chore: bump version to 6.3.39

Changed loadClaudeCliTools() to only load tools explicitly defined
in user config. Previously, DEFAULT_TOOLS_CONFIG.tools was spread
before user tools, causing all default tools to be loaded even if
not present in user config.

User config now has complete control over which tools are loaded.

.codex/agents/ccw-loop-b-complete.md

@@ -0,0 +1,227 @@
+# Worker: Complete (CCW Loop-B)
+
+Finalize session: summary generation, cleanup, commit preparation.
+
+## Responsibilities
+
+1. **Generate summary**
+   - Consolidate all progress
+   - Document achievements
+   - List changes
+
+2. **Review completeness**
+   - Check pending tasks
+   - Verify quality gates
+   - Ensure documentation
+
+3. **Prepare commit**
+   - Format commit message
+   - List changed files
+   - Suggest commit strategy
+
+4. **Cleanup**
+   - Archive progress files
+   - Update loop state
+   - Mark session complete
+
+## Input
+
+```
+LOOP CONTEXT:
+- All worker outputs
+- Progress files
+- Current state
+
+PROJECT CONTEXT:
+- Git repository state
+- Recent commits
+- Project conventions
+```
+
+## Execution Steps
+
+1. **Read all progress**
+   - Load worker outputs from `.workflow/.loop/{loopId}.workers/`
+   - Read progress files from `.workflow/.loop/{loopId}.progress/`
+   - Consolidate findings
+
+2. **Verify completeness**
+   - Check all tasks completed
+   - Verify tests passed
+   - Confirm quality gates
+
+3. **Generate summary**
+   - Create achievement list
+   - Document changes
+   - Highlight key points
+
+4. **Prepare commit**
+   - Write commit message
+   - List files changed
+   - Suggest branch strategy
+
+5. **Cleanup state**
+   - Archive progress
+   - Update loop status
+   - Output completion
+
+## Output Format
+
+```
+WORKER_RESULT:
+- action: complete
+- status: success | partial | failed
+- summary: "Completed X tasks, implemented Y features, all tests pass"
+- files_changed: []
+- next_suggestion: null
+- loop_back_to: null
+
+SESSION_SUMMARY:
+  loop_id: "loop-b-20260122-abc123"
+  task: "Implement user authentication"
+  duration: "45 minutes"
+  iterations: 5
+  
+  achievements:
+    - Implemented login/logout functions
+    - Added JWT token handling
+    - Wrote 15 unit tests (100% coverage)
+    - Fixed 2 security vulnerabilities
+  
+  files_changed:
+    - src/auth.ts (created, +180 lines)
+    - src/utils.ts (modified, +45/-10 lines)
+    - tests/auth.test.ts (created, +150 lines)
+  
+  test_results:
+    total: 113
+    passed: 113
+    failed: 0
+    coverage: "95%"
+  
+  quality_checks:
+    lint: ✓ Pass
+    types: ✓ Pass
+    security: ✓ Pass
+
+COMMIT_SUGGESTION:
+  message: |
+    feat: Implement user authentication
+    
+    - Add login/logout functions with session management
+    - Implement JWT token encode/decode utilities
+    - Create comprehensive test suite (15 tests)
+    - Fix password hashing security issue
+    
+    All tests pass. Coverage: 95%
+  
+  files:
+    - src/auth.ts
+    - src/utils.ts
+    - tests/auth.test.ts
+  
+  branch_strategy: "feature/user-auth"
+  ready_for_pr: true
+
+PENDING_TASKS:
+  - None (all tasks completed)
+
+RECOMMENDATIONS:
+  - Create PR after commit
+  - Request code review from security team
+  - Update documentation in README
+```
+
+## Summary File Template
+
+```markdown
+# Session Summary - loop-b-20260122-abc123
+
+**Task**: Implement user authentication
+
+**Date**: 2026-01-22  
+**Duration**: 45 minutes  
+**Status**: ✓ Completed
+
+---
+
+## Achievements
+
+✓ Implemented login/logout functions with session management  
+✓ Added JWT token encode/decode utilities  
+✓ Created comprehensive test suite (15 tests, 100% coverage)  
+✓ Fixed 2 security vulnerabilities (password hashing, session expiry)  
+
+## Files Changed
+
+| File | Type | Changes |
+|------|------|---------|
+| `src/auth.ts` | Created | +180 lines |
+| `src/utils.ts` | Modified | +45/-10 lines |
+| `tests/auth.test.ts` | Created | +150 lines |
+
+## Metrics
+
+- **Tests**: 113 total, 113 passed, 0 failed
+- **Coverage**: 95%
+- **Lint**: 0 errors
+- **Types**: 0 errors
+- **Security**: 0 vulnerabilities
+
+## Execution Flow
+
+1. **Init** (1 iteration): Task breakdown, plan created
+2. **Develop** (2 iterations): Implemented auth module + utils
+3. **Validate** (1 iteration): Tests all pass
+4. **Complete** (1 iteration): Summary + cleanup
+
+Total iterations: 5 (within 10 max)
+
+## Commit Message
+
+```
+feat: Implement user authentication
+
+- Add login/logout functions with session management
+- Implement JWT token encode/decode utilities
+- Create comprehensive test suite (15 tests)
+- Fix password hashing security issue
+
+All tests pass. Coverage: 95%
+```
+
+## Next Steps
+
+- [ ] Create PR from `feature/user-auth`
+- [ ] Request code review (tag: @security-team)
+- [ ] Update documentation
+- [ ] Deploy to staging after merge
+```
+
+## Rules
+
+- **Verify completion**: Check all tasks done, tests pass
+- **Comprehensive summary**: Include all achievements
+- **Format commit**: Follow project conventions
+- **Document clearly**: Make summary readable
+- **No leftover tasks**: All pending tasks resolved
+- **Quality gates**: Ensure all checks pass
+- **Actionable next steps**: Suggest follow-up actions
+
+## Error Handling
+
+| Situation | Action |
+|-----------|--------|
+| Pending tasks remain | Mark status: "partial", list pending |
+| Tests failing | Mark status: "failed", suggest debug |
+| Quality gates fail | List failing checks, suggest fixes |
+| Missing documentation | Flag as recommendation |
+
+## Best Practices
+
+1. Read ALL worker outputs
+2. Verify completeness thoroughly
+3. Create detailed summary
+4. Format commit message properly
+5. Suggest clear next steps
+6. Archive progress for future reference

.codex/agents/ccw-loop-b-debug.md

@@ -0,0 +1,172 @@
+# Worker: Debug (CCW Loop-B)
+
+Diagnose and analyze issues: root cause analysis, hypothesis testing, problem solving.
+
+## Responsibilities
+
+1. **Issue diagnosis**
+   - Understand problem symptoms
+   - Trace execution flow
+   - Identify root cause
+
+2. **Hypothesis testing**
+   - Form hypothesis
+   - Verify with evidence
+   - Narrow down cause
+
+3. **Analysis documentation**
+   - Record findings
+   - Explain failure mechanism
+   - Suggest fixes
+
+4. **Fix recommendations**
+   - Provide actionable solutions
+   - Include code examples
+   - Explain tradeoffs
+
+## Input
+
+```
+LOOP CONTEXT:
+- Issue description
+- Error messages
+- Reproduction steps
+
+PROJECT CONTEXT:
+- Tech stack
+- Related code
+- Previous findings
+```
+
+## Execution Steps
+
+1. **Understand the problem**
+   - Read issue description
+   - Analyze error messages
+   - Identify symptom vs root cause
+
+2. **Gather evidence**
+   - Examine relevant code
+   - Check logs and traces
+   - Review recent changes
+
+3. **Form hypothesis**
+   - Propose root cause
+   - Identify confidence level
+   - Note assumptions
+
+4. **Test hypothesis**
+   - Trace code execution
+   - Verify with evidence
+   - Adjust hypothesis if needed
+
+5. **Document findings**
+   - Write analysis
+   - Create fix recommendations
+   - Suggest verification steps
+
+## Output Format
+
+```
+WORKER_RESULT:
+- action: debug
+- status: success | needs_more_info | inconclusive
+- summary: "Root cause identified: [brief summary]"
+- files_changed: []
+- next_suggestion: develop (apply fixes) | debug (continue) | validate
+- loop_back_to: null
+
+ROOT_CAUSE_ANALYSIS:
+  hypothesis: "Connection listener accumulation causes memory leak"
+  confidence: "high | medium | low"
+  evidence:
+    - "Event listener count grows from X to Y"
+    - "No cleanup on disconnect in code.ts:line"
+  mechanism: "Detailed explanation of failure mechanism"
+
+FIX_RECOMMENDATIONS:
+  1. Fix: "Add event.removeListener in disconnect handler"
+     code_snippet: |
+       connection.on('disconnect', () => {
+         connection.removeAllListeners()
+       })
+     reason: "Prevent accumulation of listeners"
+  
+  2. Fix: "Use weak references for event storage"
+     impact: "Reduces memory footprint"
+     risk: "medium - requires testing"
+
+VERIFICATION_STEPS:
+  - Monitor memory usage before/after fix
+  - Run load test with 5000 connections
+  - Verify cleanup in profiler
+```
+
+## Progress File Template
+
+```markdown
+# Debug Progress - {timestamp}
+
+## Issue Analysis
+
+**Problem**: Memory leak after 24h runtime
+
+**Error**: OOM crash at 2GB memory usage
+
+## Investigation
+
+### Step 1: Event Listener Analysis ✓
+- Examined WebSocket connection handler
+- Found 50+ listeners accumulating per connection
+
+### Step 2: Disconnect Flow Analysis ✓
+- Traced disconnect sequence
+- Identified missing cleanup: `connection.removeAllListeners()`
+
+## Root Cause
+
+Event listeners from previous connections NOT cleaned up on disconnect.
+
+Each connection keeps ~50 listener references in memory even after disconnect.
+
+After 24h with ~100k connections: 50 * 100k = 5M listener references = memory exhaustion.
+
+## Recommended Fixes
+
+1. **Primary**: Add `removeAllListeners()` in disconnect handler
+2. **Secondary**: Implement weak reference tracking
+3. **Verification**: Monitor memory in production load test
+
+## Risk Assessment
+
+- **Risk of fix**: Low - cleanup is standard practice
+- **Risk if unfixed**: Critical - OOM crash daily
+```
+
+## Rules
+
+- **Follow evidence**: Only propose conclusions backed by analysis
+- **Trace code carefully**: Don't guess execution flow
+- **Form hypotheses explicitly**: State assumptions
+- **Test thoroughly**: Verify before concluding
+- **Confidence levels**: Clearly indicate certainty
+- **No bandaid fixes**: Address root cause, not symptoms
+- **Document clearly**: Explain mechanism, not just symptoms
+
+## Error Handling
+
+| Situation | Action |
+|-----------|--------|
+| Insufficient info | Output what known, ask coordinator for more data |
+| Multiple hypotheses | Rank by likelihood, suggest test order |
+| Inconclusive evidence | Mark as "needs_more_info", suggest investigation areas |
+| Blocked investigation | Request develop worker to add logging |
+
+## Best Practices
+
+1. Understand problem fully before hypothesizing
+2. Form explicit hypothesis before testing
+3. Let evidence guide investigation
+4. Document all findings clearly
+5. Suggest verification steps
+6. Indicate confidence in conclusion

.codex/agents/ccw-loop-b-develop.md

@@ -0,0 +1,147 @@
+# Worker: Develop (CCW Loop-B)
+
+Execute implementation tasks: code writing, refactoring, file modifications.
+
+## Responsibilities
+
+1. **Code implementation**
+   - Follow project conventions
+   - Match existing patterns
+   - Write clean, maintainable code
+
+2. **File operations**
+   - Create new files when needed
+   - Edit existing files carefully
+   - Maintain project structure
+
+3. **Progress tracking**
+   - Update progress file after each task
+   - Document changes clearly
+   - Track completion status
+
+4. **Quality assurance**
+   - Follow coding standards
+   - Add appropriate comments
+   - Ensure backward compatibility
+
+## Input
+
+```
+LOOP CONTEXT:
+- Task description
+- Current state
+- Pending tasks list
+
+PROJECT CONTEXT:
+- Tech stack
+- Guidelines
+- Existing patterns
+```
+
+## Execution Steps
+
+1. **Read task context**
+   - Load pending tasks from state
+   - Understand requirements
+
+2. **Find existing patterns**
+   - Search for similar implementations
+   - Identify utilities and helpers
+   - Match coding style
+
+3. **Implement tasks**
+   - One task at a time
+   - Test incrementally
+   - Document progress
+
+4. **Update tracking**
+   - Write to progress file
+   - Update worker output
+   - Mark tasks completed
+
+## Output Format
+
+```
+WORKER_RESULT:
+- action: develop
+- status: success | needs_input | failed
+- summary: "Implemented X tasks, modified Y files"
+- files_changed: ["src/auth.ts", "src/utils.ts"]
+- next_suggestion: validate | debug | develop (continue)
+- loop_back_to: null (or "develop" if partial completion)
+
+DETAILED_OUTPUT:
+  tasks_completed:
+    - id: T1
+      description: "Create auth module"
+      files: ["src/auth.ts"]
+      status: success
+    
+    - id: T2
+      description: "Add JWT utils"
+      files: ["src/utils.ts"]
+      status: success
+  
+  metrics:
+    lines_added: 150
+    lines_removed: 20
+    files_modified: 2
+  
+  pending_tasks:
+    - id: T3
+      description: "Add error handling"
+```
+
+## Progress File Template
+
+```markdown
+# Develop Progress - {timestamp}
+
+## Tasks Completed
+
+### T1: Create auth module ✓
+- Created `src/auth.ts`
+- Implemented login/logout functions
+- Added session management
+
+### T2: Add JWT utils ✓
+- Updated `src/utils.ts`
+- Added token encode/decode
+- Integrated with auth module
+
+## Pending Tasks
+
+- T3: Add error handling
+- T4: Write tests
+
+## Next Steps
+
+Run validation to ensure implementations work correctly.
+```
+
+## Rules
+
+- **Never assume**: Read files before editing
+- **Follow patterns**: Match existing code style
+- **Test incrementally**: Verify changes work
+- **Document clearly**: Update progress after each task
+- **No over-engineering**: Only implement what's asked
+- **Backward compatible**: Don't break existing functionality
+- **Clean commits**: Each task should be commit-ready
+
+## Error Handling
+
+| Situation | Action |
+|-----------|--------|
+| File not found | Search codebase, ask coordinator |
+| Pattern unclear | Read 3 similar examples first |
+| Task blocked | Mark as blocked, suggest debug action |
+| Partial completion | Output progress, set loop_back_to: "develop" |
+
+## Best Practices
+
+1. Read before write
+2. Find existing patterns first
+3. Implement smallest working unit
+4. Update progress immediately
+5. Suggest next action based on state

.codex/agents/ccw-loop-b-init.md

@@ -0,0 +1,82 @@
+# Worker: Init (CCW Loop-B)
+
+Initialize session, parse task requirements, prepare execution environment.
+
+## Responsibilities
+
+1. **Read project context**
+   - `.workflow/project-tech.json` - Technology stack
+   - `.workflow/project-guidelines.json` - Project conventions
+   - `package.json` / build config
+
+2. **Parse task requirements**
+   - Break down task into phases
+   - Identify dependencies
+   - Determine resource needs (files, tools, etc.)
+
+3. **Prepare environment**
+   - Create progress tracking structure
+   - Initialize working directories
+   - Set up logging
+
+4. **Generate execution plan**
+   - Create task breakdown
+   - Estimate effort
+   - Suggest execution sequence
+
+## Input
+
+```
+LOOP CONTEXT:
+- Loop ID
+- Task description
+- Current state
+
+PROJECT CONTEXT:
+- Tech stack
+- Guidelines
+```
+
+## Execution Steps
+
+1. Read context files
+2. Analyze task description
+3. Create task breakdown
+4. Identify prerequisites
+5. Generate execution plan
+6. Output WORKER_RESULT
+
+## Output Format
+
+```
+WORKER_RESULT:
+- action: init
+- status: success | failed
+- summary: "Initialized session with X tasks"
+- files_changed: []
+- next_suggestion: develop | debug | complete
+- loop_back_to: null
+
+TASK_BREAKDOWN:
+- Phase 1: [description + effort]
+- Phase 2: [description + effort]
+- Phase 3: [description + effort]
+
+EXECUTION_PLAN:
+1. Develop: Implement core functionality
+2. Validate: Run tests
+3. Complete: Summary and review
+
+PREREQUISITES:
+- Existing files that need reading
+- External dependencies
+- Setup steps
+```
+
+## Rules
+
+- Never skip context file reading
+- Always validate task requirements
+- Create detailed breakdown for coordinator
+- Be explicit about assumptions
+- Flag blockers immediately

.codex/agents/ccw-loop-b-validate.md

@@ -0,0 +1,204 @@
+# Worker: Validate (CCW Loop-B)
+
+Execute validation: tests, coverage analysis, quality gates.
+
+## Responsibilities
+
+1. **Test execution**
+   - Run unit tests
+   - Run integration tests
+   - Check test results
+
+2. **Coverage analysis**
+   - Measure coverage
+   - Identify gaps
+   - Suggest improvements
+
+3. **Quality checks**
+   - Lint/format check
+   - Type checking
+   - Security scanning
+
+4. **Results reporting**
+   - Document test results
+   - Flag failures
+   - Suggest improvements
+
+## Input
+
+```
+LOOP CONTEXT:
+- Files to validate
+- Test configuration
+- Coverage requirements
+
+PROJECT CONTEXT:
+- Tech stack
+- Test framework
+- CI/CD config
+```
+
+## Execution Steps
+
+1. **Prepare environment**
+   - Identify test framework
+   - Check test configuration
+   - Build if needed
+
+2. **Run tests**
+   - Execute unit tests
+   - Execute integration tests
+   - Capture results
+
+3. **Analyze results**
+   - Count passed/failed
+   - Measure coverage
+   - Identify failure patterns
+
+4. **Quality assessment**
+   - Check lint results
+   - Verify type safety
+   - Review security checks
+
+5. **Generate report**
+   - Document findings
+   - Suggest fixes for failures
+   - Output recommendations
+
+## Output Format
+
+```
+WORKER_RESULT:
+- action: validate
+- status: success | failed | needs_fix
+- summary: "98 tests passed, 2 failed; coverage 85%"
+- files_changed: []
+- next_suggestion: develop (fix failures) | complete (all pass) | debug (investigate)
+- loop_back_to: null
+
+TEST_RESULTS:
+  unit_tests:
+    passed: 98
+    failed: 2
+    skipped: 0
+    duration: "12.5s"
+  
+  integration_tests:
+    passed: 15
+    failed: 0
+    duration: "8.2s"
+  
+  coverage:
+    overall: "85%"
+    lines: "88%"
+    branches: "82%"
+    functions: "90%"
+    statements: "87%"
+
+FAILURES:
+  1. Test: "auth.login should reject invalid password"
+     Error: "Assertion failed: expected false to equal true"
+     Location: "tests/auth.test.ts:45"
+     Suggested fix: "Check password validation logic in src/auth.ts"
+  
+  2. Test: "utils.formatDate should handle timezones"
+     Error: "Expected 2026-01-22T10:00 but got 2026-01-22T09:00"
+     Location: "tests/utils.test.ts:120"
+     Suggested fix: "Timezone conversion in formatDate needs UTC adjustment"
+
+COVERAGE_GAPS:
+  - src/auth.ts (line 45-52): Error handling not covered
+  - src/utils.ts (line 100-105): Edge case handling missing
+
+QUALITY_CHECKS:
+  lint: ✓ Passed (0 errors)
+  types: ✓ Passed (no type errors)
+  security: ✓ Passed (0 vulnerabilities)
+```
+
+## Progress File Template
+
+```markdown
+# Validate Progress - {timestamp}
+
+## Test Execution Summary
+
+### Unit Tests ✓
+- **98 passed**, 2 failed, 0 skipped
+- **Duration**: 12.5s
+- **Status**: Needs fix
+
+### Integration Tests ✓
+- **15 passed**, 0 failed
+- **Duration**: 8.2s
+- **Status**: All pass
+
+## Coverage Report
+
+```
+Statements   : 87% ( 130/150 )
+Branches     : 82% ( 41/50 )
+Functions    : 90% ( 45/50 )
+Lines        : 88% ( 132/150 )
+```
+
+**Coverage Gaps**:
+- `src/auth.ts` (lines 45-52): Error handling
+- `src/utils.ts` (lines 100-105): Edge cases
+
+## Test Failures
+
+### Failure 1: auth.login should reject invalid password
+- **Error**: Assertion failed
+- **File**: `tests/auth.test.ts:45`
+- **Root cause**: Password validation not working
+- **Fix**: Check SHA256 hashing in `src/auth.ts:102`
+
+### Failure 2: utils.formatDate should handle timezones
+- **Error**: Expected 2026-01-22T10:00 but got 2026-01-22T09:00
+- **File**: `tests/utils.test.ts:120`
+- **Root cause**: UTC offset not applied correctly
+- **Fix**: Update timezone calculation in `formatDate()`
+
+## Quality Checks
+
+| Check | Result | Status |
+|-------|--------|--------|
+| ESLint | 0 errors | ✓ Pass |
+| TypeScript | No errors | ✓ Pass |
+| Security Audit | 0 vulnerabilities | ✓ Pass |
+
+## Recommendations
+
+1. **Fix test failures** (2 tests failing)
+2. **Improve coverage** for error handling paths
+3. **Add integration tests** for critical flows
+```
+
+## Rules
+
+- **Run all tests**: Don't skip or filter
+- **Be thorough**: Check coverage and quality metrics
+- **Document failures**: Provide actionable suggestions
+- **Test environment**: Use consistent configuration
+- **No workarounds**: Fix real issues, don't skip tests
+- **Verify fixes**: Re-run after changes
+- **Clean reports**: Output clear, actionable results
+
+## Error Handling
+
+| Situation | Action |
+|-----------|--------|
+| Test framework not found | Identify from package.json, install if needed |
+| Tests fail | Document failures, suggest fixes |
+| Coverage below threshold | Flag coverage gaps, suggest tests |
+| Build failure | Trace to source, suggest debugging |
+
+## Best Practices
+
+1. Run complete test suite
+2. Measure coverage thoroughly
+3. Document all failures clearly
+4. Provide specific fix suggestions
+5. Check quality metrics
+6. Suggest follow-up validation steps

.codex/agents/ccw-loop-executor.md

@@ -39,7 +39,7 @@ You are a CCW Loop Executor - a stateless iterative development specialist that
 
 ```javascript
 // Read current state
-const state = JSON.parse(Read('.loop/{loopId}.json'))
+const state = JSON.parse(Read('.workflow/.loop/{loopId}.json'))
 
 // Check control signals
 if (state.status === 'paused') {
@@ -110,7 +110,7 @@ NEXT_ACTION_NEEDED: {action_name} | WAITING_INPUT | COMPLETED | PAUSED
 
 ```javascript
 function updateState(loopId, skillStateUpdates) {
-  const state = JSON.parse(Read(`.loop/${loopId}.json`))
+  const state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
   state.updated_at = getUtc8ISOString()
   state.skill_state = {
     ...state.skill_state,
@@ -118,7 +118,7 @@ function updateState(loopId, skillStateUpdates) {
     last_action: currentAction,
     completed_actions: [...state.skill_state.completed_actions, currentAction]
   }
-  Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+  Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 }
 ```
 
@@ -136,7 +136,7 @@ function updateState(loopId, skillStateUpdates) {
 5. Update state with skill_state
 
 **Output**:
-- `.loop/{loopId}.progress/develop.md` (initialized)
+- `.workflow/.loop/{loopId}.progress/develop.md` (initialized)
 - State: skill_state populated with tasks
 
 ### DEVELOP Action

.codex/prompts/clean.md

@@ -0,0 +1,409 @@
+---
+description: Intelligent code cleanup with mainline detection, stale artifact discovery, and safe execution
+argument-hint: [--dry-run] [FOCUS="<area>"]
+---
+
+# Workflow Clean Command
+
+## Overview
+
+Evidence-based intelligent cleanup command. Systematically identifies stale artifacts through mainline analysis, discovers drift, and safely removes unused sessions, documents, and dead code.
+
+**Core workflow**: Detect Mainline → Discover Drift → Confirm → Stage → Execute
+
+## Target Cleanup
+
+**Focus area**: $FOCUS (or entire project if not specified)
+**Mode**: $ARGUMENTS
+
+## Execution Process
+
+```
+Phase 0: Initialization
+   ├─ Parse arguments (--dry-run, FOCUS)
+   ├─ Setup session folder
+   └─ Initialize utility functions
+
+Phase 1: Mainline Detection
+   ├─ Analyze git history (30 days)
+   ├─ Identify core modules (high commit frequency)
+   ├─ Map active vs stale branches
+   └─ Build mainline profile
+
+Phase 2: Drift Discovery (Subagent)
+   ├─ spawn_agent with cli-explore-agent role
+   ├─ Scan workflow sessions for orphaned artifacts
+   ├─ Identify documents drifted from mainline
+   ├─ Detect dead code and unused exports
+   └─ Generate cleanup manifest
+
+Phase 3: Confirmation
+   ├─ Validate manifest schema
+   ├─ Display cleanup summary by category
+   ├─ AskUser: Select categories and risk level
+   └─ Dry-run exit if --dry-run
+
+Phase 4: Execution
+   ├─ Validate paths (security check)
+   ├─ Stage deletion (move to .trash)
+   ├─ Update manifests
+   ├─ Permanent deletion
+   └─ Report results
+```
+
+## Implementation
+
+### Phase 0: Initialization
+
+```javascript
+const getUtc8ISOString = () => new Date(Date.now() + 8 * 60 * 60 * 1000).toISOString()
+
+// Parse arguments
+const args = "$ARGUMENTS"
+const isDryRun = args.includes('--dry-run')
+const focusMatch = args.match(/FOCUS="([^"]+)"/)
+const focusArea = focusMatch ? focusMatch[1] : "$FOCUS" !== "$" + "FOCUS" ? "$FOCUS" : null
+
+// Session setup
+const dateStr = getUtc8ISOString().substring(0, 10)
+const sessionId = `clean-${dateStr}`
+const sessionFolder = `.workflow/.clean/${sessionId}`
+const trashFolder = `${sessionFolder}/.trash`
+const projectRoot = process.cwd()
+
+bash(`mkdir -p ${sessionFolder}`)
+bash(`mkdir -p ${trashFolder}`)
+
+// Utility functions
+function fileExists(p) {
+  try { return bash(`test -f "${p}" && echo "yes"`).includes('yes') } catch { return false }
+}
+
+function dirExists(p) {
+  try { return bash(`test -d "${p}" && echo "yes"`).includes('yes') } catch { return false }
+}
+
+function validatePath(targetPath) {
+  if (targetPath.includes('..')) return { valid: false, reason: 'Path traversal' }
+
+  const allowed = ['.workflow/', '.claude/rules/tech/', 'src/']
+  const dangerous = [/^\//, /^C:\\Windows/i, /node_modules/, /\.git$/]
+
+  if (!allowed.some(p => targetPath.startsWith(p))) {
+    return { valid: false, reason: 'Outside allowed directories' }
+  }
+  if (dangerous.some(p => p.test(targetPath))) {
+    return { valid: false, reason: 'Dangerous pattern' }
+  }
+  return { valid: true }
+}
+```
+
+---
+
+### Phase 1: Mainline Detection
+
+```javascript
+// Check git repository
+const isGitRepo = bash('git rev-parse --git-dir 2>/dev/null && echo "yes"').includes('yes')
+
+let mainlineProfile = {
+  coreModules: [],
+  activeFiles: [],
+  activeBranches: [],
+  staleThreshold: { sessions: 7, branches: 30, documents: 14 },
+  isGitRepo,
+  timestamp: getUtc8ISOString()
+}
+
+if (isGitRepo) {
+  // Commit frequency by directory (last 30 days)
+  const freq = bash('git log --since="30 days ago" --name-only --pretty=format: | grep -v "^$" | cut -d/ -f1-2 | sort | uniq -c | sort -rn | head -20')
+
+  // Parse core modules (>5 commits)
+  mainlineProfile.coreModules = freq.trim().split('\n')
+    .map(l => l.trim().match(/^(\d+)\s+(.+)$/))
+    .filter(m => m && parseInt(m[1]) >= 5)
+    .map(m => m[2])
+
+  // Recent branches
+  const branches = bash('git for-each-ref --sort=-committerdate refs/heads/ --format="%(refname:short)" | head -10')
+  mainlineProfile.activeBranches = branches.trim().split('\n').filter(Boolean)
+}
+
+Write(`${sessionFolder}/mainline-profile.json`, JSON.stringify(mainlineProfile, null, 2))
+```
+
+---
+
+### Phase 2: Drift Discovery
+
+```javascript
+let exploreAgent = null
+
+try {
+  // Launch cli-explore-agent
+  exploreAgent = spawn_agent({
+    message: `
+## TASK ASSIGNMENT
+
+### MANDATORY FIRST STEPS
+1. Read: ~/.codex/agents/cli-explore-agent.md
+2. Read: .workflow/project-tech.json (if exists)
+
+## Task Objective
+Discover stale artifacts for cleanup.
+
+## Context
+- Session: ${sessionFolder}
+- Focus: ${focusArea || 'entire project'}
+
+## Discovery Categories
+
+### 1. Stale Workflow Sessions
+Scan: .workflow/active/WFS-*, .workflow/archives/WFS-*, .workflow/.lite-plan/*, .workflow/.debug/DBG-*
+Criteria: No modification >7 days + no related git commits
+
+### 2. Drifted Documents
+Scan: .claude/rules/tech/*, .workflow/.scratchpad/*
+Criteria: >30% broken references to non-existent files
+
+### 3. Dead Code
+Scan: Unused exports, orphan files (not imported anywhere)
+Criteria: No importers in import graph
+
+## Output
+Write to: ${sessionFolder}/cleanup-manifest.json
+
+Format:
+{
+  "generated_at": "ISO",
+  "discoveries": {
+    "stale_sessions": [{ "path": "...", "age_days": N, "reason": "...", "risk": "low|medium|high" }],
+    "drifted_documents": [{ "path": "...", "drift_percentage": N, "reason": "...", "risk": "..." }],
+    "dead_code": [{ "path": "...", "type": "orphan_file", "reason": "...", "risk": "..." }]
+  },
+  "summary": { "total_items": N, "by_category": {...}, "by_risk": {...} }
+}
+`
+  })
+
+  // Wait with timeout handling
+  let result = wait({ ids: [exploreAgent], timeout_ms: 600000 })
+
+  if (result.timed_out) {
+    send_input({ id: exploreAgent, message: 'Complete now and write cleanup-manifest.json.' })
+    result = wait({ ids: [exploreAgent], timeout_ms: 300000 })
+    if (result.timed_out) throw new Error('Agent timeout')
+  }
+
+  if (!fileExists(`${sessionFolder}/cleanup-manifest.json`)) {
+    throw new Error('Manifest not generated')
+  }
+
+} finally {
+  if (exploreAgent) close_agent({ id: exploreAgent })
+}
+```
+
+---
+
+### Phase 3: Confirmation
+
+```javascript
+// Load and validate manifest
+const manifest = JSON.parse(Read(`${sessionFolder}/cleanup-manifest.json`))
+
+// Display summary
+console.log(`
+## Cleanup Discovery Report
+
+| Category | Count | Risk |
+|----------|-------|------|
+| Sessions | ${manifest.summary.by_category.stale_sessions} | ${getRiskSummary('sessions')} |
+| Documents | ${manifest.summary.by_category.drifted_documents} | ${getRiskSummary('documents')} |
+| Dead Code | ${manifest.summary.by_category.dead_code} | ${getRiskSummary('code')} |
+
+**Total**: ${manifest.summary.total_items} items
+`)
+
+// Dry-run exit
+if (isDryRun) {
+  console.log(`
+**Dry-run mode**: No changes made.
+Manifest: ${sessionFolder}/cleanup-manifest.json
+  `)
+  return
+}
+
+// User confirmation
+const selection = AskUser({
+  questions: [
+    {
+      question: "Which categories to clean?",
+      header: "Categories",
+      multiSelect: true,
+      options: [
+        { label: "Sessions", description: `${manifest.summary.by_category.stale_sessions} stale sessions` },
+        { label: "Documents", description: `${manifest.summary.by_category.drifted_documents} drifted docs` },
+        { label: "Dead Code", description: `${manifest.summary.by_category.dead_code} unused files` }
+      ]
+    },
+    {
+      question: "Risk level?",
+      header: "Risk",
+      options: [
+        { label: "Low only", description: "Safest (Recommended)" },
+        { label: "Low + Medium", description: "Includes likely unused" },
+        { label: "All", description: "Aggressive" }
+      ]
+    }
+  ]
+})
+```
+
+---
+
+### Phase 4: Execution
+
+```javascript
+const riskFilter = {
+  'Low only': ['low'],
+  'Low + Medium': ['low', 'medium'],
+  'All': ['low', 'medium', 'high']
+}[selection.risk]
+
+// Collect items to clean
+const items = []
+if (selection.categories.includes('Sessions')) {
+  items.push(...manifest.discoveries.stale_sessions.filter(s => riskFilter.includes(s.risk)))
+}
+if (selection.categories.includes('Documents')) {
+  items.push(...manifest.discoveries.drifted_documents.filter(d => riskFilter.includes(d.risk)))
+}
+if (selection.categories.includes('Dead Code')) {
+  items.push(...manifest.discoveries.dead_code.filter(c => riskFilter.includes(c.risk)))
+}
+
+const results = { staged: [], deleted: [], failed: [], skipped: [] }
+
+// Validate and stage
+for (const item of items) {
+  const validation = validatePath(item.path)
+  if (!validation.valid) {
+    results.skipped.push({ path: item.path, reason: validation.reason })
+    continue
+  }
+
+  if (!fileExists(item.path) && !dirExists(item.path)) {
+    results.skipped.push({ path: item.path, reason: 'Not found' })
+    continue
+  }
+
+  try {
+    const trashTarget = `${trashFolder}/${item.path.replace(/\//g, '_')}`
+    bash(`mv "${item.path}" "${trashTarget}"`)
+    results.staged.push({ path: item.path, trashPath: trashTarget })
+  } catch (e) {
+    results.failed.push({ path: item.path, error: e.message })
+  }
+}
+
+// Permanent deletion
+for (const staged of results.staged) {
+  try {
+    bash(`rm -rf "${staged.trashPath}"`)
+    results.deleted.push(staged.path)
+  } catch (e) {
+    console.error(`Failed: ${staged.path}`)
+  }
+}
+
+// Cleanup empty trash
+bash(`rmdir "${trashFolder}" 2>/dev/null || true`)
+
+// Report
+console.log(`
+## Cleanup Complete
+
+**Deleted**: ${results.deleted.length}
+**Failed**: ${results.failed.length}
+**Skipped**: ${results.skipped.length}
+
+### Deleted
+${results.deleted.map(p => `- ${p}`).join('\n') || '(none)'}
+
+${results.failed.length > 0 ? `### Failed\n${results.failed.map(f => `- ${f.path}: ${f.error}`).join('\n')}` : ''}
+
+Report: ${sessionFolder}/cleanup-report.json
+`)
+
+Write(`${sessionFolder}/cleanup-report.json`, JSON.stringify({
+  timestamp: getUtc8ISOString(),
+  results,
+  summary: {
+    deleted: results.deleted.length,
+    failed: results.failed.length,
+    skipped: results.skipped.length
+  }
+}, null, 2))
+```
+
+---
+
+## Session Folder
+
+```
+.workflow/.clean/clean-{YYYY-MM-DD}/
+├── mainline-profile.json     # Git history analysis
+├── cleanup-manifest.json     # Discovery results
+├── cleanup-report.json       # Execution results
+└── .trash/                   # Staging area (temporary)
+```
+
+## Risk Levels
+
+| Risk | Description | Examples |
+|------|-------------|----------|
+| **Low** | Safe to delete | Empty sessions, scratchpad files |
+| **Medium** | Likely unused | Orphan files, old archives |
+| **High** | May have dependencies | Files with some imports |
+
+## Security Features
+
+| Feature | Protection |
+|---------|------------|
+| Path Validation | Whitelist directories, reject traversal |
+| Staged Deletion | Move to .trash before permanent delete |
+| Dangerous Patterns | Block system dirs, node_modules, .git |
+
+## Iteration Flow
+
+```
+First Call (/prompts:clean):
+   ├─ Detect mainline from git history
+   ├─ Discover stale artifacts via subagent
+   ├─ Display summary, await user selection
+   └─ Execute cleanup with staging
+
+Dry-Run (/prompts:clean --dry-run):
+   ├─ All phases except execution
+   └─ Manifest saved for review
+
+Focused (/prompts:clean FOCUS="auth"):
+   └─ Discovery limited to specified area
+```
+
+## Error Handling
+
+| Situation | Action |
+|-----------|--------|
+| No git repo | Use file timestamps only |
+| Agent timeout | Retry once with prompt, then abort |
+| Path validation fail | Skip item, report reason |
+| Manifest parse error | Abort with error |
+| Empty discovery | Report "codebase is clean" |
+
+---
+
+**Now execute cleanup workflow** with focus: $FOCUS

.codex/skills/ccw-loop-b/README.md

@@ -1,102 +1,301 @@
-# CCW Loop-B (Hybrid Orchestrator Pattern)
+# CCW Loop-B: Hybrid Orchestrator Pattern
 
-协调器 + 专用 worker 的迭代开发工作流。
+Iterative development workflow using coordinator + specialized workers architecture.
 
 ## Overview
 
-CCW Loop-B 采用混合模式设计：
-- **Coordinator**: 状态管理、worker 调度、结果汇聚
-- **Workers**: 专注各自领域（develop/debug/validate）
+CCW Loop-B implements a flexible orchestration pattern:
+- **Coordinator**: Main agent managing state, user interaction, worker scheduling
+- **Workers**: Specialized agents (init, develop, debug, validate, complete)
+- **Modes**: Interactive / Auto / Parallel execution
 
-## Installation
+## Architecture
 
 ```
-.codex/skills/ccw-loop-b/
-+-- SKILL.md                    # Main skill definition
-+-- README.md                   # This file
-+-- phases/
-|   +-- orchestrator.md         # Coordinator logic
-|   +-- state-schema.md         # State structure
-+-- specs/
-    +-- action-catalog.md       # Action catalog
-
-.codex/agents/
-+-- ccw-loop-b-init.md          # Init worker
-+-- ccw-loop-b-develop.md       # Develop worker
-+-- ccw-loop-b-debug.md         # Debug worker
-+-- ccw-loop-b-validate.md      # Validate worker
-+-- ccw-loop-b-complete.md      # Complete worker
+Coordinator (Main Agent)
+    |
+    +-- Spawns Workers
+    |   - ccw-loop-b-init.md
+    |   - ccw-loop-b-develop.md
+    |   - ccw-loop-b-debug.md
+    |   - ccw-loop-b-validate.md
+    |   - ccw-loop-b-complete.md
+    |
+    +-- Batch Wait (parallel mode)
+    +-- Sequential Wait (auto/interactive)
+    +-- State Management
+    +-- User Interaction
 ```
 
+## Subagent API
+
+Core APIs for worker orchestration:
+
+| API | 作用 |
+|-----|------|
+| `spawn_agent({ message })` | 创建 worker，返回 `agent_id` |
+| `wait({ ids, timeout_ms })` | 等待结果（唯一取结果入口） |
+| `send_input({ id, message })` | 继续交互 |
+| `close_agent({ id })` | 关闭回收 |
+
+**可用模式**: 单 agent 深度交互 / 多 agent 并行 / 混合模式
+
 ## Execution Modes
 
-| Mode | Description | Use Case |
-|------|-------------|----------|
-| `interactive` | 用户选择 action | 复杂任务，需要人工决策 |
-| `auto` | 自动顺序执行 | 标准开发流程 |
-| `parallel` | 并行多维度分析 | 需要快速全面评估 |
+### Interactive Mode (default)
 
-## Usage
+Coordinator displays menu, user selects action, spawns corresponding worker.
 
 ```bash
-# Interactive (default)
 /ccw-loop-b TASK="Implement feature X"
+```
 
-# Auto mode
+**Flow**:
+1. Init: Parse task, create breakdown
+2. Menu: Show options to user
+3. User selects action (develop/debug/validate)
+4. Spawn worker for selected action
+5. Wait for result
+6. Display result, back to menu
+7. Repeat until complete
+
+### Auto Mode
+
+Automated sequential execution following predefined workflow.
+
+```bash
 /ccw-loop-b --mode=auto TASK="Fix bug Y"
+```
 
-# Parallel analysis
+**Flow**:
+1. Init → 2. Develop → 3. Validate → 4. Complete
+
+If issues found: loop back to Debug → Develop → Validate
+
+### Parallel Mode
+
+Spawn multiple workers simultaneously, batch wait for results.
+
+```bash
 /ccw-loop-b --mode=parallel TASK="Analyze module Z"
-
-# Resume
-/ccw-loop-b --loop-id=loop-b-xxx
 ```
 
-## Session Files
+**Flow**:
+1. Init: Create analysis plan
+2. Spawn workers in parallel: [develop, debug, validate]
+3. Batch wait: `wait({ ids: [w1, w2, w3] })`
+4. Merge results
+5. Coordinator decides next action
+6. Complete
+
+## Session Structure
 
 ```
-.loop/
-+-- {loopId}.json              # Master state
-+-- {loopId}.workers/          # Worker outputs (JSON)
-+-- {loopId}.progress/         # Human-readable progress (MD)
+.workflow/.loop/
++-- {loopId}.json                    # Master state
++-- {loopId}.workers/                # Worker outputs
+|   +-- init.output.json
+|   +-- develop.output.json
+|   +-- debug.output.json
+|   +-- validate.output.json
+|   +-- complete.output.json
++-- {loopId}.progress/               # Human-readable logs
+    +-- develop.md
+    +-- debug.md
+    +-- validate.md
+    +-- summary.md
 ```
 
-## Core Pattern
+## Worker Responsibilities
 
-### Coordinator + Worker
+| Worker | Role | Specialization |
+|--------|------|----------------|
+| **init** | Session initialization | Task parsing, breakdown, planning |
+| **develop** | Code implementation | File operations, pattern matching, incremental development |
+| **debug** | Problem diagnosis | Root cause analysis, hypothesis testing, fix recommendations |
+| **validate** | Testing & verification | Test execution, coverage analysis, quality gates |
+| **complete** | Session finalization | Summary generation, commit preparation, cleanup |
+
+## Usage Examples
+
+### Example 1: Simple Feature Implementation
+
+```bash
+/ccw-loop-b TASK="Add user logout function"
+```
+
+**Auto flow**:
+- Init: Parse requirements
+- Develop: Implement logout in `src/auth.ts`
+- Validate: Run tests
+- Complete: Generate commit message
+
+### Example 2: Bug Investigation
+
+```bash
+/ccw-loop-b TASK="Fix memory leak in WebSocket handler"
+```
+
+**Interactive flow**:
+1. Init: Parse issue
+2. User selects "debug" → Spawn debug worker
+3. Debug: Root cause analysis → recommends fix
+4. User selects "develop" → Apply fix
+5. User selects "validate" → Verify fix works
+6. User selects "complete" → Generate summary
+
+### Example 3: Comprehensive Analysis
+
+```bash
+/ccw-loop-b --mode=parallel TASK="Analyze payment module for improvements"
+```
+
+**Parallel flow**:
+- Spawn [develop, debug, validate] workers simultaneously
+- Develop: Analyze code quality and patterns
+- Debug: Identify potential issues
+- Validate: Check test coverage
+- Wait for all three to complete
+- Merge findings into comprehensive report
+
+### Example 4: Resume Existing Loop
+
+```bash
+/ccw-loop-b --loop-id=loop-b-20260122-abc123
+```
+
+Continues from previous state, respects status (running/paused).
+
+## Key Features
+
+### 1. Worker Specialization
+
+Each worker focuses on one domain:
+- **No overlap**: Clear boundaries between workers
+- **Reusable**: Same worker for different tasks
+- **Composable**: Combine workers for complex workflows
+
+### 2. Flexible Coordination
+
+Coordinator adapts to mode:
+- **Interactive**: Menu-driven, user controls flow
+- **Auto**: Predetermined sequence
+- **Parallel**: Concurrent execution with batch wait
+
+### 3. State Management
+
+Unified state at `.workflow/.loop/{loopId}.json`:
+- **API compatible**: Works with CCW API
+- **Extension fields**: Skill-specific data in `skill_state`
+- **Worker outputs**: Structured JSON for each action
+
+### 4. Progress Tracking
+
+Human-readable logs:
+- **Per-worker progress**: `{action}.md` files
+- **Summary**: Consolidated achievements
+- **Commit-ready**: Formatted commit messages
+
+## Best Practices
+
+1. **Start with Init**: Always initialize before execution
+2. **Use appropriate mode**:
+   - Interactive: Complex tasks needing user decisions
+   - Auto: Well-defined workflows
+   - Parallel: Independent analysis tasks
+3. **Clean up workers**: `close_agent()` after each worker completes
+4. **Batch wait wisely**: Use in parallel mode for efficiency
+5. **Track progress**: Document in progress files
+6. **Validate often**: After each develop phase
+
+## Implementation Patterns
+
+### Pattern 1: Single Worker Deep Interaction
 
 ```javascript
-// Coordinator spawns specialized worker
-const worker = spawn_agent({ message: buildWorkerPrompt(action) })
+const workerId = spawn_agent({ message: workerPrompt })
+const result1 = wait({ ids: [workerId] })
 
-// Wait for completion
-const result = wait({ ids: [worker], timeout_ms: 600000 })
+// Continue with same worker
+send_input({ id: workerId, message: "Continue with next task" })
+const result2 = wait({ ids: [workerId] })
 
-// Process result
-const output = result.status[worker].completed
-updateState(output)
-
-// Cleanup
-close_agent({ id: worker })
+close_agent({ id: workerId })
 ```
 
-### Batch Wait (Parallel Mode)
+### Pattern 2: Multi-Worker Parallel
 
 ```javascript
-// Spawn multiple workers
-const workers = [
-  spawn_agent({ message: developPrompt }),
-  spawn_agent({ message: debugPrompt }),
-  spawn_agent({ message: validatePrompt })
-]
+const workers = {
+  develop: spawn_agent({ message: developPrompt }),
+  debug: spawn_agent({ message: debugPrompt }),
+  validate: spawn_agent({ message: validatePrompt })
+}
 
 // Batch wait
-const results = wait({ ids: workers, timeout_ms: 900000 })
+const results = wait({ ids: Object.values(workers), timeout_ms: 900000 })
 
-// Merge results
-const merged = mergeOutputs(results)
+// Process all results
+Object.values(workers).forEach(id => close_agent({ id }))
 ```
 
-## License
+### Pattern 3: Sequential Worker Chain
 
-MIT
+```javascript
+const actions = ['init', 'develop', 'validate', 'complete']
+
+for (const action of actions) {
+  const workerId = spawn_agent({ message: buildPrompt(action) })
+  const result = wait({ ids: [workerId] })
+  
+  updateState(action, result)
+  close_agent({ id: workerId })
+}
+```
+
+## Error Handling
+
+| Error | Recovery |
+|-------|----------|
+| Worker timeout | `send_input` request convergence |
+| Worker fails | Log error, coordinator decides retry strategy |
+| Partial results | Use completed workers, mark incomplete |
+| State corruption | Rebuild from progress files |
+
+## File Structure
+
+```
+.codex/skills/ccw-loop-b/
++-- SKILL.md                         # Entry point
++-- README.md                        # This file
++-- phases/
+|   +-- state-schema.md              # State structure definition
++-- specs/
+    +-- action-catalog.md            # Action reference
+
+.codex/agents/
++-- ccw-loop-b-init.md               # Worker: Init
++-- ccw-loop-b-develop.md            # Worker: Develop
++-- ccw-loop-b-debug.md              # Worker: Debug
++-- ccw-loop-b-validate.md           # Worker: Validate
++-- ccw-loop-b-complete.md           # Worker: Complete
+```
+
+## Comparison: ccw-loop vs ccw-loop-b
+
+| Aspect | ccw-loop | ccw-loop-b |
+|--------|----------|------------|
+| Pattern | Single agent, multi-phase | Coordinator + workers |
+| Worker model | Single agent handles all | Specialized workers per action |
+| Parallelization | Sequential only | Supports parallel mode |
+| Flexibility | Fixed sequence | Mode-based (interactive/auto/parallel) |
+| Best for | Simple linear workflows | Complex tasks needing specialization |
+
+## Contributing
+
+To add new workers:
+1. Create worker role file in `.codex/agents/`
+2. Define clear responsibilities
+3. Update `action-catalog.md`
+4. Add worker to coordinator spawn logic
+5. Test integration with existing workers

.codex/skills/ccw-loop-b/SKILL.md

@@ -61,7 +61,7 @@ Coordinator -> spawn [develop, debug, validate] in parallel -> wait({ ids: all }
 ## Session Structure
 
 ```
-.loop/
+.workflow/.loop/
 +-- {loopId}.json              # Master state
 +-- {loopId}.workers/          # Worker outputs
 |   +-- develop.output.json
@@ -242,9 +242,9 @@ function buildWorkerPrompt(action, loopId, state) {
 
 - **Loop ID**: ${loopId}
 - **Action**: ${action}
-- **State File**: .loop/${loopId}.json
-- **Output File**: .loop/${loopId}.workers/${action}.output.json
-- **Progress File**: .loop/${loopId}.progress/${action}.md
+- **State File**: .workflow/.loop/${loopId}.json
+- **Output File**: .workflow/.loop/${loopId}.workers/${action}.output.json
+- **Progress File**: .workflow/.loop/${loopId}.progress/${action}.md
 
 ## CURRENT STATE
 

.codex/skills/ccw-loop-b/phases/orchestrator.md

@@ -14,7 +14,7 @@ Read state -> Select mode -> Spawn workers -> Wait results -> Merge -> Update st
 
 ```javascript
 function readState(loopId) {
-  const stateFile = `.loop/${loopId}.json`
+  const stateFile = `.workflow/.loop/${loopId}.json`
   return fs.existsSync(stateFile)
     ? JSON.parse(Read(stateFile))
     : null
@@ -252,6 +252,6 @@ function parseWorkerResult(output) {
 ## Best Practices
 
 1. **Worker 生命周期**: spawn → wait → close，不保留 worker
-2. **结果持久化**: Worker 输出写入 `.loop/{loopId}.workers/`
+2. **结果持久化**: Worker 输出写入 `.workflow/.loop/{loopId}.workers/`
 3. **状态同步**: 每次 worker 完成后更新 state
 4. **超时处理**: send_input 请求收敛，再超时则跳过

.codex/skills/ccw-loop-b/phases/state-schema.md

@@ -56,7 +56,7 @@
 
 ## Worker Output Structure
 
-Each worker writes to `.loop/{loopId}.workers/{action}.output.json`:
+Each worker writes to `.workflow/.loop/{loopId}.workers/{action}.output.json`:
 
 ```json
 {
@@ -81,7 +81,7 @@ Each worker writes to `.loop/{loopId}.workers/{action}.output.json`:
 
 ## Progress File Structure
 
-Human-readable progress in `.loop/{loopId}.progress/{action}.md`:
+Human-readable progress in `.workflow/.loop/{loopId}.progress/{action}.md`:
 
 ```markdown
 # Develop Progress
@@ -165,7 +165,7 @@ When `mode === 'parallel'`:
 ## Directory Structure
 
 ```
-.loop/
+.workflow/.loop/
 +-- loop-b-20260122-abc123.json          # Master state
 +-- loop-b-20260122-abc123.workers/
 |   +-- init.output.json

.codex/skills/ccw-loop-b/specs/action-catalog.md

@@ -0,0 +1,383 @@
+# Action Catalog (CCW Loop-B)
+
+Complete reference of worker actions and their capabilities.
+
+## Action Matrix
+
+| Action | Worker Agent | Purpose | Input Requirements | Output |
+|--------|--------------|---------|-------------------|--------|
+| init | ccw-loop-b-init.md | Session initialization | Task description | Task breakdown + execution plan |
+| develop | ccw-loop-b-develop.md | Code implementation | Task list | Code changes + progress update |
+| debug | ccw-loop-b-debug.md | Problem diagnosis | Issue description | Root cause analysis + fix suggestions |
+| validate | ccw-loop-b-validate.md | Testing and verification | Files to test | Test results + coverage report |
+| complete | ccw-loop-b-complete.md | Session finalization | All worker outputs | Summary + commit message |
+
+## Detailed Action Specifications
+
+### INIT
+
+**Purpose**: Parse requirements, create execution plan
+
+**Preconditions**:
+- `status === 'running'`
+- `skill_state === null` (first time)
+
+**Input**:
+```
+- Task description (text)
+- Project context files
+```
+
+**Execution**:
+1. Read `.workflow/project-tech.json`
+2. Read `.workflow/project-guidelines.json`
+3. Parse task into phases
+4. Create task breakdown
+5. Generate execution plan
+
+**Output**:
+```
+WORKER_RESULT:
+- action: init
+- status: success
+- summary: "Initialized with 5 tasks"
+- next_suggestion: develop
+
+TASK_BREAKDOWN:
+- T1: Create auth module
+- T2: Implement JWT utils
+- T3: Write tests
+- T4: Validate implementation
+- T5: Documentation
+
+EXECUTION_PLAN:
+1. Develop (T1-T2)
+2. Validate (T3-T4)
+3. Complete (T5)
+```
+
+**Effects**:
+- `skill_state.pending_tasks` populated
+- Progress structure created
+- Ready for develop phase
+
+---
+
+### DEVELOP
+
+**Purpose**: Implement code, create/modify files
+
+**Preconditions**:
+- `skill_state.pending_tasks.length > 0`
+- `status === 'running'`
+
+**Input**:
+```
+- Task list from state
+- Project conventions
+- Existing code patterns
+```
+
+**Execution**:
+1. Load pending tasks
+2. Find existing patterns
+3. Implement tasks one by one
+4. Update progress file
+5. Mark tasks completed
+
+**Output**:
+```
+WORKER_RESULT:
+- action: develop
+- status: success
+- summary: "Implemented 3 tasks"
+- files_changed: ["src/auth.ts", "src/utils.ts"]
+- next_suggestion: validate
+
+DETAILED_OUTPUT:
+  tasks_completed: [T1, T2]
+  metrics:
+    lines_added: 180
+    lines_removed: 15
+```
+
+**Effects**:
+- Files created/modified
+- `skill_state.completed_tasks` updated
+- Progress documented
+
+**Failure Modes**:
+- Pattern unclear → suggest debug
+- Task blocked → mark blocked, continue
+- Partial completion → set `loop_back_to: "develop"`
+
+---
+
+### DEBUG
+
+**Purpose**: Diagnose issues, root cause analysis
+
+**Preconditions**:
+- Issue exists (test failure, bug report, etc.)
+- `status === 'running'`
+
+**Input**:
+```
+- Issue description
+- Error messages
+- Stack traces
+- Reproduction steps
+```
+
+**Execution**:
+1. Understand problem symptoms
+2. Gather evidence from code
+3. Form hypothesis
+4. Test hypothesis
+5. Document root cause
+6. Suggest fixes
+
+**Output**:
+```
+WORKER_RESULT:
+- action: debug
+- status: success
+- summary: "Root cause: memory leak in event listeners"
+- next_suggestion: develop (apply fixes)
+
+ROOT_CAUSE_ANALYSIS:
+  hypothesis: "Listener accumulation"
+  confidence: high
+  evidence: [...]
+  mechanism: "Detailed explanation"
+
+FIX_RECOMMENDATIONS:
+  1. Add removeAllListeners() on disconnect
+  2. Verification: Monitor memory usage
+```
+
+**Effects**:
+- `skill_state.findings` updated
+- Fix recommendations documented
+- Ready for develop to apply fixes
+
+**Failure Modes**:
+- Insufficient info → request more data
+- Multiple hypotheses → rank by likelihood
+- Inconclusive → suggest investigation areas
+
+---
+
+### VALIDATE
+
+**Purpose**: Run tests, check coverage, quality gates
+
+**Preconditions**:
+- Code exists to validate
+- `status === 'running'`
+
+**Input**:
+```
+- Files to test
+- Test configuration
+- Coverage requirements
+```
+
+**Execution**:
+1. Identify test framework
+2. Run unit tests
+3. Run integration tests
+4. Measure coverage
+5. Check quality (lint, types, security)
+6. Generate report
+
+**Output**:
+```
+WORKER_RESULT:
+- action: validate
+- status: success
+- summary: "113 tests pass, coverage 95%"
+- next_suggestion: complete (all pass) | develop (fix failures)
+
+TEST_RESULTS:
+  unit_tests: { passed: 98, failed: 0 }
+  integration_tests: { passed: 15, failed: 0 }
+  coverage: "95%"
+
+QUALITY_CHECKS:
+  lint: ✓ Pass
+  types: ✓ Pass
+  security: ✓ Pass
+```
+
+**Effects**:
+- Test results documented
+- Coverage measured
+- Quality gates verified
+
+**Failure Modes**:
+- Tests fail → document failures, suggest fixes
+- Coverage low → identify gaps
+- Quality issues → flag problems
+
+---
+
+### COMPLETE
+
+**Purpose**: Finalize session, generate summary, commit
+
+**Preconditions**:
+- All tasks completed
+- Tests passing
+- `status === 'running'`
+
+**Input**:
+```
+- All worker outputs
+- Progress files
+- Current state
+```
+
+**Execution**:
+1. Read all worker outputs
+2. Consolidate achievements
+3. Verify completeness
+4. Generate summary
+5. Prepare commit message
+6. Cleanup and archive
+
+**Output**:
+```
+WORKER_RESULT:
+- action: complete
+- status: success
+- summary: "Session completed successfully"
+- next_suggestion: null
+
+SESSION_SUMMARY:
+  achievements: [...]
+  files_changed: [...]
+  test_results: { ... }
+  quality_checks: { ... }
+
+COMMIT_SUGGESTION:
+  message: "feat: ..."
+  files: [...]
+  ready_for_pr: true
+```
+
+**Effects**:
+- `status` → 'completed'
+- Summary file created
+- Progress archived
+- Commit message ready
+
+**Failure Modes**:
+- Pending tasks remain → mark partial
+- Quality gates fail → list failures
+
+---
+
+## Action Flow Diagrams
+
+### Interactive Mode Flow
+
+```
++------+
+| INIT |
++------+
+    |
+    v
++------+  user selects
+| MENU |-------------+
++------+             |
+    ^                v
+    |         +--------------+
+    |         | spawn worker |
+    |         +--------------+
+    |                |
+    |                v
+    |         +------+-------+
+    +---------|  wait result |
+              +------+-------+
+                     |
+                     v
+              +------+-------+
+              | update state |
+              +--------------+
+                     |
+                     v
+              [completed?] --no--> [back to MENU]
+                     |
+                    yes
+                     v
+              +----------+
+              | COMPLETE |
+              +----------+
+```
+
+### Auto Mode Flow
+
+```
++------+      +---------+      +-------+      +----------+      +----------+
+| INIT | ---> | DEVELOP | ---> | DEBUG | ---> | VALIDATE | ---> | COMPLETE |
++------+      +---------+      +-------+      +----------+      +----------+
+                  ^                |               |
+                  |                +--- [issues]   |
+                  +--------------------------------+
+                              [tests fail]
+```
+
+### Parallel Mode Flow
+
+```
++------+
+| INIT |
++------+
+    |
+    v
++---------------------+
+| spawn all workers   |
+| [develop, debug,    |
+|  validate]          |
++---------------------+
+    |
+    v
++---------------------+
+| wait({ ids: all })  |
++---------------------+
+    |
+    v
++---------------------+
+| merge results       |
++---------------------+
+    |
+    v
++---------------------+
+| coordinator decides |
++---------------------+
+    |
+    v
++----------+
+| COMPLETE |
++----------+
+```
+
+## Worker Coordination
+
+| Scenario | Worker Sequence | Mode |
+|----------|-----------------|------|
+| Simple task | init → develop → validate → complete | Auto |
+| Complex task | init → develop → debug → develop → validate → complete | Auto |
+| Bug fix | init → debug → develop → validate → complete | Auto |
+| Analysis | init → [develop \|\| debug \|\| validate] → complete | Parallel |
+| Interactive | init → menu → user selects → worker → menu → ... | Interactive |
+
+## Best Practices
+
+1. **Init always first**: Parse requirements before execution
+2. **Validate often**: After each develop phase
+3. **Debug when needed**: Don't skip diagnosis
+4. **Complete always last**: Ensure proper cleanup
+5. **Use parallel wisely**: For independent analysis tasks
+6. **Follow sequence**: In auto mode, respect dependencies

.codex/skills/ccw-loop/README.md

@@ -68,7 +68,7 @@ Files are in `.codex/skills/ccw-loop/`:
 
 ```
 1. Parse arguments (task or --loop-id)
-2. Create/read state from .loop/{loopId}.json
+2. Create/read state from .workflow/.loop/{loopId}.json
 3. spawn_agent with ccw-loop-executor role
 4. Main loop:
    a. wait() for agent output
@@ -84,7 +84,7 @@ Files are in `.codex/skills/ccw-loop/`:
 ## Session Files
 
 ```
-.loop/
+.workflow/.loop/
 +-- {loopId}.json              # Master state (API + Skill)
 +-- {loopId}.progress/
     +-- develop.md             # Development timeline
@@ -157,7 +157,7 @@ spawn_agent({
 Works with CCW Dashboard Loop Monitor:
 - Dashboard creates loop via API
 - API triggers this skill with `--loop-id`
-- Skill reads/writes `.loop/{loopId}.json`
+- Skill reads/writes `.workflow/.loop/{loopId}.json`
 - Dashboard polls state for real-time updates
 
 ### Control Signals

.codex/skills/ccw-loop/SKILL.md

@@ -27,8 +27,8 @@ Stateless iterative development loop using Codex subagent pattern. Supports deve
 +-------------------------------------------------------------+
 |              loop-v2-routes.ts (Control Plane)               |
 |                                                              |
-|  State: .loop/{loopId}.json (MASTER)                         |
-|  Tasks: .loop/{loopId}.tasks.jsonl                           |
+|  State: .workflow/.loop/{loopId}.json (MASTER)                         |
+|  Tasks: .workflow/.loop/{loopId}.tasks.jsonl                           |
 |                                                              |
 |  /start -> Trigger ccw-loop skill with --loop-id             |
 |  /pause -> Set status='paused' (skill checks before action)  |
@@ -42,8 +42,8 @@ Stateless iterative development loop using Codex subagent pattern. Supports deve
 |                                                              |
 |  Codex Pattern: spawn_agent -> wait -> send_input -> close   |
 |                                                              |
-|  Reads/Writes: .loop/{loopId}.json (unified state)           |
-|  Writes: .loop/{loopId}.progress/* (progress files)          |
+|  Reads/Writes: .workflow/.loop/{loopId}.json (unified state)           |
+|  Writes: .workflow/.loop/{loopId}.progress/* (progress files)          |
 |                                                              |
 |  BEFORE each action:                                         |
 |    -> Check status: paused/stopped -> exit gracefully        |
@@ -55,9 +55,9 @@ Stateless iterative development loop using Codex subagent pattern. Supports deve
 
 ## Key Design Principles (Codex Adaptation)
 
-1. **Unified State**: API and Skill share `.loop/{loopId}.json` state file
+1. **Unified State**: API and Skill share `.workflow/.loop/{loopId}.json` state file
 2. **Control Signals**: Skill checks status field before each action (paused/stopped)
-3. **File-Driven**: All progress documented in `.loop/{loopId}.progress/`
+3. **File-Driven**: All progress documented in `.workflow/.loop/{loopId}.progress/`
 4. **Resumable**: Continue any loop with `--loop-id`
 5. **Dual Trigger**: Supports API trigger (`--loop-id`) and direct call (task description)
 6. **Single Agent Deep Interaction**: Use send_input for multi-phase execution instead of multiple agents
@@ -100,7 +100,7 @@ Develop -> Debug -> Validate -> (if issues) -> Develop -> ...
 ## Session Structure (Unified Location)
 
 ```
-.loop/
+.workflow/.loop/
 +-- {loopId}.json              # Master state file (API + Skill shared)
 +-- {loopId}.tasks.jsonl       # Task list (API managed)
 +-- {loopId}.progress/         # Skill progress files
@@ -129,8 +129,8 @@ const loopId = args['--loop-id'] || (() => {
   return `loop-v2-${timestamp}-${random}`
 })()
 
-const loopFile = `.loop/${loopId}.json`
-const progressDir = `.loop/${loopId}.progress`
+const loopFile = `.workflow/.loop/${loopId}.json`
+const progressDir = `.workflow/.loop/${loopId}.progress`
 
 // Create progress directory
 mkdir -p "${progressDir}"
@@ -144,14 +144,14 @@ mkdir -p "${progressDir}"
 // Step 1: Read or create initial state
 let state = null
 if (existingLoopId) {
-  state = JSON.parse(Read(`.loop/${loopId}.json`))
+  state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
   if (!state) {
     console.error(`Loop not found: ${loopId}`)
     return
   }
 } else {
   state = createInitialState(loopId, taskDescription)
-  Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+  Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 }
 
 // Step 2: Create orchestrator agent (single agent handles all phases)
@@ -169,7 +169,7 @@ const agent = spawn_agent({
 ## LOOP CONTEXT
 
 - **Loop ID**: ${loopId}
-- **State File**: .loop/${loopId}.json
+- **State File**: .workflow/.loop/${loopId}.json
 - **Progress Dir**: ${progressDir}
 - **Mode**: ${mode}  // 'interactive' or 'auto'
 
@@ -186,7 +186,7 @@ ${taskDescription}
 You are executing CCW Loop orchestrator. Your job:
 
 1. **Check Control Signals**
-   - Read .loop/${loopId}.json
+   - Read .workflow/.loop/${loopId}.json
    - If status === 'paused' -> Output "PAUSED" and stop
    - If status === 'failed' -> Output "STOPPED" and stop
    - If status === 'running' -> Continue
@@ -200,7 +200,7 @@ You are executing CCW Loop orchestrator. Your job:
 3. **Execute Action**
    - Follow action instructions from ~/.codex/skills/ccw-loop/phases/actions/
    - Update progress files in ${progressDir}/
-   - Update state in .loop/${loopId}.json
+   - Update state in .workflow/.loop/${loopId}.json
 
 4. **Output Format**
    \`\`\`
@@ -283,10 +283,10 @@ Continue with: ${actionResult.next_action}
   }
 
   // Update iteration count in state
-  const currentState = JSON.parse(Read(`.loop/${loopId}.json`))
+  const currentState = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
   currentState.current_iteration = iteration
   currentState.updated_at = getUtc8ISOString()
-  Write(`.loop/${loopId}.json`, JSON.stringify(currentState, null, 2))
+  Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(currentState, null, 2))
 }
 
 // Step 4: Cleanup

.codex/skills/ccw-loop/phases/actions/action-complete.md

@@ -20,7 +20,7 @@ Complete CCW Loop session and generate summary report.
 ### Step 1: Verify Control Signals
 
 ```javascript
-const state = JSON.parse(Read(`.loop/${loopId}.json`))
+const state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
 
 if (state.status !== 'running') {
   return {
@@ -174,7 +174,7 @@ state.updated_at = timestamp
 state.skill_state.last_action = 'COMPLETE'
 state.skill_state.summary = stats
 
-Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 ```
 
 ## Output Format
@@ -190,8 +190,8 @@ ACTION_RESULT:
   }
 
 FILES_UPDATED:
-- .loop/{loopId}.json: Status set to completed
-- .loop/{loopId}.progress/summary.md: Summary report generated
+- .workflow/.loop/{loopId}.json: Status set to completed
+- .workflow/.loop/{loopId}.progress/summary.md: Summary report generated
 
 NEXT_ACTION_NEEDED: COMPLETED
 ```

.codex/skills/ccw-loop/phases/actions/action-debug.md

@@ -233,7 +233,7 @@ if (confirmedHypothesis) {
 
 state.skill_state.last_action = 'DEBUG'
 state.updated_at = timestamp
-Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 ```
 
 ## Output Format
@@ -249,8 +249,8 @@ ACTION_RESULT:
   }
 
 FILES_UPDATED:
-- .loop/{loopId}.progress/debug.md: Understanding updated
-- .loop/{loopId}.progress/hypotheses.json: Hypotheses updated
+- .workflow/.loop/{loopId}.progress/debug.md: Understanding updated
+- .workflow/.loop/{loopId}.progress/hypotheses.json: Hypotheses updated
 - [Source files]: Instrumentation added
 
 NEXT_ACTION_NEEDED: {DEBUG | VALIDATE | DEVELOP | MENU}

.codex/skills/ccw-loop/phases/actions/action-develop.md

@@ -20,7 +20,7 @@ Execute development task and record progress to develop.md.
 ### Step 1: Verify Control Signals
 
 ```javascript
-const state = JSON.parse(Read(`.loop/${loopId}.json`))
+const state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
 
 if (state.status !== 'running') {
   return {
@@ -133,7 +133,7 @@ state.skill_state.last_action = 'DEVELOP'
 state.skill_state.completed_actions.push('DEVELOP')
 state.updated_at = timestamp
 
-Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 ```
 
 ## Output Format
@@ -149,9 +149,9 @@ ACTION_RESULT:
   }
 
 FILES_UPDATED:
-- .loop/{loopId}.json: Task status updated
-- .loop/{loopId}.progress/develop.md: Progress entry added
-- .loop/{loopId}.progress/changes.log: Change entry added
+- .workflow/.loop/{loopId}.json: Task status updated
+- .workflow/.loop/{loopId}.progress/develop.md: Progress entry added
+- .workflow/.loop/{loopId}.progress/changes.log: Change entry added
 
 NEXT_ACTION_NEEDED: {DEVELOP | DEBUG | VALIDATE | MENU}
 ```

.codex/skills/ccw-loop/phases/actions/action-init.md

@@ -19,7 +19,7 @@ Initialize CCW Loop session, create directory structure and initial state.
 ### Step 1: Verify Control Signals
 
 ```javascript
-const state = JSON.parse(Read(`.loop/${loopId}.json`))
+const state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
 
 if (state.status !== 'running') {
   return {
@@ -34,7 +34,7 @@ if (state.status !== 'running') {
 ### Step 2: Create Directory Structure
 
 ```javascript
-const progressDir = `.loop/${loopId}.progress`
+const progressDir = `.workflow/.loop/${loopId}.progress`
 
 // Directories created by orchestrator, verify they exist
 // mkdir -p ${progressDir}
@@ -131,7 +131,7 @@ const skillState = {
 
 state.skill_state = skillState
 state.updated_at = getUtc8ISOString()
-Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 ```
 
 ## Output Format
@@ -143,8 +143,8 @@ ACTION_RESULT:
 - message: Session initialized with {N} development tasks
 
 FILES_UPDATED:
-- .loop/{loopId}.json: skill_state initialized
-- .loop/{loopId}.progress/develop.md: Progress document created
+- .workflow/.loop/{loopId}.json: skill_state initialized
+- .workflow/.loop/{loopId}.progress/develop.md: Progress document created
 
 NEXT_ACTION_NEEDED: {DEVELOP (auto) | MENU (interactive)}
 ```

.codex/skills/ccw-loop/phases/actions/action-menu.md

@@ -20,7 +20,7 @@ Display interactive action menu for user selection.
 ### Step 1: Verify Control Signals
 
 ```javascript
-const state = JSON.parse(Read(`.loop/${loopId}.json`))
+const state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
 
 if (state.status !== 'running') {
   return {
@@ -172,7 +172,7 @@ If user selects "exit":
 // Save current state
 state.status = 'user_exit'
 state.updated_at = getUtc8ISOString()
-Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 
 return {
   action: 'MENU',

.codex/skills/ccw-loop/phases/actions/action-validate.md

@@ -21,7 +21,7 @@ Run tests and verify implementation, record results to validate.md.
 ### Step 1: Verify Control Signals
 
 ```javascript
-const state = JSON.parse(Read(`.loop/${loopId}.json`))
+const state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
 
 if (state.status !== 'running') {
   return {
@@ -174,7 +174,7 @@ state.skill_state.validate.last_run_at = timestamp
 
 state.skill_state.last_action = 'VALIDATE'
 state.updated_at = timestamp
-Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 ```
 
 ## Output Format
@@ -191,9 +191,9 @@ ACTION_RESULT:
   }
 
 FILES_UPDATED:
-- .loop/{loopId}.progress/validate.md: Validation report created
-- .loop/{loopId}.progress/test-results.json: Test results saved
-- .loop/{loopId}.progress/coverage.json: Coverage data saved (if available)
+- .workflow/.loop/{loopId}.progress/validate.md: Validation report created
+- .workflow/.loop/{loopId}.progress/test-results.json: Test results saved
+- .workflow/.loop/{loopId}.progress/coverage.json: Coverage data saved (if available)
 
 NEXT_ACTION_NEEDED: {COMPLETE | DEBUG | DEVELOP | MENU}
 ```

.codex/skills/ccw-loop/phases/orchestrator.md

@@ -45,7 +45,7 @@ const getUtc8ISOString = () => new Date(Date.now() + 8 * 60 * 60 * 1000).toISOSt
  * @param loopId - Loop ID (e.g., "loop-v2-20260122-abc123")
  */
 function readLoopState(loopId) {
-  const stateFile = `.loop/${loopId}.json`
+  const stateFile = `.workflow/.loop/${loopId}.json`
 
   if (!fs.existsSync(stateFile)) {
     return null
@@ -63,7 +63,7 @@ function readLoopState(loopId) {
  * Create new loop state (only for direct calls, API triggers have existing state)
  */
 function createLoopState(loopId, taskDescription) {
-  const stateFile = `.loop/${loopId}.json`
+  const stateFile = `.workflow/.loop/${loopId}.json`
   const now = getUtc8ISOString()
 
   const state = {
@@ -83,7 +83,7 @@ function createLoopState(loopId, taskDescription) {
 
   // Ensure directories exist
   mkdir -p ".loop"
-  mkdir -p ".loop/${loopId}.progress"
+  mkdir -p ".workflow/.loop/${loopId}.progress"
 
   Write(stateFile, JSON.stringify(state, null, 2))
   return state
@@ -137,7 +137,7 @@ async function runOrchestrator(options = {}) {
     return { status: 'error', message: 'Missing loopId or task' }
   }
 
-  const progressDir = `.loop/${loopId}.progress`
+  const progressDir = `.workflow/.loop/${loopId}.progress`
 
   // 2. Create executor agent (single agent for entire loop)
   const agent = spawn_agent({
@@ -154,7 +154,7 @@ async function runOrchestrator(options = {}) {
 ## LOOP CONTEXT
 
 - **Loop ID**: ${loopId}
-- **State File**: .loop/${loopId}.json
+- **State File**: .workflow/.loop/${loopId}.json
 - **Progress Dir**: ${progressDir}
 - **Mode**: ${mode}
 
@@ -213,7 +213,7 @@ Execution timeout reached. Please:
     state = readLoopState(loopId)
     state.current_iteration = iteration
     state.updated_at = getUtc8ISOString()
-    Write(`.loop/${loopId}.json`, JSON.stringify(state, null, 2))
+    Write(`.workflow/.loop/${loopId}.json`, JSON.stringify(state, null, 2))
 
     // Handle different outcomes
     switch (actionResult.next_action) {

.codex/skills/ccw-loop/phases/state-schema.md

@@ -4,7 +4,7 @@ CCW Loop state structure definition for Codex subagent pattern.
 
 ## State File
 
-**Location**: `.loop/{loopId}.json` (unified location, API + Skill shared)
+**Location**: `.workflow/.loop/{loopId}.json` (unified location, API + Skill shared)
 
 ## Structure Definition
 
@@ -208,7 +208,7 @@ Agent checks control signals at start of every action:
  * @returns { continue: boolean, action: 'pause_exit' | 'stop_exit' | 'continue' }
  */
 function checkControlSignals(loopId) {
-  const state = JSON.parse(Read(`.loop/${loopId}.json`))
+  const state = JSON.parse(Read(`.workflow/.loop/${loopId}.json`))
 
   switch (state.status) {
     case 'paused':
@@ -338,17 +338,17 @@ State-to-file mapping:
 
 | State Field | Sync File | Sync Timing |
 |-------------|-----------|-------------|
-| Entire LoopState | `.loop/{loopId}.json` | Every state change (master) |
-| `skill_state.develop` | `.loop/{loopId}.progress/develop.md` | After each dev operation |
-| `skill_state.debug` | `.loop/{loopId}.progress/debug.md` | After each debug operation |
-| `skill_state.validate` | `.loop/{loopId}.progress/validate.md` | After each validation |
-| Code changes log | `.loop/{loopId}.progress/changes.log` | Each file modification (NDJSON) |
-| Debug log | `.loop/{loopId}.progress/debug.log` | Each debug log (NDJSON) |
+| Entire LoopState | `.workflow/.loop/{loopId}.json` | Every state change (master) |
+| `skill_state.develop` | `.workflow/.loop/{loopId}.progress/develop.md` | After each dev operation |
+| `skill_state.debug` | `.workflow/.loop/{loopId}.progress/debug.md` | After each debug operation |
+| `skill_state.validate` | `.workflow/.loop/{loopId}.progress/validate.md` | After each validation |
+| Code changes log | `.workflow/.loop/{loopId}.progress/changes.log` | Each file modification (NDJSON) |
+| Debug log | `.workflow/.loop/{loopId}.progress/debug.log` | Each debug log (NDJSON) |
 
 ### File Structure
 
 ```
-.loop/
+.workflow/.loop/
 +-- loop-v2-20260122-abc123.json         # Master state file (API + Skill)
 +-- loop-v2-20260122-abc123.tasks.jsonl  # Task list (API managed)
 +-- loop-v2-20260122-abc123.progress/    # Skill progress files
@@ -366,7 +366,7 @@ If master state file corrupted, rebuild skill_state from progress files:
 
 ```javascript
 function rebuildSkillStateFromProgress(loopId) {
-  const progressDir = `.loop/${loopId}.progress`
+  const progressDir = `.workflow/.loop/${loopId}.progress`
 
   // Parse progress files to rebuild state
   const skill_state = {
@@ -381,7 +381,7 @@ function rebuildSkillStateFromProgress(loopId) {
 
 ## Codex Pattern Notes
 
-1. **Agent reads state**: Agent reads `.loop/{loopId}.json` at action start
+1. **Agent reads state**: Agent reads `.workflow/.loop/{loopId}.json` at action start
 2. **Agent writes state**: Agent updates state after action completion
 3. **Orchestrator tracks iterations**: Main loop tracks `current_iteration`
 4. **Single agent context**: All state updates in same agent conversation via send_input

ccw/src/commands/install.ts

@@ -335,7 +335,7 @@ export async function installCommand(options: InstallOptions): Promise<void> {
       type: 'confirm',
       name: 'installFix',
       message: 'Install Git Bash multi-line prompt fix? (recommended for Git Bash users)',
-      default: true
+      default: false
     }]);
 
     if (installFix) {

ccw/src/tools/claude-cli-tools.ts

@@ -268,7 +268,8 @@ function ensureToolTags(tool: Partial<ClaudeCliTool>): ClaudeCliTool {
     enabled: tool.enabled ?? true,
     primaryModel: tool.primaryModel,
     secondaryModel: tool.secondaryModel,
-    tags: tool.tags ?? []
+    tags: tool.tags ?? [],
+    envFile: tool.envFile
   };
 }
 
@@ -438,9 +439,9 @@ export function loadClaudeCliTools(projectDir: string): ClaudeCliToolsConfig & {
     const migrated = migrateConfig(parsed, projectDir);
     const needsSave = migrated.version !== parsed.version;
 
-    // Merge tools with defaults and ensure required fields exist
+    // Load user-configured tools only (defaults NOT merged)
     const mergedTools: Record<string, ClaudeCliTool> = {};
-    for (const [key, tool] of Object.entries({ ...DEFAULT_TOOLS_CONFIG.tools, ...(migrated.tools || {}) })) {
+    for (const [key, tool] of Object.entries(migrated.tools || {})) {
       mergedTools[key] = {
         ...ensureToolTags(tool),
         type: tool.type ?? 'builtin',

ccw/src/tools/cli-config-manager.ts

@@ -29,6 +29,7 @@ export interface CliToolConfig {
   primaryModel: string;
   secondaryModel: string;
   tags?: string[];
+  envFile?: string | null;
 }
 
 export interface CliConfig {
@@ -184,7 +185,8 @@ export function getFullConfigResponse(baseDir: string): {
       enabled: tool.enabled,
       primaryModel: tool.primaryModel ?? '',
       secondaryModel: tool.secondaryModel ?? '',
-      tags: tool.tags
+      tags: tool.tags,
+      envFile: tool.envFile
     };
   }
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-code-workflow",
-  "version": "6.3.38",
+  "version": "6.3.39",
   "description": "JSON-driven multi-agent development framework with intelligent CLI orchestration (Gemini/Qwen/Codex), context-first architecture, and automated workflow execution",
   "type": "module",
   "main": "ccw/src/index.js",