diff --git a/.github/agents/security-sheriff.agent.md b/.github/agents/security-sheriff.agent.md
index 78a51df5..6d841d5d 100644
--- a/.github/agents/security-sheriff.agent.md
+++ b/.github/agents/security-sheriff.agent.md
@@ -9,6 +9,7 @@ You are the Risk Reviewer for security.
 Rules:
 - Flag risky changes to auth, secrets, or privilege boundaries.
 - Prefer least-privilege and explicit error handling.
+- `execute` permission is scoped to: `bash scripts/verify` and read-only diagnostic commands only.
 - Add or improve tests for security-sensitive logic when possible.
 - Run `bash scripts/verify` for any change you propose.
 - Do not approve bypassing human review for high-risk changes.
diff --git a/.github/agents/test-specialist.agent.md b/.github/agents/test-specialist.agent.md
index 87d5a5e5..1124d9db 100644
--- a/.github/agents/test-specialist.agent.md
+++ b/.github/agents/test-specialist.agent.md
@@ -9,6 +9,7 @@ You are the Deterministic Verifier.
 Rules:
 - Prefer tests before production edits.
 - Keep changes minimal and scoped.
+- `execute` permission is scoped to: `bash scripts/verify` and test runner commands only.
 - Run `bash scripts/verify` before handoff.
 - Report exact command output in the PR Evidence section.
 - If verification fails, provide a concise failure diagnosis.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index eb98ca1d..827e736b 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,5 +1,27 @@
-## Related issues / PRs. Summarize issues.
-- #
+## Summary
 
-## Summarize Changes
-1. 
+- What changed?
+- Why was it needed?
+
+## Risk
+
+- Risk level: `low | medium | high`
+- Regression surface (frontend/backend/infra/docs/security/release):
+- Security/runtime safety impact:
+
+## Evidence
+
+- Deterministic verification command: `bash scripts/verify`
+- Command output summary:
+- Any justified skips:
+
+## Rollback
+
+- Rollback command or steps:
+- Data/schema/runtime rollback impact:
+
+## Scope Guard
+
+- [ ] Change is minimal and task-focused
+- [ ] No unrelated refactors included
+- [ ] No secrets or private tokens added
diff --git a/.github/workflows/agent-label-sync.yml b/.github/workflows/agent-label-sync.yml
index 290e09f0..71611c4b 100644
--- a/.github/workflows/agent-label-sync.yml
+++ b/.github/workflows/agent-label-sync.yml
@@ -3,6 +3,9 @@ name: Agent Label Sync
 on:
   workflow_dispatch:
   push:
+    branches:
+      - main
+      - master
     paths:
       - '.github/workflows/agent-label-sync.yml'
 
diff --git a/.github/workflows/agent-task-queue.yml b/.github/workflows/agent-task-queue.yml
index 1c8b5227..32dfa57e 100644
--- a/.github/workflows/agent-task-queue.yml
+++ b/.github/workflows/agent-task-queue.yml
@@ -46,6 +46,27 @@ jobs:
               c.body?.includes(`- #${issue_number}:`)
             );
 
+            // Idempotency guard: issue is already fully transitioned; skip label/comment mutations
+            // but still consume agent:ready to prevent ready+in-progress co-existence.
+            if (hadInProgress && existingContract) {
+              if (hadReady) {
+                try {
+                  await github.rest.issues.removeLabel({
+                    owner,
+                    repo,
+                    issue_number,
+                    name: "agent:ready",
+                  });
+                } catch (error) {
+                  if (error.status !== 404) {
+                    throw error;
+                  }
+                }
+              }
+              core.info("Issue already in-progress with existing contract; skipping duplicate enqueue.");
+              return;
+            }
+
             let addedInProgress = false;
             let removedReady = false;
 
@@ -115,7 +136,7 @@ jobs:
                     name: "agent:in-progress",
                   });
                 } catch (rollbackError) {
-                  core.warning(`Rollback remove agent:in-progress failed: ${rollbackError.message}`);
+                  core.error(`Rollback remove agent:in-progress failed: ${rollbackError.message}`);
                 }
               }
 
@@ -128,7 +149,7 @@ jobs:
                     labels: ["agent:ready"],
                   });
                 } catch (rollbackError) {
-                  core.warning(`Rollback add agent:ready failed: ${rollbackError.message}`);
+                  core.error(`Rollback add agent:ready failed: ${rollbackError.message}`);
                 }
               }
 
diff --git a/AGENTS.md b/AGENTS.md
index 4a44a1a9..1e94c180 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -27,4 +27,9 @@ bash scripts/verify
 - Queue workflow will post a task packet and notify `@copilot`.
 
 ## Queue Trigger Warning
-Applying label `agent:ready` triggers the queue workflow immediately.
+
+> ⚠️ **Applying label `agent:ready` triggers the queue workflow immediately.**
+> The workflow will transition the issue to `agent:in-progress`, post an Execution Contract
+> comment, and notify `@copilot`. This action cannot be silently undone — any rollback
+> failure is surfaced as a workflow error. Do not apply `agent:ready` unless the issue is
+> fully scoped and ready for autonomous implementation.