@event4u/agent-config 1.24.0 → 1.26.0

package/AGENTS.md

@@ -1,232 +1,34 @@
 # event4u/agent-config
 
-> **agent-config is not a runtime, but it ships a deterministic orchestration contract / state machine for host agents.**
-
-**Shared agent configuration** — skills, rules, commands, guidelines, and templates
-for AI coding tools (Augment Code, Claude Code, Cursor, Cline, Windsurf, Gemini CLI,
-GitHub Copilot).
-
-This file is the AGENTS.md **of the package itself**. It gives an agent that is
-working **on this repository** (adding skills, fixing the installer, improving
-the linter) the context it needs. Consumer projects get their own AGENTS.md
-generated from [`.augment/templates/AGENTS.md`](.agent-src/templates/AGENTS.md)
-when they install the package.
-
-## What this repo is
-
-`event4u/agent-config` is a **governed skill suite** for two cognition
-clusters: engineering depth (Wing 1) and senior cross-department
-cognition (Wings 2–4: Product + Foundation, GTM + Growth, Money +
-Strategy + Ops). The differentiator is **depth over breadth, decisions
-over boilerplate, under a shared Iron-Law floor** (`commit-policy`,
-`non-destructive-by-default`, `language-and-tone`, `skill-quality`,
-`direct-answers`). The same agent that ships a refactor commit also
-runs DCF sensitivity, OKR-tree decomposition, and launch-funnel
-diagnosis — under the same governance.
-
-Mechanically the package is:
-
-- A distribution package, not an application of any framework.
-- `type: library` in `composer.json`; no `app/` directory, no application
-  runtime (no Laravel, Symfony, Next.js, or other framework app code).
-- Published to Composer and npm as `event4u/agent-config` / `@event4u/agent-config`.
-- Installed into consumer projects via `scripts/install.sh` (Bash) and
-  `scripts/install.py` (Python bridge).
-
-## The four wings
-
-The skill suite is organized as four wings under one Iron-Law floor.
-Each wing has its own roadmap, its own personas, and its own plate;
-they compose via the cross-wing handoff contract
-([`docs/contracts/cross-wing-handoff.md`](docs/contracts/cross-wing-handoff.md) (beta),
-landing in `road-to-suite-closure.md` Phase 3).
-
-| Wing | Cognition cluster |
-|---|---|
-| **1 — Engineering** | Code craft, debugging, refactoring, release discipline; depth-first |
-| **2 — Product + Foundation** | Roles cluster (PM, designer, QA, EM); product discovery, prioritization, delivery shape |
-| **3 — GTM + Growth** | CMO + marketing + sales + lifecycle; channel-agnostic positioning + funnel cognition |
-| **4 — Money + Strategy + Ops** | CFO + COO + board-level strategy, valuation, org-design; stage-agnostic financial + operational cognition |
-
-Per-wing plates (roadmaps, persona maps, decision logs) live under
-`agents/roadmaps/` and `agents/contexts/`. Roadmaps are transient
-working layers — agents that need a wing's plate look it up by wing
-number rather than by file path (per `no-roadmap-references`).
+> Shared skill / rule / command suite for AI coding tools. No application runtime. AGENTS.md of the **package itself**.
 
 ## Source of truth
 
-| Directory | Purpose | Editable? |
-|---|---|---|
-| `.agent-src.uncompressed/` | Authoring layer — full verbose content | ✅ Yes — edit here |
-| `.agent-src/` | Compressed output — shipped in the package, consumed by agents | ❌ No — regenerated |
-| `.augment/` | Local projection of `.agent-src/` for Augment Code (gitignored) | ❌ No — regenerated |
-| `.claude/`, `.cursor/`, `.clinerules/`, `.windsurfrules` | Tool-specific projections | ❌ No — regenerated |
-| `agents/` | Package's own roadmaps, contexts, sessions | ✅ Yes |
-
-**Never edit `.agent-src/` or `.augment/` directly.** Edit `.agent-src.uncompressed/`
-and run `task sync` (or `task ci`) to compress + regenerate the tool directories.
-
-## Tech stack of this package
-
-- **Bash** — install scripts, compression driver
-- **Python 3.10+** — linters (`scripts/skill_linter.py`, `scripts/check_portability.py`,
-  `scripts/check_references.py`, `scripts/readme_linter.py`), compression tooling,
-  test suite (pytest)
-- **Markdown** — all content (skills, rules, commands, guidelines, templates)
-- **Taskfile** — developer entrypoints (`task ci`, `task sync`, `task test`)
-- **GitHub Actions** — CI workflow under `.github/workflows/`
-
-No application code or framework runtime (no Laravel / Symfony / Next.js /
-Express). The `composer.json` / `package.json` are thin distribution
-manifests.
-
-**Recommended ingestion path for non-text formats.** PDF, DOCX, XLSX,
-PPTX, EPUB, image, and audio inputs route through the
-[`markitdown`](.agent-src/skills/markitdown/SKILL.md) skill — a thin
-markdown-only wrapper over Microsoft's MIT-licensed `markitdown-mcp`
-server (peer-side install, zero Python in this package). The skill
-ships the four-layer security defense (skill checklist · narrow API ·
-Docker read-only · localhost binding) and a calibrated token claim
-(3-5× comprehension on text-heavy, 10-50× on image-heavy). Measure
-locally with `python3 scripts/measure_markitdown_lift.py` against
-`tests/fixtures/markitdown-corpus/`.
-
-**Cognition-only floor for Wings 2–4.** Wings 2, 3, and 4 enforce a
-no-SaaS-auth, no-vendor-SDK, no-stage-prescription floor: cognition
-artifacts (markdown tables, scoring rubrics, walkthroughs) must work
-in any host without external dependencies. The structural-malice
-check in `skill_linter.py` enforces this boundary mechanically (no
-credential exfiltration, no remote execution, no shell injection in
-subprocess calls — see `.agent-src.uncompressed/rules/skill-quality.md`
-§ Structural Malice Floor).
+Edit `.agent-src.uncompressed/` only. Generated trees (`.agent-src/`, `.augment/`, `.claude/`, `.cursor/`, `.clinerules/`, `.windsurfrules`) regenerate from `task sync` + `task generate-tools`; never hand-edit.
 
 ## Working on this repo
 
 ```bash
-task sync                  # .agent-src.uncompressed/ → .agent-src/, then project → .augment/
-task generate-tools        # Regenerate .claude/, .cursor/, .clinerules/, .windsurfrules
-task test                  # pytest tests/ + tests/test_install.sh
-task lint-skills           # python3 scripts/skill_linter.py --all
-task build-cloud-bundles-all  # ZIP every eligible skill → dist/cloud/ (Claude.ai Web / Skills API)
-task ci                    # Full pipeline — must be green before PR
+task sync              # regenerate .agent-src/, .augment/
+task generate-tools    # regenerate .claude/, .cursor/, .clinerules/, .windsurfrules
+task ci                # full pipeline — green before PR
 ```
 
-All checks must pass before a PR: sync-check, consistency, check-compression,
-check-refs, check-portability, lint-skills, test, lint-readme.
-
-## Maintainer telemetry (opt-in)
-
-The artefact-engagement telemetry pipeline (`./agent-config telemetry:record`
-and `./agent-config telemetry:report`) is **default-off**. Maintainers who
-want to measure which skills/rules/commands the agent actually applies set
-`telemetry.artifact_engagement.enabled: true` in `.agent-settings.yml`. The
-log is local-only JSONL (no upload, no cross-project share) and is bound
-by the redaction floor described in
-[`contexts/contracts/artifact-engagement-flow.md`](.agent-src.uncompressed/contexts/contracts/artifact-engagement-flow.md) (beta).
-The recording rule lives at
-[`.agent-src/rules/artifact-engagement-recording.md`](.agent-src/rules/artifact-engagement-recording.md).
-
-## Context-aware command suggestion
-
-When a user's free-form prompt matches a command's purpose, the agent
-surfaces matches as a numbered-options block with an always-present
-"run the prompt as-is" escape. **Nothing auto-executes** — the user
-picks every time. Engine: `scripts/command_suggester/`. Rule:
-[`.agent-src/rules/command-suggestion-policy.md`](.agent-src/rules/command-suggestion-policy.md).
-Locked eligibility table, scoring contract, and hardening list:
-[`docs/contracts/adr-command-suggestion.md`](docs/contracts/adr-command-suggestion.md)
-and
-[`contexts/contracts/command-suggestion-flow.md`](.agent-src.uncompressed/contexts/contracts/command-suggestion-flow.md) (beta).
-
-## Key rules for agents editing this repo
-
-| Rule | File |
-|---|---|
-| `.agent-src/` must stay project-agnostic — no project names, domains, stacks | [`augment-portability`](.agent-src/rules/augment-portability.md) |
-| Root AGENTS.md + copilot-instructions.md must stay project-agnostic too | [`augment-portability`](.agent-src/rules/augment-portability.md) |
-| Edit `.agent-src.uncompressed/`, never `.agent-src/` or `.augment/` | [`augment-source-of-truth`](.agent-src/rules/augment-source-of-truth.md) |
-| Skills must declare frontmatter, be self-contained, pass the linter | [`skill-quality`](.agent-src/rules/skill-quality.md) |
-| Size budgets for skills, rules, commands | [`size-enforcement`](.agent-src/rules/size-enforcement.md) |
-| Keep `.agent-src/` / `agents/` cross-refs in sync on add/rename/delete | [`docs-sync`](.agent-src/rules/docs-sync.md) |
-| Creating a new skill/rule/command/guideline runs Understand → Research → Draft | [`artifact-drafting-protocol`](.agent-src/rules/artifact-drafting-protocol.md) |
-
-## Kernel + Router
-
-The rule set runs on a **Kernel + Router** model (locked 2026-05-06,
-see [`docs/decisions/ADR-rule-kernel-and-router.md`](docs/decisions/ADR-rule-kernel-and-router.md)):
-
-- **Kernel** = 9 always-loaded Iron-Law rules, ≤ 26k chars
-  (`agent-authority`, `ask-when-uncertain`, `commit-policy`,
-  `direct-answers`, `language-and-tone`, `no-cheap-questions`,
-  `non-destructive-by-default`, `scope-control`, `verify-before-complete`).
-  Locked set: [`docs/contracts/kernel-membership.md`](docs/contracts/kernel-membership.md) (beta).
-- **Router** = frontmatter `tier:` + `triggers:` + `routes_to:` keys
-  on every rule. `scripts/compile_router.py` builds `router.json`
-  deterministically. Contract: [`docs/contracts/rule-router.md`](docs/contracts/rule-router.md) (beta).
-- **Cost profiles** gate which tiers load:
-  `minimal` = kernel only · `balanced` = kernel + tier-1 (default) ·
-  `full` = kernel + tier-1 + tier-2.
-
-Hard caps enforced by `task lint-rule-budget`: kernel-bucket ≤ 26k chars,
-per-rule ≤ 2.5k chars (Iron-Law overrides up to 4.0k via ADR in
-[`docs/decisions/`](docs/decisions/) and
-[`docs/contracts/iron-law-overrides.txt`](docs/contracts/iron-law-overrides.txt)).
-Daily snapshots: `python3 scripts/measure_rule_budget.py --trend-append`
-appends to `agents/.rule-budget-history.jsonl`.
-
-## Repository layout
-
-```
-.agent-src.uncompressed/      ← edit here
-  skills/       (141 skills)
-  rules/        (60 rules)
-  commands/     (103 commands)
-  personas/     (7 personas)
-  templates/    (AGENTS.md, copilot-instructions.md, skill.md, …)
-  contexts/
-
-docs/guidelines/            (47 guidelines — reference material, not packaged)
-docs/contracts/             (kernel-membership, rule-router, rule-classification, …)
-docs/decisions/             (ADRs — kernel overrides, scope decisions)
-.agent-src/                 ← compressed output shipped in the package
-.agent-src/router.json      ← compiled router manifest (consumed at runtime)
-.augment/                   ← local projection for Augment Code (gitignored)
-scripts/                    ← install.sh, install.py, compress.py, linters
-tests/                      ← pytest (324 tests) + test_install.sh
-agents/                     ← this package's own roadmaps / sessions / contexts
-.github/workflows/          ← CI
-```
-
-## Multi-agent tool support
-
-`task generate-tools` builds:
-
-| Tool | Output | Strategy |
-|---|---|---|
-| Augment Code | `.augment/` | Native (source) |
-| Claude Code | `.claude/rules/`, `.claude/skills/` | Symlinks + Agent Skills standard |
-| Cursor | `.cursor/rules/` | Symlinks |
-| Cline | `.clinerules/` | Symlinks |
-| Windsurf | `.windsurfrules` | Concatenated file |
-| Gemini CLI | `GEMINI.md` | Symlink → AGENTS.md |
-| Claude.ai Web / Skills API | `dist/cloud/<skill>.zip` | `task build-cloud-bundles-all` (T3-H gated) |
-
-Skills follow the [Agent Skills open standard](https://agentskills.io). Commands
-are converted to Claude Code Skills with `disable-model-invocation: true`.
-Cloud bundles enforce description budgets and prepend a sandbox note for
-T2/T3-S skills — see [`docs/architecture.md`](docs/architecture.md#cloud-bundle-pipeline).
+## Pointers
 
-## Contributing
+- **Package self-orientation** — identity, four-wing cognition map, repo layout, tech stack, key-rules table, telemetry, command-suggester: [`docs/contracts/package-self-orientation.md`](docs/contracts/package-self-orientation.md).
+- **Kernel + Router** — 9 always-loaded Iron-Law rules, tier-1 / tier-2 routing, cost profiles, per-rule char caps enforced by `task lint-rule-budget`: [`kernel-membership`](docs/contracts/kernel-membership.md) + [`rule-router`](docs/contracts/rule-router.md).
+- **Multi-tool projection** — Augment, Claude Code, Cursor, Cline, Windsurf, Gemini CLI, Claude.ai bundle pipeline that ships from `.agent-src/` to consumer surfaces: [`docs/architecture.md`](docs/architecture.md#cloud-bundle-pipeline).
+- **Iron-Law rules when editing this repo** — portability, source-of-truth, skill-quality: [`augment-portability`](.agent-src/rules/augment-portability.md), [`augment-source-of-truth`](.agent-src/rules/augment-source-of-truth.md), [`skill-quality`](.agent-src/rules/skill-quality.md).
+- **Thin-Root contract** governing **this** file (cap, pointer ratio, emergency-triage block) — read before editing AGENTS.md: [`agents-md-thin-root`](.agent-src/skills/agents-md-thin-root/SKILL.md).
+- **Consumer story + architecture deep-dive** — what the package does for installers and how it ships: [`README.md`](README.md), [`docs/architecture.md`](docs/architecture.md).
 
-1. Edit inside `.agent-src.uncompressed/` or `scripts/` or `tests/` — never in
-   `.agent-src/`, `.augment/`, `.claude/`, `.cursor/`, etc.
-2. Run `task ci` locally. It must exit 0.
-3. Commit in logical chunks with Conventional Commits.
-4. Open a PR against `main`.
+## Emergency triage — read this when nothing else is reachable
 
-See [`README.md`](README.md) for the user-facing story, and
-[`docs/architecture.md`](docs/architecture.md) for the package architecture.
+1. **What is this repo?** — `event4u/agent-config`, a governed skill / rule / command suite for AI coding tools (no application runtime).
+2. **What language?** — All `.md` content is English; agents mirror the user's language at runtime.
+3. **Where do I edit?** — `.agent-src.uncompressed/` only. Never `.agent-src/`, `.augment/`, `.claude/`, `.cursor/`, `.clinerules/`, `.windsurfrules`.
+4. **Lint / test / sync entry point?** — `task ci` (full pipeline). Subsets: `task sync`, `task generate-tools`, `task lint-skills`, `task test`.
+5. **Where do the always-active rules live?** — `.agent-src/rules/` (kernel = 9 Iron-Law rules; tier-1 / tier-2 routed via `.agent-src/router.json`).
 
-## License
 
-[MIT](LICENSE).

package/CHANGELOG.md

@@ -318,6 +318,64 @@ our recommendation order, not its support status.
   users" tension without removing any path that an existing user
   might rely on.
 
+## [1.26.0](https://github.com/event4u-app/agent-config/compare/1.25.0...1.26.0) (2026-05-08)
+
+### Features
+
+* **linter:** replace size heuristics with structural-density model ([95584ac](https://github.com/event4u-app/agent-config/commit/95584ac5e74948b71a9d13ff5ec6870c110be489))
+
+### Documentation
+
+* **contracts:** add linter structural model + update size-and-scope ([32fa8b2](https://github.com/event4u-app/agent-config/commit/32fa8b2b7cc65148f7bc28fb782f20670d6640bc))
+
+### Chores
+
+* gitignore density logs + archive completed structural-linter roadmap ([0a94ece](https://github.com/event4u-app/agent-config/commit/0a94ece8ac724386a5d49451b1e0d3058f2644cf))
+
+## [1.25.0](https://github.com/event4u-app/agent-config/compare/1.24.0...1.25.0) (2026-05-08)
+
+### Features
+
+* **scope-control:** mandate branch-base inventory before first commit ([b038c26](https://github.com/event4u-app/agent-config/commit/b038c2660f8e317f09156ff00120bcdf31d7db92))
+* **ci:** agents-md linter + CI integration (Phase 7) ([dd86beb](https://github.com/event4u-app/agent-config/commit/dd86bebd929bb3dde96e4100e96645a674f137fa))
+* **agents-md:** Thin-Root refactor — agents-md-thin-root skill + content (Phase 6) ([7d31204](https://github.com/event4u-app/agent-config/commit/7d31204659a0ce085bb8a8f45b16de34cae06a78))
+* **rules:** rule-governance audit — demote 4 auto-rules to manual (Phase 5) ([5071ff5](https://github.com/event4u-app/agent-config/commit/5071ff5855cf67c61303bb4cb07c4229fbbb4dd4))
+* **rules:** consolidate auto-rules — merge council into no-roadmap-references and review-routing-awareness into reviewer-awareness (Lever D) ([18c42a3](https://github.com/event4u-app/agent-config/commit/18c42a33af0d950e07c50615615d4deb076071ff))
+* **docs:** outboard AGENTS.md tech-stack details to context (Lever B) ([9b7bcfd](https://github.com/event4u-app/agent-config/commit/9b7bcfd374ce3325dd7013e530ce71f4b92df4eb))
+* **budget:** augment workspace-guidelines budget meter + description cap (Lever A) ([da75061](https://github.com/event4u-app/agent-config/commit/da750615acbf9a687b81b1ecaff6d517a11203fb))
+* **ci:** enforce one kernel-rule edit per PR ([a91ce92](https://github.com/event4u-app/agent-config/commit/a91ce927dc2a98129a7b685f803f7650863b31fa))
+
+### Bug Fixes
+
+* **roadmap:** repoint sibling-roadmap reference to archived path ([f7ee632](https://github.com/event4u-app/agent-config/commit/f7ee632800290d3cd90f2dd1274e47e8127f1f63))
+* **tests:** align update_counts + linter + hero-counts tests with Thin-Root ([5556c8c](https://github.com/event4u-app/agent-config/commit/5556c8ce1a8cf4df7a7b4a957030d5b5d2d0fd7e))
+* **skills:** mark agents-md-thin-root cloud_safe noop ([17a3824](https://github.com/event4u-app/agent-config/commit/17a3824ddd1ea567fca8b699113b2c62050c5507))
+* **docs:** move agents-md-tech-stack from agents/contexts/ to docs/contracts/ ([77eef8c](https://github.com/event4u-app/agent-config/commit/77eef8c61d2561ef5a563518f2bdb1dff80541c7))
+* **rules:** drop forbidden agents/ link from reviewer-awareness body ([8a573a4](https://github.com/event4u-app/agent-config/commit/8a573a48bc959f0c16ea8b56fc0e6bd0d3139238))
+* **refs:** point to archived roadmap, inline council convergence ([bf56b70](https://github.com/event4u-app/agent-config/commit/bf56b7084dae68fe2a21e52d7cb644ed6b3bb670))
+
+### Documentation
+
+* **roadmap:** archive road-to-augment-limit-fit and repoint references ([58e101c](https://github.com/event4u-app/agent-config/commit/58e101c8a3421004929f47f4c760e44b97c124bc))
+* **roadmap:** flip 8.3 + 8.4 — strategic phases committed and CI green ([712c414](https://github.com/event4u-app/agent-config/commit/712c4141103dbdc6db7fa6d1fa94d31943bd40e1))
+* **roadmap:** drop gitignored council-response link ([74206a5](https://github.com/event4u-app/agent-config/commit/74206a592f47b9254c788b162ea3d99c54057506))
+* **roadmap:** close road-to-augment-limit-fit (Phase 8) ([ac062ad](https://github.com/event4u-app/agent-config/commit/ac062ad184764f04f639eb52d59b1d63419b4b9b))
+* **index:** regenerate agents/index.md + docs/catalog.md after rule consolidation ([3aa347c](https://github.com/event4u-app/agent-config/commit/3aa347c1e814a9c289891c350d69f8b9fda6783f))
+* **roadmap:** land road-to-augment-limit-fit + ADR + regen derived artefacts ([5e54d22](https://github.com/event4u-app/agent-config/commit/5e54d220579658c4fc2310f123908b8cba97683e))
+* **adr:** park always-budget relief strategy with reactivation triggers ([487e736](https://github.com/event4u-app/agent-config/commit/487e7366de6e99db60906906d61033486a0a6aa3))
+* **rules:** add kernel-rule slow-rollout guarantee to scope-control ([26c43a2](https://github.com/event4u-app/agent-config/commit/26c43a2c96ede95319990b4ba578a986e46768a2))
+
+### Refactoring
+
+* **copilot:** collapse copilot-review-instructions.md into copilot-instructions.md ([6c6ac25](https://github.com/event4u-app/agent-config/commit/6c6ac25a5958c3bbc0ffc7bb38422a6b9d855b50))
+
+### Chores
+
+* **tools:** regen .windsurfrules for branch-base inventory ([a87641c](https://github.com/event4u-app/agent-config/commit/a87641cc0db84e705a9afe7aa36afbd451fb1467))
+* **rebase:** restore compression hashes for files inherited from PR #55 ([863ba1c](https://github.com/event4u-app/agent-config/commit/863ba1cd71dc00559db905eb0d11b96951a9c5bd))
+* regenerate .windsurfrules ([822b95e](https://github.com/event4u-app/agent-config/commit/822b95e1dcf48b05ec4e9bec0a4f481583ae6de7))
+* **roadmap:** close + archive road-to-always-budget-relief, regen index ([350bfb1](https://github.com/event4u-app/agent-config/commit/350bfb1e75602769f6a1cfa535ed5d30adcd5eba))
+
 ## [1.24.0](https://github.com/event4u-app/agent-config/compare/1.23.0...1.24.0) (2026-05-08)
 
 ### Features

package/README.md

@@ -7,7 +7,7 @@ Give your AI agents an audit-disciplined orchestration contract — testing, Git
 > Your agent picks up the project's stack, runs tests, prepares PRs, fixes CI — and follows your team's coding standards while doing it. Stack-aware skill sets ship for PHP (Laravel · Symfony · Zend/Laminas), JavaScript (Next.js · React · Node), and cross-stack concerns (API · testing · security · observability).
 
 <p align="center">
-  <strong>141 Skills</strong> · <strong>60 Rules</strong> · <strong>103 Commands</strong> · <strong>58 Guidelines</strong> · <strong>8 AI Tools</strong>
+  <strong>142 Skills</strong> · <strong>58 Rules</strong> · <strong>103 Commands</strong> · <strong>58 Guidelines</strong> · <strong>8 AI Tools</strong>
 </p>
 
 ---
@@ -368,7 +368,7 @@ Every developer gets the same behavior. No per-user setup needed.
 native slash-commands)
 
 > **What this means in practice:** Augment Code and Claude Code get the full
-> package (rules + 141 skills + 103 native commands). Cursor, Cline, Windsurf,
+> package (rules + 142 skills + 103 native commands). Cursor, Cline, Windsurf,
 > Gemini CLI, and GitHub Copilot only get the **rules** natively; skills and
 > commands are available to them as documentation the agent can read, not as
 > first-class features.

package/docs/architecture.md

@@ -96,8 +96,8 @@ fails on any source-side violation, without producing artifacts.
 
 | Layer | Count | Purpose |
 |---|---|---|
-| **Skills** | 141 | On-demand expertise — stack analysis (Laravel · Symfony · Zend / Laminas · Next.js · React · Node), testing, Docker, API design, security, observability, … |
-| **Rules** | 60 | Always-active constraints — coding standards, scope control, verification, language-and-tone, agent-authority |
+| **Skills** | 142 | On-demand expertise — stack analysis (Laravel · Symfony · Zend / Laminas · Next.js · React · Node), testing, Docker, API design, security, observability, … |
+| **Rules** | 58 | Always-active constraints — coding standards, scope control, verification, language-and-tone, agent-authority |
 | **Commands** | 103 | Slash-command workflows — `/commit`, `/create-pr`, `/fix ci`, `/optimize skills`, `/feature plan`, `/work`, `/implement-ticket`, `/compress`, … |
 | **Guidelines** | 58 | Reference material cited by skills — PHP patterns, Eloquent, Playwright, agent-infra, … |
 | **Templates** | 7 | Scaffolds for features, roadmaps, contexts, skills, overrides |
@@ -258,15 +258,21 @@ created by `scripts/install.sh`, not via raw git checkout. This means
 GitHub Copilot's static checker — which walks the git tree — will see
 broken paths where there are none. **The gap is intentional, not a bug.**
 
-The package ships two complementary suppression artefacts:
+The package ships **one** Copilot instruction artefact:
 
 | File | Read by | Purpose |
 |---|---|---|
-| `.github/copilot-instructions.md` | Copilot Chat + PR review | Repo-wide coding standards, self-contained behavior |
-| `.github/copilot-review-instructions.md` | Copilot PR review | Path-resolution suppression floor (this section's mate) |
+| `.github/copilot-instructions.md` | Copilot Chat + PR review | Repo-wide coding standards plus the path-resolution suppression floor (Known False Positives) |
 
-Both are installed (copy-if-missing) by `scripts/install.sh` from
-`.agent-src.uncompressed/templates/`. Consumers can edit them freely;
+Per [GitHub's documented convention](https://docs.github.com/en/copilot/reference/custom-instructions-support),
+Copilot Code Review reads `.github/copilot-instructions.md`
+repository-wide and `.github/instructions/**/*.instructions.md` for
+path-specific rules — there is no separate "review-only" instruction
+file. The first 4000 characters are the budget; keep
+high-priority rules (Scope Control, Known False Positives) up top.
+
+Installed (copy-if-missing) by `scripts/install.sh` from
+`.agent-src.uncompressed/templates/`. Consumers can edit it freely;
 the installer never overwrites.
 
 The mechanical floor is `scripts/check_compressed_paths.py`, wired into

package/docs/catalog.md

@@ -1,19 +1,20 @@
 # agent-config — Public Catalog
 
-Consumer-facing catalog of all **359 public artefacts** shipped by
+Consumer-facing catalog of all **358 public artefacts** shipped by
 this package. Internal package-maintenance rules and deprecation shims
 are excluded.
 
 > **Regenerate:** `python3 scripts/generate_index.py`
 > Auto-generated — do not edit manually.
 
-## Skills (141)
+## Skills (142)
 
 | kind | name | extra | description |
 |---|---|---|---|
 | skill | [`adr-create`](../.agent-src/skills/adr-create/SKILL.md) |  | Use when capturing an architectural decision — naming the file, picking the next ADR number, filling Status / Context / Decision / Consequences, and regenerating the index — even without saying 'ADR'. |
 | skill | [`adversarial-review`](../.agent-src/skills/adversarial-review/SKILL.md) |  | ONLY when user explicitly requests adversarial review, devil's advocate analysis, stress-testing a plan, or 'poke holes in this' — NOT for regular code review or design feedback. |
 | skill | [`agent-docs-writing`](../.agent-src/skills/agent-docs-writing/SKILL.md) |  | Use when reading, creating, or updating agent documentation, module docs, roadmaps, or AGENTS.md. Understands the full .augment/, agents/, and copilot-instructions structure. |
+| skill | [`agents-md-thin-root`](../.agent-src/skills/agents-md-thin-root/SKILL.md) |  | Use when editing AGENTS.md (package root) or templates/AGENTS.md (consumer) — enforces Thin-Root contract: hard char ceilings, ≥40% pointer ratio, mandatory emergency-triage block. |
 | skill | [`ai-council`](../.agent-src/skills/ai-council/SKILL.md) |  | Use when polling external AIs (OpenAI, Anthropic) outside the host session for a neutral second opinion on a roadmap, diff, prompt, or file set — or 'cross-check with another model'. |
 | skill | [`analysis-autonomous-mode`](../.agent-src/skills/analysis-autonomous-mode/SKILL.md) |  | ONLY when user explicitly requests autonomous analysis, deep investigation, multi-step research, or 'dig into this end-to-end without asking me each step' — NOT for normal feature work. |
 | skill | [`analysis-skill-router`](../.agent-src/skills/analysis-skill-router/SKILL.md) |  | Use when picking which analysis or project-analysis-* skill fits a request — routes by scope, framework, and symptom — even if the user just says 'analyze this' or 'dig into the codebase'. |
@@ -153,22 +154,22 @@ are excluded.
 | skill | [`verify-completion-evidence`](../.agent-src/skills/verify-completion-evidence/SKILL.md) |  | Use when claiming 'done', suggesting a commit, push, or PR — runs the evidence gate so completion claims come from fresh output in this message, not memory or earlier runs. |
 | skill | [`websocket`](../.agent-src/skills/websocket/SKILL.md) |  | Use when building real-time features — WebSocket broadcasting, live updates, presence channels, connection state — even when the user just says 'push this to the client live'. |
 
-## Rules (57)
+## Rules (55)
 
 | kind | name | type | description |
 |---|---|---|---|
 | rule | [`agent-authority`](../.agent-src/rules/agent-authority.md) | always | Priority Index for the four authority rules — Hard Floor → Permission Gate → Commit Default → Trivial-vs-Blocking; read first, route to canonical rule |
 | rule | [`agent-docs`](../.agent-src/rules/agent-docs.md) | auto | Reading, creating, or updating agent documentation, module docs, roadmaps, or AGENTS.md |
-| rule | [`analysis-skill-routing`](../.agent-src/rules/analysis-skill-routing.md) | auto | When choosing an analysis skill, route to the narrowest matching skill instead of defaulting to broad analysis |
+| rule | [`analysis-skill-routing`](../.agent-src/rules/analysis-skill-routing.md) | manual | When choosing an analysis skill, route to the narrowest matching skill instead of defaulting to broad analysis |
 | rule | [`architecture`](../.agent-src/rules/architecture.md) | auto | Architecture rules for creating new files, classes, controllers, modules, or making structural decisions about project organization |
-| rule | [`artifact-drafting-protocol`](../.agent-src/rules/artifact-drafting-protocol.md) | auto | Creating a new skill, rule, command, or guideline, or significantly rewriting one — runs a mandatory Understand → Research → Draft sequence before any artifact content is written. |
-| rule | [`artifact-engagement-recording`](../.agent-src/rules/artifact-engagement-recording.md) | auto | After a /implement-ticket or /work phase-step (refine/memory/analyze/plan/implement/test/verify/report) or full task — emit one telemetry:record call with consulted+applied ids when enabled |
+| rule | [`artifact-drafting-protocol`](../.agent-src/rules/artifact-drafting-protocol.md) | auto | Creating a new skill, rule, command, or guideline, or significantly rewriting one — runs mandatory Understand → Research → Draft before drafting |
+| rule | [`artifact-engagement-recording`](../.agent-src/rules/artifact-engagement-recording.md) | auto | After a /implement-ticket or /work phase-step (refine/memory/analyze/plan/implement/test/verify/report) or full task — emit one telemetry:record call |
 | rule | [`ask-when-uncertain`](../.agent-src/rules/ask-when-uncertain.md) | always | Ask when uncertain — don't guess, assume, or improvise |
-| rule | [`autonomous-execution`](../.agent-src/rules/autonomous-execution.md) | auto | Deciding whether to ask the user or just act on a workflow step — trivial-vs-blocking classification, autonomy opt-in detection, commit default; defers to non-destructive-by-default for the Hard Floor |
+| rule | [`autonomous-execution`](../.agent-src/rules/autonomous-execution.md) | auto | Whether to ask or act on a workflow step — trivial-vs-blocking, autonomy opt-in, commit default; Hard Floor in non-destructive-by-default |
 | rule | [`capture-learnings`](../.agent-src/rules/capture-learnings.md) | auto | After completing a task where a repeated mistake or successful pattern appeared — capture as rule or skill |
-| rule | [`caveman-speak`](../.agent-src/rules/caveman-speak.md) | auto | When caveman.speak_scope != off — compress reply prose to caveman grammar with byte-for-byte carve-outs for numbered options, Iron-Law literals, code, paths, and error markers. |
-| rule | [`cli-output-handling`](../.agent-src/rules/cli-output-handling.md) | auto | Running CLI commands that produce verbose output — git, tests, linters, docker, build tools, artisan, npm, composer. Wrap with rtk when installed; tail/grep is fallback. |
-| rule | [`command-suggestion-policy`](../.agent-src/rules/command-suggestion-policy.md) | auto | User prompt without /command but matching an eligible slash command — surface matches as numbered options with as-is escape hatch; never auto-executes, user always picks |
+| rule | [`caveman-speak`](../.agent-src/rules/caveman-speak.md) | auto | When caveman.speak_scope != off — compress reply prose to caveman grammar with carve-outs for numbered options, Iron-Law, code, paths, error markers |
+| rule | [`cli-output-handling`](../.agent-src/rules/cli-output-handling.md) | auto | Running CLI commands that produce verbose output — git, tests, linters, docker, build tools, artisan, npm, composer. Wrap with rtk; tail/grep fallback |
+| rule | [`command-suggestion-policy`](../.agent-src/rules/command-suggestion-policy.md) | auto | User prompt without /command matching an eligible slash command — surface matches as numbered options with as-is escape; never auto-executes |
 | rule | [`commit-conventions`](../.agent-src/rules/commit-conventions.md) | auto | Git commit message format, branch naming, conventional commits, committing, pushing, or creating pull requests |
 | rule | [`commit-policy`](../.agent-src/rules/commit-policy.md) | always | Commit policy — never commit and never ask about committing unless the user said so this turn, the roadmap authorizes it, or a commit command is invoked |
 | rule | [`context-hygiene`](../.agent-src/rules/context-hygiene.md) | auto | When debugging, fixing errors, or running long conversations — 3-failure stop rule, tool-loop detection, fresh-chat triggers |
@@ -176,41 +177,39 @@ are excluded.
 | rule | [`docker-commands`](../.agent-src/rules/docker-commands.md) | auto | Running PHP commands inside Docker containers — artisan, composer, phpstan, rector, ecs, phpunit, tests, migrations, and any CLI tool execution |
 | rule | [`downstream-changes`](../.agent-src/rules/downstream-changes.md) | auto | After EVERY code edit, find ALL downstream changes needed to existing files, including callers, tests, imports, types, and documentation |
 | rule | [`e2e-testing`](../.agent-src/rules/e2e-testing.md) | auto | Playwright E2E tests — locators, assertions, Page Objects, fixtures, CI, and flaky test prevention |
-| rule | [`guidelines`](../.agent-src/rules/guidelines.md) | auto | Writing or reviewing code — check relevant guideline before writing or reviewing code |
-| rule | [`improve-before-implement`](../.agent-src/rules/improve-before-implement.md) | auto | Before implementing features or architectural changes — validate the request against existing code, challenge weak requirements, and suggest improvements |
-| rule | [`invite-challenge`](../.agent-src/rules/invite-challenge.md) | auto | Before executing a complex plan or non-trivial design — proactively ask 'am I solving the right problem?' and pause for user confirmation, even when no ambiguity is detected |
+| rule | [`guidelines`](../.agent-src/rules/guidelines.md) | manual | Writing or reviewing code — check relevant guideline before writing or reviewing code |
+| rule | [`improve-before-implement`](../.agent-src/rules/improve-before-implement.md) | auto | Before implementing features or architectural changes — validate the request against existing code, challenge weak requirements, suggest improvements |
+| rule | [`invite-challenge`](../.agent-src/rules/invite-challenge.md) | auto | Before executing a complex plan or non-trivial design — ask 'am I solving the right problem?' and pause for user confirmation, even when no ambiguity |
 | rule | [`language-and-tone`](../.agent-src/rules/language-and-tone.md) | always | Language and tone — informal German Du, English code comments, .md files always English |
 | rule | [`laravel-translations`](../.agent-src/rules/laravel-translations.md) | auto | Laravel language files, translations, i18n, lang/de, lang/en, __() helper, localization, multilingual text |
 | rule | [`markdown-safe-codeblocks`](../.agent-src/rules/markdown-safe-codeblocks.md) | auto | Generating markdown output that contains code blocks — prevent broken nesting |
-| rule | [`minimal-safe-diff`](../.agent-src/rules/minimal-safe-diff.md) | auto | When writing or reviewing a diff — the smallest change that solves the stated problem; no drive-by edits, no opportunistic refactors, no reformatting of untouched code |
+| rule | [`minimal-safe-diff`](../.agent-src/rules/minimal-safe-diff.md) | auto | When writing or reviewing a diff — the smallest change that solves the stated problem; no drive-by edits, opportunistic refactors, or reformatting |
 | rule | [`missing-tool-handling`](../.agent-src/rules/missing-tool-handling.md) | auto | When a CLI tool needed for the task is not installed — ask before working around it; do NOT install silently |
-| rule | [`model-recommendation`](../.agent-src/rules/model-recommendation.md) | auto | Starting a new task, switching task type, or invoking a command — detect task complexity and recommend the optimal model (Opus/Sonnet/GPT) before any work |
-| rule | [`no-attribution-footers`](../.agent-src/rules/no-attribution-footers.md) | auto | Generating PR/issue/comment/commit-message bodies — forbids unsolicited 'Generated with', 'Co-authored by', or 'Pull Request opened by' attribution footers in any user-owned artifact |
+| rule | [`model-recommendation`](../.agent-src/rules/model-recommendation.md) | auto | Starting a new task, switching task type, or invoking a command — detect complexity and recommend optimal model (Opus/Sonnet/GPT) before work |
+| rule | [`no-attribution-footers`](../.agent-src/rules/no-attribution-footers.md) | auto | Generating PR/issue/comment/commit-message bodies — forbids 'Generated with', 'Co-authored by', or 'Pull Request opened by' attribution footers |
 | rule | [`no-cheap-questions`](../.agent-src/rules/no-cheap-questions.md) | always | No cheap questions — never ask what context answers, never offer Iron-Law-violating options, never stage no-trade-off choices; mode-independent (off / auto / on) |
-| rule | [`no-council-references`](../.agent-src/rules/no-council-references.md) | auto | Linking a specific file in agents/council-{questions,responses,sessions}/ from any artifact — council files are gitignored, local-only, auto-pruned; inline the convergence instead |
-| rule | [`no-roadmap-references`](../.agent-src/rules/no-roadmap-references.md) | auto | Adding a link to a specific file in agents/roadmaps/ from any stable artifact (rule, skill, command, context, guideline) — roadmaps are transient; promote durable findings to agents/contexts/ instead |
+| rule | [`no-roadmap-references`](../.agent-src/rules/no-roadmap-references.md) | auto | Linking transient files (agents/roadmaps/, agents/council-{questions,responses,sessions}/) from a stable artifact — both layers expire; promote findings |
 | rule | [`non-destructive-by-default`](../.agent-src/rules/non-destructive-by-default.md) | always | Agent is never destructive — Hard Floor always asks for prod-trunk merges, deploys, pushes, prod data/infra, bulk deletions, and bulk-deletion/infra commits; no autonomy or roadmap bypass |
-| rule | [`onboarding-gate`](../.agent-src/rules/onboarding-gate.md) | auto | First turn of a conversation on a project — check onboarding.onboarded in .agent-settings.yml; when false, prompt the user to run /onboard before executing any other request |
-| rule | [`package-ci-checks`](../.agent-src/rules/package-ci-checks.md) | auto | Before pushing to remote or creating a PR in the agent-config package — run all CI checks locally first |
+| rule | [`onboarding-gate`](../.agent-src/rules/onboarding-gate.md) | auto | First turn of a conversation on a project — check onboarding.onboarded in .agent-settings.yml; when false, prompt to run /onboard before any request |
+| rule | [`package-ci-checks`](../.agent-src/rules/package-ci-checks.md) | manual | Before pushing to remote or creating a PR in the agent-config package — run all CI checks locally first |
 | rule | [`php-coding`](../.agent-src/rules/php-coding.md) | auto | Writing or reviewing PHP code — strict types, naming, comparisons, early returns, Eloquent conventions |
 | rule | [`preservation-guard`](../.agent-src/rules/preservation-guard.md) | auto | When merging, refactoring, compressing, or restructuring skills, rules, commands, or guidelines — prevent quality loss |
-| rule | [`review-routing-awareness`](../.agent-src/rules/review-routing-awareness.md) | auto | When routing reviewers or flagging risk hotspots — consult ownership-map and historical-bug-patterns before suggesting reviewers or claiming a change is safe |
-| rule | [`reviewer-awareness`](../.agent-src/rules/reviewer-awareness.md) | auto | When suggesting reviewers for a change — anchor the choice in paths and risk, never prestige or seniority; require primary + secondary role for medium/high risk |
-| rule | [`roadmap-progress-sync`](../.agent-src/rules/roadmap-progress-sync.md) | auto | Any touch to agents/roadmaps/ — create/rename/delete/move, edit checkboxes ([x]/[~]/[-]), add/rename/remove phases — must regenerate dashboard and archive if 0 open items, same response |
+| rule | [`reviewer-awareness`](../.agent-src/rules/reviewer-awareness.md) | auto | When suggesting reviewers or flagging risk hotspots — anchor in paths/risk + ownership-map + bug-patterns; medium/high needs primary + secondary |
+| rule | [`roadmap-progress-sync`](../.agent-src/rules/roadmap-progress-sync.md) | auto | Any roadmap touch (file move, checkbox flip, phase change) regens dashboard same response; archive at 0 open. Autonomous runs flip checkboxes inline |
 | rule | [`role-mode-adherence`](../.agent-src/rules/role-mode-adherence.md) | auto | When roles.active_role is set in .agent-settings.yml — closing outputs must match the mode's contract and emit the structured mode marker |
 | rule | [`rule-type-governance`](../.agent-src/rules/rule-type-governance.md) | auto | Creating or editing rules, or auditing rule types — decides when a rule should be always vs auto |
 | rule | [`runtime-safety`](../.agent-src/rules/runtime-safety.md) | auto | When a skill declares execution metadata — enforce safety constraints for assisted and automated execution types |
 | rule | [`scope-control`](../.agent-src/rules/scope-control.md) | always | Scope control — no unsolicited architectural changes, refactors, or library replacements |
-| rule | [`security-sensitive-stop`](../.agent-src/rules/security-sensitive-stop.md) | auto | Security-sensitive paths — auth, billing, tenant boundaries, secrets, file uploads, external integrations, webhooks, public endpoints — stop and run threat analysis BEFORE editing |
-| rule | [`size-enforcement`](../.agent-src/rules/size-enforcement.md) | auto | Creating or editing rules, skills, commands, guidelines, AGENTS.md, or copilot-instructions.md — enforce size and scope limits |
+| rule | [`security-sensitive-stop`](../.agent-src/rules/security-sensitive-stop.md) | auto | Security-sensitive paths — auth, billing, tenant boundaries, secrets, uploads, integrations, webhooks, public endpoints — threat-model BEFORE editing |
+| rule | [`size-enforcement`](../.agent-src/rules/size-enforcement.md) | manual | Creating or editing rules, skills, commands, guidelines, AGENTS.md, or copilot-instructions.md — enforce size and scope limits |
 | rule | [`skill-improvement-trigger`](../.agent-src/rules/skill-improvement-trigger.md) | auto | After completing a meaningful task — trigger post-task learning capture if pipelines.skill_improvement is enabled |
 | rule | [`skill-quality`](../.agent-src/rules/skill-quality.md) | auto | Creating, editing, or reviewing skills — minimum quality standard, every skill must be executable, validated, and self-contained |
 | rule | [`slash-command-routing-policy`](../.agent-src/rules/slash-command-routing-policy.md) | auto | When user types a slash command like /create-pr, /commit, or pastes command file content |
 | rule | [`think-before-action`](../.agent-src/rules/think-before-action.md) | auto | Before coding, modifying, or debugging — analyze first, verify with real tools, never guess or trial-and-error |
 | rule | [`token-efficiency`](../.agent-src/rules/token-efficiency.md) | auto | When running CLI tools, fetching logs, or producing replies — redirect verbose output, minimize tool calls, keep replies concise |
-| rule | [`token-optimizer-maintenance`](../.agent-src/rules/token-optimizer-maintenance.md) | auto | Editing a token-optimizer-cited asset (cli-output-handling, rtk-output-filtering, token-efficiency, agent-handoff, direct-answers, markitdown) — keep the catalog row in sync in the same commit. |
+| rule | [`token-optimizer-maintenance`](../.agent-src/rules/token-optimizer-maintenance.md) | auto | Editing a token-optimizer-cited asset (cli-output-handling, rtk-output-filtering, token-efficiency, markitdown) — sync catalog same commit |
 | rule | [`tool-safety`](../.agent-src/rules/tool-safety.md) | auto | When a skill uses external tools — enforce allowlist, deny-by-default, and no hidden credential patterns |
-| rule | [`ui-audit-gate`](../.agent-src/rules/ui-audit-gate.md) | auto | Writing or editing UI — components, screens, partials, layouts, design tokens — require existing-ui-audit findings in state.ui_audit before non-trivial UI change; gate, not suggestion |
+| rule | [`ui-audit-gate`](../.agent-src/rules/ui-audit-gate.md) | auto | Writing or editing UI — components, screens, partials, layouts, design tokens — require existing-ui-audit findings before non-trivial UI change |
 | rule | [`upstream-proposal`](../.agent-src/rules/upstream-proposal.md) | auto | After creating or significantly improving a skill, rule, guideline, or command — ask if it should be contributed upstream to the shared package |
 | rule | [`user-interaction`](../.agent-src/rules/user-interaction.md) | auto | Asking the user a question, presenting options, or summarizing progress — numbered-options Iron Law, single-recommendation rule, progress indicators |
 | rule | [`verify-before-complete`](../.agent-src/rules/verify-before-complete.md) | always | Verify before completion — run tests and quality tools before claiming done |

package/docs/contracts/agents-md-tech-stack.md

@@ -0,0 +1,74 @@
+---
+stability: beta
+---
+
+# Tech stack — deep detail
+
+Outboarded from `AGENTS.md` Phase 2 of `road-to-augment-limit-fit` to
+keep the front-door file under the Augment workspace-guidelines
+budget. AGENTS.md retains a 2-3 sentence summary; everything below
+is the long-form reference.
+
+## Recommended ingestion path for non-text formats
+
+PDF, DOCX, XLSX, PPTX, EPUB, image, and audio inputs route through the
+[`markitdown`](../../.agent-src/skills/markitdown/SKILL.md) skill — a
+thin markdown-only wrapper over Microsoft's MIT-licensed
+`markitdown-mcp` server (peer-side install, zero Python in this
+package). The skill ships the four-layer security defense:
+
+1. **Skill checklist** — frontmatter declares allowed input types, max
+   sizes, and the disallow list (no remote URLs, no executables).
+2. **Narrow API** — the skill exposes `convert(path) → markdown`; no
+   shell-out, no arbitrary file globbing.
+3. **Docker read-only** — `markitdown-mcp` runs in a read-only
+   container with the mount restricted to the input file's directory.
+4. **Localhost binding** — the MCP server binds to `127.0.0.1` only;
+   no exposure to the host network.
+
+Calibrated token claim: 3-5× comprehension on text-heavy formats
+(PDF, DOCX), 10-50× on image-heavy formats (scanned PDF, PPTX with
+diagrams). Measure locally with
+`python3 scripts/measure_markitdown_lift.py` against
+`tests/fixtures/markitdown-corpus/`.
+
+## Cognition-only floor for Wings 2–4
+
+Wings 2 (Product + Foundation), 3 (GTM + Growth), and 4 (Money +
+Strategy + Ops) enforce a no-SaaS-auth, no-vendor-SDK,
+no-stage-prescription floor: cognition artifacts (markdown tables,
+scoring rubrics, walkthroughs) must work in any host without
+external dependencies.
+
+Mechanical enforcement: the structural-malice check in
+`scripts/skill_linter.py` blocks:
+
+- Credential exfiltration patterns (env-var reads of `*_TOKEN`,
+  `*_KEY`, `*_SECRET` followed by network egress).
+- Remote execution (subprocess to URLs, `eval` of network-fetched
+  content).
+- Shell injection in subprocess calls (string-concat shell commands
+  with user-controlled input).
+
+See `.agent-src.uncompressed/rules/skill-quality.md` § Structural
+Malice Floor for the full rule.
+
+## Distribution mechanics
+
+- `type: library` in `composer.json`; no `app/` directory, no
+  application runtime (no Laravel, Symfony, Next.js, or other
+  framework app code).
+- Published to Composer and npm as `event4u/agent-config` /
+  `@event4u/agent-config`.
+- Installed into consumer projects via `scripts/install.sh` (Bash)
+  and `scripts/install.py` (Python bridge).
+
+## See also
+
+- [`AGENTS.md`](../../AGENTS.md) — front-door (kernel orientation only)
+- [`docs/architecture.md`](../../docs/architecture.md) — package
+  architecture and cloud-bundle pipeline
+- [`.agent-src.uncompressed/rules/skill-quality.md`](../../.agent-src.uncompressed/rules/skill-quality.md)
+  — Structural Malice Floor
+- [`.agent-src/skills/markitdown/SKILL.md`](../../.agent-src/skills/markitdown/SKILL.md)
+  — markitdown skill entry point

package/docs/contracts/linear-ai-rules-inclusion.md

@@ -89,7 +89,7 @@ agent that does not maintain `event4u/agent-config`.
 `agent-docs`, `architecture`, `artifact-drafting-protocol`,
 `augment-portability`, `augment-source-of-truth`, `capture-learnings`,
 `docs-sync`, `guidelines`, `package-ci-checks`, `preservation-guard`,
-`review-routing-awareness`, `roadmap-progress-sync`,
+`reviewer-awareness`, `roadmap-progress-sync`,
 `role-mode-adherence`, `rule-type-governance`, `runtime-safety`,
 `size-enforcement`, `skill-improvement-trigger`, `skill-quality`,
 `tool-safety`, `upstream-proposal`.