@event4u/agent-config 1.27.0 → 1.29.0

package/docs/contracts/package-self-orientation.md

@@ -62,7 +62,7 @@ compress + regenerate the tool directories.
 
 ```
 .agent-src.uncompressed/      ← edit here
-  skills/       (141 skills)
+  skills/       (150 skills)
   rules/        (58 rules)
   commands/     (103 commands)
   personas/     (7 personas)

package/docs/decisions/ADR-004-rule-governance-pruning.md

@@ -228,10 +228,10 @@ documentation rewrite for marginal additional savings.
   council walk, host verdicts)
 - `agents/reports/auto-rules-overlap.json` (Phase 5.2 data)
 - `agents/reports/auto-rules-likelihood.json` (Phase 5.3 data)
-- `agents/council-questions/augment-limit-fit-rule-governance.md`
+- `agents/council-questions/augment-limit-fit-rule-governance.md` <!-- council-ref-allowed: ADR decision trace -->
   (Phase 5.4 prompt)
-- `agents/council-responses/augment-limit-fit-rule-governance.json`
-  (Phase 5.4 R3 raw debate) <!-- council-ref-allowed: ADR decision trace -->
+- `agents/council-responses/augment-limit-fit-rule-governance.json` <!-- council-ref-allowed: ADR decision trace -->
+  (Phase 5.4 R3 raw debate)
 - `docs/decisions/ADR-rule-kernel-and-router.md` (kernel-membership
   contract — Phase 5 changes leave kernel untouched per Lever C lock)
 - `.agent-src.uncompressed/rules/guidelines.md` (deprecated subject)

package/docs/getting-started.md

@@ -153,7 +153,7 @@ Your agent now understands slash commands:
 | `/quality-fix` | Run and fix all quality checks |
 | `/chat-history` | Inspect the persistent chat-history log (read-only `show`) |
 
-→ [Browse all 103 active commands](../.agent-src/commands/)
+→ [Browse all 104 active commands](../.agent-src/commands/)
 
 ---
 

package/docs/guidelines/agent-infra/inversion-thinking.md

@@ -0,0 +1,388 @@
+# Inversion Thinking
+
+Reference guideline for Wing-1 deep-thinking work — Carl Jacobi's
+"invert, always invert" applied to **decisions and arguments**, not
+diffs. The pre-mortem on a strategy, an argument, or a written plan;
+distinct from
+[`adversarial-review`](../../../.agent-src.uncompressed/skills/adversarial-review/SKILL.md)
+which stress-tests **diffs**. Adopted under the **Reference-Guideline
+Sunset Policy** (see frontmatter `upstream` / `refresh_trigger` keys)
+and cross-referenced from:
+
+- [`refine-prompt`](../../../.agent-src.uncompressed/skills/refine-prompt/SKILL.md)
+  — pre-mortem on a free-form prompt before planning.
+- [`refine-ticket`](../../../.agent-src.uncompressed/skills/refine-ticket/SKILL.md)
+  — pre-mortem on a Jira / Linear ticket before estimation.
+- [`threat-modeling`](../../../.agent-src.uncompressed/skills/threat-modeling/SKILL.md)
+  — abuse-case generation pairs with goal inversion.
+- [`improve-before-implement`](../../../.agent-src.uncompressed/rules/improve-before-implement.md)
+  — challenge weak requirements before writing code.
+
+> **Core principle:** "Invert, always invert." — Carl Jacobi
+
+**Scope split with `adversarial-review`:** this guideline targets
+**decisions** (will the plan work? what guarantees failure?
+which assumptions are load-bearing?). `adversarial-review` targets
+**diffs** (what edge cases break this code? where do null / race /
+auth bugs live?). Cross-link, do not merge.
+
+## When to Use
+
+Ideal for:
+- 🎯 Mitigating risks and avoiding failure
+- 🔍 Discovering hidden problems and obstacles
+- 💡 Breaking through mental blocks
+- ⚠️ Stress-testing plans for fragility
+- 🛡️ Building defensive strategies
+
+## Three Inversion Modes
+
+### 1. Goal Inversion
+
+**Forward**: How to achieve goal X?
+**Inverted**: How to guarantee failure to achieve X?
+
+```markdown
+## Goal Inversion Analysis
+
+Forward Goal: [Article's main recommendation]
+
+Inverted Questions:
+1. What behaviors guarantee failure?
+2. Which factors completely sabotage the plan?
+3. What's the worst possible outcome?
+
+Insights:
+- Must-avoid behaviors: [List]
+- Critical risk points: [Identify]
+- Defensive strategy: [Formulate]
+```
+
+### 2. Assumption Inversion
+
+**Forward**: If assumption A holds, then conclusion B is valid
+**Inverted**: What happens if assumption A doesn't hold?
+
+```markdown
+## Assumption Inversion Test
+
+Article's core assumptions:
+1. [Assumption 1]
+2. [Assumption 2]
+3. [Assumption 3]
+
+Inversion Test:
+- If assumption 1 is reversed, how does the conclusion change?
+- Under what conditions does this assumption fail?
+- Are there counterexamples?
+
+Discovered vulnerabilities: [List]
+```
+
+### 3. Causality Inversion
+
+**Forward**: A causes B (cause to effect)
+**Inverted**: To get B, what must be true? (effect to cause)
+
+```markdown
+## Causality Inversion
+
+Desired Outcome: [Article's promised result]
+
+Backward Derivation:
+- To achieve this, what conditions must be met?
+- Are all these conditions mentioned in the article?
+- What critical factors are missing?
+
+Necessary Conditions:
+✓ [Met conditions]
+✗ [Unmentioned necessary conditions] ← Important discovery
+```
+
+## Application Method
+
+### Step 1: Identify Forward Claims
+
+```markdown
+## Article's Forward Claims
+
+Core thesis: [Extract]
+Recommended actions: [List]
+Expected results: [Describe]
+```
+
+### Step 2: Apply Four Inversion Questions
+
+#### ❌ Q1: How to guarantee failure?
+
+```markdown
+Most effective failure methods:
+1. [Opposite of recommendations]
+2. [Ignored critical factors]
+3. [Problems from over-execution]
+
+Insight: Avoid these traps
+```
+
+#### ⚠️ Q2: When would the advice backfire?
+
+```markdown
+Backfire scenarios:
+- Wrong timing: [Explain]
+- Wrong context: [Explain]
+- Insufficient resources: [Explain]
+
+Prerequisites: [Unstated but necessary conditions]
+```
+
+#### 🔍 Q3: What risks are missing?
+
+```markdown
+Risks article doesn't mention:
+1. [Hidden risk 1]
+2. [Hidden risk 2]
+3. [Hidden risk 3]
+
+Risk mitigation: [Supplement]
+```
+
+#### 🎯 Q4: What's reasonable about the opposite view?
+
+```markdown
+Contrary perspectives:
+- [Counter-argument 1]
+- [Counter-argument 2]
+
+Merit in opposition:
+- [Analysis]
+- [When might the opposite be better]
+
+Balanced view: [Synthesized judgment]
+```
+
+### Step 3: Build Failure-Mode Checklist
+
+```markdown
+## Failure Prevention Checklist
+
+Based on inversion, avoid:
+- [ ] [Failure mode 1] → Prevention: [Specific action]
+- [ ] [Failure mode 2] → Prevention: [Specific action]
+- [ ] [Failure mode 3] → Prevention: [Specific action]
+
+Early warning signs:
+- 🚨 [Signal 1] → Indicates moving toward failure
+- 🚨 [Signal 2] → Requires immediate adjustment
+```
+
+### Step 4: Restructure Action Plan
+
+```markdown
+## Defensive Action Plan
+
+Original plan: [Article's recommendation]
+
+Optimized plan (with inversion insights):
+1. [Original action] + [Risk mitigation]
+2. [Added preventive step]
+3. [Established safety margin]
+
+Stop-Doing List:
+- ❌ [Explicitly what NOT to do]
+```
+
+## Practical Examples
+
+### Example 1: Productivity Article
+
+**Article Claim**: "Waking up at 5am is key to success"
+
+#### Inversion Analysis:
+
+**Forward**: How to become an early riser?
+**Inverted**: How to guarantee the 5am plan fails?
+
+**Failure Checklist**:
+1. Stay up until 3am → Insight: Total sleep matters more than wake time
+2. No compelling morning reason → Insight: Need clear morning purpose
+3. Inconsistent weekend schedule → Insight: Consistency is key
+4. Alarm within arm's reach → Insight: Environmental design matters
+
+**Inversion Discoveries**:
+- ⚠️ Article ignores: Individual chronotype differences ("night owls")
+- ⚠️ Fails when: Work requires night shifts
+- ⚠️ Backfires: Sleep deprivation reduces productivity
+
+**Optimized Recommendation**:
+- Don't chase wake time, chase:
+  1. Sufficient sleep (7-9 hours)
+  2. Consistent schedule
+  3. High-value morning activities
+
+### Example 2: Business Strategy
+
+**Article Claim**: "Rapid expansion to capture market"
+
+#### Inverted Q: How to ensure expansion fails?
+
+**Failure List**:
+1. Expand before product-market fit → Insight: Need PMF first
+2. Poor cash flow management → Insight: Growth speed ≠ healthy growth
+3. Team quality can't keep up → Insight: Organizational capacity is bottleneck
+4. Neglect existing customers → Insight: Retention vs. acquisition balance
+
+**Necessary Conditions Check**:
+```markdown
+Prerequisites for rapid expansion:
+✓ Proven business model (article mentions)
+✗ Adequate funding reserves (article omits)
+✗ Replicable operational processes (article omits)
+✗ Strong team culture (article omits)
+```
+
+**Inversion Insight**:
+Article only discusses "gas pedal", not "brakes". Need to add:
+- Expansion stop conditions
+- Stage-gate validation
+- Retreat plan
+
+## Integration with Other Frameworks
+
+### + Critical Thinking
+```markdown
+Critical Thinking: Find argument holes
+Inversion: What happens if the holes lead to failure?
+```
+
+### + First Principles
+```markdown
+First Principles: Strip to essentials
+Inversion: Test fragility of essential assumptions
+```
+
+### + Systems Thinking
+```markdown
+Systems Thinking: See reinforcing loops
+Inversion: Identify negative loops and collapse points
+```
+
+### + Mental Models
+```markdown
+Mental Models: Multi-angle analysis
+Inversion: Consider the opposite for each angle
+```
+
+## Inversion Toolbox
+
+### Tool 1: Pre-Mortem
+
+```markdown
+## Pre-Mortem Analysis
+
+Imagine it's 1 year later, the plan completely failed.
+
+Failure causes:
+1. [Most likely failure reason 1]
+2. [Most likely failure reason 2]
+3. [Most likely failure reason 3]
+
+Based on this, current actions should be:
+- [Prevention measure 1]
+- [Prevention measure 2]
+```
+
+### Tool 2: Reverse Engineering
+
+```markdown
+## Working Backwards from Results
+
+Ideal outcome: [Describe]
+
+Reverse steps:
+← Step N: [Final step]
+← Step N-1: [Previous step]
+← ...
+← Step 1: [First step]
+
+Article's missing steps: [Identify]
+```
+
+### Tool 3: Not-To-Do List
+
+```markdown
+## Not-To-Do List (More Important Than To-Do)
+
+Based on inversion, explicitly avoid:
+1. ❌ [Failure-causing behavior 1]
+2. ❌ [Failure-causing behavior 2]
+3. ❌ [Failure-causing behavior 3]
+
+Stop signals:
+When [X signal] appears, immediately stop
+```
+
+### Tool 4: Devil's Advocate
+
+```markdown
+## Playing Devil's Advocate
+
+Defending the opposite view:
+- Claim: [Contrary position]
+- Evidence: [Supporting counter-evidence]
+- Context: [When opposite is better]
+
+Balanced conclusion:
+Not A or B, but [middle path]
+```
+
+## Common Pitfalls
+
+### ❌ Excessive Negativity
+- Wrong: Use inversion to reject everything
+- Right: Use inversion to optimize plans, not abandon them
+
+### ❌ Analysis Paralysis
+- Wrong: See too many risks, can't act
+- Right: Identify risks → Design mitigations → Act
+
+### ❌ Ignoring Probability
+- Wrong: Treat low-probability risks same as high-probability
+- Right: Risk assessment = Probability × Impact
+
+## Practice Exercises
+
+### Exercise 1: Daily Decisions
+For any daily decision, ask:
+- "How to ensure this decision is wrong?"
+- What blind spots did I discover?
+
+### Exercise 2: Inverted Reading
+For any advice article, automatically ask:
+- "When would this advice be harmful?"
+- "What prerequisites are missing?"
+
+### Exercise 3: Pre-Mortem Planning
+Before any plan, do 15-minute pre-mortem:
+- Assume failure, list causes
+- Modify plan to avoid these causes
+
+## Key Quotes
+
+> "It is remarkable how much long-term advantage people like us have gotten by trying to be consistently not stupid, instead of trying to be very intelligent."
+> — Charlie Munger
+
+> "Tell me where I'm going to die, so I'll never go there."
+> — Carl Jacobi
+
+> "If you want to improve, be content to be thought foolish and stupid."
+> — Epictetus (On how inversion may contradict conventional wisdom)
+
+---
+
+**Remember**: Inversion's goal isn't pessimism, but robustness. By seeing failure paths, we design better success paths.
+
+---
+
+## ADOPT citation
+
+Adopted from [`ginobefun/deep-reading-analyst-skill`](https://github.com/ginobefun/deep-reading-analyst-skill) @ commit `26cd7dc9` · `src/deep-reading-analyst/references/inversion_thinking.md` · MIT License.

package/docs/guidelines/agent-infra/mcp-request-signing.md

@@ -6,9 +6,8 @@ trusted parent-child pipe is **outside** the scope of this guideline; only
 network-exposed transports require signing.
 
 Lands ahead of any HTTP-MCP transport so the security floor is in place
-when one becomes a real consumer use case (see
-[`road-to-mcp-server.md`](../../../agents/roadmaps/road-to-mcp-server.md)
-Phase 4 D4 — allowlist).
+when one becomes a real consumer use case (paired with the allowlist
+gate tracked in the active mcp-server plate under `agents/roadmaps/`).
 
 Adapted from
 [`ruvnet/ruflo`](https://github.com/ruvnet/ruflo) — commit
@@ -105,20 +104,18 @@ plain `setInterval` sweep every minute is enough.
 | **Clock skew abuse** — long-lived request | `MAX_SKEW_MS = 5 min` rejects out-of-window timestamps |
 | **Timing oracle on signature compare** | `timingSafeEqual`, never `===` |
 | **Secret exfil via repo / log** | `KERNEL_SECRET` from env or secrets store; never log raw headers; redact `X-MCP-Signature` in any audit trail |
-| **Allowlist bypass** | Signing **does not** authorize what's called — pair with the allowlist enforced at server boot ([`road-to-mcp-server.md`](../../../agents/roadmaps/road-to-mcp-server.md) Phase 4 **D4**); a valid signature on a non-allowlisted tool name still rejects |
+| **Allowlist bypass** | Signing **does not** authorize what's called — pair with the allowlist enforced at server boot (mcp-server plate under `agents/roadmaps/`, Phase 4 **D4**); a valid signature on a non-allowlisted tool name still rejects |
 
 ## Citation hooks
 
-- [`road-to-mcp-server.md`](../../../agents/roadmaps/road-to-mcp-server.md)
-  **Phase 4 D4** — allowlist enforced at server boot. Signing layers
-  *under* the allowlist: verify signature → look up tool in allowlist →
-  execute. Both gates must pass.
-- [`road-to-mcp-server.md`](../../../agents/roadmaps/road-to-mcp-server.md)
-  **Phase 6 F2 / F3** — SSE transport, cloud bundle. These are the
-  triggers that make this guideline load-bearing; until then it is
-  reference material for the deferred-with-trigger HTTP-bridge slot of
-  [`road-to-ruflo-adoption.md`](../../../agents/roadmaps/road-to-ruflo-adoption.md)
-  Phase 2 P2.1.
+- mcp-server plate under `agents/roadmaps/` — **Phase 4 D4** allowlist
+  enforced at server boot. Signing layers *under* the allowlist: verify
+  signature → look up tool in allowlist → execute. Both gates must pass.
+- mcp-server plate under `agents/roadmaps/` — **Phase 6 F2 / F3** SSE
+  transport, cloud bundle. These are the triggers that make this
+  guideline load-bearing; until then it is reference material for the
+  deferred-with-trigger HTTP-bridge slot of the ruflo-adoption plate
+  (Phase 2 P2.1) under `agents/roadmaps/`.
 
 ## Operational notes