@accelerationguy/accel 1.0.0

package/modules/radar/src/core/workflows/phase-1-reconnaissance.md

@@ -0,0 +1,169 @@
+<purpose>
+Executes automated signal gathering by running all configured analysis tools against the target codebase, normalizing their output to the Radar signal schema, and persisting results for consumption by domain audit agents in Phase 2.
+</purpose>
+
+<phase_context>
+Phase: 1 — Automated Signal Gathering
+Prior phase output: Phase 0 audit scope (.radar/scope.md), threat model (.radar/threat-model.md), initialized .radar/STATE.md
+Agents invoked: None — this phase is pure tool orchestration, no reasoning agents. Tools execute mechanically per their adapter specifications.
+Output: Normalized signal files (.radar/signals/{tool-id}.md per tool), signal summary with domain-tagged counts
+</phase_context>
+
+<required_input>
+@.radar/STATE.md
+@.radar/MANIFEST.md
+@.radar/scope.md
+@~/.claude/radar/schemas/signal.md
+@~/.claude/radar/tools/sonarqube.md
+@~/.claude/radar/tools/semgrep.md
+@~/.claude/radar/tools/trivy.md
+@~/.claude/radar/tools/gitleaks.md
+@~/.claude/radar/tools/checkov.md
+@~/.claude/radar/tools/syft.md
+@~/.claude/radar/tools/grype.md
+@~/.claude/radar/tools/git-history.md
+</required_input>
+
+<process>
+
+<step name="validate_prerequisites" priority="first">
+1. Verify .radar/STATE.md exists and shows Phase 0 complete:
+   a. Check phase_0_complete: true
+   b. Check .radar/scope.md exists and is non-empty
+   c. Check .radar/threat-model.md exists
+2. If Phase 0 is not complete:
+   a. Halt with error: "Phase 0 (Context & Threat Modeling) not complete. Run phase-0-context workflow first."
+   b. Do not proceed.
+3. Read .radar/scope.md to extract:
+   a. Scan targets (directories, file patterns)
+   b. Exclusions (vendored code, generated files, test fixtures)
+   c. Technology stack (determines which tools and rule sets apply)
+   d. Any scope overrides from audit configuration
+4. Update .radar/STATE.md:
+   a. current_phase: 1
+   b. phase_status: in_progress
+</step>
+
+<step name="configure_tool_execution" priority="blocking">
+1. Read .radar/MANIFEST.md to determine which tools are enabled for this audit.
+2. For each enabled tool, load its adapter specification from src/tools/{tool-id}.md.
+3. Configure each tool based on scope:
+   a. SonarQube: project key, quality profile, language plugins
+   b. Semgrep: rule sets matching detected languages/frameworks
+   c. Trivy: scan mode (filesystem vs image), severity thresholds
+   d. Gitleaks: custom config if secrets patterns specified in scope
+   e. Checkov: framework detection (terraform, cloudformation, k8s, dockerfile)
+   f. Syft: output format (SPDX/CycloneDX), scan target
+   g. Grype: vulnerability database update, severity thresholds
+   h. git-history: date range, file filters, author grouping
+4. Record tool configuration in .radar/STATE.md for reproducibility.
+5. Determine execution order:
+   a. Syft MUST run before Grype (Grype consumes Syft SBOM output)
+   b. All other tools are independent and can run in parallel
+</step>
+
+<step name="execute_tools" priority="blocking">
+1. Execute all independent tools (can run in parallel):
+   a. SonarQube — static analysis via MCP server or CLI
+   b. Semgrep — pattern-based analysis with configured rule sets
+   c. Trivy — vulnerability and misconfiguration scanning
+   d. Gitleaks — secrets detection across repository history
+   e. Checkov — infrastructure-as-code policy scanning
+   f. git-history — change frequency, author concentration, file age analysis
+2. Execute SBOM pipeline (sequential):
+   a. Syft — generate software bill of materials
+   b. Grype — scan Syft output for known vulnerabilities
+3. For each tool execution:
+   a. Record start time
+   b. Capture raw output
+   c. Record completion time and exit status
+   d. If tool fails: log error, mark tool as "failed" in STATE.md, continue with remaining tools
+4. Update .radar/STATE.md with tool execution status after each completes.
+</step>
+
+<step name="normalize_signals" priority="blocking">
+1. For each tool that produced output:
+   a. Load the tool's adapter specification from src/tools/{tool-id}.md
+   b. Apply the normalization mapping defined in the adapter:
+      - Map tool-native severity to Radar severity scale
+      - Map tool-native confidence to Radar confidence dimensions
+      - Calculate blast radius from tool context
+      - Tag with domain relevance per the adapter's domain_mapping
+   c. Produce normalized signal records conforming to src/schemas/signal.md
+2. For each normalized signal:
+   a. Assign signal ID: S-{TOOL}-{NNN}
+   b. Tag with source_tool, timestamp, domain_ids
+   c. Preserve raw tool reference for traceability
+3. Validate all normalized signals against src/schemas/signal.md:
+   a. Required fields present
+   b. Severity within valid range
+   c. Domain tags reference valid domain IDs (00-13)
+4. Record normalization results:
+   a. Total signals per tool
+   b. Signals per domain
+   c. Any signals that failed normalization (quarantine with reason)
+</step>
+
+<step name="persist_signals" priority="blocking">
+1. Write normalized signals to .radar/signals/{tool-id}.md:
+   a. One file per tool containing all normalized signals from that tool
+   b. Files: sonarqube.md, semgrep.md, trivy.md, gitleaks.md, checkov.md, syft.md, grype.md, git-history.md
+   c. Only create files for tools that produced output
+2. Generate signal summary:
+   a. Total signal count across all tools
+   b. Signal count per tool
+   c. Signal count per domain (aggregated across tools)
+   d. Severity distribution (critical, high, medium, low, info)
+   e. Tools that failed or produced no output
+3. Write signal summary to .radar/signals/SUMMARY.md.
+4. Verify all writes completed:
+   a. Confirm each file exists and is non-empty
+   b. Confirm signal counts match expected totals
+</step>
+
+<step name="update_state_phase_complete" priority="blocking">
+1. Update .radar/STATE.md:
+   a. current_phase: 1
+   b. phase_status: complete
+   c. phase_1_complete: true
+   d. tools_executed: [list of tools that ran successfully]
+   e. tools_failed: [list of tools that failed, with reasons]
+   f. total_signals: N
+   g. signals_per_domain: {domain_id: count}
+   h. next_phase: 2
+   i. timestamp: completion time
+2. Record Phase 1 metrics:
+   a. Duration
+   b. Tool execution times
+   c. Signal volumes
+   d. Coverage gaps (domains with zero signals)
+</step>
+
+</process>
+
+<output>
+Artifacts created:
+- .radar/signals/sonarqube.md — Normalized SonarQube signals
+- .radar/signals/semgrep.md — Normalized Semgrep signals
+- .radar/signals/trivy.md — Normalized Trivy signals
+- .radar/signals/gitleaks.md — Normalized Gitleaks signals
+- .radar/signals/checkov.md — Normalized Checkov signals
+- .radar/signals/syft.md — Normalized Syft SBOM signals
+- .radar/signals/grype.md — Normalized Grype vulnerability signals
+- .radar/signals/git-history.md — Normalized git history signals
+- .radar/signals/SUMMARY.md — Aggregated signal summary with domain counts
+- .radar/STATE.md — Updated with Phase 1 completion and signal metrics
+
+All signal files conform to src/schemas/signal.md.
+</output>
+
+<error_handling>
+- **Phase 0 not complete:** Halt immediately. Display: "Phase 0 (Context & Threat Modeling) must complete before signal gathering. Run phase-0-context first." Do not proceed.
+- **Tool not installed:** Log missing tool in .radar/STATE.md. Skip tool and continue with remaining tools. Record coverage gap — domains served only by the missing tool will have reduced signal diversity.
+- **Tool execution failure (non-zero exit):** Capture error output. Record failure reason in STATE.md. Continue with remaining tools. Do not retry automatically — present failure to user for decision (retry, skip, or abort phase).
+- **Tool produces no output:** Record as "no findings" (distinct from failure). Some tools legitimately find nothing. Do not treat empty output as an error.
+- **Normalization failure (signal doesn't conform to schema):** Quarantine the raw signal in .radar/signals/quarantine/{tool-id}-{timestamp}.md. Record normalization error. Continue with remaining signals. Report quarantined count in summary.
+- **All tools fail:** Halt phase. Record failure in STATE.md. Phase 2 cannot proceed without signals. Present to user for diagnosis.
+- **Syft/Grype pipeline break:** If Syft fails, Grype cannot run. Record both as failed. Other tools continue independently.
+- **Scope too broad (excessive signal volume):** If total signals exceed a reasonable threshold, log warning. Phase 2 agents may need signal filtering by relevance. Record in STATE.md for downstream awareness.
+</error_handling>

package/modules/radar/src/core/workflows/phase-2-domain-audits.md

@@ -0,0 +1,190 @@
+<purpose>
+Executes parallel deep domain audits by invoking 8 specialist agents — each analyzing their assigned domains using Phase 1 signals as evidence, producing independent findings using the formal epistemic schema, and detecting cross-agent disagreements.
+</purpose>
+
+<phase_context>
+Phase: 2 — Deep Domain Audits
+Prior phase output: Phase 0 scope (.radar/scope.md), Phase 1 normalized signals (.radar/signals/*.md), signal summary (.radar/signals/SUMMARY.md)
+Agents invoked: architect, data-engineer, security-engineer, compliance-officer, senior-app-engineer, sre, performance-engineer, test-engineer (8 agents, all parallel-eligible)
+Output: Per-agent finding sets (.radar/findings/{agent-id}.md), disagreement records (.radar/disagreements/*.md if any), updated .radar/STATE.md
+</phase_context>
+
+<required_input>
+@.radar/STATE.md
+@.radar/MANIFEST.md
+@.radar/scope.md
+@.radar/signals/SUMMARY.md
+@.radar/signals/*.md (all signal files)
+@~/.claude/radar/core/agents/architect.md
+@~/.claude/radar/core/agents/data-engineer.md
+@~/.claude/radar/core/agents/security-engineer.md
+@~/.claude/radar/core/agents/compliance-officer.md
+@~/.claude/radar/core/agents/senior-app-engineer.md
+@~/.claude/radar/core/agents/sre.md
+@~/.claude/radar/core/agents/performance-engineer.md
+@~/.claude/radar/core/agents/test-engineer.md
+@~/.claude/radar/schemas/finding.md
+@~/.claude/radar/schemas/disagreement.md
+@~/.claude/radar/schemas/confidence.md
+@~/.claude/radar/rules/epistemic-hygiene.md
+@~/.claude/radar/rules/disagreement-protocol.md
+@~/.claude/radar/rules/agent-boundaries.md
+@~/.claude/radar/core/workflows/session-handoff.md
+@~/.claude/radar/core/workflows/disagreement-resolution.md
+</required_input>
+
+<process>
+
+<step name="validate_prerequisites" priority="first">
+1. Verify .radar/STATE.md shows Phase 1 complete:
+   a. Check phase_1_complete: true
+   b. Check .radar/signals/ directory contains at least one signal file
+   c. Check .radar/signals/SUMMARY.md exists
+2. If Phase 1 is not complete:
+   a. Halt with error: "Phase 1 (Signal Gathering) not complete. Run phase-1-reconnaissance workflow first."
+   b. Do not proceed.
+3. Read signal summary to understand available evidence:
+   a. Which tools produced signals
+   b. Which domains have signal coverage
+   c. Any coverage gaps to note
+4. Update .radar/STATE.md:
+   a. current_phase: 2
+   b. phase_status: in_progress
+   c. agents_remaining: [architect, data-engineer, security-engineer, compliance-officer, senior-app-engineer, sre, performance-engineer, test-engineer]
+</step>
+
+<step name="prepare_agent_contexts" priority="blocking">
+1. For each of the 8 domain audit agents:
+   a. Load agent manifest from src/core/agents/{agent-id}.md
+   b. Resolve all component references:
+      - Persona: src/core/personas/{persona-id}.md
+      - Domains: src/domains/{DD}-*.md for each domain in the manifest
+      - Schemas: src/schemas/{schema-id}.md for each declared schema
+      - Rules: src/rules/{rule-id}.md for each declared rule
+   c. Collect relevant signals:
+      - Load .radar/signals/{tool-id}.md for each tool declared in the agent manifest
+      - Filter signals to those tagged with the agent's domain IDs
+   d. Include shared context:
+      - .radar/scope.md (audit boundaries and focus areas)
+      - .radar/STATE.md (audit position awareness)
+   e. Include the agent manifest's "Session Context" section for phase-specific instructions
+
+2. Build per-agent context bundles ordered by priority:
+   a. Persona specification (first — defines identity and reasoning approach)
+   b. Rules (second — constraints on behavior)
+   c. Domain modules (third — knowledge base)
+   d. Relevant signals (fourth — evidence to analyze)
+   e. Scope and state (fifth — situational awareness)
+
+3. Verify each context bundle fits within session budget:
+   a. Estimate token count per bundle
+   b. If exceeding budget: prioritize persona > rules > primary domain > signals > secondary domains
+   c. Log any trimmed context in .radar/STATE.md
+
+4. Record agent invocation plan in .radar/STATE.md.
+</step>
+
+<step name="invoke_domain_agents" priority="blocking">
+1. All 8 agents are parallel-eligible (no inter-dependencies within Phase 2).
+2. Invoke agents with their prepared context bundles:
+   a. Each agent receives: persona + domains + signals + schemas + rules + scope
+   b. Each agent produces findings ONLY for their assigned domains
+   c. Each finding must conform to src/schemas/finding.md (7 epistemic layers)
+   d. Each finding must include confidence vector per src/schemas/confidence.md
+3. For each agent session:
+   a. Record session start time in .radar/STATE.md
+   b. Monitor for session completion or timeout
+   c. On completion: invoke session-handoff workflow (src/core/workflows/session-handoff.md)
+   d. On timeout: mark as interrupted in .radar/STATE.md, continue with remaining agents
+4. Track completion across all agents:
+   a. Update agents_completed and agents_remaining in .radar/STATE.md after each
+   b. Phase 2 continues until all agents complete or fail
+</step>
+
+<step name="validate_all_outputs" priority="blocking">
+1. For each agent's finding set (validated individually by session-handoff):
+   a. Confirm findings reference only the agent's declared domains
+   b. Confirm no agent produced findings outside their domain boundaries (per agent-boundaries rules)
+   c. Confirm confidence vectors are complete (all 4 dimensions rated)
+   d. Confirm evidence fields are populated (not asserted without support)
+2. Aggregate validation results:
+   a. Total findings produced across all agents
+   b. Findings per domain
+   c. Findings per severity level
+   d. Any findings that failed validation (quarantined by session-handoff)
+3. Check domain coverage:
+   a. Which domains received findings
+   b. Which domains have zero findings (potential blind spots)
+   c. Record coverage analysis in .radar/STATE.md
+</step>
+
+<step name="detect_disagreements" priority="blocking">
+1. Compare findings across agents for overlapping concerns:
+   a. Agents with shared domains (e.g., senior-app-engineer domains [03,09] may overlap with architect domain [01] on structural concerns)
+   b. Same code area assessed differently by different agents
+   c. Same pattern receiving different severity ratings
+   d. Contradictory recommendations for the same issue
+2. For each detected disagreement:
+   a. Create disagreement record conforming to src/schemas/disagreement.md
+   b. Identify the epistemic layer disputed (interpretation, assumptions, impact, likelihood, judgment)
+   c. Record both agent positions with their evidence and confidence
+   d. Assign disagreement ID: D-{NNN}
+   e. Set status: open
+   f. Set principal_response: pending (to be filled by disagreement resolution)
+3. Write disagreement records to .radar/disagreements/{disagreement-id}.md.
+4. If disagreements exist:
+   a. Queue disagreement-resolution workflow (src/core/workflows/disagreement-resolution.md)
+   b. Record disagreement count in .radar/STATE.md
+   c. Note: disagreement resolution may occur between Phase 2 and Phase 3, or be deferred to Phase 5
+</step>
+
+<step name="update_state_phase_complete" priority="blocking">
+1. Update .radar/STATE.md:
+   a. current_phase: 2
+   b. phase_status: complete
+   c. phase_2_complete: true
+   d. agents_completed: [list of all agents that completed successfully]
+   e. agents_failed: [list of any agents that failed, with reasons]
+   f. total_findings: N
+   g. findings_per_agent: {agent-id: count}
+   h. findings_per_domain: {domain_id: count}
+   i. disagreements_detected: N
+   j. disagreements_resolved: N (may be 0 if deferred)
+   k. next_phase: 3
+   l. timestamp: completion time
+2. Record Phase 2 metrics:
+   a. Duration (total and per-agent)
+   b. Finding volumes and severity distribution
+   c. Domain coverage completeness
+   d. Disagreement summary
+</step>
+
+</process>
+
+<output>
+Artifacts created:
+- .radar/findings/architect.md — Architecture domain findings
+- .radar/findings/data-engineer.md — Data & state integrity findings
+- .radar/findings/security-engineer.md — Security domain findings
+- .radar/findings/compliance-officer.md — Compliance & governance findings
+- .radar/findings/senior-app-engineer.md — Correctness & maintainability findings
+- .radar/findings/sre.md — Reliability & operability findings
+- .radar/findings/performance-engineer.md — Performance & scalability findings
+- .radar/findings/test-engineer.md — Testing strategy findings
+- .radar/disagreements/{disagreement-id}.md — Cross-agent disagreement records (if any)
+- .radar/STATE.md — Updated with Phase 2 completion, finding metrics, disagreement counts
+
+All finding files conform to src/schemas/finding.md.
+All disagreement records conform to src/schemas/disagreement.md.
+</output>
+
+<error_handling>
+- **Phase 1 not complete:** Halt immediately. Display: "Phase 1 (Signal Gathering) must complete before domain audits. Run phase-1-reconnaissance first." Do not proceed.
+- **No signals available for an agent's domains:** Invoke the agent anyway — agents can analyze code structure and patterns without tool signals. Note reduced evidence base in .radar/STATE.md. Agent's confidence vectors should reflect limited signal diversity.
+- **Agent session failure:** Log failure in .radar/STATE.md. Skip failed agent and continue with remaining agents. Record which domains lost coverage. Warn user that audit has gaps. Do not retry automatically.
+- **Agent produces findings outside declared domains:** Reject the out-of-scope findings (per agent-boundaries rules). Log boundary violation in .radar/STATE.md. Accept valid in-scope findings from the same session.
+- **Schema validation failure (finding malformed):** Handled by session-handoff workflow — quarantine invalid findings, accept valid ones. If ALL findings from an agent fail validation, mark agent session as "validation-failed" and flag for re-run.
+- **Context budget exceeded for an agent:** Trim signals by relevance (keep signals tagged for agent's primary domain, drop secondary domain signals). Never trim persona or rules. Log trimmed context. Agent's findings should note limited evidence base.
+- **All agents fail:** Halt phase. Record failure in STATE.md. Phase 3 cannot proceed without Phase 2 findings. Present to user for diagnosis.
+- **Disagreement detection produces false positives:** Accept over-detection. False positives are resolved by the Principal Engineer in the disagreement-resolution workflow. Under-detection is worse — it hides risk.
+</error_handling>

package/modules/radar/src/core/workflows/phase-3-cross-domain.md

@@ -0,0 +1,177 @@
+<purpose>
+Executes cross-domain synthesis audits by invoking the Staff Engineer (change risk and team ownership analysis) followed by the Reality Gap Analyst (code-vs-runtime divergence detection) — both drawing on Phase 2 findings and specialized signal sources.
+</purpose>
+
+<phase_context>
+Phase: 3 — Change Risk, Team Risk & Reality Gap
+Prior phase output: Phase 2 domain findings (.radar/findings/*.md from 8 agents), Phase 1 signals (.radar/signals/*.md), Phase 0 scope (.radar/scope.md)
+Agents invoked: staff-engineer (sequential first), reality-gap-analyst (sequential second). Sequential because Reality Gap Analyst benefits from Staff Engineer's change risk findings.
+Output: .radar/findings/staff-engineer.md, .radar/findings/reality-gap-analyst.md, additional .radar/disagreements/*.md if any, updated .radar/STATE.md
+</phase_context>
+
+<required_input>
+@.radar/STATE.md
+@.radar/MANIFEST.md
+@.radar/scope.md
+@.radar/findings/*.md (all Phase 2 agent finding files)
+@.radar/signals/git-history.md
+@.radar/signals/checkov.md
+@.radar/signals/sonarqube.md
+@~/.claude/radar/core/agents/staff-engineer.md
+@~/.claude/radar/core/agents/reality-gap-analyst.md
+@~/.claude/radar/schemas/finding.md
+@~/.claude/radar/schemas/disagreement.md
+@~/.claude/radar/schemas/confidence.md
+@~/.claude/radar/rules/epistemic-hygiene.md
+@~/.claude/radar/rules/disagreement-protocol.md
+@~/.claude/radar/rules/agent-boundaries.md
+@~/.claude/radar/core/workflows/session-handoff.md
+@~/.claude/radar/core/workflows/disagreement-resolution.md
+</required_input>
+
+<process>
+
+<step name="validate_prerequisites" priority="first">
+1. Verify .radar/STATE.md shows Phase 2 complete:
+   a. Check phase_2_complete: true
+   b. Check .radar/findings/ directory contains Phase 2 agent finding files
+   c. Verify at least 6 of 8 domain agents produced findings (allow partial coverage)
+2. If Phase 2 is not complete:
+   a. Halt with error: "Phase 2 (Domain Audits) not complete. Run phase-2-domain-audits workflow first."
+   b. Do not proceed.
+3. Check for any unresolved disagreements from Phase 2:
+   a. Read .radar/disagreements/*.md for status: open
+   b. Note count — these may be resolved during or after Phase 3
+4. Update .radar/STATE.md:
+   a. current_phase: 3
+   b. phase_status: in_progress
+   c. agents_remaining: [staff-engineer, reality-gap-analyst]
+</step>
+
+<step name="prepare_staff_engineer_context" priority="blocking">
+1. Load staff-engineer agent manifest from src/core/agents/staff-engineer.md.
+2. Resolve component references:
+   a. Persona: src/core/personas/staff-engineer.md
+   b. Domains: src/domains/11-change-risk.md, src/domains/12-team-risk.md
+   c. Tools: git-history, sonarqube, semgrep, syft, grype
+   d. Schemas: finding, disagreement, confidence, signal
+   e. Rules: epistemic-hygiene, disagreement-protocol, agent-boundaries
+3. Collect input context:
+   a. ALL Phase 2 findings from .radar/findings/*.md — Staff Engineer synthesizes across domains
+   b. .radar/signals/git-history.md — primary signal source for change risk and ownership analysis
+   c. .radar/signals/sonarqube.md — code health metrics
+   d. .radar/signals/semgrep.md — pattern detection
+   e. .radar/signals/syft.md and .radar/signals/grype.md — dependency risk signals
+   f. .radar/scope.md — audit boundaries
+   g. .radar/STATE.md — audit position and Phase 2 metrics
+4. Build context bundle (priority order: persona > rules > domains > Phase 2 findings > signals > state).
+5. Staff Engineer is active in phases [2, 3] — in Phase 3, the role is SYNTHESIS over Phase 2 findings, not independent signal gathering.
+</step>
+
+<step name="invoke_staff_engineer" priority="blocking">
+1. Invoke staff-engineer session with prepared context:
+   a. Phase 3 instructions: synthesize change risk and team ownership patterns from Phase 2 findings + git history
+   b. Produce findings for Domain 11 (Change Risk & Evolvability) and Domain 12 (Team, Ownership & Knowledge Risk)
+   c. Each finding must reference the Phase 2 findings that informed it (cross-reference by finding ID)
+   d. Confidence vectors must reflect the synthesis nature — evidence_diversity depends on how many Phase 2 agents' findings support the conclusion
+2. Session produces:
+   a. Change risk findings — code areas most likely to cause regression, highest churn, dependency bottlenecks
+   b. Team ownership findings — bus factor analysis, knowledge concentration, orphaned code areas
+   c. Evolvability assessment — how resistant the codebase is to safe change
+3. On session completion:
+   a. Invoke session-handoff workflow (src/core/workflows/session-handoff.md)
+   b. Update .radar/STATE.md: agents_completed += [staff-engineer]
+4. On session failure:
+   a. Log failure, mark staff-engineer as failed
+   b. Proceed to reality-gap-analyst (independent value even without change risk findings)
+</step>
+
+<step name="prepare_reality_gap_analyst_context" priority="blocking">
+1. Load reality-gap-analyst agent manifest from src/core/agents/reality-gap-analyst.md.
+2. Resolve component references:
+   a. Persona: src/core/personas/reality-gap-analyst.md
+   b. Focus domains: src/domains/00-context.md, src/domains/01-architecture.md, src/domains/07-reliability.md, src/domains/10-operability.md
+   c. Tools: checkov, git-history, sonarqube
+   d. Schemas: finding, disagreement, confidence, signal
+   e. Rules: epistemic-hygiene, disagreement-protocol, agent-boundaries
+3. Collect input context:
+   a. ALL Phase 2 findings from .radar/findings/*.md — Reality Gap Analyst is cross-domain by nature
+   b. Staff Engineer findings from .radar/findings/staff-engineer.md (if available — produced in previous step)
+   c. .radar/signals/checkov.md — infrastructure-as-code policy signals (code-vs-config divergence)
+   d. .radar/signals/git-history.md — change patterns revealing drift
+   e. .radar/signals/sonarqube.md — code quality signals
+   f. .radar/scope.md and .radar/threat-model.md — deployment context is critical for gap analysis
+   g. .radar/STATE.md
+4. Build context bundle (priority order: persona > rules > focus domains > Phase 2+3 findings > signals > state).
+5. Note: Reality Gap Analyst has 4 focus domains but can reference ANY domain's findings to detect cross-domain divergence patterns.
+</step>
+
+<step name="invoke_reality_gap_analyst" priority="blocking">
+1. Invoke reality-gap-analyst session with prepared context:
+   a. Phase 3 instructions: detect divergence between code-as-written and system-as-run
+   b. Focus areas: deployment configuration vs code assumptions, documented architecture vs actual structure, reliability claims vs operational evidence, developer experience claims vs tooling reality
+   c. Produce findings that identify WHERE the codebase's self-description diverges from its actual behavior
+   d. Each finding must cite specific evidence of the gap (not theoretical concerns)
+2. Session produces:
+   a. Reality gap findings — concrete instances where code and runtime diverge
+   b. Cross-domain divergence patterns — gaps that span multiple audit domains
+   c. Configuration drift findings — deployment configs that don't match code expectations
+3. On session completion:
+   a. Invoke session-handoff workflow (src/core/workflows/session-handoff.md)
+   b. Update .radar/STATE.md: agents_completed += [reality-gap-analyst]
+</step>
+
+<step name="detect_phase_3_disagreements" priority="blocking">
+1. Compare Phase 3 findings against Phase 2 findings for conflicts:
+   a. Staff Engineer's change risk assessment vs individual agent severity ratings
+   b. Reality Gap Analyst's divergence findings vs domain agents' assumptions
+   c. Any Phase 3 finding that directly contradicts a Phase 2 finding
+2. For each disagreement:
+   a. Create record per src/schemas/disagreement.md
+   b. Assign ID: D-{NNN} (continuing from Phase 2 sequence)
+   c. Set status: open
+   d. Write to .radar/disagreements/{disagreement-id}.md
+3. If new disagreements detected:
+   a. Queue disagreement-resolution workflow
+   b. Record count in .radar/STATE.md
+</step>
+
+<step name="update_state_phase_complete" priority="blocking">
+1. Update .radar/STATE.md:
+   a. current_phase: 3
+   b. phase_status: complete
+   c. phase_3_complete: true
+   d. agents_completed: [staff-engineer, reality-gap-analyst] (or partial list if any failed)
+   e. total_findings: updated cumulative count
+   f. phase_3_findings: N
+   g. disagreements_total: updated cumulative count
+   h. next_phase: 4
+   i. timestamp: completion time
+2. Record Phase 3 metrics:
+   a. Duration (total and per-agent)
+   b. New findings produced
+   c. Cross-domain patterns identified
+   d. New disagreements detected
+</step>
+
+</process>
+
+<output>
+Artifacts created:
+- .radar/findings/staff-engineer.md — Change risk, team ownership, and evolvability findings
+- .radar/findings/reality-gap-analyst.md — Code-vs-runtime divergence findings
+- .radar/disagreements/{disagreement-id}.md — New cross-phase disagreement records (if any)
+- .radar/STATE.md — Updated with Phase 3 completion and cumulative metrics
+
+All finding files conform to src/schemas/finding.md.
+All disagreement records conform to src/schemas/disagreement.md.
+</output>
+
+<error_handling>
+- **Phase 2 not complete:** Halt immediately. Display: "Phase 2 (Domain Audits) must complete before cross-domain synthesis. Run phase-2-domain-audits first." Do not proceed.
+- **Staff Engineer session failure:** Log failure. Proceed to Reality Gap Analyst — the two agents are independent enough that Reality Gap analysis has standalone value. Record missing change risk coverage in STATE.md.
+- **Reality Gap Analyst session failure:** Log failure. Phase 3 can complete with Staff Engineer findings only, but flag reduced cross-domain coverage. Record in STATE.md.
+- **Both agents fail:** Mark Phase 3 as failed. Phase 4 (Adversarial Review) can still proceed with Phase 2 findings alone, but warn user of significant synthesis gap.
+- **Excessive disagreements with Phase 2:** If Phase 3 agents disagree with >50% of Phase 2 findings, flag as potential systematic issue (scope mismatch, signal quality problem, or genuine paradigm conflict). Do not auto-resolve — present to user and queue for disagreement-resolution.
+- **Missing git-history signals:** Staff Engineer depends heavily on git history for change risk and ownership analysis. If .radar/signals/git-history.md is missing, warn that change risk and team ownership findings will have reduced confidence. Agent should set evidence_diversity dimension low in confidence vectors.
+</error_handling>