tycono 0.1.94-beta.5 → 0.1.94-beta.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tycono",
-  "version": "0.1.94-beta.5",
+  "version": "0.1.94-beta.7",
   "description": "Build an AI company. Watch them work.",
   "type": "module",
   "bin": {

package/src/api/src/engine/context-assembler.ts

@@ -743,8 +743,14 @@ function buildSupervisionSection(node: OrgNode): string {
    - ✅ **Peer consult**: Unsure about business/market direction? → \`python3 "$CONSULT_CMD" cbo "question"\`
    - ⚠️ **Course correct**: Wrong direction → \`python3 "$SUPERVISION_CMD" amend <ses-id> "new instruction"\`
    - 🛑 **Abort**: Seriously wrong → \`python3 "$SUPERVISION_CMD" abort <ses-id> --reason "why"\`
-   - ✅ **All done**: Compile results and report to your superior
+   - ✅ **All done?** → Before reporting done, **verify deliverables** (see Quality Gate below)
 4. **Repeat** watch until all subordinates complete. Do NOT stop after one tick.
+5. **Quality Gate**: When subordinates report done, **run and test** the output:
+   - For web apps/games: start a local server and open in browser to verify it actually works
+   - Try the core user interactions — if basic things don't work, it's NOT done
+   - Check that required libraries/tools mentioned in the task are actually used
+   - If gaps found → re-dispatch with **specific, actionable** feedback (not "improve quality")
+   - There is NO time limit. Non-working code is worse than less code that works.
 
 ## Supervision Commands
 

package/src/api/src/routes/sessions.ts

@@ -56,6 +56,7 @@ sessionsRouter.patch('/:id', (req, res) => {
 
 /* DELETE /api/sessions — bulk delete (body: { ids }) or ?empty=true */
 sessionsRouter.delete('/', (req, res) => {
+  console.log(`[Sessions] DELETE / called (empty=${req.query.empty}, origin=${req.headers.origin ?? req.headers.referer ?? 'unknown'})`);
   if (req.query.empty === 'true') {
     const result = deleteEmpty();
     res.json(result);
@@ -72,6 +73,7 @@ sessionsRouter.delete('/', (req, res) => {
 
 /* DELETE /api/sessions/:id — delete session */
 sessionsRouter.delete('/:id', (req, res) => {
+  console.log(`[Sessions] DELETE /${req.params.id} called (origin=${req.headers.origin ?? req.headers.referer ?? 'unknown'})`);
   const ok = deleteSession(req.params.id);
   if (!ok) {
     res.status(404).json({ error: 'Session not found' });

package/src/api/src/services/session-store.ts

@@ -254,10 +254,16 @@ export function updateSession(id: string, updates: Partial<Pick<Session, 'title'
   return session;
 }
 
-export function deleteSession(id: string): boolean {
+export function deleteSession(id: string, force = false): boolean {
   const session = cache.get(id);
   if (!session) return false;
 
+  // BUG-008 fix: protect wave sessions from accidental deletion
+  if (session.waveId && !force) {
+    console.warn(`[SessionStore] BLOCKED deletion of wave session ${id} (waveId=${session.waveId}, roleId=${session.roleId}). Use force=true to override.`);
+    return false;
+  }
+
   console.log(`[SessionStore] Deleting session ${id} (roleId=${session.roleId}, waveId=${session.waveId ?? 'none'}, messages=${session.messages.length})`);
   cache.delete(id);
   const p = sessionPath(id);

package/src/api/src/services/supervisor-heartbeat.ts

@@ -294,12 +294,39 @@ If new CEO directives arrive mid-execution, they will appear in your supervision
 marked as [CEO DIRECTIVE]. These are PRIORITY 1 — process before anything else.
 ${recoveryContext}
 
+## Quality Gate (CRITICAL — G-09)
+⛔ **"Subordinate said done" ≠ "Work is actually done."**
+⛔ **"Code exists" ≠ "Code works."** You MUST run and test the output, not just read files.
+
+Before declaring yourself done, you MUST:
+
+1. **Read the actual output files** — don't trust status reports. Check the code yourself.
+2. **RUN it and test it** — this is the most important step:
+   - For web apps/games: \`cd <code-dir> && python3 -m http.server 9999\` then open in browser
+   - Actually try the core interactions (click buttons, press keys, navigate)
+   - If basic interactions fail (can't move, can't click, blank screen) → it's NOT done
+3. **Count against requirements** — if the directive says "15 monsters, 7 maps", count them.
+4. **Check the directive's specific tech requirements** — if it mentions a specific library/engine, verify it's actually used in the code (grep for it).
+5. **If quality is insufficient → re-dispatch** with specific, actionable feedback:
+   - "Arrow keys don't move the player. Fix input handling in WorldScene."
+   - "TyconoForge was required but not used. Add character rendering with TyconoForge.render()."
+   - NOT vague feedback like "improve quality" or "make it better"
+6. **Iterate until the directive is truly fulfilled.** There is NO time limit.
+   20,000 lines of non-working code is worse than 5,000 lines that actually play.
+
+Re-dispatch pattern:
+- dispatch same C-Level with specific gaps identified
+- Each iteration should close specific gaps, not redo everything
+- Maximum 5 iterations per C-Level before escalating
+
 ## Instructions
 1. Analyze the directive and decide which C-Level roles to dispatch (not necessarily all)
 2. Dispatch them with clear tasks
 3. Enter supervision watch loop
-4. Monitor, **actively relay results between teams**, course-correct, until all done
-5. Compile results and report`;
+4. Monitor, **actively relay results between teams**, course-correct
+5. When subordinates report done → **verify deliverables against requirements (G-09)**
+6. If gaps exist → re-dispatch with specific feedback. Repeat 3-5.
+7. Only when ALL requirements are met → compile results and report`;
 
     // Create supervisor session
     const session = createSession('ceo', {