feat(adf): subscription-based provider routing with persona and skill chains

.deployment-marker

@@ -0,0 +1,3 @@
+Deployment: Thu Mar 19 13:06:42 GMT 2026
+Version: 0f997483
+Status: PRODUCTION

.docs/upstream-sync-20260307.md

@@ -0,0 +1,78 @@
+# Upstream Sync Report - 20260307
+
+Generated: 2026-03-07T00:03:45Z (UTC)
+
+## Scope and Freshness
+- Attempted `git fetch origin` for both repositories.
+- `terraphim-ai` fetch failed due network resolution error: `Could not resolve host: github.com`.
+- `terraphim-skills` fetch failed due permissions on `.git/FETCH_HEAD` in this environment.
+- Analysis below is based on locally cached `origin/main` refs, which may be stale.
+
+## Repository Status
+
+### 1) `/home/alex/terraphim-ai`
+- Branch: `main`
+- Local `HEAD`: `f770aae0d3c2a1961faa332e2dc7ad162b7f8434`
+- Cached `origin/main`: `f770aae0d3c2a1961faa332e2dc7ad162b7f8434`
+- New upstream commits (`HEAD..origin/main`): **0**
+
+### 2) `/home/alex/terraphim-skills`
+- Repository exists: **yes**
+- Branch: `main`
+- Local `HEAD`: `44594d217112ea939f95fe49050d645d101f4e8a`
+- Cached `origin/main`: `6a7ae166c3aaff0e50eeb4a49cb68574f1a71694`
+- New upstream commits (`HEAD..origin/main`): **86**
+- Commit window (cached): `2025-12-10` to `2026-02-23`
+
+## Risk Analysis (terraphim-skills)
+
+### High-Risk Commits (manual review recommended)
+1. `ef6399d` (2026-02-17) - `feat(judge): v2 rewrite with terraphim-cli KG integration and file-based prompts`
+- Why high risk: Large behavior rewrite (12 files, +1065/-259) touching judge execution pipeline and prompt sources.
+- Potential impact: Changed decision logic, compatibility drift with existing judge workflows.
+
+2. `98b1237` (2026-02-17) - `feat(judge): add pre-push hook and terraphim-agent config template`
+- Why high risk: Introduces automated git hook gating (`automation/judge/pre-push-judge.sh`).
+- Potential impact: Push failures in environments lacking required dependencies or correct script paths.
+
+3. `6a7ae16` (2026-02-23) - `feat: add OpenCode safety guard plugins`
+- Why high risk: Adds command safety/advisory plugin layer (`examples/opencode/plugins/*`).
+- Potential impact: Command blocking or behavior changes that can disrupt developer workflows.
+
+4. `d6eeedf` (2026-01-08) - `feat(hooks): Add PreToolUse hooks with knowledge graph replacement for all commands`
+- Why high risk: Global command interception/rewrite behavior.
+- Potential impact: Unexpected command transformations, difficult-to-diagnose execution changes.
+
+5. `f21d66f` (2026-01-03) - `chore: rename repository to terraphim-skills`
+- Why high risk: Renames repo references and plugin metadata.
+- Potential impact: Broken marketplace links, automation paths, or onboarding docs if downstream still references old names.
+
+6. `dc96659` (2026-01-27) - `docs: archive repository - migrate to terraphim-skills`
+- Why high risk: Major project migration signal (README rewrite).
+- Potential impact: Workflow/documentation mismatch for teams still using old repo assumptions.
+
+### Security-Relevant / Hardening Signals
+1. `90ede88` (2026-01-17) - `feat(git-safety-guard): block hook bypass flags`
+- Security value: Hardens against bypassing hook-based protections.
+
+2. `0aa7d2a` (2026-01-20) - `feat(ubs-scanner): add Ultimate Bug Scanner skill and hooks`
+- Security value: Adds automated bug/vulnerability detection workflow.
+
+3. `e5c3679` (2026-01-02) - `feat: add git-safety-guard skill`
+- Security value: Introduces destructive command protections in workflow guidance.
+
+### Major Refactors / Large Changes
+1. `ef6399d` (+1065/-259) - judge v2 rewrite.
+2. `4df52ae` (+2283) - new `ai-config-management` skill and integration.
+3. `851d0a5` (+1732) - adds `terraphim_settings` crate docs/config.
+4. `43b5b33` (+6835) - large infrastructure skills addition (1Password/Caddy).
+
+## Additional Observations
+- Judge/hook-related commits show high churn between `2026-02-17` and `2026-02-23` (new features followed by compatibility/path fixes), which increases integration risk.
+- Commit `45db3f0` and `b5843b5` share the same subject (`add Xero API integration skill`); verify whether this is intentional duplicate history.
+
+## Recommended Next Actions
+1. Manually review and test all **High-Risk Commits** before syncing local branch.
+2. Validate hook-dependent flows in a clean environment (`pre-push`, pre-tool-use, OpenCode plugin behavior).
+3. Run repository-specific smoke checks after sync (skill discovery, marketplace metadata resolution, judge scripts).
+4. Re-run this report after a successful networked `git fetch` to confirm no additional upstream changes.

CLAUDE.md

@@ -981,6 +981,105 @@ These constraints are enforced in `.github/dependabot.yml` to prevent automatic
 - `GET /config` - Get current configuration
 - `GET /roles` - List available roles
 
+## Dual Mode Orchestrator Architecture
+
+The terraphim orchestrator supports three execution modes for maximum flexibility:
+
+### Execution Modes
+
+1. **Time-Only Mode** (Legacy): Cron-based scheduling with immediate agent spawning
+2. **Issue-Only Mode**: Event-driven execution from issue tracker (Gitea/Linear)
+3. **Dual Mode**: Combines both time and issue task sources with unified dispatch
+
+### Architecture Components
+
+#### ModeCoordinator
+The `ModeCoordinator` manages both `TimeMode` and `IssueMode` simultaneously in dual mode:
+
+```rust
+pub struct ModeCoordinator {
+    pub time_mode: Option<TimeMode>,      // Cron-based scheduler
+    pub issue_mode: Option<IssueMode>,    // Issue tracker integration
+    pub dispatch_queue: DispatchQueue,    // Shared priority queue
+    pub workflow_mode: WorkflowMode,      // Current mode: TimeOnly/IssueOnly/Dual
+    pub concurrency_controller: ConcurrencyController, // Semaphore-based limits
+}
+```
+
+#### Unified Dispatch Queue
+A priority queue with fairness between task types:
+- **Time Tasks**: Medium priority (50), scheduled via cron
+- **Issue Tasks**: Variable priority (0-255), based on labels/PageRank
+- **Fairness**: Round-robin alternation between task types at equal priority
+- **Backpressure**: Bounded queue with configurable depth
+
+#### Key Features
+
+**Stall Detection**: Automatically detects when queue depth exceeds threshold:
+```rust
+pub fn check_stall(&self) -> bool {
+    self.dispatch_queue.len() > self.stall_threshold
+}
+```
+
+**Graceful Shutdown**: Coordinated shutdown with queue draining:
+```rust
+pub async fn unified_shutdown(&mut self) {
+    // 1. Signal mode shutdown
+    // 2. Drain dispatch queue
+    // 3. Wait for active tasks (with timeout)
+    // 4. Force stop remaining agents
+}
+```
+
+**Concurrency Control**: Semaphore-based parallel execution limiting
+
+### Configuration
+
+Enable dual mode by adding to `orchestrator.toml`:
+
+```toml
+[workflow]
+mode = "dual"  # Options: "time_only", "issue_only", "dual"
+poll_interval_secs = 60
+max_concurrent_tasks = 5
+
+[tracker]
+tracker_type = "gitea"
+url = "https://git.terraphim.cloud"
+token_env_var = "GITEA_TOKEN"
+owner = "terraphim"
+repo = "terraphim-ai"
+
+[concurrency]
+max_parallel_agents = 3
+queue_depth = 100
+starvation_timeout_secs = 300
+```
+
+### Backward Compatibility
+
+- **No breaking changes**: Old configs without `[workflow]` continue to work
+- **Default mode**: Time-only when no workflow section present
+- **Migration helpers**: `SymphonyAdapter` in `src/compat.rs` for smooth transitions
+
+### Testing
+
+See `tests/e2e_tests.rs` for comprehensive integration tests:
+- `test_dual_mode_operation`: Both task types processed
+- `test_fairness_under_load`: No starvation between modes
+- `test_graceful_shutdown`: Clean termination
+- `test_stall_detection`: Warning on queue buildup
+
+### Key Files
+
+- `src/lib.rs`: Main orchestrator with ModeCoordinator integration
+- `src/scheduler.rs`: TimeMode implementation
+- `src/issue_mode.rs`: IssueMode implementation  
+- `src/dispatcher.rs`: DispatchQueue with priority and fairness
+- `src/compat.rs`: Migration helpers and compatibility layer
+- `MIGRATION.md`: Detailed migration guide
+
 ## Quick Start Guide
 
 1. **Clone and Build**