shipwright-cli 1.10.0 → 2.1.0

package/scripts/sw-pipeline.sh

@@ -6,7 +6,12 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="1.10.0"
+# Allow spawning Claude CLI from within a Claude Code session (daemon, fleet, etc.)
+unset CLAUDECODE 2>/dev/null || true
+# Ignore SIGHUP so tmux attach/detach doesn't kill long-running plan/design/review stages
+trap '' HUP
+
+VERSION="2.1.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -197,6 +202,7 @@ PIPELINE_CONFIG=""
 TEST_CMD=""
 MODEL=""
 AGENTS=""
+PIPELINE_AGENT_ID="${PIPELINE_AGENT_ID:-pipeline-$$}"
 SKIP_GATES=false
 GIT_BRANCH=""
 GITHUB_ISSUE=""
@@ -218,6 +224,7 @@ AUTO_WORKTREE=false
 WORKTREE_NAME=""
 CLEANUP_WORKTREE=false
 ORIGINAL_REPO_DIR=""
+REPO_OVERRIDE=""
 _cleanup_done=""
 
 # GitHub metadata (populated during intake)
@@ -259,6 +266,8 @@ show_help() {
     echo -e "${BOLD}START OPTIONS${RESET}"
     echo -e "  ${DIM}--goal \"description\"${RESET}     What to build (required unless --issue)"
     echo -e "  ${DIM}--issue <number>${RESET}          Fetch goal from GitHub issue"
+    echo -e "  ${DIM}--repo <path>${RESET}             Change to directory before running (must be a git repo)"
+    echo -e "  ${DIM}--local${RESET}                   Alias for --no-github --no-github-label (local-only mode)"
     echo -e "  ${DIM}--pipeline <name>${RESET}         Pipeline template (default: standard)"
     echo -e "  ${DIM}--test-cmd \"command\"${RESET}     Override test command (auto-detected if omitted)"
     echo -e "  ${DIM}--model <model>${RESET}           Override AI model (opus, sonnet, haiku)"
@@ -341,6 +350,8 @@ parse_args() {
         case "$1" in
             --goal)        GOAL="$2"; shift 2 ;;
             --issue)       ISSUE_NUMBER="$2"; shift 2 ;;
+            --repo)        REPO_OVERRIDE="$2"; shift 2 ;;
+            --local)       NO_GITHUB=true; NO_GITHUB_LABEL=true; shift ;;
             --pipeline|--template) PIPELINE_NAME="$2"; shift 2 ;;
             --test-cmd)    TEST_CMD="$2"; shift 2 ;;
             --model)       MODEL="$2"; shift 2 ;;
@@ -391,6 +402,7 @@ setup_dirs() {
     ARTIFACTS_DIR="$STATE_DIR/pipeline-artifacts"
     TASKS_FILE="$STATE_DIR/pipeline-tasks.md"
     mkdir -p "$STATE_DIR" "$ARTIFACTS_DIR"
+    export SHIPWRIGHT_PIPELINE_ID="pipeline-$$-${ISSUE_NUMBER:-0}"
 }
 
 # ─── Pipeline Config Loading ───────────────────────────────────────────────
@@ -1150,6 +1162,21 @@ get_stage_timing() {
     fi
 }
 
+# Raw seconds for a stage (for memory baseline updates)
+get_stage_timing_seconds() {
+    local stage_id="$1"
+    local start_e end_e
+    start_e=$(echo "$STAGE_TIMINGS" | grep "^${stage_id}_start:" | cut -d: -f2 | tail -1 || true)
+    end_e=$(echo "$STAGE_TIMINGS" | grep "^${stage_id}_end:" | cut -d: -f2 | tail -1 || true)
+    if [[ -n "$start_e" && -n "$end_e" ]]; then
+        echo $(( end_e - start_e ))
+    elif [[ -n "$start_e" ]]; then
+        echo $(( $(now_epoch) - start_e ))
+    else
+        echo "0"
+    fi
+}
+
 get_stage_description() {
     local stage_id="$1"
 
@@ -1245,6 +1272,22 @@ mark_stage_complete() {
     log_stage "$stage_id" "complete (${timing})"
     write_state
 
+    record_stage_effectiveness "$stage_id" "complete"
+    # Update memory baselines and predictive baselines for stage durations
+    if [[ "$stage_id" == "test" || "$stage_id" == "build" ]]; then
+        local secs
+        secs=$(get_stage_timing_seconds "$stage_id")
+        if [[ -n "$secs" && "$secs" != "0" ]]; then
+            [[ -x "$SCRIPT_DIR/sw-memory.sh" ]] && bash "$SCRIPT_DIR/sw-memory.sh" metric "${stage_id}_duration_s" "$secs" 2>/dev/null || true
+            if [[ -x "$SCRIPT_DIR/sw-predictive.sh" ]]; then
+                local anomaly_sev
+                anomaly_sev=$(bash "$SCRIPT_DIR/sw-predictive.sh" anomaly "$stage_id" "duration_s" "$secs" 2>/dev/null || echo "normal")
+                [[ "$anomaly_sev" == "critical" || "$anomaly_sev" == "warning" ]] && emit_event "pipeline.anomaly" "stage=$stage_id" "metric=duration_s" "value=$secs" "severity=$anomaly_sev" 2>/dev/null || true
+                bash "$SCRIPT_DIR/sw-predictive.sh" baseline "$stage_id" "duration_s" "$secs" 2>/dev/null || true
+            fi
+        fi
+    fi
+
     # Update GitHub progress comment
     if [[ -n "$ISSUE_NUMBER" ]]; then
         local body
@@ -1265,11 +1308,116 @@ mark_stage_complete() {
     if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_checks_stage_update &>/dev/null 2>&1; then
         gh_checks_stage_update "$stage_id" "completed" "success" "Stage $stage_id: ${timing}" 2>/dev/null || true
     fi
+
+    # Persist artifacts to feature branch after expensive stages
+    case "$stage_id" in
+        plan)   persist_artifacts "plan" "plan.md" "dod.md" "context-bundle.md" ;;
+        design) persist_artifacts "design" "design.md" ;;
+    esac
+}
+
+persist_artifacts() {
+    # Commit and push pipeline artifacts to the feature branch mid-pipeline.
+    # Only runs in CI — local runs skip. Non-fatal: logs failure but never crashes.
+    [[ "${CI_MODE:-false}" != "true" ]] && return 0
+    [[ -z "${ISSUE_NUMBER:-}" ]] && return 0
+    [[ -z "${ARTIFACTS_DIR:-}" ]] && return 0
+
+    local stage="${1:-unknown}"
+    shift
+    local files=("$@")
+
+    # Collect files that actually exist
+    local to_add=()
+    for f in "${files[@]}"; do
+        local path="${ARTIFACTS_DIR}/${f}"
+        if [[ -f "$path" && -s "$path" ]]; then
+            to_add+=("$path")
+        fi
+    done
+
+    if [[ ${#to_add[@]} -eq 0 ]]; then
+        warn "persist_artifacts($stage): no artifact files found — skipping"
+        return 0
+    fi
+
+    info "Persisting ${#to_add[@]} artifact(s) after stage ${stage}..."
+
+    (
+        git add "${to_add[@]}" 2>/dev/null || true
+        if ! git diff --cached --quiet 2>/dev/null; then
+            git commit -m "chore: persist ${stage} artifacts for #${ISSUE_NUMBER} [skip ci]" --no-verify 2>/dev/null || true
+            local branch="shipwright/issue-${ISSUE_NUMBER}"
+            git push origin "HEAD:refs/heads/$branch" --force 2>/dev/null || true
+            emit_event "artifacts.persisted" "issue=${ISSUE_NUMBER}" "stage=$stage" "file_count=${#to_add[@]}"
+        fi
+    ) 2>/dev/null || {
+        warn "persist_artifacts($stage): push failed — non-fatal, continuing"
+        emit_event "artifacts.persist_failed" "issue=${ISSUE_NUMBER}" "stage=$stage"
+    }
+
+    return 0
+}
+
+verify_stage_artifacts() {
+    # Check that required artifacts exist and are non-empty for a given stage.
+    # Returns 0 if all artifacts are present, 1 if any are missing.
+    local stage_id="$1"
+    [[ -z "${ARTIFACTS_DIR:-}" ]] && return 0
+
+    local required=()
+    case "$stage_id" in
+        plan)   required=("plan.md") ;;
+        design) required=("design.md" "plan.md") ;;
+        *)      return 0 ;;  # No artifact check needed
+    esac
+
+    local missing=0
+    for f in "${required[@]}"; do
+        local path="${ARTIFACTS_DIR}/${f}"
+        if [[ ! -f "$path" || ! -s "$path" ]]; then
+            warn "verify_stage_artifacts($stage_id): missing or empty: $f"
+            missing=1
+        fi
+    done
+
+    return "$missing"
+}
+
+# Self-aware pipeline: record stage effectiveness for meta-cognition
+STAGE_EFFECTIVENESS_FILE="${HOME}/.shipwright/stage-effectiveness.jsonl"
+record_stage_effectiveness() {
+    local stage_id="$1" outcome="${2:-failed}"
+    mkdir -p "${HOME}/.shipwright"
+    echo "{\"stage\":\"$stage_id\",\"outcome\":\"$outcome\",\"ts\":\"$(now_iso)\"}" >> "${STAGE_EFFECTIVENESS_FILE}"
+    # Keep last 100 entries
+    tail -100 "${STAGE_EFFECTIVENESS_FILE}" > "${STAGE_EFFECTIVENESS_FILE}.tmp" 2>/dev/null && mv "${STAGE_EFFECTIVENESS_FILE}.tmp" "${STAGE_EFFECTIVENESS_FILE}" 2>/dev/null || true
+}
+get_stage_self_awareness_hint() {
+    local stage_id="$1"
+    [[ ! -f "$STAGE_EFFECTIVENESS_FILE" ]] && return 0
+    local recent
+    recent=$(grep "\"stage\":\"$stage_id\"" "$STAGE_EFFECTIVENESS_FILE" 2>/dev/null | tail -10 || true)
+    [[ -z "$recent" ]] && return 0
+    local failures=0 total=0
+    while IFS= read -r line; do
+        [[ -z "$line" ]] && continue
+        total=$((total + 1))
+        echo "$line" | grep -q '"outcome":"failed"' && failures=$((failures + 1)) || true
+    done <<< "$recent"
+    if [[ "$total" -ge 3 ]] && [[ $((failures * 100 / total)) -ge 50 ]]; then
+        case "$stage_id" in
+            plan)  echo "Recent plan stage failures: consider adding more context or breaking the goal into smaller steps." ;;
+            build) echo "Recent build stage failures: consider adding test expectations or simplifying the change." ;;
+            *)     echo "Recent $stage_id failures: review past logs and adjust approach." ;;
+        esac
+    fi
 }
 
 mark_stage_failed() {
     local stage_id="$1"
     record_stage_end "$stage_id"
+    record_stage_effectiveness "$stage_id" "failed"
     set_stage_status "$stage_id" "failed"
     local timing
     timing=$(get_stage_timing "$stage_id")
@@ -1649,6 +1797,12 @@ stage_plan() {
 
     info "Generating implementation plan..."
 
+    # ── Gather context bundle (if context engine available) ──
+    local context_script="${SCRIPT_DIR}/sw-context.sh"
+    if [[ -x "$context_script" ]]; then
+        "$context_script" gather --goal "$GOAL" --stage plan 2>/dev/null || true
+    fi
+
     # Build rich prompt with all available context
     local plan_prompt="You are an autonomous development agent. Analyze this codebase and create a detailed implementation plan.
 
@@ -1664,6 +1818,19 @@ ${ISSUE_BODY}
 "
     fi
 
+    # Inject context bundle from context engine (if available)
+    local _context_bundle="${ARTIFACTS_DIR}/context-bundle.md"
+    if [[ -f "$_context_bundle" ]]; then
+        local _cb_content
+        _cb_content=$(cat "$_context_bundle" 2>/dev/null | head -100 || true)
+        if [[ -n "$_cb_content" ]]; then
+            plan_prompt="${plan_prompt}
+## Pipeline Context
+${_cb_content}
+"
+        fi
+    fi
+
     # Inject intelligence memory context for similar past plans
     if type intelligence_search_memory &>/dev/null 2>&1; then
         local plan_memory
@@ -1681,6 +1848,28 @@ ${memory_summary}
         fi
     fi
 
+    # Self-aware pipeline: inject hint when plan stage has been failing recently
+    local plan_hint
+    plan_hint=$(get_stage_self_awareness_hint "plan" 2>/dev/null || true)
+    if [[ -n "$plan_hint" ]]; then
+        plan_prompt="${plan_prompt}
+## Self-Assessment (recent plan stage performance)
+${plan_hint}
+"
+    fi
+
+    # Inject cross-pipeline discoveries (from other concurrent/similar pipelines)
+    if [[ -x "$SCRIPT_DIR/sw-discovery.sh" ]]; then
+        local plan_discoveries
+        plan_discoveries=$("$SCRIPT_DIR/sw-discovery.sh" inject "*.md,*.json" 2>/dev/null | head -20 || true)
+        if [[ -n "$plan_discoveries" ]]; then
+            plan_prompt="${plan_prompt}
+## Discoveries from Other Pipelines
+${plan_discoveries}
+"
+        fi
+    fi
+
     # Inject architecture patterns from intelligence layer
     local repo_hash_plan
     repo_hash_plan=$(echo -n "$PROJECT_ROOT" | shasum -a 256 2>/dev/null | cut -c1-12 || echo "unknown")
@@ -1766,12 +1955,24 @@ Checklist of completion criteria.
     parse_claude_tokens "$_token_log"
 
     if [[ ! -s "$plan_file" ]]; then
-        error "Plan generation failed"
+        error "Plan generation failed — empty output"
+        return 1
+    fi
+
+    # Validate plan content — detect API/CLI errors masquerading as plans
+    local _plan_fatal="Invalid API key|invalid_api_key|authentication_error|API key expired"
+    _plan_fatal="${_plan_fatal}|rate_limit_error|overloaded_error|Could not resolve host|ANTHROPIC_API_KEY"
+    if grep -qiE "$_plan_fatal" "$plan_file" 2>/dev/null; then
+        error "Plan stage produced API/CLI error instead of a plan: $(head -1 "$plan_file" | cut -c1-100)"
         return 1
     fi
 
     local line_count
     line_count=$(wc -l < "$plan_file" | xargs)
+    if [[ "$line_count" -lt 3 ]]; then
+        error "Plan too short (${line_count} lines) — likely an error, not a real plan"
+        return 1
+    fi
     info "Plan saved: ${DIM}$plan_file${RESET} (${line_count} lines)"
 
     # Extract task checklist for GitHub issue and task tracking
@@ -2041,6 +2242,12 @@ stage_design() {
         memory_context=$(bash "$SCRIPT_DIR/sw-memory.sh" inject "design" 2>/dev/null) || true
     fi
 
+    # Inject cross-pipeline discoveries for design stage
+    local design_discoveries=""
+    if [[ -x "$SCRIPT_DIR/sw-discovery.sh" ]]; then
+        design_discoveries=$("$SCRIPT_DIR/sw-discovery.sh" inject "*.md,*.ts,*.tsx,*.js" 2>/dev/null | head -20 || true)
+    fi
+
     # Inject architecture model patterns if available
     local arch_context=""
     local repo_hash
@@ -2100,7 +2307,10 @@ ${memory_context}
 }${arch_context:+
 ## Architecture Model (from previous designs)
 ${arch_context}
-}${design_antipatterns}
+}${design_antipatterns}${design_discoveries:+
+## Discoveries from Other Pipelines
+${design_discoveries}
+}
 ## Required Output — Architecture Decision Record
 
 Produce this EXACT format:
@@ -2144,12 +2354,24 @@ Be concrete and specific. Reference actual file paths in the codebase. Consider
     parse_claude_tokens "$_token_log"
 
     if [[ ! -s "$design_file" ]]; then
-        error "Design generation failed"
+        error "Design generation failed — empty output"
+        return 1
+    fi
+
+    # Validate design content — detect API/CLI errors masquerading as designs
+    local _design_fatal="Invalid API key|invalid_api_key|authentication_error|API key expired"
+    _design_fatal="${_design_fatal}|rate_limit_error|overloaded_error|Could not resolve host|ANTHROPIC_API_KEY"
+    if grep -qiE "$_design_fatal" "$design_file" 2>/dev/null; then
+        error "Design stage produced API/CLI error instead of a design: $(head -1 "$design_file" | cut -c1-100)"
         return 1
     fi
 
     local line_count
     line_count=$(wc -l < "$design_file" | xargs)
+    if [[ "$line_count" -lt 3 ]]; then
+        error "Design too short (${line_count} lines) — likely an error, not a real design"
+        return 1
+    fi
     info "Design saved: ${DIM}$design_file${RESET} (${line_count} lines)"
 
     # Extract file lists for build stage awareness
@@ -2212,6 +2434,18 @@ Historical context (lessons from previous pipelines):
 ${memory_context}"
     fi
 
+    # Inject cross-pipeline discoveries for build stage
+    if [[ -x "$SCRIPT_DIR/sw-discovery.sh" ]]; then
+        local build_discoveries
+        build_discoveries=$("$SCRIPT_DIR/sw-discovery.sh" inject "src/*,*.ts,*.tsx,*.js" 2>/dev/null | head -20 || true)
+        if [[ -n "$build_discoveries" ]]; then
+            enriched_goal="${enriched_goal}
+
+Discoveries from other pipelines:
+${build_discoveries}"
+        fi
+    fi
+
     # Add task list context
     if [[ -s "$TASKS_FILE" ]]; then
         enriched_goal="${enriched_goal}
@@ -2258,6 +2492,19 @@ Coverage baseline: ${coverage_baseline}% — do not decrease coverage."
         fi
     fi
 
+    # Predictive: inject prevention hints when risk/memory patterns suggest build-stage failures
+    if [[ -x "$SCRIPT_DIR/sw-predictive.sh" ]]; then
+        local issue_json_build="{}"
+        [[ -n "${ISSUE_NUMBER:-}" ]] && issue_json_build=$(jq -n --arg title "${GOAL:-}" --arg num "${ISSUE_NUMBER:-}" '{title: $title, number: $num}')
+        local prevention_text
+        prevention_text=$(bash "$SCRIPT_DIR/sw-predictive.sh" inject-prevention "build" "$issue_json_build" 2>/dev/null || true)
+        if [[ -n "$prevention_text" ]]; then
+            enriched_goal="${enriched_goal}
+
+${prevention_text}"
+        fi
+    fi
+
     loop_args+=("$enriched_goal")
 
     # Build loop args from pipeline config + CLI overrides
@@ -2310,6 +2557,23 @@ Coverage baseline: ${coverage_baseline}% — do not decrease coverage."
         build_model="$CLAUDE_MODEL"
     fi
 
+    # Recruit-powered model selection (when no explicit override)
+    if [[ -z "$MODEL" ]] && [[ -x "$SCRIPT_DIR/sw-recruit.sh" ]]; then
+        local _recruit_goal="${GOAL:-}"
+        if [[ -n "$_recruit_goal" ]]; then
+            local _recruit_match
+            _recruit_match=$(bash "$SCRIPT_DIR/sw-recruit.sh" match --json "$_recruit_goal" 2>/dev/null) || true
+            if [[ -n "$_recruit_match" ]]; then
+                local _recruit_model
+                _recruit_model=$(echo "$_recruit_match" | jq -r '.model // ""' 2>/dev/null) || true
+                if [[ -n "$_recruit_model" && "$_recruit_model" != "null" && "$_recruit_model" != "" ]]; then
+                    info "Recruit recommends model: ${CYAN}${_recruit_model}${RESET} for this task"
+                    build_model="$_recruit_model"
+                fi
+            fi
+        fi
+    fi
+
     [[ -n "$test_cmd" && "$test_cmd" != "null" ]] && loop_args+=(--test-cmd "$test_cmd")
     loop_args+=(--max-iterations "$max_iter")
     loop_args+=(--model "$build_model")
@@ -2366,6 +2630,23 @@ Coverage baseline: ${coverage_baseline}% — do not decrease coverage."
     }
     parse_claude_tokens "$_token_log"
 
+    # Read accumulated token counts from build loop (written by sw-loop.sh)
+    local _loop_token_file="${PROJECT_ROOT}/.claude/loop-logs/loop-tokens.json"
+    if [[ -f "$_loop_token_file" ]] && command -v jq &>/dev/null; then
+        local _loop_in _loop_out _loop_cost
+        _loop_in=$(jq -r '.input_tokens // 0' "$_loop_token_file" 2>/dev/null || echo "0")
+        _loop_out=$(jq -r '.output_tokens // 0' "$_loop_token_file" 2>/dev/null || echo "0")
+        _loop_cost=$(jq -r '.cost_usd // 0' "$_loop_token_file" 2>/dev/null || echo "0")
+        TOTAL_INPUT_TOKENS=$(( TOTAL_INPUT_TOKENS + ${_loop_in:-0} ))
+        TOTAL_OUTPUT_TOKENS=$(( TOTAL_OUTPUT_TOKENS + ${_loop_out:-0} ))
+        if [[ -n "$_loop_cost" && "$_loop_cost" != "0" && "$_loop_cost" != "null" ]]; then
+            TOTAL_COST_USD="${_loop_cost}"
+        fi
+        if [[ "${_loop_in:-0}" -gt 0 || "${_loop_out:-0}" -gt 0 ]]; then
+            info "Build loop tokens: in=${_loop_in} out=${_loop_out} cost=\$${_loop_cost:-0}"
+        fi
+    fi
+
     # Count commits made during build
     local commit_count
     commit_count=$(git log --oneline "${BASE_BRANCH}..HEAD" 2>/dev/null | wc -l | xargs)
@@ -2473,7 +2754,7 @@ ${log_excerpt}
     # Post test results to GitHub
     if [[ -n "$ISSUE_NUMBER" ]]; then
         local test_summary
-        test_summary=$(tail -10 "$test_log")
+        test_summary=$(tail -10 "$test_log" | sed 's/\x1b\[[0-9;]*m//g')
         local cov_line=""
         [[ -n "$coverage" ]] && cov_line="
 **Coverage:** ${coverage}%"
@@ -2670,6 +2951,22 @@ $(cat "$diff_file")"
         success "Review clean"
     fi
 
+    # ── Oversight gate: pipeline review/quality stages block on verdict ──
+    if [[ -x "$SCRIPT_DIR/sw-oversight.sh" ]] && [[ "${SKIP_GATES:-false}" != "true" ]]; then
+        local reject_reason=""
+        local _sec_count
+        _sec_count=$(grep -ciE '\*\*\[?Security\]?\*\*' "$review_file" 2>/dev/null || true)
+        _sec_count="${_sec_count:-0}"
+        local _blocking=$((critical_count + _sec_count))
+        [[ "$_blocking" -gt 0 ]] && reject_reason="Review found ${_blocking} critical/security issue(s)"
+        if ! bash "$SCRIPT_DIR/sw-oversight.sh" gate --diff "$diff_file" --description "${GOAL:-Pipeline review}" --reject-if "$reject_reason" >/dev/null 2>&1; then
+            error "Oversight gate rejected — blocking pipeline"
+            emit_event "review.oversight_blocked" "issue=${ISSUE_NUMBER:-0}"
+            log_stage "review" "BLOCKED: oversight gate rejected"
+            return 1
+        fi
+    fi
+
     # ── Review Blocking Gate ──
     # Block pipeline on critical/security issues unless compound_quality handles them
     local security_count
@@ -2879,6 +3176,19 @@ stage_pr() {
         fi
     fi
 
+    # Pre-PR diff gate — verify meaningful code changes exist (not just bookkeeping)
+    local real_changes
+    real_changes=$(git diff --name-only "origin/${BASE_BRANCH:-main}...HEAD" \
+        -- . ':!.claude/loop-state.md' ':!.claude/pipeline-state.md' \
+        ':!.claude/pipeline-artifacts/*' ':!**/progress.md' \
+        ':!**/error-summary.json' 2>/dev/null | wc -l | xargs || echo "0")
+    if [[ "${real_changes:-0}" -eq 0 ]]; then
+        error "No meaningful code changes detected — only bookkeeping files modified"
+        error "Refusing to create PR with zero real changes"
+        return 1
+    fi
+    info "Pre-PR diff check: ${real_changes} real files changed"
+
     # Build PR title — prefer GOAL over plan file first line
     # (plan file first line often contains Claude analysis text, not a clean title)
     local pr_title=""
@@ -2890,6 +3200,12 @@ stage_pr() {
     fi
     [[ -z "$pr_title" ]] && pr_title="Pipeline changes for issue ${ISSUE_NUMBER:-unknown}"
 
+    # Sanitize: reject PR titles that look like error messages
+    if echo "$pr_title" | grep -qiE 'Invalid API|API key|authentication_error|rate_limit|CLI error|no useful output'; then
+        warn "PR title looks like an error message: $pr_title"
+        pr_title="Pipeline changes for issue ${ISSUE_NUMBER:-unknown}"
+    fi
+
     # Build comprehensive PR body
     local plan_summary=""
     if [[ -s "$plan_file" ]]; then
@@ -2898,7 +3214,7 @@ stage_pr() {
 
     local test_summary=""
     if [[ -s "$test_log" ]]; then
-        test_summary=$(tail -10 "$test_log")
+        test_summary=$(tail -10 "$test_log" | sed 's/\x1b\[[0-9;]*m//g')
     fi
 
     local review_summary=""
@@ -3630,6 +3946,8 @@ stage_monitor() {
     fi
 
     local report_file="$ARTIFACTS_DIR/monitor-report.md"
+    local deploy_log_file="$ARTIFACTS_DIR/deploy-logs.txt"
+    : > "$deploy_log_file"
     local total_errors=0
     local poll_interval=30  # seconds between polls
     local total_polls=$(( (duration_minutes * 60) / poll_interval ))
@@ -3677,10 +3995,11 @@ stage_monitor() {
             fi
         fi
 
-        # Log command check
+        # Log command check (accumulate deploy logs for feedback collect)
         if [[ -n "$log_cmd" ]]; then
             local log_output
             log_output=$(bash -c "$log_cmd" 2>/dev/null || true)
+            [[ -n "$log_output" ]] && echo "$log_output" >> "$deploy_log_file"
             local error_count=0
             if [[ -n "$log_output" ]]; then
                 error_count=$(echo "$log_output" | grep -cE "$log_pattern" 2>/dev/null || true)
@@ -3715,13 +4034,24 @@ stage_monitor() {
                 "total_errors=$total_errors" \
                 "threshold=$error_threshold"
 
-            # Auto-rollback if configured
-            if [[ "$auto_rollback" == "true" && -n "$rollback_cmd" ]]; then
+            # Feedback loop: collect deploy logs and optionally create issue
+            if [[ -f "$deploy_log_file" ]] && [[ -s "$deploy_log_file" ]] && [[ -x "$SCRIPT_DIR/sw-feedback.sh" ]]; then
+                (cd "$PROJECT_ROOT" && ARTIFACTS_DIR="$ARTIFACTS_DIR" bash "$SCRIPT_DIR/sw-feedback.sh" collect "$deploy_log_file" 2>/dev/null) || true
+                (cd "$PROJECT_ROOT" && ARTIFACTS_DIR="$ARTIFACTS_DIR" bash "$SCRIPT_DIR/sw-feedback.sh" create-issue 2>/dev/null) || true
+            fi
+
+            # Auto-rollback: feedback rollback (GitHub Deployments API) and/or config rollback_cmd
+            if [[ "$auto_rollback" == "true" ]]; then
                 warn "Auto-rolling back..."
                 echo "" >> "$report_file"
                 echo "## Rollback" >> "$report_file"
 
-                if bash -c "$rollback_cmd" >> "$report_file" 2>&1; then
+                # Trigger feedback rollback (calls sw-github-deploy.sh rollback)
+                if [[ -x "$SCRIPT_DIR/sw-feedback.sh" ]]; then
+                    (cd "$PROJECT_ROOT" && ARTIFACTS_DIR="$ARTIFACTS_DIR" bash "$SCRIPT_DIR/sw-feedback.sh" rollback production "Monitor threshold exceeded (${total_errors} errors)" >> "$report_file" 2>&1) || true
+                fi
+
+                if [[ -n "$rollback_cmd" ]] && bash -c "$rollback_cmd" >> "$report_file" 2>&1; then
                     success "Rollback executed"
                     echo "Rollback: ✅ success" >> "$report_file"
 
@@ -5754,9 +6084,242 @@ ${route_instruction}"
     fi
 }
 
+# ──────────────────────────────────────────────────────────────────────────────
+# Bash 3.2 Compatibility Check
+# Scans modified .sh files for common bash 3.2 incompatibilities
+# Returns: count of violations found
+# ──────────────────────────────────────────────────────────────────────────────
+run_bash_compat_check() {
+    local violations=0
+    local violation_details=""
+
+    # Get modified .sh files relative to base branch
+    local changed_files
+    changed_files=$(git diff --name-only "origin/${BASE_BRANCH:-main}...HEAD" -- '*.sh' 2>/dev/null || echo "")
+
+    if [[ -z "$changed_files" ]]; then
+        echo "0"
+        return 0
+    fi
+
+    # Check each file for bash 3.2 incompatibilities
+    while IFS= read -r filepath; do
+        [[ -z "$filepath" ]] && continue
+
+        # declare -A (associative arrays)
+        local declare_a_count
+        declare_a_count=$(grep -c 'declare[[:space:]]*-[aA]' "$filepath" 2>/dev/null || true)
+        if [[ "$declare_a_count" -gt 0 ]]; then
+            violations=$((violations + declare_a_count))
+            violation_details="${violation_details}${filepath}: declare -A (${declare_a_count} occurrences)
+"
+        fi
+
+        # readarray or mapfile
+        local readarray_count
+        readarray_count=$(grep -c 'readarray\|mapfile' "$filepath" 2>/dev/null || true)
+        if [[ "$readarray_count" -gt 0 ]]; then
+            violations=$((violations + readarray_count))
+            violation_details="${violation_details}${filepath}: readarray/mapfile (${readarray_count} occurrences)
+"
+        fi
+
+        # ${var,,} or ${var^^} (case conversion)
+        local case_conv_count
+        case_conv_count=$(grep -c '\$\{[a-zA-Z_][a-zA-Z0-9_]*,,' "$filepath" 2>/dev/null || true)
+        case_conv_count=$((case_conv_count + $(grep -c '\$\{[a-zA-Z_][a-zA-Z0-9_]*\^\^' "$filepath" 2>/dev/null || true)))
+        if [[ "$case_conv_count" -gt 0 ]]; then
+            violations=$((violations + case_conv_count))
+            violation_details="${violation_details}${filepath}: case conversion \$\{var,,\} or \$\{var\^\^\} (${case_conv_count} occurrences)
+"
+        fi
+
+        # |& (pipe stderr to stdout in-place)
+        local pipe_ampersand_count
+        pipe_ampersand_count=$(grep -c '|&' "$filepath" 2>/dev/null || true)
+        if [[ "$pipe_ampersand_count" -gt 0 ]]; then
+            violations=$((violations + pipe_ampersand_count))
+            violation_details="${violation_details}${filepath}: |& operator (${pipe_ampersand_count} occurrences)
+"
+        fi
+
+        # ;& or ;;& in case statements (advanced fallthrough)
+        local advanced_case_count
+        advanced_case_count=$(grep -c ';&\|;;&' "$filepath" 2>/dev/null || true)
+        if [[ "$advanced_case_count" -gt 0 ]]; then
+            violations=$((violations + advanced_case_count))
+            violation_details="${violation_details}${filepath}: advanced case ;& or ;;& (${advanced_case_count} occurrences)
+"
+        fi
+
+    done <<< "$changed_files"
+
+    # Log details if violations found
+    if [[ "$violations" -gt 0 ]]; then
+        warn "Bash 3.2 compatibility check: ${violations} violation(s) found:"
+        echo "$violation_details" | sed 's/^/  /'
+    fi
+
+    echo "$violations"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# Test Coverage Check
+# Runs configured test command and extracts coverage percentage
+# Returns: coverage percentage (0-100), or "skip" if no test command configured
+# ──────────────────────────────────────────────────────────────────────────────
+run_test_coverage_check() {
+    local test_cmd="${TEST_CMD:-}"
+    if [[ -z "$test_cmd" ]]; then
+        echo "skip"
+        return 0
+    fi
+
+    info "Running test coverage check..."
+
+    # Run tests and capture output
+    local test_output
+    local test_rc=0
+    test_output=$(eval "$test_cmd" 2>&1) || test_rc=$?
+
+    if [[ "$test_rc" -ne 0 ]]; then
+        warn "Test command failed (exit code: $test_rc) — cannot extract coverage"
+        echo "0"
+        return 0
+    fi
+
+    # Extract coverage percentage from various formats
+    # Patterns: "XX% coverage", "Lines: XX%", "Stmts: XX%", "Coverage: XX%", "coverage XX%"
+    local coverage_pct
+    coverage_pct=$(echo "$test_output" | grep -oE '[0-9]{1,3}%[[:space:]]*(coverage|lines|stmts|statements)' | grep -oE '^[0-9]{1,3}' | head -1 || true)
+
+    if [[ -z "$coverage_pct" ]]; then
+        # Try alternate patterns without units
+        coverage_pct=$(echo "$test_output" | grep -oE 'coverage[:]?[[:space:]]*[0-9]{1,3}' | grep -oE '[0-9]{1,3}' | head -1 || true)
+    fi
+
+    if [[ -z "$coverage_pct" ]]; then
+        warn "Could not extract coverage percentage from test output"
+        echo "0"
+        return 0
+    fi
+
+    # Ensure it's a valid percentage (0-100)
+    if [[ ! "$coverage_pct" =~ ^[0-9]{1,3}$ ]] || [[ "$coverage_pct" -gt 100 ]]; then
+        coverage_pct=0
+    fi
+
+    success "Test coverage: ${coverage_pct}%"
+    echo "$coverage_pct"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# Atomic Write Violations Check
+# Scans modified files for anti-patterns: direct echo > file to state/config files
+# Returns: count of violations found
+# ──────────────────────────────────────────────────────────────────────────────
+run_atomic_write_check() {
+    local violations=0
+    local violation_details=""
+
+    # Get modified files (not just .sh — includes state/config files)
+    local changed_files
+    changed_files=$(git diff --name-only "origin/${BASE_BRANCH:-main}...HEAD" 2>/dev/null || echo "")
+
+    if [[ -z "$changed_files" ]]; then
+        echo "0"
+        return 0
+    fi
+
+    # Check for direct writes to state/config files (patterns that should use tmp+mv)
+    # Look for: echo "..." > state/config files
+    while IFS= read -r filepath; do
+        [[ -z "$filepath" ]] && continue
+
+        # Only check state/config/artifacts files
+        if [[ ! "$filepath" =~ (state|config|artifact|cache|db|json)$ ]]; then
+            continue
+        fi
+
+        # Check for direct redirection writes (> file) in state/config paths
+        local bad_writes
+        bad_writes=$(git show "HEAD:$filepath" 2>/dev/null | grep -c 'echo.*>' "$filepath" 2>/dev/null || true)
+
+        if [[ "$bad_writes" -gt 0 ]]; then
+            violations=$((violations + bad_writes))
+            violation_details="${violation_details}${filepath}: ${bad_writes} direct write(s) (should use tmp+mv)
+"
+        fi
+    done <<< "$changed_files"
+
+    if [[ "$violations" -gt 0 ]]; then
+        warn "Atomic write violations: ${violations} found (should use tmp file + mv pattern):"
+        echo "$violation_details" | sed 's/^/  /'
+    fi
+
+    echo "$violations"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# New Function Test Detection
+# Detects new functions added in the diff but checks if corresponding tests exist
+# Returns: count of untested new functions
+# ──────────────────────────────────────────────────────────────────────────────
+run_new_function_test_check() {
+    local untested_functions=0
+    local details=""
+
+    # Get diff
+    local diff_content
+    diff_content=$(git diff "origin/${BASE_BRANCH:-main}...HEAD" 2>/dev/null || true)
+
+    if [[ -z "$diff_content" ]]; then
+        echo "0"
+        return 0
+    fi
+
+    # Extract newly added function definitions (lines starting with +functionname())
+    local new_functions
+    new_functions=$(echo "$diff_content" | grep -E '^\+[a-zA-Z_][a-zA-Z0-9_]*\(\)' | sed 's/^\+//' | sed 's/()//' || true)
+
+    if [[ -z "$new_functions" ]]; then
+        echo "0"
+        return 0
+    fi
+
+    # For each new function, check if test files were modified
+    local test_files_modified=0
+    test_files_modified=$(echo "$diff_content" | grep -c '\-\-\-.*test\|\.test\.\|_test\.' || true)
+
+    # Simple heuristic: if we have new functions but no test file modifications, warn
+    if [[ "$test_files_modified" -eq 0 ]]; then
+        local func_count
+        func_count=$(echo "$new_functions" | wc -l | xargs)
+        untested_functions="$func_count"
+        details="Added ${func_count} new function(s) but no test file modifications detected"
+    fi
+
+    if [[ "$untested_functions" -gt 0 ]]; then
+        warn "New functions without tests: ${details}"
+    fi
+
+    echo "$untested_functions"
+}
+
 stage_compound_quality() {
     CURRENT_STAGE_ID="compound_quality"
 
+    # Pre-check: verify meaningful changes exist before running expensive quality checks
+    local _cq_real_changes
+    _cq_real_changes=$(git diff --name-only "origin/${BASE_BRANCH:-main}...HEAD" \
+        -- . ':!.claude/loop-state.md' ':!.claude/pipeline-state.md' \
+        ':!.claude/pipeline-artifacts/*' ':!**/progress.md' \
+        ':!**/error-summary.json' 2>/dev/null | wc -l | xargs || echo "0")
+    if [[ "${_cq_real_changes:-0}" -eq 0 ]]; then
+        error "Compound quality: no meaningful code changes found — failing quality gate"
+        return 1
+    fi
+
     # Read config
     local max_cycles adversarial_enabled negative_enabled e2e_enabled dod_enabled strict_quality
     max_cycles=$(jq -r --arg id "compound_quality" '(.stages[] | select(.id == $id) | .config.max_cycles) // 3' "$PIPELINE_CONFIG" 2>/dev/null) || true
@@ -5783,6 +6346,79 @@ stage_compound_quality() {
     local total_critical=0 total_major=0 total_minor=0
     local audits_run_list=""
 
+    # ── HARDENED QUALITY GATES (RUN BEFORE CYCLES) ──
+    # These checks must pass before we even start the audit cycles
+    echo ""
+    info "Running hardened quality gate checks..."
+
+    # 1. Bash 3.2 compatibility check
+    local bash_violations=0
+    bash_violations=$(run_bash_compat_check 2>/dev/null) || bash_violations=0
+    bash_violations="${bash_violations:-0}"
+
+    if [[ "$strict_quality" == "true" && "$bash_violations" -gt 0 ]]; then
+        error "STRICT QUALITY: Bash 3.2 incompatibilities found — blocking"
+        emit_event "quality.bash_compat_failed" \
+            "issue=${ISSUE_NUMBER:-0}" \
+            "violations=$bash_violations"
+        return 1
+    fi
+
+    if [[ "$bash_violations" -gt 0 ]]; then
+        warn "Bash 3.2 incompatibilities detected: ${bash_violations} (will impact quality score)"
+        total_minor=$((total_minor + bash_violations))
+    else
+        success "Bash 3.2 compatibility: clean"
+    fi
+
+    # 2. Test coverage check
+    local coverage_pct=0
+    coverage_pct=$(run_test_coverage_check 2>/dev/null) || coverage_pct=0
+    coverage_pct="${coverage_pct:-0}"
+
+    if [[ "$coverage_pct" != "skip" ]]; then
+        if [[ "$coverage_pct" -lt 60 ]]; then
+            if [[ "$strict_quality" == "true" ]]; then
+                error "STRICT QUALITY: Test coverage below 60% (${coverage_pct}%) — blocking"
+                emit_event "quality.coverage_failed" \
+                    "issue=${ISSUE_NUMBER:-0}" \
+                    "coverage=$coverage_pct"
+                return 1
+            else
+                warn "Test coverage below 60% threshold (${coverage_pct}%) — quality penalty applied"
+                total_major=$((total_major + 2))
+            fi
+        fi
+    fi
+
+    # 3. New functions without tests check
+    local untested_functions=0
+    untested_functions=$(run_new_function_test_check 2>/dev/null) || untested_functions=0
+    untested_functions="${untested_functions:-0}"
+
+    if [[ "$untested_functions" -gt 0 ]]; then
+        if [[ "$strict_quality" == "true" ]]; then
+            error "STRICT QUALITY: ${untested_functions} new function(s) without tests — blocking"
+            emit_event "quality.untested_functions" \
+                "issue=${ISSUE_NUMBER:-0}" \
+                "count=$untested_functions"
+            return 1
+        else
+            warn "New functions without corresponding tests: ${untested_functions}"
+            total_major=$((total_major + untested_functions))
+        fi
+    fi
+
+    # 4. Atomic write violations (optional, informational in most modes)
+    local atomic_violations=0
+    atomic_violations=$(run_atomic_write_check 2>/dev/null) || atomic_violations=0
+    atomic_violations="${atomic_violations:-0}"
+
+    if [[ "$atomic_violations" -gt 0 ]]; then
+        warn "Atomic write violations: ${atomic_violations} (state/config file patterns)"
+        total_minor=$((total_minor + atomic_violations))
+    fi
+
     # Vitals-driven adaptive cycle limit (preferred)
     local base_max_cycles="$max_cycles"
     if type pipeline_adaptive_limit &>/dev/null 2>&1; then
@@ -6180,24 +6816,52 @@ All quality checks clean:
     # Record quality score
     pipeline_record_quality_score "$quality_score" "$total_critical" "$total_major" "$total_minor" "$_dod_pass_rate" "$audits_run_list" 2>/dev/null || true
 
-    # ── Quality Gate ──
+    # ── Quality Gate (HARDENED) ──
     local compound_quality_blocking
     compound_quality_blocking=$(jq -r --arg id "compound_quality" \
         '(.stages[] | select(.id == $id) | .config.compound_quality_blocking) // true' \
         "$PIPELINE_CONFIG" 2>/dev/null) || true
     [[ -z "$compound_quality_blocking" || "$compound_quality_blocking" == "null" ]] && compound_quality_blocking="true"
 
-    if [[ "$quality_score" -lt 60 && "$compound_quality_blocking" == "true" ]]; then
+    # HARDENED THRESHOLD: quality_score must be >= 60 to pass
+    # In strict mode, higher requirements apply per the hardened checks above
+    local min_threshold=60
+    if [[ "$strict_quality" == "true" ]]; then
+        # Strict mode: require score >= 70 and ZERO critical issues
+        if [[ "$total_critical" -gt 0 ]]; then
+            error "STRICT QUALITY: ${total_critical} critical issue(s) found — BLOCKING (strict mode)"
+            emit_event "pipeline.quality_gate_failed_strict" \
+                "issue=${ISSUE_NUMBER:-0}" \
+                "reason=critical_issues" \
+                "critical=$total_critical"
+            log_stage "compound_quality" "Quality gate failed (strict mode): critical issues"
+            return 1
+        fi
+        min_threshold=70
+    fi
+
+    # Hard floor: score must be >= 40, regardless of other settings
+    if [[ "$quality_score" -lt 40 ]]; then
+        error "HARDENED GATE: Quality score ${quality_score}/100 below hard floor (40) — BLOCKING"
+        emit_event "quality.hard_floor_failed" \
+            "issue=${ISSUE_NUMBER:-0}" \
+            "quality_score=$quality_score"
+        log_stage "compound_quality" "Quality gate failed: score below hard floor (40)"
+        return 1
+    fi
+
+    if [[ "$quality_score" -lt "$min_threshold" && "$compound_quality_blocking" == "true" ]]; then
         emit_event "pipeline.quality_gate_failed" \
             "issue=${ISSUE_NUMBER:-0}" \
             "quality_score=$quality_score" \
+            "threshold=$min_threshold" \
             "critical=$total_critical" \
             "major=$total_major"
 
-        error "Quality gate FAILED: score ${quality_score}/100 (critical: ${total_critical}, major: ${total_major}, minor: ${total_minor})"
+        error "Quality gate FAILED: score ${quality_score}/100 (threshold: ${min_threshold}/100, critical: ${total_critical}, major: ${total_major}, minor: ${total_minor})"
 
         if [[ -n "$ISSUE_NUMBER" ]]; then
-            gh_comment_issue "$ISSUE_NUMBER" "❌ **Quality gate failed** — score ${quality_score}/100
+            gh_comment_issue "$ISSUE_NUMBER" "❌ **Quality gate failed** — score ${quality_score}/${min_threshold}
 
 | Finding Type | Count | Deduction |
 |---|---|---|
@@ -6209,25 +6873,41 @@ DoD pass rate: ${_dod_pass_rate}%
 Quality issues remain after ${max_cycles} cycles. Check artifacts for details." 2>/dev/null || true
         fi
 
-        log_stage "compound_quality" "Quality gate failed: ${quality_score}/100 after ${max_cycles} cycles"
+        log_stage "compound_quality" "Quality gate failed: ${quality_score}/${min_threshold} after ${max_cycles} cycles"
         return 1
     fi
 
-    # Exhausted all cycles but quality score is above threshold
-    if [[ "$quality_score" -ge 60 ]]; then
-        warn "Compound quality: score ${quality_score}/100 after ${max_cycles} cycles (above threshold, proceeding)"
+    # Exhausted all cycles but quality score is at or above threshold
+    if [[ "$quality_score" -ge "$min_threshold" ]]; then
+        if [[ "$quality_score" -eq 100 ]]; then
+            success "Compound quality PERFECT: 100/100"
+        elif [[ "$quality_score" -ge 80 ]]; then
+            success "Compound quality EXCELLENT: ${quality_score}/100"
+        elif [[ "$quality_score" -ge 70 ]]; then
+            success "Compound quality GOOD: ${quality_score}/100"
+        else
+            warn "Compound quality ACCEPTABLE: ${quality_score}/${min_threshold} after ${max_cycles} cycles"
+        fi
 
         if [[ -n "$ISSUE_NUMBER" ]]; then
-            gh_comment_issue "$ISSUE_NUMBER" "⚠️ **Compound quality** — score ${quality_score}/100 after ${max_cycles} cycles
+            local quality_emoji="✅"
+            [[ "$quality_score" -lt 70 ]] && quality_emoji="⚠️"
+            gh_comment_issue "$ISSUE_NUMBER" "${quality_emoji} **Compound quality passed** — score ${quality_score}/${min_threshold} after ${max_cycles} cycles
+
+| Finding Type | Count |
+|---|---|
+| Critical | ${total_critical} |
+| Major | ${total_major} |
+| Minor | ${total_minor} |
 
-Some issues remain but quality score is above threshold. Proceeding." 2>/dev/null || true
+DoD pass rate: ${_dod_pass_rate}%" 2>/dev/null || true
         fi
 
-        log_stage "compound_quality" "Passed with score ${quality_score}/100 after ${max_cycles} cycles"
+        log_stage "compound_quality" "Passed with score ${quality_score}/${min_threshold} after ${max_cycles} cycles"
         return 0
     fi
 
-    error "Compound quality exhausted after ${max_cycles} cycles"
+    error "Compound quality exhausted after ${max_cycles} cycles with insufficient score"
 
     if [[ -n "$ISSUE_NUMBER" ]]; then
         gh_comment_issue "$ISSUE_NUMBER" "❌ **Compound quality failed** after ${max_cycles} cycles
@@ -6585,6 +7265,12 @@ Focus on fixing the failing tests while keeping all passing tests working."
                 _snap_error="${_snap_error:-}"
                 pipeline_emit_progress_snapshot "${ISSUE_NUMBER}" "${CURRENT_STAGE_ID:-test}" "${cycle:-0}" "${_diff_count:-0}" "${_snap_files}" "${_snap_error}" 2>/dev/null || true
             fi
+            # Record fix outcome when tests pass after a retry with memory injection (pipeline path)
+            if [[ "$cycle" -gt 1 && -n "${last_test_error:-}" ]] && [[ -x "$SCRIPT_DIR/sw-memory.sh" ]]; then
+                local _sig
+                _sig=$(echo "$last_test_error" | head -3 | tr '\n' ' ' | sed 's/^ *//;s/ *$//')
+                [[ -n "$_sig" ]] && bash "$SCRIPT_DIR/sw-memory.sh" fix-outcome "$_sig" "true" "true" 2>/dev/null || true
+            fi
             return 0  # Tests passed!
         fi
 
@@ -6773,11 +7459,17 @@ run_pipeline() {
 
         # CI resume: skip stages marked as completed from previous run
         if [[ -n "${COMPLETED_STAGES:-}" ]] && echo "$COMPLETED_STAGES" | tr ',' '\n' | grep -qx "$id"; then
-            echo -e "  ${GREEN}✓ ${id}${RESET} ${DIM}— skipped (CI resume)${RESET}"
-            set_stage_status "$id" "complete"
-            completed=$((completed + 1))
-            emit_event "stage.skipped" "issue=${ISSUE_NUMBER:-0}" "stage=$id" "reason=ci_resume"
-            continue
+            # Verify artifacts survived the merge — regenerate if missing
+            if verify_stage_artifacts "$id"; then
+                echo -e "  ${GREEN}✓ ${id}${RESET} ${DIM}— skipped (CI resume)${RESET}"
+                set_stage_status "$id" "complete"
+                completed=$((completed + 1))
+                emit_event "stage.skipped" "issue=${ISSUE_NUMBER:-0}" "stage=$id" "reason=ci_resume"
+                continue
+            else
+                warn "Stage $id marked complete but artifacts missing — regenerating"
+                emit_event "stage.artifact_miss" "issue=${ISSUE_NUMBER:-0}" "stage=$id"
+            fi
         fi
 
         # Self-healing build→test loop: when we hit build, run both together
@@ -6929,11 +7621,29 @@ run_pipeline() {
         if run_stage_with_retry "$id"; then
             mark_stage_complete "$id"
             completed=$((completed + 1))
+            # Capture project pattern after intake (for memory context in later stages)
+            if [[ "$id" == "intake" ]] && [[ -x "$SCRIPT_DIR/sw-memory.sh" ]]; then
+                (cd "$REPO_DIR" && bash "$SCRIPT_DIR/sw-memory.sh" pattern "project" "{}" 2>/dev/null) || true
+            fi
             local timing stage_dur_s
             timing=$(get_stage_timing "$id")
             stage_dur_s=$(( $(now_epoch) - stage_start_epoch ))
             success "Stage ${BOLD}$id${RESET} complete ${DIM}(${timing})${RESET}"
             emit_event "stage.completed" "issue=${ISSUE_NUMBER:-0}" "stage=$id" "duration_s=$stage_dur_s"
+            # Broadcast discovery for cross-pipeline learning
+            if [[ -x "$SCRIPT_DIR/sw-discovery.sh" ]]; then
+                local _disc_cat _disc_patterns _disc_text
+                _disc_cat="$id"
+                case "$id" in
+                    plan)   _disc_patterns="*.md"; _disc_text="Plan completed: ${GOAL:-goal}" ;;
+                    design) _disc_patterns="*.md,*.ts,*.tsx,*.js"; _disc_text="Design completed for ${GOAL:-goal}" ;;
+                    build)  _disc_patterns="src/*,*.ts,*.tsx,*.js"; _disc_text="Build completed" ;;
+                    test)   _disc_patterns="*.test.*,*_test.*"; _disc_text="Tests passed" ;;
+                    review) _disc_patterns="*.md,*.ts,*.tsx"; _disc_text="Review completed" ;;
+                    *)      _disc_patterns="*"; _disc_text="Stage $id completed" ;;
+                esac
+                bash "$SCRIPT_DIR/sw-discovery.sh" broadcast "$_disc_cat" "$_disc_patterns" "$_disc_text" "" 2>/dev/null || true
+            fi
             # Log model used for prediction feedback
             echo "${id}|${stage_model_used}|true" >> "${ARTIFACTS_DIR}/model-routing.log"
         else
@@ -7121,9 +7831,193 @@ pipeline_cleanup_worktree() {
     fi
 }
 
+# ─── Dry Run Mode ───────────────────────────────────────────────────────────
+# Shows what would happen without executing
+run_dry_run() {
+    echo ""
+    echo -e "${BLUE}${BOLD}━━━ Dry Run: Pipeline Validation ━━━${RESET}"
+    echo ""
+
+    # Validate pipeline config
+    if [[ ! -f "$PIPELINE_CONFIG" ]]; then
+        error "Pipeline config not found: $PIPELINE_CONFIG"
+        return 1
+    fi
+
+    # Validate JSON structure
+    local validate_json
+    validate_json=$(jq . "$PIPELINE_CONFIG" 2>/dev/null) || {
+        error "Pipeline config is not valid JSON: $PIPELINE_CONFIG"
+        return 1
+    }
+
+    # Extract pipeline metadata
+    local pipeline_name stages_count enabled_stages gated_stages
+    pipeline_name=$(jq -r '.name // "unknown"' "$PIPELINE_CONFIG")
+    stages_count=$(jq '.stages | length' "$PIPELINE_CONFIG")
+    enabled_stages=$(jq '[.stages[] | select(.enabled == true)] | length' "$PIPELINE_CONFIG")
+    gated_stages=$(jq '[.stages[] | select(.enabled == true and .gate == "approve")] | length' "$PIPELINE_CONFIG")
+
+    # Build model (per-stage override or default)
+    local default_model stage_model
+    default_model=$(jq -r '.defaults.model // "opus"' "$PIPELINE_CONFIG")
+    stage_model="$MODEL"
+    [[ -z "$stage_model" ]] && stage_model="$default_model"
+
+    echo -e "  ${BOLD}Pipeline:${RESET}       $pipeline_name"
+    echo -e "  ${BOLD}Stages:${RESET}         $enabled_stages enabled of $stages_count total"
+    if [[ "$SKIP_GATES" == "true" ]]; then
+        echo -e "  ${BOLD}Gates:${RESET}         ${YELLOW}all auto (--skip-gates)${RESET}"
+    else
+        echo -e "  ${BOLD}Gates:${RESET}         $gated_stages approval gate(s)"
+    fi
+    echo -e "  ${BOLD}Model:${RESET}         $stage_model"
+    echo ""
+
+    # Table header
+    echo -e "${CYAN}${BOLD}Stage         Enabled  Gate     Model${RESET}"
+    echo -e "${CYAN}────────────────────────────────────────${RESET}"
+
+    # List all stages
+    while IFS= read -r stage_json; do
+        local stage_id stage_enabled stage_gate stage_config_model stage_model_display
+        stage_id=$(echo "$stage_json" | jq -r '.id')
+        stage_enabled=$(echo "$stage_json" | jq -r '.enabled')
+        stage_gate=$(echo "$stage_json" | jq -r '.gate')
+
+        # Determine stage model (config override or default)
+        stage_config_model=$(echo "$stage_json" | jq -r '.config.model // ""')
+        if [[ -n "$stage_config_model" && "$stage_config_model" != "null" ]]; then
+            stage_model_display="$stage_config_model"
+        else
+            stage_model_display="$default_model"
+        fi
+
+        # Format enabled
+        local enabled_str
+        if [[ "$stage_enabled" == "true" ]]; then
+            enabled_str="${GREEN}yes${RESET}"
+        else
+            enabled_str="${DIM}no${RESET}"
+        fi
+
+        # Format gate
+        local gate_str
+        if [[ "$stage_enabled" == "true" ]]; then
+            if [[ "$stage_gate" == "approve" ]]; then
+                gate_str="${YELLOW}approve${RESET}"
+            else
+                gate_str="${GREEN}auto${RESET}"
+            fi
+        else
+            gate_str="${DIM}—${RESET}"
+        fi
+
+        printf "%-15s %s  %s  %s\n" "$stage_id" "$enabled_str" "$gate_str" "$stage_model_display"
+    done < <(jq -c '.stages[]' "$PIPELINE_CONFIG")
+
+    echo ""
+
+    # Validate required tools
+    echo -e "${BLUE}${BOLD}━━━ Tool Validation ━━━${RESET}"
+    echo ""
+
+    local tool_errors=0
+    local required_tools=("git" "jq")
+    local optional_tools=("gh" "claude" "bc")
+
+    for tool in "${required_tools[@]}"; do
+        if command -v "$tool" &>/dev/null; then
+            echo -e "  ${GREEN}✓${RESET} $tool"
+        else
+            echo -e "  ${RED}✗${RESET} $tool ${RED}(required)${RESET}"
+            tool_errors=$((tool_errors + 1))
+        fi
+    done
+
+    for tool in "${optional_tools[@]}"; do
+        if command -v "$tool" &>/dev/null; then
+            echo -e "  ${GREEN}✓${RESET} $tool"
+        else
+            echo -e "  ${DIM}○${RESET} $tool"
+        fi
+    done
+
+    echo ""
+
+    # Cost estimation (rough approximation)
+    echo -e "${BLUE}${BOLD}━━━ Estimated Resource Usage ━━━${RESET}"
+    echo ""
+
+    # Very rough cost estimation: ~2000 input tokens per stage, ~3000 output tokens
+    # Adjust based on pipeline complexity
+    local input_tokens_estimate output_tokens_estimate
+    input_tokens_estimate=$(( enabled_stages * 2000 ))
+    output_tokens_estimate=$(( enabled_stages * 3000 ))
+
+    # Calculate cost based on selected model
+    local input_rate output_rate input_cost output_cost total_cost
+    input_rate=$(echo "$COST_MODEL_RATES" | jq -r ".${stage_model}.input // 3" 2>/dev/null || echo "3")
+    output_rate=$(echo "$COST_MODEL_RATES" | jq -r ".${stage_model}.output // 15" 2>/dev/null || echo "15")
+
+    # Cost calculation: tokens per million * rate
+    input_cost=$(awk -v tokens="$input_tokens_estimate" -v rate="$input_rate" 'BEGIN{printf "%.4f", (tokens / 1000000) * rate}')
+    output_cost=$(awk -v tokens="$output_tokens_estimate" -v rate="$output_rate" 'BEGIN{printf "%.4f", (tokens / 1000000) * rate}')
+    total_cost=$(awk -v i="$input_cost" -v o="$output_cost" 'BEGIN{printf "%.4f", i + o}')
+
+    echo -e "  ${BOLD}Estimated Input Tokens:${RESET}  ~$input_tokens_estimate"
+    echo -e "  ${BOLD}Estimated Output Tokens:${RESET} ~$output_tokens_estimate"
+    echo -e "  ${BOLD}Model Cost Rate:${RESET}        $stage_model"
+    echo -e "  ${BOLD}Estimated Cost:${RESET}         \$$total_cost USD (rough estimate)"
+    echo ""
+
+    # Validate composed pipeline if intelligence is enabled
+    if [[ -f "$ARTIFACTS_DIR/composed-pipeline.json" ]] && type composer_validate_pipeline &>/dev/null; then
+        echo -e "${BLUE}${BOLD}━━━ Intelligence-Composed Pipeline ━━━${RESET}"
+        echo ""
+
+        if composer_validate_pipeline "$(cat "$ARTIFACTS_DIR/composed-pipeline.json" 2>/dev/null || echo "")" 2>/dev/null; then
+            echo -e "  ${GREEN}✓${RESET} Composed pipeline is valid"
+        else
+            echo -e "  ${YELLOW}⚠${RESET} Composed pipeline validation failed (will use template defaults)"
+        fi
+        echo ""
+    fi
+
+    # Final validation result
+    if [[ "$tool_errors" -gt 0 ]]; then
+        error "Dry run validation failed: $tool_errors required tool(s) missing"
+        return 1
+    fi
+
+    success "Dry run validation passed"
+    echo ""
+    echo -e "  To execute this pipeline: ${DIM}remove --dry-run flag${RESET}"
+    echo ""
+    return 0
+}
+
 # ─── Subcommands ────────────────────────────────────────────────────────────
 
 pipeline_start() {
+    # Handle --repo flag: change to directory before running
+    if [[ -n "$REPO_OVERRIDE" ]]; then
+        if [[ ! -d "$REPO_OVERRIDE" ]]; then
+            error "Directory does not exist: $REPO_OVERRIDE"
+            exit 1
+        fi
+        if ! cd "$REPO_OVERRIDE" 2>/dev/null; then
+            error "Cannot cd to: $REPO_OVERRIDE"
+            exit 1
+        fi
+        if ! git rev-parse --show-toplevel >/dev/null 2>&1; then
+            error "Not a git repository: $REPO_OVERRIDE"
+            exit 1
+        fi
+        ORIGINAL_REPO_DIR="$(pwd)"
+        info "Using repository: $ORIGINAL_REPO_DIR"
+    fi
+
     if [[ -z "$GOAL" && -z "$ISSUE_NUMBER" ]]; then
         error "Must provide --goal or --issue"
         echo -e "  Example: ${DIM}shipwright pipeline start --goal \"Add JWT auth\"${RESET}"
@@ -7238,8 +8132,8 @@ pipeline_start() {
     echo ""
 
     if [[ "$DRY_RUN" == "true" ]]; then
-        info "Dry run — no stages will execute"
-        return 0
+        run_dry_run
+        return $?
     fi
 
     # Start background heartbeat writer
@@ -7283,9 +8177,15 @@ pipeline_start() {
             "result=success" \
             "duration_s=${total_dur_s:-0}" \
             "pr_url=${pr_url:-}" \
+            "agent_id=${PIPELINE_AGENT_ID}" \
             "input_tokens=$TOTAL_INPUT_TOKENS" \
             "output_tokens=$TOTAL_OUTPUT_TOKENS" \
             "self_heal_count=$SELF_HEAL_COUNT"
+
+        # Auto-ingest pipeline outcome into recruit profiles
+        if [[ -x "$SCRIPT_DIR/sw-recruit.sh" ]]; then
+            bash "$SCRIPT_DIR/sw-recruit.sh" ingest-pipeline 1 2>/dev/null || true
+        fi
     else
         notify "Pipeline Failed" "Goal: ${GOAL}\nFailed at: ${CURRENT_STAGE_ID:-unknown}" "error"
         emit_event "pipeline.completed" \
@@ -7293,10 +8193,16 @@ pipeline_start() {
             "result=failure" \
             "duration_s=${total_dur_s:-0}" \
             "failed_stage=${CURRENT_STAGE_ID:-unknown}" \
+            "agent_id=${PIPELINE_AGENT_ID}" \
             "input_tokens=$TOTAL_INPUT_TOKENS" \
             "output_tokens=$TOTAL_OUTPUT_TOKENS" \
             "self_heal_count=$SELF_HEAL_COUNT"
 
+        # Auto-ingest pipeline outcome into recruit profiles
+        if [[ -x "$SCRIPT_DIR/sw-recruit.sh" ]]; then
+            bash "$SCRIPT_DIR/sw-recruit.sh" ingest-pipeline 1 2>/dev/null || true
+        fi
+
         # Capture failure learnings to memory
         if [[ -x "$SCRIPT_DIR/sw-memory.sh" ]]; then
             bash "$SCRIPT_DIR/sw-memory.sh" capture "$STATE_FILE" "$ARTIFACTS_DIR" 2>/dev/null || true
@@ -7352,18 +8258,24 @@ pipeline_start() {
         memory_finalize_pipeline "$STATE_FILE" "$ARTIFACTS_DIR" 2>/dev/null || true
     fi
 
-    # Emit cost event
+    # Emit cost event — prefer actual cost from Claude CLI when available
     local model_key="${MODEL:-sonnet}"
-    local input_cost output_cost total_cost
-    input_cost=$(awk -v tokens="$TOTAL_INPUT_TOKENS" -v rate="$(echo "$COST_MODEL_RATES" | jq -r ".${model_key}.input // 3")" 'BEGIN{printf "%.4f", (tokens / 1000000) * rate}')
-    output_cost=$(awk -v tokens="$TOTAL_OUTPUT_TOKENS" -v rate="$(echo "$COST_MODEL_RATES" | jq -r ".${model_key}.output // 15")" 'BEGIN{printf "%.4f", (tokens / 1000000) * rate}')
-    total_cost=$(awk -v i="$input_cost" -v o="$output_cost" 'BEGIN{printf "%.4f", i + o}')
+    local total_cost
+    if [[ -n "${TOTAL_COST_USD:-}" && "${TOTAL_COST_USD}" != "0" && "${TOTAL_COST_USD}" != "null" ]]; then
+        total_cost="${TOTAL_COST_USD}"
+    else
+        # Fallback: estimate from token counts and model rates
+        local input_cost output_cost
+        input_cost=$(awk -v tokens="$TOTAL_INPUT_TOKENS" -v rate="$(echo "$COST_MODEL_RATES" | jq -r ".${model_key}.input // 3")" 'BEGIN{printf "%.4f", (tokens / 1000000) * rate}')
+        output_cost=$(awk -v tokens="$TOTAL_OUTPUT_TOKENS" -v rate="$(echo "$COST_MODEL_RATES" | jq -r ".${model_key}.output // 15")" 'BEGIN{printf "%.4f", (tokens / 1000000) * rate}')
+        total_cost=$(awk -v i="$input_cost" -v o="$output_cost" 'BEGIN{printf "%.4f", i + o}')
+    fi
 
     emit_event "pipeline.cost" \
         "input_tokens=$TOTAL_INPUT_TOKENS" \
         "output_tokens=$TOTAL_OUTPUT_TOKENS" \
         "model=$model_key" \
-        "estimated_cost_usd=$total_cost"
+        "cost_usd=$total_cost"
 
     return $exit_code
 }