feat(ultraplan-local): v1.8.0 — close Opus 4.7 schema-drift gap

Opus 4.7 reads agent instructions more literally than 4.6. The v1.7
planning-orchestrator described the Step+Manifest schema via prose +
procedural rules, which 4.6 inferred correctly but 4.7 sometimes
rendered as narrative "Fase N" prose — producing plans ultraexecute
Phase 2 rejected. First observed 2026-04-17 during llm-security v6.2.0
planning.

v1.8.0 closes the gap:

- planning-orchestrator Phase 5 embeds a literal copyable Step+Manifest
  example (JWT middleware) replacing "read the template" prose
- Explicit forbidden-format clause: ## Fase N, ### Phase N, ### Stage N,
  and any non-"### Step N:" heading are denied
- Phase 5.5 schema self-check: grep-verify canonical Step count matches
  Manifest count and narrative heading count is zero, before handing to
  plan-critic
- ultraexecute-local --validate mode: schema-only check that parses
  steps + manifests, reports READY/FAIL with actionable error hints,
  no security scan, no execution. Fast sanity check between
  /ultraplan-local and full execution.

Static verification: 17/17 PASS.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/ultraplan-local/commands/ultraexecute-local.md

@@ -1,7 +1,7 @@
 ---
 name: ultraexecute-local
 description: Disciplined plan executor — single-session or multi-session with parallel orchestration, failure recovery, and headless support
-argument-hint: "[--fg | --resume | --dry-run | --step N | --session N] <plan.md>"
+argument-hint: "[--fg | --resume | --dry-run | --validate | --step N | --session N] <plan.md>"
 model: opus
 allowed-tools: Read, Write, Edit, Bash, Glob, Grep, AskUserQuestion
 ---
@@ -21,11 +21,12 @@ Parse `$ARGUMENTS` for mode flags:
 1. If arguments contain `--fg`: extract the file path. Set **mode = foreground**.
 2. If arguments contain `--resume`: extract the file path. Set **mode = resume**.
 3. If arguments contain `--dry-run`: extract the file path. Set **mode = dry-run**.
-4. If arguments contain `--step N` (N is a positive integer): extract N and the file path.
+4. If arguments contain `--validate`: extract the file path. Set **mode = validate**.
+5. If arguments contain `--step N` (N is a positive integer): extract N and the file path.
    Set **mode = step**, **target-step = N**.
-5. If arguments contain `--session N` (N is a positive integer): extract N and the file path.
+6. If arguments contain `--session N` (N is a positive integer): extract N and the file path.
    Set **mode = session**, **target-session = N**.
-6. Otherwise: the entire argument string is the file path. Set **mode = execute**.
+7. Otherwise: the entire argument string is the file path. Set **mode = execute**.
 
 If no path is provided, output usage and stop:
 
@@ -34,6 +35,7 @@ Usage: /ultraexecute-local <plan.md>
        /ultraexecute-local --fg <plan.md>
        /ultraexecute-local --resume <plan.md>
        /ultraexecute-local --dry-run <plan.md>
+       /ultraexecute-local --validate <plan.md>
        /ultraexecute-local --step N <plan.md>
        /ultraexecute-local --session N <plan.md>
 
@@ -42,6 +44,7 @@ Modes:
   --fg           Force foreground — all steps sequentially, ignore Execution Strategy
   --resume       Resume from last progress checkpoint
   --dry-run      Validate plan and show execution strategy without running
+  --validate     Schema-only check — parse steps + manifests, no security scan, no execution
   --step N       Execute only step N (foreground)
   --session N    Execute only session N from the plan's Execution Strategy
 
@@ -50,6 +53,7 @@ Examples:
   /ultraexecute-local --fg .claude/plans/ultraplan-2026-04-06-auth-refactor.md
   /ultraexecute-local --session 2 .claude/plans/ultraplan-2026-04-06-auth-refactor.md
   /ultraexecute-local --dry-run .claude/plans/ultraplan-2026-04-06-auth-refactor.md
+  /ultraexecute-local --validate .claude/plans/ultraplan-2026-04-06-auth-refactor.md
 ```
 
 If the file does not exist, report and stop:
@@ -153,9 +157,57 @@ Steps: {N}
 {if warnings}: Warnings: {list}
 ```
 
+## Phase 2.3 — Validate-only mode exit (if mode = validate)
+
+**If mode = validate, stop after Phase 2 parsing** and emit a schema-only
+report. Do NOT run security scan, do NOT touch progress files, do NOT
+execute any steps. This gives the user a fast sanity-check of plan
+schema compliance without side effects.
+
+If Phase 2 parsing succeeded (no fatal errors, every step has a valid
+Manifest block in strict mode, or synthesized manifests in legacy mode):
+
+```
+=== Schema Validation: READY ===
+File: {path}
+Type: {plan | session-spec}
+plan_version: {1.7 | legacy}
+Steps: {N}
+Manifests: {N valid | N synthesized (legacy)}
+Warnings: {count}
+{if warnings}: - {each warning on own line}
+
+Plan is schema-compliant. Safe to run:
+  /ultraexecute-local {path}
+```
+
+If Phase 2 parsing failed (unrecognized format, missing Manifest in strict
+mode, malformed YAML, invalid regex):
+
+```
+=== Schema Validation: FAIL ===
+File: {path}
+Reason: {specific error from Phase 2}
+
+{if format not recognized}:
+  Detected heading format: {e.g. "### Fase 1:", "## Phase 1"}
+  Expected: "### Step N: <description>"
+  Fix: re-run /ultraplan-local — planning-orchestrator must emit v1.7 format
+
+{if missing manifest}:
+  Step {N} has no Manifest block (plan_version=1.7 requires one per step)
+  Fix: re-run /ultraplan-local — planning-orchestrator must include manifest YAML
+
+{if malformed YAML or invalid regex}:
+  Step {N}: {specific YAML/regex error}
+  Fix: edit the plan manually or re-run /ultraplan-local
+```
+
+Exit after emitting the report. Do not continue to Phase 2.4 or later.
+
 ## Phase 2.4 — Pre-execution security scan
 
-**Runs for all modes except dry-run** (dry-run has its own report format).
+**Runs for all modes except dry-run and validate** (those modes exit earlier or have their own report format).
 
 Scan every `Verify:` and `Checkpoint:` command in the parsed plan against the
 executor security denylist. This catches dangerous commands before execution begins.