maestro-flow 0.4.24 → 0.4.26

package/.agents/skills/maestro-impeccable/SKILL.md

@@ -147,7 +147,11 @@ Layer 1 did not match. Check for chain-level keywords — even if the prompt als
 | design system, tokens, design foundation, design infrastructure | foundation |
 | real-time, live, browser | live |
 
-Ambiguous + no `-y` → ask_user.
+Ambiguous + no `-y`:
+
+ask_user (single-select, header: "意图确认"):
+- Options: top 2-3 matched chains from Layer 2 table, each with label = chain name, description = matched keywords
+- Last option: **"直接构建"** — skip chain, route to Layer 3 craft
 
 ### Layer 3: Concrete build task → Direct craft
 

package/.agents/skills/maestro-next/SKILL.md

@@ -220,7 +220,13 @@ brainstorm → blueprint → init → analyze-macro → roadmap
 执行参数: <args>
 ```
 
-`--dry-run` 展示后结束；`-y` 直接 S_EXECUTE；否则 ask_user 提供：执行 top pick / 选备选 / 修改参数 / 取消。
+`--dry-run` 展示后结束；`-y` 直接 S_EXECUTE；否则：
+
+ask_user (single-select, header: "执行确认"):
+- **执行推荐** (Recommended) — run top pick with shown args
+- **选择备选** — pick from alternative commands
+- **修改参数** — adjust args before executing
+- **取消** — do nothing
 
 </presentation>
 

package/.agents/skills/maestro-player/SKILL.md

@@ -147,13 +147,20 @@ S_COMPLETE:
    - **skill/command**: `invoke_skill(skill, resolved_args)` → extract session_id, output_path, artifacts
    - **cli**: `shell(run_in_background: true)` → STOP, wait for callback → `maestro delegate output <id>`
    - **agent**: `delegate_subagent(subagent_type, resolved_args)`
-   - **checkpoint**: write checkpoint snapshot. If auto_continue==false: ask_user (Continue/Pause/Abort)
+   - **checkpoint**: write checkpoint snapshot. If auto_continue==false:
+     ask_user (single-select, header: "Checkpoint"):
+     - **Continue** — proceed to next step
+     - **Pause** — save progress, exit (resume with `-c`)
+     - **Abort** — stop workflow
 4. Set step status="completed" (or "skipped"/"failed"), write status.json
 
 ### A_COMPLETE_SESSION
 
 Set status="completed", completed_at. Display summary: session, template, steps completed, context, per-step results, artifacts, session dir.
-ask_user: Keep session / Run again / Done.
+ask_user (single-select, header: "完成"):
+- **Keep session** — preserve artifacts for reference
+- **Run again** — re-execute with same template
+- **Done** — clean up and exit
 
 </actions>
 

package/.agents/skills/maestro-tools-execute/SKILL.md

@@ -73,10 +73,10 @@ maestro wiki load <knowhow-id>
 
 ### Step 3: Confirm Execution
 
-Ask user:
-- Execute steps as-is?
-- Adjust parameters/scope?
-- View only, do not execute?
+ask_user (single-select, header: "执行方式"):
+- **Execute as-is** (Recommended) — run all steps with current parameters
+- **Adjust parameters** — modify scope or parameters before executing
+- **View only** — display steps without executing
 
 ### Step 4: Step-by-Step Execution
 

package/.agents/skills/spec-load/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: spec-load
 description: Load specs and lessons for current context
-argument-hint: "[--category <category>] [--keyword <word>]"
+argument-hint: "[--scope <scope>] [--category <category>] [--keyword <word>]"
 allowed-tools:
   - read_file
   - shell
@@ -11,8 +11,9 @@ allowed-tools:
 <!-- Open-standard mirror generated by scripts/build-agents-standard.mjs — do not edit; re-run after editing .claude/ source. -->
 
 <purpose>
-Load relevant specs filtered by category (file-level) and/or keyword (entry-level).
+Load relevant specs filtered by scope, category (file-level) and/or keyword (entry-level).
 Category-based loading: loads the category's primary doc in full + matching entries from other files.
+By default, loads from both global (~/.maestro/specs/) and project (.workflow/specs/) layers.
 </purpose>
 
 <required_reading>
@@ -23,6 +24,11 @@ Category-based loading: loads the category's primary doc in full + matching entr
 $ARGUMENTS -- optional flags and keyword
 
 **Flags:**
+- `--scope <scope>` — Load scope (default: global + project merged):
+  - `project`: project baseline only (.workflow/specs/)
+  - `global`: global + project merged (~/.maestro/specs/ + .workflow/specs/)
+  - `team`: project + team shared (.workflow/collab/specs/)
+  - `personal`: project + team + personal (requires uid)
 - `--category <category>` — Load by category: primary category doc (full) + cross-file entries with matching category attr. Categories: coding, arch, test, review, debug, learning, ui.
 - `--keyword <word>` — Filter by keyword within entries
 
@@ -40,7 +46,8 @@ $ARGUMENTS -- optional flags and keyword
 
 **Examples:**
 ```
-/spec-load --category coding            # coding全文 + 跨文件coding条目
+/spec-load --category coding            # coding全文 + 跨文件coding条目 (global + project)
+/spec-load --scope global --category arch  # 明确包含全局 arch 规范
 /spec-load --category review            # review-standards + quality-rules + 跨文件review条目
 /spec-load --category coding --keyword auth
 /spec-load --keyword auth
@@ -59,7 +66,7 @@ Follow '~/.maestro/workflows/specs-load.md' completely.
 <error_codes>
 | Code | Severity | Description | Stage |
 |------|----------|-------------|-------|
-| E001 | fatal | `.workflow/specs/` not initialized -- run `/spec-setup` first | detect_context |
+| E001 | warning | `.workflow/specs/` not initialized -- run `/spec-setup` first (global specs still available) | detect_context |
 | W001 | warning | No matching specs found for keyword -- showing all specs in category instead | load_specs |
 </error_codes>
 

package/.agy/skills/maestro-impeccable/SKILL.md

@@ -146,7 +146,11 @@ Layer 1 did not match. Check for chain-level keywords — even if the prompt als
 | design system, tokens, design foundation, design infrastructure | foundation |
 | real-time, live, browser | live |
 
-Ambiguous + no `-y` → ask_question.
+Ambiguous + no `-y`:
+
+ask_question (single-select, header: "意图确认"):
+- Options: top 2-3 matched chains from Layer 2 table, each with label = chain name, description = matched keywords
+- Last option: **"直接构建"** — skip chain, route to Layer 3 craft
 
 ### Layer 3: Concrete build task → Direct craft
 

package/.agy/skills/maestro-next/SKILL.md

@@ -216,7 +216,13 @@ brainstorm → blueprint → init → analyze-macro → roadmap
 执行参数: <args>
 ```
 
-`--dry-run` 展示后结束；`-y` 直接 S_EXECUTE；否则 ask_question 提供：执行 top pick / 选备选 / 修改参数 / 取消。
+`--dry-run` 展示后结束；`-y` 直接 S_EXECUTE；否则：
+
+ask_question (single-select, header: "执行确认"):
+- **执行推荐** (Recommended) — run top pick with shown args
+- **选择备选** — pick from alternative commands
+- **修改参数** — adjust args before executing
+- **取消** — do nothing
 
 </presentation>
 

package/.agy/skills/maestro-player/SKILL.md

@@ -146,13 +146,20 @@ S_COMPLETE:
    - **skill/command**: `Skill(skill, resolved_args)` → extract session_id, output_path, artifacts
    - **cli**: `run_command(run_in_background: true)` → STOP, wait for callback → `maestro delegate output <id>`
    - **agent**: `invoke_subagent([{ TypeName: "<TypeName>", Role: "<Role>", Prompt: "<Prompt>", Workspace: "inherit" }])`
-   - **checkpoint**: write checkpoint snapshot. If auto_continue==false: ask_question (Continue/Pause/Abort)
+   - **checkpoint**: write checkpoint snapshot. If auto_continue==false:
+     ask_question (single-select, header: "Checkpoint"):
+     - **Continue** — proceed to next step
+     - **Pause** — save progress, exit (resume with `-c`)
+     - **Abort** — stop workflow
 4. Set step status="completed" (or "skipped"/"failed"), write status.json
 
 ### A_COMPLETE_SESSION
 
 Set status="completed", completed_at. Display summary: session, template, steps completed, context, per-step results, artifacts, session dir.
-ask_question: Keep session / Run again / Done.
+ask_question (single-select, header: "完成"):
+- **Keep session** — preserve artifacts for reference
+- **Run again** — re-execute with same template
+- **Done** — clean up and exit
 
 </actions>
 

package/.agy/skills/maestro-tools-execute/SKILL.md

@@ -73,10 +73,10 @@ maestro wiki load <knowhow-id>
 
 ### Step 3: Confirm Execution
 
-Ask user:
-- Execute steps as-is?
-- Adjust parameters/scope?
-- View only, do not execute?
+ask_question (single-select, header: "执行方式"):
+- **Execute as-is** (Recommended) — run all steps with current parameters
+- **Adjust parameters** — modify scope or parameters before executing
+- **View only** — display steps without executing
 
 ### Step 4: Step-by-Step Execution
 

package/.agy/skills/spec-load/SKILL.md

@@ -1,15 +1,16 @@
 ---
 name: spec-load
 description: Load specs and lessons for current context
-argument-hint: [--category <category>] [--keyword <word>]
+argument-hint: [--scope <scope>] [--category <category>] [--keyword <word>]
 allowed-tools:
   - grep_search
   - run_command
   - view_file
 ---
 <purpose>
-Load relevant specs filtered by category (file-level) and/or keyword (entry-level).
+Load relevant specs filtered by scope, category (file-level) and/or keyword (entry-level).
 Category-based loading: loads the category's primary doc in full + matching entries from other files.
+By default, loads from both global (~/.maestro/specs/) and project (.workflow/specs/) layers.
 </purpose>
 
 <required_reading>
@@ -20,6 +21,11 @@ Category-based loading: loads the category's primary doc in full + matching entr
 $ARGUMENTS -- optional flags and keyword
 
 **Flags:**
+- `--scope <scope>` — Load scope (default: global + project merged):
+  - `project`: project baseline only (.workflow/specs/)
+  - `global`: global + project merged (~/.maestro/specs/ + .workflow/specs/)
+  - `team`: project + team shared (.workflow/collab/specs/)
+  - `personal`: project + team + personal (requires uid)
 - `--category <category>` — Load by category: primary category doc (full) + cross-file entries with matching category attr. Categories: coding, arch, test, review, debug, learning, ui.
 - `--keyword <word>` — Filter by keyword within entries
 
@@ -37,7 +43,8 @@ $ARGUMENTS -- optional flags and keyword
 
 **Examples:**
 ```
-/spec-load --category coding            # coding全文 + 跨文件coding条目
+/spec-load --category coding            # coding全文 + 跨文件coding条目 (global + project)
+/spec-load --scope global --category arch  # 明确包含全局 arch 规范
 /spec-load --category review            # review-standards + quality-rules + 跨文件review条目
 /spec-load --category coding --keyword auth
 /spec-load --keyword auth
@@ -56,7 +63,7 @@ Follow '~/.maestro/workflows/specs-load.md' completely.
 <error_codes>
 | Code | Severity | Description | Stage |
 |------|----------|-------------|-------|
-| E001 | fatal | `.workflow/specs/` not initialized -- run `/spec-setup` first | detect_context |
+| E001 | warning | `.workflow/specs/` not initialized -- run `/spec-setup` first (global specs still available) | detect_context |
 | W001 | warning | No matching specs found for keyword -- showing all specs in category instead | load_specs |
 </error_codes>
 

package/.claude/commands/maestro-impeccable.md

@@ -145,7 +145,11 @@ Layer 1 did not match. Check for chain-level keywords — even if the prompt als
 | design system, tokens, design foundation, design infrastructure | foundation |
 | real-time, live, browser | live |
 
-Ambiguous + no `-y` → AskUserQuestion.
+Ambiguous + no `-y`:
+
+AskUserQuestion (single-select, header: "意图确认"):
+- Options: top 2-3 matched chains from Layer 2 table, each with label = chain name, description = matched keywords
+- Last option: **"直接构建"** — skip chain, route to Layer 3 craft
 
 ### Layer 3: Concrete build task → Direct craft
 

package/.claude/commands/maestro-next.md

@@ -218,7 +218,13 @@ brainstorm → blueprint → init → analyze-macro → roadmap
 执行参数: <args>
 ```
 
-`--dry-run` 展示后结束；`-y` 直接 S_EXECUTE；否则 AskUserQuestion 提供：执行 top pick / 选备选 / 修改参数 / 取消。
+`--dry-run` 展示后结束；`-y` 直接 S_EXECUTE；否则：
+
+AskUserQuestion (single-select, header: "执行确认"):
+- **执行推荐** (Recommended) — run top pick with shown args
+- **选择备选** — pick from alternative commands
+- **修改参数** — adjust args before executing
+- **取消** — do nothing
 
 </presentation>
 

package/.claude/commands/maestro-player.md

@@ -145,13 +145,20 @@ S_COMPLETE:
    - **skill/command**: `Skill(skill, resolved_args)` → extract session_id, output_path, artifacts
    - **cli**: `Bash(run_in_background: true)` → STOP, wait for callback → `maestro delegate output <id>`
    - **agent**: `Agent(subagent_type, resolved_args)`
-   - **checkpoint**: write checkpoint snapshot. If auto_continue==false: AskUserQuestion (Continue/Pause/Abort)
+   - **checkpoint**: write checkpoint snapshot. If auto_continue==false:
+     AskUserQuestion (single-select, header: "Checkpoint"):
+     - **Continue** — proceed to next step
+     - **Pause** — save progress, exit (resume with `-c`)
+     - **Abort** — stop workflow
 4. Set step status="completed" (or "skipped"/"failed"), write status.json
 
 ### A_COMPLETE_SESSION
 
 Set status="completed", completed_at. Display summary: session, template, steps completed, context, per-step results, artifacts, session dir.
-AskUserQuestion: Keep session / Run again / Done.
+AskUserQuestion (single-select, header: "完成"):
+- **Keep session** — preserve artifacts for reference
+- **Run again** — re-execute with same template
+- **Done** — clean up and exit
 
 </actions>
 

package/.claude/commands/maestro-tools-execute.md

@@ -71,10 +71,10 @@ maestro wiki load <knowhow-id>
 
 ### Step 3: Confirm Execution
 
-Ask user:
-- Execute steps as-is?
-- Adjust parameters/scope?
-- View only, do not execute?
+AskUserQuestion (single-select, header: "执行方式"):
+- **Execute as-is** (Recommended) — run all steps with current parameters
+- **Adjust parameters** — modify scope or parameters before executing
+- **View only** — display steps without executing
 
 ### Step 4: Step-by-Step Execution
 

package/.claude/commands/spec-load.md

@@ -1,7 +1,7 @@
 ---
 name: spec-load
 description: Load specs and lessons for current context
-argument-hint: "[--category <category>] [--keyword <word>]"
+argument-hint: "[--scope <scope>] [--category <category>] [--keyword <word>]"
 allowed-tools:
   - Read
   - Bash
@@ -9,8 +9,9 @@ allowed-tools:
   - Grep
 ---
 <purpose>
-Load relevant specs filtered by category (file-level) and/or keyword (entry-level).
+Load relevant specs filtered by scope, category (file-level) and/or keyword (entry-level).
 Category-based loading: loads the category's primary doc in full + matching entries from other files.
+By default, loads from both global (~/.maestro/specs/) and project (.workflow/specs/) layers.
 </purpose>
 
 <required_reading>
@@ -21,6 +22,11 @@ Category-based loading: loads the category's primary doc in full + matching entr
 $ARGUMENTS -- optional flags and keyword
 
 **Flags:**
+- `--scope <scope>` — Load scope (default: global + project merged):
+  - `project`: project baseline only (.workflow/specs/)
+  - `global`: global + project merged (~/.maestro/specs/ + .workflow/specs/)
+  - `team`: project + team shared (.workflow/collab/specs/)
+  - `personal`: project + team + personal (requires uid)
 - `--category <category>` — Load by category: primary category doc (full) + cross-file entries with matching category attr. Categories: coding, arch, test, review, debug, learning, ui.
 - `--keyword <word>` — Filter by keyword within entries
 
@@ -38,7 +44,8 @@ $ARGUMENTS -- optional flags and keyword
 
 **Examples:**
 ```
-/spec-load --category coding            # coding全文 + 跨文件coding条目
+/spec-load --category coding            # coding全文 + 跨文件coding条目 (global + project)
+/spec-load --scope global --category arch  # 明确包含全局 arch 规范
 /spec-load --category review            # review-standards + quality-rules + 跨文件review条目
 /spec-load --category coding --keyword auth
 /spec-load --keyword auth
@@ -57,7 +64,7 @@ Follow '~/.maestro/workflows/specs-load.md' completely.
 <error_codes>
 | Code | Severity | Description | Stage |
 |------|----------|-------------|-------|
-| E001 | fatal | `.workflow/specs/` not initialized -- run `/spec-setup` first | detect_context |
+| E001 | warning | `.workflow/specs/` not initialized -- run `/spec-setup` first (global specs still available) | detect_context |
 | W001 | warning | No matching specs found for keyword -- showing all specs in category instead | load_specs |
 </error_codes>
 

package/.codex/skills/learn-second-opinion/SKILL.md

@@ -64,7 +64,7 @@ Wave 1: 3 persona agents in parallel (filter `wave==1 AND status=="pending"`). W
     "summary":       { "type": "string", "maxLength": 500 },
     "error":         { "type": "string" }
   },
-  "required": ["id", "result_status", "summary"]
+  "required": ["id", "result_status", "findings", "summary"]
 }
 ```
 

package/.codex/skills/maestro-milestone-audit/SKILL.md

@@ -44,7 +44,7 @@ id,title,description,scope,check_targets,deps,wave,status,findings,gaps_found,se
 | `check_targets` | Input | Specific verification commands/grep patterns |
 | `deps` | Input | Dependencies (empty — all wave 1) |
 | `wave` | Computed | Wave number (always 1 — single parallel wave) |
-| `status` | Lifecycle | `pending` (initial) → `pass`/`fail`/`warning`/`failed` (set by merge step from worker's `result_status`) |
+| `status` | Lifecycle | `pending` (initial) → `completed`/`failed` (set by merge step from worker's `result_status`) |
 | `findings` | Lifecycle | Detailed findings per dimension (max 500 chars; merged) |
 | `gaps_found` | Lifecycle | Semicolon-separated list of integration gaps (merged) |
 | `severity` | Lifecycle | `critical` / `warning` / `info` per gap (merged) |
@@ -105,18 +105,19 @@ spawn_agents_on_csv({
     type: "object",
     properties: {
       id:            { type: "string" },
-      result_status: { type: "string", enum: ["pass", "fail", "warning", "failed"] },
+      result_status: { type: "string", enum: ["completed", "failed"] },
+      audit_verdict: { type: "string", enum: ["pass", "fail", "warning"], description: "Audit check outcome" },
       findings:      { type: "string", maxLength: 500 },
       gaps_found:    { type: "string", description: "Semicolon-separated list of gaps" },
       severity:      { type: "string", enum: ["critical", "warning", "info", ""] },
       error:         { type: "string" }
     },
-    required: ["id", "result_status", "findings", "severity"]
+    required: ["id", "result_status", "audit_verdict", "findings", "severity"]
   }
 })
 ```
 
-4. Merge results into master `tasks.csv`: map `result_status` → master `status` column, copy `findings`, `gaps_found`, `severity`, `error`. Delete temporary files (`wave-1.csv`, `wave-1-results.csv`) after merge.
+4. Merge results into master `tasks.csv`: map `result_status` → master `status` column, copy `audit_verdict`, `findings`, `gaps_found`, `severity`, `error`. Delete temporary files (`wave-1.csv`, `wave-1-results.csv`) after merge.
 
 #### Integration Checker Worker Contract (AUDIT_INTEGRATION_INSTRUCTION)
 
@@ -134,9 +135,9 @@ REQUIRED STEPS:
   5. Call report_agent_job_result EXACTLY ONCE
 
 TERMINATION CONTRACT (mandatory — NO worker may end without calling report_agent_job_result):
-  - Pass path  → no gaps found → result_status=pass, severity="info"
-  - Warning path → minor gaps → result_status=warning, severity="warning"
-  - Fail path → critical contract drift or broken dependencies → result_status=fail, severity="critical"
+  - Pass path  → no gaps found → result_status=completed, audit_verdict=pass, severity="info"
+  - Warning path → minor gaps → result_status=completed, audit_verdict=warning, severity="warning"
+  - Fail path → critical contract drift or broken dependencies → result_status=completed, audit_verdict=fail, severity="critical"
   - Failure path → cannot read scope, tool error → result_status=failed with error message
   - Timeout path → near 600s, finalize current findings → report with what was collected
   - NEVER skip report_agent_job_result.
@@ -144,7 +145,8 @@ TERMINATION CONTRACT (mandatory — NO worker may end without calling report_age
 OUTPUT (must match output_schema):
   {
     "id": "<your row id>",
-    "result_status": "pass" | "warning" | "fail" | "failed",
+    "result_status": "completed" | "failed",
+    "audit_verdict": "pass" | "warning" | "fail",
     "findings": "<one-sentence summary, max 500 chars>",
     "gaps_found": "<semicolon-separated list of gaps, each with file:line; empty if pass>",
     "severity": "critical" | "warning" | "info" | "",
@@ -157,7 +159,7 @@ CONSTRAINTS:
   - Do NOT call spawn_agents_on_csv (no recursion).
 ```
 5. Parse `gaps_found` from all workers — aggregate into `.workflow/milestones/{milestone}/audit-report.md`
-6. Any worker with `result_status == fail` and `severity == critical` → milestone verdict = FAIL
+6. Any worker with `audit_verdict == fail` and `severity == critical` → milestone verdict = FAIL
 
 ### Step 6: Verdict
 

package/.codex/skills/maestro-ui-codify/SKILL.md

@@ -90,9 +90,9 @@ id,wave,title,description,agent_type,deps
 | `agent_type` | Input | Agent type: discover/extract-style/extract-animation/extract-layout/package/knowhow |
 | `deps` | Input | Semicolon-separated dependency task IDs |
 | `result_status` | Output | `completed` / `failed` (returned via output_schema) |
-| `findings` | Output | Key findings summary (max 500 chars) |
-| `output_path` | Output | Path to generated artifact |
-| `error` | Output | Error message if failed |
+| `findings` | Output | Key findings summary (max 500 chars, via output_schema) |
+| `output_path` | Output | Path to generated artifact (via output_schema) |
+| `error` | Output | Error message if failed (via output_schema) |
 
 ### Session Structure
 

package/.codex/skills/quality-debug/SKILL.md

@@ -110,7 +110,9 @@ id,title,description,hypothesis,deps,context_from,wave,status,findings,evidence_
 | `deps` | Input | Semicolon-separated dependency task IDs (wave 2 depends on wave 1) |
 | `context_from` | Input | Semicolon-separated task IDs whose findings this task needs |
 | `wave` | Input | Wave number (1 = investigation, 2 = fix attempt) |
-| `status` | Lifecycle | `pending` (initial) → `confirmed`/`refuted`/`inconclusive`/`fixed`/`fix_failed`/`failed`/`skipped` (set by merge step from worker's `result_status`) |
+| `status` | Lifecycle | `pending` (initial) → `completed`/`failed`/`skipped` (set by merge step from worker's `result_status`) |
+| `hypothesis_verdict` | Lifecycle | Wave 1 only: `confirmed`/`refuted`/`inconclusive` (merged from worker output) |
+| `fix_result` | Lifecycle | Wave 2 only: `fixed`/`fix_failed` (merged from worker output) |
 | `findings` | Lifecycle | Key findings summary (max 500 chars; merged from worker output) |
 | `evidence_for` | Lifecycle | Evidence supporting the hypothesis (wave 1; merged) |
 | `evidence_against` | Lifecycle | Evidence refuting the hypothesis (wave 1; merged) |
@@ -250,21 +252,22 @@ spawn_agents_on_csv({
   output_schema: {
     type: "object",
     properties: {
-      id:               { type: "string" },
-      result_status:    { type: "string", enum: ["confirmed", "refuted", "inconclusive", "failed"] },
-      findings:         { type: "string", maxLength: 500 },
-      evidence_for:     { type: "string" },
-      evidence_against: { type: "string" },
-      error:            { type: "string" }
+      id:                  { type: "string" },
+      result_status:       { type: "string", enum: ["completed", "failed"] },
+      hypothesis_verdict:  { type: "string", enum: ["confirmed", "refuted", "inconclusive"], description: "Investigation outcome" },
+      findings:            { type: "string", maxLength: 500 },
+      evidence_for:        { type: "string" },
+      evidence_against:    { type: "string" },
+      error:               { type: "string" }
     },
-    required: ["id", "result_status", "findings"]
+    required: ["id", "result_status", "hypothesis_verdict", "findings"]
   }
 })
 ```
 
-3. **Merge**: for each row in `wave-1-results.csv`, look up master row by `id` and write `master.status = result_status`, then copy `findings`, `evidence_for`, `evidence_against`, `error`. Delete `wave-1.csv` and `wave-1-results.csv`.
+3. **Merge**: for each row in `wave-1-results.csv`, look up master row by `id` and write `master.status = result_status`, then copy `hypothesis_verdict`, `findings`, `evidence_for`, `evidence_against`, `error`. Delete `wave-1.csv` and `wave-1-results.csv`.
 4. **Wave 2 gating** (read from MASTER `tasks.csv` after merge, NOT from wave-1-results.csv):
-   - For each `FIX-H{N}` row: read its `context_from` hypothesis ID (e.g., `H{N}`) from master; if master `H{N}.status != "confirmed"`, set `FIX-H{N}.status = "skipped"` (with findings = "upstream {H{N}.status}").
+   - For each `FIX-H{N}` row: read its `context_from` hypothesis ID (e.g., `H{N}`) from master; if master `H{N}.hypothesis_verdict != "confirmed"`, set `FIX-H{N}.status = "skipped"` (with findings = "upstream hypothesis_verdict={H{N}.hypothesis_verdict}").
    - Only rows where `status == "pending"` proceed to wave 2.
 
 #### Wave 1 Worker Contract (WAVE1_INVESTIGATION_INSTRUCTION)
@@ -281,23 +284,24 @@ REQUIRED STEPS:
   1. Read shared discoveries: {sessionFolder}/discoveries.ndjson (may be empty)
   2. Scan codebase for evidence using Read/Grep/Glob (read-only investigation)
   3. Classify the hypothesis based on evidence collected:
-     - confirmed   → strong evidence supports the hypothesis (file:line proof)
-     - refuted     → strong evidence contradicts the hypothesis
-     - inconclusive → insufficient evidence within time budget; do NOT guess
-     - failed      → tool error / cannot read files / blocked by environment
+     - confirmed   → strong evidence supports the hypothesis (file:line proof) → result_status=completed, hypothesis_verdict=confirmed
+     - refuted     → strong evidence contradicts the hypothesis → result_status=completed, hypothesis_verdict=refuted
+     - inconclusive → insufficient evidence within time budget; do NOT guess → result_status=completed, hypothesis_verdict=inconclusive
+     - failed      → tool error / cannot read files / blocked by environment → result_status=failed
   4. Append discoveries to {sessionFolder}/discoveries.ndjson if reusable (root_cause / hypothesis_evidence types)
   5. Call report_agent_job_result EXACTLY ONCE with the verdict
 
 TERMINATION CONTRACT (mandatory — NO worker may end without calling report_agent_job_result):
-  - Success path  → result_status = confirmed | refuted, with evidence
-  - Timeout path  → if approaching {max_runtime_seconds}, STOP investigation and report inconclusive
-  - Failure path  → on any unrecoverable error, report failed with error message
+  - Success path  → result_status=completed, hypothesis_verdict = confirmed | refuted, with evidence
+  - Timeout path  → if approaching {max_runtime_seconds}, STOP investigation and report result_status=completed, hypothesis_verdict=inconclusive
+  - Failure path  → on any unrecoverable error, result_status=failed with error message
   - NEVER continue indefinitely. NEVER exit silently. NEVER omit the call.
 
 OUTPUT (return via report_agent_job_result; must match output_schema):
   {
     "id": "<your row id>",
-    "result_status": "confirmed" | "refuted" | "inconclusive" | "failed",
+    "result_status": "completed" | "failed",
+    "hypothesis_verdict": "confirmed" | "refuted" | "inconclusive",
     "findings": "<one-sentence summary, max 500 chars>",
     "evidence_for": "<bullet list of file:line refs supporting, or empty>",
     "evidence_against": "<bullet list of file:line refs refuting, or empty>",
@@ -328,18 +332,19 @@ spawn_agents_on_csv({
     type: "object",
     properties: {
       id:            { type: "string" },
-      result_status: { type: "string", enum: ["fixed", "fix_failed", "failed"] },
+      result_status: { type: "string", enum: ["completed", "failed"] },
+      fix_result:    { type: "string", enum: ["fixed", "fix_failed"], description: "Fix attempt outcome" },
       findings:      { type: "string", maxLength: 500 },
       fix_applied:   { type: "string" },
       verified:      { type: "string", enum: ["true", "false"] },
       error:         { type: "string" }
     },
-    required: ["id", "result_status", "findings", "verified"]
+    required: ["id", "result_status", "fix_result", "findings", "verified"]
   }
 })
 ```
 
-4. **Merge**: write `master.status = result_status`, copy `findings`, `fix_applied`, `verified`, `error`. Delete `wave-2.csv` and `wave-2-results.csv`.
+4. **Merge**: write `master.status = result_status`, copy `fix_result`, `findings`, `fix_applied`, `verified`, `error`. Delete `wave-2.csv` and `wave-2-results.csv`.
 
 #### Wave 2 Worker Contract (WAVE2_FIX_INSTRUCTION)
 
@@ -359,16 +364,17 @@ REQUIRED STEPS:
   5. Call report_agent_job_result EXACTLY ONCE
 
 TERMINATION CONTRACT (mandatory):
-  - Success path → fix applied AND verified → result_status=fixed, verified="true"
-  - Partial path → fix applied but verification failed → result_status=fix_failed, verified="false"
-  - Timeout path → approaching {max_runtime_seconds} with no fix applied → result_status=fix_failed with error="timeout"
+  - Success path → fix applied AND verified → result_status=completed, fix_result=fixed, verified="true"
+  - Partial path → fix applied but verification failed → result_status=completed, fix_result=fix_failed, verified="false"
+  - Timeout path → approaching {max_runtime_seconds} with no fix applied → result_status=completed, fix_result=fix_failed with error="timeout"
   - Failure path → cannot apply fix (file missing, parse error, etc.) → result_status=failed
   - NEVER continue indefinitely. NEVER exit silently. NEVER omit the call.
 
 OUTPUT (return via report_agent_job_result; must match output_schema):
   {
     "id": "<your row id>",
-    "result_status": "fixed" | "fix_failed" | "failed",
+    "result_status": "completed" | "failed",
+    "fix_result": "fixed" | "fix_failed",
     "findings": "<one-sentence summary of what was changed, max 500 chars>",
     "fix_applied": "<file:line description of the change>",
     "verified": "true" | "false",

package/.codex/skills/security-audit/SKILL.md

@@ -141,7 +141,23 @@ one agent per module. Use `request_user_input` to confirm critical module list b
 
 **STRIDE spawn contract**:
 - CSV columns: `id, module_path, threats_to_assess, deps, wave, status` (initial `status="pending"`); filter `wave==2 AND status=="pending"`.
-- Same `output_schema` as the OWASP spawn above, but `top_issues` JSON items use shape `{stride_category, threat, severity, file:line, mitigation}`.
+- `output_schema`:
+
+```json
+{
+  "type": "object",
+  "properties": {
+    "id":              { "type": "string" },
+    "result_status":   { "type": "string", "enum": ["completed", "failed"] },
+    "findings":        { "type": "string", "maxLength": 500 },
+    "severity_counts": { "type": "string", "description": "JSON: {critical, high, medium, low}" },
+    "top_issues":      { "type": "string", "description": "JSON array: [{stride_category, threat, severity, file:line, mitigation}]" },
+    "error":           { "type": "string" }
+  },
+  "required": ["id", "result_status", "findings"]
+}
+```
+
 - Same termination contract as the OWASP spawn above (mandatory `report_agent_job_result`, read-only, no recursion, timeout → partial findings, etc.).
 - Merge: `result_status` → master `status`; copy `findings`, `severity_counts`, `top_issues`, `error`.
 

package/.codex/skills/team-review/SKILL.md

@@ -187,7 +187,7 @@ You MUST call report_agent_job_result EXACTLY ONCE before exiting. NO exceptions
   "findings": "<key findings, max 500 chars>",
   "files_modified": "<semicolon-separated paths or empty>",
   "finding_count": "<integer or empty>",
-  "verdict": "PASS" | "WARN" | "BLOCK" | "" (REV only),
+  "verdict": "APPROVE" | "CONDITIONAL" | "BLOCK" | "" (REV only),
   "error": "<message if not completed>"
 }
 
@@ -207,7 +207,7 @@ You MUST call report_agent_job_result EXACTLY ONCE before exiting. NO exceptions
     "findings":       { "type": "string", "maxLength": 500 },
     "files_modified": { "type": "string" },
     "finding_count":  { "type": "string" },
-    "verdict":        { "type": "string", "enum": ["PASS", "WARN", "BLOCK", ""] },
+    "verdict":        { "type": "string", "enum": ["APPROVE", "CONDITIONAL", "BLOCK", ""] },
     "error":          { "type": "string" }
   },
   "required": ["id", "result_status", "findings"]