Prepare 2026.5.11 release docs

Author: jmagly

.aiwg/release.config

@@ -91,16 +91,21 @@ gates:
 
   # Gate 3: Documentation sync.
   # Invokes the `doc-sync` skill (orchestrated) with `code-to-docs` direction
-  # and a guidance hint pulling in agentic/ markdown as the doc corpus.
+  # and a guidance hint pulling in all agentic/code sources plus the full
+  # repository Markdown corpus.
   - name: doc-sync
     hard_stop: true
     invoke_skill: doc-sync
     args:
       direction: code-to-docs
-      scope: 'agentic/code/**/*.md docs/**/*.md README.md CLAUDE.md AIWG.md AGENTS.md'
+      scope: 'agentic/code/** **/*.md'
       guidance: |
-        Audit the docs against the current code. Treat agentic/code/ markdown
-        (framework READMEs, agent definitions, skill bodies, addon manifests)
+        Audit the docs against the current implementation. Include every file
+        under agentic/code/ plus all repository Markdown files because AIWG
+        capability is primarily documented in skills, agents, commands,
+        templates, behaviors, rules, manifests, and generated guidance.
+        Treat agentic/code/ framework READMEs, agent definitions, skill bodies,
+        addon manifests, command docs, templates, behavior bundles, and rules
         as authoritative documentation surfaces that must match the current
         implementation. Reconcile drift in:
           - command references (CLI handlers vs help text vs CLAUDE.md tables)
@@ -139,7 +144,7 @@ gates:
     hard_stop: true
     steps:
       - id: create-tag
-        run: 'git tag -a {tag} -m "{tag}"'
+        run: 'tools/release/cut-tag.sh {version}'
       - id: push-origin
         run: 'git push origin main --tags'
       - id: push-mirror

.aiwg/reports/doc-sync-20260525T190000Z.md

@@ -0,0 +1,70 @@
+# Documentation Drift Report
+
+Generated: 2026-05-25T19:00:00Z
+
+Direction: code-to-docs
+
+Scope: agentic/code/** plus all repository Markdown files
+
+Guidance: include all of agentic/code and all Markdown files because AIWG capability is primarily represented in skills, agents, commands, templates, behaviors, rules, manifests, and generated guidance.
+
+Mode: release-prep audit; manual doc-sync execution because the raw `aiwg doc-sync` command handler is not currently registered and doc-sync is exposed as an AIWG skill workflow.
+
+Package Version: 2026.5.11
+
+## Summary
+
+The release-prep doc-sync pass covered the tracked capability corpus and release documentation surfaces. It found and fixed drift in release configuration, media-curator documentation, README framework counts, release navigation manifests, and the pending 2026.5.11 changelog and announcement artifacts.
+
+## Verified Ground Truth
+
+- `agentic/code/**` is the authoritative capability corpus for frameworks, addons, skills, agents, rules, behaviors, manifests, and generated guidance.
+- Repository Markdown count at audit time: 2562 files across `agentic/code`, `docs`, root docs, changelog, and tracked AIWG docs.
+- `agentic/code` file count at audit time: 2067 files, including 1547 Markdown files.
+- Capability-heavy `agentic/code` agents/skills/commands/templates/behaviors/rules Markdown count at audit time: 1295 files.
+- Latest stable release tag before this prep: `v2026.5.10`; target release version: `2026.5.11`.
+
+## Findings and Fixes
+
+| Area | Finding | Resolution |
+|---|---|---|
+| Release config | Doc-sync gate only covered selected Markdown globs and did not express the requested all-agentic-code/all-Markdown audit scope. | Updated `.aiwg/release.config` scope and guidance to include `agentic/code/**` plus `**/*.md`. |
+| Release config | Release gate still templated a raw annotated `git tag` command. | Updated the gate to use `tools/release/cut-tag.sh {version}` so release signing uses the dedicated release key wrapper. |
+| System rules | Skill/CLI docs needed to preserve the invariant that raw CLI commands augment skill workflows rather than replacing them. | Updated `cli-secondary` and `RULES-INDEX.md`; filed #1480 for the repo-wide audit. |
+| Media curator docs | Generated framework overview did not mention `transcribe-media`, transcript sidecars, or `.aiwg/media/transcripts/`. | Updated `docs/frameworks/media-curator/overview.md` with workflow, skill, tooling, pipeline, and archive-structure coverage. |
+| README | Framework count was stale and omitted Knowledge Base from the framework table despite top-level docs listing it as core. | Updated README framework count/table and extension-system framework count. |
+| README | Media-curator command examples and summary omitted transcript sidecars. | Added `/transcribe-media` example and transcript-sidecar summary. |
+| Release docs | No 2026.5.11 changelog section or announcement existed. | Added `CHANGELOG.md` section and `docs/releases/v2026.5.11-announcement.md`. |
+| Release manifests | Release navigation pointed at v2026.5.10 as latest. | Added v2026.5.11 to `docs/releases/_manifest.json` and `docs/_manifest.json`. |
+
+## Open Follow-up from Issue Audit
+
+- #1234 remains open for the full media-curator to research-complete bridge. `transcribe-media` is complete, but REF media templates, timestamp citation policy, citation sidecars, `induct-media`, and discoverability work remain open.
+- #1478 remains open because broad time-based media research/citation discovery still returns no direct matches.
+- #1479 remains open because `aiwg discover "cargo crate supply chain audit"` still routes to npm-specific supply-chain guidance first.
+- #1405 remains open because non-local provider field-validation still requires real sessions in the target providers.
+- #1480 remains open for the repo-wide audit that aligns docs, quickrefs, skill bodies, command mirrors, and generated guidance with the skill-first CLI augmentation rule.
+
+## Validation Commands Planned for Release Gate
+
+```bash
+npm run check:versions
+npm run typecheck
+npm run build:cli
+npm test
+npm run uat
+```
+
+## Files Updated
+
+- `.aiwg/release.config`
+- `.aiwg/reports/doc-sync-last-run.json`
+- `.aiwg/reports/doc-sync-20260525T190000Z.md`
+- `CHANGELOG.md`
+- `README.md`
+- `agentic/code/addons/aiwg-utils/rules/RULES-INDEX.md`
+- `agentic/code/addons/aiwg-utils/rules/cli-secondary.md`
+- `docs/_manifest.json`
+- `docs/frameworks/media-curator/overview.md`
+- `docs/releases/_manifest.json`
+- `docs/releases/v2026.5.11-announcement.md`

.aiwg/reports/doc-sync-last-run.json

@@ -1,54 +1,65 @@
 {
-  "timestamp": "2026-05-05T00:30:00Z",
+  "timestamp": "2026-05-25T19:00:00Z",
   "direction": "code-to-docs",
-  "scope": "full repo (src/ + agentic/code/)",
-  "guidance": "agentic/code/ files treated as authoritative source",
+  "scope": "agentic/code/** plus all repository Markdown files",
+  "guidance": "include all of agentic/code and all Markdown files; AIWG capability lives in skills, agents, commands, templates, behaviors, rules, manifests, and generated guidance",
   "phases": [
     {
       "phase": "audit",
-      "auditors_run": ["cli", "extensions", "frameworks", "agents-skills", "schemas", "crossref"],
-      "findings_total": 59,
-      "findings_high": 39,
-      "findings_medium": 16,
-      "findings_low": 4
-    },
-    {
-      "phase": "auto-fix-pass-1",
-      "fixes_applied": 14,
-      "files_modified": ["CLAUDE.md", "AIWG.md", "README.md"]
+      "auditors_run": [
+        "release-config",
+        "release-docs",
+        "media-curator-docs",
+        "readme-framework-counts",
+        "issue-follow-up-discovery",
+        "skill-cli-rule"
+      ],
+      "findings_total": 9,
+      "findings_high": 2,
+      "findings_medium": 6,
+      "findings_low": 1
     },
     {
-      "phase": "errata-correction-pass-2",
-      "fixes_applied": 28,
+      "phase": "auto-fix",
+      "fixes_applied": 9,
       "files_modified": [
-        "AIWG.md",
-        "CLAUDE.md",
+        ".aiwg/release.config",
+        "CHANGELOG.md",
         "README.md",
-        "docs/cli-reference.md",
-        "docs/extensions/extension-types.md",
-        "docs/extensions/overview.md",
-        "docs/extensions/creating-extensions.md",
-        "docs/releases/v2026.4.0-announcement.md",
-        "agentic/code/addons/aiwg-utils/manifest.json",
+        "docs/_manifest.json",
+        "docs/frameworks/media-curator/overview.md",
+        "docs/releases/_manifest.json",
+        ".aiwg/reports/doc-sync-last-run.json",
         "agentic/code/addons/aiwg-utils/rules/RULES-INDEX.md",
-        "src/extensions/commands/definitions.ts"
+        "agentic/code/addons/aiwg-utils/rules/cli-secondary.md"
       ],
       "files_created": [
-        "docs/configuration/aiwg-config.md",
-        "docs/configuration/setup-manifest.md",
-        ".aiwg/reports/doc-sync-20260505T035506Z.md"
+        ".aiwg/reports/doc-sync-20260525T190000Z.md",
+        "docs/releases/v2026.5.11-announcement.md"
       ]
     }
   ],
   "totals": {
-    "fixes_applied": 42,
+    "fixes_applied": 9,
     "fixes_remaining": 0,
-    "files_modified": 11,
-    "files_created": 3
+    "files_modified": 9,
+    "files_created": 2
   },
   "validation": {
-    "tsc_noEmit": "clean",
-    "markdownlint_authored_files": "clean (RULES-INDEX.md has pre-existing pattern violations matching existing entries; CLAUDE.md/AIWG.md/docs/configuration/*.md clean)"
+    "pending": [
+      "npm run check:versions",
+      "npm run typecheck",
+      "npm run build:cli",
+      "npm test",
+      "npm run uat"
+    ]
   },
-  "report": ".aiwg/reports/doc-sync-20260505T035506Z.md"
+  "report": ".aiwg/reports/doc-sync-20260525T190000Z.md",
+  "open_follow_up": [
+    "#1234",
+    "#1405",
+    "#1478",
+    "#1479",
+    "#1480"
+  ]
 }

.claude-plugin/marketplace.json

@@ -6,7 +6,7 @@
   },
   "metadata": {
     "description": "AIWG - Modular agentic framework for SDLC, marketing automation, and workflow orchestration. 200+ agents, 67+ CLI commands, 400+ deployable agent/skill/command/rule artifacts.",
-    "version": "2026.5.10",
+    "version": "2026.5.11",
     "homepage": "https://aiwg.io",
     "repository": "https://github.com/jmagly/aiwg",
     "documentation": "https://docs.aiwg.io",

CHANGELOG.md

@@ -7,8 +7,66 @@ and this project uses [Calendar Versioning (CalVer)](https://calver.org/) with n
 
 ## [Unreleased]
 
+## [2026.5.11] - 2026-05-25 — "Provider detection, local issue sync, and media transcript prep"
+
+This patch release hardens AIWG's cross-provider workflow plumbing, adds local issue-tracker synchronization paths, and documents the current code-to-docs audit before the next stable tag. It also ships the first concrete time-based media primitive while keeping the larger research handoff work explicit as follow-up scope.
+
+### Why this matters to users
+
+| What changed | What it gives you |
+|---|---|
+| **Codex-aware provider detection** | Mixed Claude/Codex workspaces now prefer the active Codex runtime where appropriate, so refresh and regenerate flows target the right provider files. |
+| **Local issue sync workflows** | Projects can import/export local issue stores, run live tracker sync, and document conflict handling without guessing which issue backend is active. |
+| **Media transcript sidecars** | Media-curator can now surface a transcript sidecar workflow for acquired audio/video, including source metadata, hashes, timestamps, and degraded plans when local STT tooling is missing. |
+| **Security and supply-chain scaffolding** | Security-engineering gained CI emitters, banned-API scaffolds, DFIR readiness routing, and supply-chain audit documentation. |
+| **Release and docs hygiene** | Release config now records the broad doc-sync scope for all agentic/code sources plus repository Markdown, and release tags are routed through the dedicated signing wrapper. |
+
+### Added
+
+- Local issue import/export and live sync workflows, plus documentation for migration, conflicts, backups, and credentials.
+- `transcribe-media` media-curator skill with a sample transcript sidecar and discovery coverage.
+- Security-engineering cycle-1 scaffolds for banned APIs, sanitizer/fuzzing CI emitters, disclosure tracking, DFIR readiness, and external npm supply-chain audit provenance.
+- Community, browser-control, and Omnius integrator documentation surfaces.
+
+### Changed
+
+- Codex provider detection now uses runtime/process markers and mixed-workspace regression coverage for `regenerate`, `refresh`, `steward`, and related provider-selection paths.
+- Media-curator docs now describe transcript sidecars and research handoff preparation alongside archive curation.
+- Release configuration doc-sync guidance now includes all of `agentic/code/` and all repository Markdown files, reflecting where AIWG capabilities actually live.
+- Release tagging is configured to use `tools/release/cut-tag.sh` instead of a raw `git tag` command so the release signing key remains separate from the regular commit key.
+- The system-wide `cli-secondary` rule now states that raw CLI commands augment skill workflows; skills remain responsible for orchestration, final formatting, presentation, synthesis, gates, and recovery.
 - Claude Code external loop launches now default-disable 1M-context model variants unless `CLAUDE_CODE_DISABLE_1M_CONTEXT` is explicitly set, with docs covering the credit-account tradeoff and opt-in path.
-- Documented the project signing-key split in `AGENTS.override.md` and `.aiwg/release-process.md`: regular commits use the host commit key, while annotated release tags use the AIWG release key.
+- Project signing-key split is documented in `AGENTS.override.md` and `.aiwg/release-process.md`: regular commits use the host commit key, while annotated release tags use the AIWG release key.
+
+### Fixed
+
+- Channel sync and refresh provider-detection tests were stabilized.
+- Docsite deployment now normalizes the deploy root and verifies release artifacts more directly.
+- Address-issues and agent-loop paths were hardened, including malicious issue-body handling and stale-window closure auditing.
+- Media transcript discovery now routes `transcribe media` to the media-curator skill.
+
+### Known follow-up
+
+- The time-based media research epic remains open for REF templates, timestamp citation policy, citation sidecars, `induct-media`, and quickref/generated-guidance discoverability.
+- Cargo/Rust crate supply-chain discovery still routes to npm-specific audit guidance first and remains tracked as follow-up work.
+- Provider field-validation claims remain limited to sessions already evidenced in the issue tracker; remaining providers still need real session validation.
+- A repo-wide audit is open as #1480 to align docs, quickrefs, skill bodies, and generated guidance with the skill-first CLI augmentation rule.
+
+### Tests
+
+Release-prep verification for this line:
+
+```bash
+npm run check:versions
+npm run typecheck
+npm run build:cli
+npm test
+npm run uat
+```
+
+### Migration notes
+
+No breaking changes. Projects using local issue stores should review `docs/local-issues.md` before enabling live sync so tracker direction, conflict handling, and credential sourcing are explicit.
 
 ## [2026.5.10] - 2026-05-19 — "Beginner onboarding wizard + docs"
 

README.md

@@ -513,15 +513,16 @@ If you ship a product that bundles AIWG and want to be listed here, open an issu
 
 ## What You Get
 
-### Frameworks (6)
+### Frameworks (8)
 
 | Framework | Agents | Templates | What It Does |
 |-----------|--------|-----------|--------------|
 | **[SDLC Complete](agentic/code/frameworks/sdlc-complete/)** | 98 | 200+ | Full software development lifecycle — Inception through Production with multi-agent orchestration, quality gates, and DORA metrics |
 | **[Forensics Complete](agentic/code/frameworks/forensics-complete/)** | 13 | 8 | Digital forensics and incident response — evidence acquisition, timeline reconstruction, IOC extraction, Sigma rule hunting. NIST SP 800-86, MITRE ATT&CK, STIX 2.1 |
 | **[Media/Marketing Kit](agentic/code/frameworks/media-marketing-kit/)** | 37 | 87+ | End-to-end marketing operations — strategy, content creation, campaign management, brand compliance, analytics, and reporting |
-| **[Media Curator](agentic/code/frameworks/media-curator/)** | 6 | — | Intelligent media archive management — discography analysis, source discovery, quality filtering, metadata curation, multi-platform export (Plex, Jellyfin, MPD) |
+| **[Media Curator](agentic/code/frameworks/media-curator/)** | 6 | — | Intelligent media archive management — discography analysis, source discovery, quality filtering, transcript sidecars, research handoff preparation, multi-platform export (Plex, Jellyfin, MPD) |
 | **[Research Complete](agentic/code/frameworks/research-complete/)** | 8 | 6 | Academic research automation — paper discovery, citation management, RAG-based summarization, GRADE quality scoring, FAIR compliance, W3C PROV provenance |
+| **[Knowledge Base](agentic/code/frameworks/knowledge-base/)** | — | 5 | General-purpose LLM-assisted wiki — source ingest, entity/concept pages, source summaries, comparisons, syntheses, health checks, and emergent taxonomy |
 | **[Ops Complete](agentic/code/frameworks/ops-complete/)** | 12 | 3 | Operational infrastructure — incident management, runbooks, troubleshooting workflows |
 | **[Security Engineering](agentic/code/frameworks/security-engineering/)** | 2 | 5 | Applied security beyond STRIDE/OWASP — cryptographic primitive selection, chain-of-trust integrity, authentication-factor architecture, degraded-mode design, runtime secret hygiene, supply-chain trust, physical-access threats. Pattern-based, product-agnostic |
 
@@ -851,14 +852,15 @@ Full DFIR investigation workflow following NIST SP 800-86, with MITRE ATT&CK map
 /analyze-artist "Pink Floyd"           # Identify eras, catalog structure
 /find-sources "Pink Floyd" "DSOTM"     # Discover across YouTube, Archive.org, Bandcamp
 /acquire                               # Download with format selection
+/transcribe-media /path/to/media.wav     # Create timestamped transcript sidecars
 /tag-collection                        # Apply metadata, embed artwork, rename
 /check-completeness                    # Gap analysis against canonical discography
 /assemble "Pink Floyd live 1973"       # Build thematic compilations
 /export --format plex                  # Export to Plex, Jellyfin, MPD, or archival
 /verify-archive                        # SHA-256 integrity verification
 ```
 
-Quality tiers: Tier 1 (Official/Lossless) → Tier 2 (High Quality) → Tier 3 (Acceptable) → Tier 4 (Avoid). Standards: ID3v2.4, Vorbis Comments, MusicBrainz, PREMIS 3.0, W3C PROV-O.
+Quality tiers: Tier 1 (Official/Lossless) → Tier 2 (High Quality) → Tier 3 (Acceptable) → Tier 4 (Avoid). Transcript sidecars preserve source hashes, transcript hashes, timestamps, and optional speaker labels for review and future research handoff. Standards: ID3v2.4, Vorbis Comments, MusicBrainz, PREMIS 3.0, W3C PROV-O.
 
 ### Research Complete — Academic Research Pipeline
 
@@ -1299,7 +1301,7 @@ AIWG uses a unified extension system with 10 extension types, all deployable acr
 | **Skills** | 128 | Natural language workflow triggers activated by conversation patterns |
 | **Rules** | 35 | Enforcement patterns deployed as consolidated index with on-demand full-rule loading |
 | **Templates** | 334 | Progressive disclosure document templates for all SDLC phases |
-| **Frameworks** | 6 | Complete workflow systems (SDLC, Forensics, Marketing, Research, Media Curator, Ops) |
+| **Frameworks** | 8 | Complete workflow systems (SDLC, Forensics, Marketing, Research, Media Curator, Ops, Knowledge Base, Security Engineering) |
 | **Addons** | 21 | Feature bundles extending frameworks (RLM, Voice, Testing Quality, UAT, Ring) |
 | **Hooks** | varies | Lifecycle event handlers (pre-session, post-write, workflow tracing) |
 | **Tools** | varies | External utility integrations (git, jq, npm) |