role-os 2.1.0 → 2.2.1

package/CHANGELOG.md

@@ -1,5 +1,59 @@
 # Changelog
 
+## 2.2.1
+
+### Added
+- **`roleos audit` CLI** — first-class entry point for deep audit with subcommands: `audit`, `audit manifest`, `audit manifest --generate`, `audit status`, `audit verify`
+- **Shared state machine** (`src/state-machine.mjs`) — canonical step/run transitions shared by both runners
+- **Shared tool profiles** (`src/tool-profiles.mjs`) — extracted from dispatch.mjs to break trial→dispatch coupling
+
+### Fixed
+- **P3-1:** Cycle detection in composite execution (`detectCycles` + visited-set guard in `findUnreachable`)
+- **P3-2:** Dual-active guard in `startNext`/`startNextStep` prevents two steps active simultaneously
+- **P3-3:** Atomic persistence — `saveRun` writes to temp file then renames
+- **P4-1:** Dependency Auditor has own artifact contract (`dependency-audit`), pack handoff corrected
+- **P4-2:** `partitionBrief` returns topic-only for unknown roles instead of full brief
+- **P4-3:** Atom kind normalization layer bridges scout `.kind` and atom `.claim_kind`
+- **P4-4:** `/dev/stdin` → `readFileSync(0)` for Windows compatibility in all 5 hooks
+- **P4-5:** TOOL_PROFILES extracted to shared module, eliminating trial→dispatch coupling
+- Node 18 compatibility fix for `import.meta.dirname` in deep-audit-proof test
+
+### Tests
+- 18 new tests (audit-cmd, audit-p5, deep-audit-proof) — total: 954
+
+## 2.2.0
+
+### Added
+
+#### Deep Audit Mission — Runner-Native Componentized Repo Audit
+
+- **Deep audit mission** — 8th mission in the library. Decomposes a repo into bounded components, dispatches one auditor per component, inspects seams from the dependency graph, assesses test truth, then synthesizes into a ranked verdict and action plan.
+- **Dynamic dispatch** — missions with `dynamicDispatch` field now expand from a manifest at runtime. `createRun("deep-audit", task, { manifest })` creates N + M + K + 3 steps from the repo graph instead of a fixed static chain. A 6-component / 8-boundary repo produces 23 steps; a 10-component / 5-boundary repo produces 28.
+- **4 new audit roles** — Component Auditor, Seam Auditor, Test Truth Auditor, Audit Synthesizer. Each with full artifact contracts, tool profiles, and role definitions in starter-pack.
+- **Deep-audit pack** — 9th team pack with scaling chain order, dispatch defaults, and mismatch guards.
+- **Artifact validation at execution boundaries** — `validateArtifact()` now runs on every step completion in both `run.mjs` and `mission-run.mjs`. Validation results are attached to the step object. Warn, don't block.
+- **Proof run test suite** — `test/deep-audit-proof.test.mjs` proves the full runner-native lifecycle against the real audit-manifest.json: step creation, parcel identity, validation, escalation, partial failure, scaling formula, and report generation.
+
+### Fixed
+
+- **Critical: "approve" vs "accept" verdict mismatch** — `evidence.mjs:195` checked `!== "approve"` but the enum defines `"accept"`. Every accept verdict generated a spurious warning. Tests masked it via substring matching. Fixed to `"accept"` with hardened exact-assertion tests.
+- **Dead imports removed** — `TEAM_PACKS` and `ROLE_ARTIFACT_CONTRACTS` in mission-run.mjs, `TEAM_PACKS` in run.mjs, `scoreRole` and `MIN_SCORE_THRESHOLD` in trial.mjs were imported but never used.
+- **Warning message terminology** — all evidence warning messages now use "accept" instead of "approve" consistently.
+
+### Changed
+
+- Mission count: 7 → 8
+- Role count: 50 → 54 (4 deep audit roles)
+- Pack count: 8 → 9
+- Artifact contract count: 30 → 34 (4 new audit role contracts)
+- Test count: 905 → 936
+
+### Evidence
+
+- Self-audit dogfood: 128 findings (1 critical, 11 high, 39 medium) across 6 component parcels, 8 boundary seams, and 31 test files
+- Runner-native proof run: 23 dynamic steps from real manifest, full lifecycle, all green
+- Scaling formula verified: 2N + K + 3 holds for manifests of 3, 6, 10, and 15 components
+
 ## 2.1.0
 
 ### Added

package/README.md

@@ -13,7 +13,7 @@
   <a href="https://mcp-tool-shop-org.github.io/role-os/"><img src="https://img.shields.io/badge/Landing_Page-live-brightgreen" alt="Landing Page"></a>
 </p>
 
-A multi-Claude operating system that staffs, routes, validates, and runs work through 50 specialized role contracts. Creates task packets, assembles the right team from scored role matching, detects broken chains before execution, auto-routes recovery when work is blocked or rejected, and requires structured evidence in every verdict.
+A multi-Claude operating system that staffs, routes, validates, and runs work through 54 specialized role contracts. Creates task packets, assembles the right team from scored role matching, detects broken chains before execution, auto-routes recovery when work is blocked or rejected, and requires structured evidence in every verdict. Includes dynamic dispatch for manifest-scaled missions — a 10-component repo automatically becomes 28 auditor steps, not 6.
 
 ## What it does
 
@@ -44,9 +44,9 @@ roleos start "something completely novel"
 
 **The fallback ladder:**
 
-1. **Mission** — when the task matches a proven recurring workflow (bugfix, treatment, feature-ship, docs, security, research). Known role chain, artifact flow, escalation branches, and honest-partial definitions.
-2. **Pack** — when the task is a known family but not a full mission shape. 7 calibrated team packs with auto-selection and mismatch guards.
-3. **Free routing** — when the task is novel, mixed, or uncertain. Scores all 31 roles against packet content and assembles a dynamic chain.
+1. **Mission** — when the task matches a proven recurring workflow (bugfix, treatment, feature-ship, docs, security, research, brainstorm, deep-audit). Known role chain, artifact flow, escalation branches, and honest-partial definitions.
+2. **Pack** — when the task is a known family but not a full mission shape. 9 calibrated team packs with auto-selection and mismatch guards.
+3. **Free routing** — when the task is novel, mixed, or uncertain. Scores all 54 roles against packet content and assembles a dynamic chain.
 
 The system never forces work through the wrong abstraction. It explains why it chose each level and offers alternatives.
 
@@ -103,7 +103,7 @@ Full treatment is a canonical 7-phase protocol defined in Claude project memory
 
 Order: Shipcheck first, then full treatment. No v1.0.0 without passing hard gates.
 
-## 50 roles across 8 packs
+## 54 roles across 9 packs
 
 | Pack | Roles |
 |------|-------|
@@ -115,6 +115,7 @@ Order: Shipcheck first, then full treatment. No v1.0.0 without passing hard gate
 | **Product** (3) | Feedback Synthesizer, Roadmap Prioritizer, Spec Writer |
 | **Research** (4) | UX Researcher, Competitive Analyst, Trend Researcher, User Interview Synthesizer |
 | **Growth** (4) | Launch Strategist, Content Strategist, Community Manager, Support Triage Lead |
+| **Deep Audit** (4) | Component Auditor, Test Truth Auditor, Seam Auditor, Audit Synthesizer |
 
 Every role has a full contract: mission, use when, do not use when, expected inputs, required outputs, quality bar, and escalation triggers. Every role is routable — `roleos route` can recommend any of them based on packet content.
 
@@ -133,6 +134,12 @@ roleos complete artifact.md    # Complete with artifact
 roleos explain                 # Show full state
 roleos report                  # Completion report
 
+# Deep audit:
+roleos audit manifest --generate   # Create audit-manifest.json
+roleos audit                       # Start component-level deep audit
+roleos audit status                # Check audit progress
+roleos audit verify                # Verify manifest and outputs
+
 # Or go manual:
 roleos start "fix the crash"   # Entry decision only (no run)
 roleos packet new feature
@@ -206,18 +213,21 @@ role-os/
     entry-cmd.mjs              ← `roleos start` CLI command
     run.mjs                    ← Persistent run engine: create → step → pause → resume → report
     run-cmd.mjs                ← `roleos run/resume/next/explain/complete/fail` + interventions
-    mission.mjs                ← 7 named mission types (feature, bugfix, treatment, docs, security, research, brainstorm)
+    mission.mjs                ← 8 named mission types (feature, bugfix, treatment, docs, security, research, brainstorm, deep-audit)
     mission-run.mjs            ← Mission runner: create → step → complete → report
     mission-cmd.mjs            ← `roleos mission` CLI commands
-    route.mjs                  ← 31-role routing + dynamic chain builder
-    packs.mjs                  ← 7 calibrated team packs + auto-selection
+    audit-cmd.mjs              ← `roleos audit` — deep audit entry point with manifest generation
+    route.mjs                  ← 54-role routing + dynamic chain builder
+    packs.mjs                  ← 9 calibrated team packs + auto-selection
     conflicts.mjs              ← 4-pass conflict detection
     escalation.mjs             ← Auto-routing for blocked/rejected/split
     evidence.mjs               ← Structured evidence + role-aware requirements
     dispatch.mjs               ← Runtime dispatch manifests for multi-claude
-    artifacts.mjs              ← 30 per-role artifact contracts + 7 pack handoffs
+    tool-profiles.mjs          ← Per-role tool sandboxing (shared by dispatch + trial)
+    state-machine.mjs          ← Canonical step/run transition maps
+    artifacts.mjs              ← Per-role artifact contracts + pack handoffs
     decompose.mjs              ← Composite task detection + splitting
-    composite.mjs              ← Dependency-ordered execution + recovery
+    composite.mjs              ← Dependency-ordered execution + recovery + cycle detection
     replan.mjs                 ← Mid-run adaptive replanning
     calibration.mjs            ← Outcome recording + weight tuning
     hooks.mjs                  ← 5 lifecycle hooks for runtime enforcement
@@ -225,7 +235,7 @@ role-os/
     brainstorm.mjs             ← Evidence modes, request validation, finding/synthesis/judge schemas
     brainstorm-roles.mjs       ← Role-native schemas, input partitioning, blindspot enforcement, cross-exam
     brainstorm-render.mjs      ← Two-layer rendering: lexical bans, render schemas, debate transcript
-  test/                        ← 894 tests across 30 test files
+  test/                        ← 954 tests across 33 test files
   starter-pack/                ← Drop-in role contracts, policies, schemas, workflows
 ```
 
@@ -237,28 +247,29 @@ Role OS operates **locally only**. It copies markdown templates and writes packe
 
 | Layer | What it does | Status |
 |-------|-------------|--------|
-| **Routing** | Scores all 31 roles against packet content, explains recommendations, assesses confidence | ✓ Shipped |
+| **Routing** | Scores all 54 roles against packet content, explains recommendations, assesses confidence | ✓ Shipped |
 | **Chain builder** | Assembles phase-ordered chains from scored roles, packet-type biased not template-locked | ✓ Shipped |
 | **Conflict detection** | 4-pass validation: hard conflicts, sequence, redundancy, coverage gaps. Repair suggestions. | ✓ Shipped |
 | **Escalation** | Auto-routes blocked/rejected/split work to the right resolver with reason + required artifact | ✓ Shipped |
 | **Evidence** | Role-aware structured evidence in verdicts. Sufficiency checks. 12 evidence kinds. | ✓ Shipped |
 | **Dispatch** | Generates execution manifests for multi-claude. Per-role tool profiles, system prompts, budgets. | ✓ Shipped |
 | **Trials** | Full roster proven: 30/30 gold-task + 5/5 negative trials. 7 pack trials complete. | ✓ Complete |
-| **Team Packs** | 7 calibrated packs with auto-selection, mismatch guards, and free-routing fallback. | ✓ Shipped |
+| **Team Packs** | 9 calibrated packs with auto-selection, mismatch guards, and free-routing fallback. | ✓ Shipped |
 | **Outcome calibration** | Records run outcomes, tunes pack/role weights from results, adjusts confidence thresholds. | ✓ Shipped |
 | **Mixed-task decomposition** | Detects composite work, splits into child packets, assigns packs, preserves dependencies. | ✓ Shipped |
 | **Composite execution** | Runs child packets in dependency order with artifact passing, branch recovery, and synthesis. | ✓ Shipped |
 | **Adaptive replanning** | Mid-run scope changes, findings, or new requirements update the plan without restarting. | ✓ Shipped |
 | **Session spine** | `roleos init claude` scaffolds CLAUDE.md, /roleos-route, /roleos-review, /roleos-status. `roleos doctor` verifies wiring. Route cards prove engagement. | ✓ Shipped |
 | **Hook spine** | 5 lifecycle hooks (SessionStart, PromptSubmit, PreToolUse, SubagentStart, Stop). Advisory enforcement: route card reminders, write-tool gating, subagent role injection, completion audit. | ✓ Shipped |
-| **Artifact spine** | 30 per-role artifact contracts. 7 pack handoff contracts. Structural validation. Chain completeness checks. Downstream roles never guess what they received. | ✓ Shipped |
-| **Mission library** | 7 named missions (feature-ship, bugfix, treatment, docs-release, security-hardening, research-launch, brainstorm). Each declares pack, role chain, artifact flow, escalation branches, honest-partial definition. All 7 trial-proven. | ✓ Shipped |
+| **Artifact spine** | Per-role artifact contracts. Pack handoff contracts. Structural validation. Chain completeness checks. Downstream roles never guess what they received. | ✓ Shipped |
+| **Mission library** | 8 named missions (feature-ship, bugfix, treatment, docs-release, security-hardening, research-launch, brainstorm, deep-audit). Each declares pack, role chain, artifact flow, escalation branches, honest-partial definition. | ✓ Shipped |
 | **Mission runner** | Create runs, step through with tracked state, complete/fail with honest reporting. Blocked-step propagation, out-of-chain escalation warnings, last-step re-opening. | ✓ Shipped |
 | **Unified entry** | `roleos start` decides mission vs pack vs free routing automatically. Fallback ladder with confidence scores, alternatives, and composite detection. | ✓ Shipped |
 | **Persistent runs** | `roleos run` creates disk-backed runs. `resume`, `next`, `explain`, `complete`, `fail`. Interventions: reroute, escalate, retry, block, reopen. Step-local guidance. Friction measurement. | ✓ Shipped |
-| **Brainstorm** | Two-layer architecture: truth (role-native schemas, provenance atoms, cross-exam dispute graph) + render (5 distinct voices, lexical bans, debate transcript). Trace links prove every rendered claim maps to a truth atom. Golden run: 894 tests. | ✓ Shipped |
+| **Brainstorm** | Two-layer architecture: truth (role-native schemas, provenance atoms, cross-exam dispute graph) + render (5 distinct voices, lexical bans, debate transcript). Trace links prove every rendered claim maps to a truth atom. Golden run proven. | ✓ Shipped |
+| **Deep Audit** | Manifest-scaled repo audit: decompose repo into components, dispatch N auditors + M test truth auditors + K seam auditors from dependency graph, synthesize into ranked verdict and action plan. Dynamic dispatch scales with repo size (2N + K + 3 formula). Runner-native with artifact validation at every step. | ✓ Shipped |
 
-## 7 missions
+## 8 missions
 
 | Mission | Pack | Roles | When to use |
 |---------|------|-------|-------------|
@@ -269,6 +280,7 @@ Role OS operates **locally only**. It copies markdown templates and writes packe
 | `security-hardening` | security | 4 | Threat model, audit, fix vulnerabilities, re-audit, verify |
 | `research-launch` | research | 4 | Frame question, research, document findings, decide |
 | `brainstorm` | brainstorm | 9 | Structured multi-perspective inquiry with traceable disagreement and verdict |
+| `deep-audit` | deep-audit | 5 (scales) | Manifest-backed repo audit — worker count scales with repo graph via dynamic dispatch |
 
 Each mission includes honest-partial definitions — when work stalls, the system documents what was completed and what remains instead of bluffing completion.
 
@@ -290,7 +302,27 @@ roleos run "explore product directions for a developer tool discovery platform"
 
 - **Chain of custody:** Every rendered sentence traces back to a truth-layer atom. Synthesis directions cite atoms. Cross-exam targets real claim IDs. The dispute graph is the product, not the prose.
 
-**Proven:** v0.4 golden run — 894 tests, full chain of custody verified. See [`examples/golden-run.md`](examples/golden-run.md) for the complete artifact chain.
+**Proven:** v0.4 golden run — full chain of custody verified. See [`examples/golden-run.md`](examples/golden-run.md) for the complete artifact chain.
+
+### Deep audit mission
+
+Not a surface scan. The deep audit mission **decomposes a repo into bounded components and dispatches specialist auditors at a scale determined by the repo's own dependency graph.**
+
+```bash
+roleos run "deep audit this repo" --manifest=audit-manifest.json
+# → MISSION: Deep Audit (Manifest-Scaled)
+#   Steps: Component Auditor ×6 + Test Truth Auditor ×6 + Seam Auditor ×8 + Synthesizer + Action Plan + Critic = 23 steps
+```
+
+**What makes it different:**
+
+- **Dynamic dispatch** — worker count is not fixed. A 10-component repo with 5 boundary clusters produces 28 steps (2×10 + 5 + 3). A 3-component repo produces 12. The scaling formula is `2N + K + 3` where N = components, K = boundaries.
+- **Manifest-backed parcels** — an `audit-manifest.json` defines components (with file paths, line counts, descriptions) and boundaries (from/to with interface descriptions). Each auditor receives only its parcel.
+- **Four role archetypes** — Component Auditor (code truth per module), Test Truth Auditor (tests that prove vs tests that exist), Seam Auditor (integration boundaries from the dependency graph), Audit Synthesizer (ranked verdict + action plan from all parcels).
+- **Artifact validation at every step** — `validateArtifact()` fires on every step completion in both execution paths. Results attached to step objects. The system knows whether each artifact met its contract.
+- **Honest partial** — when budget or scope blocks completion, per-component findings are individually valid. The system synthesizes from whatever completed, never bluffs full coverage.
+
+**Proven:** Runner-native proof run — 18 tests against real manifest, full lifecycle verified including escalation re-opening and partial failure. Scaling formula verified for 3/6/10/15-component manifests.
 
 ## Status
 
@@ -309,6 +341,7 @@ roleos run "explore product directions for a developer tool discovery platform"
 - **v2.0.0**: Operator friction pass (Phase U) — `roleos run` creates persistent disk-backed runs. Resume, next, explain, complete, fail. Interventions: reroute, escalate, retry, block, reopen. Step-local guidance at every step. Friction measurement. 6 friction trials. 613 tests.
 - **v2.0.1**: Handbook audit, beginner docs, test count corrections. 617 tests.
 - **v2.1.0**: Brainstorm mission (v0.4) — specialized roles under law, traceable disagreement, verdict-bearing output. Two-layer architecture (truth + render), cross-exam permission matrix, dispute graph, golden run proof. 7 missions, 50 roles, 8 packs. 894 tests.
+- **v2.2.0**: Deep Audit mission — manifest-scaled repo audit with dynamic dispatch. 4 new audit roles (Component Auditor, Test Truth Auditor, Seam Auditor, Audit Synthesizer). Worker count scales with repo graph (2N + K + 3 formula). Artifact validation wired at both execution boundaries. Runner-native proof run green. accept/approve truth fix in evidence layer. 8 missions, 54 roles, 9 packs. 936 tests.
 
 ## License
 

package/bin/roleos.mjs

@@ -12,6 +12,7 @@ import { packsCommand } from "../src/packs-cmd.mjs";
 import { scaffoldClaude, doctor, formatDoctor } from "../src/session.mjs";
 import { artifactsCommand } from "../src/artifacts-cmd.mjs";
 import { missionCommand } from "../src/mission-cmd.mjs";
+import { auditCommand } from "../src/audit-cmd.mjs";
 import { startCommand } from "../src/entry-cmd.mjs";
 import {
   runCommand, resumeCommand, nextCommand, explainCommand,
@@ -59,6 +60,11 @@ Usage:
   roleos artifacts show <role>       Show artifact contract for a role
   roleos artifacts validate <role> <file>  Validate a file against a contract
   roleos artifacts chain <pack>      Show pack handoff flow
+  roleos audit                        Start a deep audit on the current repo
+  roleos audit manifest               Show the audit manifest
+  roleos audit manifest --generate    Generate a skeleton manifest from src/
+  roleos audit status                 Show audit run progress
+  roleos audit verify                 Verify manifest and audit outputs
   roleos mission list                List all missions
   roleos mission show <key>          Show full mission detail
   roleos mission suggest <text>      Suggest a mission for a task
@@ -181,6 +187,9 @@ try {
     case "friction":
       await frictionCommand(args);
       break;
+    case "audit":
+      await auditCommand(args);
+      break;
     case "mission":
       await missionCommand(args);
       break;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "role-os",
-  "version": "2.1.0",
-  "description": "Role OS — a multi-Claude operating system where 50 specialized roles execute work through contracts, conflict detection, escalation, and structured evidence. 8 proven team packs, 7 missions including brainstorm with traceable disagreement and verdict-bearing output.",
+  "version": "2.2.1",
+  "description": "Role OS — a multi-Claude operating system where 54 specialized roles execute work through contracts, conflict detection, escalation, and structured evidence. 9 team packs, 8 missions including deep audit with manifest-scaled dynamic dispatch and brainstorm with traceable disagreement.",
   "homepage": "https://mcp-tool-shop-org.github.io/role-os/",
   "bugs": {
     "url": "https://github.com/mcp-tool-shop-org/role-os/issues"

package/src/artifacts.mjs

@@ -106,6 +106,14 @@ export const ROLE_ARTIFACT_CONTRACTS = {
     consumedBy: ["Backend Engineer", "Coverage Auditor", "Security Reviewer"],
     completionRule: "Entrypoints listed. Module responsibilities described. Commands documented.",
   },
+  "Dependency Auditor": {
+    artifactType: "dependency-audit",
+    requiredSections: ["vulnerability-summary", "outdated-inventory"],
+    optionalSections: ["supply-chain-risks", "update-recommendations", "license-audit"],
+    requiredEvidence: [],
+    consumedBy: ["Critic Reviewer", "Security Reviewer"],
+    completionRule: "Vulnerabilities triaged. Outdated deps inventoried with severity.",
+  },
   "Metadata Curator": {
     artifactType: "metadata-audit",
     requiredSections: ["manifest-audit", "registry-alignment"],
@@ -256,6 +264,40 @@ export const ROLE_ARTIFACT_CONTRACTS = {
     consumedBy: [],
     completionRule: "Disposition is accept/revise_expand/revise_synthesize/reject. Verdicts: ready_to_advance/needs_incubation/not_active_now. Actions: build_now/hold_for_followon/archive_but_retain. Revise requires targets.",
   },
+
+  // ── Deep Audit ──
+  "Component Auditor": {
+    artifactType: "component-audit-report",
+    requiredSections: ["findings", "what-i-could-not-verify", "adjacent-parcel-risks", "parcel-statistics"],
+    optionalSections: [],
+    requiredEvidence: ["component-parcel-definition"],
+    consumedBy: ["Audit Synthesizer"],
+    completionRule: "Every file in owned paths read. Findings use standardized schema with severity, confidence, category, file, evidence, impact. Adjacent parcel risks are specific, not generic.",
+  },
+  "Seam Auditor": {
+    artifactType: "seam-audit-report",
+    requiredSections: ["findings", "false-independence-risks", "content-code-drift", "dependency-direction-assessment"],
+    optionalSections: [],
+    requiredEvidence: ["boundary-cluster-definition", "component-graph"],
+    consumedBy: ["Audit Synthesizer"],
+    completionRule: "Every declared boundary inspected. Findings reference both sides. Content-code drift quotes both content claim and code reality.",
+  },
+  "Test Truth Auditor": {
+    artifactType: "test-truth-report",
+    requiredSections: ["findings", "untested-but-risky", "ceremonial-tests", "integration-gaps", "test-suite-health-summary"],
+    optionalSections: [],
+    requiredEvidence: ["test-file-paths", "implementation-file-paths"],
+    consumedBy: ["Audit Synthesizer"],
+    completionRule: "Distinguishes 'line executed' from 'behavior verified'. Lists source files with no test. Estimates real coverage with reasoning.",
+  },
+  "Audit Synthesizer": {
+    artifactType: "audit-summary",
+    requiredSections: ["verdict", "posture", "by-the-numbers", "structurally-sound", "fragile", "dangerous", "dead-weight", "cross-cutting-findings", "contradictions", "audit-gaps"],
+    optionalSections: [],
+    requiredEvidence: ["component-audit-report", "seam-audit-report", "test-truth-report"],
+    consumedBy: ["Critic Reviewer"],
+    completionRule: "Reconciles findings across parcels. Cross-cutting findings reference source parcels. Contradictions adjudicated. Action plan groups by root cause and leverage.",
+  },
 };
 
 // ── Artifact validation ───────────────────────────────────────────────────────
@@ -346,7 +388,7 @@ export const PACK_HANDOFF_CONTRACTS = {
   security: {
     flow: [
       { role: "Security Reviewer", produces: "security-findings", consumedBy: "Critic Reviewer" },
-      { role: "Dependency Auditor", produces: "metadata-audit", consumedBy: "Critic Reviewer" },
+      { role: "Dependency Auditor", produces: "dependency-audit", consumedBy: "Critic Reviewer" },
       { role: "Critic Reviewer", produces: "verdict", consumedBy: null },
     ],
   },
@@ -398,6 +440,15 @@ export const PACK_HANDOFF_CONTRACTS = {
       { role: "Critic Reviewer", produces: "verdict", consumedBy: null },
     ],
   },
+  "deep-audit": {
+    flow: [
+      { role: "Component Auditor",  produces: "component-audit-report", consumedBy: "Audit Synthesizer" },
+      { role: "Test Truth Auditor", produces: "test-truth-report",      consumedBy: "Audit Synthesizer" },
+      { role: "Seam Auditor",       produces: "seam-audit-report",      consumedBy: "Audit Synthesizer" },
+      { role: "Audit Synthesizer",  produces: "audit-summary",          consumedBy: "Critic Reviewer" },
+      { role: "Critic Reviewer",    produces: "verdict",                consumedBy: null },
+    ],
+  },
 };
 
 /**