diff --git a/AGENTS.md b/AGENTS.md
index 5009bb3..1695702 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Disinto — Agent Instructions
 
 ## What this repo is
diff --git a/architect/AGENTS.md b/architect/AGENTS.md
index 19ed969..cfcc71f 100644
--- a/architect/AGENTS.md
+++ b/architect/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Architect — Agent Instructions
 
 ## What this agent is
diff --git a/dev/AGENTS.md b/dev/AGENTS.md
index be7ac40..c8dd9a7 100644
--- a/dev/AGENTS.md
+++ b/dev/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Dev Agent
 
 **Role**: Implement issues autonomously — write code, push branches, address
diff --git a/gardener/AGENTS.md b/gardener/AGENTS.md
index cb66708..ec2bf79 100644
--- a/gardener/AGENTS.md
+++ b/gardener/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Gardener Agent
 
 **Role**: Backlog grooming — detect duplicate issues, missing acceptance
diff --git a/gardener/pending-actions.json b/gardener/pending-actions.json
index 174a014..cc80ba6 100644
--- a/gardener/pending-actions.json
+++ b/gardener/pending-actions.json
@@ -1,22 +1,12 @@
 [
-  {
-    "action": "edit_body",
-    "issue": 288,
-    "body": "Flagged by AI reviewer in PR #287.\n\n## Problem\n\n`review/review-pr.sh` fetches the PR head branch using hardcoded `origin` at two locations (lines 134 and 165):\n\n```bash\ngit fetch origin \"$PR_HEAD\"\n```\n\nThis is the same class of bug fixed for cron agents in #278. If the project repo is checked out with a different remote name (e.g. `codeberg`, `forge`), the review agent will silently fail to fetch the PR branch, potentially reviewing a stale or wrong commit.\n\n## Fix\n\nCall `resolve_forge_remote` early in `review-pr.sh` (same pattern as cron agents) and replace hardcoded `origin` with `${FORGE_REMOTE}`.\n\n---\n*Auto-created from AI review*\n\n## Affected files\n- `review/review-pr.sh` (lines ~134, ~165)\n- `lib/mirrors.sh` (for `resolve_forge_remote` reference if needed)\n\n## Acceptance criteria\n- [ ] `resolve_forge_remote` is called early in `review/review-pr.sh` to set `FORGE_REMOTE`\n- [ ] Hardcoded `origin` at both fetch locations replaced with `${FORGE_REMOTE}`\n- [ ] ShellCheck passes on the modified file\n- [ ] Mirrors the same fix pattern used for cron agents in #278\n"
-  },
   {
     "action": "add_label",
-    "issue": 288,
-    "label": "backlog"
+    "issue": 298,
+    "label": "in-progress"
   },
   {
-    "action": "edit_body",
-    "issue": 275,
-    "body": "Flagged by AI reviewer in PR #274.\n\n## Problem\n\nIn `bin/disinto` `setup_forge()`, the admin token was fixed (PR #274) to delete-then-recreate so the sha1 is captured. However the human token fallback at lines 791–797 still uses the old broken pattern:\n\n```sh\nhuman_token=$(curl -sf \\n  -u \"${human_user}:${human_pass}\" \\n  \"${forge_url}/api/v1/users/${human_user}/tokens\" 2>/dev/null \\n  | jq -r '.[0].sha1 // empty') || human_token=\"\"\n```\n\nForge/Forgejo does **not** return `sha1` in token list responses — only at creation time. So on a re-run when `disinto-human-token` already exists, the create call returns 409 (token name collision), the fallback listing returns an empty sha1, and `HUMAN_TOKEN` is silently not saved/updated.\n\n## Fix\n\nApply the same delete-then-recreate pattern used for the admin token in PR #274: look up the token by name, delete it if it exists, then create fresh.\n\n---\n*Auto-created from AI review*\n\n## Affected files\n- `bin/disinto` (lines ~791–797, inside `setup_forge()`)\n\n## Acceptance criteria\n- [ ] Human token creation uses delete-then-recreate pattern (same as admin token in PR #274)\n- [ ] Re-running `disinto init` on an existing box correctly saves `HUMAN_TOKEN` (no silent empty)\n- [ ] No 409 collision on token name re-use\n- [ ] ShellCheck passes on the modified file\n"
-  },
-  {
-    "action": "add_label",
-    "issue": 275,
+    "action": "remove_label",
+    "issue": 298,
     "label": "backlog"
   }
 ]
diff --git a/lib/AGENTS.md b/lib/AGENTS.md
index ab774d4..d3bc117 100644
--- a/lib/AGENTS.md
+++ b/lib/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Shared Helpers (`lib/`)
 
 All agents source `lib/env.sh` as their first action. Additional helpers are
diff --git a/planner/AGENTS.md b/planner/AGENTS.md
index e0d1f4c..dff747d 100644
--- a/planner/AGENTS.md
+++ b/planner/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Planner Agent
 
 **Role**: Strategic planning using a Prerequisite Tree (Theory of Constraints),
diff --git a/predictor/AGENTS.md b/predictor/AGENTS.md
index ae556b5..659792b 100644
--- a/predictor/AGENTS.md
+++ b/predictor/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Predictor Agent
 
 **Role**: Abstract adversary (the "goblin"). Runs a 2-step formula
diff --git a/review/AGENTS.md b/review/AGENTS.md
index f6afb17..3ed297e 100644
--- a/review/AGENTS.md
+++ b/review/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Review Agent
 
 **Role**: AI-powered PR review — post structured findings and formal
@@ -10,7 +10,7 @@ spawns `review-pr.sh <pr-number>`.
 
 **Key files**:
 - `review/review-poll.sh` — Cron scheduler: finds unreviewed PRs with passing CI. Sources `lib/guard.sh` and calls `check_active reviewer` — skips if `$FACTORY_ROOT/state/.reviewer-active` is absent. **Circuit breaker**: counts existing `<!-- review-error: <sha> -->` comments; skips a PR if ≥3 consecutive errors for the same HEAD SHA (prevents flooding on repeated review failures).
-- `review/review-pr.sh` — Creates/reuses a tmux session (`review-{project}-{pr}`), injects PR diff, waits for Claude to write structured JSON output, posts markdown review + formal forge review, auto-creates follow-up issues for pre-existing tech debt. Before starting the session, runs `lib/build-graph.py --changed-files <PR files>` and appends the JSON structural analysis (affected objectives, orphaned prerequisites, thin evidence) to the review prompt. Graph failures are non-fatal — review proceeds without it.
+- `review/review-pr.sh` — Creates/reuses a tmux session (`review-{project}-{pr}`), injects PR diff, waits for Claude to write structured JSON output, posts markdown review + formal forge review, auto-creates follow-up issues for pre-existing tech debt. Calls `resolve_forge_remote()` at startup to determine the correct git remote name (avoids hardcoded 'origin'). Before starting the session, runs `lib/build-graph.py --changed-files <PR files>` and appends the JSON structural analysis (affected objectives, orphaned prerequisites, thin evidence) to the review prompt. Graph failures are non-fatal — review proceeds without it.
 
 **Environment variables consumed**:
 - `FORGE_TOKEN` — Dev-agent token (must not be the same account as FORGE_REVIEW_TOKEN)
diff --git a/supervisor/AGENTS.md b/supervisor/AGENTS.md
index 72af4cd..727ac27 100644
--- a/supervisor/AGENTS.md
+++ b/supervisor/AGENTS.md
@@ -1,4 +1,4 @@
-<!-- last-reviewed: 8d321681213a455ed01eefc13ccbd9af7daae453 -->
+<!-- last-reviewed: f10cdf2c9e44c32308c7ea74fcc3139407703e59 -->
 # Supervisor Agent
 
 **Role**: Health monitoring and auto-remediation, executed as a formula-driven