v0.14.1

Packaging-only patch — fixes crates.io publish that failed silently on v0.14.0.

Fixed

• cargo publish no longer errors on missing template file. Relocated
  templates/settings.agent-context.json → cli/templates/settings.agent-context.json
  so it ships inside the crate tarball. v0.14.0 published successfully to npm +
  GitHub Packages + GitHub Release, but the crates.io step errored with
  couldn't read src/../../templates/settings.agent-context.json because the
  file was outside the crate root and got excluded from the packaged tarball.
  The file is the authoritative source consumed by the Rust-side template
  hardening from v0.14.0's P11/P13 passes — moving it into the crate is the
  cleanest fix (Node-side <callers> updated to read from the new path).

Changed — CI

• release.yml verify job now runs cargo publish --dry-run so a packaging
  bug like v0.14.0's fails the pre-merge check instead of silently shipping
  a broken crate release with all other registries green.

v0.14.0

Agent-context hardening pass: P1–P13 addressing failure modes F19–F58 across integrity, hostile input, concurrency, schema lifecycle, and authoring ergonomics.

v0.14.0 ships the thirteen-pass hardening effort planned in research/agent-context-gaps-plan.md on top of v0.13.0's full Rust parity. Every pass closes a named set of failure modes from the gap analysis. The Rust CLI and Node adapter receive matching changes; both implementations continue to emit byte-identical outputs where they share contract. The headline behavior change is the session-start freshness gate: routing blocks in CLAUDE.md / AGENTS.md / GEMINI.md now carry a mandatory first-line instruction directing agents to compare head_sha_at_seal against git rev-parse HEAD before any reasoning and warn the user when they diverge.

Integrity & provenance (P1, P2, P11, P12)

• P1 — rich manifest + provenance. manifest.json now carries provenance fields (head SHA at seal, seal timestamp, tool versions, tool hashes) and records the authoring/sealing chain so downstream consumers can verify pack origin.
• P2 — structural verifier. chorus agent-context verify gains a structural pass that validates required sections, cross-file references, and JSON-schema-bound authority files beyond the earlier checksum-only integrity check.
• P11 — schema version enforcement + install integrity (F34, F36, F37, F38). Manifest now pins a schema version; verify rejects packs whose schema version is unknown to the installed CLI, and install performs integrity checks so tampered or partially-installed packs fail fast instead of silently degrading.
• P12 — trust boundary & pack integrity. Pack integrity validation runs on every seal. The trust boundary between pack content and agent reasoning is documented and enforced end-to-end.

Hostile input safety (P8, P9)

• P8 — hostile input & platform safety (F19–F23). Seal and verify now harden against hostile pack content: path traversal, symlink escape, oversized files, non-UTF-8 sequences, and platform-specific name collisions are all rejected with clear diagnostics rather than producing corrupt packs.
• P9 — git edge cases (F24–F28). Detached HEAD, submodules, worktrees, shallow clones, and grafted histories are all handled explicitly. build_manifest records a detached flag and SealOptions carries follow_symlinks: false by default.

Concurrency & atomicity (P10)

• P10 — concurrency, atomic writes & recovery (F29–F33, F55). Seal is now crash-safe: writes go through a staging directory with rename commit, stale lockfiles from interrupted seals are detected and recovered, and concurrent verify runs no longer race against a mid-flight seal.

Authoring ergonomics & lifecycle (P13)

• F46 — Tiered adoption. agent-context init --tier <1|2|3> lets teams scaffold a narrower starting pack. Tier 1 ships 20_CODE_MAP.md + routes.json only; Tier 2 adds 30_BEHAVIORAL_INVARIANTS.md + completeness_contract.json; Tier 3 is the full pack (default, identical to legacy behavior). Seal auto-detects which files are actually present, so a Tier-1/2 pack does not fail the required-files check. Node parity added to scripts/agent_context/init.cjs.
• F50 — Pack-file alias support. manifest.json gains an aliases object mapping canonical filenames to on-disk names (e.g. {"20_CODE_MAP.md": "20_architecture.md"}). Both verify and the Node verifier retry with the aliased filename when the canonical one is missing and surface a NOTE in human output so an author can see the alias was consulted. seal carries the aliases map forward across re-seals.
• F58 — Last-known-good pointer. manifest.json gains last_known_good_sha. verify --ci promotes the sealed HEAD into this field on a fully green run. agent-context rollback --latest-good resolves the pointer through history.jsonl (falling back to rotated archives) and restores the matching snapshot. --latest-good and --snapshot are mutually exclusive. Node parity added in scripts/agent_context/rollback.cjs and scripts/agent_context/verify.cjs.
• F47 — Session-start freshness gate. The routing blocks init upserts into CLAUDE.md / AGENTS.md / GEMINI.md now open with a mandatory first-line instruction: agents must compare head_sha_at_seal against git rev-parse HEAD before any reasoning and warn the user when they diverge. The Rust and Node init flows emit the identical preamble. This is a behavior change for agents consuming existing packs — re-run chorus agent-context init (or re-seal) after upgrade to pick up the gate.

Zone-aware freshness & pre-edit awareness (P3, P4, P5)

• P3 — zone-aware freshness + suggest-patches. Freshness detection now operates per pack zone (code map, invariants, operations, etc.) instead of a single global-stale signal. check-freshness emits targeted suggestion patches naming which sections the diff affects, which P6 hook intelligence consumes.
• P4 — pre-edit awareness. Authoring flows now read the pack before editing so that the agent is aware of the invariants it is about to mutate.
• P5 — count SSOT via handlebars. Counts quoted in narrative markdown (file counts, invariant counts, etc.) are expanded from the manifest through a single handlebars-style source of truth, eliminating drift between prose and data.

Subagent reconciliation (P7)

• P7 — subagent reconciliation diff --since-seal. chorus agent-context diff --since-seal compares a subagent's working tree against the last sealed state so a parent agent can reconcile parallel subagent work without re-reading full sessions.

Hook intelligence + separate-commit enforcement (P6)

• Pre-push hook now detects pack-only pushes (every path in the push range starts with .agent-context/) and skips the freshness cycle with a pack-only push, skipping freshness check message. Closes the noise loop where code pushes warn "pack is stale", the agent updates the pack, and the follow-up push re-warns about its own commit.
• Each chorus agent-context verify / check-freshness warning now writes .agent-context/current/.last_freshness.json with {changed_files, affected_sections, timestamp}. On a subsequent pack-only push the hook reads this state, checks whether the push touches the section files the prior warning named, and prints warning appears addressed: sections [X, Y] updated.
• New opt-in flag chorus agent-context verify --ci --enforce-separate-commits. When set, verify inspects base..HEAD and fails if any commit mixes .agent-context/** with non-pack paths. Off by default; the gate is intended for teams that have adopted the "pack edits land as their own commit" convention. See docs/CLI_REFERENCE.md for the JSON schema additions (separate_commits, mixed_commits).

Fixed

• Gemini adapter: .jsonl files now indexed and readable. Pre-existing bug where the
  list/scope discovery only picked up .json; newer Gemini CLI writes .jsonl. Listings now
  include both, and chorus read --agent gemini --id <session> now parses .jsonl
  line-delimited sessions (header + message lines + $set metadata), dedupes streaming-
  duplicate assistant turns on message id, and funnels through the same Session shape as
  the legacy single-document .json path. Rust and Node adapters dispatch on file extension
  so downstream callers remain format-agnostic.
• Gemini adapter: cwd inference from scope directory. Listings used to emit cwd: null
  for every Gemini session. The scope directory name (e.g. play) is now returned as the cwd
  hint, so chorus read --agent gemini --cwd <X> filtering works for named scopes.
  Hex-hash scopes still return the hash (lossy; users can set --chats-dir to pin).
• Gemini adapter: lenient --cwd <abspath> filter in listings. chorus list --agent gemini --cwd /abs/path previously hashed the abspath and returned [] whenever a matching hash
  directory didn't exist — which is the common case because Gemini CLI actually uses named
  scopes (e.g. ~/.gemini/tmp/play/chats/). The listing resolver now also accepts a named
  scope whose slug equals the cwd's final segment or appears as /<slug>/ or trailing
  /<slug> within the abspath. This cascades into chorus timeline --cwd and
  chorus doctor --cwd (both of which go through list_sessions), so sessions_gemini now
  reports pass and timeline entries include Gemini when the abspath matches a named scope.
  Hex-hash scopes are still resolved only by exact hash match.
• Gemini adapter: summary understands Gemini's role vocabulary. chorus summary --agent gemini used to report message_count: 0 for .jsonl sessions even when read returned
  multi-message content on the same file. The summary walker's role detector now maps
  type: "gemini" and type: "model" to assistant (matching the existing read-path
  mapping), and single-document .json sessions are expanded into synthetic line-shaped
  entries so the walker works uniformly across both Gemini layouts. Rust and Node implementations
  apply the same fix.

Known Limitations

• Markdown merge conflicts (#11): Parallel PRs that both edit the same pack markdown file (e.g. 20_CODE_MAP.md) can conflict on merge. The tooling cannot auto-resolve these. Mitigation: keep pack files organized around stable H2 section headings so edits cluster inside bounded sections and conflicts stay localized. Re-seal after the human conflict resolution.
• Squash-merge collapses pack commits (#12): When a PR uses squash merge, the separate pack commit is folded into the squash parent. This is a git workflow decision outside the tooling's authority. Mitigation: teams that squash should land pack updates as their own PR (the team convention documented in skills/agent-context/SKILL.md). Teams that merge-commit or rebase-and-merge can keep pack updates in the sam...

v0.13.0

Full Rust parity for the v0.11.0 Node-only surface, plus CI decoupling so a stale registry token no longer silently drops a GitHub Release.

Closes the parity gap that has lingered since v0.11.0. The Rust CLI now implements summary, timeline, doctor, and setup end-to-end, and the existing read subcommand gains --include-user, --tool-calls, and --format {json|md|markdown}. Both implementations continue to emit byte-identical JSON for the same inputs; conformance against shared fixtures gates merges.

Added — Rust parity for v0.11.0 features

• chorus summary --agent <agent> [--cwd] [--format] [--json] in Rust — structured session digest (message count, duration estimate, user requests, files referenced, tool-call counts, last-response snippet). Metadata-only, no LLM calls. Matches the Node output shape byte-for-byte.
• chorus timeline [--agent]... [--cwd] [--limit] [--format] [--json] in Rust — cross-agent chronological view interleaving sessions. Defaults to all four agents with limit 5 per agent. Sorted by timestamp descending.
• chorus doctor [--cwd] [--json] in Rust — environment + setup diagnostic. Reports on version, session directories, scaffolding, managed blocks, session discoverability per agent, context pack state, Claude Code plugin installation, and update status. Each check returns pass | warn | fail.
• chorus setup [--cwd] [--dry-run] [--force] [--agent-context] [--json] in Rust — project scaffolding, managed-block injection into CLAUDE.md/AGENTS.md/GEMINI.md, .gitignore append, and optional Claude Code plugin install. --dry-run preview matches Node operation-by-operation.

Added — read flag parity in Rust

• --include-user pairs the user prompt(s) that anchor the returned assistant message(s). Designed for live status checks; assistant-only remains the default for narrower handoff reads.
• --tool-calls surfaces [TOOL: <name>]...[/TOOL] blocks alongside text content (normally stripped during extraction). Metadata includes "included_tool_calls": true when active.
• --format {json|md|markdown} renders output as JSON or formatted markdown. Rust treats --format json as an alias for --json. Node has a known bug here where --format json falls through to plain-text output (see scripts/read_session.cjs:1759); the Node bug is documented and left in place because fixing it is an output-contract change that should roll with a dedicated deprecation.

Added — golden fixtures + conformance harness for parity regression

• cargo test --manifest-path cli/Cargo.toml now runs 52 tests (29 pre-existing plus 23 new parity tests covering the four subcommands and the three read flags).
• New golden fixtures under fixtures/golden/ seal the v0.13.0 output shapes; scripts/conformance.sh diffs them against both Node and Rust on every CI run.
• scripts/release/generate_goldens.sh rebuilds the fixture set when output shapes are intentionally bumped.

Changed — CI decoupling (release.yml)

• package-node.needs drops publish-crate. npm and crates.io are independent registries; one registry's failure must not cascade into skipping the other. Prior to v0.13.0, a transient crates.io hiccup silently skipped npm publish (this is how v0.12.1 shipped to GitHub + crates.io but not to npm).
• Publish to npm step gets continue-on-error: true. A stale NPM_TOKEN (see Known Limitations below) no longer fails the whole package-node job — the tarball is already built and uploaded as a workflow artifact before the npm publish step runs.
• create-release.needs drops publish-crate and publish-github-package. Those jobs don't produce downloadable artifacts for the GitHub Release; only package-node (the .tgz) and package-rust (the two binaries) do. Added if: always() && needs.verify.result == 'success' so the Release still ships even if a sibling publish job fails.
• Net effect: from v0.13.0 onwards, a stale registry token or a transient registry hiccup leaves the GitHub Release + attached binaries intact. The failing publisher is still visible as a red job on the workflow run page.

Known Limitations

• Gemini + Cursor --tool-calls is a no-op. Those adapters do not parse a tool-call schema from their underlying stores, so the flag runs without error but returns no [TOOL: ...] blocks. This matches the Node behavior — it is a missing-capability in the adapter layer, not a Rust-specific gap. Tracked for a later release.
• NPM_TOKEN rotation. The automated npm publish step degrades gracefully (see CI decoupling above), but the token still needs to be rotated at https://github.com/cote-star/agent-chorus/settings/secrets/actions before the npm publish step can succeed on its own. Until rotation, the manual workaround is npm-play publish --confirm-publish from a worktree rooted under ~/sandbox/play.

v0.12.2 — holistic repo refresh

Docs + pack-freshness release. Zero code-behavior changes.

A holistic cleanup on top of v0.12.1 to match every surface of the repo to the actual v0.12.x feature set. The rapid v0.12.0 and v0.12.1 releases landed the new code but left stale traces in secondary surfaces; this release retires them.

Refreshed — the repo's own .agent-context/ pack

Was sealed 2026-04-08 at commit 1487f29; 15 commits / 12 days behind main. Its 00_START_HERE.md still claimed "Version: 0.9.1" and 10_SYSTEM_OVERVIEW.md predated chorus checkpoint. Now re-sealed at the v0.12.2 HEAD with:

• Product version updated in 00_START_HERE.md
• chorus checkpoint, chorus summary, chorus timeline, --tool-calls, --format markdown, --include-user documented in 10_SYSTEM_OVERVIEW.md
• cli/src/checkpoint.rs, scripts/hooks/chorus-session-end.sh, and the new Gemini/Cursor fallback helpers (detect_gemini_pb_fallback_hint, detect_cursor_vscdb_fallback_hint, etc.) added to 20_CODE_MAP.md
• Three new invariants in 30_BEHAVIORAL_INVARIANTS.md covering the chorus checkpoint .agent-chorus/ guard, Gemini/Cursor fallback-hint specificity, and the verify_versions.sh release gate
• Automated GitHub Release flow + NPM_TOKEN rotation caveat documented in 40_OPERATIONS_AND_RELEASE.md
• search_scope.json extended with new probe helpers

Fixed — stale roadmap + protocol version claims

• README.md lines 253 + 446: "Rust parity planned for v0.12.0" → "still pending". v0.12.0 shipped session handoff, not Rust parity for the v0.11.0 Node features; the old claim was literally false.
• docs/CLI_REFERENCE.md line 788: same fix.
• PROTOCOL.md header: v0.8.1 → v0.12.2 (four minor versions behind).

Archived — research + WIP artifacts for shipped work

• research/handoff-2026-03-{25,26,26-evening}.md → research/archive/2026-Q1/ (historical session handoff notes).
• wip/agent-context-skill/ → research/archive/skill-development-log/ (skill shipped in v0.12.0 as skills/agent-context/; the WIP tree was now mis-labeled). New wip/README.md makes the convention explicit.
• New research/archive/README.md explains the archive convention and the split between active research docs and historical ones.

Normalized — script help wording

• scripts/agent_context/check_freshness.sh: comment now names agent-context (primary) instead of context-pack (deprecated alias, still shipped for back-compat until v1.0.0).
• scripts/test_smoke.sh: added a clarifying comment so the intentional context-pack alias exercise is not mistaken for a drift-we-should-fix.
• Node-facing --context-pack flag on chorus setup and the hook-sentinel marker names remain untouched (removing them is breaking; deferred to v1.0.0 per research/rename-progress.md).

Also landed

• GitHub Actions package-rust step uploads binaries from the correct path (fix shipped in v0.12.1). v0.12.2 will be the second release to surface those binaries on the GitHub Releases page automatically.

v0.12.1 — release.yml binary paths + basic-ftp audit

Infrastructure fixes and supply-chain hygiene on top of v0.12.0. No user-facing behavior changes.

Fixed — release.yml binary upload path

package-rust was uploading from target/release/chorus but the build step uses cargo build --manifest-path cli/Cargo.toml --release, which produces binaries at cli/target/release/chorus. Every release since v0.9.1 silently uploaded empty artifacts and the create-release job (landed in v0.11.0-era release-automation work) therefore had nothing to attach. v0.12.1 is the first release where the Rust binaries ship on the GitHub Release page automatically for both linux-x64 and macos-arm64.

Fixed — basic-ftp advisory (GHSA-6v7q-wjvx-w8wg / -chqc-8p9q-pq6q / -rp42-5vxx-qpwr)

npm audit flagged three high-severity CVEs on basic-ftp <=5.2.2, a transitive devDependency via puppeteer. The vulnerability affects demo-recording tooling only — it is NOT shipped in the published npm tarball — but refreshing package-lock.json via npm audit fix removes it from contributor installs. Audit is clean on v0.12.1: found 0 vulnerabilities.

Also in this release

• Branch protection on main is now enabled with force-push denied. No direct pushes to the released branch; every change must go through a reviewed PR.

v0.12.0 — session handoff protocol (closes #8)

Closes #8. Ships the session handoff protocol, interruption-resilience hook, and better error messages for two opaque-storage cases that previously returned bare NOT_FOUND.

Added — chorus checkpoint subcommand

A first-class state-broadcast command that sends current git state (branch, uncommitted file count, last commit hash + subject) to every other agent's inbox in one call. Works on any OS, fully tested, idempotent, guards on .agent-chorus/ presence so it is safe to call unconditionally in hooks.

chorus checkpoint --from claude
chorus checkpoint --from codex --message "Payment refactor half-done; types still broken" --json

Replaces the pattern of calling chorus send three times when you just want everyone to know where you left off. chorus send is still the right tool for targeted messages; checkpoint is a loud hello/goodbye for the whole room.

Added — scripts/hooks/chorus-session-end.sh

Thin shell wrapper around chorus checkpoint designed for Claude Code's SessionEnd hook so agents broadcast their state on any exit — clean, crash, or closed window. Install via ~/.claude/settings.json:

{
  "hooks": {
    "SessionEnd": [{
      "hooks": [{ "type": "command", "command": "bash /path/to/scripts/hooks/chorus-session-end.sh", "timeout": 10 }]
    }]
  }
}

Hardened with set -euo pipefail, realpath canonicalization of $CLAUDE_PROJECT_DIR (defeats env-var path traversal), and a backgrounded+disowned dispatch so a hanging chorus binary cannot pin the CLI exit past the settings-json timeout. Gracefully no-ops when chorus is missing from PATH or when .agent-chorus/ is not present.

Added — Session Handoff Protocol in all three provider files

CLAUDE.md, AGENTS.md, and a fully rewritten GEMINI.md (10 → 137 lines, previously a context-pack stub) now carry an explicit Session Handoff Protocol section with standup / conclude / checkpoint rituals. The WHEN is spelled out, not just the WHAT. Codex and Gemini do not have Claude Code's SessionEnd hook — those rituals instruct the agent to call chorus checkpoint manually at task-block boundaries.

Added — docs/session-handoff-guide.md

New standalone guide that walks through five scenarios end-to-end: clean handoff, interrupted handoff (Claude Code), mid-task checkpoint for agents without a hook system, Gemini protobuf fallback, and Cursor SQLite fallback. Linked from the three provider files and the CLI reference.

Improved — Gemini NOT_FOUND detects .pb files (F40)

chorus read --agent gemini now probes ~/.gemini/<profile>/conversations/*.pb when the JSONL search comes up empty. If protobuf files are present, the error message names the count, names the exact path, explains that Chorus does not parse the format yet, and points at --chats-dir plus the new guide. Verified against a live install with 4+ .pb files at ~/.gemini/antigravity/conversations/.

Improved — Cursor NOT_FOUND detects state.vscdb files

Mirror of the Gemini change for Cursor. Modern Cursor persists chat and composer data in SQLite state.vscdb files under User/workspaceStorage/<workspace-id>/; chorus's cursor reader currently only scans JSON/JSONL by filename. When the SQLite backend is in use the error now names the count, the workspaceStorage/ path, and points at the guide. Verified against a live install with 8 state.vscdb files. Full rusqlite-backed reading is tracked as a follow-up.

Also in this release

• GitHub Releases are now automated. Tag pushes on v* trigger softprops/action-gh-release@v2 to create the GitHub Release with the matching RELEASE_NOTES.md section as the body and the built Rust binaries attached. Closed a gap where tags v0.8.0–v0.10.0 existed on the remote and had been published to npm / crates.io / GitHub Packages, but the GitHub Releases page still showed v0.7.0 because the workflow never created releases explicitly.
• RELEASE_NOTES.md backfilled with entries for v0.9.0 (three-layer context pack + search_scope.json) and v0.9.1 (P16 imperative routing enforcement). Both versions existed as tags and npm/crates releases; their notes were previously missing.

Thanks

Thanks to @oloflun for the detailed report in issue #8 — the writeup identified four distinct gaps cleanly and made the shape of the fix obvious.

---

v0.7.0 — Full Node/Rust Parity

Highlights

• Full Node/Rust parity — 14/14 conformance tests pass. Both implementations produce identical JSON output.
• Jaccard-based comparison — topic extraction + stop-word filtering + pairwise similarity for chorus compare.
• Assistant-only search — chorus search indexes only assistant/model messages with match_snippet context window.
• Teardown command — chorus teardown removes managed blocks, scaffolding, and hook sentinels.
• Session diff — chorus diff with line-level diff and unchanged-line collapsing.
• Agent messaging — chorus send and chorus messages JSONL message queue between agents.
• Context-pack v2 — agent-driven content model with init → seal workflow, manifest integrity, and relevance engine.
• Security hardening — trust model, output boundary markers, system directory guards, adversarial redaction tests.

Dual Implementation

Component	Node	Rust
Feature test score	8.7	8.9
Conformance	14/14	14/14
Human-mode formatting	✅	✅

Install

# Node (npm)
npm install -g agent-chorus

# Rust (cargo)
cargo install agent-chorus

See RELEASE_NOTES.md for full changelog.

v0.6.2

Highlights

• Adds launch-readiness README sections and metadata updates ahead of promotion.
• Aligns package metadata across npm and crates.io for consistent discoverability.
• Clarifies protocol-reference wording in setup intents.

Changed

• README now includes the social star badge, "How It Compares" matrix, and an expanded roadmap section.
• README roadmap now includes planned non-intrusive update notifications with bridge doctor status visibility.
• crates.io keywords in cli/Cargo.toml now align with launch messaging (agent-bridge, multi-agent, cross-agent, context-engineering).
• Setup intent text now points to the canonical PROTOCOL.md URL.

Upgrade Notes

• No CLI behavior, protocol schema, or command output contract changes.
• Safe patch upgrade focused on docs/metadata and release positioning.

v0.6.1

Highlights

• README media now renders correctly across GitHub, npm, and crates.io using absolute GitHub-hosted asset URLs.
• Release workflow is hardened to be rerun-safe: it skips npm publish when that exact version already exists.
• Release ordering now enforces crates publish before npm publish.

What Changed

• README demo and diagram assets switched from relative paths to raw.githubusercontent.com URLs.
• .github/workflows/release.yml
  • package-node now depends on publish-crate.
  • Added npm version existence check before npm publish.
  • npm publish now runs only when version is not already on registry.
• Version bump to 0.6.1 across npm package, Cargo crate, and protocol docs.

Validation

• scripts/release/verify_versions.sh
• scripts/release/verify_versions.sh v0.6.1
• scripts/check_readme_examples.sh
• scripts/validate_schemas.sh
• scripts/conformance.sh

v0.6.0

v0.6.0 (2026-02-11)

Highlights

• Tightens repo positioning around evidence-first multi-agent workflows and cold-start reduction.
• Expands docs coverage for context-pack operations and practical CLI usage recipes.
• Adds GitHub Packages publish path in release workflow while preserving npm/crates publication.

Changed

• README now includes a concise "Why It Exists" framing (Silo Tax, Cold-Start Tax, visibility-first layering).
• Context Pack section in README now includes a read-order hero image and an at-a-glance summary of operational behavior.
• CONTEXT_PACK.md now documents the layered model, operational guarantees, and explicit non-goals.
• docs/CLI_REFERENCE.md now includes common end-to-end recipes (handoff recovery, verification, cold-start onboarding).
• npm metadata keywords were expanded for discoverability (cold-start, orchestration, evidence-based, context-engineering).
• Release workflow now includes a GitHub Packages publish job and manual dispatch support.