scriveno 2.0.9 → 2.0.11

package/README.md

@@ -2,11 +2,13 @@
 
 [![CI](https://github.com/aihxp/scriveno/actions/workflows/ci.yml/badge.svg)](https://github.com/aihxp/scriveno/actions/workflows/ci.yml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
-[![Version](https://img.shields.io/badge/version-2.0.9-blue)](CHANGELOG.md)
+[![Version](https://img.shields.io/badge/version-2.0.11-blue)](CHANGELOG.md)
 [![npm](https://img.shields.io/npm/v/scriveno.svg)](https://www.npmjs.com/package/scriveno)
 [![Downloads](https://img.shields.io/npm/dm/scriveno.svg)](https://www.npmjs.com/package/scriveno)
 [![Status CLI](https://img.shields.io/badge/status%20CLI-scriveno%20status-blue)](docs/runtime-support.md#shared-auto-invoke-engine)
 [![Route Intelligence](https://img.shields.io/badge/route%20intelligence-agent%20lanes-blue)](docs/auto-invoke-policy.md)
+[![Runtime Smoke](https://img.shields.io/badge/runtime%20smoke-install%20checks-blue)](docs/runtime-support.md#runtime-smoke-and-agent-checks)
+[![Safe Apply](https://img.shields.io/badge/safe%20apply-visible%20gates-blue)](docs/auto-invoke-policy.md#safe-apply-and-audit-commands)
 
 **[scriveno on npm](https://www.npmjs.com/package/scriveno)**
 
@@ -23,6 +25,7 @@ npx scriveno@latest
 
 # Optional project status check
 scriveno status --project .
+scriveno sync --check
 ```
 
 ---
@@ -80,12 +83,19 @@ Scriveno ships a shared read-only status engine for every installer target. The
 ```bash
 scriveno status --project .
 scriveno status . --json
+scriveno status --project . --apply-safe
+scriveno sync --check
+scriveno smoke --json
+scriveno agents --json
+scriveno routes --json
 ```
 
 It inspects disk evidence such as `.manuscript/`, `STATE.md`, `CONTEXT.md`, plan files, drafts, review coverage, notes, revision proposals, translation work, publishing prerequisites, exports, and history, then recommends the safest next command. The engine does not mutate files and does not spawn agents by itself. Command surfaces such as `/scr-next`, `/scr:next`, `/scr:progress`, `/scr:session-report`, and `/scr:sync` call it when local command execution is available, then fall back to embedded markdown logic when a host cannot run Node. See [Auto-Invoke Policy](docs/auto-invoke-policy.md) and [Runtime Support](docs/runtime-support.md#shared-auto-invoke-engine).
 
 The status report separates `Candidate agents`, `Candidate local helpers`, and `Manual gates`. That means Scriveno can say when a route is ready for a drafter, voice-checker, translator, continuity-checker, or review worker, when a deterministic helper such as save or scan is enough, and when writer approval is required for publishing, export overwrites, track merges, or undo.
 
+`--apply-safe` runs only read-only checks and reports write-gated helpers instead of touching manuscript files. `sync --check`, `smoke`, `agents`, and `routes` expose the same cross-runtime audit layer for Claude Code, Codex, Cursor, Gemini CLI, OpenCode, GitHub Copilot, Windsurf, Antigravity, Manus, Perplexity Desktop, and the generic skill fallback.
+
 ---
 
 ## The Voice DNA system
@@ -192,6 +202,7 @@ Scriveno is built on five principles:
 - [Architecture](docs/architecture.md) -- How Scriveno works under the hood
 - [Configuration](docs/configuration.md) -- Package, installer, constraints, and `.manuscript/config.json` surfaces
 - [Auto-Invoke Policy](docs/auto-invoke-policy.md) -- Shared status engine, route intelligence lanes, visible automation status, and agent-spawn boundaries
+- [Route Graph Audit](docs/route-graph.md) -- Generated route graph, automation lanes, and priority fixtures
 - [Development](docs/development.md) -- Contributor workflow for changing commands, templates, installer logic, and docs
 - [Testing](docs/testing.md) -- What the test suite covers and which checks to run before shipping
 - [Release Notes](docs/release-notes.md) -- Public summary of what changed between package releases
@@ -216,7 +227,7 @@ Scriveno currently ships installer targets for these AI tooling environments:
 - **Perplexity Desktop** (guided local-MCP setup)
 - **Generic (SKILL.md)** fallback
 
-**Installer baseline:** `Node.js >=20.0.0` for `npx scriveno@latest`, `bin/install.js`, and `scriveno status --project .`. For new installs, use a currently supported LTS such as Node.js 24; Node.js 20 is now a compatibility floor, not the recommended fresh-install target.
+**Installer baseline:** `Node.js >=20.0.0` for `npx scriveno@latest`, `bin/install.js`, `scriveno status --project .`, and the proactive audit commands. For new installs, use a currently supported LTS such as Node.js 24; Node.js 20 is now a compatibility floor, not the recommended fresh-install target.
 
 **Support note:** Claude Code is the primary reference runtime and now installs a flat `/scr-*` command surface. The environments listed above are installer targets, not a claim that every host runtime has verified parity today. Codex currently installs a skill-native `$scr-*` surface, while Perplexity Desktop is a guided local-MCP target rather than a writable command runtime. See the [runtime compatibility matrix](docs/runtime-support.md) for install type, support level, and verification status.
 
@@ -224,11 +235,11 @@ Scriveno currently ships installer targets for these AI tooling environments:
 
 ## Status
 
-**Version:** 2.0.9
+**Version:** 2.0.11
 
- Scriveno's core command surface is stable across 112 commands, 50 work types, and 11 installer targets. The current repo baseline includes shipped planning milestones through `v2.0 Publishing Cover Packaging`, plus the creative-context, record-store, branching-next, runtime-sync, adaptive concierge, human-first writing-safeguard, authenticity-diagnostic, domain-grilling, installer-marker cleanup, cross-runtime agent metadata, visible automation status, the shared `scriveno status --project .` auto-invoke engine, and route-intelligence lanes through `2.0.9`. See [Shipped Assets](docs/shipped-assets.md) for the canonical asset inventory and [Runtime Support](docs/runtime-support.md) for the runtime compatibility matrix.
+Scriveno's core command surface is stable across 112 commands, 50 work types, and 11 installer targets. The current repo baseline includes shipped planning milestones through `v2.0 Publishing Cover Packaging`, plus the creative-context, record-store, branching-next, runtime-sync, adaptive concierge, human-first writing-safeguard, authenticity-diagnostic, domain-grilling, installer-marker cleanup, cross-runtime agent metadata, visible automation status, the shared `scriveno status --project .` auto-invoke engine, route-intelligence lanes, safe apply reporting, runtime smoke checks, agent availability checks, route graph audits, and the full audit repair pass through `2.0.11`. See [Shipped Assets](docs/shipped-assets.md) for the canonical asset inventory and [Runtime Support](docs/runtime-support.md) for the runtime compatibility matrix.
 
- Version `2.0.9` publishes Scriveno under the package name `scriveno`, so the current install command is `npx scriveno@latest`. The older `scriveno-cli` package name is historical and was unpublished during the rename, so npm cannot attach a deprecation notice to it while it has no active registry record. The older `scriven-cli` package remains on npm only as a deprecated legacy name that points users to `scriveno`. Do not treat either legacy package name as active unless a deliberate compatibility shim is republished. See [CHANGELOG](CHANGELOG.md) for the full list and [docs/release-notes.md](docs/release-notes.md) for the public-facing summary.
+Version `2.0.11` publishes Scriveno under the package name `scriveno`, so the current install command is `npx scriveno@latest`. The older `scriveno-cli` package name is historical and was unpublished during the rename, so npm cannot attach a deprecation notice to it while it has no active registry record. The older `scriven-cli` package remains on npm only as a deprecated legacy name that points users to `scriveno`. Do not treat either legacy package name as active unless a deliberate compatibility shim is republished. See [CHANGELOG](CHANGELOG.md) for the full list and [docs/release-notes.md](docs/release-notes.md) for the public-facing summary.
 
 Package history is tracked in [CHANGELOG.md](CHANGELOG.md), and the public-facing summary for this release is in [docs/release-notes.md](docs/release-notes.md).
 

package/bin/install.js

@@ -823,6 +823,11 @@ function printHelp() {
   scriveno
   scriveno status --project .
   scriveno status . --json
+  scriveno status --project . --apply-safe
+  scriveno sync --check
+  scriveno smoke --json
+  scriveno agents --json
+  scriveno routes --json
   scriveno --runtimes codex,claude-code --global --writer --silent
 
 Options:
@@ -841,8 +846,15 @@ Status options:
   status              Inspect a project and recommend the next command
   --project <path>    Project root to inspect (default: current directory)
   --trigger <name>    Status trigger label (default: scriveno status)
+  --apply-safe        Run read-only checks and report write-gated helpers
   --json              Print machine-readable status JSON
 
+Audit commands:
+  sync --check        Check shared sync, runtime, and agent surfaces
+  smoke               Smoke-test installed runtime surfaces
+  agents              Inspect installed agent prompts and metadata
+  routes              Audit route graph and automation lanes
+
 Runtime keys:
   ${Object.keys(RUNTIMES).join(', ')}
 `);
@@ -861,6 +873,9 @@ function parseArgs(argv) {
     statusProjectRoot: process.cwd(),
     statusTrigger: 'scriveno status',
     statusJson: false,
+    statusApplySafe: false,
+    auditJson: false,
+    syncCheck: false,
   };
 
   if (argv[0] === 'status') {
@@ -873,6 +888,8 @@ function parseArgs(argv) {
         options.showVersion = true;
       } else if (arg === '--json') {
         options.statusJson = true;
+      } else if (arg === '--apply-safe') {
+        options.statusApplySafe = true;
       } else if (arg === '--project') {
         const value = argv[i + 1];
         if (!value) throw new Error('--project requires a value for status');
@@ -896,6 +913,36 @@ function parseArgs(argv) {
     return options;
   }
 
+  if (['sync', 'smoke', 'agents', 'routes'].includes(argv[0])) {
+    options.command = argv[0];
+    for (let i = 1; i < argv.length; i++) {
+      const arg = argv[i];
+      if (arg === '--help' || arg === '-h') {
+        options.showHelp = true;
+      } else if (arg === '--version' || arg === '-v') {
+        options.showVersion = true;
+      } else if (arg === '--json') {
+        options.auditJson = true;
+      } else if (arg === '--check' && argv[0] === 'sync') {
+        options.syncCheck = true;
+      } else if (arg === '--project') {
+        const value = argv[i + 1];
+        if (!value) throw new Error('--project requires a value');
+        options.statusProjectRoot = value;
+        i++;
+      } else if (arg.startsWith('--project=')) {
+        options.statusProjectRoot = arg.slice('--project='.length);
+      } else if (arg.startsWith('-')) {
+        throw new Error(`Unknown ${argv[0]} argument "${arg}"`);
+      } else if (argv[0] === 'sync') {
+        options.statusProjectRoot = arg;
+      } else {
+        throw new Error(`Unknown ${argv[0]} argument "${arg}"`);
+      }
+    }
+    return options;
+  }
+
   function addRuntimeList(value) {
     for (const key of String(value).split(',').map((item) => item.trim()).filter(Boolean)) {
       if (!Object.prototype.hasOwnProperty.call(RUNTIMES, key)) {
@@ -947,14 +994,73 @@ function parseArgs(argv) {
   return options;
 }
 
-function runStatus({ projectRoot, trigger, json }) {
+function runStatus({ projectRoot, trigger, json, applySafe }) {
   const analysis = autoInvokeEngine.analyzeProject(projectRoot);
+  const safeApply = applySafe
+    ? autoInvokeEngine.collectSafeApplyActions(projectRoot, { analysis, trigger })
+    : null;
   if (json) {
-    console.log(JSON.stringify(analysis, null, 2));
+    console.log(JSON.stringify(safeApply ? { analysis, safeApply } : analysis, null, 2));
   } else {
     console.log(autoInvokeEngine.formatReport(analysis, { trigger }));
+    if (safeApply) {
+      console.log('');
+      console.log(autoInvokeEngine.formatSafeApplyReport(safeApply));
+    }
+  }
+  return safeApply ? { analysis, safeApply } : analysis;
+}
+
+function runSyncCheck({ projectRoot, json }) {
+  const analysis = autoInvokeEngine.analyzeProject(projectRoot);
+  const safeApply = autoInvokeEngine.collectSafeApplyActions(projectRoot, { analysis, trigger: 'scriveno sync --check' });
+  const agents = autoInvokeEngine.inspectAgentAvailability();
+  const smoke = autoInvokeEngine.inspectRuntimeSmoke();
+  const result = { analysis, safeApply, agents, smoke };
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log('Sync status:');
+    console.log(`Project: ${analysis.projectRoot}`);
+    console.log(`Recommendation: ${analysis.recommendation.command}`);
+    console.log('');
+    console.log(autoInvokeEngine.formatSafeApplyReport(safeApply));
+    console.log('');
+    console.log(autoInvokeEngine.formatAgentAvailabilityReport(agents));
+    console.log('');
+    console.log(autoInvokeEngine.formatRuntimeSmokeReport(smoke));
+  }
+  return result;
+}
+
+function runRuntimeSmoke({ json }) {
+  const result = autoInvokeEngine.inspectRuntimeSmoke();
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(autoInvokeEngine.formatRuntimeSmokeReport(result));
+  }
+  return result;
+}
+
+function runAgentAvailability({ json }) {
+  const result = autoInvokeEngine.inspectAgentAvailability();
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(autoInvokeEngine.formatAgentAvailabilityReport(result));
   }
-  return analysis;
+  return result;
+}
+
+function runRouteAudit({ json }) {
+  const result = autoInvokeEngine.buildRouteGraph();
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(autoInvokeEngine.formatRouteGraphReport(result));
+  }
+  return result;
 }
 
 function resolveInstallRequest(parsed, detectedRuntimeKeys, { isTTY }) {
@@ -1385,10 +1491,34 @@ async function main() {
       projectRoot: parsed.statusProjectRoot,
       trigger: parsed.statusTrigger,
       json: parsed.statusJson,
+      applySafe: parsed.statusApplySafe,
+    });
+    return;
+  }
+
+  if (parsed.command === 'sync') {
+    runSyncCheck({
+      projectRoot: parsed.statusProjectRoot,
+      json: parsed.auditJson,
     });
     return;
   }
 
+  if (parsed.command === 'smoke') {
+    runRuntimeSmoke({ json: parsed.auditJson });
+    return;
+  }
+
+  if (parsed.command === 'agents') {
+    runAgentAvailability({ json: parsed.auditJson });
+    return;
+  }
+
+  if (parsed.command === 'routes') {
+    runRouteAudit({ json: parsed.auditJson });
+    return;
+  }
+
   const detectedRuntimeKeys = Object.entries(RUNTIMES).filter(([, runtime]) => runtime.detect()).map(([key]) => key);
   const installRequest = resolveInstallRequest(parsed, detectedRuntimeKeys, { isTTY: Boolean(process.stdin.isTTY) });
 
@@ -1774,6 +1904,10 @@ module.exports = {
   parseArgs,
   resolveInstallRequest,
   runStatus,
+  runSyncCheck,
+  runRuntimeSmoke,
+  runAgentAvailability,
+  runRouteAudit,
   collectCommandEntries,
   collectAgentEntries,
   assertNoSkillNameCollisions,

package/commands/scr/new-work.md

@@ -69,7 +69,7 @@ Always create `RECORD.md` from `templates/RECORD.md` without renaming it. It is
 Write `.manuscript/config.json` by starting from `templates/config.json` and filling the project-specific values. The generated config must include the shared settings blocks that later commands read:
 ```json
 {
-  "scriveno_version": "2.0.9",
+  "scriveno_version": "2.0.11",
   "work_type": "<chosen>",
   "group": "<group>",
   "command_unit": "<unit>",

package/commands/scr/sacred-numbering-format.md

@@ -3,14 +3,14 @@ description: "Show verse numbering format for the active sacred tradition."
 argument-hint: "[--example <text>]"
 ---
 
-# /scr:sacred-verse-numbering -- Tradition Verse Numbering Reference
+# /scr:sacred-numbering-format -- Tradition Verse Numbering Reference
 
 Show the verse numbering format for the active sacred tradition. Reads the tradition profile from the project's config and displays the numbering system with example citations.
 
 ## Usage
 
 ```
-/scr:sacred-verse-numbering [--example <text>]
+/scr:sacred-numbering-format [--example <text>]
 ```
 
 If `--example <text>` is provided, format the given text as a citation in the tradition's numbering system.

package/commands/scr/sync.md

@@ -14,13 +14,15 @@ This is not a package upgrade command. Do not fetch a newer Scriveno release, do
 The auto-invoke status engine is a shared runtime asset. It is copied for every install target and can be checked with one of these paths:
 
 ```bash
+scriveno sync --check
 scriveno status --project "$PWD" --trigger /scr:sync
+scriveno status --project "$PWD" --apply-safe --trigger /scr:sync
 node lib/auto-invoke-engine.js --project "$PWD" --trigger /scr:sync
 node "$HOME/.scriveno/lib/auto-invoke-engine.js" --project "$PWD" --trigger /scr:sync
 node .scriveno/lib/auto-invoke-engine.js --project "$PWD" --trigger /scr:sync
 ```
 
-Use it for read-only project status and next-command reasoning. Use `bin/install.js` for runtime file synchronization.
+Use `scriveno sync --check` for the full read-only sync audit: project status, safe apply, agent availability, and runtime smoke. Use `scriveno status --project "$PWD" --apply-safe` when you only need project routing and safe-helper reporting. Use `bin/install.js` for runtime file synchronization.
 
 ## Prerequisites
 
@@ -70,7 +72,7 @@ If you cannot find a Scriveno source root, stop and explain that `/scr:sync` nee
    - Check that installed Codex commands include current response-contract and source-marker behavior after reinstall.
    - Report each runtime as `current`, `stale`, `missing`, or `unknown`.
 5. Decide mode:
-   - `--check`: report only. Do not write files.
+   - `--check`: report only. Run `scriveno sync --check` when available. Do not write files.
    - `--apply`: run the installer.
    - No flag: if stale installed Scriveno-owned files are detected, ask the writer before applying. If everything is current, report that no sync is needed.
 6. When applying, run from the source root:

package/data/CONSTRAINTS.json

@@ -1,6 +1,6 @@
 {
   "$schema": "./constraints.schema.json",
-  "version": "2.0.9",
+  "version": "2.0.11",
   "description": "Scriveno constraint system: work types, command availability, exports, and dependencies. Every command checks this file at runtime.",
   "_notes": {
     "sacred_keys": "Sacred subcommands live at commands/scr/sacred/<name>.md and run as /scr:sacred:<name>. Their CONSTRAINTS keys use the sacred:<name> form so /scr:help can render the runnable slash-command path directly. The sacred-numbering-format entry is a separate flat command (commands/scr/sacred-numbering-format.md) that surfaces the active tradition's numbering format. It used to be named sacred-verse-numbering, which collided with sacred:verse-numbering at install time -- both flattened to scr-sacred-verse-numbering. Renamed in v1.6.x; the installer now refuses to install when two sources share a flat skill name."

package/data/demo/.manuscript/plans/5-the-reunion-PLAN.md

@@ -49,4 +49,4 @@ Close third (Elias), past tense. Intimate distance. The narrator stays inside El
 - Elias's established speech patterns from previous scenes
 
 ---
-*This is a planning document. Draft with /scr:draft-scene 5.*
+*This is a planning document. Draft with /scr:draft 5.*

package/docs/architecture.md

@@ -351,7 +351,7 @@ Codex uses a skill-native variation of this strategy. The installer generates on
 
 ### Shared status engine
 
-Scriveno also ships `lib/auto-invoke-engine.js`, exposed through `scriveno status --project .` and `scriveno status . --json`. The installer copies this library into the shared Scriveno asset directory for global and project installs, so command surfaces can call a single read-only status engine before falling back to embedded markdown logic.
+Scriveno also ships `lib/auto-invoke-engine.js`, exposed through `scriveno status --project .`, `scriveno status . --json`, `scriveno status --project . --apply-safe`, `scriveno sync --check`, `scriveno smoke`, `scriveno agents`, and `scriveno routes`. The installer copies this library into the shared Scriveno asset directory for global and project installs, so command surfaces can call a single status and audit engine before falling back to embedded markdown logic.
 
 The engine checks disk evidence only: project presence, required project files, STATE.md, CONTEXT.md freshness, plan files, draft files, review coverage, unresolved notes, revision-track proposals, translation work, publishing prerequisites, exports, history, and save signals. It recommends the next command, but it does not mutate files and does not spawn agents by itself. That boundary keeps proactive behavior portable across Claude Code, Codex, Cursor, Gemini CLI, OpenCode, GitHub Copilot, Windsurf, Antigravity, Manus, Perplexity Desktop, and the generic fallback.
 
@@ -365,6 +365,14 @@ Every command registry category has an automation lane through `getCommandAutoma
 
 This turns disconnected side features into visible routes. A plan without a draft recommends `/scr:draft` and lists the drafter route as a candidate agent path. Drafts without reviews recommend `/scr:editor-review` before export. Notes route to `/scr:check-notes`. Revision proposals route to `/scr:editor-review --proposal` or `/scr:track`. Publishing gaps route to `/scr:front-matter`, `/scr:back-matter`, `/scr:blurb`, `/scr:cover-art`, or `/scr:publish` depending on disk evidence.
 
+The same engine now exposes:
+
+- **Safe apply reporting**: `status --apply-safe` runs read-only checks, identifies safe helpers, lists agent candidates, and marks write-gated actions as skipped.
+- **Sync check**: `sync --check` combines project status, safe apply, agent availability, and runtime smoke into one transcript.
+- **Agent availability**: `agents` verifies prompt fallback readiness for non-Codex runtimes and metadata readiness for Codex.
+- **Runtime smoke**: `smoke` checks installed command, skill, guide, agent, metadata, and shared-engine surfaces.
+- **Route graph audit**: `routes` derives a command graph from constraints, command intents, dependencies, and automation lanes.
+
 ### Installation modes
 
 The installer supports two scopes:
@@ -376,7 +384,7 @@ The user chooses during installation. Guided local-MCP targets still write their
 
 ### Runtime credibility
 
-Scriveno's installer compatibility floor is `Node.js >=20.0.0`. For new installs, prefer a currently supported LTS such as Node.js 24. The compatibility floor applies to `npx scriveno@latest`, `bin/install.js`, `scriveno status --project .`, the shared status engine, and the repo's JavaScript test suite, not to the markdown command system once files are installed.
+Scriveno's installer compatibility floor is `Node.js >=20.0.0`. For new installs, prefer a currently supported LTS such as Node.js 24. The compatibility floor applies to `npx scriveno@latest`, `bin/install.js`, `scriveno status --project .`, the proactive audit commands, the shared status engine, and the repo's JavaScript test suite, not to the markdown command system once files are installed.
 
 This architecture doc is intentionally about mechanics: detection rules, install path shapes, `commands` versus `skills` versus `guided-mcp`, and global versus project scope. For the authoritative runtime matrix, support levels, and verification status, see [`docs/runtime-support.md`](runtime-support.md).
 

package/docs/auto-invoke-policy.md

@@ -8,6 +8,22 @@ The engine reports candidates instead of silently acting. It can identify planne
 
 The same file exports `getCommandAutomationPolicy()`, which classifies every command registry route into an automation lane. Tests assert that every command category is covered, so newly added routes cannot sit outside the proactive policy by accident.
 
+## Safe Apply and Audit Commands
+
+Scriveno now exposes the proactive layer as executable checks instead of documentation-only guidance:
+
+```bash
+scriveno status --project . --apply-safe
+scriveno sync --check
+scriveno smoke --json
+scriveno agents --json
+scriveno routes --json
+```
+
+`--apply-safe` runs the read-only status sweep, reports safe local helpers that are ready, lists agent candidates, and marks writer-owned or write-gated helpers as skipped instead of mutating files. It is intentionally conservative: `/scr:save`, `/scr:scan`, `/scr:sync --apply`, publish packaging, export overwrites, track merges, and undo remain explicit actions.
+
+`sync --check` combines four reports: project status, safe apply, agent availability, and runtime smoke. `smoke` checks installed commands, skills, prompts, Codex metadata, and the shared engine path. `agents` checks prompt fallback readiness and Codex metadata readiness. `routes` builds a route graph from `data/CONSTRAINTS.json` and the automation policy so disconnected command flows are visible in one audit.
+
 ## Cross-Platform Agent Rules
 
 Scriveno agent prompts live in `agents/*.md`. Each host runtime exposes them differently:

package/docs/command-reference.md

@@ -4,6 +4,8 @@ Scriveno has **112 commands** organized into **14 categories**. Commands adapt a
 
 Commands marked with **adaptive terminology** change how Scriveno talks about your work type's `command_unit` in `.manuscript/config.json`, while keeping the runnable command id stable. Commands marked with **group adaptation** have different labels for specific work type groups (academic, sacred, etc.).
 
+This page covers writer-facing `/scr:*` commands. Package-level audit commands live in the `scriveno` CLI: `scriveno status --project . --apply-safe`, `scriveno sync --check`, `scriveno smoke`, `scriveno agents`, and `scriveno routes`. See [Auto-Invoke Policy](auto-invoke-policy.md), [Runtime Support](runtime-support.md), and [Route Graph Audit](route-graph.md) for those surfaces.
+
 ## Table of Contents
 
 1. [Core](#core) -- The main workflow: create, discuss, plan, draft, review, submit

package/docs/configuration.md

@@ -57,7 +57,7 @@ When a writer runs `/scr:new-work`, Scriveno creates `.manuscript/config.json`.
 
 ```json
 {
-  "scriveno_version": "2.0.9",
+  "scriveno_version": "2.0.11",
   "work_type": "<chosen>",
   "group": "<group>",
   "command_unit": "<unit>",
@@ -217,6 +217,15 @@ And for release-facing changes, also run:
 npm run release:check
 ```
 
+When configuration changes touch runtime paths, route logic, agent prompts, sync behavior, or installed audit surfaces, also run:
+
+```bash
+scriveno sync --check
+scriveno smoke --json
+scriveno agents --json
+scriveno routes --json
+```
+
 ## Related docs
 
 - [Getting Started](getting-started.md)

package/docs/contributing.md

@@ -381,6 +381,9 @@ When a package release changes the public story, update the release docs alongsi
 - `README.md` -- current version/status blurb when the release changes the headline positioning
 - `docs/shipped-assets.md` -- canonical inventory when bundled docs, templates, proof assets, or trust-critical files change
 - `docs/command-reference.md` -- command contract reference when command behavior or flags change
+- `docs/auto-invoke-policy.md` -- proactive routing, safe apply, local-helper, and agent-spawn policy
+- `docs/runtime-support.md` -- runtime matrix, install-surface checks, and agent availability claims
+- `docs/route-graph.md` -- route graph, automation lanes, and priority fixtures when route logic changes
 - `templates/*/README.md` and `data/proof/*/README.md` -- shipped profile and proof documentation when those assets change
 - `.planning/` milestone summary files -- only when the release closes out milestone work or changes the archive story
 
@@ -391,7 +394,8 @@ When a package release changes the public story, update the release docs alongsi
 3. Update `docs/release-notes.md` with a concise explanation of what changed, why, and how it was verified
 4. Run `npm test`
 5. Run `npm run release:check`
-6. Publish only after the docs and package metadata tell the same story
+6. For runtime, installer, agent, sync, or route-intelligence changes, run `scriveno sync --check`, `scriveno smoke --json`, `scriveno agents --json`, and `scriveno routes --json`
+7. Publish only after the docs and package metadata tell the same story
 
 ## Code Style
 

package/docs/development.md

@@ -120,6 +120,21 @@ node bin/install.js --runtime codex --global --developer --silent
 
 The writer-facing form of this maintenance operation is `/scr:sync`.
 
+For a full cross-runtime refresh from this checkout, use:
+
+```bash
+node bin/install.js --runtimes claude-code,cursor,gemini-cli,codex,opencode,copilot,windsurf,antigravity,manus,perplexity-desktop,generic --global --developer --silent
+```
+
+After installation, the shared audit commands should pass:
+
+```bash
+scriveno sync --check
+scriveno smoke --json
+scriveno agents --json
+scriveno routes --json
+```
+
 ## Docs and release workflow
 
 Docs are part of the shipped product. If you change visible behavior, update every affected documentation surface in the same pass: root docs, files under `docs/`, proof READMEs, template READMEs, and command markdown that exposes user-facing contracts.
@@ -131,6 +146,9 @@ For release-oriented documentation surfaces, the main files are:
 - `docs/release-notes.md`
 - `docs/shipped-assets.md`
 - `docs/command-reference.md`
+- `docs/auto-invoke-policy.md`
+- `docs/runtime-support.md`
+- `docs/route-graph.md`
 - `templates/*/README.md` when shipped profiles or templates change
 - `.planning/` milestone summaries when you are still using the GSD planning layer
 
@@ -141,7 +159,8 @@ A good pre-ship pass for Scriveno changes is:
 1. run the targeted tests for the touched surface
 2. run `npm test`
 3. run `npm run release:check` for package-facing changes
-4. review trust-sensitive docs for runtime, asset, and support claims
+4. run the proactive audit commands when routing, runtime, installer, or agent surfaces changed
+5. review trust-sensitive docs for runtime, asset, and support claims
 
 ## Related docs
 
@@ -149,4 +168,7 @@ A good pre-ship pass for Scriveno changes is:
 - [Configuration](configuration.md)
 - [Testing](testing.md)
 - [Contributing](contributing.md)
+- [Auto-Invoke Policy](auto-invoke-policy.md)
+- [Runtime Support](runtime-support.md)
+- [Route Graph Audit](route-graph.md)
 - [Release Notes](release-notes.md)

package/docs/getting-started.md

@@ -29,10 +29,14 @@ You can also ask Scriveno for a read-only project status from any terminal:
 ```
 scriveno status --project .
 scriveno status . --json
+scriveno status --project . --apply-safe
+scriveno sync --check
 ```
 
 That status command is the same shared auto-invoke engine used by `/scr-next`, `/scr:next`, `/scr:progress`, `/scr:session-report`, and `/scr:sync` when local command execution is available. It recommends the next safest command, but does not mutate files or spawn agents by itself. Current status output separates candidate agents, candidate local helpers, and manual gates so you can tell whether Scriveno is pointing at a specialist route, a deterministic file helper, or a writer-owned decision.
 
+Use `--apply-safe` when you want Scriveno to run the read-only checks and show which helpers are safe, skipped, or agent-ready. Use `sync --check` when you want the installed runtime surfaces checked too.
+
 ## Step 2: Explore the Demo (Optional)
 
 Not sure what Scriveno does? Try the demo before starting your own project:
@@ -206,5 +210,6 @@ If you want the trust surfaces around installation and shipping details, continu
 
 - [Runtime Support](runtime-support.md) -- installer targets, support levels, and verification status
 - [Auto-Invoke Policy](auto-invoke-policy.md) -- status engine, visible automation, and agent-spawn boundaries
+- [Route Graph Audit](route-graph.md) -- generated route graph, automation lanes, and priority fixtures
 - [Shipped Assets](shipped-assets.md) -- what the npm package actually includes on the trust-critical surface
 - [Release Notes](release-notes.md) -- what changed in the latest package release

package/docs/proof-artifacts.md

@@ -53,4 +53,6 @@ Read the bundle in order if you want to inspect sentence rhythm, metaphor select
 
 - [Shipped Assets](shipped-assets.md) -- canonical inventory of the trust-critical files Scriveno actually bundles
 - [Runtime Support](runtime-support.md) -- canonical runtime matrix and installer-baseline framing
+- [Auto-Invoke Policy](auto-invoke-policy.md) -- proactive status, safe apply, local-helper, and agent-spawn boundaries
+- [Route Graph Audit](route-graph.md) -- generated route graph, automation lanes, and priority fixtures
 - [Release Notes](release-notes.md) -- summary of what changed in the latest package release

package/docs/release-notes.md

@@ -2,6 +2,78 @@
 
 This document is the public-facing summary of what changed between package releases. For package history, see the root [CHANGELOG](../CHANGELOG.md).
 
+## 2.0.11 - 2026-05-16
+
+### What changed
+
+- Scriveno received a full repo audit across 500 tracked files and the latest 242-file package surface.
+- The sacred numbering command now consistently advertises `/scr:sacred-numbering-format` instead of the stale `/scr:sacred-verse-numbering` name.
+- Sacred doctrine and lineage templates now point to `/scr:sacred:doctrinal-check`, matching the shipped command surface.
+- The demo manuscript plan now tells users to run `/scr:draft 5` instead of the removed `/scr:draft-scene 5` command.
+- Archived planning summaries no longer use decorative test-output markers that violate the repository writing policy.
+- README badges, Route Graph, Configuration, changelog, package metadata, constraints metadata, generated config metadata, and release tests are aligned on `2.0.11`.
+
+### Why it matters
+
+This release tightens the shipped surface after the automation releases. Writers should see current command names in docs, templates, demo files, and installed runtime copies. Developers now have a cleaner package baseline before the next milestone begins.
+
+### Affected areas
+
+- command documentation
+- sacred project templates
+- demo manuscript assets
+- release metadata
+- planning state
+- README badge and status copy
+- cross-runtime installed surfaces
+- regression tests for release metadata and sacred command naming
+
+### Verification
+
+- `npm run release:check`
+- `node bin/install.js routes --json`
+- `node bin/install.js agents --json`
+- `node bin/install.js sync --check --json`
+- `node bin/install.js smoke --json`
+- `npm audit --omit=dev --json`
+- `npm pack --dry-run`
+- `git diff --check`
+- repository policy scan for em dashes, en dashes, and decorative emoji-style markers
+
+## 2.0.10 - 2026-05-16
+
+### What changed
+
+- `scriveno status --project . --apply-safe` now runs the read-only proactive checks and reports safe helpers, agent candidates, and write-gated actions.
+- `scriveno sync --check` now produces a read-only sync transcript with project status, safe apply, agent availability, and runtime smoke.
+- `scriveno smoke`, `scriveno agents`, and `scriveno routes` expose installed-surface checks, agent prompt and metadata checks, and generated route graph audits.
+- Runtime checks cover Claude Code, Codex, Cursor, Gemini CLI, OpenCode, GitHub Copilot, Windsurf, Antigravity, Manus, Perplexity Desktop, and the generic skill fallback through the shared engine.
+- README badges, Runtime Support, Auto-Invoke Policy, Architecture, Getting Started, Testing, sync command docs, Route Graph Audit, changelog, and package metadata are aligned on `2.0.10`.
+
+### Why it matters
+
+The previous releases made proactive routing visible. This release makes the support tooling executable. Users can now ask Scriveno what is safe to run, whether installed agent surfaces are present, whether Codex metadata is ready, and how every route fits into the automation graph without relying on a hidden host-specific behavior.
+
+### Affected areas
+
+- shared auto-invoke engine
+- public CLI audit commands
+- runtime smoke and agent availability checks
+- route graph audit docs
+- README badges and launch copy
+- architecture, runtime support, auto-invoke policy, getting started, testing, and sync command docs
+- package metadata and generated project examples
+- regression tests for safe apply, runtime smoke, agent availability, and route graph coverage
+
+### Verification
+
+- `node --test test/auto-invoke-engine.test.js`
+- `node --test test/installer.test.js`
+- `npm test`
+- `npm run release:check`
+- `npm pack --json`
+- `git diff --check`
+
 ## 2.0.9 - 2026-05-16
 
 ### What changed