Summary

Protocol upgrade from v7.1 to v7.2, fixing a dispatcher orchestration bug that caused sessions 291-293 to run QC and validation on an undecomposed system, and replacing the post-validation QC with a holistic final review.

Incident: Sessions 291-293

What happened

• Session 291 (12:00): Correctly scaffolded the Cybersecurity Operations Centre — 9 subsystems classified, 20 stakeholder and system requirements, 2 diagrams. Status set to scaffolded.
• Session 292 (13:00): Dispatcher selected Flow C (QC) instead of Flow B (decomposition). The bot ran a full QC review on a project with zero subsystem requirements, backfilled rationale on the 20 STK/SYS requirements, and promoted status to qc-reviewed.
• Session 293 (14:00): Dispatcher selected Flow D (validation) on qc-reviewed. Validation correctly identified “zero subsystem requirements” and failed — sent status back to first-pass-complete.

Root cause

The dispatcher’s interim QC trigger (line 85) checked SESSIONS_SINCE_QC >= 3 && SE_PROJECT exists but did NOT check the project status. The LAST_QC_SESSION fact was stale from the previous project (Container Ship Cargo, completed in session 290). When the Cybersecurity project was scaffolded in session 291, the stale counter showed 3+ sessions since last QC, triggering Flow C on a scaffolded project.

Fixes applied

1. Interim QC now requires status = in-progress — scaffolded projects cannot trigger QC. Changed dispatcher line 85 from [ -n "$SE_PROJECT" ] to [ "$DECOMP_STATUS" = "in-progress" ].

2. Reset LAST_QC_SESSION on scaffolded projects — when a scaffolded project has a stale QC counter from a previous project, the counter is reset to the current session number.

3. Validation failure sets in-progress not first-pass-complete — Flow D’s failure path was setting first-pass-complete, which the dispatcher interprets as “ready for QC.” Changed to in-progress so the bot returns to decomposition (Flow B).

4. Manually set Cybersecurity project to in-progress — so session 295+ will run decomposition.

Changes

Flow E rewritten: holistic final review

Problem: Flow E was a lightweight post-validation QC that checked validation-session changes per-requirement. This overlapped with Flow C (which already does per-requirement QC) and didn’t add value beyond duplicate cleanup.

Fix: Flow E is now a holistic final review — the bot reads the complete report as a single document and assesses:

• Coherence — do subsystems tell a consistent story? Overlaps or gaps?
• Completeness — enough information to begin detailed design?
• Plausibility — realistic performance values, industry-standard protocols?
• Proportionality — safety-critical subsystems deeper than utility ones?
• Trace chains — follow 3-5 requirements STK→SYS→SUB→IFC→VER

Pass → complete (system issued). Fail → in-progress with review notes (back to decomposition). The review replaces the previous post-validation QC as the final gate.

Status progression unchanged

scaffolded → in-progress → first-pass-complete → qc-reviewed → validated → complete

Same stages, but the validated → complete gate is now a document-level review instead of a checklist QC.

Implications

1. From session 297 onward, the Cybersecurity Operations Centre will decompose subsystems under Flow B.
2. All future systems will go through the holistic final review before completion.
3. The stale QC counter bug cannot recur — scaffolded projects reset the counter automatically.
4. Protocol version is now 7.2.

Version manifest

Component	Version	Notes
Session protocol	7.2	Up from 7.1
Dispatcher	Fixed	Interim QC requires in-progress; stale counter reset
Flow D fail path	Fixed	Sets in-progress not first-pass-complete
Flow E	Rewritten	Holistic final review replaces post-val QC