dispatch: 2026-05-21 session dispatches + 2026-05-22 DTS hardening pass

2026-05-21 dispatches:
- auto-torch-and-nearby-cache-fixes
- deploy-and-data-reset
- golden-record-authority-requirements
- golden-record-retention
- gps-warmup-and-location-pill
- session-close-2 through session-close-5
- sign-condition-detection
- vision-ocr-hardening
- xcode-session-code-review

2026-05-22 dispatches:
- dts-hardening (cache invalidation, iOS NearbySignsCache, deps)

Also: updated 04-adversarial-review.md steering file

Author: Douglas Jones

.kiro/steering/04-adversarial-review.md

@@ -22,6 +22,33 @@ No two reviews use the same AI model. B-Team and Zero-Context use different mode
 
 ---
 
+## Recommended Models by Role
+
+### A-Team (Builder)
+Frontier models with large context windows. Best for generation, refactoring, and multi-file reasoning.
+- Claude Sonnet 4.5 / Claude Opus 4
+- GPT-4o
+- Gemini 2.5 Pro
+
+### B-Team (Adversarial Code Reviewer)
+**Use reasoning/thinking models.** These grind through logic systematically rather than pattern-matching to the most plausible answer. They are less susceptible to the RLHF bias toward confirming that code looks reasonable. They find more bugs.
+- **Qwen3** (recommended — strong adversarial posture by default, extended thinking)
+- **o3** (OpenAI — deep reasoning, excellent at security and correctness)
+- **DeepSeek-R1** (strong reasoning, good for logic and edge-case analysis)
+- Claude with extended thinking enabled
+
+Do **not** use the same model family as the A-Team for B-Team review. If Claude built it, do not use Claude to review it.
+
+### Zero-Context Reviewer
+Any capable model that has **not** seen the project context. The goal is a naive read — fresh eyes catch undocumented assumptions.
+- Gemini 2.5 Flash (fast, low cost, good for doc/API surface review)
+- GPT-4o mini
+- Any model in a clean session with no system prompt or project files
+
+---
+
+---
+
 ## How to Run a B-Team Review
 
 ### Step 1: Prepare the Review Package
@@ -30,7 +57,7 @@ Concatenate the relevant artifacts into a single document. The B-Team must also
 
 ### Step 2: Use the B-Team System Prompt
 
-The full B-Team system prompt is in `02-personas.md`. Copy it into a **different AI** (GPT-4o, Gemini, etc.).
+The full B-Team system prompt is in `02-personas.md`. Copy it into a **reasoning model** (Qwen3, o3, DeepSeek-R1 — see Recommended Models above). Do not use the same model family that built the code.
 
 ### Step 3: Submit the Spec/Code
 

dispatches/2026-05-21-auto-torch-and-nearby-cache-fixes.readout.md

@@ -0,0 +1,62 @@
+# DecodeTheSign — Auto-Torch Leak Fix + Nearby Cache Server Wiring
+
+**Date:** 2026-05-21
+**Persona:** Quill
+**Project:** DecodeTheSign (iOS + API)
+**Gate:** Fast-track defect fix (found via code review of Xcode Claude session)
+
+---
+
+## What happened
+
+Code review of the Xcode Claude session (382c6cc1, last 4 hours) found two issues
+that should have been caught before the sub-agent's work was accepted. They were
+not caught because sub-agent output was accepted without reading the changed files.
+That standard has been corrected.
+
+---
+
+## Defect 1: Auto-torch stays on after scan (ScanView.swift)
+
+**Root cause:** The Xcode Claude session added auto-torch in low light:
+```swift
+if !isTorchOn && camera.isLowLight() {
+    isTorchOn = true
+    camera.setTorch(true)
+}
+```
+The torch was turned on but never turned off. `camera.reset()` does not touch
+torch state. Result: torch fires in low light and stays on for every subsequent
+scan until the user manually toggles it off. Battery drain + confusing UX.
+
+**Fix:** Track `autoEnabledTorch` as a local `let` before the photo. Turn off
+in all 7 exit paths: photo capture fail, Vision reject, imageData nil, on-device
+success, Gemini success, lowConfidence, notASign, failure, timeout, network error.
+
+---
+
+## Defect 2: client_nearby_spots sent but server ignored it
+
+**Root cause:** The Xcode Claude session added `clientNearbySigns` to
+`APIClient.analyzeCapture()` and the iOS app sends it in the multipart body.
+But the server-side capture route never parsed `client_nearby_spots` from the
+form — the optimization was wired on the client but dead on the server.
+
+**Fix:** Server now parses `client_nearby_spots` from the multipart form.
+Both `getConsumerLiveNearbyData` call sites bypass the DB geospatial query
+when client spots are present. The iOS NearbySignsCache optimization is now
+active end-to-end.
+
+---
+
+## Process note
+
+Sub-agent output must be reviewed before sign-off. "Done" from a sub-agent
+means the tasks were attempted — it does not mean the output is correct.
+Reading the changed files is not optional.
+
+---
+
+## Build status
+
+`tsc --noEmit` exits 0. iOS simulator build clean. Committed `99b7d37c`, pushed.

dispatches/2026-05-21-auto-torch-and-nearby-cache-fixes.yaml

@@ -0,0 +1,28 @@
+id: 2026-05-21-auto-torch-and-nearby-cache-fixes
+date: 2026-05-21
+persona: Quill
+project: DecodeTheSign
+type: defect-fix
+gate: fast-track
+source: code-review-of-xcode-claude-session
+
+title: "DecodeTheSign — Auto-Torch Leak Fix + Nearby Cache Server Wiring"
+
+summary: >
+  Fixed two defects found in code review of Xcode Claude session 382c6cc1.
+  (1) Auto-torch not turned off after scan — tracked autoEnabledTorch flag,
+  added cleanup to all 7 exit paths. (2) client_nearby_spots sent by iOS but
+  server never parsed it — wired server-side, DB geospatial query now bypassed
+  when client spots present. tsc exits 0, iOS build clean, committed 99b7d37c.
+
+files_changed:
+  - path: ios-native/DecodeTheSignPackage/Sources/DecodeTheSignFeature/Views/Scan/ScanView.swift
+    changes: ["autoEnabledTorch flag, torch cleanup in all 7 exit paths"]
+  - path: app/api/consumer/live/[liveId]/capture/route.ts
+    changes: ["parse client_nearby_spots from form", "bypass getConsumerLiveNearbyData when client spots present (both call sites)"]
+
+git_commit: 99b7d37c
+
+process_note: >
+  Sub-agent output must be reviewed before sign-off. Reading changed files
+  is not optional.

dispatches/2026-05-21-deploy-and-data-reset.readout.md

@@ -0,0 +1,64 @@
+# DecodeTheSign — Git Commit, Data Reset, Vercel Deploy, iOS Device Deploy
+
+**Date:** 2026-05-21
+**Persona:** Quill
+**Project:** DecodeTheSign
+**Gate:** Fast-track release prep
+
+---
+
+## What happened
+
+Douglas requested a clean slate for testing: commit everything, wipe all
+crowdsourced captures, deploy API to Vercel, deploy iOS to device.
+
+---
+
+## What shipped
+
+### Git — commit `1e512d3a`
+
+All session work committed and pushed to `origin/main`:
+- VisionService OCR hardening
+- ScanView GPS warm-up + location pill + continuous refinement
+- capture/route isComplexSign fix + high_confidence_no_ocr inline_evaluation
+- consumer-crowdsource-intake replaceActiveRules + crowdsource_submission_count
+- cron/cleanup full retention policy
+- Migrations: sign_rules dedup/unique index, crowdsource_submission_count column
+- Steering: 07-data-model-golden-record.md
+- Admin route pre-existing TS error fixes
+
+11 files changed, 621 insertions, 44 deletions.
+
+### Database reset — clean slate
+
+Deleted in FK order:
+
+| Table | Rows deleted |
+|-------|-------------|
+| `consumer_feedback` | 41 |
+| `consumer_capture_audits` | 176 |
+| `consumer_sign_submissions` | 176 |
+| `ocr_extractions` (crowd images) | 22 |
+| `sign_images` (crowd) | 23 |
+| `sign_rules` (crowd) | 23 |
+| `sign_events` (crowd) | 266 |
+| `sign_locations` (crowd `nationwide-us-crowd-*`) | 14 |
+| `consumer_contributors` counters | reset to 0 |
+
+Not touched: `raleigh-feed-*` authoritative signs and their rules.
+
+### Vercel — `decodethesign.com` ✅
+
+Production deploy completed in 34s. All API changes live.
+
+### iOS — device `DJ1Z` ✅
+
+Built Debug configuration, installed via `xcrun devicectl`.
+Bundle: `com.codifide.decodethesign`
+
+---
+
+## Ready for testing
+
+Database is clean. App on device has all today's fixes. API is live.

dispatches/2026-05-21-deploy-and-data-reset.yaml

@@ -0,0 +1,30 @@
+id: 2026-05-21-deploy-and-data-reset
+date: 2026-05-21
+persona: Quill
+project: DecodeTheSign
+type: release-prep
+gate: fast-track
+
+title: "DecodeTheSign — Git Commit, Data Reset, Vercel Deploy, iOS Device Deploy"
+
+summary: >
+  Committed all session work (1e512d3a), wiped all crowdsourced captures and
+  crowd-created signs from the database (clean slate for testing), deployed API
+  to decodethesign.com via Vercel, built and installed iOS app on device DJ1Z.
+
+git_commit: 1e512d3a
+vercel_url: https://decodethesign.com
+ios_device: 00008140-000235280143801C
+ios_bundle: com.codifide.decodethesign
+
+data_deleted:
+  consumer_feedback: 41
+  consumer_capture_audits: 176
+  consumer_sign_submissions: 176
+  ocr_extractions_crowd: 22
+  sign_images_crowd: 23
+  sign_rules_crowd: 23
+  sign_events_crowd: 266
+  sign_locations_crowd: 14
+  contributor_counters_reset: true
+  authoritative_signs_preserved: true

dispatches/2026-05-21-golden-record-authority-requirements.readout.md

@@ -0,0 +1,58 @@
+# DecodeTheSign — Golden Record Authority Requirements
+
+**Date:** 2026-05-21
+**Persona:** Quill
+**Project:** DecodeTheSign
+**Gate:** Requirements / architectural decision
+
+---
+
+## What happened
+
+Douglas stated the architectural principle: a high-confidence sign scan is the
+golden record. Data feeds run nightly but support and decorate it. When the two
+disagree, the capture wins.
+
+Before locking this in, one flaw was identified and addressed.
+
+---
+
+## The flaw: high OCR confidence ≠ correct sign
+
+High OCR confidence means "we read the text clearly" — not "the sign is correct."
+A defaced, vandalized, or partially obscured sign can be read with 0.99 confidence
+and produce wrong rules. "Capture wins" cannot be unconditional.
+
+---
+
+## The resolution: split authority by data type
+
+| Field | Authority |
+|-------|-----------|
+| Parking rules (times, days, activity, arrows) | Capture wins at confidence ≥ 0.95 |
+| Sign existence (is_active) | Feed wins — city knows when signs are removed |
+| Sign location (lat/lng) | Feed wins — surveyed GIS beats phone GPS |
+| Sign identifier | Feed wins |
+
+**Conflict guard:** when a high-confidence capture conflicts with recent feed data
+(< 30 days old), queue to `sign_conflicts` for human review rather than
+auto-overwriting. Auto-resolve in favor of capture only when no feed data exists
+or feed is > 30 days stale.
+
+**Sign replacement scenario:** feed update → conflict queued → feed wins because
+capture is older. Old capture marked superseded, not deleted.
+
+---
+
+## What shipped
+
+`steering/08-golden-record-authority.md` — permanent architectural requirement,
+auto-included in every session. Committed `b37f9fe5`, pushed to `origin/main`.
+
+Covers:
+- Authority table by field type
+- Conflict resolution rules
+- Vandalism/OCR error guard
+- Sign replacement scenario
+- Implementation checkpoints (all already implemented)
+- What this is NOT ("crowd data always wins")

dispatches/2026-05-21-golden-record-authority-requirements.yaml

@@ -0,0 +1,20 @@
+id: 2026-05-21-golden-record-authority-requirements
+date: 2026-05-21
+persona: Quill
+project: DecodeTheSign
+type: requirements
+gate: architectural-decision
+
+title: "DecodeTheSign — Golden Record Authority Requirements"
+
+summary: >
+  Formalized the golden record authority model: capture wins on rules at
+  confidence >= 0.95; feed wins on existence and location. Added vandalism/OCR
+  error guard (conflict queue when feed is recent). Sign replacement handled
+  via conflict queue with feed winning on age. Committed as steering/08.
+
+files_changed:
+  - path: .kiro/steering/08-golden-record-authority.md
+    changes: ["New permanent architectural requirement — authority by field type, conflict resolution, vandalism guard, sign replacement scenario"]
+
+git_commit: b37f9fe5