tycono 0.1.94-beta.1 → 0.1.94-beta.10

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tycono",
-  "version": "0.1.94-beta.1",
+  "version": "0.1.94-beta.10",
   "description": "Build an AI company. Watch them work.",
   "type": "module",
   "bin": {
@@ -23,7 +23,7 @@
     "dev:web": "npm run dev --prefix src/web",
     "build": "npm run build:web && npm run build:forge",
     "build:web": "npm run build --prefix src/web",
-    "build:forge": "tsup --config tsup.forge.ts",
+    "build:forge": "cp node_modules/tyconoforge/dist/tyconoforge.js src/web/dist/tyconoforge.js",
     "typecheck": "npm run typecheck:api && npm run typecheck:web",
     "typecheck:api": "cd src/api && npx tsc --noEmit",
     "typecheck:web": "cd src/web && npx tsc --noEmit",
@@ -38,6 +38,7 @@
     "gray-matter": "^4.0.3",
     "marked": "^15.0.6",
     "tsx": "^4.19.3",
+    "tyconoforge": "^0.1.0-beta.0",
     "yaml": "^2.7.0"
   },
   "devDependencies": {

package/src/api/src/create-server.ts

@@ -128,7 +128,8 @@ export function createHttpServer(): http.Server {
     }
 
     // SSE 엔드포인트: Express 우회하여 raw HTTP로 처리
-    if ((url.startsWith('/api/exec/') || url.startsWith('/api/jobs') || url === '/api/waves/save' || url === '/api/setup/import-knowledge') && method === 'POST') {
+    // BUG-008: /api/waves/:waveId/directive and /api/waves/:waveId/question POST도 포함
+    if ((url.startsWith('/api/exec/') || url.startsWith('/api/jobs') || url.startsWith('/api/waves/') || url === '/api/waves/save' || url === '/api/setup/import-knowledge') && method === 'POST') {
       setExecCors(req, res);
       if (url === '/api/setup/import-knowledge') {
         handleImportKnowledge(req, res);

package/src/api/src/engine/context-assembler.ts

@@ -743,8 +743,14 @@ function buildSupervisionSection(node: OrgNode): string {
    - ✅ **Peer consult**: Unsure about business/market direction? → \`python3 "$CONSULT_CMD" cbo "question"\`
    - ⚠️ **Course correct**: Wrong direction → \`python3 "$SUPERVISION_CMD" amend <ses-id> "new instruction"\`
    - 🛑 **Abort**: Seriously wrong → \`python3 "$SUPERVISION_CMD" abort <ses-id> --reason "why"\`
-   - ✅ **All done**: Compile results and report to your superior
+   - ✅ **All done?** → Before reporting done, **verify deliverables** (see Quality Gate below)
 4. **Repeat** watch until all subordinates complete. Do NOT stop after one tick.
+5. **Quality Gate**: When subordinates report done, **run and test** the output:
+   - For web apps/games: start a local server and open in browser to verify it actually works
+   - Try the core user interactions — if basic things don't work, it's NOT done
+   - Check that required libraries/tools mentioned in the task are actually used
+   - If gaps found → re-dispatch with **specific, actionable** feedback (not "improve quality")
+   - There is NO time limit. Non-working code is worse than less code that works.
 
 ## Supervision Commands
 

package/src/api/src/engine/runners/claude-cli.ts

@@ -371,10 +371,9 @@ elif cmd == 'amend':
         log('Usage: supervision amend <sessionId> "<instruction>"')
         sys.exit(1)
 
-    # Amend uses continue-session with amended context
+    # Amend sends a message to the session with amendment instructions
     body = json.dumps({
-        'response': f'[SUPERVISION AMENDMENT] {instruction}',
-        'responderRole': os.environ.get('DISPATCH_SOURCE_ROLE', 'ceo'),
+        'content': f'[SUPERVISION AMENDMENT] {instruction}',
     }).encode()
 
     try:

package/src/api/src/routes/execute.ts

@@ -21,7 +21,6 @@ import { earnCoinsInternal } from './coins.js';
 import { appendFollowUpToWave } from '../services/wave-tracker.js';
 import { waveMultiplexer } from '../services/wave-multiplexer.js';
 import { supervisorHeartbeat } from '../services/supervisor-heartbeat.js';
-import { readConfig } from '../services/company-config.js';
 
 /* ─── Auto-attach child executions to wave multiplexer ── */
 executionManager.onExecutionCreated((exec) => {
@@ -220,12 +219,8 @@ function handleStartJob(body: Record<string, unknown>, res: ServerResponse): voi
 
     const targetRoles = body.targetRoles as string[] | undefined;
 
-    // Check supervision mode from config (same as legacy /api/exec/wave)
-    const config = readConfig(COMPANY_ROOT);
-    const supervisionMode = config.supervision?.mode ?? 'direct';
-
-    if (supervisionMode === 'supervisor') {
-      // Supervisor mode: start a single CEO Supervisor session that dispatches C-Levels
+    // Always use supervisor mode — CEO supervises C-Levels who supervise members
+    {
       const state = supervisorHeartbeat.start(
         `wave-${Date.now()}`,
         directive,
@@ -245,71 +240,6 @@ function handleStartJob(body: Record<string, unknown>, res: ServerResponse): voi
       });
       return;
     }
-
-    // Direct mode (default): dispatch all C-Levels simultaneously
-    const orgTree = buildOrgTree(COMPANY_ROOT);
-    let cLevelRoles = getSubordinates(orgTree, 'ceo');
-
-    if (targetRoles && Array.isArray(targetRoles) && targetRoles.length > 0) {
-      const allowed = new Set(targetRoles);
-      cLevelRoles = cLevelRoles.filter(r => allowed.has(r));
-    }
-
-    if (cLevelRoles.length === 0) {
-      jsonResponse(res, 400, { error: 'No C-level roles found to dispatch wave.' });
-      return;
-    }
-
-    const fullTargetScope = targetRoles && targetRoles.length > 0 ? targetRoles : undefined;
-
-    const newWaveId = `wave-${Date.now()}`;
-    const sessionIds: string[] = [];
-
-    for (const cRole of cLevelRoles) {
-      const session = createSession(cRole, {
-        mode: 'do',
-        source: 'wave',
-        waveId: newWaveId,
-      });
-      sessionIds.push(session.id);
-
-      const ceoMsg: Message = {
-        id: `msg-${Date.now()}-ceo-${cRole}`,
-        from: 'ceo',
-        content: directive,
-        type: 'directive',
-        status: 'done',
-        timestamp: new Date().toISOString(),
-        attachments,
-      };
-      addMessage(session.id, ceoMsg);
-
-      const exec = executionManager.startExecution({
-        type: 'wave',
-        roleId: cRole,
-        task: `[CEO Wave] ${directive}`,
-        sourceRole: 'ceo',
-        parentSessionId,
-        targetRoles: fullTargetScope,
-        sessionId: session.id,
-        attachments,
-      });
-
-      waveMultiplexer.registerSession(newWaveId, exec);
-
-      const roleMsg: Message = {
-        id: `msg-${Date.now() + 1}-role-${cRole}`,
-        from: 'role',
-        content: '',
-        type: 'conversation',
-        status: 'streaming',
-        timestamp: new Date().toISOString(),
-      };
-      addMessage(session.id, roleMsg, true);
-    }
-
-    jsonResponse(res, 200, { sessionIds, waveId: newWaveId });
-    return;
   }
 
   // Assign
@@ -380,12 +310,45 @@ function handleSaveWave(body: Record<string, unknown>, res: ServerResponse): voi
   let sessionIds = (body.sessionIds ?? body.jobIds) as string[] | undefined;
   const waveId = body.waveId as string | undefined;
 
-  // BUG-W01 fix: auto-collect sessionIds from session-store when waveId is present
+  // BUG-W01 + BUG-009 fix: auto-collect sessionIds from session-store AND activity-streams
   if (waveId && (!sessionIds || sessionIds.length === 0)) {
-    const allSessions = listSessions();
-    sessionIds = allSessions
-      .filter(s => s.waveId === waveId)
-      .map(s => s.id);
+    const sessionIdSet = new Set(
+      listSessions().filter(s => s.waveId === waveId).map(s => s.id)
+    );
+
+    // Scan activity-streams for sessions belonging to this wave
+    const streamsDir = path.join(COMPANY_ROOT, 'operations', 'activity-streams');
+    if (fs.existsSync(streamsDir)) {
+      const waveTimestamp = waveId.replace('wave-', '');
+      for (const file of fs.readdirSync(streamsDir)) {
+        if (!file.endsWith('.jsonl')) continue;
+        const sid = file.replace('.jsonl', '');
+        if (sessionIdSet.has(sid)) continue;
+        if (sid.includes(waveTimestamp)) {
+          sessionIdSet.add(sid);
+        }
+      }
+
+      // Recursively find all child sessions via dispatch:start events
+      let foundNew = true;
+      while (foundNew) {
+        foundNew = false;
+        for (const sid of Array.from(sessionIdSet)) {
+          try {
+            const events = ActivityStream.readAll(sid);
+            for (const e of events) {
+              const childSessionId = e.data.childSessionId as string | undefined;
+              if (e.type === 'dispatch:start' && childSessionId && !sessionIdSet.has(childSessionId)) {
+                sessionIdSet.add(childSessionId);
+                foundNew = true;
+              }
+            }
+          } catch { /* skip */ }
+        }
+      }
+    }
+
+    sessionIds = Array.from(sessionIdSet);
     console.log(`[WaveSave] Auto-collected ${sessionIds.length} sessionIds for wave ${waveId}`);
   }
 
@@ -457,14 +420,45 @@ function handleSaveWave(body: Record<string, unknown>, res: ServerResponse): voi
   }
   const jsonPath = path.join(wavesDir, `${baseName}.json`);
 
+  // Calculate actual duration from activity stream timestamps
+  let startedAt = now;
+  let endedAt = now;
+  for (const role of rolesData) {
+    if (role.events.length > 0) {
+      const firstTs = new Date(role.events[0].ts);
+      const lastTs = new Date(role.events[role.events.length - 1].ts);
+      if (firstTs < startedAt) startedAt = firstTs;
+      if (lastTs > endedAt) endedAt = lastTs;
+    }
+    for (const child of role.childSessions) {
+      if (child.events.length > 0) {
+        const firstTs = new Date(child.events[0].ts);
+        const lastTs = new Date(child.events[child.events.length - 1].ts);
+        if (firstTs < startedAt) startedAt = firstTs;
+        if (lastTs > endedAt) endedAt = lastTs;
+      }
+    }
+  }
+  const duration = Math.round((endedAt.getTime() - startedAt.getTime()) / 1000);
+
+  // Collect ALL session IDs including child sessions
+  const allSessionIds = [...sessionIds];
+  for (const role of rolesData) {
+    for (const child of role.childSessions) {
+      if (!allSessionIds.includes(child.sessionId)) {
+        allSessionIds.push(child.sessionId);
+      }
+    }
+  }
+
   const waveJson = {
     id: baseName,
     directive,
-    startedAt: now.toISOString(),
-    duration: 0,
+    startedAt: startedAt.toISOString(),
+    duration,
     roles: rolesData,
     ...(waveId && { waveId }),
-    ...(sessionIds.length > 0 && { sessionIds }),
+    sessionIds: allSessionIds,
   };
   fs.writeFileSync(jsonPath, JSON.stringify(waveJson, null, 2), 'utf-8');
 
@@ -684,15 +678,8 @@ function handleWave(body: Record<string, unknown>, req: IncomingMessage, res: Se
 
   const targetRoles = body.targetRoles as string[] | undefined;
 
-  // Check supervision mode from config
-  const config = readConfig(COMPANY_ROOT);
-  const supervisionMode = config.supervision?.mode ?? 'direct';
-
-  if (supervisionMode === 'supervisor') {
-    handleWaveSupervisor(directive, targetRoles, req, res);
-  } else {
-    handleWaveDirect(directive, targetRoles, req, res);
-  }
+  // Always supervisor mode — CEO supervises C-Levels
+  handleWaveSupervisor(directive, targetRoles, req, res);
 }
 
 /**
@@ -721,105 +708,6 @@ function handleWaveSupervisor(directive: string, targetRoles: string[] | undefin
   });
 }
 
-/**
- * Direct mode (legacy): Dispatch all C-Levels simultaneously.
- * No CEO Supervisor — each C-Level runs independently.
- */
-function handleWaveDirect(directive: string, targetRoles: string[] | undefined, req: IncomingMessage, res: ServerResponse): void {
-  const orgTree = buildOrgTree(COMPANY_ROOT);
-  let cLevelRoles = getSubordinates(orgTree, 'ceo');
-
-  if (targetRoles && Array.isArray(targetRoles) && targetRoles.length > 0) {
-    const allowed = new Set(targetRoles);
-    cLevelRoles = cLevelRoles.filter(r => allowed.has(r));
-  }
-
-  if (cLevelRoles.length === 0) {
-    jsonResponse(res, 400, { error: 'No C-level roles found to dispatch wave.' });
-    return;
-  }
-
-  const fullTargetScope = targetRoles && targetRoles.length > 0 ? targetRoles : undefined;
-
-  const executions: Execution[] = [];
-  for (const cRole of cLevelRoles) {
-    const session = createSession(cRole, { mode: 'do' });
-    const exec = executionManager.startExecution({
-      type: 'wave',
-      roleId: cRole,
-      task: `[CEO Wave] ${directive}`,
-      sourceRole: 'ceo',
-      targetRoles: fullTargetScope,
-      sessionId: session.id,
-    });
-    executions.push(exec);
-  }
-
-  startSSE(res);
-  sendSSE(res, 'start', {
-    ids: executions.map((e) => e.id),
-    directive,
-    targetRoles: cLevelRoles,
-  });
-
-  let doneCount = 0;
-  const subscribers: Array<{ exec: Execution; sub: ActivitySubscriber }> = [];
-
-  for (const exec of executions) {
-    const subscriber: ActivitySubscriber = (event: ActivityEvent) => {
-      const rolePrefix = exec.roleId;
-      switch (event.type) {
-        case 'text':
-          sendSSE(res, 'output', { roleId: rolePrefix, text: event.data.text });
-          break;
-        case 'thinking':
-          sendSSE(res, 'thinking', { roleId: rolePrefix, text: event.data.text });
-          break;
-        case 'tool:start':
-          sendSSE(res, 'tool', { roleId: rolePrefix, name: event.data.name, input: event.data.input });
-          break;
-        case 'dispatch:start':
-          sendSSE(res, 'dispatch', { roleId: rolePrefix, targetRoleId: event.data.targetRoleId, task: event.data.task, childSessionId: event.data.childSessionId });
-          break;
-        case 'msg:turn-complete':
-          sendSSE(res, 'turn', { roleId: rolePrefix, turn: event.data.turn });
-          break;
-        case 'stderr':
-          sendSSE(res, 'stderr', { roleId: rolePrefix, message: event.data.message });
-          break;
-        case 'msg:awaiting_input':
-          sendSSE(res, 'role:awaiting_input', { roleId: rolePrefix, question: event.data.question, targetRole: event.data.targetRole, reason: event.data.reason });
-          break;
-        case 'msg:done':
-          sendSSE(res, 'role:done', { roleId: rolePrefix, ...event.data });
-          doneCount++;
-          if (doneCount >= executions.length) {
-            sendSSE(res, 'done', { directive, completedRoles: cLevelRoles });
-            res.end();
-          }
-          break;
-        case 'msg:error':
-          sendSSE(res, 'role:error', { roleId: rolePrefix, message: event.data.message });
-          doneCount++;
-          if (doneCount >= executions.length) {
-            sendSSE(res, 'done', { directive, completedRoles: cLevelRoles });
-            res.end();
-          }
-          break;
-      }
-    };
-
-    exec.stream.subscribe(subscriber);
-    subscribers.push({ exec, sub: subscriber });
-  }
-
-  req.on('close', () => {
-    for (const { exec, sub } of subscribers) {
-      exec.stream.unsubscribe(sub);
-    }
-  });
-}
-
 /* ─── POST /api/waves/:waveId/directive ──────── */
 
 function handleWaveDirective(waveId: string, body: Record<string, unknown>, res: ServerResponse): void {

package/src/api/src/routes/sessions.ts

@@ -56,6 +56,7 @@ sessionsRouter.patch('/:id', (req, res) => {
 
 /* DELETE /api/sessions — bulk delete (body: { ids }) or ?empty=true */
 sessionsRouter.delete('/', (req, res) => {
+  console.log(`[Sessions] DELETE / called (empty=${req.query.empty}, origin=${req.headers.origin ?? req.headers.referer ?? 'unknown'})`);
   if (req.query.empty === 'true') {
     const result = deleteEmpty();
     res.json(result);
@@ -72,6 +73,7 @@ sessionsRouter.delete('/', (req, res) => {
 
 /* DELETE /api/sessions/:id — delete session */
 sessionsRouter.delete('/:id', (req, res) => {
+  console.log(`[Sessions] DELETE /${req.params.id} called (origin=${req.headers.origin ?? req.headers.referer ?? 'unknown'})`);
   const ok = deleteSession(req.params.id);
   if (!ok) {
     res.status(404).json({ error: 'Session not found' });

package/src/api/src/services/session-store.ts

@@ -101,7 +101,11 @@ function writeImmediate(session: Session): void {
     clearTimeout(timer);
     writeTimers.delete(session.id);
   }
-  fs.writeFileSync(sessionPath(session.id), JSON.stringify(session, null, 2));
+  try {
+    fs.writeFileSync(sessionPath(session.id), JSON.stringify(session, null, 2));
+  } catch (err) {
+    console.error(`[SessionStore] WRITE FAILED for ${session.id}:`, err);
+  }
 }
 
 /* ─── In-memory cache ───────────────────── */
@@ -250,10 +254,22 @@ export function updateSession(id: string, updates: Partial<Pick<Session, 'title'
   return session;
 }
 
-export function deleteSession(id: string): boolean {
+export function deleteSession(id: string, force = false): boolean {
   const session = cache.get(id);
   if (!session) return false;
 
+  // BUG-008 fix: protect wave sessions from accidental deletion
+  if (session.waveId && !force) {
+    console.warn(`[SessionStore] BLOCKED deletion of wave session ${id} (waveId=${session.waveId}, roleId=${session.roleId}). Use force=true to override.`);
+    return false;
+  }
+  // BUG-008 hard guard: CEO supervisor session is NEVER deletable during wave
+  if (session.roleId === 'ceo' && session.waveId && session.source === 'wave') {
+    console.error(`[SessionStore] HARD BLOCK: CEO supervisor session ${id} cannot be deleted (waveId=${session.waveId}). This is a 1:1:1 invariant.`);
+    return false;
+  }
+
+  console.log(`[SessionStore] Deleting session ${id} (roleId=${session.roleId}, waveId=${session.waveId ?? 'none'}, messages=${session.messages.length})`);
   cache.delete(id);
   const p = sessionPath(id);
   if (fs.existsSync(p)) fs.unlinkSync(p);
@@ -272,6 +288,8 @@ export function deleteEmpty(): { deleted: number; ids: string[] } {
   const ids: string[] = [];
   for (const [id, session] of cache) {
     if (session.messages.length === 0) {
+      // BUG-008 fix: never delete wave sessions — they are managed by supervisor lifecycle
+      if (session.waveId) continue;
       ids.push(id);
     }
   }

package/src/api/src/services/supervisor-heartbeat.ts

@@ -12,10 +12,11 @@
  * - On restart, digest catches up with all missed events
  */
 import { executionManager, type Execution } from './execution-manager.js';
-import { createSession, getSession, listSessions } from './session-store.js';
+import { createSession, getSession, listSessions, addMessage, type Message } from './session-store.js';
 import { buildOrgTree, getSubordinates } from '../engine/org-tree.js';
 import { COMPANY_ROOT } from './file-reader.js';
 import { ActivityStream } from './activity-stream.js';
+import { saveCompletedWave } from './wave-tracker.js';
 
 /* ─── Types ──────────────────────────────────── */
 
@@ -267,27 +268,91 @@ ${cLevelList}
 - G-04: If you dispatch the same role 3+ times with no progress, intervene: "specify what's wrong concretely."
 - G-05: abort = graceful amend ("wrap up and stop"). Not a hard kill.
 - G-06: If two sessions show no events for 3+ minutes, suspect deadlock → re-sequence their work.
+- G-07: **Cross-team relay is YOUR job.** When a C-Level completes, immediately amend the other active C-Levels with a summary of the completed work. Example: CBO finishes game design → amend CTO: "CBO delivered game design docs. Key decisions: [summary]. Review and align your implementation."
+- G-08: Don't just watch passively. On every tick, ask: "Does any active C-Level need information from a completed C-Level?" If yes, amend with the relevant context.
+
+## Cross-Team Relay Protocol (CRITICAL)
+⛔ C-Levels do NOT talk to each other directly. YOU are the relay.
+
+When C-Level A completes while C-Level B is still active:
+1. Review A's deliverables (read their committed files or final report)
+2. Summarize the key decisions, artifacts, and constraints from A's work
+3. amend B: "C-Level A completed. Here are their deliverables relevant to your work: [summary]. Review and incorporate."
+4. On next tick, verify B acknowledged and reflected A's input
+
+When C-Level A produces intermediate results that B needs:
+1. amend B with the relevant intermediate output
+2. You don't need to wait for A to finish — relay as results become available
+
+Examples:
+- CBO finishes game design → amend CTO: "CBO delivered: world-building doc, 15 monster specs, quest design, UI guidelines. Ensure implementation matches these specs."
+- CTO's engineer creates API schema → amend CBO: "CTO's team defined the data schema. Here's the structure: [summary]. Adjust business docs if needed."
+- Designer finishes UI guide → relay to CTO team: "Designer's UI guide is ready at [path]. Frontend implementation should follow these specs."
 
 ## CEO Directive Channel
 If new CEO directives arrive mid-execution, they will appear in your supervision watch digest
 marked as [CEO DIRECTIVE]. These are PRIORITY 1 — process before anything else.
 ${recoveryContext}
 
+## Quality Gate (CRITICAL — G-09)
+⛔ **"Subordinate said done" ≠ "Work is actually done."**
+⛔ **"Code exists" ≠ "Code works."** You MUST run and test the output, not just read files.
+
+Before declaring yourself done, you MUST:
+
+1. **Read the actual output files** — don't trust status reports. Check the code yourself.
+2. **RUN it and test it** — this is the most important step:
+   - For web apps/games: \`cd <code-dir> && python3 -m http.server 9999\` then open in browser
+   - Actually try the core interactions (click buttons, press keys, navigate)
+   - If basic interactions fail (can't move, can't click, blank screen) → it's NOT done
+3. **Count against requirements** — if the directive says "15 monsters, 7 maps", count them.
+4. **Check the directive's specific tech requirements** — if it mentions a specific library/engine, verify it's actually used in the code (grep for it).
+5. **If quality is insufficient → re-dispatch** with specific, actionable feedback:
+   - "Arrow keys don't move the player. Fix input handling in WorldScene."
+   - "TyconoForge was required but not used. Add character rendering with TyconoForge.render()."
+   - NOT vague feedback like "improve quality" or "make it better"
+6. **Iterate until the directive is truly fulfilled.** There is NO time limit.
+   20,000 lines of non-working code is worse than 5,000 lines that actually play.
+
+Re-dispatch pattern:
+- dispatch same C-Level with specific gaps identified
+- Each iteration should close specific gaps, not redo everything
+- Maximum 5 iterations per C-Level before escalating
+
 ## Instructions
 1. Analyze the directive and decide which C-Level roles to dispatch (not necessarily all)
 2. Dispatch them with clear tasks
 3. Enter supervision watch loop
-4. Monitor, relay opinions, course-correct, until all done
-5. Compile results and report`;
-
-    // Create supervisor session
-    const session = createSession('ceo', {
-      mode: 'do',
-      source: 'wave',
-      waveId: state.waveId,
-    });
-
-    state.supervisorSessionId = session.id;
+4. Monitor, **actively relay results between teams**, course-correct
+5. When subordinates report done → **verify deliverables against requirements (G-09)**
+6. If gaps exist → re-dispatch with specific feedback. Repeat 3-5.
+7. Only when ALL requirements are met → compile results and report`;
+
+    // BUG-008 fix: Wave:Supervisor:Session = 1:1:1 invariant.
+    // Reuse existing session on restart instead of creating a new one.
+    let sessionId = state.supervisorSessionId;
+    if (sessionId && getSession(sessionId)) {
+      console.log(`[Supervisor] Reusing existing session ${sessionId} for wave ${state.waveId}`);
+    } else {
+      const session = createSession('ceo', {
+        mode: 'do',
+        source: 'wave',
+        waveId: state.waveId,
+      });
+      sessionId = session.id;
+      state.supervisorSessionId = sessionId;
+
+      // Add the directive as CEO message so the session isn't empty (prevents deleteEmpty cleanup)
+      const ceoMsg: Message = {
+        id: `msg-${Date.now()}-ceo-supervisor`,
+        from: 'ceo',
+        content: state.directive,
+        type: 'directive',
+        status: 'done',
+        timestamp: new Date().toISOString(),
+      };
+      addMessage(sessionId, ceoMsg);
+    }
     state.status = 'running';
 
     try {
@@ -297,14 +362,14 @@ ${recoveryContext}
         task: supervisorTask,
         sourceRole: 'ceo',
         targetRoles: state.targetRoles,
-        sessionId: session.id,
+        sessionId,
       });
 
       state.executionId = exec.id;
 
       this.watchExecution(state, exec);
 
-      console.log(`[Supervisor] Started for wave ${state.waveId} | session=${session.id} | exec=${exec.id}`);
+      console.log(`[Supervisor] Started for wave ${state.waveId} | session=${sessionId} | exec=${exec.id}`);
     } catch (err) {
       console.error(`[Supervisor] Failed to start for wave ${state.waveId}:`, err);
       state.status = 'error';
@@ -319,6 +384,12 @@ ${recoveryContext}
       } else if (event.type === 'msg:error') {
         exec.stream.unsubscribe(subscriber);
         this.onSupervisorCrash(state, String(event.data.message ?? 'unknown error'));
+      } else if (event.type === 'msg:awaiting_input') {
+        // BUG-016: turn:limit causes awaiting_input — treat as done-guard
+        // If all children are done → complete wave. Otherwise restart supervisor.
+        exec.stream.unsubscribe(subscriber);
+        console.log(`[Supervisor] awaiting_input (turn limit) for wave ${state.waveId}. Running done-guard.`);
+        this.onSupervisorDone(state);
       }
     };
 
@@ -341,6 +412,18 @@ ${recoveryContext}
     } else {
       console.log(`[Supervisor] Wave ${state.waveId} complete. All subordinates done.`);
       state.status = 'stopped';
+
+      // Auto-save the completed wave to operations/waves/
+      try {
+        const result = saveCompletedWave(state.waveId, state.directive);
+        if (result.ok) {
+          console.log(`[Supervisor] Wave auto-saved: ${result.path}`);
+        } else {
+          console.warn(`[Supervisor] Wave auto-save returned no result for ${state.waveId}`);
+        }
+      } catch (err) {
+        console.error(`[Supervisor] Failed to auto-save wave ${state.waveId}:`, err);
+      }
     }
   }