role-os 2.8.0 → 2.9.1

package/README.md

@@ -96,9 +96,15 @@ Role OS verifies and gates tool calls at the `PreToolUse` seam — deterministic
 - **Conformance watcher** (advisory, fail-open) — a deterministic schema + computable-contract floor checks a proposed call against its catalogued tool-contract and attaches an advisory verdict on a *proven* nonconformant call; it never blocks. An opt-in LLM ceiling (`ROLEOS_CONFORMANCE_CONSULT`) handles the genuinely-semantic residue.
 - **Capability gate** (fail-closed, opt-in `ROLEOS_CAPABILITY_GATE`, default OFF) — deterministic least-privilege on *irreversible* actions (npm/PyPI publish, `gh release`, `git push`, repo edits, Pages deploy). A gated action is denied unless the director granted its capability in `.claude/role-os/capabilities.json`, so a wrong step — an honest mistake or an injected one — can't trigger an unauthorized irreversible action. The preventive complement to the named-compensator rule. See the [handbook](https://mcp-tool-shop-org.github.io/role-os/handbook/).
 
+## Crew dossier
+
+Every role has a **dossier** — a character sheet that doubles as run-time config. Six aptitudes (Rigor, Pace, Range, Skepticism, Autonomy, Candor) map to real dispatch knobs; an eight-archetype **disposition** layer (Skeptic, Builder, Investigator, Maverick…) carries a behavioral instruction; and each role has a painted portrait and a grade. Browse the whole crew as a gallery (`dossier/dossier.html`) — each role's radar shows its tuned build against its canonical ideal.
+
+When a role has a dossier, dispatch injects an **Operating Posture** — the disposition's behavioral instruction plus a posture line from the role's aptitudes — so the sheet actually configures the role. Opt-in and additive: roles without a dossier behave exactly as before. See the [handbook](https://mcp-tool-shop-org.github.io/role-os/handbook/crew-dossier/).
+
 ## Org rollout state
 
-Org-wide rollout state (queue, decisions, audit records, per-repo lock packets) lives in a separate private repo: [`role-os-rollout`](https://github.com/mcp-tool-shop-org/role-os-rollout). This repo is the product; that repo is operational state.
+Org-wide rollout state (queue, decisions, audit records, per-repo lock packets) lives in a separate **private**, org-internal repo (`role-os-rollout`). This repo is the product; that repo is operational state.
 
 ## Memory and continuity
 
@@ -114,18 +120,21 @@ Full treatment is a canonical 7-phase protocol defined in Claude project memory
 
 Order: Shipcheck first, then full treatment. No v1.0.0 without passing hard gates.
 
-## 61 roles across 10 packs
+## The 61-role catalog
+
+The catalog groups its 61 roles into 11 families. (Dispatch uses a separate set of 10 **team packs** — feature, bugfix, security, docs, launch, research, treatment, deep-audit, brainstorm, swarm — which draw roles from these families.)
 
-| Pack | Roles |
-|------|-------|
-| **Core** (3) | Orchestrator, Product Strategist, Critic Reviewer |
+| Family | Roles |
+|--------|-------|
+| **Core** (2) | Orchestrator, Critic Reviewer |
+| **Product** (4) | Product Strategist, Feedback Synthesizer, Roadmap Prioritizer, Spec Writer |
 | **Engineering** (7) | Frontend Developer, Backend Engineer, Test Engineer, Refactor Engineer, Performance Engineer, Dependency Auditor, Security Reviewer |
 | **Design** (2) | UI Designer, Brand Guardian |
 | **Marketing** (1) | Launch Copywriter |
 | **Treatment** (7) | Repo Researcher, Repo Translator, Docs Architect, Metadata Curator, Coverage Auditor, Deployment Verifier, Release Engineer |
-| **Product** (3) | Feedback Synthesizer, Roadmap Prioritizer, Spec Writer |
 | **Research** (4) | UX Researcher, Competitive Analyst, Trend Researcher, User Interview Synthesizer |
 | **Growth** (4) | Launch Strategist, Content Strategist, Community Manager, Support Triage Lead |
+| **Brainstorm** (19) | Context Scout, User Value Scout, Creative Leap Scout, Mechanics Scout, Market Scout, Contrarian Scout, Feasibility Scout, Quality Bar Scout, Context Analyst, User Value Analyst, Mechanics Analyst, Positioning Analyst, Contrarian Analyst, Normalizer, Synthesizer, Product Expander, Scenario Expander, Moat Expander, Judge |
 | **Deep Audit** (4) | Component Auditor, Test Truth Auditor, Seam Auditor, Audit Synthesizer |
 | **Swarm** (7) | Swarm Coordinator, Swarm Backend Agent, Swarm Bridge Agent, Swarm Tests Agent, Swarm Infra Agent, Swarm Frontend Agent, Swarm Synthesizer |
 
@@ -134,7 +143,13 @@ Every role has a full contract: mission, use when, do not use when, expected inp
 ## Quick start
 
 ```bash
-npx role-os init
+# Install (puts `roleos` on your PATH):
+npm install -g role-os
+
+# Scaffold the role spine into your repo:
+roleos init
+# (one-off alternative without installing: `npx role-os init`,
+#  then prefix every command below with `npx role-os` instead of `roleos`)
 
 # Describe what you need — Role OS picks the right level:
 roleos run "fix the crash in save handler"
@@ -256,13 +271,21 @@ role-os/
     brainstorm.mjs             ← Evidence modes, request validation, finding/synthesis/judge schemas
     brainstorm-roles.mjs       ← Role-native schemas, input partitioning, blindspot enforcement, cross-exam
     brainstorm-render.mjs      ← Two-layer rendering: lexical bans, render schemas, debate transcript
-  test/                        ← 1150 tests across 37 test files
+  test/                        ← 1435 tests across 65 test files
   starter-pack/                ← Drop-in role contracts, policies, schemas, workflows
 ```
 
 ## Security
 
-Role OS operates **locally only**. It copies markdown templates and writes packet/verdict files to your repository's `.claude/` directory. It does not access the network, handle secrets, or collect telemetry. No dangerous operations — all file writes use skip-if-exists by default. See [SECURITY.md](SECURITY.md) for the full policy.
+By default, Role OS operates on the **local filesystem only**. It copies markdown templates and writes packet/verdict/run files to your repository's `.claude/` directory. Default operation makes no network requests, handles no secrets, and collects no telemetry. No dangerous operations — all file writes use skip-if-exists by default.
+
+Three **opt-in** features touch the network when you explicitly enable them:
+
+- **`roleos verify-citations`** — shells out to the external `prism` CLI, which resolves citation identifiers against public arXiv/Crossref APIs (sends the citation IDs/URLs being verified).
+- **Specialist tier** (`roleos specialist`, registered roles) — POSTs dispatch prompts to the `backend_url` you configure in `.role-os/specialists.json` (typically a local model endpoint).
+- **Budget / conformance consult** (`ROLEOS_BUDGET_CONSULT` / `ROLEOS_CONFORMANCE_CONSULT`) — sends the step/tool-call context to a local model over HTTP for an advisory verdict.
+
+All three are off by default and fail open to local deterministic behavior. See [SECURITY.md](SECURITY.md) for the full policy.
 
 ## The operating system
 

package/README.pt-BR.md

@@ -96,9 +96,15 @@ O Role OS verifica e controla as chamadas de ferramentas no ponto `PreToolUse`
 - **Monitor de conformidade** (aconselhamento, falha aberta) — um esquema determinístico + verificações de contrato computável avaliam uma chamada proposta em relação ao seu contrato de ferramenta catalogado e anexam um parecer consultivo sobre uma chamada *comprovadamente* não conforme; nunca bloqueia. Um limite opcional do LLM (`ROLEOS_CONFORMANCE_CONSULT`) lida com o resíduo genuinamente semântico.
 - **Controle de capacidade** (falha fechada, opcional `ROLEOS_CAPABILITY_GATE`, padrão DESLIGADO) — privilégio mínimo determinístico em ações *irreversíveis* (publicação no npm/PyPI, `gh release`, `git push`, edições do repositório, implantação de Páginas). Uma ação controlada é negada, a menos que o administrador tenha concedido sua capacidade em `.claude/role-os/capabilities.json`, portanto, um passo errado — um erro honesto ou um erro intencional — não pode acionar uma ação irreversível não autorizada. O complemento preventivo da regra de compensação nomeada. Consulte o [manual](https://mcp-tool-shop-org.github.io/role-os/handbook/).
 
+## Dossiê da equipe
+
+Cada função tem um **dossiê** — uma ficha de personagem que também serve como configuração para o tempo de execução. Seis aptidões (Rigor, Ritmo, Alcance, Ceticismo, Autonomia, Franqueza) correspondem a parâmetros reais de distribuição; uma camada de **disposição** com oito arquétipos (Cético, Construtor, Investigador, Rebelde…) contém uma instrução comportamental; e cada função tem um retrato pintado e uma classificação. Veja toda a equipe como uma galeria (`dossier/dossier.html`) — o radar de cada função mostra sua configuração ajustada em relação ao seu ideal canônico.
+
+Quando uma função tem um dossiê, a distribuição injeta uma **Postura Operacional** — a instrução comportamental da disposição mais uma linha de postura das aptidões da função —, para que a ficha configure efetivamente a função. Opcional e aditivo: as funções sem um dossiê se comportam exatamente como antes. Consulte o [manual](https://mcp-tool-shop-org.github.io/role-os/handbook/crew-dossier/).
+
 ## Estado de implantação em toda a organização
 
-O estado de implantação em toda a organização (fila, decisões, registros de auditoria, pacotes de bloqueio por repositório) está armazenado em um repositório privado separado: [`role-os-rollout`](https://github.com/mcp-tool-shop-org/role-os-rollout). Este repositório é o produto; aquele repositório é o estado operacional.
+O estado do lançamento em toda a organização (fila de tarefas, decisões, registos de auditoria, pacotes de bloqueio por repositório) está armazenado num repositório **privado** e interno da organização (`role-os-rollout`). Este repositório é o produto; esse repositório contém o estado operacional.
 
 ## Memória e continuidade
 
@@ -114,18 +120,21 @@ O tratamento completo é um protocolo canônico de 7 fases definido na memória
 
 Ordem: Verificação de lançamento primeiro, depois tratamento completo. Sem v1.0.0 sem a aprovação dos portões rígidos.
 
-## 61 funções em 10 pacotes
+## O catálogo de 61 funções
+
+O catálogo agrupa as suas 61 funções em 11 famílias. (O Dispatch utiliza um conjunto separado de 10 **pacotes de equipa** — funcionalidades, correção de erros, segurança, documentação, lançamento, pesquisa, tratamento, auditoria aprofundada, brainstorming, trabalho colaborativo — que retiram funções destas famílias.)
 
-| Pacote | Funções |
-|------|-------|
-| **Core** (3) | Orquestrador, Estrategista de Produto, Revisor Crítico |
+| Família | Funções |
+|--------|-------|
+| **Core** (2) | Orquestrador, Avaliador Crítico |
+| **Product** (4) | Estrategista de Produto, Sintetizador de Feedback, Priorizador do Roteiro, Redator de Especificações |
 | **Engineering** (7) | Desenvolvedor Frontend, Engenheiro Backend, Engenheiro de Testes, Engenheiro de Refatoração, Engenheiro de Desempenho, Auditor de Dependências, Revisor de Segurança |
 | **Design** (2) | Designer de UI, Guardião da Marca |
 | **Marketing** (1) | Redator de Conteúdo de Lançamento |
 | **Treatment** (7) | Pesquisador de Repositório, Tradutor de Repositório, Arquiteto de Documentação, Curador de Metadados, Auditor de Cobertura, Verificador de Implantação, Engenheiro de Lançamento |
-| **Product** (3) | Sintetizador de Feedback, Priorizador de Roadmap, Redator de Especificações |
 | **Research** (4) | Pesquisador de UX, Analista Competitivo, Pesquisador de Tendências, Sintetizador de Entrevistas com Usuários |
 | **Growth** (4) | Estrategista de Lançamento, Estrategista de Conteúdo, Gerente de Comunidade, Líder de Triagem de Suporte |
+| **Brainstorm** (19) | Explorador de Contexto, Explorador de Valor para o Utilizador, Explorador de Ideias Criativas, Explorador de Mecânicas, Explorador de Mercado, Explorador Contrário, Explorador de Viabilidade, Explorador de Qualidade, Analista de Contexto, Analista de Valor para o Utilizador, Analista de Mecânicas, Analista de Posicionamento, Analista Contrário, Normalizador, Sintetizador, Expansor de Produto, Expansor de Cenários, Expansor de Vantagem Competitiva, Juiz |
 | **Deep Audit** (4) | Auditor de Componentes, Auditor de Verdade de Testes, Auditor de Interface, Sintetizador de Auditoria |
 | **Swarm** (7) | Coordenador de Grupo, Agente Backend do Grupo, Agente de Ponte do Grupo, Agente de Testes do Grupo, Agente de Infraestrutura do Grupo, Agente Frontend do Grupo, Sintetizador do Grupo |
 
@@ -134,7 +143,13 @@ Cada função tem um contrato completo: missão, quando usar, quando não usar,
 ## Guia rápido
 
 ```bash
-npx role-os init
+# Install (puts `roleos` on your PATH):
+npm install -g role-os
+
+# Scaffold the role spine into your repo:
+roleos init
+# (one-off alternative without installing: `npx role-os init`,
+#  then prefix every command below with `npx role-os` instead of `roleos`)
 
 # Describe what you need — Role OS picks the right level:
 roleos run "fix the crash in save handler"
@@ -256,13 +271,21 @@ role-os/
     brainstorm.mjs             ← Evidence modes, request validation, finding/synthesis/judge schemas
     brainstorm-roles.mjs       ← Role-native schemas, input partitioning, blindspot enforcement, cross-exam
     brainstorm-render.mjs      ← Two-layer rendering: lexical bans, render schemas, debate transcript
-  test/                        ← 1150 tests across 37 test files
+  test/                        ← 1435 tests across 65 test files
   starter-pack/                ← Drop-in role contracts, policies, schemas, workflows
 ```
 
 ## Segurança
 
-O Role OS opera **apenas localmente**. Ele copia modelos Markdown e grava arquivos de pacote/veredicto no diretório `.claude/` do seu repositório. Ele não acessa a rede, manipula segredos ou coleta dados de telemetria. Nenhuma operação perigosa — todas as gravações de arquivos usam o recurso "ignorar se já existir" por padrão. Consulte [SECURITY.md](SECURITY.md) para obter a política completa.
+Por padrão, o Role OS opera apenas no **sistema de arquivos local**. Copia modelos Markdown e escreve ficheiros de pacote/verificação/execução para o diretório `.claude/` do seu repositório. A operação padrão não faz pedidos de rede, não lida com segredos e não recolhe dados de telemetria. Não realiza operações perigosas — todas as escritas de ficheiros utilizam a opção "ignorar se existir" por padrão.
+
+Três **funcionalidades opcionais** interagem com a rede quando são ativadas explicitamente:
+
+- **`roleos verify-citations`** — executa o comando externo `prism` na linha de comandos, que resolve os identificadores de citação em relação às APIs públicas do arXiv/Crossref (envia os IDs/URLs das citações a serem verificadas).
+- **Nível Especialista** (`roleos specialist`, funções registadas) — envia pedidos para o `backend_url` que configura em `.role-os/specialists.json` (normalmente, um ponto final de modelo local).
+- **Consulta de orçamento / conformidade** (`ROLEOS_BUDGET_CONSULT` / `ROLEOS_CONFORMANCE_CONSULT`) — envia o contexto da etapa/chamada de ferramenta para um modelo local através de HTTP para obter uma avaliação consultiva.
+
+As três estão desativadas por padrão e, em caso de falha, recorrem ao comportamento determinístico local. Consulte [SECURITY.md](SECURITY.md) para a política completa.
 
 ## O sistema operacional
 

package/README.zh.md

@@ -96,9 +96,15 @@ roleos reopen 0 "found issue in review"
 - **一致性观察器**（建议性，允许失败）——一个确定性的模式 + 可计算的合同下限，检查提出的调用是否符合其编目的工具合同，并附加关于*已证明*不一致调用的建议性结果；它绝不会阻止。可选的 LLM 上限（`ROLEOS_CONFORMANCE_CONSULT`）处理真正具有语义残留的情况。
 - **能力门控**（失败时关闭，可选 `ROLEOS_CAPABILITY_GATE`，默认关闭）——对*不可逆*操作进行确定性的最小权限控制（npm/PyPI 发布、`gh release`、`git push`、仓库编辑、Pages 部署）。除非主管在 `.claude/role-os/capabilities.json` 中授予了该操作的能力，否则会拒绝已门控的操作，因此错误的步骤——无论是诚实的错误还是注入的错误——都无法触发未经授权的不可逆操作。这是命名补偿规则的预防性补充。请参阅[手册](https://mcp-tool-shop-org.github.io/role-os/handbook/)。
 
+## 船员档案
+
+每个角色都有一个**档案**——一份角色信息表，同时也是运行时配置。六种能力（严谨性、速度、范围、怀疑精神、自主性、坦诚度）对应着实际的调度参数；一种包含八种类型的**性格**层（怀疑者、建设者、调查员、特立独行者……），其中包含行为指令；并且每个角色都有一个绘制的肖像和一个等级。将整个船员团队以画廊的形式浏览（`dossier/dossier.html`）——每个角色的雷达图显示其当前的配置与理想状态之间的差异。
+
+当某个角色拥有档案时，调度系统会注入一个**运行姿态**——即该性格的行为指令加上来自该角色能力的一行姿态描述——因此，该信息表实际上用于配置该角色。可以选择启用或添加：没有档案的角色将表现得与之前完全相同。请参阅[手册](https://mcp-tool-shop-org.github.io/role-os/handbook/crew-dossier/)。
+
 ## 组织推广状态
 
-整个组织的推广状态（队列、决策、审核记录、每个仓库的锁定包）都存储在一个单独的私有仓库中：[`role-os-rollout`](https://github.com/mcp-tool-shop-org/role-os-rollout)。这个仓库是产品；那个仓库是运行状态。
+整个组织范围内的部署状态（队列、决策、审计记录、每个仓库的锁定数据包）都存储在一个独立的**私有**组织内部仓库中（`role-os-rollout`）。这个仓库是产品；那个仓库是运行状态。
 
 ## 内存和连续性
 
@@ -114,18 +120,21 @@ roleos reopen 0 "found issue in review"
 
 顺序：首先进行发布检查，然后进行完整的治疗。如果没有通过硬性闸，则不能发布 v1.0.0 版本。
 
-## 10 个包中的 61 个角色
+## 包含 61 个角色的目录
+
+该目录将这 61 个角色分为 11 个类别。（Dispatch 使用一套独立的 10 个“团队包”——功能、bug 修复、安全、文档、发布、研究、处理、深度审计、头脑风暴、协作——这些团队包会从这些类别中选择相应的角色。）
 
-| 包 | 角色 |
-|------|-------|
-| **Core** (3) | 协调员、产品战略家、审核者 |
+| 类别 | 角色 |
+|--------|-------|
+| **Core** (2) | 协调者，批评评审员 |
+| **Product** (4) | 产品策略师，反馈整合者，路线图优先级排序者，规范撰写者 |
 | **Engineering** (7) | 前端开发人员、后端工程师、测试工程师、重构工程师、性能工程师、依赖关系审计员、安全审查员 |
 | **Design** (2) | UI 设计师，品牌守护者 |
 | **Marketing** (1) | 发布文案撰写员 |
 | **Treatment** (7) | 仓库研究员、仓库翻译员、文档架构师、元数据管理员、覆盖审计员、部署验证员、发布工程师 |
-| **Product** (3) | 反馈综合分析员、路线图优先级排序者、规范编写者 |
 | **Research** (4) | 用户体验研究员、竞争对手分析师、趋势研究员、用户访谈结果综合分析员 |
 | **Growth** (4) | 发布策略制定者、内容策略制定者、社区经理、支持问题分流负责人 |
+| **Brainstorm** (19) | 背景调查员、用户价值调查员、创意突破调查员、机制调查员、市场调查员、逆向思维调查员、可行性调查员、质量标准调查员、背景分析师、用户价值分析师、机制分析师、定位分析师、逆向思维分析师、标准化者、整合者、产品拓展者、场景拓展者、护城河拓展者、评估者 |
 | **Deep Audit** (4) | 组件审计员、测试真实性审计员、接口审计员、审计综合分析员 |
 | **Swarm** (7) | 蜂群协调员、蜂群后端代理、蜂群桥接代理、蜂群测试代理、蜂群基础设施代理、蜂群前端代理、蜂群综合分析员 |
 
@@ -134,7 +143,13 @@ roleos reopen 0 "found issue in review"
 ## 快速入门
 
 ```bash
-npx role-os init
+# Install (puts `roleos` on your PATH):
+npm install -g role-os
+
+# Scaffold the role spine into your repo:
+roleos init
+# (one-off alternative without installing: `npx role-os init`,
+#  then prefix every command below with `npx role-os` instead of `roleos`)
 
 # Describe what you need — Role OS picks the right level:
 roleos run "fix the crash in save handler"
@@ -256,13 +271,21 @@ role-os/
     brainstorm.mjs             ← Evidence modes, request validation, finding/synthesis/judge schemas
     brainstorm-roles.mjs       ← Role-native schemas, input partitioning, blindspot enforcement, cross-exam
     brainstorm-render.mjs      ← Two-layer rendering: lexical bans, render schemas, debate transcript
-  test/                        ← 1150 tests across 37 test files
+  test/                        ← 1435 tests across 65 test files
   starter-pack/                ← Drop-in role contracts, policies, schemas, workflows
 ```
 
 ## 安全性
 
-Role OS **仅在本地运行**。它会复制 Markdown 模板并将数据包/结果文件写入到您的仓库的 `.claude/` 目录中。它不会访问网络、处理密钥或收集遥测数据。没有危险的操作——所有文件写入默认使用“如果存在则跳过”的方式。有关完整策略，请参阅 [SECURITY.md](SECURITY.md)。
+默认情况下，Role OS 仅在**本地文件系统上运行**。它会复制 Markdown 模板，并将数据包/结果/运行文件写入到您的仓库的 `.claude/` 目录中。默认操作不会进行任何网络请求，也不会处理任何敏感信息，也不会收集任何遥测数据。不执行任何危险的操作——所有文件写入操作默认使用“如果存在则跳过”的方式。
+
+有三个**可选**功能会在您明确启用时连接到网络：
+
+- **`roleos verify-citations`** — 调用外部 `prism` CLI，该工具会根据公共 arXiv/Crossref API 解析引用标识符（发送正在验证的引用 ID/URL）。
+- **专家级别** (`roleos specialist`，已注册的角色）— 将 Dispatch 提示发布到您在 `.role-os/specialists.json` 中配置的 `backend_url`（通常是本地模型端点）。
+- **预算/合规性咨询** (`ROLEOS_BUDGET_CONSULT` / `ROLEOS_CONFORMANCE_CONSULT`) — 通过 HTTP 将步骤/工具调用上下文发送到本地模型，以获取建议结果。
+
+这三个功能默认情况下都是关闭的，并且会回退到本地确定性行为。有关完整策略，请参阅 [SECURITY.md](SECURITY.md)。
 
 ## 操作系统
 

package/bin/roleos.mjs

@@ -50,6 +50,7 @@ Usage:
   roleos friction [id]               Measure operator friction
   roleos init                        Scaffold Role OS into .claude/
   roleos init --force                Update canonical files (protects context/)
+  roleos init claude [--force]       Scaffold Claude Code session integration (CLAUDE.md, commands, hooks)
   roleos packet new <type>           Create a new packet (feature|integration|identity)
   roleos route <packet-file> [--verbose]  Recommend the smallest valid chain
   roleos review <packet-file> <verdict>  Record a review verdict
@@ -72,8 +73,8 @@ Usage:
   roleos swarm manifest               Show the swarm manifest
   roleos swarm manifest --generate    Auto-detect domains and generate manifest
   roleos swarm status                 Show swarm run progress
-  roleos swarm findings               List findings by severity
-  roleos swarm approve                Approve the current feature gate
+  roleos swarm findings               List findings captured from wave reports
+  roleos swarm approve                Approve the current user gate
   roleos swarm verify                 Verify manifest and run state
   roleos verify-citations <dispatch>  Verify a research dispatch's citations via prism (gate)
   roleos specialist list              List all specialists in the registry (active version + cert)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "role-os",
-  "version": "2.8.0",
+  "version": "2.9.1",
   "description": "Role OS — a multi-Claude operating system where 61 specialized roles execute work through contracts, conflict detection, escalation, and structured evidence. 10 team packs, 9 missions including dogfood swarm (multi-pass convergence), deep audit with manifest-scaled dynamic dispatch, and brainstorm with traceable disagreement.",
   "homepage": "https://mcp-tool-shop-org.github.io/role-os/",
   "bugs": {

package/src/artifacts.mjs

@@ -521,15 +521,22 @@ export const PACK_HANDOFF_CONTRACTS = {
       { role: "Critic Reviewer", produces: "verdict", consumedBy: null },
     ],
   },
+  // v0.4 pipeline — mirrors the brainstorm mission's artifactFlow:
+  // Analysts (parallel) → Normalizer → Contrarian → Normalizer (rebut) →
+  // Synthesizer → Product Expander → Judge.
   brainstorm: {
     flow: [
-      { role: "Context Scout",       produces: "scout-finding",          consumedBy: "Normalizer" },
-      { role: "User Value Scout",    produces: "scout-finding",          consumedBy: "Normalizer" },
-      { role: "Creative Leap Scout", produces: "scout-finding",          consumedBy: "Normalizer" },
-      { role: "Normalizer",          produces: "normalized-finding-set", consumedBy: "Synthesizer" },
-      { role: "Synthesizer",         produces: "synthesis-report",       consumedBy: "Product Expander" },
-      { role: "Product Expander",    produces: "expanded-concept",       consumedBy: "Judge" },
-      { role: "Judge",               produces: "judge-report",           consumedBy: null },
+      { role: "Context Analyst",     produces: "context-map",      consumedBy: "Normalizer" },
+      { role: "User Value Analyst",  produces: "user-value-map",   consumedBy: "Normalizer" },
+      { role: "Mechanics Analyst",   produces: "mechanics-map",    consumedBy: "Normalizer" },
+      { role: "Positioning Analyst", produces: "positioning-map",  consumedBy: "Normalizer" },
+      { role: "Normalizer",          produces: "provenance-atoms", consumedBy: "Contrarian Analyst" },
+      { role: "Contrarian Analyst",  produces: "challenge-set",    consumedBy: "Normalizer" },
+      // Rebut pass: Normalizer routes analyst responses (defend/narrow/retract)
+      { role: "Normalizer",          produces: "rebuttal-set",     consumedBy: "Synthesizer" },
+      { role: "Synthesizer",         produces: "synthesis-report", consumedBy: "Product Expander" },
+      { role: "Product Expander",    produces: "expanded-concept", consumedBy: "Judge" },
+      { role: "Judge",               produces: "judge-report",     consumedBy: null },
     ],
   },
   treatment: {

package/src/audit-cmd.mjs

@@ -11,19 +11,9 @@
  */
 
 import { existsSync, readFileSync, writeFileSync, readdirSync } from "node:fs";
-import { join, resolve } from "node:path";
-import { getMission, suggestMission } from "./mission.mjs";
+import { join } from "node:path";
 import {
-  createRun,
-  startNextStep,
-  getRunPosition,
-  getArtifactChain,
-  generateCompletionReport,
-  formatCompletionReport,
-} from "./mission-run.mjs";
-import {
-  createPersistentRun, findActiveRun, listRuns, loadRun,
-  startNext, explainRun, getPosition, saveRun,
+  createPersistentRun, listRuns, loadRun, getPosition,
 } from "./run.mjs";
 
 // ── Constants ────────────────────────────────────────────────────────────────
@@ -61,7 +51,7 @@ export async function auditCommand(args) {
 
 // ── roleos audit [run] ───────────────────────────────────────────────────────
 
-function cmdRun(extraArgs) {
+async function cmdRun(extraArgs) {
   const cwd = process.cwd();
   const manifestPath = join(cwd, MANIFEST_FILE);
 
@@ -91,20 +81,28 @@ function cmdRun(extraArgs) {
     ? extraArgs.join(" ")
     : `Deep audit of ${manifest.repo || "current repo"}`;
 
-  // Create a persistent run via the deep-audit mission
-  const run = createPersistentRun(taskDesc, cwd, { forceMission: "deep-audit" });
+  // Create a persistent run via the deep-audit mission.
+  // Forwarding the manifest routes step construction through buildDynamicSteps,
+  // so auditor steps scale with components/boundaries instead of the static flow.
+  const run = await createPersistentRun(taskDesc, cwd, {
+    forceMission: "deep-audit",
+    manifest,
+  });
+
+  const componentCount = manifest.components?.length || 0;
+  const boundaryCount = manifest.boundary_clusters?.length ?? manifest.boundaries?.length ?? 0;
 
   console.log(`\nDeep Audit Started`);
   console.log(`──────────────────`);
   console.log(`Run:        ${run.id}`);
   console.log(`Repo:       ${manifest.repo || "unknown"}`);
-  console.log(`Components: ${manifest.components?.length || 0}`);
-  console.log(`Boundaries: ${manifest.boundaries?.length || 0}`);
+  console.log(`Components: ${componentCount}`);
+  console.log(`Boundaries: ${boundaryCount}`);
   console.log(`Steps:      ${run.steps.length}`);
   console.log(`\nThe audit will dispatch:`);
-  console.log(`  - Component Auditor  ×${manifest.components?.length || 0}`);
-  console.log(`  - Test Truth Auditor ×${manifest.components?.length || 0}`);
-  console.log(`  - Seam Auditor       ×${manifest.boundaries?.length || 0}`);
+  console.log(`  - Component Auditor  ×${componentCount}`);
+  console.log(`  - Test Truth Auditor ×${componentCount}`);
+  console.log(`  - Seam Auditor       ×${boundaryCount}`);
   console.log(`  - Audit Synthesizer  ×1`);
   console.log(`  - Critic Reviewer    ×1`);
   console.log(`\nRun 'roleos next' to begin the first step.`);
@@ -228,11 +226,13 @@ function generateManifest(cwd, manifestPath) {
 function cmdStatus() {
   const cwd = process.cwd();
 
-  // Find the most recent deep-audit run
+  // Find the most recent deep-audit run.
+  // missionKey is authoritative; task keywords cover legacy runs created
+  // before missionKey was exposed by listRuns.
   const runs = listRuns(cwd);
   const auditRuns = runs.filter(r =>
-    r.task.toLowerCase().includes("audit") ||
-    r.level === "mission"
+    r.missionKey === "deep-audit" ||
+    r.task.toLowerCase().includes("audit")
   );
 
   if (auditRuns.length === 0) {

package/src/brainstorm-roles.mjs

@@ -308,6 +308,12 @@ export function validateRoleNativeOutput(roleName, output) {
       // Validate item shape for object items
       if (typeof spec.items === "object" && !Array.isArray(spec.items)) {
         for (let i = 0; i < value.length; i++) {
+          // Guard malformed (null / non-object) items — the validator must
+          // report bad LLM output, not crash on it.
+          if (value[i] === null || typeof value[i] !== "object" || Array.isArray(value[i])) {
+            issues.push(`${fieldName}[${i}] must be an object`);
+            continue;
+          }
           for (const [itemField, itemType] of Object.entries(spec.items)) {
             if (value[i][itemField] === undefined) {
               issues.push(`${fieldName}[${i}].${itemField} is required`);

package/src/citation-panel.mjs

@@ -182,7 +182,10 @@ export function runOffloadPanel(supported, options = {}) {
     }
   }
 
-  const checked = perCitation.filter((p) => p.panel_verdict === "supported" || disagreements.some((d) => d.id === p.id)).length;
+  // `checked` = citations the panel actually ADJUDICATED (a real verdict came back). "error" and
+  // "no_evidence" entries were never re-judged — counting them (or join-by-nullable-id tricks)
+  // would overstate the second seat's coverage in the receipt.
+  const checked = perCitation.filter((p) => p.panel_verdict !== "error" && p.panel_verdict !== "no_evidence").length;
   return {
     requested: true,
     reachable,
@@ -217,6 +220,9 @@ function contrastiveDetail(disagreements) {
  *   - gate passing + panel DISAGREES on ≥1 supported citation -> escalate (local_panel_disagreement)
  *   - gate passing + panel UNREACHABLE (and it was requested) -> escalate (local_panel_unreachable)
  *     ("an unreachable gate is a closed gate" — same invariant prism uses)
+ *   - gate passing + panel ERRORED on ≥1 citation it was asked to re-check -> escalate
+ *     (local_panel_incomplete — per-citation errors are per-citation unreachability; a citation
+ *     the second seat never adjudicated cannot be stamped fully verified)
  *   - gate already blocking/advisory                          -> unchanged (panel adds notes only)
  *
  * @param {object} gate    GateResult from gateCitations / runCitationGate
@@ -247,5 +253,24 @@ export function applyLocalPanel(gate, panel) {
       detail: contrastiveDetail(panel.disagreements),
     };
   }
+  // A flaky session that adjudicates 1 of 10 citations must not let the other 9 pass as
+  // "fully verified": every per-citation error closes the gate for the whole accept.
+  // ("no_evidence" entries stay notes — prism surfaced nothing to re-judge, and absence of
+  // evidence is not a contradiction; they are visible in perCitation and excluded from `checked`.)
+  const unadjudicated = (panel.perCitation || []).filter((p) => p.panel_verdict === "error");
+  if (unadjudicated.length > 0) {
+    const names = unadjudicated.slice(0, 5).map((p) => p.identifier || p.id || "(unidentified)").join(", ");
+    return {
+      ...annotated,
+      verdict: "escalate",
+      pass: false,
+      advisory: true,
+      reason: "local_panel_incomplete",
+      detail:
+        `the local panel errored on ${unadjudicated.length} citation(s) it was asked to re-check (${names}) — ` +
+        `these were never adjudicated by the second seat, so the accept cannot stand` +
+        (panel.detail ? `; ${panel.detail}` : ""),
+    };
+  }
   return annotated; // panel agrees (or had nothing to challenge) -> pass stands
 }

package/src/composite.mjs

@@ -124,6 +124,10 @@ export function initExecution(runPlan) {
 export function advance(exec) {
   if (exec.status === "completed" || exec.status === "failed") return null;
 
+  // Preserve the blocked status — blockChild's contract is that the parent
+  // stays blocked until recoverChild; advancing must not mask the block.
+  if (exec.status === "blocked") return null;
+
   if (!exec.startedAt) exec.startedAt = new Date().toISOString();
   exec.status = "running";
 

package/src/dispatch.mjs

@@ -18,6 +18,7 @@ import { join, resolve } from "node:path";
 import { resolveBlocked, resolveRejected } from "./escalation.mjs";
 import { TOOL_PROFILES } from "./tool-profiles.mjs";
 import { renderKnowledgeBlock, knowledgeManifestSummary } from "./knowledge/render-knowledge-block.mjs";
+import { renderDossierBlock } from "./dossier-block.mjs";
 
 // ── Default role config ─────────────────────────────────────────────────────
 
@@ -45,6 +46,7 @@ export const EXEC_STATES = [
 
 function buildRolePrompt(roleName, packetContent, chainContext, packetKnowledge) {
   const knowledgeBlock = renderKnowledgeBlock(packetKnowledge);
+  const dossierBlock = renderDossierBlock(roleName);
 
   return `You are operating as ${roleName} in a Role-OS managed chain.
 
@@ -58,7 +60,7 @@ ${packetContent}
 You are step ${chainContext.stepNumber} of ${chainContext.totalSteps} in this chain.
 ${chainContext.previousRole ? `Previous role: ${chainContext.previousRole} (${chainContext.previousStatus})` : "You are the first role in this chain."}
 ${chainContext.nextRole ? `Next role: ${chainContext.nextRole}` : "You are the last role before Critic review."}
-${knowledgeBlock ? `\n${knowledgeBlock}\n` : ""}
+${knowledgeBlock ? `\n${knowledgeBlock}\n` : ""}${dossierBlock ? `\n${dossierBlock}\n` : ""}
 ## Handoff Requirements
 When you finish, produce a structured handoff:
 1. Summary of what you did

package/src/dossier-block.mjs

@@ -0,0 +1,74 @@
+/**
+ * dossier-block.mjs — opt-in "Operating Posture" prompt block from a role's dossier.
+ *
+ * Mirrors render-knowledge-block.mjs: a pure function returning string | null. When a role
+ * has a dossier (src/role-dossiers.json, compiled by dossier/build-runtime.mjs), it injects
+ * that role's disposition behavioral instruction + a posture line derived from its tuned
+ * six-axis aptitudes. No dossier -> null -> the prompt is byte-identical to before. This is
+ * how a role's character sheet actually configures the role at dispatch time.
+ */
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { readFileSafe } from "./fs-utils.mjs";
+
+const HERE = dirname(fileURLToPath(import.meta.url));
+const AXES = ["rigor", "pace", "range", "skepticism", "autonomy", "candor"];
+
+const HIGH = {
+  rigor: "reads exhaustively and demands quoted evidence",
+  pace: "moves fast with few iterations",
+  range: "explores divergent options",
+  skepticism: "challenges hard and withholds acceptance until proof is shown",
+  autonomy: "runs to completion before escalating",
+  candor: "explains its reasoning and frames choices contrastively",
+};
+const LOW = {
+  rigor: "works at a deliberate skim",
+  pace: "works deliberately, iterating",
+  range: "converges and executes the brief as given",
+  skepticism: "extends good faith and takes the contract at face value",
+  autonomy: "escalates early when uncertain",
+  candor: "stays terse and results-only",
+};
+
+let _dossiers = null;
+function loadDossiers() {
+  if (_dossiers) return _dossiers;
+  const raw = readFileSafe(join(HERE, "role-dossiers.json"));
+  if (!raw) { _dossiers = {}; return _dossiers; }
+  try { _dossiers = JSON.parse(raw); } catch { _dossiers = {}; }
+  return _dossiers;
+}
+
+function toId(roleName) {
+  return String(roleName || "").toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+}
+
+function postureLine(aptitudes) {
+  if (!aptitudes) return "";
+  const parts = [];
+  for (const ax of AXES) {
+    const v = aptitudes[ax];
+    if (v >= 4) parts.push(HIGH[ax]);
+    else if (v <= 1) parts.push(LOW[ax]);
+  }
+  return parts.join("; ");
+}
+
+/**
+ * Render the Operating Posture block for a role, or null if it has no dossier.
+ * @param {string} roleName  display name, e.g. "Backend Engineer"
+ * @returns {string|null}
+ */
+export function renderDossierBlock(roleName) {
+  const d = loadDossiers()[toId(roleName)];
+  if (!d) return null;
+  const dispo = d.disposition || {};
+  const lines = ["## Operating Posture"];
+  if (dispo.active && dispo.prompt_delta) {
+    lines.push(`Disposition — **${dispo.active}**: ${dispo.prompt_delta}`);
+  }
+  const posture = postureLine(d.aptitudes);
+  if (posture) lines.push(`Tuned profile: ${posture}.`);
+  return lines.length > 1 ? lines.join("\n") : null;
+}

package/src/entry.mjs

@@ -274,7 +274,7 @@ function applyLadder(text, missionSug, missionScore, packSug, packScore, agreeme
       confidence: packScore,
     } : null,
     isComposite,
-    warnings: [...warnings, "Free routing selected — task will be scored against all 31 roles"],
+    warnings: [...warnings, `Free routing selected — task will be scored against all ${ROLE_CATALOG.length} roles`],
   };
 }
 
@@ -284,7 +284,7 @@ function buildFreeRoutingHints(text, missionSug, packSug, isComposite, composite
     reason = `Task looks composite (${composite.detectedCategories.map(c => c.category).join(" + ")}). ` +
              `No single mission or pack covers all parts — use free routing with decomposition.`;
   } else if (!missionSug && !packSug) {
-    reason = "No mission or pack matched. Task is novel — free routing will score all 31 roles.";
+    reason = `No mission or pack matched. Task is novel — free routing will score all ${ROLE_CATALOG.length} roles.`;
   } else {
     reason = "Mission and pack matches were too weak to commit. Free routing will let role scoring decide.";
   }