oh-my-customcodex 0.4.3 → 0.4.5

package/dist/cli/index.js

@@ -3091,7 +3091,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.4.3",
+    version: "0.4.5",
     description: "Batteries-included agent harness on top of GPT Codex + OMX",
     type: "module",
     bin: {

package/dist/index.js

@@ -2180,7 +2180,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.4.3",
+  version: "0.4.5",
   description: "Batteries-included agent harness on top of GPT Codex + OMX",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.4.3",
+  "version": "0.4.5",
   "description": "Batteries-included agent harness on top of GPT Codex + OMX",
   "type": "module",
   "bin": {

package/templates/.claude/rules/MUST-agent-design.md

@@ -256,6 +256,12 @@ Recommended practice:
 4. In this Codex port, update `.codex/...` source files and their `templates/.claude/...` mirrors deliberately instead of bulk-copying with shell commands.
 5. For unattended Claude compatibility-template writes, use a reviewed temporary script wrapper and verify the resulting diff; direct Bash/Write/Edit targets under `templates/.claude/**` can all trigger the sensitive-path guard.
 
+Delegation prompt requirement:
+
+Any prompt that delegates work involving `.claude/**`, `templates/.claude/**`, `.claude/outputs/**`, or read-only measurement of those paths MUST include this block verbatim:
+
+> Sensitive-path artifact protocol (mandatory): do not ask a subagent to call Read, Bash, Write, or Edit directly on `.claude/**` or `templates/.claude/**` paths. If Claude compatibility artifacts are required, have the subagent produce the artifact body in `/tmp/{skill}-{timestamp}.md`, then use a reviewed temporary script wrapper or managed file-write API for the final checked-in path. Do not use direct Write/Edit/Bash targets under `.claude/**` in unattended flows.
+
 ## Separation of Concerns
 
 | Location | Purpose | Contains |

package/templates/.claude/skills/agora/SKILL.md

@@ -23,6 +23,10 @@ source:
 - `gemini-exec` skill (Gemini 호출)
 - Agent Teams enabled (`OMCODEX_AGENT_TEAMS=1`) or Agent tool available
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/dag-orchestration/SKILL.md

@@ -57,7 +57,7 @@ nodes:
     depends_on: [test, review, docs]
 
 config:
-  max_parallel: 4          # R009 limit
+  max_parallel: 4          # R009 soft default (hard cap: 5)
   failure_strategy: stop   # stop | skip | retry
   retry_count: 2           # Max retries per node (if strategy=retry)
   timeout_per_node: 300    # Seconds per node (0 = no limit)
@@ -76,19 +76,28 @@ config:
    c. On completion:
       - Success → decrement in-degree of dependents
       - Failure → apply failure_strategy
-   d. Enqueue newly-ready nodes (in-degree = 0)
+   d. Stall check:
+      - If running node duration > 2x average completed duration
+      - AND pending nodes exist with in-degree = 0 (ignoring stalled node's edges)
+      - THEN enqueue those independent nodes immediately (adaptive split)
+   e. Enqueue newly-ready nodes (in-degree = 0)
 6. Verify all nodes executed (detect unreachable nodes)
 ```
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Execution Rules
 
 | Rule | Detail |
 |------|--------|
-| Max parallel | 4 concurrent nodes (R009) |
+| Max parallel | 5 concurrent nodes max, 4 default (R009) |
 | Agent Teams gate | 3+ parallel nodes → check R018 eligibility |
 | Orchestrator only | DAG scheduling runs in main conversation (R010) |
 | Node execution | Each node = one Task tool call to specified agent |
 | State tracking | `/tmp/.codex-dag-$PPID.json` |
+| Stall detection | Running node > 2x avg completed duration → enqueue independent pending nodes early |
 
 ## Failure Strategies
 
@@ -219,3 +228,22 @@ See `.codex/agents/tracker-checkpoint.md` for the agent contract.
 - Max 20 nodes per workflow (complexity guard)
 - Nested DAGs not supported (flatten instead)
 - Cross-workflow dependencies not supported
+
+## External References
+
+### Multica — Managed Agent Platform
+
+> Reference: [Multica](https://github.com/multica-ai/multica) — managed agent platform for Claude Code/Codex.
+> Verdict: INTEGRATE (external reference, not internalize)
+
+Multica's task lifecycle pattern (enqueue → claim → start → complete/fail) is a useful reference for DAG node state management:
+
+| Multica State | DAG Equivalent | Notes |
+|---------------|---------------|-------|
+| enqueue | pending | Node waiting for dependencies |
+| claim | ready | Dependencies resolved, ready to execute |
+| start | running | Agent spawned and executing |
+| complete | completed | Node finished successfully |
+| fail | failed | Node execution failed |
+
+Consider this pattern when extending DAG node state tracking or implementing retry logic.

package/templates/.claude/skills/de-lead-routing/SKILL.md

@@ -219,6 +219,10 @@ Delegate to mgr-creator with context:
 - Unfamiliar data formats or connectors
 - Data tool detected in project but no specialist agent
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 This skill is NOT user-invocable. It should be automatically triggered when the main conversation detects data engineering intent.

package/templates/.claude/skills/deep-plan/SKILL.md

@@ -82,22 +82,39 @@ Phase 2: Reality-Check Planning
    - Each ADOPT item: Does it already exist? Partially implemented?
    - Each ADAPT item: What is the current state to adapt from?
    - Each AVOID item: Are the alternatives already available?
-3. **Gap Analysis**: Build a reconciliation table:
+3. **Deliverable Dependency Verification**: After exploration, verify inter-deliverable dependencies:
+   - For each deliverable pair, check: do they share files, functions, or modules?
+   - Classify each pair: `independent` (parallel-safe), `sequential` (order required), `shared-state` (synchronization needed)
+   - **Default bias**: Assume `independent` unless exploration finds concrete shared state
+   - Build dependency matrix:
 
    ```
-   | Research Finding | Actual Code State | Gap Type | Action |
-   |-----------------|-------------------|----------|--------|
-   | "No caching"    | Redis client exists | Overestimate | Remove from plan |
-   | "Need auth middleware" | No auth layer | Real gap | Keep in plan |
-   | "Migrate to v3" | Already on v3.1 | Overestimate | Remove from plan |
-   | "Add rate limiting" | Basic limiter exists | Partial gap | Adapt existing |
+   | Deliverable A | Deliverable B | Classification | Evidence |
+   |---------------|---------------|----------------|----------|
+   | D1: Auth      | D2: API       | independent    | No shared files |
+   | D1: Auth      | D3: Tests     | sequential     | D3 tests D1 output |
    ```
 
-4. **Refined Plan**: Write implementation plan containing ONLY real gaps:
+   - **Orchestrator override**: The dependency classification is advisory. The orchestrator or user can reclassify pairs when the automated analysis is overly conservative.
+
+4. **Gap Analysis**: Build a reconciliation table:
+
+   ```
+   | Research Finding | Actual Code State | Gap Type | Action | Dependencies |
+   |-----------------|-------------------|----------|--------|-------------|
+   | "No caching"    | Redis client exists | Overestimate | Remove from plan | — |
+   | "Need auth middleware" | No auth layer | Real gap | Keep in plan | D3 (sequential) |
+   | "Migrate to v3" | Already on v3.1 | Overestimate | Remove from plan | — |
+   | "Add rate limiting" | Basic limiter exists | Partial gap | Adapt existing | independent |
+   ```
+
+5. **Refined Plan**: Write implementation plan containing ONLY real gaps:
    - Remove overestimates (already implemented)
    - Adjust partial gaps (adapt, don't rebuild)
    - Prioritize real gaps by impact
-5. **User Approval**: `ExitPlanMode` presents the refined plan for user review
+6. **User Approval**: `ExitPlanMode` presents the refined plan for user review
+   - Include dependency matrix in plan output
+   - Display override option: "Dependency classifications are advisory. Reply with reclassifications if needed."
 
 ### Phase 3: Plan Verification Research
 
@@ -332,6 +349,8 @@ Phase 3 verification report is persisted by the final synthesis agent:
 .codex/outputs/sessions/{YYYY-MM-DD}/deep-plan-{HHmmss}.md
 ```
 
+Sensitive-path artifact protocol (mandatory): if any research, planning, or verification delegate must touch `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**`, include the protocol directly in that delegate prompt. The delegate must write artifact bodies to `/tmp/deep-plan-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 With metadata header:
 ```markdown
 ---

package/templates/.claude/skills/deep-verify/SKILL.md

@@ -73,6 +73,7 @@ Each agent receives the full diff and returns findings as structured JSON:
 - Verify all changes align with project's compilation metaphor (Skills=source, Agents=artifacts, Rules=spec)
 - Check separation of concerns: no agents containing skill logic, no skills with agent definitions
 - Verify orchestrator rules: no new file writes from orchestrator context
+- Verify sensitive-path delegation: prompts that touch `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**` include the exact phrase `Sensitive-path artifact protocol (mandatory)`, require an explicit `/tmp/{skill}-{timestamp}.md` artifact body path, mention `Read, Bash, Write, or Edit` coverage, and do not rely on a single vague `/tmp` recommendation
 - Check advisory-first: no new hard-blocking hooks introduced
 - Confirm no feature regressions: existing APIs preserved, test coverage maintained
 - Performance sanity: no O(n^2) on large datasets, no missing indexes for new queries

package/templates/.claude/skills/dev-lead-routing/SKILL.md

@@ -8,6 +8,10 @@ context: fork
 
 # Dev Lead Routing
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Engineers
 
 | Type | Agents |
@@ -20,6 +24,7 @@ context: fork
 | Architect | arch-documenter, arch-speckit-agent |
 | Security | sec-codeql-expert |
 | Infra | infra-docker-expert, infra-aws-expert |
+| Slack | slack-cli-expert |
 
 ## File Extension Mapping
 
@@ -74,6 +79,7 @@ context: fork
 | security, codeql, cve, vulnerability, sarif, sast, security audit | sec-codeql-expert |
 | architecture, adr, openapi, swagger, diagram | arch-documenter |
 | spec, specification, tdd, requirements | arch-speckit-agent |
+| slack, slack-cli, slack app, slack deploy, slack trigger, slack datastore | slack-cli-expert |
 
 ## Model Selection
 

package/templates/.claude/skills/hada-scout/SKILL.md

@@ -1,92 +1,148 @@
 ---
 name: hada-scout
-description: hada.io RSS feed monitoring for AI agent/harness articles with automated /scout analysis
-scope: package
-version: 1.0.0
-user-invocable: false
+description: hada.io RSS feed monitoring with LLM pre-scout filtering for oh-my-customcodex relevance
+scope: core
+version: 2.0.0
+user-invocable: true
+argument-hint: "[--limit N] [--threshold N]"
 ---
 
 # hada-scout
 
-Automated pipeline that monitors hada.io (via feedburner RSS) for AI agent, harness, benchmark, and eval-related articles, then runs `/scout` analysis on each match.
+3-phase in-session pipeline that monitors hada.io (via feedburner RSS) for relevant articles,
+uses a haiku LLM batch to pre-score relevance, and dispatches full `/scout` analysis only on
+high-scoring candidates.
+
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
 
 ## Purpose
 
-Complement geeknews-scout with harness/eval-focused coverage from hada.io. While geeknews-scout casts a broad net over AI agent news, hada-scout narrows to benchmark/evaluation framework content — the domain most relevant to oh-my-customcodex's harness and agent-eval subsystems.
+Replace the v1.0 keyword-regex approach with context-aware LLM pre-scoring. Haiku evaluates
+all feed titles in a single batch call, reducing false positives from ~30-40% to ~5-10% and
+eliminating the external CronJob dependency for user-invoked runs.
+
+## Architecture: 3-Phase In-Session Pipeline
 
-## Architecture: 2-Layer Hybrid
+### Phase 1 — Fetch & Parse
 
-### Layer 1 — check-feed.sh (feed → issues)
+1. WebFetch the hada.io RSS feed (`https://feeds.feedburner.com/geeknews-feed`)
+2. Parse all items: title, URL, publication date
+3. Default: latest 50 items (configurable via `--limit` or `HADA_SCOUT_LIMIT`)
 
-1. Fetch hada.io feedburner RSS
-2. Filter entries by keyword regex (case-insensitive)
-3. Dedup against existing `hada-scout` issues
-4. Create GitHub issue per match with labels `hada-scout` + `pending-scout`
+### Phase 2 — Pre-Scout (haiku batch)
 
-### Layer 2 — scout-runner.sh (issues → /scout)
+1. Spawn 1 haiku agent with ALL item titles as a single batch input
+2. Agent evaluates each title against oh-my-customcodex's domain (see prompt template below)
+3. Returns relevance score (0–100) and a 1-line reason for each item
+4. Threshold: ≥ 60 passes to Phase 3 (configurable via `--threshold` or `HADA_SCOUT_THRESHOLD`)
+5. Cost: ~$0.01–0.05 for 50 items
 
-1. Find open issues with `pending-scout` label
-2. Extract source URL from issue body
-3. Run `claude -p "/scout {url}"` (max 5 executions per run)
-4. Parse verdict from /scout output
-5. Apply verdict label, remove `pending-scout`
+### Phase 3 — Scout Dispatch
 
-## Keyword Strategy
+1. Dedup: check existing `hada-scout` labeled issues via `gh issue list --label hada-scout`
+2. For each passing item (max 5 per run, configurable via `MAX_SCOUT_PER_RUN`):
+   - Run full `/scout` analysis via Skill tool invocation
+   - Scout creates GitHub issue with verdict label on `baekenough/oh-my-customcodex`
+   - Add `hada-scout` label to the created issue
+3. Dispatch up to 4 scouts in parallel per R009
 
-hada-scout uses harness/benchmark/eval focused keywords, distinct from geeknews-scout's broader AI agent coverage:
+## Pre-Scout Prompt Template
+
+The haiku agent receives the following system prompt:
 
 ```
-harness|benchmark|eval|evaluation framework|agent framework|코드 리뷰 자동화|하네스|벤치마크|평가
+You are a relevance filter for the oh-my-customcodex project — an AI agent harness/orchestration
+system built on GPT Codex + OMX with 44 agents, 74 skills.
+
+Project domains (HIGH relevance):
+- AI agent orchestration, multi-agent systems, agent design patterns
+- Harness, benchmark, evaluation frameworks for AI agents
+- GPT Codex, OMX, MCP protocol
+- Code review automation, development workflow automation
+- Agent sandbox, isolation, security patterns
+- LLM-assisted development tools and methodologies
+
+Project domains (MEDIUM relevance):
+- General AI/ML tooling that could be adapted for agent workflows
+- DevOps automation patterns applicable to agent infrastructure
+- New programming paradigms for AI-assisted development
+
+NOT relevant:
+- Pure frontend/UI frameworks without agent connection
+- Business/management topics
+- Hardware, networking, non-AI infrastructure
+- Social media, marketing tools
+
+For each item below, return: score (0-100) | reason (1 line)
+
+Items:
+{numbered_item_list}
 ```
 
-Geeknews-scout handles: `Claude|Anthropic|MCP|AI agent|에이전트|agentic|multi-agent|...`
+## Display Format
+
+```
+[hada-scout] Scanning hada.io feed...
+├── Phase 1: Fetched {n} items
+├── Phase 2: Pre-scout → {passed}/{total} items passed (threshold: {t}%)
+│   ├── ✓ {title1} (score: {s1}%)
+│   ├── ✓ {title2} (score: {s2}%)
+│   └── ✗ {title3} (score: {s3}%) — skipped
+├── Phase 3: Scout dispatch ({n} items, max 5)
+│   ├── [1] /scout {url1} → {verdict}
+│   └── [2] /scout {url2} → {verdict}
+└── [Done] {created}/{dispatched} issues created
+```
 
 ## Label Scheme
 
 | Label | Purpose |
 |-------|---------|
 | `hada-scout` | Source identification — all hada-scout created issues |
-| `pending-scout` | Awaiting /scout analysis (set by Layer 1, cleared by Layer 2) |
 | `scout:internalize` | /scout verdict: adopt into project |
 | `scout:integrate` | /scout verdict: use as external dependency |
 | `scout:skip` | /scout verdict: not relevant |
 
 ## Cost Controls
 
-- Layer 2 runs at most **5 /scout executions per cron invocation**
-- Each /scout call costs ~$0.5–1.5 (sonnet)
-- Remaining `pending-scout` issues are processed in the next scheduled run
-
-## Deployment
-
-- Pattern: same K8s CronJob structure as `infra/geeknews-scout/`
-- Host: `ubuntu-ext` cluster
-- Infrastructure files: `infra/hada-scout/`
-  - `check-feed.sh` — Layer 1 feed poller
-  - `scout-runner.sh` — Layer 2 /scout executor
-  - `Dockerfile`
-  - `cronjob.template.yaml`
-  - `deploy.sh`
-  - `.env.example`
+| Stage | Model | Estimated Cost |
+|-------|-------|----------------|
+| Pre-scout (Phase 2) | haiku | ~$0.01–0.05 per run (50 items) |
+| Full scout (Phase 3) | sonnet | ~$0.5–1.5 per item, max 5 per run |
+| Total max per invocation | — | ~$8 |
 
 ## Environment Variables
 
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `GH_TOKEN` | (required) | GitHub PAT for issue creation |
-| `REPO` | `baekenough/oh-my-customcodex` | Target repo |
-| `FEED_URL` | `http://feeds.feedburner.com/geeknews-feed` | hada.io RSS feed |
-| `KEYWORDS` | (see above) | Pipe-separated keyword regex |
-| `MAX_SCOUT_PER_RUN` | `5` | Max /scout executions per Layer 2 run |
+| `FEED_URL` | `https://feeds.feedburner.com/geeknews-feed` | RSS feed URL |
+| `HADA_SCOUT_THRESHOLD` | `60` | Pre-scout score threshold (0–100) |
+| `HADA_SCOUT_LIMIT` | `50` | Max feed items to fetch and score |
+| `MAX_SCOUT_PER_RUN` | `5` | Max /scout executions per invocation |
+| `GH_TOKEN` | (required) | GitHub PAT for issue creation and dedup |
 
 ## Integration
 
 | Rule | How |
 |------|-----|
-| R009 | Layer 1 and Layer 2 run as independent CronJobs |
-| R010 | Skill defines the architecture; implementation delegated to infra-docker-expert for K8s manifests |
-| scout skill | Layer 2 invokes `/scout` via `claude -p` subprocess |
-
-## Tracking Issue
+| R009 | Phase 3 scout dispatches run in parallel (up to 4 concurrent) |
+| R010 | Orchestrator manages phases; analysis delegated to haiku/sonnet agents |
+| R015 | Pre-scout scores and reasons displayed before dispatching full scouts |
+| scout skill | Phase 3 invokes `/scout` via Skill tool for each candidate URL |
+
+## Differences from v1.0
+
+| Aspect | v1.0 (keyword) | v2.0 (LLM pre-scout) |
+|--------|----------------|----------------------|
+| Filtering | Regex keyword match | LLM relevance scoring (haiku) |
+| Invocation | External CronJob only | User-invocable `/hada-scout` + CronJob |
+| Precision | Low (keyword false positives) | High (context-aware scoring) |
+| Cost per scan | $0 (regex) + $2.5–7.5 (/scout) | $0.05 (pre-scout) + $2.5–7.5 (/scout) |
+| False positive rate | ~30–40% | ~5–10% |
+| Scope | `package` | `core` |
+
+## Tracking
 
 GitHub Issue #841

package/templates/.claude/skills/harness-eval/SKILL.md

@@ -14,6 +14,10 @@ version: 1.0.0
 
 Evaluate agent quality using 15 structured software engineering task definitions with quantitative scoring. Based on research from [revfactory/claude-code-harness](https://github.com/revfactory/claude-code-harness) which demonstrated 60% improvement (49.5 → 79.3 points) through structured pre-configuration.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/omcodex-improve-report/SKILL.md

@@ -13,6 +13,10 @@ Display improvement suggestions from eval-core analysis engine as read-only repo
 
 Surface actionable improvement suggestions gathered by the eval-core analysis engine. Reads from eval-core's local database and renders insights as structured markdown. Useful for understanding routing quality, skill effectiveness, and agent usage patterns.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/omcodex-takeover/SKILL.md

@@ -14,6 +14,10 @@ Extract a canonical specification from an existing agent or skill file. Inspired
 
 When an agent or skill has evolved organically without a formal spec, `omcodex:takeover` reverse-engineers a structured specification that captures its intent, invariants, workflow contract, and I/O contract.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/optimize-analyze/SKILL.md

@@ -22,6 +22,10 @@ target           Build output path or project root (optional, auto-detects)
 --verbose, -v    Show detailed analysis
 ```
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Workflow
 
 ```

package/templates/.claude/skills/optimize-report/SKILL.md

@@ -18,6 +18,10 @@ Generate comprehensive optimization report with analysis, metrics, and recommend
                  Default: text
 ```
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Workflow
 
 ```

package/templates/.claude/skills/professor-triage/SKILL.md

@@ -2,7 +2,7 @@
 name: professor-triage
 description: Analyze GitHub issues against current codebase and perform automated triage with priority assessment
 scope: harness
-version: 2.1.0
+version: 2.2.0
 user-invocable: true
 effort: high
 context: fork
@@ -126,27 +126,27 @@ For each analyzed issue, generate multi-perspective analysis comments and artifa
 ```
 ## 🏛️ Senior Architect Analysis
 
-### Architecture Impact
-| Component | Impact | Risk |
-|-----------|--------|------|
-| {component} | {description} | {High/Medium/Low} |
+### 아키텍처 영향
+| 컴포넌트 | 영향 | 위험도 |
+|----------|------|--------|
+| {컴포넌트} | {설명} | {High/Medium/Low} |
 
-### Code-Level Analysis
-{Specific file:line references from Phase 2 codebase analysis}
+### 코드 수준 분석
+{Phase 2 코드베이스 분석의 구체적 file:line 참조}
 
-### Strategic Assessment
-- **Feasibility**: {assessment with evidence}
-- **Priority recommendation**: {P1/P2/P3 with rationale}
+### 전략적 평가
+- **실현 가능성**: {근거가 포함된 평가}
+- **우선순위 권장**: {P1/P2/P3 및 근거}
 
-### Risk & Considerations
-| Risk | Likelihood | Mitigation |
-|------|-----------|------------|
-| {risk} | {High/Medium/Low} | {mitigation} |
+### 리스크 및 고려사항
+| 리스크 | 가능성 | 완화 방안 |
+|--------|--------|----------|
+| {리스크} | {High/Medium/Low} | {완화 방안} |
 
-**Estimated effort**: {XS/S/M/L/XL}
+**예상 작업량**: {XS/S/M/L/XL}
 
 ---
-_🏛️ Senior Architect perspective — `/professor-triage` v2.1.0_
+_🏛️ Senior Architect perspective — `/professor-triage` v2.2.0_
 ```
 
 **4B: 🤝 Project Colleague Review** — Delegate to arch-documenter (model: sonnet) to post GitHub comment:
@@ -154,19 +154,19 @@ _🏛️ Senior Architect perspective — `/professor-triage` v2.1.0_
 ```
 ## 🤝 Project Colleague Review
 
-### Implementation Ideas
-{Concrete code locations and change suggestions with file:line references}
+### 구현 아이디어
+{구체적 코드 위치 및 file:line 참조가 포함된 변경 제안}
 
-### Easy-to-Miss Details
-- {Name collisions, validation bypasses, race conditions, edge cases}
+### 놓치기 쉬운 세부사항
+- {이름 충돌, 유효성 검사 우회, 경쟁 조건, 엣지 케이스}
 
-### Suggested Next Steps
-1. {Actionable step with specific file/function reference}
-2. {Actionable step}
-3. {Actionable step}
+### 권장 다음 단계
+1. {구체적 file/function 참조가 포함된 실행 가능한 단계}
+2. {실행 가능한 단계}
+3. {실행 가능한 단계}
 
 ---
-_🤝 Project Colleague perspective — `/professor-triage` v2.1.0_
+_🤝 Project Colleague perspective — `/professor-triage` v2.2.0_
 ```
 
 Note: Do NOT include a "First Impressions" (첫인상) section in the Colleague Review — this was explicitly excluded per user feedback.
@@ -176,38 +176,38 @@ Note: Do NOT include a "First Impressions" (첫인상) section in the Colleague
 ```
 ## 🎓 Professor Synthesis
 
-### Codebase Verification
-| Claim (from Architect/Colleague) | Verified | Evidence |
-|----------------------------------|----------|----------|
-| {claim} | ✅/⚠️/❌ | {file:line or git evidence} |
+### 코드베이스 검증
+| 주장 (Architect/Colleague) | 검증 | 근거 |
+|---------------------------|------|------|
+| {주장} | ✅/⚠️/❌ | {file:line 또는 git 근거} |
 
-### Consensus & Divergence
-| Topic | Architect | Colleague | Verdict |
-|-------|-----------|-----------|---------|
-| {topic} | {position} | {position} | {synthesized judgment} |
+### 합의 및 이견
+| 주제 | Architect | Colleague | 판정 |
+|------|-----------|-----------|------|
+| {주제} | {입장} | {입장} | {종합 판단} |
 
-### Priority Matrix
-| Dimension | Assessment |
-|-----------|-----------|
-| Urgency | {High/Medium/Low} |
-| Importance | {High/Medium/Low} |
-| Size | {XS/S/M/L/XL} |
-| Recommended order | {N of M in batch} |
+### 우선순위 매트릭스
+| 차원 | 평가 |
+|------|------|
+| 긴급성 | {High/Medium/Low} |
+| 중요성 | {High/Medium/Low} |
+| 규모 | {XS/S/M/L/XL} |
+| 권장 순서 | {배치 내 N/M} |
 
-### Missed Perspectives
-{Considerations neither Architect nor Colleague raised}
+### 누락된 관점
+{Architect나 Colleague 모두 제기하지 않은 고려사항}
 
-### Execution Roadmap
-| Phase | Task | Files | Depends on |
-|-------|------|-------|-----------|
-| 1 | {task} | {files} | — |
-| 2 | {task} | {files} | Phase 1 |
+### 실행 로드맵
+| 단계 | 작업 | 파일 | 의존성 |
+|------|------|------|--------|
+| 1 | {작업} | {파일} | — |
+| 2 | {작업} | {파일} | 단계 1 |
 
-### Final Conclusion
-{2-3 sentence synthesis with definitive recommendation}
+### 최종 결론
+{확정적 권장 사항이 포함된 2-3문장 종합}
 
 ---
-_🎓 Professor Synthesis — `/professor-triage` v2.1.0_
+_🎓 Professor Synthesis — `/professor-triage` v2.2.0_
 ```
 
 **4D: Issue Triage Comment (MANDATORY)** — Every analyzed issue MUST receive a triage comment. This is not optional — even for issues created in the same session or with existing analysis. Skipping comments breaks the triage audit trail. Delegate to mgr-gitnerd to post on each analyzed issue:
@@ -215,14 +215,14 @@ _🎓 Professor Synthesis — `/professor-triage` v2.1.0_
 ```
 ## 🔬 Professor Triage — Codebase Analysis Result
 
-**Decision**: {Close (Already Resolved) | Close (Not Applicable) | Close (Duplicate of #NNN) | Open — action required | Open — monitoring}
-**Rationale**: {1-2 line summary based on codebase findings}
-**Affected files**: {N} analyzed — {N}✅ {N}⚠️ {N}❌
-**Risk**: {P1/P2/P3} | **Size**: {XS/S/M/L/XL}
-**Full report**: {artifact path}
+**결정**: {Close (Already Resolved) | Close (Not Applicable) | Close (Duplicate of #NNN) | Open — action required | Open — monitoring}
+**근거**: {코드베이스 분석 기반 1-2줄 요약}
+**영향 파일**: {N}개 분석 — {N}✅ {N}⚠️ {N}❌
+**리스크**: {P1/P2/P3} | **규모**: {XS/S/M/L/XL}
+**전체 리포트**: {artifact path}
 
 ---
-_Analyzed by `/professor-triage` v2.1.0 against current codebase with {N} related issues_
+_`/professor-triage` v2.2.0에 의해 현재 코드베이스 대비 분석됨 — 관련 이슈 {N}개_
 ```
 
 **4E: Artifact Report** — Delegate to arch-documenter to write:
@@ -231,39 +231,41 @@ Path: `.codex/outputs/sessions/YYYY-MM-DD/professor-triage-HHmmss.md`
 
 Timestamps use local machine time (consistent with other artifact skills).
 
+Sensitive-path artifact protocol (mandatory): if a delegated agent must create or inspect Claude compatibility artifacts under `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**`, include this protocol in the delegated prompt. The agent must produce artifact bodies in `/tmp/professor-triage-{timestamp}.md` first and must not call Read, Bash, Write, or Edit directly on `.claude/**` paths in unattended flows. Codex-native `.codex/outputs/**` artifacts continue to use managed file-write APIs that create parents.
+
 Template:
 ```
-# Professor Triage Report — YYYY-MM-DD
+# Professor Triage 리포트 — YYYY-MM-DD
 
-## Analysis Target
-| # | Title | Labels | Created |
-|---|-------|--------|---------|
+## 분석 대상
+| # | 제목 | 라벨 | 생성일 |
+|---|------|------|--------|
 
-## Per-Issue Analysis
+## 이슈별 분석
 ### #NNN — title
-- **Affected files**: N analyzed — N✅ N⚠️ N❌
-- **Architecture impact**: ...
-- **Implementation path**: ...
-- **Risk/Priority**: P1/P2/P3
-- **Size**: XS/S/M/L/XL
-- **Already resolved?**: Yes/No/Partial — evidence
-- **Recommended action**: ...
-
-## Cross-Analysis
-### Common Patterns
-### Duplicate/Merge Candidates
-### Conflicting Findings Resolution
-### Priority Matrix
-
-## Multi-Perspective Summary
-### Architect Highlights
-### Colleague Highlights
-### Professor Synthesis Key Points
-
-## Executed Actions
-| Issue | Action | Status |
-
-## Pending Actions (Confirmation Required)
+- **영향 파일**: N개 분석 — N✅ N⚠️ N❌
+- **아키텍처 영향**: ...
+- **구현 경로**: ...
+- **리스크/우선순위**: P1/P2/P3
+- **규모**: XS/S/M/L/XL
+- **이미 해결됨?**: Yes/No/Partial — 근거
+- **권장 조치**: ...
+
+## 교차 분석
+### 공통 패턴
+### 중복/병합 후보
+### 상충 발견사항 해결
+### 우선순위 매트릭스
+
+## 다관점 요약
+### Architect 주요 사항
+### Colleague 주요 사항
+### Professor Synthesis 핵심 포인트
+
+## 실행된 조치
+| 이슈 | 조치 | 상태 |
+
+## 보류 중인 조치 (확인 필요)
 ```
 
 ### Phase 4F: Comment Verification Gate

package/templates/.claude/skills/qa-lead-routing/SKILL.md

@@ -92,6 +92,10 @@ Delegate to mgr-creator with context:
 - Specialized QA methodologies (e.g., "뮤테이션 테스트 전략 만들어줘")
 - Performance/security testing tools not covered by existing agents
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 This skill is NOT user-invocable. It should be automatically triggered when the main conversation detects QA intent.

package/templates/.claude/skills/research/SKILL.md

@@ -214,6 +214,7 @@ Convergence expected by round 3. Hard stop at round 30.
    ---
    ```
    The agent writes the artifact file using a file-write API that creates missing parent directories; do not run any Bash directory-creation pre-step for session outputs (R010 compliance).
+   Sensitive-path artifact protocol (mandatory): if a delegated research agent must inspect or create Claude compatibility artifacts under `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**`, the delegated prompt must require `/tmp/research-{timestamp}.md` as the first artifact body target and must forbid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
 3. GitHub issue auto-created with findings
 4. Action items with effort estimates
 

package/templates/.claude/skills/roundtable-debate/SKILL.md

@@ -20,6 +20,10 @@ Run a bounded debate when convergence would hide useful disagreement. Unlike `ag
 - Review work where anchoring or groupthink is likely.
 - Decisions where a minority risk could be more important than the majority preference.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Workflow
 
 1. **Independent-first analysis**: spawn 3-5 reviewers in parallel. Do not share intermediate opinions before each reviewer submits an initial view.

package/templates/.claude/skills/scout/SKILL.md

@@ -11,6 +11,10 @@ argument-hint: "<url>"
 
 Analyze an external URL (tech blog, tool, library, methodology) to evaluate its fit with the oh-my-customcodex project and auto-create a GitHub issue with a structured verdict.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```
@@ -58,13 +62,13 @@ Before execution, show the plan:
 
 ```
 [Scout] {url}
-├── Phase 1: Fetch & Summarize
-├── Phase 2: Load Project Philosophy
-├── Phase 3: Fit Analysis (sonnet)
-└── Phase 4: Issue Creation
+├── Phase 1: 콘텐츠 수집 및 요약
+├── Phase 2: 프로젝트 철학 로드
+├── Phase 3: 적합성 분석 (sonnet)
+└── Phase 4: 이슈 생성
 
-Estimated: ~1 min | Cost: ~$0.5-1.5
-Execute? [Y/n]
+예상: ~1분 | 비용: ~$0.5-1.5
+실행하시겠습니까? [Y/n]
 ```
 
 ## Workflow
@@ -135,6 +139,7 @@ Return a structured verdict:
 - philosophy_table: criterion/fit/rationale for each dimension
 - recommendation: specific integration plan or skip reason
 - next_steps: 2-3 actionable items
+- IMPORTANT: Write all analysis output in Korean. Technical terms, code references, label names, and skill/agent names stay in English.
 - escalation: true/false (INTERNALIZE + M/L effort = true)
 ```
 
@@ -165,32 +170,32 @@ gh issue close {number} -c "Auto-closed: scout verdict is SKIP"
 ### Issue Body Template
 
 ```markdown
-## Scout Report: {title}
+## Scout 리포트: {title}
 
-**Source**: {url}
-**Verdict**: {INTERNALIZE / INTEGRATE / SKIP}
-**Priority**: {P1 / P2 / P3}
+**출처**: {url}
+**판정**: {INTERNALIZE / INTEGRATE / SKIP}
+**우선순위**: {P1 / P2 / P3}
 
-## Summary
-{2-3 sentence summary of the external content}
+## 요약
+{외부 콘텐츠에 대한 2-3문장 요약}
 
-## Philosophy Alignment
-| Criterion | Fit | Rationale |
-|-----------|-----|-----------|
-| Compilation metaphor | {check/cross} | {explanation} |
-| Separation of concerns (R006) | {check/cross} | {explanation} |
-| Dynamic agent creation | {check/cross} | {explanation} |
-| Existing skill overlap | {check/cross} | {overlapping skills list} |
+## 프로젝트 철학 정합성
+| 기준 | 적합 | 근거 |
+|------|------|------|
+| Compilation metaphor | {check/cross} | {설명} |
+| Separation of concerns (R006) | {check/cross} | {설명} |
+| Dynamic agent creation | {check/cross} | {설명} |
+| 기존 스킬 중복 | {check/cross} | {중복 스킬 목록} |
 
-## Recommendation
-{Specific integration plan — which skill/agent/guide to create, or why to skip}
+## 권장 사항
+{구체적 통합 계획 — 어떤 skill/agent/guide를 생성할지, 또는 건너뛰는 이유}
 
-## Next Steps
-- [ ] {follow-up action 1}
-- [ ] {follow-up action 2}
+## 다음 단계
+- [ ] {후속 조치 1}
+- [ ] {후속 조치 2}
 
 ---
-Generated by `/scout`
+`/scout`에 의해 생성됨
 ```
 
 ## Escalation
@@ -198,18 +203,18 @@ Generated by `/scout`
 When verdict is `INTERNALIZE` and integration effort is M or L:
 
 ```
-[Advisory] Deep analysis recommended.
-└── Consider running: /research {url}
+[Advisory] 심층 분석 권장.
+└── 실행 검토: /research {url}
 ```
 
 ## Result Display
 
 ```
-[Scout Complete] {title}
-├── Verdict: {INTERNALIZE / INTEGRATE / SKIP}
-├── Priority: {P1 / P2 / P3}
-├── Issue: #{number}
-└── Escalation: {/research recommended | none}
+[Scout 완료] {title}
+├── 판정: {INTERNALIZE / INTEGRATE / SKIP}
+├── 우선순위: {P1 / P2 / P3}
+├── 이슈: #{number}
+└── 에스컬레이션: {/research 권장 | 없음}
 ```
 
 ## Model Selection

package/templates/.claude/skills/secretary-routing/SKILL.md

@@ -16,7 +16,7 @@ Routes agent management tasks to the appropriate manager agent. This skill conta
 
 | Agent | Purpose | Triggers |
 |-------|---------|----------|
-| mgr-creator | Create new agents | "create agent", "new agent" |
+| mgr-creator | Create new agents, skills, guides | "create agent", "new agent", "create skill", "new skill", "create guide", "new guide" |
 | mgr-updater | Update external agents | "update agent", "sync" |
 | mgr-supplier | Validate dependencies | "audit", "check deps" |
 | mgr-gitnerd | Git operations | "commit", "push", "pr" |
@@ -45,6 +45,8 @@ Before routing via Task tool, evaluate Agent Teams eligibility first:
 User Input → Routing → Manager Agent
 
 create   → mgr-creator
+create skill → mgr-creator
+create guide → mgr-creator
 update   → mgr-updater
 audit    → mgr-supplier
 git      → mgr-gitnerd
@@ -130,6 +132,10 @@ Evaluate: Is this a specialized management/tooling task?
 - New monitoring tool setup (e.g., "Grafana 대시보드 관리")
 - Unfamiliar package manager operations
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 This skill is NOT user-invocable. It is automatically triggered when the main conversation detects agent management intent.

package/templates/.claude/skills/task-decomposition/SKILL.md

@@ -10,6 +10,10 @@ user-invocable: false
 
 Analyzes task complexity and decomposes large tasks into smaller, parallelizable subtasks compatible with the DAG orchestration skill. The orchestrator uses this as a planning frontend before execution.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Trigger Conditions
 
 Decomposition is **recommended** when any of these thresholds are met:
@@ -48,6 +52,12 @@ Before decomposing, select the appropriate workflow pattern:
    ├── Map subtasks to agents (use routing skills)
    └── Generate DAG workflow spec
 
+2.5. Validate granularity against pipeline-guards limits:
+     ├── For each subtask, estimate file count
+     ├── If files > 10 → emit advisory: [Guard] ⚠ Subtask "{id}" assigned {n} files (> 10) — splitting by layer
+     ├── If files > 15 → emit hard warning: [Guard] 🛑 Subtask "{id}" assigned {n} files (> 15) — must split
+     └── Auto-split oversized subtasks by layer/domain until all ≤ 10
+
 3. Present plan to user (R015 transparency)
    ├── Show decomposed subtasks with agents
    ├── Show dependency graph
@@ -172,10 +182,43 @@ A subtask is **atomic** when it meets ALL of:
 - Single concern (one logical change)
 - Independently testable outcome
 - < 15 minutes estimated duration
-- < 3 files affected
+- < 3 files affected (ideal atomic size)
+- MUST NOT exceed 10 files (pipeline-guards advisory threshold)
+- If > 10 files unavoidable → emit [Guard] warning and split by layer/domain
+- > 15 files is a hard violation — always split further (pipeline-guards hard cap)
 
 If a subtask is not atomic → decompose further (max 2 levels deep).
 
+## Granularity Validation
+
+After decomposition, validate each subtask against pipeline-guards file limits:
+
+| Subtask Files | Action |
+|---------------|--------|
+| ≤ 3 | Ideal atomic size — no action |
+| 4-10 | Acceptable — proceed without warning |
+| 11-15 | Advisory warning, attempt further split |
+| > 15 | Hard warning, MUST split before execution |
+
+### Validation Process
+
+For each decomposed subtask:
+1. Count estimated files
+2. If > 10:
+   a. Emit: `[Guard] ⚠ Subtask "{id}" assigned {n} files (> 10) — splitting by layer`
+   b. Attempt split by: layer (domain → adapter → handler) or domain separation
+   c. Re-validate split results
+3. If > 15 after split attempt:
+   a. Emit: `[Guard] 🛑 Subtask "{id}" still has {n} files (> 15) — requires user override`
+   b. Pause for user confirmation before proceeding
+
+### Generated DAG Adjustment
+
+When granularity validation triggers a split, update the DAG spec:
+- Original node is replaced by 2+ child nodes
+- Dependencies are preserved (children inherit parent's deps)
+- `max_parallel` in config respects R009 limits (soft: 4, hard: 5)
+
 ## Skip Decomposition When
 
 | Condition | Reason |
@@ -195,3 +238,4 @@ If a subtask is not atomic → decompose further (max 2 levels deep).
 | R010 | Decomposition happens in orchestrator only |
 | R015 | Plan displayed before execution for user approval |
 | R018 | 3+ agents in plan → check Agent Teams eligibility |
+| pipeline-guards | Validates subtask file count against 10/15 granularity limits |

package/templates/.claude/skills/worker-reviewer-pipeline/SKILL.md

@@ -12,6 +12,10 @@ Defines an iterative Worker→Reviewer pipeline where one agent implements chang
 
 **Orchestrator-only** — only the main conversation activates this pipeline (R010). Worker and Reviewer are subagents.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## When to Activate
 
 | Condition | Activate? |

package/templates/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.4.3",
+  "version": "0.4.5",
   "lastUpdated": "2026-04-27T02:00:00.000Z",
   "components": [
     {

package/templates/workflows/auto-dev.yaml

@@ -36,6 +36,7 @@ steps:
       - Codex-managed `.codex/` edits use the normal edit/patch flow.
       - Do not adopt upstream Claude-only `/tmp` bypass guidance as the default path.
       - If a port requires `.claude` template parity changes, make the change explicit and verify sensitive-path guard tests.
+      - Sensitive-path artifact protocol (mandatory): delegated prompts that touch `.claude/**`, `templates/.claude/**`, `.claude/outputs/**`, or read-only measurements of those paths must instruct the subagent to produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and avoid direct Read/Bash/Write/Edit targets under `.claude/**` in unattended flows.
     description: Execute implementation plan with appropriate agents
     foreach: planned-issue