diff --git a/.story_kit/work/1_upcoming/132_story_fix_toctou_race_in_agent_check_and_insert.md b/.story_kit/work/1_upcoming/132_story_fix_toctou_race_in_agent_check_and_insert.md
new file mode 100644
index 0000000..91a3a62
--- /dev/null
+++ b/.story_kit/work/1_upcoming/132_story_fix_toctou_race_in_agent_check_and_insert.md
@@ -0,0 +1,20 @@
+---
+name: "Fix TOCTOU race in agent check-and-insert"
+---
+
+# Story 132: Fix TOCTOU race in agent check-and-insert
+
+## User Story
+
+As a user running multiple agents, I want the agent pool to correctly enforce single-instance-per-agent so that two agents never end up running on the same story or the same agent name running on two stories concurrently.
+
+## Acceptance Criteria
+
+- [ ] The lock in start_agent (agents.rs ~lines 262-324) is held continuously from the availability check through the HashMap insert — no lock release between check and insert
+- [ ] The lock in auto_assign_available_work (agents.rs ~lines 1196-1228) is held from find_free_agent_for_stage through the start_agent call, preventing a concurrent auto_assign from selecting the same agent
+- [ ] A test demonstrates that concurrent start_agent calls for the same agent name on different stories result in exactly one running agent and one rejection
+- [ ] A test demonstrates that concurrent auto_assign_available_work calls do not produce duplicate assignments
+
+## Out of Scope
+
+- TBD