voidforge-build 23.18.0 → 23.19.0

package/dist/.claude/workflows/assemble-review.workflow.js

@@ -22,7 +22,13 @@ export const meta = {
   ],
 }
 
-const input = typeof args === 'string' ? JSON.parse(args) : (args || {})
+// Guarded parse: a malformed/empty `args` string must not crash the run before phase 1.
+let input = {}
+try {
+  input = typeof args === 'string' ? (args.trim() ? JSON.parse(args) : {}) : (args || {})
+} catch (_e) {
+  input = {}
+}
 const diff = input.diff || 'the working-tree diff for this mission (git diff)'
 const roster = Array.isArray(input.roster) && input.roster.length
   ? input.roster
@@ -62,12 +68,23 @@ phase('Review')
 const reviews = (await parallel(roster.map((a) => () =>
   agent(
     `You are ${a.name}. Review ONLY ${diff} through the ${a.lens} lens (do not review unchanged code). Evidence-backed findings only — file:line + a quoted CHANGED line or a real repro. For any access/permission/contract finding, name the governing SSOT and reconcile the fix direction (field report #349).`,
-    { label: `${a.name} · review:${a.key}`, phase: 'Review', schema: FINDINGS, agentType: a.id },
+    { label: `${a.name} · review:${a.key}`, phase: 'Review', schema: FINDINGS, agentType: a.name },
   )
 ))).filter(Boolean)
 
+const SEV_RANK = { CRITICAL: 5, HIGH: 4, MEDIUM: 3, LOW: 2, WARN: 1 }
 const seen = new Map()
-for (const r of reviews) for (const f of (r.findings || [])) { const k = key(f); if (!seen.has(k)) seen.set(k, f) }
+for (const r of reviews) for (const f of (r.findings || [])) {
+  const k = key(f)
+  if (!seen.has(k)) seen.set(k, { ...f, raisedBy: [r.agent] })
+  else {
+    const ex = seen.get(k)
+    ex.raisedBy.push(r.agent)
+    // Keep the highest severity any lens assigned + track who raised it (consensus
+    // visibility) — first-write-wins dropped both before.
+    if ((SEV_RANK[f.severity] || 0) > (SEV_RANK[ex.severity] || 0)) ex.severity = f.severity
+  }
+}
 const claims = [...seen.values()]
 log(`Review: ${reviews.length} lenses → ${claims.length} distinct claims over the diff.`)
 
@@ -83,7 +100,9 @@ const verdicts = await parallel(claims.map((c) => () =>
   )).then((votes) => { const v = votes.filter(Boolean); return { claim: c, confirmVotes: v.filter((x) => x.confirm).length } })
 ))
 const confirmed = verdicts.filter(Boolean).filter((v) => v.confirmVotes >= 2).map((v) => v.claim)
-log(`Verify: ${confirmed.length}/${claims.length} survived the 3-lens refute.`)
+const refuted = verdicts.filter(Boolean).filter((v) => v.confirmVotes < 2)
+  .map((v) => ({ title: v.claim.title, file: v.claim.file, confirmVotes: v.confirmVotes }))
+log(`Verify: ${confirmed.length}/${claims.length} survived the 3-lens refute (${refuted.length} refuted, logged in the report).`)
 
 // ── Crossfire: adversaries hunt NEW issues the review cleared ─────────────────
 phase('Crossfire')
@@ -94,7 +113,7 @@ const crossRaw = (await parallel([
 ].map((a) => () =>
   agent(
     `You are ${a.name}, crossfire adversary over ${diff}. The review already ran — find NEW issues it cleared (bypasses, edge/chaos cases). Evidence-backed only.`,
-    { label: `${a.name} · crossfire:${a.key}`, phase: 'Crossfire', schema: FINDINGS, agentType: a.id },
+    { label: `${a.name} · crossfire:${a.key}`, phase: 'Crossfire', schema: FINDINGS, agentType: a.name },
   )
 ))).filter(Boolean)
 const crossNew = []
@@ -112,6 +131,7 @@ const all = [...confirmed, ...crossConfirmed]
 const sev = (s) => all.filter((f) => f.severity === s)
 return {
   diff,
-  counts: { claims: claims.length, confirmed: confirmed.length, crossfireConfirmed: crossConfirmed.length },
+  counts: { claims: claims.length, confirmed: confirmed.length, refuted: refuted.length, crossfireConfirmed: crossConfirmed.length },
   critical: sev('CRITICAL'), high: sev('HIGH'), medium: sev('MEDIUM'), low: [...sev('LOW'), ...sev('WARN')],
+  refutedLog: refuted, // dropped from the actionable buckets, but never silently — logged per SUB_AGENTS.md
 }

package/dist/.claude/workflows/gauntlet.workflow.js

@@ -28,7 +28,14 @@ export const meta = {
   ],
 }
 
-const input = typeof args === 'string' ? JSON.parse(args) : (args || {})
+// Guarded parse: a malformed or empty `args` string must NOT throw and abort the
+// entire run before phase 1 (field report) — fall back to defaults instead.
+let input = {}
+try {
+  input = typeof args === 'string' ? (args.trim() ? JSON.parse(args) : {}) : (args || {})
+} catch (_e) {
+  input = {}
+}
 const scope = input.scope || 'the working tree / full codebase per gauntlet.md'
 // Surfer-selected specialists (gate-recorded upstream). Fall back to the canonical
 // core leads if no roster was passed (e.g. --light).
@@ -77,30 +84,43 @@ const VERDICT = {
 const key = (f) => `${(f.file || '').toLowerCase()}::${(f.title || '').toLowerCase().slice(0, 60)}`
 
 // ── Round 1: Discovery + Round 2/3: Strike ────────────────────────────────────
+const dom = (a) => a.domain || a.key || 'their domain'  // avoid literal "undefined" in prompts
 phase('Discovery')
 const discovery = (await parallel(roster.slice(0, 5).map((a) => () =>
   agent(
-    `You are ${a.name} (${a.domain}). GAUNTLET discovery pass over ${scope}. Map your domain and report concrete, evidence-backed findings only — every finding needs a file:line and a quoted line or a real repro (no speculation). Rate severity honestly.`,
-    { label: `${a.name} · discovery:${a.key}`, phase: 'Discovery', schema: FINDINGS, agentType: a.id },
+    `You are ${a.name} (${dom(a)}). GAUNTLET discovery pass over ${scope}. Map your domain and report concrete, evidence-backed findings only — every finding needs a file:line and a quoted line or a real repro (no speculation). Rate severity honestly.`,
+    { label: `${a.name} · discovery:${a.key}`, phase: 'Discovery', schema: FINDINGS, agentType: a.name },
   )
 ))).filter(Boolean)
 
 phase('Strike')
-const strikeRoster = roster.length > 5 ? roster.slice(5) : roster
+// Specialists only (index ≥5). When the roster is ≤5 (the default/--light core-leads
+// set) there are NO specialists, so strike is EMPTY — falling back to the full roster
+// here re-ran the identical discovery agents with a "find what discovery missed" prompt,
+// doubling cost for no new coverage (field report). parallel([]) is a harmless no-op.
+const strikeRoster = roster.length > 5 ? roster.slice(5) : []
+if (!strikeRoster.length) log('Strike: no specialists beyond the 5 core leads — skipping (no double-pass).')
 const strike = (await parallel(strikeRoster.map((a) => () =>
   agent(
-    `You are ${a.name} (${a.domain}). GAUNTLET strike pass over ${scope}. Deep, adversarial domain review — find what discovery missed. Evidence-backed findings only (file:line + quoted line/repro).`,
-    { label: `${a.name} · strike:${a.key}`, phase: 'Strike', schema: FINDINGS, agentType: a.id },
+    `You are ${a.name} (${dom(a)}). GAUNTLET strike pass over ${scope}. Deep, adversarial domain review — find what discovery missed. Evidence-backed findings only (file:line + quoted line/repro).`,
+    { label: `${a.name} · strike:${a.key}`, phase: 'Strike', schema: FINDINGS, agentType: a.name },
   )
 ))).filter(Boolean)
 
 // ── Dedupe across all domains (plain JS — no agent) ───────────────────────────
+const SEV_RANK = { CRITICAL: 5, HIGH: 4, MEDIUM: 3, LOW: 2, WARN: 1 }
 const seen = new Map()
 for (const r of [...discovery, ...strike]) {
   for (const f of (r.findings || [])) {
     const k = key(f)
     if (!seen.has(k)) seen.set(k, { ...f, raisedBy: [r.agent] })
-    else seen.get(k).raisedBy.push(r.agent)
+    else {
+      const ex = seen.get(k)
+      ex.raisedBy.push(r.agent)
+      // Keep the HIGHEST severity any agent assigned. First-write-wins silently
+      // discarded a later agent's escalation (e.g. one rates MEDIUM, another HIGH).
+      if ((SEV_RANK[f.severity] || 0) > (SEV_RANK[ex.severity] || 0)) ex.severity = f.severity
+    }
   }
 }
 const claims = [...seen.values()]
@@ -137,7 +157,7 @@ const ADVERSARIES = [
 const crossfireRaw = (await parallel(ADVERSARIES.map((a) => () =>
   agent(
     `You are ${a.name}, a GAUNTLET crossfire adversary over ${scope}. The domain review already ran — hunt NEW issues it cleared (bypasses, chaos/edge cases, exploit chains). Evidence-backed only (file:line + repro).`,
-    { label: `${a.name} · crossfire:${a.key}`, phase: 'Crossfire', schema: FINDINGS, agentType: a.id },
+    { label: `${a.name} · crossfire:${a.key}`, phase: 'Crossfire', schema: FINDINGS, agentType: a.name },
   )
 ))).filter(Boolean)
 // New crossfire claims (not already confirmed) get the same one-pass refute.
@@ -148,10 +168,23 @@ const crossVerified = await parallel(crossNew.map((c) => () =>
   agent(
     `Adversarially verify (default-to-refuted) this crossfire claim, reproducing through the real execution path: "${c.title}" [${c.severity}] at ${c.file}. Evidence: ${c.evidence}.`,
     { label: `verify:crossfire:${(c.file || '').slice(0, 24)}`, phase: 'Crossfire', schema: VERDICT },
-  ).then((v) => (v && v.survives ? { ...c, finalSeverity: v.finalSeverity } : null))
+  ).then((v) => ({ claim: c, verdict: v }))
 ))
-const crossfireConfirmed = crossVerified.filter(Boolean)
-log(`Crossfire: ${crossNew.length} new claims → ${crossfireConfirmed.length} confirmed.`)
+const crossfireConfirmed = []
+const crossfireRefuted = []
+for (const cv of crossVerified.filter(Boolean)) {
+  const v = cv.verdict
+  // The VERDICT schema lets a verdict be survives:true AND finalSeverity:'REFUTED'.
+  // Such a claim used to be kept as "confirmed" yet matched NO council severity bucket
+  // (bySeverity only checks CRITICAL/HIGH/MEDIUM/LOW/WARN) and silently vanished — breaking
+  // the "never silently dropped" invariant. Confirm ONLY a real severity; log the rest.
+  if (v && v.survives && v.finalSeverity && v.finalSeverity !== 'REFUTED') {
+    crossfireConfirmed.push({ ...cv.claim, finalSeverity: v.finalSeverity })
+  } else {
+    crossfireRefuted.push({ title: cv.claim.title, finalSeverity: (v && v.finalSeverity) || 'UNVERIFIED', why: (v && v.rationale) || 'verifier returned no verdict' })
+  }
+}
+log(`Crossfire: ${crossNew.length} new claims → ${crossfireConfirmed.length} confirmed, ${crossfireRefuted.length} refuted/unverified (logged, dropped).`)
 
 // ── Round 5: Council — synthesize survivors by severity (JS; lead applies fixes) ─
 phase('Council')
@@ -165,12 +198,14 @@ const report = {
     confirmed: confirmed.length,
     refuted: refuted.length,
     crossfireConfirmed: crossfireConfirmed.length,
+    crossfireRefuted: crossfireRefuted.length,
   },
   critical: bySeverity('CRITICAL'),
   high: bySeverity('HIGH'),
   medium: bySeverity('MEDIUM'),
   low: [...bySeverity('LOW'), ...bySeverity('WARN')],
   refutedLog: refuted, // dropped, but never silently — logged per SUB_AGENTS.md
+  crossfireRefutedLog: crossfireRefuted, // ditto for crossfire claims that failed the one-pass verify
 }
 log(`Council: ${report.critical.length} Critical · ${report.high.length} High · ${report.medium.length} Medium · ${report.low.length} Low/Warn. Lead applies fixes (workflow takes no mid-run input), then re-runs to re-verify.`)
 return report

package/dist/CHANGELOG.md

@@ -6,6 +6,41 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 
 ---
 
+## [23.19.0] - 2026-06-13
+
+### Gauntlet acceptance test → 14 fixes
+
+The ADR-067 workflow re-platform validated by running `gauntlet.workflow.js` live on the v23.13–v23.18 platform code (a 10-agent Surfer roster fanned to 347 agents → 99 distinct claims → 66 confirmed + 24 crossfire, **0 Critical**). The acceptance test passed *and* surfaced real bugs; the 3-lens-confirmed High/Medium findings are fixed here. (An earlier run crashed the machine ~44 min in at peak load; the relaunch completed cleanly — the workflow is resumable via `resumeFromRunId`.)
+
+### Fixed — Silver Surfer gate (security/correctness)
+
+- **`_paths.sh` reap could delete the entire `sessions/` tree.** `find "$SESSIONS_DIR" -maxdepth 1 -type d -mmin +60` matches the search root itself; without `-mindepth 1` a stale `sessions/` root mtime made the sweep `rm -rf` every live session's roster + bypass flag. Added `-mindepth 1`.
+- **Reap-vs-fresh-roster/bypass race (the one VERSION.md flagged for a field report).** The TTL refresh touched the roster *file* but the reaper keys on the session *directory* mtime (touching a child never bumps the parent). `check.sh` now touches `$SESSION_DIR` on every roster/bypass ALLOW, `bypass.sh` touches it on write, and the reap threshold (+120m) is held strictly above the roster TTL (3600s) — an active session is never reaped while still valid.
+- **Gate silently broke on Alpine/minimal Linux:** `_paths.sh` hashed paths with `shasum` only (Perl, absent there). Added a `sha256sum` fallback via a shared `surfer_gate_repo_hash` helper.
+- **`bypass.sh` run before the first hook fire was a silent no-op** (the documented orchestrator order). It now records a repo-scoped *pending* bypass that `check.sh` promotes to the session flag on the first fire.
+
+### Fixed — Dynamic Workflow scripts
+
+- **Strike phase double-ran the roster** when ≤5 agents (the default/`--light` core-leads set): `strikeRoster` fell back to the full roster, re-running discovery agents under a "find what discovery missed" prompt. Now empty when there are no specialists.
+- **Crossfire `survives:true` + `finalSeverity:'REFUTED'` verdicts silently vanished** — kept as "confirmed" yet matched no council severity bucket. Now excluded and logged in `crossfireRefutedLog`, honoring the never-silently-dropped invariant.
+- **Dedup kept the first raiser's severity**, discarding a later agent's higher rating. Now keeps the max severity and tracks `raisedBy` (gauntlet + assemble-review). assemble-review also gains a `refutedLog`.
+- **Unguarded `JSON.parse(args)`** could crash the whole run before phase 1; now falls back to defaults. Undefined-`domain` roster items no longer render literal `undefined` in prompts.
+
+### Fixed — distribution & CI
+
+- **`npx voidforge-build init` now copies `.claude/workflows/`** (+ `AGENT_CLASSIFICATION.md`). gauntlet.md/assemble.md referenced workflow scripts that the CLI init path never shipped — v23.18.0 only patched the prepack/dist paths, not `project-init.ts`.
+- **`npx voidforge-build update` now propagates `.claude/workflows` + `scripts/surfer-gate`** — both were absent from the updater's diff list, so existing projects never received workflow or gate fixes.
+- **`publish.yml`:** `recover-partial` derives the version from `package.json`, not `github.ref_name` (a branch name on `workflow_dispatch`, which mis-targeted `npm deprecate`); the Playwright cache key keys on the committed manifests instead of the deleted-and-regenerated lockfile (was a permanent cache miss).
+
+### Added / Changed
+
+- **`scripts/validate-workflows.sh`** (+ `npm run validate:workflows`, wired into `pretest`): a real syntax gate for `.workflow.js` scripts. Their top-level `await`/`return` make a bare `node --check` fail ("Illegal return statement"), so the v23.18.0 "passes node --check" claim was inaccurate; the validator reproduces the runtime's async wrapper before checking, catching syntax errors before they ship.
+- **`WORKFLOWS.md`** example corrected (`agentType: a.id` → `a.name`) + two new gotchas (agentType resolves by the `name:` display field; how to validate workflow scripts). Stale pre-ADR-060 `/tmp/voidforge-*` paths fixed in the gate `README.md` and `CLAUDE.md`.
+
+### Validation
+
+Gate suite **23 → 27** (added reap-root-preservation + pending-bypass cases). Full suite **1390 → 1392** (added init-copies-workflows + updater-tracks-workflows/gate regression tests). typecheck clean. Deferred as field-report candidates: concurrent same-repo pointer collision, `workflow_dispatch` branch guard. Dep `^23.18.0` → `^23.19.0` (ADR-062).
+
 ## [23.18.0] - 2026-06-13
 
 ### Workflow re-platform of `/gauntlet` + `/assemble` (ADR-067)

package/dist/CLAUDE.md

@@ -39,7 +39,7 @@ ADR-051 enforces this gate at the hook level (PreToolUse). The prose below is th
 2. When the user's command includes `--light` or `--solo`, BEFORE launching the Surfer or any other agent: `[ -x scripts/surfer-gate/bypass.sh ] && bash scripts/surfer-gate/bypass.sh --light || true` (or `--solo`). **Fails closed on unknown flag values** (ADR-060 v23.8.18 hardening, SEC-003) — passing anything other than `--light` or `--solo` exits 2 with an error. No silent bypass.
 3. **Normalize roster names before dispatch** (field report #345, DEAL-001). The Silver Surfer returns agent names from a Haiku pre-scan, which can drift from the actual filenames in `.claude/agents/` (extra `silver-surfer-` prefix, a stray `.md` suffix, a hyphen/underscore mismatch). Before you launch, validate each name against `ls .claude/agents/`: if it matches a file (with or without the `.md` extension), keep it; if not, attempt exactly one correction — strip a known prefix/suffix or normalize separators — and re-check. If it still doesn't resolve, DROP that single name and proceed with the rest of the roster. Never block the whole dispatch over one unresolved name; log the dropped name so the Herald roster can be corrected upstream. The gate's job is to enforce *that* a roster ran, not to fail the run over a typo in *one* name.
 
-If `scripts/surfer-gate/check.sh` exists but you skip step 1, your first non-Surfer Agent call in that turn will be blocked with a clear message and your own log line in `/tmp/voidforge-session-$SESSION_ID/gate.log`. You are expected to comply with the block (launch Surfer / run record-roster), not to fight it. If the script does not exist, your project predates v23.10.0; pull the gate from `tmcleod3/voidforge:scripts/surfer-gate/` and merge `settings-snippet.json` into `.claude/settings.json`, or re-run `npx voidforge-build init` against the methodology source.
+If `scripts/surfer-gate/check.sh` exists but you skip step 1, your first non-Surfer Agent call in that turn will be blocked with a clear message and your own log line in the gate's session log (`<gate-root>/sessions/$SESSION_ID/gate.log`, where `<gate-root>` is `$XDG_RUNTIME_DIR/voidforge-gate` or `$HOME/.voidforge/gate` per ADR-060 — the old `/tmp/voidforge-session-*` path was retired in v23.8.18). You are expected to comply with the block (launch Surfer / run record-roster), not to fight it. If the script does not exist, your project predates v23.10.0; pull the gate from `tmcleod3/voidforge:scripts/surfer-gate/` and merge `settings-snippet.json` into `.claude/settings.json`, or re-run `npx voidforge-build init` against the methodology source.
 
 **Why.** Seven field incidents (logged in `.claude/agents/silver-surfer-herald.md`) document the cost of skipping: the orchestrator cannot predict cross-domain relevance from the command name alone. The hook makes skipping mechanically impossible for non-bypass cases. Launch the Surfer. Every time.
 

package/dist/VERSION.md

@@ -1,6 +1,6 @@
 # Version
 
-**Current:** 23.18.0
+**Current:** 23.19.0
 
 ## Versioning Scheme
 
@@ -14,6 +14,7 @@ This project uses [Semantic Versioning](https://semver.org/):
 
 | Version | Date | Summary |
 |---------|------|---------|
+| 23.19.0 | 2026-06-13 | **Gauntlet acceptance test → 14 fixes (the ADR-067 re-platform, validated by running it on itself).** Ran the new `gauntlet.workflow.js` live on the v23.13–v23.18 platform code (10-agent Surfer roster → 347 agents → 99 distinct claims → 66 confirmed + 24 crossfire, 0 Critical) and fixed the 3-lens-confirmed findings. **Gate (security):** `_paths.sh` reap was missing `-mindepth 1` → could `rm -rf` the entire `sessions/` tree (every live roster/bypass); the reaper now refreshes `$SESSION_DIR` mtime on activity + threshold raised above the TTL, closing the documented reap-vs-fresh-roster/bypass race; `shasum`→`sha256sum` fallback (gate silently broke on Alpine); `bypass.sh` run before the first hook fire now records a repo-scoped *pending* bypass that `check.sh` promotes (was a silent no-op). **Workflows:** strike no longer re-runs the same ≤5-agent roster twice; crossfire `survives:true+REFUTED` verdicts no longer vanish into no bucket (logged in `crossfireRefutedLog`); dedup keeps the **highest** severity + `raisedBy` (was first-write-wins); guarded `JSON.parse(args)`; undefined-domain prompt guard. **Distribution:** `npx voidforge-build init` now copies `.claude/workflows/` + `AGENT_CLASSIFICATION.md`; `update` now propagates `.claude/workflows` + `scripts/surfer-gate` (both were stranded). **Validation:** new `scripts/validate-workflows.sh` (wraps the runtime shape, then `node --check`) wired into `pretest` — corrects the false "scripts pass `node --check`" claim and gates syntax errors from shipping. **Docs:** `WORKFLOWS.md` example `agentType: a.id`→`a.name` + new gotchas; stale `/tmp/voidforge-*` paths fixed in gate README + CLAUDE.md (ADR-060). **CI:** `recover-partial` derives the version from `package.json` not `github.ref_name` (broke on dispatch); Playwright cache key off the committed manifests not the regenerated lockfile. Gate suite 23→27, full suite 1390→1392. Deferred (field-report candidates): concurrent same-repo pointer collision, `workflow_dispatch` branch guard. Dep `^23.18.0` → `^23.19.0`. |
 | 23.18.0 | 2026-06-13 | **Workflow re-platform of `/gauntlet` + `/assemble` (ADR-067)** — the opportunity ADR-064 unblocked. New `.claude/workflows/gauntlet.workflow.js` (discovery → JS dedupe → 3-lens adversarial REFUTE → crossfire → council, schema-validated) and `assemble-review.workflow.js` (engage+sentinel over a mission diff; build/arch/devops stay prose). New **`docs/methods/WORKFLOWS.md`** authoring standard (API, the #348/#363 gotchas, 16/1000 caps, and the ADR-064 gate-launch sequence: Surfer→record-roster→Workflow). `gauntlet.md`/`assemble.md` gain workflow-execution sections; personas + fix-application + Debate Protocol stay prose. **Distribution gate (Phase 12.75):** `.claude/workflows/` is a new shared category — added to `prepack.sh` (npm) + `copy-assets.sh` (init) so the scripts ship to consumers. Both scripts `node --check`-validated (ESM async-wrapped); the live end-to-end gauntlet run is the acceptance test. Dep `^23.17.0` → `^23.18.0`. |
 | 23.17.0 | 2026-06-13 | **Effort-tiering fleet edit (ADR-054) — verified + applied.** Verified against the official Claude Code sub-agents docs that `effort` is a supported sub-agent frontmatter field (values `low`/`medium`/`high`/`xhigh`/`max`; "available levels depend on the model"). Applied across all 264 agent definitions: **20 leads (`model: inherit`) → `effort: xhigh`, 201 Sonnet specialists → `effort: medium`, 43 Haiku scouts → omitted** (Haiku doesn't support the parameter). Per-agent reasoning-spend lever, independent of model tier — the largest cost lever in the fleet (200 specialists no longer pay lead-level reasoning for read-and-report review). Frontmatter-only, idempotent insert after the `model:` line; `validate-agent-refs` + full suite (1390/1390) green; integrity preserved. Closes the M2 deferral from v23.16.0. Updated ADR-054 (status→fleet-applied), SUB_AGENTS.md, COMPATIBILITY.md. Dep `^23.16.0` → `^23.17.0`. (Aside: confirmed the v23.16.0 gate fix live — a Workflow launch was correctly BLOCKED this session until a `--light` bypass was set; noted a reap-vs-fresh-bypass timing race for a future field report.) |
 | 23.16.0 | 2026-06-13 | Platform-alignment campaign — implements the ADR set from `/architect --plan` (→ `/campaign`). **ADR-064 (gate↔Workflow) IMPLEMENTED:** the Silver Surfer `PreToolUse` hook matcher is now `Agent\|Workflow` and `check.sh` gates the **Workflow tool launch** on a recorded roster (closes the proven bypass where workflow-spawned agents skipped the gate); `test.sh` gains 3 Workflow cases (**23/23**), mirrored to the methodology package. **Behavior change:** a Workflow run now requires a recorded roster or a `--light`/`--solo` bypass — build/apply/research workflows should set a bypass. **ADR-065 (platform floor):** `docs/COMPATIBILITY.md` gains a Claude Code platform-floor + per-feature maturity table; informational `claudeCodeFloor` field; semver rule (raising the floor = breaking) + release-checklist item. **ADR-066 (native-capability tracker):** new `docs/NATIVE_CAPABILITIES.md` audits all commands vs native skills with dispositions (`/qa`,`/test` coexist+document; `/git` keep) — realizes ADR-050's deferred follow-up; release re-audit item added. Amended **ADR-051** (workflow-exemption→closure), **ADR-054** (effort tiers + Haiku 200K/no-effort). M2 effort fleet-edit deferred per ADR-054 precondition (runtime `effort:`-frontmatter honoring unverified). Dep `^23.15.0` → `^23.16.0`. |

package/dist/docs/methods/WORKFLOWS.md

@@ -27,8 +27,8 @@ export const meta = {                       // MUST be a pure literal — no var
 const roster = typeof args === 'string' ? JSON.parse(args) : args   // see Gotcha 1
 phase('Find')
 const found = (await parallel(roster.map(a => () =>
-  agent(prompt(a), { label: `${a.name} · find:${a.key}`, phase: 'Find', schema: FINDINGS, agentType: a.id })
-))).filter(Boolean)
+  agent(prompt(a), { label: `${a.name} · find:${a.key}`, phase: 'Find', schema: FINDINGS, agentType: a.name })
+))).filter(Boolean)   // agentType resolves by the agent's `name:` display field — see Gotcha 6
 const claims = dedupe(found.flatMap(f => f.findings))   // plain JS reduce — no agent
 phase('Verify')
 const verdicts = await parallel(claims.map(c => () =>
@@ -51,6 +51,8 @@ return { confirmed: claims.filter((c,i) => verdicts[i]?.survives) }
 3. **No `Date.now()` / `Math.random()` / argless `new Date()`** — they throw (they'd break resume). Pass timestamps via `args`; vary by index for "randomness."
 4. **Concurrency caps (ADR-059):** ~16 concurrent / ~1,000 total per run. `parallel([...])` accepts 100s of items but only ~16 run at once. **Batch** unbounded fan-outs (glob-then-partition, `SUB_AGENTS.md`); never one-agent-per-file on a large repo.
 5. **Cost lever:** route cheap stages with `agent(p, {model:'haiku'})` (scout pre-scans) and reserve the default model for synthesis — the way the Surfer already runs on Haiku.
+6. **`agentType` resolves by the agent's `name:` display field, NOT the filename** (e.g. `'Picard'`, not `'picard-architecture'`). A filename-style `agentType` fails to resolve and the `agent()` call returns `null` (silently filtered by `.filter(Boolean)`), so the agent simply never runs. If a roster carries both, pass `a.name`. Same rule as the Agent tool's `subagent_type`.
+7. **Validate before shipping:** a workflow script's top-level `await`/`return` make a bare `node --check` fail ("Illegal return statement") — that is expected (the runtime wraps the body in an async fn). Use `npm run validate:workflows` (wired into `pretest`), which reproduces the wrapper before checking, so a real syntax error is caught in CI rather than shipping to npm.
 
 ## Gate interop (ADR-064) — REQUIRED
 

package/dist/wizard/lib/project-init.js

@@ -89,6 +89,15 @@ async function copyMethodology(methodologyRoot, projectDir, core) {
     if (existsSync(agentsSrc)) {
         count += await copyDir(agentsSrc, join(projectDir, '.claude', 'agents'));
     }
+    // Dynamic Workflow scripts (ADR-067 — gauntlet/assemble review skeletons).
+    // gauntlet.md / assemble.md reference `.claude/workflows/*.workflow.js`; without this
+    // a fresh `npx voidforge-build init` ships the command docs but NOT the scripts they
+    // invoke. prepack.sh + copy-assets.sh ship them to the npm package and dist/, but this
+    // CLI init copy path (methodologyRoot = the installed package) was missed in v23.18.0.
+    const workflowsSrc = join(methodologyRoot, '.claude', 'workflows');
+    if (existsSync(workflowsSrc)) {
+        count += await copyDir(workflowsSrc, join(projectDir, '.claude', 'workflows'));
+    }
     // Methods
     const methodsSrc = join(methodologyRoot, 'docs', 'methods');
     if (existsSync(methodsSrc)) {
@@ -108,6 +117,15 @@ async function copyMethodology(methodologyRoot, projectDir, core) {
         await cp(registrySrc, join(projectDir, 'docs', 'NAMING_REGISTRY.md'));
         count++;
     }
+    // Agent classification — single source of truth for agent counts (v23.7.0). Command
+    // docs derive their counts from it; prepack ships it to the npm package, but this init
+    // path omitted it, so init'd projects couldn't resolve the count SSOT.
+    const classificationSrc = join(methodologyRoot, 'docs', 'AGENT_CLASSIFICATION.md');
+    if (existsSync(classificationSrc)) {
+        await mkdir(join(projectDir, 'docs'), { recursive: true });
+        await cp(classificationSrc, join(projectDir, 'docs', 'AGENT_CLASSIFICATION.md'));
+        count++;
+    }
     // Thumper scripts
     const thumperSrc = join(methodologyRoot, 'scripts', 'thumper');
     if (existsSync(thumperSrc)) {

package/dist/wizard/lib/updater.js

@@ -58,9 +58,16 @@ export async function diffMethodology(projectDir) {
     const dirs = [
         { src: '.claude/commands', dest: '.claude/commands' },
         { src: '.claude/agents', dest: '.claude/agents' },
+        // Dynamic Workflow scripts (ADR-067) and the Silver Surfer gate (ADR-051/060/064):
+        // both ship to new projects via init but were absent from the updater's diff list, so
+        // `npx voidforge-build update` never propagated them — existing projects were stranded
+        // on whatever gate/workflow scripts they were created with (e.g. a gate before this
+        // release's reap fix). Invocation is via `bash <script>` so exec bits are not required.
+        { src: '.claude/workflows', dest: '.claude/workflows' },
         { src: 'docs/methods', dest: 'docs/methods' },
         { src: 'docs/patterns', dest: 'docs/patterns' },
         { src: 'scripts/thumper', dest: 'scripts/thumper' },
+        { src: 'scripts/surfer-gate', dest: 'scripts/surfer-gate' },
     ];
     // Single files to compare
     const singleFiles = ['CLAUDE.md', 'HOLOCRON.md', 'VERSION.md'];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "voidforge-build",
-  "version": "23.18.0",
+  "version": "23.19.0",
   "description": "From nothing, everything. A methodology framework for building with Claude Code.",
   "type": "module",
   "engines": {
@@ -45,7 +45,7 @@
     "@aws-sdk/client-rds": "^3.700.0",
     "@aws-sdk/client-s3": "^3.700.0",
     "@aws-sdk/client-sts": "^3.700.0",
-    "voidforge-build-methodology": "^23.18.0",
+    "voidforge-build-methodology": "^23.19.0",
     "node-pty": "^1.2.0-beta.12",
     "ws": "^8.19.0"
   },