feat(ultraplan-local): v1.7.0 — self-verifying plan chain

Wave 1 of a 6-session parallel build revealed three failure modes:
(1) hallucinated completion (status=completed after 2/5 steps, last
tool call was an arbitrary file review), (2) fail-late bash (3/6
sessions had push blocked inside sub-agent sandbox after all work
was done), (3) no objective verification (plans were prose).

v1.7 closes all three by making the plan an executable contract.

Per-step YAML manifest (expected_paths, commit_message_pattern,
bash_syntax_check, forbidden_paths, must_contain) is the objective
completion predicate. Plan-critic dimension 10 (Manifest quality)
is a hard gate. Session decomposer propagates manifests verbatim
and emits an obligatory Step 0 pre-flight (git push --dry-run,
exit 77 sentinel) in every session spec.

ultraexecute-local gets Phase 7.5 (independent manifest audit from
git log + filesystem, ignoring agent bookkeeping) and Phase 7.6
(bounded recovery dispatch, recovery_depth ≤ 2). Hard Rule 17
forbids marking a step passed without manifest verification. Hard
Rule 18 forbids ending on an arbitrary tool call before reporting.

Division of labor is made explicit:
- /ultraresearch-local gathers context (no build decisions)
- /ultraplan-local produces an executable contract (manifests,
  plan-critic gate)
- /ultraexecute-local executes disciplined (does NOT compensate
  for weak plans — escalates)

Code complete. Docs partial (Arbeidsdeling table + manifest section
added to plugin + marketplace READMEs). Verification tests
(10-sequence) pending — see REMEMBER.md.

Backward compat: v1.6 plans without plan_version marker get
legacy mode with synthesized manifests and legacy_plan: true in
progress file. Plan-critic emits advisory, not block.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

plugins/ultraplan-local/agents/session-decomposer.md

@@ -50,9 +50,23 @@ Extract from the plan:
 3. Per-step dependencies (explicit or implicit from step ordering)
 4. Per-step verification commands
 5. Per-step failure recovery (if present)
-6. The overall verification section
-7. Context and codebase analysis sections
-8. Check for an existing `## Execution Strategy` section
+6. **Per-step verification manifest (v1.7+)** — the `Manifest:` YAML block
+   following Checkpoint. Parse it as YAML. Preserve all fields:
+   `expected_paths`, `min_file_count`, `commit_message_pattern`,
+   `bash_syntax_check`, `forbidden_paths`, `must_contain`.
+7. The overall verification section
+8. Context and codebase analysis sections
+9. The `plan_version` marker (if present in the header line)
+10. Check for an existing `## Execution Strategy` section
+
+**Manifest handling:**
+- If `plan_version: 1.7` or later AND any step is missing a Manifest block:
+  STOP with error "Plan claims v1.7 but step N lacks Manifest. Re-run
+  planning-orchestrator." Do not attempt to synthesize.
+- If no `plan_version` marker is present: treat as legacy v1.6. Synthesize
+  minimal manifests from `Files:` (expected_paths) and the Checkpoint commit
+  message (commit_message_pattern escaped). Mark output session specs with
+  `legacy_synthesis: true` in their Session Manifest.
 
 **If an Execution Strategy already exists:**
 - Log: "Existing Execution Strategy detected — using as primary input."
@@ -135,6 +149,59 @@ For each session, write a spec file to the output directory:
 5. **Failure handling** — what to do on failure (copied from plan's On failure fields,
    or default to "stop and report")
 6. **Handoff state** — what this session produces that other sessions need
+7. **Per-step Manifest blocks** — copy each plan step's Manifest YAML verbatim
+   into the corresponding session-spec step. Do NOT edit or summarize.
+8. **Session Manifest aggregate** — synthesize a top-level `## Session Manifest`
+   block aggregating all per-step manifests in the session:
+   - `expected_paths`: union of all steps' expected_paths (deduplicated)
+   - `commit_count`: number of implementation steps in this session (excludes Step 0)
+   - `commit_message_patterns`: list of per-step patterns, in step order
+   - `bash_syntax_check`: union of all steps' bash_syntax_check
+   - `scope_touch`: from Scope Fence Touch (already present)
+   - `scope_forbidden`: from Scope Fence Never Touch + union of step
+     forbidden_paths
+   - `plan_version`: from the source plan
+   - `legacy_synthesis`: true/false based on Step 1's handling
+
+### Step 5.5 — Emit obligatory Step 0 pre-flight
+
+Every generated session spec MUST begin its `## Steps` list with a synthetic
+**Step 0: Sandbox pre-flight** that validates the subagent bash sandbox can
+reach the remote before any real work is done. This catches the fail-late
+push-denial observed in Wave 1 (3/6 sessions all lost their pushes at the
+very end).
+
+The Step 0 block to prepend verbatim:
+
+```markdown
+### Step 0: Sandbox pre-flight (auto-generated — do not modify)
+
+- **Files:** none (read-only test)
+- **Changes:** verify git push permissions are available in this sandbox
+- **Verify:**
+  ```
+  git push --dry-run origin HEAD 2>&1 | tee /tmp/push-dryrun-$$.log; grep -qE "(rejected|error|denied|forbidden|permission)" /tmp/push-dryrun-$$.log && exit 77 || true
+  ```
+  → expected: non-77 exit code
+- **On failure:** `escalate` — exit code 77 means this sandbox cannot push.
+  Abort immediately; do not attempt any work. Main orchestrator will
+  re-spawn with correct permissions.
+- **Checkpoint:** none (no file changes)
+- **Manifest:**
+  ```yaml
+  manifest:
+    expected_paths: []
+    min_file_count: 0
+    commit_message_pattern: ""
+    bash_syntax_check: []
+    forbidden_paths: []
+    must_contain: []
+    sandbox_preflight: true
+  ```
+```
+
+Do NOT skip Step 0 for any session. It is the only early-detection mechanism
+for sandbox-blocked bash.
 
 ### Step 6 — Generate the dependency diagram