diff --git a/.beads/issues.jsonl b/.beads/issues.jsonl
index 91daa11..9a17ab3 100644
--- a/.beads/issues.jsonl
+++ b/.beads/issues.jsonl
@@ -79,7 +79,7 @@
 {"id":"skills-czz","title":"Research OpenCode agents for skill integration","description":"DEPLOYMENT.md:218 has TODO to research OpenCode agents. Need to understand how Build/Plan/custom agents work and whether skills need agent-specific handling.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-11-30T11:58:24.855701141-08:00","updated_at":"2025-12-28T20:48:58.373191479-05:00","closed_at":"2025-12-28T20:48:58.373191479-05:00","close_reason":"Researched OpenCode agents - documented in DEPLOYMENT.md. Skills deploy globally, permissions control per-agent access."}
 {"id":"skills-d6r","title":"Design: orch as local agent framework","description":"# Orch Evolution: From Consensus Tool to Agent Framework\n\n## Current State\n- `orch consensus` - multi-model queries\n- `orch chat` - single model queries\n- No state, no pipelines, no retries\n\n## Proposed Extensions\n\n### Pipeline Mode\n```bash\norch pipeline config.yaml\n```\nWhere config.yaml defines:\n- Stages (triage → specialists → verify)\n- Routing logic (if triage finds X, run specialist Y)\n- Retry policy\n\n### Evaluate Mode (doc-review specific)\n```bash\norch evaluate doc.md --rubrics=1,4,7 --output=patches/\n```\n- Applies specific rubrics to document\n- Outputs JSON or patches\n\n### Parallel Mode\n```bash\norch parallel --fan-out=5 --template=\"evaluate {rubric}\" rubrics.txt\n```\n- Fan-out to multiple parallel calls\n- Aggregate results\n\n## Open Questions\n1. Does this belong in orch or a separate tool?\n2. Should orch pipelines be YAML-defined or code-defined?\n3. How does this relate to Claude Code Task subagents?\n4. What's the minimal viable extension?\n\n## Context\nEmerged from doc-review skill design - need multi-pass evaluation but don't want to adopt heavy framework (LangGraph, etc.)","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-04T16:06:56.681282678-08:00","updated_at":"2025-12-04T16:44:08.652185174-08:00","closed_at":"2025-12-04T16:44:08.652185174-08:00"}
 {"id":"skills-d87","title":"orch skill is documentation-only, needs working invocation mechanism","description":"The orch skill provides SKILL.md documentation but no working invocation mechanism.\n\n**Resolution**: Install orch globally via home-manager (dotfiles-3to). The skill documents a system tool, doesn't need to bundle it.\n\n**Blocked by**: dotfiles-3to (Add orch CLI to home-manager packages)","status":"closed","priority":2,"issue_type":"bug","created_at":"2025-12-14T11:54:03.157039164-08:00","updated_at":"2025-12-16T18:45:24.39235833-08:00","closed_at":"2025-12-16T18:45:24.39235833-08:00","close_reason":"Updated docs to use globally installed orch CLI"}
-{"id":"skills-den","title":"Design: Negative permission pattern","description":"Permission escalation via exclusion, not approval.\n\n## Pattern (from GPT brainstorm)\nInstead of asking 'can I do X?', agent asks:\n'Which of these should I NOT do?'\n  [ ] Delete migrations\n  [ ] Modify auth code\n  [x] Add new endpoint (safe)\n\nHuman clicks exclusions → fast.\n\n## Implementation\n- worker permit X - answers permission request\n- Worker writes permission request to .worker-state/X.json\n- Orchestrator/human sees it via worker status\n- Human responds with exclusions\n- Worker continues with constraints\n\n## Benefits\n- Faster than line-by-line approval\n- Human sets constraints, not line edits\n- Trains agents to propose options","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-10T12:14:33.33605382-08:00","created_by":"dan","updated_at":"2026-01-10T12:14:33.33605382-08:00","dependencies":[{"issue_id":"skills-den","depends_on_id":"skills-s6y","type":"blocks","created_at":"2026-01-10T12:15:10.05892805-08:00","created_by":"dan"}]}
+{"id":"skills-den","title":"Design: Negative permission pattern","description":"Permission escalation via exclusion, not approval.\n\n## Pattern (from GPT brainstorm)\nInstead of asking 'can I do X?', agent asks:\n'Which of these should I NOT do?'\n  [ ] Delete migrations\n  [ ] Modify auth code\n  [x] Add new endpoint (safe)\n\nHuman clicks exclusions → fast.\n\n## Implementation\n- worker permit X - answers permission request\n- Worker writes permission request to .worker-state/X.json\n- Orchestrator/human sees it via worker status\n- Human responds with exclusions\n- Worker continues with constraints\n\n## Benefits\n- Faster than line-by-line approval\n- Human sets constraints, not line edits\n- Trains agents to propose options","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T12:14:33.33605382-08:00","created_by":"dan","updated_at":"2026-01-10T13:24:21.065162159-08:00","closed_at":"2026-01-10T13:24:21.065162159-08:00","close_reason":"Deprioritized - not loving this pattern","dependencies":[{"issue_id":"skills-den","depends_on_id":"skills-s6y","type":"blocks","created_at":"2026-01-10T12:15:10.05892805-08:00","created_by":"dan"}]}
 {"id":"skills-dnm","title":"Refactor deploy-skill.sh: dedupe injection calls","description":"File: bin/deploy-skill.sh (lines 112-189)\n\nIssues:\n- Three nearly-identical inject_nix_config() calls\n- Only difference is config block content and target file\n- Repeated pattern bloats file\n\nFix:\n- Parameterize inject_nix_config() better\n- Or create config-specific injection functions\n- Reduce duplication\n\nSeverity: MEDIUM","status":"closed","priority":3,"issue_type":"task","created_at":"2025-12-24T02:51:01.855452762-05:00","updated_at":"2026-01-03T12:02:48.140656044-08:00","closed_at":"2026-01-03T12:02:48.140656044-08:00","close_reason":"Refactored injection logic using inject_home_file helper, deduping Claude, OpenCode and Antigravity blocks."}
 {"id":"skills-dpw","title":"orch: add command to show available/configured models","description":"## Problem\n\nWhen trying to use orch, you have to trial-and-error through models to find which ones have API keys configured. Each failure looks like:\n\n```\nError: GEMINI_API_KEY not set. Required for Google Gemini models.\n```\n\nNo way to know upfront which models are usable.\n\n## Proposed Solution\n\nAdd `orch models` or `orch status` command:\n\n```bash\n$ orch models\nAvailable models:\n  ✓ flash      (GEMINI_API_KEY set)\n  ✓ gemini     (GEMINI_API_KEY set)\n  ✗ deepseek   (OPENROUTER_KEY not set)\n  ✗ qwen       (OPENROUTER_KEY not set)\n  ✓ gpt        (OPENAI_API_KEY set)\n```\n\nOr at minimum, on failure suggest alternatives:\n```\nError: GEMINI_API_KEY not set. Try --model gpt or --model deepseek instead.\n```\n\n## Context\n\nHit this while trying to brainstorm with high-temp gemini - had to try 4 models before realizing none were configured in this environment.","status":"closed","priority":3,"issue_type":"feature","created_at":"2025-12-04T14:10:07.069103175-08:00","updated_at":"2025-12-04T14:11:05.49122538-08:00","closed_at":"2025-12-04T14:11:05.49122538-08:00"}
 {"id":"skills-e8h","title":"Investigate waybar + niri integration improvements","description":"Look into waybar configuration and niri compositor integration.\n\nPotential areas:\n- Waybar modules for niri workspaces\n- Status indicators\n- Integration with existing niri-window-capture skill\n- Custom scripts in pkgs/waybar-scripts\n\nRelated: dotfiles has home/waybar.nix (196 lines) and pkgs/waybar-scripts/","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-28T20:11:23.115445797-05:00","created_by":"dan","updated_at":"2025-12-28T20:37:16.465731945-05:00","closed_at":"2025-12-28T20:37:16.465731945-05:00","close_reason":"Moved to dotfiles repo - waybar config lives there"}
@@ -120,6 +120,7 @@
 {"id":"skills-lzk","title":"Simplify branch name generation in create-new-feature.sh","description":"File: .specify/scripts/bash/create-new-feature.sh (lines 137-181)\n\nIssues:\n- 3 nested loops/conditionals\n- Complex string transformations with multiple sed operations\n- Stop-words list and filtering logic hard to maintain\n\nFix:\n- Extract to separate function\n- Simplify word filtering logic\n- Add input validation\n\nSeverity: MEDIUM","status":"closed","priority":3,"issue_type":"task","created_at":"2025-12-24T02:51:14.286951249-05:00","updated_at":"2026-01-03T12:13:27.083639201-08:00","closed_at":"2026-01-03T12:13:27.083639201-08:00","close_reason":"Simplifed generate_branch_name logic, added main() function, and BASH_SOURCE guard for testability."}
 {"id":"skills-m21","title":"Apply niri-window-capture code review recommendations","description":"CODE-REVIEW-niri-window-capture.md identifies action items: add dependency checks to scripts, improve error handling for niri failures, add screenshot directory validation, implement rate limiting. See High/Medium priority sections.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-11-30T11:58:24.648846875-08:00","updated_at":"2025-12-28T20:16:53.914141949-05:00","closed_at":"2025-12-28T20:16:53.914141949-05:00","close_reason":"Implemented all 4 high-priority recommendations from code review: dependency checks, directory validation, error handling, audit logging"}
 {"id":"skills-mjf","title":"Design: Portable adversarial reviewer","description":"Design a reviewer agent/skill that can run on any capable model.\n\nalice is Claude Opus with specific tools. We need:\n- Model-agnostic reviewer prompt/instructions\n- Tool requirements (read-only: Read, Grep, Glob, Bash)\n- Integration with orch for multi-model consensus\n- Decision format (APPROVED/ISSUES)\n- Issue filing (beads or tissue)\n\nKey principles from alice:\n- Work for the USER, not the agent\n- Assume errors exist, find them\n- Steel-man then attack\n- Seek second opinions\n\nOutput: Reviewer skill spec that works across agents","status":"closed","priority":3,"issue_type":"task","created_at":"2026-01-09T17:14:20.778647076-08:00","created_by":"dan","updated_at":"2026-01-09T19:59:37.80146821-08:00","closed_at":"2026-01-09T19:59:37.80146821-08:00","close_reason":"Covered in architecture design doc - adversarial reviewer section"}
+{"id":"skills-ms5","title":"Design: Local message passing layer","description":"Append-only local files for agent coordination. No network calls.\n\n## Principle\nEverything is local filesystem. Any agent that can read/write files can participate.\n\n## Structure\n.worker-state/messages/\n├── orchestrator.jsonl    # orchestrator outbox\n├── worker-auth.jsonl     # worker-auth outbox\n└── worker-pay.jsonl      # worker-pay outbox\n\n## Message Format\n{\n  \"ts\": \"2026-01-10T12:00:00Z\",\n  \"from\": \"worker-auth\",\n  \"type\": \"stuck|done|permission|error\",\n  \"data\": { ... }\n}\n\n## Operations\nWrite (append):\n  echo '{...}' \u003e\u003e .worker-state/messages/worker-auth.jsonl\n\nRead all:\n  cat .worker-state/messages/*.jsonl | jq -s 'sort_by(.ts)'\n\nTail (watch):\n  tail -f .worker-state/messages/*.jsonl\n\n## Message Types\n- stuck: Worker is blocked, needs help\n- done: Worker completed task\n- permission: Worker needs approval for action\n- error: Worker hit unrecoverable error\n- review: Worker ready for review\n\n## Benefits\n- No network calls\n- Any agent can participate (just file I/O)\n- Append-only = no conflicts\n- Easy to debug (just cat the files)","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-10T13:24:21.597509853-08:00","created_by":"dan","updated_at":"2026-01-10T13:24:21.597509853-08:00","dependencies":[{"issue_id":"skills-ms5","depends_on_id":"skills-s6y","type":"blocks","created_at":"2026-01-10T13:24:36.033492407-08:00","created_by":"dan"}]}
 {"id":"skills-mx3","title":"spec-review: Define consensus thresholds and decision rules","description":"'Use judgment' for mixed results leads to inconsistent decisions.\n\nDefine:\n- What constitutes consensus (2/3? unanimous?)\n- How to handle NEUTRAL votes\n- Tie-break rules\n- When human override is acceptable and how to document it","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-15T00:23:24.121175736-08:00","updated_at":"2025-12-15T13:58:04.339283238-08:00","closed_at":"2025-12-15T13:58:04.339283238-08:00"}
 {"id":"skills-njb","title":"worklog: clarify or remove semantic compression references","description":"SKILL.md references 'semantic compression is a planned workflow' multiple times but it's not implemented. Speculative generality - adds cognitive load for non-existent feature. Either implement or move to design notes. Found by smells lens review.","status":"closed","priority":4,"issue_type":"task","created_at":"2025-12-25T02:03:25.387405002-05:00","updated_at":"2025-12-27T10:11:48.169923742-05:00","closed_at":"2025-12-27T10:11:48.169923742-05:00","close_reason":"Closed"}
 {"id":"skills-nto","title":"Prototype: End-to-end cross-agent workflow","description":"Build a working prototype of cross-agent quality gate.\n\n## Scenario\n1. Worker agent (any) does task\n2. Posts status to message layer\n3. Reviewer agent (any) checks work\n4. Posts approval/issues to memory layer\n5. Gate checks memory, allows/blocks completion\n\n## Test Matrix\n\n| Orchestrator | Worker | Reviewer | Enforcement |\n|--------------|--------|----------|-------------|\n| Claude | Claude | Gemini | Hook |\n| Claude | Gemini | Claude | Hook |\n| OpenCode | Claude | Gemini | Orchestrator |\n| Manual | OpenCode | Claude | Protocol |\n\n## Components to Build\n1. Message layer interface (post/read status)\n2. Memory layer interface (review state)\n3. Gate check CLI (for hooks and manual)\n4. Reviewer skill/prompt\n\n## Success Criteria\n- At least 2 agent combinations working\n- Gate actually blocks when review fails\n- State persists across agent boundaries","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-09T19:32:57.579195169-08:00","created_by":"dan","updated_at":"2026-01-09T20:39:24.013666826-08:00","closed_at":"2026-01-09T20:39:24.013666826-08:00","close_reason":"Prototype complete: review-gate CLI with hooks.json, adversarial reviewer prompt, and dual-publish structure"}
@@ -133,8 +134,9 @@
 {"id":"skills-r5c","title":"Extract shared logging library from scripts","description":"Duplicated logging/color functions across multiple scripts:\n- bin/deploy-skill.sh\n- skills/tufte-press/scripts/generate-and-build.sh\n- Other .specify scripts\n\nPattern repeated:\n- info(), warn(), error() functions\n- Color definitions (RED, GREEN, etc.)\n- Same 15-20 lines in each file\n\nFix:\n- Create scripts/common-logging.sh\n- Source from all scripts that need it\n- Estimated reduction: 30+ lines of duplication\n\nSeverity: MEDIUM","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-24T02:50:58.324852578-05:00","updated_at":"2025-12-29T18:48:20.448077879-05:00","closed_at":"2025-12-29T18:48:20.448077879-05:00","close_reason":"Minimal duplication: only 2 files with different logging styles. Shared library overhead not justified."}
 {"id":"skills-r62","title":"Design: Role + Veto pattern","description":"Some agents do, some agents can only block.\n\n## Pattern (from GPT brainstorm)\nRole specialization with cross-cutting veto powers:\n- Claude = spec/architecture (can veto incoherent APIs)\n- Codex = implementation (fast edits, compilation focus)\n- Gemini = repo archaeologist (searches long-range coupling)\n- Security agent = can't code, can only BLOCK\n\nKey: some agents can't 'do' but can block.\n\n## Implementation\n- worker veto X \"reason\" - block without doing\n- Reviewer agents have veto-only mode\n- Veto writes rejection to .worker-state/X.json\n- Worker must address veto before proceeding\n\n## Benefits\n- Prevents groupthink\n- Security review can't 'fix' things (no scope creep)\n- Clear separation of concerns","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-10T12:14:51.397604607-08:00","created_by":"dan","updated_at":"2026-01-10T12:14:51.397604607-08:00","dependencies":[{"issue_id":"skills-r62","depends_on_id":"skills-s6y","type":"blocks","created_at":"2026-01-10T12:15:10.205645756-08:00","created_by":"dan"}]}
 {"id":"skills-rex","title":"Test integration on worklog skill","description":"Use worklog skill as first real test case:\n- Create wisp for worklog execution\n- Capture execution trace\n- Test squash → digest\n- Validate trace format captures enough info for replay\n\nMigrated from dotfiles-drs.","status":"closed","priority":3,"issue_type":"task","created_at":"2025-12-23T19:21:18.75525644-05:00","updated_at":"2025-12-29T13:55:35.814174815-05:00","closed_at":"2025-12-29T13:55:35.814174815-05:00","close_reason":"Parked with ADR-001: skills-molecules integration deferred. Current simpler approach (skills as standalone) works well. Revisit when complex orchestration needed.","dependencies":[{"issue_id":"skills-rex","depends_on_id":"skills-3em","type":"blocks","created_at":"2025-12-23T19:22:00.34922734-05:00","created_by":"dan"}]}
+{"id":"skills-roq","title":"Design: Branch-per-worker isolation","description":"Each worker operates on its own git branch for code isolation.\n\n## Pattern\n- worker spawn creates branch: worker/\u003cid\u003e\n- Worker does all work on that branch\n- On completion, branch ready for review/merge\n- Orchestrator or human merges to main\n\n## Benefits\n- Clean isolation between parallel workers\n- Easy rollback (just delete branch)\n- Familiar git workflow\n- No conflicts during work\n\n## Implementation\nworker spawn:\n  1. git checkout -b worker/\u003cid\u003e\n  2. Run agent\n  3. Agent commits to branch\n  4. On completion, branch stays for review\n\nworker merge \u003cid\u003e:\n  1. Review diff\n  2. Merge to main (or rolling branch)\n  3. Delete worker branch\n\n## Open Questions\n- Merge from main during work? (rebase vs merge)\n- Rolling branch pattern? (main \u003c- rolling \u003c- workers)","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-10T13:24:21.364434026-08:00","created_by":"dan","updated_at":"2026-01-10T13:24:21.364434026-08:00","dependencies":[{"issue_id":"skills-roq","depends_on_id":"skills-s6y","type":"blocks","created_at":"2026-01-10T13:24:35.976245936-08:00","created_by":"dan"}]}
 {"id":"skills-rpf","title":"Implement playwright-visit skill for browser automation","description":"## Overview\nBrowser automation skill using Playwright to visit web pages, take screenshots, and extract content.\n\n## Key Findings (from dotfiles investigation)\n\n### Working Setup\n- Use `python312Packages.playwright` from nixpkgs (handles Node driver binary patching for NixOS)\n- Use `executable_path='/run/current-system/sw/bin/chromium'` to use system chromium\n- No `playwright install` needed - no browser binary downloads\n\n### Profile Behavior\n- Fresh/blank profile every launch by default\n- No cookies, history, or logins from user's browser\n- Can persist state with `storage_state` parameter if needed\n\n### Example Code\n```python\nfrom playwright.sync_api import sync_playwright\n\nwith sync_playwright() as p:\n    browser = p.chromium.launch(\n        executable_path='/run/current-system/sw/bin/chromium',\n        headless=True\n    )\n    page = browser.new_page()\n    page.goto('https://example.com')\n    print(page.title())\n    browser.close()\n```\n\n### Why Not uv/pip?\n- Playwright pip package bundles a Node.js driver binary\n- NixOS can't run dynamically linked executables without patching\n- nixpkgs playwright handles this properly\n\n## Implementation Plan\n1. Create `skills/playwright-visit/` directory\n2. Add flake.nix with devShell providing playwright\n3. Create CLI script with subcommands:\n   - `screenshot \u003curl\u003e \u003coutput.png\u003e` - capture page\n   - `text \u003curl\u003e` - extract text content  \n   - `html \u003curl\u003e` - get rendered HTML\n   - `pdf \u003curl\u003e \u003coutput.pdf\u003e` - save as PDF\n4. Create skill definition for Claude Code integration\n5. Document usage in skill README\n\n## Dependencies\n- nixpkgs python312Packages.playwright\n- System chromium (already in dotfiles)\n\n## Related\n- dotfiles issue dotfiles-m09 (playwright skill request)","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-16T16:02:28.577381007-08:00","updated_at":"2025-12-29T00:09:50.681141882-05:00","closed_at":"2025-12-29T00:09:50.681141882-05:00","close_reason":"Implemented: SKILL.md, visit.py CLI (screenshot/text/html/pdf), flake.nix devShell, README. Network down so couldn't test devShell build, but code complete."}
-{"id":"skills-s6y","title":"Multi-agent orchestration: Lego brick architecture","description":"Simple, composable primitives for multi-agent coordination. Inspired by Gastown but dramatically simpler - Lego bricks not pirate ships.\n\n## Architecture\n- Human-attended orchestrator (any agent)\n- Background workers (any agent)\n- Review gates (review-gate CLI)\n- File-based state (.worker-state/)\n\n## Core Primitives (6 total)\n1. worker spawn - start background agent\n2. worker status - check all workers  \n3. worker permit - answer permission requests\n4. review-gate - quality gates\n5. worker stuck - detect non-progress\n6. worker veto - block without doing\n\n## Research Sources\n- Gastown (Yegge) - what NOT to do (too complex)\n- LangGraph breakpoints - state serialization pattern\n- MetaGPT - role-based agents\n- Claude Code - permission-based gating\n- OpenHands - event stream pattern\n\n## Key Insights\n- Agents don't spawn reviewers inline (causes loops)\n- External reviewer process approves/rejects\n- Circuit breakers prevent infinite loops\n- Evidence artifacts \u003e chat transcripts\n- Some agents do, some agents block (veto pattern)","status":"open","priority":1,"issue_type":"epic","created_at":"2026-01-10T12:14:16.141746066-08:00","created_by":"dan","updated_at":"2026-01-10T12:14:16.141746066-08:00"}
+{"id":"skills-s6y","title":"Multi-agent orchestration: Lego brick architecture","description":"Simple, composable primitives for multi-agent coordination. Inspired by Gastown but dramatically simpler - Lego bricks not pirate ships.\n\n## Architecture\n- Human-attended orchestrator (any agent)\n- Background workers (any agent, own git branch)\n- Local message passing (.worker-state/messages/*.jsonl)\n- Review gates (review-gate CLI)\n- File-based state (.worker-state/)\n\n## Core Primitives\n1. worker spawn - start background agent on own branch\n2. worker status - check all workers via local files\n3. worker merge - merge completed worker branch\n4. review-gate - quality gates (pass/fail)\n5. worker stuck - detect non-progress (Rubber Duck)\n6. worker veto - block without doing (for reviewers)\n\n## Key Principles\n- Everything is local filesystem (no network for coordination)\n- Any agent that can read/write files can participate\n- Git branches for code isolation\n- Append-only JSONL for message passing\n- Pass/fail review first, richer scoring later\n\n## Research Sources\n- OpenHands iterative refinement (worker → critique → feedback loop)\n- Gastown (what NOT to do - too complex)\n- LangGraph breakpoints\n- MetaGPT role-based agents\n\n## Key Insights\n- Agents coordinate through files, not direct communication\n- External reviewer process approves/rejects (not inline spawning)\n- Circuit breakers prevent infinite loops\n- 80-90% automation realistic (human for the rest)","status":"open","priority":1,"issue_type":"epic","created_at":"2026-01-10T12:14:16.141746066-08:00","created_by":"dan","updated_at":"2026-01-10T13:24:36.265535217-08:00"}
 {"id":"skills-s92","title":"Add tests for config injection (deploy-skill.sh)","description":"File: bin/deploy-skill.sh (lines 112-137)\n\nCritical logic with NO test coverage:\n- Idempotency (running twice should be safe)\n- Correct brace matching in Nix\n- Syntax validity of injected config\n- Rollback on failure\n\nRisk: MEDIUM-HIGH - can break dotfiles Nix config\n\nFix:\n- Test idempotent injection\n- Validate Nix syntax after injection\n- Test with malformed input\n\nSeverity: MEDIUM","status":"closed","priority":3,"issue_type":"task","created_at":"2025-12-24T02:51:01.314513824-05:00","updated_at":"2026-01-06T16:29:18.728097676-08:00","closed_at":"2026-01-06T16:29:18.728097676-08:00","close_reason":"21 tests added covering idempotency, brace preservation, inject_home_file wrapper, edge cases"}
 {"id":"skills-sh6","title":"Research: OpenHands iterative refinement pattern","description":"Document OpenHands SDK patterns for our architecture.\n\n## Iterative Refinement Loop\n1. Worker agent does work\n2. Critique agent evaluates (correctness, quality, completeness)\n3. If not good → worker tries again with feedback\n4. Repeat until standard met\n\n## Parallel Agent Orchestration\n- Git-based coordination (not direct communication)\n- Each agent works on own branch\n- PRs to intermediate 'rolling branch'\n- Human reviews and merges\n- Agents pull latest, handle conflicts\n\n## Key Quote\n'Don't expect 100% automation—tasks are 80-90% automatable.\nYou need a human who understands full context.'\n\n## Mapping to Our Architecture\n- Worker = their refactoring agent\n- Reviewer = their critique agent\n- review-gate = their quality threshold\n- Human orchestrator = their human on rolling branch\n\n## Sources\n- https://openhands.dev/blog/automating-massive-refactors-with-parallel-agents\n- https://arxiv.org/abs/2511.03690\n- https://docs.openhands.dev/sdk","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-10T12:24:02.368542878-08:00","created_by":"dan","updated_at":"2026-01-10T12:24:02.368542878-08:00","dependencies":[{"issue_id":"skills-sh6","depends_on_id":"skills-s6y","type":"blocks","created_at":"2026-01-10T12:24:07.013388857-08:00","created_by":"dan"}]}
 {"id":"skills-sse","title":"Design: worker spawn/status primitives","description":"Basic worker lifecycle management.\n\n## Commands\n- worker spawn \"task\" --id X - runs agent in background\n- worker status - shows all worker states\n- worker kill X - terminate worker\n\n## State\n.worker-state/X.json:\n  - id, status, task, started_at\n  - output (truncated)\n  - exit_code (when done)\n\n## Implementation\n~50 lines bash wrapper that:\n- Spawns claude/gemini/codex in background\n- Redirects output to log file\n- Writes status JSON\n- Updates on completion","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-10T12:14:33.115131833-08:00","created_by":"dan","updated_at":"2026-01-10T12:14:33.115131833-08:00","dependencies":[{"issue_id":"skills-sse","depends_on_id":"skills-s6y","type":"blocks","created_at":"2026-01-10T12:15:10.014285119-08:00","created_by":"dan"}]}
diff --git a/.beads/last-touched b/.beads/last-touched
index b57659d..68adbf8 100644
--- a/.beads/last-touched
+++ b/.beads/last-touched
@@ -1 +1 @@
-skills-sh6
+skills-s6y