shipwright-cli 1.9.0 → 1.10.0

package/scripts/sw-pipeline.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="1.9.0"
+VERSION="1.10.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -46,6 +46,10 @@ fi
 if [[ -f "$SCRIPT_DIR/sw-adversarial.sh" ]]; then
     source "$SCRIPT_DIR/sw-adversarial.sh"
 fi
+# shellcheck source=sw-pipeline-vitals.sh
+if [[ -f "$SCRIPT_DIR/sw-pipeline-vitals.sh" ]]; then
+    source "$SCRIPT_DIR/sw-pipeline-vitals.sh"
+fi
 
 # ─── GitHub API Modules (optional) ─────────────────────────────────────────
 # shellcheck source=sw-github-graphql.sh
@@ -99,6 +103,54 @@ format_duration() {
     fi
 }
 
+_pipeline_compact_goal() {
+    local goal="$1"
+    local plan_file="${2:-}"
+    local design_file="${3:-}"
+    local compact="$goal"
+
+    # Include plan summary (first 20 lines only)
+    if [[ -n "$plan_file" && -f "$plan_file" ]]; then
+        compact="${compact}
+
+## Plan Summary
+$(head -20 "$plan_file" 2>/dev/null || true)
+[... full plan in .claude/pipeline-artifacts/plan.md]"
+    fi
+
+    # Include design key decisions only (grep for headers)
+    if [[ -n "$design_file" && -f "$design_file" ]]; then
+        compact="${compact}
+
+## Key Design Decisions
+$(grep -E '^#{1,3} ' "$design_file" 2>/dev/null | head -10 || true)
+[... full design in .claude/pipeline-artifacts/design.md]"
+    fi
+
+    echo "$compact"
+}
+
+load_composed_pipeline() {
+    local spec_file="$1"
+    [[ ! -f "$spec_file" ]] && return 1
+
+    # Read enabled stages from composed spec
+    local composed_stages
+    composed_stages=$(jq -r '.stages // [] | .[] | .id' "$spec_file" 2>/dev/null) || return 1
+    [[ -z "$composed_stages" ]] && return 1
+
+    # Override enabled stages
+    COMPOSED_STAGES="$composed_stages"
+
+    # Override per-stage settings
+    local build_max
+    build_max=$(jq -r '.stages[] | select(.id=="build") | .max_iterations // ""' "$spec_file" 2>/dev/null) || true
+    [[ -n "$build_max" && "$build_max" != "null" ]] && COMPOSED_BUILD_ITERATIONS="$build_max"
+
+    emit_event "pipeline.composed_loaded" "stages=$(echo "$composed_stages" | wc -l | tr -d ' ')"
+    return 0
+}
+
 # ─── Structured Event Log ──────────────────────────────────────────────────
 # Appends JSON events to ~/.shipwright/events.jsonl for metrics/traceability
 
@@ -159,6 +211,8 @@ DRY_RUN=false
 IGNORE_BUDGET=false
 COMPLETED_STAGES=""
 MAX_ITERATIONS_OVERRIDE=""
+MAX_RESTARTS_OVERRIDE=""
+FAST_TEST_CMD_OVERRIDE=""
 PR_NUMBER=""
 AUTO_WORKTREE=false
 WORKTREE_NAME=""
@@ -222,6 +276,8 @@ show_help() {
     echo -e "  ${DIM}--slack-webhook <url>${RESET}     Send notifications to Slack"
     echo -e "  ${DIM}--self-heal <n>${RESET}            Build→test retry cycles on failure (default: 2)"
     echo -e "  ${DIM}--max-iterations <n>${RESET}       Override max build loop iterations"
+    echo -e "  ${DIM}--max-restarts <n>${RESET}         Max session restarts in build loop"
+    echo -e "  ${DIM}--fast-test-cmd <cmd>${RESET}      Fast/subset test for build loop"
     echo -e "  ${DIM}--completed-stages \"a,b\"${RESET}   Skip these stages (CI resume)"
     echo ""
     echo -e "${BOLD}STAGES${RESET}  ${DIM}(configurable per pipeline template)${RESET}"
@@ -304,6 +360,15 @@ parse_args() {
             --dry-run)     DRY_RUN=true; shift ;;
             --slack-webhook) SLACK_WEBHOOK="$2"; shift 2 ;;
             --self-heal)   BUILD_TEST_RETRIES="${2:-3}"; shift 2 ;;
+            --max-restarts)
+                MAX_RESTARTS_OVERRIDE="$2"
+                if ! [[ "$MAX_RESTARTS_OVERRIDE" =~ ^[0-9]+$ ]]; then
+                    error "--max-restarts must be numeric (got: $MAX_RESTARTS_OVERRIDE)"
+                    exit 1
+                fi
+                shift 2 ;;
+
+            --fast-test-cmd) FAST_TEST_CMD_OVERRIDE="$2"; shift 2 ;;
             --help|-h)     show_help; exit 0 ;;
             *)
                 if [[ -z "$PIPELINE_NAME_ARG" ]]; then
@@ -476,6 +541,9 @@ cleanup_on_exit() {
         git stash pop --quiet 2>/dev/null || true
     fi
 
+    # Cancel lingering in_progress GitHub Check Runs
+    pipeline_cancel_check_runs 2>/dev/null || true
+
     # Update GitHub
     if [[ -n "${ISSUE_NUMBER:-}" && "${GH_AVAILABLE:-false}" == "true" ]]; then
         gh_comment_issue "$ISSUE_NUMBER" "⏸️ **Pipeline interrupted** at stage: ${CURRENT_STAGE_ID:-unknown}" 2>/dev/null || true
@@ -1039,6 +1107,7 @@ LOG_ENTRIES=""
 
 save_artifact() {
     local name="$1" content="$2"
+    mkdir -p "$ARTIFACTS_DIR" 2>/dev/null || true
     echo "$content" > "$ARTIFACTS_DIR/$name"
 }
 
@@ -1261,6 +1330,7 @@ initialize_state() {
 
 write_state() {
     [[ -z "${STATE_FILE:-}" || -z "${ARTIFACTS_DIR:-}" ]] && return 0
+    mkdir -p "$(dirname "$STATE_FILE")" 2>/dev/null || true
     local stages_yaml=""
     while IFS=: read -r sid sstatus; do
         [[ -z "$sid" ]] && continue
@@ -1283,28 +1353,31 @@ write_state() {
         stage_progress=$(build_stage_progress)
     fi
 
-    cat > "$STATE_FILE" <<EOF
+    cat > "$STATE_FILE" <<'_SW_STATE_END_'
 ---
-pipeline: $PIPELINE_NAME
-goal: "$GOAL"
-status: $PIPELINE_STATUS
-issue: "${GITHUB_ISSUE:-}"
-branch: "${GIT_BRANCH:-}"
-template: "${TASK_TYPE:+$(template_for_type "$TASK_TYPE")}"
-current_stage: $CURRENT_STAGE
-current_stage_description: "${cur_stage_desc}"
-stage_progress: "${stage_progress}"
-started_at: ${STARTED_AT:-$(now_iso)}
-updated_at: $(now_iso)
-elapsed: ${total_dur:-0s}
-pr_number: ${PR_NUMBER:-}
-progress_comment_id: ${PROGRESS_COMMENT_ID:-}
-stages:
-${stages_yaml}---
-
-## Log
-$LOG_ENTRIES
-EOF
+_SW_STATE_END_
+    # Write state with printf to avoid heredoc delimiter injection
+    {
+        printf 'pipeline: %s\n' "$PIPELINE_NAME"
+        printf 'goal: "%s"\n' "$GOAL"
+        printf 'status: %s\n' "$PIPELINE_STATUS"
+        printf 'issue: "%s"\n' "${GITHUB_ISSUE:-}"
+        printf 'branch: "%s"\n' "${GIT_BRANCH:-}"
+        printf 'template: "%s"\n' "${TASK_TYPE:+$(template_for_type "$TASK_TYPE")}"
+        printf 'current_stage: %s\n' "$CURRENT_STAGE"
+        printf 'current_stage_description: "%s"\n' "${cur_stage_desc}"
+        printf 'stage_progress: "%s"\n' "${stage_progress}"
+        printf 'started_at: %s\n' "${STARTED_AT:-$(now_iso)}"
+        printf 'updated_at: %s\n' "$(now_iso)"
+        printf 'elapsed: %s\n' "${total_dur:-0s}"
+        printf 'pr_number: %s\n' "${PR_NUMBER:-}"
+        printf 'progress_comment_id: %s\n' "${PROGRESS_COMMENT_ID:-}"
+        printf 'stages:\n'
+        printf '%s' "${stages_yaml}"
+        printf -- '---\n\n'
+        printf '## Log\n'
+        printf '%s\n' "$LOG_ENTRIES"
+    } >> "$STATE_FILE"
 }
 
 resume_state() {
@@ -2127,22 +2200,9 @@ stage_build() {
         memory_context=$(bash "$SCRIPT_DIR/sw-memory.sh" inject "build" 2>/dev/null) || true
     fi
 
-    # Build enriched goal with full context
-    local enriched_goal="$GOAL"
-    if [[ -s "$plan_file" ]]; then
-        enriched_goal="$GOAL
-
-Implementation plan (follow this exactly):
-$(cat "$plan_file")"
-    fi
-
-    # Inject approved design document
-    if [[ -s "$design_file" ]]; then
-        enriched_goal="${enriched_goal}
-
-Follow the approved design document:
-$(cat "$design_file")"
-    fi
+    # Build enriched goal with compact context (avoids prompt bloat)
+    local enriched_goal
+    enriched_goal=$(_pipeline_compact_goal "$GOAL" "$plan_file" "$design_file")
 
     # Inject memory context
     if [[ -n "$memory_context" ]]; then
@@ -2263,6 +2323,11 @@ Coverage baseline: ${coverage_baseline}% — do not decrease coverage."
         [[ "$quality" == "true" ]] && loop_args+=(--quality-gates)
     fi
 
+    # Session restart capability
+    [[ -n "${MAX_RESTARTS_OVERRIDE:-}" ]] && loop_args+=(--max-restarts "$MAX_RESTARTS_OVERRIDE")
+    # Fast test mode
+    [[ -n "${FAST_TEST_CMD_OVERRIDE:-}" ]] && loop_args+=(--fast-test-cmd "$FAST_TEST_CMD_OVERRIDE")
+
     # Definition of Done: use plan-extracted DoD if available
     [[ -s "$dod_file" ]] && loop_args+=(--definition-of-done "$dod_file")
 
@@ -2279,7 +2344,23 @@ Coverage baseline: ${coverage_baseline}% — do not decrease coverage."
     local _token_log="${ARTIFACTS_DIR}/.claude-tokens-build.log"
     export PIPELINE_JOB_ID="${PIPELINE_NAME:-pipeline-$$}"
     sw loop "${loop_args[@]}" < /dev/null 2>"$_token_log" || {
+        local _loop_exit=$?
         parse_claude_tokens "$_token_log"
+
+        # Detect context exhaustion from progress file
+        local _progress_file="${PWD}/.claude/loop-logs/progress.md"
+        if [[ -f "$_progress_file" ]]; then
+            local _prog_tests
+            _prog_tests=$(grep -oE 'Tests passing: (true|false)' "$_progress_file" 2>/dev/null | awk '{print $NF}' || echo "unknown")
+            if [[ "$_prog_tests" != "true" ]]; then
+                warn "Build loop exhausted with failing tests (context exhaustion)"
+                emit_event "pipeline.context_exhaustion" "issue=${ISSUE_NUMBER:-0}" "stage=build"
+                # Write flag for daemon retry logic
+                mkdir -p "$ARTIFACTS_DIR" 2>/dev/null || true
+                echo "context_exhaustion" > "$ARTIFACTS_DIR/failure-reason.txt" 2>/dev/null || true
+            fi
+        fi
+
         error "Build loop failed"
         return 1
     }
@@ -2406,6 +2487,16 @@ ${test_summary}
 </details>"
     fi
 
+    # Write coverage summary for pre-deploy gate
+    local _cov_pct=0
+    if [[ -f "$ARTIFACTS_DIR/test-results.log" ]]; then
+        _cov_pct=$(grep -oE '[0-9]+%' "$ARTIFACTS_DIR/test-results.log" 2>/dev/null | head -1 | tr -d '%' || true)
+        _cov_pct="${_cov_pct:-0}"
+    fi
+    local _cov_tmp
+    _cov_tmp=$(mktemp "${ARTIFACTS_DIR}/test-coverage.json.tmp.XXXXXX")
+    printf '{"coverage_pct":%d}' "${_cov_pct:-0}" > "$_cov_tmp" && mv "$_cov_tmp" "$ARTIFACTS_DIR/test-coverage.json" || rm -f "$_cov_tmp"
+
     log_stage "test" "Tests passed${coverage:+ (coverage: ${coverage}%)}"
 }
 
@@ -3229,41 +3320,157 @@ stage_deploy() {
         fi
     fi
 
-    # Post deploy start to GitHub
-    if [[ -n "$ISSUE_NUMBER" ]]; then
-        gh_comment_issue "$ISSUE_NUMBER" "🚀 **Deploy started**"
+    # ── Pre-deploy gates ──
+    local pre_deploy_ci
+    pre_deploy_ci=$(jq -r --arg id "deploy" '(.stages[] | select(.id == $id) | .config.pre_deploy_ci_status) // "true"' "$PIPELINE_CONFIG" 2>/dev/null) || true
+
+    if [[ "${pre_deploy_ci:-true}" == "true" && "${NO_GITHUB:-false}" != "true" && -n "${REPO_OWNER:-}" && -n "${REPO_NAME:-}" ]]; then
+        info "Pre-deploy gate: checking CI status..."
+        local ci_failures
+        ci_failures=$(gh api "repos/${REPO_OWNER}/${REPO_NAME}/commits/${GIT_BRANCH:-HEAD}/check-runs" \
+            --jq '[.check_runs[] | select(.conclusion != null and .conclusion != "success" and .conclusion != "skipped")] | length' 2>/dev/null || echo "0")
+        if [[ "${ci_failures:-0}" -gt 0 ]]; then
+            error "Pre-deploy gate FAILED: ${ci_failures} CI check(s) not passing"
+            [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "Pre-deploy gate: ${ci_failures} CI checks failing" 2>/dev/null || true
+            return 1
+        fi
+        success "Pre-deploy gate: all CI checks passing"
     fi
 
-    if [[ -n "$staging_cmd" ]]; then
-        info "Deploying to staging..."
-        bash -c "$staging_cmd" > "$ARTIFACTS_DIR/deploy-staging.log" 2>&1 || {
-            error "Staging deploy failed"
-            [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "❌ Staging deploy failed"
-            # Mark GitHub deployment as failed
-            if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete &>/dev/null 2>&1; then
-                gh_deploy_pipeline_complete "$REPO_OWNER" "$REPO_NAME" "$gh_deploy_env" false "Staging deploy failed" 2>/dev/null || true
-            fi
+    local pre_deploy_min_cov
+    pre_deploy_min_cov=$(jq -r --arg id "deploy" '(.stages[] | select(.id == $id) | .config.pre_deploy_min_coverage) // ""' "$PIPELINE_CONFIG" 2>/dev/null) || true
+    if [[ -n "${pre_deploy_min_cov:-}" && "${pre_deploy_min_cov}" != "null" && -f "$ARTIFACTS_DIR/test-coverage.json" ]]; then
+        local actual_cov
+        actual_cov=$(jq -r '.coverage_pct // 0' "$ARTIFACTS_DIR/test-coverage.json" 2>/dev/null || echo "0")
+        if [[ "${actual_cov:-0}" -lt "$pre_deploy_min_cov" ]]; then
+            error "Pre-deploy gate FAILED: coverage ${actual_cov}% < required ${pre_deploy_min_cov}%"
+            [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "Pre-deploy gate: coverage ${actual_cov}% below minimum ${pre_deploy_min_cov}%" 2>/dev/null || true
             return 1
-        }
-        success "Staging deploy complete"
+        fi
+        success "Pre-deploy gate: coverage ${actual_cov}% >= ${pre_deploy_min_cov}%"
     fi
 
-    if [[ -n "$prod_cmd" ]]; then
-        info "Deploying to production..."
-        bash -c "$prod_cmd" > "$ARTIFACTS_DIR/deploy-prod.log" 2>&1 || {
-            error "Production deploy failed"
-            if [[ -n "$rollback_cmd" ]]; then
-                warn "Rolling back..."
-                bash -c "$rollback_cmd" 2>&1 || error "Rollback also failed!"
+    # Post deploy start to GitHub
+    if [[ -n "$ISSUE_NUMBER" ]]; then
+        gh_comment_issue "$ISSUE_NUMBER" "Deploy started"
+    fi
+
+    # ── Deploy strategy ──
+    local deploy_strategy
+    deploy_strategy=$(jq -r --arg id "deploy" '(.stages[] | select(.id == $id) | .config.deploy_strategy) // "direct"' "$PIPELINE_CONFIG" 2>/dev/null) || true
+    [[ "$deploy_strategy" == "null" ]] && deploy_strategy="direct"
+
+    local canary_cmd promote_cmd switch_cmd health_url deploy_log
+    canary_cmd=$(jq -r --arg id "deploy" '(.stages[] | select(.id == $id) | .config.canary_cmd) // ""' "$PIPELINE_CONFIG" 2>/dev/null) || true
+    [[ "$canary_cmd" == "null" ]] && canary_cmd=""
+    promote_cmd=$(jq -r --arg id "deploy" '(.stages[] | select(.id == $id) | .config.promote_cmd) // ""' "$PIPELINE_CONFIG" 2>/dev/null) || true
+    [[ "$promote_cmd" == "null" ]] && promote_cmd=""
+    switch_cmd=$(jq -r --arg id "deploy" '(.stages[] | select(.id == $id) | .config.switch_cmd) // ""' "$PIPELINE_CONFIG" 2>/dev/null) || true
+    [[ "$switch_cmd" == "null" ]] && switch_cmd=""
+    health_url=$(jq -r --arg id "deploy" '(.stages[] | select(.id == $id) | .config.health_url) // ""' "$PIPELINE_CONFIG" 2>/dev/null) || true
+    [[ "$health_url" == "null" ]] && health_url=""
+    deploy_log="$ARTIFACTS_DIR/deploy.log"
+
+    case "$deploy_strategy" in
+        canary)
+            info "Canary deployment strategy..."
+            if [[ -z "$canary_cmd" ]]; then
+                warn "No canary_cmd configured — falling back to direct"
+                deploy_strategy="direct"
+            else
+                info "Deploying canary..."
+                bash -c "$canary_cmd" >> "$deploy_log" 2>&1 || { error "Canary deploy failed"; return 1; }
+
+                if [[ -n "$health_url" ]]; then
+                    local canary_healthy=0
+                    local _chk
+                    for _chk in 1 2 3; do
+                        sleep 10
+                        local _status
+                        _status=$(curl -s -o /dev/null -w "%{http_code}" "$health_url" 2>/dev/null || echo "0")
+                        if [[ "$_status" -ge 200 && "$_status" -lt 400 ]]; then
+                            canary_healthy=$((canary_healthy + 1))
+                        fi
+                    done
+                    if [[ "$canary_healthy" -lt 2 ]]; then
+                        error "Canary health check failed ($canary_healthy/3 passed) — rolling back"
+                        [[ -n "$rollback_cmd" ]] && bash -c "$rollback_cmd" 2>/dev/null || true
+                        return 1
+                    fi
+                    success "Canary healthy ($canary_healthy/3 checks passed)"
+                fi
+
+                info "Promoting canary to full deployment..."
+                if [[ -n "$promote_cmd" ]]; then
+                    bash -c "$promote_cmd" >> "$deploy_log" 2>&1 || { error "Promote failed"; return 1; }
+                fi
+                success "Canary promoted"
             fi
-            [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "❌ Production deploy failed — rollback ${rollback_cmd:+attempted}"
-            # Mark GitHub deployment as failed
-            if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete &>/dev/null 2>&1; then
-                gh_deploy_pipeline_complete "$REPO_OWNER" "$REPO_NAME" "$gh_deploy_env" false "Production deploy failed" 2>/dev/null || true
+            ;;
+        blue-green)
+            info "Blue-green deployment strategy..."
+            if [[ -z "$staging_cmd" || -z "$switch_cmd" ]]; then
+                warn "Blue-green requires staging_cmd + switch_cmd — falling back to direct"
+                deploy_strategy="direct"
+            else
+                info "Deploying to inactive environment..."
+                bash -c "$staging_cmd" >> "$deploy_log" 2>&1 || { error "Blue-green staging failed"; return 1; }
+
+                if [[ -n "$health_url" ]]; then
+                    local bg_healthy=0
+                    local _chk
+                    for _chk in 1 2 3; do
+                        sleep 5
+                        local _status
+                        _status=$(curl -s -o /dev/null -w "%{http_code}" "$health_url" 2>/dev/null || echo "0")
+                        [[ "$_status" -ge 200 && "$_status" -lt 400 ]] && bg_healthy=$((bg_healthy + 1))
+                    done
+                    if [[ "$bg_healthy" -lt 2 ]]; then
+                        error "Blue-green health check failed — not switching"
+                        return 1
+                    fi
+                fi
+
+                info "Switching traffic..."
+                bash -c "$switch_cmd" >> "$deploy_log" 2>&1 || { error "Traffic switch failed"; return 1; }
+                success "Blue-green switch complete"
             fi
-            return 1
-        }
-        success "Production deploy complete"
+            ;;
+    esac
+
+    # ── Direct deployment (default or fallback) ──
+    if [[ "$deploy_strategy" == "direct" ]]; then
+        if [[ -n "$staging_cmd" ]]; then
+            info "Deploying to staging..."
+            bash -c "$staging_cmd" > "$ARTIFACTS_DIR/deploy-staging.log" 2>&1 || {
+                error "Staging deploy failed"
+                [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "Staging deploy failed"
+                # Mark GitHub deployment as failed
+                if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete &>/dev/null 2>&1; then
+                    gh_deploy_pipeline_complete "$REPO_OWNER" "$REPO_NAME" "$gh_deploy_env" false "Staging deploy failed" 2>/dev/null || true
+                fi
+                return 1
+            }
+            success "Staging deploy complete"
+        fi
+
+        if [[ -n "$prod_cmd" ]]; then
+            info "Deploying to production..."
+            bash -c "$prod_cmd" > "$ARTIFACTS_DIR/deploy-prod.log" 2>&1 || {
+                error "Production deploy failed"
+                if [[ -n "$rollback_cmd" ]]; then
+                    warn "Rolling back..."
+                    bash -c "$rollback_cmd" 2>&1 || error "Rollback also failed!"
+                fi
+                [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "Production deploy failed — rollback ${rollback_cmd:+attempted}"
+                # Mark GitHub deployment as failed
+                if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete &>/dev/null 2>&1; then
+                    gh_deploy_pipeline_complete "$REPO_OWNER" "$REPO_NAME" "$gh_deploy_env" false "Production deploy failed" 2>/dev/null || true
+                fi
+                return 1
+            }
+            success "Production deploy complete"
+        fi
     fi
 
     if [[ -n "$ISSUE_NUMBER" ]]; then
@@ -4449,13 +4656,1015 @@ run_dod_audit() {
     return 0
 }
 
+# ─── Intelligent Pipeline Orchestration ──────────────────────────────────────
+# AGI-like decision making: skip, classify, adapt, reassess, backtrack
+
+# Global state for intelligence features
+PIPELINE_BACKTRACK_COUNT="${PIPELINE_BACKTRACK_COUNT:-0}"
+PIPELINE_MAX_BACKTRACKS=2
+PIPELINE_ADAPTIVE_COMPLEXITY=""
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 1. Intelligent Stage Skipping
+# Evaluates whether a stage should be skipped based on triage score, complexity,
+# issue labels, and diff size. Called before each stage in run_pipeline().
+# Returns 0 if the stage SHOULD be skipped, 1 if it should run.
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_should_skip_stage() {
+    local stage_id="$1"
+    local reason=""
+
+    # Never skip intake or build — they're always required
+    case "$stage_id" in
+        intake|build|test|pr|merge) return 1 ;;
+    esac
+
+    # ── Signal 1: Triage score (from intelligence analysis) ──
+    local triage_score="${INTELLIGENCE_COMPLEXITY:-0}"
+    # Convert: high triage score (simple issue) means skip more stages
+    # INTELLIGENCE_COMPLEXITY is 1-10 (1=simple, 10=complex)
+    # Score >= 70 in daemon means simple → complexity 1-3
+    local complexity="${INTELLIGENCE_COMPLEXITY:-5}"
+
+    # ── Signal 2: Issue labels ──
+    local labels="${ISSUE_LABELS:-}"
+
+    # Documentation issues: skip test, review, compound_quality
+    if echo ",$labels," | grep -qiE ',documentation,|,docs,|,typo,'; then
+        case "$stage_id" in
+            test|review|compound_quality)
+                reason="label:documentation"
+                ;;
+        esac
+    fi
+
+    # Hotfix issues: skip plan, design, compound_quality
+    if echo ",$labels," | grep -qiE ',hotfix,|,urgent,|,p0,'; then
+        case "$stage_id" in
+            plan|design|compound_quality)
+                reason="label:hotfix"
+                ;;
+        esac
+    fi
+
+    # ── Signal 3: Intelligence complexity ──
+    if [[ -z "$reason" && "$complexity" -gt 0 ]]; then
+        # Complexity 1-2: very simple → skip design, compound_quality, review
+        if [[ "$complexity" -le 2 ]]; then
+            case "$stage_id" in
+                design|compound_quality|review)
+                    reason="complexity:${complexity}/10"
+                    ;;
+            esac
+        # Complexity 1-3: simple → skip design
+        elif [[ "$complexity" -le 3 ]]; then
+            case "$stage_id" in
+                design)
+                    reason="complexity:${complexity}/10"
+                    ;;
+            esac
+        fi
+    fi
+
+    # ── Signal 4: Diff size (after build) ──
+    if [[ -z "$reason" && "$stage_id" == "compound_quality" ]]; then
+        local diff_lines=0
+        local _skip_stat
+        _skip_stat=$(git diff "${BASE_BRANCH:-main}...HEAD" --stat 2>/dev/null | tail -1) || true
+        if [[ -n "${_skip_stat:-}" ]]; then
+            local _s_ins _s_del
+            _s_ins=$(echo "$_skip_stat" | grep -oE '[0-9]+ insertion' | grep -oE '[0-9]+') || true
+            _s_del=$(echo "$_skip_stat" | grep -oE '[0-9]+ deletion' | grep -oE '[0-9]+') || true
+            diff_lines=$(( ${_s_ins:-0} + ${_s_del:-0} ))
+        fi
+        diff_lines="${diff_lines:-0}"
+        if [[ "$diff_lines" -gt 0 && "$diff_lines" -lt 20 ]]; then
+            reason="diff_size:${diff_lines}_lines"
+        fi
+    fi
+
+    # ── Signal 5: Mid-pipeline reassessment override ──
+    if [[ -z "$reason" && -f "$ARTIFACTS_DIR/reassessment.json" ]]; then
+        local skip_stages
+        skip_stages=$(jq -r '.skip_stages // [] | .[]' "$ARTIFACTS_DIR/reassessment.json" 2>/dev/null || true)
+        if echo "$skip_stages" | grep -qx "$stage_id" 2>/dev/null; then
+            reason="reassessment:simpler_than_expected"
+        fi
+    fi
+
+    if [[ -n "$reason" ]]; then
+        emit_event "intelligence.stage_skipped" \
+            "issue=${ISSUE_NUMBER:-0}" \
+            "stage=$stage_id" \
+            "reason=$reason" \
+            "complexity=${complexity}" \
+            "labels=${labels}"
+        echo "$reason"
+        return 0
+    fi
+
+    return 1
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 2. Smart Finding Classification & Routing
+# Parses compound quality findings and classifies each as:
+#   architecture, security, correctness, style
+# Returns JSON with classified findings and routing recommendations.
+# ──────────────────────────────────────────────────────────────────────────────
+classify_quality_findings() {
+    local findings_dir="$ARTIFACTS_DIR"
+    local result_file="$ARTIFACTS_DIR/classified-findings.json"
+
+    # Initialize counters
+    local arch_count=0 security_count=0 correctness_count=0 performance_count=0 testing_count=0 style_count=0
+
+    # Start building JSON array
+    local findings_json="[]"
+
+    # ── Parse adversarial review ──
+    if [[ -f "$findings_dir/adversarial-review.md" ]]; then
+        local adv_content
+        adv_content=$(cat "$findings_dir/adversarial-review.md" 2>/dev/null || true)
+
+        # Architecture findings: dependency violations, layer breaches, circular refs
+        local arch_findings
+        arch_findings=$(echo "$adv_content" | grep -ciE 'architect|layer.*violation|circular.*depend|coupling|abstraction|design.*flaw|separation.*concern' 2>/dev/null || true)
+        arch_count=$((arch_count + ${arch_findings:-0}))
+
+        # Security findings
+        local sec_findings
+        sec_findings=$(echo "$adv_content" | grep -ciE 'security|vulnerab|injection|XSS|CSRF|auth.*bypass|privilege|sanitiz|escap' 2>/dev/null || true)
+        security_count=$((security_count + ${sec_findings:-0}))
+
+        # Correctness findings: bugs, logic errors, edge cases
+        local corr_findings
+        corr_findings=$(echo "$adv_content" | grep -ciE '\*\*\[?(Critical|Bug|Error|critical|high)\]?\*\*|race.*condition|null.*pointer|off.*by.*one|edge.*case|undefined.*behav' 2>/dev/null || true)
+        correctness_count=$((correctness_count + ${corr_findings:-0}))
+
+        # Performance findings
+        local perf_findings
+        perf_findings=$(echo "$adv_content" | grep -ciE 'latency|slow|memory leak|O\(n|N\+1|cache miss|performance|bottleneck|throughput' 2>/dev/null || true)
+        performance_count=$((performance_count + ${perf_findings:-0}))
+
+        # Testing findings
+        local test_findings
+        test_findings=$(echo "$adv_content" | grep -ciE 'untested|missing test|no coverage|flaky|test gap|test missing|coverage gap' 2>/dev/null || true)
+        testing_count=$((testing_count + ${test_findings:-0}))
+
+        # Style findings
+        local style_findings
+        style_findings=$(echo "$adv_content" | grep -ciE 'naming|convention|format|style|readabil|inconsisten|whitespace|comment' 2>/dev/null || true)
+        style_count=$((style_count + ${style_findings:-0}))
+    fi
+
+    # ── Parse architecture validation ──
+    if [[ -f "$findings_dir/compound-architecture-validation.json" ]]; then
+        local arch_json_count
+        arch_json_count=$(jq '[.[] | select(.severity == "critical" or .severity == "high")] | length' "$findings_dir/compound-architecture-validation.json" 2>/dev/null || echo "0")
+        arch_count=$((arch_count + ${arch_json_count:-0}))
+    fi
+
+    # ── Parse security audit ──
+    if [[ -f "$findings_dir/security-audit.log" ]]; then
+        local sec_audit
+        sec_audit=$(grep -ciE 'critical|high' "$findings_dir/security-audit.log" 2>/dev/null || true)
+        security_count=$((security_count + ${sec_audit:-0}))
+    fi
+
+    # ── Parse negative review ──
+    if [[ -f "$findings_dir/negative-review.md" ]]; then
+        local neg_corr
+        neg_corr=$(grep -ciE '\[Critical\]|\[High\]' "$findings_dir/negative-review.md" 2>/dev/null || true)
+        correctness_count=$((correctness_count + ${neg_corr:-0}))
+    fi
+
+    # ── Determine routing ──
+    # Priority order: security > architecture > correctness > performance > testing > style
+    local route="correctness"  # default
+    local needs_backtrack=false
+    local priority_findings=""
+
+    if [[ "$security_count" -gt 0 ]]; then
+        route="security"
+        priority_findings="security:${security_count}"
+    fi
+
+    if [[ "$arch_count" -gt 0 ]]; then
+        if [[ "$route" == "correctness" ]]; then
+            route="architecture"
+            needs_backtrack=true
+        fi
+        priority_findings="${priority_findings:+${priority_findings},}architecture:${arch_count}"
+    fi
+
+    if [[ "$correctness_count" -gt 0 ]]; then
+        priority_findings="${priority_findings:+${priority_findings},}correctness:${correctness_count}"
+    fi
+
+    if [[ "$performance_count" -gt 0 ]]; then
+        if [[ "$route" == "correctness" && "$correctness_count" -eq 0 ]]; then
+            route="performance"
+        fi
+        priority_findings="${priority_findings:+${priority_findings},}performance:${performance_count}"
+    fi
+
+    if [[ "$testing_count" -gt 0 ]]; then
+        if [[ "$route" == "correctness" && "$correctness_count" -eq 0 && "$performance_count" -eq 0 ]]; then
+            route="testing"
+        fi
+        priority_findings="${priority_findings:+${priority_findings},}testing:${testing_count}"
+    fi
+
+    # Style findings don't affect routing or count toward failure threshold
+    local total_blocking=$((arch_count + security_count + correctness_count + performance_count + testing_count))
+
+    # Write classified findings
+    local tmp_findings
+    tmp_findings="$(mktemp)"
+    jq -n \
+        --argjson arch "$arch_count" \
+        --argjson security "$security_count" \
+        --argjson correctness "$correctness_count" \
+        --argjson performance "$performance_count" \
+        --argjson testing "$testing_count" \
+        --argjson style "$style_count" \
+        --argjson total_blocking "$total_blocking" \
+        --arg route "$route" \
+        --argjson needs_backtrack "$needs_backtrack" \
+        --arg priority "$priority_findings" \
+        '{
+            architecture: $arch,
+            security: $security,
+            correctness: $correctness,
+            performance: $performance,
+            testing: $testing,
+            style: $style,
+            total_blocking: $total_blocking,
+            route: $route,
+            needs_backtrack: $needs_backtrack,
+            priority_findings: $priority
+        }' > "$tmp_findings" 2>/dev/null && mv "$tmp_findings" "$result_file" || rm -f "$tmp_findings"
+
+    emit_event "intelligence.findings_classified" \
+        "issue=${ISSUE_NUMBER:-0}" \
+        "architecture=$arch_count" \
+        "security=$security_count" \
+        "correctness=$correctness_count" \
+        "performance=$performance_count" \
+        "testing=$testing_count" \
+        "style=$style_count" \
+        "route=$route" \
+        "needs_backtrack=$needs_backtrack"
+
+    echo "$route"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 3. Adaptive Cycle Limits
+# Replaces hardcoded max_cycles with convergence-driven limits.
+# Takes the base limit, returns an adjusted limit based on:
+#   - Learned iteration model
+#   - Convergence/divergence signals
+#   - Budget constraints
+#   - Hard ceiling (2x template max)
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_adaptive_cycles() {
+    local base_limit="$1"
+    local context="${2:-compound_quality}"  # compound_quality or build_test
+    local current_issue_count="${3:-0}"
+    local prev_issue_count="${4:--1}"
+
+    local adjusted="$base_limit"
+    local hard_ceiling=$((base_limit * 2))
+
+    # ── Learned iteration model ──
+    local model_file="${HOME}/.shipwright/optimization/iteration-model.json"
+    if [[ -f "$model_file" ]]; then
+        local learned
+        learned=$(jq -r --arg ctx "$context" '.[$ctx].recommended_cycles // 0' "$model_file" 2>/dev/null || echo "0")
+        if [[ "$learned" -gt 0 && "$learned" -le "$hard_ceiling" ]]; then
+            adjusted="$learned"
+        fi
+    fi
+
+    # ── Convergence acceleration ──
+    # If issue count drops >50% per cycle, extend limit by 1 (we're making progress)
+    if [[ "$prev_issue_count" -gt 0 && "$current_issue_count" -ge 0 ]]; then
+        local half_prev=$((prev_issue_count / 2))
+        if [[ "$current_issue_count" -le "$half_prev" && "$current_issue_count" -gt 0 ]]; then
+            # Rapid convergence — extend by 1
+            local new_limit=$((adjusted + 1))
+            if [[ "$new_limit" -le "$hard_ceiling" ]]; then
+                adjusted="$new_limit"
+                emit_event "intelligence.convergence_acceleration" \
+                    "issue=${ISSUE_NUMBER:-0}" \
+                    "context=$context" \
+                    "prev_issues=$prev_issue_count" \
+                    "current_issues=$current_issue_count" \
+                    "new_limit=$adjusted"
+            fi
+        fi
+
+        # ── Divergence detection ──
+        # If issue count increases, reduce remaining cycles
+        if [[ "$current_issue_count" -gt "$prev_issue_count" ]]; then
+            local reduced=$((adjusted - 1))
+            if [[ "$reduced" -ge 1 ]]; then
+                adjusted="$reduced"
+                emit_event "intelligence.divergence_detected" \
+                    "issue=${ISSUE_NUMBER:-0}" \
+                    "context=$context" \
+                    "prev_issues=$prev_issue_count" \
+                    "current_issues=$current_issue_count" \
+                    "new_limit=$adjusted"
+            fi
+        fi
+    fi
+
+    # ── Budget gate ──
+    if [[ "$IGNORE_BUDGET" != "true" ]] && [[ -x "$SCRIPT_DIR/sw-cost.sh" ]]; then
+        local budget_rc=0
+        bash "$SCRIPT_DIR/sw-cost.sh" check-budget 2>/dev/null || budget_rc=$?
+        if [[ "$budget_rc" -eq 2 ]]; then
+            # Budget exhausted — cap at current cycle
+            adjusted=0
+            emit_event "intelligence.budget_cap" \
+                "issue=${ISSUE_NUMBER:-0}" \
+                "context=$context"
+        fi
+    fi
+
+    # ── Enforce hard ceiling ──
+    if [[ "$adjusted" -gt "$hard_ceiling" ]]; then
+        adjusted="$hard_ceiling"
+    fi
+
+    echo "$adjusted"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 5. Intelligent Audit Selection
+# AI-driven audit selection — all audits enabled, intensity varies.
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_select_audits() {
+    local audit_intensity
+    audit_intensity=$(jq -r --arg id "compound_quality" \
+        '(.stages[] | select(.id == $id) | .config.audit_intensity) // "auto"' \
+        "$PIPELINE_CONFIG" 2>/dev/null) || true
+    [[ -z "$audit_intensity" || "$audit_intensity" == "null" ]] && audit_intensity="auto"
+
+    # Short-circuit for explicit overrides
+    case "$audit_intensity" in
+        off)
+            echo '{"adversarial":"off","architecture":"off","simulation":"off","security":"off","dod":"off"}'
+            return 0
+            ;;
+        full|lightweight)
+            jq -n --arg i "$audit_intensity" \
+                '{adversarial:$i,architecture:$i,simulation:$i,security:$i,dod:$i}'
+            return 0
+            ;;
+    esac
+
+    # ── Auto mode: data-driven intensity ──
+    local default_intensity="targeted"
+    local security_intensity="targeted"
+
+    # Read last 5 quality scores for this repo
+    local quality_scores_file="${HOME}/.shipwright/optimization/quality-scores.jsonl"
+    local repo_name
+    repo_name=$(basename "${PROJECT_ROOT:-.}") || true
+    if [[ -f "$quality_scores_file" ]]; then
+        local recent_scores
+        recent_scores=$(grep "\"repo\":\"${repo_name}\"" "$quality_scores_file" 2>/dev/null | tail -5) || true
+        if [[ -n "$recent_scores" ]]; then
+            # Check for critical findings in recent history
+            local has_critical
+            has_critical=$(echo "$recent_scores" | jq -s '[.[].findings.critical // 0] | add' 2>/dev/null || echo "0")
+            has_critical="${has_critical:-0}"
+            if [[ "$has_critical" -gt 0 ]]; then
+                security_intensity="full"
+            fi
+
+            # Compute average quality score
+            local avg_score
+            avg_score=$(echo "$recent_scores" | jq -s 'if length > 0 then ([.[].quality_score] | add / length | floor) else 70 end' 2>/dev/null || echo "70")
+            avg_score="${avg_score:-70}"
+
+            if [[ "$avg_score" -lt 60 ]]; then
+                default_intensity="full"
+                security_intensity="full"
+            elif [[ "$avg_score" -gt 80 ]]; then
+                default_intensity="lightweight"
+                [[ "$security_intensity" != "full" ]] && security_intensity="lightweight"
+            fi
+        fi
+    fi
+
+    # Intelligence cache: upgrade targeted→full for complex changes
+    local intel_cache="${PROJECT_ROOT}/.claude/intelligence-cache.json"
+    if [[ -f "$intel_cache" && "$default_intensity" == "targeted" ]]; then
+        local complexity
+        complexity=$(jq -r '.complexity // "medium"' "$intel_cache" 2>/dev/null || echo "medium")
+        if [[ "$complexity" == "high" || "$complexity" == "very_high" ]]; then
+            default_intensity="full"
+            security_intensity="full"
+        fi
+    fi
+
+    emit_event "pipeline.audit_selection" \
+        "issue=${ISSUE_NUMBER:-0}" \
+        "default_intensity=$default_intensity" \
+        "security_intensity=$security_intensity" \
+        "repo=$repo_name"
+
+    jq -n \
+        --arg adv "$default_intensity" \
+        --arg arch "$default_intensity" \
+        --arg sim "$default_intensity" \
+        --arg sec "$security_intensity" \
+        --arg dod "$default_intensity" \
+        '{adversarial:$adv,architecture:$arch,simulation:$sim,security:$sec,dod:$dod}'
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 6. Definition of Done Verification
+# Strict DoD enforcement after compound quality completes.
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_verify_dod() {
+    local artifacts_dir="${1:-$ARTIFACTS_DIR}"
+    local checks_total=0 checks_passed=0
+    local results=""
+
+    # 1. Test coverage: verify changed source files have test counterparts
+    local changed_files
+    changed_files=$(git diff --name-only "${BASE_BRANCH:-main}...HEAD" 2>/dev/null || true)
+    local missing_tests=""
+    local files_checked=0
+
+    if [[ -n "$changed_files" ]]; then
+        while IFS= read -r src_file; do
+            [[ -z "$src_file" ]] && continue
+            # Only check source code files
+            case "$src_file" in
+                *.ts|*.js|*.tsx|*.jsx|*.py|*.go|*.rs|*.sh)
+                    # Skip test files themselves and config files
+                    case "$src_file" in
+                        *test*|*spec*|*__tests__*|*.config.*|*.d.ts) continue ;;
+                    esac
+                    files_checked=$((files_checked + 1))
+                    checks_total=$((checks_total + 1))
+                    # Check for corresponding test file
+                    local base_name dir_name ext
+                    base_name=$(basename "$src_file")
+                    dir_name=$(dirname "$src_file")
+                    ext="${base_name##*.}"
+                    local stem="${base_name%.*}"
+                    local test_found=false
+                    # Common test file patterns
+                    for pattern in \
+                        "${dir_name}/${stem}.test.${ext}" \
+                        "${dir_name}/${stem}.spec.${ext}" \
+                        "${dir_name}/__tests__/${stem}.test.${ext}" \
+                        "${dir_name}/${stem}-test.${ext}" \
+                        "${dir_name}/test_${stem}.${ext}" \
+                        "${dir_name}/${stem}_test.${ext}"; do
+                        if [[ -f "$pattern" ]]; then
+                            test_found=true
+                            break
+                        fi
+                    done
+                    if $test_found; then
+                        checks_passed=$((checks_passed + 1))
+                    else
+                        missing_tests="${missing_tests}${src_file}\n"
+                    fi
+                    ;;
+            esac
+        done <<EOF
+$changed_files
+EOF
+    fi
+
+    # 2. Test-added verification: if significant logic added, ensure tests were also added
+    local logic_lines=0 test_lines=0
+    if [[ -n "$changed_files" ]]; then
+        local full_diff
+        full_diff=$(git diff "${BASE_BRANCH:-main}...HEAD" 2>/dev/null || true)
+        if [[ -n "$full_diff" ]]; then
+            # Count added lines matching source patterns (rough heuristic)
+            logic_lines=$(echo "$full_diff" | grep -cE '^\+.*(function |class |if |for |while |return |export )' 2>/dev/null || true)
+            logic_lines="${logic_lines:-0}"
+            # Count added lines in test files
+            test_lines=$(echo "$full_diff" | grep -cE '^\+.*(it\(|test\(|describe\(|expect\(|assert|def test_|func Test)' 2>/dev/null || true)
+            test_lines="${test_lines:-0}"
+        fi
+    fi
+    checks_total=$((checks_total + 1))
+    local test_ratio_passed=true
+    if [[ "$logic_lines" -gt 20 && "$test_lines" -eq 0 ]]; then
+        test_ratio_passed=false
+        warn "DoD verification: ${logic_lines} logic lines added but no test lines detected"
+    else
+        checks_passed=$((checks_passed + 1))
+    fi
+
+    # 3. Behavioral verification: check DoD audit artifacts for evidence
+    local dod_audit_file="$artifacts_dir/dod-audit.md"
+    local dod_verified=0 dod_total_items=0
+    if [[ -f "$dod_audit_file" ]]; then
+        # Count items marked as passing
+        dod_total_items=$(grep -cE '^\s*-\s*\[x\]' "$dod_audit_file" 2>/dev/null || true)
+        dod_total_items="${dod_total_items:-0}"
+        local dod_failing
+        dod_failing=$(grep -cE '^\s*-\s*\[\s\]' "$dod_audit_file" 2>/dev/null || true)
+        dod_failing="${dod_failing:-0}"
+        dod_verified=$dod_total_items
+        checks_total=$((checks_total + dod_total_items + ${dod_failing:-0}))
+        checks_passed=$((checks_passed + dod_total_items))
+    fi
+
+    # Compute pass rate
+    local pass_rate=100
+    if [[ "$checks_total" -gt 0 ]]; then
+        pass_rate=$(( (checks_passed * 100) / checks_total ))
+    fi
+
+    # Write results
+    local tmp_result
+    tmp_result=$(mktemp)
+    jq -n \
+        --argjson checks_total "$checks_total" \
+        --argjson checks_passed "$checks_passed" \
+        --argjson pass_rate "$pass_rate" \
+        --argjson files_checked "$files_checked" \
+        --arg missing_tests "$(echo -e "$missing_tests" | head -20)" \
+        --argjson logic_lines "$logic_lines" \
+        --argjson test_lines "$test_lines" \
+        --argjson test_ratio_passed "$test_ratio_passed" \
+        --argjson dod_verified "$dod_verified" \
+        '{
+            checks_total: $checks_total,
+            checks_passed: $checks_passed,
+            pass_rate: $pass_rate,
+            files_checked: $files_checked,
+            missing_tests: ($missing_tests | split("\n") | map(select(. != ""))),
+            logic_lines: $logic_lines,
+            test_lines: $test_lines,
+            test_ratio_passed: $test_ratio_passed,
+            dod_verified: $dod_verified
+        }' > "$tmp_result" 2>/dev/null
+    mv "$tmp_result" "$artifacts_dir/dod-verification.json"
+
+    emit_event "pipeline.dod_verification" \
+        "issue=${ISSUE_NUMBER:-0}" \
+        "checks_total=$checks_total" \
+        "checks_passed=$checks_passed" \
+        "pass_rate=$pass_rate"
+
+    # Fail if pass rate < 70%
+    if [[ "$pass_rate" -lt 70 ]]; then
+        warn "DoD verification: ${pass_rate}% pass rate (${checks_passed}/${checks_total} checks)"
+        return 1
+    fi
+
+    success "DoD verification: ${pass_rate}% pass rate (${checks_passed}/${checks_total} checks)"
+    return 0
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 7. Source Code Security Scan
+# Grep-based vulnerability pattern matching on changed files.
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_security_source_scan() {
+    local base_branch="${1:-${BASE_BRANCH:-main}}"
+    local findings="[]"
+    local finding_count=0
+
+    local changed_files
+    changed_files=$(git diff --name-only "${base_branch}...HEAD" 2>/dev/null || true)
+    [[ -z "$changed_files" ]] && { echo "[]"; return 0; }
+
+    local tmp_findings
+    tmp_findings=$(mktemp)
+    echo "[]" > "$tmp_findings"
+
+    while IFS= read -r file; do
+        [[ -z "$file" || ! -f "$file" ]] && continue
+        # Only scan code files
+        case "$file" in
+            *.ts|*.js|*.tsx|*.jsx|*.py|*.go|*.rs|*.java|*.rb|*.php|*.sh) ;;
+            *) continue ;;
+        esac
+
+        # SQL injection patterns
+        local sql_matches
+        sql_matches=$(grep -nE '(query|execute|sql)\s*\(?\s*[`"'"'"']\s*.*\$\{|\.query\s*\(\s*[`"'"'"'].*\+' "$file" 2>/dev/null || true)
+        if [[ -n "$sql_matches" ]]; then
+            while IFS= read -r match; do
+                [[ -z "$match" ]] && continue
+                local line_num="${match%%:*}"
+                finding_count=$((finding_count + 1))
+                local current
+                current=$(cat "$tmp_findings")
+                echo "$current" | jq --arg f "$file" --arg l "$line_num" --arg p "sql_injection" \
+                    '. + [{"file":$f,"line":($l|tonumber),"pattern":$p,"severity":"critical","description":"Potential SQL injection via string concatenation"}]' \
+                    > "$tmp_findings" 2>/dev/null || true
+            done <<SQLEOF
+$sql_matches
+SQLEOF
+        fi
+
+        # XSS patterns
+        local xss_matches
+        xss_matches=$(grep -nE 'innerHTML\s*=|document\.write\s*\(|dangerouslySetInnerHTML' "$file" 2>/dev/null || true)
+        if [[ -n "$xss_matches" ]]; then
+            while IFS= read -r match; do
+                [[ -z "$match" ]] && continue
+                local line_num="${match%%:*}"
+                finding_count=$((finding_count + 1))
+                local current
+                current=$(cat "$tmp_findings")
+                echo "$current" | jq --arg f "$file" --arg l "$line_num" --arg p "xss" \
+                    '. + [{"file":$f,"line":($l|tonumber),"pattern":$p,"severity":"critical","description":"Potential XSS via unsafe DOM manipulation"}]' \
+                    > "$tmp_findings" 2>/dev/null || true
+            done <<XSSEOF
+$xss_matches
+XSSEOF
+        fi
+
+        # Command injection patterns
+        local cmd_matches
+        cmd_matches=$(grep -nE 'eval\s*\(|child_process|os\.system\s*\(|subprocess\.(call|run|Popen)\s*\(' "$file" 2>/dev/null || true)
+        if [[ -n "$cmd_matches" ]]; then
+            while IFS= read -r match; do
+                [[ -z "$match" ]] && continue
+                local line_num="${match%%:*}"
+                finding_count=$((finding_count + 1))
+                local current
+                current=$(cat "$tmp_findings")
+                echo "$current" | jq --arg f "$file" --arg l "$line_num" --arg p "command_injection" \
+                    '. + [{"file":$f,"line":($l|tonumber),"pattern":$p,"severity":"critical","description":"Potential command injection via unsafe execution"}]' \
+                    > "$tmp_findings" 2>/dev/null || true
+            done <<CMDEOF
+$cmd_matches
+CMDEOF
+        fi
+
+        # Hardcoded secrets patterns
+        local secret_matches
+        secret_matches=$(grep -nEi '(password|api_key|secret|token)\s*=\s*['"'"'"][A-Za-z0-9+/=]{8,}['"'"'"]' "$file" 2>/dev/null || true)
+        if [[ -n "$secret_matches" ]]; then
+            while IFS= read -r match; do
+                [[ -z "$match" ]] && continue
+                local line_num="${match%%:*}"
+                finding_count=$((finding_count + 1))
+                local current
+                current=$(cat "$tmp_findings")
+                echo "$current" | jq --arg f "$file" --arg l "$line_num" --arg p "hardcoded_secret" \
+                    '. + [{"file":$f,"line":($l|tonumber),"pattern":$p,"severity":"critical","description":"Potential hardcoded secret or credential"}]' \
+                    > "$tmp_findings" 2>/dev/null || true
+            done <<SECEOF
+$secret_matches
+SECEOF
+        fi
+
+        # Insecure crypto patterns
+        local crypto_matches
+        crypto_matches=$(grep -nE '(md5|MD5|sha1|SHA1)\s*\(' "$file" 2>/dev/null || true)
+        if [[ -n "$crypto_matches" ]]; then
+            while IFS= read -r match; do
+                [[ -z "$match" ]] && continue
+                local line_num="${match%%:*}"
+                finding_count=$((finding_count + 1))
+                local current
+                current=$(cat "$tmp_findings")
+                echo "$current" | jq --arg f "$file" --arg l "$line_num" --arg p "insecure_crypto" \
+                    '. + [{"file":$f,"line":($l|tonumber),"pattern":$p,"severity":"major","description":"Weak cryptographic function (consider SHA-256+)"}]' \
+                    > "$tmp_findings" 2>/dev/null || true
+            done <<CRYEOF
+$crypto_matches
+CRYEOF
+        fi
+    done <<FILESEOF
+$changed_files
+FILESEOF
+
+    # Write to artifacts and output
+    findings=$(cat "$tmp_findings")
+    rm -f "$tmp_findings"
+
+    if [[ -n "${ARTIFACTS_DIR:-}" ]]; then
+        local tmp_scan
+        tmp_scan=$(mktemp)
+        echo "$findings" > "$tmp_scan"
+        mv "$tmp_scan" "$ARTIFACTS_DIR/security-source-scan.json"
+    fi
+
+    emit_event "pipeline.security_source_scan" \
+        "issue=${ISSUE_NUMBER:-0}" \
+        "findings=$finding_count"
+
+    echo "$finding_count"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 8. Quality Score Recording
+# Writes quality scores to JSONL for learning.
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_record_quality_score() {
+    local quality_score="${1:-0}"
+    local critical="${2:-0}"
+    local major="${3:-0}"
+    local minor="${4:-0}"
+    local dod_pass_rate="${5:-0}"
+    local audits_run="${6:-}"
+
+    local scores_dir="${HOME}/.shipwright/optimization"
+    local scores_file="${scores_dir}/quality-scores.jsonl"
+    mkdir -p "$scores_dir"
+
+    local repo_name
+    repo_name=$(basename "${PROJECT_ROOT:-.}") || true
+
+    local tmp_score
+    tmp_score=$(mktemp)
+    jq -n \
+        --arg repo "$repo_name" \
+        --arg issue "${ISSUE_NUMBER:-0}" \
+        --arg ts "$(now_iso)" \
+        --argjson score "$quality_score" \
+        --argjson critical "$critical" \
+        --argjson major "$major" \
+        --argjson minor "$minor" \
+        --argjson dod "$dod_pass_rate" \
+        --arg template "${PIPELINE_NAME:-standard}" \
+        --arg audits "$audits_run" \
+        '{
+            repo: $repo,
+            issue: ($issue | tonumber),
+            timestamp: $ts,
+            quality_score: $score,
+            findings: {critical: $critical, major: $major, minor: $minor},
+            dod_pass_rate: $dod,
+            template: $template,
+            audits_run: ($audits | split(",") | map(select(. != "")))
+        }' > "$tmp_score" 2>/dev/null
+
+    cat "$tmp_score" >> "$scores_file"
+    rm -f "$tmp_score"
+
+    emit_event "pipeline.quality_score_recorded" \
+        "issue=${ISSUE_NUMBER:-0}" \
+        "quality_score=$quality_score" \
+        "critical=$critical" \
+        "major=$major" \
+        "minor=$minor"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 4. Mid-Pipeline Complexity Re-evaluation
+# After build+test completes, compares actual effort to initial estimate.
+# Updates skip recommendations and model routing for remaining stages.
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_reassess_complexity() {
+    local initial_complexity="${INTELLIGENCE_COMPLEXITY:-5}"
+    local reassessment_file="$ARTIFACTS_DIR/reassessment.json"
+
+    # ── Gather actual metrics ──
+    local files_changed=0 lines_changed=0 first_try_pass=false self_heal_cycles=0
+
+    files_changed=$(git diff "${BASE_BRANCH:-main}...HEAD" --name-only 2>/dev/null | wc -l | tr -d ' ') || files_changed=0
+    files_changed="${files_changed:-0}"
+
+    # Count lines changed (insertions + deletions) without pipefail issues
+    lines_changed=0
+    local _diff_stat
+    _diff_stat=$(git diff "${BASE_BRANCH:-main}...HEAD" --stat 2>/dev/null | tail -1) || true
+    if [[ -n "${_diff_stat:-}" ]]; then
+        local _ins _del
+        _ins=$(echo "$_diff_stat" | grep -oE '[0-9]+ insertion' | grep -oE '[0-9]+') || true
+        _del=$(echo "$_diff_stat" | grep -oE '[0-9]+ deletion' | grep -oE '[0-9]+') || true
+        lines_changed=$(( ${_ins:-0} + ${_del:-0} ))
+    fi
+
+    self_heal_cycles="${SELF_HEAL_COUNT:-0}"
+    if [[ "$self_heal_cycles" -eq 0 ]]; then
+        first_try_pass=true
+    fi
+
+    # ── Compare to expectations ──
+    local actual_complexity="$initial_complexity"
+    local assessment="as_expected"
+    local skip_stages="[]"
+
+    # Simpler than expected: small diff, tests passed first try
+    if [[ "$lines_changed" -lt 50 && "$first_try_pass" == "true" && "$files_changed" -lt 5 ]]; then
+        actual_complexity=$((initial_complexity > 2 ? initial_complexity - 2 : 1))
+        assessment="simpler_than_expected"
+        # Mark compound_quality as skippable, simplify review
+        skip_stages='["compound_quality"]'
+    # Much simpler
+    elif [[ "$lines_changed" -lt 20 && "$first_try_pass" == "true" && "$files_changed" -lt 3 ]]; then
+        actual_complexity=1
+        assessment="much_simpler"
+        skip_stages='["compound_quality","review"]'
+    # Harder than expected: large diff, multiple self-heal cycles
+    elif [[ "$lines_changed" -gt 500 || "$self_heal_cycles" -gt 2 ]]; then
+        actual_complexity=$((initial_complexity < 9 ? initial_complexity + 2 : 10))
+        assessment="harder_than_expected"
+        # Ensure compound_quality runs, possibly upgrade model
+        skip_stages='[]'
+    # Much harder
+    elif [[ "$lines_changed" -gt 1000 || "$self_heal_cycles" -gt 4 ]]; then
+        actual_complexity=10
+        assessment="much_harder"
+        skip_stages='[]'
+    fi
+
+    # ── Write reassessment ──
+    local tmp_reassess
+    tmp_reassess="$(mktemp)"
+    jq -n \
+        --argjson initial "$initial_complexity" \
+        --argjson actual "$actual_complexity" \
+        --arg assessment "$assessment" \
+        --argjson files_changed "$files_changed" \
+        --argjson lines_changed "$lines_changed" \
+        --argjson self_heal_cycles "$self_heal_cycles" \
+        --argjson first_try "$first_try_pass" \
+        --argjson skip_stages "$skip_stages" \
+        '{
+            initial_complexity: $initial,
+            actual_complexity: $actual,
+            assessment: $assessment,
+            files_changed: $files_changed,
+            lines_changed: $lines_changed,
+            self_heal_cycles: $self_heal_cycles,
+            first_try_pass: $first_try,
+            skip_stages: $skip_stages
+        }' > "$tmp_reassess" 2>/dev/null && mv "$tmp_reassess" "$reassessment_file" || rm -f "$tmp_reassess"
+
+    # Update global complexity for downstream stages
+    PIPELINE_ADAPTIVE_COMPLEXITY="$actual_complexity"
+
+    emit_event "intelligence.reassessment" \
+        "issue=${ISSUE_NUMBER:-0}" \
+        "initial=$initial_complexity" \
+        "actual=$actual_complexity" \
+        "assessment=$assessment" \
+        "files=$files_changed" \
+        "lines=$lines_changed" \
+        "self_heals=$self_heal_cycles"
+
+    # ── Store for learning ──
+    local learning_file="${HOME}/.shipwright/optimization/complexity-actuals.jsonl"
+    mkdir -p "${HOME}/.shipwright/optimization" 2>/dev/null || true
+    echo "{\"issue\":\"${ISSUE_NUMBER:-0}\",\"initial\":$initial_complexity,\"actual\":$actual_complexity,\"files\":$files_changed,\"lines\":$lines_changed,\"ts\":\"$(now_iso)\"}" \
+        >> "$learning_file" 2>/dev/null || true
+
+    echo "$assessment"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# 5. Backtracking Support
+# When compound_quality detects architecture-level problems, backtracks to
+# the design stage instead of just feeding findings to the build loop.
+# Limited to 1 backtrack per pipeline run to prevent infinite loops.
+# ──────────────────────────────────────────────────────────────────────────────
+pipeline_backtrack_to_stage() {
+    local target_stage="$1"
+    local reason="${2:-architecture_violation}"
+
+    # Prevent infinite backtracking
+    if [[ "$PIPELINE_BACKTRACK_COUNT" -ge "$PIPELINE_MAX_BACKTRACKS" ]]; then
+        warn "Max backtracks ($PIPELINE_MAX_BACKTRACKS) reached — cannot backtrack to $target_stage"
+        emit_event "intelligence.backtrack_blocked" \
+            "issue=${ISSUE_NUMBER:-0}" \
+            "target=$target_stage" \
+            "reason=max_backtracks_reached" \
+            "count=$PIPELINE_BACKTRACK_COUNT"
+        return 1
+    fi
+
+    PIPELINE_BACKTRACK_COUNT=$((PIPELINE_BACKTRACK_COUNT + 1))
+
+    info "Backtracking to ${BOLD}${target_stage}${RESET} stage (reason: ${reason})"
+
+    emit_event "intelligence.backtrack" \
+        "issue=${ISSUE_NUMBER:-0}" \
+        "target=$target_stage" \
+        "reason=$reason"
+
+    # Gather architecture context from findings
+    local arch_context=""
+    if [[ -f "$ARTIFACTS_DIR/compound-architecture-validation.json" ]]; then
+        arch_context=$(jq -r '[.[] | select(.severity == "critical" or .severity == "high") | .message // .description // ""] | join("\n")' \
+            "$ARTIFACTS_DIR/compound-architecture-validation.json" 2>/dev/null || true)
+    fi
+    if [[ -f "$ARTIFACTS_DIR/adversarial-review.md" ]]; then
+        local arch_lines
+        arch_lines=$(grep -iE 'architect|layer.*violation|circular.*depend|coupling|design.*flaw' \
+            "$ARTIFACTS_DIR/adversarial-review.md" 2>/dev/null || true)
+        if [[ -n "$arch_lines" ]]; then
+            arch_context="${arch_context}
+${arch_lines}"
+        fi
+    fi
+
+    # Reset stages from target onward
+    set_stage_status "$target_stage" "pending"
+    set_stage_status "build" "pending"
+    set_stage_status "test" "pending"
+
+    # Augment goal with architecture context for re-run
+    local original_goal="$GOAL"
+    if [[ -n "$arch_context" ]]; then
+        GOAL="$GOAL
+
+IMPORTANT — Architecture violations were detected during quality review. Redesign to fix:
+$arch_context
+
+Update the design to address these violations, then rebuild."
+    fi
+
+    # Re-run design stage
+    info "Re-running ${BOLD}${target_stage}${RESET} with architecture context..."
+    if "stage_${target_stage}" 2>/dev/null; then
+        mark_stage_complete "$target_stage"
+        success "Backtrack: ${target_stage} re-run complete"
+    else
+        GOAL="$original_goal"
+        error "Backtrack: ${target_stage} re-run failed"
+        return 1
+    fi
+
+    # Re-run build+test
+    info "Re-running build→test after backtracked ${target_stage}..."
+    if self_healing_build_test; then
+        success "Backtrack: build→test passed after ${target_stage} redesign"
+        GOAL="$original_goal"
+        return 0
+    else
+        GOAL="$original_goal"
+        error "Backtrack: build→test failed after ${target_stage} redesign"
+        return 1
+    fi
+}
+
 compound_rebuild_with_feedback() {
     local feedback_file="$ARTIFACTS_DIR/quality-feedback.md"
 
-    # Collect all findings
+    # ── Intelligence: classify findings and determine routing ──
+    local route="correctness"
+    route=$(classify_quality_findings 2>/dev/null) || route="correctness"
+
+    # ── Build structured findings JSON alongside markdown ──
+    local structured_findings="[]"
+    local s_total_critical=0 s_total_major=0 s_total_minor=0
+
+    if [[ -f "$ARTIFACTS_DIR/classified-findings.json" ]]; then
+        s_total_critical=$(jq -r '.security // 0' "$ARTIFACTS_DIR/classified-findings.json" 2>/dev/null || echo "0")
+        s_total_major=$(jq -r '.correctness // 0' "$ARTIFACTS_DIR/classified-findings.json" 2>/dev/null || echo "0")
+        s_total_minor=$(jq -r '.style // 0' "$ARTIFACTS_DIR/classified-findings.json" 2>/dev/null || echo "0")
+    fi
+
+    local tmp_qf
+    tmp_qf="$(mktemp)"
+    jq -n \
+        --arg route "$route" \
+        --argjson total_critical "$s_total_critical" \
+        --argjson total_major "$s_total_major" \
+        --argjson total_minor "$s_total_minor" \
+        '{route: $route, total_critical: $total_critical, total_major: $total_major, total_minor: $total_minor}' \
+        > "$tmp_qf" 2>/dev/null && mv "$tmp_qf" "$ARTIFACTS_DIR/quality-findings.json" || rm -f "$tmp_qf"
+
+    # ── Architecture route: backtrack to design instead of rebuild ──
+    if [[ "$route" == "architecture" ]]; then
+        info "Architecture-level findings detected — attempting backtrack to design"
+        if pipeline_backtrack_to_stage "design" "architecture_violation" 2>/dev/null; then
+            return 0
+        fi
+        # Backtrack failed or already used — fall through to standard rebuild
+        warn "Backtrack unavailable — falling through to standard rebuild"
+    fi
+
+    # Collect all findings (prioritized by classification)
     {
         echo "# Quality Feedback — Issues to Fix"
         echo ""
+
+        # Security findings first (highest priority)
+        if [[ "$route" == "security" || -f "$ARTIFACTS_DIR/security-audit.log" ]] && grep -qiE 'critical|high' "$ARTIFACTS_DIR/security-audit.log" 2>/dev/null; then
+            echo "## 🔴 PRIORITY: Security Findings (fix these first)"
+            cat "$ARTIFACTS_DIR/security-audit.log"
+            echo ""
+            echo "Security issues MUST be resolved before any other changes."
+            echo ""
+        fi
+
+        # Correctness findings
         if [[ -f "$ARTIFACTS_DIR/adversarial-review.md" ]]; then
             echo "## Adversarial Review Findings"
             cat "$ARTIFACTS_DIR/adversarial-review.md"
@@ -4471,16 +5680,22 @@ compound_rebuild_with_feedback() {
             grep "❌" "$ARTIFACTS_DIR/dod-audit.md" 2>/dev/null || true
             echo ""
         fi
-        if [[ -f "$ARTIFACTS_DIR/security-audit.log" ]] && grep -qiE 'critical|high' "$ARTIFACTS_DIR/security-audit.log" 2>/dev/null; then
-            echo "## Security Audit Findings"
-            cat "$ARTIFACTS_DIR/security-audit.log"
-            echo ""
-        fi
         if [[ -f "$ARTIFACTS_DIR/api-compat.log" ]] && grep -qi 'BREAKING' "$ARTIFACTS_DIR/api-compat.log" 2>/dev/null; then
             echo "## API Breaking Changes"
             cat "$ARTIFACTS_DIR/api-compat.log"
             echo ""
         fi
+
+        # Style findings last (deprioritized, informational)
+        if [[ -f "$ARTIFACTS_DIR/classified-findings.json" ]]; then
+            local style_count
+            style_count=$(jq -r '.style // 0' "$ARTIFACTS_DIR/classified-findings.json" 2>/dev/null || echo "0")
+            if [[ "$style_count" -gt 0 ]]; then
+                echo "## Style Notes (non-blocking, address if time permits)"
+                echo "${style_count} style suggestions found. These do not block the build."
+                echo ""
+            fi
+        fi
     } > "$feedback_file"
 
     # Validate feedback file has actual content
@@ -4494,19 +5709,42 @@ compound_rebuild_with_feedback() {
     set_stage_status "test" "pending"
     set_stage_status "review" "pending"
 
-    # Augment GOAL with quality feedback
+    # Augment GOAL with quality feedback (route-specific instructions)
     local original_goal="$GOAL"
     local feedback_content
     feedback_content=$(cat "$feedback_file")
+
+    local route_instruction=""
+    case "$route" in
+        security)
+            route_instruction="SECURITY PRIORITY: Fix all security vulnerabilities FIRST, then address other issues. Security issues are BLOCKING."
+            ;;
+        performance)
+            route_instruction="PERFORMANCE PRIORITY: Address performance regressions and optimizations. Check for N+1 queries, memory leaks, and algorithmic complexity."
+            ;;
+        testing)
+            route_instruction="TESTING PRIORITY: Add missing test coverage and fix flaky tests before addressing other issues."
+            ;;
+        correctness)
+            route_instruction="Fix every issue listed above while keeping all existing functionality working."
+            ;;
+        architecture)
+            route_instruction="ARCHITECTURE: Fix structural issues. Check dependency direction, layer boundaries, and separation of concerns."
+            ;;
+        *)
+            route_instruction="Fix every issue listed above while keeping all existing functionality working."
+            ;;
+    esac
+
     GOAL="$GOAL
 
-IMPORTANT — Compound quality review found issues. Fix ALL of these:
+IMPORTANT — Compound quality review found issues (route: ${route}). Fix ALL of these:
 $feedback_content
 
-Fix every issue listed above while keeping all existing functionality working."
+${route_instruction}"
 
     # Re-run self-healing build→test
-    info "Rebuilding with quality feedback..."
+    info "Rebuilding with quality feedback (route: ${route})..."
     if self_healing_build_test; then
         GOAL="$original_goal"
         return 0
@@ -4530,6 +5768,51 @@ stage_compound_quality() {
     strict_quality=$(jq -r --arg id "compound_quality" '(.stages[] | select(.id == $id) | .config.strict_quality) // false' "$PIPELINE_CONFIG" 2>/dev/null) || true
     [[ -z "$strict_quality" || "$strict_quality" == "null" ]] && strict_quality="false"
 
+    # Intelligent audit selection
+    local audit_plan='{"adversarial":"targeted","architecture":"targeted","simulation":"targeted","security":"targeted","dod":"targeted"}'
+    if type pipeline_select_audits &>/dev/null 2>&1; then
+        local _selected
+        _selected=$(pipeline_select_audits 2>/dev/null) || true
+        if [[ -n "$_selected" && "$_selected" != "null" ]]; then
+            audit_plan="$_selected"
+            info "Audit plan: $(echo "$audit_plan" | jq -c '.' 2>/dev/null || echo "$audit_plan")"
+        fi
+    fi
+
+    # Track findings for quality score
+    local total_critical=0 total_major=0 total_minor=0
+    local audits_run_list=""
+
+    # Vitals-driven adaptive cycle limit (preferred)
+    local base_max_cycles="$max_cycles"
+    if type pipeline_adaptive_limit &>/dev/null 2>&1; then
+        local _cq_vitals=""
+        if type pipeline_compute_vitals &>/dev/null 2>&1; then
+            _cq_vitals=$(pipeline_compute_vitals "$STATE_FILE" "$ARTIFACTS_DIR" "${ISSUE_NUMBER:-}" 2>/dev/null) || true
+        fi
+        local vitals_cq_limit
+        vitals_cq_limit=$(pipeline_adaptive_limit "compound_quality" "$_cq_vitals" 2>/dev/null) || true
+        if [[ -n "$vitals_cq_limit" && "$vitals_cq_limit" =~ ^[0-9]+$ && "$vitals_cq_limit" -gt 0 ]]; then
+            max_cycles="$vitals_cq_limit"
+            if [[ "$max_cycles" != "$base_max_cycles" ]]; then
+                info "Vitals-driven cycles: ${base_max_cycles} → ${max_cycles} (compound_quality)"
+            fi
+        fi
+    else
+        # Fallback: adaptive cycle limits from optimization data
+        local _cq_iter_model="${HOME}/.shipwright/optimization/iteration-model.json"
+        if [[ -f "$_cq_iter_model" ]]; then
+            local adaptive_limit
+            adaptive_limit=$(pipeline_adaptive_cycles "$max_cycles" "compound_quality" "0" "-1" 2>/dev/null) || true
+            if [[ -n "$adaptive_limit" && "$adaptive_limit" =~ ^[0-9]+$ && "$adaptive_limit" -gt 0 ]]; then
+                max_cycles="$adaptive_limit"
+                if [[ "$max_cycles" != "$base_max_cycles" ]]; then
+                    info "Adaptive cycles: ${base_max_cycles} → ${max_cycles} (compound_quality)"
+                fi
+            fi
+        fi
+    fi
+
     # Convergence tracking
     local prev_issue_count=-1
 
@@ -4546,9 +5829,12 @@ stage_compound_quality() {
         fi
 
         # 1. Adversarial Review
-        if [[ "$adversarial_enabled" == "true" ]]; then
+        local _adv_intensity
+        _adv_intensity=$(echo "$audit_plan" | jq -r '.adversarial // "targeted"' 2>/dev/null || echo "targeted")
+        if [[ "$adversarial_enabled" == "true" && "$_adv_intensity" != "off" ]]; then
             echo ""
-            info "Running adversarial review..."
+            info "Running adversarial review (${_adv_intensity})..."
+            audits_run_list="${audits_run_list:+${audits_run_list},}adversarial"
             if ! run_adversarial_review; then
                 all_passed=false
             fi
@@ -4653,14 +5939,36 @@ stage_compound_quality() {
         fi
 
         # 6. DoD Audit
-        if [[ "$dod_enabled" == "true" ]]; then
+        local _dod_intensity
+        _dod_intensity=$(echo "$audit_plan" | jq -r '.dod // "targeted"' 2>/dev/null || echo "targeted")
+        if [[ "$dod_enabled" == "true" && "$_dod_intensity" != "off" ]]; then
             echo ""
-            info "Running Definition of Done audit..."
+            info "Running Definition of Done audit (${_dod_intensity})..."
+            audits_run_list="${audits_run_list:+${audits_run_list},}dod"
             if ! run_dod_audit; then
                 all_passed=false
             fi
         fi
 
+        # 6b. Security Source Scan
+        local _sec_intensity
+        _sec_intensity=$(echo "$audit_plan" | jq -r '.security // "targeted"' 2>/dev/null || echo "targeted")
+        if [[ "$_sec_intensity" != "off" ]]; then
+            echo ""
+            info "Running security source scan (${_sec_intensity})..."
+            audits_run_list="${audits_run_list:+${audits_run_list},}security"
+            local sec_finding_count=0
+            sec_finding_count=$(pipeline_security_source_scan 2>/dev/null) || true
+            sec_finding_count="${sec_finding_count:-0}"
+            if [[ "$sec_finding_count" -gt 0 ]]; then
+                warn "Security source scan: ${sec_finding_count} finding(s)"
+                total_critical=$((total_critical + sec_finding_count))
+                all_passed=false
+            else
+                success "Security source scan: clean"
+            fi
+        fi
+
         # 7. Multi-dimensional quality checks
         echo ""
         info "Running multi-dimensional quality checks..."
@@ -4743,6 +6051,17 @@ All quality checks clean:
             fi
 
             log_stage "compound_quality" "Passed on cycle ${cycle}/${max_cycles}"
+
+            # DoD verification on successful pass
+            local _dod_pass_rate=100
+            if type pipeline_verify_dod &>/dev/null 2>&1; then
+                pipeline_verify_dod "$ARTIFACTS_DIR" 2>/dev/null || true
+                if [[ -f "$ARTIFACTS_DIR/dod-verification.json" ]]; then
+                    _dod_pass_rate=$(jq -r '.pass_rate // 100' "$ARTIFACTS_DIR/dod-verification.json" 2>/dev/null || echo "100")
+                fi
+            fi
+
+            pipeline_record_quality_score 100 0 0 0 "$_dod_pass_rate" "$audits_run_list" 2>/dev/null || true
             return 0
         fi
 
@@ -4754,6 +6073,17 @@ All quality checks clean:
             fi
 
             log_stage "compound_quality" "Passed on cycle ${cycle}/${max_cycles}"
+
+            # DoD verification on successful pass
+            local _dod_pass_rate=100
+            if type pipeline_verify_dod &>/dev/null 2>&1; then
+                pipeline_verify_dod "$ARTIFACTS_DIR" 2>/dev/null || true
+                if [[ -f "$ARTIFACTS_DIR/dod-verification.json" ]]; then
+                    _dod_pass_rate=$(jq -r '.pass_rate // 100' "$ARTIFACTS_DIR/dod-verification.json" 2>/dev/null || echo "100")
+                fi
+            fi
+
+            pipeline_record_quality_score 95 0 "$total_major" "$total_minor" "$_dod_pass_rate" "$audits_run_list" 2>/dev/null || true
             return 0
         fi
 
@@ -4776,6 +6106,16 @@ All quality checks clean:
 
         info "Convergence: ${current_issue_count} critical/high issues remaining"
 
+        # Intelligence: re-evaluate adaptive cycle limit based on convergence (only after first cycle)
+        if [[ "$prev_issue_count" -ge 0 ]]; then
+            local updated_limit
+            updated_limit=$(pipeline_adaptive_cycles "$max_cycles" "compound_quality" "$current_issue_count" "$prev_issue_count" 2>/dev/null) || true
+            if [[ -n "$updated_limit" && "$updated_limit" =~ ^[0-9]+$ && "$updated_limit" -gt 0 && "$updated_limit" != "$max_cycles" ]]; then
+                info "Adaptive cycles: ${max_cycles} → ${updated_limit} (convergence signal)"
+                max_cycles="$updated_limit"
+            fi
+        fi
+
         # Not all passed — rebuild if we have cycles left
         if [[ "$cycle" -lt "$max_cycles" ]]; then
             warn "Quality checks failed — rebuilding with feedback (cycle $((cycle + 1))/${max_cycles})"
@@ -4792,7 +6132,101 @@ All quality checks clean:
         fi
     done
 
-    # Exhausted all cycles
+    # ── Quality Score Computation ──
+    # Starting score: 100, deductions based on findings
+    local quality_score=100
+
+    # Count findings from artifact files
+    if [[ -f "$ARTIFACTS_DIR/security-source-scan.json" ]]; then
+        local _sec_critical
+        _sec_critical=$(jq '[.[] | select(.severity == "critical")] | length' "$ARTIFACTS_DIR/security-source-scan.json" 2>/dev/null || echo "0")
+        local _sec_major
+        _sec_major=$(jq '[.[] | select(.severity == "major")] | length' "$ARTIFACTS_DIR/security-source-scan.json" 2>/dev/null || echo "0")
+        total_critical=$((total_critical + ${_sec_critical:-0}))
+        total_major=$((total_major + ${_sec_major:-0}))
+    fi
+    if [[ -f "$ARTIFACTS_DIR/adversarial-review.json" ]]; then
+        local _adv_crit
+        _adv_crit=$(jq '[.[] | select(.severity == "critical")] | length' "$ARTIFACTS_DIR/adversarial-review.json" 2>/dev/null || echo "0")
+        local _adv_major
+        _adv_major=$(jq '[.[] | select(.severity == "high" or .severity == "major")] | length' "$ARTIFACTS_DIR/adversarial-review.json" 2>/dev/null || echo "0")
+        local _adv_minor
+        _adv_minor=$(jq '[.[] | select(.severity == "low" or .severity == "minor")] | length' "$ARTIFACTS_DIR/adversarial-review.json" 2>/dev/null || echo "0")
+        total_critical=$((total_critical + ${_adv_crit:-0}))
+        total_major=$((total_major + ${_adv_major:-0}))
+        total_minor=$((total_minor + ${_adv_minor:-0}))
+    fi
+    if [[ -f "$ARTIFACTS_DIR/compound-architecture-validation.json" ]]; then
+        local _arch_crit
+        _arch_crit=$(jq '[.[] | select(.severity == "critical")] | length' "$ARTIFACTS_DIR/compound-architecture-validation.json" 2>/dev/null || echo "0")
+        local _arch_major
+        _arch_major=$(jq '[.[] | select(.severity == "high" or .severity == "major")] | length' "$ARTIFACTS_DIR/compound-architecture-validation.json" 2>/dev/null || echo "0")
+        total_major=$((total_major + ${_arch_crit:-0} + ${_arch_major:-0}))
+    fi
+
+    # Apply deductions
+    quality_score=$((quality_score - (total_critical * 20) - (total_major * 10) - (total_minor * 2)))
+    [[ "$quality_score" -lt 0 ]] && quality_score=0
+
+    # DoD verification
+    local _dod_pass_rate=0
+    if type pipeline_verify_dod &>/dev/null 2>&1; then
+        pipeline_verify_dod "$ARTIFACTS_DIR" 2>/dev/null || true
+        if [[ -f "$ARTIFACTS_DIR/dod-verification.json" ]]; then
+            _dod_pass_rate=$(jq -r '.pass_rate // 0' "$ARTIFACTS_DIR/dod-verification.json" 2>/dev/null || echo "0")
+        fi
+    fi
+
+    # Record quality score
+    pipeline_record_quality_score "$quality_score" "$total_critical" "$total_major" "$total_minor" "$_dod_pass_rate" "$audits_run_list" 2>/dev/null || true
+
+    # ── Quality Gate ──
+    local compound_quality_blocking
+    compound_quality_blocking=$(jq -r --arg id "compound_quality" \
+        '(.stages[] | select(.id == $id) | .config.compound_quality_blocking) // true' \
+        "$PIPELINE_CONFIG" 2>/dev/null) || true
+    [[ -z "$compound_quality_blocking" || "$compound_quality_blocking" == "null" ]] && compound_quality_blocking="true"
+
+    if [[ "$quality_score" -lt 60 && "$compound_quality_blocking" == "true" ]]; then
+        emit_event "pipeline.quality_gate_failed" \
+            "issue=${ISSUE_NUMBER:-0}" \
+            "quality_score=$quality_score" \
+            "critical=$total_critical" \
+            "major=$total_major"
+
+        error "Quality gate FAILED: score ${quality_score}/100 (critical: ${total_critical}, major: ${total_major}, minor: ${total_minor})"
+
+        if [[ -n "$ISSUE_NUMBER" ]]; then
+            gh_comment_issue "$ISSUE_NUMBER" "❌ **Quality gate failed** — score ${quality_score}/100
+
+| Finding Type | Count | Deduction |
+|---|---|---|
+| Critical | ${total_critical} | -$((total_critical * 20)) |
+| Major | ${total_major} | -$((total_major * 10)) |
+| Minor | ${total_minor} | -$((total_minor * 2)) |
+
+DoD pass rate: ${_dod_pass_rate}%
+Quality issues remain after ${max_cycles} cycles. Check artifacts for details." 2>/dev/null || true
+        fi
+
+        log_stage "compound_quality" "Quality gate failed: ${quality_score}/100 after ${max_cycles} cycles"
+        return 1
+    fi
+
+    # Exhausted all cycles but quality score is above threshold
+    if [[ "$quality_score" -ge 60 ]]; then
+        warn "Compound quality: score ${quality_score}/100 after ${max_cycles} cycles (above threshold, proceeding)"
+
+        if [[ -n "$ISSUE_NUMBER" ]]; then
+            gh_comment_issue "$ISSUE_NUMBER" "⚠️ **Compound quality** — score ${quality_score}/100 after ${max_cycles} cycles
+
+Some issues remain but quality score is above threshold. Proceeding." 2>/dev/null || true
+        fi
+
+        log_stage "compound_quality" "Passed with score ${quality_score}/100 after ${max_cycles} cycles"
+        return 0
+    fi
+
     error "Compound quality exhausted after ${max_cycles} cycles"
 
     if [[ -n "$ISSUE_NUMBER" ]]; then
@@ -4982,8 +6416,25 @@ self_healing_build_test() {
     local prev_error_sig="" consecutive_same_error=0
     local prev_fail_count=0 zero_convergence_streak=0
 
-    # Intelligence: adaptive iteration limit
-    if type composer_estimate_iterations &>/dev/null 2>&1; then
+    # Vitals-driven adaptive limit (preferred over static BUILD_TEST_RETRIES)
+    if type pipeline_adaptive_limit &>/dev/null 2>&1; then
+        local _vitals_json=""
+        if type pipeline_compute_vitals &>/dev/null 2>&1; then
+            _vitals_json=$(pipeline_compute_vitals "$STATE_FILE" "$ARTIFACTS_DIR" "${ISSUE_NUMBER:-}" 2>/dev/null) || true
+        fi
+        local vitals_limit
+        vitals_limit=$(pipeline_adaptive_limit "build_test" "$_vitals_json" 2>/dev/null) || true
+        if [[ -n "$vitals_limit" && "$vitals_limit" =~ ^[0-9]+$ && "$vitals_limit" -gt 0 ]]; then
+            info "Vitals-driven build-test limit: ${max_cycles} → ${vitals_limit}"
+            max_cycles="$vitals_limit"
+            emit_event "vitals.adaptive_limit" \
+                "issue=${ISSUE_NUMBER:-0}" \
+                "context=build_test" \
+                "original=$BUILD_TEST_RETRIES" \
+                "vitals_limit=$vitals_limit"
+        fi
+    # Fallback: intelligence-based adaptive limits
+    elif type composer_estimate_iterations &>/dev/null 2>&1; then
         local estimated
         estimated=$(composer_estimate_iterations \
             "${INTELLIGENCE_ANALYSIS:-{}}" \
@@ -4997,6 +6448,19 @@ self_healing_build_test() {
         fi
     fi
 
+    # Fallback: adaptive cycle limits from optimization data
+    if [[ "$max_cycles" == "$BUILD_TEST_RETRIES" ]]; then
+        local _iter_model="${HOME}/.shipwright/optimization/iteration-model.json"
+        if [[ -f "$_iter_model" ]]; then
+            local adaptive_bt_limit
+            adaptive_bt_limit=$(pipeline_adaptive_cycles "$max_cycles" "build_test" "0" "-1" 2>/dev/null) || true
+            if [[ -n "$adaptive_bt_limit" && "$adaptive_bt_limit" =~ ^[0-9]+$ && "$adaptive_bt_limit" -gt 0 && "$adaptive_bt_limit" != "$max_cycles" ]]; then
+                info "Adaptive build-test cycles: ${max_cycles} → ${adaptive_bt_limit}"
+                max_cycles="$adaptive_bt_limit"
+            fi
+        fi
+    fi
+
     while [[ "$cycle" -le "$max_cycles" ]]; do
         cycle=$((cycle + 1))
 
@@ -5022,11 +6486,27 @@ self_healing_build_test() {
 
         # Inject error context on retry cycles
         if [[ "$cycle" -gt 1 && -n "$last_test_error" ]]; then
+            # Query memory for known fixes
+            local _memory_fix=""
+            if type memory_closed_loop_inject &>/dev/null 2>&1; then
+                local _error_sig_short
+                _error_sig_short=$(echo "$last_test_error" | head -3 || echo "")
+                _memory_fix=$(memory_closed_loop_inject "$_error_sig_short" 2>/dev/null) || true
+            fi
+
+            local memory_prefix=""
+            if [[ -n "$_memory_fix" ]]; then
+                info "Memory suggests fix: $(echo "$_memory_fix" | head -1)"
+                memory_prefix="KNOWN FIX (from past success): ${_memory_fix}
+
+"
+            fi
+
             # Temporarily augment the goal with error context
             local original_goal="$GOAL"
             GOAL="$GOAL
 
-IMPORTANT — Previous build attempt failed tests. Fix these errors:
+${memory_prefix}IMPORTANT — Previous build attempt failed tests. Fix these errors:
 $last_test_error
 
 Focus on fixing the failing tests while keeping all passing tests working."
@@ -5039,6 +6519,16 @@ Focus on fixing the failing tests while keeping all passing tests working."
                 local timing
                 timing=$(get_stage_timing "build")
                 success "Stage ${BOLD}build${RESET} complete ${DIM}(${timing})${RESET}"
+                if type pipeline_emit_progress_snapshot &>/dev/null 2>&1 && [[ -n "${ISSUE_NUMBER:-}" ]]; then
+                    local _diff_count
+                    _diff_count=$(git diff --stat HEAD~1 2>/dev/null | tail -1 | grep -oE '[0-9]+' | head -1) || true
+                    local _snap_files _snap_error
+                    _snap_files=$(git diff --stat HEAD~1 2>/dev/null | tail -1 | grep -oE '[0-9]+' | head -1 || true)
+                    _snap_files="${_snap_files:-0}"
+                    _snap_error=$(tail -1 "$ARTIFACTS_DIR/error-log.jsonl" 2>/dev/null | jq -r '.error // ""' 2>/dev/null || true)
+                    _snap_error="${_snap_error:-}"
+                    pipeline_emit_progress_snapshot "${ISSUE_NUMBER}" "${CURRENT_STAGE_ID:-build}" "${cycle:-0}" "${_diff_count:-0}" "${_snap_files}" "${_snap_error}" 2>/dev/null || true
+                fi
             else
                 mark_stage_failed "build"
                 GOAL="$original_goal"
@@ -5054,6 +6544,16 @@ Focus on fixing the failing tests while keeping all passing tests working."
                 local timing
                 timing=$(get_stage_timing "build")
                 success "Stage ${BOLD}build${RESET} complete ${DIM}(${timing})${RESET}"
+                if type pipeline_emit_progress_snapshot &>/dev/null 2>&1 && [[ -n "${ISSUE_NUMBER:-}" ]]; then
+                    local _diff_count
+                    _diff_count=$(git diff --stat HEAD~1 2>/dev/null | tail -1 | grep -oE '[0-9]+' | head -1) || true
+                    local _snap_files _snap_error
+                    _snap_files=$(git diff --stat HEAD~1 2>/dev/null | tail -1 | grep -oE '[0-9]+' | head -1 || true)
+                    _snap_files="${_snap_files:-0}"
+                    _snap_error=$(tail -1 "$ARTIFACTS_DIR/error-log.jsonl" 2>/dev/null | jq -r '.error // ""' 2>/dev/null || true)
+                    _snap_error="${_snap_error:-}"
+                    pipeline_emit_progress_snapshot "${ISSUE_NUMBER}" "${CURRENT_STAGE_ID:-build}" "${cycle:-0}" "${_diff_count:-0}" "${_snap_files}" "${_snap_error}" 2>/dev/null || true
+                fi
             else
                 mark_stage_failed "build"
                 return 1
@@ -5075,6 +6575,16 @@ Focus on fixing the failing tests while keeping all passing tests working."
             emit_event "convergence.tests_passed" \
                 "issue=${ISSUE_NUMBER:-0}" \
                 "cycle=$cycle"
+            if type pipeline_emit_progress_snapshot &>/dev/null 2>&1 && [[ -n "${ISSUE_NUMBER:-}" ]]; then
+                local _diff_count
+                _diff_count=$(git diff --stat HEAD~1 2>/dev/null | tail -1 | grep -oE '[0-9]+' | head -1) || true
+                local _snap_files _snap_error
+                _snap_files=$(git diff --stat HEAD~1 2>/dev/null | tail -1 | grep -oE '[0-9]+' | head -1 || true)
+                _snap_files="${_snap_files:-0}"
+                _snap_error=$(tail -1 "$ARTIFACTS_DIR/error-log.jsonl" 2>/dev/null | jq -r '.error // ""' 2>/dev/null || true)
+                _snap_error="${_snap_error:-}"
+                pipeline_emit_progress_snapshot "${ISSUE_NUMBER}" "${CURRENT_STAGE_ID:-test}" "${cycle:-0}" "${_diff_count:-0}" "${_snap_files}" "${_snap_error}" 2>/dev/null || true
+            fi
             return 0  # Tests passed!
         fi
 
@@ -5243,6 +6753,16 @@ run_pipeline() {
             continue
         fi
 
+        # Intelligence: evaluate whether to skip this stage
+        local skip_reason=""
+        skip_reason=$(pipeline_should_skip_stage "$id" 2>/dev/null) || true
+        if [[ -n "$skip_reason" ]]; then
+            echo -e "  ${DIM}○ ${id} — skipped (intelligence: ${skip_reason})${RESET}"
+            set_stage_status "$id" "complete"
+            completed=$((completed + 1))
+            continue
+        fi
+
         local stage_status
         stage_status=$(get_stage_status "$id")
         if [[ "$stage_status" == "complete" ]]; then
@@ -5278,6 +6798,13 @@ run_pipeline() {
 
             if self_healing_build_test; then
                 completed=$((completed + 2))  # Both build and test
+
+                # Intelligence: reassess complexity after build+test
+                local reassessment
+                reassessment=$(pipeline_reassess_complexity 2>/dev/null) || true
+                if [[ -n "$reassessment" && "$reassessment" != "as_expected" ]]; then
+                    info "Complexity reassessment: ${reassessment}"
+                fi
             else
                 update_status "failed" "test"
                 error "Pipeline failed: build→test self-healing exhausted"
@@ -5418,6 +6945,8 @@ run_pipeline() {
             emit_event "stage.failed" "issue=${ISSUE_NUMBER:-0}" "stage=$id" "duration_s=$stage_dur_s"
             # Log model used for prediction feedback
             echo "${id}|${stage_model_used}|false" >> "${ARTIFACTS_DIR}/model-routing.log"
+            # Cancel any remaining in_progress check runs
+            pipeline_cancel_check_runs 2>/dev/null || true
             return 1
         fi
     done 3<<< "$stages"
@@ -5456,6 +6985,81 @@ run_pipeline() {
         body=$(gh_build_progress_body)
         gh_update_progress "$body"
     fi
+
+    # Post-completion cleanup
+    pipeline_post_completion_cleanup
+}
+
+# ─── Post-Completion Cleanup ──────────────────────────────────────────────
+# Cleans up transient artifacts after a successful pipeline run.
+
+pipeline_post_completion_cleanup() {
+    local cleaned=0
+
+    # 1. Clear checkpoints (they only matter for resume; pipeline is done)
+    if [[ -d "${ARTIFACTS_DIR}/checkpoints" ]]; then
+        local cp_count=0
+        local cp_file
+        for cp_file in "${ARTIFACTS_DIR}/checkpoints"/*-checkpoint.json; do
+            [[ -f "$cp_file" ]] || continue
+            rm -f "$cp_file"
+            cp_count=$((cp_count + 1))
+        done
+        if [[ "$cp_count" -gt 0 ]]; then
+            cleaned=$((cleaned + cp_count))
+        fi
+    fi
+
+    # 2. Clear per-run intelligence artifacts (not needed after completion)
+    local intel_files=(
+        "${ARTIFACTS_DIR}/classified-findings.json"
+        "${ARTIFACTS_DIR}/reassessment.json"
+        "${ARTIFACTS_DIR}/skip-stage.txt"
+        "${ARTIFACTS_DIR}/human-message.txt"
+    )
+    local f
+    for f in "${intel_files[@]}"; do
+        if [[ -f "$f" ]]; then
+            rm -f "$f"
+            cleaned=$((cleaned + 1))
+        fi
+    done
+
+    # 3. Clear stale pipeline state (mark as idle so next run starts clean)
+    if [[ -f "$STATE_FILE" ]]; then
+        # Reset status to idle (preserves the file for reference but unblocks new runs)
+        local tmp_state
+        tmp_state=$(mktemp)
+        sed 's/^status: .*/status: idle/' "$STATE_FILE" > "$tmp_state" 2>/dev/null || true
+        mv "$tmp_state" "$STATE_FILE"
+    fi
+
+    if [[ "$cleaned" -gt 0 ]]; then
+        emit_event "pipeline.cleanup" \
+            "issue=${ISSUE_NUMBER:-0}" \
+            "cleaned=$cleaned" \
+            "type=post_completion"
+    fi
+}
+
+# Cancel any lingering in_progress GitHub Check Runs (called on abort/interrupt)
+pipeline_cancel_check_runs() {
+    if [[ "${NO_GITHUB:-false}" == "true" ]]; then
+        return
+    fi
+
+    if ! type gh_checks_stage_update &>/dev/null 2>&1; then
+        return
+    fi
+
+    local ids_file="${ARTIFACTS_DIR:-/dev/null}/check-run-ids.json"
+    [[ -f "$ids_file" ]] || return
+
+    local stage
+    while IFS= read -r stage; do
+        [[ -z "$stage" ]] && continue
+        gh_checks_stage_update "$stage" "completed" "cancelled" "Pipeline interrupted" 2>/dev/null || true
+    done < <(jq -r 'keys[]' "$ids_file" 2>/dev/null || true)
 }
 
 # ─── Worktree Isolation ───────────────────────────────────────────────────
@@ -5744,6 +7348,10 @@ pipeline_start() {
         optimize_analyze_outcome "$STATE_FILE" 2>/dev/null || true
     fi
 
+    if type memory_finalize_pipeline &>/dev/null 2>&1; then
+        memory_finalize_pipeline "$STATE_FILE" "$ARTIFACTS_DIR" 2>/dev/null || true
+    fi
+
     # Emit cost event
     local model_key="${MODEL:-sonnet}"
     local input_cost output_cost total_cost