mindforge-cc 10.0.1 → 10.0.3

package/.mindforge/skills/continuous-learning/SKILL.md

@@ -0,0 +1,84 @@
+---
+name: continuous-learning
+version: 1.0.0
+min_mindforge_version: 10.0.3
+status: stable
+triggers: instinct, learned behavior, pattern detection, evolve, auto-learn, skill promotion, confidence, observation, habit, adaptation
+---
+
+# Skill — Continuous Learning
+
+## When this skill activates
+When discussing learned behaviors, instinct management, pattern capture,
+or skill evolution. Also activates during session-end reviews where patterns
+may be captured.
+
+## Mandatory actions when this skill is active
+
+### Understanding the Instinct System
+MindForge automatically observes sessions and captures behavioral patterns as
+"instincts" — lightweight learned behaviors that may evolve into full skills.
+
+**Instinct lifecycle:**
+```
+Observation -> Instinct (confidence: 0.5)
+                  | applied successfully
+              Confidence grows (0.5 -> 0.6 -> 0.7 -> ...)
+                  | confidence >= 0.85 AND applied 5+ times
+              Promotion candidate
+                  | user approves
+              Full SKILL.md created and registered
+```
+
+### Auto-Capture (Always Active)
+The instinct engine runs in auto-capture mode, watching for:
+
+1. **User corrections** -> instinct created at confidence 0.6
+   - "No, always use X instead of Y" -> captures the preference
+2. **Repeated patterns (3+)** -> instinct created at confidence 0.4
+   - Same action pattern 3 times in a session -> probably intentional
+3. **Successful outcomes** -> instinct created at confidence 0.5
+   - Non-obvious action followed by verification pass -> worth remembering
+
+### Managing Instincts
+
+**View active instincts:**
+- Check `.mindforge/engine/instincts/instinct-store.jsonl`
+- Use `/mindforge:status` which includes instinct summary
+
+**Manually capture:**
+- Use `/mindforge:learn-instinct "observation" --behavior "what to do"`
+- Manual instincts start at confidence 0.7 (user-stated = higher trust)
+
+**Promote to skills:**
+- Use `/mindforge:evolve-skills` to review mature instincts
+- Candidates: confidence >= 0.85 AND times_applied >= 5
+- Promotion creates a full SKILL.md and registers in MANIFEST.md
+
+**Deprecate/Prune:**
+- Instincts below 0.2 confidence after 10+ applications are auto-pruned
+- Instincts inactive for 30 days are auto-pruned
+- User can manually deprecate any instinct
+
+### During any task (passive observation)
+- Note patterns that repeat across tasks
+- When user corrects behavior: acknowledge and create instinct
+- At session end: report any new instincts captured
+- Never let instinct count exceed 100 per project (prune lowest confidence)
+
+### After session
+Report instinct activity:
+```
+Instincts this session:
+  [NEW] "Pattern observed" (confidence: 0.5)
+  [REINFORCED] "Existing pattern" (0.6 -> 0.7)
+  [READY] "Mature pattern" -- eligible for promotion
+  
+Active: 47/100 | Promotion candidates: 3
+```
+
+## Self-check before task completion
+- [ ] Did I report any new instincts captured this session?
+- [ ] Did I verify instinct count remains under 100 for this project?
+- [ ] Did I check for promotion candidates meeting the threshold?
+- [ ] Did I confirm captured instincts are project-scoped (not leaking to other projects)?

package/.mindforge/skills/cost-aware-routing/SKILL.md

@@ -0,0 +1,83 @@
+---
+name: cost-aware-routing
+version: 1.0.0
+min_mindforge_version: 10.0.3
+status: stable
+triggers: token budget, model routing, cost optimization, model selection, Haiku, Flash, cheap model, expensive model, cost per token, budget, spend, token usage
+---
+
+# Skill — Cost-Aware Routing
+
+## When this skill activates
+When making model selection decisions, monitoring token spend, optimizing
+for cost-performance tradeoffs, or when budget limits are approaching.
+
+## Mandatory actions when this skill is active
+
+### Model Tier Reference
+
+| Tier | Model | Input/Output per 1M | Best For |
+|------|-------|--------------------:|----------|
+| simple | claude-haiku-4-5 | $0.25 / $1.25 | File reads, simple edits, formatting |
+| standard | claude-sonnet-4-6 | $3 / $15 | Multi-file work, code review, daily tasks |
+| complex | claude-opus-4-7 | $15 / $75 | Architecture, security, hard debugging |
+| research | gemini-2.5-pro | $1.25 / $10 | Web research, long context, synthesis |
+| consult | gpt-4o | $2.50 / $10 | Second opinions, alternative perspectives |
+
+### Routing Rules
+
+**Match task complexity to model tier:**
+- Difficulty 1-3 (single file, obvious change): **simple**
+- Difficulty 3-6 (multi-file, some judgment): **standard**
+- Difficulty 6-8 (cross-system, complex logic): **complex**
+- Difficulty 8-10 (architectural, novel problems): **complex**
+
+**Override rules (always apply):**
+- Security tasks: minimum **standard** (never use simple for auth/payment)
+- Architecture decisions: minimum **complex**
+- File exploration/reading: always **simple**
+- Research requiring web access: **research**
+
+### Cost Optimization Patterns
+
+1. **Start cheap, escalate if needed:**
+   - Try simple tier first for uncertain-complexity tasks
+   - If result quality is insufficient: escalate to next tier
+   - Log escalation with reason
+
+2. **Batch similar tasks:**
+   - 5 simple edits in one call < 5 separate calls
+   - Group related file reads into single exploration
+
+3. **Cache aggressively:**
+   - Prompt caching reduces input costs ~90%
+   - Structure prompts with static context first (cacheable)
+   - Dynamic content last (not cached, but small)
+
+4. **Avoid token waste:**
+   - Don't re-read files already in context
+   - Don't repeat instructions the model already has
+   - Use compaction when context grows large
+
+### Budget Monitoring
+
+Check budget status regularly:
+- Session budget remaining: from token-ledger.jsonl
+- Warning threshold: `[COST_WARN_USD]` from config
+- Hard limit: `[COST_HARD_LIMIT_USD]` from config
+
+**When budget is tight:**
+- Downgrade all tasks one tier (complex→standard, standard→simple)
+- Warn user: "Budget at X% — operating in economy mode"
+- Never exceed hard limit without explicit user approval
+
+### After any task
+- Log actual model used + tokens consumed to token-ledger.jsonl
+- Compare actual vs optimal tier (for future routing accuracy)
+- Report cost in session summary
+
+## Self-check before task completion
+- [ ] Did I log the model routing decision with rationale?
+- [ ] Did I record actual token usage in token-ledger.jsonl?
+- [ ] Did I check remaining budget against session/project limits?
+- [ ] Did I flag any tasks where a cheaper model could have been used?

package/.mindforge/skills/council/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: council
+version: 1.0.0
+min_mindforge_version: 10.0.3
+status: stable
+triggers: council, multi-voice, decision debate, architectural decision, trade-off, ambiguous, contentious, ADR, design decision, breaking change
+---
+
+# Skill — Council (Multi-Voice Decision)
+
+## When this skill activates
+Any ambiguous architectural decision where multiple valid approaches exist,
+when resolving contentious technical choices, or when the Adversarial Decision
+Loop (ADS) produces a split verdict.
+
+## Mandatory actions when this skill is active
+
+### Before invoking council
+1. Verify the decision actually warrants multi-voice debate:
+   - Are there 2+ genuinely viable options? (If one is obviously best, skip council)
+   - Is the decision hard to reverse? (If easily reversible, just pick one and iterate)
+   - Does the decision affect multiple stakeholders or systems?
+2. Frame the decision clearly with: context, options, constraints, and stakes.
+
+### The Four Voices
+
+| Voice | Asks | Bias (intentional) |
+|-------|------|-------------------|
+| **Architect** | "What scales? What's maintainable in 2 years?" | Elegant, extensible systems |
+| **Skeptic** | "What breaks? What haven't we considered?" | Caution, hidden failure modes |
+| **Pragmatist** | "What ships? What delivers value soonest?" | Delivery speed, incrementalism |
+| **Critic** | "What's excellent? What meets our standards?" | Quality, craftsmanship |
+
+### Council Protocol
+1. **Frame** — Present decision with context, options, constraints
+2. **Positions** — Each voice states recommendation + top 3 reasons + confidence (0-1)
+3. **Challenge** — Each voice rebuts the strongest counterargument
+4. **Synthesize** — Produce verdict with consensus score
+5. **Output** — Write to `.planning/decisions/COUNCIL-[timestamp].md`
+
+### Interpreting Results
+
+| Consensus Score | Meaning | Action |
+|----------------|---------|--------|
+| >= 0.85 | Strong agreement | Proceed with confidence |
+| 0.65 - 0.84 | Moderate agreement | Proceed but address dissent concerns |
+| 0.50 - 0.64 | Weak agreement | Seek user input before proceeding |
+| < 0.50 | No consensus | Present all options to user, defer decision |
+
+### Guardrails
+- Council is ADVISORY — user always has final say
+- Maximum 2 rounds (initial + challenge). No infinite debates.
+- Each voice limited to 200 words per round
+- If consensus < 0.5: do NOT auto-select. Report "No consensus" honestly.
+- Always document dissent — suppressed minority opinions create tech debt
+- Use council templates (see `council-templates.md`) for common decision types
+
+### After council
+- Write the decision record to `.planning/decisions/`
+- If the decision creates an ADR: also write to `docs/adr/`
+- Log council invocation and verdict in AUDIT
+- Track the Skeptic's unmitigated risks as action items
+
+## Self-check before task completion
+- [ ] Did I verify the decision warranted a council (not a simple choice)?
+- [ ] Did I document all dissenting opinions (never suppressed)?
+- [ ] Did I write the council verdict to .planning/decisions/?
+- [ ] Did I remind the user that council is advisory (user has final say)?

package/.mindforge/skills/doc-health-audit/SKILL.md

@@ -0,0 +1,102 @@
+---
+name: doc-health-audit
+version: 1.0.0
+min_mindforge_version: 10.0.3
+status: stable
+triggers: documentation audit, doc health, stale docs, outdated documentation, README outdated, doc maintenance, documentation drift, claim validation, doc review, doc coverage, broken links
+compose:
+  - documentation
+---
+
+# Skill — Documentation Health Audit
+
+## When this skill activates
+When reviewing documentation quality, checking for staleness, validating
+code references in docs, or performing periodic maintenance on project documentation.
+
+## Mandatory actions when this skill is active
+
+### Before auditing
+1. Identify all documentation files in the project (README, docs/, CHANGELOG, API docs, etc.)
+2. Note the last modification date of each doc file
+3. Note recent code changes that SHOULD have triggered doc updates
+
+### The 5-Point Health Check
+
+**1. Claim Validation**
+For every factual claim in docs (code examples, API signatures, file paths):
+- Verify the referenced code/file ACTUALLY EXISTS
+- Verify code examples COMPILE and RUN correctly
+- Verify API signatures match current implementation
+- Flag any claim that cannot be verified as "UNVERIFIED"
+
+**2. Staleness Detection**
+A doc is STALE if:
+- Code it references has changed since the doc was last updated
+- More than 20 commits have touched referenced files without doc update
+- It references deprecated APIs, removed features, or old patterns
+- Version numbers or counts are outdated
+
+**3. Coverage Gaps**
+Check for undocumented areas:
+- Public APIs without usage examples
+- Features without user-facing documentation
+- Error codes without explanation
+- Configuration options without description
+- New files/modules without architectural context
+
+**4. Consistency Check**
+Across all docs, verify:
+- Version numbers are consistent (README vs package.json vs CHANGELOG)
+- Naming is consistent (same feature called the same thing everywhere)
+- Instructions don't contradict each other
+- Links between docs are not broken (internal cross-references)
+
+**5. Maintenance Scoring**
+Score each doc file 0-10:
+- 9-10: Current, accurate, comprehensive
+- 6-8: Minor issues (outdated example, missing edge case)
+- 3-5: Significant staleness (multiple outdated references)
+- 0-2: Dangerously outdated (actively misleading)
+
+### Output Format
+
+Write to `.planning/DOC-HEALTH-REPORT-[timestamp].md`:
+```markdown
+# Documentation Health Report
+Date: [timestamp]
+Files audited: [count]
+Overall score: [average across all files]
+
+## Critical Findings (score 0-2)
+| File | Issue | Impact |
+...
+
+## Stale Docs (score 3-5)
+| File | Last Updated | Code Changes Since | Top Issue |
+...
+
+## Healthy Docs (score 6+)
+| File | Score | Minor Issues |
+...
+
+## Coverage Gaps
+- [undocumented area 1]
+- [undocumented area 2]
+
+## Recommendations (prioritized)
+1. [highest impact fix]
+2. ...
+```
+
+### After audit
+- Create action items for all Critical findings (score 0-2)
+- Suggest specific fixes for Stale docs
+- Log audit summary in AUDIT
+- Consider: should any finding become an instinct? (e.g., "always update README when adding new commands")
+
+## Self-check before task completion
+- [ ] Did I verify code references in docs actually exist?
+- [ ] Did I check code examples compile/run correctly?
+- [ ] Did I produce a DOC-HEALTH-REPORT with per-file scores?
+- [ ] Did I create action items for any Critical findings (score 0-2)?

package/.mindforge/skills/multi-llm-consult/SKILL.md

@@ -0,0 +1,75 @@
+---
+name: multi-llm-consult
+version: 1.0.0
+min_mindforge_version: 10.0.3
+status: stable
+triggers: second opinion, cross-model, multi-model, consult, gemini, codex, GPT, alternative model, consensus, multi-LLM, external model, validation
+---
+
+# Skill — Multi-LLM Consult
+
+## When this skill activates
+When seeking a second opinion from external models, validating a decision across
+multiple AI providers, or when the user explicitly requests cross-model consultation.
+
+## Mandatory actions when this skill is active
+
+### Before consulting external models
+1. **Sanitize the prompt.** NEVER send raw project context to external models.
+   - Remove: file paths, internal variable names, proprietary business logic
+   - Remove: API keys, secrets, credentials, internal URLs
+   - Remove: user PII, customer data, anything covered by data-privacy skill
+   - Keep: the abstract question, general patterns, public knowledge references
+2. **Estimate cost.** Each external call costs tokens. Check budget via cost-tracking module.
+3. **Define the question clearly.** Vague questions produce vague answers. Frame as:
+   - "Given [sanitized context], which approach is better: A or B? Why?"
+
+### Configured Models
+
+| Provider | Model | Best For | Cost Tier |
+|----------|-------|----------|-----------|
+| Anthropic | claude-opus-4-7 | Deep reasoning, architecture | complex |
+| Google | gemini-2.5-pro | Research, long context, web grounding | research |
+| OpenAI | gpt-4o | Alternative perspective, validation | consult |
+
+### Consultation Protocol
+
+**Single Consult (one external model):**
+1. Sanitize prompt
+2. Send to selected model
+3. Present response with source attribution
+4. Note areas of agreement/disagreement with primary analysis
+
+**Consensus Consult (all 3 models):**
+1. Sanitize prompt (same prompt to all)
+2. Send to all configured models in parallel
+3. Analyze responses for:
+   - **Agreement** (2+ models recommend same approach): high confidence signal
+   - **Divergence** (models disagree): flag for user decision, present all perspectives
+   - **Novel insight** (one model raises a point others missed): highlight specifically
+4. Produce synthesis:
+   ```
+   Consensus: [Yes/No/Partial]
+   Recommended: [approach]
+   Agreement: [which models agree]
+   Dissent: [which models disagree and why]
+   Novel: [unique insights from individual models]
+   ```
+
+### During consultation
+- Log every external call in token-ledger.jsonl (model, tokens, cost)
+- Never send more than 2000 tokens to external models per consultation
+- If a model is unavailable: skip it, note in output, continue with available models
+- Respect rate limits — max 3 consultations per session
+
+### After consultation
+- Present results to user with clear attribution
+- Never auto-execute based on external model recommendations
+- External opinions are ADVISORY — user sovereignty applies
+- Log consultation summary in AUDIT
+
+## Self-check before task completion
+- [ ] Did I sanitize the prompt before sending to external models?
+- [ ] Did I log every external call in token-ledger.jsonl?
+- [ ] Did I attribute responses to their source model (no unattributed blending)?
+- [ ] Did I remind the user that external opinions are advisory?

package/.mindforge/skills/threat-modeling/SKILL.md

@@ -0,0 +1,109 @@
+---
+name: threat-modeling
+version: 1.0.0
+min_mindforge_version: 10.0.3
+status: stable
+triggers: threat model, STRIDE, attack tree, DREAD, threat surface, trust boundary, attack vector, data flow diagram, DFD, adversary, threat assessment
+compose:
+  - security-review
+---
+
+# Skill — Threat Modeling
+
+## When this skill activates
+When analyzing security threats to a system, component, or feature. When
+constructing attack trees, identifying trust boundaries, or scoring risks
+using structured methodologies.
+
+## Mandatory actions when this skill is active
+
+### Before threat modeling
+1. Switch to `threat-modeler` persona.
+2. Identify the **scope** — what system/component are we modeling?
+3. Gather the system's **data flow** — how does data move through it?
+4. Identify all **trust boundaries** — where does trust level change?
+
+### STRIDE Methodology
+
+Apply STRIDE to each trust boundary crossing:
+
+| Threat | Question | Example |
+|--------|----------|---------|
+| **S**poofing | Can an attacker pretend to be someone else? | Forged auth tokens, session hijacking |
+| **T**ampering | Can data be modified in transit or at rest? | Man-in-the-middle, DB manipulation |
+| **R**epudiation | Can actions be denied without proof? | Missing audit logs, unsigned transactions |
+| **I**nformation Disclosure | Can sensitive data leak? | Error messages with stack traces, verbose APIs |
+| **D**enial of Service | Can the system be overwhelmed? | Unbounded queries, missing rate limits |
+| **E**levation of Privilege | Can a user gain unauthorized access? | Missing authz checks, IDOR, path traversal |
+
+### DREAD Scoring
+
+Score each identified threat (1-10 for each dimension):
+
+| Dimension | 1 (Low) | 5 (Medium) | 10 (High) |
+|-----------|---------|------------|-----------|
+| **D**amage | Minor inconvenience | Data loss for some users | Full system compromise |
+| **R**eproducibility | Requires rare conditions | Requires specific setup | Anyone can reproduce |
+| **E**xploitability | Requires deep expertise | Requires some skill | Script kiddie level |
+| **A**ffected Users | Single user | Subset of users | All users |
+| **D**iscoverability | Hidden, requires source | Findable with effort | Obvious, publicly known |
+
+**Risk Score** = (D + R + E + A + D) / 5
+- Score 1-3: Low risk (monitor)
+- Score 4-6: Medium risk (mitigate within sprint)
+- Score 7-10: High/Critical risk (mitigate IMMEDIATELY)
+
+### Attack Tree Construction
+
+For high-scoring threats, build an attack tree:
+```
+[Goal: Unauthorized admin access]
+├── [OR] Steal admin credentials
+│   ├── [AND] Phish admin user
+│   │   ├── Send convincing email
+│   │   └── Capture credentials on fake page
+│   └── [AND] Exploit password reset
+│       ├── Enumerate valid emails
+│       └── Intercept reset token
+└── [OR] Escalate from regular user
+    ├── [AND] Exploit IDOR
+    │   ├── Find predictable resource IDs
+    │   └── Access admin endpoints directly
+    └── [AND] Exploit role assignment bug
+```
+
+### Output Format
+
+Write to `.planning/THREAT-MODEL-[component]-[timestamp].md`:
+```markdown
+# Threat Model: [Component]
+Date: [timestamp]
+Scope: [what was analyzed]
+
+## Data Flow Diagram
+[ASCII or description of data flow with trust boundaries marked]
+
+## Trust Boundaries
+1. [boundary]: [what crosses it]
+
+## Identified Threats
+| # | Category | Threat | DREAD Score | Mitigation | Status |
+|---|----------|--------|-------------|-----------|--------|
+
+## Attack Trees (for High/Critical threats)
+[Trees for any threat scoring 7+]
+
+## Recommendations
+[Prioritized list of mitigations]
+```
+
+### After threat modeling
+- Review all High/Critical findings with security-reviewer persona
+- Create action items for each unmitigated threat
+- Log threat model in AUDIT with finding counts by severity
+
+## Self-check before task completion
+- [ ] Did I apply STRIDE to ALL trust boundary crossings (not just obvious ones)?
+- [ ] Did I score every identified threat with DREAD?
+- [ ] Did I build attack trees for all threats scoring 7+?
+- [ ] Did I write the threat model to .planning/THREAT-MODEL-[component].md?

package/.mindforge/skills/verification-loop/SKILL.md

@@ -0,0 +1,85 @@
+---
+name: verification-loop
+version: 1.0.0
+min_mindforge_version: 10.0.3
+status: stable
+triggers: verification, quality gate, build check, type check, full verification, security scan, diff review, pre-merge, CI gate, green build, ship check, verify all
+compose:
+  - security-review
+---
+
+# Skill — Verification Loop (6-Phase Quality Gate)
+
+## When this skill activates
+Before shipping, merging, or marking any implementation task as complete.
+Provides a systematic 6-phase verification pipeline that catches issues
+at the cheapest point to fix them.
+
+## Mandatory actions when this skill is active
+
+### The 6 Phases (sequential, fail-fast)
+
+**Phase 1 — Build**
+```bash
+npm run build  # or equivalent for project
+```
+- Must produce zero errors
+- Warnings are acceptable but logged
+- If build fails: fix before proceeding (no skipping)
+
+**Phase 2 — Type Check**
+```bash
+npx tsc --noEmit  # or equivalent
+```
+- All type errors must be resolved
+- No `@ts-ignore` without documented reason
+- Generic `any` types flagged as warnings
+
+**Phase 3 — Lint**
+```bash
+npm run lint
+```
+- All lint errors must be resolved
+- Auto-fixable issues: fix immediately (`--fix`)
+- Non-auto-fixable: resolve manually before proceeding
+
+**Phase 4 — Test**
+```bash
+npm test
+```
+- All tests must pass (zero failures)
+- No skipped tests without documented reason
+- If new code was added: verify test coverage exists
+- Coverage threshold: per project config (default 80%)
+
+**Phase 5 — Security Scan**
+- Check for hardcoded secrets (grep for API keys, passwords, tokens)
+- Check for new dependencies with known vulnerabilities
+- Verify no dangerous code execution patterns (dynamic code evaluation, innerHTML, SQL concatenation) introduced
+- Run security-review skill checklist on the diff
+
+**Phase 6 — Diff Review**
+```bash
+git diff --staged  # or git diff main...HEAD
+```
+- Review every changed line for:
+  - Accidental debug code (console.log, debugger, TODO)
+  - Unintended file changes (lock files, configs)
+  - Sensitive data exposure
+  - Logic errors visible in the diff
+
+### Execution Rules
+- Phases execute in ORDER (1→2→3→4→5→6)
+- Each phase must PASS before the next begins (fail-fast)
+- On failure: report which phase failed, what the error is, suggest fix
+- After fixing: restart from the FAILED phase (not from Phase 1)
+- All 6 phases passing = "green" verification = safe to ship
+
+### Integration
+- `/mindforge:verify-loop` invokes this full pipeline
+- `/mindforge:ship` MUST run verify-loop before proceeding
+- Autonomous mode runs verify-loop after every task (Phase 4+5+6 minimum)
+
+### After verification passes
+- Log verification result in AUDIT with per-phase timing
+- Report: "All 6 verification gates passed. Safe to proceed."

package/CHANGELOG.md

@@ -1,15 +1,34 @@
 # Changelog
 
-## [10.0.1] - 2026-05-24 — "Persona Expansion"
+## [10.0.3] - 2026-05-25 — "Council Awakens"
+
+### Added (v10.0.3)
+
+- **10 new core skills** — agent-loops, multi-llm-consult, continuous-learning, council, verification-loop, threat-modeling, autonomous-loops, agent-introspection-debugging, cost-aware-routing, doc-health-audit.
+- **8 new commands** — `/mindforge:council`, `/mindforge:consult`, `/mindforge:verify-loop`, `/mindforge:introspect`, `/mindforge:cost-report`, `/mindforge:threat-model`, `/mindforge:learn-instinct`, `/mindforge:evolve-skills`.
+- **9 new personas** — cost-optimizer, threat-modeler, council-architect, council-skeptic, council-pragmatist, council-critic, instinct-curator, doc-auditor, multi-model-bridge.
+- **3 new swarm templates** — CouncilSwarm (HITL decision gate), VerificationSwarm (autonomous quality gates), LearningSwarm (instinct management).
+- **Skill Composition System** — Skills can now declare dependencies on other skills via `compose:` frontmatter field. Composed skills are injected as summaries (max 2-level depth, cycle detection).
+- **Instinct Engine** — Auto-capture learned behaviors with confidence scoring. Instincts auto-promote to skills at 0.85 confidence after 5+ successful applications. Project-scoped, max 100 per project.
+- **Cost Tracking Module** — Token budgeting, 5-tier model routing (Haiku/Sonnet/Opus/Gemini/GPT-4o), spend analytics via token-ledger.jsonl.
+- **Council Framework** — 4-voice decision harness (Architect, Skeptic, Pragmatist, Critic) with weighted consensus scoring, dissent documentation, and 5 pre-built templates.
+- **Cross-Iteration Bridge** — SHARED_TASK_NOTES.md for semantic context persistence across autonomous mode iterations (complements HANDOFF.json).
+- **Swarm templates v6.0.0** — Bump from v5.0.0 with 3 new templates (total: 21 swarm templates).
+- **claude-opus-4-7** added to market_registry in config.json.
+- **Loader composition step** — New Step 4.1 in skill loader for resolving `compose:` dependencies.
 
-### Added (v10.0.1)
+---
+
+## [10.0.2] - 2026-05-24 — "Persona Expansion"
+
+### Added (v10.0.2)
 
 - **47 new specialist personas** — Security & Compliance (6), Architecture & System Design (8), Frontend & UX (10), Performance & Reliability (5), Data & ML (4), DevOps & Infrastructure (6), Language Specialists (5), DX & Operations (8), Strategy & Review (9), Specialized Engineering (10).
 - **6 new swarm templates** — ArchitectureSwarm, PerformanceSwarm, InfrastructureSwarm, AccessibilitySwarm, ReviewSwarm, MigrationSwarm.
 - **Updated existing swarms** — UISwarm, BackendSwarm, SecuritySwarm, DeveloperExperienceSwarm, DataMeshSwarm, IncidentResponseSwarm, ComplianceSwarm, QualityAssuranceSwarm now include relevant new specialist personas.
 - **Swarm templates v5.0.0** — Bump from 4.2.0 with expanded member rosters and new specialist orchestration patterns.
 - **Persona registry documentation** — 10 new category tables in `docs/registry/PERSONAS.md`.
-- **Persona reference guide** — Updated `docs/PERSONAS.md` with all 47 entries (total: 79 personas).
+- **Persona reference guide** — Updated `docs/PERSONAS.md` with all 47 entries (total: 108 personas).
 
 ---
 

package/MINDFORGE.md

@@ -1,12 +1,12 @@
-# MINDFORGE.md — Parameter Registry (v10.0.1)
+# MINDFORGE.md — Parameter Registry (v10.0.3)
 
 ## 1. IDENTITY & VERSIONING
 
 [NAME]    = MindForge
-[VERSION] = 10.0.1-BEDROCK
+[VERSION] = 10.0.3-COUNCIL
 [STABLE]  = true
-[MODE]    = \"Bedrock Fortified\"
-[REQUIRED_CORE_VERSION] = 10.0.1
+[MODE]    = \"Council Awakens\"
+[REQUIRED_CORE_VERSION] = 10.0.3
 [SOVEREIGN_IDENTITY] = true
 [SRE_LAYER_ENABLED]  = true
 

package/README.md

@@ -4,9 +4,9 @@
 
 ---
 
-## v10.0.0 — Bedrock Fortified (Production-Grade Architecture)
+## v10.0.3 — Council Awakens
 
-MindForge v9.0.0 "Bedrock Meridian" grounds previously-stub implementations into real, auditable execution. This release introduces grounded wave dispatch via HANDOFF.json, consolidates all memory stores into a single SQLite database, modernizes the model topology to the Claude 4.x family, and adds a 27-assertion integration test chain — completing the transition from framework scaffolding to production-verified infrastructure (Pillars XXIV-XXVIII).
+MindForge v10.0.3 "Council Awakens" introduces the Council decision framework, Instinct Engine, Cost-Aware Routing, 6-phase Verification Loop, and Multi-LLM Consult. This release adds 10 skills (20 core total), 8 commands (71 total), 9 personas (117 total), 3 swarm templates (21 total), and 5 engine subsystems — expanding MindForge's autonomous governance and multi-agent reasoning capabilities.
 
 
 ## Installation & Setup