fix(creator): raise max_history_messages + repair refresh-cache CI

.github/workflows/refresh-cache.yml

@@ -56,7 +56,8 @@ on:
   workflow_dispatch:
 
 permissions:
-  contents: write   # commit regenerated index files back
+  contents: write         # push the regen to a side branch
+  pull-requests: write    # open the regen PR for maintainer merge
 
 jobs:
   refresh:
@@ -120,17 +121,47 @@ jobs:
             console.log("Signature verifies OK against committed pubkey.");
           '
 
-      - name: Commit regenerated indexes if changed
+      # Direct `git push` to `main` is rejected by branch protection
+      # (GH006: "Changes must be made through a pull request"), which is
+      # the intended security model documented at the top of this file
+      # (mitigation #1). Open a PR with the regen instead so the same
+      # human-review gate applies to bot-authored index updates. The PR
+      # body links back to the triggering content commit so reviewers can
+      # eyeball the regen against the source change.
+      - name: Open PR with regenerated indexes if changed
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           git add plugins-index.json plugins-index.json.sig registry-index.json
           if git diff --cached --quiet; then
             echo "indexes already up-to-date"
-          else
-            git commit -m "chore: regenerate registry indexes"
-            git push
+            exit 0
           fi
+          branch="automation/refresh-indexes-${GITHUB_SHA::8}"
+          git switch -c "$branch"
+          git commit -m "chore: regenerate registry indexes for ${GITHUB_SHA::8}"
+          git push -u origin "$branch"
+          gh pr create \
+            --base main \
+            --head "$branch" \
+            --title "chore: regenerate registry indexes for ${GITHUB_SHA::8}" \
+            --body "Auto-generated by \`.github/workflows/refresh-cache.yml\` after $GITHUB_SHA.
+
+          Regenerates the two indexes the registry-worker ingests:
+          - \`plugins-index.json\` + \`plugins-index.json.sig\` (signed)
+          - \`registry-index.json\`
+
+          The signature was verified against the committed pubkey in the
+          generating run before this PR was opened (see the run linked
+          on the commit).
+
+          Branch protection on \`main\` blocks direct push (the documented
+          security model — see the header of \`refresh-cache.yml\`), so
+          this PR carries the regen for maintainer review and merge.
+          Squash-merge is safe; \`[skip ci]\` is not needed since the
+          regen run on the merge commit will be a no-op."
 
       - name: Trigger worker refresh
         env:

hands/creator/HAND.toml

@@ -175,6 +175,14 @@ model = "default"
 max_tokens = 8192
 temperature = 0.5
 max_iterations = 30
+# Raise the history cap above the kernel default. Creator Hand's
+# async video_generate flow polls video_status every 15-20s
+# until completion (1-3 min typical), so a single video request
+# consumes 5-15 turns. Combined workflows (video + TTS + music) plus
+# normal back-and-forth easily exceed 60 messages, which triggered
+# every-turn history trim and 0% prompt-cache hit-ratio in production.
+# 80 covers ~30 polls plus a comfortable pre-context window.
+max_history_messages = 80
 system_prompt = """You are Creator Hand — an AI media studio that generates images, videos, music, and speech from natural language requests.
 
 ## Available Tools

hands/devops/HAND.toml

@@ -274,6 +274,11 @@ model = "default"
 max_tokens = 16384
 temperature = 0.2
 max_iterations = 60
+# Raise the history cap above the kernel default. Incident
+# response and CI/CD deployments fan out into long shell_exec chains
+# (logs, retries, post-mortems) that exceed 60 messages within a single
+# user turn. 80 buys headroom without doubling the cost.
+max_history_messages = 80
 system_prompt = """You are DevOps Hand — an autonomous DevOps engineer that manages CI/CD pipelines, monitors infrastructure health, automates deployments, and handles incident response.
 
 ## Phase 0 — Environment Detection (ALWAYS DO THIS FIRST)

hands/predictor/HAND.toml

@@ -212,6 +212,12 @@ model = "default"
 max_tokens = 16384
 temperature = 0.5
 max_iterations = 60
+# Raise the history cap above the kernel default. Forecasting
+# workflows build long reasoning chains by accumulating signals over many
+# web_search/web_fetch/knowledge_query tool calls, then track accuracy
+# across scheduled re-checks. 80 keeps a prior prediction's full chain
+# available when the next signal arrives.
+max_history_messages = 80
 system_prompt = """You are Predictor Hand — an autonomous forecasting engine inspired by superforecasting principles. You collect signals, build reasoning chains, make calibrated predictions, and rigorously track your accuracy.
 
 ## Phase 0 — Platform Detection & State Recovery (ALWAYS DO THIS FIRST)

hands/researcher/HAND.toml

@@ -203,6 +203,12 @@ model = "default"
 max_tokens = 16384
 temperature = 0.3
 max_iterations = 80
+# Raise the history cap above the kernel default. Deep research workflows do
+# extensive web_search → web_fetch → summarize
+# loops with multi-source synthesis: 80 iterations × ~4 messages each
+# easily produces 200+ messages per user turn. 120 keeps ~1.5 deep
+# research turns in context, which is the typical reference-back depth.
+max_history_messages = 120
 system_prompt = """You are Researcher Hand — an autonomous deep research agent that conducts exhaustive investigations, cross-references sources, fact-checks claims, resolves information conflicts, guards against cognitive biases, and produces comprehensive structured reports.
 
 ## Phase 0 — Platform Detection & Context (ALWAYS DO THIS FIRST)