@event4u/agent-config 1.15.0 → 1.16.0

package/.agent-src/contexts/execution/verification-mechanics.md

@@ -0,0 +1,80 @@
+# Verification Mechanics
+
+Loaded by [`verify-before-complete`](../../rules/verify-before-complete.md).
+Holds the decision logic and lookup tables behind the Iron Law: when
+to run which verification command, the per-task-type evidence table,
+confidence gating, and the break-glass reduction during live
+incidents.
+
+**Size budget:** ≤ 4,000 chars. Tracked under Phase 6 of
+`road-to-pr-34-followups`.
+
+## When to run what — timing matters
+
+**Quality tools (PHPStan, Rector, ECS) run ONCE at the very end** — not after every edit.
+Do NOT run quality checks between tasks if you have more work to do.
+Only run the full quality pipeline when you are about to finish all work in the current conversation.
+
+**Tests: as targeted as possible, as little as necessary.**
+
+- During work: run ONLY the specific test class or test case affected by the change.
+  Use `--filter=ClassName` or `--filter=test_name` — NEVER the full suite mid-work.
+- Only run tests when you genuinely need to verify behavior (not "just to be safe").
+- Full test suite: ONCE at the very end, before quality tools.
+
+**The sequence at the end:**
+
+1. All code changes are done
+2. Run tests — targeted first (`--filter`), full suite only if targeted passes
+3. Run quality pipeline (PHPStan → Rector → ECS → PHPStan)
+4. Fix any issues from step 2-3
+5. ONLY THEN claim completion or suggest commit/push/PR
+
+## Minimum verification per task type
+
+| Task | Required evidence |
+|---|---|
+| Code change | Tests + PHPStan |
+| New feature | Tests + PHPStan + smoke test |
+| Bug fix | Regression test + full suite |
+| Refactoring | Full suite + PHPStan + Rector |
+| Config/migration | Relevant tests or command output |
+| API endpoint | curl/HTTP response output |
+| Documentation only | No verification needed |
+
+**Never accept** as proof: "should work", "looks correct", "logic is sound".
+No captured output = not verified.
+
+## Confidence gating
+
+State confidence explicitly before claiming completion on non-trivial work.
+
+- **High** — runtime path read end-to-end, relevant tests inspected or run,
+  no hidden side-effects (queues/events/observers) unaccounted for.
+- **Medium** — main path verified but one gap remains; list the gap in the
+  completion message.
+- **Low** — broad implementation NOT allowed; switch to analysis, narrow
+  the scope, or ask the user before proceeding.
+
+For high-risk areas (auth, tenancy, migrations, queues, dependencies,
+external APIs, data exposure), "high" requires tests AND a cross-layer
+read — not inference from a single file.
+
+## Break-glass reduction
+
+During a live production incident the verification gate is **narrowed**,
+never skipped. Break-glass requires explicit user invocation (e.g.
+`break-glass: true`, "this is a hotfix"). Never enter it unilaterally.
+
+Minimum evidence:
+
+- **Targeted test(s)** covering the exact regression — zero tests is not
+  acceptable.
+- **Smoke check** of the fixed path (curl, manual trigger, log tail) with
+  output captured in the message.
+- **Explicit list of skipped validations** and a **follow-up commitment**
+  (ticket or PR line) to run them within 24h.
+
+Completion wording: _"hotfix applied, full verification deferred per
+break-glass"_ — never _"done"_ or _"verified"_. The normal gate resumes
+on the follow-up PR.

package/.agent-src/personas/README.md

@@ -99,5 +99,5 @@ cast (usually Core-6 for review skills, empty for others).
 
 ## Related
 
-- [`../guidelines/agent-infra/role-contracts.md`](../guidelines/agent-infra/role-contracts.md) — workflow modes personas compose with
+- [`../../docs/guidelines/agent-infra/role-contracts.md`](../../docs/guidelines/agent-infra/role-contracts.md) — workflow modes personas compose with
 - [`../rules/artifact-drafting-protocol.md`](../rules/artifact-drafting-protocol.md) — mandatory per new persona

package/.agent-src/rules/agent-authority.md

@@ -0,0 +1,24 @@
+---
+type: "always"
+description: "Priority Index for the four authority rules — Hard Floor → Permission Gate → Commit Default → Trivial-vs-Blocking; read first, route to canonical rule"
+alwaysApply: true
+source: package
+---
+
+# Agent Authority — Priority Index
+
+Four rules answer **"may the agent do this autonomously?"** Check bands in order; higher band wins.
+
+| Band | Trigger | Canonical rule |
+|---|---|---|
+| **1. Hard Floor** | Prod-trunk merge · deploy · push · prod data/infra · whimsical bulk deletion · bulk-deletion or infra commit | [`non-destructive-by-default`](non-destructive-by-default.md) |
+| **2. Permission Gate** | Git op · branch / PR / tag · architectural or library change · scope expansion | [`scope-control`](scope-control.md) |
+| **3. Commit Default** | About to commit — never, unless one of four exceptions fires | [`commit-policy`](commit-policy.md) |
+| **4. Trivial-vs-Blocking** | Routine workflow question — act or ask | [`autonomous-execution`](autonomous-execution.md) |
+
+## Index rules
+
+- **Hard Floor wins, always.** No autonomy setting, roadmap step, or standing instruction lifts it.
+- **Higher band wins on conflict.** Commit exception ≠ Hard Floor override; scope permission ≠ commit override.
+- **Index never restates an Iron Law.** Iron Laws live verbatim in canonical files; this router only points.
+- **Unsure → ask.** [`ask-when-uncertain`](ask-when-uncertain.md) is the universal escape hatch.

package/.agent-src/rules/architecture.md

@@ -10,7 +10,7 @@ source: package
 ## General Principles
 
 - **Controllers are thin** — no business logic, delegate to services.
-- **Only Single Action Controllers** — every new controller MUST use `__invoke()`. No multi-action / resource controllers. See `.augment/guidelines/php/controllers.md` for naming conventions.
+- **Only Single Action Controllers** — every new controller MUST use `__invoke()`. No multi-action / resource controllers. See `../../docs/guidelines/php/controllers.md` for naming conventions.
 - **Every controller needs a FormRequest** — never validate inline with `$request->validate()`. Use a dedicated `FormRequest` subclass.
 - **Services contain business logic** — calculations, orchestration, validation.
 - **Models have no business logic** — only relationships, scopes, accessors/mutators.

package/.agent-src/rules/artifact-drafting-protocol.md

@@ -1,7 +1,7 @@
 ---
 type: "auto"
 alwaysApply: false
-description: "Use when the user asks to create a new skill, rule, command, or guideline, or to significantly rewrite an existing one — even if they don't explicitly say 'new artifact' or 'drafting protocol'. Runs a mandatory Understand → Research → Draft sequence before anything is written."
+description: "Creating a new skill, rule, command, or guideline, or significantly rewriting one — runs a mandatory Understand → Research → Draft sequence before any artifact content is written."
 source: package
 ---
 

package/.agent-src/rules/artifact-engagement-recording.md

@@ -1,7 +1,7 @@
 ---
 type: "auto"
 alwaysApply: false
-description: "After completing a /implement-ticket or /work phase-step (refine, memory, analyze, plan, implement, test, verify, report) or full task — emit one telemetry:record call with consulted+applied artefact ids when telemetry.artifact_engagement.enabled is true"
+description: "After a /implement-ticket or /work phase-step (refine/memory/analyze/plan/implement/test/verify/report) or full task — emit one telemetry:record call with consulted+applied ids when enabled"
 source: package
 ---
 

package/.agent-src/rules/ask-when-uncertain.md

@@ -94,7 +94,7 @@ are related".
 - **Session handoff** (`/agent-handoff`, fresh-chat proposal): ask LAST,
   after all domain / clarifying questions — so the user's answers can be
   folded into the handoff prompt. Full rationale in
-  [`agent-interaction-and-decision-quality`](../guidelines/agent-infra/agent-interaction-and-decision-quality.md#handoff--model-switch-questions).
+  [`agent-interaction-and-decision-quality`](../../docs/guidelines/agent-infra/agent-interaction-and-decision-quality.md#handoff--model-switch-questions).
 - **Model switch**: different phase — [`model-recommendation`](model-recommendation.md)
   triggers at task start with its own STOP-AND-WAIT gate, standalone, not
   appended to a Q&A block. Do not conflate the two.

package/.agent-src/rules/autonomous-execution.md

@@ -1,158 +1,122 @@
 ---
-type: "always"
-description: "Suppress trivial workflow questions and act on the obvious next step; defers to non-destructive-by-default for the safety floor; never commit and never ask about committing except via /commit-in-chunks or explicit user instruction"
-alwaysApply: true
+type: "auto"
+description: "Deciding whether to ask the user or just act on a workflow step — trivial-vs-blocking classification, autonomy opt-in detection, commit default; defers to non-destructive-by-default for the Hard Floor"
+alwaysApply: false
 source: package
+load_context:
+  - .agent-src.uncompressed/contexts/execution/autonomy-detection.md
+  - .agent-src.uncompressed/contexts/execution/autonomy-mechanics.md
+  - .agent-src.uncompressed/contexts/execution/autonomy-examples.md
 ---
 
 # Autonomous Execution
 
 User's time is the scarce resource. Trivial workflow questions are
-noise. Defines **trivial** (just act), **blocking** (still ask), the
-**hard floor** (always ask, no override), and the **commit default**
-(never commit, never ask — review-first by design).
+noise. This rule defines **trivial** (just act), **blocking** (still
+ask), the **hard floor** (always ask, no override), and the **commit
+default** (never commit, never ask — review-first by design).
 
 ## Hard Floor — see [`non-destructive-by-default`](non-destructive-by-default.md)
 
-Universal safety floor (production-branch merges, deploys, pushes,
+The universal safety floor (production-branch merges, deploys, pushes,
 prod data/infra, whimsical bulk deletions, and commits containing
 bulk deletions or infra changes) is governed by the canonical
 [`non-destructive-by-default`](non-destructive-by-default.md) rule.
-
-Applies regardless of `personal.autonomy`, a standing autonomy
-directive (anchor list in [Opt-in detection](#opt-in-detection--match-by-intent-not-exact-string)),
-or any roadmap authorization. Nothing in **this** rule lifts it. If a
-trigger from that rule fires, stop and ask — every section below
-assumes the floor has cleared.
+It applies regardless of `personal.autonomy`, a standing autonomy
+directive, or any roadmap authorization. Nothing in **this** rule
+lifts it. If a trigger fires, stop and ask — every other section
+below assumes the floor has already been cleared.
 
 ## Setting — `personal.autonomy`
 
-| Value | Behavior |
-|---|---|
-| `on` | Suppress trivial questions. Act on obvious next step. Still ask on blocking decisions; ALWAYS ask on Hard-Floor triggers. |
-| `off` | Ask trivial questions too. Use to check in on each workflow step. |
-| `auto` (default) | Like `off` until user expresses "stop asking, just work" — then `on` for the rest of the chat. See **Opt-in detection** below; match by **intent**, not exact string. The flip never lifts the Hard Floor. |
-
-Read once on first turn (per [`layered-settings`](../guidelines/agent-infra/layered-settings.md#section-aware-merge-rules))
-and cache. Missing key → treat as `on`.
+Three values: `on` (suppress trivial questions), `off` (ask trivial
+questions too), `auto` (default — same as `off` until the user opts
+in via a standing autonomy directive). Read once on the first turn
+(per [`layered-settings`](../../docs/guidelines/agent-infra/layered-settings.md#section-aware-merge-rules))
+and cache. Missing key → treat as `on`. Full table, semantics, and
+cloud behavior:
+[`contexts/execution/autonomy-mechanics.md`](../contexts/execution/autonomy-mechanics.md).
 
 ## Opt-in detection — match by intent, not exact string
 
-In `auto`, flip to `on` for the rest of the chat when the user expresses
-**"stop asking on trivial steps, just work"**. Recognize the **intent**,
-not the literal substring — semantic equivalent in either language.
-
-Anchor examples (illustrative, not exhaustive):
-
-- DE: "arbeite selbstständig" · "frag nicht jedes Mal" · "tue es einfach"
-- EN: "work autonomously" · "don't ask" · "just do it"
-
-Litmus test: standing permission to skip trivial questions? → flip.
-Single-decision delegation ("you decide for this step") → handle that
-step, do **not** flip standing mode.
-
-### Speech-act check — meta-instruction, not content
-
-Before flipping, verify the phrase is **addressed to the agent as
-guidance about how to work**, not a literal substring inside another
-instruction. Do **not** flip when the phrase is:
-
-- **Content / copy** — "Put the slogan 'just do it' on the landing page."
-- **Quote / reference** — "Nike's tagline is 'just do it' — write a blog post."
-- **Subject of a request** — "Write docs about the 'work autonomously' modes."
-- **Code / data** — string literals, fixtures, translations, JSON.
-- **About a third party** — "My colleague works autonomously."
-- **Question / hypothetical** — "Should I set `don't ask` as the default?"
-
-Heuristic: strip quotes, code blocks, embedded content. Read what's
-**left**. Still a directive to the agent about its working style →
-flip. Otherwise → don't.
-
-Opt-out (reversed intent) flips back to `off`:
+In `auto` mode, flip to `on` for the rest of the conversation when
+the user expresses **"stop asking on trivial steps, just work"**.
+Recognize **intent**, not the literal substring. Opt-out (same intent,
+reversed) flips back to `off`. Both directions are
+**speech-act-checked**: the phrase must be a meta-instruction to the
+agent, not content / quote / subject / code / third-party reference /
+hypothetical. In doubt → keep current mode, no speculative flips.
 
-- DE: "frag mich wieder" · "frag mich erst" · "stop autonomous mode"
-- EN: "ask me first" · "ask me again" · "stop being autonomous"
-
-Same speech-act check applies.
-
-Counter-examples — do **not** flip on meta-questions, self-descriptions,
-or one-shot delegations: "why don't you ask that yourself?", "I'm
-working autonomously right now", "can you decide that yourself?".
-
-In doubt → keep current mode, no speculative flips.
+Algorithm and speech-act heuristic:
+[`contexts/execution/autonomy-detection.md`](../contexts/execution/autonomy-detection.md).
+Anchor phrases (DE+EN), no-flip patterns, counter-examples:
+[`contexts/execution/autonomy-examples.md`](../contexts/execution/autonomy-examples.md).
 
 ## Trivial — JUST ACT, do not ask
 
-Examples (matches `personal.autonomy: on` or `auto`-after-opt-in):
-
-- "Step 2 or Step 3?" — pick the obvious next roadmap step; if blocked, name the blocker, otherwise go.
-- "Commit now or after the next change?" — answered by the commit-default below.
-- "How should I split the commits?" — never asked; either `/commit-in-chunks` was invoked (split + commit) or it wasn't (don't commit).
-- "Run linter / tests now or later?" — `verify-before-complete` decides; act.
-- "Found 3 follow-ups — fix all or stop?" — if within scope and minimal-safe-diff allows, fix; if scope expands, stop and surface as list.
-- "Filename `X.md` or `Y.md`?" when one matches convention — pick convention-matching one.
-- "Verification table or paragraph?" — pick whichever fits; format isn't a decision worth a turn.
-- "Show me a diff before regenerating output from a tracked source?"
-  — compression, code-gen, formatter passes, lock-file rebuilds — run
-  it and report the result. Reversibility comes from the source, not
-  from per-file confirmation. See [`non-destructive-by-default`](non-destructive-by-default.md#not-in-scope--deterministic-regeneration)
-  § Not in scope.
-
-`personal.autonomy: off`: ask these. `on` or `auto`-after-opt-in: act.
+In `personal.autonomy: on` or `auto`-after-opt-in, do not ask
+trivial workflow questions — pick the obvious next step and proceed.
+In `personal.autonomy: off`, ask them. Worked cases:
+[`contexts/execution/autonomy-examples.md`](../contexts/execution/autonomy-examples.md).
 
 ## Blocking — STILL ASK regardless of `personal.autonomy`
 
-Beyond the Hard Floor, the autonomy setting also never overrides:
+Beyond the Hard Floor above, the autonomy setting also never
+overrides:
 
-- **Vague-request triggers** in [`ask-when-uncertain`](ask-when-uncertain.md) — ambiguous stays ambiguous; pick-one-and-pray is wrong.
-- **Architectural / structural choices** the codebase hasn't settled (multi-stack picks, library introductions).
+- **Vague-request triggers** in [`ask-when-uncertain`](ask-when-uncertain.md)
+  — ambiguous requirements stay ambiguous; pick-one-and-pray is wrong.
+- **Architectural / structural choices** that the codebase doesn't
+  already settle (multi-stack picks, library introductions).
 - **Security-sensitive paths** — see [`security-sensitive-stop`](security-sensitive-stop.md).
-- **Scope expansion** beyond stated task — see [`scope-control`](scope-control.md).
-- **Remote-state ops** — push, merge, rebase, force-push, branch create/delete/switch, PR create/close/retarget, tag/release. Permission-gated by [`scope-control`](scope-control.md); the prod-trunk and deploy-tied subset is governed by [`non-destructive-by-default`](non-destructive-by-default.md).
-- **Destructive ops** — see [`non-destructive-by-default`](non-destructive-by-default.md) for the full taxonomy (whimsical bulk deletions, content destruction, commits containing bulk deletions or infra changes).
-
-In doubt → blocking. Ask.
+- **Scope expansion** beyond the stated task — see [`scope-control`](scope-control.md).
+- **Remote-state operations** — push, merge, rebase, force-push,
+  branch create/delete/switch, PR create/close/retarget, tag/release.
+  Permission-gated by [`scope-control`](scope-control.md); the
+  prod-trunk and deploy-tied subset is governed by
+  [`non-destructive-by-default`](non-destructive-by-default.md).
+- **Destructive ops** — see [`non-destructive-by-default`](non-destructive-by-default.md)
+  for the full taxonomy (whimsical bulk deletions, content
+  destruction, commits containing bulk deletions or infra changes).
+
+When in doubt whether something is trivial or blocking → it is
+blocking. Ask.
 
 ## Commit policy — see [`commit-policy`](commit-policy.md)
 
-Committing is governed by [`commit-policy`](commit-policy.md), which
-applies regardless of `personal.autonomy`. Summary:
+Committing is governed by the canonical [`commit-policy`](commit-policy.md)
+rule, which applies regardless of `personal.autonomy`. Summary:
 
 - NEVER commit unless user said so this turn, a commit command was
   invoked, a standing instruction is active, or the roadmap authorizes it.
-- NEVER ask about committing.
-- In autonomous mode, the **only** permitted commit-related question
-  is the one-shot pre-scan ask at the start of roadmap execution.
+- NEVER ask about committing. The user invokes a command or says so.
+- In autonomous mode, the **only** permitted commit-related question is
+  the one-shot pre-scan ask at the start of roadmap execution.
 
-Push, merge, rebase, branch creation, PR ops, tags remain
-permission-gated per [`scope-control`](scope-control.md#git-operations--permission-gated).
+Push, merge, rebase, branch creation, PR operations, and tags remain
+permission-gated by [`scope-control`](scope-control.md#git-operations--permission-gated).
 
 ## Failure modes
 
-- Asking "Step 2 or Step 3?" when the roadmap orders them.
-- "Should I run the CI checks?" — `verify-before-complete` decides; act.
-- "Do we want to commit this?" — no, by default. Don't ask.
-- Numbered-options block whose only difference is sequencing ("A then B" vs "B then A") with no real trade-off.
-- Asking after user already issued a standing autonomy directive earlier (cache the opt-in for `auto`).
-
-For Hard-Floor failure modes (treating autonomy as cover for a
-floor-crossing action, reading a roadmap step as deploy authorization,
-refusing task-aligned WIP deletions, committing bulk-deletion / infra
-diffs without surfacing them) see
+Autonomy-side wrong-behavior patterns (sequencing-only asks, CI-run
+asks, commit asks, no-trade-off option blocks, re-asking after a
+standing opt-in):
+[`contexts/execution/autonomy-examples.md`](../contexts/execution/autonomy-examples.md).
+For Hard-Floor failure modes see
 [`non-destructive-by-default`](non-destructive-by-default.md#failure-modes).
 
-## Cloud Behavior
-
-Settings reads degrade gracefully on cloud platforms (no
-`.agent-settings.yml`). Treat as `personal.autonomy: on` — user had to
-deliberately ship a custom skill bundle and is unlikely to want
-trivial-question friction.
-
 ## See also
 
-- [`non-destructive-by-default`](non-destructive-by-default.md) — universal safety floor; never overridden by autonomy
-- [`scope-control`](scope-control.md) — git-ops permission gate (push/merge/branch/PR/tag stays explicit)
-- [`ask-when-uncertain`](ask-when-uncertain.md) — vague-request triggers that always require asking
-- [`direct-answers`](direct-answers.md) — Iron Laws on brevity and no-flattery (this rule extends to no-trivial-questions)
+- [`non-destructive-by-default`](non-destructive-by-default.md) —
+  universal safety floor; never overridden by autonomy
+- [`scope-control`](scope-control.md) — git-ops permission gate
+  (push/merge/branch/PR/tag stays explicit)
+- [`ask-when-uncertain`](ask-when-uncertain.md) — vague-request
+  triggers that always require asking
+- [`no-cheap-questions`](no-cheap-questions.md) — mode-independent
+  floor against context-derived, sequencing-only, and
+  Iron-Law-violating asks (applies in `off` and pre-opt-in `auto` too)
+- [`direct-answers`](direct-answers.md) — Iron Laws on brevity and
+  no-flattery (this rule extends to no-trivial-questions)
 - [`/commit-in-chunks`](../commands/commit-in-chunks.md) — auto-split and commit without confirmation
 - [`/commit`](../commands/commit.md) — split and commit with confirmation

package/.agent-src/rules/capture-learnings.md

@@ -82,7 +82,7 @@ Body: 1-paragraph **pattern** (not anecdote) + 1 concrete example.
 A learning file is the input to `learning-to-rule-or-skill`, which
 produces a proposal draft under `agents/proposals/`. The proposal is
 then gated by `scripts/check_proposal.py`; see
-[`self-improvement-pipeline`](../guidelines/agent-infra/self-improvement-pipeline.md).
+[`self-improvement-pipeline`](../../docs/guidelines/agent-infra/self-improvement-pipeline.md).
 
 The `agents/learnings/` and `agents/proposals/` directories are
 consumer-owned — the package ships templates and schemas, never the

package/.agent-src/rules/chat-history-cadence.md

@@ -1,7 +1,7 @@
 ---
-type: "always"
-description: "Append cadence for .agent-chat-history — when to call append (per_turn/per_phase/per_tool), turn-check ownership refusal handling, never write the file directly, cadence is the trigger not reply length"
-alwaysApply: true
+type: "auto"
+description: "Appending to .agent-chat-history — cadence boundaries (per_turn/per_phase/per_tool), turn-check ownership refusal handling, never writing the file directly; cadence is the trigger, not reply length"
+alwaysApply: false
 source: package
 ---
 

package/.agent-src/rules/chat-history-ownership.md

@@ -1,7 +1,7 @@
 ---
-type: "always"
-description: "Detect file ownership of .agent-chat-history on first turn — match/returning/foreign/missing handshake, two-paths classification (HOOK/ENGINE/CHECKPOINT/MANUAL), Foreign/Returning numbered-options prompt"
-alwaysApply: true
+type: "auto"
+description: "First turn or reference to .agent-chat-history — detects ownership (match/returning/foreign/missing) and HOOK/ENGINE/CHECKPOINT/MANUAL path classification with numbered-options prompt"
+alwaysApply: false
 source: package
 ---
 

package/.agent-src/rules/chat-history-visibility.md

@@ -1,7 +1,7 @@
 ---
-type: "always"
-description: "Heartbeat marker visibility for .agent-chat-history — paste subprocess stdout verbatim or nothing, never type from memory, hybrid mode prints only on drift, slip handling per language-and-tone"
-alwaysApply: true
+type: "auto"
+description: "Emitting the chat-history heartbeat marker — paste subprocess stdout verbatim or nothing, never type from memory, hybrid mode prints on drift only, slip handling per language-and-tone"
+alwaysApply: false
 source: package
 ---
 

package/.agent-src/rules/{command-suggestion.md → command-suggestion-policy.md}

@@ -1,7 +1,7 @@
 ---
-type: "always"
-description: "Surface matching slash commands as numbered options when user intent matches a command's purpose — never auto-executes; user always picks (read-only suggestion layer)."
-alwaysApply: true
+type: "auto"
+description: "User prompt without /command but matching an eligible slash command — surface matches as numbered options with as-is escape hatch; never auto-executes, user always picks"
+alwaysApply: false
 source: package
 ---
 
@@ -25,7 +25,7 @@ SUGGEST. NEVER INVOKE. THE USER PICKS, ALWAYS.
 ```
 
 A suggestion block emits options. It does **not** start a command
-flow. The user picking option N triggers `slash-commands` on the
+flow. The user picking option N triggers `slash-command-routing-policy` on the
 **next** turn — with all the command's own halts intact.
 
 ## When to fire
@@ -33,7 +33,7 @@ flow. The user picking option N triggers `slash-commands` on the
 On a user turn that matches **all** of the following:
 
 1. The message does **not** start with an explicit `/command` (those
-   bypass suggestion entirely — see `slash-commands`).
+   bypass suggestion entirely — see `slash-command-routing-policy`).
 2. `commands.suggestion.enabled` is `true` (default).
 3. The user has not issued `/command-suggestion-off` in this conversation.
 4. No clarification is owed for the same turn (per
@@ -110,7 +110,7 @@ prompt runs exactly as it would without this rule.
 
 ## What this rule does NOT do
 
-- Invoke any command. Picking option N is what triggers `slash-commands`.
+- Invoke any command. Picking option N is what triggers `slash-command-routing-policy`.
 - Stack with other questions. One numbered-options block per turn.
 - Re-trigger on its own output. Command names emitted in the
   suggestion block are excluded from the next-turn matcher input.
@@ -126,7 +126,7 @@ available — degrade silently, never crash the turn.
 
 ## Interactions
 
-- [`slash-commands`](slash-commands.md) — explicit `/command` skips suggestion entirely.
+- [`slash-command-routing-policy`](slash-command-routing-policy.md) — explicit `/command` skips suggestion entirely.
 - [`user-interaction`](user-interaction.md) — numbered-options Iron Law and single-source recommendation.
 - [`ask-when-uncertain`](ask-when-uncertain.md) — clarification wins on conflict.
 - [`scope-control`](scope-control.md) — git-op gates outrank suggestion.

package/.agent-src/rules/commit-conventions.md

@@ -61,4 +61,4 @@ ci(lint): add skill-lint workflow
 docs(roadmap): add phase 3 implementation plan
 ```
 
-→ Type selection rules, anti-patterns, decision checklist: `guidelines/php/git.md`
+→ Type selection rules, anti-patterns, decision checklist: `docs/guidelines/php/git.md`

package/.agent-src/rules/commit-policy.md

@@ -3,6 +3,8 @@ type: "always"
 description: "Commit policy — never commit and never ask about committing unless the user said so this turn, the roadmap authorizes it, or a commit command is invoked"
 alwaysApply: true
 source: package
+load_context:
+  - .agent-src.uncompressed/contexts/authority/commit-mechanics.md
 ---
 
 # Commit Policy
@@ -36,26 +38,12 @@ Exactly four ways the agent may commit:
 3. **Commit command invoked** — `/commit` (with confirmation) or
    `/commit-in-chunks` (auto-split, no confirmation).
 4. **Roadmap authorization** — the roadmap file lists explicit commit
-   steps and the user invoked roadmap execution. See
-   [Roadmap-authorized commits](#roadmap-authorized-commits) below.
+   steps and the user invoked roadmap execution.
 
-Anything else → no commit.
-
-## Hard Floor still applies — bulk deletions and infra changes
-
-Even when one of the four exceptions above authorizes a commit, the
-[`non-destructive-by-default`](non-destructive-by-default.md) Hard
-Floor still fires when the diff:
-
-- Removes a directory
-- Deletes ≥5 unrelated files
-- Touches Terraform / Pulumi / k8s manifests / Ansible / cloud-config
-
-In those cases, **surface the diff** (paths + counts) and confirm
-this turn before committing — even under `/commit-in-chunks`,
-roadmap pre-scan authorization, or an explicit "commit this now". The
-four exceptions cover *whether* commits happen; the Hard Floor covers
-*which diffs* still need a separate confirmation.
+Anything else → no commit. Hard Floor (bulk deletions, infra changes)
+still fires on top of any exception — see
+[`commit-mechanics`](../contexts/authority/commit-mechanics.md) for
+the diff triggers and the roadmap-authorized commit flow.
 
 ## NEVER ask about committing
 
@@ -64,10 +52,10 @@ variant is **forbidden**. The user invokes a command or says so
 explicitly. Don't surface a commit option in numbered-options blocks
 unless the rest of the message would be incomplete without it.
 
-The same speech-act check from [`autonomous-execution`](autonomous-execution.md#speech-act-check--the-phrase-must-be-a-meta-instruction-to-the-agent)
-applies in reverse: an explicit commit phrase inside a quote, code
-block, or content (e.g. a copy-paste of a chat log) is **not** a
-permission grant.
+Quoted commit phrases (chat-log paste, log excerpt, roadmap snippet)
+are **not** permission — see
+[`commit-mechanics`](../contexts/authority/commit-mechanics.md)
+§ Speech-act check.
 
 ## NEVER write commit steps into roadmaps unsolicited
 
@@ -79,29 +67,13 @@ delivery decision; roadmaps plan **work**.
 If the user explicitly wants commit steps in the roadmap, write them
 clearly and unambiguously (e.g. "Commit phase X: chore: …").
 
-## Roadmap-authorized commits
-
-When **executing** a roadmap that contains commit steps:
-
-- **Non-autonomous mode** (`personal.autonomy: off`, or `auto`
-  before opt-in) — agent may ask before each commit step. The user
-  authorized commits by writing them into the roadmap, but retains
-  step-level control.
-- **Autonomous mode** (`personal.autonomy: on`, or `auto` after
-  opt-in) — agent does a quick pre-scan of the roadmap **before
-  starting execution**. If commit steps are found, ask **once** at
-  the very start: "Roadmap contains N commit steps — should they be
-  executed?". After that, honor or skip per the answer.
-  No re-asking per step.
-
-The pre-scan ask is the **only** permitted commit-related question
-in autonomous mode. Once answered, the decision is cached for the
-rest of the roadmap execution.
-
 ## See also
 
 - [`autonomous-execution`](autonomous-execution.md) — when to suppress
   trivial questions; this rule survives the suppression.
+- [`no-cheap-questions`](no-cheap-questions.md) — commit asks are
+  cheap by construction; this rule is the canonical Iron Law, the
+  cheap-questions rule cites it and refuses to surface the option.
 - [`scope-control`](scope-control.md) — git-ops permission gate
   (push, merge, branch, PR, tag stay separately permission-gated).
 - [`/commit`](../commands/commit.md) — split and commit with confirmation.

package/.agent-src/rules/context-hygiene.md

@@ -1,7 +1,7 @@
 ---
-type: "always"
-alwaysApply: true
-description: "3-failure rule for debugging and fixing errors — stop after 3 consecutive failed attempts, dump state, and recommend a fresh session"
+type: "auto"
+alwaysApply: false
+description: "When debugging, fixing errors, or running long conversations — 3-failure stop rule, tool-loop detection, fresh-chat triggers"
 source: package
 ---
 

package/.agent-src/rules/direct-answers.md

@@ -1,6 +1,6 @@
 ---
 type: "always"
-description: "Always — direct, unembellished answers. No flattery, no invented facts (verify the load-bearing ones with tools, otherwise ask). Emojis only as functional markers — status, warning, mandated. Brevity is the default."
+description: "Always — direct, unembellished answers. No flattery, no invented facts (verify load-bearing claims, otherwise ask). Emojis only as functional markers. Brevity is the default."
 alwaysApply: true
 source: package
 ---

package/.agent-src/rules/docs-sync.md

@@ -55,7 +55,7 @@ exist in `.augment/templates/agent-settings.md`:
 3. **Add a comment** above the key explaining what it does.
 4. **Update the local `.agent-settings.yml`** — add the new key with its default value.
    Preserve all existing values, apply template order and comments. Follow the
-   [section-aware merge rules](../guidelines/agent-infra/layered-settings.md#section-aware-merge-rules)
+   [section-aware merge rules](../../docs/guidelines/agent-infra/layered-settings.md#section-aware-merge-rules)
    so the user benefits immediately without running a separate command.
 
 **This step is mandatory.** If the template gains a new key but the local `.agent-settings.yml`

package/.agent-src/rules/e2e-testing.md

@@ -9,7 +9,7 @@ source: package
 
 ## Before writing E2E tests
 
-1. **Read the guideline** — `.augment/guidelines/e2e/playwright.md` for all conventions and patterns.
+1. **Read the guideline** — `../../docs/guidelines/e2e/playwright.md` for all conventions and patterns.
 2. **Check existing tests** — match the project's structure, fixtures, and Page Object patterns.
 3. **Check `playwright.config.ts`** — base URL, browsers, timeouts, projects.