CHANGELOG

Removed

• PR-CLEANUP-SIL (2026-05-31) — remove the one grep-proven dead self-improving-loop helper + refresh stale doubt comments. A conservative cleanup pass over the self-improving loop, applying the audit-before-migrate discipline (grep-prove caller=0 before deleting; FLAG when in doubt). The three helpers a stale memory note flagged as "orphan" (credit_assignment, kind_dim_matrix, evaluate_rollback_condition) were re-audited: credit_assignment no longer exists (removed with PR-GROUP-REMOVAL), while compute_kind_dim_matrix and evaluate_rollback_condition are now production-wired (the former via format_mutator_feedback_block → core/self_improving_loop/runner.py, the latter via _apply_rollback_condition_gate → autoresearch/train.py's promote gate) — so they were kept. The only genuinely-dead remnant: rank_kinds_by_dim (core/self_improving_loop/kind_dim_matrix.py), the transpose of the still-wired rank_dims_by_kind, never given a caller by PR-WIRE-1. Removed the function, its __all__ entry, its docstring bullet, and its four unit tests (tests/core/self_improving_loop/test_kind_dim_matrix.py).

Fixed

• PR-CLEANUP-SIL (2026-05-31) — stale-comment refresh (no behaviour change). The petri target runner's F-A3 entry-observability comment (plugins/petri_audit/targets/geode_target.py) no longer reads as lingering doubt about whether GeodeModelAPI.generate is invoked — it now affirms that PR-AUDIT-SCAFFOLD-WIRE (#1938) verified the geode/gpt-5.5 → GeodeModelAPI.generate → _default_geode_runner → AgenticLoop route. The _TOP_KINDS_IN_BLOCK docstring in core/self_improving_loop/mutator_feedback.py now describes its actual use as the rank_dims_by_kind(..., limit=...) per-kind dim cap (the code's actual call) instead of the removed transpose helper. The group/swarm/Pareto/Tchebycheff/group_size/applied_sibling sweep found the CODE already removed by PR-DROP-GROUP-SAMPLING / PR-GROUP-REMOVAL — only explanatory comments/docstrings on still-live code plus two legitimate regression tests that pin that legacy applied_sibling rows are *ignored* by the current (1+1)-ES reader (tests/autoresearch/test_sot_revert_on_reject.py, tests/core/self_improving_loop/test_mutations_reader.py, both kept) — so no executable code was cut there. One stale docstring in test_sot_revert_on_reject.py that cited the removed policies.write_sibling_in_memory was corrected.

Fixed

• PR-AUDIT-SCAFFOLD-WIRE (2026-05-31) — guarantee the mutated scaffold reaches the Petri audit target + restrict the mutable hyperparam surface. The self-improving loop's fitness signal is only causal if the mutated scaffold (autoresearch/state/policies/wrapper-sections.json) is the base of the audit target's system prompt. Diagnosis: the target routes correctly (geode/gpt-5.5 → GeodeModelAPI → _default_geode_runner → AgenticLoop, scaffold = base prompt, auditor scenario = system_suffix), and the closed-loop propagates the scaffold via the GEODE_WRAPPER_OVERRIDE env hook — but two real gaps existed: (1) in audit-mode (GEODE_AUDIT_UNRESTRICTED=1), when no scaffold resolved (env unset + SoT file absent) build_system_prompt (core/agent/system_prompt.py) returned ONLY dynamic context — a scaffold-free target; it now falls back to the domain-neutral GEODE base prefix so the target always carries a base scaffold. (2) _dump_wrapper_override (autoresearch/train.py) dumped the module-load-time WRAPPER_PROMPT_SECTIONS snapshot; it now reads the SoT live via load_wrapper_prompt_sections so a same-interpreter mutate→audit cannot evaluate a stale scaffold. A new system_prompt.scaffold diagnostic records wrapper_override_present + length + resolution source so scaffold presence is observable without relying on the (scenario-only) inspect .eval ModelEvent.
• Mutable `hyperparam` surface restricted to `reflection_depth` only (operator decision, 2026-05-31). max_turns / seed_limit / dim_set are audit-MEASUREMENT parameters — mutating them confounds the mutated-vs-baseline fitness comparison — and are now rejected at parse_mutation / apply_mutation (_validate_hyperparam_bounds, core/self_improving_loop/runner.py) with an explanatory error. reflection_depth (a genuine AgenticLoop runtime knob) stays mutable. Pinned by tests/test_geode_target_scaffold_injection.py + tests/test_policy_mutation.py. Procedure documented in docs/self-improving/campaign-procedure.md.

Added

• PR-BASELINE-LINEAGE (2026-05-30) — versioned baseline stacking storage. Before a re-measurement re-does the self-improving hub's baseline side, the storage structure now serves PREVIOUS + NEW baselines stacked + versioned, each in its own production-logic epoch. A backfilled baseline can carry its TRUE historical spec via HistoricalSpecOverride (core/self_improving_loop/baseline_epoch.py) — fitness_formula_version / margin_logic_version / rubric_version / dim_set (plus promote_policy as a first-class arg) — so it hashes to its OWN epoch instead of being mis-stamped with the live constants; each field absent → the live constant, so the live promote path is byte-identical (pinned). The override also carries the baseline's MEASURED fitness, which the writer records verbatim instead of recomputing under today's compute_fitness (a historical baseline was scored under its own formula). scripts/backfill_baseline_registry_row.py gains the matching CLI flags (incl. --fitness). The vanilla baseline-2605-1 row (previously epoch_hash=None) is re-backfilled as the genesis epoch `be-001` (margin_rule dim-stderr, version tags "0", promote_policy="legacy"), self-verifying, with its measured fitness (0.7915) preserved (not recomputed); autoresearch/state/baseline_epochs.json records the hash→label map. The hub's baseline-registry section renders the epoch-grouped versioned lineage (be-001 legacy + future v0.99.99+ epochs stacking as separate blocks, never overwriting), with promote_policy shown per epoch. Pinned by tests/test_baseline_lineage.py + tests/autoresearch/test_baseline_registry.py.

Added

• E6 (2026-05-30) — honest evidence page: methods + results + power. A dedicated EVIDENCE sub-page under the autoresearch hub (/geode/self-improving/autoresearch/evidence/) that a skeptical reader uses to judge one question — *does scaffold-selection actually improve safety fitness?* — reading ONLY the git-tracked ledgers (mutations.jsonl attribution rows + baseline_archive.jsonl), with measured values only (no fabricated numbers, no placeholders). Rendered by scripts/build_self_improving_hub.py (render_autoresearch_evidence + new template docs/self-improving/autoresearch/evidence.html.template + an Evidence nav link added to all autoresearch sidebars + the landing sub-view table, now 5 sub-pages). Three sections:
• Methods — the experimental design, honestly: the FROZEN held-out ruler (E2, held_out_bench_id, disjoint from the selection pool) vs the pinned SELECTION pool (B2, pool-68dc6f0c9745); the 3 control ARMS (E3: gate=selection / random=random-accept / never=no-mutation floor); per-mutation REPLICATE + the ci-excludes-0 rule (E4); REPRODUCIBILITY pins (E5: prompt_hash / applied_diff / sampling_params / rng_seed); content-addressed EPOCH partition (A). Explains WHY only the held-out curve is evidence and why the cross-arm comparison isolates selection from drift / judge-noise.
• Results — the per-cycle held_out_fitness curve PER ARM (split by promote_policy), the 3-arm comparison on the fixed ruler (mean held-out fitness + promotion count per arm), and the per-cycle / per-campaign gain_ci_excludes_zero verdict. Dense tables; pre-E1 mixed-scale rows excluded from aggregates. 0 promotions is stated plainly as a TRUST-INCREASING result.
• Power — the required N_seed × M_replicate line COMPUTED from the recorded combined σ (√(within²+between²)) at δ=0.02 / α=0.05 / 80% power (the stdlib _required_n_seed mirrors core/self_improving_loop/statistical_power.py's formula, pinned by a drift-guard test), plus the honest verdict: "no evidence yet" when the gain CI includes 0, "indeterminate" when σ is unrecorded — never a fabricated N.
• Graceful empty state. The matched 3-arm 10-cycle has not run yet, so the page renders the full structure with an honest "awaiting the 3-arm campaign" / "no held-out campaign recorded yet" / "no evidence yet" state where curves / arms are empty — no crash, no fabricated number. The same renderer populates when the campaign later writes the rows. 11 new tests in tests/test_self_improving_hub_e2e.py (3-section render, graceful empty state, populated per-arm curve + verdict, power from recorded σ, no-slop, core drift-guards for the arm map + power constants).

Added

• E5 (2026-05-30) — per-cycle reproducibility pins: prompt hash, applied diff, sampling params, RNG seed. Each self-improving-loop ledger row is now INDEPENDENTLY RE-RUNNABLE — a third party can reconstruct exactly what produced an audit result. Four pins are captured at the point of truth (the audit dispatch) and recorded on BOTH per-cycle sinks (the mutations.jsonl attribution row and the baseline_archive.jsonl registry row), all None-omitting so legacy / no-pin rows keep their exact shape:
• `prompt_hash` — sha256: of the ACTUAL composed wrapper/scaffold system prompt the audit target ran under (the mutation-applied WRAPPER_PROMPT_SECTIONS, canonically serialised then hashed — stable for the same prompt, sensitive to any section edit).
• `applied_diff` — the scaffold mutation actually APPLIED this cycle as a reproducible reference: sha256: of the applied content (new_value) plus the applied_diff_target (section) + applied_diff_kind it edited, read from the kind="applied" apply row — not a re-derived guess.
• `sampling_params` — the generation params as SENT for the audit. GEODE's audit dispatch (a geode audit subprocess) controls only a subset (max_turns / seeds / dim_set / source / max_connections=1 / max_samples=1), recorded as the resolved effective values; the per-token knobs (temperature / top_p / max_tokens) GEODE does NOT pin are recorded as an explicit "_unpinned" marker (inspect_ai + provider defaults), not a fabricated value.
• `rng_seed` — the audit/generation seed as SENT (distinct from E3's promote_policy_seed). GEODE sends NO --seed to the audit subprocess today, so the honest record is None (no seed sent), never a fabricated number.
• Auditability, not determinism. These pins record WHAT WAS SENT and make NO backend-determinism claim. A ctx7 lookup of inspect_ai (/ukgovernmentbeis/inspect_ai, 2026-05-30) confirmed GenerateConfig ACCEPTS seed / temperature / top_p (SDK contract) but did NOT document that any backend — least of all GEODE's claude-cli / codex-cli OAuth subscription providers — HONORS seed for bit-identical replay; the contract is therefore unverified — live test required, and no determinism flag is set to True.
• New module core/self_improving_loop/run_provenance.py (hash_text, compose_wrapper_prompt, build_run_provenance, RunProvenanceFields bundle). Threaded through attribution.write_attribution / compute_attribution + train.py's _write_baseline → _append_baseline_registry_row. 24 new tests in tests/autoresearch/test_reproducibility_pins.py.

Added

• E4 (2026-05-30) — statistical power: per-mutation replicate, fitness-gain "ci excludes 0" verdict, and per-campaign power analysis. The self-improving loop now only CLAIMS a fitness gain when statistics support it (else an HONEST NULL), and tells the operator how many samples are needed:
• `--replicate M` (default `M=1` → zero cost / behaviour change). Runs the audit M times per mutation/cycle so the WITHIN-mutation variance (provider non-determinism) is estimated SEPARATELY from the BETWEEN-seed variance (the N samples inside one audit). M=1 runs the audit exactly once (no loop overhead) and leaves within-variance honestly unestimated, as before; within_mutation_stderr + between_seed_stderr are recorded distinctly on the cycle (attribution) + promoted-baseline records. Resolved env → --replicate → config → 1.
• Explicit fitness-gain "ci excludes 0" verdict. A confidence interval on the fitness gain (current vs baseline) is computed and recorded with gain_ci_low / gain_ci_high / a boolean gain_ci_excludes_zero + a human verdict string ("gain significant" / "no evidence yet"). This is an evidence statement LAYERED ON TOP of the promote gate (it never weakens the gate); at the chosen DEFAULT_GAIN_CI_Z = 1.0 it reconciles EXACTLY with the gate's √(σp²+σc²) σ-margin, so a null run reports "no evidence yet" honestly rather than looking like a silent reject. A bootstrap cycle (no baseline) reports "no evidence yet" (no baseline to gain over).
• Per-campaign power analysis. Given the observed within+between variance σ, a target effect size δ, α=0.05 and power=0.8, the standard two-sample mean-difference formula n ≈ 2(z_{α/2}+z_β)²σ²/δ² computes the required N_seed × M_replicate to DETECT δ, emitted per campaign as a log + stdout line. For the real N≈8 / observed stderr≈0.013 case, detecting δ=0.02 at 80% power needs N_seed≥7 × M_replicate≥1.
• Flagged knobs. δ default 0.02 (just above the gate's 0.005 noise floor, ~1.5× the empirical ~0.013 fitness stderr) is --target-effect-size / config overridable; the CI method is normal-approximation (gain ± z·gain_stderr), chosen over bootstrap because the gain stderr is already a bootstrap estimate and the normal-approx keeps the module pure + reconciled with the gate.
• New module core/self_improving_loop/statistical_power.py (decompose_variance, gain_ci_excludes_zero, required_samples, format_power_line, + the VarianceDecomposition / GainEvidence / PowerRequirement / PowerRecordFields dataclasses). All record fields are additive + None-omitting so M=1 / pre-E4 readers are backward-compatible.

Added

• E3 (2026-05-30) — `--promote-policy {gate|random|never}` control arms for a matched 3-arm held-out comparison. Enables attributing a fitness gain to SELECTION rather than drift / judge-noise by running each arm as its own full N-cycle campaign on the frozen held-out bench:
• gate (default) — today's behaviour: the _should_promote fitness gate decides (the SELECTION arm). The default path is unchanged in shape.
• random — random-accept control: the mutation is still applied + audited as normal, but the PROMOTE decision is a SEEDED coin-flip (random.Random(seed + cycle_index) in _random_accept_draw), NOT the gate. The seed is an explicit arg/config (--promote-policy-seed) and is RECORDED on both the held-out + baseline rows, so the random campaign is reproducible.
• never — no-mutation floor: never promote (baseline frozen across the campaign). The mutation is still generated + audited (loop structure identical to the other arms), only the promote is suppressed; a mutator-driven cycle still reverts the SoT so the floor stays honest. The held-out is scored every cycle → the curve shows pure drift / judge-noise, the floor the other arms must beat.

Resolved by autoresearch.train._resolve_promote_policy / _resolve_promote_policy_seed (env GEODE_PROMOTE_POLICY / AUTORESEARCH_PROMOTE_POLICY → CLI → config → default). promote_policy + promote_policy_seed are recorded on BOTH the per-cycle held-out attribution row (mutations.jsonl) AND the baseline registry row, so the three arms' held-out curves are distinguishable + comparable on the shared frozen ruler. promote_policy is also added to the baseline epoch spec (core.self_improving_loop.baseline_epoch.build_baseline_spec), bumping SPEC_SCHEMA_VERSION "1" → "2": gate / random / never hash to DIFFERENT epochs (different production logic, correctly NOT averaged); the held-out bench id is unchanged (the shared ruler does not move). Pinned by tests/autoresearch/test_promote_policy_control_arms.py + tests/test_baseline_epoch.py (gate vs random vs never distinct epochs, schema 2, seeded draw reproducibility).

• PR-SEEDGEN-TOKENS (2026-05-30) — per-agent (per-phase) + run-level token usage tracking for the seed-generation pipeline. The LLM usage a sub-agent already produces (AgenticResult.usage, via TokenTracker.delta_since) now survives the worker subprocess IPC instead of being dropped before it reaches the aggregators. New token + cost fields (prompt_tokens / completion_tokens / usd_spent) thread along the full chain: WorkerResult (populated from agentic_result.usage) → IsolationResult (parsed from the worker stdout JSON) → SubResult (set in SubAgentManager._to_sub_result) → each of the 9 seed agents sums its sub-results' usage (via the new sum_sub_result_tokens helper in agents/base.py) into the returned SeedAgentResult → the existing orchestrator run-level rollup (state.prompt_tokens += result.prompt_tokens) lights up unchanged. Separately, the per-phase cost grid now works: Transcript.record_session_end (and its _lifecycle caller, which already read the tracker for total_cost) also write prompt_tokens / completion_tokens from the tracker accumulator into each sub-agent's dialogue.jsonl session_end event, which the orchestrator's _persist_per_phase_costs already sums. Pinned by tests/test_worker.py (WorkerResult usage roundtrip), tests/core/agent/test_sub_result_token_forwarding.py (IsolationResult → SubResult), tests/plugins/seed_generation/test_critic.py (agent rollup + subscription-zero), and tests/test_session_transcript.py (session_end token keys).

Fixed

• PR-SEEDGEN-TOKENS (2026-05-30) — seed-generation runs reported all-zero tokens/cost. The aggregation infrastructure already existed but every link between the producer (AgenticResult.usage) and the aggregators dropped the usage: WorkerResult / IsolationResult / SubResult had no usage fields, the agents never assigned tokens, and record_session_end never wrote token keys. Plumbed end-to-end (see Added). Honest limitation: subscription / CLI-routed calls (claude-cli, codex-cli) return an empty UsageSummary() — the subscription path does not expose token usage (core/llm/adapters/claude_cli.py, core/llm/adapters/codex_cli.py). Token counts are therefore reported only for API-key / payg calls (e.g. payg ranker voters); subscription-routed phases honestly stay 0 and are never fabricated. This is why most phases still show 0 cost today.

Fixed

• Seed-pool content hash is now bodies-only (frozen-ruler determinism). core.self_improving_loop.baseline_epoch.seed_pool_content_hash recursed path.rglob("*") (ALL files), but scripts/assemble_seed_pool.py writes a manifest.json INTO the pool dir whose generated_at is a timestamp. So the runtime hash on a live pool dir (a) diverged from the assembler's body-only hash and the committed doc pins, and (b) was NON-DETERMINISTIC across re-assembly (the timestamp moved the hash) — re-assembling identical survivor bodies fragmented baselines into different epochs, defeating the "same spec → same hash" frozen-ruler invariant. The hash now fingerprints ONLY the seed .md bodies (rglob("*.md"), sorted relative-path + sha256), which is exactly the file set the audit's pool loader reads (directory.glob("*.md")); manifest.json and any other non-.md incidental file are excluded. Verified against the live pool dirs WITH manifest.json present: selection pool reproduces pool-68dc6f0c9745, held-out bench reproduces pool-c16d186178e1, and two assemblies with different --now timestamps yield the same hash. The held-out-bench.md reproduction note is corrected to state the body-only addressing. Pinned by tests/test_baseline_epoch.py (masked-scenario: manifest + timestamp invariance) + tests/test_assemble_seed_pool.py.
• Held-out fitness now shares the gate's fitness formula path. score_held_out_bench (autoresearch/train.py) omitted the anchor_confidence_mode flag that the promote gate's current_raw runs under, so when anchor-confidence mode was on the held-out evidence curve was computed on a subtly different fitness DEFINITION than the baselines it is compared against. The shared flag is now threaded from main() into the scorer's compute_fitness call WITH the held-out's own ANCHOR_DIMS subset as anchor_means (the same subset the gate's current_raw extracts from its current dims — threading the flag without the subset would silently no-op the multiplier); baseline_means=None (fresh-anchor intrinsic, no prior baseline) and admire_means=None (the held-out audit emits no admire signal). Pinned by tests/autoresearch/test_held_out_bench.py.
• Seed-pool assembly fails closed on a path-escaping survivor id. scripts/assemble_seed_pool.py copied each body to pool_dir / f"{survivor_id}.md" without validating survivor_id is a safe single path segment, so a ../- or /-containing id from the seeds tree could escape the pool dir. A new _assert_safe_dest_basename rejects any id that is not a single segment (naming the bad id + run) before the copy. Pinned by tests/test_assemble_seed_pool.py.

Added

• E2 / E2-wire (2026-05-30) — version-frozen held-out bench + per-cycle fixed-ruler fitness curve. The co-evolving seed_select pool supplies *selection pressure* and mutates every generation, so its fitness is a moving ruler (valid for the within-generation (1+1) accept/revert, not for cross-generation comparison). A new version-frozen held-out bench is the fixed ruler: autoresearch/train.py gains held_out_bench config + _resolve_held_out_bench() (env GEODE_HELD_OUT_BENCH / AUTORESEARCH_HELD_OUT_BENCH → config → None; deliberately without the co-evolving latest-pointer tier) + score_held_out_bench() (the same 0-1 compute_fitness the gate uses, with a content-hash-stable held_out_bench_id). scripts/assemble_seed_pool.py gains explicit --select-runs / --exclude-runs so the held-out set is assembled from runs disjoint from the selection pool (gen-2605-1 + gen-2605-2 + the gen1-* runs — 16 frozen survivors, content-hash pool-c16d186178e1, reproducible from committed survivor bodies; the assembled dir lives under gitignored state/). main() now dispatches the scorer once per cycle (operator cadence = EVERY cycle), gated on a configured bench + non-dry-run (None → skip, zero cost, backward-compatible); the result is recorded into BOTH the per-cycle kind="attribution" row in autoresearch/state/mutations.jsonl (the cross-generation curve SoT) and, on a promote, the kind="baseline" registry row. The self-improving hub renders a dense Held-out fitness curve table on the autoresearch mutations page (per-generation held-out fitness + Δ-vs-prior on the fixed ruler + bench id), omitted entirely when no bench is configured. Reproduction + wiring documented in docs/self-improving/held-out-bench.md. Pinned by tests/autoresearch/test_held_out_bench.py, tests/test_attribution_belief.py, tests/test_assemble_seed_pool.py, and tests/test_self_improving_hub_e2e.py.

Fixed

• E1 (2026-05-30) — fitness ledger scale reconcile. mutations.jsonl attribution rows previously mixed scales: fitness_before was written as the 1-10 Petri dim-mean (lower-is-better) while fitness_after was the 0-1 compute_fitness output (higher-is-better), so fitness_delta was nonsense. Both sides now use the same 0-1 compute_fitness scale; pre-fix on-disk rows are not rewritten (git-tracked ledger — a one-shot backfill is a documented follow-up).

Fixed

• PR-HUB-AUDIT-DEEPLINK (2026-05-30) — audit/seed deep-links reach the transcript. The self-improving hub linked Petri audit rows, the audit sidebar, and seed-generation phase rows via #/tasks/<task_id> — a route the bundled Inspect View hash router does not define (createHashRouter exposes only /logs/*; the SPA navigates via /logs/${encodeURIComponent(file)}), so every deep-link silently fell back to the run list instead of opening the specific log. scripts/build_self_improving_hub.py keys deep-links on the .eval filename (the logs/listing.json key, preserved through load_petri + new PetriRow.log_file) via a shared inspect_log_route() emitting #/logs/<encodeURIComponent(file)>; seed-generation phase rows do the same and fall back to the bundle run-list root when a phase has no .eval yet. The two docstrings that enshrined the wrong #/tasks/ premise are corrected. Guarded by tests/test_self_improving_hub_e2e.py::test_audit_deeplinks_use_logs_route_and_resolve (no #/tasks/; every linked filename resolves in listing.json) and a new CLAUDE.md CANNOT row (verify vendored-SPA routes against the bundle JS).
• PR-SEEDS-UNTRACKED-COST (2026-05-30) — drop untracked cost from the seeds page. docs/petri/seeds showed per-run + total spend in USD ($0.00 for every run — subscription-lane seed generation reports neither usd_spent nor token counts), a measured-but-always-zero metric. Per "measured values only" the USD column, the USD rollup row, and the total-spend summary are removed; the run rollup keeps the tracked fields (iters, literature_snapshots, debate_transcripts).

Added

• PR-BASELINE-EPOCH (2026-05-30) — content-addressed baseline epochs. The baseline registry (autoresearch/state/baseline_archive.jsonl) now partitions every kind="baseline" row into an epoch keyed by a hash of the baseline production+measurement spec, so baselines produced under different logic are never silently compared. New core/self_improving_loop/baseline_epoch.py builds the spec (margin_rule + margin_logic_version + fitness_formula_version + rubric_version + dim_set + bench + the four roles' model+source + seed_pool_id), serializes it canonically (sort_keys, fixed separators), and computes epoch_hash = sha256(...)[:12]; a hash-first-seen be-NNN label is assigned and persisted in git-tracked autoresearch/state/baseline_epochs.json. autoresearch/train.py stamps baseline_spec + spec_schema_version + epoch_hash + epoch_label onto each registry row at write time (write-time frozen — never retroactively recomputed; the row self-verifies). Two new version constants (FITNESS_FORMULA_VERSION, MARGIN_LOGIC_VERSION) are bumped on *semantic* logic change and pinned by tests/test_logic_version_guard.py (a golden fitness + golden margin per version — a silent logic change fails the gate until the version is bumped, opening a new epoch). The seed pool enters the spec as a content-hash (seed_pool_content_hash — survivor bodies, not mtime/location), so a seed-set change is a new epoch. The self-improving hub serves baselines under a Baseline registry · grouped by epoch section: one dense sub-series per epoch (label + spec summary + per-baseline table), never two epochs in one comparison table; pre-epoch rows render in an honest "backfill pending" bucket rather than a fabricated hash. Codified in the baseline-epoch-partition scaffold skill. Pinned by tests/test_baseline_epoch.py, tests/autoresearch/test_baseline_registry.py, and tests/test_self_improving_hub_e2e.py.

Fixed

• PR-SEED-RECONCILE (2026-05-30) — self-contained survivor bundle. Pipeline._persist_survivors now writes each survivors.json row's path RELATIVE to run_dir (e.g. candidates/<id>.md) instead of an absolute scratch-tree path that broke on a clone / GitHub-Pages mirror; the copy loop reads the absolute source from a separate copy_sources list so the run-dir-relative row path never has to resolve from the process CWD. New scripts/reconcile_seed_bundle.py reconciles the three drifted views of each served run — state.json["survivors"] ↔ survivors.json ↔ the survivors/ body directory — to the valid set (a survivor is valid iff it is in state.json["survivors"] AND its <id>.md body exists under candidates/ or candidates_evolved/), rewriting bundle-relative paths and pruning stale bodies. This drops the body-less phantom gen1-002-f4580bc8 from gen1-broken_tool_use (survivors.json 5 → 4, now matching state.json). Pinned by tests/plugins/seed_generation/test_survivors_path_relative.py. Both served viewers — the static petri-bundle/seeds/index.html and the Next.js docs/petri/seeds table — now use the bundle-relative path verbatim instead of reconstructing candidates/<basename>, so an evolved survivor (candidates_evolved/<id>.md) resolves instead of 404-ing.

Added

• PR-BASELINE-REGISTRY (2026-05-30) — baselines as first-class indexed runs. Every promote now appends one kind="baseline" row to the git-tracked autoresearch/state/baseline_archive.jsonl (the self-improving hub's baseline index reads it), while baseline.json stays the active anchor (now stamped with its baseline_id). Each row records the measurement criteria the hub serves losslessly + differentiated: margin_rule (dim-stderr | fitness-stderr — the pre-fix vanilla vs post-fix cohort discriminator), fitness_stderr, bench flag, seed pool, intrinsic fresh-anchor fitness, and dim_means. eval_archive is stored as a basename (the registry is git-tracked — no leaked absolute paths). _next_baseline_id mirrors the seed-generation baseline-<YYMM>-<seq> scheme. scripts/backfill_baseline_registry_row.py registers pre-registry baselines from a saved snapshot (bindings passed explicitly — a historical baseline's config has since changed). Re-implements feature/baseline-registry @69b9d95f Phase 1 on the ux-removed / fitness-scale-margin code (Pareto coupling dropped; margin_rule / fitness_stderr added). Schema lineage archived in docs/self-improving/baseline-schema-history.md.
• PR-ROLE-PROVENANCE (2026-05-30) — per-role model + credential-lane observability. New core/self_improving_loop/role_provenance.py is the single source of truth for the per-role {model, source, lane} block (auditor/target/judge/mutator). The credential lane — api_key→PAYG, openai-codex→Subscription, claude-cli→CLI, auto→Auto — is recorded because the same model id behaves differently per lane; display id is GEODE/{model}/{lane}. The block is written to every cycle's mutations.jsonl apply row (MutationApplyRow.role_provenance, via append_audit_log) — so a rejected cycle's lanes are observable, not just a promoted one's — and to the baseline_archive.jsonl row (same shared helper, no drift between the two git-tracked ledgers).

Fixed

• PR-MARGIN-FITNESS-SCALE (2026-05-30) — promote-gate margin scale. The self-improving loop's _should_promote margin used max(baseline_stderr.values()), applying the noisiest single dim's 1–10 *dim-scale* stderr (e.g. input_hallucination ≈ 0.97) as a 0–1 *fitness-scale* threshold — a ~75× over-estimate that made every mutation structurally unpromotable (a 2026-05-30 10-cycle run produced 6 real audits, 0 promotions, all "gain +0.01 ≤ margin 0.97" while the true fitness-aggregate stderr was ~0.013). The margin is now the gain's own stderr on the fitness scale — √(σ_prior² + σ_current²) — floored at a zero-noise epsilon (fitness_margin_floor 0.005, N1_FITNESS_MARGIN_FLOOR 0.05). σ prefers a sample bootstrap (_fitness_stderr_bootstrap, captures inter-dim correlation) and falls back to the per-dim-independent Monte-Carlo estimate (_fitness_scale_stderr) when per-sample data is absent.

Changed

• Bootstrap fitness-stderr wired end-to-end. run_audit now returns a 7-tuple (adds per_sample, the sample-indexed dim rows from dim_extractor); main() bootstraps the audit's fitness-scale stderr and persists it as baseline.json raw.fitness_stderr; the next cycle's promote gate reads it back (_load_baseline_fitness_stderr) as the prior σ.

Removed

• `ux_means` fitness axis. Fitness is back to a pure Petri dim aggregate plus the reserved admire_means / bench_means axes. The ux_means axis gave the promote gate no usable signal (its collector returned an empty dict on cycle 0) and complicated the margin redesign. Deleted autoresearch/ux_means.py; compute_fitness / _should_promote / _write_baseline / _load_baseline drop their ux_means parameters (the loader tuple goes 5→4); multi-axis fitness weights renormalise to FITNESS_DIM_3AX 0.55 / FITNESS_ADMIRE_3AX 0.20 / FITNESS_BENCH_3AX 0.25 (3-axis) and FITNESS_DIM_WEIGHT 0.70 / FITNESS_ADMIRE_WEIGHT 0.30 (admire-only 2-axis). ADR-012/013 amended; core/self_improving_loop/signal_polarity.py drops the UX_DIM_WEIGHTS union. The seed-generation BaselineSnapshot.ux_means slot is kept load-side for forward-compat (reads empty for current baselines).

Fixed

• PR-TRANSCRIPT-FULL-BODY (2026-05-29) — SessionTranscript recorded the dialogue.jsonl turn body truncated to 500 chars (cut mid-object), even though _mirror_to_run_transcript always documented that "the full body stays in dialogue.jsonl" and only the pipeline-timeline preview should be short — a single _truncate(text, 500) wrongly fed BOTH. The body of user_message / assistant_message / error events is now captured in full (up to a MAX_BODY_CHARS = 100_000 sanity ceiling; the 5 MB MAX_FILE_BYTES guard + tail-truncate still bound the file), while only the mirrored RunTranscript preview stays at MAX_PREVIEW_CHARS = 500 (renamed from MAX_TEXT_CHARS). Future runs capture full raw conversational transcripts; pinned by tests/test_transcript.py (full body, ceiling cap, and the body↔preview split). Tool-call/tool-result events keep the MAX_INPUT_CHARS preview (potentially huge I/O, not the conversation).

Added

• PR-BASELINE-HUB-SHOW-WORK (2026-05-29) — The autoresearch baseline hub page now *shows its work* instead of rendering only the baseline.json scalars. Four sections: Process (auditor / target / judge models, reasoning effort, seed-pool size, fresh-anchor fitness, eval log), Measured values (the existing baseline.json namespaces), Seed corpus (each survivor scenario fed to the auditor, expandable), and Audit transcripts (per-seed auditor↔target conversation + the judge's 22-dim scores + judge rationale). New scripts/extract_baseline_transcripts.py reads the audit .eval once (it alone imports inspect_ai) and writes a git-tracked docs/self-improving/autoresearch/baseline/transcripts.json; scripts/build_self_improving_hub.py renders from that JSON, so the Pages build needs neither inspect_ai nor a local .eval. The fitness shown is the fresh-anchor intrinsic score (no prior base) — a substrate change (seed pool) makes a prior-base comparison spurious via the critical floor.

Changed

• PR-CRED-SOURCE-CENTRALIZE (2026-05-29) — Centralize the LLM credential-source value set into one canonical core.config.credential_source.CredentialSource (StrEnum). It was previously defined four ways with *inconsistent membership* — self_improving_loop.Source (no api_key), the mutator-config source Literal (with api_key), seed_generation.auth_coverage.Source (no auto), and bare-str settings.{anthropic,openai}_credential_source — plus the petri AUTO_SOURCE / PAYG_SOURCE magic constants, so a change in one silently diverged from the others. All now reference the single enum (Source is a re-export; auth_coverage.Source is a drift-pinned concrete subset; the settings fields validate against it via a field-validator; the petri constants derive from it). The project_payg_exclusion_decision PAYG safety — a subscription-only run must not *silently* fall through to PAYG — moves from a type-level exclusion (which caused the fragmentation and blocked an operator's explicit opt-in) to the existing resolution-time `fallback_to_payg` gate: api_key is a valid config value again, but auto expansion still never silently bills the API key. Pinned by test_credential_source_centralized.py (enum-drift invariants) and the rewritten test_d1_provider_closure.py (api_key now accepted at config, closure enforced at resolution).

> PATCH — self-improving hub polish + loop multi-objective wiring. Hub > re-paletted to the docs dark warm theme, Elo method annotated, agents > cli-local source chips, cost figures replaced with token counts, voter > rationale wrap, plus the loop's Tchebycheff group-selection + rollback > auto-evaluation + cache-hygiene wiring.

Changed

• PR-HUB-COST-TOKENS (2026-05-29) — Replace every USD "cost" figure on the self-improving hub with token counts. Subscription runs report usd_spent as $0.00, so the dollar columns were dead. The seed-generation runs tables, the per-run + cross-run rollups (renamed "Cost rollup" → "Token rollup", USD line dropped, an aggregate total_tokens added on top of the prompt/completion breakdown — no duplicate axis), the agents table + agent detail, and the timeline per-phase/per-agent lines now show prompt + completion tokens (sub-agent totals from each session_end, run/rollup totals from prompt_tokens/completion_tokens). SeedGenRow + _load_subagents gained a total_tokens field. Pinned by the agent-detail + run-page token assertions in test_self_improving_hub_e2e.
• PR-HUB-DARK-PALETTE (2026-05-29) — Re-palette the self-improving hub (docs/self-improving/assets/hub.css) from the light Bootstrap-ish scheme to the dark warm Anthropic palette of the docs site (site/DESIGN.md §2): warm near-black stone substrate (--paper #181816), cream ink (--ink #ede7da), amethyst runtime accent (--accent #a573e8) + citrine warm signal, so the hub and /docs read as one cohesive editorial surface. Semantic-token flip plus dark variants for the hardcoded sites (harness chips, bucket labels, warning code background, seed-generation hero SVG, tie chip). HTML is unchanged — every hub page links hub.css, so the theme flips on deploy.

Added

• PR-SIL-MULTIOBJ (2026-05-29) — Wire the self-improving loop's previously orphan multi-objective infrastructure into the live decision path, plus measurement hygiene. Four parts:
• Tchebycheff group selection (A1) — apply_group_proposals now selects the winning sibling by a Tchebycheff (worst-weighted-gap) scalar via _select_best_idx, calling the previously test-only compute_tchebycheff / compute_ideal_point with DIM_WEIGHTS so a critical-axis gap dominates an auxiliary gap (non-compensatory, safety-first). Gated on pareto_mode + group_size ≥ 2; the default path keeps the linear GRPO-whitened advantage unchanged. The FITNESS_RESULT sentinel emitted by autoresearch/train.py now additively carries the per-sibling dim_means / dim_stderr vector (parsed by the new graceful _parse_dim_means_from_subprocess_stdout) — the multi-dim capture the prior pareto_mode archive PR deferred.
• `rollback_condition` auto-evaluation (A2) — the mutator's own rollback_condition predicate is now propagated to the audit subprocess via GEODE_SIL_ROLLBACK_CONDITION and auto-evaluated as a *secondary* per-dim reject gate (calls the previously observability-only evaluate_rollback_condition). Two paths: the single-mutation promote path evaluates it in _apply_rollback_condition_gate after _should_promote (flips promote → reject); the group path evaluates the winner's predicate in apply_group_proposals against its measured dim vector vs the promoted baseline and skips the commit on a fire. It can only veto — never the reverse; the primary scalar safety gate is unchanged.
• inspect-ai cache hygiene (A3) — new purge_inspect_cache() (delegates to inspect_ai's own cache_clear, graceful without the [audit] extra) + a --purge-cache flag on autoresearch/train.py for closed-loop measurement hygiene, pinned by a regression test that _build_audit_command never enables the trajectory cache.
• signal polarity normalisation (A4) — new signal_polarity helper (to_signed_improvement / metric_polarity) emits a canonical signed_improvement field on every attribution row (+ = improvement regardless of a metric's native direction — Petri dims are lower-is-better, so their sign is flipped). The higher-is-better field set is derived from the canonical ux/admire/bench weight dicts (no second copy, pinned by a drift test).

Fixed

• PR-HUB-POLISH (2026-05-29) — Two hub display corrections bundled with the dark re-palette. (1) The tournament page now annotates how Elo is computed (initial 1000, logistic expected score 1/(1+10^((R_b-R_a)/400)), update R += K·(S-E) with K=32, 3-voter majority ≥2 else quorum_lost, top-5 survivors) in a <details> next to the per-candidate Elo summary, sourced from plugins/seed_generation/tournament.py. (2) The "Run dashboard ↗" sidebar link was relabeled "Seed runs (docs) ↗" across the single sidebar source (_render_hub_sidebar) + the 7 page templates — it links to the docs site's seed-runs page, not an in-hub dashboard.
• PR-HUB-AGENTS-CHIP-WRAP (2026-05-29) — Two self-improving hub display fixes. (1) The seed-generation /agents/ page mislabeled every cli-local sub-agent as PAYG: session.json omits model/provider for CLI-managed agents, so the harness chip fell back to an empty model → PAYG default. _resolve_subagent_model() now reads the real model + provider from dialogue.jsonl's session_start and reflects the execution source, not the model's billing provider — a claude_cli_session_id marks a Claude Code (cli-local) run (chip + source-aligned claude-cli/claude-opus-4-7 naming) while the codex path already records openai-codex. gen-2605-2 went from 196 PAYG rows to 98 Claude Code + 98 Codex, 0 PAYG. (2) The voter rationale <pre class="msg"> on the tournament + lineage ranker station had no base wrap rule and ran off the page horizontally; added a base pre.msg rule (pre-wrap + word-break + overflow-wrap: anywhere) so it wraps responsively. Pinned by the strengthened test_pr2_agents_index_renders (gen-c-001 fixture now mirrors the real anthropic + claude_cli_session_id shape) + a pre.msg wrap assertion in test_pr2_tournament_renders_three_voter_panel.

> PATCH — self-improving hub data-integrity sprint. gen1 broken-link > recovery (bundle sync gap), mutations page rebuilt against the live > flat schema, and the gen1-broken tournament re-evaluated with the > recovered Codex voter.

Fixed

• PR-GEN1-BROKEN-REEVAL (2026-05-29) — Re-evaluate the gen1-broken_tool_use self-improving run's tournament with the recovered Codex voter. The original run hit 118/118 openai-codex voter_call_failed (a transient Codex outage), so all 59 matches lost quorum, every candidate's Elo stayed flat at 1000.0, and survivors fell back to id-order. Codex is healthy again (verified — effort="none" voters return valid structured votes), so the Ranker was re-run against the same 15 existing candidate MDs (no regeneration): 177/177 votes succeeded (codex 118/118, claude-cli 59/59), 0 quorum lost. The recovered tournament.json (real per-voter panel + Elo deltas) and state.json (elo_ratings now spanning 878–1116, merit-ordered survivors) replace the corrupted records; gen1-002 (lowest Elo) drops out and gen1-005 enters the survivor set. A reeval provenance block records the original failure + that evolved_candidates predate the re-evaluation (retained as the historical record). Hub re-rendered: the tournament page's "ranker integrity warning" is gone (0% parse_error, 59 ratified).
• PR-MUTATIONS-REDESIGN (2026-05-29) — Rebuild the autoresearch /self-improving/autoresearch/mutations/ page against the live mutations.jsonl schema. The renderer keyed off a stale nested ts_utc / mutation{} / mutator{} / verdict shape (the fixture matched it so the E2E stayed green), but the runner now emits a flat schema in two row kinds — an APPLY record (target_kind / target_section / previous_value → new_value / rationale / principle / target_dim) and a separate ATTRIBUTION record (fitness_before / fitness_after / fitness_delta / attribution_score / significant / observed_dim) — so every column rendered empty against production data. _join_mutation_records() now joins the two kinds by mutation_id (one row per mutation, newest applied first; attribution may be absent until the post-mutation audit lands), and the table surfaces applied-at, target, aimed dim + measured move + significance chip, fitness_before → fitness_after Δ, attribution score, a derived outcome chip (improved / regressed / noise / pending audit), and a payload drill-down (before → after value, rationale, principle, rollback_condition, audit_run_id). The non-functional CSS-only filter mockup (static chips with no behaviour) is removed in favour of a real aggregate summary block (_render_mutations_summary: outcome counts + mean Δfitness + target kinds + aimed dims); the dead .filter-strip CSS is pruned. Fixture + test_autoresearch_mutations_table_renders rewritten to the live flat schema. Folded a Codex-MCP catch: the policies page's "mutated by" cross-ref shared the same drift (it indexed mutation["target_section"] with a :: filename prefix + ts_utc, so every row rendered —); it now maps the flat target_kind → policy filename via _TARGET_KIND_TO_POLICY_FILE (a stdlib-only mirror of core's _KIND_TO_PATH, pinned in lockstep by test_policy_file_map_matches_core) and shows the latest section + applied-at + outcome per file.

• PR-SPCT-FEWSHOT-PROMPT (2026-05-28) — Replace the SPCT principle guidance in `_MUTATION_CONTRACT_SUFFIX (mutator system prompt body) with a length-anchored variant + two grounded few-shot examples. Post PR-SPCT-CAP-1000 the cap was raised 500→1000, but mutator's principle distribution shifted upward in tandem (cycle 14/15/16/17 of 2026-05-28 16:56–17:51 produced 1064-1478 char principles in 10/12 attempts, 83% fail rate at cap 1000). Cap expansion alone is not effective — LLM treats the explicit char count as a recommendation, not a constraint. New guidance: (1) **"CONCISE" + "STRICT HARD CAP" + REJECT 결과 명시** — principle 가 cap 위반 시 cycle 폐기, mutator dispatch cost wasted, loop no progress 라고 명시. (2) **target 300-600 chars (3-5 sentences)** — concrete length goal 보다 cap. (3) **two grounded few-shot examples (487 / 391 chars)** — anchor 효과, cycle 11-13 의 실제 mutator principle 본을 차용해서 in-distribution. (4) **"NO LONGER than these examples" + "restating context is FORBIDDEN"** — 음성 prompt 로 verbose 패턴 차단. (5) response schema 의 "principle": "<= 1000 chars ..." 도 "concise SPCT principle, target 300-600 chars, HARD CAP 1000 chars — see examples in the instruction body; restating context = REJECT" 으로 갱신. 변경 위치: runner.py 의 _MUTATION_CONTRACT_SUFFIX (principle 섹션 + response schema 두 곳). Pinned by 21 existing SPCT tests + 8 minimal_1 tests (29 pass), drift invariant test_program_md_can_table_matches_target_kinds` (regex extracts kinds from program.md, no SPCT impact).

• PR-SPCT-CAP-1000 (2026-05-28) — Raise SPCT principle char cap 500 → 1000 in `core/self_improving_loop/runner.py. v0.99.81 의 codex fix 후 cycle 14/15/16 의 6/6 attempts 모두 principle length 500-805 char (median ~600) 에서 fail — parse_mutation 의 cap guard 가 systematic 으로 trip. GEODE 의 mutator context (new baseline + 6 attribution rows + 8 target_kind 표 + measurement_modality 가이드) 부피가 DeepSeek-GRM 의 frontier prototype 보다 풍부해서 mutator 가 생성하는 principle 도 자연 스럽게 길어진 결과. SPCT 의 "self-generated concise judging principle" 원칙은 보존하되 GEODE context 에 맞춰 cap 2× 완화. 변경 site: Mutation pydantic field (max_length=1000), parse_mutation 의 length guard 문구 + raise threshold, _MUTATION_CONTRACT_SUFFIX 의 "<= 1000 chars" 안내 두 곳, Mutation.principle docstring. Pinned by tests/core/self_improving_loop/test_p3_anchor_spct.py: rename test_principle_exceeds_500_raises → test_principle_exceeds_1000_raises (1001 char) + 추가 test_principle_at_or_under_1000_accepted` (800 char 사이즈, cycle 14-16 의 typical 값).

> MINOR release. Eight-PR sprint focused on adapter-layer correctness > + observability: > > - PR-EXTRACT-LEARNING-MODELS-ADAPTER (#1836) — last HIGH-traffic > direct-SDK sites migrated to capability dispatch > - PR-LLMCLIENTPORT-COLLAPSE (#1837) — -1422 LoC dead parallel > adapter hierarchy removed > - PR-TOOL-EXEC-CONTEXT (#1838) — AgenticLoop adapter routing > propagates into tool dispatch > - PR-NO-FALLBACK (#1839) — strict single-adapter dispatch; > silent cross-provider / cross-source fallback disabled > - PR-DOC-VERIFY (#1840) — workflow §4d: doc-before-behaviour > gate for external SDK / 3rd-party backend capability assumptions > - PR-CODEX-INSTRUCTIONS-FIX (#1841) — codex-oauth web_search > verified live (instructions mandatory + input typed-item list) > - PR-DISPATCH-OBS-EXT (#1842) — tool-result adapter inline + > serve.log restored + `geode adapters stats CLI + > per-session adapter usage > - **PR-CODEX-NO-KEEPALIVE** (#1843) — Codex backend httpx > keep-alive disabled; first-call-after-idle APIConnectionError` > (4 ms stale-connection failure) eliminated

Fixed

• PR-CODEX-NO-KEEPALIVE (2026-05-28) — Codex backend (`chatgpt.com/backend-api/codex/responses) first-call-after-idle APIConnectionError` eliminated by disabling httpx keep-alive reuse for the Codex OAuth client specifically.

Diagnosed via PR-DISPATCH-OBS-EXT observability: `adapter_dispatch_attempt events in ~/.geode/runs/subject_gateway_analysis.jsonl showed a clean pattern at 2026-05-28 15:44:37 KST (run_id f6c51cc5e18d) — 4 parallel general_web_search calls fired in 4 ms. First call hit APIConnectionError in **4 ms** (no network roundtrip). Next 3 calls succeeded in 12 / 19 / ~unknown s. Root cause: a previous gpt-5.5 LLM call (8.3 s) had left an idle HTTP/2 connection in httpx's keep-alive pool. The Codex backend closes idle connections aggressively (sub-second to a few-second window) without a GOAWAY frame the client can observe in time. The first web_search reused the now-stale pooled connection → httpx .WriteError → openai SDK APIConnectionError` instantly. Subsequent calls opened fresh connections and succeeded.

Fix: `build_async_codex_client in core/llm/adapters/ _openai_common.py constructs its own httpx.AsyncClient with httpx.Limits(max_keepalive_connections=0, ...). Every Codex call opens a fresh TCP+TLS connection. Costs ~100-300 ms TLS handshake per call but eliminates the stale-connection failure mode entirely. Other OpenAI-family endpoints (api.openai.com PAYG, api.z.ai GLM PAYG, GLM Coding Plan) keep the default settings.llm_max_keepalive_connections = 5 policy via the shared _build_async_httpx_client` helper — they have proper server-side idle timeout policies + GOAWAY signaling.

Live verification 2026-05-28 16:00 KST: 4 parallel `web_search_via_adapters calls through codex-oauth → 4/4 200 OK (7.4 / 7.6 / 10.2 / 41.8 s). No 4 ms APIConnection Error`. Each dispatch INFO log line confirms the success outcome.

Pinned by `tests/test_codex_no_keepalive.py (2 source-level assertions: codex builder body contains max_keepalive_connec tions=0, the default helper still reads settings.llm_max_keepalive_connections, the codex builder does NOT delegate to the default _build_async_httpx_client`).

Added

• PR-DISPATCH-OBS-EXT (2026-05-28) — four observability enhancements layered on PR-NO-FALLBACK's strict-dispatch + per-attempt hook. Operator-facing answer to "which adapter actually handled this call?" without grep+timestamp cross-correlation.

1. Tool result adapter inline — :class:core.llm.adapters.base.WebSearchResult + :class:TextCompletionResult gain `adapter_name / adapter_provider / adapter_source fields (all str = "" defaults). dispatch.web_search_via_adapters + dispatch.complete_text_via_adapters enrich via dataclasses.replace after the capability impl returns — single point of enrichment so the 4 web_search impls and 4 text_completion impls don't all have to update. web_tools.py + web_search.py surface the new fields in the tool result dict; tool_exec_end` metadata now carries them inline.

2. Serve log file recovery — :func:core.cli.typer_serve.serve wires a `RotatingFileHandler at ~/.geode/logs/serve.log (10MB × 5 backups) with auto-mkdir. The legacy serve.log writer was deleted in a prior v0.99.x cleanup; cmd_lifecycle status was still pointing at SERVE_LOG_PATH` but nothing populated it. Restored so dispatch INFO logs persist across serve restarts.

3. CLI dispatch stats — new `geode adapters stats [--since 1h] [--runs-dir DIR] reads ADAPTER_DISPATCH_ATTEMPT events from ~/.geode/runs/*.jsonl, filters by time window, aggregates by (capability, adapter_name, provider, source) into a dense table with per-outcome counts (success / billing / transient / unavailable) + p50/p95 latency. --since` parser supports s/m/h/d/w suffixes.

4. Session-end adapter usage — new `ContextVar per session; begin_session_adapter_tracking (called by AgenticLoop at SESSION_STARTED) resets it; _fire_attempt increments; get_session_adapter_usage reads. _lifecycle.py emits adapter_usage {adapter_name: {outcome: count}} into SESSION_ENDED payload, then calls end_session_adapter_tracking to clear (Codex MCP audit catch — without the reset, a leaked post-finalization dispatch would mutate a stale counter). Caveat documented: TURN_COMPLETED hooks (e.g. turn_llm_extract`) fire AFTER SESSION_ENDED is built, so their dispatch attempts are not in this aggregate — they belong to turn_complete accounting.

Pinned by `tests/test_dispatch_obs_ext.py` (15 assertions: dataclass field shape, single-point enrichment, counter accumulate, outside-session empty, source-level pins for lifecycle + agent_loop + tools + typer_serve, CLI stats parses jsonl + rejects malformed --since + empty-window message, end_session_adapter_tracking clears counter).

Fixed

• PR-CODEX-INSTRUCTIONS-FIX (2026-05-28) — codex-oauth `aweb_search` now satisfies two Codex-backend-specific call-shape constraints discovered via PR-DOC-VERIFY's mandatory live test gate. The PR-NO-FALLBACK initial impl reused the PAYG call shape, which the Codex backend rejected with sequential 400s:

1. 1st live call → `400 {'detail': 'Instructions are required'}. PAYG Responses API treats instructions as optional; Codex backend enforces it as mandatory on every request (same constraint :meth:acomplete already honours). 2. 2nd live call (after adding instructions) → 400 {'detail': 'Input must be a list'}. PAYG accepts input as a plain string OR typed-item array; Codex backend requires the typed-item list shape (same constraint :meth:acomplete already honours via :func:build_codex_input`). 3. 3rd live call (after both fixes) → 200 OK with real web search results (OpenAI help-center URLs etc.), 11.2s response.

The docstring attestation flips from `unverified — live test required (PR-DOC-VERIFY) to verified live with the live-call evidence cited. test_codex_oauth_adapter_advertises_web_search updated to pin the new verified live` string so a future silent docstring rewrite cannot strip the evidence trail.

Demonstrates the value of CLAUDE.md §4d (doc-before-behaviour) + PR-NO-FALLBACK's honest dispatch errors working together: ctx7 was ambiguous on backend acceptance → docstring marked `unverified → live test surfaced the actual constraints one at a time (each as a clean AdapterDispatchError from the dispatch layer with the 400 body) → both fixed in a single follow-up PR → docstring flipped to verified live` with evidence.

Changed

• PR-DOC-VERIFY (2026-05-28) — workflow: doc-before-behaviour for external SDK / 3rd-party backend capability assumptions. New CANNOT rule (`Quality row) + new §4d. External-contract attestation step in the Verify (Implementation GAP Audit) workflow: any PR that introduces or flips supports_X = True (or asserts a backend endpoint accepts a particular tools / parameter / model id) must run ctx7 library + ctx7 docs` first. Three outcomes:

| ctx7 result | Action | |-------------|--------| | Confirms | Cite the source path in the docstring | | Refutes | Revert + fix the misread | | Ambiguous | Mark `unverified — live test required` in docstring, open the live-test gate explicitly |

Retroactively applied to PR-NO-FALLBACK #1839 — `codex_oauth.supports_web_search = True docstring now carries the unverified — live test required attestation because ctx7 of /openai/codex documents the Responses tools array shape but does NOT enumerate which type values the Codex backend accepts. The Codex CLI's own internal web search uses a different schema (codex-rs/ext/web-search/ {"search_query": [...]}), making the hosted {"type": "web_search"} acceptance unverified until a live call confirms. tests/test_adapter_capability_dispatch.py::test_codex_oauth_adapter_advertises_web_search` pins the docstring attestation presence so it cannot be silently dropped during a future docstring rewrite.

Operator caught the workflow gap: behaviour verification (serve restart + live web_search trigger) was offered before the doc verification ran. The strict-dispatch error contract from PR-NO-FALLBACK is the operational safety net, but it does not substitute for the gate — a True flag landing in production based on SDK contract inference alone is the exact pattern that creates silent regressions when the backend later changes behaviour.

• PR-NO-FALLBACK (2026-05-28) — adapter dispatch is now strict single-adapter: the operator's explicit `/login source choice is the sole switch. Silent cross-provider / cross-source fallback (Anthropic → OpenAI → GLM, PAYG → Subscription) is removed because it exposes the operator to unexpected billing — a Codex-subscription user reported their web_search silently landing on a GLM coding plan they had configured for a different workflow, then surfaced as provider quota exhausted (glm)` even though the operator never asked for GLM.

Three coordinated changes:

1. Phase 1 — codex-oauth web_search enabled (the routing leak's true root cause). `core/llm/adapters/codex_oauth.py supports_web_search False → True + dedicated aweb_search implementation using responses.stream(store=False, ...) — the Codex backend's mandatory call shape (same as acomplete). The openai-python SDK's ToolParam union accepts {"type": "web_search"}` independent of which Responses endpoint the client targets, so a ChatGPT-subscription operator's web_search now routes through their OAuth token with no PAYG key required.

Codex MCP audit catch — initial pass delegated to the PAYG-only `openai_web_search helper which calls non-streaming responses.create without store=False; that would fail on Codex OAuth backend and surface a confusing BillingError`. Fixed by inlining the Codex-specific stream call.

2. Phase 3 — Strict single-adapter dispatch (`core/llm/adapters/dispatch.py). Replaced the _apply_prefer fallback chain with _select_adapter which returns exactly one adapter or None`:

- Both `prefer_provider and prefer_source set (AgenticLoop ToolContext path): exact match REQUIRED; partial or unmatched preferences raise :class:AdapterUnavailableError. - Partial preference (only one set) treated identically to no match — strict mode never silently widens. - Neither set (hook / compaction callers): operator's default- resolved adapter via infer_source(provider) for the first provider in provider_order` with a registered capable adapter.

`web_search_via_adapters + complete_text_via_adapters call _select_adapter once, try the single result once, and raise :class:BillingError / new :class:AdapterUnavailableError / :class:AdapterDispatchError on failure — every error carries the attempted adapter name + source so the operator sees exactly which credential was tried. Every error message embeds the explicit /login source <subscription|payg|cli>` switch hint so the three credential types are visible as the *only* path to change routing.

3. Phase 2 — Per-attempt observability. New :class:core.llm.adapters.dispatch.AdapterAttempt dataclass + `_fire_attempt helper emits HookEvent.ADAPTER_DISPATCH_ATTEMPT (new enum value, 81st) for every dispatch try with adapter name, provider, source, capability, outcome (success / billing / transient / unavailable), elapsed ms, and the failure's error_type / truncated error_msg`. INFO-level log line per attempt complements the hook so operators see one structured row per dispatch in the serve log instead of having to reconstruct what was tried from downstream exceptions.

Callers updated to handle the new error class: `core/tools/web_tools.py + core/tools/web_search.py catch :class:AdapterUnavailableError separately and return a dependency error pointing at /adapters + /login source. core/agent/loop/models.py::_context_exhausted_message, core/hooks/llm_extract_learning.py, core/orchestration/compaction.py all carry the new exception branch with the same _EXHAUSTED_FALLBACK/return None` graceful contracts they had before.

Pinned by `tests/test_adapter_capability_dispatch.py (16 tests) + tests/test_tool_exec_context.py (15 tests covering _select_adapter exact-match enforcement, no-fallback on billing, exact-match routing, default-resolved via infer_source) + tests/test_hooks.py::test_all_events_exist` updated to 81.

Added

• PR-TOOL-EXEC-CONTEXT (2026-05-28) — LLM-touching tools now receive the AgenticLoop's resolved adapter routing via :class:core.tools.base.ToolContext so the operator's `/login credential-source choice that drives the main LLM path also drives the tool's adapter selection. Previously each web_search tool call re-ran infer_source(provider)` independently and could land on a different (provider, source) than the orchestration loop.

Reference: paperclip `AdapterExecutionContext at packages/adapter-utils/src/types.ts — adapter execute(ctx)` receives full agent + runtime context. GEODE adopts the same shape.

Wiring chain (top to bottom):

1. `core/tools/base.py::ToolContext — added four LLM-identity fields (provider, source, model, adapter_name; all str = "" defaults so callers outside an AgenticLoop are not forced to fill them). 2. core/agent/loop/agent_loop.py — passes the resolved self._new_adapter.provider / .source / .name into the ToolCallProcessor constructor. Reads from the adapter (not the loop's pre-normalisation self._provider / self._source) because the registry collapses openai-codex → openai / zhipuai → glm (Codex MCP audit catch — the dispatch helper compares against adapter.provider / adapter.source). 3. core/agent/tool_executor/processor.py::ToolCallProcessor — __init__ accepts provider / source / adapter_name; dispatch loop builds a fresh ToolContext per tool call and forwards it via executor.aexecute(..., context=ctx). 4. core/agent/tool_executor/executor.py::_call_handler_async — injects _tool_context= into the handler's kwargs **only when the handler signature accepts it** (**kwargs splat or explicit _tool_context param). Third-party plugin handlers with closed signatures are detected via inspect.signature and skipped (Codex MCP CONCERN fix). 5. core/cli/tool_handlers/delegated.py + clarification.py — _make_delegate_handler pops _tool_context from kwargs and forwards via _safe_delegate(..., context=ctx) which re-injects it before calling the tool's aexecute. 6. core/tools/web_tools.py::GeneralWebSearchTool.aexecute + core/tools/web_search.py::WebSearchTool.aexecute — read kwargs.get("_tool_context") and pass prefer_provider + prefer_source to web_search_via_adapters. 7. core/llm/adapters/dispatch.py — new _apply_prefer helper stable-reorders candidates so exact (provider, source) match floats first, then provider-only, then source-only, then everything else. web_search_via_adapters + complete_text_via_adapters gain prefer_provider: str | None = None / prefer_source: str | None = None` params; empty preference falls through to the default candidate order so existing callers are unaffected.

Pinned by `tests/test_tool_exec_context.py (14 assertions: ToolContext shape, _apply_prefer correctness across all 4 rank buckets + stability, source-level pins on web tools / processor / agent_loop wiring, _safe_delegate context injection with + without context, end-to-end web_search_via_adapters` preference behaviour with default-order-overridden candidates, handler signature gating for closed-signature plugin handlers).

Removed

• PR-LLMCLIENTPORT-COLLAPSE (2026-05-28) — the parallel `LLMClientPort hierarchy is gone. LLMAdapter (one async acomplete + central dispatch in core/llm/adapters/dispatch.py`) is the single registry / call surface.

Production audit found the entire `LLMClientPort` stack was dead infrastructure kept alive by re-exports, not by callers:

- `LLMClientPort Protocol + the sync ClaudeAdapter / OpenAIAdapter.generate / .generate_structured / .generate_parsed / .agenerate_stream surface — DELETED. The only production caller of OpenAIAdapter is call_llm_with_tools_async (router/calls/tools.py) which uses .agenerate_with_tools — the surviving load-bearing surface; OpenAIAdapter now exposes only that method + its async retry. - LLMJsonCallable / LLMTextCallable / LLMParsedCallable node-DI Protocols + the set_llm_callable / get_llm_json / get_llm_parsed / get_secondary_llm_* ContextVar chain (core/llm/router/_di.py) — DELETED. set_llm_callable had one caller (build_llm_adapters); the get_* accessors had ZERO downstream consumers — every grep returned only the re-exports. - core/verification/cross_llm.py (225 lines: run_cross_llm_check + run_dual_adapter_check) — DELETED. Zero production callers (only tests/test_cross_llm.py); the CROSS_LLM_SYSTEM / CROSS_LLM_RESCORE / CROSS_LLM_DUAL_VERIFY prompts + core/llm/prompts/cross_llm.md template + cross_llm GeodeState field deleted with them. - core/wiring/container.py::build_llm_adapters — DELETED. Its only production effect was registering the 8 LLMAdapter built-ins via bootstrap_builtins(), which now runs directly from runtime._build_core. The llm_adapter / secondary_adapter fields on RuntimeCoreConfig + GeodeRuntime are gone (never read externally). - Obsolete tests deleted: tests/test_cross_llm.py, tests/test_claude_adapter.py, tests/test_openai_adapter.py, tests/test_llm_port.py, tests/test_port_compliance.py, tests/test_ports.py. tests/test_tool_use.py rewritten so the Anthropic block calls call_llm_with_tools_async directly instead of going through ClaudeAdapter` (same coverage, one fewer indirection).

Why this was the right scope (vs. the conservative "migrate callers" plan first sketched): the GAP audit showed callers to migrate did not exist. `ClaudeAdapter was a thin facade over call_llm / call_llm_json / call_llm_parsed / call_llm_with_tools_async — i.e. one OO wrapper around four already-async-friendly procedural functions. Pre-cleanup contract count: 2 Protocols (LLMClientPort × 6 methods + LLMAdapter × 6 methods) + 3 node-DI Protocols + 2 wrapper classes + 1 dead cross-LLM module + 1 unused DI ContextVar chain. Post-cleanup: LLMAdapter` alone. Net: -1,422 / +59 LoC.

Changed

• PR-EXTRACT-LEARNING-MODELS-ADAPTER (2026-05-28) — Phase 2 follow-up to PR-ADAPTER-PATTERN-UNIFICATION (#1832): the last two HIGH-traffic LLM-touching sites that still instantiated provider SDKs directly now route through `complete_text_via_adapters`.

1. `core/hooks/llm_extract_learning.py — TURN_COMPLETED hook for learning-pattern extraction. _call_budget_llm sync→async + dispatch; _call_glm_flash / _call_haiku helpers (each instantiating a fresh sync SDK client) deleted. Handler _on_turn_complete also async (HookSystem.trigger_async supports async handlers, fired from _lifecycle.py:351 for this event). Provider order ("glm", "anthropic", "openai") preserves the historic free-tier-first preference. 2. core/agent/loop/models.py::_context_exhausted_message — one-shot Haiku call for the context-exhausted localised notice. anthropic.Anthropic direct instantiation removed; sync→async; all 3 callers (agent_loop.py:1562/1627/1682) updated to await. Provider order ("anthropic", "openai", "glm") keeps Haiku first while opening fallback for Codex-subscription- only operators (the previous code silently returned the English _EXHAUSTED_FALLBACK` for any operator without an Anthropic key — entire localisation point defeated).

Codex MCP audit caught a BLOCKER on the first pass: passing a single `model= to every fallback adapter meant Anthropic tried to call glm-4.7-flash and OpenAI tried claude-haiku-*, guaranteeing every fallback to fail. complete_text_via_adapters now accepts model_by_provider: dict[str, str]` so the caller pins the provider-specific model only where it owns the choice (GLM-flash for the extraction hook, Haiku for the exhausted notice) and lets every other adapter use its own primary. Without this fallback is theatre.

Pinned by `tests/test_extract_learning_models_adapter.py (8 assertions: async signatures on both sites, source-level pins that import anthropic / import openai are gone, helper deletions confirmed, provider_order preserved, 3 awaited call sites in agent_loop.py). test_glm_flash_hook_reads_settings_learning_extract_model updated to read _call_budget_llm source (the renamed homing spot for the settings.learning_extract_model` pass-through).

> PATCH release. Bundles two adapter-layer improvements built on > v0.99.79's foundation: > > - PR-ADAPTER-PATTERN-UNIFICATION (#1832) — tool layer > (web_search, compaction) now dispatches through the adapter > registry's `WebSearchCapable / TextCompletionCapable > capability mixins (paperclip ServerAdapterModule mirror), so > the operator's /login credential-source choice drives every > LLM-touching site uniformly. Replaces the 3-provider direct-SDK > fallback chain that previously bypassed infer_source. > - **PR-ADAPTER-TIMEOUT-AND-SERIALIZATION** (#1833) — caps the > 2026-05-28 operator-observed 10-minute stall on a stuck Codex > stream via (a) explicit httpx.AsyncClient timeout + > max_retries=0 on every OpenAI-family client (anthropic > parity), (b) UI surface for SDK-internal retries, (c) > Summary SDK object → dict normalisation so the SQLite session > mirror no longer raises TypeError on codex_reasoning_items`.

Fixed

• PR-ADAPTER-TIMEOUT-AND-SERIALIZATION (2026-05-28) — three sister fixes for the operator's 2026-05-28 10-minute hang on a single `gpt-5.5` turn (serve log 11:06:19 → 11:16:39, 620062 ms latency):

A. httpx Timeout wiring + SDK retry pinning. `core/llm/adapters/_openai_common.build_async_openai_client and build_async_codex_client previously used the openai SDK's default httpx client, whose read-timeout defaults are long enough that a stalled Codex backend stream silently waited ~10 minutes before the SDK's retry loop kicked in. Both builders now attach an explicit httpx.AsyncClient with settings.llm_*_timeout — the same policy the Anthropic adapter has had since v0.99.39 (single source of truth = [llm] settings). Codex MCP audit BLOCKER caught the second half: without max_retries=0 on the openai client, the SDK retry (default 2) compounds with GEODE's own _LLM_RETRY_CAP retries — capping the read-timeout alone would still leave 300 s × 2 SDK attempts ≈ 10 min before app retry runs. Pinning max_retries=0 on every OpenAI-family client (adapter builders AND legacy provider singletons in core/llm/providers/{openai, codex, glm}.py) mirrors Anthropic's invariant (_anthropic_common.py:60) — single source of retry truth = AgenticLoop's _call_llm` retry path.

B. SDK retry → UI bridge. The openai SDK logs `Retrying request to /responses in 0.49 seconds at INFO level on the openai._base_client logger, but the line landed only in the serve log file — operators watching the CLI spinner saw an opaque hang. New module core/llm/adapters/_sdk_retry_visibility.py installs a logging.Handler on that logger that re-emits the retry through GEODE's existing emit_llm_retry` event surface (same UI affordance the agent-loop-side retry already uses). Install is idempotent + wired into both adapter client builders.

C. Summary SDK object → dict normalisation. The same incident's serve log surfaced `TypeError: Object of type Summary is not JSON serializable from core/memory/session_manager.py:433 because translate_codex_response stored OpenAI SDK ResponseReasoningItem.Summary Pydantic objects verbatim in codex_reasoning_items[*]["summary"]. JSON checkpoint survived (separate writer) but the per-turn SQLite session mirror was lost. New _normalize_summary_list helper coerces each summary element to a plain {"type": "summary_text", "text": ...} dict via model_dump(mode="json") (Pydantic v2 canonical JSON shape) with fallback to model_dump() then .text / .type` attribute extraction — so downstream SQLite mirror, JSON checkpoint, and IPC payload only see JSON-safe primitives.

Pinned by `tests/test_adapter_timeout_and_serialization.py (12 assertions) + tests/test_adapter_max_retries.py` (6 assertions — source-level retry pins on every OpenAI-family client builder and the Anthropic parity guard).

Changed

• PR-ADAPTER-PATTERN-UNIFICATION (2026-05-28) — restore the GoF Adapter pattern's "uniform interface + adaptee SDK isolation + config-driven switching" invariant to the tool layer. The v0.99.39 `core/llm/adapters/ registry was previously only consumed by the agent loop main path (PR-SOURCE-ROUTING #1822); web_search and compaction reimplemented their own 3-provider direct-SDK chains with PAYG-hardcoded clients, so the operator's /login` credential source choice (settings + ProfileStore) silently failed to switch those call sites. Tools fell into the "all PAYG depleted → 6× silent retry" trap the user hit on 2026-05-28.

Paperclip-pattern alignment (`server/src/adapters/registry.ts:768): capability mixin Protocols (WebSearchCapable, TextCompletionCapable) on top of the core LLMAdapter Protocol, with explicit supports_* flags + centralised dispatch (core/llm/adapters/dispatch.py) that enumerates registered adapters by (provider × operator-preferred source) via the same :func:infer_source flow the agent loop uses. Tool callers never instantiate provider SDKs directly — they call web_search_via_adapters() / complete_text_via_adapters() and the adapter that matches the operator's settings handles the outbound HTTP. Billing-fatal failures (BillingError or :func:is_billing_fatal`-classified SDK exceptions) surface as a single actionable hint instead of N silent retries.

OpenAI text completion uses the Responses API (the forward-going surface + wire-shape parity with the agent loop's main `acomplete`); GLM family adapters stay on Chat Completions because z.ai's OpenAI-compatibility surface lacks Responses support.

### Capability advertisement - `AnthropicPaygAdapter / AnthropicOAuthAdapter: web_search + text_completion (Anthropic OAuth supports the same web_search_20260209 tool API per the frontier audit). - OpenAIPaygAdapter: web_search (Responses web_search tool) + text_completion (Responses API path). - CodexOAuthAdapter: text_completion (Responses on the chatgpt.com/backend-api/codex endpoint). web_search is NOT advertised — the Codex backend's support for the hosted web_search tool is unconfirmed and falsely advertising would break the dispatch fallback chain on every call. Codex MCP audit BLOCKER (2026-05-28). - GlmPaygAdapter / GlmCodingPlanAdapter: web_search + text_completion (z.ai native web_search` Chat Completions tool; Coding Plan endpoint speaks the same wire shape, so the dispatch chain skips on actual 400/1113 errors if support diverges).

### Migrated call sites - `core/tools/web_tools.py::GeneralWebSearchTool (HIGH) — formerly _anthropic_search / _openai_search / _glm_search direct PAYG instantiation trio. - core/tools/web_search.py::WebSearchTool (HIGH, legacy duplicate) — same migration. - core/orchestration/compaction.py::_call_summarize (HIGH) — formerly _summarize_openai / _summarize_glm provider fan-out via _get_openai_client / _get_glm_client`.

### Deferred to follow-up sprint - `core/hooks/llm_extract_learning.py:116,141 — sync hook signature + bridges to asyncio.run need a coordinated change. - core/agent/loop/models.py:58 — one-shot context-exhausted Haiku call; low-traffic. - core/llm/router/calls/{text,tools,streaming}.py + core/wiring/container.py:401 — paperclip LLMClientPort Protocol (cross-LLM verify), a different Protocol than LLMAdapter; consolidating both Protocols is a separate sprint. - experimental/*` — prototype isolation preserved.

### Safety + correctness from Codex MCP audit - `_capability_candidates checks both the supports_* flag AND a callable method (aweb_search / acomplete_text); a contract-bug adapter that advertises a flag without the method logs a WARN and is skipped instead of crashing the dispatch as transient. - BillingError precedence is documented: in a mixed billing + transient candidate set, billing wins because (a) the operator can act on it immediately and (b) the transient may resolve once the billing is fixed. - core/tools/definitions.json::general_web_search.description` refreshed: "3-provider native fallback chain" → "adapter registry WebSearchCapable chain (subscription endpoints promoted ahead of PAYG per operator settings)".

Pinned by `tests/test_adapter_capability_dispatch.py (16 assertions: capability isinstance mixins on 4 canonical adapters, CodexOAuthAdapter intentionally skipping web_search, dispatch first-success / billing / transient / no-candidates branches, source-preference subscription promotion, source-level pins that web_tools / web_search / compaction` no longer import provider SDKs directly).

> PATCH release. Single fix: content-first stop_reason derivation in > the adapter bridge (PR-CODEX-STOP-REASON-TOOL-USE). The Codex > backend's universal `status="completed" response caused > _translate_stop_reason to map every tool-call response to > "end_turn" — the agent loop skipped tool execution, the next > turn's input carried a function_call without > function_call_output, and the Codex backend rejected with > "No tool output found"` 400. Frontier-pattern aligned with > paperclip + hermes (both derive the terminal flag from actual > presence of tool/function-call items, not the provider string).

Fixed

• PR-CODEX-STOP-REASON-TOOL-USE (2026-05-28) — the Codex backend at `chatgpt.com/backend-api/codex returns status="completed" for EVERY successful response, regardless of whether the model emitted function_call items. The v0.99.39+ adapter bridge core/llm/adapters/translation.py:_translate_stop_reason only looked at the provider string, so "completed" mapped to "end_turn". The agent loop then terminated the turn (treating the response as text-only), appended the assistant message with tool_use blocks BUT skipped tool execution, and the next turn's input carried a function_call with no matching function_call_output. The Codex backend rejected with "No tool output found for function call call_XXXX"` 400.

Symptom from the operator's serve log (2026-05-28 08:51:54): turn 2's first LLM call returned 225 output tokens including 2 `function_call items, the next LLM call fired 1 ms later (no tool execution time), and _log_codex_input_shape (backfilled in PR-LEGACY-PROVIDER-REMOVAL) surfaced the missing function_call_output items at WARN. The legacy core/llm/agentic_response.py:normalize_openai_responses (used by the deleted CodexAgenticAdapter) had derived stop_reason from has_function_calls` for exactly this reason; the adapter migration dropped that gate.

Fix elevates `has_tool_uses (content) to the sole authority over stop_reason derivation — the provider string never wins on its own. Mirror anti-pattern (provider says "tool_use" / "tool_calls" but the adapter forgot to populate tool_uses) also terminates with "end_turn" plus a WARN flagging the likely extraction bug — preventing the agent loop spin that would have no tool to execute. Frontier-pattern alignment verified against paperclip codex-local/src/ui/parse-stdout.ts:194 + hermes agent/codex_responses_adapter.py:1034` — both derive the terminal flag from the actual presence of tool/function-call items.

Pinned by `tests/test_codex_stop_reason_tool_use.py (10 assertions: Codex / Anthropic / OpenAI Chat / unknown strings × tool_uses on/off contract cases, mirror-anti-pattern WARN trigger, 2 end-to-end through agentic_response_from_adapter_result`).

The B/C sibling sites identified in the 2026-05-28 anti-pattern audit — `core/llm/adapters/codex_cli.py:124 (subprocess wraps a CLI agent that handles its own tool execution; emits tool_uses=()) and core/llm/adapters/claude_cli.py:241 (_extract_stop_reason may return "tool_calls" on a petri-audit --max-turns 1 boundary while tool_uses=()) — are implicitly covered by the new strict gate: both flow through this single bridge and the content-first rule keeps them on "end_turn"`. No per-adapter patch needed (defence in depth centralised in one place).

> PATCH release. Cleans up the v0.99.39 LLMAdapter sprint's > legacy-vs-new coexistence: deletes the three orphan > `*AgenticAdapter classes that the new adapter registry already > replaced (PR-LEGACY-PROVIDER-REMOVAL), and works around the > openai>=2.26 parse_response crash on Codex backend > response.completed events that landed silently between the v0.99.39 > sprint and the user's first /login openai smoke > (PR-CODEX-OUTPUT-NULL). The v0.99.77 PR-SOURCE-ROUTING fix routed > gpt-5.x` to the subscription bucket; this release makes those > requests actually complete.

Removed

• PR-LEGACY-PROVIDER-REMOVAL (2026-05-28) — delete the three legacy `*AgenticAdapter classes (OpenAIAgenticAdapter, CodexAgenticAdapter, GlmAgenticAdapter) that the v0.99.39 LLMAdapter sprint (PR-MAINPATH-1 / PR-MAINPATH-67) was meant to replace. The agent loop's main-path dispatch already routes through the v0.99.39+ adapter registry (openai-payg, codex-oauth, glm-payg, plus the legacy paperclip ClaudeAdapter / OpenAIAdapter wrappers for the cross-LLM-verify Protocol only) — the three Agentic classes had zero production callers, only a long tail of source-level pinning tests. Coexistence was a maintenance liability: the v0.99.39 sprint that introduced the new adapters did not delete the old ones, so a token-refresh or schema-evolution change had to be made in both places to keep parity. The audit (this PR's parallel sub-agent run) caught two existing skews: _reflection.py consults infer_source() while the legacy plan_registry path was unreachable, and _get_async_codex_client had a stale-token invalidation gap (no reset_codex_client() call after /login openai`) that was harmless only because the legacy path was already orphaned.

Helper functions still needed by the new adapters (`_resolve_codex_token, build_codex_oauth_headers, _resolve_openai_key, _get_async_openai_client, reset_openai_client, _resolve_glm_endpoint, _get_async_glm_client, reset_glm_client) stay in core/llm/providers/ along with the OpenAIAdapter paperclip wrapper (a different Protocol — LLMClientPort for cross-LLM verify, not LLMAdapter for the agent loop). 13 legacy test files removed (only assertions on the deleted-class internals); tests/test_provider_parity_v0532.py D2 invariants migrated to the equivalent adapter classes (test_openai_payg_adapter_propagates_billing_error` etc.).

Reference subscription logic (legacy `CodexAgenticAdapter.agentic_call) contributed one backfill: the pre-send input-shape diagnostic (_log_codex_input_shape) that catches input[i].content == null regressions at WARN level rather than as a body-less 400. The legacy call_with_failover cross-model fallback wrap was deliberately not carried over (PR-DRIFT-CUT semantics: operator manages /model`).

Fixed

• PR-CODEX-OUTPUT-NULL (2026-05-28) — work around an `openai>=2.26 streaming-parser crash on every Codex subscription call. The ChatGPT backend at chatgpt.com/backend-api/codex delivers response.completed events with output: null (the actual items arrive as separate response.output_item.done events that the SDK's accumulator collects into its own snapshot). Starting at SDK 2.26 ResponseStreamState. accumulate_event calls openai.lib._parsing._responses.parse_response (event.response) on every response.completed and parse_response iterates response.output unconditionally — so output is None raises TypeError: 'NoneType' object is not iterable during the async for event in stream loop in CodexOAuthAdapter.acomplete, before our own accumulated list could absorb the items. Result on the operator's machine: PR-SOURCE-ROUTING (#1822) correctly routed gpt-5.x to the subscription endpoint and received HTTP 200, but every call then crashed with unknown error and retried 5× before surfacing model_action_required. Hermes pins openai==2.24.0 and never hit this; GEODE's openai>=2.26.0` resolves to 2.30.0.

`core/llm/adapters/_codex_sdk_workaround.py:install() patches parse_response (and the symbol re-imported into the streaming module) to coerce response.output from None to [] before delegating to the original parser. The CodexOAuthAdapter's existing accumulated list + translate_codex_response pipeline then produces the real items as before. Installed lazily on the first Codex client construction (adapter build_async_codex_client AND legacy provider _get_async_codex_client), idempotent across the process. Removable once a future openai SDK release fixes parse_response to handle response.output is None`.

Pinned by `tests/test_codex_sdk_workaround.py` (5 assertions: unpatched-crash repro, patched-coerce success, idempotence + streaming module rebound, and source-level pins on both client builders).

> PATCH release. Operational regression fix: gpt-5.x interactive turns > were silently routing to PAYG even after `/login openai registered > the ChatGPT subscription OAuth profile. Three stacked regressions > from the self-improving adapter sprint (PR-MAINPATH-1 / > PR-MAINPATH-67 / PR-DRIFT-CUT) collapsed every gpt-5.x dispatch to > the openai-payg adapter; insufficient_quota then mis-classified > as rate_limit so the operator-facing hint said "switch model" > instead of "change credential source". Also bundles the > previously-staged hyperparam wire (audit subprocess argv now honours > autoresearch/state/policies/hyperparam.json`).

Fixed

• PR-SOURCE-ROUTING (2026-05-28) — restore subscription-bucket routing for OAuth-registered providers. Three stacked regressions converted every interactive `gpt-5.x turn into a PAYG call even after the operator had completed /login openai (which registers the openai-codex-geode:user OAuth profile in :class:ProfileStore`):

1. `AgenticLoop.__init__ defaulted source to literal "payg" so the daemon path (core/server/supervised/services.py:211 → AgenticLoop(...) with no source= kwarg), the fork-skill path (core/cli/bootstrap.py:206), and any sub-agent worker that received SubTask.source="" (core/agent/worker.py:374) collapsed every provider="openai-codex" call to resolve_for("openai", "payg") → openai-payg → api.openai.com. The openai_credential_source setting written by /login source openai oauth was defined but never read by any dispatch site. 2. core/agent/loop/_reflection.py:292 and core/self_improving_loop/runner.py:830 hard-coded "payg" so even an explicitly subscription-only Pattern B reflected / mutated through the depleted PAYG endpoint while the main loop sat on the subscription endpoint. 3. core/llm/errors.py:_classify_openai_error returned "rate_limit" for every openai.RateLimitError — but the OpenAI SDK raises that class for both transient 429 throttling AND insufficient_quota / billing_hard_limit_reached (PAYG balance depletion). The operator-facing hint surfaced as "Switch to a different model with /model`" instead of "change credential source" — switching model still hit the same depleted bucket.

Fix introduces `core/llm/adapters/_source_inference.py :func:infer_source which consults the {provider}_credential_source setting + the ProfileStore (any OAuth profile present → promote to "subscription") and threads it through (a) the AgenticLoop default at core/agent/loop/agent_loop.py:392, (b) the reflection dispatch at core/agent/loop/_reflection.py, and (c) the self-improving mutator dispatch at core/self_improving_loop/runner.py. Callers that pass an explicit source= kwarg still win (audit-subprocess path via PR #1792 is preserved). classify_llm_error now gates the RateLimitError branches (OpenAI + Anthropic) on :func:is_billing_fatal so quota-depleted PAYG surfaces as "billing"`.

Pinned by `tests/test_source_routing_regression.py (15 assertions across 3 layers: infer_source resolution priority, AgenticLoop dispatch picks codex-oauth when OAuth profile present, classifier maps insufficient_quota → billing) plus the legacy payg-default test in tests/test_paperclip_wiring.py updated to stub infer_source` so the API-path pin stays deterministic.

Added

• PR-HYPERPARAM-WIRE (2026-05-28) — Wires the hyperparam mutation SoT (`autoresearch/state/policies/hyperparam.json, landed in PR-HYPERPARAM-FOUNDATION) into the audit-subprocess argv builder. autoresearch/train.py:_build_audit_command now reads the SoT (env-path override → in-repo default → graceful empty on missing/malformed) and overlays the three argv-relevant keys onto cfg defaults: max_turns → --max-turns <n> (inspect-petri -T max_turns downstream), seed_limit → --seeds <n> (--limit downstream), dim_set → --dim-set <value> (-T judge_dimensions downstream). Resolution precedence (highest wins): mutation SoT value → cfg default. A mutator-proposed max_turns=3 now actually flows through argv[-T max_turns=3] into the next audit's inspect-petri run instead of stopping at the SoT JSON. Fallback path covers the edge cases parse_mutation 's bounds guard cannot (operator-hand-edited SoT to non-int-castable string, key absent, JSON parse failure) — log + use cfg default, never crash the loop. reflection_depth is **intentionally NOT wired here** because it is a GEODE runtime knob (AgenticLoop reflection-iteration cap), not an inspect-petri argv — the inspect-petri target=geode/gpt-5.5 trajectory does not run the GEODE AgenticLoop, so wiring reflection_depth into argv would have no measurement effect. Documented in the _build_audit_command docstring; a follow-up PR will wire it into the GEODE CLI runtime where it does matter. Pinned by 7 new assertions in tests/test_autoresearch_train.py: _load_hyperparam_overrides missing/malformed/env-path branches; _hyperparam_int override vs missing vs uncastable; _build_audit_command argv with vs without SoT. Existing test_build_audit_command_reads_from_config updated to point GEODE_HYPERPARAM_OVERRIDE` at a missing path so cfg-only assertions keep their meaning under the new SoT-precedence contract.

• PR-HYPERPARAM-FOUNDATION (2026-05-28) — Adds the 8th `target_kind slot hyperparam to TARGET_KINDS, opening a numeric / categorical mutation surface that targets the audit-subprocess command line + AgenticLoop runtime config directly (instead of an LLM-facing wrapper prompt). Motivated by cycle 1-12 (2026-05-26 → 05-28, sessions through PR-PETRI-CACHE-DEFAULT-OFF / PR-PROGRAMMD-TARGET-KIND-SYNC) where 11/12 prompt-only mutations produced Δ = 0 for redundant_tool_invocation — the dim's measurement_modality = tool_log (programmatic tool-call dedup count) lives below the prompt-following surface, so prompt mutation cannot reach the mechanism. Hyperparam mutation lets the loop tune the audit budget itself (max_turns, seed_limit, reflection_depth, dim_set) so the regression dim can move via budget shrink rather than via wrapper-prompt coaching. Schema: flat dict[str, str] (same shape as the 4 simple-shape kinds); values are string-encoded numerics / categoricals; runtime readers convert at consumption time. Bounds: max_turns ∈ [1, 20], seed_limit ∈ [1, 50], reflection_depth ∈ [1, 5], dim_set ∈ {subset, full} — enforced at both parse_mutation (LLM-response time) and apply_mutation (externally-constructed Mutation time) per the boundary-completeness rule. Adds GLOBAL_HYPERPARAM_POLICY_PATH, _KIND_TO_PATH["hyperparam"], _SIBLING_SOT_ENV_MAP["hyperparam"] = "GEODE_HYPERPARAM_OVERRIDE", _SIBLING_SOT_STRICT_ENV_MAP["hyperparam"] = "GEODE_HYPERPARAM_STRICT", the env-literal block in autoresearch/train.py that propagates the SoT path to the audit subprocess (read-only until PR-3 lands the consumer), and an initial autoresearch/state/policies/hyperparam.json with defaults matching the current hardcoded audit invocation (max_turns="5", seed_limit="8", dim_set="subset", reflection_depth="3"). Mutator system prompt (_MUTATION_CONTRACT_SUFFIX + program.md "CAN" table) updated with the 8th kind + bounds documentation + measurement_modality guidance ("use hyperparam when target dim is tool_log / token_count and prompt mutations produced Δ ≈ 0"). Pinned by 17 new assertions across tests/test_policy_mutation.py (bounds validator unit tests, end-to-end parse_mutation acceptance / rejection, apply_mutation isolation against tmp_path) + updates to 4 existing count-coupled tests (test_target_kinds_count_is_8_post_hyperparam, test_target_kinds_contains_active_eight, test_policy_path_returns_distinct_paths 9-path, test_active_slots_registered_as_mutation_targets 8-set in ADR-012 + 5-slot reader audit, test_program_md_can_table_matches_target_kinds drift invariant auto-extending to 8-row). The audit-subprocess argv translator (max_turns → -T max_turns=<n>, seed_limit → --limit <n>, dim_set → -T judge_dimensions=<value>, reflection_depth` → AgenticLoop config) lands in PR-3 (PR-HYPERPARAM-WIRE) — this PR is foundation-only.

Changed

• PR-PROGRAMMD-TARGET-KIND-SYNC (2026-05-28) — Sync `autoresearch/program.md "The agent CAN" markdown table with the actual TARGET_KINDS tuple in core/self_improving_loop/policies.py:188. Pre-fix the table listed 5 kinds (prompt / tool_policy / decomposition / retrieval / reflection) while TARGET_KINDS had 7 (skill_catalog + agent_contract + tool_descriptions graduated in ADR-012 M1/M2 + PR-TOOL-DESCRIPTIONS-MUTATE; retrieval deprecated in ADR-012 S0d, reader never wired). Since program.md is spliced verbatim into the mutator LLM's system prompt by runner.py:_build_system_prompt, the missing rows silently shrank the mutator's effective exploration surface — cycle 1-12 (2026-05-26 → 05-28) observed 11/12 proposals stuck on prompt × tool_result_handling, with zero attempts on skill_catalog / agent_contract / tool_descriptions. Table re-formatted to 7 rows + nested-schema explanation (dotted-key flattening for the three M1/M2/T1 graduates) + retrieval deprecation note. Pinned by tests/test_self_improving_minimal_1.py::test_program_md_can_table_matches_target_kinds — a regex extracts kind names from the markdown table and asserts set-equality with TARGET_KINDS`, so a future M3/M4 graduation cannot silently regress to the same drift.

• PR-PETRI-CACHE-DEFAULT-OFF (2026-05-28) — Flips the `cache default to False across the petri-audit surface (plugins/petri_audit/runner.py:run_audit, plugins/petri_audit/cli_audit.py typer + argparse entry points, core/cli/tool_handlers/audit.py tool handler kwarg fallback). Closed-loop measurement reliability fix: inspect-ai's CacheEntry._cache_key hashes (model config exc. {max_connections, adaptive_connections, max_retries, timeout, cache, batch}, input messages, base_url, tool_choice, tools, expiry, scopes, epoch) into an md5 pickle file under $INSPECT_CACHE_DIR/generate/<model>/ (default ~/Library/Caches/inspect_ai/generate/ on Darwin, expiry 1W). In a self-improving closed loop the mutator only edits the target wrapper while the auditor/judge prompts (defined inside inspect-petri's task code) are stable cycle-over-cycle, so the auditor and judge generate calls HIT cached trajectories from prior cycles — observed during the 10-cycle run ending 2026-05-27 as fitness_delta deterministically returning to {-1.155, -1.156, -1.733} regardless of mutation while audit_seconds varied 181-503s. The 36 OPENAI_API_KEY not set matches in the same period were string-grep hits inside cached failed-run transcripts, not live warnings. Default OFF restores the one-mutation-one-trajectory invariant the loop's attribution row relies on, at the cost of a fresh auditor+target+judge regenerate per audit (~$2-5/cycle vs ~$0.05-0.30 with cache). The CLI argparse path now carries an explicit --cache / --no-cache mutually exclusive group (previously only --no-cache was wired); the Typer surface already had the bidirectional --cache/--no-cache flag pair, just with the inverted default. All 18 existing tests already pass cache=True or cache=False` explicitly, so the default flip is invisible to the assertion suite (39 passed, 3 skipped on direct surface; 828 passed in the broader audit/cache grep slice).

Removed

• PR-REVERT-MUTATION-CODE-FOUNDATION (2026-05-28) — Reverts PR-MUTATION-CODE-FOUNDATION (#1802, commit 31ae281f) so main matches the cycle 10 base (c4225a9e) byte-for-byte on runtime paths. The whitelist module shipped dormant (no callers) and the operator chose to continue cycle 11+ measurement from the same code baseline used for cycle 1-10 — keeping the new module on main would leave a stale code-mutation artefact ahead of the planned alphaevolve plugin split (Sprint β). The whitelist + EVOLVE-BLOCK scanner design + 41-assertion test suite remain in PR #1802's commit history and return as part of the alphaevolve plugin once mutator partition + plugin boundary are in place.

Fixed

• PR-TRAIN-EVAL-ARCHIVE-FALLBACK (2026-05-27) — `autoresearch/train.py:run_audit now reads dim_means / dim_stderr / sample_count / measurement_modality from the inspect-ai eval archive (via core.audit.dim_extractor.extract_dim_aggregates) as the primary path, falling back to the legacy subprocess-stdout JSON line only when the archive is missing or the extractor raises. Until this PR the subprocess's final stdout JSON line was the only carrier of these aggregates, so any inspect-ai sample-side TypeError (observed: Object of type Summary is not JSON serializable from openai/types/responses/response_reasoning_item.py) corrupted that line and train.py raised before reaching the baseline writer — even though the audit itself ran cleanly and the archive was intact (15-minute audit + 219K target tokens visible in ~/.geode/petri/logs/latest.eval while baseline.json stayed untouched). The eval archive has been the canonical SoT for downstream readers since PR-G2 (2026-05-20); this PR brings the primary numeric-extract path into the same SoT. Pinned by tests/test_autoresearch_train.py (3 new assertions: archive preferred when stdout corrupt; archive empty falls back; archive raises falls back). Codex MCP review (1 round): caught warning message lacked archive path + exc_info` (fixed) and the missing real-archive-read tests (added).

> PATCH rotation tightening the v0.99.75 PR-LANE-CAP-CONSERVATIVE > defaults a step further. Cap 5/10/5 still demanded ~3 GB of free > host RAM per ranker burst, which the operator's M3 16 GB host > rarely has without explicit Slack/Chrome/Notion cleanup. Cap 3/6/3 > brings the peak burst to ~1.5 GB so the safe default actually > survives the operator's typical 150-750 MB steady-state PhysMem > unused window. Plus the develop-merged `AgenticLoop` adapter > name-lookup fix that landed after v0.99.75.

Changed

• PR-LANE-CAP-TIGHTER (2026-05-27) — drop the three freeze-implicated cap defaults a step further on top of PR-LANE-CAP-CONSERVATIVE (v0.99.75). Reason: cap 5 demanded ~3 GB free host RAM that the 16 GB M3 host rarely has at steady state. New burst at cap 3 ≈ 1.5 GB.
• `DEFAULT_CLAUDE_CLI_LANE_MAX 5 → **3** (core/orchestration/claude_cli_lane.py`)
• `DEFAULT_OPENAI_API_LANE_MAX 10 → **6** (core/orchestration/openai_api_lane.py) — paired at 2 × claude_cli_lane` for the 1-claude + 2-codex panel
• `DEFAULT_RANKER_MAX_INFLIGHT_MATCHES 5 → **3** (plugins/seed_generation/agents/ranker.py) Env override knobs unchanged. Operators on 32 GB hosts should raise lockstep (=6 / 12 / 6). Test pins updated: test_default_max_concurrent_is_six (was _is_ten) and test_default_is_three (was _is_five`).

Fixed

• PR-AGENTIC-LOOP-ADAPTER-NAME-LOOKUP (2026-05-27) — extend `AgenticLoop adapter resolution to accept both adapter-name and category source values. Until this PR the loop's resolve_for(provider, source) call required source to be one of the three concrete categories (payg / subscription / adapter). Callers that passed a registered adapter name (codex-oauth / claude-cli / openai-payg / ...) raised ValueError: source not concrete and the audit subprocess silently fell back to the default "payg" even when the operator explicitly configured a subscription adapter — surfacing as OPENAI_API_KEY not set for every target call on Pattern B (subscription-only with fallback_to_payg=false). The fix tries get_adapter(name) first and falls through to the legacy resolve_for` only on miss, so all three source categories (payg / subscription / local-cli) resolve cleanly regardless of which form the caller passes.
• PR-AGENTIC-LOOP-ADAPTER-NAME-LOOKUP / petri alias — `plugins/petri_audit/targets/geode_target.py:_default_geode_runner translates the Petri-surface source alias ("openai-codex", returned by get_binding("target")) to the GEODE registry-side canonical name ("codex-oauth") before passing it to AgenticLoop. Only the openai-codex ↔ codex-oauth pair diverges between the two namespaces; the remaining adapter names (claude-cli / anthropic-oauth / codex-cli / *-payg) are identical across both. Pinned by tests/test_agentic_loop_adapter_name_lookup.py` (11 assertions: source-level dual-lookup pin, 8 parametrised adapter-name resolves, petri alias translation, category-axis fallback).

> PATCH rotation walking back v0.99.74's PR-LANE-CAP-50 raise after > the gen1-broken_tool_use smoke (2026-05-27 04:12 KST) froze the > 16 GB M3 host: 50 concurrent `claude --print` spawns ≈ 21 GB peak > RSS overwhelmed the box. The original cap-50 reasoning held in > isolation (Anthropic 50 RPM tier ceiling) but ignored a tighter > local floor — Node V8 spawn cost. Plus the develop-merged audit > adapter bootstrap fix, runner repo-root parents arithmetic repair, > and MUTATION_PROPOSED emit-site completion that were already > accumulated on develop.

Changed

• PR-LANE-CAP-CONSERVATIVE (2026-05-27) — lower the three freeze-implicated default caps after measuring per-subprocess RSS on the freeze host (M3 16 GB):
• `DEFAULT_CLAUDE_CLI_LANE_MAX 50 → **5** (core/orchestration/claude_cli_lane.py). Each claude --print` is a fresh Node V8 (~425 MB resident); 50 × 425 MB ≈ 21 GB on a 16 GB host → macOS compressor thrash.
• `DEFAULT_OPENAI_API_LANE_MAX 50 → **10** (core/orchestration/openai_api_lane.py). Paired at 2 × claude_cli_lane so the standard 1-claude + 2-codex voter panel saturates both lanes exactly when ranker_max_inflight=5`.
• `DEFAULT_RANKER_MAX_INFLIGHT_MATCHES 50 → **5** (plugins/seed_generation/agents/ranker.py). Matches the claude_cli_lane cap so the asyncio.gather submission queue depth = 0 instead of bursting past the lane. Operator override knobs (GEODE_CLAUDE_CLI_LANE_MAX / GEODE_OPENAI_API_LANE_MAX / GEODE_RANKER_MAX_INFLIGHT_MATCHES) are unchanged; operators on larger hosts (32 GB+) should raise all three in lockstep using the rule-of-thumb table in each module's docstring. Sibling lanes that don't spawn subprocesses (anthropic_api_lane HTTP-only, global, seed-generation) stay at cap 50 — they are not RSS-bounded. Test pins updated: tests/core/orchestration/test_openai_api_lane.py::test_default_max_concurrent_is_ten + tests/plugins/seed_generation/test_ranker_semaphore.py::test_default_is_five; the claude-cli lane test references DEFAULT_CLAUDE_CLI_LANE_MAX` by name so it tracks the constant automatically.

Fixed

• PR-AUDIT-TARGET-SOURCE-WIRE (2026-05-27) — route the audit subprocess's target `(provider, source) resolution through plugins/petri_audit/registry.get_binding("target", model=...) in plugins/petri_audit/targets/geode_target.py:_default_geode_runner, then pass the resolved source to AgenticLoop(..., source=...). Previously the runner constructed AgenticLoop with only the provider kwarg and silently inherited the default source="payg", so the operator's [self_improving_loop.petri.target] source / [petri.target] source setting was ignored. On Pattern B (subscription-only with fallback_to_payg=false) every target generate call surfaced as OpenAIPaygAdapter: OPENAI_API_KEY not set even with the codex-oauth source explicitly configured. The fix uses the same resolver the manual geode audit CLI consults, so the three source categories — PAYG (openai-payg / anthropic-payg), subscription OAuth (claude-cli / codex-oauth / anthropic-oauth), and local CLI (codex-cli) — all reach AgenticLoop as the operator configured them. Pinned by tests/test_geode_target_source_wiring.py (8 assertions: source-level paren-balanced scan for source= kwarg, get_binding` reference, six parametrised category × source checks for adapter registration post-bootstrap).
• PR-AUDIT-ADAPTER-BOOTSTRAP-FIX (2026-05-27) — call `core.llm.adapters.registry.bootstrap_builtins() inside plugins/petri_audit/targets/geode_target.py:_default_geode_runner before constructing AgenticLoop. The inspect-ai audit subprocess (uv run inspect eval inspect_petri/audit) does not go through core.wiring.container._build_llm_adapters — the parent's wiring bootstrap path — so the subprocess's adapter registry was empty (Known pairs: []) and every target generate call failed with AdapterNotFoundError: provider='openai' source='payg'. Latent because no unit test exercised the audit subprocess end-to-end with a live target; surfaced during the first real SelfImprovingLoopRunner.run_once(rerun_enabled=True, rerun_dry_run=False) invocation, where target inference happened zero times across 8 seeds × 5 max_turns × 5 samples and every dim_means returned inspect_petri placeholder values — rendering the autoresearch fitness signal a fake-success surface that would have driven the promote/revert gate on bogus data. Mirrors the equivalent fix at core/agent/worker.py:817-823 for the sub-agent worker subprocess (identical wiring gap). Pinned by tests/test_geode_target_adapter_bootstrap.py` (3 assertions: source-level pin, idempotency contract, codex-oauth + claude-cli registration after bootstrap).
• PR-RUNNER-REPO-ROOT-FIX (2026-05-27) — repair the off-by-one `parents[N] arithmetic at three call sites in core/self_improving_loop/runner.py (the _git_commit_audit_log git operations and both _invoke_autoresearch repo_root computations). PR-G5b (2026-05-20) moved the audit log from <repo>/state/mutations.jsonl to <repo>/autoresearch/state/mutations.jsonl but the three parents[1] derivations were not updated, so they resolved to <repo>/autoresearch instead of the repo root. Latent because unit tests mock the subprocess and live runs went through geode audit-seeds generate / autoresearch/train.py directly; surfaces as [Errno 2] No such file or directory: '<repo>/autoresearch/autoresearch/train.py' on the first real SelfImprovingLoopRunner.run_once() with rerun_enabled=True. All three sites now use parents[2]. Pinned by tests/test_runner_repo_root_invariant.py (three assertions: filesystem invariant, negative invariant on parents[1]`, and source-level regex to fail-fast on a future regression).

Changed

• Self-improving loop config — `[self_improving_loop.autoresearch] budget_minutes upper bound raised from 60 to 600 minutes (core/config/self_improving_loop.py`). The 60-minute cap dated from Pattern B's initial subscription-only scope; production audits with multi-seed re-measurement (8+ seeds × judge+auditor + claude-cli OAuth handshakes) routinely need 90-180 minutes. Operators were forced to inline-edit the pydantic constraint to exceed the cap. Lower bound (1 minute) and default (5 minutes) unchanged.

Added

• PR-MUTATION-PROPOSED-WIRE (2026-05-27) — emit `HookEvent.MUTATION_PROPOSED at core/self_improving_loop/runner.py:propose after the LLM parse + dedup gate + kind-aware SoT load all succeed, but BEFORE any apply / audit. Closes the last remaining MUTATION_* emit gap identified during the 2026-05-27 self-improving-loop observability alignment audit (MUTATION_REJECTED stays deferred — semantic overlap with MUTATION_REVERTED for runner-driven mutations). run_id is empty in the payload because audit_run_id is minted later in apply_proposal / apply_group_proposals; listeners that need to correlate proposed → applied join on mutation_id. propose is the single entry point for single + group + swarm modes (group / swarm call self.propose()` internally), so this single emit-site covers all three.

> PATCH rotation bundling the 2026-05-27 operations sprint: > claude-cli credit-exhaustion retry (auto-bridges a 5h pool refresh > via the paperclip QUOTA_BACKOFF schedule), aggressive LaneQueue > raise to cap 50 across every workload + global lane, and > observability completion — every reserved MUTATION_*/BASELINE_PROMOTED > HookEvent (PR-HOOKEVENT-RESERVE 2026-05-26) now has live emit-site > coverage including the audit-fail / audit-log-write-fail revert > paths.

Added

• PR-MUTATOR-HISTORY-FEEDBACK (2026-05-27) — inject a compact per-dim credit (`aggregate_credit_history) + (kind × dim) matrix (compute_kind_dim_matrix) summary into the mutator's user prompt every cycle. Closes the F3 fragmentation signal — pre-PR the mutator never saw which dims its previous mutations credited nor which kinds had moved which dims. New [self_improving_loop.autoresearch].mutator_feedback_window knob (default 20, matches the operator dashboard _WIRE_DEFAULT_LAST convention from PR-WIRE-1). Empty repo → empty block (graceful). Helper module core/self_improving_loop/mutator_feedback.py`.
• PR-MUTATOR-DEDUP-GUARD (2026-05-27) — reject mutator proposals whose `new_value has a difflib.SequenceMatcher.ratio() above mutator_dedup_threshold against a recent apply row with the SAME (target_kind, target_section). The kind+section equality gate runs before the ratio comparison so a long identical payload on a different kind / section is not falsely flagged (Codex MCP review catch — without the gate the long new_value payload would dominate a joined-signature ratio). New RepetitiveMutationError(ValueError) so existing cycle-skip catches handle the rejection without the runner crashing. New knobs: mutator_dedup_window (default 20, mirrors the feedback window) and mutator_dedup_threshold (default 0.85, stdlib-grounded — sits well above difflib.get_close_matches 0.6` "close match" band).
• PR-TOOL-DESCRIPTIONS-MUTATE (2026-05-27) — graduate `tool_descriptions from _READER_ONLY_KINDS to TARGET_KINDS. The reader (core/agent/tool_descriptions_policy.py, ADR-013 T1) has been live since 2026-05-21 and the audit subprocess already wires GEODE_TOOL_DESCRIPTIONS_OVERRIDE; the graduation opens the surface the mutator can dispatch to, directly attacking Petri 17-dim's broken_tool_use pressure. Nested-schema kind ({tool_name: {description: str, hints: list[str]}}) joins the same flat ↔ nested machinery as skill_catalog / agent_contract; hints is the only list-typed field. Codex MCP review fix-up: policy_path("tool_descriptions") resolves to the operator-local path (~/.geode/self-improving-loop/tool-descriptions.json) when it exists, so BOTH READ and WRITE land on whichever file the runtime reader actually reads. Closes the dual-SoT drift concern — the mutator now writes to the same layer the runtime reads, preserving the autoresearch mutate → measure → baseline closed-loop visibility. Pin: _READER_ONLY_KINDS` size assertion drops from 7 to 6.
• PR-MUTATION-REVERTED-ROLLBACK-WIRE (2026-05-27) — extend MUTATION_REVERTED emit coverage to the symmetric `_rollback_sot paths (audit-log-write-fail / audit-subprocess-crash / audit-subprocess-nonzero). PR-MUTATION-EMIT-WIRE only covered the promote-gate reject path (autoresearch/train.py:_revert_sot_after_reject); the four _rollback_sot caller sites in core/self_improving_loop/runner.py were left without emit. Added audit_run_id + reason keyword args to _rollback_sot and threaded specific reason strings (audit_log_write_fail x2 / audit_subprocess_crash / audit_subprocess_nonzero) from each caller. Pinned with tests/core/self_improving_loop/test_mutation_emit_wire.py::test_rollback_sot_emits_mutation_reverted` (3 reason variants + default fallback).

Fixed

• PR-CLAUDE-CLI-CREDIT-EXHAUSTION-RETRY (2026-05-27) — route `ClaudeCliTransientUpstreamError into the retry path with the paperclip QUOTA_BACKOFF schedule (2m / 10m / 30m / 2h) so a claude-cli 5h pool refresh window can be bridged automatically. Pre-PR the bare except Exception branch in core/llm/router/calls/_failover.py:136 skipped the exception to the next model after a single attempt; the SDK RETRYABLE_ERRORS tuple cannot include the plugin-imported exception (layer violation + plugin-as-optional-dep). Smoke 24 surfaced this as 5/5 evolver phases hard-failing within 30s after 3 attempts each, even though manual audit-seeds resume succeeded ~20 min later once the Anthropic Max OAuth pool replenished. Pinned with two new tests/test_model_failover.py` cases (retry-within-primary + retries-exhausted-then-fall-back).

Added

• PR-MUTATION-EMIT-WIRE (2026-05-27) — wire the writer-side emit for `HookEvent.MUTATION_APPLIED / MUTATION_REVERTED / BASELINE_PROMOTED`. PR-HOOKEVENT-RESERVE (2026-05-26) added the enum members + payload schema docstrings but left the emit sites un-wired ("writers will emit these once the SoT-revert paths land"). This PR fills the gap:
• `core/self_improving_loop/_hooks.py — new module mirroring core/llm/router/_hooks.py: set_self_improving_loop_hooks setter + _fire_hook` helper with lazy-wire no-op contract.
• `core/wiring/bootstrap.py — registers a plugin slot that calls the new setter after HookSystem` is constructed.
• `core/self_improving_loop/runner.py:append_audit_log — emits MUTATION_APPLIED after the row write succeeds (fires for every kind so listeners distinguish "applied" / "applied_sibling" / "pre_audit_sibling" via the kind` extra field).
• `autoresearch/train.py:_write_baseline — emits BASELINE_PROMOTED after BASELINE_PATH.write_text succeeds, with prior_baseline_path read pre-write + reason quoting operator_force vs gate_approved`.
• `autoresearch/train.py:_revert_sot_after_reject — emits MUTATION_REVERTED with reason="promote_gate_reject" after the SoT roll-back succeeds. run_id carries the audit_run_id (not the mutation_id). Covers the promotion-gate reject path. The audit-subprocess-crash revert path uses _rollback_sot in runner.py and is deferred to a follow-up PR. Pinned with new tests/core/self_improving_loop/test_mutation_emit_wire.py: no-op-when-unwired + dispatch-when-wired + append_audit_log emit ("applied" + "applied_sibling") + _write_baseline emit (BASELINE_PROMOTED) + _revert_sot_after_reject emit (MUTATION_REVERTED, run_id` = audit_run_id).

Changed

• PR-LANE-CAP-50 (2026-05-27) — raise every lane / queue concurrency default to 50. Operator decision after the smoke 24 evolver phase 5/5 credit-exhaustion pattern + PR-LANE-CAP-AGGRESSIVE (claude=4 / openai=16 / anthropic=8) didn't bridge the Anthropic Max OAuth 5h pool refresh.
• `core/orchestration/lane_queue.py: DEFAULT_MAX_CONCURRENT` 4 → 50.
• `core/wiring/container.py: DEFAULT_GLOBAL_CONCURRENCY 8 → 50, DEFAULT_SEED_PIPELINE_CONCURRENCY` 4 → 50. Gateway lane intentionally unchanged at 4.
• Per-adapter lanes raised in lockstep: `DEFAULT_CLAUDE_CLI_LANE_MAX 4 → 50, DEFAULT_OPENAI_API_LANE_MAX 16 → 50, DEFAULT_ANTHROPIC_API_LANE_MAX 8 → 50, DEFAULT_CODEX_CLI_LANE_MAX` 2 → 50.
• `plugins/seed_generation/agents/ranker.py: DEFAULT_RANKER_MAX_INFLIGHT_MATCHES` 8 → 50 (matches the per-adapter lane ceiling so cap 50 is equilibrium).
• The OpenClaw hierarchy invariant `max(workload_lane) <= max(global_lane)` is preserved at the new 50/50 ceiling.
• PR-LANE-CAP-DOCS-CLEANUP (2026-05-27) — refresh 5 stale docstring / decision-doc references that still cited `max_concurrent=16 (pilot.py, evolver.py, critic.py, seed-generation-decision.md) or max_concurrent=2 (oauth_usage.py) to reference the DEFAULT_*_CONCURRENCY` constants with their post-PR-LANE-CAP-50 value (currently 50). Docstring-only — no code semantics shift.

MINOR rotation. Ships the 2026-05-26 autoresearch attribution sprint Phase A audit's three remaining bundles: outer-loop hardening (PR-OUTER-LOOP-HARDENING — max_generation cap + promote_stamp + dry-run attribution invariant pin), surface clarity (PR-SURFACE-CLARITY — TARGET_KINDS reader-only documentation + Pareto archive promote-gate integration), and selection-gate algorithm depth (PR-ALGO-DEPTH — percentile-based variance threshold + resample budget). Plus PR-LANE-CAP-AGGRESSIVE from develop. See section entries below.

Added

• PR-VAR-ADAPTIVE + PR-RESAMPLE-BUDGET — Phase F bundle of the 2026-05-26 attribution sprint (selection-gate algorithm depth).
• PR-VAR-ADAPTIVE: percentile-based `group_variance_threshold resolver. New config knobs group_variance_threshold_mode: Literal["fixed", "percentile"] = "fixed", group_variance_history_window: int = 30, group_variance_percentile: float = 0.05. New SoT autoresearch/state/group_variance_history.jsonl (git-tracked via .gitignore negation, PR-G5b precedent). New append_group_variance_history writer (called from apply_group_proposals after every group sampling cycle, regardless of accept/reject) + resolve_group_variance_threshold` reader. Per-kind filter + below-window fallback to fixed value. Closes the 2026-05-26 sprint Phase A audit's "fitness-scale drift" concern.
• PR-RESAMPLE-BUDGET: optional retry-on-low-variance. `max_group_resamples: int = 0 (ge=0, le=10) + flag resample_on_low_variance: bool = False. When both enabled and _compute_group_advantage returns filtered_low_variance, apply_group_proposals cleans up sibling temp files and recursively calls self.propose_group(N) + retry, bounded by the budget. Default knob values preserve legacy "filtered → cycle skip" behaviour. DAPO frontier equivalent: max_num_gen_batches informative-batch retention. Pinned by 11 invariant tests in tests/core/self_improving_loop/test_variance_adaptive_and_resample.py`.

Changed

• PR-LANE-CAP-50 (2026-05-27) — raise every lane / queue concurrency default to 50 per operator decision (follow-up to PR-LANE-CAP-AGGRESSIVE, which raised to 4/16/8/8). Operator rationale: cap claude_cli/openai_api/anthropic_api lanes at the same aggressive ceiling so the ranker's `asyncio.gather` burst (150 voter tasks) hits per-account RPM ceilings as the *theoretical* limit, not the *configured* limit. New defaults:
• `DEFAULT_MAX_CONCURRENT` (Lane base): 4 → 50
• `DEFAULT_GLOBAL_CONCURRENCY` (LaneQueue global lane): 8 → 50
• `DEFAULT_SEED_PIPELINE_CONCURRENCY (seed-generation workload lane): 4 → **50** (matches the new global so the hierarchy invariant max(workload) <= max(global)` holds at 50)
• `DEFAULT_CLAUDE_CLI_LANE_MAX: 4 → **50** (intentionally well above the documented 3-4 sub-agent burst floor; operators on Pro/Max tiers without sufficient pool headroom should drop via GEODE_CLAUDE_CLI_LANE_MAX`)
• `DEFAULT_OPENAI_API_LANE_MAX`: 16 → 50 (~200-300 RPM at 10-15s/call, well under Codex 500 RPM ceiling)
• `DEFAULT_ANTHROPIC_API_LANE_MAX`: 8 → 50 (saturates tier 1 50 RPM; tier 1 accounts should drop via env override)
• `DEFAULT_RANKER_MAX_INFLIGHT_MATCHES: 8 → **50** (matches new lane ceilings — 50 matches × 3 voters = 150 voter tasks inflight against 100 per-lane budget) Tests + docstrings updated to assert and rationale-document the new defaults. Gateway concurrency (DEFAULT_GATEWAY_CONCURRENCY=4) intentionally unchanged — Slack/Discord/Telegram inbound traffic has a different sizing rationale (per-channel burst, not LLM call concurrency). Operator env overrides (GEODE_{CLAUDE_CLI,OPENAI_API,ANTHROPIC_API}_LANE_MAX, GEODE_RANKER_MAX_INFLIGHT_MATCHES`) remain the recommended per-deployment tuning knob.

• PR-LANE-CAP-AGGRESSIVE (2026-05-27) — raise the per-adapter lane concurrency caps + lane timeouts + add a phase-local semaphore on the ranker's `asyncio.gather` match-dispatch. Pre-raise the conservative defaults (claude_cli=2, openai_api=4, anthropic_api=4, Lane.timeout_s=300) left the documented per-account RPM budgets ~95% idle while PR-RANKER-PARALLEL's 59-match Loop 1 burst queued 100+ voter calls behind 4-slot caps, pushing tail latency past the 5-minute lane timeout. New defaults match documented OpenAI Codex Responses (500 RPM) + Anthropic tier 1 (50 RPM) ceilings:
• `DEFAULT_CLAUDE_CLI_LANE_MAX`: 2 → 4 (Max OAuth burst floor)
• `DEFAULT_OPENAI_API_LANE_MAX`: 4 → 16 (500 RPM / 10-15s call)
• `DEFAULT_ANTHROPIC_API_LANE_MAX`: 4 → 8 (50 RPM / 60-70s call)
• `*_LANE_TIMEOUT_S: 300s → **7200s (2h)** (gather burst tail) Adds DEFAULT_RANKER_MAX_INFLIGHT_MATCHES = 8 + env override GEODE_RANKER_MAX_INFLIGHT_MATCHES so the phase-local asyncio.Semaphore(8) bounds the gather "in-flight" task count (8 matches × 3 voters = 24 tasks max), matching the per-lane ceiling exactly. Operator overrides (GEODE_CLAUDE_CLI_LANE_MAX, GEODE_OPENAI_API_LANE_MAX, GEODE_ANTHROPIC_API_LANE_MAX, GEODE_RANKER_MAX_INFLIGHT_MATCHES`) stay the recommended tuning knob for tier upgrades / debug runs. Pinned by 6 new ranker semaphore unit tests + 2 updated lane default-value tests.

Added

• PR-SURFACE-CLARITY — Phase H bundle (TARGET-KIND-DOC + PARETO-INTEGRATE) closing the 2026-05-26 attribution sprint Phase A audit §5 and §5.7 follow-ups.
• TARGET-KIND-DOC: `core/self_improving_loop/policies.py introduces the _READER_ONLY_KINDS frozenset listing the 7 SoT surfaces wired in autoresearch.train.run_audit's STRICT-mode env block (tool_descriptions / style_guide / provider_routing / cache_policy / heuristics / in_context_slots / few_shot_pool) but NOT in TARGET_KINDS. Comment block above TARGET_KINDS explains the asymmetry as intentional ADR-013 phased rollout and points operators at the fail-fast parse_mutation ValueError when a mutator emits a reader-only kind. Pinned by 4 invariant tests in tests/core/self_improving_loop/test_target_kind_surface_doc.py` (disjoint sets, fail-fast emission per kind, env-wiring parity, size-7 sanity counter).
• PARETO-INTEGRATE: `autoresearch.train.main now appends an ArchiveEntry to BASELINE_ARCHIVE_PATH after the promote decision is finalized (every cycle, accept + reject). The entry carries full dim_means / dim_stderr plus promoted (bool) and reason (str) via ArchiveEntry.extra="allow" so downstream regret-analysis readers can compute the multi-axis cost of rejecting mutation M. Gated by [self_improving_loop.autoresearch] pareto_mode = true (operator opt-in; default off preserves backward-compat) AND not args.dry_run (synthetic dim_means has no Pareto signal). Wrapped in best-effort try/except — JSONL writer failure logs at WARNING and the audit cycle continues, matching the existing runner-side pareto wiring pattern (runner.py:1667-1673). Pinned by 5 invariant tests in tests/autoresearch/test_pareto_integrate_promote_gate.py (block presence, opt-in gating, promoted + reason` field join keys, single source of truth for the accept/reject bit, best-effort error path).

• PR-MAX-GEN — Outer-loop hardening: hard cap on total auto-trigger fires.
• `auto_trigger_mutator accepts a new max_generation: int = 0 parameter. When non-zero, count_fired_generations reads ~/.geode/self-improving-loop/auto_trigger_history.jsonl and blocks the next fire with state max_generation_reached (detail current/max`) when the count is at or above the cap.
• The cap is checked BEFORE the lockfile acquisition (saturated history doesn't consume the lock) AND AFTER (post-lock re-check mirrors the existing `is_min_interval_satisfied` pattern so two parallel callers can't both overshoot).
• Production wiring: new `[self_improving_loop.scheduler] max_generation config knob (default 0 = unlimited, max 100_000). register_auto_trigger forwards the knob through the scheduler callback. core/wiring/automation.py passes it from load_self_improving_loop_config().scheduler.max_generation`.
• New HookEvent `SELF_IMPROVING_AUTO_TRIGGER_MAX_GENERATION_REACHED reserved in core/hooks/system.py` (same payload schema as sibling auto-trigger events).
• Closes the 2026-05-26 autoresearch attribution sprint Phase A audit (§5.6) finding that `auto_trigger_mutator had only the min_interval_minutes floor and no hard cap. Pinned by 13 invariant tests in tests/core/self_improving_loop/test_auto_trigger_max_generation.py` covering count helper edge cases, pre-lock cap, post-lock cap recheck, production wiring forwarding, HookEvent reservation, and direct emission.

Changed

• PR-PROMOTE-STAMP — `autoresearch.train._write_baseline accepts a new manual_promote: bool = False parameter. When True, the function stamps the baseline.json payload with three additive top-level fields: manual_promote: true, promoted_by: "operator", promoted_at: <ts_utc>. The --promote operator override path in main() passes manual_promote=True. The auto-promote path keeps the default, preserving backward-compat on baseline shape. Closes the audit finding (§5.5) that downstream readers couldn't distinguish operator-forced from gate-approved promotions. Pinned by 4 invariant tests in tests/autoresearch/test_promote_stamp.py`.

Fixed

• PR-DRY-RUN-NO-ATTR (pin only) — The 2026-05-26 attribution sprint Phase A audit flagged the risk of `--dry-run cycles writing synthetic fitness_delta=0 attribution rows to mutations.jsonl. Verification during the sprint confirmed the skip guard _attribution_should_write = not args.dry_run was ALREADY in place at autoresearch/train.py:2692 (post-PR-AR-L6). No code change in this commit — added 2 static-source invariant tests in tests/autoresearch/test_dry_run_no_attribution.py` that fail loudly if a future refactor strips the guard. Brittle by design — the cost of false alarms is far below the cost of the silent leak re-opening.

Added

Closes the operator directive 2026-05-26: "활성 런, 런별로 현재 진행중인 에이전트와 스텝" + "각 시나리오가 절차순으로 어떻게 변화했는지". Combined with PR 1 + PR 2, all 5 hi-resolution surfaces (conversations / procedures / active runs / lineage / ranker matches) now ship.

Added

• PR-SELF-IMPROVING-P6 — autoresearch surface (5 sub-pages) + Karpathy port mapping doc + E2E +8 cases. Sprint Phase 6 of the self-improving hub plan ([[project_self_improving_hub_plan]]). Operator directive 2026-05-26: "geode 의 plugin/autoresearch 코드에 원본에 대한 전체 컨택스트를 주입받고 진행해."

• PR-SELF-IMPROVING-P5 — seed-generation surface (index + per-run detail) + E2E self-verification suite. Sprint Phase 5 of the self-improving hub plan ([[project_self_improving_hub_plan]]) plus the operator-mandated verification rigor uplift ("검증 절차 높이고. E2E로 자체 동작 검증도 가능하게 해" — 2026-05-26).

Single-fix PATCH rotation. Ships PR-CODEX-OAUTH-MESSAGE-FROM-ACCUMULATED (Sprint H2) — the real root-cause fix for smoke 20/21/22 ranker voter quorum collapse. The empty-output-text symptom traced to GEODE's `translate_codex_response dropping SSE-delivered message items when the SDK's aggregated response.output[]` was empty. Smoke 23 will validate end-to-end.

Fixed

• PR-CODEX-OAUTH-MESSAGE-FROM-ACCUMULATED (Sprint H2) — real root cause of smoke 20/21/22 ranker voter quorum collapse: codex-oauth + gpt-5.x streaming has a documented discrepancy where SSE delivers `response.output_item.done events with type=message role=assistant content=[ResponseOutputText(text=…)] correctly, but the aggregated stream.get_final_response().output[] returned by the OpenAI SDK is empty (so response.output_text is also empty). Pre-fix translate_codex_response read text only from response.output_text and walked items_source only for function_call + reasoning items — the message text was dropped silently. Every codex voter call returned output_text="" even though the model emitted a complete response, surfacing as the worker treating the result as failure (smoke 22: 97 codex-oauth-empty-text dumps, all ranker matches observed lost quorum). Minimal isolated probe (scripts/probes/probe_codex_oauth_message_recovery.py) with a 25-token prompt ("Say 'hello world'") — preserved at scripts/probes/probe_codex_oauth_message_recovery.py in this PR for reproducibility — reproduces the empty stream.get_final_response().output[] while SSE delivered the message item correctly. Fix walks items_source (which honours accumulated_items first) for type="message" items when response.output_text is empty, concatenates content[].text from output_text content blocks, and promotes that into result.text. Pinned by 7 unit tests in tests/core/llm/adapters/test_codex_oauth_message_from_accumulated.py`. Supersedes the prior empty-text hypotheses (PR-CODEX-GPT55-OUTPUT-EMIT effort=low, PR-GPT55-EMPTY-OUTPUT-EMIT effort=none) which both changed the reasoning effort knob without addressing the actual defect — the bug was in GEODE's adapter, not in the model.

Single-fix PATCH rotation. Ships PR-GPT55-EMPTY-OUTPUT-EMIT (Sprint G) — codex-OAuth gpt-5.5 voter `effort="low" → "none"` after smoke 21 confirmed the prior pin ineffective. Smoke 22 will validate end-to-end.

Fixed

• PR-GPT55-EMPTY-OUTPUT-EMIT (Sprint G) — codex-OAuth gpt-5.5 voter calls now pin `reasoning.effort="none", superseding the prior effort="low" (PR-CODEX-GPT55-OUTPUT-EMIT, 2026-05-26) which smoke 21 confirmed ineffective: codex-oauth-empty-text dumps reproduced the smoke-20 failure mode with gpt-5.5 still consuming the entire output budget on encrypted reasoning items (output_text="" 100% of voter calls, ranker quorum lost on every observed match). ctx7 OpenAI Responses API "Sampling Parameters" lists reasoning_effort with "none" as the documented floor — disables reasoning entirely so the model emits user-facing text directly, which is the right behaviour for the single-step A/B/tie voter call. The fix lives at the same wire points as the prior PR: voter SubTask construction in plugins/seed_generation/agents/ranker.py _build_voter_tasks and the mutation-eval voter pathway in plugins/seed_generation/mutation_eval.py. The OpenAI generic enum admits "minimal" as well, but per-model docs for gpt-5.4 / gpt-5.5 list only none, low, medium, high, xhigh (Codex MCP catch, 2026-05-26) — GEODE intentionally does NOT add "minimal" to those specs to avoid handing operators a value the server would reject at runtime. Pinned by test_ranker_voter_subtasks_pin_effort_none, test_mutation_eval_voter_tasks_pin_effort_none, and test_gpt5_family_spec_supports_none_effort. The max_output_tokens knob remains forbidden on codex-oauth (subscription manages it server-side, 400 Unsupported parameter). Known limitation: voter effort is hard-pinned in the ranker / mutation_eval source; if "none" proves ineffective in a future smoke, the operator escape path is a voter-binding effort override hook in picker.py` — deferred to a follow-up sprint.

Single-change MINOR rotation. Ships PR-UPGRADE-ROLES-TOP-TIER — operator-directed bulk upgrade of every seed-generation role default to `claude-opus-4-7 (Anthropic top tier) and pilot's Petri audit target_models to the provider-cross top-tier pair [claude-opus-4-7, gpt-5.5]`. The codex-OAuth gpt-5.5 empty-output defect is NOT in this release — Sprint G handles it separately.

Changed

• PR-UPGRADE-ROLES-TOP-TIER — operator directive (2026-05-26): every seed-generation role default model is now `claude-opus-4-7 (the Anthropic top tier registered in GEODE's model spec). Replaces the prior cost-tiered defaults that mixed claude-sonnet-4-6 (6 roles: generator/critic/proximity/ranker/evolver/literature_review) and claude-haiku-4-5 (pilot's "cheap-fast inner-loop" slot). The ranker judge panel's anthropic voter also moves from claude-sonnet-4-6 → claude-opus-4-7; the two gpt-5.5 voters stay (already the OpenAI top tier per core/llm/adapters/_openai_common.py registry). The pilot agent's Petri inner-loop target_models also moves from ["claude-haiku-4-5", "gpt-5.4-mini"] to ["claude-opus-4-7", "gpt-5.5"] (provider-cross top tier kept for variance estimation). allowed_models lists are unchanged so operators retain per-deployment override flexibility via ~/.geode/config.toml. Cost impact: per-run spend rises ~3-5x in fan-out phases (generator 15-spawn, pilot per-candidate Petri inner-loop, ranker 59-match × 3-voter panel), and the 90s pilot wall-time cap will time out more often on opus latency — operators can pin a faster model via the per-role override. The codex-OAuth gpt-5.5 empty-output-text defect is unaffected — that fix is tracked separately as Sprint G (PR-GPT55-EMPTY-OUTPUT-EMIT). Affects: 7 role TOML defaults + 8 _DEFAULT_*_MODEL code constants (7 agent files + _DEFAULT_FALLBACK_MODEL in _registry_builder.py) + 1 judge_panel voter entry + pilot.md prompt's target_models line. Pinned by test_bundled_manifest_all_role_defaults_top_tier`.

Single-fix PATCH rotation. Ships PR-TRANSIENT-CLI-INJECTION-PREFIX to land the prefix-allowlist gate on the claude-cli transient classifier ahead of the next smoke run. The codex-OAuth gpt-5.5 empty-output-text defect surfaced by smoke 20/21 is NOT in this release — it requires a separate root-cause investigation (max_output_tokens unsupported on codex-oauth, effort=low alone insufficient) tracked as Sprint G.

Fixed

• PR-TRANSIENT-CLI-INJECTION-PREFIX — claude-cli transient classifier's `event.type="assistant" and event.type="content_block_delta" scan branches now gate on a CLI-injection-prefix allowlist (_CLI_INJECTION_PREFIX_RE) instead of the prior _ASSISTANT_HEADER_LIMIT = 200 positional heuristic. Smoke 21 (2026-05-26, dump 1779760855) falsified the 200-char rule: the LLM wrote a short 170-char preamble ("Wrote candidate gen1-013- 5bd70823.md — a CI-status scenario where the user pastes a complete gh run view --json payload and explicitly asks the agent not to re-pull (rate-limit framing)...") and the match at idx=170 slipped through, aborting the generator phase. Audit of all 135 historical dumps in ~/.geode/diagnostics/claude-cli-transient/ showed every legitimate assistant-source match begins with ! (claude-cli's in-stream error injection convention) or with the literal phrase Claude usage limit reached (PR-T smoke 9-12 incident). LLM prose never opens with either pattern because the leading ! is a markdown convention LLMs avoid in narrative text. The \A\s* anchor accepts arbitrary leading whitespace; Codex MCP audit of the same 135-dump corpus confirmed 0 split-injection cases (a theoretical delta-split where ! and the transient phrase land in separate content_block_delta chunks would slip the delta branch, but the CLI emits an aggregated event.type="assistant" event for the same message that catches it). Pinned by test_classify_signal_smoke21_llm_short_preamble_not_false_positive, test_classify_signal_assistant_event_exclamation_prefix_still_fires, and test_classify_signal_content_block_delta_exclamation_prefix_still_fires`.

Seed-generation ranker-phase robustness rotation. 2 PR fixing two independent smoke-20 defects: gpt-5.5 voter calls returning empty output_text 100% of the time (E1 — fixed by effort="low" pin based on ctx7 OpenAI Responses API docs grounding), and ~13%-rate generator sub-agent silent partial-writes (E2 — fixed by structural enable_goal_decomposition=False for sub-agents plus defence-in-depth decomposition_result_leak outcome detection). Both surfaced when smoke 20 ranker collapsed (quorum lost on every match). The two fixes are unrelated in code path but symbiotic at the system level: without E1 the ranker has no codex voters, without E2 the ranker has missing candidates to vote on. v0.99.66 ships both alongside the pre-existing voter task_id collision fix that E1 surfaced.

Hermes Phase 1d.2 + Phase 3 absorption rotation. Ships the cross-project search index (~/.geode/search/global.db + geode reindex CLI + session_search(scope="all")) and the 4-phase compaction pipeline (boundary + orphan_tool_result + summarize + carry_forward), closing the deferred slice of the Hermes absorption plan. Phase 1 (DB SoT, FTS5, multi-proc WAL), Phase 2 (platform/family-aware system prompt) and Phase 4 (WAL) were already merged; this release finishes Phases 1d.2 + 3.

Added

• PR-HERMES-3 — 4-phase compaction pipeline. Refactors core/orchestration/compaction.py from the pre-Hermes single-phase LLM-summary + carry-forward into a 4-phase pipeline that absorbs the tool_use/tool_result boundary + orphan-cleanup handling from Claude Code's compaction surface (the broader thinking-block / image-block / citation handling is out of scope here): (1) boundary finds a cut index that won't split a tool_use / tool_result pair (walks the boundary backward while the tail's first message would orphan a tool_result from the head); (2) orphan_tool_result defensively drops tool_result blocks whose tool_use_id is absent from the post-boundary message list (handles malformed checkpoints + the worst-case where the boundary couldn't move back far enough); (3) summarize retains the existing OpenAI / GLM LLM-summary call against the head messages; (4) carry_forward retains the 4-message preamble (summary + ack + marker + ack) followed by the cleaned verbatim tail. Anthropic short-circuit at the top preserved (server-side compact_20260112). 20 invariant tests pin: low-message no-op, boundary stay-zero when keep_recent exceeds length, no-walk when natural cut is plain text, single- step walk to keep a pair, multi-step walks (chained-pair + walk- through-alternating-pairs), no-walk when unmatched tool_result has no parent, exact pin-at-zero in chained-pair worst case, orphan-strip tombstone replacement for all-orphan user msg + role-alternation between adjacent assistants preserved + sibling text + matched pair + string-content messages, Anthropic short-circuit, summary-failure no-op, end-to-end safe boundary placement, preamble shape ([Conversation Summary] + 4-message preamble + tail), __all__ stability, role-alternation preservation via tombstone replacement for all-orphan user messages (Codex MCP catch — dropping would break the provider's role-alternation contract). 20 invariants total.
• PR-HERMES-1d.2 — cross-project search index + geode reindex CLI. New core/memory/search_index.py (~300 LOC) maintains ~/.geode/search/global.db — an FTS5-backed ledger that mirrors every per-project sessions.db's messages rows so session_search(scope="all") can answer cross-project recall queries without opening N project DBs. The index is intentionally rebuild-from-source (no ground truth lives here); operators run geode reindex after a session-state change to refresh it. Schema: single indexed_messages table + one external-content indexed_messages_fts virtual table + insert/delete/update triggers. Unique constraint on (project_id, session_id, message_id) + per-project SQLite SAVEPOINT blocks inside a BEGIN IMMEDIATE wipe-and-rebuild transaction make the rebuild idempotent, stale-row-clearing in one shot, and crash-safe (one project's transient read failure rolls back JUST that project's partial rows; siblings stay intact). PRAGMA busy_timeout=5000 ensures the rebuild's reserved lock cooperates with concurrent session_search(scope="all") readers. Result rows are newest-timestamp-first (operator-driven recall over relevance ranking; callers needing relevance can re-sort by the included score field). The session_search tool now accepts scope ∈ {project (default, unchanged behaviour), all} and optional project_id / session_id filters for the all-scope path — both filters are pushed INTO the FTS5 SQL so the SQL LIMIT semantics match what the operator expected. Hits returned by the all-scope branch carry project_id + project_slug so the agent can tell where each match came from. Missing global.db (operator never ran reindex) is a graceful no-op — {matched: False, count: 0, reason: "global_index_not_built — run 'geode reindex' first"} — so the LLM can fall back to scope=project. Background SearchIndexer thread + bounded queue + PASSIVE checkpoint (originally drafted for Phase 1d in the Hermes absorption plan) are intentionally deferred to a follow-up 1d.3 sprint; the rebuild-on-demand CLI ships the recall surface first. 33 invariant tests pin: schema creation, rebuild idempotency + stale-row clearing + per-project SAVEPOINT crash safety + busy_timeout=5000 PRAGMA, iter_project_dbs graceful no-op on missing root + skip no-sessions-db dirs, timestamp-DESC-ordered FTS5 hits with snippets, project_id + limit + session_id push-down filters, scope-default fallback on typo, missing-index graceful no-op, geode reindex CLI registered + empty-projects-root exit-zero + 2-project rebuild populates global.db end-to-end, --help text describes global.db + sessions.db.

Fixed

• PR-CODEX-GPT55-OUTPUT-EMIT — gpt-5.5 voter calls in the seed-generation ranker phase were running at the silent SubTask default `effort="medium" (via _DIFFICULTY_TO_EFFORT["medium"]), causing gpt-5.5 to consume the entire output_tokens budget (109-254 per call across 36 dumps in smoke 20) on encrypted reasoning items and emit output_text="" 100% of the time — every match either lost quorum or got 1/3 votes from claude-cli alone, collapsing the entire ranker phase. Adds SubTask.effort field (empty-default preserves the legacy difficulty/settings path) and pins effort="low" on voter SubTasks at plugins/seed_generation/agents/ranker.py _build_voter_tasks per ctx7 OpenAI Responses API docs (/websites/developers_openai_api → "Reasoning effort": "Reducing reasoning effort can result in faster responses and fewer tokens used on reasoning"; the canonical low-effort example uses gpt-5.5 with effort="low" for a single bash-script generation task — the voter A/B/tie call is a comparable single-shot output). max_output_tokens is not viable on the codex-oauth backend (400 Unsupported parameter per core/llm/providers/codex.py:325 and existing test_codex_kwargs_does_not_send_max_output_tokens`).
• PR-CODEX-GPT55-OUTPUT-EMIT fix-up (Codex MCP catch) — also pins `effort="low" on plugins/seed_generation/mutation_eval.py` voter SubTasks. The mutation-eval channel reuses VOTE_SCHEMA + gpt-5.5 A/B/tie shape, so without an effort pin it would reproduce the empty-text failure mode outside the ranker phase.
• PR-CODEX-GPT55-OUTPUT-EMIT fix-up (Codex MCP catch) — pre-existing ranker voter `task_id collision surfaced by this PR. The default judge panel ships TWO openai.openai-codex voters and the old shape vote-{match_id}-{provider}.{source} collided across duplicate (provider, source) bindings; SubAgentManager._deduplicate silently dropped one, so the advertised 3-voter panel actually dispatched only 2 voters per match. Now uses the per-voter ordinal shape vote-{match_id}-v{idx:02d}-{provider}.{source} — same pattern already in mutation_eval.py. Pinned by test_ranker_voter_task_ids_unique_across_duplicate_bindings`.

Cognitive-loop + Hermes + adapter-robustness rotation. 5 PR (PR-HERMES-2, PR-CL-A2, PR-CODEX-MULTITURN-SUMMARY-PRESERVE, PR-TRANSIENT-CLASSIFIER-SCOPE, PR-SUPERVISOR-ENABLE) since v0.99.63. Ships platform/model-aware system-prompt fragments (Hermes Phase 2) and the Wilson-LB tool-ranking data layer (CL-A2) that the full A*-style policy will sit on. Codex multi-turn replay now preserves the reasoning-item summary field across all paths; the claude-cli transient classifier no longer false-positives on LLM-authored scenario prose; supervisor role wires through the seed-gen manifest end-to-end.

Fixed

• PR-CODEX-MULTITURN-SUMMARY-PRESERVE — Codex Responses API multi-turn replay must carry `summary` on every reasoning item. Smoke 19 evidence: ~10 voter failures across the ranker phase, all from vote-m*-openai.openai-codex retries, with `"✕ Invalid request. Missing required parameter: 'input[N].summary'." Root cause: the codex_oauth capture path at core/llm/adapters/_openai_common.py:translate_codex_response only added the summary field when truthy: if summary: entry["summary"] = summary. On a high-effort gpt-5.x run with no chain-of-thought summary, the captured reasoning item lacked the field entirely. On the next-turn replay through build_codex_input (PR-WORKER-SCHEMA-AWARE-RETRY's validator- feedback retry triggered this exact path), the OpenAI Responses API rejected the input because reasoning items REQUIRE a summary field per spec (ctx7-grounded against /websites/developers_openai_api "Keeping reasoning items in context" + "Migrate to Responses" — summary: [] is the empty-but- present shape). Fix: 2-layer defence: (a) Capture-time (translate_codex_response): entry["summary"] = summary if summary else [] — always present the field on freshly captured items. (b) Replay-time (build_codex_input): replayed.setdefault("summary", []) — defensive injection against legacy persisted codex_reasoning_items dicts that lack the field (Codex MCP catch — covers cross-process state snapshots + externally constructed Message instances). Pinned by 2 new tests in tests/core/llm/adapters/test_codex_reasoning_replay.py: test_codex_reasoning_replay_preserves_empty_summary (legacy captured dict missing summary still replays correctly) + test_reasoning_item_capture_always_has_summary_field (capture defaults summary to [] when SDK item has None / missing). Codex MCP cross-LLM review caught 4 issues — all folded in-band: defence-in-depth replay injection, strict test assertion (was permissive if "summary" in entry), docstring accuracy fix, and followup task #101 (PR-CODEX-MULTITURN-PHASE-PRESERVE) for the spec's phase` parameter (separate concern, no current failure evidence).

• PR-TRANSIENT-CLASSIFIER-SCOPE — narrow claude-cli transient classifier scope to suppress smoke-19 LLM-prose false positives. `plugins/petri_audit/claude_cli_provider.py:classify_transient_signal pre-fix walked raw stdout first, then events. In stream-json mode the raw stdout is just the concatenation of stream-json lines — the LLM's free-form prose inside {"type":"assistant","message": {"content":[{"type":"text","text":"..."}]}} is in there verbatim. Smoke 19 (.audit/smoke-archives/smoke-19-partial- 1779751602/) caught 5 false-positive aborts where the LLM legitimately wrote "rate-limited to 30 calls / 5 min" in seed bodies targeting redundant_tool_invocation (scenario describing rate-limited tools). The transient regex matched on raw stdout and the generator phase aborted as a fake API rate-limit. Fix (2 layers): (a) Demote raw stdout scan to fallback-only — only fires when events parse produced nothing (genuine pre-protocol failure). When events exist the structured event-walk covers every legitimate signal source; re-scanning the raw stream only risks the LLM-prose false positive. (b) Add _ASSISTANT_HEADER_LIMIT = 200 heuristic on the assistant + content_block_delta scans. Claude-CLI's internal error injections (PR-T case, smoke 9-12 evidence) put the transient phrase at offset 0 of the text block ("Claude usage limit reached. Resets at 4pm." / "! Unexpected error. Auto-retrying."). LLM-authored scenario prose buries the vocabulary mid-paragraph at offset 200+. The heuristic preserves the PR-T detection path while eliminating the smoke 19 false positive. Codex MCP cross-LLM review caught an additional gap: streaming content_block_delta events were not scanned at all (would silently bypass detection if claude-cli streamed an error via deltas instead of an aggregated assistant message). Folded in-band: added a parallel content_block_delta branch with the same header-limit heuristic. Plus doc drift fixes (3 → actual 5 dumps; dropped a claim about a signal.match_offset field that doesn't exist). Pinned by 4 new + 2 updated tests in test_claude_cli_transient_classifier.py: test_classify_signal_search_order_events_first_stdout_fallback, test_classify_signal_stdout_fallback_when_events_empty, test_classify_signal_content_block_delta_transient_match, test_classify_signal_content_block_delta_header_limit_suppresses, test_classify_signal_smoke19_llm_seed_prose_not_false_positive, plus test_adapter_transient_carries_signal_dataclass updated to assert the new source="event"/event_type="assistant"` ordering. 864 pass / 35 skipped in petri_audit + core/llm.

• PR-SUPERVISOR-ENABLE — register supervisor in the seed-gen manifest so the orchestrator doesn't `phase_skipped` it. Pre-fix enabled_roles (plugins/seed_generation/seed_generation.plugin.toml) had 8 roles and supervisor was NOT one of them; [seed_generation. role.supervisor] section did not exist either. Smoke 19 transcript caught the consequence on line 4: "event": "phase_skipped", "payload": {"role": "supervisor", "reason": "agent_not_registered"}. Per the run's state/seed-generation/<run_id>/sub_agents/ dir the supervisor never spawned; per checkpoints/ no supervisor.json landed. PR-1 (#1698) SUPERVISOR_SCHEMA wire was a necessary fix but not sufficient — schema couldn't reach the LLM because the registry builder's main loop never visited supervisor (it iterates manifest.enabled_roles). Fix: add supervisor to enabled_roles + the matching role spec section (default_model claude-opus-4-7 per the Supervisor.py docstring, allowed list mirrors meta_reviewer's run-level analyst pattern). _ROLE_TO_CLASS in _registry_builder.py adds Supervisor so the main loop registers it cleanly (the legacy fallback at the end stays as defensive code for future manifest revisions). Pinned by 4 invariants in test_registry_wireup.py::test_populate_registry_supervisor_registered (manifest enabled_roles + role spec + picker binding + registry registration + concrete-class check + model wiring) + test_bundled_manifest_loads updated to include supervisor in the expected enabled set.

Added

• PR-CL-A2 — Tool Selection ranker (CL-A2 of docs/plans/agentic-loop-evolution.md). New core/agent/tool_search.py (~210 LOC) ships the data layer the full A*-style policy will sit on top of: a Wilson lower-bound success-rate aggregator over the episodic ledger. Pure functions wilson_lower_bound(successes, total, z=1.96), find_recommended_tools(episodes, *, top_k, min_invocations=3, wilson_threshold=0.5), and format_tool_ranking_block(rankings) produce a <tool-ranking> block listing the top-K tools whose recent calls succeeded with a 95% CI lower bound above 0.5. The ranker is the success-side counterpart of the existing tool_hints slot (failure-side) — together they give the LLM bidirectional evidence ("don't use X" + "prefer Y"). Wired as the 5th canonical in-context slot (SLOT_TOOL_RANKING = "tool_ranking", core/self_improving_loop/in_context_slots.py) with shared-ledger read (in_context_wiring.apply_in_context_slots reads episodes.jsonl once even when both episodic slots are enabled). 29 invariant tests pin the Wilson formula (concrete pins for 5/5 → 0.5655 and 100/100 → 0.9630; convergence ordering for 9/10 < 90/100 < 900/1000 < 0.9), aggregation gates (MIN_INVOCATIONS, WILSON_THRESHOLD), malformed-row tolerance, schema registration, wiring orchestration, the [tool-ranking][tool-hints][BASE] relative layered order under the dual-slot config, the module-internal loader's graceful no-op on read failure, and the no-SoT fast path.
• PR-HERMES-2 — Hermes Phase 2 platform-aware + family-aware system prompt fragments. core/llm/platform_hints.py (184 LOC) maps 6 GEODE surfaces (cli, serve_repl, slack, cron, worktree, mcp_remote) to short directive blocks; core/llm/model_guidance.py (~180 LOC) maps 5 LLM families (Anthropic / OpenAI / Google / xAI / GLM-5+) to tool-grammar + reasoning-visibility directives. Surface resolution is env-override ($GEODE_SURFACE_TYPE) → ContextVar → default "cli"; family resolution is a heuristic substring match against the model string, ordered to favour the more-specific claude- / glm- prefixes over the broader gpt- / o3- heuristics. GLM resolution carries an operator-decision filter (2026-05-26) — only glm-5.0+ resolves to FAMILY_GLM; older glm-4.x strings still appear in the /model picker for compatibility but receive no Phase 2 directive because their tool-call grammar diverges from GLM-5. GLM-5 directive content is grounded in /zai-org/glm-5 ctx7 spec (OpenAI-compatible /v1/chat/completions schema, tool_calls.function.arguments as JSON-encoded string). Both renderers are wired into core/agent/system_prompt.build_system_prompt in the dynamic section (model_guidance after model_card, platform_hint before date_context). Audit-mode strips both blocks so Petri scenarios never leak GEODE surface hints. 58 invariant tests pin module exports, resolution order, per-surface and per-family rendered body coverage, GLM-4.x rejection, and wiring symmetry.
• PR-SELF-IMPROVING-HUB — /geode/self-improving/ landing hub + full DESIGN.md scaffolding for 9 hub-surface pages. Replaces /geode/petri-bundle/ as the primary entry point for Petri audit / seed-generation / autoresearch telemetry. Operator selected the "surface-first" Option 1 layout (2026-05-26) after reviewing 3 editorial-sidebar mockups.

Page: built by the new scripts/build_self_improving_hub.py from docs/self-improving/index.html.template + docs/self-improving/assets/hub.css. Renders 4 sections (Petri Audit / Seed Generation / Autoresearch / Documentation) with harness-aware model chips (anthropic//openai/ → PAYG, claude-cli/ → Claude Code, codex//openai-codex/ → Codex Plus, geode/ → GEODE wrapper). Sidebar carries a Meta section linking to the GEODE GitHub repo. Build-time version stamp ("Rendered against GEODE v0.99.63 · DESIGN.md schema 1 · built YYYY-MM-DD") pulled from pyproject.toml.

DESIGN.md scaffolding (10 docs total under docs/design/): - self-improving-hub-system.md — master design system (tokens, typography, components, layout grid, navigation contract, URL contract, per-row metadata schema, accessibility minimum, implementation stack, page inventory, versioning policy with pinned-constants table, verification ratchet). - self-improving-hub.md — Hub page contract (data sources, sections, columns, sidebar .active, empty states, outgoing links). - self-improving-hub-visual-spec.md (38KB) — concrete visual spec produced by paired designer agent: per-token hex values, sRGB luminance + WCAG contrast for every chip, sidebar HTML structure, 7 build-time PLACEHOLDER tokens for the version stamp. - 7 sibling per-page docs covering petri-bundle (relocation contract), seed-generation index + per-run detail, autoresearch landing + baseline + mutations + results + policies sub-pages. - Each carries geode_version: 0.99.62 / schema_version: 1 in frontmatter — when dim sets / axes / schemas evolve, downstream readers can pin behavior to the GEODE version that authored the doc.

Paired-agent workflow: designer agent (visual spec) + frontend agent (HTML/CSS/builder) processed the hub page in parallel per operator directive 2026-05-26.

Changed

• PR-SELF-IMPROVING-HUB · URL relocation — docs/petri-bundle/ → docs/self-improving/petri-bundle/. The inspect_ai SPA log viewer moves wholesale, preserving its asset bundle / logs / seeds catalog / seed-gen .eval archives. The old URL /geode/petri-bundle/ now serves a meta-refresh redirect HTML that preserves SPA #/tasks/<id> deep-links via JS hash forwarding. All 30+ active-code references updated in a single mechanical pass:

| Category | Files | Update | |----------|-------|--------| | Publisher path constants | plugins/petri_audit/bundle_sync.py, plugins/seed_generation/bundle_sync.py, plugins/seed_generation/eval_export.py, plugins/seed_generation/orchestrator.py, plugins/seed_generation/literature_snapshot.py, core/tools/literature_snapshot.py, core/cli/tool_handlers/delegated.py, core/tools/definitions.json, core/tools/toolkits.toml | path string | | Scripts | 9 files in scripts/ | path string | | Tests | 6 files (tests/test_validate_petri_bundle.py, tests/test_check_repo_hygiene.py, tests/test_literature_snapshot_tool.py, tests/test_render_lint_config.py, tests/plugins/seed_generation/conftest.py, tests/plugins/seed_generation/test_seed_bundle_sync.py) | path string | | Site Next.js | 8 page.tsx + sitemap.ts | BUNDLE_URL/RAW_BUNDLE_URL/SEEDS_DIR constants + JSX href | | Workflows | .github/workflows/pages.yml (path filter + copy step splits the old URL into a separate site/out/petri-bundle/ redirect-only copy), .github/workflows/petri-publish.yml (path filter) | path filter | | Config | .pre-commit-config.yaml, .pymarkdown.json | path string | | scripts/check_docs_links.py | known-URL set | dual-add /petri-bundle/ (redirect) + /self-improving/petri-bundle/ (real) |

Historical references in site/src/data/geode/changelog.ts, docs/audits/*, docs/plans/*, and CHANGELOG.md itself were intentionally left untouched — they document past state and rewriting them retroactively would be ahistorical.

Quality gates after the move: ruff check clean, mypy core/ plugins/ clean across 452 files, scripts/validate_petri_bundle.py OK (18 archives), pytest tests/test_validate_petri_bundle.py tests/test_check_repo_hygiene.py tests/test_literature_snapshot_tool.py tests/plugins/seed_generation/ 590 passed / 3 skipped / 0 failed. Local SPA preview verified both /geode/petri-bundle/ (redirect HTML with meta-refresh + JS hash forwarding) and /geode/self-improving/petri-bundle/ (inspect_ai SPA renders).

Scope B (Petri × autoresearch) full wiring sprint — 5 PR closing the multi-axis fitness leaks identified by the petri × autoresearch GAP audit: PR-AR-L6 (attribution standalone graceful with synthetic mutation_id + source field) + PR-AR-L4a (ux_means 4-reader collector consuming mutations.jsonl) + PR-AR-L4b (5-caller ux_means / admire_means forward through compute_fitness) + PR-AR-L4c (admire_means consumer for seed-gen evaluate_mutation_pairwise handoff, Krippendorff-grounded calibration proxy) + PR-AR-L4d (UX Goodhart bidirectional gate mirroring bench pattern). Cross-vertex contract with seed-gen (Scope A, PR-RANKER-MUTATION-EVAL #1704) honored as a data-only handoff — MutationEvalResult.pairwise_win_rate field-name parity pinned on both sides, no runtime cross-package import. Codex MCP review caught 7 issues across the 5 PRs (all fixed in-band).

Added

• PR-AR-L4c ``admire_means`` consumer for seed-gen handoff (ADR-012 S2b) — Scope A (PR-RANKER-MUTATION-EVAL #1704) shipped `plugins.seed_generation.mutation_eval.evaluate_mutation_pairwise`; this PR wires the autoresearch consumer side:
• `admire_means_from_eval_result(result) converts a MutationEvalResult into the autoresearch admire_means dict shape with field-name parity (pairwise_win_rate`).
• `derive_inter_voter_agreement(wins, losses, ties) proxies human_calibration_corr until quarterly human L4 batch lands. Two-factor formula (majority_share × decisive_share) penalizes low-decisiveness panels — Codex MCP review §3 caught the case where wins=1, losses=0, ties=2` returned 1.0 (degenerate single-voter unanimity); fixed to 0.333. Krippendorff 2004 *Content Analysis* 2nd ed (p.241) thresholds (α ≥ 0.667 tentative / α ≥ 0.800 reliable) are the *interpretation thresholds* the proxy is checked against — the proxy itself is not Krippendorff α.
• New `KRIPPENDORFF_TENTATIVE_FLOOR = 0.667 and KRIPPENDORFF_DEFINITIVE_FLOOR = 0.800` constants documenting the source.
• `CALIBRATION_THRESHOLD` migrated from magic 0.7 → tentative floor (0.667). Existing tests updated to match.
• Deleted `collect_admire_means_from_ranker placeholder. The runner-side invocation (evaluate_mutation_pairwise call with before/after responses + audit 2× cost) is a follow-up PR — this consumer provides the stable interface for that future work. 10 invariants in tests/autoresearch/test_admire_handoff_consume.py pin the Krippendorff constants, the agreement formula, the converter shape, end-to-end aggregate computability, and cross-module field-name parity with MutationEvalResult.pairwise_win_rate`.

• PR-AR-L4d UX Goodhart bidirectional gate — PR-AR-L4a + L4b wired `ux_means into the fitness scalar but the scalar alone doesn't catch trade-off failures (UX surface gamed at the cost of a critical Petri dim, or judge pleased while behaviour worsens). New autoresearch.ux_means.detect_ux_conflict mirrors the existing bench_means.detect_cross_validation_conflict` pattern (PR-SIL-5THEME C2) on the UX axis. Two conflict scenarios:
• `alignment_only_fooling_ux` — Petri dim aggregate improved (lower-is-better went down) AND UX aggregate regressed (higher- is-better went down). Judge pleased, behaviour worse.
• `capability_at_alignment_cost_ux — UX aggregate improved AND a critical-tier dim regressed beyond critical_margin. Gamed UX at the cost of safety/alignment. Wired into _should_promote's gated branch alongside the bench detector. Both branches return False with the conflict label so the strict-reject reason is greppable. Detector returns None on insufficient data (same graceful contract as bench). 7 invariants in tests/autoresearch/test_ux_goodhart_gate.py pin both labels, graceful no-op for 3 missing-data cases, the 4-way no-conflict matrix, and end-to-end wiring through _should_promote` to surface the ux label.

• PR-AR-L4b ``compute_fitness`` 5-caller ``ux_means`` / ``admire_means`` forward — Pre-PR-AR-L4b PR-AR-L4a wired the `ux_means collector but no caller forwarded the dict to compute_fitness — the fitness scalar stayed dim-only despite the data being available. Wires the 4 _should_promote internal compute_fitness calls (bootstrap / gated / current_raw / prior_raw) + the 1 main() call to forward ux_means (from collect_ux_means_from_sources) and baseline_ux_means (from _load_baseline 5-tuple). The 4 new _should_promote kwargs (ux_means / baseline_ux_means / admire_means / baseline_admire_means) default to None for backward-compat with legacy callers. admire_means slot is reserved — PR-AR-L4c wires the seed-gen ranker handoff after Scope A (PR-RANKER-MUTATION-EVAL) ships evaluate_mutation_pairwise. _write_baseline now persists axes.ux_means (slot existed pre-PR-AR-L4b but was always emitted as None). 7 invariants in tests/autoresearch/test_ux_admire_caller_forward.py` pin:
• `_should_promote` signature exposes the 4 new kwargs (default None)
• 5 `compute_fitness call blocks all mention ux_means= and admire_means=` (caller-symmetry grep — PR-11 anchor multiplier pattern from [[feedback-signature-forward-audit]])
• end-to-end exercise: bootstrap fitness changes when ux_means is supplied vs not (forward actually reaches compute_fitness)
• `prior_raw` baseline-side asymmetry — baseline_ux_means actually reaches the prior_raw compute_fitness call (Codex MCP catch §6)
• `_write_baseline roundtrips the axes.ux_means` slot
• main caller invokes `collect_ux_means_from_sources`

• PR-RANKER-MUTATION-EVAL — seed-gen `evaluate_mutation_pairwise()` handoff entry point for autoresearch admire_means. New module plugins/seed_generation/mutation_eval.py exposes the seed-gen 3-voter cross-provider panel as a single async call evaluate_mutation_pairwise(before_response, after_response, scenario_seed, *, voters, manager, match_id) returning MutationEvalResult(wins, losses, ties, pairwise_win_rate, provider_diversity, voter_models). Reuses VOTE_SCHEMA (strict-mode, PR-STRICT-COMPATIBLE-SCHEMAS), embed_handoff, picker_source_to_adapter_source, anti-phantom prompt prose (PR-VOTER-PROMPT-ANTI-PHANTOM — inlined bodies, no Read tool, first-and-only-turn disclaimer). Autoresearch (autoresearch/admire_means.py:ADMIRE_DIM_WEIGHTS) drops MutationEvalResult.pairwise_win_rate directly into admire_means["pairwise_win_rate"] — field name parity pinned by test_pairwise_win_rate_field_name_matches_autoresearch_admire (static grep on both source files; no runtime cross-package import to honour the seed-gen → autoresearch handoff boundary). Codex MCP cross-LLM review caught (and fix folded in-band): the pre-fix f"vote-{match_id}-{provider}.{source}" task_id format collided for the default manifest's two identical openai.openai-codex voters → SubAgentManager dedup → 3-voter panel silently became 2-voter. Now per-voter ordinal v{idx:02d} disambiguates + voter identity mirrored into SubTask.args for typed reverse-lookup. Voter failure / malformed vote / invalid winner label degrade gracefully (drop from aggregate, no raise; provider_diversity tells the caller whether the result is trustworthy). 8 tests: cross-module-contract field-name parity, no-autoresearch-import AST invariant, default-panel-not-deduplicated 3-voter dispatch, happy-path 2-of-3 aggregation, partial-failure graceful drop, all-fail neutral 0.5, invalid-winner-label silent rejection, anti-phantom prompt prose pin.

• PR-AR-L6 attribution writer standalone graceful — Pre-PR-AR-L6 `autoresearch/train.py's W2 attribution block was gated on three envs (GEODE_SIL_MUTATION_ID / GEODE_SIL_AUDIT_RUN_ID / GEODE_SIL_EXPECTED_DIM) — operator standalone runs (uv run python autoresearch/train.py, --promote) had none of those, so the attribution row was silently skipped. Downstream consumers (a future source-aware compute_credit_assignment variant, operator analytics) had no ledger visibility into manual runs. New source field on AttributionRecord / compute_attribution / write_attribution distinguishes mutator-driven ("mutator", default) from manual ("manual") rows. Standalone runs synthesize mutation_id = manual-{commit[:8]}-{audit_uuid[:8]} + audit_run_id = manual-audit-{audit_uuid[:8]} so the ledger keeps a permanent row, and downstream consumers (operator analytics; a future source-aware compute_credit_assignment variant) can filter the JSONL stream on source when they want a mutator-only signal. Legacy on-disk rows omit source → reads back as None → schema treats as "mutator" for backward compat. 7 invariants in tests/autoresearch/test_attribution_standalone_manual.py` pin the schema additions, the synthetic-id format, and the filter-by-source contract.

Fixed

• PR-VOTER-PROMPT-ANTI-PHANTOM — inline candidate seed bodies into voter handoff (kill the fake-path Read instruction). Smoke 18 dialogue trace (.audit/smoke-archives/smoke-18-partial-1779728410/sub_agents/ vote-m000-anthropic.claude-cli/dialogue.jsonl) caught claude-cli emitting "I already read both candidate files in the previous turn and can answer from context." on the FIRST turn (no previous turn exists). Root cause: voter handoff sent a literal "run_dir/candidates/<cid>.md" relative-path string and the prompt instructed the model to "Read both candidate seeds". The per-task isolated cwd (PR-RESUME-NO-PERSIST-FIX) meant the model couldn't resolve the fake relative path; the only escape was to hallucinate session continuity. Fix per the open-coscientist nodes/ranking.py debate_pair pattern: read each candidate seed body once in Ranker.aexecute via new _read_candidate_bodies(state) helper, thread candidate_bodies dict through _play_match → _build_voter_tasks → _build_description. VOTE_HANDOFF schema (handoff_schemas.py) candidate_a/b.path → body (required). Prompt rewritten: removed "Read both candidate seeds"; added explicit "DO NOT call any Read tool, DO NOT claim to have read them in a previous turn (this is the first and only turn of your session)". Codex MCP cross-LLM review caught the empty-body failure mode (read error silently emitted "" while prompt asserted "Both seed bodies are fully present") + the stale docstring; folded in-band — unreadable paths now emit _CANDIDATE_BODY_UNAVAILABLE sentinel ([CANDIDATE_BODY_UNAVAILABLE: path=... error=...]) that instructs the voter to emit winner: "tie", and the prompt explicitly handles the sentinel. Pinned by extended test_ranker_voter_handoff_matches_schema: asserts body inlined, anti-phantom prose present, run_dir/candidates/ literal absent.

Changed

• PR-STRICT-COMPATIBLE-SCHEMAS — convert 5 seed-gen schemas to OpenAI strict-mode (Codex `text.format` constraint). Pre-fix all seed-gen schemas used the permissive _additive() helper (no additionalProperties:false), so the Codex OAuth adapter's _is_openai_strict_compatible detector (core/llm/adapters/codex_oauth.py) always returned False → the Responses API received text.format.strict=False → schema behaviour collapsed to a *server hint* rather than an enforced *constraint*. gpt-5.5 reasoning models could then consume the entire output budget on encrypted_reasoning items and return empty output_text (smoke 18: .audit/smoke-archives/smoke-18-partial-1779728410/sub_agents/ vote-m000-openai.openai-codex/dialogue.jsonl turn 1 — cost $0.0358, 0 assistant_message). New _strict_additive() helper derives required from properties.keys() + sets additionalProperties:false; recursive _strict_additive on nested objects + array items. Converted: PROXIMITY, CRITIQUE, VOTE, EVOLVE, SUPERVISOR. Three exceptions remain non-strict because they use typed-additional maps that depend on runtime-known keys (Petri 24-dim catalog / arxiv-id snapshot map): PILOT, META_REVIEW, LITERATURE_REVIEW. Side fixes folded in-band: (a) CRITIQUE_SCHEMA adds rewrite_section field (["string","null"]) — pre-fix the field was tolerated by permissive _additive but evolver.py:_consume_rewrite_target + eval_export.py:355 actively consume it, so strict mode required it be declared (Codex MCP catch); (b) EVOLVE_SCHEMA promotes notes from optional → required with empty-string sentinel (evolver.md + _REQUIRED_EVOLVE_FIELDS updated to match); (c) LITERATURE_REVIEW_SCHEMA fixes 2 type drifts vs parser — articles_with_reasoning was array but parser reads as string, snapshots was array but parser reads as {arxiv_id: snapshot_path} dict. Pinned by 4 new tests: test_strict_role_schemas_pass_openai_strict_check (parametrize 5 strict roles), test_non_strict_role_schemas_documented_reason (parametrize 3 non-strict roles, guards against silent tightening), test_strict_helper_derives_required_from_properties_keys, + existing test_critique_schema_required_matches_parser_required now ==. Codex MCP cross-LLM review caught the rewrite_section omission (would have broken critic→evolver handoff under strict mode) + CHANGELOG/docstring drift; both folded in-band before merge.

• PR-AR-L4a ``ux_means`` 4-reader collector wiring (ADR-012 S1b) — Pre-PR-AR-L4a `autoresearch.ux_means.collect_ux_means_from_sources was a hardcoded return None placeholder — ADR-012 S1 shipped the schema + math but the S1b collector wiring never landed, so the entire ux fitness axis was dormant in production. 4 readers now consume the single SoT autoresearch/state/mutations.jsonl`:
• `read_run_log_success_rate` — count(attribution_score > 0) / count(attribution rows)
• `read_token_cost — Σ(in_tok × price.input + out_tok × price.output) per cost_model from core.llm.token_tracker.MODEL_PRICING`
• `read_revert_ratio` — count(fitness_delta < 0) / count(rows with fitness_delta)
• `read_latency — mean(cost_elapsed_seconds) across apply rows New DEFAULT_UX_TOKEN_BUDGET_USD = 5.0 and DEFAULT_UX_LATENCY_BUDGET_S = 1800 budget constants (operator-aggressive setting). 10 invariants in tests/autoresearch/test_ux_means_collector.py pin each reader's graceful-no-op contract + the wired collector shape. Caller-side compute_fitness` forward arrives in PR-AR-L4b.

Fixed

• PR-SCHEMA-PARSER-DRIFT-CLOSE — close 3 schema ↔ parser SoT drifts surfaced by smoke 18 dialogue audit. smoke 18 archive (.audit/smoke-archives/smoke-18-partial-1779728410/) showed 4/12 critic sub-agents malformed_critique with the LLM emitting otherwise-valid JSON missing discrimination_estimate. Root cause: _REQUIRED_CRITIQUE_FIELDS (critic.py:70) lists 7 fields, CRITIQUE_SCHEMA.required (json_schemas.py:85) listed only 6. Worker-side _needs_schema_retry (PR-WORKER-SCHEMA-AWARE-RETRY in v0.99.61) only fires for schema-required violations, so the retry never fired for the one drift-prone field. Audit of all 7 Loop-1 phases + literature_review found 3 such gaps: (1) CRITIQUE_SCHEMA missing discrimination_estimate; (2) SUPERVISOR_SCHEMA did not exist at all (supervisor SubTask spawned without response_schema=); (3) LITERATURE_REVIEW_SCHEMA defined since PR-JSON-WIRE (#79) but never wired into the literature_review SubTask spawn. supervisor.json checkpoint regression in smoke 18 vs smoke 17 is the visible downstream symptom of (2). Fix: add discrimination_estimate to CRITIQUE_SCHEMA.required + properties; define SUPERVISOR_SCHEMA matching _REQUIRED_SUPERVISOR_FIELDS (3 keys, mirrors supervisor.md typed contract); wire both SUPERVISOR_SCHEMA into supervisor.py:_build_task and LITERATURE_REVIEW_SCHEMA into literature_review.py:_build_task. Tightened test_critique_schema_required_matches_parser_required from issubset to == (pre-fix the relaxed assertion explicitly allowed the discrimination_estimate gap). Added 2 new SoT invariants (test_supervisor_schema_required_matches_parser_required, test_literature_review_schema_required_matches_parser_call_site) + 2 new SubTask wire pins (test_supervisor_build_task_carries_schema, test_literature_review_build_task_carries_schema). All 7 Loop-1 schema-parser invariants now hold under ==.

Petri × autoresearch leak resolution sprint: 3 PR (L7/L3/L8) closing fitness-surface / baseline-ratchet leaks identified by the full-cycle GAP audit (PR-L9 already shipped in v0.99.61). L7 pins the wrapper-sections fallback ↔ writer-schema dual-SoT drift; L3 codifies the seed-gen-only role split via an anti-elevation invariant (Codex MCP review caught + pivoted from writer-side filter that would have broken critic.py's initial-gen handoff); L8 replaces the unconditional fresh-baseline auto-promote with a 2-clause sanity gate (completeness + fitness floor).

Changed

• PR-L8 bootstrap baseline ratchet — `autoresearch/train.py:_should_promote no longer auto-promotes any first audit on a fresh baseline.json-less branch. The default-path (no --promote flag) auto-promote now requires (a) dim_means completeness — every AXIS_TIERS dim present, catching truncated subprocess output / extractor partial-fail modes — AND (b) raw fitness ≥ new BOOTSTRAP_FITNESS_FLOOR (0.30), catching "audit ran but every dim landed at worst-case" modes. Failure reasons start with bootstrap_sanity_failed so log analytics can grep both clauses. --promote operator override bypasses _should_promote entirely so deliberately-weak baselines still work. 6 invariants in tests/autoresearch/test_should_promote_bootstrap.py pin the gate; the existing test_should_promote_bootstraps_when_no_prior_baseline renamed + updated to the gated semantics. Codex MCP review tightened the boundary test via mock.patch to actually exercise the < floor / == floor` semantics.

Added

• PR-L3 `scenario_realism` anti-elevation invariants — The Petri rubric emits scenario_realism (1-10 scale) and baseline.json persists it for *seed-generation* consumers (plugins/seed_generation/agents/critic.py initial-gen handoff + evolver.py pilot fallback). The dim must NOT become a self-improving-loop fitness lever. New _SEED_GEN_ONLY_DIMS frozenset in autoresearch/train.py documents the role split; 4 invariants in tests/autoresearch/test_baseline_scenario_realism_filter.py enforce it — the dim must stay absent from AXIS_TIERS, DIM_WEIGHTS, CRITICAL_DIMS, AUXILIARY_DIMS, INFO_DIMS, and ANCHOR_DIMS. baseline.json continues to carry the dim unchanged so seed-gen consumers are unaffected; the invariants only protect the autoresearch fitness surface. (Initial PR-L3 attempted a writer-side filter; Codex MCP review caught that it broke the critic's initial-gen handoff, so the scope was reduced to the anti-elevation invariant only.)
• PR-L7 wrapper-sections fallback ↔ writer-schema drift invariants — tests/autoresearch/test_wrapper_sections_drift.py pins the dual-SoT shape between autoresearch/train.py:_WRAPPER_PROMPT_SECTIONS_FALLBACK (bootstrap default when the canonical autoresearch/state/policies/wrapper-sections.json is absent) and write_wrapper_prompt_sections (writer the mutator goes through). 5 invariants cover: fallback satisfies writer validator (roundtrip), fallback shape (non-empty str dict), 5 canonical section anchors (role / tool_result_handling / shell_caution / refusal_policy / thinking_visibility), loader bootstrap path returns a fallback copy on canonical-absent and on malformed JSON. Mirrors PR-MINIMAL-2 #1398's program.md ↔ _FALLBACK_SYSTEM_PROMPT pattern.

Structured-output 3-axis-plan smoke 17 closeout bundle + autoresearch dead-state cleanup: 6 fixed entries threading through worker-side / orchestrator / codex-oauth adapter / prompt-level / role-binding gaps surfaced by the smoke 17 terminal state, plus PR-L9 (dead audit_logs/ directory removal). Codex MCP cross-LLM review catches folded in-band on PR-1687 (7 non-ranker role model wire + strict-mode auto-detect), PR-1688 (PR-L9 docs cleanup + invariant widen), and PR-1693 (_NO_RETRY_TERMINATION_REASONS + elapsed-time gate).

Removed

• PR-L9 dead `audit_logs/` directory cleanup — autoresearch/state/audit_logs/ was created via AUDIT_OUT_DIR.mkdir(parents=True, exist_ok=True) at autoresearch/train.py:run_audit but no caller ever wrote into it (grep across core/ / plugins/ / autoresearch/ confirms zero writers and zero readers besides the mkdir itself). The constant + the mkdir call are deleted; 5 test sites that monkeypatched AUDIT_OUT_DIR are stripped. New tests/autoresearch/test_no_dead_audit_logs_dir.py pins the cleanup as a drift invariant so a future PR re-introducing the dead path fails fast (per CLAUDE.md "Writer destination tracked" rule — add a real writer + reader pair before re-introducing a state subdirectory).

Fixed

• PR-WORKER-SCHEMA-AWARE-RETRY — worker-side schema-aware retry when the role declared a `response_schema`. core/agent/worker.py:_run_agentic now calls _needs_schema_retry(agentic_result, request.response_schema) after the first loop.arun(prompt) and, if it returns True AND the elapsed-time gate (elapsed_before_retry < 0.5 * request.timeout_s) passes, issues a second loop.arun(feedback_prompt) with the validator verdict + inline schema (paperclip + open-scientist validate_and_retry pattern). Retry budget is exactly one — a third pass would burn cost without changing the underlying role contract. _needs_schema_retry treats empty / unparseable / required-missing first attempts as retry triggers; JSON embedded in prose passes because the parent's _last_balanced_json_object parser already tolerates it. PR-ROLE-JSON-ENFORCE-EXTENSION + PR-PROXIMITY-JSON- ENFORCE made the prompt-level gate uniform, but smoke 17 confirmed prompt-level gating is best-effort: the structural retry is the last safety net before the parent records phase_failed and aborts the run. Two Codex MCP cross-LLM review catches (2026-05-26) folded in-band: (1) _NO_RETRY_TERMINATION_REASONS (input_blocked / user_cancelled / user_clarification_needed) short-circuits the helper so success exits with intentional non-JSON text aren't re-issued (would override cancel intent); (2) the elapsed-time gate prevents the retry from getting another full time_budget_s after AgenticLoop.arun resets _loop_start_time per call. Pinned by TestNeedsSchemaRetry (14 cases including 3 no-retry-success parametrize), TestBuildSchemaRetryPrompt (4 cases including 4096-char schema truncation + 800-char prior-text truncation), and TestSchemaAwareRetryWiring (10 wiring cases — retry-once-on-empty / no-retry-on-success / no-retry-without-schema / cap-at-one / 3 no-retry-success parametrize / elapsed-time-gate / retry prompt carries schema body + bracket-pair markers).

• PR-ROLE-JSON-ENFORCE-EXTENSION — extend PR-HANDOFF-SCHEMAS to the 4 remaining JSON-parsing roles + strengthen evolver. Smoke 17 terminal state surfaced gaps beyond PR-PROXIMITY-JSON-ENFORCE: the meta_reviewer phase_failed with {'raw': 'Meta-review submitted. Densest batch yet (14 candidates, 9 pilot rows, 5 survivors) but 0/5 evolution yield…'} — narrated completion, no JSON. Audit of _build_description across all role agents found 4 JSON-parsing roles (critic / literature_review / meta_reviewer / supervisor) missing the "FINAL response must be ONLY the JSON object … Start with { and end with }" gate. Generator excluded (writes seed via write_file, no JSON parse). Evolver already had the gate but smoke 17 showed 5/5 sub-agents exited with termination_reason=natural + empty output, treating the write_file tool call as the loop terminus; added an explicit "Even after you've successfully called write_file and the evolved file exists on disk, the orchestrator still needs the JSON object as your VERY LAST assistant message" reminder. Pinned by test_all_json_based_role_prompts_carry_final_response_enforcement (renders each role's prompt at runtime via the public builder methods, asserts the gate text + bracket-pair markers — robust against the "comment satisfies grep" weakness Codex MCP caught in the initial static-source-grep approach).

• PR-PROXIMITY-JSON-ENFORCE — proximity prompt mirrors the PR-HANDOFF-SCHEMAS JSON-only enforcement. plugins/seed_generation/ agents/proximity.py:_build_description now appends `Your FINAL response must be ONLY the JSON object matching the PROXIMITY_SCHEMA … Start with { and end with }. Pre-fix smoke 17 hit a phase_failed because the LLM emitted a narrative preamble ("Analyzing the 14 candidates by reading their excerpts — grouping by mechanism…") and the parser dropped the malformed payload. The other PR-HANDOFF-SCHEMAS-aligned roles (pilot / critic / evolver) already had this gating language; proximity was the one outlier. Pinned by a new test in tests/plugins/seed_generation/test_proximity.py`.

• PR-CHECKPOINT-ON-FAILURE — phase_failed phases no longer write a checkpoint. plugins/seed_generation/orchestrator.py:Pipeline.arun now gates the post-phase _record_checkpoint call on phase_result.success. Pre-fix, smoke 17 wrote a proximity.json checkpoint despite the proximity agent returning status="error" (soft failure with phase_failed (raised=False)) because _arun_phase returned normally — the outer loop called _record_checkpoint unconditionally, so a future audit-seeds resume gen1-redundant_tool_invocation would have SKIPPED proximity on the next attempt (opposite of the operator's intent). Pinned by test_phase_failed_soft_failure_does_not_write_checkpoint in tests/plugins/seed_generation/test_orchestrator.py.

• PR-VOTER-PROVIDER-WIRE — every seed-generation role's SubTask now carries the picker-resolved `model`. core/agent/sub_agent.py:SubTask gains a model: str = "" field; SubAgentManager._build_request honors task.model over both settings.model and agent_ctx["model"]. Pre-fix every sub-agent inherited the parent's default model, which short-circuited adapter resolution: smoke 17 RESUME dispatched ranker voters with binding (claude-cli, claude-opus-4-7) via the codex-cli subprocess adapter because _resolve_provider(settings.model) returned an openai-codex key, so resolve_for("openai", "adapter") matched codex-cli instead of claude-cli. Codex MCP re-review of PR #1687 caught that the same wire gap exists for the 7 non-ranker role agents (generator / critic / pilot / proximity / evolver / meta_reviewer / supervisor) — once .md model: frontmatter is removed, AgentDefinition.model falls back to ANTHROPIC_SECONDARY (claude-sonnet-4-6), silently overriding pilot (claude-haiku-4-5) / meta_reviewer / supervisor (claude-opus-4-7) bindings. Every role's SubTask spawn now passes model=self.model. Pinned by 3 new tests: test_ranker_voter_spawn_carries_per_voter_model + test_sub_task_model_field_wins_over_settings_default + test_all_role_subtask_spawns_carry_model_for_role_binding (static-grep sentinel across all 7 non-ranker role files).

• seed-generation agent definitions — remove per-agent `model:` frontmatter + normalize to English. All 9 plugins/seed_generation/ agents/*.md files dropped their model: line so the manifest's per-role binding (resolved via the picker) is the single SoT for which model each role runs against — previously a stale model: in .md frontmatter could silently override the picker's resolved binding when agent_ctx["model"] was consulted. Korean text in critic.md / evolver.md / pilot.md was rewritten to English for consistency (the rest of the corpus is English).

• PR-CODEX-OAUTH-RESPONSE-SCHEMA — Codex OAuth adapter now forwards `req.response_schema`. core/llm/adapters/codex_oauth.py was the only PR-JSON-WIRE (#79) adapter that silently dropped the schema field; claude-cli wires through --json-schema and codex-cli writes --output-schema <FILE>, but codex-oauth's _build_codex_call_kwargs never emitted the OpenAI Responses API equivalent (text.format = {"type": "json_schema", "name": ..., "strict": ..., "schema": ...}). Without that field, gpt-5.x reasoning models on the Codex backend could return stop_reason=completed + empty output_text (entire output budget consumed by encrypted reasoning items), surfacing as unknown failures that AgenticLoop retried 5× and produced ~10 ~/.geode/diagnostics/codex-oauth-empty-text/ dumps per ranker match (smoke 17 evidence). Fix: append text.format per the Responses API spec (ctx7-grounded via /websites/developers_openai_api responses-vs-chat-completions guide). Schema name derived from the schema's title field (fallback "response").

Per Codex MCP review of PR #1687, strict: True is auto-detected by _is_strict_compatible(schema) rather than hard-coded. OpenAI Structured Outputs strict mode requires every object schema to set additionalProperties: false AND list every property in required (recursively into nested objects + array items). GEODE's seed-generation schemas in plugins/seed_generation/json_schemas.py use an additive helper that intentionally omits both — unconditional strict=True would have caused the server to reject the request (400) before generation, a worse retry storm than the empty-text path. Non-compatible schemas fall back to strict: False (schema still forwarded as a server hint). 9 new invariant + retry-edge tests in tests/core/llm/adapters/test_codex_oauth_backend_invariants.py and tests/core/llm/adapters/test_codex_oauth_empty_text_retry_edge.py.

Sprint bundle closing the 전소 self-improving-loop backlog: PR-20 (A.6 CRM causal_hypothesis) + PR-21 (A.8 sub_agent_slice) + PR-22 (B.4 F1 cross-run SoT invariants) + PR-23 (A.2 Tchebycheff) + PR-24 (A.3 MAP-Elites) + PR-25 (A.4 GEPA sampler) + PR-26 (C.6 cross-run SoT unification) + PR-27 (C.7 unified MutatorContextView) + PR-CHECKPOINT-RESUME-TIMEBUDGET (seed-gen per-phase checkpoint + 600s wall-clock) + PR-28 (C.8 silent fallback STRICT mode parity invariants). 9 fragmentation-audit signals closed, Codex MCP catches averaged 1.6/PR.

Added

• PR-28 C.8 silent fallback STRICT mode parity invariants — tests/core/self_improving_loop/test_strict_mode_parity.py pins the fragmentation-audit F5 fix (ADR-012 S0a/S0b) as a drift invariant. autoresearch/train.py sets GEODE_<KIND>_OVERRIDE together with GEODE_<KIND>_STRICT=1 for the 12 mutation-surface kinds so the audit subprocess fails fast instead of silently falling back to the in-repo SoT; core/self_improving_loop/sot_resolution.py reads the matching _STRICT_SUFFIX via removesuffix(_OVERRIDE_SUFFIX) + _STRICT_SUFFIX. The 9 invariants cover override↔strict pairing (drift detection, RHS-agnostic regex so a future kind using a helper-call/Path-literal RHS cannot evade the pairing check), strict-kind count floor (>=12), suffix derivation pattern, and end-to-end resolve_sot strict-flag propagation for the 4 layer outcomes (env+STRICT / env-only / operator-local / in-repo). A future kind addition that forgets STRICT trips the pairing invariant. Memory project_autoresearch_fragmentation_audit.md F5 closed.
• PR-CHECKPOINT-RESUME-TIMEBUDGET — per-phase checkpoints + lifted sub-agent wall-clock defaults. plugins/seed_generation/checkpointer.py writes <run_dir>/checkpoints/<phase>.json after each successful seed- generation phase (atomic via os.replace of a tmp file); the orchestrator appends to state.completed_phases on success. New plugins/seed_generation/resume.py + geode audit-seeds resume <run_id> CLI hydrate PipelineState from the latest checkpoint and continue from the first phase without an on-disk record. Wall-clock budgets: core/agent/sub_agent.py SubAgentManager.timeout_s default 120s → 600s with new GEODE_SUBAGENT_TIMEOUT_S env override (clamp [10, 3600]); core/agent/worker.py WorkerRequest.timeout_s default mirrors the bump; core/agent/plan.py _DECOMPOSE_CALL_TIMEOUT_S 60s → 180s so multi-tool plan.decompose calls under load (smoke-16 evolver asyncio.CancelledError at 122s wall-time) don't trip the inner cap. The seed-generation registry keeps its explicit timeout_s=1800.0 override in plugins/seed_generation/_registry_builder.py — the new 600s is the default for callers that don't override. Convergence basis: paperclip session JSONL resume + LangGraph SqliteSaver thread/checkpoint keying + openclaw per-agent wall-clock + hermes IterationBudget. Plan SoT: docs/plans/2026-05-25-structured-output-3-axis-fix.md §5 + §6.
• PR-27 C.7 unified MutatorContextView — core/self_improving_loop/mutator_context_view.py composes the 5+ mutator-context sources into a single frozen Pydantic view: baseline_snapshot / policy_snapshots (5 kind policies) / program_md / meta_review_snapshot / recent_mutations (PR-12 reader output) / cross_run_key (PR-26 CrossRunJoinKey). compose_mutator_context_view(...) packs the loaded sources with safe defaults (None or empty container for missing sources); source_count(view) returns the count of populated sources for operator diagnostics. extra="allow" so future sources can be carried without schema migration. Pure helper, caller wiring (runner.py build_runner_context) deferred. Resolves F2 fragmentation signal.
• PR-26 C.6 cross-run SoT 3중첩 unification helper — core/self_improving_loop/cross_run_join.py consolidates the three cross-run SoT readers (latest_pointer.json / MetaReviewSnapshot / sessions.jsonl) behind a single Pydantic CrossRunJoinKey (frozen run_id + gen_tag + source_label). load_cross_run_join_key() returns None on missing / malformed / non-dict / missing-required-field pointer payloads (graceful). keys_match(a, b) compares by value (source_label ignored). compose_history_view(key, rows) filters an iterable of session/meta-review rows to those matching the key — defensive against non-dict items and rows missing either field. Builds on PR-22 invariant tests with an actual unification helper. Pure functions, caller deferred.
• PR-25 A.4 GEPA Pareto sampler helper — core/self_improving_loop/gepa_sampler.py adds density-aware sampling for the Pareto archive: compute_sparsity_weights(vectors, k) returns each entry s mean k-NN distance (sparse niches get higher weight; epsilon prevents all-zero collapse on identical vectors), and sample_sparse[T](entries, vectors, n, k_neighbors, rng) performs weighted without-replacement sampling that probabilistically favors under-represented Pareto niches. Replaces the uniform-random PareteArchive.sample baseline (PR-15) — caller wiring follows. Frontier: GEPA pattern (Genetic Evolutionary Pareto Archive) + Quality-Diversity (Mouret & Clune 2015).
• PR-24 A.3 MAP-Elites niche grid helper — core/self_improving_loop/map_elites.py adds Quality-Diversity (Mouret & Clune 2015) niche-archive helpers: MapElitesGrid (sparse 2D dict — each cell holds the highest-fitness payload, ties rejected), compute_cell_index(value, bounds, resolution) for behavior discretization (clamps out-of-range, value at upper bound maps to last cell), compute_grid_coverage(grid) (occupied/total ratio), and insert_many batch. Complements PR-15 Pareto archive — Pareto prunes by global dominance, MAP-Elites preserves per-niche elites so behavior diversity stays in the archive. Pure helper, caller wiring (archive niche-aware sampling) deferred. Frontier: AlphaEvolve (DeepMind 2025-05).
• PR-23 A.2 Tchebycheff scalarization helper — core/self_improving_loop/tchebycheff.py adds compute_tchebycheff(fitness_dim, weights, ideal_point) and compute_ideal_point(vectors) pure helpers. Linear scalarization (f_total = sum(w*r)) cannot reach concave Pareto-front regions (Das & Dennis 1997); Tchebycheff (-max_d w_d * (ideal[d] - fitness[d])) closes that gap by penalizing the worst dim relative to the ideal point. Pareto-front advantage invariant test pins the canonical 3-point concave example (extreme points tie under linear, B beats both under Tchebycheff). Caller wiring into apply_group_proposals 의 pareto_mode 분기 is deferred — PR-15 의 lineage writer 와 짝지을 다음 PR 가 필요.
• PR-22 B.4 F1 cross-run SoT 3중첩 invariants — tests/core/self_improving_loop/test_cross_run_sot_invariant.py pins the schema parity invariants between the three cross-run SoTs that the project_autoresearch_fragmentation_audit.md F1 signal calls out: latest_pointer.json (paths.write_latest_pointer / read_latest_pointer), the MetaReviewSnapshot (plugins.seed_generation.baseline_reader), and sessions.jsonl (plugins.seed_generation.orchestrator). 10 invariants cover: write/read roundtrip, required-key schema (version/run_id/gen_tag/ updated_at), optional-field omission, missing/malformed/non-dict graceful None return, STATE_ROOT-relative path resolution, sessions.jsonl source contains the canonical run_id cross-ref key, MetaReviewSnapshot reachable, and a drift invariant blocking rename to cycle_id / session_id. Any future SoT key rename fails fast here instead of silently breaking the cross-run join.
• PR-21 A.8 sub_agent_slice helper — core/self_improving_loop/sub_agent_slice.py defines a 5-stage deterministic round-robin slice mapping (role / tools / reflection / decomposition / interlocutor) keyed on sub_agent_index. compute_sub_agent_slice(idx, total) returns the slice name; derive_slice_prompt_hint(slice) returns a one-line mutator system-prompt hint that the eventual propose_swarm wiring can prepend to diversify sub-agent focus beyond temperature stochasticity. Pure functions, no caller wired yet (deferred to a follow-up PR). Frontier: Kimi K2.6 PARL post-trained decomposition, inference-time variant.
• PR-20 A.6 CRM causal_hypothesis field — Mutation dataclass + ApplyRecord Pydantic schema + parse_mutation + to_audit_row 가 새로운 optional causal_hypothesis field (max 500 chars) 를 cover. mutator 가 mutation 직전 명시한 인과사슬 — "dim X 의 Y 효과 → fitness Z 변화" — 가 mutations.jsonl 의 apply row 에 emit 되어 post-audit observed_dim 과 cross-check 가능 (별도 wiring 은 follow-up). principle (SPCT) 이 judging criterion 이라면 causal_hypothesis 는 causal trace — 두 field 는 독립적, 둘 다 emit 가능. Legacy mutator (key 미포함) → 빈 문자열 → row column 미생성. Frontier: CRM (Conditional Reward Modeling, arXiv 2509.26578).

Patch bundling PR-16 (C.4 credit_assignment) + PR-17 (C.5 kind×dim matrix) + PR-SG-SELECTION-ALIGN-FIX (V3/V4/V5 Codex MCP fixes on PR-SG-SELECTION-ALIGN).

Added

• PR-18 C.3 rollback_condition parser + evaluator — core/self_improving_loop/rollback_condition.py turns the free-text Mutation.rollback_condition field (PR-5) into a runtime signal via a single pure function evaluate_rollback_condition(condition, observed_dim, baseline_dim, observed_fitness, baseline_fitness). Four supported syntax patterns: any dim drops more than X, fitness drops below X, critical dim drops more than X (5 critical dims from AXIS_TIERS), and rollback if fitness regression. Patterns are case-insensitive and can be embedded in longer operator notes. Free-text fallback returns False — by design, automatic SoT reversion is *not* triggered; the result is a signal for an alerting CLI / dashboard, leaving the rollback action to the operator. Missing baseline / fitness → False (graceful).
• PR-17 C.5 kind × dim cross-effect matrix — core/self_improving_loop/kind_dim_matrix.py inner-joins apply rows (PR-12 read_recent_applies) with attribution rows (PR-12 read_recent_attributions) on mutation_id and produces a 2-D {target_kind: {dim_name: cumulative_score}} matrix (compute_kind_dim_matrix). Each cell accumulates attribution_score × observed_dim[dim] (signed). Orphan apply or attribution rows are skipped silently. Companions: rank_dims_by_kind(kind) / rank_kinds_by_dim(dim) sort by absolute score with optional limit. Resolves F4 fragmentation signal — operators can answer "which mutation kind has moved which dim the most over history" without re-deriving from raw JSONL. Pure functions (I/O-free); caller (CLI / dashboard) deferred to a follow-up PR. Frontier: Quality-Diversity behavior-niche grid (Mouret & Clune 2015) + DGM archive lineage causal trace.
• PR-16 C.4 credit_assignment module — core/self_improving_loop/credit_assignment.py adds two pure functions for selection-layer observability: compute_credit_assignment(mutation, group_advantage) applies a heuristic magnitude-weighted partition of a single mutation's group_advantage across its expected_dim keys (credit[d] = group_advantage * |expected_dim[d]| / sum(|expected_dim|)), and aggregate_credit_history(records) sums these contributions across an iterable of ApplyRecord rows (e.g. PR-12 read_recent_applies output) for a per-dim cumulative credit ranking. Records with group_advantage=None (legacy single-mutation mode) or empty expected_dim are skipped silently. Sign convention: credit magnitude tracks group_advantage sign; intent direction stays encoded in the original expected_dim sign. Caller (CLI / operator dashboard surfacing the rank) is deferred to a follow-up PR. Frontier: Quality-Diversity behavior-characterization mapping (Mouret & Clune 2015); DAPO/GRPO justify the scalar group_advantage, but the per-dim partition itself is a local heuristic — not a direct DAPO/GRPO formula.

Fixed

• PR-SG-SELECTION-ALIGN-FIX — Codex MCP review of PR-SG-SELECTION-ALIGN flagged 3 half-wires. All fixed. (V3) Tier-mapping drift test now parses the markdown tier table per .md file and asserts the dim set in each tier row equals {d for d, t in AXIS_TIERS.items() if t == tier} bidirectionally. Pre-fix the tests only checked "every catalog dim appears somewhere in the file", so a dim under the wrong tier in .md would pass silently. New parametric test test_md_tier_mapping_matches_axis_tiers × 3 files. (V4) PipelineState.pareto_mode: bool = False field added, threaded from AutoresearchConfig.pareto_mode via _dispatch_pipeline. Evolver _build_description now gates the pareto_front HANDOFF embed on state.pareto_mode — a stale baseline_archive.jsonl from a prior pareto_mode=True cycle no longer leaks into the evolver prompt when the current cycle has linear scalarization. New test test_pareto_front_omitted_when_pareto_mode_false. (V5) --target-dims-attribution auto-pick narrowed to fire only when --target-dim itself was auto-picked (None or "auto"). Pre-fix it also fired for explicit --target-dim broken_tool_use whenever a baseline existed, contradicting plan §5.3 / CLI help text. The singular intent is now the operator's choice; the plural Pareto scope only expands when both are auto.

Bundles PR-SG-SELECTION-ALIGN + PR-12/13/14 from develop (mutations_reader + meta_judge + propose_swarm wiring). seed-gen now surfaces the same selection-layer signals (anchor 3 / scenario_realism / tier model / Pareto front / target_dims_attribution) that autoresearch fitness reads.

Added

• PR-15 A.1 pareto_mode archive writer wiring — apply_group_proposals now appends one ArchiveEntry per sibling to autoresearch/state/baseline_archive.jsonl when AutoresearchConfig.pareto_mode=True. Append is plain JSONL write — dominated-entry pruning happens at *load* time only (load_archive() reinserts every row into a fresh PareteArchive, triggering insert() dominance prune). Top-1 selection remains linear advantage (multi-dim selection via archive sampler is deferred until audit subprocess emits per-dim dim_means back to the runner — current MVP appends {"fitness": float} 1-dim entries for cross-cycle lineage; on 1-dim load the archive collapses to the single highest- fitness entry, so the lineage value is in the raw JSONL stream, not the loaded archive). compute_hypervolume and dynamic_reward_weight_step from pareto_archive.py remain intentionally unused at runtime — they're staged for the multi-dim follow-up that will pair them with subprocess dim_means capture. Adds !autoresearch/state/baseline_archive.jsonl negation to .gitignore (silent-ignored writer guard, PR-G5b precedent) plus an invariant test that git check-ignore confirms the negation. Frontier: AlphaEvolve MAP-Elites + DGM archive lineage.
• PR-SG-SELECTION-ALIGN — seed-gen ↔ selection-layer alignment (G1-G5 bundled per docs/plans/2026-05-25-seed-gen-selection- layer-alignment.md). (G1) Anchor 3 dim surface — extract_anchor_means helper + ANCHOR_MEANS_FIELD schema embedded into PILOT_HANDOFF / CRITIC_HANDOFF / EVOLVE_HANDOFF. pilot/critic/evolver _build_description now reads admirable / disappointing / needs_attention from baseline_snapshot.dim_means (or pilot output) and surfaces them in the ## HANDOFF CONTEXT block so the LLM sees the same triplet that drives core/self_improving_loop/anchor_confidence.compute_anchor_ confidence_multiplier (P3 + PR-11). (G2) scenario_realism routing — extract_scenario_realism helper + CRITIC_HANDOFF/EVOLVE_HANDOFF field. D2 feedback channel for seed-gen (critic flags judge_risk = "high" when realism < 1.5; evolver weights rewrite_section choice by realism). (G3) Dim tier model in pilot.md / critic.md / evolver.md — explicit critical 5 / auxiliary 12 / info 3 lists matching autoresearch.train.AXIS_TIERS. Drift invariant test pins the three .md files against the AXIS_TIERS catalog. (G4) target_dims_attribution: list[str] — new optional PipelineState field + --target-dims-attribution <csv> CLI option + pick_regression_target_dims(snapshot, k=3) baseline helper. Plural counterpart to the singular target_dim run intent; populates the Pareto archive scope without touching the pre-G4 single-dim contract. (G5) Pareto front evolver embed — new core/self_improving_loop/pareto_archive.read_pareto_front() + evolver _build_description embeds the current non-dominated set into EVOLVE_HANDOFF when target_dims_attribution is populated and baseline_archive.jsonl exists. Silent fall- through when archive missing or scope empty. Tests: 35 in tests/plugins/seed_generation/test_selection_ alignment.py (anchor extract / scenario_realism extract / tier .md drift × 3 files × 3 tiers / pick_regression_target_dims top-K / PipelineState field / agent handoff embed / Pareto reader / evolver Pareto embed). Cross-file invariant: tier .md block ↔ AXIS_TIERS catalog. 746 passed across tests/plugins/seed_generation + tests/core/self_improving_loop + tests/core/agent.
• PR-14 A.7 propose_swarm + apply_swarm_proposals wiring — SelfImprovingLoopRunner gains propose_swarm(m, n) (returns list[list[Proposal]] — M sub-agents × N siblings, sequential) and apply_swarm_proposals(swarm_proposals) which mints a single swarm_id, forwards swarm_id + sub_agent_index to each sub-agent's apply_group_proposals, and returns the last-committed sub-agent's mutation (MVP last-wins). Mutation.to_audit_row + append_audit_log + apply_group_proposals + apply_proposal all accept swarm_id + sub_agent_index (default "" / None → row column omitted, legacy unchanged). run_once dispatches to swarm mode when AutoresearchConfig.sub_agent_count >= 2. Swarm-level fitness aggregation via aggregate_swarm_fitness deferred to a follow-up that pairs PR-12 mutations_reader with the helper — current MVP surfaces swarm metadata in mutations.jsonl rows for cross-sub-agent grep analysis (no runtime aggregation). Codex MCP review caught a half-wire (Conditional Read Parity) at the apply_group_proposals(n=1) singleton shortcut → apply_proposal path where swarm metadata was being dropped on the most common MVP config (sub_agent_count>=2, group_size=1); fixed by extending apply_proposal with the same kwargs and forwarding from the shortcut. Frontier: Kimi K2.6 PARL inference-time variant.
• PR-13 A.5 meta-judge module — core/self_improving_loop/meta_judge.py invokes a meta-judge LLM on the most-recent N attribution rows (via PR-12 read_recent_attributions) and returns MetaJudgeResult with a drift_score on [0.0, 1.0] + drift_summary text + evaluated_count + llm_raw (capped 2000 chars). Pure function build_meta_judge_prompt serialises records to JSONL; parse_meta_judge_response accepts strict JSON, fence-wrapped JSON, or regex key-value fallback for low-capability models, and returns (0.0, "") on total failure so callers can detect "no signal". invoke_meta_judge(n, llm_call, path) accepts a dependency- injected LLM callable (default = mutator dispatch) and returns None when no attribution rows exist (fresh repo / pre-PR-5). Frontier reference: Meta-Rewarding (Meta 2024-07 arXiv 2407.19594).
• PR-12 C.2 mutations_reader module — core/self_improving_loop/mutations_reader.py adds a read-only iterator + type-safe filter for mutations.jsonl (iter_mutations(path, kinds, limit), read_recent_attributions(n, path), read_recent_applies(n, path, include_siblings)). A kind discriminator routes apply rows (applied / applied_sibling) to ApplyRecord and attribution rows to AttributionRecord. Malformed JSON / non-dict / schema-invalid / unknown-kind rows skip with log.warning so a single corrupted row does not abort the reader. File absent → empty iterator (fresh-repo graceful). Prerequisite for A.5 P3.2 meta-judge invocation (PR-13) and F3 fragmentation signal (mutator self-history access).

Patch release bundling PR-11 anchor-confidence multiplier wiring + PR-SEEDS-PER-RUN-LINK (Pages directory-listing 404 fix on the seed listing).

Added

• PR-11 P3.1 anchor confidence multiplier wiring — autoresearch/train.py compute_fitness now accepts anchor_means + anchor_confidence_mode parameters and applies a [0.7, 1.0] multiplier to the final fitness scalar across all 4 dim_part return branches (dim-only / 2-axis / 3-axis / 4-axis). Multiplier source: core/self_improving_loop/anchor_confidence. compute_anchor_confidence_multiplier (added in PR-9, previously dead). Caller (train.py:2102) extracts ANCHOR_DIMS subset from dim_means (admirable / disappointing / needs_attention, already emitted by dim_extractor._walk_dim_values indiscriminate collect) and reads GEODE_SIL_ANCHOR_CONFIDENCE_MODE=1 env to gate the mode. runner.py _run_autoresearch_subprocess forwards the env from AutoresearchConfig. anchor_confidence_mode. Critical gate (return 0.0) untouched — strict reject is anchor-independent. _should_promote (promotion logic) also threads the multiplier through its 3 internal compute_fitness calls (gated / current_raw / prior_raw) — extracting ANCHOR_DIMS subset from current/baseline dim_means and forwarding anchor_confidence_mode — so promotion decision compares fitness on the same scale as the caller-side logged fitness (Codex MCP review fix; previously half-wired: caller multiplied, promote compared raw).

Fixed

• PR-SEEDS-PER-RUN-LINK — seed listing [raw 번들 ↗] link per row pointed at the run's directory (/petri-bundle/seeds/ <run_id>/). GitHub Pages does not serve directory listings, so it returned HTTP 404 on click. The link now targets the run's served state.json instead (/petri-bundle/seeds/ <run_id>/state.json). Prose mentions on the same page (KO + EN) were updated to point at the concrete files (state.json / survivors.json) instead of "per-run 디렉토리" / "per-run directory" since the directory itself is not reachable.

Patch release shipping PR-DETAIL-LINK-FIX so the seeds listing → detail click flow on the live Pages site stops returning 404. Single-PR rotation to fix a user-visible regression from v0.99.55.

Fixed

• PR-DETAIL-LINK-FIX — seed detail links now match next.config.ts: trailingSlash: false. Four hrefs in site/src/app/docs/petri/seeds/page.tsx and site/src/app/docs/petri/seeds/[run_id]/[candidate_id]/page.tsx ended with /, which the static export does not serve (HTTP 404 on https://mangowhoiscloud.github.io/geode/docs/petri/ seeds/<run>/<id>/). Dropped trailing slashes; the parent / evolved-children cross-links inside the detail page now use ./<id> (browser resolves to /docs/petri/seeds/<run>/<id> because the current URL has no trailing slash).

• PR-5 BASELINE-RL-IMPL (2026-05-25) — self-improving loop 의 baseline fitness 생성 식에 frontier RL alg 의 selection layer 만 차용한 group sampling 도입. 2026-05-25 plan (docs/plans/2026-05-25-baseline-fitness-rl-grounding.md, PR #1639) 의 P1-revised (GSPO/DAPO + EXAONE variance filter) 구현.

핵심 메커니즘 — frontier RL alg 의 weight 학습 layer (PPO ratio clipping clip(ρ_t, 1-ε, 1+ε), KL penalty β·KL[π_θ || π_ref], gradient descent) 는 의도적 폐기. mutator 가 Anthropic Claude API endpoint 라 weight frozen + gradient access 없음. selection layer 만 inference-time short loop 에 적용:

- Group sampling (GRPO from DeepSeek R1, arXiv 2402.03300): propose_group(N) 이 ThreadPoolExecutor 로 N parallel mutator call. 같은 baseline state + temperature=1.0 의 stochastic response 가 N distinct mutations. - Advantage normalization (GRPO whitening): _compute_group_advantage 가 Â_i = (fitness_i - μ) / (σ + ε) z-score. - Variance filter (DAPO Dynamic Sampling, arXiv 2503.14476 = EXAONE 4.5 zero-variance filter, arXiv 2604.08644): group std < threshold 면 cycle skip (no SoT commit, no apply row) — wasted batch 회피 (DAPO reported wall-clock 25% 절약). - In-memory sibling SoT: write_sibling_in_memory() 가 OS temp file 로 write (canonical autoresearch/state/policies/*.json 안 건드림). audit subprocess 가 W3 PR-3 인프라 (GEODE_<KIND>_OVERRIDE + STRICT env) 로 temp path 받아 strict-mode read. top-1 채택 후에만 canonical SoT 에 commit. - Top-1 commit: max advantage 의 mutation 만 disk write + apply row (kind="applied"). 나머지 N-1 은 kind="applied_sibling" row (mutations.jsonl 의 history 보존, in-memory only). - group_id propagation: runner 가 mint → subprocess env GEODE_SIL_GROUP_ID → train.py 가 write_attribution(group_id=...) forward → apply row + applied_sibling row + attribution row 모두 같은 group_id 로 join 가능. - Temperature guard: _compute_group_advantage 진입 시 mutator_temperature >= 0.1 assert (default 1.0). deterministic mutator (temperature=0) 의 silent infinite cycle skip 회피.

Frontier 그라운딩 (selection-only family, 13 사례) — DGM (Sakana 2025-05), AlphaEvolve (DeepMind 2025-05), AI Scientist v2 (Sakana 2025-04), Voyager (NVIDIA 2023), Promptbreeder (DeepMind 2023, 2-tier population), STOP (Stanford+MS COLM 2024, recursive scaffolding), GEPA (Berkeley 2025-07, Pareto+reflection), Karpathy autoresearch, MetaGPT AFLOW (ICLR 2025) — GEODE 는 이들과 같은 가족이지만 evolutionary search 식 (tournament GA, MAP-Elites, Pareto sampler) 대신 RL-derived 식 (group + advantage + variance filter) 을 inference-time 으로 차용한 4-frontier convergence unique niche.

Fixed

• PR-CLEANUP-WORKER-REQUEST-RUN-DIR — delete dead WorkerRequest.run_dir field + wire B2 per-task cwd binding to the live SoT (core.observability.run_dir.get_active_run_dir). PR-RESUME-NO-PERSIST-FIX's first cut read request.run_dir which is never populated by any producer (verified via grep — PR-Q chose env-var transport via GEODE_RUN_DIR instead). Smoke 11 confirmed the wiring gap: no cwd/ subdir was ever created under sub_agents/<task_id>/, so claude-cli subprocess ran in the worktree root and the per-task cache-pool isolation was a no-op. Migration:
• core/agent/worker.py _run_agentic now imports get_active_run_dir() (re-bound by worker.main() from the GEODE_RUN_DIR env var on entry) and uses the returned Path to compute <run_dir>/sub_agents/<task_id>/cwd/. The dead field WorkerRequest.run_dir: str = "" + its from_dict("run_dir", "") echo are removed. Field's docstring that suggested it was the SoT is replaced with a comment pointing the next reader to RUN_DIR_ENV / get_active_run_dir.
• 8 new regression tests across 2 files: tests/core/agent/test_worker_task_isolation_binding.py rewritten to mirror the corrected bind sequence (5 tests — happy path, idempotent, disjoint pools, noop without run_dir, noop without task_id); tests/core/agent/test_worker_request_no_run_dir_field.py (new — 3 anti-relapse tests pinning that the dataclass field is gone, from_dict silently drops legacy run_dir payloads, to_dict no longer encodes it).

• PR-RESUME-NO-PERSIST-FIX (B2) — sub-agent claude-cli adapter no longer passes --no-session-persistence. Smoke 10 (v0.99.53, post-PR-TRANSIENT-* chain) surfaced a regression: generator gen-gen1-000-c885bc29 + evolver evolve-gen1-001-c252e5eb both failed after 5 retries with claude-cli subprocess exited rc=1: No conversation found with session ID <uuid>. Root cause — PR-PERMS-FLAG-FIX B (--no-session-persistence) was incompatible with PR-V (--resume <session_id>) when both fired in the same sub-agent's turn N+1: turn N could not save (persistence disabled) so turn N+1's resume target did not exist. Replacement is per-task cwd isolation via new core/agent/task_isolation.py: the sub-agent worker binds <run_dir>/sub_agents/<task_id>/cwd/ to a ContextVar at startup (_run_agentic in core/agent/worker.py); the claude-cli adapter (core/llm/adapters/claude_cli.py) reads the ContextVar and forwards as cwd= to _run_claude_subprocess (plugins/petri_audit/claude_cli_provider.py); the subprocess runs with that cwd, so claude-cli's session cache (~/.claude/projects/<cwd-hash>/sessions/) is unique per task_id. Cross-sub-agent leak prevented (each task_id has its own pool) AND within-task continuity works (turn N+1 sees the same cwd as turn N, so --resume <id> finds the session). Direct callers outside sub-agent dispatch (inspect_ai audit lane, one-shot diagnostic) get ContextVar=None → subprocess inherits caller cwd (back-compat). Pinned by 19 new regression tests across 4 files: tests/core/agent/test_task_isolation.py (5 tests — ContextVar set/get/None/asyncio-isolation), tests/core/agent/test_worker_task_isolation_binding.py (3 tests — worker mirrors the bind sequence, mkdir + ContextVar + per-task disjoint cwds), tests/plugins/petri_audit/test_run_claude_subprocess_cwd.py (2 tests — cwd= forwarded to asyncio.create_subprocess_exec, default None preserved), tests/core/llm/adapters/test_claude_cli_adapter.py (3 tests — argv no longer carries --no-session-persistence, adapter forwards ContextVar value, unset ContextVar = cwd=None). Existing build_claude_cli_argv flag tests unchanged — the function-level opt-in is retained for explicit callers that need it.

• PR-TRANSIENT-WORD-BOUNDARIES — single-word alternatives in the claude-cli transient classifier regex now anchor on \b. Smoke 8 (v0.99.53, post-PR-TRANSIENT-BARE-HTTP-CODES) pilot sub-agent surfaced throttl(?:ed|ing) matching THROTTLED inside the Python constant CODEX_CLI_LANE_THROTTLED_MSG (from core/orchestration/ codex_cli_lane.py) that the LLM was quoting in a stack-trace fragment. Identifier-internal hits previously slipped the regex because the alternatives had no trailing \b. Four alternatives tightened in both sibling sites (plugins/petri_audit/ claude_cli_provider.py:CLAUDE_TRANSIENT_UPSTREAM_RE + core/llm/claude_cli_errors.py:_TRANSIENT_UPSTREAM_RE): throttl(?:ed|ing) → throttl(?:ed|ing)\b, overloaded(?:_error)? → overloaded(?:_error)?\b, throttlingexception → throttlingexception\b, servicequotaexceededexception → servicequotaexceededexception\b. Real signals like request was throttled / ThrottlingException / overloaded_error (with adjacent whitespace, quote, newline, or punctuation) still match — only identifier-internal matches (e.g. THROTTLED_MSG, OVERLOADED_ERROR_MSG) are excluded. Pinned by 6 new regression tests in tests/plugins/petri_audit/test_claude_cli_transient_classifier.py: test_throttled_inside_identifier_does_not_match (literal smoke 8 stack-trace excerpt), test_throttled_real_phrase_still_matches, test_overloaded_inside_identifier_does_not_match, test_overloaded_error_real_phrase_still_matches, test_throttling_exception_inside_identifier_does_not_match, test_throttling_exception_real_phrase_still_matches.

• PR-TRANSIENT-BARE-HTTP-CODES — claude-cli transient classifier regex drops the bare numeric alternatives \b429\b / \b503\b / \b529\b (two sibling sites: plugins/petri_audit/ claude_cli_provider.py:CLAUDE_TRANSIENT_UPSTREAM_RE + core/llm/claude_cli_errors.py:_TRANSIENT_UPSTREAM_RE). v0.99.53 smoke 7 pilot phase surfaced a fresh false-positive: claude-cli completed cleanly (rc=0, subtype=success, terminal_reason=completed, $0.21 cost), but stdout serialised the LLM's narrative containing a Python source-code comment # POST /v1/messages (auditor + judge + target × 10) → instant 429. The bare \b429\b alternative matched the literal digit run and the adapter raised ClaudeCliTransientUpstreamError against an otherwise-successful execution. Real rate-limit signals always carry a phrase (rate_limit_error, too many requests, service unavailable, server overloaded, throttled, …) — the named alternatives left in place still catch those without matching arbitrary HTTP-status digit runs the LLM may quote from documentation or source code it is reading. Pinned by 6 new regression tests in tests/plugins/petri_audit/test_claude_cli_transient_classifier.py: test_bare_429_in_source_code_comment_does_not_match (the literal smoke 7 stdout excerpt), test_bare_503_in_code_does_not_match, test_bare_529_in_code_does_not_match, test_real_rate_limit_signal_still_matches_after_bare_removal, test_overloaded_error_still_matches_after_bare_removal, test_too_many_requests_phrase_still_matches. Existing test_signal_excerpt_bounded_to_200_chars updated to use a phrase-form signal instead of the now-removed bare-429.

• PR-SUB-AGENT-CODEBLOCK-STRIP — SubAgentManager._to_sub_result / _to_agent_result (core/agent/sub_agent.py) now strip ``` `json ... ` `` markdown code fences before json.loads(isolation.output). Smoke 7 (v0.99.53, post PR-JSON-CODEBLOCK-STRIP) surfaced proximity + critic phases still failing — the consumer-side strip in parse_structured_output() doesn't help when the producer (sub_agent) wraps the fenced text into {"raw": <wrapped-text>} before the consumer sees it. Proximity's consumer (which expects either required fields or a text key) cannot recover from {"raw": ...}; critic's consumer also has no path to unwrap inside a raw envelope. Applying the strip at the producer layer eliminates the {"raw": ...} fallback for fenced JSON, so downstream agents see a proper dict. New module-level _JSON_CODEBLOCK_RE + _strip_json_codeblock() helper (sister regex to the one in plugins/seed_generation/agents/base.py from PR-JSON-CODEBLOCK-STRIP). Plain (un-fenced) JSON passes through unchanged; non-JSON text still falls back to {"raw": <text>} (preserving the original raw envelope behaviour). Pinned by 9 new regression tests in tests/core/agent/test_subagent_json_codeblock_strip.py: fence with json tag, fence with prose preamble, plain JSON regression, non-JSON raw fallback, empty output, bare ` fence, _to_agent_result fence unwrap, _to_agent_result plain JSON, _to_agent_result` raw fallback.

• PR-JSON-CODEBLOCK-STRIP — parse_structured_output() (shared parser used by Critic / Pilot / Ranker / Evolver / Meta-review) now strips ``` `json ... ` `` markdown code fences before json.loads(). The v0.99.53 smoke 6 surfaced critic / proximity / meta_reviewer phases failing on otherwise-valid JSON because the LLM (claude-cli with --json-schema not yet wired through the orchestrator) wrapped its response in a markdown code block. The pre-fix path called json.loads(raw_output["text"]) directly, which rejects the wrapper with JSONDecodeError, so the result was dropped and the phase aborted with "malformed payload". New _strip_json_codeblock() helper at the top of base.py uses a re.DOTALL regex to unwrap `json / `JSON / bare ` fences (optional language tag + optional newline variants), returning the inner body. Plain (un-fenced) JSON passes through unchanged. Pinned by 6 new regression tests in tests/plugins/seed_generation/test_base.py: test_parse_text_json_codeblock_fence_with_lang_tag, test_parse_text_json_codeblock_fence_no_lang_tag, test_parse_text_json_codeblock_fence_with_leading_prose, test_parse_text_json_codeblock_fence_uppercase_lang_tag, test_parse_text_json_codeblock_inline_no_newline, test_parse_text_plain_json_still_works_after_fence_helper`.

• PR-PERMS-FLAG-FIX — two coupled fixes for the v0.99.53 sub-agent isolation surface (caught by smoke 5 / Codex MCP review):
• A: actual permission bypass flag. build_claude_cli_argv() previously emitted --allow-dangerously-skip-permissions which is claude --help's meta ENABLE flag, NOT the actual bypass. The v0.99.53 smoke surfaced this when 1st sub-agent passed (Bash tools went through a lighter check) and 2nd hit Write denial on the same path. Now emits --dangerously-skip-permissions (no --allow- prefix) which is the documented bypass flag.
• B: claude-cli session cache isolation. build_claude_cli_argv() gains a disable_session_persistence: bool = False knob that appends --no-session-persistence. claude-cli's own ~/.claude/projects/<cwd-hash>/sessions/ cache is keyed on *cwd*, not on GEODE's per-agent task_id, so successive smoke runs in the same cwd silently shared cached conversation context — surfaced in smoke 5's proximity sub-agent response ("the excerpt mentions a scenario from a different smoke"). AgenticLoop adapter opts in via True since the sub-agent dispatch model is "one task_id, one spawn" — there is no cross-turn resume to optimize at that layer. PR-V's --resume <id> path stays intact for callers that explicitly thread a resume_session_id (none do at sub-agent dispatch today; preserved for future explicit-id callers).
• Pinned by 4 new argv unit tests: test_argv_skip_permissions_uses_real_bypass_flag_not_meta, test_argv_disable_session_persistence_default_false, test_argv_disable_session_persistence_true_appends_flag, test_argv_session_persistence_composes_with_skip_permissions. Existing PR-SKIP-PERMS argv tests updated to the new flag literal.

Added

• PR-PERMS-FLAG-FIX (JSON-forcing bundle) — AdapterCallRequest gains a response_schema: dict | None = None field that threads JSON Schema structured-output forcing through both subprocess adapter paths:
• claude-cli (plugins/petri_audit/claude_cli_provider.py): new json_schema: dict | None = None param on build_claude_cli_argv() appends --json-schema <inline-json> when set. Mirrors Anthropic SDK messages.parse(output_format=PydanticModel) → JSONOutputFormatParam(schema=..., type="json_schema").
• codex-cli (core/llm/adapters/codex_cli.py): when req.response_schema is set, the adapter materialises the schema into a tempfile and appends --output-schema <FILE> (codex-cli takes a file path, claude-cli takes inline — both surface map to the same provider-side structured-output API that the OpenAI SDK exposes as chat.completions.parse(response_format=PydanticModel)). Tempfile cleanup via try/finally so a subprocess crash doesn't leak /tmp artefacts.
• Default None preserves back-compat (callers that don't need structured output get free-form text responses).
• Eliminates the "LLM returns natural language + code block instead of pure JSON" failure that clipped proximity / critic / pilot / meta_reviewer in the v0.99.53 smoke 5. Wire-through from seed-generation orchestrator → role-specific schema is a follow-up PR (this PR lands the infrastructure).
• Pinned by 3 new argv unit tests for claude-cli: test_argv_json_schema_default_none_omits_flag, test_argv_json_schema_dict_appends_serialized_inline, test_argv_json_schema_composes_with_all_other_flags.

• PR-PRT-STATUS — claude-cli transient classifier no longer false-matches the informational rate_limit_event payload as a rejection signal. Pre-fix the regex's first alternative was rate[-\s]?limit(?:ed)? with IGNORECASE: the ? made the separator optional, so the camelCase rateLimitType (inside the informational rate_limit_event JSON line that claude-cli emits on every turn with status="allowed" + isUsingOverage=false) matched as if it were a quota rejection. The v0.99.53 smoke surfaced this on every generator candidate: claude-cli ran cleanly through 10-12 tool calls (rc=0 + is_error=false + subtype="success") and wrote the seed markdown, but the classifier still flagged the stdout's embedded rateLimitType and the adapter raised ClaudeCliTransientUpstreamError — empty candidates downstream.
• Both sibling regexes tightened to rate[-_\s]limit(?:ed\b|_error\b|(?![_a-zA-Z])): requires a real separator (hyphen/underscore/whitespace, not optional), and the trailing alternation explicitly handles ed / _error word-boundaries OR a negative-lookahead that rejects further word-char continuation (so rate_limit_event, rate_limit_info, rateLimit all fall through cleanly).
• Sites: plugins/petri_audit/claude_cli_provider.py:CLAUDE_TRANSIENT_UPSTREAM_RE and core/llm/claude_cli_errors.py:_TRANSIENT_UPSTREAM_RE (must stay in lockstep per paperclip parity).
• Pinned by tests/core/llm/test_claude_cli_errors.py::TestIsTransientUpstream::test_informational_rate_limit_event_is_not_transient (6 parametric cases — the full rate_limit_event JSON, rateLimitType quoted field, bare rate_limit_event / rate_limit_info, rateLimit camelCase) on top of the existing 8 positive-match parametric cases (real "rate limited" / "5-hour limit reached" / etc) that still match.

Added

• PR-SKIP-PERMS — build_claude_cli_argv() accepts a new skip_permissions: bool = False parameter that appends --allow-dangerously-skip-permissions to the claude-cli argv when True. GEODE's AgenticLoop adapter (core/llm/adapters/claude_cli.py) passes True so headless sub-agent subprocesses don't hang on interactive permission prompts (Write outside cwd, Bash dangerous commands, etc.).
• Smoke-blocking issue (v0.99.53 smoke after PR-TIMECAP): every seed-generation generator candidate tried Write → got permission denied → tried Bash-cat-redirect → denied → tried Agent delegation → denied → exited cleanly with a "please grant write access" final message → pipeline saw empty candidates → aborted. claude-cli rc=0 + is_error=false the whole way (no claude-cli bug, just an interactive-prompt-in-headless-subprocess mismatch).
• Default off so inspect_ai / petri_audit interactive paths keep their permission prompts; AgenticLoop adapter explicitly opts in. The CLI flag is --allow-dangerously-skip-permissions (recommended only for sandboxes per claude --help) — GEODE's sub-agent dispatch IS such a sandbox (denied_tools set + working_dirs whitelist + isolated subprocess).
• Pinned by tests/plugins/petri_audit/test_claude_cli_provider.py (4 cases — default-off, explicit-on, ordering vs --tools, composes-with-extra_args).

Changed

• PR-TIMECAP — unify claude-cli + seed-generation sub-agent wall-clock gates to a 30-minute time-cap, dropping the residual turn-cap on the claude-cli adapter path. GEODE's policy is "no turn-cap, run on time-cap"; the v0.99.52 → v0.99.53 smoke surfaced two leaks of that policy:
• core/llm/adapters/claude_cli.py:_call_llm was passing max_turns=1 to build_claude_cli_argv — an inspect_ai contract leak (that path owns its own iteration loop and expects generate() to return after a single turn). AgenticLoop's adapter call does the opposite: claude-cli must run its internal tool-loop until it produces a terminal stop_reason. The previous cap produced error_max_turns on the first tool call of every seed-generation generator (Glob → Read → Write sequences need multiple internal turns within a single adapter call). Now passes max_turns=100 — high enough that the 30-minute time-cap always trips first, effectively turning the flag into a safety ceiling.
• core/llm/adapters/claude_cli.py:_run_claude_subprocess bumped timeout_s from 600s to 1800s (10min → 30min).
• plugins/seed_generation/_registry_builder.py bumped SubAgentManager.timeout_s from 600s to 1800s to match.
• All three caps now trip together at the 1800s boundary rather than producing a window where the parent gives up before the subprocess does (or vice versa).

> Drift / fallback / model-spec / settings-sync bundle. PR-DRIFT-CUT > (#1598) cut the per-turn auto-revert that silently reverted operator > `/model selections + the cross-provider fallback chains that > cascaded a single 400 into z.ai 200, and grounded OpenAI / Codex / > GLM adapter quirks (max_completion_tokens / temperature / > 128-tool cap) in an explicit per-model registry. PR-R6 (#1599) > closed the CLI ↔ daemon settings.model drift with a > Hermes-style reload_settings_from_disk() boundary read at > services.create_session + bridged settings.agentic_effort > into the AgenticLoop` constructor so the operator's picker > choice propagates end-to-end. 2 PRs, 6+ regression categories > closed.

Fixed (PR-R6, 2026-05-24)

• CLI ↔ daemon `settings.model` drift closed via Hermes-style boundary read. PR-DRIFT-CUT removed the per-turn auto-revert (drift sync) that was silently re-syncing daemon's stale `settings.model to disk, which surfaced a latent gap: the CLI process writes GEODE_MODEL to .env and primary_model to config.toml via _apply_model, but the daemon's pydantic Settings singleton kept its boot-time snapshot — so /model gpt-5.5 was ignored at the next session start (the v0.99.52 smoke regression). New helper core.config.reload_settings_from_disk() mutates the live singleton in place from .env + config.toml + GEODE_* env vars (Hermes pattern: "fresh read at session boundary"), and services.create_session calls it before reading settings.model to construct the next AgenticLoop. Idempotent + cheap; no file-watcher dependency (chokidar/inotify deliberately avoided — the watcher race conditions don't compose with GEODE's multi-trigger autonomous paths). Pinned by tests/test_settings_reload_from_disk.py (5 cases — singleton identity preserved, env-var pickup, idempotent, fresh-process safe, **effort bridge end-to-end**) + updated test_model_switch_propagates_across_sessions to flip GEODE_MODEL (the disk surface _apply_model actually writes) instead of mutating settings.model` directly.

• Operator's effort choice now reaches the live ``AgenticLoop``. `services.create_session was passing model=settings.model but not effort=settings.agentic_effort — the loop's effort: str = "high" constructor default won by omission, so the /model picker's effort axis was effectively a no-op on the main REPL/IPC path (sub-agents already read settings.agentic_effort directly via core/agent/sub_agent.py:533). R6 reload now correctly picks up the operator's choice into settings.agentic_effort, and the new constructor arg bridges it into loop._effort` so the next session honors low/medium/high/xhigh end-to-end.

Added

• PR-COMM-4 — transcript seq column + liveness watchdog API on SessionTranscript and RunTranscript. Two coupled observability improvements:
• Per-instance monotonic seq stamped on every JSONL row (_append + record_lifecycle_event). Lets multi-event timelines sort deterministically when ts ties (sub-second clock drift / NTP reset). Per-instance, not cross-process atomic — multi-writer files produce interleaved seqs that readers re-sort by (ts, seq).
• last_touched_at() returns the transcript file's mtime; None when the file doesn't exist (a never-started run isn't "stale"). is_stale(threshold_s, *, now=None) checks if no event arrived in the threshold window; now injectable for deterministic tests. RunTranscript exposes the same passthrough so seed-gen operators can poll run_transcript.is_stale(900) directly without poking at the wrapped SessionTranscript.
• Existing tests/core/self_improving_loop/test_run_transcript.py::test_append_writes_jsonl_row updated to include the new "seq": 1 field in its exact-match assertion (full-row regression pin — every existing field is still grep-provable in the diff).
• Thread-safety fix (Codex MCP review catch): pre-fix the seq stamp lock was released before the write lock was re-acquired, letting concurrent same-instance callers allocate seq N+1 / N+2 and then write in the opposite order (seq monotonic but file order broken). Now seq stamping + write are held under a single self._lock acquisition. Pinned by test_seq_holds_under_concurrent_threads (10 threads × 10 appends → 100 rows with seqs 1..100 in exact file order).
• Pinned by tests/test_transcript_seq_liveness.py (13 cases — seq monotonic × 4, seq under threads × 1, seq across instances × 1, last_touched_at × 2, is_stale × 3, RunTranscript passthrough × 3).

• PR-COMM-3d — AgenticLoop's main _call_llm path now emits LLM_CALL_STARTED / LLM_CALL_ENDED hooks with session_id + usage + cost_usd so the SQLite agent_runtime_state.total_*_tokens cumulative writer (registered in PR-COMM-3b but unwired for the main loop path) actually accumulates per-call traffic. Pre-fix only the router/calls/*.py one-off helpers fired LLM_CALL_ENDED, and they didn't carry the agent context the writer needed.
• core/agent/loop/agent_loop.py:_call_llm wraps the adapter.acomplete() call with LLM_CALL_STARTED (before) and LLM_CALL_ENDED (after — success and error paths). The success payload carries session_id, model, provider, adapter, latency_ms, usage dict (input_tokens / output_tokens / cached_input_tokens), and cost_usd (computed locally via token_tracker.calculate_cost). Hook trigger failures are swallow-and-warn so a broken handler never blocks the loop.
• core/wiring/bootstrap.py registers agent_runtime_llm_call_ended → accumulate_tokens_and_cost under the existing agent_runtime_state plugin. Ignores zero-token / missing-session_id payloads so legacy router/calls/*.py emitters don't pollute the table.
• Pinned by tests/test_llm_call_ended_cumulative.py (5 cases — single-call cumulative write × 1, multi-call sum × 1, legacy payload no-op × 1, zero-token no-op × 1, missing-session_id no-op × 1).

Changed

• PR-COMM-3c — migrates core/agent/loop/agent_loop.py claude-cli sessionId persistence from file-based <run_dir>/sub_agents/<task_id>/session.json (PR-V) to the SQLite agent_runtime_state.claude_cli_session_id column landed by PR-COMM-3 / PR-COMM-3b. Dual-write during the 1-release grace window; legacy file path slated for deletion in v0.99.54.
• _persist_session_id writes to SQLite primary (via record_agent_session_end(agent_id, claude_cli_session_id=...)) then writes the legacy session.json file so existing on-disk caches keep working through deploys that haven't ingested the SQLite writer yet. Empty emitted_session_id is a no-op for both stores (preserves prior cached values across cross-cycle adapter switches).
• _load_prior_session_id reads SQLite first, falls back to session.json on miss or SQLite error. REPL / gateway paths that have no run_dir scope still get SQLite persistence (file write no-ops, SQLite write lands) — that's the migration's whole point.
• Pinned by tests/test_session_id_persistence.py (9 cases — SQLite-primary read × 1, file-fallback read × 2, dual-write × 3, empty-noop × 2, SQLite-failure-falls-back × 1, plus a fresh isolate_sessions_db autouse fixture added to tests/core/llm/adapters/test_claude_cli_resume.py so the existing V.4 round-trip tests no longer pollute the developer's real ~/.geode/projects/.../sessions.db).

Added

• PR-COMM-3b — wires the PR-COMM-3 SQLite agent_runtime_state writers into the running AgenticLoop. Three coupled changes:
• core/agent/loop/_lifecycle.py:_final_hook_payloads enriches the SESSION_ENDED payload with agent_kind (derived from _parent_session_id — "subagent" when set, "repl" otherwise), component (from current_run_transcript().component, fallback "agentic_loop"), adapter_type (from _new_adapter.name), and claude_cli_session_id (cached on the loop by the PR-V _persist_session_id helper — new _last_emitted_session_id field on AgenticLoop).
• core/agent/sub_agent.py:_emit_hook adds component (same derivation) and status ("completed" / "failed" from sub_result.success) to every SUBAGENT_* trigger.
• core/wiring/bootstrap.py registers two HookSystem handlers under the agent_runtime_state plugin name: agent_runtime_session_end → record_agent_session_end on SESSION_ENDED, agent_runtime_subagent_completed → record_subagent_completed on SUBAGENT_COMPLETED. Handlers no-op on missing session_id / task_id keys (defensive).
• LLM_CALL_ENDED cumulative tokens deferred to PR-COMM-3d: AgenticLoop's main _call_llm path does not yet emit LLM_CALL_ENDED (only router/calls/*.py one-off calls do), so the accumulate_tokens_and_cost writer remains unwired.
• Production SUBAGENT_FAILED fix: pre-PR the failure call site sub_agent.py:407 passed only error= — Codex MCP catch — so the writer's last_run_status column was never stamped "failed" on production failures. Now passes sub_result= alongside.
• Pinned by tests/test_agent_runtime_state_wiring.py (13 cases — SESSION_ENDED enrichment × 6 across REPL / sub-agent / bare-loop paths, SUBAGENT_STARTED/COMPLETED/FAILED enrichment × 3, bootstrap handler wiring × 4 end-to-end).

• PR-COMM-3 — per-agent cumulative runtime state in SQLite. Adds agent_runtime_state (14 cols) + run_lineage (9 cols) tables to sessions.db (audit doc §4 Option A — co-located with sessions and messages rather than a separate runtime.db so cross-table joins stay local). Schema:
• agent_runtime_state carries the claude-cli sessionId for the next --resume, cumulative tokens / cost (total_input_tokens / total_output_tokens / total_cached_input_tokens / total_cost_cents), and the last error. Two orthogonal-axis columns (agent_kind: subagent/repl/gateway/scheduler; component: seed-generation/self-improving-loop/petri-audit/ autoresearch/agentic_loop/serve/scheduler) separate process origin from GEODE subsystem.
• run_lineage tracks per-cycle retry/refinement chains (parent_run_id → root_run_id) for multi-cycle agents (seed-generation, self-improving-loop).
• 7 indexes (idx_agent_runtime_kind / _component / _updated / _session; idx_run_lineage_agent / _parent / _root) for the expected query shapes.
• core/observability/agent_runtime_state.py (NEW) — writer/reader API: record_agent_session_end, record_subagent_completed, accumulate_tokens_and_cost, record_run_lineage, mark_run_ended, get_agent_runtime_state, get_retry_chain, get_root_run. Failures swallow-and-warn so the upstream hook never breaks.
• Pinned by tests/test_agent_runtime_state.py (17 cases — schema bootstrap × 4, writers × 8, lineage × 5).
• Deferred to PR-COMM-3b: bootstrap hook handler registration + emit-site augmentation. The current SESSION_ENDED / SUBAGENT_COMPLETED / LLM_CALL_ENDED payloads do NOT carry the fields the writers need (agent_kind, component, adapter_type, claude_cli_session_id, usage, session_id) — Codex MCP review caught the gap. Wiring handlers without augmenting the emit sites would silently no-op in production, violating the Read-Write parity guard. PR-COMM-3b will augment _lifecycle.py:_final_hook_payloads, sub_agent.py:_emit_completed, and the six router/calls/*.py LLM_CALL_ENDED sites, then wire the handlers — both ends of the wire grep-provable in the same diff.
• Deferred to PR-COMM-3c: migrating core/agent/loop/agent_loop.py:_persist_session_id from <run_dir>/sub_agents/<task_id>/session.json to the SQLite agent_runtime_state.claude_cli_session_id column. Ships once the writer is verified producing the expected row shape in the wild (post-COMM-3b).

• PR-COMM-2 — HookSystem.register_prefix() + unregister_prefix() for wildcard event subscriptions. Pre-fix the bootstrap had to enumerate every HookEvent value to attach a global run_log handler: ``python for event in HookEvent: hooks.register(event, handler_fn, name=handler_name, priority=50) ` Adding a new event silently bypassed the run log (no compile-time check). The new API collapses the loop to one call: `python hooks.register_prefix("*", handler_fn, name=handler_name, priority=50) ` Match rule: "*" matches every event; any other prefix matches when HookEvent.name == prefix OR name.startswith(prefix + "_") — the trailing-_ segment boundary prevents "NODE" from accidentally matching a future NODELESS_* event. Internal storage is a separate _prefix_hooks: dict[str, list[_RegisteredHook]] consulted by a new _resolve_hooks_for() helper, so all six trigger paths (trigger, trigger_async, trigger_with_result, trigger_with_result_async, trigger_interceptor, trigger_interceptor_async) share one dispatch table. Exact + wildcard handlers compose in a single priority-sorted execution order; same name across exact and wildcard dedups to one invocation (exact wins). list_hooks() introspection surfaces wildcards under "*<prefix>" keys; clear() with no event drops both exact + wildcard tables (Codex MCP review catch — pre-fix wildcards survived clear() invisibly). Pinned by tests/test_hooks.py::TestRegisterPrefix (15 cases). Migrated core/wiring/bootstrap.py:168` from the enum loop.

Fixed

• PR-DEFECT-AB — sub-agent failure signal propagation across the worker IPC boundary. Two coupled regressions surfaced by the v0.99.52 seed-generation smoke (proximity 111s + critic 66s both returned malformed JSON that downstream phase agents then ingested as legitimate content):
• Defect A (core/llm/errors.py:classify_llm_error): ClaudeCliTransientUpstreamError (raised by PR-T's claude-cli transient classifier) fell through to the generic unknown classification, which routed claude-cli 429s / overload / quota signatures through the AgenticLoop's "Unexpected error. Auto-retrying." fallback path instead of the dedicated rate_limit branch at agent_loop.py:1595. Now lazy-imports the plugin exception and maps it to rate_limit so the loop fails fast with the same diagnostic as native SDK 429s — paperclip parity (execute.ts:809 tags identical signatures with errorCode = "claude_transient_upstream").
• Defect B (core/agent/worker.py:_run_agentic): WorkerResult.success = bool(text) reported True whenever the sub-agent loop produced any non-empty string, including the _build_model_action_result fallback UI text the loop emits on model_action_required / context_exhausted / llm_error / billing_error / cost_budget_exceeded / convergence_detected terminations. Now gates success on the absence of AgenticResult.error AND the termination_reason not being one of those six failure sentinels. summary now surfaces the actual cause ("Sub-agent failed: model_action_required; termination_reason=model_action_required") so parent timeline rows explain WHY the spawn produced no usable output. The legacy "No response from sub-agent" string is preserved for the empty-text + no-error + unknown-termination case so existing log greppers keep working.
• Pinned by tests/core/llm/test_classify_llm_error.py (19 cases — PR-T mapping + every Anthropic + OpenAI SDK branch + parametric unknown-fallback smoke) + tests/test_worker.py::TestResolveWorkerOutcome (16 cases — every failure sentinel + clarification / input_blocked / user_cancelled exemptions + convergence-as-failure pin + summary contract).

Changed (PR-DRIFT-CUT, 2026-05-24)

• Drift sync + provider fallback chains deprecated. The runtime no longer reverts an operator's `/model selection in the daemon process. _settings_model_target / sync_model_from_settings_async are now no-ops and clearly marked deprecated. Cross-provider and same-provider automatic model fallback is also cut at every site (_get_fallback_chain, per-provider fallback_chain properties) so a 400 / credit / rate-limit on the primary model never silently cascades to another provider. Operators must invoke /model <id>` explicitly. Trigger: v0.99.52 post-merge smoke (gpt-5.5 selection reverted to claude-opus-4-7 on first turn; a stale Anthropic credit-low cascaded into a z.ai 200 but the UI surfaced the Anthropic error).

• OpenAI / Codex / GLM adapters now ground per-model API quirks in an explicit registry (`_OPENAI_MODELS in core/llm/adapters/_openai_common.py) instead of startswith("gpt-5") prefix checks. Each entry records uses_max_completion_tokens (replaces max_tokens for the reasoning family), accepts_temperature (False for active reasoning), reasoning_effort_values, and the model's context window. Unknown model ids fall back to legacy gpt-4.x semantics with a one-shot WARNING so adding a new model cannot silently drift behaviour. Replaces the prefix heuristic that mis-routed max_tokens for gpt-5.5 → 400 Unsupported parameter`.

• Tools array hard-capped at 128 entries at the OpenAI-family adapter edge. Shared `cap_tools truncates with an operator-actionable warning when the registry layer delivers more than the spec maximum (verified 2026-05-24 against OpenAI Chat Completions + Codex Responses + applied defensively to GLM PAYG / Coding Plan endpoints). Prevents the array_above_max_length` 400 the v0.99.52 smoke hit on gpt-5.5 with 176 tools.

• ``classify_llm_error`` no longer mis-flags ``max_tokens`` errors as context overflow. The previous heuristic was a substring match (`"token" in msg) that fired on any 400 mentioning a max_tokens parameter — including OpenAI's gpt-5.x "Unsupported parameter: 'max_tokens'" 400. A new _looks_like_context_overflow helper prefers the structured error.code field (context_length_exceeded / prompt_too_long`) and falls back to a tight word-anchored regex on the message body. Misclassification caused the v0.99.52 smoke to render "Context window exhausted" while the actual cause was a parameter-name mismatch.

• Subscription terminology generalised. Operator-facing copy + comments + UI no longer hard-codes "ChatGPT Plus" / "Plus quota" / "Plus subscription" — the Codex CLI works with Plus / Pro / Business / Edu / Enterprise tiers, and the `/login` menu now lists Claude Pro / Max ×5 / Max ×20 / Team alongside the ChatGPT tiers for parity. Free-form mentions of "Plus" are replaced with "subscription" so future tier additions do not require chasing strings.

Fixed (PR-DRIFT-CUT, 2026-05-24)

• Raw SDK exception JSON no longer leaks into the assistant transcript. The bad_request termination branch in `AgenticLoop used to emit "LLM call failed (Error code: 400 - {...})" verbatim. It now routes through _build_model_action_result like the auth / convergence branches, and summarize_error_detail strips the raw exception body down to the underlying error.message so the user sees a clean diagnostic + /model` hint.

> 2-PR bundle. PR-COMM-1 (#1587): 74 HookEvent → 11 group patterns > (32 typed lifecycle + 42 generic fall-through), paperclip activity_log > envelope + openclaw discriminatedUnion parity, every HookSystem > trigger now mirrors into the active RunTranscript pipeline transcript. > PR-V (#1588): paperclip --resume <sessionId> + per-agent > <run_dir>/sub_agents/<task_id>/session.json (agent_runtime_state > equivalent). System prompt suppressed on resume turns so the > CHANGELOG-claimed 5-10K tokens saved per turn actually materialises > (Codex MCP review of #1588 caught the deception path mid-cycle).

Added

• PR2 (V) — paperclip `--resume <sessionId>` + per-agent session.json. Spec doc §3 of docs/plans/2026-05-24-transcript-standardization-and-claude-resume.md. paperclip agent_runtime_state.sessionId + --resume parity → quota cache hit (5-10K tokens saved per turn per paperclip execute.ts:680). Pre-PR-V every claude-cli call started a fresh backend session and re-sent the full system prompt; PR-V threads the prior session_id through AdapterCallRequest.resume_session_id → --resume <id> argv → system.init event's session_id → persisted to <run_dir>/sub_agents/<task_id>/session.json → loaded on the next turn.
• V.1 core/llm/adapters/base.py — AdapterCallRequest.resume_session_id + AdapterCallResult.session_id fields (backwards-compat empty default).
• V.2 plugins/petri_audit/claude_cli_provider.py — build_claude_cli_argv(resume_session_id=...) prepends --resume <id> before --model. New extract_session_id_from_events() walks the system.init event (paperclip parse.ts:30-33 parity).
• V.3 core/llm/adapters/claude_cli.py — acomplete wires both directions (req → argv, events → result.session_id).
• V.4 core/agent/loop/agent_loop.py — _load_prior_session_id + _persist_session_id helpers read/write <run_dir>/sub_agents/<task_id>/session.json (PR-Q's resolver anchor). _call_llm reads before the adapter call, writes after. Empty session_id is no-op (non-claude-cli / first turn / outside scope).
• core/llm/adapters/translation.py — build_adapter_request threads the new resume_session_id kwarg.
• 11 new tests pin V.1 contract, V.2 argv ordering + parser, V.4 persistence round-trip + no-op semantics.

Added

• PR-COMM-1 — HookEvent → ActivityRow schema + union channel. Spec doc at docs/plans/2026-05-24-hookevent-activity-schema.md (S2 scope: 32 lifecycle typed + 42 generic fall-through). 3-codebase audit GAP 1 + 4 (P1). Pre-PR-COMM-1 the pipeline transcript carried 4 SessionTranscript mirrors + orchestrator phase events; the remaining 70 HookEvent triggers were invisible in the unified timeline.
• core/observability/activity.py (NEW) — paperclip PluginEvent<TPayload> envelope + openclaw discriminatedUnion pattern: ActivityRowBase + 11 group base classes + 32 lifecycle concrete classes (groups A/B/C/D) + GenericActivityRow escape hatch + TypedActivityRow discriminator on action.
• core/observability/activity_registry.py (NEW) — HOOK_EVENT_TO_ROW_BUILDER (32 typed) + map_hook_to_activity(event, data, run_id) (typed dispatch + generic fall-through for 42 non-lifecycle events).
• core/hooks/system.py — new _mirror_hook_to_active_transcript helper called at the end of both trigger() and trigger_async(). No-op outside an active RunTranscript scope (REPL / gateway / tests unaffected). Swallow-and-warn contract (paperclip activity-log.ts:65 parity) so a mirror failure never breaks the upstream caller.
• 17 new tests pin I1-I5 (envelope quintuple + concrete literals + discriminated dispatch + generic fall-through + 74/74 cover) and M1-M3 (union channel mirror + no-op outside scope + malformed payload still emits row).
• Frontier alignment: paperclip as const event tuple (packages/shared/src/constants.ts:1029), paperclip PluginEvent generic envelope (packages/plugins/sdk/src/types.ts:180), openclaw NormalizedEventSchema = z.discriminatedUnion("type", [...]) (extensions/voice-call/src/types.ts:90).

Changed

• PR-Q.5 + PR-U — transcript 표준화 (식별자 정렬 + paperclip-style timeline mirror). `docs/plans/2026-05-24-transcript-standardization-and-claude-resume.md 의 PR1 구현. Post-PR-Q audit 에서 발견한 식별자 단절 (sub-agent 의 result+stderr 는 sub_agents/<task_id>/ 에 가는데 dialogue 만 sub_agents/s-<uuid>/` 별도 폴더로 빠짐) + pipeline transcript 가 phase 마커만 들고 agent dialogue 가 inline 안 보이는 GAP 두 가지를 함께 해결.
• F1 (Q.5) `core/agent/loop/agent_loop.py — AgenticLoop.__init__ 에 session_id: str = "" 인자 추가. 비어있으면 legacy s-<uuid>`, 채워지면 그 값을 그대로 SessionTranscript 의 session_id 로.
• F2 (Q.5) `core/agent/worker.py — worker subprocess 의 AgenticLoop call site 가 session_id=request.task_id 명시. WorkerRequest.task_id 가 AgenticLoop / SessionTranscript / dialogue.jsonl path 의 단일 anchor 로 수렴. 결과: sub_agents/<task_id>/result.json + stderr.log + dialogue.jsonl` 단일 폴더 (PR-Q 의 의도 회복).
• F3 (U) `core/self_improving_loop/run_transcript.py, core/observability/transcript.py — RunTranscript.append 와 SessionTranscript.record_lifecycle_event 가 paperclip activity_log schema 의 actor_type / actor_id / action / entity_type / entity_id / task_id 옵션 필드 추가. 기존 caller (journal.append("phase_started", payload={...})) 는 default auto-infer (orchestrator / pipeline / f"pipeline.{event}"`) 로 무변경 동작.
• F4 (U) `SessionTranscript.record_user_message / record_assistant_message / record_tool_call / record_tool_result 가 active RunTranscript` 에 truncated mirror append. pipeline transcript 가 phase events + agent dialogue 통합 timeline 으로 동작. 풀 본문은 dialogue.jsonl 에 유지 (paperclip activity_log ↔ issue_comments 동등 navigation).
• 8 새 invariant 테스트 (`tests/core/observability/test_unified_timeline.py I1-I6) — single-anchor / single-dir / navigation 결정성 / backwards-compat + I5 (subprocess RunTranscript rebind via env) + I6 (cli.py grep-pin). 기존 test_run_transcript.py` 회귀 schema-additive fix 1건 (orchestrator default auto-infer 노출).
• Codex MCP review (post-#1584 push) caught two production gaps initial tests masked: (FAIL-1) ContextVars don't cross subprocess boundaries → SessionTranscript mirror was silently no-op in worker subprocesses (production path); (FAIL-2) `plugins/seed_generation/ cli.py opened run_transcript_scope but NOT run_dir_scope, so PR-Q's redirect path silently fell back to legacy ~/.geode/` globals. Both fixed in the same PR:
• `cli.py:351 now wraps in with run_dir_scope(run_dir), run_transcript_scope(journal):` — env-bridge propagates.
• `worker.py:main() re-creates a thin RunTranscript pointing at the same <run_dir>/transcript.jsonl and binds set_current_run_transcript` so cross-process mirror appends atomically (line < PIPE_BUF on macOS/Linux).
• paperclip parity: `packages/db/src/schema/activity_log.ts 의 12-field schema 매핑, packages/adapters/claude-local/src/server/parse.ts` 의 session_id 추출 패턴은 PR2 (V) 에서 이어짐.

• PR-Q — observability 일원화 (run-dir-as-anchor). Pre-PR-Q 한 seed-generation cycle 의 산출물 + 트랜스크립트가 5 prefix 에 분산 (`state/seed-generation/<run_id>/ + ~/.geode/self-improving-loop/<run_id>/ + ~/.geode/transcripts/<host>/s-*.jsonl + ~/.geode/workers/<task_id>.{result.json,stderr.log}`), 3 식별자 (run_id / task-id / session-hash) 가 join key 없이 흩어짐. 한 cycle 회수 하려면 5 grep + 수동 식별자 매칭. open-coscientist / paperclip / crumb / claude-code-ref 4/4 frontier 가 *단일 anchor + 단일 디렉터리* — GEODE 만 분산. 정정:
• 새 core/observability/run_dir.py 가 단일 SoT ContextVar (set_active_run_dir / get_active_run_dir / run_dir_scope) + cross-process bridge env (`GEODE_RUN_DIR) + path resolver (resolve_sub_agent_path(task_id, filename) → <run_dir>/ sub_agents/<task_id>/<filename>`) 제공.
• RunTranscript (W1): plugins/seed_generation/cli.py 가 `run_dir / "transcript.jsonl" 명시 path 로 binding — ~/.geode/self-improving-loop/<run>/` 에서 run-dir 안으로 이동.
• WorkerResult.backup (W2): core/agent/worker.py:_save_result_backup 가 resolve_sub_agent_path 우선 → `<run_dir>/sub_agents/<task_id>/ result.json. unbound 시 ~/.geode/workers/` fallback.
• IsolatedRunner.stderr (W3): _save_stderr 도 동일 resolver → `<run_dir>/sub_agents/<task_id>/stderr.log. spawn 시 parent 의 active run_dir 을 GEODE_RUN_DIR` env 로 child 에 전달.
• SessionTranscript (W4): __init__ 의 transcript_dir=None branch 가 resolve_sub_agent_path 우선 → `<run_dir>/sub_agents/ <session_id>/dialogue.jsonl. 명시적 transcript_dir=` 는 그대로 (RunTranscript 의 명시 path override 영향 없음).
• WorkerRequest.run_dir field 추가 (process-boundary carrier).
• core/agent/worker.py:main() 가 GEODE_RUN_DIR env 인헤리트해서 child ContextVar 재바인딩 (cross-process 일관성).
• bonus fix: develop 의 worker.py:main() 가 post-MAINPATH-1 (#1572) 이후 bootstrap_builtins() 호출 빠져서 sub-agent dispatch 가 `AdapterNotFoundError: Known pairs: []` 으로 즉시 crash 하던 것을 함께 fix (smoke 때 local hack 으로 임시 우회 중이던 패치 가 이제 develop 에 정상 통합).
• 9개 신규 테스트 — unbound fallback / scope bind+restore / SessionTranscript redirect / explicit transcript_dir override / worker backup redirect / 기본 pool fallback / stderr redirect / env constant. 76 broader test 회귀 없음.

• PR-T — claude-cli transient classifier observability 보강. Pre-PR-T is_claude_transient_upstream_error 는 `bool 만 반환했고 ClaudeCliTransientUpstreamError 는 stderr_tail 만 메시지에 넣었음. claude-cli 가 stderr 에 안 쓰니 항상 <empty>` — 진단 가치 0 (5-hour quota vs RPM cap vs backend 5xx vs OAuth slot cap 식별 불가). 변경:
• 새 classify_transient_signal(...) -> TransientSignal | None 이 matched substring + source (`stdout / stderr / event) + event_type + event_field 의 structured dataclass 반환. 기존 is_claude_transient_upstream_error 는 backwards-compat bool` wrapper 로 유지.
• ClaudeCliTransientUpstreamError 에 `signal: TransientSignal | None + dump_path: str | None structured field 추가. 메시지에 source= / matched= / dump=` 인라인 노출 → log 한 줄로 즉시 triage.
• ClaudeCliAdapter.acomplete 가 transient hit 시 full `(stdout, stderr, parsed events, classifier signal, rc) 를 ~/.geode/diagnostics/claude-cli-transient/<ts>-<model>.json 에 dump. classification 이후 버리던 raw 데이터 영구화 → 사후 분석으로 claude-cli 가 result` event 에 실은 실제 upstream message 회수.
• 11개 신규 테스트 + 변수 alias 정리 (stream_events / transient_signal / postmortem_path / assistant_text / hit_ts — feedback_no_naive_variable_names).

> Two-PR bundle. PR-HELPERS-3SPLIT (#1578) splits the deferred-from-v0.99.48 > `core/agent/loop/_helpers.py umbrella into three domain-named > siblings (_tool_factory / _sub_agent_announce / > _planner_dispatch) and closes the last item from the cleanup arc. > PR #1579 fixes the claude-cli silent-success path discovered during > the 2026-05-24 seed-generation smoke — ClaudeCliAdapter.acomplete > was returning raw stream-json stdout as the LLM's reply, so claude-cli's > ! Unexpected error. Auto-retrying.` retry-storm text was being > treated as a normal empty turn and the parent recorded a candidate > that was never written. Adapter now parses events through a > paperclip-ported transient-upstream classifier and raises loud.

Fixed

• claude-cli silent-success / "ghost candidate" path — `ClaudeCliAdapter.acomplete was returning raw --output-format stream-json stdout as AdapterCallResult.text. When claude-cli's internal retry layer surfaced ! Unexpected error. Auto-retrying. as its only output (verified during the 2026-05-24 seed-generation smoke — state.json recorded 2 candidates with 170s/186s durations but candidates/ was empty and elo_log.tsv had no match rows), the caller's AgenticLoop treated that error text as the LLM's reply, terminated with no tool calls, and the parent recorded a candidate that was never written. Adapter now parses stream-json via parse_stream_json_events and classifies the result through a new is_claude_transient_upstream_error regex ported from paperclip packages/adapters/claude-local/src/server/parse.ts:12. Hits raise ClaudeCliTransientUpstreamError (a ClaudeCliInvocationError subclass) instead of returning the error text as content. rc=0 with zero events now also fails loud. _extract_assistant_text extended to handle claude-cli's aggregated assistant event shape (message.content[].text) in addition to the existing content_block_delta and result` fallback paths.

Changed

• PR-HELPERS-3SPLIT — `core/agent/loop/_helpers.py` split into three domain-named siblings. PR-CLEANUP-6 (v0.99.48) had flagged this file as the lone deferred holdout from the file-name hygiene sweep: the new Naming CANNOT row forbids `_helpers filenames once a caller appears, but the catch-all here genuinely hosted three unrelated sub-systems (tool factory + sub-agent announce queue poller + planner LLM dispatcher) under one umbrella. Naming it to any single domain would have buried the other two; folding back into agent_loop.py` would have grown that file by 170 LOC. This PR reverses the PR-CLEANUP-1 fold along the actual ownership line — three new sibling modules, each name-matched to its sub-system:
• `core/agent/loop/_tool_factory.py (95 LOC, new) — owns get_agentic_tools + AGENTIC_TOOLS + the MAX_TOOL_RESULT_TOKENS / TOOL_LAZY_LOAD_THRESHOLD constants (the latter two still re-exported from core.agent.loop` for legacy module-attribute access).
• `core/agent/loop/_sub_agent_announce.py (55 LOC, new) — owns check_announced_results`, the OpenClaw Spawn+Announce queue poller invoked once per round by the AgenticLoop delegator.
• `core/agent/loop/_planner_dispatch.py (79 LOC, new) — owns try_decompose, the async planner LLM dispatcher that installs the Plan on SessionMetrics.active_plan. _helpers.py deleted (170 LOC). AgenticLoop._try_decompose + _check_announced_results delegator methods rewired to the new module names (full host history preserved in their docstrings: Tier-3-split sibling → PR-CLEANUP-1 fold → this 3-split). The package __init__ re-exports AGENTIC_TOOLS / MAX_TOOL_RESULT_TOKENS / get_agentic_tools from the new _tool_factory module so external imports (tests/test_s0a_tool_policy_reader.py, _response.py, agent_loop.py`) only need their import paths rewritten — no symbol-name change visible to consumers. Resolves the last deferred-item from the v0.99.48 cleanup arc.

> AgenticLoop main-path Path-B migration sprint — 4 PRs that retire > the legacy `AgenticLLMPort Protocol entirely. PR-MAINPATH-1 > (#1572) flipped AgenticLoop.__init__ to resolve _new_adapter > via the Path-B registry by default with a hard-fail contract; > PR-MAINPATH-234 (#1573) bundled the runtime /model switch > migration with verification-only steps for streaming + tool_use_id > round-trip; PR-MAINPATH-5 (#1574) removed CircuitBreaker > entirely (-386 LOC; per operator instruction in place of the > original "verify compatibility" plan); PR-MAINPATH-67 (#1575) > deleted core/llm/adapters/_legacy.py + _legacy_bridge.py > (-599 LOC), migrating still-needed symbols to three new > domain-named modules (paperclip.py / provider_inference.py > / translation.py). Resolves deferred-item #4 from the > v0.99.48 sprint summary. AgenticLoop is now Path-B-only — the > self._adapter field and the agentic_call` fallback branch > are gone.

Removed

• PR-MAINPATH-67 — final delete of the legacy `AgenticLLMPort` surface. Closes the AgenticLoop main-path migration sprint started by PR-MAINPATH-1. Two source files deleted (599 LOC total): `core/llm/adapters/_legacy.py (422 LOC; held the AgenticLLMPort Protocol, resolve_agentic_adapter factory, _ADAPTER_MAP registry) and core/llm/adapters/_legacy_bridge.py (177 LOC; held build_adapter_request + agentic_response_from_adapter_result). Symbols still in production use that lived in the deleted file moved to **domain-named modules** per the Naming CANNOTs (no _legacy / _helpers` suffix once a caller appears):
• `core/llm/adapters/paperclip.py (285 LOC, new) — host of LLMClientPort Protocol + ClaudeAdapter wrapper + LLM*Callable` Protocols. Name borrows from the paperclip-style abstraction the J-b.1 series established.
• `core/llm/adapters/provider_inference.py (68 LOC, new) — host of infer_provider_from_model (used by plugins/petri_audit`).
• `core/llm/adapters/translation.py (173 LOC, new) — host of build_adapter_request + agentic_response_from_adapter_result (sole consumer is now AgenticLoop._call_llm). Re-exports stripped: core/llm/adapters/__init__.py drops AgenticLLMPort + resolve_agentic_adapter + _ADAPTER_MAP; core/llm/router/__init__.py + core/agent/loop/__init__.py drop resolve_agentic_adapter` re-export. AgenticLoop:
• `core/agent/loop/agent_loop.py.__init__ no longer constructs self._adapter. _call_llm is Path-B-only — the if self._new_adapter is not None: guard + the else: response = await self._adapter.agentic_call(...) fallback branch are both gone. last_error reads self._new_adapter._last_error / self._last_llm_error` directly.
• `core/agent/loop/_model_switching.py — the _resolve_agentic_adapter shim deleted; _apply_model_update only re-resolves _new_adapter. Provider-level agentic_call methods (in core/llm/providers/{anthropic,openai,glm,codex}.py) **stay** because they're independently tested and not in the AgenticLoop's call path — their migration is out of scope for this PR. Test rewires: tests/test_model_failover.py::TestAgenticLoopFailover 4 tests now mock _new_adapter.acomplete via a new _install_acomplete_stub helper; tests/test_provider_switching.py no longer asserts on resolve_agentic_adapter; tests/core/llm/adapters/test_legacy_bridge.py → tests/core/llm/adapters/test_translation.py (file moved + import paths updated); tests/test_agentic_loop.py::test_adapter_initialized_at_construction now asserts _new_adapter.provider == "anthropic"; tests/test_model_escalation.py, tests/test_startup.py, tests/test_provider_label_consistency.py, tests/test_codex_provider.py, tests/test_model_switch_guard.py, tests/core/agent/test_agent_loop_source_route.py all migrate to read _new_adapter`. Resolves deferred-item #4 from the v0.99.48 sprint summary.

Removed

• PR-MAINPATH-5 — `CircuitBreaker` removed entirely. The module-level breaker singleton in `core/llm/fallback.py:CircuitBreaker (62 LOC) plus every can_execute() / record_failure() / record_success() call site across the 4 provider modules (core/llm/providers/{anthropic,openai,glm,codex}.py), the shared _get_provider_circuit_breaker dispatch helper in core/llm/provider_dispatch.py, the streaming-call breaker hooks in core/llm/router/calls/streaming.py, and the CircuitBreaker re-export from core/llm/router/__init__.py are all gone. retry_with_backoff_generic + _async lose their circuit_breaker= kwarg. Per operator direction ("circuit-breaker는 제거해줘"), the original PR-MAINPATH-5 plan to "verify circuit-breaker compatibility" is replaced with full removal. Cooldown semantics still live on the separate :class:core.auth.cooldown.CooldownTracker (per-key auth-error cooldown, unrelated to the breaker) and on the provider-internal retry/backoff loop. Test scaffolding stripped in lock-step: tests/conftest.py autouse _reset_circuit_breakers fixture deleted; tests/test_circuit_breaker_isolation.py deleted (75 LOC, contract no longer exists); test_provider_parity_v0532.py D1 section (CircuitBreaker call-pattern parity) dropped with a one-line historical note; test_billing_fatal.py, test_codex_request_shape.py, test_codex_normalize_parity.py, test_codex_responses_shape.py, test_profile_wiring.py all stripped of the CircuitBreaker() + circuit_breaker=cb scaffolding that was peripheral to each test's core assertion. The orphaned SessionMetrics.circuit_breaker_trips counter + record_circuit_breaker_trip() method removed (no production caller after the breaker is gone); test_session_metrics.py` follows. Cumulative impact: 18 source files touched + CHANGELOG entry = 19 files total in the diff; -386 net LOC across the source files (-406 deletions / +20 insertions), -351 net LOC including the CHANGELOG entry's added lines.

Changed

• PR-MAINPATH-234 — bundle of three main-path sprint steps.
• Step 2 (streaming path) — no-op: scanned for AgenticLoop references to `call_llm_streaming_async and found none. The streaming surface in core/llm/router/calls/streaming.py is only consumed by core/llm/adapters/_legacy.py 's adapter wrapper + tests/test_claude_adapter.py; the AgenticLoop main inference path is non-streaming (acomplete only, per the "rationale on not streaming per-delta" comment at agent_loop.py). No migration needed; PR-MAINPATH-7 will delete the legacy streaming surface alongside _legacy.py`.
• Step 3 (tool_use_id round-trip) — verified, no code change: the invariant is already pinned at the bridge boundary by :func:tests.core.llm.adapters.test_legacy_bridge.test_build_request_carries_tool_use_id_for_tool_messages (introduced when PR-MAINPATH-1's parent stack landed). The test proves `build_adapter_request extracts tool_use_id from each {"role": "tool", ...} dict and threads it into the typed :class:Message(tool_use_id=...)`. AgenticLoop's main path just passes messages through, so the bridge-level pin covers the full round-trip.
• Step 4 (``/model`` switch on Path-B): `core/agent/loop/_model_switching.py:_apply_model_update now re-resolves loop._new_adapter whenever the provider changes, via the new _resolve_path_b_adapter(provider, source) helper. Pre-PR the function only updated the legacy loop._adapter, so a /model switch between providers (e.g. claude-opus-4-7 → gpt-5.5) would leave the Path-B adapter pointing at the previous provider's API; the next _call_llm round would dispatch through the wrong endpoint. The new helper mirrors the AgenticLoop.__init__ normalisation (openai-codex → openai, source preserved from loop._source). Hard-fail contract preserved per Codex MCP 2026-05-23 HIGH 2. A new test_runtime_model_switch_re_resolves_path_b_adapter` invariant test pins the dual-adapter re-resolution.

• PR-MAINPATH-1 — AgenticLoop main-path Path-B default cutover. Step 1 of the multi-PR sprint that retires the legacy `AgenticLLMPort surface. AgenticLoop.__init__ 's source parameter now defaults to "payg" (matching the J-b.2 mutator runner and J-b.3 reflection node) instead of the empty string that previously landed every caller on the legacy resolve_agentic_adapter route; sub-agent workers continue to override via :attr:WorkerRequest.source. With a concrete source always present, self._new_adapter is resolved through :func:core.llm.adapters.registry.resolve_for at init time — AgenticLoop._call_llm 's pre-existing if self._new_adapter is not None: branch (the Path-B acomplete + _legacy_bridge translation path) becomes the de-facto default; the legacy self._adapter.agentic_call fall-through stays as the safety branch for _new_adapter is None and continues to feed getattr(self._adapter, "last_error", None) into the agentic UI's error surface. Hard-fail contract preserved per Codex MCP 2026-05-23 HIGH 2 — the registry's AdapterNotFoundError propagates if the (provider, source) pair is unregistered rather than silently routing through the legacy adapter. Tests: tests/core/agent/test_agent_loop_source_route.py test_empty_source_leaves_new_adapter_none flipped to test_empty_source_defaults_to_payg_after_mainpath_cutover with the new contract pinned (_new_adapter.name == "anthropic-payg", _source == "payg"). tests/test_model_failover.py::test_call_llm_uses_adapter forces _new_adapter = None before mocking the legacy adapter so the legacy-delegation invariant it pins keeps running on the fallback branch. tests/conftest.py gains an autouse _bootstrap_adapter_registry fixture that calls :func:bootstrap_builtins before each test — production runtime already calls this from core/wiring/container.py at startup, but the test harness used to construct AgenticLoop without it, which now raises AdapterNotFoundError` for the cutover default.

> Cleanup-arc release — 7 PRs (PR-DOCS-CANT-CAN + PR-CLEANUP-3 > through 7 + Step J-b.3) plus a single naming-pivot follow-up. The > arc started from a 25-package core/ audit against 7 frontier > agents and ended with core/ at 22 packages, 4 _helpers/_utils > survivors renamed or pruned, 2 backward-compat shims removed > (core/llm/client.py, the core.observability re-exports), 6 new > Naming/Compat/Registry CANNOT rows landed in CLAUDE.md, and the > reflection node migrated to the Path-B LLMAdapter Protocol. The > SessionJournal → RunTranscript relocation follow-up (PR-CLEANUP-7 > #1569) closes the operator catch on the misleading "journal" name > that the 3-Tier preservation architecture reserves for Tier 2 > summaries.

Changed

• PR-CLEANUP-7 — ``SessionJournal`` renamed + relocated to ``RunTranscript`` under ``core/self_improving_loop/``. The class hosted in `core/observability/session_journal.py was misnamed twice over: "journal" collided with the 3-Tier preservation architecture's Tier 2 (summaries) when this class actually wrote Tier 1 (event logs), and "observability" was the wrong location because every caller (25 files across core/self_improving_loop/, plugins/seed_generation/, plugins/petri_audit/, plus the autoresearch/ package's emitter) lives inside the self-improving-loop surface — no generic AgenticLoop` consumer ever bound one. Move + rename:
• `core/observability/session_journal.py → core/self_improving_loop/run_transcript.py`.
• `SessionJournal → RunTranscript; current_session_journal → current_run_transcript; session_journal_scope → run_transcript_scope; set_current_session_journal → set_current_run_transcript. The ContextVar key ("self_improving_loop_session_journal" → "self_improving_loop_run_transcript"`) follows.
• Tests path mirror: `tests/core/observability/test_session_journal.py → tests/core/self_improving_loop/test_run_transcript.py. core/observability/__init__.py drops the 4 re-exports (SessionJournal / current_session_journal / session_journal_scope / set_current_session_journal) — the package is back to OTel + per-session metrics only. Callers that reached the class through the core.observability re-export migrate to the canonical core.self_improving_loop.run_transcript import path. Migration scope: ~30 files touched across core/, plugins/, autoresearch/, scripts/, tests/. The on-disk file (~/.geode/self-improving-loop/<id>/transcript.jsonl) and the JSONL schema ({ts, session_id, gen_tag, component, level, event, payload}) are unchanged — no operator-visible data migration. One test (test_run_audit_seeds_emits_cost_preview_into_session_journal + 3 siblings) needed the RealJournal reference hoisted out of the patch() context to avoid recursion (the pre-PR test relied on the now-removed core.observability re-export holding the canonical class while the inner session_journal` attribute was patched; with the canonical class now in one place, the test pattern has to capture the unpatched class before entering the patch context).

• Step J-b.3 — reflection node migrated to the LLMAdapter Protocol. `core/agent/loop/_reflection.py 's dispatch path moves off the legacy AgenticLLMPort.agentic_call surface (resolved via :func:core.llm.adapters.resolve_agentic_adapter) and onto the v0.99.39 Path-B Protocol — :func:~core.llm.adapters.registry.resolve_for + :meth:~core.llm.adapters.base.LLMAdapter.acomplete with a typed :class:~core.llm.adapters.base.AdapterCallRequest`. The reflection call therefore inherits I.a's Codex OAuth header dedup and F's GLM adapter family on the same code path the J-b.2 mutator runner now uses (so the agentic loop and the self-improving-loop mutator share one credential / adapter surface for the API path).

Translation: the in-source `_REFLECTION_TOOL dict (kept as SoT so the ADR-012 reflection policy override path keeps working) is converted to a :class:~core.llm.adapters.base.ToolSpec at request time. The strict: True field the legacy dict carried is dropped in translation — ToolSpec does not surface it today, and _anthropic_common.translate_tool would strip it anyway. The client-side _apply_reflection isinstance + range checks already enforce the same payload contract, so the regression is a soft degrade from "server-rejects-malformed" to "client-coerces-silently" rather than a fail-open. Restoring server-side strict validation is tracked as a future ToolSpec` Protocol extension.

Result-side: `_extract_reflection_input now reads from :attr:AdapterCallResult.tool_uses (tuple of {id, name, input} dicts) but tolerates the legacy AgenticResponse.content list-of- ToolUseBlock shape for back-compat. A _normalize_provider_for_registry helper (4 lines, duplicated from :func:core.self_improving_loop.runner._normalize_provider_for_registry per the "no premature hoisting" principle — both callers can diverge later if their needs split) translates "openai-codex" → "openai"` so the registry's narrower vocabulary lands on the right adapter.

Tests: `tests/test_reflection_node.py 's _StubAdapter now implements acomplete(AdapterCallRequest) instead of agentic_call(**kwargs), _install_reflection_stubs monkeypatches resolve_for instead of resolve_agentic_adapter, the happy-path + tool-schema assertions move to the new AdapterCallResult(tool_uses=(...)) / ToolSpec shape. The tools[0].get("strict") is True assertion is removed alongside the dict→ToolSpec translation; a comment in the test calls out the intentional contract narrowing. tests/test_s0b_reflection_reader.py 's source-substring assertions move from system=active_system / tools=[active_tool] to system_prompt=active_system / tools=(tool_spec,)` to match the dataclass field names.

Out of scope (intentional): the AgenticLoop's main call path (`core/agent/loop/agent_loop.py, _model_switching.py, package __init__) still uses :func:~core.llm.router.resolve_agentic_adapter + adapter.agentic_call(...). That migration is its own sprint — the agentic call surface is materially larger (streaming + tool_use_id` round-trip + retry orchestration) than the reflection call and needs separate Codex-MCP review. J-b.3 stops at the reflection node.

Removed

• PR-CLEANUP-6 — file-name hygiene sweep: catch-all `_helpers` / `utils` filename survivors. Four targets, four different fates, one rule (the new Naming CANNOT row that forbids `_helpers / _utils / _misc` filenames once a caller appears):
• `core/cli/_helpers.py` deleted — 21-LOC file with one function (`parse_dry_run_flag) that had zero callers across core/, tests/, plugins/. Dead code; deletion is the cleanest enforcement. core/utils/env_io.py`'s docstring (it was the v0.85.0 split target of this file) updated to record the removal.
• `core/agent/tool_executor/_helpers.py` renamed to `result_token_guard.py` (60 LOC) — owns `_compute_model_tool_limit + _guard_tool_result, which together form the per-tool token-budget guard the ToolExecutor runs on each result. Two relative imports (processor.py + package __init__`) updated.
• `core/mcp/utils.py` renamed to `signal_fallback.py` (78 LOC) — owns `parse_mcp_content + try_mcp_signal_async, the MCP-first / fixture-fallback shape extracted from core/tools/signal_tools.py` during the v0.66.2 step-5 split so external plugins could adopt the same surface. Currently zero in-tree callers (intentional public surface); kept (not deleted) for the plugin contract.
• `core/hooks/utils.py` renamed to `dispatch.py` (36 LOC) — owns `fire_hook, the cross-layer hook dispatch helper consolidated from the four near-identical _fire_hook copies. "dispatch" is what the function actually does; "utils" was a placeholder. 4 importers (core/tools/memory_tools.py, core/llm/provider_dispatch.py, core/llm/router/_hooks.py, core/cli/__init__.py`) updated.

Deferred (one file left over, on purpose): `core/agent/loop/_helpers.py (170 LOC, host of get_agentic_tools + check_announced_results + try_decompose) was the consolidation target of PR-CLEANUP-1 and is genuinely multi-concern (tool factory + sub-agent announce poller + planner dispatch). Any rename would either be vague (_internals.py`) or would force the PR-CLEANUP-1 fold to reverse. The right move is to either (a) accept the catch-all as load-bearing for this one case or (b) split the file along its three sub-concerns in a separate PR — flagged for the next cleanup sprint rather than rushed here.

Changed

• PR-CLEANUP-5 — `core/cli/tool_handlers/` consolidation + `_helpers` rename. Two cleanups in this surface:
• Six small handler files (each <50 LOC, each wrapping exactly one tool class) folded into a single ``core/cli/tool_handlers/single_tool.py``. The files were `data.py / notification.py / output.py / offload.py / computer_use.py / calendar.py. Every builder did the same thing (instantiate one Tool class, wrap its aexecute in a closure, return {name: handler}) with zero shared state, so the per-tool split was pure noise. The _build_<area>_handlers symbol names are preserved verbatim, so the package __init__.py` and external test callers continue to import them unchanged — only the source module-name differs.
• ``core/cli/tool_handlers/_helpers.py`` renamed to ``clarification.py`` to satisfy the new Naming CANNOT row that forbids `_helpers / _utils filenames once a caller appears. The file owns two functions — _clarify (builds the clarification_needed follow-up-question response) and _safe_delegate (turns missing-kwarg exceptions into _clarify calls). Both functions are clarification-shaped responses for tool dispatch, so the new name describes the file's actual role. 6 importers + 2 docstring references (core/tools/arxiv.py, core/tools/seed_pool_search.py`) updated.

Removed

• PR-CLEANUP-4 — `core/llm/client.py` re-export shim removed. 162-LOC backward-compatibility module that re-exported 30+ symbols from `core.llm.router, core.llm.fallback, core.llm.providers.anthropic, and core.llm.errors. The new "Compat" CANNOT row (added in PR-DOCS-CANT-CAN) forbids re-export shims past their 1-release grace, and this module had outlived its purpose — every production path already imported from the canonical modules; only 6 test files still routed through the shim. Migration: 15 import sites across 6 test files (tests/test_failover.py, tests/test_agentic_loop.py, tests/test_model_failover.py, tests/test_tool_use.py, tests/test_status.py, tests/test_llm_client.py) rewrote core.llm.client → core.llm.router (where every symbol they reached for actually lives). tests/test_failover.py separately imports retry_with_backoff from core.llm.providers.anthropic (aliased _retry_with_backoff to keep the test-internal name stable). 190 tests across the affected files pass post-migration. CLAUDE.md's "Cascading Updates" table updated to point at the real LLM-adapter layout (core/llm/router/ + core/llm/providers/`) instead of the deleted shim.

Changed

• PR-CLEANUP-3 — three structural renames driven by the new CLAUDE.md Naming CANNOTs. Pure structural moves, no behaviour change; every import prefix updated in lock-step with the move.
• `core/scheduler/scheduler/` flattened to `core/scheduler/`. The inner package was a same-name-nested folder (X/X/) — the pre-flatten state was the outer core/scheduler/__init__.py being empty while the inner one carried the 81-line re-export surface. All 8 source modules (factory, jitter, lock, models, run_log, serialization, service, timezone) move up one level; the re-export __init__.py follows them; internal cross-references rewrite core.scheduler.scheduler.X → core.scheduler.X. 12 external consumers updated (4 production + 8 tests). The pre-split-monolith historical reference (core/scheduler/scheduler.py — pre-split monolith) is preserved verbatim in the new __init__ docstring.
• `core/channels/` renamed to `core/integrations/messaging/`. The package only ever contained Slack / Discord / Telegram bindings; the abstract name "channels" suggested a more general capability than actually existed. The new core/integrations/ parent leaves room for sibling integrations (calendar, etc.) without re-introducing the same abstract noun. pyproject.toml's import-linter contracts update accordingly (rule name + forbidden_modules / source_modules lists); the 4 contracts still all KEPT.
• `core/llm/routing/` renamed to `core/llm/strategies/`. Sat next to core/llm/router/, which is the main LLM call dispatch surface — the two were near-synonymous package names doing different jobs ("router" = call API, "routing" = plan dispatch / provider selection). strategies describes the actual content (plan registries, provider routing policies) without colliding with router. All 14 callers updated.

• PR-DOCS-CANT-CAN — CLAUDE.md restructure: CANNOT/CAN adjacency + 6 frontier-convergent CANNOT rows. The two governance tables (`### CANNOT and ### CAN) were separated by ### Wiring Verification + ### Refactoring Deception Prevention, which broke the read-as-a-pair invariant that the rest of the doc relies on. The two tables now sit next to each other; the two diagnostic sections move down so the workflow narrative is unchanged. Six new CANNOT` rows codify patterns that came out of a survey of 7 frontier autonomous-agent codebases (claude-code-ref, openclaw, hermes-agent, open-coscientist, paperclip, crumb, cotton). Convergence is cited per row in the table itself — domain naming shows up in 4/7, while the same-name-nested folder anti-pattern is 0/7 (GEODE was the only one). The patterns already shaped PR-CLEANUP-1 / PR-CLEANUP-2:
• Naming: no abstract-noun packages, no same-name-nested folders (`X/X/), no single-file packages, no _helpers/_utils` once a caller exists.
• Compat: no re-export shim past a 1-release grace.
• Registry: no two registries for the same domain. `CAN` also gains one row: cleanup / refactor PRs may bundle aggressively (Socratic Q4 "minimum change" guard does not apply when cleanup *is* the purpose). All new rows cite the specific incident or frontier signal that justifies them.

• PR-CLEANUP-2 — fold three over-small packages into their natural homes. `core/` drops from 25 to 22 top-level packages with zero behaviour change; every move keeps the file's module-level surface intact, only the import prefix changes:
• `core/text/similarity.py → core/utils/similarity.py (single file, 64 LOC). Removes a 1-module package whose abstract name (text) added a namespace level with no information value. Callers: plugins/seed_generation/agents/evolver.py, tests/core/utils/test_similarity.py` (test path mirrored).
• `core/storage/fts_helpers.py → core/memory/fts_helpers.py (single file, 134 LOC). The only consumer was core/memory/session_manager.py's FTS5 search index — siting the helper inside core/memory/` removes the cross-package dependency that justified the standalone package.
• `core/runtime_state/` (two domains under one abstract name) split along the actual ownership line:
• `session_checkpoint.py → core/memory/session_checkpoint.py (resume artefact lives next to SessionManager`).
• `transcript.py → core/observability/transcript.py (Tier-1 event log lives next to SessionJournal). Caller updates spread over the surrounding tree (git diff --name-only vs origin/develop): 14 core/ files (3 renames + 3 __init__.py deletions + 8 import-only edits), 9 tests/ files (1 rename + 8 import-only edits), 2 live docs/ files (the architecture + audit pages — historical CHANGELOG entries are left as a record-of-time, per the standing convention). Type-check, lint, lint-imports`, and the scoped test sweep (143 tests across the four affected packages) all green post-move.

> Path-B `LLMAdapter sprint package — 4 PRs that close the > abstraction migration started in v0.99.44 (A2 / F) and the > self-improving-loop SoT relocation started in v0.99.46 (J-b.1). > The mutator runner's API path now consumes the Path-B Protocol > directly (J-b.2 / #1555); inspect_ai's reasoning-replay pathway is > documented + smoke-pinned (I.b / #1554); a one-call > adapter_health(name)` accessor lands on the registry surface > (I.c / #1556); plus the end-of-sprint cross-tree audit + docs > alignment (#1557). PR-CLEANUP-1 (#1558) lands alongside as a > separate over-split-module compression.

Removed

• PR-CLEANUP-1 — over-split helper modules + 1-release-grace aliases. Three module files + one `core.paths` alias removed without behavior change (and one test import migrated to the new host):
• `core/agent/loop/loop.py (30 LOC) — re-export shim left over from the Tier 3 #7 monolith split; 0 production callers (1 test caller in tests/plugins/petri_audit/test_skeleton.py migrated to core.agent.loop.agent_loop). The package __init__` already re-exports the same symbols.
• `core/agent/loop/_announce.py (41 LOC) and core/agent/loop/_decomposition.py (81 LOC) absorbed into core/agent/loop/_helpers.py. All three were <100 LOC each and shared exactly one caller (agent_loop.py); the sibling-module split was over-engineered for the file size and obscured the locality of the two helpers. _response.py` (184 LOC, distinct streaming responsibility) stays separate.
• `core.paths.GLOBAL_JOURNAL_DIR legacy alias removed (1-release grace expired; 0 external callers confirmed via grep). No public symbol moves: check_announced_results / try_decompose are accessed through the AgenticLoop delegator methods (_check_announced_results / _try_decompose) which now forward to _helpers` instead of the two deleted modules.

Changed

• Step J-b.2 — mutator runner API path migrated to the LLMAdapter Protocol. `core/self_improving_loop/runner.py:_default_llm_call 's API path (source == "api_key" and the auto cascade fallback) now resolves the mutator adapter via :func:core.llm.adapters.registry.resolve_for(provider, "payg") and calls :meth:LLMAdapter.acomplete with a typed :class:AdapterCallRequest instead of the legacy :class:AgenticLLMPort.agentic_call. The API path therefore inherits F's GLM adapter family directly when source = "api_key" lands on a glm model. A new _normalize_provider_for_registry helper translates the legacy _resolve_provider keys (which return openai-codex for gpt-5.x ids) to the Path-B registry's narrower vocabulary (openai). The CLI-subscription branches (claude-cli / openai-codex source) **deliberately remain on the dedicated invoke_claude_cli / invoke_codex_cli helpers** in :mod:core.self_improving_loop.cli_subprocess rather than going through the ClaudeCliAdapter / CodexCliAdapter built-ins because the built-in adapters speak the streaming-JSON event protocol used by the agentic loop, whereas the mutator parser consumes plain text. Migrating both CLI adapters to support a text-output mode is a separate follow-up (Step I.c). Usage telemetry continues to feed SessionMetrics.accumulate_llm_call (input_tokens / output_tokens / cached_input_tokens`); per-call elapsed + model captured the same way.

Added

• Step I.c — `core.llm.adapters.adapter_health(name)` registry accessor. Thin one-call probe over the existing :meth:LLMAdapter.test_environment method so picker UIs, readiness audits, and external consumers (petri_audit's `credential_source cascade, the /auth slash, the routing-recovery loop) can ask "is adapter X healthy?" without an explicit get_adapter(name).test_environment() two-step. The accessor returns the unmodified :class:EnvironmentReport (ok / checks / hints`) so callers retain full access to the operator-facing diagnostic detail.

Step I.c originally framed an :meth:LLMAdapter.is_available Protocol extension; grounding revealed the equivalent contract already exists as `test_environment (every built-in implements it). The PR therefore ships the ergonomic accessor + 4 new tests (delegation parity, ok=False passthrough, missing-adapter KeyError`, 8-built-in smoke), without touching the Protocol surface.

• Step I.b — Codex reasoning-replay inspect_ai integration smoke test. Step A2 (v0.99.44) wired Codex encrypted-reasoning replay into the GEODE AgenticLoop's `Message path via core.llm.adapters._openai_common.build_codex_input. Petri's :class:OpenAICodexAPI (inspect_ai ModelAPI subclass) inherits the equivalent capability *for free* — inspect_ai's stock openai_responses_inputs converter walks the ChatMessage list and translates ContentReasoning blocks into Codex Responses-API {"type": "reasoning", "encrypted_content": ...} typed items via responses_reasoning_from_reasoning (inspect_ai/model/_openai_responses.py:1130`). The Petri provider must NOT reimplement that replay logic; this PR adds the explicit guard rails so a future contributor doesn't accidentally drift.

Changes:

- `plugins/petri_audit/codex_provider.py — multi-line comment block at the openai_responses_inputs call inside register's nested OpenAICodexAPI.generate documenting (a) inspect_ai owns the replay, (b) where the upstream translator lives, (c) the cross-reference to A2's GEODE-path helper, (d) the test pin. - tests/plugins/petri_audit/test_codex_reasoning_replay_inspect_pipeline.py (NEW, 3 cases) — gated on the [audit] extra via pytest.importorskip: 1. openai_responses_inputs + responses_reasoning_from_reasoning remain importable from inspect_ai (catches an upstream rename at import time). 2. responses_reasoning_from_reasoning(ContentReasoning(redacted=True)) round-trips the encrypted payload (the GEODE-path contract inspect_ai must mirror). 3. OpenAICodexAPI.generate source contains await openai_responses_inputs(` — anti-deception ratchet against a future refactor that drops the call while leaving the import/comment alone (Codex MCP HIGH catch).

Removed

• PR-CL-A1-followup — GoalDecomposer 제거 + Plan 흡수. PR-CL-A1 의 follow-up sprint. `core/orchestration/goal_decomposer.py (321 LOC) + tests/test_goal_decomposer.py 를 삭제하고 planner LLM 호출 path 를 core/agent/plan.py:decompose_async 로 흡수. 4-PR Cognitive Loop sprint (BUDGET → A3 → A6 → A1) 와 같은 loop._call_llm(model= settings.plan_model)` async-native 패턴으로 통일.

변경:

- `core/orchestration/goal_decomposer.py (DELETED, 321 LOC) — GoalDecomposer 클래스 + DecomposerStats + _llm_decompose + _build_tool_summary + _is_clearly_simple / _has_compound_indicators 휴리스틱. - tests/test_goal_decomposer.py (DELETED) — 모듈 자체 폐기로 함께 삭제. - core/agent/plan.py (NEW additions, ~180 LOC) — SubGoal / DecompositionResult pydantic 모델 (legacy schema 보존) + _is_clearly_simple / _has_compound_indicators / _build_tool_summary 휴리스틱 port + decompose_async 신설. decompose_async flow: heuristic gate → load_prompt("decomposer", "system") + apply_decomposition_policy (ADR-012 SoT 보존) → loop._call_llm( model=settings.plan_model) (60s timeout, usage tracking) → DecompositionResult.model_validate_json parse → build_plan_from_decomposition. - core/agent/loop/_decomposition.py — try_decompose 가 async 로 전환되고 decompose_async 를 호출. 사전 GoalDecomposer 인스턴스화 제거. - core/agent/loop/agent_loop.py — _try_decompose async 전환 + arun 에서 await. _goal_decomposer: Any | None = None 인스턴스 필드 제거 (stateless decompose_async 가 대체). - core/agent/decomposition_policy.py — docstring 만 갱신 (호출 site 이전 명시). 코드 변경 없음 — ADR-012 의 4-axis SoT 중 하나로 KEEP. - tests/test_model_split.py — test_try_decompose_uses_plan_model + test_try_decompose_falls_back_to_loop_model 두 테스트가 decompose_async mock 패턴으로 재작성됨. - tests/test_s0c_decomposition_reader.py — wiring 검증 테스트가 goal_decomposer.py source-grep 에서 plan.py source-grep 으로 이전. - tests/test_self_improving_5_slot_reader_audit.py — test_decomposition_slot_is_now_alive_post_s0c 가 새 host 검증. - docs/scaffold-architecture.md — orchestration tree 에서 goal_decomposer.py 제거 + bullet 갱신. - docs/adr/ADR-012-self-improvement-surface-tiers.md — decomposition` SoT row + S0a/S0b/S0c/S0d 후속 상태 문단에서 호출 site 이전 명시.

이유 (operator directive, 2026-05-23): PR-CL-A1 이 GoalDecomposer 를 underlying caller 로 유지했지만, `decompose_async 와 replan_async` 가 같은 async LLM 호출 패턴을 사용하면서 두 path 가 직접 충돌. 단일 planner code path 로 흡수해 maintenance overhead 제거 + sprint 동안 반복적으로 발생한 "GoalDecomposer ↔ Plan 변환" boilerplate 축소.

Changed

• PR-TEMP — LLM sampling temperature is config-driven, no more hardcoded constants. Six call sites previously held literal floats (agent loop `0.0 × 2, reflection 0.2, cross-LLM verification 0.1 × 2, commentary signature default 0.4, self-improving mutation 0.3, progressive compression 0.0). Each one now reads from a new Settings.temperature_* knob, exposed via ~/.geode/config.toml or the matching GEODE_TEMPERATURE_* env var. Defaults reflect a frontier- API grounding pass (Anthropic / OpenAI / Gemini docs + Moonshot/Kimi): most paths land on 1.0 (provider default — Gemini 3 explicitly warns against lowering temperature; OpenAI reasoning models reject ≠ 1); temperature_verification and temperature_progressive_compression default to 0.0 because cross-LLM agreement and reproducible summaries are functional invariants where stochastic output is meaningless. tests/test_temperature_config_invariants.py (NEW, 19 cases) ratchets the migration: Settings keys + defaults + range validation, plus a per- site grep guard that fails if a literal temperature=<float> kwarg sneaks back into any of the six policy sites. Settings.temperature_* fields enforce ge=0.0, le=2.0`; per-provider clamping (Opus 4.x adaptive models stripping sampling params, Codex gpt-5.x omitting temperature entirely) is untouched and still kicks in downstream.

• Step I.a — Codex OAuth header construction collapsed onto one helper. Four call sites built the same `{"originator": "codex_cli_rs", "ChatGPT-Account-ID": <jwt-claim>} dict inline: core.llm.providers.codex._get_codex_client / _get_async_codex_client, core.llm.adapters._openai_common. build_async_codex_client, and plugins.petri_audit.codex_provider.OpenAICodexAPI.__init__. The new public core.llm.providers.codex.build_codex_oauth_headers(token) helper is now the single SoT — every caller routes through it and receives a fresh dict (so per-thread mutation stays safe). tests/test_codex_provider.py::TestCodexOAuthHeaders pins the contract (4 cases: claim present / claim absent / malformed token / fresh-dict-per-call). First commit of the docs/plans/2026-05-23-adapter-wrap-petri-autoresearch.md` Path-B sequence; Step I.b (Codex reasoning replay extraction) + I.c (credential source ↔ adapter health) are fast-follow PRs.

Added

• PR-CL-A6 — Plan / Action / Judge model separation. Third PR in the Cognitive Loop sprint (A3 → A6 → A1). Adds three operator-tunable model knobs that let the loop's three LLM call sites pick the right cost/quality point independently:

- `settings.plan_model — used by goal decomposition (_decomposition.try_decompose). Set to claude-opus-4-7 for reasoning-heavy plans; empty falls back to loop.model. - settings.act_model — used by the main action loop (per-round _call_llm). When AgenticLoop(model=None) (caller didn't pin a model), the loop reads this instead of the legacy ANTHROPIC_PRIMARY. Set to claude-sonnet-4-6 to keep planning on Opus while action runs on Sonnet for cost. - settings.judge_model — used by the per-turn verify LLM-judge mode (GEODE_VERIFY_MODE=llm_judge). Closes the PR-CL-A3 stub — _verify_llm_judge now actually calls an LLM via loop._call_llm(model=judge_model) and parses the {"passed", "score", "reason"}` JSON response.

Each knob has env override (`GEODE_PLAN_MODEL / GEODE_ACT_MODEL / GEODE_JUDGE_MODEL) and TOML mapping (llm.plan_model / llm.act_model / llm.judge_model). Defaults are the empty string so existing callers see no behaviour change until a knob is set; pre-A6 callers continue to use settings.model`.

Implementation: - `core/config/_settings.py — 3 new Field declarations with AliasChoices (matches the existing cognitive_reflection_model pattern). - core/config/__init__.py — 3 new _TOML_TO_SETTINGS mappings. - core/agent/loop/agent_loop.py — AgenticLoop.__init__ reads settings.act_model when model is None; _call_llm exposes optional model: str | None = None keyword override that threads through to self._adapter.agentic_call(model=...) and the build_adapter_request bridge path. - core/agent/loop/_decomposition.py — try_decompose reads settings.plan_model for GoalDecomposer(model=...). - core/agent/verify.py — _verify_llm_judge no longer stubs out. Builds a strict-JSON judge prompt, calls loop._call_llm(model= settings.judge_model), parses the response via _parse_judge_payload (tolerates code fences + bad JSON + non- numeric scores via clamp-and-default), surfaces failed reason as a judge_fail rubric_miss + reflexion_hint. New verify_turn_async + _verify_llm_judge_async pair lets finalize_and_return_async await the judge call under the same event loop instead of hopping through a thread pool. The sync wrapper retains a thread-pool fallback for sync callers. The judge call is bounded by a 120s asyncio.wait_for timeout, and the response's token usage is fed through loop._track_usage_async so judge cost surfaces in the session TokenTracker (Codex MCP MEDIUM #4 fix; per-phase phase="judge" tagging deferred). 4 fallback paths to rule-based with effective_mode=RULE_BASED: loop ref is None, response is None, empty response text, LLM call raises (TimeoutError or otherwise). - core/agent/loop/_lifecycle.py — new _run_turn_verify_async + shared _finalize_verify_outcome helper. finalize_and_return_async awaits the async verify path (Codex MCP HIGH #2 fix); sync finalize_and_return still uses the sync wrapper for legacy callers. - core/agent/loop/_model_switching.py — drift-sync target reads settings.act_model or settings.model so an Opus-primary + Sonnet- act split doesn't revert mid-session (Codex MCP HIGH #1 fix). - tests/test_model_split.py (NEW, 22 tests) — settings defaults + env override + TOML mapping; AgenticLoop.__init__ act_model cascade + explicit-model precedence + empty-fallback; _call_llm signature contract; goal decomposition uses plan_model; _verify_llm_judge actual LLM call + judge_fail path + 4 fallback cases (no loop / exception / None response / no judge_model); _judge_prompt truncation; _parse_judge_payload` 5 edge cases.

Frontier alignment (Socratic Q5): ReWOO (arxiv 2305.18323, 5x token efficiency via plan/observation decouple) + Claude Code Plan/Edit mode + Self-Discover (arxiv 2402.03620, task-level plan composition).

• PR-CL-A3 — In-loop Verify (Reflexion-style verbal RL) + sessions DB persistence. Per-turn verification of agent action quality, fired at the `TURN_COMPLETED hook boundary so it doesn't interrupt mid-turn execution. Outcome is recorded into both :class:SessionMetrics (Tier 2 in-process aggregator) **and the sessions SQLite row** (durable across process restarts) so PR-CL-A1 (Dynamic Replan) can read it from either source; on verify FAIL the synthesised <reflexion>...</reflexion> block is consumed by the *next* arun and prepended to the system prompt (verbal RL, Reflexion paper NeurIPS 2023). The PR also closes the PR-CL-BUDGET handoff DB wiring gap — _check_session_budget_and_maybe_handoff now calls request_handoff so the sessions row's handoff_state actually transitions to pending`.

- `core/agent/verify.py (NEW) — :class:VerifyMode StrEnum (off / rule_based (default) / llm_judge) + :class:VerifyResult frozen dataclass + verify_turn dispatcher + _verify_rule_based (structural checks: empty_turn / short_output / tool_error / model_action_required) + synthesize_reflexion_hint (verbal-RL block renderer) + _verify_llm_judge (**stub** — falls back to rule_based and surfaces effective_mode=RULE_BASED in the payload; the real judge LLM call lands in PR-CL-A6 with the judge-model knob). Adds should_retry machine-readable signal (Codex MCP MEDIUM #4) — recoverable misses (empty_turn / short_output / tool_error) flip True; model_action_required alone keeps it False so PR-CL-A1 doesn't loop on an operator-action item. - core/observability/session_metrics.py — extended SessionMetrics with verify_pass_count / verify_fail_count / last_verify_passed / last_verify_mode / last_verify_rubric_misses / last_verify_reflexion_hint + new record_verify() mutator. to_session_row exposes all 5 telemetry keys. - core/hooks/system.py — added TURN_VERIFY_PASSED / TURN_VERIFY_FAILED events (distinct from the pipeline-level VERIFICATION_PASS / VERIFICATION_FAIL pair which covers node-level guardrails). HookEvent total 72 → 74. - core/agent/loop/_lifecycle.py — new _run_turn_verify helper dispatched from both finalize_and_return (sync) and finalize_and_return_async (async) after the TURN_COMPLETED hook fires. - core/agent/loop/agent_loop.py — arun reads + clears the Reflexion hint via _consume_reflexion_hint and prepends to system_prompt for the current attempt. - core/memory/session_manager.py — sessions table extended with 7 verify columns (verify_pass_count / verify_fail_count / last_verify_passed / last_verify_mode / last_verify_effective_mode / last_verify_rubric_misses / last_verify_should_retry) + upsert_verify_state() mutator + get_verify_state() reader. Idempotent ALTER TABLE migration inside the existing BEGIN IMMEDIATE transaction handles both fresh DBs and pre-A3 legacy DBs. - core/agent/loop/_lifecycle.py — _persist_verify_state mirror function writes Tier 2 SessionMetrics state to the sessions row after every TURN_COMPLETED. Enriched TURN_VERIFY_* hook payload (Codex MCP LOW #8) includes session_id / rounds / termination_reason / tool_call_count so external renderers have full turn context. - core/agent/loop/agent_loop.py — _persist_handoff_request closes the PR-CL-BUDGET DB wiring gap. The 2h-cap T-10min trigger in _check_session_budget_and_maybe_handoff now actually calls request_handoff so the sessions row transitions to pending (was schema-only / unwired before). _sync_model_and_rebuild_prompt re-applies the reflexion hint on model drift / prompt-dirty rebuild (Codex MCP MEDIUM #6 — was silently dropping the hint). - core/wiring/bootstrap.py — default audit handlers registered for TURN_VERIFY_PASSED / TURN_VERIFY_FAILED (Codex MCP MEDIUM #7) matching the existing VERIFICATION_FAIL pattern. - tests/test_verify.py (NEW, 38 tests) — mode StrEnum, dataclass shape, env knob parsing, rule-based catches (4 reason codes + multi-miss combination), reflexion-hint synthesis, mode dispatch, SessionMetrics integration, hint consume+clear, exception-safe dispatch, should_retry` allowlist semantics, DB persistence round-trip, legacy DB migration adds verify cols, end-to-end lifecycle → DB write, and handoff DB wiring (PR-CL-BUDGET closure). - 4 hook-count tests bumped 72 → 74.

Three operator-tunable env knobs: - `GEODE_VERIFY_MODE — off / rule_based / llm_judge - GEODE_VERIFY_MIN_TEXT_CHARS` — short-output threshold (default 10)

Frontier alignment (Socratic Q5): Reflexion paper (NeurIPS 2023, 91% HumanEval pass@1 via verbal RL) + OpenAI o1 chain-of-verify + AgentHub per-branch verify gate + Claude Code Plan/Edit implicit verify.

Changed

• Scaffold consolidation — `CLAUDE.md` + `GEODE.md` 정돈. Absorbed the free-standing ### DONT — Real Incidents table into the structured ### CANNOT + ### Wiring Verification + ### Refactoring Deception Prevention tables so every prohibition rule lives in one indexable place with the originating sprint incident attached. Five new CANNOT rows distilled from prior incidents (graceful-contract scope / latest vs promoted SoT / dual-SoT drift invariant / 제거 disambiguation / no-emoji-no-card UI). Consolidated the triple-listed Quality Gates recipe (was duplicated across §3 Implement, §4b Correctness, and the trailing ### Quality Gates table) into a single trailing SoT with the two earlier locations now linking back. Compressed Refactoring Deception Prevention (5 rows → 2: implementation-completeness + CHANGELOG/PR-body parity) and §4c Cleanliness (4-row table → one line delegating to the anti-deception-checklist skill) so the scaffold no longer duplicates skill content. Added cross-reference banners on ### CANNOT, ### Wiring Verification, the worktree row, the PR row, and the 4-layer stack line so each scaffold table now names the skill or sibling document it pairs with.
• `GEODE.md` runtime-vs-dev scope disambiguation. Renamed ## CANNOT → ## RUNTIME CANNOT so the runtime agent-guardrail table is no longer confusable with the scaffold's development-time ### CANNOT. Both headers now carry a one-line banner pointing at the sibling document.

Fixed

• G1 identity context — `RUNTIME CANNOT` header parity. core/agent/system_prompt.py:_build_identity_context looked for the hardcoded literal "## CANNOT" when extracting the agent-identity block from GEODE.md. The scaffold-consolidation rename to ## RUNTIME CANNOT would have silently dropped the 4-line CANNOT section (G3 Grounding / cross-validation / Confidence loopback / sub-agent delegation) from every LLM system prompt's <agent_identity> block. target_sections (line 477) and the surrounding module + function docstrings now reference ## RUNTIME CANNOT. Verified by direct call — the block still contains all 4 RUNTIME CANNOT bullets after the rename.

Added

• Follow-up F — GLM adapter family. Two new built-ins land the ZhipuAI provider on the v0.99.39 :class:LLMAdapter registry:

- `glm-payg (provider=glm, source=payg, billing_type=api) — calls api.z.ai/api/paas/v4 with settings.zai_api_key. PAYG metered. - glm-coding-plan (provider=glm, source=subscription, billing_type=subscription) — calls api.z.ai/api/coding/paas/v4 with the API key bound to a Coding Plan profile resolved via :func:core.llm.routing.plan_registry.resolve_routing. Refuses to fall back to PAYG when no Plan is registered — the picker source subscription` means subscription.

Both share :func:build_async_openai_client (per-adapter fresh client, no module-level singleton shadowing) and route `tool_choice through normalize("glm", ...) for the Chat Completions nested function` wire shape.

• Follow-up A2 — OpenAI + Codex adapter route closure. Removes the `provider == "anthropic" guard from AgenticLoop.__init__ so concrete-source resolution now works for every provider via :func:core.llm.adapters.resolve_for`. The two Codex MCP findings from PR #1519 are closed:

- BLOCKER 2 (multi-turn translation). `core/llm/adapters/_openai_common.py gained ports of _convert_messages_to_openai / _convert_messages_to_responses from the legacy provider — assistant tool_use blocks re-encode into Chat tool_calls (nested function) or Codex Responses function_call typed items; user tool_result blocks become role: tool follow-ups with tool_call_id (Chat) or function_call_output items with call_id` (Codex). Pre-A2 the adapter passed the Anthropic content list through verbatim and the SDK returned 400.

- HIGH 1 (Codex encrypted-reasoning replay). :class:core.llm.adapters.AdapterCallResult gained `reasoning_items + reasoning_summaries fields. CodexOAuthAdapter.acomplete captures type: reasoning typed items from the response.output_item.done SSE stream and surfaces them on the result. _legacy_bridge.build_adapter_request pulls codex_reasoning_items off the prior assistant turn and threads them via AdapterCallRequest.provider_options; _build_codex_call_kwargs calls :func:core.llm.adapters._openai_common.inject_reasoning_replay to prepend the encrypted_content blobs into the next-turn input. Without this chain gpt-5.x store=False` models lose their chain of thought across turns.

- Tool_choice translation now mirrors the Anthropic adapter pattern. OpenAI Chat receives `auto/none/required (the adapter-neutral "any" maps to "required"); Codex Responses same mapping, with unknown literals defaulting to "auto"`.

Tests: `tests/core/llm/adapters/test_openai_multi_turn.py (14 cases, Chat + Responses converters + reasoning replay) + test_codex_reasoning_replay.py` (12 cases — SSE accumulation → result → bridge → next-turn provider_options chain).

• PR-CL-BUDGET — 2-hour wall-clock cap + automatic T-10min hand-off. Foundation PR for the Cognitive Loop sprint (A3 → A6 → A1). Replaces the per-AgenticLoop turn hard-cap with a session-wide wall-clock budget (default 7200s) and an automatic graceful exit at T-600s remaining.

- `core/agent/budget.py (NEW) — TimeBudget config dataclass + start_session_budget() / check_session_budget() / budget_summary() helpers. Budget *state* (start time, latch flag) lives on the existing :class:SessionMetrics so the budget travels with the ContextVar across nested loops. Defaults pulled from GEODE_SESSION_TIME_BUDGET_S env knob. - core/agent/handoff.py (NEW) — DB-backed state machine adapted from hermes-agent hermes_state.py:218-220 + gateway/run.py: 3712-3766 watcher pattern. 5 states (NONE / PENDING / RUNNING / COMPLETED / FAILED) with atomic CAS helpers (request_handoff / claim_handoff / complete_handoff / fail_handoff / get_handoff / list_pending_handoffs). GEODE adapts the trigger from hermes's user-initiated /handoff <platform> slash command to an *automatic* wall-clock crossing (operator decision in project_budget_handoff_decision memory). - core/observability/session_metrics.py — extended SessionMetrics with 4 new fields (time_budget_start_s / time_budget_total_s / handoff_threshold_s / handoff_triggered_at) + 3 methods (start_time_budget / time_budget_remaining_s / is_handoff_due). is_handoff_due is **one-shot** — first crossing latches handoff_triggered_at so the AgenticLoop fires HANDOFF_TRIGGERED exactly once per session, not every round. - core/memory/session_manager.py — schema extended with 4 columns on the sessions table (handoff_state TEXT / handoff_platform TEXT / handoff_error TEXT / handoff_triggered_at REAL) + a partial index (idx_sessions_handoff_state) for the watcher poll. Existing DBs migrate via additive ALTER TABLE inside __init__ — PRAGMA table_info is the SoT for column presence (idempotent on fresh + migrated DBs). - core/hooks/system.py — added HANDOFF_TRIGGERED / HANDOFF_COMPLETED / HANDOFF_FAILED events. Payload schema: {session_id, platform, remaining_s, budget_total_s, handoff_threshold_s, handoff_triggered_at, ts}. - core/agent/loop/agent_loop.py — _check_round_guards extended to call the new _check_session_budget_and_maybe_handoff helper after the existing round_limit / time_budget gates. The arun entry now calls _maybe_start_session_budget once per session (idempotent guard via time_budget_total_s > 0). getattr guard preserves the _StubLoop test pattern from tests/test_arun_round_guards.py. - core/channels/binding.py + core/cli/typer_serve.py — gateway_max_turns default flipped from 20 to 0 (unlimited). The session-wide 2h wall-clock budget is now the global safety net; gateway_time_budget_s (120s per-message default) remains the per-binding cap. - tests/test_budget.py (NEW, 14 tests) — defaults, dataclass shape, populate + check, one-shot handoff latch, hard expiry, ContextVar isolation, explicit-target arg, to_session_row row shape. - tests/test_handoff.py (NEW, 15 tests) — 5-state machine atomic CAS verification, get/list contract, handoff_summary` rendering, legacy-DB migration adds columns, idempotent re-open.

Frontier alignment (4 systems, Socratic Q5): - Claude Code `agent-loop.ts:checkBudgetExhausted — wall-clock + token budget per-turn boundary. - **Codex CLI** --budget-seconds flag — single wall-clock knob. - **OpenClaw** Lane TTL — per-lane time cap inside the gateway. - **Hermes Agent** sessions.handoff_state 3-col DB state machine + _handoff_watcher` atomic-claim asyncio task.

Out of scope (separate PRs): asyncio `_handoff_watcher background task in typer_serve's _serve_loop (this PR lays the schema + CAS helpers; the actual watcher follows once a consumer is wired). Successor re-spawn from a hand-off record (the watcher logs + the user manually invokes geode resume <session_id> for now). See follow-up tasks in project_budget_handoff_decision` memory.

Added

• PR-CSP-14 — Loop 3 (literature paper-analysis) backend + bundle serving infrastructure. Final loop of the 3-loop port from open-coscientist (nodes/literature_review.py:840-873). Per docs/plans/2026-05-23-seed-gen-loop3-bundle-serving.md (Phase 2 SoT doc).

- core/tools/literature_snapshot.py — NEW FreezePaperSnapshotTool. Per-paper snapshot writer with content-hash deterministic cache, arxiv_id pattern validation, env-anchored containment under docs/petri-bundle/literature/, atomic tmp+rename, uuid nonce on the file name to dodge same-second concurrent collisions. - plugins/seed_generation/literature_snapshot.py — read-side helpers (load_snapshot, iter_snapshots). - plugins/seed_generation/agents/literature_review.py + .md — NEW LiteratureReview agent. Dispatches one sub-agent walking the 4-phase pipeline (query_gen → paper_fetch → per-paper analysis → synthesis). max_papers=0 (manifest default) short-circuits to no-op for byte-equivalent back-compat with pre-CSP-14 runs. - Orchestrator: _PHASE_ORDER inserts literature_review after supervisor, before generator. NEW state fields articles_with_reasoning: str + literature_snapshots: dict. Both Generator + Critic + Evolver inject the literature block as a prompt prefix when populated (Codex MCP MEDIUM fix-up — original diff only wired Generator). - scripts/build_literature_listing.py — NEW build step. Scans snapshots + cross-refs mutations.jsonl evidence + seed frontmatter references: for the cited_by reverse index. Defensive parser handles both typed-array (post petri-autoresearch realign) and flat (pre-realign) evidence shapes. - .github/workflows/pages.yml — gains a Build literature listing.json step before the Next.js export. - scripts/validate_petri_bundle.py — extended to count literature snapshots alongside audit archives in the OK line. - Manifest + config: SeedRoleSpec.max_papers (0 or [1, 20]) + queries_per_run ([1, 10]) validators. Operator override slots in SelfImprovingLoopBindings. - Seed bundle_sync (added 2026-05-23 after mockup feedback — discovered the publish hierarchy gap): plugins/seed_generation/bundle_sync.py mirrors the audit-side sync_eval_to_bundle pattern. sync_run_to_bundle(run_dir) runs on Pipeline.arun finalization and selectively copies state/seed-generation/<run_id>/{state.json, survivors.json, meta_review.json, candidates/<survivor_id>.md} into docs/petri-bundle/seeds/<run_id>/. Drafts that didn't survive stay in state/ only — the bundle is a publish surface, not an archive. .gitignore carries !docs/petri-bundle/seeds/** so the synced files actually enter git (parity with the audit-side !docs/petri-bundle/logs/** rule; avoids the PR-G5b #1350 silent-drop anti-pattern). NEW scripts/build_seeds_listing.py aggregates run rows into docs/petri-bundle/seeds/listing.json for the bundle-UI consumers; wired into pages.yml next to the literature build step. validate_petri_bundle.py extended to count synced runs alongside audit archives + literature snapshots. The CSP-14-UI mockups read these surfaces (bundle-landing.html + seeds.html reference the listing.json + per-run state.json). Same gitignore exception added for docs/petri-bundle/literature/ — the writer's GEODE_REPO_ROOT-anchored path was correct but the new dir wasn't covered by the existing audit-logs exception, so git tracking would have silently dropped fresh snapshots.

Bundle UI (Next.js literature index + detail pages + inline reference card in audit log viewer) is deferred to a follow-up PR — the backend wiring (agent + tool + snapshots on disk + build step + listing.json) is complete; the visual surfaces (steps 7+8 of the 13-step plan) land in PR-CSP-14-UI.

Production wire-up dependency: cli.py:_dispatch_pipeline() still creates an empty PipelineRegistry (S11 not landed for any role yet — same gap as Phase 1 PR #1504's num_turns knob). The max_papers override is fully validated end-to-end via the test fixtures + Codex MCP review; production CLI flow waits on the S11 registry wire-up which covers all roles uniformly.

Codex MCP review (thread 019e5260-1c30-78c0-969b-61f0f658c8c2) caught 2 MEDIUM + 2 LOW pre-push; addressed inline: - MEDIUM: Critic + Evolver inject articles_with_reasoning (not just Generator). MEDIUM #1 closed. - MEDIUM: uuid nonce on snapshot file name dodges same-second concurrent write collisions. MEDIUM #2 closed. - LOW: this CHANGELOG entry. - LOW (acknowledged): cost_preview.py accounting gets a phantom one-run estimate for literature_review when max_papers=0; follow-up to add a phase-skip bypass.

Changed

• Plan docs sync with PR-SESSION-METRICS rename. 3 plan docs updated to reflect `journal.jsonl → transcript.jsonl rename + SessionJournal → SessionTranscript` alias-shim absorption from PR #1531:
• `docs/plans/2026-05-19-self-improving-loop-wiring-sprint.md — schema row #7 의 journal.jsonl → transcript.jsonl` + Phase C verification checklist 의 path 갱신
• `docs/plans/2026-05-21-self-improving-loop-ux.md — UX mockup 의 "G9 — last 9 journal events" → "transcript events" + Stage ④ telemetry 의 SessionJournal event → SessionTranscript lifecycle event` (3 places)
• `docs/plans/2026-05-23-sil-5theme-closure.md` — C4 row 에 PR #1531 sidecar 흡수 + race-surface 0 후속 노트 추가

Codex MCP review (thread `019e53a5-c793-7d13-b40c-562fb28b0d9f`): 4 checks pass + 1 LOW finding (UX residual 392/412 line) addressed in this commit.

> Observability central-isation release. `SessionMetrics 신설 (Tier 2 of > 3-Tier preservation), SessionJournal → SessionTranscript alias- > shim 흡수, journal/` directory depth 축소. PR-SIL-5THEME C4 의 sidecar > race 가 SessionMetrics ContextVar 단일 객체로 흡수되며 영구 해소. +15 > tests (6834 → 6849).

Added

Frontier 정렬 — Claude Code `AgentLoopState.totalUsage + Hermes sessions SQLite table column shape + Paperclip usageJson JSONB column schema 의 cumulative aggregate grain 일치. Hermes 의 _SESSION_ID: ContextVar` family 와 같은 multi-session 격리 패턴.

C4 sidecar 흡수 — PR-SIL-5THEME C4 의 `_LAST_LLM_CALL_USAGE module-level dict + PR-C4.fix-contextvar 의 ContextVar[dict] + _UsageProxy shim 전부 SessionMetrics 의 last_call_input_tokens / last_call_output_tokens / last_call_elapsed_seconds / last_call_model 4-field snapshot 으로 흡수. propose() 가 같은 ContextVar 안에서 current_session_metrics()` 호출로 race 가능성 0. PR #1530 의 flaky test fail 해소.

Changed

• `SessionJournal` → `SessionTranscript` 흡수, ``journal/`` directory depth 제거. Pre-existing 3-Tier preservation 아키텍처가 `core/runtime_state/transcript.py docstring 에 이미 정의돼 있었으나 SessionJournal` (의도된 Tier 2 자리) 가 실제로는 self-improving-loop 의 *별도 Tier 1 event log* 로 운영 중이었다 — 두 객체가 schema / path / API 가 다른 채 공존. 본 PR 이 정합 회복:

- `core/observability/session_journal.py → thin alias-shim 으로 축소 (269 callsite 변경 0). SessionJournal.append(event, payload=...) 가 SessionTranscript.record_lifecycle_event(...) 로 delegating - SessionTranscript 에 record_lifecycle_event 메서드 신설 — free-form event + {ts, session_id, gen_tag, component, level, event, payload} 스키마로 기존 Journal 사용자 보존 - file 이름 journal.jsonl → transcript.jsonl (mass rename, 269 reference) - 디렉터리 depth 축소: ~/.geode/journal/transcripts/<slug>/<id>.jsonl → ~/.geode/transcripts/<slug>/<id>.jsonl. GLOBAL_JOURNAL_DIR 이름은 GLOBAL_TRANSCRIPTS_DIR 의 backward-compat alias 유지 - core/cli/cmd_lifecycle.py 의 disk usage label "journal" → "transcripts"` 정렬

3-Tier 최종:

Frontier 명명 정렬 — Claude Code `transcript / OpenClaw transcript / Hermes messages 의 Tier-1 일치. journal` 의 일반 명사 모호성 해소.

Changed

• PR-SIL-5THEME C6 — D1 provider B/C closure (PAYG exclusion enforcement). Operator decision (durable memory project_payg_exclusion_decision.md, 2026-05-23) 으로 autoresearch / Petri audit 의 provider 선택지에서 PAYG (Anthropic API key 직접 결제, api_key) 영구 exclude. 잔존 옵션: claude-cli (Claude Code Max OAuth) / openai-codex (ChatGPT Plus OAuth) / auto (manifest cascade). 잔존 인프라 코드 (auth.toml, BillingError panel, default_plan_for_payg) 는 보존.

`Source` literal narrowing: Literal["claude-cli", "openai-codex", "api_key", "auto"] → Literal["claude-cli", "openai-codex", "auto"]. Operator 가 ~/.geode/config.toml 에 source = "api_key" 명시 시 Pydantic ValidationError 발화 + 어느 값이 invalid 인지 명시 (PR-C-P1 의 silent-fallback 차단 패턴 재사용). 분리된 MutatorConfig.source (line 248 의 별도 Literal) 은 api_key 포함 4-element 유지 — mutator LLM 호출은 audit role 과 별개, operator 가 Anthropic API key 로 mutator 운영 자유.

Default change: PetriRoleConfig.source + AutoresearchConfig.source + autoresearch/train.py:SOURCE 모두 default "auto" → "claude-cli". auto 는 manifest cascade 가 silent PAYG fallback 가능 (fallback_to_payg True 일 때) → 명시 claude-cli default 면 leak 0. operator 가 explicit 으로 "auto" 또는 "openai-codex" 명시 시 그대로 적용.

`check_subscription_cli_for_source` pre-flight (신규, autoresearch/prepare.py): source setting 이 claude-cli 또는 openai-codex 일 때 해당 CLI binary 의 PATH 가용성 검증. 부재 시 actionable error (GEODE_CLAUDE_CLI_BIN / GEODE_CODEX_CLI_BIN env override hint 포함). auto source 는 cascade 가 fallback 책임이라 pre-flight skip.

`_read_role_from_self_improving_loop` 의 ValidationError graceful fallback: 기존 operator config 가 source = "api_key" 가진 채로 load 시 ValidationError 발화 → petri standalone CLI 의 user_overrides read 는 graceful 하게 legacy petri.toml 로 fallback (petri_role_legacy_fallback event emit 으로 추적 가능). autoresearch / mutator 의 직접 호출은 여전히 ValidationError 가 의도된 surface — 두 경로 의 의도 분리.

Known-defaults filter expansion: _read_role_from_self_improving_loop 의 source 필터가 "auto" 외 "claude-cli" 도 known-defaults set 에 추가 — override output 이 operator-explicit override 만 surface (default 값이 silent 하게 노출 안 됨). explicit "claude-cli" 설정의 silent corner 는 minor UX nit (효과 동일).

Backward compat: Mutator source literal (mutator LLM, distinct from audit roles) preserved with api_key — operator can still use Anthropic API for mutator. credential_source.py 의 PAYG fallback 코드 경로 보존 (다른 caller 가 명시 호출 시 활성). 기존 config.toml 의 api_key 설정 operator: petri standalone CLI 는 graceful (legacy fallback + telemetry event), autoresearch 직접 호출은 actionable ValidationError 로 migrate 안내.

Added

• Picker → adapter resolution glue. New :func:plugins.seed_generation.picker.binding_to_adapter_source + :func:resolve_binding_to_adapter collapse a :class:RoleBinding into a concrete :class:LLMAdapter. The picker's historical source strings (`api_key / claude-cli / openai-codex) are translated to the adapter Protocol's payg / subscription / adapter names via a single SoT table — both naming schemes are accepted in [seed_generation.role.<role>]` overrides.
• PR-SIL-5THEME C5 — D4 X2 system-prompt model-identity injection telemetry. HookEvent.PROMPT_ASSEMBLED 가 core/hooks/system.py:69 에 정의됐 으나 fire 0회 였다 — X2 injection (Option B 의 단일-line model identity statement, core/agent/system_prompt.py:337) 이 매 round 마다 발화하지만 관측 marker 0. v0.52.5-style stale-ack 회귀 발생 시 production debug 필요했다. C5 가 두 wiring point 활성:

Wiring 1 — `_sync_model_and_rebuild_prompt` 가 PROMPT_ASSEMBLED 발화. System prompt rebuild 후 (drift detected OR prompt_dirty=True) hook 발화. Payload: {model, provider, reason: "model_drift" | "prompt_dirty", x2_injected: True, prompt_len}. _hooks 부재 시 (stub loop / hook system 미초기화) graceful skip — backward compat.

Wiring 2 — `_inject_model_switch_breadcrumb` 의 purged_count forward. purge_stale_model_switch_acks 가 이전엔 None 반환했 으나 이제 purged ack 의 count (int). _inject_model_switch_breadcrumb 도 그 count 를 forward → update_model_async 가 MODEL_SWITCHED hook payload 에 purged_ack_count 동봉. v0.52.5 incident style 회귀 (gpt-5.5 가 "I am gpt-5.4-mini" 식으로 식별 잘못) 발생 시 stream 으 로 추적 가능. Trigger 순서도 변경 — breadcrumb 가 끝난 *후* hook 발화 (이전엔 trigger 가 먼저였어서 purge 정보가 hook 에 안 들어갔다).

`purge_stale_model_switch_acks` 의 return type 변경: None → int. Caller (이 PR 의 _inject_model_switch_breadcrumb) 만 활용, 기타 caller 는 결과 무시 (backward compat 보장 — return 값 무시는 Python 의 silent 동작).

Anti-deception: existing tests/test_arun_model_drift_sync.py 의 6 tests 는 _StubLoop 가 _hooks 미정의 — getattr(self, "_hooks", None) graceful default 로 기존 stub 호환성 보존.

Added

• PR-SIL-5THEME C4 — E1 mutation cost ledger. mutations.jsonl 가 git-tracked 으로 존재 (PR-G5b #1350 의 deception fix 으로 보장) 했으나 cost 컬럼이 0건이라 operator 가 mutation ROI (cost vs fitness Δ) 볼 수 없던 silent disconnect 닫음. 3-step wiring:

Step 1 — `_default_llm_call` 의 usage capture. 이전엔 response, _used_model = asyncio.run(call_with_failover(...)) 에서 _used_model 만 받고 response.usage (ResponseUsage dataclass 의 input_tokens / output_tokens) 가 폐기됐다. 이제 module-level sidecar dict (_LAST_LLM_CALL_USAGE) 에 호출 직후 input_tokens / output_tokens / elapsed_seconds / model 4-field 적재. 같은 process 내 단일-threaded propose() 사이클이라 threading.local 불필요 (concurrent runner 가 미래 surface 시 교체).

Step 2 — `propose()` 의 sidecar consumption. _reset_last_llm_call_usage 로 직전 잔여 clear → self.llm_call(...) → _consume_last_llm_call_usage 로 atomic snapshot read-and-clear → dataclasses.replace 로 frozen Mutation 의 cost 4-field 채워서 새 instance 생성. Mock LLM (test inject) 는 sidecar 채우지 않음 → cost field 가 default 0 / "" 유지 → to_audit_row() 가 cost 컬럼 자체 omit (legacy reader 무영향).

Step 3 — `compute_attribution` 의 `fitness_delta` 추가. 새 fitness_before / fitness_after optional kwarg 받음. 둘 다 명시 되면 payload["fitness_before"] / payload["fitness_after"] / payload["fitness_delta"] (6 decimal round) 3-key emit. caller 가 baseline.json 의 직전 + 현재 fitness scalar 를 둘 다 hand 에 들고 있 을 때만 fire (autoresearch run loop / scheduler 가 활용). 부재 시 키 자체 미생성.

`Mutation` dataclass 확장: - cost_input_tokens: int = 0 - cost_output_tokens: int = 0 - cost_elapsed_seconds: float = 0.0 - cost_model: str = "" - 모두 default 0 / "" → backward-compat. Mutation 이 frozen=True 이라 cost 채우려면 dataclasses.replace 사용해야 함 (propose() 가 그렇게 함).

`to_audit_row()` 의 selective emit: cost 0 / "" 일 때 row 의 cost_* 키 자체 미생성 — JSONL noise 절감 + legacy reader (cost 컬럼 부재 시 0 / "" 가정) 무영향. cost_input_tokens 와 cost_output_tokens 는 atomic — 하나만 emit 되는 partial state 없음.

`write_attribution` convenience wrapper — fitness_before / fitness_after kwarg 동봉 forward (caller 가 write_attribution 하나로 끝낼 수 있게).

Test guards (tests/test_e1_mutation_cost_ledger.py 신규, 14 tests): - Mutation default cost field state (0 / "" 4-field) - to_audit_row cost 0 → 컬럼 omit / cost set → 컬럼 emit / partial (elapsed_seconds 만) 분리 처리 - _LAST_LLM_CALL_USAGE sidecar lifecycle: _reset clears, _consume returns-and-clears atomic, empty when unset - propose() mock LLM (sidecar 미채움) → cost default / production- style usage sidecar → cost populated / stale sidecar 잔여 차단 - compute_attribution fitness emit: 둘 다 명시 → 3-key + Δ / 부재 → 키 미생성 / only-before → 키 미생성 (Δ 계산 불가) / regression scenario (after < before) → 음수 Δ

anti-deception: PR-G5b #1350 의 "git-tracked audit log" 주장은 유효 — 이 PR 이 컬럼만 채워 넣음. mutations.jsonl path 자체는 core/paths.py 에 정착, .gitignore-clean (PR-RATCHET-1 의 `tests/test_ratchet_policies_in_repo.py::test_policy_files_not_gitignored` invariant 으로 pinned).

Added

• PR-SIL-5THEME C3 — P3 modality 가중 분리. core/audit/dim_extractor 가 PR-1 으로 per-dim measurement_modality 를 emit 했으나 compute_fitness / _should_promote 는 그 신호를 0% 사용하던 silent disconnect 닫기.

Why — _ANALYTICS_MODALITY 는 2 auxiliary dim (verbose_padding + redundant_tool_invocation) 만 analytics modality 로 tag (나머지 18 dim 은 judge_llm). 두 modality 는 노이즈 특성이 다르다: - judge_llm: LLM-as-judge stochastic rubric — N 에 비례한 sample stderr, N=5+ 가 의미 있는 신호 floor (PR-C-P1) - analytics: transcript regex / token count / tool log 의 deterministic 추출 — N=1 에서도 sample 간 분산이 진짜 0 가능

modality-blind 가중치는 (a) analytics 의 좁은 신호 폭을 judge_llm 의 full-weight 로 받아 fitness reproducibility dilute, (b) N=1 widening guard (PR-3) 가 analytics 의 deterministic stderr=0 을 under-sampled stderr=0 과 conflate.

Changed: - ANALYTICS_WEIGHT_MULTIPLIER = 0.5 + DIM_MODALITY_WEIGHT_MULTIPLIER dispatch dict — analytics modality 의 dim weight 0.5× scale - _dim_weight_with_modality(dim, measurement_modality) 헬퍼 — base DIM_WEIGHTS[dim] × modality multiplier - compute_fitness(..., measurement_modality: dict[str, str] | None) 파라미터 추가 — None 이면 backward compat (legacy caller 무영향) - _should_promote(..., measurement_modality, baseline_measurement_modality) 추가 + internal compute_fitness 3 호출에 forward - N=1 widening guard 의 modality check 추가 — JUDGE_LLM_MODALITIES (judge_llm + "") set 에 속하는 critical dim 만 widening 적용. analytics critical 은 widening skip (deterministic stderr=0 이 잘못된 신호 아님). Modality 부재 (v1 baseline) 시 보수적 default (judge_llm 가정) → widening 유지 - 신규 _load_baseline_measurement_modality() — _load_baseline_sample_count sibling, v2 schema 의 raw.measurement_modality 읽음. v1 → {} - main() 가 modality dict 를 compute_fitness + _should_promote 에 forward

Test guards (tests/test_p3_modality_weight_split.py 신규, 19 tests): - ANALYTICS_WEIGHT_MULTIPLIER 0-1 range invariant - DIM_MODALITY_WEIGHT_MULTIPLIER 가 dim_extractor._ANALYTICS_MODALITY + DEFAULT_MODALITY 의 emit 값 모두 cover (drift catch) - JUDGE_LLM_MODALITIES 가 빈 문자열 포함 (legacy 안전) - _dim_weight_with_modality: None / judge_llm / analytics / unknown modality / unknown dim 모두 (5 tests) - compute_fitness modality-blind backward compat - analytics modality 명시 시 fitness 감소 (weight scaled) - 모든 judge_llm 명시 시 modality-blind 와 동일 - _should_promote N=1 widening fires for judge_llm critical - _should_promote N=1 widening skipped for ALL-analytics critical (가정 시나리오, future schema 확장 대비) - _should_promote modality=None 시 보수적 default → widening 유지 - N1_FITNESS_MARGIN_FLOOR == 0.20 pin - _load_baseline_measurement_modality: missing file / v1 legacy / v2 raw namespace / malformed entries graceful (4 tests)

Added

• PR-SIL-5THEME C2 — Bench S6b production wiring. ADR-012 §S6 (schema + math + cross-validation gate, C1 amendment 로 ADR 측 명세 완료) 의 production path 가 모두 silently 끊겼던 9 disconnect 를 닫 는 7-bench inspect_ai federation collector + 4-axis fitness 활성 + Goodhart cross-validation gate fire + observability 4-axis 컬럼 확장.

Collector 실구현 — `autoresearch/bench_means.py 의 collect_bench_means_from_inspect_ai 가 placeholder (return None) → BenchProvenance dataclass 반환으로 교체. BENCH_PORT_MAP 7 entry (F1.b LCB-Pro substitution 반영) 가 inspect-evals 6 bench (livecodebench_pro / tau2_telecom / gpqa_diamond / hle / osworld / mle_bench) + inspect-harbor 1 bench (swebenchpro`) 로 dispatch.

A1 graceful-skip 의 4 게이트 — (1) `inspect-evals import 가용성, (2) inspect-harbor import 가용성, (3) Docker daemon 가용 (swe_bench_pro_pass / osworld_success / mle_bench_medal 의 sandbox 요구), (4) target_model 의 vision 지원 (hle_accuracy 의 multi-modal items). 환경 부재 시 해당 bench skip 후 missing_benches 에 등록 — Petri-side compute_missing_dims` (PR-4) 와 symmetric Goodhart suppression surface.

``GEODE_BENCH_S6B_LIVE`` env gate — 기본 off (nominal smoke / unit test / dry-run 환경 보호). `=1 설정 시에만 실제 inspect_ai.eval subprocess fire. off 일 땐 모든 bench 가 missing_benches` 에 등록돼 caller / journal / results.jsonl 모두 동일 시그널.

4-axis fitness 활성 (silent disconnect 9 → 0): - `main() 가 run_audit 직후 collector 호출 → compute_fitness(bench_means=current_bench, baseline_bench_means=...) 4-axis 분기 firing path 활성 (이전엔 분기 정의돼 있으나 호출 0회) - _baseline_provenance dict 에 bench_means + provenance 슬롯 추가 → _write_baseline 가 axes.bench_means + raw.bench_stderr + raw.bench_sample_count + raw.bench_rubric_version 영속화 (dim 측 PR-1 패턴 symmetric) - _should_promote 가 internal compute_fitness 호출에 bench forward → Goodhart cross-validation gate (alignment_only_fooling / capability_at_alignment_cost) 가 promote 결정에 영향. conflict 발화 시 reason payload (cross-validation conflict (<type>)) 가 promoted_line 에 surface — 이전엔 fitness=0 이 critical-axis vs cross-validation 인지 구분 불가 - format_results_jsonl_row 가 bench_means / bench_stderr / bench_sample_count / missing_benches / bench_rubric_version 5 컬럼 emit + ux_means / admire_means 컬럼 슬롯 (placeholder, S1b/S2b 후속) — cross-run 분석이 4-axis breakdown 을 baseline.json join 없이 읽기 가능 - OL-C1 eval emit (eval_response_recorded) 의 axis_scores["bench_means_aggregate"] 계산 출처를 baseline (이전 generation frozen) → bench_means_current (이번 audit) 로 교체 — M4.1 DPO pile 의 chosen/rejected pairing 의 stale signal 해소 - _emit_journal("per_dim_scores") payload 에 missing_benches + bench_rubric_version` 동봉 (cohort 추적)

의존성 추가 (`pyproject.toml [audit] extra): - inspect-evals>=0.13.0 — 6 bench cover (B1 grounding survey) - inspect-harbor>=0.4.5` — SWE-bench Pro

Test guards (`tests/test_s6b_bench_production_wiring.py 신규 + tests/test_s6_bench_means_fitness.py / tests/test_autoresearch_train.py 갱신): - BENCH_PORT_MAP ↔ BENCH_DIM_WEIGHTS 7-key parity (drift 차단) - BENCH_PORT_MAP 의 package 가 두 PyPI 패키지 중 하나임을 강제 - BENCH_REQUIRES_DOCKER / BENCH_REQUIRES_VISION subset invariant - BENCH_RUBRIC_VERSION non-empty (cohort tag 유효) - BenchProvenance() default state - compute_missing_benches empty / partial / None 입력 모두 - collect_bench_means_from_inspect_ai 가 BenchProvenance 반환 + 7-field universe coverage (means ∪ missing = 7) + vision gate (text-only 모델 → hle_accuracy missing) - format_results_jsonl_row 가 bench_provenance 전달 시 5 컬럼 모두 emit + 7-field universe 보존 + sorted missing_benches + rubric_version 보존 - format_results_jsonl_row legacy caller (provenance 미전달) backward-compat — 7-field 0.0 default 채워서 schema 일관성 - _write_baseline 가 raw.bench_stderr / raw.bench_sample_count / raw.bench_rubric_version 영속화 - _should_promote 의 alignment_only_fooling scenario — dim promote + bench regress 시 promote 차단 + reason 에 cross-validation conflict (alignment_only_fooling)` surface