{
  "objective": "Escalate from release-readiness evidence into an explicitly authorized release-fix foundry. Use examples/graphs/release-readiness-review.json for the default non-mutating readiness pass. This packaged graph must never version-bump, commit, tag, push, publish, delete, install, deploy, or create GitHub Releases.",
  "library": {
    "sources": [
      "package"
    ]
  },
  "authority": {
    "allowFilesystemRead": true,
    "allowShellTools": true,
    "allowMutationTools": true
  },
  "steps": [
    {
      "id": "release-map",
      "agent": {
        "ref": "package:scout"
      },
      "task": "Map package metadata, changelog, docs/examples/tests, and release-readiness surfaces from local files only. Do not inspect owner-private publish choreography unless the parent copied those local control-plane paths into scope. Do not run commands or edit. Return paths, release-surface facts, and unknowns. Do not version-bump, commit, tag, push, publish, delete, install, deploy, or create GitHub Releases."
    },
    {
      "id": "release-probes",
      "agent": {
        "ref": "package:validator"
      },
      "task": "Validation command scope copied by parent: REPLACE_WITH_EXACT_RELEASE_PROBE_COMMANDS. Run only those commands. If this placeholder remains, no commands are present, or scope is implied only by upstream evidence, return needs-command-scope without running commands. Candidate release probes may include git status -sb, git diff --check, npm view pi-multiagent version versions dist-tags time --json, and npm pack --dry-run --json only when the parent copied them here; npm view is an external registry read. Do not version-bump, commit, tag, push, publish, delete, install, deploy, or create GitHub Releases. Return pass/fail/deferred with exact commands."
    },
    {
      "id": "artifact-audit",
      "agent": {
        "ref": "package:reviewer"
      },
      "after": [
        "release-map",
        "release-probes"
      ],
      "task": "Inspect package contents and public docs for stale or missing release-critical surfaces, including GitHub Release creation and verification choreography, using terminal upstream evidence from release-map and release-probes even when a lane failed, blocked, or returned missing proof. Do not version-bump, commit, tag, push, publish, delete, install, deploy, or create GitHub Releases. Return findings first with exact paths."
    },
    {
      "id": "release-fix-worker",
      "agent": {
        "ref": "package:worker"
      },
      "needs": [
        "artifact-audit"
      ],
      "mutationScope": "REPLACE before start. Allowed files/globs: <exact release-readiness paths>. Allowed mutation class: <specific release-readiness fix type>. Explicit exclusions: version bump, commit, tag, push, publish, delete, install, deploy, GitHub Release creation, and <additional paths/actions not allowed>. Validation commands authorized: <exact commands or none>. Stop if broader than current parent authorization. mutationScope is not a sandbox; bash/edit/write are not path-confined, so stop rather than touch anything outside this authorization.",
      "task": "Apply only that authorized release-readiness scope across docs, metadata, examples, and tests. If mutationScope is still a placeholder, missing, or broader than the parent authorization, return blocker evidence without editing. Do not version-bump, commit, tag, push, publish, delete, install, deploy, or create GitHub Releases. Return changed paths and validation."
    },
    {
      "id": "release-validation",
      "agent": {
        "ref": "package:validator"
      },
      "needs": [
        "release-fix-worker"
      ],
      "task": "Validation command scope copied by parent: REPLACE_WITH_EXACT_RELEASE_COMMANDS. Run only those commands. Use examples/graphs/release-readiness-review.json for the default non-mutating readiness pass before this mutation-capable foundry. Pre-commit dry-run candidates may include pnpm run gate, npm pack --dry-run --json, npm publish --dry-run --json, and git diff --check. Reserve pnpm run check:release for a clean release commit where HEAD:package.json matches the working package version. Run PI_MULTIAGENT_REAL_SMOKE=1 PI_MULTIAGENT_REAL_SMOKE_TIMEOUT_MS=180000 pnpm run smoke:pi only if explicit real-runtime smoke approval is copied here. If this placeholder remains, no commands are present, or scope is implied only by upstream evidence, return needs-command-scope without running commands. Do not version-bump, commit, tag, push, publish, delete, install, deploy, or create GitHub Releases. Return pass/fail/deferred with exact commands."
    },
    {
      "id": "ship-decision",
      "agent": {
        "ref": "package:synthesizer"
      },
      "after": [
        "release-map",
        "release-probes",
        "artifact-audit",
        "release-fix-worker",
        "release-validation"
      ],
      "task": "Preserve audit findings, validation commands, package identity, block/ship recommendation, and release workflow steps as not-executed human-owned next actions after all lanes terminalize, including npm publish, GitHub Release creation, and gh release view verification. Include failed or blocked lane evidence. Do not invent validation or claim publication. Do not version-bump, commit, tag, push, publish, delete, install, deploy, or create GitHub Releases."
    }
  ],
  "limits": {
    "concurrency": 1,
    "timeoutSecondsPerStep": 9000
  }
}