fix(fleet): bake MOSAIC_AGENT_NAME into the agent pane so native HB fires

Live-validation (Lead, w-jarvis) found the native heartbeat was INERT in
production: the Pi extension gates on MOSAIC_AGENT_NAME, but tmux panes
inherit the tmux SERVER environment (not this script's env, nor the systemd
unit's), so the name was empty in-pane for BOTH ad-hoc and systemd agents.
Result: no native .hb, no model self-report — only the sidecar fallback ran.

Fix: %q-quote the agent name and export it into the pane command alongside
PATH, so the extension sees it -> nativeHbEnabled() -> writes <name>.hb with
model + busy/ok turn state.

Re-validated live via the launcher (isolated socket, real pi on glm-5.2):
  - pane env now carries MOSAIC_AGENT_NAME
  - <name>.hb written with status=ok + model=glm-5.2 + .hb.native marker
  - status flips ok -> busy on a real turn -> ok on turn end
  - sidecar defers to the fresh native marker

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01EsgTQzV5YUGk1JtCLP4B83

.woodpecker/ci.yml

@@ -25,10 +25,12 @@ steps:
     commands:
       - apk add --no-cache bash
       - bash packages/mosaic/framework/tools/quality/scripts/verify-sanitized.sh
-      # Resident line-count ceiling over framework-owned resident files
-      # (Constitution + dispatcher + each RUNTIME.md slice). See DESIGN §7 / R9.
-      - bash packages/mosaic/framework/tools/quality/scripts/check-resident-budget.sh --self-test
-      - bash packages/mosaic/framework/tools/quality/scripts/check-resident-budget.sh
+      # L0 resident-token budget: keep the Constitution + dispatcher small.
+      - |
+        for f in CONSTITUTION.md AGENTS.md; do
+          n=$(wc -l < "packages/mosaic/framework/defaults/$f")
+          if [ "$n" -gt 120 ]; then echo "L0 budget exceeded: defaults/$f is $n lines (max 120)"; exit 1; fi
+        done
 
   typecheck:
     image: *node_image

docs/TASKS.md

@@ -45,16 +45,3 @@ Active workstream is **W1 — Federation v1**. Workers should:
 - Status: PR open, awaiting maintainer merge ratification (fleet-governing change).
 - Cut always-injected contract AGENTS+TOOLS+RUNTIME 8,827→4,122 tok (−53%); all 12 hard gates intact.
 - Validation: deterministic gate-checklist PASS; headless A/B thin 7/9 vs monolith 5/9. Detail: scratchpads/contract-thin-core.md.
-
-## P5 — Overlay composer + cross-harness (#604) — feat/p5-overlay-composer
-
-- Status: MERGED to main (#605). R7 (compose-contract) + R8 (cross-harness) + R9 (composer test).
-- `composeContract({harness, mosaicHome})` pure fn + `.local` overlay deltas-by-value; `mosaic compose-contract <harness>` command; AGENTS bare-launch nudge; composer spec (per-tier anchor + Tier-3 byte-equality). Detail: scratchpads/p5-overlay-composer.md.
-
-## P6 — Docs, compliance matrix, alpha tag (#606) — feat/p6-docs-compliance-alpha
-
-- Status: in-repo deliverables done (CONTRIBUTING.md + harness×gate compliance matrix + check-resident-budget.sh + CI wiring + ALPHA-DOD.md). Remaining: alpha tag v0.0.39-alpha (Lead, post-merge). aiguide reconcile merged (#8). Detail: scratchpads/p6-docs-compliance-alpha.md.
-
-## F3-m3 — mosaic update re-seeds framework + relaunches agents (#609) — feat/f3-m3-update-reseed
-
-- Status: implemented + tested. Closes R13: `mosaic update` now re-seeds the framework (data-safe MOSAIC_SYNC_ONLY) after the CLI install so shipped launcher/runtime changes activate; `--relaunch` restarts rostered agents; `--no-reseed` opts out. Detail: scratchpads/f3-m3-update-reseed.md.

docs/design/framework-constitution/ALPHA-DOD.md

@@ -1,75 +0,0 @@
-# Constitution Alpha — Definition-of-Done checklist + release notes
-
-Drafted for the `v0.0.39-alpha` tag (Lead cuts after P5 #605 → P6 #607 → aiguide #8 merge).
-Maps every DoD §8 acceptance criterion to its merged evidence. Legend:
-**✅ merged on main** · **⏳ review-ready PR (pending merge)** · **🔲 Lead action**.
-
-## DoD §8 green-checklist
-
-| #   | Acceptance criterion (DESIGN §8)                                                                       | Status | Evidence / PR     |
-| --- | ------------------------------------------------------------------------------------------------------ | ------ | ----------------- |
-| 1   | MIT `LICENSE` (root + framework) + `"license":"MIT"` in package.json                                   | ✅     | P0 #570           |
-| 2   | Three credential-path sites + hook URL fast-failed (no private paths in `*.sh`/hooks)                  | ✅     | P0 #570           |
-| 3   | `verify-sanitized.sh` (two-class, `*.sh`+`*.md`, self-tested) wired **blocking** in CI                 | ✅     | P1 #572           |
-| 4   | Operator data purged from the full set (guides / tools / init-generator)                               | ✅     | P2 #572           |
-| 5   | `rails/`→`tools/` in **both** template families                                                        | ✅     | P2 #572           |
-| 6   | `jarvis-loop.json` deleted; `defaults/SOUL.md` → **neutral sanitized persona** (Q10 decision)          | ✅     | P2 #572           |
-| 7   | `CONSTITUTION.md` extracted (gates one place, capability-verb, §1.4 split, no false "already loaded")  | ✅     | P3 #575 / #577    |
-| 8   | `AGENTS.md`/`STANDARDS.md` out of `PRESERVE_PATHS` + seed-semantics → overwrite in **both** installers | ✅     | P4 #590           |
-| 9   | Snapshot + v2→v3 migration moving user edits to `.local`/`.bak`; `FRAMEWORK_VERSION=3`                 | ✅     | P4 #590 / #593    |
-| 10  | `mosaic-init --non-interactive` fail-closed persona                                                    | ✅     | P4 #590           |
-| 11  | **5-fixture migration matrix** green against **both** installers asserting **injected bytes**          | ✅     | P4 #590 / #593    |
-| 12  | `compose-contract` built + composer unit test (per-tier anchor + Tier-3 byte-equality)                 | ⏳     | P5 #605           |
-| 13  | Resident line-count ceiling enforced (framework-owned resident files)                                  | ⏳     | P6 #607           |
-| 14  | `CONTRIBUTING.md` + harness×gate compliance matrix                                                     | ⏳     | P6 #607           |
-| 15  | `aiguide` reconciled with the Constitution                                                             | ⏳     | aiguide #8        |
-| 16  | Each phase PR CI-green; alpha tag pushed + Gitea release published                                     | 🔲     | Lead (post-merge) |
-
-**Note on #6:** the DoD's literal "delete `defaults/SOUL.md`" was superseded by the resolved
-**Q10** decision — ship a _neutral, operator-agnostic_ example persona instead of deleting it. Main
-carries the sanitized 2.6 KB neutral SOUL.md ("Mosaic agent", no operator identity); the sanitization
-gate confirms it is PII-clean. Criterion met in spirit (no operator persona leaks) via the better option.
-
-**Gate to flip 12–14 → ✅:** merge P5 #605 → P6 #607 (rebase auto-drops the dup format fix
-`adc7df2`/`9f6da92`) → aiguide #8, with `ci.yml` terminal-green on the merged head.
-
----
-
-## Release notes — `v0.0.39-alpha` (Mosaic Framework Constitution, alpha)
-
-### Mosaic Framework Constitution — Alpha
-
-This release makes the Mosaic framework a **safe-to-open-source, fork-and-customize agent
-operating layer**. It separates the non-negotiable law from operator identity, makes
-customization survive upgrades, and wires the guarantees into CI.
-
-**Highlights**
-
-- **Constitution (L0).** The hard gates now live in one place — `CONSTITUTION.md` — authored in
-  capability verbs, with a thin `AGENTS.md` dispatcher that references the law instead of restating
-  it. Governance model in `constitution/LAYER-MODEL.md`.
-- **Public & sanitized.** MIT-licensed; all operator identity, private paths, and credential sites
-  removed from shipped files. A self-tested `verify-sanitized.sh` gate (two rule classes) runs
-  **blocking** in CI so re-contamination can't merge.
-- **Upgrade-safe customization.** Framework-owned files overwrite cleanly on upgrade while
-  `SOUL.md`/`USER.md`/`*.local.md`/`credentials` are preserved. The v2→v3 migration snapshots first
-  and moves any user-edited `AGENTS.md`/`STANDARDS.md` to `.pre-constitution.bak`/`.local.md` —
-  never silently lost. Verified by a 5-fixture matrix across **both** installers.
-- **Operator overlays.** `mosaic compose-contract <harness>` merges your `*.local.md` deltas into
-  the contract per harness, so customization reaches the model as one pre-merged blob.
-- **Cross-harness.** Single L0 source referenced (never restated) by Claude / Codex / OpenCode / Pi;
-  tiered injection with a byte-equal Tier-3 fallback read.
-- **Guardrails in CI.** Resident line-count ceiling over framework-owned resident files; composer
-  unit test; sanitization gate — all blocking.
-- **Docs.** `CONTRIBUTING.md` with the layer model, dual-installer parity rule, and a harness×gate
-  **compliance matrix** (the Codex/OpenCode/Pi hook-parity gap is tracked for v2).
-
-**Known limitations (accepted, documented in `CONTRIBUTING.md` §9)**
-
-- Bare launches that bypass `mosaic` get base contracts only (no `*.local` overlays) and are not
-  drift-checked by `mosaic doctor` — mitigated by the unconditional Tier-3 self-load + a nudge.
-- Codex/OpenCode/Pi mechanical hook parity, `policy/*.md` composition, and live-launch cross-harness
-  verification are **v2**.
-
-**Phase lineage:** P0 #570 · P1+P2 #572 · P3 #575/#577 · P4 #590/#593 · P5 #605 · P6 #607 ·
-aiguide #8 (umbrella #542).

docs/fleet/PRD-fleet-suite.md

@@ -20,43 +20,39 @@ functional, we use the fleet itself to continue the work.
 ## Requirements
 
 ### A. Configure-without-AI CLI
-
-| ID  | Requirement                                                                                                   |
-| --- | ------------------------------------------------------------------------------------------------------------- |
-| R1  | `mosaic fleet` command set is functional end-to-end (init/install/start/stop/status/ps/verify + agent verbs). |
-| R2  | `mosaic fleet init` is an interactive, **AI-free** CLI wizard.                                                |
-| R3  | Init asks the **configuration type**: `general`, `coding`, `research`, `hybrid`, … (extensible).              |
-| R4  | Based on the answer, the fleet is populated with a **recommended set of agents** (a preset).                  |
-| R5  | **Exactly one main orchestrator agent** is always configured, regardless of type.                             |
-| R10 | A set of **recommended configurations (presets)** ships for easy duplication.                                 |
-| R8  | User can **re-create** the fleet when config needs change (idempotent re-init / reconfigure).                 |
-| R17 | Fleet controls are **simple and intuitive**.                                                                  |
+| ID | Requirement |
+|---|---|
+| R1 | `mosaic fleet` command set is functional end-to-end (init/install/start/stop/status/ps/verify + agent verbs). |
+| R2 | `mosaic fleet init` is an interactive, **AI-free** CLI wizard. |
+| R3 | Init asks the **configuration type**: `general`, `coding`, `research`, `hybrid`, … (extensible). |
+| R4 | Based on the answer, the fleet is populated with a **recommended set of agents** (a preset). |
+| R5 | **Exactly one main orchestrator agent** is always configured, regardless of type. |
+| R10 | A set of **recommended configurations (presets)** ships for easy duplication. |
+| R8 | User can **re-create** the fleet when config needs change (idempotent re-init / reconfigure). |
+| R17 | Fleet controls are **simple and intuitive**. |
 
 ### B. Comms & orchestrator chat-ops
-
-| ID  | Requirement                                                                                                                       |
-| --- | --------------------------------------------------------------------------------------------------------------------------------- |
-| R6  | Init can wire the orchestrator to a chat connector — **Telegram / Discord / Matrix / Slack** — for command + comms.               |
-| R7  | Designed with the end-goal of **Matrix comms on a locally-controlled server**.                                                    |
-| R16 | Fleet supports **tmux AND Matrix** comms, **user-configurable** at init or any time. Not all users want Matrix.                   |
+| ID | Requirement |
+|---|---|
+| R6 | Init can wire the orchestrator to a chat connector — **Telegram / Discord / Matrix / Slack** — for command + comms. |
+| R7 | Designed with the end-goal of **Matrix comms on a locally-controlled server**. |
+| R16 | Fleet supports **tmux AND Matrix** comms, **user-configurable** at init or any time. Not all users want Matrix. |
 | R19 | **"Mos" orchestrator on Discord** (`chan 1517622518662434996` / `srv 1112631390438166618`) on `w-jarvis` — the first live target. |
 
 ### C. Runtime, health, lifecycle
-
-| ID  | Requirement                                                                        |
-| --- | ---------------------------------------------------------------------------------- |
-| R9  | Fleet is **mutable by the orchestrator agent** — add/remove agents per need.       |
+| ID | Requirement |
+|---|---|
+| R9 | Fleet is **mutable by the orchestrator agent** — add/remove agents per need. |
 | R13 | Fleet **gracefully handles Pi + Claude harness updates** — keep harnesses current. |
-| R14 | The **Pi harness is customized** for proper tool usage, etc.                       |
-| R15 | **Agent heartbeat** properly configured for **Claude AND GPT/Pi** agents.          |
+| R14 | The **Pi harness is customized** for proper tool usage, etc. |
+| R15 | **Agent heartbeat** properly configured for **Claude AND GPT/Pi** agents. |
 
 ### D. Surfaces, testing, docs
-
-| ID  | Requirement                                                                         |
-| --- | ----------------------------------------------------------------------------------- |
+| ID | Requirement |
+|---|---|
 | R18 | Fleet built so the **webUI can view / monitor / terminate / butt-in** on a session. |
-| R11 | Installed and **tested on both `w-jarvis` and `dragon-lin`**.                       |
-| R12 | **Documentation**: how to install, configure, and use the fleet.                    |
+| R11 | Installed and **tested on both `w-jarvis` and `dragon-lin`**. |
+| R12 | **Documentation**: how to install, configure, and use the fleet. |
 
 ## Architecture / approach
 
@@ -69,15 +65,15 @@ functional, we use the fleet itself to continue the work.
 
 ## Phases (incremental, each shippable)
 
-| Phase                             | Deliverable                                                                                                                         | Notes                                 |
-| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- |
-| **F1 Presets + init wizard**      | preset rosters (general/coding/research/hybrid) + always-orchestrator + AI-free `fleet init` selecting a preset; re-init idempotent | R1–R5, R8, R10, R17                   |
-| **F2 Connector + Mos-on-Discord** | orchestrator chat-connector config (Discord first) + **Mos live on Discord `1517…`/`1112…`** on w-jarvis                            | R6, R19, partial R16                  |
-| **F3 Heartbeat + harness**        | HB confirmed for claude + pi/gpt; **custom Pi harness** (tool usage, native HB, model self-report); graceful harness updates        | R13, R14, R15                         |
-| **F4 Matrix + comms toggle**      | Matrix connector (local server) + user toggle tmux/Matrix at init/anytime                                                           | R7, R16                               |
-| **F5 Orchestrator-mutable fleet** | orchestrator can add/remove agents at runtime                                                                                       | R9                                    |
-| **F6 webUI hooks**                | stable JSON contract + terminate/attach surface for webUI view/monitor/terminate/butt-in                                            | R18                                   |
-| **F7 Test + docs**                | install+test on w-jarvis AND dragon-lin; user docs (install/configure/use)                                                          | R11, R12 (runs alongside every phase) |
+| Phase | Deliverable | Notes |
+|---|---|---|
+| **F1 Presets + init wizard** | preset rosters (general/coding/research/hybrid) + always-orchestrator + AI-free `fleet init` selecting a preset; re-init idempotent | R1–R5, R8, R10, R17 |
+| **F2 Connector + Mos-on-Discord** | orchestrator chat-connector config (Discord first) + **Mos live on Discord `1517…`/`1112…`** on w-jarvis | R6, R19, partial R16 |
+| **F3 Heartbeat + harness** | HB confirmed for claude + pi/gpt; **custom Pi harness** (tool usage, native HB, model self-report); graceful harness updates | R13, R14, R15 |
+| **F4 Matrix + comms toggle** | Matrix connector (local server) + user toggle tmux/Matrix at init/anytime | R7, R16 |
+| **F5 Orchestrator-mutable fleet** | orchestrator can add/remove agents at runtime | R9 |
+| **F6 webUI hooks** | stable JSON contract + terminate/attach surface for webUI view/monitor/terminate/butt-in | R18 |
+| **F7 Test + docs** | install+test on w-jarvis AND dragon-lin; user docs (install/configure/use) | R11, R12 (runs alongside every phase) |
 
 ## Work division (proposed — confirm with dragon-lin)
 

docs/fleet/north-star.md

@@ -73,37 +73,6 @@ diff-sanity → squash-merge → verify), **decide-and-inform** cadence, and a d
 this model. See `mosaicstack-aiguide` whitepapers 01 (inter-agent comms) and 03
 (orchestration model) for the rationale.
 
-## Fleet roster — the two-agent floor and the role library
-
-A fleet is **never a single agent**. The minimum viable fleet is **two**:
-
-| Role             | Mandate                                                                                                                                                                                                                                                                                                                                                                 | Boundaries                                                                                 |
-| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
-| **Orchestrator** | The user's **single point of contact**. Owns the general flow, keeps agentic actions on-target, and **adds/removes agents from the fleet at will** to meet goals and user needs. Exactly **one** per fleet (the existing R5 invariant).                                                                                                                                 | Delegates source work; never the sole worker.                                              |
-| **Enhancer**     | The fleet's **continuous-improvement loop**. Monitors fleet activity, analyzes for enhancements/optimizations, builds a **plan of remediation**, and — **with the orchestrator** — upgrades fleet capability: tool creation/repair, skills, harness improvements, and **bug reports filed to Mosaic Stack** for proper remediation. Recommends which agents are needed. | **Does not code, review code, or perform delivery tasks.** Improvement and diagnosis only. |
-
-> **Why two, not one:** the orchestrator drives delivery; the enhancer makes the fleet
-> _get better at delivering_ over time. The enhancer is how the fleet self-heals its tools,
-> skills, and harnesses, and how real defects flow back to Mosaic Stack as bug reports.
-> Together they are the irreducible core — every other role is added on demand.
-
-A **general** fleet starts at this floor: the orchestrator (advised by the enhancer)
-materializes whatever roles prove necessary over the mission's life. Specialized presets
-(coding, research, etc.) seed additional roles up front, but all reduce to the same two-agent
-spine plus an on-demand **role library**:
-
-| Role profile        | Purpose                                                                           |
-| ------------------- | --------------------------------------------------------------------------------- |
-| **orchestrator**    | point of contact, flow control, fleet composition (1 per fleet)                   |
-| **enhancer**        | fleet monitoring, optimization, tool/skill/harness upgrades, upstream bug reports |
-| **coder**           | implementation (worker; stops at PR-open)                                         |
-| **code review**     | independent code review gate                                                      |
-| **security review** | security/auth/secret review gate                                                  |
-| **research**        | investigation, synthesis, options analysis                                        |
-| **board**           | deliberation panel — moonshot, contrarian, technical, business, financial lenses  |
-| **operations**      | infra, deploy, health, incident response                                          |
-| _…extensible_       | new profiles added as missions demand (orchestrator + enhancer decide)            |
-
 ## Invariants — "maximal vision, incremental delivery, zero foreclosure"
 
 Every artifact, starting Phase 2, MUST:
@@ -133,7 +102,7 @@ Every artifact, starting Phase 2, MUST:
 | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
 | 0–1                    | tmux PoC, hardening, published CLI v0.0.34 (#565–#568)                                                                                       | ✅ done |
 | **2 — Observability**  | `fleet ps` (host+tenant aware join), heartbeat protocol + dogfood stub answers it, `agent watch` (read-only), `agent send --verify` receipts | ▶ now   |
-| 3 — Real runtimes      | claude/codex/pi/opencode answer heartbeat; **hybrid lifecycle** (core always-on: **orchestrator + enhancer**; ephemeral workers per lane)    | planned |
+| 3 — Real runtimes      | claude/codex/pi/opencode answer heartbeat; **hybrid lifecycle** (core always-on: orchestrator+reviewer; ephemeral workers per lane)          | planned |
 | 4 — Unified definition | one agent schema in gateway; `mosaic agent --new` → materialized per-tenant session; uid-tenant provisioning                                 | planned |
 | 5 — Control plane      | federation-backed cross-host × cross-tenant fleet view; **webUI** (surface chosen then) for MVP-X1 parity                                    | planned |
 
@@ -152,28 +121,6 @@ Every artifact, starting Phase 2, MUST:
   runtime-bin on PATH (baked into the pane command) + boot-survival (`enable` + linger),
   which `fleet init` should automate.
 
-## Decisions of record (2026-06-22, with Jason)
-
-- **Two-agent floor:** every fleet has, at minimum, an **orchestrator** and an **enhancer**.
-  The orchestrator is the user's point of contact and composes the fleet; the enhancer runs the
-  continuous-improvement loop (monitor → analyze → remediate → upgrade tools/skills/harness →
-  file Mosaic Stack bug reports) and **does not code or review**.
-- **Role library:** orchestrator, enhancer, coder, code review, security review, research,
-  board (moonshot/contrarian/technical/business/financial), operations — extensible; the
-  orchestrator (advised by the enhancer) adds roles as missions demand.
-- **Orchestrator chat connector:** the orchestrator is reachable over a user-chosen connector
-  (tmux now; Telegram/Discord/Matrix/Slack configurable). Validated live: **"Mos" orchestrator
-  on Discord** via the Claude Code discord channel plugin (w-jarvis).
-
-## Future enhancements (north-star, post-MVP — not on the MVP track)
-
-- **Mosaic Claude Discord Plugin** — a first-party Mosaic Discord connector that properly
-  implements the basic Discord functions **and native Discord threads**. Threads let a user
-  separate conversation topics with the orchestrator (the pattern proven by the Hermes agent).
-  A major enhancement over the current third-party channel plugin; **not required for the MVP**,
-  but a committed north-star target. `ASSUMPTION:` ships as a Mosaic-owned plugin so the fleet
-  controls Discord UX (threads, reactions, attachments, per-thread context) end-to-end.
-
 ## Assumptions (veto-able)
 
 - `ASSUMPTION:` first-class runtimes = claude, codex, pi, opencode; a "role" (analyst,

docs/scratchpads/f3-m3-update-reseed.md

@@ -1,29 +0,0 @@
-# F3-m3 — `mosaic update` re-seeds framework + relaunches agents (R13)
-
-- **Issue:** #609 · **Branch:** `feat/f3-m3-update-reseed`
-
-## Gap (found in 0.0.39 production validation)
-
-`mosaic update` installs the new npm CLI but never re-seeds `~/.config/mosaic/` from the package's
-bundled `framework/`. So the shipped custom Pi harness (agent-name export + native HB, 0.0.39) stays
-DORMANT until a re-seed — operators get the new CLI on a stale framework.
-
-## Implementation
-
-- `update-checker.ts`: `resolveBundledFrameworkRoot()`, `buildReseedCommand()` (install.sh in
-  `MOSAIC_SYNC_ONLY=1 MOSAIC_INSTALL_MODE=keep` — the P4 data-safe reconcile), `runFrameworkReseed()`,
-  `readRosterAgentNames()`, `buildRelaunchCommands()` (systemctl --user restart per agent).
-- `cli.ts` `update`: after a successful CLI install that includes `@mosaicstack/mosaic`, re-seed the
-  framework (default-on; `--no-reseed` to skip). Then either `--relaunch` (restart rostered agents) or
-  print clear guidance to run `mosaic update --relaunch` / `mosaic fleet restart`.
-
-## Flow
-
-`update CLI → re-seed framework (data-safe) → relaunch agents (opt-in)` — closes R13, activates the
-native harness for every operator.
-
-## Verification
-
-- 6 new unit tests (reseed command/env, relaunch commands, roster parse, missing-installer guard).
-- 19 runtime + 26 launch tests still green; tsc/eslint/prettier clean.
-- Data-safety of the sync is already proven (P4 5-fixture matrix + live dragon-lin validation).

docs/scratchpads/p5-overlay-composer.md

@@ -1,43 +0,0 @@
-# P5 — Overlay composer + cross-harness (compose-contract)
-
-- **Issue:** #604 · **Branch:** `feat/p5-overlay-composer` · **Lineage:** #542 → constitution alpha
-- **Requirements:** R7 (compose-contract) + R8 (cross-harness) + R9 (composer test)
-- **Design of record:** `docs/design/framework-constitution/{DESIGN.md §3.2, PRD.md §4}` (on `feat/framework-constitution-alpha`)
-
-## Locked design (sequential-thinking)
-
-Current `launch.ts` assembly (`buildComposedPrompt`) injects by value: mission + PRD + hard-gate +
-CONSTITUTION + AGENTS + USER + TOOLS + runtime. It does **not** inject SOUL or STANDARDS (those are
-read-on-demand per the gutted AGENTS dispatcher), and has no `.local` overlay support.
-
-**Decision (ASSUMPTION — recorded for the PR):** overlays are injected as **deltas by value** under
-labeled sections; base files keep their existing residency.
-
-- `USER.local.md` → appended directly under the `# User Profile` block (USER is injected).
-- `SOUL.local.md` + `STANDARDS.local.md` → a trailing `# Operator Overlays` section (their bases are
-  load-on-demand, so only the small delta is injected — not the full base prose).
-- **Why:** honors DESIGN §3.2 ("model gets one pre-merged blob, no read-merge ritual") while preserving
-  the P3 byte-budget tiering (don't re-inject large SOUL/STANDARDS prose). Precedence order kept: base
-  layers first, operator overlays at recency.
-- Base-only is automatic when a `.local` file is absent (`readOptional`).
-
-## Plan
-
-| #   | Task                                                                                                   | File                                    |
-| --- | ------------------------------------------------------------------------------------------------------ | --------------------------------------- |
-| 1   | Extract `composeContract({harness, mosaicHome})` pure fn; `buildComposedPrompt` delegates              | `src/commands/launch.ts`                |
-| 2   | Overlay logic (USER.local under profile; SOUL/STANDARDS.local in `# Operator Overlays`)                | `src/commands/launch.ts`                |
-| 3   | `mosaic compose-contract <harness>` command → prints blob to stdout                                    | `src/commands/launch.ts`                |
-| 4   | Bare-launch overlay nudge in self-load fallback                                                        | `framework/defaults/AGENTS.md`          |
-| 5   | `compose-contract.spec.ts`: per-tier anchor, Tier-3 byte-equality, overlay present/absent, per-harness | `src/commands/compose-contract.spec.ts` |
-
-## Deferred to P6
-
-CONTRIBUTING.md + harness×gate compliance matrix; resident line-count CI ceiling; `aiguide` reconcile;
-alpha tag `mosaic-vX.Y.Z-alpha`.
-
-## Status
-
-- [x] Phase scaffold (branch, issue #604, scratchpad, TASKS)
-- [ ] Implementation (tasks 1–5)
-- [ ] prettier + vitest green; PR via wrapper → Lead (rides 0.0.39; 0.0.38 mid-cut)

docs/scratchpads/p6-docs-compliance-alpha.md

@@ -1,29 +0,0 @@
-# P6 — Docs, compliance matrix, alpha tag (constitution capstone)
-
-- **Issue:** #606 · **Branch:** `feat/p6-docs-compliance-alpha` · **Lineage:** #542
-- **Requirements:** R9 (resident line-count ceiling) + R10 (CONTRIBUTING + compliance matrix + aiguide) + alpha tag
-
-## Delivered (in-repo)
-
-- `framework/CONTRIBUTING.md` — layer model, operator-hygiene/PII prohibition, dedup rule, resident
-  budget, **dual-installer parity rule**, adding-a-harness, re-contamination rule, **harness×gate
-  compliance matrix** (hook-parity gap marked ⚠️ tracked-v2), known-limitations (§9 residuals), PR checklist.
-- `framework/tools/quality/scripts/check-resident-budget.sh` — line-count ceiling over framework-owned
-  resident files (CONSTITUTION + AGENTS + each runtime/\*/RUNTIME.md); `--self-test`; replaces the crude
-  inline ci.yml loop. Wired blocking in `.woodpecker/ci.yml`.
-- Composer unit test (R9) already runs via `pnpm test`; `verify-sanitized.sh` (P1) already wired.
-
-## Verification
-
-- Sanitization gate green (CONTRIBUTING is operator-neutral). Resident-budget self-test + real run green.
-- prettier clean. Current resident counts: CONSTITUTION 96, AGENTS 83, RUNTIME max 75 — all < ceiling.
-
-## Remaining
-
-- [ ] `aiguide` reconcile (separate repo `~/src/aiguide` / mosaicstack/aiguide) — consistency pass vs Constitution.
-- [ ] Alpha tag `mosaic-vX.Y.Z-alpha` — propose version; Lead cuts after full DoD §8 green + all phases merged.
-
-## Notes
-
-- Alpha DoD (DESIGN §8): all phases P0–P6 merged + CI green. P5 (#605) pending merge after 0.0.38 publish.
-- Hook parity (codex/opencode/pi) = tracked v2 gap, documented in the matrix, not closed here.

packages/mosaic/framework/CONTRIBUTING.md

@@ -1,185 +0,0 @@
-# Contributing to the Mosaic Framework
-
-The Mosaic framework is the open-source agent-operating layer that deploys to
-`~/.config/mosaic/`. It is designed to be **forked and customized** — but the
-shared core must stay operator-neutral, deduplicated, and upgrade-safe. This
-guide is the contract for changing framework-owned files.
-
-> Governance model and layer rationale: `constitution/LAYER-MODEL.md` (source-only).
-> Requirements & phase history: `docs/design/framework-constitution/`.
-
----
-
-## 1. The layer model (where does my change go?)
-
-| Layer  | What                                                          | Owner            | On upgrade                              | File(s)                                      |
-| ------ | ------------------------------------------------------------- | ---------------- | --------------------------------------- | -------------------------------------------- |
-| **L0** | Constitution — the non-negotiable law (hard gates)            | Framework        | **Overwritten**                         | `CONSTITUTION.md`                            |
-| **L1** | Standards & guides — how to do the work well                  | Framework        | Overwritten; user delta → `*.local.md`  | `STANDARDS.md`, `guides/*`                   |
-| **L2** | Persona (SOUL) — agent name, tone, role                       | User (init)      | **Never overwritten**                   | `SOUL.md` (+ optional `SOUL.local.md`)       |
-| **L3** | Operator (USER) — human identity, prefs, policy               | User (init)      | **Never overwritten**                   | `USER.md` (+ optional `USER.local.md`)       |
-| **L4** | Project / runtime mechanism — per-repo deltas; harness wiring | Repo / framework | Project user-owned; runtime overwritten | `<repo>/AGENTS.md`, `runtime/<h>/RUNTIME.md` |
-
-**The one sentence a user can rely on:** edit `SOUL.md` / `USER.md` and the
-`.local.md` overlays — they survive every upgrade. To change framework behavior,
-add a `.local.md` overlay; never edit a framework-owned file in place.
-
----
-
-## 2. Operator hygiene (PII / secrets prohibition) — **blocking**
-
-Framework-owned files ship publicly. They **must not** contain:
-
-- Operator or personal identity (names, handles, pronouns, accessibility notes).
-- Private `$HOME` paths, private hostnames, or domains.
-- Secrets, tokens, or credentials (use `~/.config/mosaic/credentials.json`; the
-  hook URL soft-degrades via `${OPENBRAIN_URL}`).
-
-This is enforced by `tools/quality/scripts/verify-sanitized.sh`, wired **blocking**
-in CI (`.woodpecker/ci.yml`). It runs two rule classes: structural (private-`$HOME`
-defaults, dead paths, unrendered tokens) and a labeled current-contaminant denylist.
-Run it locally before pushing:
-
-```bash
-bash packages/mosaic/framework/tools/quality/scripts/verify-sanitized.sh
-```
-
-Operator-specific behavior belongs in **your** `SOUL.md`/`USER.md`/`*.local.md`,
-never in the shared core. (The "framework-PR firewall" in `CONSTITUTION.md` §4
-states this as law for agents opening framework PRs.)
-
----
-
-## 3. Dedup rule — one source, everyone references it
-
-Hard gates live in **`CONSTITUTION.md` (L0) only**. `AGENTS.md`, `STANDARDS.md`,
-and every `runtime/<h>/RUNTIME.md` **reference** the law — they never restate it.
-Restating a gate is a defect: it creates two sources that drift. If you find a
-gate duplicated outside L0, delete the copy and point to L0.
-
-`AGENTS.md` is a thin dispatcher (load order + guide router + the tier-aware
-self-load). Keep it that way; new procedure goes in `guides/*` (on-demand), not
-in the resident core.
-
----
-
-## 4. Resident line-count ceiling — **blocking**
-
-The framework-owned files injected by value (`CONSTITUTION.md`, `AGENTS.md`, each
-`runtime/<h>/RUNTIME.md`) are budgeted by **line count** — never by word count
-(a word cap forces paraphrasing the law, the exact drift vector we removed).
-
-```bash
-bash packages/mosaic/framework/tools/quality/scripts/check-resident-budget.sh
-```
-
-Wired blocking in CI. Gate **wording** stays intact; if a file legitimately needs
-more lines, raise its ceiling in the script deliberately (in the same PR, with
-rationale). The per-harness _total_ resident prompt (which also sums the user's
-`SOUL.md`/`USER.md`) is a `mosaic doctor` runtime advisory — CI cannot see user
-files, so it is out of CI scope by design (DESIGN §7).
-
----
-
-## 5. Dual-installer parity rule
-
-Two installers seed and migrate `~/.config/mosaic/`:
-
-- **`framework/install.sh`** (bash) — the canonical installer.
-- **`packages/mosaic/src/config/file-adapter.ts`** (TS) — the wizard path.
-
-**Any change to seed lists, overwrite/preserve semantics, or migration MUST land
-in BOTH**, validated by the **shared fixture suite**:
-
-- `framework/tools/quality/scripts/test-install-migration.sh` (bash matrix)
-- `packages/mosaic/src/config/file-adapter.test.ts` (vitest)
-
-Both assert the same behavior: framework-owned files overwrite (backup-once to
-`*.pre-constitution.bak`); user-seeded files seed-if-absent; `SOUL.md`/`USER.md`/
-`*.local.md`/`credentials` are preserved. A change in one installer without the
-other (and its fixtures) is incomplete.
-
----
-
-## 6. Adding a harness adapter
-
-A harness (runtime) is wired by:
-
-1. `runtime/<h>/RUNTIME.md` — **mechanism only** (subagent syntax, hook/MCP wiring,
-   injection method). No restated gates (see §3).
-2. Launcher emission in `src/commands/launch.ts` — how the composed contract reaches
-   the harness (system-prompt append vs. instructions file). Add the harness to the
-   `RuntimeName` union and the runtime-path map.
-3. `mosaic compose-contract <harness>` works automatically once the runtime path
-   exists (it composes base + `*.local.md` overlays for that harness).
-
-Then add a row to the compliance matrix (§8) and mark which gates are mechanical
-vs. resident-only for the new harness.
-
----
-
-## 7. Re-contamination rule
-
-A green sanitization gate is not permanent. Before every PR:
-
-- Do not reintroduce operator identity, private paths, or secrets (§2).
-- Do not copy a gate out of L0 (§3).
-- Do not add an unrendered template token or a dead path to a shipped file.
-
-If `verify-sanitized.sh` goes red, that diff **is** your worklist — fix it, don't
-suppress it.
-
----
-
-## 8. Harness × gate compliance matrix
-
-How each gate is enforced per harness. **Mechanical** = a hook/CI check the agent
-cannot bypass. **Resident** = injected contract prose (strong, but not a hard stop).
-**CI** = repo-side, harness-independent.
-
-| Gate / mechanism                              | Claude      | Codex            | OpenCode         | Pi               |
-| --------------------------------------------- | ----------- | ---------------- | ---------------- | ---------------- |
-| Contract injection (resident-by-value)        | append SP   | instructions     | `AGENTS.md`      | append SP        |
-| Operator overlays (`*.local`, composed)       | ✅          | ✅               | ✅               | ✅               |
-| Bare-launch self-load (Tier-3, read L0)       | ✅          | ✅               | ✅               | ✅               |
-| Sanitization (no PII) — `verify-sanitized`    | CI ✅       | CI ✅            | CI ✅            | CI ✅            |
-| Resident budget ceiling                       | CI ✅       | CI ✅            | CI ✅            | CI ✅            |
-| Migration parity (5-fixture, both installers) | CI ✅       | CI ✅            | CI ✅            | CI ✅            |
-| `no-memory-write` (PreToolUse hook)           | **mech ✅** | resident-only ⚠️ | resident-only ⚠️ | resident-only ⚠️ |
-| QA / typecheck (PostToolUse hooks)            | **mech ✅** | resident-only ⚠️ | resident-only ⚠️ | resident-only ⚠️ |
-| Native heartbeat (fleet `ps` model/status)    | sidecar     | sidecar          | sidecar          | **native ✅**    |
-
-⚠️ **Hook-parity gap (tracked, v2):** the mechanical PreToolUse/PostToolUse hooks
-exist for Claude Code only. On Codex/OpenCode/Pi those gates are currently enforced
-by the resident contract + CI, not by a per-tool hook. Closing hook parity is a
-**v2** item, not part of this alpha.
-
----
-
-## 9. Known limitations (accepted residual risks)
-
-These are accepted with rationale (DESIGN §9); they are documented, not bugs:
-
-- **Bare-launch overlays are base-only.** A harness started without `mosaic` never
-  ran the composer, so `*.local.md` overlays are not applied. Mitigated by the
-  unconditional Tier-3 self-load + the `mosaic doctor` nudge in `AGENTS.md`; not
-  eliminated. Relaunch via `mosaic <harness>` to pick up overlays.
-- **Bare-launch drift is undetected by `mosaic doctor`** (the launcher never ran).
-- **Codex/OpenCode/Pi hook parity** is a tracked v2 gap (§8).
-- **Live-launch cross-harness verification** is v2; the alpha verifies the composer
-  by unit test (per-tier anchor + Tier-3 byte-equality), not a live launch.
-
-**Deferred to v2 (explicit):** `constitution/` deploy directory; capability JSON
-adapters; 3-way merge; `policy/*.md` composition; per-layer version stamps as a
-migration driver.
-
----
-
-## 10. PR checklist
-
-- [ ] No operator identity / private paths / secrets (`verify-sanitized.sh` green).
-- [ ] No gate restated outside `CONSTITUTION.md` (§3).
-- [ ] Resident budget green (`check-resident-budget.sh`).
-- [ ] Seed/migration changes landed in **both** installers + shared fixtures (§5).
-- [ ] New harness → compliance-matrix row updated (§8).
-- [ ] `prettier --check` + `pnpm lint` + `pnpm typecheck` + `pnpm test` green.

packages/mosaic/framework/defaults/AGENTS.md

@@ -9,10 +9,7 @@ overwritten on upgrade. (Layer model: `constitution/LAYER-MODEL.md`.)
 1. Your context already includes `CONSTITUTION.md` + `USER.md` + the TOOLS index + the runtime
    contract (injected by `mosaic` launch) — do not re-read those. **If you were launched bare**
    (a harness started without `mosaic`, so the law is NOT in your context), read
-   `~/.config/mosaic/CONSTITUTION.md` now, before your first action. A bare launch also gets
-   **base contracts only** — operator overlays (`*.local.md`) are composed by the launcher, so if
-   `SOUL.local.md`/`USER.local.md`/`STANDARDS.local.md` exist, relaunch via `mosaic <harness>` (or run
-   `mosaic doctor`) to pick them up.
+   `~/.config/mosaic/CONSTITUTION.md` now, before your first action.
 2. Read `SOUL.md` (agent persona — small, once).
 3. Read project-local `AGENTS.md` / `CLAUDE.md` if present (these may only make behavior stricter).
 4. Read guides ONLY as triggered by the table below — pull role-relevant depth on demand, not up front.

packages/mosaic/framework/tools/fleet/test-start-agent-session.sh

@@ -32,15 +32,8 @@ MOSAIC_AGENT_COMMAND='bash --noprofile --norc -i' \
   "$START" "$AGENT"
 
 tmux -L "$SOCKET" has-session -t "=$AGENT:0.0" || fail "agent session was not created"
-# Retry: pane_current_path briefly reflects the tmux server's cwd until the pane
-# process establishes its own cwd (the -c start dir). Poll until it settles.
-actual_dir=""
-for _ in $(seq 1 30); do
-  actual_dir=$(tmux -L "$SOCKET" display-message -p -t "=$AGENT:0.0" '#{pane_current_path}')
-  [ "$actual_dir" = "$WORKDIR" ] && break
-  sleep 0.1
-done
-[ "$actual_dir" = "$WORKDIR" ] || fail "agent workdir mismatch: $actual_dir (expected $WORKDIR)"
+actual_dir=$(tmux -L "$SOCKET" display-message -p -t "=$AGENT:0.0" '#{pane_current_path}')
+[ "$actual_dir" = "$WORKDIR" ] || fail "agent workdir mismatch: $actual_dir"
 
 # ── Test 2: idempotency (duplicate start prints 'already running') ─────────────
 MOSAIC_TMUX_SOCKET="$SOCKET" \

packages/mosaic/framework/tools/quality/scripts/check-resident-budget.sh

@@ -1,93 +0,0 @@
-#!/usr/bin/env bash
-# check-resident-budget.sh — resident line-count ceiling (R9 / DESIGN §7).
-#
-# Budgets the *container* (line count) of the framework-owned files that are
-# injected into every agent's context by value — the Constitution (L0), the
-# AGENTS dispatcher, and each runtime RUNTIME.md slice. Gate *wording* is never
-# capped (a word cap forces paraphrasing law — the exact drift vector P3 killed);
-# only the file's line count is bounded, so prose creep is caught in review.
-#
-# This is the CI-enforceable half of the budget. The per-harness *total* resident
-# prompt (which also includes user-generated SOUL.md/USER.md and the per-tier
-# slice) is summed by `mosaic doctor` as a runtime advisory — CI cannot see user
-# files, so it is deliberately out of scope here (DESIGN §7).
-#
-# Usage:  check-resident-budget.sh [--self-test]
-# Exit:   0 = all within budget · 1 = a file exceeds its ceiling · 2 = self-test failed
-set -uo pipefail
-
-FW="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../.." && pwd)" # packages/mosaic/framework
-
-# Per-file ceilings (lines). Headroom above current counts; tighten as files settle.
-# Format: "<relative-path>:<max-lines>"
-CEILINGS=(
-  "defaults/CONSTITUTION.md:120"
-  "defaults/AGENTS.md:120"
-  "runtime/claude/RUNTIME.md:90"
-  "runtime/codex/RUNTIME.md:90"
-  "runtime/opencode/RUNTIME.md:90"
-  "runtime/pi/RUNTIME.md:90"
-)
-
-# check_file <abs-path> <max> → echoes "<n>"; returns 0 if n<=max, 1 otherwise.
-check_file() {
-  local path="$1" max="$2" n
-  n=$(wc -l <"$path" 2>/dev/null || echo 0)
-  n=$((n + 0))
-  echo "$n"
-  [ "$n" -le "$max" ]
-}
-
-run_budget() {
-  local fail=0 rel max abs n
-  printf '%-32s %8s %8s   %s\n' "FILE" "LINES" "CEILING" "STATUS"
-  for entry in "${CEILINGS[@]}"; do
-    rel="${entry%%:*}"
-    max="${entry##*:}"
-    abs="$FW/$rel"
-    if [ ! -f "$abs" ]; then
-      printf '%-32s %8s %8s   %s\n' "$rel" "-" "$max" "MISSING"
-      fail=1
-      continue
-    fi
-    n=$(check_file "$abs" "$max")
-    if [ "$n" -le "$max" ]; then
-      printf '%-32s %8s %8s   %s\n' "$rel" "$n" "$max" "ok"
-    else
-      printf '%-32s %8s %8s   %s\n' "$rel" "$n" "$max" "OVER BUDGET"
-      fail=1
-    fi
-  done
-  return "$fail"
-}
-
-self_test() {
-  local tmp rc
-  tmp=$(mktemp)
-  # 3 lines, ceiling 5 → within budget (rc 0)
-  printf 'a\nb\nc\n' >"$tmp"
-  check_file "$tmp" 5 >/dev/null
-  rc=$?
-  if [ "$rc" -ne 0 ]; then echo "self-test FAIL: under-budget file flagged"; rm -f "$tmp"; return 2; fi
-  # 6 lines, ceiling 5 → over budget (rc 1)
-  printf 'a\nb\nc\nd\ne\nf\n' >"$tmp"
-  check_file "$tmp" 5 >/dev/null
-  rc=$?
-  if [ "$rc" -ne 1 ]; then echo "self-test FAIL: over-budget file not flagged"; rm -f "$tmp"; return 2; fi
-  rm -f "$tmp"
-  echo "self-test OK"
-  return 0
-}
-
-if [ "${1:-}" = "--self-test" ]; then
-  self_test
-  exit $?
-fi
-
-if run_budget; then
-  echo "Resident budget: all framework-owned resident files within ceiling."
-  exit 0
-else
-  echo "Resident budget EXCEEDED — trim prose or raise the ceiling deliberately (see DESIGN §7)." >&2
-  exit 1
-fi

packages/mosaic/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mosaicstack/mosaic",
-  "version": "0.0.39",
+  "version": "0.0.37",
   "repository": {
     "type": "git",
     "url": "https://git.mosaicstack.dev/mosaicstack/stack.git",

packages/mosaic/src/cli.ts

@@ -26,10 +26,6 @@ import {
   checkForAllUpdates,
   formatAllPackagesTable,
   getInstallAllCommand,
-  runFrameworkReseed,
-  readRosterAgentNames,
-  buildRelaunchCommands,
-  FRAMEWORK_RESEED_PACKAGE,
 } from './runtime/update-checker.js';
 import { runWizard } from './wizard.js';
 import { ClackPrompter } from './prompter/clack-prompter.js';
@@ -408,12 +404,7 @@ program
   .command('update')
   .description('Check for and install Mosaic CLI updates')
   .option('--check', 'Check only, do not install')
-  .option(
-    '--no-reseed',
-    'Skip re-seeding framework files into ~/.config/mosaic after the CLI update',
-  )
-  .option('--relaunch', 'Restart durable fleet agents so the new launcher/runtime takes effect')
-  .action(async (opts: { check?: boolean; reseed?: boolean; relaunch?: boolean }) => {
+  .action(async (opts: { check?: boolean }) => {
     // checkForAllUpdates imported statically above
     const { execSync } = await import('node:child_process');
 
@@ -451,51 +442,6 @@ program
       console.error('\nUpdate failed. Try manually: bash tools/install.sh');
       process.exit(1);
     }
-
-    // F3-m3 / R13: the CLI is updated, but the framework files in
-    // ~/.config/mosaic/ are still the previous version. Re-seed them from the
-    // freshly-installed package so shipped launcher/runtime changes ACTIVATE.
-    // Only when the framework-bearing package itself updated.
-    const mosaicUpdated = outdated.some(
-      (r: { package: string }) => r.package === FRAMEWORK_RESEED_PACKAGE,
-    );
-    if (mosaicUpdated && opts.reseed !== false) {
-      console.log(
-        '\nRe-seeding framework files into ~/.config/mosaic (data-safe; keeps your edits)…',
-      );
-      const reseed = runFrameworkReseed();
-      if (reseed.ok) {
-        console.log('✔ Framework re-seeded.');
-        const agents = readRosterAgentNames();
-        if (agents.length > 0) {
-          if (opts.relaunch) {
-            console.log(
-              `\nRelaunching ${agents.length} fleet agent(s) to pick up the new runtime…`,
-            );
-            for (const restart of buildRelaunchCommands(agents)) {
-              try {
-                execSync(restart.join(' '), { stdio: 'inherit', timeout: 30_000 });
-              } catch {
-                console.error(`  ⚠ failed to restart agent — run: ${restart.join(' ')}`);
-              }
-            }
-            console.log('✔ Agents relaunched.');
-          } else {
-            console.log(
-              `\nℹ ${agents.length} fleet agent(s) are still running the previous runtime. ` +
-                'Restart them to activate the update:\n    mosaic update --relaunch   ' +
-                '(or: mosaic fleet restart <agent>)',
-            );
-          }
-        }
-      } else {
-        console.error(
-          `\n⚠ Framework re-seed skipped: ${reseed.reason ?? 'unknown'}.\n` +
-            '  Activate manually: bash "$(npm root -g)/@mosaicstack/mosaic/framework/install.sh" ' +
-            '(MOSAIC_SYNC_ONLY=1 MOSAIC_INSTALL_MODE=keep)',
-        );
-      }
-    }
   });
 
 // ─── wizard ─────────────────────────────────────────────────────────────

packages/mosaic/src/commands/compose-contract.spec.ts

@@ -1,118 +0,0 @@
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
-import { mkdtempSync, mkdirSync, writeFileSync, rmSync, readFileSync } from 'node:fs';
-import { tmpdir } from 'node:os';
-import { join } from 'node:path';
-import { composeContract } from './launch.js';
-
-/**
- * Composer unit test (R7/R8/R9): asserts the launcher-composed runtime contract
- *
- *   - includes the per-tier anchors (CONSTITUTION / AGENTS / USER / runtime),
- *   - keeps the CONSTITUTION block byte-equal to the on-disk file (Tier-3
- *     byte-equality — the bare-launch fallback read must match what is injected),
- *   - merges `*.local.md` operator overlays as deltas-by-value, and omits them
- *     entirely when absent (base-only),
- *   - selects the correct per-harness RUNTIME.md.
- *
- * `composeContract` takes `mosaicHome` as a param, so each test runs against an
- * isolated fixture home. We also chdir to an empty temp cwd so the cwd-relative
- * mission/PRD blocks contribute nothing (deterministic output).
- */
-
-const CONSTITUTION = '# CONSTITUTION\n\nGATE-1: the non-negotiable law.\n';
-const AGENTS = '# Mosaic Agent Dispatcher\n\nLoad order + guide router.\n';
-const USER = '# operator\n\nName: Test Operator\n';
-const TOOLS = '# tools index\n';
-
-function makeHome(): { home: string; root: string } {
-  const root = mkdtempSync(join(tmpdir(), 'mosaic-compose-'));
-  const home = join(root, 'mosaic-home');
-  for (const h of ['claude', 'codex', 'opencode', 'pi']) {
-    mkdirSync(join(home, 'runtime', h), { recursive: true });
-    writeFileSync(join(home, 'runtime', h, 'RUNTIME.md'), `# ${h} runtime contract\n`);
-  }
-  writeFileSync(join(home, 'CONSTITUTION.md'), CONSTITUTION);
-  writeFileSync(join(home, 'AGENTS.md'), AGENTS);
-  writeFileSync(join(home, 'USER.md'), USER);
-  writeFileSync(join(home, 'TOOLS.md'), TOOLS);
-  return { home, root };
-}
-
-describe('composeContract — overlay composer', () => {
-  let fixture: ReturnType<typeof makeHome>;
-  let prevCwd: string;
-  let cwdDir: string;
-
-  beforeEach(() => {
-    fixture = makeHome();
-    prevCwd = process.cwd();
-    cwdDir = mkdtempSync(join(tmpdir(), 'mosaic-cwd-'));
-    process.chdir(cwdDir); // neutralize cwd-relative mission/PRD blocks
-  });
-
-  afterEach(() => {
-    process.chdir(prevCwd);
-    rmSync(fixture.root, { recursive: true, force: true });
-    rmSync(cwdDir, { recursive: true, force: true });
-  });
-
-  it('includes the per-tier anchors and the selected harness runtime', () => {
-    const out = composeContract('claude', fixture.home);
-    expect(out).toContain('GATE-1: the non-negotiable law.'); // L0
-    expect(out).toContain('Mosaic Agent Dispatcher'); // AGENTS
-    expect(out).toContain('# User Profile'); // USER header
-    expect(out).toContain('Name: Test Operator'); // USER body
-    expect(out).toContain('# Runtime-Specific Contract');
-    expect(out).toContain('# claude runtime contract');
-  });
-
-  it('keeps the CONSTITUTION block byte-equal to the on-disk file (Tier-3)', () => {
-    const out = composeContract('pi', fixture.home);
-    const onDisk = readFileSync(join(fixture.home, 'CONSTITUTION.md'), 'utf-8');
-    // The injected L0 must be a byte-equal substring of the composed blob, so a
-    // bare-launch fallback read of CONSTITUTION.md matches what was injected.
-    expect(out.includes(onDisk)).toBe(true);
-  });
-
-  it('is base-only when no *.local overlays exist', () => {
-    const out = composeContract('claude', fixture.home);
-    expect(out).not.toContain('# Operator Overlays');
-    expect(out).not.toContain('Operator Overlay (USER.local.md)');
-    expect(out).not.toContain('Persona Overlay');
-    expect(out).not.toContain('Standards Overlay');
-  });
-
-  it('merges USER.local.md directly under the operator profile', () => {
-    writeFileSync(join(fixture.home, 'USER.local.md'), 'Prefer terse status updates.\n');
-    const out = composeContract('claude', fixture.home);
-    expect(out).toContain('## Operator Overlay (USER.local.md)');
-    expect(out).toContain('Prefer terse status updates.');
-    // Overlay appears AFTER its base profile.
-    expect(out.indexOf('# User Profile')).toBeLessThan(
-      out.indexOf('## Operator Overlay (USER.local.md)'),
-    );
-  });
-
-  it('merges SOUL.local.md + STANDARDS.local.md as deltas in the Operator Overlays block', () => {
-    writeFileSync(join(fixture.home, 'SOUL.local.md'), 'Tone: dry and direct.\n');
-    writeFileSync(join(fixture.home, 'STANDARDS.local.md'), 'Require 90% coverage on auth code.\n');
-    const out = composeContract('claude', fixture.home);
-    expect(out).toContain('# Operator Overlays');
-    expect(out).toContain('## Persona Overlay (SOUL.local.md)');
-    expect(out).toContain('Tone: dry and direct.');
-    expect(out).toContain('## Standards Overlay (STANDARDS.local.md)');
-    expect(out).toContain('Require 90% coverage on auth code.');
-  });
-
-  it('ignores whitespace-only *.local overlays (no empty overlay section)', () => {
-    writeFileSync(join(fixture.home, 'SOUL.local.md'), '   \n\n');
-    const out = composeContract('claude', fixture.home);
-    expect(out).not.toContain('# Operator Overlays');
-  });
-
-  it('selects a different RUNTIME.md per harness', () => {
-    expect(composeContract('codex', fixture.home)).toContain('# codex runtime contract');
-    expect(composeContract('pi', fixture.home)).toContain('# pi runtime contract');
-    expect(composeContract('codex', fixture.home)).not.toContain('# pi runtime contract');
-  });
-});

packages/mosaic/src/commands/fleet.ts

@@ -1453,19 +1453,15 @@ export function registerFleetAgentCommands(
 
       await runChecked(runner, buildAgentWatchCreateViewerCommand(agent, viewerName, socketName));
 
-      let exitCode = 0;
-      try {
-        const [bin, args] = splitCommand(buildAgentWatchAttachCommand(viewerName, socketName));
-        exitCode = await iRunner(bin, args);
-      } finally {
-        // ALWAYS clean up the viewer session — even if attach threw or the process was
-        // interrupted — so stale grouped *-watch-* sessions never accumulate. Errors here
-        // are intentionally suppressed; the agent session is unaffected.
-        const killResult = await runner(
-          ...splitCommand(buildAgentWatchKillViewerCommand(viewerName, socketName)),
-        );
-        void killResult;
-      }
+      const [bin, args] = splitCommand(buildAgentWatchAttachCommand(viewerName, socketName));
+      const exitCode = await iRunner(bin, args);
+
+      // Best-effort cleanup of the viewer session regardless of how the user detached.
+      // Errors here are intentionally suppressed — the agent session is unaffected.
+      const killResult = await runner(
+        ...splitCommand(buildAgentWatchKillViewerCommand(viewerName, socketName)),
+      );
+      void killResult; // result is intentionally ignored
 
       if (exitCode !== 0) {
         process.exitCode = exitCode;

packages/mosaic/src/commands/launch.ts

@@ -291,23 +291,12 @@ function buildPrdBlock(): string {
 
 // ─── Runtime prompt builder ──────────────────────────────────────────────────
 
-/**
- * Compose the full runtime contract for a harness: the resident-by-value core
- * (CONSTITUTION + AGENTS + USER + TOOLS + runtime) plus operator overlays
- * (`*.local.md` deltas), merged in precedence order so the model gets one
- * pre-merged blob (DESIGN §3.2 / R7). Overlays are injected as deltas by value;
- * base files keep their existing residency (USER injected; SOUL/STANDARDS are
- * load-on-demand, so only their small `.local` deltas are injected here).
- *
- * `mosaicHome` is parameterized for testability; production callers use the
- * module-level default.
- */
-export function composeContract(runtime: RuntimeName, mosaicHome: string = MOSAIC_HOME): string {
+function buildRuntimePrompt(runtime: RuntimeName): string {
   const runtimeContractPaths: Record<RuntimeName, string> = {
-    claude: join(mosaicHome, 'runtime', 'claude', 'RUNTIME.md'),
-    codex: join(mosaicHome, 'runtime', 'codex', 'RUNTIME.md'),
-    opencode: join(mosaicHome, 'runtime', 'opencode', 'RUNTIME.md'),
-    pi: join(mosaicHome, 'runtime', 'pi', 'RUNTIME.md'),
+    claude: join(MOSAIC_HOME, 'runtime', 'claude', 'RUNTIME.md'),
+    codex: join(MOSAIC_HOME, 'runtime', 'codex', 'RUNTIME.md'),
+    opencode: join(MOSAIC_HOME, 'runtime', 'opencode', 'RUNTIME.md'),
+    pi: join(MOSAIC_HOME, 'runtime', 'pi', 'RUNTIME.md'),
   };
 
   const runtimeFile = runtimeContractPaths[runtime];
@@ -342,55 +331,27 @@ For required push/merge/issue-close/release actions, execute without routine con
 `);
 
   // CONSTITUTION.md (L0 — the non-negotiable law; lead with it). Tolerant of
-  // pre-constitution installs that have not been re-seeded yet. Injected by
-  // value verbatim so the bare-launch fallback read is byte-equal (R8).
-  const constitution = readOptional(join(mosaicHome, 'CONSTITUTION.md'));
+  // pre-constitution installs that have not been re-seeded yet.
+  const constitution = readOptional(join(MOSAIC_HOME, 'CONSTITUTION.md'));
   if (constitution) parts.push(constitution);
 
   // AGENTS.md
-  parts.push(readFileSync(join(mosaicHome, 'AGENTS.md'), 'utf-8'));
+  parts.push(readFileSync(join(MOSAIC_HOME, 'AGENTS.md'), 'utf-8'));
 
-  // USER.md (+ USER.local.md operator overlay, appended directly under the
-  // profile its base owns).
-  const user = readOptional(join(mosaicHome, 'USER.md'));
+  // USER.md
+  const user = readOptional(join(MOSAIC_HOME, 'USER.md'));
   if (user) parts.push('\n\n# User Profile\n\n' + user);
-  const userLocal = readOptional(join(mosaicHome, 'USER.local.md'));
-  if (userLocal.trim()) {
-    parts.push('\n\n## Operator Overlay (USER.local.md)\n\n' + userLocal);
-  }
 
   // TOOLS.md
-  const tools = readOptional(join(mosaicHome, 'TOOLS.md'));
+  const tools = readOptional(join(MOSAIC_HOME, 'TOOLS.md'));
   if (tools) parts.push('\n\n# Machine Tools\n\n' + tools);
 
-  // Operator overlays whose base layers are load-on-demand (SOUL, STANDARDS):
-  // inject only the small `.local` delta by value so the customization reaches
-  // the model without re-injecting the full base prose (preserves the byte
-  // budget). Absent `.local` files → base-only, automatically (R7 §3.2).
-  const overlayBlocks: string[] = [];
-  const soulLocal = readOptional(join(mosaicHome, 'SOUL.local.md'));
-  if (soulLocal.trim()) {
-    overlayBlocks.push('## Persona Overlay (SOUL.local.md)\n\n' + soulLocal.trim());
-  }
-  const standardsLocal = readOptional(join(mosaicHome, 'STANDARDS.local.md'));
-  if (standardsLocal.trim()) {
-    overlayBlocks.push('## Standards Overlay (STANDARDS.local.md)\n\n' + standardsLocal.trim());
-  }
-  if (overlayBlocks.length > 0) {
-    parts.push('\n\n# Operator Overlays\n\n' + overlayBlocks.join('\n\n'));
-  }
-
   // Runtime-specific contract
   parts.push('\n\n# Runtime-Specific Contract\n\n' + readFileSync(runtimeFile, 'utf-8'));
 
   return parts.join('\n');
 }
 
-/** @deprecated internal alias — use composeContract. Retained for call-site clarity. */
-function buildRuntimePrompt(runtime: RuntimeName): string {
-  return composeContract(runtime);
-}
-
 // ─── Session lock ────────────────────────────────────────────────────────────
 
 function writeSessionLock(runtime: string): void {
@@ -1015,22 +976,6 @@ export function registerLaunchCommands(program: Command): void {
     launchRuntime(runtime, extraArgs, yolo);
   });
 
-  // compose-contract — emit the composed runtime contract (base + operator
-  // overlays) for a harness to stdout, without launching. For inspection,
-  // `mosaic doctor`, diffing, and the composer test (R7).
-  program
-    .command('compose-contract <harness>')
-    .description('Print the composed runtime contract (base + *.local overlays) for a harness')
-    .action((harness: string) => {
-      const valid: RuntimeName[] = ['claude', 'codex', 'opencode', 'pi'];
-      if (!valid.includes(harness as RuntimeName)) {
-        console.error(`Unknown harness '${harness}'. Expected one of: ${valid.join(', ')}.`);
-        process.exitCode = 64;
-        return;
-      }
-      process.stdout.write(composeContract(harness as RuntimeName));
-    });
-
   // Coord (mission orchestrator)
   program
     .command('coord')

packages/mosaic/src/runtime/update-checker.reseed.spec.ts

@@ -1,85 +0,0 @@
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
-import { mkdtempSync, mkdirSync, writeFileSync, rmSync } from 'node:fs';
-import { tmpdir } from 'node:os';
-import { join } from 'node:path';
-import {
-  buildReseedCommand,
-  buildRelaunchCommands,
-  readRosterAgentNames,
-  runFrameworkReseed,
-} from './update-checker.js';
-
-/**
- * F3-m3 / R13: `mosaic update` re-seeds the framework + (opt-in) relaunches
- * durable agents so shipped launcher/runtime changes activate. These cover the
- * pure builders + the missing-installer guard (the exec path is integration).
- */
-
-describe('buildReseedCommand', () => {
-  it('invokes the package install.sh in data-safe sync-only keep mode', () => {
-    const out = buildReseedCommand('/pkg/framework', '/home/u/.config/mosaic');
-    expect(out.installer).toBe('/pkg/framework/install.sh');
-    expect(out.command).toBe('bash /pkg/framework/install.sh');
-    expect(out.env).toEqual({
-      MOSAIC_SYNC_ONLY: '1',
-      MOSAIC_INSTALL_MODE: 'keep',
-      MOSAIC_HOME: '/home/u/.config/mosaic',
-    });
-  });
-});
-
-describe('buildRelaunchCommands', () => {
-  it('builds a systemctl --user restart per agent unit', () => {
-    expect(buildRelaunchCommands(['orchestrator', 'coder0'])).toEqual([
-      ['systemctl', '--user', 'restart', 'mosaic-agent@orchestrator.service'],
-      ['systemctl', '--user', 'restart', 'mosaic-agent@coder0.service'],
-    ]);
-  });
-
-  it('is empty for an empty roster', () => {
-    expect(buildRelaunchCommands([])).toEqual([]);
-  });
-});
-
-describe('readRosterAgentNames', () => {
-  let home: string;
-
-  beforeEach(() => {
-    home = mkdtempSync(join(tmpdir(), 'mosaic-roster-'));
-  });
-  afterEach(() => {
-    rmSync(home, { recursive: true, force: true });
-  });
-
-  it('returns [] when no roster exists', () => {
-    expect(readRosterAgentNames(home)).toEqual([]);
-  });
-
-  it('extracts agent names from roster.yaml', () => {
-    mkdirSync(join(home, 'fleet'), { recursive: true });
-    writeFileSync(
-      join(home, 'fleet', 'roster.yaml'),
-      [
-        'version: 1',
-        'agents:',
-        '  - name: orchestrator',
-        '    runtime: pi',
-        '  - name: coder0',
-        '    runtime: claude',
-        '  - name: "reviewer-1"',
-        '    runtime: codex',
-      ].join('\n') + '\n',
-    );
-    expect(readRosterAgentNames(home)).toEqual(['orchestrator', 'coder0', 'reviewer-1']);
-  });
-});
-
-describe('runFrameworkReseed', () => {
-  it('reports not-ok (not throw) when the installer is absent', () => {
-    const missing = mkdtempSync(join(tmpdir(), 'mosaic-noinstaller-'));
-    const res = runFrameworkReseed(missing, join(missing, 'home'));
-    expect(res.ok).toBe(false);
-    expect(res.reason).toContain('installer not found');
-    rmSync(missing, { recursive: true, force: true });
-  });
-});

packages/mosaic/src/runtime/update-checker.ts

@@ -16,8 +16,7 @@
 import { execSync } from 'node:child_process';
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { homedir } from 'node:os';
-import { dirname, join, resolve } from 'node:path';
-import { fileURLToPath } from 'node:url';
+import { join } from 'node:path';
 
 // ─── Types ──────────────────────────────────────────────────────────────────
 
@@ -454,98 +453,6 @@ export function getInstallAllCommand(outdated: PackageUpdateResult[]): string {
   return `npm i -g ${pkgs.join(' ')}`;
 }
 
-// ─── Post-update framework re-seed + agent relaunch (F3-m3 / R13) ─────────────
-//
-// `mosaic update` installs the new npm CLI but, on its own, leaves the framework
-// files in ~/.config/mosaic/ stale — so shipped launcher/runtime changes (e.g.
-// the agent-name export + native heartbeat) never ACTIVATE until a re-seed.
-// These helpers run the package's own install.sh in sync-only mode (the P4
-// data-safe reconcile: framework-owned overwrite + backup-once; SOUL/USER/
-// *.local/credentials preserved) and, opt-in, relaunch durable agents.
-
-/** Resolve the framework/ directory bundled in the installed package. */
-export function resolveBundledFrameworkRoot(): string {
-  // dist/runtime/update-checker.js → ../../framework (package files: dist + framework)
-  return resolve(dirname(fileURLToPath(import.meta.url)), '..', '..', 'framework');
-}
-
-export const FRAMEWORK_RESEED_PACKAGE = PKG;
-
-/**
- * Build the framework re-seed invocation: the package's install.sh in
- * sync-only mode (file phase only — no environment-touching post-install),
- * keep mode (never overwrite user files). Returned as data so it is unit
- * testable; `runFrameworkReseed` executes it.
- */
-export function buildReseedCommand(
-  frameworkRoot: string,
-  mosaicHome: string,
-): { installer: string; command: string; env: Record<string, string> } {
-  const installer = join(frameworkRoot, 'install.sh');
-  return {
-    installer,
-    command: `bash ${installer}`,
-    env: {
-      MOSAIC_SYNC_ONLY: '1',
-      MOSAIC_INSTALL_MODE: 'keep',
-      MOSAIC_HOME: mosaicHome,
-    },
-  };
-}
-
-/**
- * Re-seed the framework from the freshly-installed package. Returns a result
- * describing what happened (so callers can message + decide on relaunch).
- * Best-effort: a missing installer or a non-zero exit is reported, not thrown.
- */
-export function runFrameworkReseed(
-  frameworkRoot = resolveBundledFrameworkRoot(),
-  mosaicHome = join(homedir(), '.config', 'mosaic'),
-): { ok: boolean; reason?: string } {
-  const { installer, command, env } = buildReseedCommand(frameworkRoot, mosaicHome);
-  if (!existsSync(installer)) {
-    return { ok: false, reason: `installer not found: ${installer}` };
-  }
-  try {
-    execSync(command, { stdio: 'inherit', env: { ...process.env, ...env }, timeout: 120_000 });
-    return { ok: true };
-  } catch (err) {
-    return { ok: false, reason: err instanceof Error ? err.message : String(err) };
-  }
-}
-
-/**
- * Best-effort parse of the fleet roster for agent names (used to relaunch
- * durable agents after a re-seed). Returns [] when no roster exists.
- */
-export function readRosterAgentNames(mosaicHome = join(homedir(), '.config', 'mosaic')): string[] {
-  const rosterPath = join(mosaicHome, 'fleet', 'roster.yaml');
-  if (!existsSync(rosterPath)) return [];
-  let text: string;
-  try {
-    text = readFileSync(rosterPath, 'utf-8');
-  } catch {
-    return [];
-  }
-  // Roster agents are listed as `- name: <id>` entries under `agents:`.
-  const names: string[] = [];
-  for (const line of text.split('\n')) {
-    const m = line.match(/^\s*-?\s*name:\s*["']?([A-Za-z0-9._-]+)["']?\s*$/);
-    if (m && m[1]) names.push(m[1]);
-  }
-  return names;
-}
-
-/** Build the per-agent systemd relaunch commands (drain+relaunch via restart). */
-export function buildRelaunchCommands(agentNames: string[]): string[][] {
-  return agentNames.map((name) => [
-    'systemctl',
-    '--user',
-    'restart',
-    `mosaic-agent@${name}.service`,
-  ]);
-}
-
 /**
  * Format a table showing all packages with their current/latest versions.
  */