chore(consistency): sync task status from DB [auto]

Updated by fix-consistency on 2026-06-24:
  - update .custodian-brief.md for coordination-engine

.claude/rules/agents.md

@@ -0,0 +1,20 @@
+## Kaizen Agents
+
+Specialized agent personas available on demand via the state-hub MCP.
+
+**Discover:** `list_kaizen_agents()` — returns all agents with name, description, category
+**Load:** `get_kaizen_agent("tdd-workflow")` — returns full instructions; read and follow them
+
+Common agents:
+
+| Agent | Category | When to use |
+|-------|----------|-------------|
+| `tdd-workflow` | testing | Step-by-step TDD8 workflow for any feature |
+| `code-refactoring` | quality | Code quality analysis and safe refactoring |
+| `test-maintenance` | testing | Diagnose and fix failing tests |
+| `requirements-engineering` | process | Prevent interface/mock mismatches upfront |
+| `keepaTodofile` | process | Maintain TODO.md during work |
+| `project-management` | process | Track status, determine next steps |
+| `datamodel-optimization` | quality | Optimize dataclasses and data structures |
+
+All 17 agents: call `list_kaizen_agents()` for the full list.

.claude/rules/architecture.md

@@ -0,0 +1,8 @@
+## Architecture
+
+<!-- TODO: Describe the key design decisions and component structure.
+     Key modules, data flows, external integrations, state machines, etc. -->
+
+## Quick Reference
+
+`~/state-hub/mcp_server/TOOLS.md` — MCP tool reference

.claude/rules/credential-routing.md

@@ -0,0 +1,50 @@
+# Credential and access routing
+
+**Audience:** Codex, Claude Code, Grok, and custodian agents that call **llm-connect**
+for inference. Run this check **before** requesting secrets, API keys, SSH access,
+login tokens, or database passwords — in any repo, not only `ops-warden`.
+
+ops-warden **issues SSH certificates only** (`warden sign`, `cert_command`). Every
+other credential need belongs to another subsystem. **Do not** message
+`ops-warden` on State Hub expecting a secret value; the reply is a pointer, not a key.
+
+### Lookup (do this first)
+
+```bash
+warden route find "<describe your need>" --json
+warden route show <catalog-id> --json
+```
+
+Requires the `warden` CLI from `~/ops-warden` (`uv tool install .` or `uv run warden`).
+
+| Agent runtime | How to orient |
+| --- | --- |
+| **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=coordination-engine` is for coordination, not secret vending |
+| **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workstreams; **still** use `warden route` for credential ownership |
+| **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` |
+
+### Quick routing table
+
+| I need… | Owner | ops-warden executes? |
+| --- | --- | --- |
+| SSH cert (`adm`/`agt`/`atm`) | ops-warden | **Yes** — `warden sign` |
+| API key, DB password, provider token | OpenBao (`railiance-platform`) | No — route only |
+| Login / OIDC / MFA | key-cape / Keycloak | No — route only |
+| Authorization decision | flex-auth | No — route only |
+| activity-core → issue-core emission | activity-core + issue-core | No — `warden route show activity-core-issue-sink` |
+| SSH tunnel | ops-bridge (+ `cert_command` from warden) | No — route only |
+
+### Anti-patterns (do not do these)
+
+- `POST /messages/` to `ops-warden` asking for `ISSUE_CORE_API_KEY`, `OPENROUTER_API_KEY`, etc.
+- Inventing `warden secret`, `warden login`, `warden bao`, `warden tunnel` — they do not exist
+- Pasting secrets into Git, State Hub, workplans, logs, or chat
+
+### Other capabilities (reuse-surface)
+
+Non-credential capabilities are usually discovered through **reuse-surface** federation
+(`reuse-surface` registry / `capability.*` indexes). Credential routing is inlined in
+every repo's agent instructions because it is high-frequency, high-risk, and easy to
+get wrong.
+
+**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml`

.claude/rules/first-session.md

@@ -0,0 +1,38 @@
+## First Session Protocol
+
+Triggered when `get_domain_summary("communication")` shows **no workstreams**.
+The project is registered but work has not yet been structured.
+
+**Step 1 — Read, don't write**
+- `~/the-custodian/canon/projects/communication/project_charter_v0.1.md` — purpose, scope
+- `~/the-custodian/canon/projects/communication/roadmap_v0.1.md` — planned phases
+- Scan repo root: README, directory structure, existing code or docs
+
+**Step 2 — Survey in-progress work**
+Look for TODOs, open branches, half-finished files. Note done vs. started but incomplete.
+
+**Step 3 — Propose workstreams to Bernd**
+Propose 1–3 workstreams — each a coherent strand, weeks to months, anchored to a
+roadmap phase. **Wait for approval before creating.**
+
+**Step 4 — Create workplan file first, then DB record (ADR-001)**
+```
+workplans/COORDINATION-WP-NNNN-<slug>.md   ← write this first
+```
+Then register in the hub:
+```
+create_workstream(topic_id="36c7421b-c537-4723-bf75-42a3ebc6a1dc", title="...", owner="...", description="...")
+create_task(workstream_id="<id>", title="...", priority="high|medium|low")
+```
+
+**Step 5 — Record the setup**
+```
+add_progress_event(
+    summary="First session: structured communication into N workstreams, M tasks",
+    event_type="milestone",
+    topic_id="36c7421b-c537-4723-bf75-42a3ebc6a1dc",
+    detail={"workstreams": [...], "tasks_created": M}
+)
+```
+
+<!-- Delete or archive this file once past first session -->

.claude/rules/repo-boundary.md

@@ -0,0 +1,8 @@
+## Repo boundary
+
+This repo owns **Coordination Engine** only. It does not own:
+
+<!-- TODO: List what belongs in adjacent repos, e.g.:
+- SSH key management → railiance-infra/
+- State hub code     → state-hub/
+-->

.claude/rules/repo-identity.md

@@ -0,0 +1,5 @@
+**Purpose:** Coordination Engine - (fill in purpose)
+
+**Domain:** communication
+**Repo slug:** coordination-engine
+**Topic ID:** 36c7421b-c537-4723-bf75-42a3ebc6a1dc

.claude/rules/session-protocol.md

@@ -0,0 +1,85 @@
+## Session Protocol
+
+Dev Hub (State Hub API): http://127.0.0.1:8000
+MCP server name in `~/.claude.json`: `dev-hub`
+
+**Step 1 — Orient**
+
+Read the offline-safe brief first — it works without a live hub connection:
+```bash
+cat .custodian-brief.md
+```
+Then call the MCP tool for richer cross-domain context when MCP tools are exposed:
+```
+get_domain_summary("communication")
+```
+If MCP tools are unavailable in the current agent session, use the REST API:
+```bash
+curl -s "http://127.0.0.1:8000/state/summary" | python3 -m json.tool
+```
+If the hub is offline: `cd ~/state-hub && make api`
+
+**Step 2 — Check inbox**
+With MCP tools:
+```
+get_messages(to_agent="coordination-engine", unread_only=True)
+```
+Mark read with `mark_message_read(message_id)`. Reply or act on coordination
+requests before proceeding.
+
+Without MCP tools:
+```bash
+curl -s "http://127.0.0.1:8000/messages/?to_agent=coordination-engine&unread_only=true" \
+  | python3 -m json.tool
+curl -s -X PATCH "http://127.0.0.1:8000/messages/<id>/read" \
+  -H "Content-Type: application/json" -d '{}'
+```
+
+**Step 3 — Scan workplans**
+```bash
+ls workplans/
+```
+For each file with `status: ready`, `active`, or `blocked`, note pending
+`wait`/`todo`/`progress` tasks.
+
+**Step 4 — Present brief**
+
+1. **Active workstreams** for `communication` — title, task counts, blocking decisions
+2. **Pending tasks** from `workplans/` + any `[repo:coordination-engine]` hub tasks
+3. **Goal guidance** — if `goal_guidance` in summary:
+   - `needs_workplan`: surface as top action — *"Repo goal '{title}' has no workplan yet"*
+   - `alignment_warnings`: flag if active work is not aligned with current goal
+4. **Suggested next action** — highest-priority open item
+5. **SBOM status** — flag if `last_sbom_at` is unset for this repo
+
+If no workstreams: follow First Session Protocol (`first-session.md`).
+
+**During work:** `record_decision()` · `add_progress_event()` · `resolve_decision()`
+
+> State Hub is a *read model*. Bootstrap tools (`create_workstream`, `create_task`)
+> are First Session Protocol only. Work structure belongs in repo files (ADR-001).
+
+**Session close:**
+With MCP tools:
+```
+add_progress_event(summary="...", topic_id="36c7421b-c537-4723-bf75-42a3ebc6a1dc", workstream_id="<uuid>")
+```
+Without MCP tools:
+```bash
+curl -s -X POST http://127.0.0.1:8000/progress/ \
+  -H "Content-Type: application/json" \
+  -d '{"topic_id":"36c7421b-c537-4723-bf75-42a3ebc6a1dc","workstream_id":"<uuid>","event_type":"note","summary":"what changed","author":"codex"}'
+```
+If workplan files were modified, ensure the local copy is up to date first:
+```bash
+git -C <repo_path> pull --ff-only
+cd ~/state-hub && make fix-consistency REPO=coordination-engine
+```
+For repos where implementation runs on a remote machine (e.g. CoulombCore),
+use the combined target which pulls before fixing:
+```bash
+cd ~/state-hub && make fix-consistency-remote REPO=coordination-engine
+```
+**C-15** (DB task ahead of file) is normal in multi-machine workflows — writeback
+will sync the file to match DB.  **C-16** (repo behind remote) blocks all writes
+until you pull — intentional to prevent clobbering remote progress.

.claude/rules/stack-and-commands.md

@@ -0,0 +1,20 @@
+## Stack
+
+- **Language:** Markdown-first registry and planning repo (no application runtime yet)
+- **Key deps:** State Hub ADR-001 workplans, `registry/indexes/capabilities.yaml`
+
+## Dev Commands
+
+```bash
+# Orient (offline-safe)
+cat .custodian-brief.md
+cat INTENT.md
+cat SCOPE.md
+ls workplans/
+
+# After workplan or registry edits — from ~/state-hub
+make fix-consistency REPO=coordination-engine
+
+# Sanity-check markdown / registry edits
+git diff --check
+```

.claude/rules/workplan-convention.md

@@ -0,0 +1,40 @@
+## Workplan Convention (ADR-001)
+
+File location: `workplans/COORDINATION-WP-NNNN-<slug>.md`
+ID prefix: `COORDINATION-WP-`
+
+Work items originate as files in this repo **before** being registered in the hub.
+
+Canonical workplan/workstream frontmatter statuses are:
+`proposed`, `ready`, `active`, `blocked`, `backlog`, `finished`, `archived`.
+Use `proposed` for a newly drafted plan, `ready` after review against current
+repo state, and `finished` when implementation is complete. `stalled` and
+`needs_review` are derived health labels, not stored statuses.
+
+Closed workplans may be moved to `workplans/archived/` with a completion-date
+prefix: `YYMMDD-COORDINATION-WP-NNNN-<slug>.md`. The frontmatter id remains
+unchanged; the prefix is only for quick visual reference.
+
+Small opportunistic tasks discovered during another session use **Ad Hoc Tasks**:
+`workplans/ADHOC-YYYY-MM-DD.md`, workstream slug `adhoc-YYYY-MM-DD`, and task ids
+`ADHOC-YYYY-MM-DD-T01`, `T02`, etc. Use adhocs only for low-risk work completed
+directly. Promote anything requiring analysis, design, approval, dependencies, or
+multiple planned phases into a normal workplan.
+
+Ecosystem todos from other agents arrive as `[repo:coordination-engine]` hub tasks —
+visible at session start. Pick one up by creating the workplan file, then registering
+the workstream.
+
+Task blocks use this shape:
+
+```task
+id: COORDINATION-WP-NNNN-T01
+status: wait | todo | progress | done | cancel
+priority: high | medium | low
+state_hub_task_id: "<uuid>"         # written by fix-consistency — do not edit
+```
+
+Status progression is `todo` → `progress` → `done`; use `wait` for waiting or
+blocked work and `cancel` for stopped work.
+
+<!-- Ralph Loop rules and HEUREKA sequence: ~/.claude/CLAUDE.md — do not duplicate here -->

.custodian-brief.md

@@ -0,0 +1,18 @@
+<!-- custodian-brief: generated by fix-consistency — do not edit manually -->
+# Custodian Brief — coordination-engine
+
+**Domain:** communication  
+**Last synced:** 2026-06-24 13:18 UTC  
+**State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
+
+## Active Workstreams
+
+*(none — repo may need first-session setup)*
+
+---
+## MCP Orientation (when available)
+
+If the state-hub MCP server is reachable, call:
+`get_domain_summary("communication")`
+This provides richer cross-domain context.
+If the MCP call fails, use this file as your orientation source.

AGENTS.md

@@ -0,0 +1,219 @@
+# Coordination Engine — Agent Instructions
+
+## Repo Identity
+
+**Purpose:** Coordination Engine - (fill in purpose)
+
+**Domain:** communication
+**Repo slug:** coordination-engine
+**Topic ID:** `36c7421b-c537-4723-bf75-42a3ebc6a1dc`
+**Workplan prefix:** `COORDINATION-WP-`
+
+---
+
+## State Hub Integration
+
+The Custodian State Hub tracks work across all domains. Interact via HTTP REST —
+there is no MCP server for Codex agents.
+
+| Context | URL |
+|---------|-----|
+| Local workstation | `http://127.0.0.1:8000` |
+| Remote via tunnel | `http://127.0.0.1:18000` |
+
+### Orient at session start
+
+```bash
+# Offline brief — works without hub connection
+cat .custodian-brief.md
+
+# Active workstreams for this domain
+curl -s "http://127.0.0.1:8000/workstreams/?topic_id=36c7421b-c537-4723-bf75-42a3ebc6a1dc&status=active" \
+  | python3 -m json.tool
+
+# Check inbox
+curl -s "http://127.0.0.1:8000/messages/?to_agent=coordination-engine&unread_only=true" \
+  | python3 -m json.tool
+```
+
+Mark a message read:
+```bash
+curl -s -X PATCH "http://127.0.0.1:8000/messages/<id>/read" \
+  -H "Content-Type: application/json" -d '{}'
+```
+
+### Log progress (required at session close)
+
+```bash
+curl -s -X POST http://127.0.0.1:8000/progress/ \
+  -H "Content-Type: application/json" \
+  -d '{
+    "summary": "what was done",
+    "event_type": "note",
+    "author": "codex",
+    "workstream_id": "<uuid>",
+    "task_id": "<uuid>"
+  }'
+```
+
+Omit `workstream_id` / `task_id` when not applicable.
+
+### Update task status
+
+```bash
+curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
+  -H "Content-Type: application/json" \
+  -d '{"status": "progress"}'
+# values: wait | todo | progress | done | cancel
+```
+
+### Flag a task for human review
+
+```bash
+curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
+  -H "Content-Type: application/json" \
+  -d '{"needs_human": true, "intervention_note": "reason"}'
+```
+
+---
+
+## Session Protocol
+
+**Start:**
+1. `cat .custodian-brief.md` — domain goal and open workstreams (offline-safe)
+2. Check inbox: `GET /messages/?to_agent=coordination-engine&unread_only=true`; mark read
+3. Scan workplans: `ls workplans/` — note `status: ready`, `active`, or `blocked` files and open tasks
+4. Check human-needed tasks: `GET /tasks/?needs_human=true`
+
+**During work:**
+- Update task statuses in workplan files as tasks progress
+- Record significant decisions via `POST /decisions/`
+
+**Close:**
+1. Update workplan file task statuses to reflect progress
+2. Log: `POST /progress/` with a summary of what changed
+3. Note for the custodian operator: after workplan file changes, run from
+   `~/state-hub`:
+   ```bash
+   make fix-consistency REPO=coordination-engine
+   ```
+   This syncs task status from files into the hub DB.
+
+---
+
+## Credential and access routing
+
+**Audience:** Codex, Claude Code, Grok, and custodian agents that call **llm-connect**
+for inference. Run this check **before** requesting secrets, API keys, SSH access,
+login tokens, or database passwords — in any repo, not only `ops-warden`.
+
+ops-warden **issues SSH certificates only** (`warden sign`, `cert_command`). Every
+other credential need belongs to another subsystem. **Do not** message
+`ops-warden` on State Hub expecting a secret value; the reply is a pointer, not a key.
+
+### Lookup (do this first)
+
+```bash
+warden route find "<describe your need>" --json
+warden route show <catalog-id> --json
+```
+
+Requires the `warden` CLI from `~/ops-warden` (`uv tool install .` or `uv run warden`).
+
+| Agent runtime | How to orient |
+| --- | --- |
+| **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=coordination-engine` is for coordination, not secret vending |
+| **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workstreams; **still** use `warden route` for credential ownership |
+| **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` |
+
+### Quick routing table
+
+| I need… | Owner | ops-warden executes? |
+| --- | --- | --- |
+| SSH cert (`adm`/`agt`/`atm`) | ops-warden | **Yes** — `warden sign` |
+| API key, DB password, provider token | OpenBao (`railiance-platform`) | No — route only |
+| Login / OIDC / MFA | key-cape / Keycloak | No — route only |
+| Authorization decision | flex-auth | No — route only |
+| activity-core → issue-core emission | activity-core + issue-core | No — `warden route show activity-core-issue-sink` |
+| SSH tunnel | ops-bridge (+ `cert_command` from warden) | No — route only |
+
+### Anti-patterns (do not do these)
+
+- `POST /messages/` to `ops-warden` asking for `ISSUE_CORE_API_KEY`, `OPENROUTER_API_KEY`, etc.
+- Inventing `warden secret`, `warden login`, `warden bao`, `warden tunnel` — they do not exist
+- Pasting secrets into Git, State Hub, workplans, logs, or chat
+
+### Other capabilities (reuse-surface)
+
+Non-credential capabilities are usually discovered through **reuse-surface** federation
+(`reuse-surface` registry / `capability.*` indexes). Credential routing is inlined in
+every repo's agent instructions because it is high-frequency, high-risk, and easy to
+get wrong.
+
+**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml`
+
+<!-- REPO-AGENTS-EXTENSIONS -->
+<!-- Append repo-specific agent instructions below this marker.
+     The state-hub template sync preserves content after this line. -->
+
+---
+
+## Workplan Convention (ADR-001)
+
+Work items originate as files in this repo — not in the hub. The hub is a
+read/cache/index layer that rebuilds from files.
+
+**File location:** `workplans/COORDINATION-WP-NNNN-<slug>.md`
+
+**Archived location:** finished workplans may move to
+`workplans/archived/YYMMDD-COORDINATION-WP-NNNN-<slug>.md`. The `YYMMDD` prefix is
+the completion/archive date; the frontmatter `id` does not change.
+
+**Ad Hoc Tasks:** small opportunistic fixes discovered during a session use
+`workplans/ADHOC-YYYY-MM-DD.md` with task ids `ADHOC-YYYY-MM-DD-T01`, etc. Use
+this only for low-risk work completed directly; create a normal workplan for
+anything needing analysis, design, approval, dependencies, or multiple phases.
+
+**Frontmatter:**
+
+```yaml
+---
+id: COORDINATION-WP-NNNN
+type: workplan
+title: "..."
+domain: communication
+repo: coordination-engine
+status: proposed | ready | active | blocked | backlog | finished | archived
+owner: codex
+topic_slug: ...
+created: "YYYY-MM-DD"
+updated: "YYYY-MM-DD"
+state_hub_workstream_id: "<uuid>"   # written by fix-consistency — do not edit
+---
+```
+
+Use `proposed` for a new draft, `ready` after review against current repo
+state, and `finished` after implementation. `stalled` and `needs_review` are
+derived health labels, not frontmatter statuses.
+
+**Task block format** (one per `##` section):
+
+```
+## Task Title
+
+` ` `task
+id: COORDINATION-WP-NNNN-T01
+status: wait | todo | progress | done | cancel
+priority: high | medium | low
+state_hub_task_id: "<uuid>"         # written by fix-consistency — do not edit
+` ` `
+
+Task description text.
+```
+
+Status progression: `todo` → `progress` → `done`; use `wait` for waiting/blocked work and `cancel` for stopped work.
+
+To create a new workplan:
+1. Write the file following the format above
+2. Notify the custodian operator to run `make fix-consistency REPO=coordination-engine`
+   (or send a message to the hub agent via `POST /messages/`)

CLAUDE.md

@@ -0,0 +1,12 @@
+# Coordination Engine — Claude Code Instructions
+
+@SCOPE.md
+@.claude/rules/repo-identity.md
+@.claude/rules/session-protocol.md
+@.claude/rules/first-session.md
+@.claude/rules/workplan-convention.md
+@.claude/rules/stack-and-commands.md
+@.claude/rules/architecture.md
+@.claude/rules/repo-boundary.md
+@.claude/rules/credential-routing.md
+@.claude/rules/agents.md

SCOPE.md

@@ -0,0 +1,31 @@
+# SCOPE
+
+> Lightweight boundary for agents and contributors.
+
+---
+
+## One-liner
+
+Framework for goal-driven digital coordination as communication.
+
+---
+
+## Core Idea
+
+coordination-engine captures coordination models, specs, and registry entries for how actors align on shared goals.
+
+---
+
+## In Scope
+
+- Coordination specs, history, and registry indexes
+- State Hub workplans and agent instructions
+- Capability registration when coordination patterns stabilize
+
+---
+
+## Out of Scope
+
+- Runtime orchestration engine implementation (future repos)
+- Replacing issue trackers or chat systems
+

spec/coordination-model-v0.1.md

@@ -0,0 +1,586 @@
+# coordination-model-v0.1.md
+
+## 1. Document Status
+
+**Document:** coordination-model-v0.1.md
+**Project:** coordination-engine
+**Version:** 0.1
+**Status:** Baseline Draft
+**Scope:** Coordination ontology and communication-act lifecycle
+**Related Documents:**
+
+* `INTENT.md`
+* `SCOPE.md`
+* `ProductRequirementsDocument.md`
+* `RuntimeArchitectureAndAdapterSubsystem.md`
+* `AdapterInterfaceSpecification.md`
+
+## 2. Purpose
+
+This document defines the first coordination ontology for `coordination-engine`.
+
+It establishes the foundational vocabulary for how actors align on shared goals through commitments and how the engine closes the loop with observations, assessments, and follow-up actions.
+
+The ontology is intentionally narrower than the full product requirements. Version 0.1 focuses on four pillars:
+
+1. **Actors** — who participates in coordination
+2. **Goals** — what the coordination process is trying to achieve
+3. **Commitments** — what parties agree to do or enable
+4. **Observation loops** — how evidence drives progress until a goal is satisfied, failed, expired, escalated, or manually closed
+
+Downstream specs (runtime architecture, adapter contracts, scenario patterns) should map to this ontology rather than invent parallel terminology.
+
+## 3. Core Principle
+
+A coordination case succeeds when its **goal** is satisfied, not when a message has merely been sent.
+
+Digital coordination is the controlled arrangement of actors, payloads, access, communication acts, and evidence so that intended results can be achieved under uncertainty.
+
+## 4. Ontology Overview
+
+```text
+CoordinationCase
+  goal: IntendedResult
+  actors: Participant[]
+  commitments: Commitment[]
+  communication_acts: CommunicationAct[]
+  observations: EvidenceEvent[]
+  assessments: Assessment[]
+  policies: Policy[]
+
+Observation loop:
+  CommunicationAct → native signal → EvidenceEvent → Assessment → Policy decision → next CommunicationAct or closure
+```
+
+At runtime, a `CoordinationCase` is the container object. Actors hold roles. Goals define success. Commitments express required obligations. Communication acts are the outward-facing operations (notify, deliver, interact). Observation loops connect external signals back to case progress.
+
+## 5. Actors
+
+### 5.1 Actor
+
+An **Actor** is any entity that can initiate coordination, receive coordination, perform interactions, emit system events, or be referenced in evidence.
+
+Actor types:
+
+| Type | Description | Examples |
+| --- | --- | --- |
+| `human` | A natural person | Customer, employee, signer |
+| `organization` | A legal or operational entity | Company, department, authority |
+| `system` | A software system acting on behalf of a party | ERP, CRM, payment gateway |
+| `agent` | An automation actor with delegated authority | Custodian agent, workflow bot |
+| `bot` | An automated endpoint with limited authority | Scanner, webhook processor |
+| `unknown` | Actor not yet identified | Anonymous portal visitor |
+
+An actor may be referenced before identity is confirmed. The engine must support progressive identity strengthening through evidence.
+
+### 5.2 Participant
+
+A **Participant** is an actor bound to a specific `CoordinationCase` with one or more roles, endpoints, and required outcomes.
+
+Participants are case-scoped. The same human may be a participant in multiple cases with different roles.
+
+Common participant roles:
+
+* `initiator` — starts the case and defines the goal
+* `recipient` — expected to receive awareness, access, or payload
+* `respondent` — expected to submit a response or payload
+* `signer` — expected to sign or countersign
+* `payer` — expected to settle payment
+* `approver` — expected to approve or reject
+* `delegate` — acts with delegated authority for another participant
+* `intermediary` — routes or transforms communication without being the business target
+* `observer` — may view progress or evidence without being required to act
+
+Each participant may carry:
+
+* `participant_id`
+* `actor_ref` — stable identity reference when known
+* `roles[]`
+* `endpoints[]` — email, phone, portal account, API subject, etc.
+* `required_outcomes[]` — participant-level success conditions
+* `authority_attributes` — signing level, approval limit, delegation chain
+* `state` — derived from evidence (see section 8)
+* `evidence_level` — current confidence in progress toward required outcomes
+
+### 5.3 ActorContext
+
+`ActorContext` describes the actor associated with an observation or interaction event.
+
+```yaml
+ActorContext:
+  actor_ref: string?
+  actor_type: human | organization | system | agent | bot | unknown
+  participant_id: string?
+  identity_strength: none | suspected | authenticated | verified
+  authority_strength: none | delegated | authorized
+```
+
+Actor context may be incomplete at event time. Adapters and controllers append or refine context as stronger evidence arrives.
+
+### 5.4 Actor Boundaries
+
+Actors are not channels.
+
+Email inboxes, phone numbers, portal sessions, and API clients are **endpoints** through which actors may be reached or may act. A single actor may have multiple endpoints. A single endpoint may temporarily map to an unknown actor until identity evidence is recorded.
+
+## 6. Goals
+
+### 6.1 CoordinationCase
+
+A **CoordinationCase** is a goal-directed coordination process.
+
+It binds:
+
+* one initiating context
+* one primary goal (`IntendedResult`)
+* one or more participants
+* zero or more payloads and action surfaces
+* the commitments required to reach the goal
+* the policies that govern follow-up under uncertainty
+
+Core case attributes:
+
+```yaml
+CoordinationCase:
+  id: string
+  purpose: string
+  scenario_type: string
+  goal: IntendedResult
+  state: draft | active | paused | partially_completed | completed | failed | expired | cancelled | manually_closed
+  created_at: timestamp
+  deadlines: Deadline[]
+```
+
+### 6.2 IntendedResult
+
+An **IntendedResult** defines what success means for the case.
+
+Examples:
+
+* all required recipients accessed the payload
+* all required respondents submitted valid data
+* all required signers completed signature
+* payment settled above threshold
+* incident acknowledged by all critical participants
+
+```yaml
+IntendedResult:
+  result_type: access | submission | acceptance | signature | payment | acknowledgement | completion | custom
+  target_population: all_required | threshold | named_participants
+  required_outcome: string
+  required_evidence_level: low | medium | high
+  quantitative_threshold: number?
+  deadline: timestamp?
+  partial_success_rules: PartialSuccessRule[]
+  failure_rules: FailureRule[]
+```
+
+A goal is **satisfied** only when its predicate evaluates true against current assessments with sufficient evidence. Weak channel signals alone do not satisfy a goal.
+
+### 6.3 Goal States
+
+Case-level goal interpretation uses these assessment states:
+
+| State | Meaning |
+| --- | --- |
+| `unresolved` | Insufficient evidence to judge progress |
+| `in_progress` | Some required evidence present, goal not yet satisfied |
+| `partially_satisfied` | Goal rules allow partial success and threshold is met |
+| `satisfied` | Goal predicate is true with required evidence |
+| `failed` | Failure rules triggered |
+| `expired` | Deadline passed without required outcome |
+| `escalated` | Manual or policy-driven escalation replaced normal closure path |
+| `manually_closed` | Operator closed the case with documented override |
+
+Goal state is always derived from evidence and policy evaluation. It is not set directly by message dispatch.
+
+### 6.4 Goal vs Communication Act
+
+A goal is not a message.
+
+Sending a notification, granting access, or opening a payment page are **communication acts** in service of commitments. They may produce evidence relevant to the goal, but they do not constitute goal satisfaction by themselves.
+
+## 7. Commitments
+
+### 7.1 Commitment
+
+A **Commitment** is an explicit or policy-derived obligation that some party will enable, attempt, or perform an outcome relevant to the case goal.
+
+Commitments make coordination auditable. Instead of only recording that an email was sent, the engine records what was obligated, by whom, for whom, by when, and whether observations support fulfillment.
+
+```yaml
+Commitment:
+  id: string
+  case_id: string
+  kind: awareness | access | delivery | interaction | response | payment | signature | acknowledgement | enforcement | custom
+  obligor: participant_id | system | policy_engine
+  beneficiary: participant_id | case
+  subject_ref: payload_id | action_surface_id | communication_act_id?
+  due_by: timestamp?
+  required_evidence_level: low | medium | high
+  state: proposed | active | satisfied | breached | waived | expired | cancelled
+  satisfaction_predicate: string
+```
+
+### 7.2 Commitment Sources
+
+Commitments may originate from:
+
+1. **Scenario definition** — a contract-signing scenario requires signature commitments from each signer
+2. **Case creation** — the initiator requests collection of documents by a deadline
+3. **Policy engine** — a reminder policy creates a new awareness commitment after non-response
+4. **Participant action** — a delegate accepts responsibility for responding on behalf of another participant
+
+### 7.3 Commitment Kinds
+
+| Kind | Obligation | Typical fulfillment evidence |
+| --- | --- | --- |
+| `awareness` | Target participant should become aware of the case or payload | notification opened, portal visit, authenticated session |
+| `access` | Target participant should receive usable access to a payload or action surface | access grant used, payload viewed |
+| `delivery` | Payload should become available, transferred, submitted, or consumed | delivery submitted, download recorded, archive stored |
+| `interaction` | Target participant should perform a meaningful action | form submitted, approval recorded, link clicked with identity |
+| `response` | Target participant should provide a structured answer or artifact | inbound payload accepted, validation passed |
+| `payment` | Payer should settle an amount | payment initiated, payment settled |
+| `signature` | Signer should sign or countersign with required assurance | signature completed, authority verified |
+| `acknowledgement` | Participant should confirm awareness of an urgent item | acknowledgement interaction recorded |
+| `enforcement` | System should apply deadline or non-compliance consequence | access revoked, account restricted, case escalated |
+
+### 7.4 Commitment Lifecycle
+
+```text
+proposed
+  → active
+    → satisfied
+    → breached
+    → expired
+    → waived
+    → cancelled
+```
+
+State transitions are driven by observations and policy rules:
+
+* `proposed → active` when the engine accepts the commitment and may schedule communication acts
+* `active → satisfied` when satisfaction predicate is met with required evidence
+* `active → breached` when failure rules fire
+* `active → expired` when `due_by` passes without satisfaction
+* `active → waived` when an authorized actor or policy explicitly waives the obligation
+* `* → cancelled` when the case is cancelled or the commitment is superseded
+
+A commitment may be satisfied at participant level before the case goal is satisfied globally.
+
+### 7.5 Commitments and Communication Acts
+
+Commitments are the semantic layer above transport.
+
+A notification attempt does not create a commitment by itself. The engine creates or activates a commitment first, then derives communication acts to pursue it.
+
+Example:
+
+```text
+Commitment: signer S must sign contract C by Friday
+  → CommunicationAct: notify S via email
+  → CommunicationAct: grant portal access to signature flow
+  → Observation: portal authenticated visit
+  → Observation: signature completed
+  → Commitment state: satisfied
+```
+
+## 8. Observation Loops
+
+### 8.1 Observation
+
+An **Observation** is a recorded fact about what happened in the world or in an external system.
+
+Observations enter the engine primarily as normalized `EvidenceEvent` records. Raw provider events are preserved, but assessments are derived from normalized meaning.
+
+```yaml
+EvidenceEvent:
+  id: string
+  case_id: string
+  event_type: string
+  observed_at: timestamp
+  source_adapter: string
+  participant_id: string?
+  actor_context: ActorContext?
+  payload_ref: string?
+  action_surface_ref: string?
+  communication_act_ref: string?
+  normalized_meaning: string
+  confidence: low | medium | high
+  evidence_grade: weak | moderate | strong
+  raw_event_ref: string?
+  correlation_id: string?
+```
+
+### 8.2 Assessment
+
+An **Assessment** is a derived judgment based on one or more observations.
+
+Assessments exist at multiple levels:
+
+* participant state — has this participant met required outcomes?
+* commitment state — is this obligation satisfied, breached, or still active?
+* case progress — how close is the case to goal satisfaction?
+* uncertainty flags — conflicting, missing, late, or weak evidence
+
+Assessments must remain traceable to the observations that support them.
+
+### 8.3 Observation Loop
+
+The engine operates through a repeating observation loop:
+
+```text
+1. Goal and commitments define required outcomes
+2. Policy engine selects next communication acts
+3. Adapters execute acts and emit native signals
+4. Adapter boundary normalizes signals into EvidenceEvents
+5. Controllers derive participant, commitment, and case assessments
+6. Policy engine evaluates assessments against deadlines and thresholds
+7. Loop continues with follow-up acts, escalation, or closure
+```
+
+```mermaid
+flowchart LR
+  G[Goal] --> C[Commitments]
+  C --> P[Policy Engine]
+  P --> A[Communication Acts]
+  A --> N[Native Signals]
+  N --> E[EvidenceEvents]
+  E --> S[Assessments]
+  S --> P
+  S --> CL[Closure / Escalation]
+  P --> CL
+```
+
+The loop is event-driven and may run continuously as late evidence arrives.
+
+### 8.4 Loop Properties
+
+Observation loops in coordination scenarios have common properties:
+
+1. **Non-linearity** — events may arrive out of order, late, duplicated, or in conflict
+2. **Weak evidence** — channel acceptance is not human awareness
+3. **Progressive strengthening** — identity and authority may start unknown and become verified
+4. **Multi-source fusion** — one assessment may depend on notification, access, and interaction evidence combined
+5. **Policy-gated action** — follow-up acts are chosen by policy, not hardcoded per channel
+6. **Auditable closure** — final case state must cite the evidentiary basis
+
+### 8.5 Uncertainty Handling
+
+Uncertainty is first-class in the loop.
+
+The engine must represent:
+
+* missing expected observations
+* contradictory observations
+* proxy, scanner, or bot-like interactions
+* authenticated actor mismatch
+* expired commitments with partial evidence
+* adapter evidence ceilings
+
+When evidence is weak, the loop prefers:
+
+* `unresolved` or `in_progress` assessment states
+* additional observation opportunities
+* policy actions such as `wait`, `remind`, `switch_channel`, or `manual_review`
+
+Underclaiming is mandatory. Adapters report what happened; the engine decides what it means for goals and commitments.
+
+## 9. Communication Act Lifecycle
+
+### 9.1 CommunicationAct
+
+A **CommunicationAct** is an engine-directed operation that pursues one or more commitments through a channel or surface.
+
+Kinds:
+
+* `notification` — awareness-oriented prompt
+* `delivery` — payload availability, transfer, retrieval, submission, or consumption
+* `interaction` — meaningful action on a payload or action surface
+* `access_change` — grant, revoke, expire, or delegate access
+* `enforcement` — apply deadline or compliance consequence
+
+```yaml
+CommunicationAct:
+  id: string
+  case_id: string
+  kind: notification | delivery | interaction | access_change | enforcement
+  commitment_id: string
+  adapter_ref: string?
+  action_surface_ref: string?
+  target_participant_id: string?
+  state: planned | requested | accepted | in_flight | observed | failed | cancelled
+  requested_at: timestamp?
+  correlation_id: string?
+```
+
+### 9.2 Lifecycle Phases
+
+Every communication act follows a common lifecycle pattern:
+
+```text
+intent declared
+  → attempt requested
+  → attempt accepted or rejected
+  → provider or surface activity observed
+  → normalized evidence recorded
+  → act state updated
+  → assessments and policies re-evaluated
+```
+
+This pattern is shared across channels. Channel-specific details belong in adapter specs, not in the core ontology.
+
+### 9.3 Notification Lifecycle
+
+Notifications pursue awareness commitments.
+
+Typical phases:
+
+```text
+notification.planned
+notification.requested
+notification.accepted_by_adapter
+notification.rejected_by_adapter
+notification.accepted_by_provider
+notification.endpoint_accepted
+notification.opened
+notification.clicked
+notification.failed
+notification.expired
+```
+
+Important distinction:
+
+* `endpoint_accepted` means the channel accepted the message for the endpoint
+* it does **not** mean the participant became aware
+* stronger awareness requires additional observations where the channel allows them
+
+### 9.4 Delivery Lifecycle
+
+Deliveries pursue access, transfer, submission, or consumption commitments.
+
+Typical phases:
+
+```text
+delivery.planned
+delivery.payload.published
+delivery.access.granted
+delivery.payload.viewed
+delivery.payload.downloaded
+delivery.payload.submitted
+delivery.payload.validated
+delivery.payload.rejected
+delivery.completed
+delivery.failed
+```
+
+Delivery evidence may also inform notification and goal assessments. For example, portal access can be stronger evidence than email open tracking.
+
+### 9.5 Interaction Lifecycle
+
+Interactions pursue response, signature, payment, acknowledgement, and other outcome commitments.
+
+Typical phases:
+
+```text
+interaction.surface.opened
+interaction.identity.started
+interaction.identity.completed
+interaction.action.started
+interaction.action.completed
+interaction.declined
+interaction.disputed
+interaction.failed
+```
+
+Interactions should be classified by actor certainty and authority strength. Result-relevant interactions require stronger evidence than anonymous page loads.
+
+### 9.6 Act State vs Goal State
+
+Communication act success is local.
+
+A notification act may reach `observed` while the related awareness commitment remains `active` because evidence is too weak. Case closure requires goal-level assessment, not merely exhausted communication attempts.
+
+## 10. Supporting Concepts
+
+The ontology above is intentionally focused. These related concepts appear in adjacent specs and runtime design:
+
+| Concept | Role in the ontology |
+| --- | --- |
+| `Payload` | Subject of access, delivery, and interaction commitments |
+| `ActionSurface` | Place where interactions occur |
+| `AccessGrant` | Enabler for access commitments |
+| `Policy` | Rules that drive observation-loop decisions |
+| `Adapter` | Boundary that executes acts and supplies observations |
+| `Deadline` | Time bound on goals and commitments |
+| `NextAction` | Policy output consumed by controllers |
+
+## 11. Minimal Case Example
+
+Invoice payment collection:
+
+```text
+Case goal: payment settled by payer P before due date
+
+Participants:
+  - initiator: billing system
+  - payer: P
+
+Commitments:
+  - awareness: payer P should become aware of invoice I
+  - access: payer P should receive access to payment surface S
+  - payment: payer P should settle invoice I
+  - enforcement: system should escalate if unpaid after deadline
+
+Observation loop:
+  1. Publish invoice payload and grant access
+  2. Notify payer via email adapter
+  3. Observe endpoint_accepted (weak evidence)
+  4. Observe portal visit and authenticated session (stronger evidence)
+  5. Awareness commitment satisfied
+  6. Observe payment initiated then settled
+  7. Payment commitment satisfied
+  8. Goal assessment: satisfied
+  9. Case closed with traceable evidence chain
+```
+
+## 12. Terminology Mapping
+
+| Ontology term (v0.1) | Existing project term |
+| --- | --- |
+| Actor | Actor / entity referenced in events |
+| Participant | Participant |
+| Goal | IntendedResult / case success criterion |
+| CoordinationCase | CoordinationCase |
+| Commitment | Obligation implied by scenario, policy, or participant requirement |
+| CommunicationAct | Notification / Delivery / Interaction operation |
+| Observation | EvidenceEvent |
+| Assessment | Derived participant, commitment, or case state |
+| Observation loop | Evidence-driven policy cycle |
+| Endpoint | Participant contact channel |
+
+## 13. v0.1 Non-Goals
+
+This baseline ontology does not yet specify:
+
+* concrete API schemas or persistence models
+* policy language syntax
+* full commitment algebra for nested or conditional obligations
+* legal validity rules for regulated notice or signature scenarios
+* cross-case actor identity merge rules
+* runtime controller interfaces
+
+Those belong in later specs once this vocabulary is stable.
+
+## 14. Success Criteria for v0.1
+
+The ontology is fit for purpose when:
+
+1. A reader can explain a coordination scenario using actors, goals, commitments, and observation loops without referring to transport details.
+2. Adapter and runtime specs can map their entities to this document without contradictory definitions.
+3. A case can be traced from goal declaration through commitments, communication acts, observations, assessments, and closure.
+4. Weak vs strong evidence distinctions remain visible at each loop step.
+
+## 15. Guiding Statement
+
+`coordination-engine` coordinates actors around shared goals through explicit commitments, pursues those commitments with communication acts, and uses observation loops to decide progress, follow-up, and closure under uncertainty.

workplans/COORDINATION-WP-0001-statehub-bootstrap.md

@@ -0,0 +1,67 @@
+---
+id: COORDINATION-WP-0001
+type: workplan
+title: "Bootstrap State Hub integration"
+domain: communication
+repo: coordination-engine
+status: finished
+owner: codex
+topic_slug: communication
+created: "2026-06-22"
+updated: "2026-06-22"
+state_hub_workstream_id: "656d4245-63a0-4022-98a3-e446b133a8d6"
+---
+
+# Bootstrap State Hub integration
+
+Coordination engine for inter-repo workflows.
+
+## Review Generated Integration Files
+
+```task
+id: COORDINATION-WP-0001-T01
+status: done
+priority: high
+state_hub_task_id: "95769b93-99ce-4cbd-be90-a41dbb87fda0"
+
+```
+
+Result 2026-06-22: Filled SCOPE.md from INTENT.
+
+Review `INTENT.md`, `SCOPE.md`, `AGENTS.md`, and `.custodian-brief.md`.
+Replace generated placeholders with repo-specific facts where needed.
+
+## Verify Local Developer Workflow
+
+```task
+id: COORDINATION-WP-0001-T02
+status: done
+priority: high
+state_hub_task_id: "1c1930c6-8bd7-4979-b0a6-cfa476674129"
+
+```
+
+Result 2026-06-22: Registry-oriented dev workflow documented.
+
+Identify the repo's install, test, lint, build, and run commands. Add or refine
+those commands in the agent instructions so future coding sessions can verify
+changes confidently.
+
+## Seed First Real Workplan
+
+```task
+id: COORDINATION-WP-0001-T03
+status: done
+priority: medium
+state_hub_task_id: "f74ef97e-8f0a-4d54-b17c-12dcb68ac3f1"
+
+```
+
+Result 2026-06-22: Created COORDINATION-WP-0002.
+
+Create the first implementation workplan for the repository's most important
+next change. After workplan file updates, run from `~/state-hub`:
+
+```bash
+make fix-consistency REPO=coordination-engine
+```

workplans/COORDINATION-WP-0002-coordination-model-spec.md

@@ -0,0 +1,29 @@
+---
+id: COORDINATION-WP-0002
+type: workplan
+title: "Coordination model specification baseline"
+domain: communication
+repo: coordination-engine
+status: finished
+owner: codex
+topic_slug: communication
+created: "2026-06-22"
+updated: "2026-06-24"
+state_hub_workstream_id: "2b62c9df-577d-45ce-81a7-cf343e2fb6b0"
+---
+
+# Coordination model specification baseline
+
+Draft the first coordination ontology and message lifecycle spec for the engine.
+
+## Author coordination spec v0.1
+
+```task
+id: COORDINATION-WP-0002-T01
+status: done
+priority: high
+state_hub_task_id: "0ece010b-4597-4ae9-b77d-26a3ff8c906f"
+```
+
+Result 2026-06-24: Authored `spec/coordination-model-v0.1.md` with actors, goals,
+commitments, observation loops, and communication-act lifecycle baseline.