Follow-up to the 2026-05-31 library-currency audit (PRs #2121/2123/2124/2142/2143/2145).
The /ork:assess pass found that the audit's per-cluster gap-sweeps were scoped per-skill,
so sibling occurrences of already-fixed defects in other skills and in agent files were never touched.
This branch closes them — found by re-running each pattern as a repo-wide grep, not per-cluster.
| Pattern | Site(s) | Class |
|---|---|---|
bare PostgresSaver.from_conn_string() assign(returns a @contextmanager → compile() breaks) |
agents/workflow-architect.md agent-orchestration: claude-code-instance-management.md ×2, langgraph-implementation.md |
runtime break |
from jose import … (python-jose, CVE-2025-61152, unmaintained) |
agents/backend-system-architect.md architecture-patterns: dependency-injection.md, backend-dependency-injection.md |
CVE / dead lib |
plain gpt-5.2 / gpt-5.2-mini / o1 (superseded by GPT-5.5, Apr 2026) |
agents/llm-integrator.md (fallback chain + provider tiers) | currency |
z.string().uuid() / z.string().datetime() (Zod 4 top-level) |
agents/frontend-ui-developer.md | currency |
PostgresSaver — short body (with-block):
- checkpointer = PostgresSaver.from_conn_string(DATABASE_URL, table_name="langgraph_checkpoints") - workflow = graph.compile(checkpointer=checkpointer) + with PostgresSaver.from_conn_string(DATABASE_URL) as checkpointer: + checkpointer.setup() + workflow = graph.compile(checkpointer=checkpointer)
PostgresSaver — long-running orchestrator (explicit pool; a with would close the pool mid-run):
- checkpointer = PostgresSaver.from_conn_string(db_url) + pool = ConnectionPool(db_url, max_size=20, kwargs={"autocommit": True, "prepare_threshold": 0}) + checkpointer = PostgresSaver(pool) + checkpointer.setup()
jose → PyJWT:
- from jose import jwt, JWTError - except JWTError: + import jwt # PyJWT + except jwt.PyJWTError:
| Token | Verdict |
|---|---|
gpt-5.2-codex ×20 (agent-orchestration/gpt-5-2-codex.md) + gpt-5.2-realtime |
current Web-verified: GPT-5.2-Codex is the current dedicated agentic-coding model; there is no gpt-5.5-codex (GPT-5.5 is the Codex base). Renaming would strip capability. |
gpt-4o-2024-08-06 / gpt-4o-2024-05-13 (eval-runner) |
pinned Dated eval baselines — pinned on purpose for regression comparison. |
gpt-4o-transcribe, gpt-3.5-turbo |
valid Current transcription model / deliberate cheap-tier cost example. |
create_react_agent mentions (langgraph SKILL.md) |
doc Both are deprecation notices pointing at create_agent — correct. |
The repo's own antipattern hook (src/hooks/src/prompt/antipattern-warning.ts) still recommends
"python-jose" as an established JWT library. It's now CVE'd/unmaintained, so the advice is stale — but it touches
security-sensitive hooks + three cross-repo antipatterns.md copies, so it's left for an explicit follow-up.