dev

The orchestrator specification accomplishes its stated purpose but centralizes full repository exploration and all code edits through an external tool (codeagent-wrapper) and routes work to remote LLM backends deterministically. That design is operationally convenient but expands the supply-chain trust boundary and creates a clear risk of sensitive-data exfiltration if the wrapper or backends are not fully trusted and configured for on-premise private operation. Treat usage as potentially dangerous for private codebases until the wrapper's provenance, data retention, and file-exclusion controls are verified.