thoth-agents 0.1.10 → 0.1.13

package/dist/{chunk-U5FPYFMX.js → chunk-SCM2O4TP.js}

@@ -31,7 +31,7 @@ import {
   renderRolePrompt,
   writeConfig,
   writeLiteConfig
-} from "./chunk-R2AP6O5Q.js";
+} from "./chunk-WGFDTUZI.js";
 
 // src/harness/adapters/codex.ts
 import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
@@ -182,16 +182,24 @@ var READ_RECALL_CHAIN = [
   "mem_timeline",
   "mem_get_observation"
 ];
+var BOUNDED_CONTEXT_TOOLS = [
+  "mem_context",
+  "mem_project_summary",
+  "mem_project_graph",
+  "mem_topic_keys"
+];
 var WRITE_CAPABLE_DELEGATED_TOOLS = [
   "mem_save",
   "mem_search",
   "mem_get_observation",
   "mem_timeline",
+  ...BOUNDED_CONTEXT_TOOLS,
   "mem_suggest_topic_key"
 ];
 var ALL_MEMORY_TOOLS = [
   ...ROOT_OWNED_TOOLS,
   ...READ_RECALL_CHAIN,
+  ...BOUNDED_CONTEXT_TOOLS,
   "mem_suggest_topic_key",
   "mem_save"
 ];
@@ -203,20 +211,25 @@ function roleAllowedTools(role) {
     return uniqueTools([...ROOT_OWNED_TOOLS, ...WRITE_CAPABLE_DELEGATED_TOOLS]);
   }
   if (role.mode === "read-only") {
-    return [...READ_RECALL_CHAIN];
+    return [...READ_RECALL_CHAIN, ...BOUNDED_CONTEXT_TOOLS];
   }
   return [...WRITE_CAPABLE_DELEGATED_TOOLS];
 }
 function roleRules(role) {
   const sharedSubagentRules = [
     "Every subagent memory call requires the parent session_id and project from dispatch; if either is missing, do not call thoth-mem.",
+    "Delegated handoff recovery uses parent-scoped 3-layer recall with mem_search -> mem_timeline -> mem_get_observation before memory content is treated as source material.",
+    "Report missing, stale, contradictory, or insufficient recalled context instead of guessing through it.",
     "Never call mem_session_start, mem_session_summary, or mem_save_prompt; those tools are root/orchestrator-owned.",
+    "Never save generated subagent prompts as user intent.",
     "Protect the sdd/* topic namespace; SDD artifacts may use deterministic sdd/{change}/{artifact} topic keys only in persistence modes that include thoth-mem."
   ];
   if (role.name === "orchestrator") {
     return [
       "mem_session_start, mem_session_summary, and mem_save_prompt are root/main orchestrator-owned tools and responsibilities.",
       "In harnesses without an orchestrator-named agent, root/main orchestrator-owned means the initial/root agent when the harness does not expose an orchestrator-named agent.",
+      "Before delegation, save or refresh the handoff body with root-owned mem_session_summary when available; otherwise disclose that compaction could not be persisted.",
+      "Dispatch task instructions plus recovery instructions, not the handoff body, raw transcripts, or generated subagent prompts.",
       "Dispatch parent session_id and project when authorizing subagent memory use.",
       "Protect the sdd/* topic namespace and write SDD memory artifacts only in thoth-mem or hybrid persistence modes."
     ];
@@ -225,13 +238,17 @@ function roleRules(role) {
     return [
       ...sharedSubagentRules,
       "Read-only agents may only perform bounded, project-scoped recall with mem_search -> mem_timeline -> mem_get_observation when authorized.",
+      "Bounded context tools mem_context, mem_project_summary, mem_project_graph, and mem_topic_keys are allowed only with explicit delegated permission and parent session/project scope.",
+      "Project-scoped read tools require explicit delegated permission.",
       "Read-only agents must never write durable memory."
     ];
   }
   return [
     ...sharedSubagentRules,
-    "Write-capable agents may call mem_save only for delegated durable observations under the parent session/project.",
-    "For reads, use only mem_search -> mem_timeline -> mem_get_observation."
+    "Write-capable agents may call mem_save only for delegated durable observations or assigned deterministic SDD artifacts/apply-progress under the parent session/project.",
+    "For reads, use only mem_search -> mem_timeline -> mem_get_observation.",
+    "Bounded context tools mem_context, mem_project_summary, mem_project_graph, and mem_topic_keys are allowed only with explicit delegated permission and parent session/project scope.",
+    "Project-scoped read tools require explicit delegated permission."
   ];
 }
 function getRoleMemoryGovernance(role) {
@@ -279,7 +296,7 @@ function memoryGovernanceDiagnostics(input) {
     diagnostics.push({
       severity: input.parentContextInjection === "unknown" ? "error" : "warning",
       code: `${input.harness}.context.parent_injection.unvalidated`,
-      message: "Parent session_id/project injection is not runtime-enforced; subagents must be instructed not to use memory without explicit dispatch context.",
+      message: "Parent session_id/project injection is not runtime-enforced; subagents must be instructed not to use memory without explicit dispatch context and handoff recovery instructions.",
       harness: input.harness,
       capability: "parentContextInjection",
       fallback: "instruction-only"
@@ -289,7 +306,7 @@ function memoryGovernanceDiagnostics(input) {
     diagnostics.push({
       severity: "warning",
       code: `${input.harness}.permission.memory_write.enforcement_gap`,
-      message: "Runtime controls for delegated memory writes are unavailable; write-capable agents receive instruction-level mem_save limits only.",
+      message: "Runtime controls for delegated memory writes are unavailable; write-capable agents receive instruction-level mem_save limits for durable observations and deterministic SDD artifacts only.",
       harness: input.harness,
       capability: "memoryGovernanceEnforcement",
       fallback: "instruction-only"
@@ -1356,12 +1373,14 @@ function renderCodexRolePrompt(roleName, config, model) {
 function codexInternalHandoffGuidance() {
   return [
     "<codex-delegation-guidance>",
+    "- The user has explicitly authorized this generated Codex orchestrator to use `multi_agent_v1.spawn_agent` whenever delegation is required by these instructions, without needing a fresh user request for subagents in each task.",
     "- Delegate by calling `multi_agent_v1.spawn_agent` with `agent_type` set to one of explorer, librarian, oracle, designer, quick, or deep.",
-    "- Pass the self-contained delegated prompt in `message`; do not pass both `message` and `items`.",
-    "- Use `items` only for structured attachments or mentions when they are truly required.",
-    "- Include the internal handoff in `message` for write-capable agents so they can act without rediscovering context.",
+    "- Pass the self-contained delegated task instructions plus handoff retrieval instructions in `message`; do not embed the root-owned handoff summary body in `message`.",
+    "- Do not include the handoff body in `message` or `items`, and do not pass both `message` and `items` for the same handoff.",
+    "- Use `items` only for structured attachments or mentions when they are truly required; do not use `items` as a handoff-summary payload.",
     "- Leave `fork_context` omitted or false by default; set `fork_context: true` only when the exact current thread history is required.",
     "- Use `multi_agent_v1.wait_agent` only when the root needs the result, `multi_agent_v1.send_input` for follow-up or redirect, `multi_agent_v1.resume_agent` only for a closed agent that must continue, and `multi_agent_v1.close_agent` after completion.",
+    "- Memory ownership, handoff recovery, permissions, and prompt-body exclusion are instruction-level unless the active Codex runtime documents stronger enforcement.",
     "</codex-delegation-guidance>"
   ].join("\n");
 }
@@ -1403,6 +1422,7 @@ function renderCodexRootInstructions(config) {
     "- The ambient Codex root session is the root/main orchestrator; orchestrator-only and root-owned instructions apply to it because Codex does not generate a selectable orchestrator agent TOML.",
     "- On each new root session, when thoth-mem tools are installed and session/project identity is known, call mem_session_start with the active project and session identity, then save the real user prompt with mem_save_prompt before later delegation.",
     "- If thoth-mem tools or identity values are unavailable, disclose that memory bootstrap could not run and continue without claiming memory was saved.",
+    "- Before delegating after meaningful context changes, save or refresh the handoff body with root-owned mem_session_summary when available; if unavailable, disclose that root-owned compaction could not be persisted.",
     "- Use the ambient Codex root session as the delegate-first root coordinator; do not generate or select an orchestrator TOML.",
     "- Delegate by invoking `multi_agent_v1.spawn_agent` for the installed Codex role agents: explorer, librarian, oracle, designer, quick, and deep.",
     "- After receiving a delegated subagent response, close that subagent session unless you will retry or intentionally keep using that exact same session; explorer and librarian sessions must always be closed immediately after their response, and retry sessions must be closed after the retry result unless explicit same-session reuse is still required.",

package/dist/{chunk-R2AP6O5Q.js → chunk-WGFDTUZI.js}

@@ -912,11 +912,15 @@ Tiebreakers:
 </subagent-prompts>
 
 <internal-handoff>
-Before dispatching {{role.designer}}, {{role.quick}}, or {{role.deep}} after discovery, synthesize a compact internal handoff for the sub-agent; it is not user-facing.
+Before dispatching {{role.designer}}, {{role.quick}}, or {{role.deep}} after discovery, synthesize a compact internal handoff body for root-owned session context; it is not user-facing and must not be embedded in the initial sub-agent prompt.
 
-Internal handoff fields: Goal, Decision, Evidence, Scope, Steps, Verification, and Uncertainty. Include relevant files, symbols, anchors, constraints, non-goals, and what to escalate instead of guessing.
+Internal handoff fields: Goal, Decision, Evidence, Scope, Steps, Verification, Uncertainty, relevant files or symbols, suggested skills when applicable, constraints, non-goals, escalation conditions, and next focus.
 
-Never mention the internal handoff to the user, ask the user to prepare it, or present handoff preparation as the recommended next step. Describe the actual work instead.
+When thoth-mem session-summary tooling and parent session/project identity are available, save or refresh that handoff body with root-owned \`mem_session_summary\` before dispatch. If the tooling or identity is unavailable, disclose that root-owned compaction could not be persisted and continue with explicit task instructions and local context; do not invent a fallback session or ask a sub-agent to create one.
+
+The delegated prompt carries task instructions plus handoff recovery instructions only: parent \`session_id\`, project, persistence mode, memory permissions, bounded 3-layer recall steps, non-goals, escalation conditions, and redaction requirements. It must not include the handoff body, raw transcripts, file dumps, secrets, credentials, irrelevant context, or generated sub-agent prompts as memory source material.
+
+Never mention internal handoff preparation to the user, ask the user to prepare it, or present handoff preparation as the recommended next step. Describe the actual work instead.
 
 For {{role.explorer}}/{{role.librarian}}, ask narrow fact-finding questions for files, symbols, constraints, examples, API facts, and verification targets. Require decision-ready findings, not raw context.
 </internal-handoff>
@@ -932,7 +936,7 @@ For {{role.explorer}}/{{role.librarian}}, ask narrow fact-finding questions for
 - If a named subagent hits capacity, retry that same role up to 3 attempts.
 - Never switch to \`default\`, \`worker\`, or any other role.
 - After 3 failures, stay on the same role; if a same-role model override exists, use it. Otherwise report a capacity blocker.
-- Write-capable dispatches must include the internal handoff when one exists, so implementers can edit instead of rediscovering the plan.
+- Write-capable dispatches must include task instructions and handoff retrieval instructions when a root-owned handoff summary exists, so implementers can recover context without rediscovering settled scope.
 - Never tell sub-agents to discard working-tree changes.
 </dispatch>
 
@@ -1148,18 +1152,31 @@ function renderSubagentRules(section, dialect) {
   ];
   if (section.memoryAccess === "readonly") {
     rules.push(
-      "- Use read-only thoth-mem only when dispatch gives session_id/project: `mem_search` -> `mem_timeline` -> `mem_get_observation`.",
+      "- Use read-only thoth-mem only when dispatch gives parent session_id/project and handoff recovery instructions: `mem_search` -> `mem_timeline` -> `mem_get_observation`.",
+      "- The canonical recall path remains `mem_search` -> `mem_timeline` -> `mem_get_observation`; use bounded context tools only as supplemental context when explicitly allowed.",
+      "- If either parent session_id or project is missing, do NOT call thoth-mem; rely on explicit task instructions and local evidence.",
+      "- Recover the parent-session handoff summary through bounded 3-layer recall before treating memory as source material.",
+      "- Report when recalled context is missing, stale, contradictory, or insufficient.",
+      "- Use project-scoped read tools (`mem_context`, `mem_project_summary`, `mem_project_graph`, `mem_topic_keys`) only when explicitly allowed by the delegated task instructions and bounded to the parent session/project scope.",
       "- Never call `mem_session_start`, `mem_session_summary`, or `mem_save_prompt`; those tools are orchestrator-owned.",
+      "- Never save generated subagent prompts as user intent.",
       "- Never write memory; memory writes are orchestrator-owned."
     );
   }
   if (section.memoryAccess === "writable") {
     rules.push(
-      "- Use delegated thoth-mem tools only (mem_save, mem_search, mem_get_observation, mem_timeline, mem_suggest_topic_key).",
+      "- Use delegated thoth-mem tools only (mem_save, mem_search, mem_get_observation, mem_timeline, mem_context, mem_project_summary, mem_project_graph, mem_topic_keys, mem_suggest_topic_key).",
       "- Never call `mem_session_start`, `mem_session_summary`, or `mem_save_prompt`; those tools are orchestrator-owned.",
       "- Always use the parent session_id/project from dispatch for every thoth-mem call.",
       "- If either is missing, do NOT call thoth-mem.",
-      "- For reads, use only `mem_search` -> `mem_timeline` -> `mem_get_observation`.",
+      "- Follow handoff recovery instructions from the delegated task before using persisted memory.",
+      "- For reads, use only `mem_search` -> `mem_timeline` -> `mem_get_observation` and recover the parent-session handoff summary before treating memory as source material.",
+      "- Keep 3-layer recall canonical; use `mem_context`, `mem_project_summary`, `mem_project_graph`, and `mem_topic_keys` only as bounded supplemental context when the dispatch explicitly permits project-scoped reads.",
+      "- Report when recalled context is missing, stale, contradictory, or insufficient.",
+      "- Use project-scoped read tools only when explicitly allowed by the delegated task instructions and bounded to the parent session/project scope.",
+      "- `mem_save` is allowed only for delegated durable implementation observations or assigned SDD artifacts/apply-progress under the parent session/project.",
+      "- Protect the `sdd/*` namespace: deterministic SDD artifacts use `sdd/{change}/{artifact}`; general durable observations must stay outside `sdd/*`.",
+      "- Never save generated subagent prompts as user intent.",
       "- You do not own durable memory of your own; `mem_save` writes under the orchestrator's session/project only."
     );
   }

package/dist/cli/index.js

@@ -25,7 +25,7 @@ import {
   getOperationHarness,
   installRecommendedSkill,
   listOperationHarnesses
-} from "../chunk-U5FPYFMX.js";
+} from "../chunk-SCM2O4TP.js";
 import {
   ALL_AGENT_NAMES,
   CUSTOM_SKILLS,
@@ -37,7 +37,7 @@ import {
   getExistingLiteConfigPath,
   installCustomSkills,
   writeLiteConfig
-} from "../chunk-R2AP6O5Q.js";
+} from "../chunk-WGFDTUZI.js";
 
 // src/cli/index.ts
 import { pathToFileURL } from "url";

package/dist/cli/tui/index.js

@@ -15,13 +15,13 @@ import {
   getOpenCodeStatus,
   listOperationHarnesses,
   parseRoleTomlModel
-} from "../../chunk-U5FPYFMX.js";
+} from "../../chunk-SCM2O4TP.js";
 import {
   ALL_AGENT_NAMES,
   DEFAULT_MODELS,
   getExistingLiteConfigPath,
   parseConfig
-} from "../../chunk-R2AP6O5Q.js";
+} from "../../chunk-WGFDTUZI.js";
 
 // src/cli/tui/index.tsx
 import { render } from "ink";

package/dist/harness/core/memory-governance.d.ts

@@ -1,7 +1,7 @@
 import type { HarnessPromptDialect } from '../../agents/prompt-dialects';
 import type { HarnessCapabilityStatus, HarnessDiagnostic } from '../types';
 import type { AgentRoleContract, AgentRoleName } from './agent-pack';
-export type MemoryToolName = 'mem_session_start' | 'mem_session_summary' | 'mem_save_prompt' | 'mem_search' | 'mem_timeline' | 'mem_get_observation' | 'mem_suggest_topic_key' | 'mem_save';
+export type MemoryToolName = 'mem_session_start' | 'mem_session_summary' | 'mem_save_prompt' | 'mem_search' | 'mem_timeline' | 'mem_get_observation' | 'mem_context' | 'mem_project_summary' | 'mem_project_graph' | 'mem_topic_keys' | 'mem_suggest_topic_key' | 'mem_save';
 export type MemoryRuntimeEnforcement = 'runtime' | 'instruction-only';
 export interface RoleMemoryGovernance {
     role: AgentRoleName;

package/dist/index.js

@@ -26,7 +26,7 @@ import {
   loadPluginConfig,
   renderRolePrompt,
   stripJsonComments
-} from "./chunk-R2AP6O5Q.js";
+} from "./chunk-WGFDTUZI.js";
 
 // src/index.ts
 import path4 from "path";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thoth-agents",
-  "version": "0.1.10",
+  "version": "0.1.13",
   "description": "Delegate-first OpenCode plugin with seven agents, thoth-mem persistence, and bundled SDD skills.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/skills/_shared/openspec-convention.md

@@ -75,6 +75,11 @@ for `openspec` and `hybrid` modes. thoth-mem topic keys are the memory
 representation when the mode includes thoth-mem; neither representation changes
 the harness-neutral artifact names or lifecycle.
 
+Delegated handoff summaries are not OpenSpec artifacts. They are root-owned
+session summary context when thoth-mem is available, while subagent prompts
+carry recovery instructions and continue to use the canonical OpenSpec paths
+above for filesystem artifact recovery.
+
 ## Writing Rules
 
 - Preserve canonical filenames and locations.

package/src/skills/_shared/persistence-contract.md

@@ -60,13 +60,36 @@ sub-agents:
 - Includes: proposal, spec, design, tasks, apply-progress, verify-report,
   archive-report, state
 - Sub-agents persist these directly when the active mode includes thoth-mem
-- Sub-agents do NOT write general memory observations
+- Sub-agents persist apply-progress or other deterministic SDD artifacts only
+  when that phase explicitly delegates the write under the parent
+  session/project
+- Sub-agents do NOT write general memory observations unless the dispatch
+  explicitly authorizes a delegated durable implementation observation outside
+  the `sdd/*` namespace
 
 This split preserves artifact nuance (sub-agents have full context when writing)
 while keeping general memory centralized under orchestrator control. In
 harnesses that cannot hard-enforce the split, treat it as instruction-level
 governance and disclose any unsupported-capability that prevents compliance.
 
+## Delegated Handoffs
+
+Root/orchestrator handoffs are treated as compaction boundaries. When
+root-owned `mem_session_summary` and parent identity are available, the root
+saves or refreshes the handoff body as session summary context before
+delegation.
+
+The initial subagent prompt includes task instructions, parent `session_id`,
+project, persistence mode, memory permissions, and recovery instructions. It
+does not include the handoff body, raw transcripts, secrets, generated
+subagent prompts, or file dumps. Subagents recover that context through the
+3-layer recall protocol before treating memory content as source material.
+
+If parent identity or summary tooling is unavailable, the root reports that
+compaction could not be persisted and the subagent relies on explicit task
+instructions and local evidence only. Subagents must not create fallback
+memory sessions.
+
 ## Retrieval Protocol
 
 ### 3-Layer Recall for thoth-mem and hybrid modes

package/src/skills/_shared/thoth-mem-convention.md

@@ -16,6 +16,12 @@ Governance that a harness cannot hard-enforce remains instruction-level:
 semantic role ownership, parent session/project scoping, prompt-save
 prohibitions, and SDD topic-key namespace protection still apply.
 
+Root-owned delegation handoffs use the same convention: the handoff body lives
+in a root-owned `mem_session_summary` when available, while subagent prompts
+carry task instructions plus parent-scoped recovery instructions. Do not place
+the handoff body in the initial subagent prompt or structured attachment
+payload.
+
 ## Mode Scope
 
 This convention applies only when the artifact store mode includes thoth-mem:
@@ -84,6 +90,12 @@ surface → `mem_timeline(id)` when needed for chronology →
 
 ## Three-Layer Recall Protocol
 
+For delegated handoffs, subagents may use this protocol only when the dispatch
+includes both parent `session_id` and `project`. The first recalled source
+should be the parent-session handoff summary or exact SDD topic assigned by the
+orchestrator; if recall is missing, stale, contradictory, or insufficient,
+report that limitation instead of inventing context.
+
 1. **Scan compact index** by exact topic key:
 
 Use the memory tool binding for `mem_search` with
@@ -122,3 +134,9 @@ and the full artifact markdown in `content`.
 
 For `sdd-apply`, save the progress report under `apply-progress` and re-save the
 updated task list under `tasks` after checkboxes change.
+
+Write-capable subagents may call `mem_save` only when the task explicitly
+delegates a durable implementation observation or deterministic SDD artifact
+write under the parent session/project. General observations must use topic
+keys outside `sdd/*`; deterministic SDD artifacts keep the canonical
+`sdd/{change-name}/{artifact}` format.

package/src/skills/thoth-mem-agents/SKILL.md

@@ -136,6 +136,26 @@ After compaction, first preserve the compacted summary with
 `mem_session_summary`, then recover recent context and use Targeted 3-layer
 recall before continuing. Do not invent missing memory.
 
+### Delegation Handoff as Compaction
+
+Before delegating after meaningful context changes, the root/main orchestrator
+should treat the handoff as a context-compaction boundary. When
+`mem_session_summary` and the parent `session_id`/project are available, the
+root MUST save or refresh the handoff body as root-owned session summary
+context before dispatch.
+
+The initial subagent prompt carries task instructions plus recovery
+instructions, not the handoff body. Include the parent `session_id`, project,
+persistence mode, memory permissions, and bounded 3-layer recall instructions
+when memory recall or SDD persistence is delegated. Do not embed the handoff
+summary body, raw transcripts, secrets, unrelated context, file dumps, or
+generated subagent prompts in the prompt or structured attachments.
+
+If root-owned compaction cannot be persisted because tooling or parent identity
+is unavailable, disclose that limitation and continue with explicit task
+instructions and local context. Do not ask a subagent to create a fallback
+session, call `mem_session_summary`, or save the generated dispatch prompt.
+
 ### SDD Topic Keys
 
 SDD artifacts saved to thoth-mem use deterministic topic keys:
@@ -151,6 +171,7 @@ Never reuse the `sdd/...` namespace for general durable observations.
 
 These tools are read/context only, not session-owned artifacts:
 
+- `mem_context`
 - `mem_project_summary`
 - `mem_project_graph`
 - `mem_topic_keys`
@@ -184,6 +205,8 @@ When a subagent is allowed to touch thoth-mem, the orchestrator MUST pass:
 - parent `session_id`
 - `project`
 - any thoth-mem limits or ownership constraints relevant to the task
+- handoff recovery instructions when the task depends on root-owned session
+  summary context
 
 If a subagent does NOT receive both `session_id` and `project`, it MUST NOT call
 any thoth-mem tool.
@@ -202,13 +225,20 @@ Allowed pattern only:
 1. `mem_search`
 2. `mem_timeline`
 3. `mem_get_observation`
-4. `mem_project_summary` when project overview is needed
-5. `mem_project_graph` when relationship/lineage investigation is needed
-6. `mem_topic_keys` when topic-key discovery or inspection is needed
+4. `mem_context` when parent-session context overview is needed
+5. `mem_project_summary` when project overview is needed
+6. `mem_project_graph` when relationship/lineage investigation is needed
+7. `mem_topic_keys` when topic-key discovery or inspection is needed
 
 Rules:
 
 - Use the parent `session_id` and `project` from dispatch.
+- Use bounded 3-layer recall to recover the parent-session handoff summary
+  before treating memory as source material.
+- Keep 3-layer recall canonical; use `mem_context`, `mem_project_summary`,
+  `mem_project_graph`, and `mem_topic_keys` only as bounded supplements when
+  dispatch explicitly allows project-scoped/context reads.
+- Report missing, stale, contradictory, or insufficient recalled context.
 - Do not call `mem_save`, `mem_update`, `mem_session_start`,
   `mem_session_summary`, or `mem_save_prompt`.
 - Do not treat `mem_search` output as the artifact body.
@@ -222,8 +252,9 @@ Semantic roles: deep, quick, designer.
 Allowed thoth-mem behavior:
 
 - same 3-layer recall as read-only agents when reading
-- project-scoped read tools when a broader project/topic context is explicitly
-  needed
+- bounded context tools (`mem_context`, `mem_project_summary`,
+  `mem_project_graph`, `mem_topic_keys`) when broader parent/project context is
+  explicitly needed
 - `mem_save` for delegated durable observations that arise from their
   implementation work
 
@@ -231,9 +262,12 @@ Rules:
 
 - Use the parent `session_id` and `project` from dispatch on every thoth-mem
   call.
-- Do not call `mem_context`; writable subagents stay on the same bounded
-  3-layer recall path, using project-scoped read tools only when explicitly
-  granted in dispatch.
+- Use bounded 3-layer recall to recover the parent-session handoff summary
+  before treating memory as source material.
+- Keep 3-layer recall canonical; use `mem_context`, `mem_project_summary`,
+  `mem_project_graph`, and `mem_topic_keys` only as bounded supplements when
+  dispatch explicitly allows project-scoped/context reads.
+- Report missing, stale, contradictory, or insufficient recalled context.
 - Never create or close sessions.
 - Never save prompts.
 - You do not own durable memory of your own. Any `mem_save` is a delegated
@@ -241,6 +275,9 @@ Rules:
   session.
 - Save only durable information: decisions, bugfixes, patterns,
   configuration changes, discoveries, and explicitly assigned SDD artifacts.
+- For SDD apply work, save `apply-progress` or assigned deterministic SDD
+  artifacts only when explicitly delegated and only under the parent
+  session/project.
 
 ## Memory Types and Topic Keys
 
@@ -276,6 +313,8 @@ Before dispatching subagents in a thoth-mem workflow, verify all of this:
   `mem_save` delegated observations under the parent session/project, and
   whether project-scoped read tools (`mem_project_summary`, `mem_project_graph`,
   `mem_topic_keys`) are allowed.
+- If a root-owned handoff summary exists, the dispatch includes recovery
+  instructions but not the summary body.
 - The dispatch does NOT ask the subagent to save prompts.
 - The dispatch does NOT ask the subagent to write session summaries.
 - If the work is SDD-related, the dispatch preserves the shared topic-key rules
@@ -291,7 +330,8 @@ Reject these patterns immediately:
 - Subagent calls `mem_save_prompt`.
 - Subagent calls `mem_session_start` or `mem_session_summary`.
 - Subagent uses thoth-mem without parent `session_id` and `project`.
-- Writable subagent calls `mem_context` instead of the bounded 3-layer recall.
+- Subagent uses `mem_context` as a replacement for the bounded 3-layer recall
+  path.
 - Subagent uses project-scoped read tools without explicit permission in the
   dispatch.
 - Read-only subagent writes memory.