ['help'] : rest)
+    : [guardAliases[cmd], ...rest];
+
+  const scriptPath = join(PKG_ROOT, 'scripts/guard.mjs');
+  const result = spawnSync(process.execPath, [scriptPath, ...guardArgs], {
+    stdio: 'inherit',
+    cwd: PROJECT_DIR,
+    env: process.env,
+  });
+
+  process.exit(result.status ?? 1);
+}
+
 const rel = commands[cmd];
 if (!rel) {
   console.error(`Unknown command: ${cmd}\n`);

package/docs/ARCHITECTURE.md

@@ -131,11 +131,11 @@ For customization (archetypes, weights, tone), start with `_shared.md` and [CUST
 The batch system processes multiple offers in parallel:
 
 ```
-batch-input.tsv    →  batch-runner.sh  →  N × opencode run workers
-(id, url, source, notes) (orchestrator)   (self-contained prompt)
-                           │
-                    batch-state.tsv
-                    (tracks progress)
+batch-input.tsv    ->  batch-runner.sh  ->  N x opencode run workers
+(id, url, source, notes) (iso-orchestrator) (self-contained prompt)
+                           |
+                    batch-state.tsv + .jobforge-runs/
+                    (progress + durable workflow record)
 ```
 
 Each worker is a headless opencode instance (`opencode run`) that receives the full `batch-prompt.md` as context. Workers produce:
@@ -143,9 +143,13 @@ Each worker is a headless opencode instance (`opencode run`) that receives the f
 - PDF
 - Tracker TSV line
 
-The orchestrator manages parallelism, state, retries, and resume.
+The orchestrator manages parallelism, state, retries, and resume. The default
+runner delegates to `scripts/batch-orchestrator.mjs`, which uses
+`@razroo/iso-orchestrator` for bounded bundle fan-out, idempotent bundle steps,
+and mutexed report-number/state writes. Set `JOBFORGE_LEGACY_BATCH_RUNNER=1`
+only if you need the old shell loop.
 
-**Local batch artifacts:** `batch/batch-input.tsv`, `batch/batch-state.tsv`, `batch/logs/`, and `batch/tracker-additions/*.tsv` are created when you run the runner; they are gitignored (with `.gitkeep` in `batch/logs/` and `batch/tracker-additions/`). A fresh clone ships `batch/batch-runner.sh` and `batch/batch-prompt.md` only until you add an input file — see [`batch/README.md`](../batch/README.md) and `batch/batch-runner.sh --help` for the TSV layout and workflow.
+**Local batch artifacts:** `batch/batch-input.tsv`, `batch/batch-state.tsv`, `batch/logs/`, `batch/tracker-additions/*.tsv`, and `.jobforge-runs/` are created when you run the runner; they are gitignored (with `.gitkeep` in `batch/logs/` and `batch/tracker-additions/`). A fresh clone ships `batch/batch-runner.sh` and `batch/batch-prompt.md` only until you add an input file — see [`batch/README.md`](../batch/README.md) and `batch/batch-runner.sh --help` for the TSV layout and workflow.
 
 ## Data Flow
 
@@ -205,6 +209,7 @@ Scripts maintain data consistency. In a consumer project they're invoked via the
 | `scripts/token-usage-report.mjs` | `npx job-forge tokens` | Per-session opencode token/cost report from the SQLite DB |
 | `scripts/trace.mjs` | `npx job-forge trace:list` / `trace:stats` / `trace:show` | Local transcript observability via `@razroo/iso-trace`; common commands default to OpenCode sessions for the consumer project |
 | `scripts/telemetry.mjs` | `npx job-forge telemetry:status` / `telemetry:show` | JobForge operational telemetry derived from OpenCode traces plus tracker TSV state |
+| `scripts/guard.mjs` | `npx job-forge guard:audit` / `guard:explain` | Deterministic `@razroo/iso-guard` policy audits over local OpenCode traces |
 | `tracker-lib.mjs` | _(library)_ | Shared helpers for reading/writing day-based tracker files — imported by merge/dedup/verify/normalize |
 | `bin/sync.mjs` | `npx job-forge sync` | Creates the harness symlinks in a consumer project (also runs as `postinstall`) |
 | `bin/create-job-forge.mjs` | `npx create-job-forge <dir>` | Scaffolds a new personal project |

package/docs/CUSTOMIZATION.md

@@ -125,6 +125,18 @@ npx job-forge telemetry:watch
 
 Telemetry is also local-only and passive. It reads OpenCode's SQLite DB and files under `batch/tracker-additions/`; agents do not need to remember to emit custom events.
 
+## JobForge guard audits
+
+Guard audits run deterministic `@razroo/iso-guard` policies over the same local OpenCode traces. The default policy lives at `templates/guards/jobforge-baseline.yaml` and checks rules that are reliable from transcript data, including max two task dispatches per assistant message, no task-status polling via `task`, no raw proxy configuration in task prompts, and no child session task recursion.
+
+```bash
+npx job-forge guard:audit
+npx job-forge guard:audit <session-id-or-prefix>
+npx job-forge guard:explain
+```
+
+Use `--policy <path>` to audit with a custom policy. This does not add prompt, token, or MCP overhead; JobForge converts local trace rows into guard events inside the CLI process.
+
 **Where Claude Code writes JSONL:** `~/.claude/projects/<encoded-cwd>/*.jsonl`.
 
 **Direct CLI fallback:** `npx -y @razroo/iso-trace@latest stats --source "$HOME/.claude/projects/<encoded-dir>/<session>.jsonl"`

package/docs/README.md

@@ -31,7 +31,7 @@ The harness exposes a single CLI (`job-forge`) installed as a `bin` entry. In a
 
 | What you need | Where to read |
 |---------------|---------------|
-| Full command list (`verify`, `merge`, `dedup`, `normalize`, `pdf`, `sync-check`, `tokens`, `sync`). | [SETUP.md — Tracker and scripts (terminal)](SETUP.md#tracker-and-scripts-terminal). |
+| Full command list (`verify`, `merge`, `dedup`, `normalize`, `pdf`, `sync-check`, `tokens`, `trace`, `telemetry`, `guard`, `sync`). | [SETUP.md — Tracker and scripts (terminal)](SETUP.md#tracker-and-scripts-terminal). |
 | What each harness `.mjs` script does. | [ARCHITECTURE.md — Pipeline integrity](ARCHITECTURE.md#pipeline-integrity) and the scripts table underneath. |
 | Batch runner, TSV layout, and `batch/tracker-additions/` merge flow. | [batch/README.md](../batch/README.md). |
 | PR gate for harness contributions (`npm run verify` + `npm run build:dashboard`). | [CONTRIBUTING.md — Development](../CONTRIBUTING.md#development). |

package/docs/SETUP.md

@@ -3,7 +3,7 @@
 ## Prerequisites
 
 - [opencode](https://opencode.ai) installed and configured
-- Node.js 18+ (for the CLI, PDF generation, and tracker scripts)
+- Node.js 20.6+ (for the CLI, PDF generation, tracker scripts, and durable batch orchestration)
 - [`uv`](https://docs.astral.sh/uv/) installed (`brew install uv` on macOS, or `pipx install uv`). Used by the state-trace MCP to spawn its Python entry point on demand via `uvx`. Without `uv`, the state-trace MCP fails to start; the rest of JobForge keeps working.
 - (Optional) Go (for the dashboard TUI) — use a toolchain that satisfies the `go` directive in [`dashboard/go.mod`](../dashboard/go.mod)
 
@@ -136,6 +136,8 @@ From your project root, these commands maintain the tracker and pipeline checks.
 | List recent JobForge runs with outcomes/issues | `npx job-forge telemetry:list` | `npm run telemetry:list` |
 | Show latest run status + pending TSVs | `npx job-forge telemetry:status` | `npm run telemetry:status` |
 | Show one JobForge run by session id/prefix | `npx job-forge telemetry:show <id>` | `npm run telemetry:show -- <id>` |
+| Audit latest JobForge trace policy | `npx job-forge guard:audit` | `npm run guard:audit` |
+| Show the active guard policy | `npx job-forge guard:explain` | `npm run guard:explain` |
 | Re-create harness symlinks | `npx job-forge sync` | `npm run sync` |
 | Build optional dashboard TUI (Go on `PATH`) | `(cd node_modules/job-forge/dashboard && go build .)` | `npm run build:dashboard` (harness repo only) |
 

package/iso/instructions.md

@@ -51,6 +51,9 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [D6] Pick the mode from the **Routing** table below AND name it explicitly in your first response (e.g., "running auto-pipeline mode", "this is a `compare` request"). If no row matches the user's intent, ask which mode fits; do not guess.
   why: silent mode picks mis-route work (a "negotiation" question answered in `offer` mode produces the wrong report shape); naming the mode out loud makes the routing decision reviewable and gives downstream dispatches a reliable anchor
 
+- [D7] For standalone `batch` runs, prefer `batch/batch-runner.sh` instead of hand-rolling the loop. It delegates to `@razroo/iso-orchestrator`, persists workflow records in `.jobforge-runs/`, caps bundle fan-out, and mutexes state/report-number writes. Use `JOBFORGE_LEGACY_BATCH_RUNNER=1` only as a fallback.
+  why: the old Bash loop encoded resumability and parallelism manually; the iso-orchestrator path makes the durable control state inspectable and prevents report-number collisions under parallel bundles
+
 ## Procedure
 
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.

package/iso/mcp.json

@@ -12,8 +12,7 @@
       }
     },
     "state-trace": {
-      "command": "uvx",
-      "args": ["--from", "state-trace[mcp]", "state-trace-mcp"],
+      "command": "state-trace-mcp",
       "env": {
         "STATE_TRACE_STORAGE_PATH": ".state-trace/memory.db",
         "STATE_TRACE_NAMESPACE": "job-forge",

package/modes/batch.md

@@ -30,6 +30,7 @@ Each worker is a child `opencode run` with a clean 200K token context. The condu
 ## Read These Files
 
 ```
+.jobforge-runs/                  # Durable iso-orchestrator records (gitignored)
 batch/
   batch-input.tsv               # URLs (from conductor or manual)
   batch-state.tsv               # Progress (auto-generated, gitignored)
@@ -66,12 +67,19 @@ d. Execute via Bash:
 batch/batch-runner.sh [OPTIONS]
 ```
 
+`batch-runner.sh` delegates to `scripts/batch-orchestrator.mjs` by default.
+That Node runner uses `@razroo/iso-orchestrator` to persist workflow records in
+`.jobforge-runs/`, cap bundle fan-out with `workflow.forEach`, and serialize
+report-number/state writes while workers run in parallel. If a regression
+requires the old shell loop, run with `JOBFORGE_LEGACY_BATCH_RUNNER=1`.
+
 Options:
 - `--dry-run` — list pending without executing
 - `--retry-failed` — only retry failed ones
 - `--start-from N` — start from ID N
 - `--parallel N` — N workers in parallel
 - `--max-retries N` — attempts per offer (default: 2)
+- `--workflow-id ID` — durable workflow id (default: `jobforge-batch`)
 
 ## Read batch-state.tsv Format
 
@@ -85,6 +93,7 @@ id	url	status	started_at	completed_at	report_num	score	error	retries
 ## Use Resumability
 
 - If it dies → re-run → reads `batch-state.tsv` → skips completed
+- `.jobforge-runs/` keeps the durable run record, step outcomes, and bundle events
 - Lock file (`batch-runner.pid`) prevents double execution
 - Each worker is independent: failure on offer #47 does not affect the rest
 

package/opencode.json

@@ -36,9 +36,6 @@
     "state-trace": {
       "type": "local",
       "command": [
-        "uvx",
-        "--from",
-        "state-trace[mcp]",
         "state-trace-mcp"
       ],
       "environment": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "job-forge",
-  "version": "2.14.13",
+  "version": "2.14.15",
   "description": "AI-powered job search pipeline built on opencode",
   "type": "module",
   "bin": {
@@ -25,6 +25,8 @@
     "telemetry:status": "node bin/job-forge.mjs telemetry:status",
     "telemetry:show": "node bin/job-forge.mjs telemetry:show",
     "telemetry:watch": "node bin/job-forge.mjs telemetry:watch",
+    "guard:audit": "node bin/job-forge.mjs guard:audit",
+    "guard:explain": "node bin/job-forge.mjs guard:explain",
     "plan": "iso plan .",
     "lint:agentmd": "agentmd lint iso/instructions.md",
     "lint:modes": "isolint lint modes/",
@@ -86,9 +88,11 @@
   },
   "license": "MIT",
   "engines": {
-    "node": ">=18"
+    "node": ">=20.6.0"
   },
   "dependencies": {
+    "@razroo/iso-guard": "^0.1.0",
+    "@razroo/iso-orchestrator": "^0.1.0",
     "@razroo/iso-trace": "^0.4.0",
     "playwright": "^1.58.1"
   },