voidforge-build 23.17.0 → 23.19.0

package/dist/.claude/commands/assemble.md

@@ -67,6 +67,12 @@ Mandatory runtime verification BEFORE code review begins:
 
 **Gate:** All endpoints return expected status codes. No route collisions. No infinite render loops detected. Update assemble-state.
 
+## Workflow Execution — review phases (ADR-067)
+
+The **review-heavy fan-out phases** — Phase 3-5 (engage), 7-8 (sentinel), 12 (crossfire), 13 (council) — run as a **Dynamic Workflow** (`.claude/workflows/assemble-review.workflow.js`) over the mission's working diff, so the 15+-agent fan-out stays out of the lead's context (ADR-067; see `docs/methods/WORKFLOWS.md`). The **build/architecture/devops phases (1-2.5, 9) STAY prose orchestration** — they write code, are sequentially dependent, and need lead judgment + `--interactive` gates between them.
+
+Run the review workflow as **one workflow run per review pass** so an `--interactive` pause sits at the workflow boundary (workflows take no mid-run input). **Gate (ADR-064):** muster the Silver Surfer + `record-roster.sh` *before* invoking, then `Workflow({ scriptPath: '.claude/workflows/assemble-review.workflow.js', args: { diff, roster } })`. The lead applies fixes from the returned report, then re-runs to re-verify. The phase prose below is the canonical description; `--light`/`--solo` use the raw-Agent fallback (with a `bypass.sh`).
+
 ## Phase 3 — Review Round 1 (Full Roster — see Agent Deployment Manifest)
 **Fury:** "Picard's team — first pass. Find everything. Full roster deployed."
 

package/dist/.claude/commands/gauntlet.md

@@ -23,6 +23,18 @@ Opus scans `git diff --stat` and matches changed files against the `description`
 
 **Dispatch control:** `--light` skips dynamic dispatch (core only). `--solo` runs lead agent only.
 
+## Workflow Execution (default — ADR-067)
+
+The Gauntlet's 5-round skeleton runs as a **Dynamic Workflow** — `.claude/workflows/gauntlet.workflow.js` — so the 60–80 agents' intermediate findings live in script variables, not the lead's context (only the final synthesis returns). The rounds below define **what** each round does; the workflow **implements** them (discovery → JS dedupe → 3-lens REFUTE verify → crossfire → council). See `docs/methods/WORKFLOWS.md`.
+
+**Gate-compliant launch sequence (ADR-064 — the gate now covers the Workflow tool):**
+1. Run the **Silver Surfer** (Agent tool — self-launch always allowed) per the gate header above; announce the heralding.
+2. **Record the roster:** `[ -x scripts/surfer-gate/record-roster.sh ] && bash scripts/surfer-gate/record-roster.sh '<roster-json>' || true` — *before* invoking the workflow, or the gate blocks it.
+3. **Invoke the workflow:** `Workflow({ scriptPath: '.claude/workflows/gauntlet.workflow.js', args: { scope, roster: <Surfer roster>, } })`. The gate allows it (roster recorded); the workflow's internal `agent()` calls are that roster.
+4. **The lead applies fixes** from the returned report, then re-invokes the workflow to re-verify (workflows take no mid-run input — fix application + the Debate Protocol + severity re-rating stay lead/prose judgment).
+
+`--light`/`--solo` skip the workflow and use the raw-Agent path below as the fallback (set a `bypass.sh --light`/`--solo` so the gate permits the reduced run). The prose rounds below remain the canonical description of each round.
+
 ## Round 1 — Discovery (parallel)
 
 **Thanos:** "Before I test, I must understand."

package/dist/.claude/workflows/assemble-review.workflow.js

@@ -0,0 +1,137 @@
+// assemble-review.workflow.js — the REVIEW-heavy phases of /assemble, re-platformed.
+//
+// /assemble's build/architecture/devops phases STAY prose orchestration (they write
+// code, are sequentially dependent, and need lead judgment + --interactive gates
+// between them). Only the read-heavy fan-out phases move here (ADR-067): the 3x code
+// review (engage), 2x security (sentinel), crossfire, and council — run over a single
+// mission's working diff. Run this as ONE workflow per review pass so an --interactive
+// pause sits at the workflow boundary, not mid-run (workflows take no mid-run input).
+//
+// GATE (ADR-064): muster the Surfer + record-roster BEFORE invoking (see assemble.md).
+// Invoke: Workflow({ scriptPath: '.claude/workflows/assemble-review.workflow.js',
+//                    args: { diff, roster: [{id,name,key,lens}] } })
+
+export const meta = {
+  name: 'assemble-review',
+  description: 'Per-mission review fan-out: engage (code) + sentinel (security) → 3-lens verify → crossfire → council, over the working diff',
+  phases: [
+    { title: 'Review', detail: 'engage + sentinel lenses over the diff' },
+    { title: 'Verify', detail: '3-lens adversarial REFUTE on each claim' },
+    { title: 'Crossfire', detail: 'adversaries hunt NEW issues in the diff' },
+    { title: 'Council', detail: 'synthesize survivors by severity' },
+  ],
+}
+
+// Guarded parse: a malformed/empty `args` string must not crash the run before phase 1.
+let input = {}
+try {
+  input = typeof args === 'string' ? (args.trim() ? JSON.parse(args) : {}) : (args || {})
+} catch (_e) {
+  input = {}
+}
+const diff = input.diff || 'the working-tree diff for this mission (git diff)'
+const roster = Array.isArray(input.roster) && input.roster.length
+  ? input.roster
+  : [
+      { id: 'picard-architecture', name: 'Picard', key: 'arch', lens: 'architecture & pattern compliance' },
+      { id: 'stark-backend', name: 'Stark', key: 'backend', lens: 'API/DB/service correctness' },
+      { id: 'galadriel-frontend', name: 'Galadriel', key: 'ux', lens: 'UX/a11y of changed surfaces' },
+      { id: 'kenobi-security', name: 'Kenobi', key: 'sec', lens: 'auth/injection/secrets/data' },
+      { id: 'maul', name: 'Maul', key: 'redteam', lens: 'red-team the new attack surface' },
+    ]
+
+const FINDINGS = {
+  type: 'object', additionalProperties: false,
+  required: ['agent', 'findings'],
+  properties: {
+    agent: { type: 'string' },
+    findings: {
+      type: 'array',
+      items: {
+        type: 'object', additionalProperties: false,
+        required: ['title', 'severity', 'file', 'evidence'],
+        properties: {
+          title: { type: 'string' },
+          severity: { type: 'string', enum: ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'WARN'] },
+          file: { type: 'string' },
+          evidence: { type: 'string', description: '≥1 quoted changed line or concrete repro' },
+        },
+      },
+    },
+  },
+}
+const VOTE = { type: 'object', additionalProperties: false, required: ['confirm', 'reason'], properties: { confirm: { type: 'boolean' }, reason: { type: 'string' } } }
+const key = (f) => `${(f.file || '').toLowerCase()}::${(f.title || '').toLowerCase().slice(0, 60)}`
+
+// ── Review: engage + sentinel lenses over the DIFF only ───────────────────────
+phase('Review')
+const reviews = (await parallel(roster.map((a) => () =>
+  agent(
+    `You are ${a.name}. Review ONLY ${diff} through the ${a.lens} lens (do not review unchanged code). Evidence-backed findings only — file:line + a quoted CHANGED line or a real repro. For any access/permission/contract finding, name the governing SSOT and reconcile the fix direction (field report #349).`,
+    { label: `${a.name} · review:${a.key}`, phase: 'Review', schema: FINDINGS, agentType: a.name },
+  )
+))).filter(Boolean)
+
+const SEV_RANK = { CRITICAL: 5, HIGH: 4, MEDIUM: 3, LOW: 2, WARN: 1 }
+const seen = new Map()
+for (const r of reviews) for (const f of (r.findings || [])) {
+  const k = key(f)
+  if (!seen.has(k)) seen.set(k, { ...f, raisedBy: [r.agent] })
+  else {
+    const ex = seen.get(k)
+    ex.raisedBy.push(r.agent)
+    // Keep the highest severity any lens assigned + track who raised it (consensus
+    // visibility) — first-write-wins dropped both before.
+    if ((SEV_RANK[f.severity] || 0) > (SEV_RANK[ex.severity] || 0)) ex.severity = f.severity
+  }
+}
+const claims = [...seen.values()]
+log(`Review: ${reviews.length} lenses → ${claims.length} distinct claims over the diff.`)
+
+// ── Verify: 3-lens adversarial REFUTE (default-to-refuted; verify the FIX too) ─
+phase('Verify')
+const LENSES = ['correctness', 'reachability', 'refutation']
+const verdicts = await parallel(claims.map((c) => () =>
+  parallel(LENSES.map((lens) => () =>
+    agent(
+      `Adversarially verify via the ${lens} lens, reproducing through the REAL execution path (not a library in isolation): "${c.title}" [${c.severity}] at ${c.file}. Evidence: ${c.evidence}. REFUTE unless you cannot. On the refutation lens, also confirm the implied fix adds no new failure mode (wedge/loop/orphan/double-send/TOCTOU).`,
+      { label: `verify:${lens}:${(c.file || '').slice(0, 24)}`, phase: 'Verify', schema: VOTE },
+    )
+  )).then((votes) => { const v = votes.filter(Boolean); return { claim: c, confirmVotes: v.filter((x) => x.confirm).length } })
+))
+const confirmed = verdicts.filter(Boolean).filter((v) => v.confirmVotes >= 2).map((v) => v.claim)
+const refuted = verdicts.filter(Boolean).filter((v) => v.confirmVotes < 2)
+  .map((v) => ({ title: v.claim.title, file: v.claim.file, confirmVotes: v.confirmVotes }))
+log(`Verify: ${confirmed.length}/${claims.length} survived the 3-lens refute (${refuted.length} refuted, logged in the report).`)
+
+// ── Crossfire: adversaries hunt NEW issues the review cleared ─────────────────
+phase('Crossfire')
+const confirmedKeys = new Set(confirmed.map(key))
+const crossRaw = (await parallel([
+  { id: 'deathstroke', name: 'Deathstroke', key: 'pentest' },
+  { id: 'loki', name: 'Loki', key: 'chaos' },
+].map((a) => () =>
+  agent(
+    `You are ${a.name}, crossfire adversary over ${diff}. The review already ran — find NEW issues it cleared (bypasses, edge/chaos cases). Evidence-backed only.`,
+    { label: `${a.name} · crossfire:${a.key}`, phase: 'Crossfire', schema: FINDINGS, agentType: a.name },
+  )
+))).filter(Boolean)
+const crossNew = []
+for (const r of crossRaw) for (const f of (r.findings || [])) if (!confirmedKeys.has(key(f))) crossNew.push(f)
+const crossConfirmed = (await parallel(crossNew.map((c) => () =>
+  agent(`Adversarially verify (default-to-refuted), real execution path: "${c.title}" [${c.severity}] at ${c.file}. ${c.evidence}`,
+    { label: `verify:crossfire:${(c.file || '').slice(0, 20)}`, phase: 'Crossfire', schema: VOTE })
+    .then((v) => (v && v.confirm ? c : null))
+))).filter(Boolean)
+log(`Crossfire: ${crossNew.length} new → ${crossConfirmed.length} confirmed.`)
+
+// ── Council: synthesize (JS); the lead applies fixes, then re-runs to re-verify ─
+phase('Council')
+const all = [...confirmed, ...crossConfirmed]
+const sev = (s) => all.filter((f) => f.severity === s)
+return {
+  diff,
+  counts: { claims: claims.length, confirmed: confirmed.length, refuted: refuted.length, crossfireConfirmed: crossConfirmed.length },
+  critical: sev('CRITICAL'), high: sev('HIGH'), medium: sev('MEDIUM'), low: [...sev('LOW'), ...sev('WARN')],
+  refutedLog: refuted, // dropped from the actionable buckets, but never silently — logged per SUB_AGENTS.md
+}

package/dist/.claude/workflows/gauntlet.workflow.js

@@ -0,0 +1,211 @@
+// gauntlet.workflow.js — Thanos's Comprehensive Review as a Dynamic Workflow.
+//
+// Re-platforms /gauntlet's hand-fanned 60-80 agent rounds onto the Workflow tool
+// (ADR-067) so intermediate findings live in script variables, not the lead's
+// context. The lead's context only sees the final synthesis.
+//
+// GATE (ADR-064): the Workflow launch is gated. /gauntlet must muster the Silver
+// Surfer + record-roster BEFORE invoking this script (see gauntlet.md). The roster
+// is passed in via `args`; this script does NOT re-select it.
+//
+// What stays PROSE / lead judgment (NOT in this script): severity re-rating debate,
+// the Agent Debate Protocol, and the application of fixes. This script SCHEDULES the
+// find → dedupe → 3-lens-verify → crossfire → council skeleton and returns confirmed
+// findings; the lead applies fixes between runs (workflows take no mid-run input).
+//
+// Invoke: Workflow({ scriptPath: '.claude/workflows/gauntlet.workflow.js',
+//                     args: { scope, roster: [{id,name,key,domain}], rounds } })
+
+export const meta = {
+  name: 'gauntlet',
+  description: 'Comprehensive review: discovery → strike → 3-lens adversarial verify → crossfire → council (schema-validated)',
+  phases: [
+    { title: 'Discovery', detail: 'core domain leads map the surface' },
+    { title: 'Strike', detail: 'Surfer-selected specialists fan out' },
+    { title: 'Verify', detail: '3-lens adversarial REFUTE on every distinct claim' },
+    { title: 'Crossfire', detail: 'adversaries hunt NEW issues' },
+    { title: 'Council', detail: 'synthesize survivors by severity' },
+  ],
+}
+
+// Guarded parse: a malformed or empty `args` string must NOT throw and abort the
+// entire run before phase 1 (field report) — fall back to defaults instead.
+let input = {}
+try {
+  input = typeof args === 'string' ? (args.trim() ? JSON.parse(args) : {}) : (args || {})
+} catch (_e) {
+  input = {}
+}
+const scope = input.scope || 'the working tree / full codebase per gauntlet.md'
+// Surfer-selected specialists (gate-recorded upstream). Fall back to the canonical
+// core leads if no roster was passed (e.g. --light).
+const roster = Array.isArray(input.roster) && input.roster.length
+  ? input.roster
+  : [
+      { id: 'picard-architecture', name: 'Picard', key: 'architecture', domain: 'architecture' },
+      { id: 'stark-backend', name: 'Stark', key: 'backend', domain: 'code/backend' },
+      { id: 'galadriel-frontend', name: 'Galadriel', key: 'ux', domain: 'UX/a11y' },
+      { id: 'kenobi-security', name: 'Kenobi', key: 'security', domain: 'security' },
+      { id: 'kusanagi-devops', name: 'Kusanagi', key: 'devops', domain: 'infra/deploy' },
+    ]
+
+const FINDINGS = {
+  type: 'object', additionalProperties: false,
+  required: ['agent', 'findings'],
+  properties: {
+    agent: { type: 'string' },
+    findings: {
+      type: 'array',
+      items: {
+        type: 'object', additionalProperties: false,
+        required: ['title', 'severity', 'file', 'evidence'],
+        properties: {
+          title: { type: 'string' },
+          severity: { type: 'string', enum: ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'WARN'] },
+          file: { type: 'string', description: 'path:line, or "n/a"' },
+          evidence: { type: 'string', description: '≥1 quoted code line or a concrete repro; no vibes' },
+        },
+      },
+    },
+  },
+}
+
+const VERDICT = {
+  type: 'object', additionalProperties: false,
+  required: ['survives', 'confirmVotes', 'finalSeverity', 'rationale'],
+  properties: {
+    survives: { type: 'boolean', description: 'true only if ≥2 of the 3 lenses confirm AND the fix would not introduce a new failure mode' },
+    confirmVotes: { type: 'integer', description: '0-3' },
+    finalSeverity: { type: 'string', enum: ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'WARN', 'REFUTED'] },
+    rationale: { type: 'string' },
+  },
+}
+
+const key = (f) => `${(f.file || '').toLowerCase()}::${(f.title || '').toLowerCase().slice(0, 60)}`
+
+// ── Round 1: Discovery + Round 2/3: Strike ────────────────────────────────────
+const dom = (a) => a.domain || a.key || 'their domain'  // avoid literal "undefined" in prompts
+phase('Discovery')
+const discovery = (await parallel(roster.slice(0, 5).map((a) => () =>
+  agent(
+    `You are ${a.name} (${dom(a)}). GAUNTLET discovery pass over ${scope}. Map your domain and report concrete, evidence-backed findings only — every finding needs a file:line and a quoted line or a real repro (no speculation). Rate severity honestly.`,
+    { label: `${a.name} · discovery:${a.key}`, phase: 'Discovery', schema: FINDINGS, agentType: a.name },
+  )
+))).filter(Boolean)
+
+phase('Strike')
+// Specialists only (index ≥5). When the roster is ≤5 (the default/--light core-leads
+// set) there are NO specialists, so strike is EMPTY — falling back to the full roster
+// here re-ran the identical discovery agents with a "find what discovery missed" prompt,
+// doubling cost for no new coverage (field report). parallel([]) is a harmless no-op.
+const strikeRoster = roster.length > 5 ? roster.slice(5) : []
+if (!strikeRoster.length) log('Strike: no specialists beyond the 5 core leads — skipping (no double-pass).')
+const strike = (await parallel(strikeRoster.map((a) => () =>
+  agent(
+    `You are ${a.name} (${dom(a)}). GAUNTLET strike pass over ${scope}. Deep, adversarial domain review — find what discovery missed. Evidence-backed findings only (file:line + quoted line/repro).`,
+    { label: `${a.name} · strike:${a.key}`, phase: 'Strike', schema: FINDINGS, agentType: a.name },
+  )
+))).filter(Boolean)
+
+// ── Dedupe across all domains (plain JS — no agent) ───────────────────────────
+const SEV_RANK = { CRITICAL: 5, HIGH: 4, MEDIUM: 3, LOW: 2, WARN: 1 }
+const seen = new Map()
+for (const r of [...discovery, ...strike]) {
+  for (const f of (r.findings || [])) {
+    const k = key(f)
+    if (!seen.has(k)) seen.set(k, { ...f, raisedBy: [r.agent] })
+    else {
+      const ex = seen.get(k)
+      ex.raisedBy.push(r.agent)
+      // Keep the HIGHEST severity any agent assigned. First-write-wins silently
+      // discarded a later agent's escalation (e.g. one rates MEDIUM, another HIGH).
+      if ((SEV_RANK[f.severity] || 0) > (SEV_RANK[ex.severity] || 0)) ex.severity = f.severity
+    }
+  }
+}
+const claims = [...seen.values()]
+log(`Discovery+Strike: ${discovery.length + strike.length} agents → ${claims.length} distinct claims (deduped).`)
+
+// ── Step 4.5: 3-lens adversarial REFUTE on every distinct claim ───────────────
+// Default-to-refuted. Keep only claims ≥2/3 lenses confirm AND whose fix adds no
+// new failure mode. (Verify-the-FIX, field report #348 #4.)
+phase('Verify')
+const LENSES = ['correctness', 'reachability', 'refutation']
+const verified = await parallel(claims.map((c) => () =>
+  parallel(LENSES.map((lens) => () =>
+    agent(
+      `Adversarially verify this GAUNTLET claim through the ${lens} lens. Claim: "${c.title}" [${c.severity}] at ${c.file}. Evidence: ${c.evidence}. Your job is to REFUTE it — confirm ONLY if you cannot, citing the exact code. For the refutation lens, also check the implied FIX introduces no new failure mode (wedge/loop/orphan/double-send/TOCTOU). Reproduce through the REAL execution path, not a library in isolation (ADR/field report #356).`,
+      { label: `verify:${lens}:${(c.file || '').slice(0, 24)}`, phase: 'Verify', schema: { type: 'object', additionalProperties: false, required: ['confirm', 'reason'], properties: { confirm: { type: 'boolean' }, reason: { type: 'string' } } } },
+    )
+  )).then((votes) => {
+    const v = votes.filter(Boolean)
+    const confirmVotes = v.filter((x) => x.confirm).length
+    return { claim: c, survives: confirmVotes >= 2, confirmVotes, lensReasons: v.map((x) => x.reason) }
+  })
+))
+const confirmed = verified.filter(Boolean).filter((v) => v.survives).map((v) => ({ ...v.claim, confirmVotes: v.confirmVotes }))
+const refuted = verified.filter(Boolean).filter((v) => !v.survives).map((v) => ({ title: v.claim.title, confirmVotes: v.confirmVotes, why: v.lensReasons }))
+log(`Verify: ${confirmed.length} survived 3-lens refute, ${refuted.length} refuted (logged, dropped).`)
+
+// ── Round 4: Crossfire — adversaries hunt NEW issues the review cleared ────────
+phase('Crossfire')
+const ADVERSARIES = [
+  { id: 'maul', name: 'Maul', key: 'red-team' },
+  { id: 'deathstroke', name: 'Deathstroke', key: 'pentest' },
+  { id: 'loki', name: 'Loki', key: 'chaos' },
+]
+const crossfireRaw = (await parallel(ADVERSARIES.map((a) => () =>
+  agent(
+    `You are ${a.name}, a GAUNTLET crossfire adversary over ${scope}. The domain review already ran — hunt NEW issues it cleared (bypasses, chaos/edge cases, exploit chains). Evidence-backed only (file:line + repro).`,
+    { label: `${a.name} · crossfire:${a.key}`, phase: 'Crossfire', schema: FINDINGS, agentType: a.name },
+  )
+))).filter(Boolean)
+// New crossfire claims (not already confirmed) get the same one-pass refute.
+const confirmedKeys = new Set(confirmed.map(key))
+const crossNew = []
+for (const r of crossfireRaw) for (const f of (r.findings || [])) if (!confirmedKeys.has(key(f))) crossNew.push(f)
+const crossVerified = await parallel(crossNew.map((c) => () =>
+  agent(
+    `Adversarially verify (default-to-refuted) this crossfire claim, reproducing through the real execution path: "${c.title}" [${c.severity}] at ${c.file}. Evidence: ${c.evidence}.`,
+    { label: `verify:crossfire:${(c.file || '').slice(0, 24)}`, phase: 'Crossfire', schema: VERDICT },
+  ).then((v) => ({ claim: c, verdict: v }))
+))
+const crossfireConfirmed = []
+const crossfireRefuted = []
+for (const cv of crossVerified.filter(Boolean)) {
+  const v = cv.verdict
+  // The VERDICT schema lets a verdict be survives:true AND finalSeverity:'REFUTED'.
+  // Such a claim used to be kept as "confirmed" yet matched NO council severity bucket
+  // (bySeverity only checks CRITICAL/HIGH/MEDIUM/LOW/WARN) and silently vanished — breaking
+  // the "never silently dropped" invariant. Confirm ONLY a real severity; log the rest.
+  if (v && v.survives && v.finalSeverity && v.finalSeverity !== 'REFUTED') {
+    crossfireConfirmed.push({ ...cv.claim, finalSeverity: v.finalSeverity })
+  } else {
+    crossfireRefuted.push({ title: cv.claim.title, finalSeverity: (v && v.finalSeverity) || 'UNVERIFIED', why: (v && v.rationale) || 'verifier returned no verdict' })
+  }
+}
+log(`Crossfire: ${crossNew.length} new claims → ${crossfireConfirmed.length} confirmed, ${crossfireRefuted.length} refuted/unverified (logged, dropped).`)
+
+// ── Round 5: Council — synthesize survivors by severity (JS; lead applies fixes) ─
+phase('Council')
+const all = [...confirmed, ...crossfireConfirmed]
+const bySeverity = (sev) => all.filter((f) => (f.finalSeverity || f.severity) === sev)
+const report = {
+  scope,
+  rosterSize: roster.length,
+  counts: {
+    distinctClaims: claims.length,
+    confirmed: confirmed.length,
+    refuted: refuted.length,
+    crossfireConfirmed: crossfireConfirmed.length,
+    crossfireRefuted: crossfireRefuted.length,
+  },
+  critical: bySeverity('CRITICAL'),
+  high: bySeverity('HIGH'),
+  medium: bySeverity('MEDIUM'),
+  low: [...bySeverity('LOW'), ...bySeverity('WARN')],
+  refutedLog: refuted, // dropped, but never silently — logged per SUB_AGENTS.md
+  crossfireRefutedLog: crossfireRefuted, // ditto for crossfire claims that failed the one-pass verify
+}
+log(`Council: ${report.critical.length} Critical · ${report.high.length} High · ${report.medium.length} Medium · ${report.low.length} Low/Warn. Lead applies fixes (workflow takes no mid-run input), then re-runs to re-verify.`)
+return report

package/dist/CHANGELOG.md

@@ -6,6 +6,65 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 
 ---
 
+## [23.19.0] - 2026-06-13
+
+### Gauntlet acceptance test → 14 fixes
+
+The ADR-067 workflow re-platform validated by running `gauntlet.workflow.js` live on the v23.13–v23.18 platform code (a 10-agent Surfer roster fanned to 347 agents → 99 distinct claims → 66 confirmed + 24 crossfire, **0 Critical**). The acceptance test passed *and* surfaced real bugs; the 3-lens-confirmed High/Medium findings are fixed here. (An earlier run crashed the machine ~44 min in at peak load; the relaunch completed cleanly — the workflow is resumable via `resumeFromRunId`.)
+
+### Fixed — Silver Surfer gate (security/correctness)
+
+- **`_paths.sh` reap could delete the entire `sessions/` tree.** `find "$SESSIONS_DIR" -maxdepth 1 -type d -mmin +60` matches the search root itself; without `-mindepth 1` a stale `sessions/` root mtime made the sweep `rm -rf` every live session's roster + bypass flag. Added `-mindepth 1`.
+- **Reap-vs-fresh-roster/bypass race (the one VERSION.md flagged for a field report).** The TTL refresh touched the roster *file* but the reaper keys on the session *directory* mtime (touching a child never bumps the parent). `check.sh` now touches `$SESSION_DIR` on every roster/bypass ALLOW, `bypass.sh` touches it on write, and the reap threshold (+120m) is held strictly above the roster TTL (3600s) — an active session is never reaped while still valid.
+- **Gate silently broke on Alpine/minimal Linux:** `_paths.sh` hashed paths with `shasum` only (Perl, absent there). Added a `sha256sum` fallback via a shared `surfer_gate_repo_hash` helper.
+- **`bypass.sh` run before the first hook fire was a silent no-op** (the documented orchestrator order). It now records a repo-scoped *pending* bypass that `check.sh` promotes to the session flag on the first fire.
+
+### Fixed — Dynamic Workflow scripts
+
+- **Strike phase double-ran the roster** when ≤5 agents (the default/`--light` core-leads set): `strikeRoster` fell back to the full roster, re-running discovery agents under a "find what discovery missed" prompt. Now empty when there are no specialists.
+- **Crossfire `survives:true` + `finalSeverity:'REFUTED'` verdicts silently vanished** — kept as "confirmed" yet matched no council severity bucket. Now excluded and logged in `crossfireRefutedLog`, honoring the never-silently-dropped invariant.
+- **Dedup kept the first raiser's severity**, discarding a later agent's higher rating. Now keeps the max severity and tracks `raisedBy` (gauntlet + assemble-review). assemble-review also gains a `refutedLog`.
+- **Unguarded `JSON.parse(args)`** could crash the whole run before phase 1; now falls back to defaults. Undefined-`domain` roster items no longer render literal `undefined` in prompts.
+
+### Fixed — distribution & CI
+
+- **`npx voidforge-build init` now copies `.claude/workflows/`** (+ `AGENT_CLASSIFICATION.md`). gauntlet.md/assemble.md referenced workflow scripts that the CLI init path never shipped — v23.18.0 only patched the prepack/dist paths, not `project-init.ts`.
+- **`npx voidforge-build update` now propagates `.claude/workflows` + `scripts/surfer-gate`** — both were absent from the updater's diff list, so existing projects never received workflow or gate fixes.
+- **`publish.yml`:** `recover-partial` derives the version from `package.json`, not `github.ref_name` (a branch name on `workflow_dispatch`, which mis-targeted `npm deprecate`); the Playwright cache key keys on the committed manifests instead of the deleted-and-regenerated lockfile (was a permanent cache miss).
+
+### Added / Changed
+
+- **`scripts/validate-workflows.sh`** (+ `npm run validate:workflows`, wired into `pretest`): a real syntax gate for `.workflow.js` scripts. Their top-level `await`/`return` make a bare `node --check` fail ("Illegal return statement"), so the v23.18.0 "passes node --check" claim was inaccurate; the validator reproduces the runtime's async wrapper before checking, catching syntax errors before they ship.
+- **`WORKFLOWS.md`** example corrected (`agentType: a.id` → `a.name`) + two new gotchas (agentType resolves by the `name:` display field; how to validate workflow scripts). Stale pre-ADR-060 `/tmp/voidforge-*` paths fixed in the gate `README.md` and `CLAUDE.md`.
+
+### Validation
+
+Gate suite **23 → 27** (added reap-root-preservation + pending-bypass cases). Full suite **1390 → 1392** (added init-copies-workflows + updater-tracks-workflows/gate regression tests). typecheck clean. Deferred as field-report candidates: concurrent same-repo pointer collision, `workflow_dispatch` branch guard. Dep `^23.18.0` → `^23.19.0` (ADR-062).
+
+## [23.18.0] - 2026-06-13
+
+### Workflow re-platform of `/gauntlet` + `/assemble` (ADR-067)
+
+The opportunity ADR-064 unblocked. The heavy review commands' deterministic skeletons now run as Dynamic Workflows, so 60–80 agents' intermediate findings live in script variables instead of the lead's context.
+
+### Added
+
+- **`.claude/workflows/gauntlet.workflow.js`** — the 5-round Gauntlet as a workflow: discovery (parallel core leads) → **plain-JS dedupe** → **3-lens adversarial REFUTE** per claim (schema-validated votes, default-to-refuted, keep ≥2/3, verify-the-FIX, reproduce-through-real-path) → crossfire (adversaries hunt NEW issues) → council (JS synthesis by severity). Refuted claims logged, never silently dropped.
+- **`.claude/workflows/assemble-review.workflow.js`** — the review-heavy `/assemble` phases (engage + sentinel + crossfire + council) over a mission's working diff; one run per pass so `--interactive` pauses at the boundary. Build/architecture/devops phases **stay prose orchestration**.
+- **`docs/methods/WORKFLOWS.md`** — the authoring standard: when-to-use, API (`phase`/`parallel`/`pipeline`/`agent({schema})`), the `args`-as-JSON-string (#363) + label-leading-character (#348) gotchas, the 16/1000 caps (ADR-059), and the **ADR-064 gate-launch sequence** (Surfer → record-roster → Workflow). Added to the CLAUDE.md Docs Reference.
+- **ADR-067** decision record.
+
+### Changed
+
+- **`gauntlet.md` / `assemble.md`** gain "Workflow Execution" sections: the gate-compliant launch (muster Surfer → record roster → invoke the workflow with the roster in `args`), what's workflow-backed vs prose, and the `--light`/`--solo` raw-Agent fallback. Personas, the Agent Debate Protocol, severity re-rating, and **fix application** stay lead/prose judgment (the lead applies fixes from the returned report, then re-runs to re-verify).
+- **Distribution (Phase 12.75 gate):** `.claude/workflows/` is a new shared file category — added to `prepack.sh` (npm package) and `copy-assets.sh` (CLI `init`) so the scripts reach consumers (they were referenced by the command docs but would not have shipped otherwise — the #297 class).
+
+### Validation
+
+Both workflow scripts pass `node --check` (ESM, async-wrapped to match the Workflow runtime). The **live end-to-end gauntlet run is the acceptance test** (it launches 30+ real review agents through the now-gated Workflow path); the raw-Agent prose path remains the fallback and canonical description. Dogfooded pre-tag `npm test` (1390/1390) + publish-gate. Dep range `^23.17.0` → `^23.18.0` (ADR-062).
+
+---
+
 ## [23.17.0] - 2026-06-13
 
 ### Effort-tiering fleet edit (ADR-054) — verified + applied

package/dist/CLAUDE.md

@@ -39,7 +39,7 @@ ADR-051 enforces this gate at the hook level (PreToolUse). The prose below is th
 2. When the user's command includes `--light` or `--solo`, BEFORE launching the Surfer or any other agent: `[ -x scripts/surfer-gate/bypass.sh ] && bash scripts/surfer-gate/bypass.sh --light || true` (or `--solo`). **Fails closed on unknown flag values** (ADR-060 v23.8.18 hardening, SEC-003) — passing anything other than `--light` or `--solo` exits 2 with an error. No silent bypass.
 3. **Normalize roster names before dispatch** (field report #345, DEAL-001). The Silver Surfer returns agent names from a Haiku pre-scan, which can drift from the actual filenames in `.claude/agents/` (extra `silver-surfer-` prefix, a stray `.md` suffix, a hyphen/underscore mismatch). Before you launch, validate each name against `ls .claude/agents/`: if it matches a file (with or without the `.md` extension), keep it; if not, attempt exactly one correction — strip a known prefix/suffix or normalize separators — and re-check. If it still doesn't resolve, DROP that single name and proceed with the rest of the roster. Never block the whole dispatch over one unresolved name; log the dropped name so the Herald roster can be corrected upstream. The gate's job is to enforce *that* a roster ran, not to fail the run over a typo in *one* name.
 
-If `scripts/surfer-gate/check.sh` exists but you skip step 1, your first non-Surfer Agent call in that turn will be blocked with a clear message and your own log line in `/tmp/voidforge-session-$SESSION_ID/gate.log`. You are expected to comply with the block (launch Surfer / run record-roster), not to fight it. If the script does not exist, your project predates v23.10.0; pull the gate from `tmcleod3/voidforge:scripts/surfer-gate/` and merge `settings-snippet.json` into `.claude/settings.json`, or re-run `npx voidforge-build init` against the methodology source.
+If `scripts/surfer-gate/check.sh` exists but you skip step 1, your first non-Surfer Agent call in that turn will be blocked with a clear message and your own log line in the gate's session log (`<gate-root>/sessions/$SESSION_ID/gate.log`, where `<gate-root>` is `$XDG_RUNTIME_DIR/voidforge-gate` or `$HOME/.voidforge/gate` per ADR-060 — the old `/tmp/voidforge-session-*` path was retired in v23.8.18). You are expected to comply with the block (launch Surfer / run record-roster), not to fight it. If the script does not exist, your project predates v23.10.0; pull the gate from `tmcleod3/voidforge:scripts/surfer-gate/` and merge `settings-snippet.json` into `.claude/settings.json`, or re-run `npx voidforge-build init` against the methodology source.
 
 **Why.** Seven field incidents (logged in `.claude/agents/silver-surfer-herald.md`) document the cost of skipping: the orchestrator cannot predict cross-domain relevance from the command name alone. The hook makes skipping mechanically impossible for non-bypass cases. Launch the Surfer. Every time.
 
@@ -256,6 +256,7 @@ See `/docs/methods/MUSTER.md` for the full Muster Protocol.
 | **Time Vault** | `/docs/methods/TIME_VAULT.md` | Seldon — when preserving session intelligence for transfer |
 | **Patterns** | `/docs/patterns/` | When writing code (37 reference implementations) |
 | **Lessons** | `/docs/LESSONS.md` | Cross-project learnings |
+| **Workflows** | `/docs/methods/WORKFLOWS.md` | Dynamic Workflow authoring standard (ADR-067) — when to use, API, gotchas, the ADR-064 gate-launch sequence |
 | **Native Capabilities** | `/docs/NATIVE_CAPABILITIES.md` | Command × native-skill collision tracker (ADR-066) — re-audit each release |
 | **Compatibility** | `/docs/COMPATIBILITY.md` | Node + Claude Code platform floor & feature maturity tags (ADR-065) |
 

package/dist/VERSION.md

@@ -1,6 +1,6 @@
 # Version
 
-**Current:** 23.17.0
+**Current:** 23.19.0
 
 ## Versioning Scheme
 
@@ -14,6 +14,8 @@ This project uses [Semantic Versioning](https://semver.org/):
 
 | Version | Date | Summary |
 |---------|------|---------|
+| 23.19.0 | 2026-06-13 | **Gauntlet acceptance test → 14 fixes (the ADR-067 re-platform, validated by running it on itself).** Ran the new `gauntlet.workflow.js` live on the v23.13–v23.18 platform code (10-agent Surfer roster → 347 agents → 99 distinct claims → 66 confirmed + 24 crossfire, 0 Critical) and fixed the 3-lens-confirmed findings. **Gate (security):** `_paths.sh` reap was missing `-mindepth 1` → could `rm -rf` the entire `sessions/` tree (every live roster/bypass); the reaper now refreshes `$SESSION_DIR` mtime on activity + threshold raised above the TTL, closing the documented reap-vs-fresh-roster/bypass race; `shasum`→`sha256sum` fallback (gate silently broke on Alpine); `bypass.sh` run before the first hook fire now records a repo-scoped *pending* bypass that `check.sh` promotes (was a silent no-op). **Workflows:** strike no longer re-runs the same ≤5-agent roster twice; crossfire `survives:true+REFUTED` verdicts no longer vanish into no bucket (logged in `crossfireRefutedLog`); dedup keeps the **highest** severity + `raisedBy` (was first-write-wins); guarded `JSON.parse(args)`; undefined-domain prompt guard. **Distribution:** `npx voidforge-build init` now copies `.claude/workflows/` + `AGENT_CLASSIFICATION.md`; `update` now propagates `.claude/workflows` + `scripts/surfer-gate` (both were stranded). **Validation:** new `scripts/validate-workflows.sh` (wraps the runtime shape, then `node --check`) wired into `pretest` — corrects the false "scripts pass `node --check`" claim and gates syntax errors from shipping. **Docs:** `WORKFLOWS.md` example `agentType: a.id`→`a.name` + new gotchas; stale `/tmp/voidforge-*` paths fixed in gate README + CLAUDE.md (ADR-060). **CI:** `recover-partial` derives the version from `package.json` not `github.ref_name` (broke on dispatch); Playwright cache key off the committed manifests not the regenerated lockfile. Gate suite 23→27, full suite 1390→1392. Deferred (field-report candidates): concurrent same-repo pointer collision, `workflow_dispatch` branch guard. Dep `^23.18.0` → `^23.19.0`. |
+| 23.18.0 | 2026-06-13 | **Workflow re-platform of `/gauntlet` + `/assemble` (ADR-067)** — the opportunity ADR-064 unblocked. New `.claude/workflows/gauntlet.workflow.js` (discovery → JS dedupe → 3-lens adversarial REFUTE → crossfire → council, schema-validated) and `assemble-review.workflow.js` (engage+sentinel over a mission diff; build/arch/devops stay prose). New **`docs/methods/WORKFLOWS.md`** authoring standard (API, the #348/#363 gotchas, 16/1000 caps, and the ADR-064 gate-launch sequence: Surfer→record-roster→Workflow). `gauntlet.md`/`assemble.md` gain workflow-execution sections; personas + fix-application + Debate Protocol stay prose. **Distribution gate (Phase 12.75):** `.claude/workflows/` is a new shared category — added to `prepack.sh` (npm) + `copy-assets.sh` (init) so the scripts ship to consumers. Both scripts `node --check`-validated (ESM async-wrapped); the live end-to-end gauntlet run is the acceptance test. Dep `^23.17.0` → `^23.18.0`. |
 | 23.17.0 | 2026-06-13 | **Effort-tiering fleet edit (ADR-054) — verified + applied.** Verified against the official Claude Code sub-agents docs that `effort` is a supported sub-agent frontmatter field (values `low`/`medium`/`high`/`xhigh`/`max`; "available levels depend on the model"). Applied across all 264 agent definitions: **20 leads (`model: inherit`) → `effort: xhigh`, 201 Sonnet specialists → `effort: medium`, 43 Haiku scouts → omitted** (Haiku doesn't support the parameter). Per-agent reasoning-spend lever, independent of model tier — the largest cost lever in the fleet (200 specialists no longer pay lead-level reasoning for read-and-report review). Frontmatter-only, idempotent insert after the `model:` line; `validate-agent-refs` + full suite (1390/1390) green; integrity preserved. Closes the M2 deferral from v23.16.0. Updated ADR-054 (status→fleet-applied), SUB_AGENTS.md, COMPATIBILITY.md. Dep `^23.16.0` → `^23.17.0`. (Aside: confirmed the v23.16.0 gate fix live — a Workflow launch was correctly BLOCKED this session until a `--light` bypass was set; noted a reap-vs-fresh-bypass timing race for a future field report.) |
 | 23.16.0 | 2026-06-13 | Platform-alignment campaign — implements the ADR set from `/architect --plan` (→ `/campaign`). **ADR-064 (gate↔Workflow) IMPLEMENTED:** the Silver Surfer `PreToolUse` hook matcher is now `Agent\|Workflow` and `check.sh` gates the **Workflow tool launch** on a recorded roster (closes the proven bypass where workflow-spawned agents skipped the gate); `test.sh` gains 3 Workflow cases (**23/23**), mirrored to the methodology package. **Behavior change:** a Workflow run now requires a recorded roster or a `--light`/`--solo` bypass — build/apply/research workflows should set a bypass. **ADR-065 (platform floor):** `docs/COMPATIBILITY.md` gains a Claude Code platform-floor + per-feature maturity table; informational `claudeCodeFloor` field; semver rule (raising the floor = breaking) + release-checklist item. **ADR-066 (native-capability tracker):** new `docs/NATIVE_CAPABILITIES.md` audits all commands vs native skills with dispositions (`/qa`,`/test` coexist+document; `/git` keep) — realizes ADR-050's deferred follow-up; release re-audit item added. Amended **ADR-051** (workflow-exemption→closure), **ADR-054** (effort tiers + Haiku 200K/no-effort). M2 effort fleet-edit deferred per ADR-054 precondition (runtime `effort:`-frontmatter honoring unverified). Dep `^23.15.0` → `^23.16.0`. |
 | 23.15.0 | 2026-06-13 | Platform-alignment build (`/architect --plan` → `/build` b+a). **P0:** empirically confirmed the Silver Surfer `PreToolUse` gate is **blind to Workflow-tool-spawned agents** (this session: 60+ workflow agents → 2 gate events; controlled probe BEFORE=2/AFTER=2) and wrote **ADR-064** (gate↔Workflow interop — extend matcher to `Agent\|Workflow`, gate the workflow launch; implementation tracked for the campaign). **P1-B near-free batch:** fixed a **live runtime bug** — `anthropic.ts` fell back to the non-existent `claude-sonnet-4-7` (404 on the exact degraded path the fallback exists for) → `claude-sonnet-4-6`, plus the bug-asserting test (now 6/6) and 4 docs; purged stale model IDs (`claude-sonnet-4-20250514`→`claude-sonnet-4-6` in 6 pattern files; `Opus 4.7`→`4.8` across SUB_AGENTS + 4 ADRs); added the **effort-tiering policy** (leads `xhigh` / specialists `medium` / Haiku omit-no-effort+200K ceiling) to SUB_AGENTS.md + CLAUDE.md flag-taxonomy mapping; **amended ADR-059** with the real platform caps (~16 concurrent / ~1,000 per run) and fixed GAUNTLET.md's contradicting "waves of 3". Dogfooded the pre-tag `npm test` gate (ADR from v23.13.1) + the publish-gate alignment (v23.14.0). Dep `^23.14.0` → `^23.15.0`. Follow-on (operator-directed): `/architect --plan` ADR-065/066 + amend ADR-051/054 → `/campaign` to build all. |

package/dist/docs/methods/WORKFLOWS.md

@@ -0,0 +1,78 @@
+# WORKFLOWS — Dynamic Workflow Orchestration (the authoring standard)
+
+> When a command fans out more agents than one conversation can coordinate, the deterministic skeleton belongs in a **Workflow script**, not in the lead's context. The personas and the judgment stay prose; the *scheduling* becomes code.
+
+VoidForge's heavy commands (`/gauntlet` 60–80 agents, `/assemble` review phases) were authored before the Workflow tool existed and hand-fan sub-agents via the Agent tool — every intermediate findings table lands in the lead's context. Dynamic Workflows move the fan-out into a JavaScript script whose intermediate results live in **script variables**; only the final synthesis reaches the lead. This is the supported escalation of the dispatch discipline in `SUB_AGENTS.md`.
+
+Canonical scripts live in **`.claude/workflows/*.workflow.js`** and are invoked via the Workflow tool (`scriptPath`).
+
+## When to use a workflow (vs raw Agent dispatch)
+
+| Use a **workflow** | Use **raw Agent dispatch** |
+|---|---|
+| 10+ agents, or fan-out → reduce → synthesize | 2–9 agents the lead orchestrates directly |
+| Repetitive/deterministic rounds, loop-until-dry | The lead must judge between every round |
+| Intermediates would flood the lead's context | Findings are few and the lead acts on each |
+| `/gauntlet`, `/assemble` review phases | a one-off targeted review |
+
+## The canonical shape
+
+**Fan-out → reduce/dedupe (plain JS) → schema-validated verify → synthesize.** The reduce/dedupe step is *plain JavaScript* (a `Map`, a `filter`) — do **not** spend an agent on it.
+
+```js
+export const meta = {                       // MUST be a pure literal — no vars/calls/spreads
+  name: 'example', description: 'one line', // shown in the gate/permission dialog
+  phases: [{ title: 'Find' }, { title: 'Verify' }],
+}
+const roster = typeof args === 'string' ? JSON.parse(args) : args   // see Gotcha 1
+phase('Find')
+const found = (await parallel(roster.map(a => () =>
+  agent(prompt(a), { label: `${a.name} · find:${a.key}`, phase: 'Find', schema: FINDINGS, agentType: a.name })
+))).filter(Boolean)   // agentType resolves by the agent's `name:` display field — see Gotcha 6
+const claims = dedupe(found.flatMap(f => f.findings))   // plain JS reduce — no agent
+phase('Verify')
+const verdicts = await parallel(claims.map(c => () =>
+  agent(refutePrompt(c), { label: `verify:${c.id}`, phase: 'Verify', schema: VERDICT })))
+return { confirmed: claims.filter((c,i) => verdicts[i]?.survives) }
+```
+
+## API essentials
+
+- `phase(title)` — groups subsequent `agent()` calls in the `/workflows` progress tree.
+- `parallel(thunks)` — **barrier**: awaits all; a failed thunk resolves to `null` (`.filter(Boolean)`). Use only when you need all results together (dedup, early-exit, cross-comparison).
+- `pipeline(items, stage1, stage2, …)` — **no barrier**: each item flows through all stages independently. The **default** for multi-stage work (verify-as-soon-as-found).
+- `agent(prompt, {schema, agentType, model, label, phase, isolation})` — spawn a sub-agent. With `schema` (JSON Schema) it returns the validated object and **auto-retries on malformed output** — this replaces "please return JSON and hope." Without schema, returns final text.
+- `log(msg)` — narrator line. `budget` — token target. `workflow(name|{scriptPath}, args)` — nested run (one level).
+
+## Gotchas (paid for in field reports)
+
+1. **`args` arrives as a JSON string** (#363 F5). First line of every script that takes structured args: `const parsed = typeof args === 'string' ? JSON.parse(args) : args;` — `args.map(...)` on the raw value throws `is not a function`.
+2. **Label must lead with the character name** (#348 #2): `"Picard · review:arch"`, not `"review:arch"` — a bare dimension key overrides the agent identity and breaks the Danger Room ticker correlation. Omit the label to let `agentType` surface on its own.
+3. **No `Date.now()` / `Math.random()` / argless `new Date()`** — they throw (they'd break resume). Pass timestamps via `args`; vary by index for "randomness."
+4. **Concurrency caps (ADR-059):** ~16 concurrent / ~1,000 total per run. `parallel([...])` accepts 100s of items but only ~16 run at once. **Batch** unbounded fan-outs (glob-then-partition, `SUB_AGENTS.md`); never one-agent-per-file on a large repo.
+5. **Cost lever:** route cheap stages with `agent(p, {model:'haiku'})` (scout pre-scans) and reserve the default model for synthesis — the way the Surfer already runs on Haiku.
+6. **`agentType` resolves by the agent's `name:` display field, NOT the filename** (e.g. `'Picard'`, not `'picard-architecture'`). A filename-style `agentType` fails to resolve and the `agent()` call returns `null` (silently filtered by `.filter(Boolean)`), so the agent simply never runs. If a roster carries both, pass `a.name`. Same rule as the Agent tool's `subagent_type`.
+7. **Validate before shipping:** a workflow script's top-level `await`/`return` make a bare `node --check` fail ("Illegal return statement") — that is expected (the runtime wraps the body in an async fn). Use `npm run validate:workflows` (wired into `pretest`), which reproduces the wrapper before checking, so a real syntax error is caught in CI rather than shipping to npm.
+
+## Gate interop (ADR-064) — REQUIRED
+
+The Silver Surfer gate's `PreToolUse` hook now matches `Agent|Workflow`, so **a Workflow launch is gated like an Agent launch**. A command that runs a *review* workflow MUST satisfy the gate at the launch boundary:
+
+1. **Muster the Surfer** (Agent tool — self-launch is always allowed) and **`record-roster.sh`** the returned roster — *before* invoking the Workflow.
+2. **Invoke the Workflow**, passing the roster via `args`. The gate allows it (roster recorded); the workflow's internal `agent()` calls are the contents of that authorized roster.
+
+Build/apply/research workflows that are **not** a review roster set a `--light`/`--solo` **bypass** (`bypass.sh`) instead. Never invoke a review Workflow without a recorded roster — that was the exact bypass ADR-064 closed.
+
+## What stays prose (workflows orchestrate; they don't replace judgment)
+
+The 264 personas, the Agent Debate Protocol, severity re-rating from votes, the "Verify the FIX not just the finding" interrogation, and the application of fixes between rounds stay as agent prompts / lead judgment. A workflow deterministically *schedules* "spawn 2 skeptics, collect schema-validated votes"; it does not decide "is this Critical really Critical." The workflow is the skeleton; the personas and judgment are the muscle.
+
+## Resume
+
+Every Workflow run persists its script + a journal. To resume after an edit/kill: `Workflow({scriptPath, resumeFromRunId})` — unchanged `agent()` calls return cached results; the first edited call and everything after re-runs.
+
+## Related
+
+- `SUB_AGENTS.md` — dispatch discipline, model/effort tiering, the find→verify review shape, fan-out residual sweeps.
+- `ADR-064` (gate↔workflow interop), `ADR-059` (concurrency caps).
+- `.claude/workflows/gauntlet.workflow.js`, `.claude/workflows/assemble-review.workflow.js` — the reference re-platformed commands.

package/dist/wizard/lib/project-init.js

@@ -89,6 +89,15 @@ async function copyMethodology(methodologyRoot, projectDir, core) {
     if (existsSync(agentsSrc)) {
         count += await copyDir(agentsSrc, join(projectDir, '.claude', 'agents'));
     }
+    // Dynamic Workflow scripts (ADR-067 — gauntlet/assemble review skeletons).
+    // gauntlet.md / assemble.md reference `.claude/workflows/*.workflow.js`; without this
+    // a fresh `npx voidforge-build init` ships the command docs but NOT the scripts they
+    // invoke. prepack.sh + copy-assets.sh ship them to the npm package and dist/, but this
+    // CLI init copy path (methodologyRoot = the installed package) was missed in v23.18.0.
+    const workflowsSrc = join(methodologyRoot, '.claude', 'workflows');
+    if (existsSync(workflowsSrc)) {
+        count += await copyDir(workflowsSrc, join(projectDir, '.claude', 'workflows'));
+    }
     // Methods
     const methodsSrc = join(methodologyRoot, 'docs', 'methods');
     if (existsSync(methodsSrc)) {
@@ -108,6 +117,15 @@ async function copyMethodology(methodologyRoot, projectDir, core) {
         await cp(registrySrc, join(projectDir, 'docs', 'NAMING_REGISTRY.md'));
         count++;
     }
+    // Agent classification — single source of truth for agent counts (v23.7.0). Command
+    // docs derive their counts from it; prepack ships it to the npm package, but this init
+    // path omitted it, so init'd projects couldn't resolve the count SSOT.
+    const classificationSrc = join(methodologyRoot, 'docs', 'AGENT_CLASSIFICATION.md');
+    if (existsSync(classificationSrc)) {
+        await mkdir(join(projectDir, 'docs'), { recursive: true });
+        await cp(classificationSrc, join(projectDir, 'docs', 'AGENT_CLASSIFICATION.md'));
+        count++;
+    }
     // Thumper scripts
     const thumperSrc = join(methodologyRoot, 'scripts', 'thumper');
     if (existsSync(thumperSrc)) {

package/dist/wizard/lib/updater.js

@@ -58,9 +58,16 @@ export async function diffMethodology(projectDir) {
     const dirs = [
         { src: '.claude/commands', dest: '.claude/commands' },
         { src: '.claude/agents', dest: '.claude/agents' },
+        // Dynamic Workflow scripts (ADR-067) and the Silver Surfer gate (ADR-051/060/064):
+        // both ship to new projects via init but were absent from the updater's diff list, so
+        // `npx voidforge-build update` never propagated them — existing projects were stranded
+        // on whatever gate/workflow scripts they were created with (e.g. a gate before this
+        // release's reap fix). Invocation is via `bash <script>` so exec bits are not required.
+        { src: '.claude/workflows', dest: '.claude/workflows' },
         { src: 'docs/methods', dest: 'docs/methods' },
         { src: 'docs/patterns', dest: 'docs/patterns' },
         { src: 'scripts/thumper', dest: 'scripts/thumper' },
+        { src: 'scripts/surfer-gate', dest: 'scripts/surfer-gate' },
     ];
     // Single files to compare
     const singleFiles = ['CLAUDE.md', 'HOLOCRON.md', 'VERSION.md'];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "voidforge-build",
-  "version": "23.17.0",
+  "version": "23.19.0",
   "description": "From nothing, everything. A methodology framework for building with Claude Code.",
   "type": "module",
   "engines": {
@@ -45,7 +45,7 @@
     "@aws-sdk/client-rds": "^3.700.0",
     "@aws-sdk/client-s3": "^3.700.0",
     "@aws-sdk/client-sts": "^3.700.0",
-    "voidforge-build-methodology": "^23.17.0",
+    "voidforge-build-methodology": "^23.19.0",
     "node-pty": "^1.2.0-beta.12",
     "ws": "^8.19.0"
   },