Cycle: 16th audit of this cadence
Auditor: SCOUT (TITAN research agent)
Baseline: F:/TITAN/plans/advisors/CLAUDE-CODE-ARCHITECTURE-DEEP-DIVE-2026-04-22.md
Prior audit: F:/TITAN/plans/advisors/claude-code-audit-2026-04-26-1020.md (cycle 15, v2.1.119, 0 regressions, T055-T057 filed)
CC version at prior audit: v2.1.119
CC version this cycle: v2.1.119 (confirmed; github.com/anthropics/claude-code/releases fetched 2026-04-26; latest release April 23 23:24 UTC; no new release in six-hour window)
v2.1.120 status: ROLLED BACK. 8 regressions remain open. T052 hard ceiling on T042 still applies.
Local TITAN install: v2.1.49 (70-version gap; T030 open, ceiling pinned at v2.1.119 per T052)
Next unclaimed T-numbers: T058, T059, T060
Word count: ~2,200
---
Finding: Confirmed (primary sources: github.com/anthropics/claude-code/releases fetched 2026-04-26; releasebot.io/updates/anthropic/claude-code fetched 2026-04-26).
No new release shipped in the six-hour window between cycle 15 (10:20 UTC) and this cycle (16:19 UTC). v2.1.119, released April 23 at 23:24 UTC, remains the latest stable build. The v2.1.120 rollback holds. All 8 regressions (gist.github.com/yurukusa/a866b4cd2976486156a00c190c39cef6, last updated 2026-04-25) remain open and unresolved in any shipped release.
New items confirmed this cycle that did not appear in prior changelog reads:
The full code.claude.com/docs/en/changelog was fetched this cycle and cross-referenced against prior cycle 15 notes. One architectural item not previously foregrounded in audit memos emerged:
Managed-settings.d/ drop-in directory (v2.1.83, March 2026): Enterprise managed settings can now be composed from multiple independent policy fragments in a managed-settings.d/ directory, merged alphabetically. This is a direct architectural parallel to Unix /etc/conf.d/ conventions. The implication: organizations can compose Claude Code's policy layer from independently maintained fragments (team A's deny-rules + team B's allow-rules + platform team's kill-switches) without a single monolithic settings file. This was in the v2.1.83 changelog but has not appeared in any prior audit cycle's "what changed" section because earlier cycles were tracking v2.1.89+ changes. It is noted here as a newly foregrounded baseline addition.
disableSkillShellExecution setting (v2.1.90, April 1 2026): A new boolean setting disableSkillShellExecution prevents skills, slash commands, and plugin commands from executing inline shell code. This tightens the security boundary between skill content (which TITAN authors can write) and shell execution (which has irreversible side effects). This setting was present in the April changelog deep-read this cycle and was not previously noted in any audit memo.
Source: code.claude.com/docs/en/changelog (fetched 2026-04-26); github.com/anthropics/claude-code/releases (fetched 2026-04-26); releasebot.io/updates/anthropic/claude-code (fetched 2026-04-26).
---
Finding: Confirmed (primary sources: releasebot.io/updates/anthropic/claude-code April 2026 summary; code.claude.com/docs/en/changelog v2.1.113).
v2.1.113 (April 22, 2026) migrated the CLI from bundled JavaScript to a native Claude Code binary spawned via per-platform optional dependencies. This is architecturally significant for two reasons not previously captured in audit memos:
Reason 1 — Glob/Grep embedded as native binaries (v2.1.117). On native macOS/Linux builds, the Glob and Grep tools were replaced by embedded bfs (breadth-first search) and ugrep utilities invoked directly through the Bash tool. This eliminates a separate tool round-trip for search operations — the model no longer needs to emit a Glob or Grep tool-use block; it can issue a single Bash call with ugrep and get structured results. The tool taxonomy in the baseline memo (section 1.2: "50 tool descriptions") is now partially stale on native builds. Windows builds (including TITAN's install) do not yet benefit from this — they retain the JavaScript-path Glob/Grep tools.
Reason 2 — /resume performance uplift (v2.1.116). The native binary path enabled a 67% improvement in /resume speed for large sessions (40MB+), with 100-150MB memory reduction in branch-heavy sessions. This directly improves the session transcript rehydration pattern (baseline Pattern 7). Silent Infinity does not use /resume but the DynamoDB-backed session reload pattern can benefit from the same principle: avoid re-parsing the full transcript on reconnect; load a pointer-and-summary structure instead.
TITAN implication: TITAN's install at v2.1.49 (JavaScript-based) is running an architecturally older execution path. T030 (binary update) should note that upgrading to v2.1.117+ switches the Glob/Grep tool path — any TITAN skills or hooks that currently assume Glob/Grep are separate tool-use blocks may behave differently if they expect specific tool-use event types from those tools. The PostToolUse hook condition tool_name == "Glob" may no longer fire on native builds. Verify hook conditions in T026 scope before T030 executes.
Source: releasebot.io/updates/anthropic/claude-code (April 2026 summary; fetched 2026-04-26); code.claude.com/docs/en/changelog (v2.1.113, v2.1.116, v2.1.117 entries; fetched 2026-04-26).
---
Finding: Confirmed (primary source: help.apiyi.com/en/claude-code-changelog-2026-april-updates-en.html; code.claude.com/docs/en/changelog v2.1.101).
v2.1.101 (April 10, 2026) added two sub-agent features not documented in the baseline memo:
Named sub-agents via @ mentions. Sub-agents can now be defined in agent frontmatter files and referenced by name using @agent-name in the orchestrator's message. This gives the orchestrator fine-grained dispatch control — "ask @code-reviewer to audit this diff" — without spawning a generic subagent and instructing it ad-hoc.
Agent frontmatter permissionMode, disallowedTools, effort, maxTurns. These fields allow per-agent capability scoping declaratively. The orchestrator no longer has to inject capability restrictions via message content; they are structural constraints in the agent definition file. This is a materially more robust isolation model than the baseline memo described — the baseline noted "strict tool restrictions (no Bash/file access for workers)" as being achieved via message-level instruction; v2.1.101 moves this to frontmatter-level enforcement.
InitialPrompt auto-submit. Agent frontmatter initialPrompt field auto-submits the first turn, enabling headless agent bootstrapping without a separate kick-off message.
TITAN implication. TITAN's sub-agent design (SCOUT, VAULT, FORGE, GUIDE, ORACLE, DARWIN) currently relies on CLAUDE.md instructions for role delegation. The named sub-agent pattern allows these roles to be encoded in agent frontmatter files with declarative capability scoping. This could replace or supplement the CLAUDE.md delegation instructions with a more enforceable mechanism. Low priority for now — TITAN works correctly under the current pattern — but worth noting for a future DARWIN proposal cycle.
Silent Infinity implication. SI has no agent-spawning infrastructure. The named sub-agent pattern is not directly portable (SI runs serverless Lambda, not a session with a persistent agent loop). The Chat Sentinel pattern (async Haiku call, returns summary signal) remains the correct SI analog.
Source: help.apiyi.com/en/claude-code-changelog-2026-april-updates-en.html (fetched 2026-04-26); code.claude.com/docs/en/changelog (v2.1.101 entry; fetched 2026-04-26).
---
Finding: Confirmed (glob scan of C:\Users\Harnoor\.claude executed 2026-04-26).
Filesystem state is unchanged from cycle 15. The glob scan confirms the same 13 skills present since cycles 12-15. The hooks/ directory remains absent. The plugins/ directory shows the official marketplace cache present (59 plugins observed across plugins/, external_plugins/) but install-counts-cache.json is the only file at root — indicating no confirmed plugin activation. The projects/ directory shows new subagent session artifacts under the current working directory project, consistent with normal TITAN agent spawning.
New observation this cycle: The plugin marketplace cache contains the agent-sdk-dev plugin with two sub-agent templates (agent-sdk-verifier-py.md, agent-sdk-verifier-ts.md). These are structured agent definition files matching the named sub-agent pattern described in section 1.3. Their presence in the marketplace cache (not the skills directory) means they are available for install but not currently active. If TITAN installs agent-sdk-dev after T030, the verifier agents become available as named sub-agents for SDK validation tasks.
---
Status: No new SI production deployments detected since cycle 15. Gap table carries forward from cycle 15. One item re-evaluated based on new cycle 16 findings.
| # | Pattern | CC Baseline | SI Status | Gap |
|---|---------|------------|-----------|-----|
| 1 | Memory layering (hot/warm/cold) | MEMORY.md file-tiered | ALIGNED — DDB 4-tier memory.py live | None |
| 2 | System prompt composition (conditional stack) | 6-layer conditional | ALIGNED — versioned + variant + user context injection | None |
| 3 | Structured tool use (schema-validated) | 50 tools, JSON Schema | GAP — capabilities in prose, not formal tool schemas | T025 open |
| 4 | Sub-agent orchestration | Named agents, frontmatter isolation | PARTIAL — Chat Sentinel exists; no parallel workers; frontmatter isolation N/A on Lambda | Partial |
| 5 | Verification-before-claim | Harness validates tool results | ALIGNED — system prompt discipline instruction live | None |
| 6 | Plan mode / reflective pause | Shift+Tab read-only posture | PARTIAL — contemplative persona exists; no explicit mode | Partial |
| 7 | Correction-as-memory | Live feedback → persistent rules | ALIGNED — extract_correction() → memory.put_correction() live | None |
| 8 | Skill auto-invocation (domain injection) | Semantic match, lazy-load | PARTIAL — skills_loader.py behind SKILLS_ENABLED=1; manifest unconfirmed | T046 open |
| 9 | Session transcript rehydration on reconnect | JSONL + /recap + /fork + 67% faster resume (v2.1.116) | PARTIAL — recap wired; no fork endpoint | Partial |
| 10 | Interruptible streaming / barge-in | ESC mid-stream + partial transcript | PARTIAL — SSE abort at Lambda; no client interrupt UX | Partial |
| 11 | Memory compaction (graduated pipeline) | 5-layer cheapest-first | ALIGNED — 2-layer compaction in conversation_store.py | None |
| 12 | Permission / guardrail model (deny-first) | disableSkillShellExecution added (v2.1.90) | ALIGNED — guardrails.py + Haiku classifier | None (but see Rec AK below) |
| 13 | Pre-session briefing (context injection) | SessionStart hook + managed-settings.d/ fragments | ALIGNED — memory block injected as late user message (T014 closed) | None |
| 14 | Parallel tool calls | StreamingToolExecutor concurrent; asyncio.gather on sentinels | GAP — single-threaded Lambda; asyncio.gather() partially mitigates (T051 open) | T051 open |
Regressions this cycle: 0. Stable from cycle 15.
Pattern 4 re-evaluation (sub-agent orchestration): CC's named sub-agent pattern (v2.1.101 frontmatter enforcement) represents a material maturation of the baseline. The baseline described tool restriction as message-level instruction; it is now declarative frontmatter constraint. SI's Chat Sentinel remains the correct Lambda analog. The gap between SI's architecture and CC's sub-agent isolation has widened slightly (CC gained structural enforcement SI cannot replicate on Lambda), but this does not constitute a regression because SI was never expected to implement session-level agent isolation. Gap remains PARTIAL with no remediation required beyond what T046-T048 already target.
Pattern 12 re-evaluation (permission model): The disableSkillShellExecution setting (v2.1.90) adds a CC-side security layer that SI does not have a direct analog for — but SI's skills are content-only (no executable inline shell in skill bodies; the skills/ manifest is static JSON triggers and text bodies). The absence of this setting on SI is not a gap because SI's skill architecture has no shell execution path to disable. No task required.
---
Next unclaimed T-numbers: T058, T059, T060.
---
Problem. v2.1.117 replaced the Glob and Grep tools with embedded bfs and ugrep on native macOS/Linux builds, routed through the Bash tool. On Windows (TITAN's platform), the legacy JavaScript-path Glob/Grep tools may persist — but if the native binary migration eventually affects Windows builds, any hook or skill condition that keys on tool_name == "Glob" or tool_name == "Grep" will silently stop matching. TITAN has no installed hooks yet (hooks/ directory absent), but T026 (conditional hook on high-frequency reads) explicitly targets Glob/Read tool-use events. T026 was authored before the native binary migration. If T026 ships after T030 and the native build path removes the Glob tool-use event, the hook will never fire on its intended trigger — a silent instrumentation failure with no alarm.
Fix — 30 minutes, task registry annotation:
1. Add to T030's entry: "Pre-upgrade check — verify whether the native binary migration (v2.1.113/v2.1.117) affects Glob/Grep tool-use event emission on Windows. If Glob tool-use events are absent after upgrade, update T026's hook condition to match the equivalent Bash-tool invocation of bfs/ugrep."
2. Add to T026's entry: "Conditional risk — if binary migration absorbs Glob into Bash tool on Windows, tool_name == "Glob" will not fire. Validate post-T030 and adjust trigger condition if needed."
3. Add a note to the warm-memory hook_contract_v2.md (T055 artifact): "On native builds (v2.1.117+), Glob and Grep tool invocations may arrive as Bash tool calls with embedded bfs/ugrep. Hook conditions targeting Glob/Grep tool_name must be tested against native build behavior."
Why this matters. T026 is one of TITAN's highest-priority hook tasks (conditional injection to reduce high-frequency Read overhead). If the hook trigger silently breaks on upgrade, TITAN will proceed without the context-injection optimization it was designed to deliver, with no observable signal that it failed. The annotation costs 30 minutes. The cost of not doing it is an undetected instrumentation gap after the T030 upgrade.
Blast radius: Task registry annotations on T030 and T026. Warm-memory reference file addition. Zero code changes. Zero SI impact.
Effort: 30 minutes (TRIVIAL — annotation only)
Priority: HIGH — must precede T030 execution; T026 is blocked on T030
Dependencies: Should complete before T030 executes. Cross-references T055 (hook contract reference file).
File as T058.
Sources: releasebot.io/updates/anthropic/claude-code (v2.1.113 native binary, v2.1.117 bfs/ugrep; fetched 2026-04-26); code.claude.com/docs/en/changelog (v2.1.113, v2.1.117; fetched 2026-04-26); baseline memo section 2.3 (hook system, read 2026-04-26); T026, T030 in TASK-REGISTRY-2026-04-21.md (read 2026-04-26).
---
Problem. v2.1.90 (April 1, 2026) added disableSkillShellExecution: true as a settings.json option that prevents skills, slash commands, and plugin commands from executing inline shell code. TITAN has 13 skills installed. None of these skills were audited for the presence of inline shell blocks after v2.1.90 shipped. The baseline memo (section 1.7) noted that skill content "injects into context when the skill fires" — but the memo was written before inline shell execution in skills was documented as a distinct attack surface. An TITAN skill that contains an inline shell block (e.g., ` bash ... in a codeblock, or a command prefixed with !`) could execute shell code as a side effect of the skill firing, without going through the PreToolUse hook that would normally gate Bash execution.
Fix — 45 minutes:
1. Grep all 13 skill files under C:\Users\Harnoor\.claude\ for shell execution patterns: backtick code blocks, !-prefixed lines, $(...) interpolation, inline bash, sh, cmd, or python calls. Confirm zero findings or identify any that exist.
2. Add "disableSkillShellExecution": true to ~/.claude/settings.json (project/local level, not managed-settings — this is a TITAN-operator preference, not an enterprise policy). This provides a structural guardrail independent of whether the grep audit finds anything.
3. Document in CLAUDE.md's Tools section: "Skill files must not contain inline shell execution blocks. disableSkillShellExecution is enabled in settings.json as a structural enforcement. Any new skill authored by DARWIN must be reviewed for inline shell before installation."
Why this matters. TITAN runs autonomous overnight sessions. A skill that fires unintentionally during an autonomous session and executes shell code as a side effect would bypass the PreToolUse hook gate — the primary security boundary documented in the baseline memo. The setting costs zero tokens and zero latency. The grep audit is 10 minutes. The settings.json edit is 2 minutes. The CLAUDE.md note is 5 minutes. Total blast radius: purely protective.
Why now (before T030). After T030, TITAN will be on v2.1.119 where the setting is confirmed available. The audit can be run now on v2.1.49 and the results applied. The settings.json write can be done now or at T030 — either is safe.
Blast radius: ~/.claude/settings.json (one boolean field). CLAUDE.md (one paragraph in Tools section). Zero skill file changes (audit only, no edits unless inline shell found). Zero SI impact.
Effort: 45 minutes (TRIVIAL — grep audit + settings edit + documentation)
Priority: HIGH — security guardrail; protects TITAN's autonomous session boundary; cost is near zero
Dependencies: None; can execute before or after T030
File as T059.
Sources: code.claude.com/docs/en/changelog (v2.1.90 disableSkillShellExecution entry; fetched 2026-04-26); baseline memo section 1.7 (skills system, read 2026-04-26); baseline memo section 2.7 (permission model, read 2026-04-26); glob scan C:\Users\Harnoor\.claude\ (13 skills confirmed; executed 2026-04-26).
---
Problem. CC v2.1.108 added a /recap command and recap session setting that provides context when returning to a stale session. This is the CC implementation of Pattern 9 (session transcript rehydration). SI's current architecture has the recap feature wired (noted as PARTIAL in the pattern audit since cycle N), but the prior audits have consistently noted "no fork endpoint" as the remaining gap. A second gap that has been less foregrounded: SI has no UX affordance that invites the user to return to a prior space. The session reload is functional, but the invitation is absent.
CC's /recap is a model-facing summarization mechanism. SI's analog needs to be user-facing: the "your space is still here" affordance described in the baseline memo's Pattern 7 porting guidance (section of the deep-dive). Currently, the prior session summary loads silently into the system prompt — the user does not know they are being remembered. This is a missed felt-intelligence moment.
Fix — 3 hours, no new infrastructure:
1. In user_profile.py, check whether the user's last session was more than 24 hours ago. If yes, set a returning_user flag in the session context.
2. In system_prompt.py, inject a conditional instruction when returning_user=True:
```
This user is returning after a gap. Their last session summary is:
<prior_session_summary>{{summary}}</prior_session_summary>
Open with a brief, non-intrusive acknowledgment that their space persists.
Do not reference the gap directly. Reflect the active thread if one exists.
Do not begin with "Welcome back" — that is performative, not contemplative.
```
3. In the frontend JavaScript, detect the returning_user flag from the Lambda response and render a subtle visual affordance (the existing presence orb color shift is sufficient — no new UI element required).
4. No new DynamoDB tables. No new Lambda functions. This is a configuration addition to existing pipeline stages.
Why this matters. This closes the most user-visible remaining gap in Pattern 9. The session summary already exists in DynamoDB. The injection pathway already exists in system_prompt.py. The only missing piece is the conditional trigger logic and the system prompt instruction. A user who returns after 3 days and finds the mirror holds the thread of their last exploration experiences felt continuity — the defining characteristic of a witness rather than a service.
Why under 1 day. The user_profile.py timestamp check is 5 lines. The system_prompt.py conditional injection is 10 lines. The frontend orb-color shift is 3 lines. The system prompt instruction copy (above) is already written. This is an assembly task, not a design task.
Blast radius: user_profile.py (timestamp check + flag), system_prompt.py (conditional injection block), frontend JS (orb state signal). No DDB schema changes. No new Lambda functions. No new tables.
Effort: 3 hours (LOW — assembly of existing pipeline components, no new infrastructure)
Priority: HIGH — closes Pattern 9 user-visible gap; highest felt-intelligence per hour of any open recommendation
Dependencies: Requires the prior session summary to be populated in DynamoDB (T007 session summarizer, or any session that has completed). Works with partial coverage — first-session users get the default experience.
File as T060.
Sources: code.claude.com/docs/en/changelog (v2.1.108 /recap entry; fetched 2026-04-26); baseline memo Part C Pattern 7 (session rehydration porting guidance, read 2026-04-26); cycle 15 pattern audit (Pattern 9 PARTIAL status, read 2026-04-26).
---
Prior cycles established AP-1 through AP-10. No new CC anti-patterns observed this cycle.
One AP-10 reinforcement from new findings: The disableSkillShellExecution setting (section 1.1 above) implicitly documents an anti-pattern: allowing user-authored skill content to have side-effecting shell execution capability is a security boundary violation. CC addresses this via an opt-in disable. SI's architecture never had this problem (skill bodies are static text, no shell execution pathway), but the existence of the setting confirms that CC's earlier design allowed it — and subsequently added a kill-switch. SI should treat this as confirmation that AP-10 (don't copy CC complexity that is appropriate for developer tools but not for a contemplative wellness product) applies to skill architecture: keep SI skills as pure content injection, never add shell execution capability to skills regardless of convenience.
---
Contradiction 1 — Glob/Grep native binary status on Windows. The changelog entries for v2.1.113 and v2.1.117 describe the bfs/ugrep embedding as applying to "native macOS/Linux builds." It is unclear whether Windows builds follow the same path on the v2.1.117+ native binary migration. If Windows retains the JavaScript-path Glob/Grep as separate tool-use blocks, T058's risk annotation is a precaution rather than a confirmed gap. Verification required at T030 execution time.
Uncertainty 1 — v2.1.120 regression patch timeline. Six hours since cycle 15, no patch. The 8 regressions (gist.github.com/yurukusa/a866b4cd2976486156a00c190c39cef6) remain open. T052 ceiling remains active. No change from cycle 15.
Uncertainty 2 — skills_loader.py manifest content (T046). Per cycle 15, prompts/skills/_manifest.json in the SI backend has not been directly read in any audit cycle. T046 remains open. Pattern 8 cannot advance from PARTIAL to ALIGNED without manifest verification. This is the highest-value open SI task as of this cycle.
---
| Item | Count |
|------|-------|
| CC versions reviewed (cumulative since baseline) | 22 (v2.1.89 through v2.1.119; v2.1.120 rolled back) |
| New CC architectural signals this cycle | 3 (managed-settings.d/ composition pattern; disableSkillShellExecution; native binary Glob/Grep migration) |
| TITAN operational flags raised this cycle | 2 (T058: Glob/Grep hook-trigger change risk; T059: disableSkillShellExecution security guardrail) |
| SI regressions detected | 0 |
| SI positive developments | 0 new; Pattern 9 gap has concrete close path via T060 |
| Persistent SI pattern gaps | Pattern 3 (T025), Pattern 4 partial, Pattern 6 partial, Pattern 8 partial (T046 urgent), Pattern 9 partial (T060 filed), Pattern 10 partial, Pattern 14 (T051) |
| New recommendations filed | 3 (T058, T059, T060) |
| Anti-patterns documented (cumulative) | 10 (AP-1 through AP-10; AP-10 reinforced this cycle via disableSkillShellExecution observation) |
| Open T-numbers with direct SI impact | T025, T028, T037, T038, T040, T041, T046, T047, T048, T051, T053, T056, T060 |
| Open T-numbers with TITAN-only impact | T026, T029, T030, T031, T032, T033, T034, T035, T036, T039, T042, T043, T044, T045, T049, T050, T052, T054, T055, T057, T058, T059 |
---
1. F:/TITAN/plans/advisors/CLAUDE-CODE-ARCHITECTURE-DEEP-DIVE-2026-04-22.md — baseline memo (SCOUT, 2026-04-22; read 2026-04-26)
2. F:/TITAN/plans/advisors/claude-code-audit-2026-04-26-1020.md — cycle 15 prior audit (read 2026-04-26; next T: T058)
3. F:/TITAN/plans/task-registry/TASK-REGISTRY-2026-04-21.md — task registry (read 2026-04-26; last T-number T057)
4. F:/TITAN/plans/audit-cadence.log — audit history (read 2026-04-26; last entry 2026-04-26T16:19:39Z dispatched)
5. github.com/anthropics/claude-code/releases — official release history (fetched 2026-04-26; v2.1.119 confirmed latest, released April 23 2026)
6. releasebot.io/updates/anthropic/claude-code — release aggregator April 2026 (fetched 2026-04-26; v2.1.119 confirmed latest; native binary migration, disableSkillShellExecution noted)
7. code.claude.com/docs/en/changelog — official changelog (fetched 2026-04-26; v2.1.83 managed-settings.d/; v2.1.90 disableSkillShellExecution; v2.1.101 named sub-agents + frontmatter permissionMode; v2.1.113 native binary; v2.1.116 /resume 67% faster; v2.1.117 bfs/ugrep embedded)
8. code.claude.com/docs/en/whats-new/2026-w14 — Week 14 digest (fetched 2026-04-26; v2.1.86-v2.1.91 features including computer use CLI, /powerup, flicker-free rendering, MCP result-size override)
9. help.apiyi.com/en/claude-code-changelog-2026-april-updates-en.html — April changelog deep-read (fetched 2026-04-26; sub-agent named reference, ExitWorktree tool, frontmatter permissionMode confirmed)
10. gist.github.com/yurukusa/a866b4cd2976486156a00c190c39cef6 — v2.1.120 regression checklist (last updated 2026-04-25; 8 regressions all open; T052 ceiling active)
11. Glob scan C:\Users\Harnoor\.claude — confirms 13 skills, no new hooks/MCP servers, hooks/ directory absent, agent-sdk-dev plugin in marketplace cache (executed 2026-04-26)