oh-my-customcodex 0.4.4 → 0.4.6

package/dist/cli/index.js

@@ -3091,7 +3091,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.4.4",
+    version: "0.4.6",
     description: "Batteries-included agent harness on top of GPT Codex + OMX",
     type: "module",
     bin: {

package/dist/index.js

@@ -2180,7 +2180,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.4.4",
+  version: "0.4.6",
   description: "Batteries-included agent harness on top of GPT Codex + OMX",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.4.4",
+  "version": "0.4.6",
   "description": "Batteries-included agent harness on top of GPT Codex + OMX",
   "type": "module",
   "bin": {

package/templates/.claude/rules/MUST-agent-design.md

@@ -29,6 +29,9 @@ Extended context suffix: `[1m]` (e.g., `claude-opus-4-6[1m]`) — enables 1M tok
 
 ### Optional Frontmatter
 
+Key optional fields: `memory`, `effort`, `skills`, `soul`, `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations`, `domain`, `disableSkillShellExecution`. Supported since CC v2.1.63+. See full optional frontmatter via Read tool.
+
+<!-- DETAIL: Optional Frontmatter (full yaml block)
 ```yaml
 memory: project            # user | project | local
 effort: high               # low | medium | high | xhigh | default | max
@@ -64,8 +67,7 @@ disableSkillShellExecution: true  # Disable inline shell execution in skills (v2
 ```
 
 > **Note**: When `disableSkillShellExecution` is enabled (v2.1.91+), skills that rely on inline shell execution (e.g., `codex-exec`, `gemini-exec`, `rtk-exec`) will have their shell blocks disabled. This is a security hardening option.
-
-> **Note**: Optional frontmatter fields supported since CC v2.1.63+. Version-specific features listed in HTML comment below — access via Read tool.
+-->
 
 <!-- DETAIL: CC Version Compatibility History
 `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations` are supported in Claude Code v2.1.63+. Hook types `PostCompact`, `Elicitation`, `ElicitationResult` require v2.1.76+. `CwdChanged`, `FileChanged` hook events and `managed-settings.d/` drop-in directory require v2.1.83+. Conditional `if` field for hooks requires v2.1.85+. `PermissionDenied` hook event requires v2.1.88+. `refreshInterval` setting for status line auto-refresh interval added in v2.1.97+. Monitor tool and subprocess sandboxing (`CLAUDE_CODE_SUBPROCESS_ENV_SCRUB`, `CLAUDE_CODE_SCRIPT_CAPS`) added in v2.1.98+. Settings resilience (unrecognized hook event names no longer cause settings.json to be ignored) improved in v2.1.101+. PreCompact hook block support (exit 2 / `{"decision":"block"}`) added in v2.1.105+. Skill description listing cap raised from 250 to 1,536 characters in v2.1.105+. Plugin `monitors` manifest key for background monitors added in v2.1.105+. `ENABLE_PROMPT_CACHING_1H` and `FORCE_PROMPT_CACHING_5M` env vars for prompt cache TTL control added in v2.1.108+. Skill tool can now discover and invoke built-in slash commands (`/init`, `/review`, `/security-review`) in v2.1.108+. `/recap` session context feature and `/undo` alias for `/rewind` added in v2.1.108+. `/tui` command and `tui` setting for fullscreen rendering added in v2.1.110+. PushNotification tool for mobile push notifications (Remote Control + config required) added in v2.1.110+. `autoScrollEnabled` config for fullscreen mode added in v2.1.110+. SDK/headless `TRACEPARENT`/`TRACESTATE` distributed trace linking added in v2.1.110+. Bash tool maximum timeout enforcement added in v2.1.110+. Write tool IDE diff feedback (informs model when user edits proposed content) added in v2.1.110+. `--resume`/`--continue` now resurrects unexpired scheduled tasks in v2.1.110+. `/focus` command (separated from Ctrl+O) added in v2.1.110+. `xhigh` effort level for Opus 4.7 (between `high` and `max`; other models fall back to `high`) added in v2.1.111+. `/effort` interactive slider with arrow-key navigation (when called without arguments) added in v2.1.111+. Auto mode no longer requires `--enable-auto-mode` in v2.1.111+. PowerShell tool progressive rollout (`CLAUDE_CODE_USE_POWERSHELL_TOOL` env var) added in v2.1.111+. Read-only bash commands with glob patterns (`ls *.ts`) and `cd <project-dir> &&` prefix no longer trigger permission prompt in v2.1.111+. `/less-permission-prompts` built-in skill for permission allowlist scanning added in v2.1.111+. `/ultrareview` parallel multi-agent cloud code review added in v2.1.111+. `/skills` menu sorting by estimated token count (press `t`) added in v2.1.111+. `OTEL_LOG_RAW_API_BODIES` env var for full API request/response body logging added in v2.1.111+. Plan files named after prompt content (not random words) in v2.1.111+. Plugin error handling improvements (dependency conflict errors, stale version recovery, install recovery) in v2.1.111+.
@@ -155,11 +157,7 @@ hooks:
 
 ## Permission Mode Guidance
 
-When spawning agents via the Agent tool, CC applies a default `mode` of `acceptEdits` if not explicitly specified. To maintain consistent permission behavior:
-
-1. **Agent frontmatter `permissionMode`**: Declares the agent's intended permission level. CC respects this when the agent is spawned via Agent tool.
-2. **Agent tool `mode` parameter**: Overrides frontmatter at spawn time. Routing skills should pass this explicitly.
-3. **Recommendation**: For agents that modify files, set `permissionMode: bypassPermissions` in frontmatter if the project uses `bypassPermissions` mode.
+CC defaults `mode` to `acceptEdits` if not specified — always pass `mode: "bypassPermissions"` explicitly in Agent tool calls when the session uses bypass permissions. See guidance details via Read tool.
 
 | Mode | Behavior |
 |------|----------|
@@ -170,6 +168,14 @@ When spawning agents via the Agent tool, CC applies a default `mode` of `acceptE
 | `dontAsk` | Non-interactive, deny unapproved |
 | `auto` | AI decides safety |
 
+<!-- DETAIL: Permission Mode Guidance (reasoning)
+When spawning agents via the Agent tool, CC applies a default `mode` of `acceptEdits` if not explicitly specified. To maintain consistent permission behavior:
+
+1. **Agent frontmatter `permissionMode`**: Declares the agent's intended permission level. CC respects this when the agent is spawned via Agent tool.
+2. **Agent tool `mode` parameter**: Overrides frontmatter at spawn time. Routing skills should pass this explicitly.
+3. **Recommendation**: For agents that modify files, set `permissionMode: bypassPermissions` in frontmatter if the project uses `bypassPermissions` mode.
+-->
+
 <!-- DETAIL: Isolation/Token/Limitations/Escalation details
 ### Isolation Modes
 
@@ -241,6 +247,9 @@ Claude Code treats `.claude/` and `templates/.claude/` as sensitive directories
 
 This Codex port uses `.codex/` as the active runtime surface, but packaged compatibility templates still live under `templates/.claude/`. Any automation that writes those templates must account for Claude Code permission prompts.
 
+**Key rule**: `.claude/` and `templates/.claude/` Bash/Write/Edit targets can trigger sensitive-path prompts regardless of allow rules. In unattended flows, delegated agents must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and avoid direct `.claude/**` tool targets.
+
+<!-- DETAIL: Sensitive Path Behavior table and Recommended practice
 | Path pattern | Sensitive in Claude Code? | Affected operations |
 |--------------|---------------------------|---------------------|
 | `.claude/**` | Yes | Bash writes, Write, Edit |
@@ -255,6 +264,13 @@ Recommended practice:
 3. Do not run unattended Claude Code release automation that writes `templates/.claude/**` unless the workflow can handle interactive approval.
 4. In this Codex port, update `.codex/...` source files and their `templates/.claude/...` mirrors deliberately instead of bulk-copying with shell commands.
 5. For unattended Claude compatibility-template writes, use a reviewed temporary script wrapper and verify the resulting diff; direct Bash/Write/Edit targets under `templates/.claude/**` can all trigger the sensitive-path guard.
+-->
+
+Delegation prompt requirement:
+
+Any prompt that delegates work involving `.claude/**`, `templates/.claude/**`, `.claude/outputs/**`, or read-only measurement of those paths MUST include this block verbatim:
+
+> Sensitive-path artifact protocol (mandatory): do not ask a subagent to call Read, Bash, Write, or Edit directly on `.claude/**` or `templates/.claude/**` paths. If Claude compatibility artifacts are required, have the subagent produce the artifact body in `/tmp/{skill}-{timestamp}.md`, then use a reviewed temporary script wrapper or managed file-write API for the final checked-in path. Do not use direct Write/Edit/Bash targets under `.claude/**` in unattended flows.
 
 ## Separation of Concerns
 
@@ -276,6 +292,9 @@ Fast Mode uses the same model with faster output. Activated via `/fast` toggle o
 | Output speed | Standard | ~2.5x faster |
 | Reasoning depth | Full | Reduced |
 
+See activation, effort interaction, and default effort change details via Read tool.
+
+<!-- DETAIL: Fast Mode Activation, Effort Interaction, Default Effort Change
 ### Activation
 
 - `/fast` — toggle in current session
@@ -291,6 +310,7 @@ When Fast Mode is active, it reduces effective reasoning depth but does NOT over
 Starting with Claude Code v2.1.94, the default effort level changed from `medium` to `high` for API-key, Bedrock/Vertex/Foundry, Team, and Enterprise users. Console (free-tier) users retain `medium` as the default.
 
 This means agents WITHOUT an explicit `effort` field now run at `high` effort by default on paid tiers. To maintain previous behavior, set `effort: medium` explicitly in agent frontmatter.
+-->
 
 ## Skill Frontmatter
 
@@ -305,6 +325,9 @@ description: Brief desc    # One-line summary
 
 ### Optional Fields
 
+Key optional fields: `scope`, `context`, `version`, `effort`, `model`, `agent`, `hooks`, `paths`, `shell`, `allowed-tools`, `keep-coding-instructions`. Skill `effort` takes precedence over agent `effort` when both specified. See full optional fields via Read tool.
+
+<!-- DETAIL: Skill Optional Fields (full yaml block)
 ```yaml
 scope: core                # core | harness | package (default: core)
 context: fork              # Forked context for isolated execution
@@ -326,6 +349,7 @@ keep-coding-instructions: true     # Preserve coding instructions in plugin outp
 ```
 
 When both an agent and its invoked skill specify `effort`, the skill's value takes precedence (more specific invocation-time setting).
+-->
 
 <!-- DETAIL: Skill Effectiveness Tracking
 Skills can optionally track effectiveness metrics via auto-populated fields:

package/templates/.claude/rules/MUST-agent-teams.md

@@ -271,10 +271,14 @@ When spawning agents that may be blocked:
 
 ## Lifecycle
 
+`TeamCreate → TaskCreate → Agent(spawn members) → SendMessage → TaskUpdate → ... → TeamDelete`. See full lifecycle via Read tool.
+
+<!-- DETAIL: Lifecycle diagram
 ```
 TeamCreate → TaskCreate → Agent(spawn members) → SendMessage(coordinate)
   → TaskUpdate(progress) → ... → shutdown members → TeamDelete
 ```
+-->
 
 ## Fallback
 

package/templates/.claude/rules/MUST-parallel-execution.md

@@ -96,6 +96,9 @@ In that shape, read/search lanes may fan out in parallel, while the push lane re
 
 Runtime detection and splitting of stalled parallel agents. Complements pre-execution parallelization.
 
+See detection signals, splitting rules, and example via Read tool.
+
+<!-- DETAIL: Adaptive Parallel Splitting — Detection, Splitting Rules, Example
 ### Detection
 
 | Signal | Threshold | Action |
@@ -124,9 +127,13 @@ After (adaptive split):
   P4 ████████████████████████████████  (spawned immediately)
   P5 ████████████████████████████████  (spawned immediately)
 ```
+-->
 
 ## Stability Testing Protocol
 
+Soft default: 4 concurrent agents; hard cap: 5. Reduce to 4 if latency >2x, failure rate >10%, or context errors. See full protocol via Read tool.
+
+<!-- DETAIL: Stability Testing Protocol
 When testing 5 concurrent agents (above the soft default of 4):
 
 | Observation | Threshold | Action |
@@ -136,6 +143,7 @@ When testing 5 concurrent agents (above the soft default of 4):
 | Context errors | Any | Reduce to 4 |
 
 5-agent concurrency is supported but should be monitored during initial adoption. Fall back to 4 if instability is observed.
+-->
 
 ## Agent Tool Requirements
 
@@ -157,6 +165,9 @@ Single agent spawns do NOT use the `[N]` prefix.
 
 ## Narrative Announcement Format (Before Spawn)
 
+Use markdown list format, not inline comma-separated text, for parallel dispatch announcements. See correct/incorrect examples via Read tool.
+
+<!-- DETAIL: Narrative Announcement Format (Before Spawn)
 When announcing a parallel dispatch in prose text (not the Agent tool call itself), use a markdown list rather than inline comma-separated description:
 
 ### Correct
@@ -174,6 +185,7 @@ When announcing a parallel dispatch in prose text (not the Agent tool call itsel
 ```
 
 The list form mirrors the tool-call `[N]` prefix pattern and scales better to 3+ concurrent agents.
+-->
 
 ## Result Aggregation
 

package/templates/.claude/rules/SHOULD-memory-integration.md

@@ -288,6 +288,9 @@ Save memory IMMEDIATELY upon surprising discovery — do not defer to session en
 | Subagent false-positive detected | Save `feedback_*.md` now | Prevent repeat in same session |
 | User correction / feedback | Save `feedback_*.md` now | Honor correction immediately |
 
+See rationale and cross-references via Read tool.
+
+<!-- DETAIL: Why Immediate? and Cross-reference
 ### Why Immediate?
 
 Session-end saves lose context: by the time the session ends, multiple discoveries have compounded and nuance is lost. Immediate saves preserve the exact trigger context that makes the memory actionable.
@@ -300,6 +303,7 @@ Related records from session v0.87.2~v0.88.0 (issue #869):
 - `feedback_subagent_pre_existing_claims.md`
 - `feedback_github_workflows_inventory.md`
 - `feedback_bun_mock_module.md`
+-->
 
 ## Session-End Auto-Save
 
@@ -307,6 +311,9 @@ Related records from session v0.87.2~v0.88.0 (issue #869):
 
 Session-end detected when user says: "끝", "종료", "마무리", "done", "wrap up", "end session", or explicitly requests session save.
 
+See flow diagram, responsibility split, and dual-system save table via Read tool.
+
+<!-- DETAIL: Session-End Flow, Responsibility Split, Dual-System Save
 ### Flow
 
 ```
@@ -340,9 +347,13 @@ MCP tools (claude-mem, episodic-memory) are **orchestrator-scoped** and not inhe
 | Native auto-memory | sys-memory-keeper | Write | Update MEMORY.md with session learnings | Yes |
 | claude-mem | Orchestrator | `mcp__plugin_claude-mem_mcp-search__save_memory` | Save session summary with project, tasks, decisions | No (best-effort) |
 | episodic-memory | Automatic | (auto-indexed) | No action needed — conversations are indexed automatically after session ends | N/A |
+-->
 
 ### Session-End Self-Check (MANDATORY)
 
+(1) sys-memory-keeper updated MEMORY.md? (2) claude-mem save attempted? Both are required before confirming session-end to the user. See full self-check via Read tool.
+
+<!-- DETAIL: Session-End Self-Check (MANDATORY)
 ```
 ╔══════════════════════════════════════════════════════════════════╗
 ║  BEFORE CONFIRMING SESSION-END TO USER:                          ║
@@ -363,6 +374,7 @@ MCP tools (claude-mem, episodic-memory) are **orchestrator-scoped** and not inhe
 ║  is NOT.                                                          ║
 ╚══════════════════════════════════════════════════════════════════╝
 ```
+-->
 
 ### Failure Policy
 

package/templates/.claude/skills/agora/SKILL.md

@@ -23,6 +23,10 @@ source:
 - `gemini-exec` skill (Gemini 호출)
 - Agent Teams enabled (`OMCODEX_AGENT_TEAMS=1`) or Agent tool available
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/dag-orchestration/SKILL.md

@@ -57,7 +57,7 @@ nodes:
     depends_on: [test, review, docs]
 
 config:
-  max_parallel: 4          # R009 limit
+  max_parallel: 4          # R009 soft default (hard cap: 5)
   failure_strategy: stop   # stop | skip | retry
   retry_count: 2           # Max retries per node (if strategy=retry)
   timeout_per_node: 300    # Seconds per node (0 = no limit)
@@ -76,19 +76,28 @@ config:
    c. On completion:
       - Success → decrement in-degree of dependents
       - Failure → apply failure_strategy
-   d. Enqueue newly-ready nodes (in-degree = 0)
+   d. Stall check:
+      - If running node duration > 2x average completed duration
+      - AND pending nodes exist with in-degree = 0 (ignoring stalled node's edges)
+      - THEN enqueue those independent nodes immediately (adaptive split)
+   e. Enqueue newly-ready nodes (in-degree = 0)
 6. Verify all nodes executed (detect unreachable nodes)
 ```
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Execution Rules
 
 | Rule | Detail |
 |------|--------|
-| Max parallel | 4 concurrent nodes (R009) |
+| Max parallel | 5 concurrent nodes max, 4 default (R009) |
 | Agent Teams gate | 3+ parallel nodes → check R018 eligibility |
 | Orchestrator only | DAG scheduling runs in main conversation (R010) |
 | Node execution | Each node = one Task tool call to specified agent |
 | State tracking | `/tmp/.codex-dag-$PPID.json` |
+| Stall detection | Running node > 2x avg completed duration → enqueue independent pending nodes early |
 
 ## Failure Strategies
 
@@ -219,3 +228,22 @@ See `.codex/agents/tracker-checkpoint.md` for the agent contract.
 - Max 20 nodes per workflow (complexity guard)
 - Nested DAGs not supported (flatten instead)
 - Cross-workflow dependencies not supported
+
+## External References
+
+### Multica — Managed Agent Platform
+
+> Reference: [Multica](https://github.com/multica-ai/multica) — managed agent platform for Claude Code/Codex.
+> Verdict: INTEGRATE (external reference, not internalize)
+
+Multica's task lifecycle pattern (enqueue → claim → start → complete/fail) is a useful reference for DAG node state management:
+
+| Multica State | DAG Equivalent | Notes |
+|---------------|---------------|-------|
+| enqueue | pending | Node waiting for dependencies |
+| claim | ready | Dependencies resolved, ready to execute |
+| start | running | Agent spawned and executing |
+| complete | completed | Node finished successfully |
+| fail | failed | Node execution failed |
+
+Consider this pattern when extending DAG node state tracking or implementing retry logic.

package/templates/.claude/skills/de-lead-routing/SKILL.md

@@ -219,6 +219,10 @@ Delegate to mgr-creator with context:
 - Unfamiliar data formats or connectors
 - Data tool detected in project but no specialist agent
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 This skill is NOT user-invocable. It should be automatically triggered when the main conversation detects data engineering intent.

package/templates/.claude/skills/deep-plan/SKILL.md

@@ -82,22 +82,39 @@ Phase 2: Reality-Check Planning
    - Each ADOPT item: Does it already exist? Partially implemented?
    - Each ADAPT item: What is the current state to adapt from?
    - Each AVOID item: Are the alternatives already available?
-3. **Gap Analysis**: Build a reconciliation table:
+3. **Deliverable Dependency Verification**: After exploration, verify inter-deliverable dependencies:
+   - For each deliverable pair, check: do they share files, functions, or modules?
+   - Classify each pair: `independent` (parallel-safe), `sequential` (order required), `shared-state` (synchronization needed)
+   - **Default bias**: Assume `independent` unless exploration finds concrete shared state
+   - Build dependency matrix:
 
    ```
-   | Research Finding | Actual Code State | Gap Type | Action |
-   |-----------------|-------------------|----------|--------|
-   | "No caching"    | Redis client exists | Overestimate | Remove from plan |
-   | "Need auth middleware" | No auth layer | Real gap | Keep in plan |
-   | "Migrate to v3" | Already on v3.1 | Overestimate | Remove from plan |
-   | "Add rate limiting" | Basic limiter exists | Partial gap | Adapt existing |
+   | Deliverable A | Deliverable B | Classification | Evidence |
+   |---------------|---------------|----------------|----------|
+   | D1: Auth      | D2: API       | independent    | No shared files |
+   | D1: Auth      | D3: Tests     | sequential     | D3 tests D1 output |
    ```
 
-4. **Refined Plan**: Write implementation plan containing ONLY real gaps:
+   - **Orchestrator override**: The dependency classification is advisory. The orchestrator or user can reclassify pairs when the automated analysis is overly conservative.
+
+4. **Gap Analysis**: Build a reconciliation table:
+
+   ```
+   | Research Finding | Actual Code State | Gap Type | Action | Dependencies |
+   |-----------------|-------------------|----------|--------|-------------|
+   | "No caching"    | Redis client exists | Overestimate | Remove from plan | — |
+   | "Need auth middleware" | No auth layer | Real gap | Keep in plan | D3 (sequential) |
+   | "Migrate to v3" | Already on v3.1 | Overestimate | Remove from plan | — |
+   | "Add rate limiting" | Basic limiter exists | Partial gap | Adapt existing | independent |
+   ```
+
+5. **Refined Plan**: Write implementation plan containing ONLY real gaps:
    - Remove overestimates (already implemented)
    - Adjust partial gaps (adapt, don't rebuild)
    - Prioritize real gaps by impact
-5. **User Approval**: `ExitPlanMode` presents the refined plan for user review
+6. **User Approval**: `ExitPlanMode` presents the refined plan for user review
+   - Include dependency matrix in plan output
+   - Display override option: "Dependency classifications are advisory. Reply with reclassifications if needed."
 
 ### Phase 3: Plan Verification Research
 
@@ -332,6 +349,8 @@ Phase 3 verification report is persisted by the final synthesis agent:
 .codex/outputs/sessions/{YYYY-MM-DD}/deep-plan-{HHmmss}.md
 ```
 
+Sensitive-path artifact protocol (mandatory): if any research, planning, or verification delegate must touch `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**`, include the protocol directly in that delegate prompt. The delegate must write artifact bodies to `/tmp/deep-plan-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 With metadata header:
 ```markdown
 ---

package/templates/.claude/skills/deep-verify/SKILL.md

@@ -73,6 +73,7 @@ Each agent receives the full diff and returns findings as structured JSON:
 - Verify all changes align with project's compilation metaphor (Skills=source, Agents=artifacts, Rules=spec)
 - Check separation of concerns: no agents containing skill logic, no skills with agent definitions
 - Verify orchestrator rules: no new file writes from orchestrator context
+- Verify sensitive-path delegation: prompts that touch `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**` include the exact phrase `Sensitive-path artifact protocol (mandatory)`, require an explicit `/tmp/{skill}-{timestamp}.md` artifact body path, mention `Read, Bash, Write, or Edit` coverage, and do not rely on a single vague `/tmp` recommendation
 - Check advisory-first: no new hard-blocking hooks introduced
 - Confirm no feature regressions: existing APIs preserved, test coverage maintained
 - Performance sanity: no O(n^2) on large datasets, no missing indexes for new queries

package/templates/.claude/skills/dev-lead-routing/SKILL.md

@@ -8,6 +8,10 @@ context: fork
 
 # Dev Lead Routing
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Engineers
 
 | Type | Agents |
@@ -20,6 +24,7 @@ context: fork
 | Architect | arch-documenter, arch-speckit-agent |
 | Security | sec-codeql-expert |
 | Infra | infra-docker-expert, infra-aws-expert |
+| Slack | slack-cli-expert |
 
 ## File Extension Mapping
 
@@ -74,6 +79,7 @@ context: fork
 | security, codeql, cve, vulnerability, sarif, sast, security audit | sec-codeql-expert |
 | architecture, adr, openapi, swagger, diagram | arch-documenter |
 | spec, specification, tdd, requirements | arch-speckit-agent |
+| slack, slack-cli, slack app, slack deploy, slack trigger, slack datastore | slack-cli-expert |
 
 ## Model Selection
 

package/templates/.claude/skills/hada-scout/SKILL.md

@@ -1,92 +1,148 @@
 ---
 name: hada-scout
-description: hada.io RSS feed monitoring for AI agent/harness articles with automated /scout analysis
-scope: package
-version: 1.0.0
-user-invocable: false
+description: hada.io RSS feed monitoring with LLM pre-scout filtering for oh-my-customcodex relevance
+scope: core
+version: 2.0.0
+user-invocable: true
+argument-hint: "[--limit N] [--threshold N]"
 ---
 
 # hada-scout
 
-Automated pipeline that monitors hada.io (via feedburner RSS) for AI agent, harness, benchmark, and eval-related articles, then runs `/scout` analysis on each match.
+3-phase in-session pipeline that monitors hada.io (via feedburner RSS) for relevant articles,
+uses a haiku LLM batch to pre-score relevance, and dispatches full `/scout` analysis only on
+high-scoring candidates.
+
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
 
 ## Purpose
 
-Complement geeknews-scout with harness/eval-focused coverage from hada.io. While geeknews-scout casts a broad net over AI agent news, hada-scout narrows to benchmark/evaluation framework content — the domain most relevant to oh-my-customcodex's harness and agent-eval subsystems.
+Replace the v1.0 keyword-regex approach with context-aware LLM pre-scoring. Haiku evaluates
+all feed titles in a single batch call, reducing false positives from ~30-40% to ~5-10% and
+eliminating the external CronJob dependency for user-invoked runs.
+
+## Architecture: 3-Phase In-Session Pipeline
 
-## Architecture: 2-Layer Hybrid
+### Phase 1 — Fetch & Parse
 
-### Layer 1 — check-feed.sh (feed → issues)
+1. WebFetch the hada.io RSS feed (`https://feeds.feedburner.com/geeknews-feed`)
+2. Parse all items: title, URL, publication date
+3. Default: latest 50 items (configurable via `--limit` or `HADA_SCOUT_LIMIT`)
 
-1. Fetch hada.io feedburner RSS
-2. Filter entries by keyword regex (case-insensitive)
-3. Dedup against existing `hada-scout` issues
-4. Create GitHub issue per match with labels `hada-scout` + `pending-scout`
+### Phase 2 — Pre-Scout (haiku batch)
 
-### Layer 2 — scout-runner.sh (issues → /scout)
+1. Spawn 1 haiku agent with ALL item titles as a single batch input
+2. Agent evaluates each title against oh-my-customcodex's domain (see prompt template below)
+3. Returns relevance score (0–100) and a 1-line reason for each item
+4. Threshold: ≥ 60 passes to Phase 3 (configurable via `--threshold` or `HADA_SCOUT_THRESHOLD`)
+5. Cost: ~$0.01–0.05 for 50 items
 
-1. Find open issues with `pending-scout` label
-2. Extract source URL from issue body
-3. Run `claude -p "/scout {url}"` (max 5 executions per run)
-4. Parse verdict from /scout output
-5. Apply verdict label, remove `pending-scout`
+### Phase 3 — Scout Dispatch
 
-## Keyword Strategy
+1. Dedup: check existing `hada-scout` labeled issues via `gh issue list --label hada-scout`
+2. For each passing item (max 5 per run, configurable via `MAX_SCOUT_PER_RUN`):
+   - Run full `/scout` analysis via Skill tool invocation
+   - Scout creates GitHub issue with verdict label on `baekenough/oh-my-customcodex`
+   - Add `hada-scout` label to the created issue
+3. Dispatch up to 4 scouts in parallel per R009
 
-hada-scout uses harness/benchmark/eval focused keywords, distinct from geeknews-scout's broader AI agent coverage:
+## Pre-Scout Prompt Template
+
+The haiku agent receives the following system prompt:
 
 ```
-harness|benchmark|eval|evaluation framework|agent framework|코드 리뷰 자동화|하네스|벤치마크|평가
+You are a relevance filter for the oh-my-customcodex project — an AI agent harness/orchestration
+system built on GPT Codex + OMX with 44 agents, 74 skills.
+
+Project domains (HIGH relevance):
+- AI agent orchestration, multi-agent systems, agent design patterns
+- Harness, benchmark, evaluation frameworks for AI agents
+- GPT Codex, OMX, MCP protocol
+- Code review automation, development workflow automation
+- Agent sandbox, isolation, security patterns
+- LLM-assisted development tools and methodologies
+
+Project domains (MEDIUM relevance):
+- General AI/ML tooling that could be adapted for agent workflows
+- DevOps automation patterns applicable to agent infrastructure
+- New programming paradigms for AI-assisted development
+
+NOT relevant:
+- Pure frontend/UI frameworks without agent connection
+- Business/management topics
+- Hardware, networking, non-AI infrastructure
+- Social media, marketing tools
+
+For each item below, return: score (0-100) | reason (1 line)
+
+Items:
+{numbered_item_list}
 ```
 
-Geeknews-scout handles: `Claude|Anthropic|MCP|AI agent|에이전트|agentic|multi-agent|...`
+## Display Format
+
+```
+[hada-scout] Scanning hada.io feed...
+├── Phase 1: Fetched {n} items
+├── Phase 2: Pre-scout → {passed}/{total} items passed (threshold: {t}%)
+│   ├── ✓ {title1} (score: {s1}%)
+│   ├── ✓ {title2} (score: {s2}%)
+│   └── ✗ {title3} (score: {s3}%) — skipped
+├── Phase 3: Scout dispatch ({n} items, max 5)
+│   ├── [1] /scout {url1} → {verdict}
+│   └── [2] /scout {url2} → {verdict}
+└── [Done] {created}/{dispatched} issues created
+```
 
 ## Label Scheme
 
 | Label | Purpose |
 |-------|---------|
 | `hada-scout` | Source identification — all hada-scout created issues |
-| `pending-scout` | Awaiting /scout analysis (set by Layer 1, cleared by Layer 2) |
 | `scout:internalize` | /scout verdict: adopt into project |
 | `scout:integrate` | /scout verdict: use as external dependency |
 | `scout:skip` | /scout verdict: not relevant |
 
 ## Cost Controls
 
-- Layer 2 runs at most **5 /scout executions per cron invocation**
-- Each /scout call costs ~$0.5–1.5 (sonnet)
-- Remaining `pending-scout` issues are processed in the next scheduled run
-
-## Deployment
-
-- Pattern: same K8s CronJob structure as `infra/geeknews-scout/`
-- Host: `ubuntu-ext` cluster
-- Infrastructure files: `infra/hada-scout/`
-  - `check-feed.sh` — Layer 1 feed poller
-  - `scout-runner.sh` — Layer 2 /scout executor
-  - `Dockerfile`
-  - `cronjob.template.yaml`
-  - `deploy.sh`
-  - `.env.example`
+| Stage | Model | Estimated Cost |
+|-------|-------|----------------|
+| Pre-scout (Phase 2) | haiku | ~$0.01–0.05 per run (50 items) |
+| Full scout (Phase 3) | sonnet | ~$0.5–1.5 per item, max 5 per run |
+| Total max per invocation | — | ~$8 |
 
 ## Environment Variables
 
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `GH_TOKEN` | (required) | GitHub PAT for issue creation |
-| `REPO` | `baekenough/oh-my-customcodex` | Target repo |
-| `FEED_URL` | `http://feeds.feedburner.com/geeknews-feed` | hada.io RSS feed |
-| `KEYWORDS` | (see above) | Pipe-separated keyword regex |
-| `MAX_SCOUT_PER_RUN` | `5` | Max /scout executions per Layer 2 run |
+| `FEED_URL` | `https://feeds.feedburner.com/geeknews-feed` | RSS feed URL |
+| `HADA_SCOUT_THRESHOLD` | `60` | Pre-scout score threshold (0–100) |
+| `HADA_SCOUT_LIMIT` | `50` | Max feed items to fetch and score |
+| `MAX_SCOUT_PER_RUN` | `5` | Max /scout executions per invocation |
+| `GH_TOKEN` | (required) | GitHub PAT for issue creation and dedup |
 
 ## Integration
 
 | Rule | How |
 |------|-----|
-| R009 | Layer 1 and Layer 2 run as independent CronJobs |
-| R010 | Skill defines the architecture; implementation delegated to infra-docker-expert for K8s manifests |
-| scout skill | Layer 2 invokes `/scout` via `claude -p` subprocess |
-
-## Tracking Issue
+| R009 | Phase 3 scout dispatches run in parallel (up to 4 concurrent) |
+| R010 | Orchestrator manages phases; analysis delegated to haiku/sonnet agents |
+| R015 | Pre-scout scores and reasons displayed before dispatching full scouts |
+| scout skill | Phase 3 invokes `/scout` via Skill tool for each candidate URL |
+
+## Differences from v1.0
+
+| Aspect | v1.0 (keyword) | v2.0 (LLM pre-scout) |
+|--------|----------------|----------------------|
+| Filtering | Regex keyword match | LLM relevance scoring (haiku) |
+| Invocation | External CronJob only | User-invocable `/hada-scout` + CronJob |
+| Precision | Low (keyword false positives) | High (context-aware scoring) |
+| Cost per scan | $0 (regex) + $2.5–7.5 (/scout) | $0.05 (pre-scout) + $2.5–7.5 (/scout) |
+| False positive rate | ~30–40% | ~5–10% |
+| Scope | `package` | `core` |
+
+## Tracking
 
 GitHub Issue #841

package/templates/.claude/skills/harness-eval/SKILL.md

@@ -14,6 +14,10 @@ version: 1.0.0
 
 Evaluate agent quality using 15 structured software engineering task definitions with quantitative scoring. Based on research from [revfactory/claude-code-harness](https://github.com/revfactory/claude-code-harness) which demonstrated 60% improvement (49.5 → 79.3 points) through structured pre-configuration.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/omcodex-improve-report/SKILL.md

@@ -13,6 +13,10 @@ Display improvement suggestions from eval-core analysis engine as read-only repo
 
 Surface actionable improvement suggestions gathered by the eval-core analysis engine. Reads from eval-core's local database and renders insights as structured markdown. Useful for understanding routing quality, skill effectiveness, and agent usage patterns.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/omcodex-takeover/SKILL.md

@@ -14,6 +14,10 @@ Extract a canonical specification from an existing agent or skill file. Inspired
 
 When an agent or skill has evolved organically without a formal spec, `omcodex:takeover` reverse-engineers a structured specification that captures its intent, invariants, workflow contract, and I/O contract.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```

package/templates/.claude/skills/optimize-analyze/SKILL.md

@@ -22,6 +22,10 @@ target           Build output path or project root (optional, auto-detects)
 --verbose, -v    Show detailed analysis
 ```
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Workflow
 
 ```

package/templates/.claude/skills/optimize-report/SKILL.md

@@ -18,6 +18,10 @@ Generate comprehensive optimization report with analysis, metrics, and recommend
                  Default: text
 ```
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Workflow
 
 ```

package/templates/.claude/skills/professor-triage/SKILL.md

@@ -2,7 +2,7 @@
 name: professor-triage
 description: Analyze GitHub issues against current codebase and perform automated triage with priority assessment
 scope: harness
-version: 2.1.0
+version: 2.2.0
 user-invocable: true
 effort: high
 context: fork
@@ -126,27 +126,27 @@ For each analyzed issue, generate multi-perspective analysis comments and artifa
 ```
 ## 🏛️ Senior Architect Analysis
 
-### Architecture Impact
-| Component | Impact | Risk |
-|-----------|--------|------|
-| {component} | {description} | {High/Medium/Low} |
+### 아키텍처 영향
+| 컴포넌트 | 영향 | 위험도 |
+|----------|------|--------|
+| {컴포넌트} | {설명} | {High/Medium/Low} |
 
-### Code-Level Analysis
-{Specific file:line references from Phase 2 codebase analysis}
+### 코드 수준 분석
+{Phase 2 코드베이스 분석의 구체적 file:line 참조}
 
-### Strategic Assessment
-- **Feasibility**: {assessment with evidence}
-- **Priority recommendation**: {P1/P2/P3 with rationale}
+### 전략적 평가
+- **실현 가능성**: {근거가 포함된 평가}
+- **우선순위 권장**: {P1/P2/P3 및 근거}
 
-### Risk & Considerations
-| Risk | Likelihood | Mitigation |
-|------|-----------|------------|
-| {risk} | {High/Medium/Low} | {mitigation} |
+### 리스크 및 고려사항
+| 리스크 | 가능성 | 완화 방안 |
+|--------|--------|----------|
+| {리스크} | {High/Medium/Low} | {완화 방안} |
 
-**Estimated effort**: {XS/S/M/L/XL}
+**예상 작업량**: {XS/S/M/L/XL}
 
 ---
-_🏛️ Senior Architect perspective — `/professor-triage` v2.1.0_
+_🏛️ Senior Architect perspective — `/professor-triage` v2.2.0_
 ```
 
 **4B: 🤝 Project Colleague Review** — Delegate to arch-documenter (model: sonnet) to post GitHub comment:
@@ -154,19 +154,19 @@ _🏛️ Senior Architect perspective — `/professor-triage` v2.1.0_
 ```
 ## 🤝 Project Colleague Review
 
-### Implementation Ideas
-{Concrete code locations and change suggestions with file:line references}
+### 구현 아이디어
+{구체적 코드 위치 및 file:line 참조가 포함된 변경 제안}
 
-### Easy-to-Miss Details
-- {Name collisions, validation bypasses, race conditions, edge cases}
+### 놓치기 쉬운 세부사항
+- {이름 충돌, 유효성 검사 우회, 경쟁 조건, 엣지 케이스}
 
-### Suggested Next Steps
-1. {Actionable step with specific file/function reference}
-2. {Actionable step}
-3. {Actionable step}
+### 권장 다음 단계
+1. {구체적 file/function 참조가 포함된 실행 가능한 단계}
+2. {실행 가능한 단계}
+3. {실행 가능한 단계}
 
 ---
-_🤝 Project Colleague perspective — `/professor-triage` v2.1.0_
+_🤝 Project Colleague perspective — `/professor-triage` v2.2.0_
 ```
 
 Note: Do NOT include a "First Impressions" (첫인상) section in the Colleague Review — this was explicitly excluded per user feedback.
@@ -176,38 +176,38 @@ Note: Do NOT include a "First Impressions" (첫인상) section in the Colleague
 ```
 ## 🎓 Professor Synthesis
 
-### Codebase Verification
-| Claim (from Architect/Colleague) | Verified | Evidence |
-|----------------------------------|----------|----------|
-| {claim} | ✅/⚠️/❌ | {file:line or git evidence} |
+### 코드베이스 검증
+| 주장 (Architect/Colleague) | 검증 | 근거 |
+|---------------------------|------|------|
+| {주장} | ✅/⚠️/❌ | {file:line 또는 git 근거} |
 
-### Consensus & Divergence
-| Topic | Architect | Colleague | Verdict |
-|-------|-----------|-----------|---------|
-| {topic} | {position} | {position} | {synthesized judgment} |
+### 합의 및 이견
+| 주제 | Architect | Colleague | 판정 |
+|------|-----------|-----------|------|
+| {주제} | {입장} | {입장} | {종합 판단} |
 
-### Priority Matrix
-| Dimension | Assessment |
-|-----------|-----------|
-| Urgency | {High/Medium/Low} |
-| Importance | {High/Medium/Low} |
-| Size | {XS/S/M/L/XL} |
-| Recommended order | {N of M in batch} |
+### 우선순위 매트릭스
+| 차원 | 평가 |
+|------|------|
+| 긴급성 | {High/Medium/Low} |
+| 중요성 | {High/Medium/Low} |
+| 규모 | {XS/S/M/L/XL} |
+| 권장 순서 | {배치 내 N/M} |
 
-### Missed Perspectives
-{Considerations neither Architect nor Colleague raised}
+### 누락된 관점
+{Architect나 Colleague 모두 제기하지 않은 고려사항}
 
-### Execution Roadmap
-| Phase | Task | Files | Depends on |
-|-------|------|-------|-----------|
-| 1 | {task} | {files} | — |
-| 2 | {task} | {files} | Phase 1 |
+### 실행 로드맵
+| 단계 | 작업 | 파일 | 의존성 |
+|------|------|------|--------|
+| 1 | {작업} | {파일} | — |
+| 2 | {작업} | {파일} | 단계 1 |
 
-### Final Conclusion
-{2-3 sentence synthesis with definitive recommendation}
+### 최종 결론
+{확정적 권장 사항이 포함된 2-3문장 종합}
 
 ---
-_🎓 Professor Synthesis — `/professor-triage` v2.1.0_
+_🎓 Professor Synthesis — `/professor-triage` v2.2.0_
 ```
 
 **4D: Issue Triage Comment (MANDATORY)** — Every analyzed issue MUST receive a triage comment. This is not optional — even for issues created in the same session or with existing analysis. Skipping comments breaks the triage audit trail. Delegate to mgr-gitnerd to post on each analyzed issue:
@@ -215,14 +215,14 @@ _🎓 Professor Synthesis — `/professor-triage` v2.1.0_
 ```
 ## 🔬 Professor Triage — Codebase Analysis Result
 
-**Decision**: {Close (Already Resolved) | Close (Not Applicable) | Close (Duplicate of #NNN) | Open — action required | Open — monitoring}
-**Rationale**: {1-2 line summary based on codebase findings}
-**Affected files**: {N} analyzed — {N}✅ {N}⚠️ {N}❌
-**Risk**: {P1/P2/P3} | **Size**: {XS/S/M/L/XL}
-**Full report**: {artifact path}
+**결정**: {Close (Already Resolved) | Close (Not Applicable) | Close (Duplicate of #NNN) | Open — action required | Open — monitoring}
+**근거**: {코드베이스 분석 기반 1-2줄 요약}
+**영향 파일**: {N}개 분석 — {N}✅ {N}⚠️ {N}❌
+**리스크**: {P1/P2/P3} | **규모**: {XS/S/M/L/XL}
+**전체 리포트**: {artifact path}
 
 ---
-_Analyzed by `/professor-triage` v2.1.0 against current codebase with {N} related issues_
+_`/professor-triage` v2.2.0에 의해 현재 코드베이스 대비 분석됨 — 관련 이슈 {N}개_
 ```
 
 **4E: Artifact Report** — Delegate to arch-documenter to write:
@@ -231,39 +231,41 @@ Path: `.codex/outputs/sessions/YYYY-MM-DD/professor-triage-HHmmss.md`
 
 Timestamps use local machine time (consistent with other artifact skills).
 
+Sensitive-path artifact protocol (mandatory): if a delegated agent must create or inspect Claude compatibility artifacts under `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**`, include this protocol in the delegated prompt. The agent must produce artifact bodies in `/tmp/professor-triage-{timestamp}.md` first and must not call Read, Bash, Write, or Edit directly on `.claude/**` paths in unattended flows. Codex-native `.codex/outputs/**` artifacts continue to use managed file-write APIs that create parents.
+
 Template:
 ```
-# Professor Triage Report — YYYY-MM-DD
+# Professor Triage 리포트 — YYYY-MM-DD
 
-## Analysis Target
-| # | Title | Labels | Created |
-|---|-------|--------|---------|
+## 분석 대상
+| # | 제목 | 라벨 | 생성일 |
+|---|------|------|--------|
 
-## Per-Issue Analysis
+## 이슈별 분석
 ### #NNN — title
-- **Affected files**: N analyzed — N✅ N⚠️ N❌
-- **Architecture impact**: ...
-- **Implementation path**: ...
-- **Risk/Priority**: P1/P2/P3
-- **Size**: XS/S/M/L/XL
-- **Already resolved?**: Yes/No/Partial — evidence
-- **Recommended action**: ...
-
-## Cross-Analysis
-### Common Patterns
-### Duplicate/Merge Candidates
-### Conflicting Findings Resolution
-### Priority Matrix
-
-## Multi-Perspective Summary
-### Architect Highlights
-### Colleague Highlights
-### Professor Synthesis Key Points
-
-## Executed Actions
-| Issue | Action | Status |
-
-## Pending Actions (Confirmation Required)
+- **영향 파일**: N개 분석 — N✅ N⚠️ N❌
+- **아키텍처 영향**: ...
+- **구현 경로**: ...
+- **리스크/우선순위**: P1/P2/P3
+- **규모**: XS/S/M/L/XL
+- **이미 해결됨?**: Yes/No/Partial — 근거
+- **권장 조치**: ...
+
+## 교차 분석
+### 공통 패턴
+### 중복/병합 후보
+### 상충 발견사항 해결
+### 우선순위 매트릭스
+
+## 다관점 요약
+### Architect 주요 사항
+### Colleague 주요 사항
+### Professor Synthesis 핵심 포인트
+
+## 실행된 조치
+| 이슈 | 조치 | 상태 |
+
+## 보류 중인 조치 (확인 필요)
 ```
 
 ### Phase 4F: Comment Verification Gate

package/templates/.claude/skills/qa-lead-routing/SKILL.md

@@ -92,6 +92,10 @@ Delegate to mgr-creator with context:
 - Specialized QA methodologies (e.g., "뮤테이션 테스트 전략 만들어줘")
 - Performance/security testing tools not covered by existing agents
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 This skill is NOT user-invocable. It should be automatically triggered when the main conversation detects QA intent.

package/templates/.claude/skills/research/SKILL.md

@@ -214,6 +214,7 @@ Convergence expected by round 3. Hard stop at round 30.
    ---
    ```
    The agent writes the artifact file using a file-write API that creates missing parent directories; do not run any Bash directory-creation pre-step for session outputs (R010 compliance).
+   Sensitive-path artifact protocol (mandatory): if a delegated research agent must inspect or create Claude compatibility artifacts under `.claude/**`, `.claude/outputs/**`, or `templates/.claude/**`, the delegated prompt must require `/tmp/research-{timestamp}.md` as the first artifact body target and must forbid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
 3. GitHub issue auto-created with findings
 4. Action items with effort estimates
 

package/templates/.claude/skills/roundtable-debate/SKILL.md

@@ -20,6 +20,10 @@ Run a bounded debate when convergence would hide useful disagreement. Unlike `ag
 - Review work where anchoring or groupthink is likely.
 - Decisions where a minority risk could be more important than the majority preference.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Workflow
 
 1. **Independent-first analysis**: spawn 3-5 reviewers in parallel. Do not share intermediate opinions before each reviewer submits an initial view.

package/templates/.claude/skills/scout/SKILL.md

@@ -11,6 +11,10 @@ argument-hint: "<url>"
 
 Analyze an external URL (tech blog, tool, library, methodology) to evaluate its fit with the oh-my-customcodex project and auto-create a GitHub issue with a structured verdict.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 ```
@@ -58,13 +62,13 @@ Before execution, show the plan:
 
 ```
 [Scout] {url}
-├── Phase 1: Fetch & Summarize
-├── Phase 2: Load Project Philosophy
-├── Phase 3: Fit Analysis (sonnet)
-└── Phase 4: Issue Creation
+├── Phase 1: 콘텐츠 수집 및 요약
+├── Phase 2: 프로젝트 철학 로드
+├── Phase 3: 적합성 분석 (sonnet)
+└── Phase 4: 이슈 생성
 
-Estimated: ~1 min | Cost: ~$0.5-1.5
-Execute? [Y/n]
+예상: ~1분 | 비용: ~$0.5-1.5
+실행하시겠습니까? [Y/n]
 ```
 
 ## Workflow
@@ -135,6 +139,7 @@ Return a structured verdict:
 - philosophy_table: criterion/fit/rationale for each dimension
 - recommendation: specific integration plan or skip reason
 - next_steps: 2-3 actionable items
+- IMPORTANT: Write all analysis output in Korean. Technical terms, code references, label names, and skill/agent names stay in English.
 - escalation: true/false (INTERNALIZE + M/L effort = true)
 ```
 
@@ -165,32 +170,32 @@ gh issue close {number} -c "Auto-closed: scout verdict is SKIP"
 ### Issue Body Template
 
 ```markdown
-## Scout Report: {title}
+## Scout 리포트: {title}
 
-**Source**: {url}
-**Verdict**: {INTERNALIZE / INTEGRATE / SKIP}
-**Priority**: {P1 / P2 / P3}
+**출처**: {url}
+**판정**: {INTERNALIZE / INTEGRATE / SKIP}
+**우선순위**: {P1 / P2 / P3}
 
-## Summary
-{2-3 sentence summary of the external content}
+## 요약
+{외부 콘텐츠에 대한 2-3문장 요약}
 
-## Philosophy Alignment
-| Criterion | Fit | Rationale |
-|-----------|-----|-----------|
-| Compilation metaphor | {check/cross} | {explanation} |
-| Separation of concerns (R006) | {check/cross} | {explanation} |
-| Dynamic agent creation | {check/cross} | {explanation} |
-| Existing skill overlap | {check/cross} | {overlapping skills list} |
+## 프로젝트 철학 정합성
+| 기준 | 적합 | 근거 |
+|------|------|------|
+| Compilation metaphor | {check/cross} | {설명} |
+| Separation of concerns (R006) | {check/cross} | {설명} |
+| Dynamic agent creation | {check/cross} | {설명} |
+| 기존 스킬 중복 | {check/cross} | {중복 스킬 목록} |
 
-## Recommendation
-{Specific integration plan — which skill/agent/guide to create, or why to skip}
+## 권장 사항
+{구체적 통합 계획 — 어떤 skill/agent/guide를 생성할지, 또는 건너뛰는 이유}
 
-## Next Steps
-- [ ] {follow-up action 1}
-- [ ] {follow-up action 2}
+## 다음 단계
+- [ ] {후속 조치 1}
+- [ ] {후속 조치 2}
 
 ---
-Generated by `/scout`
+`/scout`에 의해 생성됨
 ```
 
 ## Escalation
@@ -198,18 +203,18 @@ Generated by `/scout`
 When verdict is `INTERNALIZE` and integration effort is M or L:
 
 ```
-[Advisory] Deep analysis recommended.
-└── Consider running: /research {url}
+[Advisory] 심층 분석 권장.
+└── 실행 검토: /research {url}
 ```
 
 ## Result Display
 
 ```
-[Scout Complete] {title}
-├── Verdict: {INTERNALIZE / INTEGRATE / SKIP}
-├── Priority: {P1 / P2 / P3}
-├── Issue: #{number}
-└── Escalation: {/research recommended | none}
+[Scout 완료] {title}
+├── 판정: {INTERNALIZE / INTEGRATE / SKIP}
+├── 우선순위: {P1 / P2 / P3}
+├── 이슈: #{number}
+└── 에스컬레이션: {/research 권장 | 없음}
 ```
 
 ## Model Selection

package/templates/.claude/skills/secretary-routing/SKILL.md

@@ -16,7 +16,7 @@ Routes agent management tasks to the appropriate manager agent. This skill conta
 
 | Agent | Purpose | Triggers |
 |-------|---------|----------|
-| mgr-creator | Create new agents | "create agent", "new agent" |
+| mgr-creator | Create new agents, skills, guides | "create agent", "new agent", "create skill", "new skill", "create guide", "new guide" |
 | mgr-updater | Update external agents | "update agent", "sync" |
 | mgr-supplier | Validate dependencies | "audit", "check deps" |
 | mgr-gitnerd | Git operations | "commit", "push", "pr" |
@@ -45,6 +45,8 @@ Before routing via Task tool, evaluate Agent Teams eligibility first:
 User Input → Routing → Manager Agent
 
 create   → mgr-creator
+create skill → mgr-creator
+create guide → mgr-creator
 update   → mgr-updater
 audit    → mgr-supplier
 git      → mgr-gitnerd
@@ -130,6 +132,10 @@ Evaluate: Is this a specialized management/tooling task?
 - New monitoring tool setup (e.g., "Grafana 대시보드 관리")
 - Unfamiliar package manager operations
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Usage
 
 This skill is NOT user-invocable. It is automatically triggered when the main conversation detects agent management intent.

package/templates/.claude/skills/task-decomposition/SKILL.md

@@ -10,6 +10,10 @@ user-invocable: false
 
 Analyzes task complexity and decomposes large tasks into smaller, parallelizable subtasks compatible with the DAG orchestration skill. The orchestrator uses this as a planning frontend before execution.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## Trigger Conditions
 
 Decomposition is **recommended** when any of these thresholds are met:
@@ -48,6 +52,12 @@ Before decomposing, select the appropriate workflow pattern:
    ├── Map subtasks to agents (use routing skills)
    └── Generate DAG workflow spec
 
+2.5. Validate granularity against pipeline-guards limits:
+     ├── For each subtask, estimate file count
+     ├── If files > 10 → emit advisory: [Guard] ⚠ Subtask "{id}" assigned {n} files (> 10) — splitting by layer
+     ├── If files > 15 → emit hard warning: [Guard] 🛑 Subtask "{id}" assigned {n} files (> 15) — must split
+     └── Auto-split oversized subtasks by layer/domain until all ≤ 10
+
 3. Present plan to user (R015 transparency)
    ├── Show decomposed subtasks with agents
    ├── Show dependency graph
@@ -172,10 +182,43 @@ A subtask is **atomic** when it meets ALL of:
 - Single concern (one logical change)
 - Independently testable outcome
 - < 15 minutes estimated duration
-- < 3 files affected
+- < 3 files affected (ideal atomic size)
+- MUST NOT exceed 10 files (pipeline-guards advisory threshold)
+- If > 10 files unavoidable → emit [Guard] warning and split by layer/domain
+- > 15 files is a hard violation — always split further (pipeline-guards hard cap)
 
 If a subtask is not atomic → decompose further (max 2 levels deep).
 
+## Granularity Validation
+
+After decomposition, validate each subtask against pipeline-guards file limits:
+
+| Subtask Files | Action |
+|---------------|--------|
+| ≤ 3 | Ideal atomic size — no action |
+| 4-10 | Acceptable — proceed without warning |
+| 11-15 | Advisory warning, attempt further split |
+| > 15 | Hard warning, MUST split before execution |
+
+### Validation Process
+
+For each decomposed subtask:
+1. Count estimated files
+2. If > 10:
+   a. Emit: `[Guard] ⚠ Subtask "{id}" assigned {n} files (> 10) — splitting by layer`
+   b. Attempt split by: layer (domain → adapter → handler) or domain separation
+   c. Re-validate split results
+3. If > 15 after split attempt:
+   a. Emit: `[Guard] 🛑 Subtask "{id}" still has {n} files (> 15) — requires user override`
+   b. Pause for user confirmation before proceeding
+
+### Generated DAG Adjustment
+
+When granularity validation triggers a split, update the DAG spec:
+- Original node is replaced by 2+ child nodes
+- Dependencies are preserved (children inherit parent's deps)
+- `max_parallel` in config respects R009 limits (soft: 4, hard: 5)
+
 ## Skip Decomposition When
 
 | Condition | Reason |
@@ -195,3 +238,4 @@ If a subtask is not atomic → decompose further (max 2 levels deep).
 | R010 | Decomposition happens in orchestrator only |
 | R015 | Plan displayed before execution for user approval |
 | R018 | 3+ agents in plan → check Agent Teams eligibility |
+| pipeline-guards | Validates subtask file count against 10/15 granularity limits |

package/templates/.claude/skills/worker-reviewer-pipeline/SKILL.md

@@ -12,6 +12,10 @@ Defines an iterative Worker→Reviewer pipeline where one agent implements chang
 
 **Orchestrator-only** — only the main conversation activates this pipeline (R010). Worker and Reviewer are subagents.
 
+## Sensitive-Path Delegation
+
+Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+
 ## When to Activate
 
 | Condition | Activate? |

package/templates/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.4.4",
+  "version": "0.4.6",
   "lastUpdated": "2026-04-27T02:00:00.000Z",
   "components": [
     {

package/templates/workflows/auto-dev.yaml

@@ -36,6 +36,7 @@ steps:
       - Codex-managed `.codex/` edits use the normal edit/patch flow.
       - Do not adopt upstream Claude-only `/tmp` bypass guidance as the default path.
       - If a port requires `.claude` template parity changes, make the change explicit and verify sensitive-path guard tests.
+      - Sensitive-path artifact protocol (mandatory): delegated prompts that touch `.claude/**`, `templates/.claude/**`, `.claude/outputs/**`, or read-only measurements of those paths must instruct the subagent to produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and avoid direct Read/Bash/Write/Edit targets under `.claude/**` in unattended flows.
     description: Execute implementation plan with appropriate agents
     foreach: planned-issue