@curdx/flow 2.2.3 → 2.2.5

package/skills/security-audit/SKILL.md

@@ -21,45 +21,27 @@ paths:
 
 # Security Audit
 
-You are invoked when the user wants a systematic security review of the current spec or codebase.
+This skill orchestrates scoped security review. Keep the entrypoint focused on
+scope/depth selection, required audit outputs, and the blocking gate. Detailed
+rules live in:
 
-## Preconditions
+- `references/scope-and-depth.md`
+- `references/audit-contract.md`
+- `references/gate-handoff.md`
 
-1. The code or spec under review is reachable from the current working directory.
-2. The user has identified the scope (current spec, specific module, or whole repo).
+## Scope and Depth
 
-## Workflow
+Use `references/scope-and-depth.md` to confirm:
 
-### Step 1: Clarify audit scope
+- scope
+- audit depth
+- risk tolerance
 
-Confirm:
-- **Scope** (current spec / specific paths / whole repo)
-- **Depth** (OWASP-only / OWASP + STRIDE / + dependency CVE scan)
-- **Risk tolerance** (block on any SR / only block on SR with POC / advisory only)
+## Audit Contract
 
-### Step 2: Run via `flow-security-auditor`
+`flow-security-auditor` should follow `references/audit-contract.md`.
 
-This skill executes in a forked context through `flow-security-auditor`. It will:
-1. Scan for hardcoded secrets, weak crypto, unsanitized inputs
-2. Apply OWASP Top 10 (A01 Broken Access Control → A10 SSRF)
-3. Apply STRIDE threat modeling (Spoofing, Tampering, Repudiation, Information disclosure, DoS, Elevation)
-4. Run dependency CVE scan (`npm audit` / equivalent)
-5. Produce a findings report with severity labels (SR = Blocking Red line, SW = Warning, SM = Mandatory-to-address)
+## Gate and Handoff
 
-### Step 3: Write security report
-
-Output `.flow/specs/<active>/security-audit.md` containing:
-- **SR (blocking)** — must fix before ship
-- **SW (warning)** — should fix, won't block
-- **SM (mandatory)** — baseline items that must be present
-- **CVE hits** — direct / transitive dependencies with known vulns
-- **Recommended fixes** — concrete patches, not generic advice
-
-### Step 4: Enforce gate
-
-Apply the `security-gate` (`@${CLAUDE_PLUGIN_ROOT}/gates/security-gate.md`) — if any SR findings exist, block completion until remediated or explicitly waived with a D-NN decision in STATE.md.
-
-## References
-
-- `flow-security-auditor` agent: `@${CLAUDE_PLUGIN_ROOT}/agents/flow-security-auditor.md`
-- security-gate: `@${CLAUDE_PLUGIN_ROOT}/gates/security-gate.md`
+Blocking semantics and next-step routing live in
+`references/gate-handoff.md`.

package/skills/security-audit/references/audit-contract.md

@@ -0,0 +1,21 @@
+# Security Audit Contract — What the Auditor Must Produce
+
+`flow-security-auditor` should:
+
+1. scan for secrets, weak crypto, and unsafe inputs
+2. apply OWASP Top 10
+3. apply STRIDE threat modeling when requested
+4. run dependency CVE scanning
+5. label findings by severity
+
+## Required Artifact
+
+- `.flow/specs/<active>/security-audit.md`
+
+The report should include:
+
+- SR (blocking)
+- SW (warning)
+- SM (mandatory baseline)
+- CVE hits
+- concrete fixes

package/skills/security-audit/references/gate-handoff.md

@@ -0,0 +1,8 @@
+# Security Gate Handoff — Blocking Rules and Next Steps
+
+Apply `@${CLAUDE_PLUGIN_ROOT}/gates/security-gate.md`.
+
+- if any SR findings exist, block completion until remediated or explicitly
+  waived with a D-NN decision in `STATE.md`
+- if findings are advisory only, hand off `security-audit.md` as evidence for
+  later implementation or review work

package/skills/security-audit/references/scope-and-depth.md

@@ -0,0 +1,9 @@
+# Security Scope and Depth — Confirm the Audit Shape
+
+Before dispatching, confirm:
+
+- scope: current spec, specific path, or whole repo
+- depth: `owasp`, `stride`, or `full`
+- risk tolerance: blocking vs advisory
+
+The positional first argument is the scope. Depth stays in `--depth=...`.

package/skills/spec/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: spec
-description: Generate or refresh the active spec across research, requirements, design, and tasks. Flags target phases, regeneration, and planning review.
+description: Generate or refresh research, requirements, design, and tasks for the active spec.
 when_to_use: Use when the user wants to generate, resume, regenerate, or review a feature spec across research, requirements, design, and task planning.
 argument-hint: "[--phase=<X[,Y,...]>] [--until=<X>] [--review[=<dim[,dim]>]] [--regenerate] [--resume]"
 disable-model-invocation: true
@@ -9,7 +9,17 @@ allowed-tools: [Read, Write, Bash, Agent, AskUserQuestion]
 
 # Generate or Refresh the Active Spec
 
-This command writes the four spec documents (`research.md`, `requirements.md`, `design.md`, `tasks.md`) inside `.flow/specs/<active-spec>/`. It replaces the v1 commands `/research`, `/requirements`, `/design`, `/tasks`, `/plan-ceo`, `/plan-eng`, `/plan-design`, `/plan-dx`, and `/autoplan` — all expressed here as flags.
+This command writes `research.md`, `requirements.md`, `design.md`, and
+`tasks.md` into `.flow/specs/<active-spec>/`.
+
+Keep this entrypoint focused on phase selection and orchestration. Detailed
+phase prompts and landing checks live in:
+
+- `references/preflight-and-routing.md`
+- `references/phase-execution.md`
+- `references/artifact-landing.md`
+- `references/planning-review.md`
+- `references/reporting.md`
 
 ## Flags
 
@@ -23,205 +33,68 @@ This command writes the four spec documents (`research.md`, `requirements.md`, `
 
 ## Preflight
 
-```bash
-# 1. A .flow project must exist
-[ ! -d ".flow" ] && {
-  echo "✗ Not a CurdX-Flow project. Run /curdx-flow:init first.";
-  exit 1;
-}
-
-# 2. An active spec must be set
-SPEC_NAME=$(cat .flow/.active-spec 2>/dev/null)
-if [ -z "$SPEC_NAME" ]; then
-  echo "✗ No active spec. Run /curdx-flow:start <name> \"<goal>\" first.";
-  exit 1;
-fi
-SPEC_DIR=".flow/specs/$SPEC_NAME"
-STATE_FILE="$SPEC_DIR/.state.json"
-[ ! -f "$STATE_FILE" ] && { echo "✗ Missing $STATE_FILE"; exit 1; }
-```
-
-## Flag parsing
-
-```bash
-# $ARGUMENTS is the raw argument string
-FLAG_PHASE=$(echo "$ARGUMENTS" | grep -oP -- '--phase=\K[^\s]+' || true)
-FLAG_UNTIL=$(echo "$ARGUMENTS" | grep -oP -- '--until=\K[^\s]+' || true)
-FLAG_REVIEW=$(echo "$ARGUMENTS" | grep -oP -- '--review(?:=[^\s]+)?' || true)
-FLAG_REGENERATE=$(echo "$ARGUMENTS" | grep -q -- '--regenerate' && echo "1" || echo "0")
-
-# Rule: --phase and --until are mutually exclusive
-if [ -n "$FLAG_PHASE" ] && [ -n "$FLAG_UNTIL" ]; then
-  echo "✗ --phase and --until cannot be combined. Pick one.";
-  exit 1;
-fi
-```
-
-## Phase resolution
-
-The ordered pipeline is `research → requirements → design → tasks`. Resolve which phases to run:
-
-- No flags → start at `state.json.phase`, run forward to `tasks`.
-- `--phase=design` → run only `design`.
-- `--phase=design,tasks` → run `design` then `tasks`.
-- `--until=design` → start at `state.json.phase`, stop after `design`.
-- `--regenerate` (no other phase flag) → same as default but clear existing output for each phase before running.
-- `--regenerate --phase=X` → clear `X`'s output, re-run only `X`.
-
-Read and update `.state.json.phase` after each phase succeeds.
+Use `references/preflight-and-routing.md` for:
 
-## Phase execution
+- `.flow/`, active spec, and `.state.json` checks
+- flag parsing and invalid flag combinations
+- ordered phase routing and `--regenerate` scope resolution
 
-For each phase in the resolved list, dispatch a subagent via the `Agent` tool:
+## Phase Resolution
 
-### research → `flow-researcher`
-Inputs: spec goal + one-line description from `.state.json`.
-Output: `research.md` covering problem space, prior art (library candidates via `context7`), constraints, technical recommendation.
+The ordered pipeline is still `research -> requirements -> design -> tasks`.
+The exact routing rules and stopping points are defined in
+`references/preflight-and-routing.md`.
 
-**Dispatch prompt prefix (MANDATORY)**:
-```
-CRITICAL OUTPUT PROTOCOL: Your FIRST action must be calling Write tool with the full research.md content. Do NOT explain, narrate, or preview. After Write succeeds, output EXACTLY 3 lines:
-✓ research.md generated
-Recommendations: N
-Next: /curdx-flow:spec --phase=requirements
+## Phase Dispatch
 
-FORBIDDEN: explanations, summaries, findings lists. The file is the deliverable.
----
-```
+Phase-specific prompts, mandatory output protocols, and post-phase state updates
+live in `references/phase-execution.md`.
 
-### requirements → `flow-product-designer`
-Inputs: `research.md`.
-Output: `requirements.md` with user stories (US-NN), acceptance criteria (AC-N.N), functional requirements (FR-NN), non-functional requirements (NFR-*).
+Use this phase-to-agent mapping:
 
-**Dispatch prompt prefix (MANDATORY)**:
-```
-CRITICAL OUTPUT PROTOCOL: Your FIRST action must be calling Write tool with the full requirements.md content. Do NOT explain, narrate, or preview. After Write succeeds, output EXACTLY 4 lines:
-✓ requirements.md generated
-User stories: N
-Functional requirements: N
-Next: /curdx-flow:spec --phase=design
+| Phase | Agent | Output |
+|-------|-------|--------|
+| `research` | `flow-researcher` | `research.md` |
+| `requirements` | `flow-product-designer` | `requirements.md` |
+| `design` | `flow-architect` | `design.md` |
+| `tasks` | `flow-planner` | `tasks.md` |
 
-FORBIDDEN: explanations, summaries, US/AC lists. The file is the deliverable.
----
-```
+After each dispatch, run the landing guard from
+`references/artifact-landing.md`. Never advance phase state based only on the
+agent's narrative response.
 
-### design → `flow-architect`
-Inputs: `research.md` + `requirements.md`.
-Output: `design.md` with architecture decisions (AD-NN), component boundaries, data models, error-path design, mermaid diagrams (when they clarify). Uses `sequential-thinking` MCP proportional to the genuine tradeoff surface.
+## Optional Planning Review
 
-**Dispatch prompt prefix (MANDATORY)**:
-```
-CRITICAL OUTPUT PROTOCOL: Your FIRST action must be calling Write tool with the full design.md content. Do NOT explain, narrate, or preview. After Write succeeds, output EXACTLY 4 lines:
-✓ design.md generated
-Architecture decisions: N
-Components: N
-Next: /curdx-flow:spec --phase=tasks
+If `--review` is present, use the dimension-expansion and aggregation protocol
+from `references/planning-review.md`.
 
-FORBIDDEN: explanations, summaries, AD lists, tech stack lists, warnings. The file is the deliverable.
----
-```
+The review output lands at:
 
-### tasks → `flow-planner`
-Inputs: all three prior files + `.flow/PROJECT.md` tech stack.
-Output: `tasks.md` — POC-First 5-phase decomposition with per-task Verify commands, multi-source coverage audit against FR/AC/AD/Research/Decisions.
-
-**Dispatch prompt prefix (MANDATORY)**:
-```
-CRITICAL OUTPUT PROTOCOL: Your FIRST action must be calling Write tool with the full tasks.md content. Do NOT explain, narrate, or preview. After Write succeeds, output EXACTLY 5 lines:
-✓ tasks.md generated
-Total tasks: N
-Coverage audit: PASS
-Phases: 1-5
-Next: /curdx-flow:implement
-
-FORBIDDEN: explanations, summaries, task lists. The file is the deliverable.
----
-```
-
-After each phase completes successfully, update `.state.json`:
-
-```json
-{
-  "phase": "<just-completed-phase>",
-  "phase_status": { "<phase>": "completed" },
-  "updated": "<ISO8601 timestamp>"
-}
-```
-
-### Artifact landing check (mandatory after every phase)
-
-Sub-agent responses can be truncated by the model's output-length limit, which means the `Write` tool call for the phase's Markdown artifact may never fire. Do NOT trust the agent's return value alone — always verify the file actually landed.
-
-For each phase just dispatched, run:
-
-```bash
-ARTIFACT=".flow/specs/$SPEC_NAME/<phase>.md"
-if [ ! -f "$ARTIFACT" ]; then
-  echo "⚠ $ARTIFACT did not land. Re-dispatching <phase> agent with an explicit 'write the file' prompt."
-  # Re-dispatch the same agent, but in the prompt, front-load:
-  #   "Your ONLY job is to call the Write tool with the full <phase>.md content now.
-  #    Do not explain. Do not narrate. Write the file and stop."
-  # This pattern produces an artifact even when prior verbosity caused truncation.
-fi
-
-# Minimum-size sanity check — if the file is <500 bytes, the write likely truncated
-if [ -f "$ARTIFACT" ] && [ "$(wc -c < "$ARTIFACT" | tr -d ' ')" -lt 500 ]; then
-  echo "⚠ $ARTIFACT looks truncated (<500 bytes). Re-dispatching to complete it."
-fi
-```
-
-Only advance `.state.json.phase` after both the file exists AND passes the size sanity check. If a re-dispatch also fails to produce the artifact, stop and surface the issue to the user instead of silently advancing — that prevents later phases from consuming an empty upstream file.
-
-## Optional planning review
-
-If `--review` (or `--review=<dims>`) is present:
-
-1. **Precondition**: `design.md` must exist. If missing, error: "Design missing. Run `/curdx-flow:spec --phase=design` first."
-2. Parse the dims: `all` expands to `ceo,eng,design,dx`.
-3. Dispatch review agents in parallel via `Agent` (one per dim):
-
-| Dim | Agent | Focus |
-|-----|-------|-------|
-| `ceo` | `flow-architect` (review mode) | Strategic: scope fit, ROI, opportunity cost |
-| `eng` | `flow-architect` (review mode) | Engineering: architecture lock-in, risk, technical debt |
-| `design` | `flow-ux-designer` | UX / UI / accessibility / design system |
-| `dx` | `flow-architect` (review mode) | Developer experience: naming, comments, structure, error handling, setup, types, tests, dev loop |
-
-4. Aggregate findings into `.flow/specs/<active>/spec-review.md` with one section per dim and a consolidated verdict (GO / GO-WITH-CHANGES / HOLD).
+- `.flow/specs/<active>/spec-review.md`
 
 ## Reporting
 
-Final console output:
+Use `references/reporting.md` for the final user-visible summary and next-step
+handoff.
 
-```
-✓ Spec <name> refreshed
-  Phases run:   research, requirements, design, tasks
-  Review dims:  ceo, eng, design, dx   (if --review was used)
-  Files:
-    .flow/specs/<name>/research.md
-    .flow/specs/<name>/requirements.md
-    .flow/specs/<name>/design.md
-    .flow/specs/<name>/tasks.md
-    .flow/specs/<name>/spec-review.md   (if --review was used)
-
-Next: /curdx-flow:implement
-```
+## Common Invocations
 
-## Common invocations
-
-```
-/curdx-flow:spec                              # full spec from current state
-/curdx-flow:spec --phase=design               # re-run only design (e.g., after requirements changed)
-/curdx-flow:spec --phase=design,tasks         # re-run design and tasks
-/curdx-flow:spec --until=design               # run up through design, stop (human review checkpoint)
-/curdx-flow:spec --review                     # full spec + all 4 planning dimensions
-/curdx-flow:spec --review=eng,dx              # full spec + engineering + DX review only
-/curdx-flow:spec --regenerate                 # clear all four phases and rebuild
-/curdx-flow:spec --regenerate --phase=tasks   # only rebuild tasks (keep research/requirements/design)
+```text
+/curdx-flow:spec
+/curdx-flow:spec --phase=design
+/curdx-flow:spec --phase=design,tasks
+/curdx-flow:spec --until=design
+/curdx-flow:spec --review
+/curdx-flow:spec --review=eng,dx
+/curdx-flow:spec --regenerate
+/curdx-flow:spec --regenerate --phase=tasks
 ```
 
 ## References
 
-- Agents: `@${CLAUDE_PLUGIN_ROOT}/agents/flow-researcher.md`, `flow-product-designer.md`, `flow-architect.md`, `flow-planner.md`, `flow-ux-designer.md`
-- Knowledge: `@${CLAUDE_PLUGIN_ROOT}/knowledge/spec-driven-development.md`, `poc-first-workflow.md`
+- Agents: `@${CLAUDE_PLUGIN_ROOT}/agents/flow-researcher.md`,
+  `flow-product-designer.md`, `flow-architect.md`, `flow-planner.md`,
+  `flow-ux-designer.md`
+- Knowledge: `@${CLAUDE_PLUGIN_ROOT}/knowledge/spec-driven-development.md`,
+  `poc-first-workflow.md`
 - Preamble: `@${CLAUDE_PLUGIN_ROOT}/agent-preamble/preamble.md`

package/skills/spec/references/artifact-landing.md

@@ -0,0 +1,31 @@
+# Artifact Landing Check — Mandatory After Every Phase
+
+Sub-agent responses can be truncated before the `Write` tool call happens. Do
+not trust the agent response alone.
+
+## Landing Guard
+
+```bash
+ARTIFACT=".flow/specs/$SPEC_NAME/<phase>.md"
+if [ ! -f "$ARTIFACT" ]; then
+  echo "⚠ $ARTIFACT did not land. Re-dispatching <phase> agent with an explicit 'write the file' prompt."
+fi
+
+if [ -f "$ARTIFACT" ] && [ "$(wc -c < "$ARTIFACT" | tr -d ' ')" -lt 500 ]; then
+  echo "⚠ $ARTIFACT looks truncated (<500 bytes). Re-dispatching to complete it."
+fi
+```
+
+## Re-dispatch Rule
+
+If the artifact is missing or obviously truncated, front-load the retry prompt
+with:
+
+```text
+Your ONLY job is to call the Write tool with the full <phase>.md content now.
+Do not explain. Do not narrate. Write the file and stop.
+```
+
+Only advance `.state.json.phase` after the file exists and passes the size
+sanity check. If a second dispatch still fails, stop and surface the problem to
+the user rather than silently continuing.

package/skills/spec/references/phase-execution.md

@@ -0,0 +1,50 @@
+# Phase Execution — Dispatch Contracts
+
+Each phase writes exactly one artifact. The file is the deliverable; agent
+commentary is not.
+
+Shared runtime references:
+
+- `${CLAUDE_PLUGIN_ROOT}/knowledge/artifact-output-discipline.md`
+- `${CLAUDE_PLUGIN_ROOT}/knowledge/artifact-summary-contracts.md`
+
+## Phase Map
+
+| Phase | Agent | Inputs | Output |
+|-------|-------|--------|--------|
+| `research` | `flow-researcher` | spec goal + one-line description from `.state.json` | `research.md` |
+| `requirements` | `flow-product-designer` | `research.md` | `requirements.md` |
+| `design` | `flow-architect` | `research.md` + `requirements.md` | `design.md` |
+| `tasks` | `flow-planner` | all prior artifacts + `.flow/PROJECT.md` | `tasks.md` |
+
+## Shared Dispatch Rule
+
+Every phase dispatch must explicitly enforce the same two rules:
+
+1. The first substantive action is the `Write` call for the final artifact.
+2. After the write lands, emit only the matching summary contract from
+   `${CLAUDE_PLUGIN_ROOT}/knowledge/artifact-summary-contracts.md`.
+
+Do not inline previews, rationale summaries, or duplicate artifact content in
+the orchestration skill.
+
+## Phase Output Contracts
+
+| Phase | Artifact | Summary contract | Next line |
+|-------|----------|------------------|-----------|
+| `research` | `research.md` | `research.md` section | `Next: /curdx-flow:spec --phase=requirements` |
+| `requirements` | `requirements.md` | `requirements.md` section | `Next: /curdx-flow:spec --phase=design` |
+| `design` | `design.md` | `design.md` section | `Next: /curdx-flow:spec --phase=tasks` |
+| `tasks` | `tasks.md` | `tasks.md` section | `Next: /curdx-flow:implement` |
+
+## Post-Phase State Update
+
+After the artifact lands and passes landing checks, update `.state.json`:
+
+```json
+{
+  "phase": "<just-completed-phase>",
+  "phase_status": { "<phase>": "completed" },
+  "updated": "<ISO8601 timestamp>"
+}
+```

package/skills/spec/references/planning-review.md

@@ -0,0 +1,31 @@
+# Planning Review — Optional Multi-Dimension Pass
+
+Use this only when `--review` is present.
+
+## Preconditions
+
+- `design.md` must exist
+- Bare `--review` expands to `ceo,eng,design,dx`
+- `all` also expands to `ceo,eng,design,dx`
+
+## Dimension Map
+
+| Dim | Agent | Focus |
+|-----|-------|-------|
+| `ceo` | `flow-architect` (review mode) | Strategic scope fit, ROI, opportunity cost |
+| `eng` | `flow-architect` (review mode) | Lock-in risk, architecture debt, technical risk |
+| `design` | `flow-ux-designer` | UX, UI, accessibility, design system fit |
+| `dx` | `flow-architect` (review mode) | Naming, structure, setup, types, tests, developer loop |
+
+## Aggregation
+
+Dispatch one review agent per dimension, aggregate findings into:
+
+```text
+.flow/specs/<active>/spec-review.md
+```
+
+The report must contain:
+
+- one section per requested dimension
+- a consolidated verdict: `GO`, `GO-WITH-CHANGES`, or `HOLD`

package/skills/spec/references/preflight-and-routing.md

@@ -0,0 +1,46 @@
+# Spec Preflight and Routing — Resolve What Runs
+
+Before dispatching any phase:
+
+```bash
+[ ! -d ".flow" ] && {
+  echo "✗ Not a CurdX-Flow project. Run /curdx-flow:init first.";
+  exit 1;
+}
+
+SPEC_NAME=$(cat .flow/.active-spec 2>/dev/null)
+if [ -z "$SPEC_NAME" ]; then
+  echo "✗ No active spec. Run /curdx-flow:start <name> \"<goal>\" first.";
+  exit 1;
+fi
+SPEC_DIR=".flow/specs/$SPEC_NAME"
+STATE_FILE="$SPEC_DIR/.state.json"
+[ ! -f "$STATE_FILE" ] && { echo "✗ Missing $STATE_FILE"; exit 1; }
+
+FLAG_PHASE=$(echo "$ARGUMENTS" | grep -oP -- '--phase=\K[^\s]+' || true)
+FLAG_UNTIL=$(echo "$ARGUMENTS" | grep -oP -- '--until=\K[^\s]+' || true)
+FLAG_REVIEW=$(echo "$ARGUMENTS" | grep -oP -- '--review(?:=[^\s]+)?' || true)
+FLAG_REGENERATE=$(echo "$ARGUMENTS" | grep -q -- '--regenerate' && echo "1" || echo "0")
+
+if [ -n "$FLAG_PHASE" ] && [ -n "$FLAG_UNTIL" ]; then
+  echo "✗ --phase and --until cannot be combined. Pick one.";
+  exit 1;
+fi
+```
+
+The ordered pipeline is:
+
+```text
+research -> requirements -> design -> tasks
+```
+
+Routing rules:
+
+- no flags -> start at `.state.json.phase`, run forward to `tasks`
+- `--phase=design` -> run only `design`
+- `--phase=design,tasks` -> run `design` then `tasks`
+- `--until=design` -> start at `.state.json.phase`, stop after `design`
+- `--regenerate` -> clear targeted phase output before rerunning it
+
+Advance `.state.json.phase` only after the targeted artifact lands and passes
+`references/artifact-landing.md`.

package/skills/spec/references/reporting.md

@@ -0,0 +1,21 @@
+# Spec Reporting — Final Summary and Handoff
+
+End with a compact execution summary:
+
+```text
+✓ Spec <name> refreshed
+  Phases run:   research, requirements, design, tasks
+  Review dims:  ceo, eng, design, dx   (if --review was used)
+  Files:
+    .flow/specs/<name>/research.md
+    .flow/specs/<name>/requirements.md
+    .flow/specs/<name>/design.md
+    .flow/specs/<name>/tasks.md
+    .flow/specs/<name>/spec-review.md   (if --review was used)
+
+Next: /curdx-flow:implement
+```
+
+Do not summarize the full content of the artifacts inline. The files are the
+deliverables; the closing message only confirms what ran and where the outputs
+landed.