@agentikos/omega-os 0.19.5 → 0.19.6

package/omega/Agentik_Engine/omega_engine/__init__.py

@@ -188,7 +188,7 @@ from omega_engine.genesis import (
 )
 from omega_engine import plan as plan_v7
 
-__version__ = "0.19.5"
+__version__ = "0.19.6"
 
 __all__ = [
     "__version__",

package/omega/Agentik_Engine/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "omega-engine"
-version = "0.19.5"
+version = "0.19.6"
 description = "The Omega OS orchestration engine — event-sourced, verified-completion agent graphs."
 readme = "README.md"
 requires-python = ">=3.11"

package/omega/Agentik_SSOT/VERSION

@@ -1 +1 @@
-0.19.5
+0.19.6

package/omega/Agentik_SSOT/docs/quality-arsenal/ARSENAL-INTERCONNECTIONS.md

@@ -0,0 +1,283 @@
+---
+name: ARSENAL-INTERCONNECTIONS
+description: >
+  Complete interconnection map for the 14 Quality Arsenal audits. Defines ownership
+  boundaries (no duplicate findings), dispatch-order constraints, input/output contracts
+  between audits, shared finding types with routing rules, and parallel-dispatch groups.
+  Referenced by /aisb, /metaudit, rule 43 Linear pipeline, and Oracle orchestrators.
+  NOT a user-invokable skill — shared source of truth, like QUALITY-ARSENAL-PREAMBLE.md.
+---
+
+# Quality Arsenal — Interconnections Map v1.0
+
+> *"Each audit is a lens. Together they must focus, not interfere."*
+
+---
+
+## 1. WHAT EACH AUDIT OWNS (single-source ownership — no duplicates)
+
+| Audit | Primary question | Owns exclusively |
+|-------|-----------------|-------------------|
+| `/codeaudit` | Is the code SOLID? | SOLID violations, phantom imports, circular deps, dead code, contract drift, git safety, fix-gate smoke tests for integrations |
+| `/debugaudit` | What is BROKEN right now? | Runtime console errors, network failures mid-flow, visual regressions, chaos-mode fuzzing, authenticated-state behavior |
+| `/uiuxaudit` | Is the interface COHERENT? | Visual coherence (color/typography/spacing), Gestalt principles, design-system adherence, AI-generic smells, dark-mode parity |
+| `/flowaudit` | Does the EXPERIENCE work? | User journeys, state-machine integrity, dead ends, promise-vs-experience (runtime), error recovery paths, onboarding |
+| `/featureaudit` | Is the product COMPLETE? | PRD coverage, feature parity with competitors, inferred-vs-explicit PRD fallback, WebSearch-bounded parity research |
+| `/perfaudit` | Is it FAST enough? | Core Web Vitals measurement, bundle size, render timing, memory profiling, perf regressions vs baseline |
+| `/secaudit` | Is it SECURE? | OWASP Top 10 exploitation, XSS/SQLi/SSRF/IDOR probes, auth bypass, privilege escalation, rate-limit-safe fuzzing |
+| `/a11yaudit` | Is it ACCESSIBLE? | WCAG 2.1 AA, keyboard nav, ARIA, screen-reader automation, RTL/i18n layout, reduced-motion |
+| `/seoaudit` | Is it DISCOVERABLE? | Crawlability, indexability, meta tags, Schema.org markup, GEO (AI-search optimization), content decay |
+| `/copyaudit` | Is the COPY clear? | Word-level tone, claim clarity (static), CTA text, jargon, banned-phrase scan, i18n wrapping |
+| `/dxaudit` | Is the DX smooth? | README quality (20-item rubric), setup time (external runner), error messages, dev-loop UX |
+| `/motionaudit` | Is motion PURPOSEFUL? | CSS/JS/WebGL/P5/Lottie/video/GIF animation audit, purpose classification, reduced-motion compliance |
+| `/dataaudit` | Is the DATA intact? | Schema validation, migration safety (DB backup gate), orphan records, referential integrity, data sampling |
+| `/apiaudit` | Is the API solid? | REST/GraphQL contract compliance, auth middleware presence, rate-limit specs, inference-mode labeling |
+
+**Rule:** A given finding has exactly ONE owner. If two audits disagree, the ownership table wins.
+
+---
+
+## 2. OWNERSHIP CONFLICTS & RESOLUTIONS
+
+Cases where the boundary was fuzzy — now formally resolved:
+
+| Concern | Conflict | Resolution |
+|---------|---------|------------|
+| **Core Web Vitals** | `/perfaudit` measures, `/seoaudit` cares about ranking impact | `/perfaudit` MEASURES + OWNS REMEDIATION. `/seoaudit` READS `audits/.perfaudit/verdict.json` (if <24h old) and scores only the SEO-ranking-impact dimension. No re-measurement. |
+| **Auth security** | `/apiaudit` static-checks auth middleware, `/secaudit` exploits it | `/apiaudit` owns STATIC auth correctness. `/secaudit` owns RUNTIME exploitation. Shared finding if both agree = CRITICAL elevation. |
+| **Promise vs experience** | `/flowaudit` checks runtime, `/copyaudit` checks static text | `/copyaudit` owns WORD-level (tone, jargon, 5-second test). `/flowaudit` owns LABEL-vs-ACTION at runtime. Duplicate file:line → prefer `/flowaudit` (behavior > text). |
+| **i18n wrapping** | `/a11yaudit` + `/copyaudit` both care | `/copyaudit` owns wrapping detection (hardcoded string regex). `/a11yaudit` owns rendered-locale verification (RTL, pluralization). |
+| **Dead ends** | `/flowaudit` owns, `/uiuxaudit` sometimes notices | `/flowaudit` exclusively. If `/uiuxaudit` notices a dead end, emit as a `/flowaudit`-routed finding (cross-audit hand-off). |
+| **Banned phrases** | `/copyaudit` scans copy, `/metaudit` scans commands | `/copyaudit` scans user-facing copy. `/metaudit` scans `.md` configuration files. No overlap (different target surfaces). |
+| **Error messages** | `/dxaudit` (helpful?), `/copyaudit` (clear?), `/debugaudit` (accurate?) | `/dxaudit` owns HELPFULNESS (actionable, diagnosable). `/copyaudit` owns CLARITY (plain language). `/debugaudit` owns ACCURACY (matches actual error). Rare 3-way overlap = same underlying error string — elevate to CRITICAL. |
+| **Non-UI contexts** | Who audits a CLI? | `/codeaudit`, `/dxaudit` (primary), `/copyaudit` (help text), `/secaudit`, `/perfaudit`, `/dataaudit`, `/apiaudit`. ABORT list: `/uiuxaudit`, `/flowaudit`, `/motionaudit`, `/seoaudit`. |
+
+---
+
+## 3. DISPATCH ORDER CONSTRAINTS
+
+Some audits depend on others' outputs. Dispatch order matters when running them together.
+
+### Strict ordering (dependent audits)
+
+```
+/perfaudit   →  /seoaudit         (/seoaudit reads audits/.perfaudit/verdict.json for CWV scoring)
+/apiaudit    →  /secaudit         (/secaudit exploits the contract /apiaudit documented)
+/codeaudit   →  /debugaudit       (fix code phantoms before looking for runtime bugs)
+/dataaudit   →  /apiaudit         (schema defines API response shape)
+/codeaudit   →  /dataaudit        (model types define schema)
+```
+
+### Independent (can run in parallel)
+
+Any audit not in the strict chain above can run in parallel with others, subject to concurrency locks (preamble §3) and distinct `.{audit}/` output directories.
+
+### The Rule-43 Quadruple (Linear ticket pipeline)
+
+For Linear ticket resolution (per `~/.claude/docs/rules-archive/43-linear-ticket-pipeline.md` Step 8):
+
+```
+Parallel dispatch (same ticket, same files_modified, same page_url):
+  /codeaudit  --files={files} --ticket={T} --url={url}
+  /uiuxaudit  --files={files} --ticket={T} --url={url}
+  /flowaudit  --files={files} --ticket={T} --url={url}
+  /debugaudit --files={files} --ticket={T} --url={url}
+
+Each writes to: .linear-fix/{TICKET}/{audit}.json
+Threshold: each = 100/100 (rule 43 step 8b fix-and-reaudit until 100)
+```
+
+The dynamic audit chain (4-12 audits selected by audit-selector.py) is safe to parallelize because:
+- Each writes to a ticket-specific distinct path (no output collision)
+- Each concurrency-locks its own `.{audit}/.lock` (no same-audit collision)
+- No output dependency between them (CWV deferral rule applies elsewhere)
+
+### The `/aisb full` / `/godmode` octad (broad verification)
+
+For comprehensive verification across a project, run 8 parallel audits grouped by independence:
+
+```
+Group 1 (independent): /codeaudit, /perfaudit, /secaudit, /a11yaudit
+Group 2 (depends on Group 1): /debugaudit, /seoaudit, /dataaudit, /apiaudit
+Group 3 (independent of 1+2): /uiuxaudit, /flowaudit, /featureaudit, /motionaudit, /copyaudit, /dxaudit
+```
+
+Dispatch: Group 1 → wait for /codeaudit + /perfaudit + /apiaudit + /dataaudit completion → Group 2. Group 3 runs parallel to 1+2.
+
+---
+
+## 4. INPUT / OUTPUT CONTRACTS BETWEEN AUDITS
+
+Machine-readable handoffs documented here:
+
+| Producer | Consumer | File | Contents |
+|----------|---------|------|----------|
+| `/perfaudit` | `/seoaudit` | `audits/.perfaudit/verdict.json` | `{phases: [{id: 6, name: "CWV", metrics: {lcp, fid/inp, cls, ttfb}}]}` — /seoaudit reads `metrics` and scores ranking impact |
+| `/apiaudit` | `/secaudit` | `audits/.apiaudit/verdict.json` | `{findings: [{type: "auth_check_missing", endpoint: "..."}]}` — /secaudit elevates to CRITICAL if exploit confirmed |
+| `/codeaudit` | `/debugaudit` | `audits/.codeaudit/verdict.json` | `{findings: [{type: "phantom_import", file: "..."}]}` — /debugaudit skips console-error findings already covered |
+| `/dataaudit` | `/apiaudit` | `audits/.dataaudit/verdict.json` | Schema type info — /apiaudit validates REST/GraphQL response shape matches |
+| Any audit | `/metaudit` | `.{audit}/verdict.json` | `preamble_version`, `compliance_score`, `skill_used` — /metaudit's Phase 1 compliance check |
+
+**Contract violation** (e.g., /seoaudit running without /perfaudit's output despite expecting it) → /seoaudit either runs its own CWV measurement (fallback) or emits a warning in verdict.md. Never fails silently.
+
+---
+
+## 5. SHARED FINDING TYPES & ROUTING
+
+Some finding types appear across multiple audits. Routing rules:
+
+| Finding type | Audits that detect | Routing rule |
+|-------------|-------------------|--------------|
+| **Banned phrase (rule 46)** | `/copyaudit` (user copy), `/metaudit` (command config) | `/copyaudit` owns user-facing copy. `/metaudit` owns `.md` configuration. Different targets = no dedupe. |
+| **Stale Skill() ref** | `/metaudit` (exclusively) | Only `/metaudit` scans command files. |
+| **Dead end in flow** | `/flowaudit` (exclusively) | `/uiuxaudit` notices → forward to `/flowaudit` queue. |
+| **Auth bypass** | `/apiaudit` (static), `/secaudit` (runtime) | Both can emit. Shared agreement = CRITICAL. |
+| **Regression vs baseline** | `/perfaudit` (perf), `/debugaudit` (visual), `/seoaudit` (ranking) | Each owns its own baseline file. |
+| **Integration broken post-fix** | ANY code-touching audit via Phase 23 smoke gate | First audit to detect aborts the fix + reverts. Others inherit revert state. |
+| **Broken screenshot / 4xx-5xx page** | `/debugaudit` ABORTS (preamble §5) | NEVER marked as "pass with warning" — ABORT is the only correct response. |
+
+---
+
+## 6. HANDOFF LIFECYCLE (what flows between audits during a full run)
+
+```
+                 ┌──────────────────┐
+                 │   /aisb / Oracle │
+                 └────────┬─────────┘
+                          │ dispatch
+                          ▼
+          ┌──────────────────────────────────┐
+          │  Group 1 (no deps, parallel)     │
+          │  /codeaudit  /perfaudit          │
+          │  /secaudit   /a11yaudit          │
+          │  /dataaudit  /apiaudit (partial) │
+          └───┬────────┬─────┬────────┬──────┘
+              │        │     │        │
+              ▼        ▼     ▼        ▼
+          ┌──────────────────────────────────┐
+          │  Handoff files                   │
+          │  audits/.codeaudit/verdict.json         │
+          │  audits/.perfaudit/verdict.json (CWV)   │
+          │  audits/.dataaudit/verdict.json (types) │
+          │  audits/.apiaudit/verdict.json (partial)│
+          └───┬──────────────────────────────┘
+              │ consumed by
+              ▼
+          ┌──────────────────────────────────┐
+          │  Group 2 (depends on Group 1)    │
+          │  /debugaudit (reads codeaudit)   │
+          │  /seoaudit   (reads perfaudit)   │
+          │  /apiaudit   (reads dataaudit)   │
+          │  /secaudit   (reads apiaudit)    │
+          └──────────────────────────────────┘
+
+          ┌──────────────────────────────────┐
+          │  Group 3 (fully independent,     │
+          │  runs parallel to 1+2)           │
+          │  /uiuxaudit  /flowaudit          │
+          │  /featureaudit /motionaudit      │
+          │  /copyaudit   /dxaudit           │
+          └──────────────────────────────────┘
+                          │
+                          ▼
+          ┌──────────────────────────────────┐
+          │  /metaudit (compliance check)    │
+          │  Verifies all 14 wrote verdicts  │
+          │  with preamble_version="1.0"     │
+          └──────────────────────────────────┘
+                          │
+                          ▼
+                 ┌──────────────────┐
+                 │  Final verdict   │
+                 │  to Oracle/User  │
+                 └──────────────────┘
+```
+
+---
+
+## 7. ANTI-PATTERNS (what NOT to do)
+
+1. **Never run audits sequentially when they're independent** — wastes days instead of hours.
+2. **Never dispatch a dependent audit before its producer** — `/seoaudit` before `/perfaudit` = duplicate CWV work.
+3. **Never combine audits into a single "audit" worker** — per rule 001, always invoke specific skills.
+4. **Never interpret 403/401 as a pass** — preamble §5 ABORT rule is absolute.
+5. **Never mark an audit "done" without output-gate verification** — check files exist with valid schemas.
+6. **Never run without scoped flags when rule 43 requires them** — `--url`, `--ticket`, `--files` are MANDATORY for Linear pipeline.
+7. **Never duplicate findings across audits** — ownership table (§1) wins, cross-forward if one audit notices another's turf.
+8. **Never skip `/metaudit` after touching any command `.md` file** — drift starts immediately.
+9. **Never run a `/uiuxaudit` / `/flowaudit` / `/motionaudit` / `/seoaudit` on a non-UI project** — ABORT per preamble §5.
+10. **Never run two instances of the same audit simultaneously on the same project** — concurrency lock blocks, but don't even try.
+
+---
+
+## 8. HOW /aisb AND ORACLES PICK AUDITS
+
+When a task arrives, Oracle classifies it and picks the minimal audit set:
+
+| Task signal | Audits to dispatch |
+|-------------|-------------------|
+| "fix this bug" + specific file | `/codeaudit --files=... --focus=<area>` + `/debugaudit --url=... --files=...` |
+| "build is slow" | `/perfaudit` (solo) |
+| "security concern" on endpoint | `/apiaudit --url=... --focus=auth` → if findings → `/secaudit --url=...` |
+| "redesign the dashboard" | `/uiuxaudit` + `/flowaudit` + `/a11yaudit` (parallel) |
+| "audit everything" / "full audit" / "audit complet" | All 14 via Group 1→2 + Group 3 parallel |
+| "check accessibility" | `/a11yaudit` (solo) |
+| "SEO review" | `/perfaudit` then `/seoaudit` |
+| Linear ticket (rule 43) | Quadruple: `/codeaudit` + `/uiuxaudit` + `/flowaudit` + `/debugaudit` — all --ticket-scoped |
+| "audit the commands" / "audit the audits" | `/metaudit` (solo) |
+| "check if my CLI has UX issues" | `/dxaudit` + `/copyaudit` (NEVER `/uiuxaudit` on a CLI) |
+
+Full routing table: `~/.claude/commands/ARSENAL-ORCHESTRATION-PLAYBOOK.md`.
+
+---
+
+## 9. THE META-LAW
+
+> **One doctrine, fourteen implementations, zero drift, fifteen lenses when /metaudit is included.**
+
+- One `QUALITY-ARSENAL-PREAMBLE.md` (shared doctrine)
+- Fourteen audit `.md` files (each with compliance block + 100/100 certificate)
+- One `ARSENAL-INTERCONNECTIONS.md` (this file — relationships)
+- One `ARSENAL-ORCHESTRATION-PLAYBOOK.md` (how to dispatch)
+- One `/metaudit` command (compliance enforcement)
+
+Together: **a coherent Quality Arsenal, not 14 isolated tools.**
+
+---
+
+*v1.0 — 2026-04-14. Referenced by all audits, /metaudit, /aisb, /godmode, rule 43, rule 001.*
+
+---
+
+## 10. SIGNAL-BASED AUTO-DISPATCH (intelligence upgrade — preamble v1.1 §16)
+
+Beyond keyword matching, Oracle reads project signals before dispatching:
+
+```
+package.json deps detected → auto-focus
+  convex       → /dataaudit (Convex schema), /apiaudit (Convex functions)
+  @clerk/*     → /secaudit --focus=auth, /flowaudit --focus=auth-flow
+  stripe       → /flowaudit --focus=payment, /secaudit --focus=payment-security
+  next-intl    → /copyaudit --focus=i18n, /a11yaudit --focus=rtl
+  framer-motion → /motionaudit relevant
+  prisma       → /dataaudit + /apiaudit (schema → contract chain)
+  no react/vue → ABORT UI audits, route to /dxaudit + /copyaudit
+```
+
+Emit `project_signals_detected` in every verdict.json (preamble v1.1 §16).
+
+## 11. ARSENAL EXPANSION CANDIDATES
+
+Three gaps no current audit covers:
+
+| Proposed | Owns | Gap between |
+|----------|------|-------------|
+| /i18naudit | String extraction, locale completeness, date/number format, full RTL | /copyaudit (hardcoded strings) ↔ /a11yaudit (rendered locale) |
+| /cicdaudit | Build trends, DORA metrics, secret management, artifact caching | /dxaudit (static CI config) → runtime CI health |
+| /costaudit | Unbounded API calls, spend caps, runaway crons, serverless waste | No current audit covers billing exposure |
+
+Build when a project hits the gap. Not mandated.
+
+---
+
+*v1.1 — 2026-04-14. Added §10 signal-based dispatch + §11 expansion candidates.*

package/omega/Agentik_SSOT/docs/quality-arsenal/ARSENAL-ORCHESTRATION-PLAYBOOK.md

@@ -0,0 +1,364 @@
+---
+name: ARSENAL-ORCHESTRATION-PLAYBOOK
+description: >
+  Operational playbook for AISB (ORACLE-led orchestration) and project Oracles to
+  dispatch Quality Arsenal audits correctly. Translates user intent into specific
+  audit invocations with proper flags, ordering, and parallelism. Complements
+  ARSENAL-INTERCONNECTIONS.md (the what) with the how.
+  NOT a user-invokable skill — AISB/Oracle reference doc.
+---
+
+# Quality Arsenal — Orchestration Playbook v1.0
+
+> *"Given a mission, which audits fire, in what order, with what scope?"*
+
+---
+
+## 1. ORACLE'S AUDIT SELECTION ALGORITHM
+
+When Oracle receives a task (from AISB / direct user / rule 43 / godmode), it follows this decision tree:
+
+```
+1. Parse user intent. Extract:
+   - Action verb (fix / audit / verify / check / review / redesign / speed up / etc.)
+   - Target noun (page URL / file paths / module / feature / "everything")
+   - Domain signals (UI / code / perf / sec / a11y / SEO / data / API / flow / motion / copy / DX)
+
+2. Consult AUDIT KEYWORD DETECTION table in ~/.claude/CLAUDE.md §"AUDIT KEYWORD DETECTION":
+   - Each keyword maps to a specific /audit skill
+   - Multiple keywords = multiple audits in PARALLEL (rule 001 enforced)
+
+3. Consult ARSENAL-INTERCONNECTIONS.md §3 (dispatch order):
+   - If selected audits have ordering constraints (e.g., perfaudit → seoaudit):
+     batch by dependency group
+   - Within a group: dispatch in parallel
+
+4. Consult ARSENAL-INTERCONNECTIONS.md §5 (non-UI gates):
+   - If project is CLI/library/backend-only/headless:
+     remove incompatible audits (/uiuxaudit, /flowaudit, /motionaudit, /seoaudit)
+     emit "aborted — non-UI context" for user visibility
+     route to alternatives (/dxaudit, /copyaudit)
+
+5. Apply scoping flags based on signals:
+   - URL detected → --url=<URL>
+   - File paths detected → --files=<paths>
+   - Linear ticket ID (rule 43) → --ticket=<ID> + --url + --files
+   - "just this page" → --scope="single page"
+
+6. Enforce concurrency + locks (preamble §3):
+   - Check .{audit}/.lock for each selected audit before dispatch
+   - If lock held < 4h: wait or abort per user intent
+   - If stale > 4h: reclaim, proceed
+
+7. Dispatch via Agent() / TeamCreate() / direct Skill() per task complexity:
+   - SIMPLE (1 audit, single-file) → direct Skill()
+   - MEDIUM (2-3 audits, parallel, independent) → parallel Agent() calls
+   - COMPLEX (4+ audits, groups) → /team with tmux + dependency tracking
+   - EPIC (all 14) → /aisb full or /godmode orchestration
+
+8. Monitor progress via Telegram channel + .{audit}/progress.json files
+
+9. On completion:
+   - Verify all verdict.json files exist + preamble_version="1.0" (output gate)
+   - Aggregate findings by severity
+   - Run /metaudit IF any .md config file was edited during audits
+   - Report to user with cross-audit dedupe per INTERCONNECTIONS.md §5
+```
+
+---
+
+## 2. INTENT → AUDIT-SET TRANSLATION TABLE
+
+Machine-usable routing from natural language to dispatch:
+
+| User input (en/fr, case-insensitive substring match) | Dispatch plan |
+|------|---------------|
+| `audit complet`, `full audit`, `toutes les audits`, `all audits`, `tout auditer` | All 14 via the octad pattern (INTERCONNECTIONS §3). `/metaudit` as final step. |
+| `audit code`, `code audit`, `audit this code` | `/codeaudit --files=<detected>` solo |
+| `audit ui`, `audit ux`, `design audit`, `audit design`, `audit visuel` | `/uiuxaudit --url=<detected>` solo (add `/a11yaudit` if user says "accessible" too) |
+| `audit flow`, `user flow`, `audit parcours`, `workflow audit` | `/flowaudit --url=<detected>` solo |
+| `audit perf`, `performance audit`, `core web vitals`, `audit rapidité` | `/perfaudit --url=<detected>` solo |
+| `audit sec`, `security audit`, `owasp`, `audit sécurité` | `/apiaudit` (static auth) → `/secaudit` (exploit) — STRICT order |
+| `audit a11y`, `accessibility audit`, `wcag`, `audit accessibilité` | `/a11yaudit --url=<detected>` solo |
+| `audit seo`, `seo audit`, `audit référencement`, `crawlability` | `/perfaudit --url=<detected>` → `/seoaudit --url=<detected>` — STRICT order (CWV handoff) |
+| `audit api`, `api audit`, `audit contrats api` | `/dataaudit` → `/apiaudit` — STRICT order (schema → contract) |
+| `audit data`, `data audit`, `data integrity`, `audit données` | `/dataaudit` solo |
+| `audit feature`, `feature audit`, `audit complétude`, `prd gap` | `/featureaudit` solo |
+| `audit copy`, `copy audit`, `messaging audit`, `audit texte`, `audit messages` | `/copyaudit --url=<detected>` solo |
+| `audit dx`, `dx audit`, `developer experience`, `onboarding dev`, `audit dev` | `/dxaudit` solo |
+| `audit motion`, `motion audit`, `animation audit`, `audit animations` | `/motionaudit --url=<detected>` solo |
+| `debugaudit`, `hunt`, `runtime bug`, `chaos`, `audit bugs`, `find bugs` | `/codeaudit` → `/debugaudit` — STRICT order |
+| `meta audit`, `audit the audits`, `audit commands`, `quality arsenal compliance` | `/metaudit` solo |
+| `redesign dashboard`, `refonte dashboard`, `comme linear`, `comme vercel`, `dashboard senior` | `/refontaudit` (not Quality Arsenal, separate dashboard skill) |
+| Linear ticket phrase per rule 43 | QUADRUPLE: `/codeaudit` + `/uiuxaudit` + `/flowaudit` + `/debugaudit` all --ticket-scoped in parallel |
+| Vague (`review`, `check it out`) | ASK user which domain — do NOT pick arbitrarily |
+
+**Multiple keywords in one prompt** (e.g., "audit UX et code on /cases"):
+- Launch each matching audit in PARALLEL with the scope derived from the URL
+- Never combine into a single generic worker (rule 001, §AUDIT KEYWORD DETECTION)
+
+---
+
+## 3. SCOPE FLAGS — HOW TO APPLY THEM
+
+Per preamble §2 (scoped invocation flags), every audit accepts these flags uniformly:
+
+```
+--url={URL}          Apply URL-based walkthroughs to this page only.
+                     Required for: /uiuxaudit, /flowaudit, /debugaudit, /perfaudit,
+                     /a11yaudit, /seoaudit, /motionaudit, /copyaudit (for page-specific copy)
+                     when scope is specific.
+
+--files={paths}      Apply code-side checks to these files only.
+                     Required for: /codeaudit, /apiaudit, /dataaudit when targeting specific
+                     modules. Used by rule 43 (Linear pipeline) with git diff output.
+
+--scope={1-liner}    Free-text scope note in output.
+                     Always include for clarity. Example: --scope="checkout success page only".
+
+--ticket={ID}        Link audit to Linear ticket.
+                     Writes results to .linear-fix/{TICKET}/{audit}.json.
+                     MANDATORY for rule 43 pipeline (Step 8 dynamic chain).
+                     Requires --url and --files to be present.
+
+--no-fix             Dry-run scoring only; skip fix execution.
+                     Use when user wants to review the fix plan before authorize.
+
+--focus={area}       Per-audit narrower phase selection with FULL depth.
+                     Examples:
+                       /codeaudit --focus=security → phases 4+5+6+9+10 at full depth
+                       /uiuxaudit --focus=typography → phase 2 at full depth
+                     NOT a "quick mode". Full protocol, narrower surface.
+
+--set-baseline       Write current measurements as new baseline (regression comparison).
+                     Applies to /perfaudit, /debugaudit (visual), /seoaudit (rankings).
+                     Use sparingly — only for intentional baseline resets.
+```
+
+**FORBIDDEN flags** (rule 46): `--quick`, `--streamlined`, `--lightweight`, `--light`, `--fast`, `--custom`. If user requests, REFUSE with rule-46 explanation. Suggest `--focus <area>` for narrower scope at full depth.
+
+---
+
+## 4. PARALLELIZATION STRATEGY
+
+Multiple audits in the same dispatch:
+
+### Rule-43 Quadruple (Linear ticket)
+```
+Parallel dispatch (4 work sessions or Agent Teams):
+  /codeaudit  --files=$FILES --ticket=$T --url=$URL
+  /uiuxaudit  --files=$FILES --ticket=$T --url=$URL
+  /flowaudit  --files=$FILES --ticket=$T --url=$URL
+  /debugaudit --files=$FILES --ticket=$T --url=$URL
+
+Wait for all 4 to produce .linear-fix/$T/{audit}.json with score=100.
+If any < 100: fix-and-reaudit loop per rule 43 step 8b.
+```
+
+### Octad (full audit)
+```
+Phase A (parallel, no dependencies):
+  /codeaudit  — full run, produces audits/.codeaudit/verdict.json
+  /perfaudit  — full run, produces audits/.perfaudit/verdict.json (CWV measurements)
+  /a11yaudit  — full run
+  /dataaudit  — full run, produces audits/.dataaudit/verdict.json (schema types)
+
+Phase B (after Phase A completes — reads Phase A outputs):
+  /debugaudit   — reads audits/.codeaudit/ (skip phantom-covered findings)
+  /seoaudit     — reads audits/.perfaudit/verdict.json for CWV (skip re-measurement)
+  /apiaudit     — reads audits/.dataaudit/verdict.json for schema types, produces audits/.apiaudit/verdict.json
+  /secaudit     — reads audits/.apiaudit/verdict.json for auth surfaces to exploit
+
+NOTE: /apiaudit runs in Phase B (NOT Phase A) because it consumes /dataaudit output.
+      /secaudit also runs in Phase B because it consumes /apiaudit output.
+      This is a strict dependency chain: dataaudit → apiaudit → secaudit (sequential within Phase B).
+
+Phase C (parallel, independent of A+B, starts immediately with A):
+  /uiuxaudit /flowaudit /featureaudit /motionaudit /copyaudit /dxaudit
+
+Final: /metaudit (if any .md edited).
+```
+
+### Non-UI project audit
+```
+Parallel dispatch (only UI-compatible audits ABORT):
+  /codeaudit /dxaudit /copyaudit /perfaudit /secaudit /a11yaudit-partial
+  /apiaudit (if API project) /dataaudit (if DB project)
+
+ABORTED (emit graceful skip notices):
+  /uiuxaudit /flowaudit /motionaudit /seoaudit
+
+Inform user: "This is a {CLI/library/backend-only/headless} project.
+4 audits not applicable, skipped gracefully."
+```
+
+---
+
+## 5. AISB (ORACLE-led) FULL-PIPELINE TEMPLATE
+
+When `/aisb full <task>` is invoked:
+
+```
+STEP 0: kill-switch + state init (aisb.md)
+STEP 1: reformulate prompt (aisb.md §STEP 1)
+STEP 2: dispatch ORACLE (aisb.md §STEP 2)
+
+ORACLE then:
+  a. Classifies task (SIMPLE/MEDIUM/COMPLEX/EPIC)
+  b. Reads ARSENAL-ORCHESTRATION-PLAYBOOK.md §2 routing table
+  c. Reads ARSENAL-INTERCONNECTIONS.md §3 for dispatch order
+  d. Builds .orchestrator/dispatch-plan.json with:
+     - audits_to_run: [...]
+     - dispatch_groups: [[group_A], [group_B], [group_C]]
+     - scope_flags_per_audit: {...}
+     - wait_conditions: {...}
+  e. Creates TeamCreate + TaskCreate per audit
+  f. Dispatches per group, waiting on dependencies
+  g. Monitors .{audit}/progress.json + Telegram channel
+  h. On all complete: aggregates verdicts, dedupes per INTERCONNECTIONS §5, reports
+
+STEP 3: report results (aisb.md §STEP 3)
+POST-TASK: /debugaudit verification (aisb.md §POST-TASK)
+```
+
+---
+
+## 6. GODMODE AUDIT HANDLING
+
+`/godmode` is fully autonomous. When it spawns audits:
+
+```
+godmode Phase 2 cycle step 4 (EXECUTE):
+  - For each planned audit task:
+    - Pre-inline into the agent prompt:
+      - Audit name + scope flags
+      - References to preamble + interconnections
+      - Expected output path (.{audit}/verdict.json)
+      - Stop criteria: score >= 80 (solo) or 100 (rule 43)
+    - Spawn Agent(subagent_type=<specialist or generic>) or invoke Skill() directly
+  - Concurrent audits: use TeamCreate for visibility + SendMessage for coordination
+  - Track in ~/.godmode/audits-status.json
+
+godmode Phase 2 cycle step 8 (STUCK DETECTION):
+  - If same audit fails 3× with same finding pattern → root cause analysis,
+    not more retries (already enforced by 5-iter cap per preamble §4)
+
+godmode Phase 2 cycle step 10 (REPORT):
+  - Include audit scores in Telegram milestone updates
+  - Highlight any NEEDS_REVIEW items that hit the 5-iter cap
+```
+
+---
+
+## 7. METAUDIT INVOCATION TRIGGERS
+
+Run `/metaudit` automatically when:
+
+1. **After any `.md` file in `~/.claude/commands/` is edited** (drift prevention)
+2. **At the end of `/aisb full`** (final compliance check)
+3. **At rule 43 pipeline step 9** (before moving ticket to "In Review")
+4. **On-demand** when user invokes `/metaudit` directly
+
+Metaudit scope flags:
+- `/metaudit` — full 20-phase scan
+- `/metaudit --focus arsenal` — 14 audits compliance only (fast)
+- `/metaudit --focus preamble` — Phase 1 only (hinge point)
+- `/metaudit --focus deprecation` — stale refs only
+- `/metaudit --focus banned-phrases` — rule 46 scan
+- `/metaudit --focus skills` — Skill() call validity
+
+---
+
+## 8. ORACLE DISPATCH CONTRACT
+
+When Oracle dispatches an audit work session, the prompt MUST:
+
+1. **Start with the exact skill invocation on line 1**:
+   ```
+   /codeaudit --files=src/auth.ts,src/middleware.ts --url=https://example.com/dashboard --scope="auth flow regression" --ticket=DEN-42
+   ```
+2. **Never paraphrase the audit protocol** — rule 001 enforces this (AUDIT KEYWORD DETECTION).
+3. **Include expected output gate**: "On completion, verify `audits/.codeaudit/verdict.json` exists with `score >= 100` and `preamble_version: \"1.0\"`."
+4. **Include the interconnections context**: "See ARSENAL-INTERCONNECTIONS.md §1 for ownership boundaries. Do not duplicate findings owned by other audits."
+5. **Reference the preamble**: "All contracts in QUALITY-ARSENAL-PREAMBLE.md apply. Emit `preamble_version` in verdict.json."
+6. **Pass scope boundaries explicitly**: "Do not expand beyond the specified --files / --url / --scope."
+
+---
+
+## 9. USER COMMUNICATION TEMPLATES
+
+When Oracle reports audit results back to the user:
+
+### Success (single audit)
+```
+✅ /codeaudit complete — score 100/100 (S, Fortress)
+   Scope: 3 files, 1 page
+   Findings: 0 CRITICAL, 0 HIGH, 2 MEDIUM, 5 LOW (all auto-fixed)
+   Iterations: 2 (fix-and-reaudit loop)
+   Duration: 18min
+   Report: audits/.codeaudit/verdict.md
+   Next: /debugaudit for runtime verification (same scope)
+```
+
+### Partial (NEEDS_REVIEW)
+```
+⚠️ /flowaudit completed with 3 NEEDS_REVIEW items (hit 5-iter cap)
+   Score: 92/100 (A, solid)
+   Hinge flow intact. Remaining items need human decision:
+     1. Onboarding step 3 ambiguity (design choice, not fixable in code)
+     2. Payment retry UX (needs business policy)
+     3. Dead-end on /settings/advanced (intentional? confirm)
+   Report: audits/.flowaudit/verdict.md
+   Telegram SOS sent.
+```
+
+### Group dispatch (Linear DYNAMIC audit chain)
+```
+✅ Rule-43 DYNAMIC audit chain complete for DEN-42 (selector chose 5 of 16):
+   /codeaudit    100/100 (3 fixes applied)
+   /uiuxaudit    100/100 (1 fix applied)
+   /flowaudit    100/100 (0 fixes needed)
+   /debugaudit   100/100 (2 console warnings silenced)
+   /logicaudit   100/100 (1 redundant path removed)
+   Adversarial:  confirmed (5 attack attempts blocked)
+   Intent Q1-Q5: PASS
+   Gate passed:  ticket ready for "In Review: Gareth"
+   Comment posted with Before/After screenshots.
+```
+
+### Failure (ABORT)
+```
+🛑 /uiuxaudit aborted — non-UI context detected
+   Project type: CLI tool (no visual UI surface)
+   Alternatives dispatched automatically:
+     /dxaudit (primary for CLIs)
+     /copyaudit (help text, error messages)
+   Preamble §5 ABORT gate enforced per design.
+```
+
+---
+
+## 10. QUICK REFERENCE — "WHICH AUDIT FOR WHAT?"
+
+One-line answer per common question:
+
+| Question | Audit |
+|---------|-------|
+| "The button doesn't work" | `/debugaudit` + `/flowaudit` |
+| "The design looks off" | `/uiuxaudit` + `/a11yaudit` (if contrast/readability) |
+| "Site feels slow" | `/perfaudit` |
+| "Users can't find what they need" | `/flowaudit` + `/seoaudit` |
+| "Can someone hack us?" | `/secaudit` (must follow `/apiaudit` for auth surfaces) |
+| "Google isn't ranking us" | `/perfaudit` → `/seoaudit` |
+| "Form fields lost data" | `/flowaudit` (Phase 8 data integrity through flow) + `/dataaudit` |
+| "API returning wrong shape" | `/apiaudit` |
+| "Screen reader doesn't work" | `/a11yaudit` |
+| "This animation is distracting" | `/motionaudit` |
+| "Headline is unclear" | `/copyaudit` |
+| "New devs struggle to onboard" | `/dxaudit` |
+| "Database is corrupting" | `/dataaudit` |
+| "Is our command system healthy?" | `/metaudit` |
+
+---
+
+*v1.0 — 2026-04-14. Referenced by /aisb, /godmode, /team, rule 43, rule 001-smart-routing.md.*