oowl

OpenCode Opinionated Workflow Layer

oowl brings structured software engineering process to AI-assisted development on OpenCode. Instead of a single agent designing, coding, and reviewing in one session, it routes work through specialized roles with file locks, mandatory verification, and durable design artifacts.

Why oowl

oowl treats AI coding less like one heroic chat session and more like a small engineering process. Four benefits, each with what you gain and what you skip:

Benefit	What you get	What you avoid
Tier-matched models	Cheap models route, mid models build, premium models only handle hard reasoning and security.	Premium model on mechanical work, or cheap model missing a real problem.
Terse handoffs	Handoff format is just files, tests, risk, scope.	One agent writing a thesis to another.
Scoped context	Each role gets only the context it needs.	A single context window dragging history into every call.
Workflow gates	Design → plan → approval → file locks → verification → review.	Agents editing whatever they want, with no contract for who owns what.

Six features that ship those benefits:

File locks

One agent touches anything

Each task has locked file boundaries

Persistent artifacts

Design vanishes when chat ends

Design, plan, review persist in docs/specs/

Mandatory verification

"Looks done" is the only check

Agents run verification before reporting complete

Cost-tier profiles

Same model does everything

Profiles assign cheap / mid / premium by role

Security escalation

Security if you remember

Sensitive areas auto-escalate

Written reviews

Review if you ask

Every feature ships with a written review

How it works

A dispatcher reads your request, picks a tier, and routes to the right agent. Substantial work goes through design, plan, and review gates that you sign off on before any code ships.

your request → dispatcher │ ├─ trivial? → one implementer → done │ └─ substantial ├─ architect writes design.md ├─ [ you approve ] ├─ planner writes implementation.md → plan-reviewer ├─ [ you approve ] ├─ builder schedules waves; agents implement with file locks ├─ reviewer writes review.md └─ done

Get started · How it works in detail · GitHub · npm

Quick start

Install the framework, open OpenCode, tell dispatcher what to build. Three steps to your first feature.

Prerequisites: OpenCode installed, Node.js 18+.

Install the framework

npx @jimzandueta/oowl install

The walkthrough asks where to install and which model profile to use, then copies the framework into .opencode/.

Open OpenCode

opencode

Launch from your project root. OpenCode picks up the config and agents from .opencode/.

Talk to dispatcher

You: "Add a login page with email/password and Google OAuth."

Dispatcher → Architect → [you approve design]
          → Planner → Plan-reviewer → [you approve plan]
          → Builder schedules → agents implement
          → Reviewer → [merge to main?]

Commands

Command	What it does
`oowl install`	Install the framework (interactive walkthrough)
`oowl init`	Configure Optional skills per project
`oowl profile`	Switch model profiles interactively
`oowl profile <name>`	Switch directly: `free`, `low`, `balanced`, `high`, `custom`
`oowl update`	Update framework files with conflict detection
`oowl --version`	Print version

Install globally with npm install -g @jimzandueta/oowl to drop the npx prefix.

What you get

The full feature list at a glance: file locks, approval gates, persistent artifacts, 23 agents, model profiles, and more.

Feature	Details
File locks	Each task declares exactly which files it touches. No more agents editing files they shouldn't.
Approval gates	You see the design and the implementation plan before anyone writes code.
Persistent artifacts	Design, plan, and review live in `docs/specs/`. Close the chat, they're still there.
Mandatory verification	Agents run tests, type checks, or lint before reporting complete.
Agent skill customization	`oowl init` recommends community skills tuned to your project and writes them into each agent's config.
23 agents & slash commands	Orchestrators, artifact owners, implementers, reviewers, escalation, and bounded workers.
Git branch management	Dispatcher creates feature branches before design and handles merge after review.
Switchable profiles	`low` default, `balanced`, `high`, `free`, `custom` (from your connected models).
Sensitive-area safeguards	Auth, IAM, payments, PII, secrets, production config require explicit approval.

How it works

The full workflow from request to design to implementation to review. Read this to understand what oowl actually does — every other section references it.

On this page

Artifacts
Tasks
Tiers
Review
Trivial-fix fast path
Security model
What oowl does not guarantee
Guardrails
Task-class assignment

your request → dispatcher │ ├─ trivial? (under ~20 lines, under 3 files, nothing sensitive) │ └─ one implementer → done │ └─ substantial ├─ optional Git feature branch ├─ architect writes design.md + designer writes ui-spec.md (if UI) ├─ [ you approve the design ] ├─ planner writes implementation.md ├─ plan-reviewer validates → PLAN_APPROVED ├─ [ you approve the plan ] ├─ builder schedules implementation waves ├─ dispatcher runs assigned agents (each with file locks + verification) ├─ reviewer writes review.md ├─ optional branch merge handoff └─ done

Artifacts

Every substantial feature produces files under docs/specs/<feature>/:

docs/specs/login-page/
├── design.md           # architect: approach, tradeoffs, risks
├── ui-spec.md          # designer: layout, interactions (if UI involved)
├── implementation.md   # planner: task breakdown, file locks, verification
└── review.md           # reviewer: what shipped, test results, risks

Each artifact is owned by a specific agent. Non-owners can read them but cannot edit, delete, or overwrite them.

Tasks

Planner decomposes the feature into tasks. Each task declares exactly which files it touches:

Task: Add login form component
Agent: frontend-engineer
Files: src/components/LoginForm.tsx, src/components/LoginForm.test.tsx
Verification: npm run typecheck && npm test -- --testPathPattern=LoginForm

Parallel tasks are checked for file collisions. If two tasks touch the same file, they run sequentially.

Tiers

Agents map to three model cost levels:

Tier	Handles	Agents
Cheap	Routing, scheduling, bounded work	`dispatcher`, `builder`, `low-*`
Mid	Design, implementation, review	`architect`, `planner`, specialists
Premium	Escalations, deep security	`high-*`, `security-auditor`

Switch between bundled profiles (low default, balanced, high, free) or build a custom one with oowl profile.

Review

After implementation, reviewer writes a review covering what was built, test results, verification evidence, risks, and readiness. It can also route to security-reviewer for sensitive areas or security-auditor for deep dives — threat modeling, auth flows, IAM, compliance.

Trivial-fix fast path

A request skips the full workflow when all of these are true:

Under ~20 lines, under 3 files
No auth, IAM, payments, PII, secrets, or production config touched
No new dependency introduced
No architectural decision required
No new feature behavior or test-writing work required

You can also tell dispatcher explicitly: "this is a trivial fix, skip the design phase."

Security model

Sensitive areas that require explicit user approval:

Secrets, credentials, API keys, certificates, signing keys
PII and customer data
Payment processing and regulated financial flows
Authentication and authorization logic
IAM policies and access-control configuration
Production infrastructure and production configuration
Destructive database migrations on production-shaped data
Compliance-bound data (HIPAA, GDPR, PCI, SOC 2)
Cryptography, sessions, tokens, signing

If a task touches any of these, the agent stops with NEEDS_USER_INPUT. Low-tier agents also return ESCALATION_REQUEST so a capable model handles the sensitive work.

What oowl does not guarantee

File locks are workflow contracts, not OS-level ACLs — agents can still make mistakes
Model profiles are defaults, not pricing guarantees or benchmarks
oowl does not replace CI, branch protection, code owners, secret scanning, or human review

Guardrails

Guardrail	Effect
Central dispatch	Only `dispatcher` invokes implementation agents
Scheduler-only builder	`builder` cannot implement, edit, run shell, or invoke Task
File locks	Every implementation task declares exact paths it may edit
Parallel-safety review	`plan-reviewer` rejects parallel groups with lock collisions
Protected artifacts	Non-owner agents may read `docs/specs/**` but not modify it
Mandatory verification	Implementers must provide evidence before `TASK_COMPLETE`
Sensitive-area routing	Sensitive work requires approval; low-tier agents must escalate
Trivial-fix fast path	Small, mechanical, non-sensitive fixes skip unnecessary ceremony

Task-class assignment

Not every task needs a senior implementer. oowl classifies each implementation.md task as mechanical or behavior-changing and routes accordingly.

Class	What it covers	Assigned to
Mechanical	Renames, constants, static-list edits, copy updates, dependency bumps with no behavior change. Existing tests already cover the surface.	Low-tier — `low-engineer`, `low-task-worker`
Behavior-changing	New feature behavior, new UI components / pages / routes, new API endpoints, new domain logic, schema changes, migrations, or anything that needs new tests.	TDD-capable implementer — `backend-engineer`, `frontend-engineer`, `database-engineer`, `cloud-architect`, `test-engineer`

Low-tier is not a TDD bypass. low-engineer is limited to tiny mechanical edits with existing local verification. low-task-worker handles read-only checks and trivial file creation with exact content. If a task introduces new behavior, new components, new tests, or schema changes, it must go to a TDD-capable implementer. plan-reviewer rejects plans that misclassify.

Protocol signals

The structured handoffs between agents. Every signal has a name, required fields, and a clear sender/receiver. Click any signal below to see its full format.

Agents don't pass work through freeform chat. Every handoff is a named structured block with required fields. That's what keeps the workflow machine-readable and stops agents from going off-script.

dispatcher classify request │ ├─ trivial → TRIVIAL_FIX_DISPATCH → implementer → TASK_COMPLETE │ └─ substantial ├─ dispatcher runs Git branch gate ├─ architect → PHASE_COMPLETE (phase: design) │ └─ if UI → designer → PHASE_COMPLETE (phase: ui-spec) ├─ [ user approves design ] ├─ planner → PHASE_COMPLETE ├─ plan-reviewer → PLAN_APPROVED | PLAN_REJECTED → planner revises ├─ [ user approves plan ] ├─ builder → REQUEST_CONSULT (single) | REQUEST_CONSULT_BATCH (2-3, atomic) ├─ dispatcher dispatches implementers │ ├─ success → TASK_COMPLETE │ ├─ blocked → NEEDS_USER_INPUT │ ├─ sensitive → NEEDS_USER_INPUT │ └─ low-tier + sensitive → ESCALATION_REQUEST ├─ parallel dispatch fail → PARALLEL_DISPATCH_FAILED ├─ protected artifact missing → PROTECTED_ARTIFACT_MISSING → STOP ├─ reviewer → REVIEW_COMPLETE ├─ dispatcher runs branch handoff if it created a feature branch └─ escalation agent → ESCALATION_COMPLETE

TRIVIAL_FIX_DISPATCH (dispatcher → implementer)

TRIVIAL_FIX_DISPATCH
Justification:
- under ~20 lines and under 3 files
- no sensitive area touched
- no new dependencies
- no architectural decision required
Target agent: <agent-name>
Task prompt: |
  <complete prompt>
Files: <expected files>
Verification: <required checks>

PHASE_COMPLETE (architect / designer / planner / reviewer → dispatcher)

PHASE_COMPLETE
Phase: <design | implementation-spec | build | review | ui-spec>
Summary: <summary>
Artifacts:
- <file created or modified>
Next phase: <user-design-approval | user-implementation-approval | plan-reviewer | build | review | done>
Risks: <remaining risks>
Verification:
- <checks performed or required>

PLAN_APPROVED / PLAN_REJECTED (plan-reviewer → dispatcher)

PLAN_APPROVED
Summary: <why this plan is executable>
Next phase: user-implementation-approval
Risks: <remaining risks>
Verification: <expected verification>

PLAN_REJECTED
Issues:
- <BLOCKER or WARNING>: <issue>
Required changes:
- <specific fix>
Return to: planner

REQUEST_CONSULT (builder → dispatcher)

REQUEST_CONSULT
Target agent: <agent-name>
Task ID: <task id, if any>
File locks:
- <path>
Task prompt: |
  <complete prompt dispatcher should send directly>
Expected output: <expected result>
Verification requirements:
- <check>
Subagent summary: <current state>

REQUEST_CONSULT_BATCH (builder → dispatcher)

REQUEST_CONSULT_BATCH
Max parallel: 3
Wave: <wave id>
Parallel group: <group id>
Atomic dispatch required: yes
Tasks:
- Target agent: <agent-name>
  Task ID: <task id>
  File locks:
    - <path>
  Task prompt: |
    <complete prompt>
  Expected output: <expected result>
  Verification requirements:
    - <check>
  Reason parallel-safe: <reason>
Subagent summary: <why this batch is safe>

TASK_COMPLETE (implementer → builder / dispatcher)

TASK_COMPLETE
Task ID: <task id>
Files changed:
- <file>
Verification:
- <command/result>
Risks:
- <risk or none>
Notes:
- <brief note>
Protected artifacts:
- confirmed docs/specs/** unchanged and present

NEEDS_USER_INPUT (any agent → user via dispatcher)

NEEDS_USER_INPUT
Question: <one clear question>
Why needed: <brief reason>
Default if unanswered: <safe default>
Subagent summary: <brief summary>

ESCALATION_REQUEST (low-tier agent → dispatcher)

ESCALATION_REQUEST
Target agent: <high-engineer | high-architect | high-designer | security-auditor>
Why cheaper agents are insufficient: <reason>
What was attempted: <summary>
Specific output needed: <decision or deliverable>
Risk if wrong: <impact>

ESCALATION_COMPLETE (high-tier agent → dispatcher)

ESCALATION_COMPLETE
Reason escalation was justified: <reason>
Result: <summary>
Files changed or decisions made:
- <item>
Verification:
- <command/result or recommended check>
Remaining risks:
- <risk or none>

REVIEW_COMPLETE (reviewer → dispatcher)

REVIEW_COMPLETE
Summary: <summary>
Findings:
- <finding count by severity>
Blocking issues: <yes/no>
Verification gaps:
- <gap or none>

PARALLEL_DISPATCH_FAILED (dispatcher → builder)

PARALLEL_DISPATCH_FAILED
Reason: <why concurrent dispatch was not possible>
Fallback proposed: <serial execution | smaller batch | user decision>

PROTECTED_ARTIFACT_MISSING (any agent → dispatcher)

PROTECTED_ARTIFACT_MISSING
Missing:
- <path>
Last task or batch: <summary>
Required action: restore from git or snapshot before continuing

git checkout -- docs/specs/<feature>/design.md

Agents

23 agents across 6 classes, with permission boundaries and Superpowers usage rules. Use this as a reference when customizing prompts or adding new agents.

On this page

Orchestration
Permission boundaries
Artifact owners
Implementation
Review
Escalation
Low-tier bounded

23 agents across 6 classes. Files live in framework/agents/ and are copied to .opencode/agents/ on install.

Orchestration

dispatcher builder

dispatcher classifies requests, routes them, and handles Git branch setup and final branch handoff. Only dispatcher may invoke implementation agents via Task. builder is scheduler-only: no file edits, no shell, no Task calls.

Permission boundaries

All agents can read, list, and search files for context. Artifact owners can write only their owned files under docs/specs/. Implementation and escalation agents can ask to edit scoped work files but cannot modify docs/specs/** or AGENTS.md. Dispatcher's protected-file denies stay narrow so implementation agents launched through Task keep their edit tools.

Artifact owners

architect designer planner reviewer

Implementation

frontend-engineer frontend-polisher backend-engineer database-engineer cloud-architect test-engineer

Review

code-reviewer plan-reviewer security-reviewer security-auditor

Escalation

high-engineer high-architect high-designer

Low-tier bounded

low-engineer low-task-worker low-architect low-designer

■ cheap/fast tier ■ mid/balanced tier ■ premium/deep tier

Model profiles

Profiles assign models to cost tiers. The default profile is low. Switch anytime with oowl profile. Use bundled profiles for OpenCode Go, use free for free OpenCode models, or build a custom one from your connected models.

Profiles assign models to agent tiers. Switch anytime with oowl profile.

Bundled profiles

Profile	Purpose
`low`	Default. Cost-first for long sessions and routine development
`balanced`	Daily fullstack. Stronger models where quality pays off.
`high`	Quality-first for higher-stakes or shorter sessions
`free`	Free OpenCode models. free-data will be used in training; do not use for private, proprietary, regulated, customer, or confidential data.

Custom profile (no OpenCode Go needed)

oowl install and oowl profile custom scan your connected OpenCode models and let you assign them to cheap/mid/premium tiers. If fewer than 3 models are detected, you can enter model IDs manually.

Plugins

OpenCode plugins oowl loads by default: Superpowers (TDD, brainstorming, debugging) and Caveman (signal-dense compression).

opencode.jsonc loads two plugins out of the box:

"plugin": [
  "superpowers@git+https://github.com/obra/superpowers.git",
  "caveman@git+https://github.com/juliusbrussee/caveman.git"
]

Plugin	Role
obra/superpowers	Skills for TDD, brainstorming, planning, systematic debugging, and review discipline.
juliusbrussee/caveman	Keeps agent handoffs short and signal-dense. Applied to routing summaries and completion signals only.

Install

Three install paths: interactive walkthrough, scripted shell for CI/CD, and npm + npx for one-off use. Pick what fits your environment.

On this page

npm + walkthrough
Scripted install
oowl profile
oowl update
Uninstall

Primary: npm + walkthrough

npm install -g @jimzandueta/oowl
oowl install

The walkthrough asks: local vs global install, model profile, and overwrite confirmation. The default profile is low. Local installs write framework files under .opencode/, plus AGENTS.md and .oowl.json to the project root.

Prefer not to install the CLI permanently?

npx @jimzandueta/oowl install

Scripted: install.sh

For CI/CD, Dockerfiles, or automation:

bash install.sh --global
bash install.sh --project /path/to/project --force
bash install.sh --project /path/to/project --dry-run

oowl init

See the Optional skills section below — it covers the full oowl init flow, skill sources, and commands.

oowl profile

oowl profile
oowl profile free
oowl profile low
oowl profile balanced
oowl profile high

The free profile uses free OpenCode models. free-data will be used in training, so do not use it for private, proprietary, regulated, customer, or confidential data.

oowl update

oowl update

Updates framework files to the latest package version. Modified files show a unified diff — keep yours or accept the update. Old files no longer shipped are removed. Reapplies active profile and saved Optional skills.

Uninstall

# local
bash uninstall.sh --project
bash uninstall.sh --project /path/to/project

# global
bash uninstall.sh --global

Add --dry-run to preview. Add --keep-project-files to keep AGENTS.md, .oowl.json, and legacy opencode.jsonc.

Optional skills

Beyond the required skills bundled with oowl, add Optional skills via oowl init. Three community repos, quality-gated, configurable per project.

Required skills (TDD, brainstorming, writing-plans, verification) ship with oowl. Optional skills are community-built workflows that agents load at session start — design taste, deployment pipelines, architecture patterns, and more.

How it works

Run the wizard

oowl init

Describe your project in free text or answer 5 structured questions — project type, frontend framework, cloud target, database, and priorities.

Review recommendations

The recommendation engine matches your project profile against the skills registry and suggests skills organized by agent. You see a summary table with agent names and skill counts.

Approve, edit, or skip

Approve everything, edit individual selections per agent, or skip entirely. Required skills (brainstorming, TDD, debugging) always apply — this only controls Optional community skills.

Install and wire

The wizard clones the skill source repos, symlinks SKILL.md files into .opencode/skills/, and writes skill permissions into opencode.jsonc and each agent's frontmatter.

Skill sources

Optional skills come from three community repositories:

Repository	Skills
Leonxlnx/taste-skill	Design taste, minimalist UI, brutalist UI, high-end visual design, redesign workflows, full output enforcement
wshobson/agents	Architecture patterns, API design, error handling, database migration, testing patterns, CI/CD, cloud observability, security — 30+ skills
nextlevelbuilder/ui-ux-pro-max-skill	UI/UX Pro Max — design and interaction patterns

Each skill in the registry passes a quality gate (star count threshold) before it's eligible for recommendation. The wizard only suggests gated skills.

Commands

Command	What it does
`oowl init`	Run the interactive wizard
`oowl init --list`	Show currently configured Optional skills
`oowl init --reset`	Clear all Optional skills and re-run the questionnaire
`oowl init --apply`	Re-write permissions from saved configuration without re-running the wizard

Restart your OpenCode session after running oowl init — skills load at startup.

Customizing

How to edit agents, add new agents, change workflow rules, add slash commands, set project conventions, and adjust model profiles.

On this page

Edit an agent prompt
Add an agent
Change workflow rules
Add a custom profile
Add a slash command
Add project conventions
Repository layout

Edit an agent prompt

Agent files live in .opencode/agents/ (local) or ~/.config/opencode/agents/ (global). Edit directly for immediate effect. When oowl update detects the change, choose "keep mine" to preserve it.

Add an agent

Add a .md file under the right class in framework/agents/
Add the agent to every profile JSON under agent_order and agents
Update framework/agents/README.md
Add a command file in framework/commands/ if needed
Run oowl profile to verify it appears in the model strategy

Change workflow rules

File	Controls
`framework/prompts/workflow/routing.md`	Trivial vs substantial thresholds
`framework/prompts/workflow/protocols.md`	Core protocol blocks and agent communication
`framework/prompts/execution/sensitive-data.md`	Sensitive-area triggers and escalation rules
`framework/prompts/execution/implementation-safety.md`	Test-first coverage and low-tier routing safety
`framework/prompts/workflow/protected-artifacts.md`	Artifact ownership and protection rules

Add a custom profile

cp framework/model-profiles/balanced.json framework/model-profiles/my-profile.json
# edit my-profile.json with your model assignments
bash scripts/apply-profile-models.sh framework/model-profiles/my-profile.json

Add a slash command

Add a .md file under the appropriate class in framework/commands/. Installed commands are flattened into .opencode/commands/.

Add project conventions

Engineering prompt files define project conventions that implementation agents load:

framework/prompts/engineering/code-conventions.md  — naming, imports, formatting
framework/prompts/engineering/file-structure.md    — directory layout, file naming
framework/prompts/engineering/tool-preferences.md  — preferred libraries, banned tools
framework/prompts/engineering/error-handling.md    — error envelopes, logging, retry

Edit these files with your project's conventions. Implementation agents load them automatically.

Repository layout

bin/
  oowl.js                       CLI entry point

src/
  cli.ts                        command router
  commands/
    install.ts                  oowl install walkthrough
    init.ts                     Optional skills configuration
    profile.ts                  oowl profile wizard
    update.ts                   oowl update with checksum diffing
  lib/
    installer.ts                file copy and .oowl.json
    frontmatter.ts              update model: lines in agent files
    profiles.ts                 apply JSON profile to install
    checksum.ts                 SHA-256 tracking
    opencode-config-writer.ts   write installed opencode.jsonc permissions
    opencode-scanner.ts         detect connected OpenCode models
    paths.ts                    framework and install dir resolution
    skill-recommender.ts        Optional skill recommendations

framework/                      bundled files shipped with the package
  agents/                       23 agents in 6 classes
  commands/                     23 slash commands
  prompts/
    workflow/                   routing, protocols, protected-artifacts, git-workflow
    execution/                  sensitive-data, implementation-safety
    engineering/                code-conventions, file-structure, tool-preferences, error-handling
    runtime/                    model-strategy
    review/                     review policy
    methodology/                test-first, caveman
  model-profiles/               free.json, low.json, balanced.json, high.json
  profile-models.json           bundled default active profile
  AGENTS.md                     workflow definition template
  opencode.jsonc                runtime config template

scripts/
  apply-profile-models.sh       legacy shell script (power users)

install.sh                      shell installer for scripted installs
uninstall.sh                    shell uninstaller

After oowl install, files from framework/ are copied to .opencode/. Edit the .opencode/ copies directly — they take effect immediately and oowl update will diff them against the shipped versions.

Common issues

Common questions and how to fix them. Click any item to expand.

Agents aren't showing up in OpenCode

OpenCode must be launched from the project that contains .opencode/.

ls .opencode/agents
ls .opencode/opencode.jsonc

If either is missing, re-run oowl install from your project root.

oowl command not found after npm install -g

Your global npm bin directory may not be on PATH.

npm bin -g   # shows the path to add

Alternatively, keep using npx @jimzandueta/oowl.

Wrong model after switching profiles

Use oowl profile: it updates agent frontmatter, opencode.jsonc, and the recorded active profile.

Fewer than 3 models during custom profile setup

Connect more providers in OpenCode's settings, then run oowl profile custom again, or enter model IDs manually.

oowl update shows everything as modified

.oowl.json is missing or predates checksum tracking. Reinstall with oowl install and confirm replacement when you are ready to replace the installed framework files.

Protected artifact disappeared mid-workflow

Restore from Git:

git checkout -- docs/specs/<feature>/design.md

To protect against this, commit approved specs before implementation starts:

git add docs/specs
git commit -m "chore: preserve approved specs for <feature>"

Workflow feels like too much ceremony

Tell dispatcher explicitly: "this is a trivial fix, skip the design phase." Or adjust the routing thresholds in framework/prompts/workflow/routing.md.

Contributing

Before opening a PR. Run the checks, keep the workflow rules intact, and commit design artifacts.

# Tests
npm test

# CLI smoke test
node bin/oowl.js --help

# Framework invariants
npm test -- --testPathPattern=invariants

# Profile JSON validation
for f in framework/model-profiles/*.json framework/profile-models.json; do
  node -e "JSON.parse(require('fs').readFileSync('$f','utf8'))" && echo "OK: $f"
done

# npm pack check
npm pack --dry-run

Keep these intact:

dispatcher owns dispatch: only it invokes Task
builder schedules only: no file edits, no shell, no Task
Protected artifacts remain owner-controlled
Implementation tasks require file locks
Verification evidence required before TASK_COMPLETE
Sensitive flows require explicit approval and stricter routing