@cleocode/core 2026.4.11 → 2026.4.12

package/src/validation/protocols/cant/architecture-decision.cant

@@ -0,0 +1,80 @@
+---
+kind: protocol
+version: 1.0.0
+id: ADR
+title: "Architecture Decision Record Protocol"
+status: active
+type: conditional
+audience: "llm-agent, orchestrator"
+tags: "adr, architecture, decisions"
+skillRef: ct-adr-recorder
+lastUpdated: 2026-04-07
+enforcement: advisory
+---
+
+# Architecture Decision Record (ADR) Protocol
+#
+# Provenance: @task T4798 (ADR-006 Implementation)
+# Type: Conditional Protocol
+# Stage: RCADSD - A (ADR)
+# Max Active: 3 protocols (including base)
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Decision Recording: "decision", "adr", "architecture decision"
+#   Stage Transition: "after consensus", "begin adr"
+#   Formalization: "lock in decision", "formalize choice", "decide"
+#   Architectural Shift: "pivot", "new architecture", "supersede"
+#   Record Creation: "create adr", "write adr", "record decision"
+#
+# Explicit Override: --protocol adr flag on task creation.
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   ADR-001: MUST be generated from an accepted Consensus report verdict
+#   ADR-002: MUST include a consensus_manifest_id linking to its originating consensus
+#   ADR-003: MUST require explicit HITL approval to transition from proposed to accepted
+#   ADR-004: MUST include Context, Options Evaluated, Decision, Rationale, and Consequences sections
+#   ADR-005: MUST trigger downstream invalidation if superseded
+#   ADR-006: MUST be stored in the canonical decisions SQLite table via Drizzle ORM
+#   ADR-007: MUST set agent_type: "decision" in manifest entry
+#   ADR-008: MUST block the Specification stage until the ADR status is accepted
+#
+# SHOULD:
+#   ADR-010: SHOULD document the exact data structures or schema changes required
+#   ADR-011: SHOULD explicitly list which existing ADRs are superseded, with rationale
+#   ADR-012: SHOULD flag known technical debt introduced by the decision
+#   ADR-013: SHOULD document rejected alternatives with rationale for rejection
+#
+# MAY:
+#   ADR-020: MAY include diagrams (Mermaid) illustrating the architectural shift
+#   ADR-021: MAY link to external prior art or research documents
+#   ADR-022: MAY reference related ADRs that are not superseded but contextually relevant
+#
+# Decision Status Lifecycle:
+#   proposed -> accepted -> superseded
+#                       \-> deprecated
+#
+# HITL Gate:
+#   1. Agent drafts the ADR based on consensus verdict
+#   2. Status is set to proposed
+#   3. Pipeline pauses (HANDOFF_REQUIRED - exit code 65)
+#   4. Human reviews the proposed ADR
+#   5. If approved, status transitions to accepted
+#   6. Only an accepted ADR unlocks the Specification stage
+#
+# Exit Codes:
+#   65: HANDOFF_REQUIRED - ADR drafted as proposed, awaiting HITL acceptance
+#   84: PROVENANCE_REQUIRED - Attempted to create ADR without linked Consensus report
+#   18: CASCADE_FAILED - Downstream work blocked because governing ADR was superseded
+#
+# Anti-Patterns:
+#   - Creating ADR without consensus (decisions lack evidence foundation)
+#   - Auto-accepting without HITL review (bypasses human oversight gate)
+#   - Omitting downstream impact section (future implementers unaware of cascade)
+#   - Superseding without updating specs (creates orphaned specifications)
+#   - Using ADR to define implementation requirements (that is Specification's role)
+#   - Storing ADR only as markdown without SQLite record (loses relational queries)
+#   - Skipping rejected alternatives (loses institutional knowledge)

package/src/validation/protocols/cant/artifact-publish.cant

@@ -0,0 +1,95 @@
+---
+kind: protocol
+version: 1.0.0
+id: ART
+title: "Artifact Publish Protocol"
+status: active
+type: cross-cutting
+audience: "llm-agent, orchestrator"
+tags: "artifact, publish, distribution"
+skillRef: ct-artifact-publisher
+lastUpdated: 2026-04-07
+enforcement: advisory
+---
+
+# Artifact Publish Protocol
+#
+# Type: Conditional Protocol
+# Max Active: 3 protocols (including base)
+#
+# Relationship to Release Protocol:
+#   This protocol orchestrates artifact building and publishing.
+#   Release orchestrates version bumping, tagging, and changelog.
+#   They compose: release triggers artifact-publish for distribution phase.
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Package Publish: "publish", "package", "distribute"
+#   Artifact Build: "artifact", "build artifact", "bundle"
+#   Container Push: "docker push", "container registry", "image publish"
+#   Language Package: "crate", "gem", "wheel", "sdist"
+#   Multi-Artifact: "publish all", "release artifacts", "multi-package"
+#
+# Explicit Override: --protocol artifact-publish flag on task creation.
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   ARTP-001: MUST validate artifact configuration before build
+#   ARTP-002: MUST execute dry-run before any real publish
+#   ARTP-003: MUST follow handler interface contract: validate -> build -> publish
+#   ARTP-004: MUST generate SHA-256 checksums for all built artifacts
+#   ARTP-005: MUST record provenance metadata via record_release()
+#   ARTP-006: MUST use sequential execution for multi-artifact publish
+#   ARTP-007: MUST set agent_type: "artifact-publish" in manifest
+#   ARTP-008: MUST NOT store credentials in config, output, or manifest
+#   ARTP-009: MUST halt pipeline and attempt rollback on first publish failure
+#
+# SHOULD:
+#   ARTP-010: SHOULD verify registry reachability before publish
+#   ARTP-011: SHOULD validate version consistency between config and artifact metadata
+#   ARTP-012: SHOULD log all publish operations to audit trail
+#   ARTP-013: SHOULD verify build output exists and is non-empty before publish
+#
+# MAY:
+#   ARTP-020: MAY batch validation across all artifacts before starting builds
+#   ARTP-021: MAY generate SBOM alongside artifacts (delegate to provenance)
+#   ARTP-022: MAY sign artifacts using configured signing method (delegate to provenance)
+#
+# Artifact Lifecycle State Machine:
+#   configured -> validated -> built -> published
+#                    |            |         |
+#                  failed       failed    failed -> rollback
+#
+# Registered Handlers (9 types):
+#   npm-package, python-wheel, python-sdist, go-module,
+#   cargo-crate, ruby-gem, docker-image, github-release, generic-tarball
+#
+# Multi-Artifact Pipeline Phases:
+#   Phase 1: Pre-validate all artifacts
+#   Phase 2: Build sequential per artifact
+#   Phase 3: Publish with rollback on failure
+#
+# Credential Handling:
+#   Agents MUST NOT store, log, or embed credentials
+#   Resolution order: env var -> CI secret -> credential manager (future)
+#
+# Error Codes (85-89):
+#   85: E_ARTIFACT_TYPE_UNKNOWN
+#   86: E_ARTIFACT_VALIDATION_FAILED
+#   87: E_ARTIFACT_BUILD_FAILED
+#   88: E_ARTIFACT_PUBLISH_FAILED (rollback attempted)
+#   89: E_ARTIFACT_ROLLBACK_FAILED
+#
+# Anti-Patterns:
+#   - Publishing without dry-run first (irreversible registry state)
+#   - Storing credentials in config.json (committed to VCS)
+#   - Parallel multi-artifact publish (race conditions)
+#   - Skipping checksum generation (cannot verify integrity)
+#   - Publishing without version check (duplicate version errors)
+#   - Ignoring publish failures (inconsistent state)
+#   - Logging credential values (exposure in audit trail)
+#   - Building without validation (wastes time)
+#   - Manual rollback without recording (lost provenance chain)
+#   - Hardcoding registry URLs (breaks across environments)

package/src/validation/protocols/cant/consensus.cant

@@ -0,0 +1,74 @@
+---
+kind: protocol
+version: 1.0.0
+id: CONS
+title: "Consensus Protocol"
+status: active
+type: conditional
+audience: "llm-agent, orchestrator"
+tags: "consensus, voting, validation"
+skillRef: ct-consensus-voter
+lastUpdated: 2026-04-07
+enforcement: strict
+---
+
+# Consensus Protocol
+#
+# Provenance: @task T3155, @epic T3147
+# Type: Conditional Protocol
+# Max Active: 3 protocols (including base)
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Decision Making: "vote", "decide", "choose", "select"
+#   Agreement: "consensus", "agree", "alignment"
+#   Conflict Resolution: "resolve", "dispute", "conflict"
+#   Validation: "validate claim", "verify assertion"
+#
+# Explicit Override: --protocol consensus flag on task creation.
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   CONS-001: MUST use structured voting format
+#   CONS-002: MUST document rationale for each position
+#   CONS-003: MUST include confidence scores (0.0-1.0)
+#   CONS-004: MUST cite evidence supporting positions
+#   CONS-005: MUST flag conflicts with severity levels
+#   CONS-006: MUST escalate to HITL when threshold not reached
+#   CONS-007: MUST set agent_type: "analysis" in manifest
+#
+# SHOULD:
+#   CONS-010: SHOULD present multiple perspectives
+#   CONS-011: SHOULD identify hidden assumptions
+#   CONS-012: SHOULD document rejected alternatives
+#   CONS-013: SHOULD include uncertainty notes for low confidence
+#
+# MAY:
+#   CONS-020: MAY propose compromise positions
+#   CONS-021: MAY defer non-critical decisions
+#   CONS-022: MAY request additional research
+#
+# Verdict Thresholds:
+#   PROVEN: 3/5 agents OR 50%+ weighted confidence, reproducible evidence
+#   REFUTED: Counter-evidence invalidates, counter-proof exists
+#   CONTESTED: 3/5 split after 2 challenge rounds, document both sides
+#   INSUFFICIENT_EVIDENCE: Cannot reach verdict, request investigation
+#
+# HITL Escalation:
+#   - Contested verdict (3/5 split): Present conflict to user
+#   - Critical severity conflict: Immediate escalation
+#   - Insufficient evidence: Request user guidance
+#   - Unanimous suspicious consensus: Verify with user
+#
+# Exit Codes:
+#   EXIT_PROTOCOL_CONSENSUS (61) - Consensus protocol violation
+#   EXIT_PROTOCOL_GENERIC (67) - Generic protocol error
+#
+# Anti-Patterns:
+#   - Accepting unanimous consensus without scrutiny (may indicate groupthink)
+#   - Skipping evidence citations (decisions lack foundation)
+#   - Binary voting without confidence (loses nuance)
+#   - Ignoring minority positions (may miss valid concerns)
+#   - Premature escalation (wastes human attention)

package/src/validation/protocols/cant/contribution.cant

@@ -0,0 +1,82 @@
+---
+kind: protocol
+version: 1.0.0
+id: CONT
+title: "Contribution Protocol"
+status: active
+type: cross-cutting
+audience: "llm-agent, orchestrator"
+tags: "contribution, commit, pr"
+skillRef: ct-contribution
+lastUpdated: 2026-02-24
+enforcement: strict
+---
+
+# Contribution Protocol
+#
+# Provenance: @task T3155, @epic T3147
+# Type: Cross-Cutting Protocol
+# Applies To: All RCASD-IVTR+C stages
+# Max Active: 3 protocols (including base)
+#
+# Cross-Cutting Nature: This protocol applies across ALL stages of RCASD-IVTR+C.
+# Unlike stage-specific protocols, contribution tracking is active whenever
+# multi-agent coordination or attribution is needed.
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Shared File Modification: Modifying CLAUDE.md, AGENTS.md, shared configs
+#   PR Creation: "pull request", "PR", "merge request"
+#   Cross-Session Work: Multiple agents on same epic
+#   Audit Trail: Provenance, attribution, tracking
+#
+# Explicit Override: --protocol contribution flag on task creation.
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   CONT-001: MUST follow commit message conventions
+#   CONT-002: MUST include provenance tags in code comments
+#   CONT-003: MUST pass all validation gates before merge
+#   CONT-004: MUST document decisions with rationale
+#   CONT-005: MUST flag conflicts with other sessions
+#   CONT-006: MUST write contribution record to manifest
+#   CONT-007: MUST set agent_type: "implementation" in manifest
+#
+# SHOULD:
+#   CONT-010: SHOULD include test coverage for changes
+#   CONT-011: SHOULD link to related tasks and research
+#   CONT-012: SHOULD document rejected alternatives
+#   CONT-013: SHOULD request review for significant changes
+#
+# MAY:
+#   CONT-020: MAY batch related changes into single contribution
+#   CONT-021: MAY defer documentation updates
+#   CONT-022: MAY propose follow-up improvements
+#
+# Commit Message Format:
+#   <type>(<scope>): <summary>
+#   Types: feat, fix, docs, test, refactor, chore, perf
+#
+# Validation Gates:
+#   Schema: JSON Schema validation (MUST pass)
+#   Tests: All tests pass (MUST pass)
+#   Lint: Code style compliance (SHOULD pass)
+#   Security: No secrets committed (MUST pass)
+#   Conflicts: No unresolved conflicts (MUST resolve)
+#
+# Provenance Thresholds:
+#   New code: 100%
+#   Existing code: 80%
+#   Legacy code: 50%
+#
+# Exit Codes:
+#   EXIT_PROTOCOL_CONTRIBUTION (65) - Contribution protocol violation
+#
+# Anti-Patterns:
+#   - Committing without provenance (breaks audit trail)
+#   - Skipping validation gates (quality regression)
+#   - Ignoring conflicts (creates merge debt)
+#   - Large unfocused commits (hard to review/revert)
+#   - Missing decision documentation (lost context)

package/src/validation/protocols/cant/decomposition.cant

@@ -0,0 +1,92 @@
+---
+kind: protocol
+version: 2.0.0
+id: DCMP
+title: "Decomposition Protocol"
+status: active
+type: conditional
+audience: "llm-agent, orchestrator"
+tags: "decomposition, hierarchy, atomicity, planning"
+skillRef: ct-epic-architect
+lastUpdated: 2026-02-24
+provenanceTask: T3155
+enforcement: strict
+---
+
+# Decomposition Protocol
+#
+# Provenance: @task T3155, @epic T3147
+# Type: Conditional Protocol
+# Max Active: 3 protocols (including base)
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Epic Planning: "epic", "project", "initiative"
+#   Breakdown: "decompose", "break down", "split"
+#   Planning: "plan", "roadmap", "phases"
+#   Analysis: "scope", "estimate complexity"
+#
+# Explicit Override: --protocol decomposition flag on task creation.
+#
+# Hard Invariants (always enforced):
+#   - Parent must exist: parent task ID must be present in the task store
+#   - No circular references: moving a task under its own descendant is rejected
+#   - Dependency DAG integrity: blockedBy/blocks must remain acyclic
+#
+# Configurable Limits (profile-driven):
+#   maxSiblings: default 0 (unlimited for llm-agent-first); 7 for human-cognitive
+#   maxActiveSiblings: default 32 (operational concurrency guard)
+#   maxDepth: default 3 (epic -> task -> subtask)
+#
+# Enforcement Profiles:
+#   llm-agent-first (default): maxSiblings=0, maxActiveSiblings=32, maxDepth=3
+#   human-cognitive: maxSiblings=7, maxActiveSiblings=3, maxDepth=3
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   DCMP-001: MUST follow MECE principle (Mutually Exclusive, Collectively Exhaustive)
+#   DCMP-002: MUST map dependencies between tasks
+#   DCMP-003: MUST respect the configured hierarchy.maxDepth policy (default: 3)
+#   DCMP-004: MUST verify atomicity for leaf tasks
+#   DCMP-005: MUST NOT include time estimates (use size: small/medium/large)
+#   DCMP-006: MUST include acceptance criteria for each task
+#   DCMP-007: Siblings MUST respect the configured hierarchy.maxSiblings policy
+#   DCMP-008: Depth MUST respect the configured hierarchy.maxDepth policy
+#   DCMP-009: MUST set agent_type: "analysis" in manifest
+#
+# SHOULD:
+#   DCMP-010: SHOULD identify parallel execution opportunities
+#   DCMP-011: SHOULD flag unclear requirements for HITL
+#   DCMP-012: SHOULD consider existing task overlap
+#   DCMP-013: SHOULD assign phase to each task
+#
+# MAY:
+#   DCMP-020: MAY propose multiple decomposition options
+#   DCMP-021: MAY identify risks and mitigations
+#   DCMP-022: MAY suggest task consolidation
+#
+# Atomicity Criteria (6-Point Test):
+#   1. Single File Scope: Affects <=3 tightly-coupled files
+#   2. Single Cognitive Concern: One bounded concern per task
+#   3. Clear Acceptance Criteria: Testable completion condition
+#   4. No Context Switching: Completable within a single agent session
+#   5. No Hidden Sub-Decisions: All choices made at decomposition
+#   6. Programmatic Validation: Result verifiable by code/test
+#
+# Size Definitions:
+#   small: 1-2 files, single concern, MUST be atomic
+#   medium: 3-7 files, related concerns, SHOULD be atomic
+#   large: 8+ files, multiple concerns, MUST decompose further
+#
+# Exit Codes:
+#   EXIT_PROTOCOL_DECOMPOSITION (63) - Decomposition protocol violation
+#
+# Anti-Patterns:
+#   - Time estimates (cannot predict duration accurately)
+#   - Non-atomic leaf tasks (create hidden work)
+#   - Missing dependencies (incorrect execution order)
+#   - Exceeding configured maxDepth (complexity explosion)
+#   - Overlapping scopes (not MECE - duplicate work)
+#   - Skipping atomicity check (quality regression)

package/src/validation/protocols/cant/implementation.cant

@@ -0,0 +1,67 @@
+---
+kind: protocol
+version: 1.0.0
+id: IMPL
+title: "Implementation Protocol"
+status: active
+type: base
+audience: "llm-agent"
+tags: "implementation, coding, development"
+skillRef: ct-task-executor
+lastUpdated: 2026-02-24
+enforcement: strict
+---
+
+# Implementation Protocol
+#
+# Provenance: @task T3155, @epic T3147
+# Type: Conditional Protocol
+# Max Active: 3 protocols (including base)
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Building: "implement", "build", "create", "develop"
+#   Coding: "code", "write", "program"
+#   Fixing: "fix", "bug", "patch", "repair"
+#   Enhancement: "improve", "enhance", "optimize"
+#
+# Explicit Override: --protocol implementation flag on task creation.
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   IMPL-001: MUST include tests for new functionality
+#   IMPL-002: MUST follow project code style conventions
+#   IMPL-003: MUST include JSDoc/docstring provenance tags
+#   IMPL-004: MUST verify changes pass existing tests
+#   IMPL-005: MUST document breaking changes
+#   IMPL-006: MUST write implementation summary to manifest
+#   IMPL-007: MUST set agent_type: "implementation" in manifest
+#
+# SHOULD:
+#   IMPL-010: SHOULD add inline comments for complex logic
+#   IMPL-011: SHOULD refactor duplicated code
+#   IMPL-012: SHOULD update related documentation
+#   IMPL-013: SHOULD consider error handling edge cases
+#
+# MAY:
+#   IMPL-020: MAY propose architectural improvements
+#   IMPL-021: MAY add performance benchmarks
+#   IMPL-022: MAY suggest follow-up enhancements
+#
+# Provenance Thresholds:
+#   New code: 100% coverage required
+#   Existing code: 80% coverage required
+#   Legacy code: 50% coverage required
+#
+# Exit Codes:
+#   EXIT_PROTOCOL_IMPLEMENTATION (64) - Implementation protocol violation
+#
+# Anti-Patterns:
+#   - Code without tests (regression risk)
+#   - Missing provenance (lost attribution)
+#   - Skipping validation (quality regression)
+#   - Undocumented breaking changes (surprise failures)
+#   - No error handling (silent failures)
+#   - Hardcoded values (maintenance burden)

package/src/validation/protocols/cant/provenance.cant

@@ -0,0 +1,88 @@
+---
+kind: protocol
+version: 1.0.0
+id: PROV
+title: "Provenance Protocol"
+status: active
+type: cross-cutting
+audience: "llm-agent, orchestrator"
+tags: "provenance, traceability, lineage"
+skillRef: ct-provenance-keeper
+lastUpdated: 2026-04-07
+enforcement: advisory
+---
+
+# Provenance Protocol
+#
+# Type: Conditional Protocol
+# Max Active: 3 protocols (including base)
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Supply Chain: "provenance", "supply chain", "chain of custody"
+#   Attestation: "attest", "attestation", "in-toto", "SLSA"
+#   SBOM: "sbom", "bill of materials", "cyclonedx", "spdx"
+#   Signing: "sign", "cosign", "sigstore", "verify signature"
+#   Checksums: "checksum", "digest", "sha256", "integrity"
+#
+# Explicit Override: --protocol provenance flag on task creation.
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   PROV-001: MUST record provenance chain from source commit to published artifact
+#   PROV-002: MUST compute SHA-256 digest for every produced artifact
+#   PROV-003: MUST generate attestation in in-toto Statement v1 format
+#   PROV-004: MUST record SLSA Build Level achieved (L1 minimum)
+#   PROV-005: MUST store provenance record in .cleo/releases.json via record_release()
+#   PROV-006: MUST verify provenance chain integrity before publishing attestation
+#   PROV-007: MUST set agent_type: "provenance" in manifest
+#
+# SHOULD:
+#   PROV-010: SHOULD generate SBOM (CycloneDX or SPDX) for artifacts with dependencies
+#   PROV-011: SHOULD sign attestations using keyless signing (sigstore/cosign)
+#   PROV-012: SHOULD publish provenance attestation alongside artifact
+#   PROV-013: SHOULD verify all input materials have provenance
+#
+# MAY:
+#   PROV-020: MAY achieve SLSA Build Level 3 or 4
+#   PROV-021: MAY use key-based signing (GPG) as alternative to keyless
+#   PROV-022: MAY generate multiple SBOM formats (both CycloneDX and SPDX)
+#
+# Provenance Chain Model:
+#   commit -> build -> artifact -> attestation -> registry
+#
+# Chain Integrity Rules:
+#   Each link MUST reference previous link's output
+#   No link MAY be modified after creation (append-only)
+#   Missing links MUST be recorded as incomplete
+#   Chain MUST be verifiable offline
+#
+# SLSA Compliance Levels:
+#   L1: Provenance exists
+#   L2: Provenance signed + build on hosted platform
+#   L3: Non-falsifiable provenance
+#   L4: All deps have provenance + hermetic reproducible build
+#
+# Signing Methods:
+#   sigstore (default): cosign sign-blob --yes <artifact>
+#   gpg: gpg --detach-sign --armor -u <key-id> <artifact>
+#   none: Skip signing (SLSA L1 only)
+#
+# Error Codes (90-94):
+#   90: E_PROVENANCE_CONFIG_INVALID
+#   91: E_SIGNING_KEY_MISSING
+#   92: E_SIGNATURE_INVALID
+#   93: E_DIGEST_MISMATCH
+#   94: E_ATTESTATION_INVALID
+#
+# Anti-Patterns:
+#   - Skipping digest computation (breaks chain integrity)
+#   - Hardcoding signing keys in config (security risk)
+#   - Generating attestation without matching digest
+#   - Publishing artifact before signing
+#   - Modifying provenance records after creation
+#   - Skipping SBOM for artifacts with dependencies
+#   - Using SHA-1 or MD5 for digests (cryptographically broken)
+#   - Storing private keys in .cleo/ directory

package/src/validation/protocols/cant/release.cant

@@ -0,0 +1,96 @@
+---
+kind: protocol
+version: 1.0.0
+id: REL
+title: "Release Protocol"
+status: active
+type: conditional
+audience: "llm-agent, orchestrator"
+tags: "release, semver, changelog"
+skillRef: ct-release-orchestrator
+lastUpdated: 2026-04-07
+enforcement: strict
+---
+
+# Release Protocol
+#
+# Provenance: @task T3155, @epic T3147
+# Type: Conditional Protocol
+# Max Active: 3 protocols (including base)
+#
+# Trigger Conditions
+#
+# This protocol activates when the task involves:
+#   Version: "release", "version", "v1.x.x"
+#   Publish: "publish", "deploy", "ship"
+#   Changelog: "changelog", "release notes"
+#   Tag: "tag", "milestone", "GA"
+#
+# Explicit Override: --protocol release flag on task creation.
+#
+# Requirements (RFC 2119)
+#
+# MUST:
+#   RLSE-001: MUST follow semantic versioning (semver)
+#   RLSE-002: MUST update changelog with all changes
+#   RLSE-003: MUST pass all validation gates before release
+#   RLSE-004: MUST tag release in version control
+#   RLSE-005: MUST document breaking changes with migration path
+#   RLSE-006: MUST verify version consistency across files
+#   RLSE-007: MUST set agent_type: "documentation" in manifest
+#
+# SHOULD:
+#   RLSE-010: SHOULD include upgrade instructions
+#   RLSE-011: SHOULD verify documentation is current
+#   RLSE-012: SHOULD test installation process
+#   RLSE-013: SHOULD create backup before release
+#   RLSE-014: SHOULD run test suite for major/minor releases
+#   RLSE-015: SHOULD verify tests pass before tagging
+#
+# MAY:
+#   RLSE-020: MAY include performance benchmarks
+#   RLSE-021: MAY announce on communication channels
+#   RLSE-022: MAY batch minor fixes into single release
+#
+# State Machine:
+#   create -> planned -> active -> released (immutable)
+#
+# Ship Workflow (10 steps):
+#   1. Auto-populate release tasks
+#   1.5. Run release guards
+#   2. Bump version (if --bump-version)
+#   3. Ensure [Unreleased] section in CHANGELOG.md
+#   4. Generate changelog from task metadata
+#   5. Validate changelog content
+#   6. Append to CHANGELOG.md + platform outputs
+#   7. Run validation gates
+#   8. Create release commit
+#   9. Create annotated tag (if --create-tag)
+#   10. Push to remote (if --push)
+#   11. Update release status to released
+#
+# Composition with Sub-Protocols:
+#   artifact-publish: Conditional, triggered when release config has artifact handlers
+#   provenance: Conditional, invoked transitively via artifact-publish for signing
+#
+# Error Codes (50-59):
+#   50: E_RELEASE_NOT_FOUND
+#   51: E_RELEASE_EXISTS
+#   52: E_RELEASE_LOCKED
+#   53: E_INVALID_VERSION
+#   54: E_VALIDATION_FAILED
+#   55: E_VERSION_BUMP_FAILED
+#   56: E_TAG_CREATION_FAILED
+#   57: E_CHANGELOG_GENERATION_FAILED
+#   58: E_TAG_EXISTS
+#   59: E_TASKS_INCOMPLETE
+#
+# Anti-Patterns:
+#   - Skipping version bump (version confusion)
+#   - Missing changelog entry (lost history)
+#   - Undocumented breaking changes (user frustration)
+#   - No release tag (cannot reference version)
+#   - Incomplete checklist (missed steps)
+#   - Major releases without --run-tests (quality risk)
+#   - Ignoring epic completeness warnings
+#   - Overusing --force (bypasses guards)