- reviewer, auditor: add qa-checklist to skills (both produce envelopes)
- worker-protocol: annotate ac_coverage as optional in envelope template
- message-schema: document that security_findings.high is non-blocking
- qa-checklist: reframe plan_result has_blockers as intent confirmation
- CLAUDE.md: add missing message-schema and project to skill list
- debugger, documenter: add qa-checklist to skills (worker-protocol references it)
- message-schema: make moderate_count/minor_count required on review_verdict,
make has_blockers required on plan_result, remove dangling format field
- orchestrate: split blocked routing by type (plan_result vs worker_submission)
- worker-protocol: remove stale migration note about freetext RFR
- qa-checklist: add plan_result has_blockers hard rule
- architect: remove dangling format field from plan_result envelope
- install.sh: replace unreachable $? check with `if !` pattern (set -e
exits before the check runs on Windows mklink failure)
- settings.json: remove fragile Bash deny patterns that can't match across
path separators; broaden .env denies to recursive **/.env with Read/Write/Edit
- worker-protocol: align QA instruction with qa-checklist — qa_check goes in
frontmatter envelope, not as a prose line
- Replace "Karen/Verification" with "reviewer/auditor" in worker-protocol
- Reframe parallel dispatch rationale from false "~10% token cost" (only
applies to fork agents with identical prefixes) to accurate wall-clock
latency savings
- Add Permission model section documenting that permissionMode is
overridden when parent runs in acceptEdits mode; disallowedTools is
the actual safety boundary
