fix(ci): correct image digest separator

.wave/pipelines/impl-hotfix.yaml

@@ -0,0 +1,118 @@
+kind: WavePipeline
+metadata:
+  name: impl-hotfix
+  description: "Quick investigation and fix for production issues"
+  release: true
+
+skills:
+  - "{{ project.skill }}"
+  - software-design
+
+input:
+  source: cli
+  example: "fix panic in pipeline executor when step has nil context"
+
+steps:
+  - id: investigate
+    persona: navigator
+    model: claude-haiku
+    workspace:
+      mount:
+        - source: ./
+          target: /project
+          mode: readonly
+    exec:
+      type: prompt
+      source: |
+        Investigate this production issue: {{ input }}
+
+        1. Search for related code paths
+        2. Check recent commits that may have introduced the bug
+        3. Identify the root cause
+        4. Assess blast radius (what else could be affected)
+    output_artifacts:
+      - name: findings
+        path: .wave/output/findings.json
+        type: json
+    retry:
+      policy: patient
+      max_attempts: 2
+    handover:
+      contract:
+        type: json_schema
+        source: .wave/output/findings.json
+        schema_path: .wave/contracts/findings.schema.json
+        on_failure: retry
+
+  - id: fix
+    persona: craftsman
+    dependencies: [investigate]
+    thread: hotfix
+    memory:
+      inject_artifacts:
+        - step: investigate
+          artifact: findings
+          as: investigation
+    workspace:
+      mount:
+        - source: ./
+          target: /project
+          mode: readwrite
+    exec:
+      type: prompt
+      source: |
+        Fix the production issue based on the investigation findings.
+
+        Requirements:
+        1. Apply the minimal fix - don't refactor surrounding code
+        2. Add a regression test that would have caught this bug
+        3. Ensure all existing tests still pass
+        4. Document the fix in a commit-ready message
+    retry:
+      policy: standard
+      max_attempts: 3
+    handover:
+      contract:
+        type: test_suite
+        command: "{{ project.test_command }}"
+        must_pass: true
+        on_failure: retry
+      compaction:
+        trigger: "token_limit_80%"
+        persona: summarizer
+
+  - id: run-tests
+    type: command
+    dependencies: [fix]
+    script: "{{ project.contract_test_command }}"
+
+  - id: gate
+    type: conditional
+    dependencies: [run-tests]
+    edges:
+      - target: verify
+        condition: "outcome=success"
+      - target: fix
+
+  - id: verify
+    persona: reviewer
+    dependencies: [gate]
+    exec:
+      type: prompt
+      source: |
+        Verify the hotfix:
+
+        1. Is the fix minimal and focused? (no unrelated changes)
+        2. Does the regression test actually test the reported issue?
+        3. Are there other code paths with the same vulnerability?
+        4. Is the fix safe for production deployment?
+
+        Output a go/no-go recommendation with reasoning.
+    output_artifacts:
+      - name: verdict
+        path: .wave/output/verdict.md
+        type: markdown
+    handover:
+      contract:
+        type: non_empty_file
+        source: .wave/output/verdict.md