Releases

Sovereign v1.1.2

• > A Hamilton-system Monopoly-grammar board game and its solo / digital adaptation.
• > Two artifact streams, one design thesis: **debt → credit → bank → industry**.
• Beta.** Same day as v1.1.1, but a meaningfully different shape. After the v1.1.1 cold playthrough the game still felt too short and the ending too arbitrary — it ended because the clock ran out, not because someone won the Republic. v1.1.2 replaces the round-cap-with-mandate end condition with a **circuit-based** end condition tied to physical movement around the board.
• The new end condition:**
• The game ends when one player has carried their faction around the Republic four times — i.e., completed their fourth crossing of Treasury Opens. At that moment, Final Accounting fires and the highest-Influence player wins, *not necessarily the player who got around first*. Hard cap stays at round 30 (a safety; essentially never fires — diagnostic showed 100 / 100 CANONICAL × 100 games complete by round 28).
• Why this is structurally different from v1.1.1:**

Sovereign v1.1.1

• > A Hamilton-system Monopoly-grammar board game and its solo / digital adaptation.
• > Two artifact streams, one design thesis: **debt → credit → bank → industry**.
• Beta release.** Second attempt at the digital mode after v1.1.0 was withdrawn the same day it shipped (2026-05-20). v1.1.0 simulation-verified but failed first cold human play; v1.1.1 fixes the structural human-playability gaps that audit could not catch. Not fully cold-validated end-to-end; shipping as beta so anyone who wants the digital mode can opt in while the player experience continues to settle.
• What's new vs v1.0.2:**
• Human playability rebuild (Pass 1 + Pass 2).** Action rail moved above the board (visible without scrolling). Positions strip shows each player's location, cash, and Influence with active-player highlight. Portfolio strip near the action rail surfaces holdings without requiring the sidebar. Right sidebar collapsed by default with `▶ Panels` toggle so the board occupies more real estate. 26 px tokens with active-player halo and `YOU` pointer. Designer-only chrome (Balance Sweep, seed pill, version pill, phase pill, canonical/telemetry labels) hidden by default; visible only with `?designer=1`. Real dice-roll overlay (~3.3 s, deterministic outcome). Acts explain their effect before the YES / NO vote. First-round helping-hand footer fades after lap 1.
• Rent surfacing (Pass 3).** New landing-outcome band synthesized from existing ledger rows. Opponent property: "You landed on Hamilton's Customs House. Paid 40 TN rent." Opponent route: "Paid 50 TN route toll." Opponent institution: "Paid 70 TN institution payment." Own property: "No rent due" (plus "Upgrade available" when applicable). Tax space: "Paid 200 TN in tax." Sent-to-Crisis surfaces too. No reducer change; the band reads rows the ledger already wrote.

• v0.13.1 is a single-repair patch on top of v0.13.0. It closes the v0.5 Track-C condition (R-019 wire-up scope gap at the claim extract stage) by extending R-019's tier-budget authority to every `ollama_extract` MCP call made during `claim extract` — the per-window extractor, the per-claim R-011 section-evidence critic, and the per-rescue-candidate R-012 rescue critic. Same architectural shape as R-019's synth-prose coverage (planner + drafter + verifier). Single-repo patch (research-os only); ollama-intern-mcp@2.6.0's `tier_budget_ms_override` schema field is the unchanged server-side reach.
• The release exists because the v0.5 operator-aloneness gate (`operator_aloneness_dst_v0.5` against published `@mcptoolshop/research-os@0.13.0` + `ollama-intern-mcp@2.6.0`) returned **PASS_WITH_CONDITIONS, NOT authorization-grade**. Three tracks of repair were identified: Track A (memory-gate hook scope; closed as R-022 in scaffolding), Track B (operator-side source coverage; opens as R-023 in v0.6 scaffolding), and Track C (this release — R-024). On the v0.5 operator-run, 3 of 8 sources in section 02 (`02-safety-and-economic`) hit the inner 15000ms instant-tier TIER_TIMEOUT during extract with no operator-facing override. R-019 had shipped the analog override for synth prose in v0.13.0; v0.13.1 extends it to the extract stage.
• > **R-024 lands the full-coverage tier-budget rule: when extending a tier budget, the budget must reach every LLM call at that stage that can produce the same inner timeout. Partial coverage = mistargeted patch at the call-site-coverage layer; the named timeout reappears at the uncovered call site.**
• > **R-024 also lands the live-replay test brittleness rule: when a live-replay acceptance test fails for harness reasons (timing, capture, fixture state) rather than mechanism reasons, fix the test harness — do NOT skip, downgrade, or substitute manual artifact inspection.**
• The v0.5 disposition is Path D (multi-track triage). v0.13.1 closes Track C. R-022 closed in scaffolding (memory-gate hook path whitelist exemption). R-023 fires in a separate session after v0.13.1 publishes. v0.6 gate setup follows R-023. Admissibility Slice 1 remains **NOT authorized** until v0.6 PASS.
• `research-os claim extract <section> --tier-budget-ms <N>`** (R-024) — operator-controllable per-call tier-budget override for the claim extract stage. Forwarded to `ollama-intern-mcp@>=2.6.0` as `tier_budget_ms_override` on EVERY `ollama_extract` callTool invocation during this section's extract run. Bounded `[1, 600000]` ms (10-minute upper safety rail; mirrors R-018's `MAX_PLANNER_TIMEOUT_MS`).

Sovereign v1.0.2

• > A Hamilton-system Monopoly-grammar board game and its solo / digital adaptation.
• > Two artifact streams, one design thesis: **debt → credit → bank → industry**.
• The product is shipped, signed, versioned, and on npm. "Prototype" language was design-time scaffolding that should have been retired at v1.0.0. This release removes that language across all user-facing surfaces.
• Changes:**
• Renamed `release/board-game/sovereign-prototype.html` → `release/board-game/sovereign-board-game.html`. Updated `bin/sovereign.js` `--print` resolution and the smoke tests to match.
• Swept "prototype" out of README.md, CHANGELOG.md, release/README.txt, release/00-START-HERE.html, release/board-game/README.txt, release/board-game/V0.10-RULES-ALIGNMENT.md, site/src/site-config.ts, site/src/content/docs/handbook/getting-started.md, site/src/content/docs/handbook/reference.md, site/src/content/docs/handbook/design-history.md, bin/sovereign.js, and test/smoke.test.mjs.

Sovereign v1.0.1

• > A Hamilton-system Monopoly-grammar board game and its solo / digital adaptation.
• > Two artifact streams, one design thesis: **debt → credit → bank → industry**.
• Adds `release/board-game/V0.10-RULES-ALIGNMENT.md`: a delta sheet that lists the eight rule changes a physical table would apply on top of the v0.2 printable prototype to play at v0.10 balance. The board-game prototype HTML itself remains frozen at v0.2 (no human-table playtest has been run); this delta is opt-in for groups reprinting at v0.10 rules.
• The eight deltas: Industrial Charter setup grant · Capacity +1 on first industrial purchase · Capacity ≥ 8 payment bonus +25% → +50% · Capacity ≥ 10 industrial milestone (new) · Full Mfg / Strategic set completion bonuses (new) · Cash IP scoring 1 per 200 TN → 1 per 400 TN · NF Credit endgame bonus 5-IP-split → +1/+2 per qualifying owner · Report on Manufactures capital event (now includes 50 TN per Mfg/Strategic owned + Strategic upgrade halving).
• No game-logic changes. No CLI changes. No digital-mode changes. No npm package shape changes. Pure documentation / table-tool addition. v1.0.x patch shape verified clean.
• Full-treatment Phases 0–7 executed. npm package `@mcptoolshop/sovereign@1.0.0` published with Sigstore provenance. GitHub Release with offline-play zip. Landing page and Starlight handbook deployed. README translated to 7 languages (ja, zh, es, fr, hi, it, pt-BR) before tag.

v1.4.3 — Restore to npm under @mcptoolshop scope

• npm-recovery release. Restores the package to npm under the **`@mcptoolshop/ai-jam-sessions`** scope after the unscoped `ai-jam-sessions` publish was unpublished a month ago and the v1.4.2 retry hit npm's E409 packument-save race.
• No functional changes vs v1.4.2.** Same MCP server, same 41 tools, same dataset publication (Zenodo DOI [`10.5281/zenodo.20279919`](https://doi.org/10.5281/zenodo.20279919)).
• ```bash
• npm install -g @mcptoolshop/ai-jam-sessions
• ```
• The bin commands are unchanged — after install, run `ai-jam-sessions <command>` and `ai-jam-sessions-mcp` as before.

Sovereign v1.0.0

• > A Hamilton-system Monopoly-grammar board game and its solo / digital adaptation.
• > Two artifact streams, one design thesis: **debt → credit → bank → industry**.
• The printable board-game artifact. 34 US Letter sheets, 40-space board, 22 properties + 4 routes + 2 institutions, 8 color systems, 7 Acts of Congress in fixed historical order, 4 player roles, 3 shared tracks (Public Credit · Public Resistance · Industrial Capacity), 12+12 event cards, 5 distinct card backs.
• Balance levers (v0.2 changes from v0.1):**
• | Change | Effect |
• |---|---|

v1.4.2 — Publish jam-actions-v0 with Zenodo DOI

• `jam-actions-v0` v0.4.3 is now publicly published on Zenodo** with DOI [`10.5281/zenodo.20279919`](https://doi.org/10.5281/zenodo.20279919). This is the canonical citation handle going forward.
• This is a publication-readiness release. No new MCP server functionality vs v1.4.0 — the 41 tools, 3 prompts, 120 songs, 6 sound engines, browser cockpit, and practice journal are unchanged. What's new is the **marketed surface for the training dataset** and the **actual public publication** of that dataset on Zenodo.
• | | |
• |---|---|
• | **Zenodo DOI** | [`10.5281/zenodo.20279919`](https://doi.org/10.5281/zenodo.20279919) |
• | **Zenodo record** | https://zenodo.org/records/20279919 |

• build(deps): Bump the actions group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/mcp-tool-shop-org/ai-loadout/pull/3
• build(deps-dev): Bump the dev-deps group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/mcp-tool-shop-org/ai-loadout/pull/4
• Cutover: dispatch to dogfood-lab/testing-os by @mcp-tool-shop in https://github.com/mcp-tool-shop-org/ai-loadout/pull/5
• fix(ci): include node types under TS6 + bump brace-expansion by @mcp-tool-shop in https://github.com/mcp-tool-shop-org/ai-loadout/pull/8
• @dependabot[bot] made their first contribution in https://github.com/mcp-tool-shop-org/ai-loadout/pull/3
• @mcp-tool-shop made their first contribution in https://github.com/mcp-tool-shop-org/ai-loadout/pull/5

• First npm-published release.** **NOT a v1.0.0 promotion** — backprop-trace
• remains mid-v0. v1.0 still gated on: real-world fixture (CNN/transformer),
• adopter validation, multi-framework live helpers (JAX/TF), SGD coupled-L2
• weight decay.
• v0.11.0 promotes the v0.10.x stretch to a publishable artifact. Everything
• the v0.10.x slices built — the helper optimizer matrix (v0.10.1), the

v0.13.0 — finalization-blocker triage arc

• v0.13.0 closes the v0.13 finalization-blocker triage arc opened after the v0.4 rerun against npm `@mcptoolshop/research-os@0.12.1` returned **PASS_WITH_CONDITIONS, NOT authorization-grade**, via Path D (multi-blocker triage arc, distinct from Path C named-patch). Three independent finalization blockers were identified at three different pipeline layers; this release ships three independent named knobs that, together, unblock synth prose finalization + no_answer_cluster recovery surface + contradict-map auto-mode. The defense floor and coverage-recovery surfaces from v0.10 / v0.11 / v0.12 / v0.12.1 remain intact; no closed-enum changes; no breaking surface changes.
• > **v0.4 rerun proves synthetic acceptance can validate plumbing while live replay falsifies the target mechanism.**
• > **v0.13 addresses finalization runtime control: R-019 unblocks the inner MCP tier-budget layer; R-020 surfaces honest no_answer_cluster refusal with recovery actions; R-021 unblocks the contradict-map auto-mode RPC layer.**
• The v0.5 operator-aloneness gate against published v0.13.0 fires in a separate session. Admissibility Slice 1 remains **NOT authorized** until v0.5 PASS.
• Optional `tierBudgetMsOverride` parameter on planner / drafter / verifier toolArgs builders** (R-019, `src/synth/prose/{planner,drafter,verifier}.ts`). When the operator-supplied `--planner-timeout-ms <N>` (or `RESEARCH_OS_SYNTH_PLANNER_TIMEOUT_MS=<N>` env var) sets a non-default source, the value flows into the `ollama_extract` MCP call as `tier_budget_ms_override` and reaches `runWithTimeoutAndFallback` at `ollama-intern-mcp/src/guardrails/timeouts.ts:61`. The inner per-tier timeout mechanism that produced the v0.4 rerun's `elapsed=15018ms budget=15000ms` failure now honors the operator's budget directly, instead of merely being wrapped by R-018's Promise.race.
• R-018 wrapper retained as outer hard-rail.** The wrapping `wrapClientWithTimeout` from R-018 still fires when the underlying `callTool` actually hangs (promise never resolves). R-019 closes the orthogonal failure mode where the underlying call RESOLVES with a structured `isError: true` payload but at an inner-tier budget the wrapper cannot override. Both defenses now operate at their respective layers.

• Minor — non-breaking server-side feature for the v0.13 cross-repo finalization arc. Adds a per-call tier-budget override on `ollama_extract` so research-os (and any other MCP client) can authoritatively set the inner tier-budget that drives `TIER_TIMEOUT` events at the live guardrail layer. Pre-R-019 callers see byte-identical behavior (field is optional and omitted = profile defaults govern).
• `tier_budget_ms_override?: number` schema field on `ollama_extract`.** Optional, bounded `[1, 600000]` ms. When present, the runner builds an `effectiveTimeouts` record (override applied to every tier visited; cascade still honored) and passes it as `timeoutOverrideMs` into the existing `runWithTimeoutAndFallback` machinery at `guardrails/timeouts.ts:61`. The per-tier override slot already existed; v2.6.0 adds the MCP-client entry point to populate it. Handler threads via `RunToolInput.tierBudgetMsOverride` and `RunBatchInput.tierBudgetMsOverride` for items-mode batches.
• The R-018 wrapper that shipped in research-os v0.12.1 wrapped the MCP `callTool` with `Promise.race`. The v0.4 rerun's MISTARGETED-PATCH finding showed the wrapper's effective budget did NOT reach the inner mechanism — `DEV_RTX5080_TIMEOUTS.instant = 15_000` in `src/profiles.ts` continued to fire `TIER_TIMEOUT` at 15000ms regardless of the wrapper's 180000ms budget. v2.6.0's schema field is the MCP-side authoritative budget surface: when research-os passes a `tier_budget_ms_override`, the value reaches the inner mechanism directly, and the operator's `--planner-timeout-ms` flag (or `RESEARCH_OS_SYNTH_PLANNER_TIMEOUT_MS` env var) finally controls inner-tier timeouts as designed.
• Default behavior preserved when the field is omitted. Pre-R-019 callers (any research-os version below 0.13.0; any other MCP client; any direct `ollama_extract` caller that doesn't set the field) see profile defaults govern byte-identically.
• The existing `guardrails/timeouts.ts` per-tier override slot at line 61 is UNCHANGED. The plumbing was already there; v2.6.0 supplies the client-side entry point.
• The cascade (workhorse → instant on timeout) honors the override on every tier visited; `effectiveTimeouts` applies the override uniformly.

v1.1.0 — Dogfood-Swarm Full Treatment

• First release after standalone-repo restoration and full dogfood-swarm
• treatment (Stages A-D health + Feature Pass + Phase 10 Full Treatment).
• Tests 28 → 246 (+218). Coverage 35% → 40%+. Multi-OS CI matrix.
• npm audit clean. SHA-256 asset-integrity verification. Worker-loop-
• yielding render queue. Graceful shutdown. WS heartbeat. Structured
• error envelope on every API failure. Backward-compatible across all

research-os v0.12.1 — synth planner timeout override (Path C patch)

• v0.12.1 is a single-repair patch on top of v0.12.0. It ships R-018 only — a research-os-side wrapper timeout on synth prose MCP `callTool` calls, controlled by an operator-discoverable CLI flag and env var with default behavior preserved byte-identical to v0.12.0.
• The release exists because the v0.4 operator-aloneness gate against npm `@mcptoolshop/research-os@0.12.0` returned **PASS_WITH_CONDITIONS, NOT authorization-grade** (`operator_aloneness_dst_v0.4`). The v0.11 defense floor held under live load (R-007 / R-009 / R-010 / R-011 all PROVEN_LIVE; R-008 not needed this run). All six v0.12 coverage-recovery surfaces fired live and carried the operator: R-012 LLM rescue auto-rescued 24/28 source_content_mismatch claims; R-013 rebuilt 19 cards through cached-body buildCard; R-014 exercised both state-changed and no-regen-needed paths; R-015 resume+progress shipped; R-016 example consulted before override authoring; R-017 missed one natural policy-phrasing keyword and was logged as a v0.13 candidate. Sealed envelope coverage reached PASS thresholds (4/5 SUPPORTED + 1 PARTIAL must-include; 2/3 SUPPORTED + 1 PARTIAL moderators; 0/3 traps; 0/5 material failures triggered). Contamination markers were all HARMLESS. The single failure mode was finalization: synth prose hit `TIER_TIMEOUT` reproducibly at ~15010ms vs the 15s Instant-tier budget across both gate-eligible sections, with no documented CLI / env-var override to raise it. Section briefs were envelope-compliant; the pack just couldn't reach freeze.
• Path C disposition (new pattern earned at v0.4) — when Session B identifies a single named failure mechanism with an explicit patch path AND envelope coverage is at PASS thresholds AND the defense floor is preserved AND contamination is HARMLESS, the disposition is: ship the patch, rerun the same operator path against the patched version, re-grade. No envelope re-authoring. No human rater. No v0.13 architectural arc. v0.12.1 is the named patch; the v0.4 rerun against published v0.12.1 is the prerequisite for Admissibility Slice 1 authorization.
• > **v0.4 proves coverage-grade Research-OS at the section-brief level.**
• > **v0.12.1 must prove finalization-grade by removing the single planner-timeout bottleneck without weakening the defense floor.**
• `research-os synth section <id> --planner-timeout-ms <N>`** (R-018, commit `e6957dd`) — opt-in CLI flag that overrides the research-os-side wrapper timeout for synth prose MCP `callTool` calls on a per-section synth run. Also registered on `synth workspace --section <id>`. Accepts integers in `[1, 600000]` (600000ms = 10-minute safety rail against typo runaway). Documented in `--help` with default, upper bound, and env-var alternative.

research-os v0.12.0 — coverage-recovery release

• v0.12.0 closes the v0.3 operator-aloneness gate findings surfaced 2026-05-16 (`operator_aloneness_dst_v0.3`, PASS_WITH_CONDITIONS but not authorization-grade). The release is a four-slice arc covering six named findings (R-012 through R-017) across two halves: three architectural repairs that close the v0.4-blocking coverage gaps, and three ergonomic closures that improve the operator surface the v0.4 gate will exercise. v0.3 failed authorization not because defenses regressed — all five v0.11 defense surfaces (R-007 through R-011) fired exactly as designed, captured the contamination cases they were built for, and produced a clean honest narrow synthesis with zero silent-wrong content — but because the same defenses, working correctly, trimmed load-bearing primary-source coverage out of the accepted-claim base. The pack reached FROZEN, the operator hit the gate honestly, and the sealed envelope showed 3/5 must-include claims MISSING + 2/3 moderators MISSING + 2/5 material failure conditions TRIGGERED (failure_3 no null-result; failure_4 AASM omitted). The doctrine ratchet earned at v0.3 named the failure shape: defense-grade operator-aloneness PROVEN; coverage-grade operator-aloneness NOT yet. v0.12.0 is the answer.
• > **v0.11 made the system safe enough to avoid silent-wrong synthesis.**
• > **v0.12 makes it more capable of recovering coverage without weakening those defenses.**
• The v0.11 defense floor stays unchanged. v0.12 adds lawful, witnessed recovery paths on top.
• > **Thesis:** Conservative defenses can prevent silent-wrong synthesis, but they can also starve the pack of necessary coverage.
• R-011 rescue path for source_content_mismatch exclusions** (R-012, commit `74f54ed`) — three-stage sequential pipeline added inside the extract loop: deterministic eligibility gate (`non_excluded_on_topic_peers >= 2` from the same source body) → LLM rescue critic (per-source rescue decision with operator-readable rationale) → operator rescue CLI (`research-os claim rescue`, post-extraction). Closed enum `FrameRescueStatus` (5 values: `not_rescued | rescued_by_llm | rescued_by_operator | operator_declined | ineligible_for_rescue`). Hard invariant enforced in code at three layers (extractor, operator CLI, pure gate): rescues that change `frame_excluded: true → false` are witnessed by an append-only ledger entry. New append-only `evidence/claim-frame-rescues.jsonl` recording every rescue event with `rescue_scope` + `rescue_boundary` metadata. Rescue metadata NEVER rewrites the original claim's `scope` or `not` fields — original claim state is preserved alongside the rescue record.

• Patch — finishes the macOS realpath story. v2.5.1 realpath'd allowedRoots. v2.5.2 realpath'd the assertSafePath input. Both fail when the input file doesn't exist (synthetic-path amends — a documented use case where the path is recorded in the manifest before the operator creates the file). v2.5.3 fixes this by expanding allowedRoots to return BOTH the literal-normalized form AND the realpath form. Input check passes if it matches either side — no longer requires input.realpath to succeed.
• `src/corpus/manifest.ts:allowedRoots()` returns both literal + realpath forms.** On macOS, `/var/folders/...` and `/private/var/folders/...` are the same directory through the system symlink. With both forms in the allowed-roots set, an input path in either form matches without requiring the input itself to exist on disk. Closes the corpusAmend macOS failure where synthetic-path tests pass an `INTERN_CORPUS_ALLOWED_ROOTS = /var/folders/...` but `corpusAmend` is called with a path whose file isn't on disk (`realpathSync` throws ENOENT → falls back to literal → doesn't match the realpath'd root from v2.5.1).
• Local 958/959 passing. Coverage thresholds unchanged.

• Patch — completes the v2.5.1 macOS fix. v2.5.1 made `allowedRoots()` realpath each entry, but the INPUT path passed to `assertSafePath()` was still un-realpath'd by `corpusAmend.ts` (and any other caller that doesn't go through the indexer's `realpath → assertSafePath` pipeline). On macOS that left `/var/folders/...` (input) vs `/private/var/folders/...` (root) asymmetric — paths were still rejected as outside-roots. This patch realpaths inside `assertSafePath` itself so both sides match, with an OR-fallback to the normalized form so non-existent paths still validate against the literal allowed-roots string (preserves the historical pre-realpath behavior for the indexer's "file recorded in manifest but no longer on disk" case).
• Also fixes the Doc Drift workflow to `npm run build` before `npm test` — without it, tests that spawn `dist/index.js` (cli, mcpGolden, mcp.integration, pack) error at `beforeAll`, making the parseable pass count artificially low and exit code 1.
• `src/corpus/manifest.ts:assertSafePath` realpaths the input path before comparison.** Symmetric with v2.5.1's `allowedRoots()` realpath. Now `corpusAmend` (and any future caller that doesn't pre-realpath) compares apples-to-apples. Fallback: if `realpathSync` fails (file doesn't exist yet), use the normalized form — both candidates are tried so any path that passed pre-v2.5.1 still passes.
• `.github/workflows/doc-drift.yml`** adds `npm run build` between install and test.
• Tests, typecheck, build, coverage thresholds unchanged. Local Windows run: 958/959 passing.

• Patch — closes three cross-platform CI matrix failures the v2.5.0 multi-OS strategy surfaced on first invocation. No API or behavior changes. The release-spine doing exactly what it was built to do: catching real platform-sensitive code that had been sitting in the repo behind the Linux-only gate.
• `tests/errorHintQuality.test.ts` Node 20 compatibility.** Test used `fs.globSync` which is a Node 22+ API; Node 20 doesn't have it (`TypeError: globSync is not a function`). Replaced with a small hand-rolled `walkTsFilesSync` (recursive `readdirSync` with `withFileTypes`). Skips `.dot` dirs + `node_modules`. No new dep. `engines.node: ">=20.0.0"` honored.
• `src/corpus/manifest.ts` macOS realpath consistency.** `allowedRoots()` returned entries as-is, while the indexer calls `realpath(path)` before checking them. On macOS, `realpath('/var/folders/...')` resolves to `/private/var/folders/...` (the canonical symlink target). An allowed root configured as `/var/folders/...` was therefore rejected as outside-roots even though it pointed at the same directory. `allowedRoots()` now calls `realpathSync` on each entry (fall through to `normalize` if the path doesn't exist yet). Tests on macOS that set `INTERN_CORPUS_ALLOWED_ROOTS = tmpdir()` now produce paths consistent with `realpath(file)` from inside the indexer.
• `tests/corpus/indexerSearcher.test.ts` Windows skip widened.** The TOCTOU-style "outside allowed roots" test had a dynamic skip (`if (tmpdir().startsWith(homedir())) return`) intended to catch the local-dev case where Windows tmpdir is under the user profile. On GitHub Actions Windows runners, tmpdir is on `D:\a\_temp` and homedir is on `C:\Users\runneradmin` (different drive), so the dynamic skip didn't fire but the test setup couldn't produce a reliable "outside" path either. Skip is now `process.platform === 'win32'` unconditionally; `assertSafePath` has its own direct unit tests covering the rejection path, this integration test exists to verify the indexer's `realpath → assertSafePath` wiring on POSIX where the topology is controllable.
• Tests, typecheck, build, coverage thresholds unchanged. Local Windows run: 958/959 passing, 1 todo. Coverage holds at 86.52% statements / 88.94% lines.
• v2.5.0 npm package + GitHub release are unaffected — the publish workflow gated on `ubuntu × 22` which passed; this patch only restores green CI across the multi-OS verify matrix that v2.5.0 introduced.

• Health hardening, proactive defenses, humanization of error/observability surfaces, and 10 user-facing feature additions from a 10-phase dogfood swarm. The 41-tool surface gains `ollama_code_review` (42 total). Correlation IDs now propagate across every NDJSON event so an operator can join `pack_step` to its originating `tools/call` envelope. A breaking behavior change in the confidence guardrail default (now fail-closed) is the reason for the minor bump's prominence — see **Changed** below.
• `ollama_code_review` atom tool.** Structured PR review: takes a unified diff (`diff_text`, 2MB cap) + optional source paths (max 50), returns `{findings:[{severity, category, file, line?, symbol?, description, recommendation}], summary, diff_size_bytes}`. Severity `critical|high|medium|low`, category `bug|security|performance|style|maintainability`. `severity_floor` and `max_findings` filters. Tier defaults to workhorse; `tier:'deep'` for high-stakes. `coerceReview` drops malformed entries instead of throwing — same pattern as `coerceOnboardingFacts` in packs. Distinct from `ollama_multi_file_refactor_propose` (which proposes refactors): code_review flags issues to fix in the diff as-is.
• Correlation IDs across the stack.** Every NDJSON event now carries `{run_id, call_id?, parent_call_id?, op, ...}` where `run_id` is minted in `runner.ts` at every tool entry, `call_id` is per-HTTP-attempt, and `parent_call_id` lets pack sub-step events link back to the originating tool call. `op` enum is closed (`chat|embeddings|pack_step|semaphore_wait|guardrail|shutdown|startup`), borrows OTel `gen_ai.operation.name` vocab. Propagation uses Node's `AsyncLocalStorage` — no parameter threading required for the read side. Tool envelopes echo `run_id` for client-side correlation. Design grounded by a study-swarm (W3C TraceContext / OTel GenAI / MCP progressToken trade-offs; see commit messages for sources).
• CLI surface.** `npx ollama-intern-mcp [--version|-V|--help|-h|doctor|init]`. Doctor reuses the `ollama_doctor` tool with NullLogger and renders a human-readable report (Profile / Tiers / Ollama / Models / Healthy). Init scaffolds `hermes.config.yaml` in cwd, refuses to overwrite. No new dependencies.
• Profile validation fail-fast.** `INTERN_TIER_<TIER>` env values are validated at `loadProfile()` against `^[a-z0-9._-]+(:[a-z0-9._-]+)?$` for model names and `[256, 1048576]` for `num_ctx`. Catches the `hermes3-8b` (dash instead of colon) typo at load time with a "Did you mean hermes3:8b?" hint instead of failing as `OLLAMA_MODEL_MISSING` hours later.
• Vitest coverage configuration.** `npm run test:coverage` (v8 provider, 4 reporters incl. lcov + json-summary, thresholds 70/70/60/70 lines/functions/branches/statements). Current suite reports 86.52% statements / 88.94% lines / 73.96% branches / 86.80% functions.

v0.11.0 — Second Operator-Aloneness Repair Release

• Release date:** 2026-05-15
• npm:** `@mcptoolshop/research-os@0.11.0`
• Requires:** `ollama-intern-mcp@^2.4.0`
• v0.11.0 closes the v0.2 operator-aloneness gate failure conditions surfaced 2026-05-15 (`operator_aloneness_dst_v0.2`, PASS_WITH_CONDITIONS but not authorization-grade). The release is a 4-slice repair arc covering 5 named findings: scope/boundary repair alignment (R-007), discover-time URL relevance check (R-008), paired source-content contamination defense at extraction and frame-critic layers (R-009 + R-011), and recover advisor fallback-cause visibility (R-010). v0.2 failed authorization because three independent contamination paths slipped past v0.10.0's defenses — `repair-scope --auto` filled `scope` but left `not` null so triage re-classified claims as `needs_scope_repair`, `llm-heuristic` discover presented real-but-unrelated PMC URLs as confidence-high candidates, and the extractor + frame-critic chain admitted 11 cancer-paper-derived claims with DST-framed text. The accept-floor invariant was the only designed defense that fired structurally; v0.11.0 closes the upstream gaps so v0.3 of the gate can fire against fresh operator runs.
• ```
• Slice 1 → claim repair-scope fills both scope + not (R-007)

v1.0.4 — dogfood swarm: 170+ findings, 31→137 tests

• 10-phase dogfood swarm. **170+ findings closed** across health (Stages A–D) + visual polish + treatment phases. **Test suite grew from 31 → 137 tests (+342%)**.
• `brand stats` was shipped-broken in v1.0.3 — read `manifest.logos` but the real manifest shape is `manifest.assets`. Live output reported `Manifest entries: 4` against 187 real logos. Now correct.
• `--json` mode on `verify`, `audit`, `migrate`, `manifest --check` (joining `stats`).
• `--quiet` / `--verbose` global flags.
• Differentiated exit codes: **0** success, **1** drift/mismatch, **2** operator error, **3** unexpected.
• `brand migrate` is now transactional: per-file atomic write (temp + rename), per-repo journal at `<repo>/.brand-migrate.journal.json`, `--resume` to recover from a partial cross-org run, per-repo try/catch, TTY progress indicator.

v2.3.0 — dogfood swarm v2 (npm wrapper + 86% coverage)

• Dogfood swarm v2** — 12-wave audit/amend cycle. Adds zero-prerequisite npm install path, raises test coverage to production-grade 80%+ floor, ships 6 new CLI subcommands for full MCP-surface parity.
• ```bash
• npx @mcptoolshop/tool-compass --help
• ```
• SHA256-verified platform binary (linux-x64 / darwin-arm64 / win-x64) downloaded on first run via [@mcptoolshop/npm-launcher](https://www.npmjs.com/package/@mcptoolshop/npm-launcher). No Python toolchain required.
• `tool-compass ui` — launch Gradio UI

v1.7.2 — fix stale version tokens in fuzzy cache

• Stale version tokens preserved through the fuzzy cache.** `getFuzzyCached()` in `src/cache.ts` now compares SemVer-style version tokens between the query and the candidate cache entry, and rejects the fuzzy match when the tokens disagree.
• Caught on the testing-os v1.2.2 release (2026-05-14). Every translation pass produced `README.{ja,zh,es,fr,hi,it,pt-BR}.md` with the `<!-- version:start -->` marker block stamped at the *previous* release's version, because the marker-block segment had ~0.99 Levenshtein similarity to the previous release's cached segment — only the version number changed. The fuzzy cache returned the prior translation verbatim, version token and all. The translator never reached Ollama for that segment.
• `extractInvariantTokens(text)` — extracts SemVer tokens (`v\d+\.\d+\.\d+(?:-[\w.]+)?`) from a string, sorted for order-independent comparison
• `hasSameInvariantTokens(a, b)` — returns true only when two texts share the exact same multiset of tokens
• `getFuzzyCached()` — when a candidate clears the Levenshtein threshold but disagrees on invariant tokens, the entry is **skipped** and the search continues. If no other candidate qualifies, the segment falls through to fresh translation
• Cost: ~7 extra Ollama calls per release (one per language). Correctness gain: every release.

v1.1.0 — Dogfood Swarm Hardening Pass

• 10-phase parallel-agent swarm covering Stage A (bug/security), Stage B (proactive health), Stage C (humanization), and Stage D (visual polish) across all 5 domains: `core-infra`, `verticals`, `apps`, `docs-site`, `ci-tooling`. Tests: 609 → 660 (+51).
• core-infra**
• `StoryboardCanvas` positions state now reconciles with the `frames` prop on change — prunes orphan positions, seeds new ids, preserves dragged positions (F-CI-001)
• `@storyboard-os/routing` route builders URL-encode every id segment via `encodeURIComponent` — fixes path-traversal vector (`boardRoute('../admin')`) and id-collision class (F-CI-002)
• `@storyboard-os/routing` ships its first test suite (16 tests for normalization, encoding, traversal vectors, collision class) and runtime `vitest` config (F-CI-003)
• `validateStoryboard` is hardened against null/undefined input, missing `frame.size` / `frame.position`, NaN/Infinity dimensions and positions, duplicate connection ids, self-loops, and duplicate edges. New error codes: `INVALID_STORYBOARD_SHAPE`, `MISSING_FRAME_SIZE`, `MISSING_FRAME_POSITION`, `INVALID_FRAME_DIMENSION`, `INVALID_FRAME_POSITION`, `DUPLICATE_CONNECTION_ID`, `SELF_LOOP_CONNECTION`, `DUPLICATE_CONNECTION_EDGE` (F-CI-004, F-CI-005, F-CI-006, F-CI-013, F-CI-201)

v2.0.1 — README v2.0 alignment + translations

• Doc-only release. Source code and tool surface unchanged from 2.0.0.
• Root README updated to v2.0.0 reality (was rendering 'v1.7.10 / 78 tools' on GitHub home + the umbrella package's npm page).
• Translator-induced malformed H1 (`# ```text` code-fence wrap) on 5 of 18 ja+zh per-package READMEs (pixelmator, fcp, keynote). Latin-script translations were not affected.
• Umbrella app translations — `apps/creator-studio-os/README.{es,fr,hi,it,ja,pt-BR,zh}.md`. Total translation surface now 11 READMEs × 7 languages = **77 files**.
• `.github/` polish — CODEOWNERS, FUNDING.yml, PR template, issue templates.
• Site landing handbook page `packages.md`.

v2.0.0 — Monorepo + 9 publishable packages

• Monorepo decomposition: the monolith is now **10 npm packages**, each publishable independently under the `@creator-studio-os` scope.
• 9 new packages + umbrella CLI:**
• `@creator-studio-os/core` — shared runtime, AppleScript runners
• `@creator-studio-os/compressor` — headless encode, batch jobs, live progress (15 tools)
• `@creator-studio-os/fcp` — FCPXML 1.14 authoring + FCP import (22 tools)
• `@creator-studio-os/iwork-docs` — Pages + Numbers lifecycle (10 tools)

v1.7.12 — first public npm release

• First public release of **@creator-studio-os/creator-studio-os** on npm.
• 78 MCP tools** across all 8 Apple Creator Studio apps: FCP, Compressor, Motion, Pixelmator Pro, Logic Pro, Keynote, Pages, Numbers
• `brand-deck-minimal` cross-app protocol** — 13-step pipeline composes Pixelmator brand cards, Motion lower-thirds via OZML mutation, and Compressor encode into a finished MOV from a JSON spec
• Headless Motion render via Compressor** (first programmatic Motion render path in any MCP)
• OZML 4.0 parameter + sibling-text mutation** (no prior art globally)
• FCPXML 1.14 round-trip diff** + 12 silent-transformation pre-flight checks

v2.2.1 — translations + SIGTERM fix

• README translated into all 8 languages: Japanese, Simplified Chinese, Spanish, French, Hindi, Italian, and Brazilian Portuguese via TranslateGemma 12B (local, zero API cost). Language nav bar added to the English README.
• `test_daemon_sigterm_removes_daemon_json_on_clean_exit` no longer flakes on slow CI runners. The test was racing the SIGTERM handler install window. Fix: poll `GET /health` until 200 OK before signalling — proves uvicorn is in its event loop and cleanup is wired. Cleanup deadline bumped 10s → 30s.
• ```bash
• pip install sovereignty-game==2.2.1
• npx @mcptoolshop/sovereignty
• ```

v2.2.0 — Tier 1 print pack

• Tier 1 print pack — production-grade printable PDFs.** Sovereignty now ships eight ready-to-print PDFs covering the entire Tier 1 (Campfire) and Tier 3 (Treaty Table) print package: a 16-space Campfire board, a player mat, two quick-references, and three decks (20 Event cards + 10 Deal cards + 10 Voucher cards). The previous "draw the board on a piece of paper or count spaces 0-15" instruction is gone — the board is now a real printable artifact.
• PDFs are vector with embedded fonts (Cormorant Garamond, IM Fell English, JetBrains Mono, ZapfDingbats), zero system fallbacks, US Letter portrait, home-printer-friendly. The visual contract is locked in [`docs/visual-language.md`](https://github.com/mcp-tool-shop-org/sovereignty/blob/v2.2.0/docs/visual-language.md) as Direction A (Parchment Heritage).
• Re-render pipeline ships with the package.** JSX components, the print-only HTML entry, render scripts, and a step-by-step recipe live at [`assets/print/source/`](https://github.com/mcp-tool-shop-org/sovereignty/tree/v2.2.0/assets/print/source) so the PDFs can be reproduced from scratch with headless Chromium.
• Humanized README + handbook.** The README now leads with "play tonight" and the print pack, with the console install moved to "Want a console to keep score?" framing. The handbook print-and-play page links the actual PDFs (was: source markdown).
• | Sheet | File | Pages |
• |---|---|---|

Storyboard OS v1.0.3 - Three Verticals + Generic Connection Core

• Three-vertical story-structure platform with hardened generic infrastructure.
• RPG Storyboard** - quest and game narrative implementation authoring
• Marketing Storyboard** - campaign launch readiness and implementation flow
• Cinematic Storyboard** - production storyboard for trailers, cutscenes, explainers
• Generic connection core** - domains own their connection vocabularies without casts
• `StoryboardConnection<TConnectionType>`

v1.0.1 — Handbook, Translations, Landing Page

• Starlight handbook** — 5 pages (index, getting started, authoring workflow, architecture, reference) with Pagefind full-text search
• Translations** — 35 README files across 7 languages (ja, zh, es, fr, hi, it, pt-BR) via TranslateGemma 12B
• Landing page** — handbook CTA connected, version badge updated to v1.0.1
• Landing page secondary CTA restored to `#features` (was accidentally overwritten with handbook link by site-theme CLI)
• | Package | Version |
• |---|---|

v1.0.0 — Phase 2: Durable Local Authoring

• First stable release. Phase 2 completes the durable local authoring loop.
• | Package | Description |
• |---|---|
• | [`@storyboard-os/core`](https://www.npmjs.com/package/@storyboard-os/core) | Generic storyboard primitives — frame, connection, annotation, template, structural validation |
• | [`@storyboard-os/rpg-domain`](https://www.npmjs.com/package/@storyboard-os/rpg-domain) | RPG game-authoring contract — frame types, content schema, templates, readiness model, handoff, project helpers |
• | [`@storyboard-os/canvas`](https://www.npmjs.com/package/@storyboard-os/canvas) | Domain-configurable Konva canvas renderer — frames, connections, selection, drag, viewport |

v2.1.0 — multi-save · daemon · audit viewer

• Multiple saved games at once. Sovereignty now keeps every game you start under `.sov/games/<game-id>/`. List them with `sov games`, switch with `sov resume <game-id>`. Starting a new game no longer overwrites the old one. Existing v1 layouts (`.sov/game_state.json`) auto-migrate on first invocation — transparent, one-shot, with a stderr notice.
• Batched anchoring across a small constant of chain pointers per game. `sov anchor` at game-end batches pending rounds into ≤8-memo AccountSet transactions on XRPL — a typical 16-round Campfire game produces 2 anchor txs at game-end, indexed by `round_key` in memo body. A verifier walks the trail (1-2 tx URLs per game) instead of the 30+ baseline a per-round-anchor design would produce. Pending hashes queue in `pending-anchors.json`; `sov anchor --checkpoint` flushes mid-game when a checkpoint is needed. The per-tx cap reflects rippled's aggregate `Memos`-field constraint, pinned mechanically by real-testnet boundary tests.
• Network selection. `sov anchor --network testnet|mainnet|devnet` and the `SOV_XRPL_NETWORK` env var join the existing testnet default. Mainnet anchors cost real XRP; the network switcher in the desktop app asks for confirmation before crossing that boundary. `XRPLTransport(network=…)` replaces `XRPLTestnetTransport`.
• Optional daemon mode. `sov daemon start` runs sovereignty as a localhost HTTP/JSON server with bearer-token auth. Install with `pip install 'sovereignty-game[daemon]'`. Required by the desktop app; optional for everyone else. CLI-only users skip the dep cost.
• Audit Viewer desktop app. The Tauri shell ships three views: `/audit` (XRPL-anchored proof viewer with verify-all-rounds), `/game` (passive real-time state display for the active game), `/settings` (daemon config + network switcher with three guardrails). Currently runs from source for developers (`npm --prefix app run tauri dev`); signed binaries ship in v2.1 final via Wave 11.
• Migration + deprecation calendar. v1 game-state files (`.sov/game_state.json`) auto-migrate to the multi-save layout on first v2.1 invocation — transparent, one-shot, with a stderr notice. Four shims emit `DeprecationWarning` and remove in v2.2: `fund_testnet_wallet()`, `XRPLTestnetTransport`, `sov anchor <proof_file>` (single-round legacy form), `LedgerTransport.verify()`.

v2.3.7 — Starter Scaffold CLI

• ```bash
• ai-rpg-engine create-starter my-game
• ```
• Generates a complete, compiling starter project from the template with all placeholders replaced.
• `@ai-rpg-engine/cli@2.1.0`
• `ai-rpg-engine create-starter <name> [--force] [--out=<dir>]`

v2.3.6 — Starter Authoring Template

• Published \@ai-rpg-engine/starter-template@2.3.6\ so new starter authoring is available from npm, not only from the repository.
• \\\ash
• npm install @ai-rpg-engine/starter-template
• \\\
• Includes \src/\, \README.md\, \ sconfig.json\, and \package.json\. Fresh install verified in an empty directory.
• \ emplates/starter/\ — complete starter scaffold using \uildCombatStack\

v2.3.5 — Starter Composition Completion

• All 10 starters now use \uildCombatStack()\. The stack is the canonical combat composition spine for the product.
• \uildCombatStack()\ carries genre-specific combat across all 10 starters without requiring \ormulaOverrides\ or custom combat state definitions:
• | Starter | Genre Pressure | Config Shape |
• |---------|---------------|--------------|
• | Fantasy | Simple baseline | statMapping, biasTags, recovery |
• | Weird West | Dual-resource frontier | + resourceProfile |

v2.3.4 — Combat Stack API Hardening

• \uildCombatStack()\ now exposes explicit cognition configuration, eliminating the order-dependent duplicate-registration seam where starters layered a second \createCognitionCore()\ after \...combat.modules\.
• \\\ ypescript
• // Custom cognition (starters own tuning, stack owns registration)
• buildCombatStack({ cognition: { decay: { baseRate: 0.02 } } })
• // Escape hatch (caller provides own cognition module)
• buildCombatStack({ cognition: false })

v2.3.3 — Consumer Artifact Dogfood

• This release proves AI RPG Engine from the consumer side: package tarballs include license files, README quickstart is executable-tested, core/modules install cleanly outside the monorepo, isolated artifact verification is now part of the ship gate, and the shared combat stack has been dogfooded on Gladiator and Vampire without regressions.
• Security audit clean** — 0 vulnerabilities
• LICENSE in all 27 package tarballs**
• README quickstart executable-tested** — drift now causes test failure
• External consumer proof** — 7-gate composition integration test
• Isolated install proof** — \scripts/verify-isolated-consumer.mjs\ packs tarballs, installs in fresh project, compiles under strict tsc, runs combat simulation

v1.6.0 — Hardening + Workshop Resilience

• Security tightening, structured error envelopes, AMM math correction, and four new facilitator commands. Driven by a 10-phase dogfood swarm covering Stage A bugs/security, Stage B proactive defense, Stage C humanization, Stage D visual polish, and a Feature Pass over deliberate workshop gaps.
• WebSocket Origin enforcement (4003 close + structured reason)
• Wallet seed atomic write — closes TOCTOU window between create and chmod
• Two-tier mode policy: home `~/.xrpl-lab/` 0o700 (private secrets) vs workspace `./.xrpl-lab/` 0o755 (designed-shareable)
• Structured error envelopes via canonical `_error_envelope()` producer (`code`, `message`, `hint`, `severity`, `icon_hint`)
• `RUNTIME_FAUCET_RATE_LIMITED` end-to-end delivery — humanized prose + structured code reach the dashboard

• Renamed `.github/workflows/release.yml` back to `publish.yml` to match the pre-existing PyPI Trusted Publisher record. The workflow filename was changed in v1.4.7 (consolidating `publish.yml` + `release-binaries.yml` into one file) but PyPI's publisher entry was never updated, so OIDC `invalid-publisher` blocked v2.0.0 + v2.0.1 PyPI publishes. v2.0.2 is functionally identical to v2.0.1 (and v2.0.0); only the workflow filename changed.
• `sovereignty-game==2.0.0` and `==2.0.1` are not on PyPI.** PyPI users should `pip install sovereignty-game==2.0.2`. GitHub Release v2.0.0 / v2.0.1 / v2.0.2 binaries (consumed by `npx @mcptoolshop/sovereignty`) all ship the same code.

• > **PyPI users:** v2.0.1 was not published to PyPI due to a workflow
• > filename mismatch with the PyPI Trusted Publisher record (the workflow
• > was named `release.yml` but Trusted Publisher expected `publish.yml`).
• > v2.0.1 successfully fixed the wheel-smoke gate bug from v2.0.0 — but
• > the rename was needed in v2.0.2 for PyPI to actually receive the upload.
• > The v2 PyPI line starts at v2.0.2

v1.1.0 — Feature Pass

• This release is the output of a 10-phase dogfood swarm: full health pass
• (bug/security → proactive → humanization), a 6-feature pass, and a
• complete treatment sweep. 247 → 427 tests; `.vsix` 2.74 MB → 176 KB.
• Custom workflow picker (FT-1).** `CodeComfy: Generate from Custom
• Workflow` command lets you run any ComfyUI workflow JSON from
• `.codecomfy/presets/*.json` in your workspace — not just the shipped

v2.2.2 — Docker CLI on PATH

• Patch release. Fixes the Docker smoke failure from v2.2.1.
• Docker image now runs \`pip install --no-deps .\` during the builder stage so the \`tool-compass\` console script is actually registered on PATH inside the container. v2.2.0/v2.2.1 images only shipped the source tree + dependencies; \`docker run <image> tool-compass --version\` failed with \`executable file not found\`.
• Dockerfile \`LABEL version\` bumped 2.0.7 → 2.2.2 (was stale from the v2.0.7 baseline).
• \`docker run ghcr.io/mcp-tool-shop-org/tool-compass:2.2.2\` still starts the gateway server via \`python gateway.py\` — the default \`CMD\` is unchanged.
• \`docker run <image> tool-compass <subcommand>\` now works: \`search\`, \`describe\`, \`sync\`, \`doctor\`, \`serve\`.
• See [v2.2.0 release notes](https://github.com/mcp-tool-shop-org/tool-compass/releases/tag/v2.2.0) for the full dogfood swarm changeset.

v2.2.1 — tool-compass --version

• Patch release. Fixes the one defect [release-smoke](https://github.com/mcp-tool-shop-org/tool-compass/actions/runs/24859855363) caught on v2.2.0.
• \`tool-compass --version\` now prints the version and exits 0. v2.2.0's new CLI subcommand shell forgot to wire it on the root argparse, so \`tool-compass --version\` raised \`unrecognized arguments\` — release-smoke job caught it. Purely a CLI ergonomics fix; v2.2.0 artifacts themselves were valid.
• Everything else from v2.2.0 stands — see [v2.2.0 release notes](https://github.com/mcp-tool-shop-org/tool-compass/releases/tag/v2.2.0).
• 🤖 Caught by dogfood-swarm release-smoke, fixed in a follow-up.

v2.2.0 — Dogfood Swarm Release

• Full 10-phase parallel-agent swarm on tool-compass. Health pass + humanization + feature pass.
• Tests:** 418 → 455 passing (+37), 0 failed, ruff clean
• Shipcheck:** 30/30 hard gates pass (100%)
• Coverage:** ~58% (55% floor enforced)
• Docker:** multi-arch (linux/amd64 + linux/arm64)
• New `tool-compass` CLI**

v4.4.0 \u2014 Star-Freight-driven

• Full 10-phase dogfood swarm. Three Unreal-export features land on top of a complete health pass to get the UnrealContentPack contract ready for the `star-freight-ue5` project's future loader plugin.
• UE-FT-008** \u2014 Schema versioning + migration framework. `UNREAL_PACK_FORMAT_VERSION` bumped 1.0.0 \u2192 1.1.0. `migratePack(meta, targetVersion)` + `VERSION_DISPATCHERS` handle unknown majors (hard error), older minors (migrate chain), newer minors (forward-compat warning). Rules: major = breaking semantics, minor = additive optional field, patch = docs.
• UE-FT-007** \u2014 Pack signing / integrity hash. Optional `Signature { algorithm: 'sha256', value, signedFields: string[] }` on `pack.Meta`. `composeSignedMeta` runs last in `buildMeta` so the hash covers every other built field. FormatVersion is signed to block downgrade-attack tampering. `verifyPackSignature(meta)` exported for loader / CI; import does NOT auto-verify (backward-compat, opt-in). CLI `--sign`. node `crypto` only \u2014 no external deps.
• UE-FT-005** \u2014 CLI `--summary` and `--diff <a> <b> [--detailed]`. `summarizePack` / `diffPacks` as pure functions; sorted-key canonical stringify for change detection.
• Stage A** (9 CRIT+HIGH): enum drift traps closed, unsafe `pack.Meta` cast replaced, FormatVersion pinned, shape-checked tests, `zoomLevel` lifecycle guard, `pages.yml` npm cache.
• Stage B+C** (30 findings): silent-failure cluster (`UnrealDroppedEntity[]` + `Incomplete` flag, drop tracking in AI-RPG export, aggregated missing-ref warnings in renderer), autosave transactional, orphaned-encounter repair UI, `SCHEMA_VERSION` surfaced via `ValidationResult`, dialogue reachability errors, root `package.json` drives README + site hero versions, 20-minute CI timeouts, post-deploy curl check.