@event4u/agent-config 2.24.0 → 2.25.0

package/.agent-src/commands/create-pr/description-only.md

@@ -39,17 +39,45 @@ The user may or may not provide a PR URL or branch name.
    - If no PR found → use `git diff origin/{default}..HEAD --stat` for the branch diff.
 3. **Never** reuse a PR number from earlier in the conversation.
 
-### 2. Gather context
-
-- **Jira ticket**: Extract ticket ID from branch name (e.g. `fix/DEV-4673-description` → `DEV-4673`).
-  - If found → fetch via Jira API (`GET /issue/{ticketId}`).
-  - If not found → ask the user for a ticket number. Proceed without if none.
-- **Diff summary**: `git diff origin/{default}..HEAD --stat` for changed files.
-- **Commit messages**: `git log origin/{default}..HEAD --format="%s"` for what was done.
-- **PR template**: **MUST** read `.github/pull_request_template.md`. This is mandatory, not optional.
-- **Read key changed files** to understand what was done — look for migrations, new classes,
-  modified services, route changes, config changes.
-- **Check roadmap/agent docs** that describe the feature intent (if they exist).
+### 2. Gather context — **one parallel tool-call block**
+
+The four primary fetches below are **independent** and **must** be
+dispatched in a single parallel tool-call block, not serially. Serial
+reads here add 3+ round-trips per PR for zero benefit.
+
+```
+parallel:
+  1. Jira API           — GET /issue/{ticketId}   (skip when no ticket ID)
+  2. git diff           — git diff origin/{default}..HEAD --stat
+  3. git log            — git log origin/{default}..HEAD --format="%s"
+  4. view PR template   — .github/pull_request_template.md
+```
+
+After the block returns:
+
+- **Jira ticket**: ticket ID is extracted from the branch name
+  (e.g. `fix/DEV-4673-description` → `DEV-4673`) **before** the
+  parallel block. No ticket → skip fetch 1 silently; ask the user
+  for a number only after the block, and only if needed.
+- **PR template missing** → fall back to the structure in § 4.
+- **Read key changed files** (migrations, new classes, modified
+  services, route/config changes) — second parallel block, keyed
+  off the diff summary. Group all file reads in one block.
+- **Check roadmap/agent docs** that describe the feature intent
+  (if they exist) — fold into the second block.
+
+Anti-pattern (do **not** do this):
+
+```
+turn 1: fetch Jira
+turn 2: git diff
+turn 3: git log
+turn 4: view template
+turn 5: view file A
+turn 6: view file B
+```
+
+That's 6 round-trips for what should be 2.
 
 ### 3. Build the PR title
 

package/.agent-src/commands/create-pr.md

@@ -94,6 +94,44 @@ Resolve `"draft"` (first match wins):
 3. `routine_confirmations: true` → ask `1. draft / 2. ready`.
 4. Default → `true` (silent draft).
 
+#### 3a. Tool selection — single-call mandate
+
+```
+POST THE PR WITH ONE github-api CALL.
+NEVER COMPOSE THE BODY THROUGH SHELL, PYTHON, OR TEMP FILES.
+```
+
+Use the `github-api` tool **directly** with the markdown body in the
+JSON `data` field. The body is a regular JSON string — escaping is the
+tool's job, not yours.
+
+```
+github-api
+  method: POST
+  path:   /repos/{owner}/{repo}/pulls
+  data:   { "title": "...", "body": "<markdown>", "head": "<branch>",
+            "base": "main", "draft": <bool> }
+```
+
+**Hard prohibitions** (each one cost 3+ extra tool calls in past runs):
+
+- ❌ `python3 -c "import urllib..."` / `python3 - <<PY ... PY` heredocs
+  to serialize the body or POST it.
+- ❌ `save-file PR_BODY.md` → read back → `curl -d @PR_BODY.md`.
+- ❌ `gh pr create --body-file …` shelling out when `github-api` is
+  available in this surface.
+- ❌ Splitting `title` and `body` into two API calls (create + PATCH).
+
+The body may contain any Markdown — code fences, tables, multi-line
+HTML, emoji. Do **not** preprocess, escape, or strip newlines before
+handing it to `github-api`.
+
+If the surface genuinely lacks `github-api` (rare), fall back to
+`gh pr create --title "..." --body-file <(echo -n "<body>")` as a
+**single** shell call, never the python-urllib path.
+
+#### 3b. Submit
+
 Create the PR with the approved title/body and the resolved `draft`.
 
 **Verify after `draft: false`** — the GitHub REST API sometimes ignores
@@ -126,18 +164,21 @@ Run this strip-pass **after PR creation and after every body PATCH**:
    - `Pull Request opened by [Augment Code]`
    - `Co-authored by Augment Code`
    - Any `augmentcode.com` link the user did not ask for
-3. If any pattern is present, remove it together with surrounding
+3. **No match → done.** Skip steps 4–5; the body is already clean.
+   This is the common path and **must not** spend a verify-GET.
+4. Match found → remove the footer(s) together with surrounding
    `---` separators and trailing whitespace, then:
    ```
    PATCH /repos/{owner}/{repo}/pulls/{number}
    { "body": "<cleaned body>" }
    ```
-4. Re-fetch the body once more to verify the strip stuck. If a
-   pattern reappears (server re-injection), repeat steps 2–4 once;
+   Re-fetch the body **once** to verify the strip stuck. If a
+   pattern reappears (server re-injection), repeat the PATCH once;
    if it still reappears, surface the issue to the user and stop
    (do not enter a strip/PATCH loop).
-5. Briefly note in the reply how many footers were removed (or
-   "no footers found" if clean).
+5. Briefly note in the reply how many footers were removed (omit
+   the line entirely when nothing was stripped — silence is the
+   expected path, not "no footers found").
 
 #### 4b. Show the PR URL (verbosity-gated)
 
@@ -154,6 +195,19 @@ Linked ticket + `routine_confirmations: true` → ask `1. Yes / 2. No`.
 Default (`false`) → skip silently. **Only emit a transition line when
 an actual Jira API call succeeded** — never announce "skipped".
 
+#### 4d. Settings short-circuit — single read per run
+
+`verbosity.routine_confirmations`, `verbosity.post_action_reports`, and
+`commands.create_pr.preview_description` are read **once** at the top
+of the run and cached for the whole `/create-pr` invocation. Do **not**
+re-read `.agent-settings.yml` in 4b / 4c — both branches resolve from
+the cached values from step 1.
+
+When all three resolve to their silent defaults (`false` / `minimal` /
+`false`), steps 4b–4c collapse to the single `→ #N opened: <url>` line
+from 4b and a silent 4c. No extra file reads, no "checking settings…"
+narration, no confirmation prompts.
+
 ### Rules
 
 - **Always use the PR template** from `.github/pull_request_template.md`.

package/.agent-src/commands/video/from-script.md

@@ -5,7 +5,7 @@ cluster: video
 sub: from-script
 description: Drive a script end-to-end through the AI video pipeline — scenes → blueprint → image → operator pick → motion → video → stitch. Dry-run default; network calls require explicit per-turn confirmation.
 disable-model-invocation: true
-personas: [hollywood-director, ai-video-technical-director, pixar-storyboard-artist]
+personas: [hollywood-director, ai-video-technical-director]
 skills: [scene-expander, video-director, pixar-storyteller, character-consistency, motion-choreographer]
 suggestion:
   eligible: true
@@ -19,7 +19,7 @@ suggestion:
 
 Drives a Markdown script through the full pipeline. Provider flags
 override the `<default-image-provider>` / `<default-video-provider>`
-from [`agents/.ai-video.xml`](../../agents/.ai-video.xml.example);
+from [`agents/.ai-video.xml`](../../../agents/.ai-video.xml.example);
 absent flags fall back to the XML defaults.
 
 **Block-on-ambiguity:** a missing scene heading, an unparseable
@@ -49,7 +49,7 @@ provider in this order: command flag → `agents/.ai-video.xml` default
 Run the `scene-expander` skill: split on `## Scene N` headings, extract
 dialogue / action / ambient blocks, and emit one `scene-blueprint.yaml`
 per scene under `<project>/scenes/<id>/`. Schema:
-[`scene-blueprint.schema.yaml`](../skills/scene-expander/scene-blueprint.schema.yaml).
+[`scene-blueprint.schema.yaml`](../../skills/scene-expander/scene-blueprint.schema.yaml).
 
 ### 4. Character lock
 
@@ -66,7 +66,7 @@ For each scene blueprint:
 2. **Safety gate (Phase 5 Step 6).** If `AIV_DRYRUN=false`, print the
    adapter, model, scene count, and estimated cost; refuse to continue
    without an explicit operator confirmation **in this turn**. Mirrors
-   [`non-destructive-by-default`](../rules/non-destructive-by-default.md).
+   [`non-destructive-by-default`](../../rules/non-destructive-by-default.md).
 3. Call the image adapter (`run` subcommand) N times where N =
    `<tuning/best-of-n>` (default 1).
 
@@ -120,4 +120,4 @@ estimated cost (live mode) or `dry-run` marker. No commit. No push.
 - [`/video:scene`](scene.md) — single-scene iteration
 - [`/video:storyboard`](storyboard.md) — image-only contact sheet
 - [`/video:stitch`](stitch.md) — re-stitch after operator edits
-- [`scripts/ai-video/lib/adapter-contract.md`](../../scripts/ai-video/lib/adapter-contract.md)
+- [`scripts/ai-video/lib/adapter-contract.md`](../../../scripts/ai-video/lib/adapter-contract.md)

package/.agent-src/commands/video/storyboard.md

@@ -5,7 +5,7 @@ cluster: video
 sub: storyboard
 description: Image-only storyboard — script → scenes → blueprint → image render → contact-sheet PNG via ffmpeg montage. No video calls.
 disable-model-invocation: true
-personas: [hollywood-director, pixar-storyboard-artist]
+personas: [hollywood-director]
 skills: [scene-expander, video-director, character-consistency]
 suggestion:
   eligible: true

package/.agent-src/contexts/execution/roadmap-process-loop.md

@@ -61,9 +61,12 @@ matching `commit:` / `git commit` / `Commit phase` patterns).
 - **Commit steps present, non-autonomous** → ask before each commit
   step inside the loop.
 
-## 4. Resolve quality cadence
+## 4. Resolve cadences — read once, cache for the run
 
-Read `roadmap.quality_cadence` from `.agent-settings.yml` once:
+Read both keys from `.agent-settings.yml` once and cache for the whole
+run. Do **not** re-read inside the step loop.
+
+**`roadmap.quality_cadence`** — when to run the quality pipeline:
 
 | Value | Pipeline runs |
 |---|---|
@@ -75,28 +78,80 @@ Missing / unreadable / unknown → fall back to `end_of_roadmap`.
 The Iron Law [`verify-before-complete`](../../rules/verify-before-complete.md)
 still mandates fresh quality output before any "complete" claim.
 
+**`roadmap.dashboard_regen_cadence`** — when to run the dashboard
+subprocess between steps:
+
+| Value | `./agent-config roadmap:progress` runs |
+|---|---|
+| `per_step` (default) | After every checkbox flip |
+| `every_5_steps` | Every 5th closed step + at phase boundary + at reply end |
+| `phase_boundary` | Only at phase boundaries + run end |
+
+`process-step` ignores this — single-step runs always regen at step
+end. Any file-shape touch (rename / phase add / archive — Iron Law 1
+of [`roadmap-progress-sync`](../../rules/roadmap-progress-sync.md))
+forces an immediate regen regardless of cadence. The checkbox flip
+itself is **never** batchable — only the subprocess.
+
 ## 5. Step loop
 
 For each open step in the working set (scope-bound — see wrapper):
 
-1. Read the step description and inline notes.
+0. **CI-step gate** — per
+   [`roadmap-ci-steps-policy`](../../rules/roadmap-ci-steps-policy.md).
+   When `quality.local_auto_run: false` and the step text matches a
+   CI-shaped literal (`task ci`, `task ci-fast`, `task ci-strict`,
+   `make ci`, `make test`, `npm/pnpm run check`, `yarn check`,
+   `composer test`, whole-suite `vendor/bin/phpunit`, whole-suite
+   `php artisan test`) **without** an inline
+   `<!-- carve-out: new-gate-verification -->` marker → flip the
+   checkbox to `[-]`, append
+   `<!-- skipped: quality.local_auto_run=false → remote CI is the gate -->`
+   on the same line, regenerate the dashboard, continue to the next
+   step. Never run the gate. Carve-out marker present → run normally
+   (new gate must be verified once locally). Setting `true` → run
+   normally.
+1. **Bundled read — one parallel tool-call block.** The step
+   description, the immediately-relevant code files, and any
+   guideline/context the step cites are **independent** reads and
+   **must** be dispatched together, not serially.
+
+   ```
+   parallel:
+     - view agents/roadmaps/<file>.md     (the step's section)
+     - view <files cited in the step text>
+     - codebase-retrieval (only if the step is vague)
+   ```
+
+   Anti-pattern: `view step` → think → `view file A` → think →
+   `view file B`. That's 3 round-trips for what should be 1.
 2. Analyze the codebase for what the step requires.
 3. Decide and act — implement. **No "should I implement this?" prompt.**
 4. **Open question handling:**
    - **Council on** → invoke per [`ai-council`](../../skills/ai-council/SKILL.md),
      integrate convergence, proceed. Token spend was opted in.
    - **Council off** → halt, surface once, wait. Resume on next turn.
-5. **Atomic flip + regen** — before moving to step N+1, in the **same
-   reply** that landed step N's work:
-   1. Flip the checkbox in `agents/roadmaps/<file>.md`: `[x]` done ·
-      `[~]` partial · `[-]` skipped.
-   2. Run `./agent-config roadmap:progress` to regenerate the
-      dashboard.
-   This pair is **non-skippable** and **non-batchable** per Iron Law 2
-   of [`roadmap-progress-sync`](../../rules/roadmap-progress-sync.md). A
-   loop iteration that lands work without flipping its box is a rule
-   violation. Do not save flips for the archive commit.
-6. Run quality pipeline if cadence is `per_step`.
+5. **Atomic flip — same reply, every step.**
+   Flip the checkbox in `agents/roadmaps/<file>.md`: `[x]` done ·
+   `[~]` partial · `[-]` skipped. **Non-skippable, non-batchable**
+   per Iron Law 2 of
+   [`roadmap-progress-sync`](../../rules/roadmap-progress-sync.md).
+   A loop iteration that lands work without flipping its box is a
+   rule violation. Do not save flips for the archive commit.
+6. **Dashboard regen — cadence-gated.** Run
+   `./agent-config roadmap:progress` when due per
+   `roadmap.dashboard_regen_cadence` (resolved in § 4):
+   - `per_step` → always after the flip.
+   - `every_5_steps` → after the 5th, 10th, … closed step **of this
+     run**, or when the reply ends with closed steps pending regen.
+   - `phase_boundary` → skip; the boundary handler in § 5 wrapper /
+     § 6 runs the regen.
+   - Any file-shape touch (rename / phase add / archive — Iron Law 1)
+     → run immediately regardless of cadence.
+
+   Skipped regens accumulate into the next due regen — the markdown
+   file is the source of truth between regens.
+7. Run quality pipeline if cadence is `per_step`.
 
 ### Halt conditions
 

package/.agent-src/personas/README.md

@@ -63,11 +63,12 @@ the linter check list.
 |---|---|---|
 | `qa` | specialist | testability, failure scenarios |
 | `hollywood-director` | specialist | live-action cinematic prompts — lens, lighting, blocking, negative constraints |
-| `pixar-storyboard-artist` | specialist | animation acting — emotional beat, want / obstacle, environment reaction |
 | `ai-video-technical-director` | specialist | provider tuning — Veo / Kling / OpenAI / Higgsfield / Sora grammar, token caps, audio flags |
 
 More specialists may land in v1.1+ — each must pass the
-Unique-Questions heuristic before being drafted.
+Unique-Questions heuristic before being drafted. Removed personas
+are deleted in-commit (no soak window) per
+[`persona-governance § Deprecation path`](../rules/persona-governance.md).
 
 ## How skills use personas
 

package/.agent-src/personas/ai-video-technical-director.md

@@ -18,7 +18,7 @@ audio capability. Refuses one-prompt-fits-all; demands a tuned variant
 per adapter. Catches prompts that would silently truncate, fall back
 to a default aspect, or drop audio on a video-only model. Not
 responsible for camera grammar (`hollywood-director`) or acting
-(`pixar-storyboard-artist`).
+(`pixar-storyteller` skill).
 
 ## Mindset
 
@@ -77,5 +77,5 @@ count.
 ## Composes well with
 
 - `hollywood-director` — consumes the 11-block prompt; folds it into provider grammar.
-- `pixar-storyboard-artist` — consumes the four-block storyboard; preserves beat counts in MOTION PROMPT.
+- `pixar-storyteller` skill — consumes the four-block storyboard; preserves beat counts in MOTION PROMPT.
 - `motion-choreographer` skill — drafts per-provider motion + audio directions against this output.

package/.agent-src/personas/hollywood-director.md

@@ -17,7 +17,7 @@ lens, the light, the camera move, blocking, and negative constraints
 are all on the page. Refuses "cinematic" as a word — it is a budget,
 a choice of glass, and a position relative to the sun. Catches shots
 still readable as stock footage. Not responsible for animation pacing
-(`pixar-storyboard-artist`) or provider tokens (`ai-video-technical-director`).
+(`pixar-storyteller` skill) or provider tokens (`ai-video-technical-director`).
 
 ## Mindset
 
@@ -92,8 +92,8 @@ declarative sentence — no adjective stacks, no "ultra-realistic".
 
 ## Composes well with
 
-- `pixar-storyboard-artist` — when the beat is emotional rather than
-  procedural; the storyboard artist names the acting, this persona
+- `pixar-storyteller` skill — when the beat is emotional rather than
+  procedural; the storyteller skill names the acting, this persona
   names the camera around it.
 - `ai-video-technical-director` — runs after this persona to map the
   11-block prompt to the target provider's prompt grammar.

package/.agent-src/profiles/content_creator.yml

@@ -16,10 +16,15 @@ profile:
       - editorial-calendar
       - release-comms
       - prompt-engineering-patterns
+      - character-consistency
   surface:
     commands_hint:
       - work
       - post-as
       - ghostwriter
       - optimize-prompt
+      - video:from-script
+      - video:storyboard
+      - video:scene
+      - video:stitch
     docs_first_pointer: "docs/getting-started-by-role.md#content_creator"

package/.agent-src/rules/media-governance-routing.md

@@ -0,0 +1,82 @@
+---
+type: "auto"
+tier: "2a"
+description: "When generating AI video/image/voice — surface project-local media policies (likeness, style, public-figures, voice-cloning, disclosure)"
+source: package
+triggers:
+  - keyword: "/video:"
+  - keyword: "/image:"
+  - keyword: "/audio:"
+  - keyword: "deepfake"
+  - keyword: "voice clone"
+  - keyword: "voice cloning"
+  - keyword: "likeness"
+  - keyword: "brand impersonation"
+  - phrase: "in the style of"
+  - phrase: "in the voice of"
+  - phrase: "as [public figure]"
+  - phrase: "impersonate"
+applies_to_user_types:
+  - "creator"
+  - "marketing"
+  - "gtm"
+validator_ignore:
+  - type: "substring"
+    pattern: "../../agents/"
+    reason: "Routing rule whose subject matter is the project-local agents/policies/media/ tree; every body link points there by design."
+  - type: "substring"
+    pattern: ".agent-src.uncompressed/"
+    reason: "Rule contrasts project-local placement with the .agent-src.uncompressed/rules/ alternative — mentioning the path is the argument."
+---
+
+# Media Governance Routing
+
+## Iron Law
+
+```
+WHEN AI VIDEO, IMAGE, OR VOICE GENERATION FIRES, CONSULT THE PROJECT-LOCAL
+MEDIA POLICIES IN agents/policies/media/ BEFORE EMITTING THE PROMPT TO
+THE PROVIDER. REFUSE-AND-SURFACE OVER GUESS-AND-RENDER.
+```
+
+Routes agent to project-local media governance policy layer at [`agents/policies/media/`](../../agents/policies/media/) when video / image / voice surface fires. Policies are LLM-readable decision frameworks consulted in-session, not Python-enforced gates — see [`agents/policies/media/README.md § Enforcement model`](../../agents/policies/media/README.md) for full agent-in-the-loop contract.
+
+## What this rule surfaces
+
+Any trigger match → agent loads into context:
+
+- [`agents/policies/media/likeness.md`](../../agents/policies/media/likeness.md) — real person's visual likeness.
+- [`agents/policies/media/style.md`](../../agents/policies/media/style.md) — named living artist's distinctive style.
+- [`agents/policies/media/public-figures.md`](../../agents/policies/media/public-figures.md) — recognised public figures.
+- [`agents/policies/media/voice-cloning.md`](../../agents/policies/media/voice-cloning.md) — vocal likeness.
+- [`agents/policies/media/disclosure.md`](../../agents/policies/media/disclosure.md) — mandatory non-removable AI-generation disclosure.
+- [`agents/policies/media/brand-impersonation.md`](../../agents/policies/media/brand-impersonation.md) — brand / broadcaster identity imitation.
+- [`agents/policies/media/transparency.md`](../../agents/policies/media/transparency.md) — provenance metadata (C2PA, SynthID).
+
+Each policy carries own trigger block → within active context agent narrows from superset to policies whose specific patterns actually fired (e.g. prompt naming public figure → `public-figures.md` + `disclosure.md`; `--no-disclosure` → `disclosure.md` standalone).
+
+## Why project-local, not `.agent-src.uncompressed/rules/`
+
+Seven media policies live under [`agents/policies/media/`](../../agents/policies/media/), not as `.agent-src.uncompressed/rules/domain-safety-media-*.md`, for three reasons:
+
+1. **Consumed by skills + adapters**, not surfaced as standalone always-loaded prose. Cost non-trivial (7 × ~80 lines = ~560 lines always-context if hoisted to rules), and most sessions never touch video / image / voice surface.
+2. **Enforcement model project-local** — working precedent (`/ghostwriter:*` mandatory footer in `write-engine.md`) + audit log (session transcripts) are project artifacts. Rules under `.agent-src.uncompressed/` are tool-portable governance; these policies are domain-specific bindings.
+3. **Extraction to reusable domain pack explicitly deferred** until second non-video domain (audio, image, docs, exports) lands with overlapping execution surfaces. Until then, one-domain abstraction structurally premature — policies stay project-local, routing rule on-demand bridge.
+
+This routing rule is the bridge: sits in always-loaded rule set so trigger keywords surface project-local policies into context on demand, without paying full always-loaded cost.
+
+## CI reachability guarantee
+
+[`scripts/lint_media_policy_linkage.py`](../../scripts/lint_media_policy_linkage.py) fails build if any policy file under `agents/policies/media/` not linked from:
+
+- this routing rule, **or**
+- a skill's `## Policies` see-also block, **or**
+- another policy file's `## See also` block.
+
+Policy that no skill, rule, or sibling policy references → silent policy. CI check is structural reachability guarantee that agent-in-the-loop model rests on.
+
+## See also
+
+- [`agents/policies/media/README.md`](../../agents/policies/media/README.md) — full enforcement-model contract.
+- [`.augment/rules/ask-when-uncertain.md`](../../.augment/rules/ask-when-uncertain.md) — single-question refusal-path discipline every policy depends on.
+- [`docs/contracts/write-engine.md`](../docs/contracts/write-engine.md) — prose-disclosure precedent extended to media by [`disclosure.md`](../../agents/policies/media/disclosure.md).

package/.agent-src/rules/persona-governance.md

@@ -0,0 +1,90 @@
+---
+type: "auto"
+tier: "2a"
+description: "When creating, editing, or proposing personas — enforce per-domain cap (≤ 2 specialists), ≥ 1 skill citation, and the deprecation path"
+source: package
+triggers:
+  - path_prefix: ".agent-src.uncompressed/personas/"
+  - path_prefix: ".agent-src/personas/"
+  - keyword: "persona"
+  - keyword: "personas"
+  - phrase: "new persona"
+  - phrase: "add a persona"
+  - phrase: "specialist persona"
+  - phrase: "review lens"
+routes_to:
+  - "contract:persona-schema"
+applies_to_user_types:
+  - "maintainer"
+  - "developer"
+validator_ignore:
+  - type: "substring"
+    pattern: "../../docs/"
+    reason: "Rule routes to docs/contracts/persona-schema.md and docs/personas.md — the canonical persona catalog and schema live there by design."
+  - type: "substring"
+    pattern: ".agent-src.uncompressed/"
+    reason: "Rule documents the persona authoring tree (.agent-src.uncompressed/personas/) as the deprecation-path operand."
+---
+
+# Persona Governance
+
+## Iron Law
+
+```
+ONE PERSONA, ONE OWNER, ONE SKILL CITATION, ONE DOMAIN SLOT.
+NO NEW SPECIALIST WITHOUT A DEPRECATION CANDIDATE WHEN THE DOMAIN IS FULL.
+```
+
+Personas are review lenses, not free real estate. Every specialist persona has a maintenance cost: it must stay aligned with the schema, the cited skills must still want it, and the per-domain reasoning surface must not bloat to the point that no single persona is load-bearing. This rule routes the agent to [`docs/contracts/persona-schema.md`](../docs/contracts/persona-schema.md) and [`docs/personas.md`](../../docs/personas.md) and enforces the four discipline checks below.
+
+## The four checks
+
+### 1. Per-domain cap — ≤ 2 specialised personas per content domain
+
+A **content domain** is a self-contained creative or technical surface that one or two specialist personas can fully cover. Current domains:
+
+| Domain | Specialists allowed | Examples |
+|---|---|---|
+| ai-video / ai-image / ai-audio | ≤ 2 | one director-shaped lens + one technical-tuning lens |
+| backend engineering | ≤ 2 | architect + ORM-tamer |
+| frontend engineering | ≤ 2 | component / lifecycle + design / a11y |
+| security | ≤ 2 | abuse-case + secrets-and-trust |
+| gtm / growth | ≤ 2 | CMO + RevOps |
+| money / strategy | ≤ 2 | finance-partner + strategist |
+| people / org | ≤ 2 | engineering-manager + people-strategist |
+| customer / discovery | ≤ 2 | discovery-lead + customer-success-lead |
+
+**Core personas** (`developer`, `senior-engineer`, `product-owner`, `stakeholder`, `critical-challenger`, `ai-agent`) are exempt — they are always-loaded cross-cutting lenses, not domain specialists.
+
+A new specialist into a full domain MUST come with a deprecation candidate from the same domain. The agent surfaces both, then runs an ai-council debate (per [`ai-council`](../../.agent-src/skills/ai-council/SKILL.md)) before any rename / merge / delete.
+
+### 2. Skill citation floor — ≥ 1 cite before merge
+
+A specialist persona without a `personas: [<id>]` citation in at least one skill's frontmatter is dead weight. The PR adding the persona MUST also add the citation, OR the PR is rejected. Citation map lives in [`docs/personas.md § Skill citations`](../../docs/personas.md#skill-citations).
+
+### 3. Deprecation path — delete immediately, record in commit
+
+A persona being removed is **deleted in the same commit** that lands its replacement. The commit message names the successor (or "merged into X") and cites the council decision (or maintainer rationale) that authorised it. No soak window — internal personas have no external consumers; a persona file kept around as a tombstone is dead weight the linter still loads. No silent deletes either: the audit trail is the commit, not a docs table.
+
+### 4. Schema conformance — the skill linter is the gate
+
+Every persona file is linted against [`docs/contracts/persona-schema.md`](../docs/contracts/persona-schema.md) by the skill linter: frontmatter shape, tier enum, wing enum, required sections per tier, line budget per tier (with wing override), `Unique Questions` ≥ 3, filename / id match, description ≤ 160 chars. The agent runs `python3 scripts/skill_linter.py` before any persona PR is marked ready.
+
+## Failure modes — what counts as a violation
+
+- Adding a third specialist to a full domain without naming the deprecation candidate.
+- Landing a specialist with no `personas: [<id>]` cite in any skill.
+- Renaming or deleting a persona file without naming the successor (or sunset reason) in the commit message.
+- Editing core-tier personas in-place with breaking changes (rename, section removal) without bumping to a new id.
+- Skipping the skill linter (`python3 scripts/skill_linter.py`) on a persona PR.
+
+## Day-one state
+
+Resolved 2026-05-17 via two-round ai-council debate (members: anthropic/claude-sonnet-4-5, openai/gpt-4o — converged delete-and-fold): `pixar-storyboard-artist` deleted; acting / beat-decomposition lens folded into [`pixar-storyteller`](../skills/pixar-storyteller/SKILL.md) skill body. Active per-domain count for `ai-video` now 2 (`ai-video-technical-director`, `hollywood-director`), within cap. Total active personas in root cluster: 24 (plus 5 advisors in `personas/advisors/`). Full inventory + ownership in [`docs/personas.md`](../../docs/personas.md).
+
+## See also
+
+- [`docs/contracts/persona-schema.md`](../docs/contracts/persona-schema.md) — schema lock, tiers, sections, size budgets, linter enforcement surface.
+- [`docs/personas.md`](../../docs/personas.md) — active persona catalog, citation map, ownership column.
+- [`ai-council`](../../.agent-src/skills/ai-council/SKILL.md) — neutral second-opinion mechanism used for merge / deprecation decisions.
+- [`skill-quality`](skill-quality.md) — sibling discipline rule for skill files.

package/.agent-src/rules/post-push-rewrite-discipline.md

@@ -0,0 +1,70 @@
+---
+type: "auto"
+tier: "2a"
+alwaysApply: false
+description: "Git history after a push — squash/amend/rebase of pushed commits must pair with immediate re-push in same turn; stop on divergent state"
+source: package
+triggers:
+  - intent: "squash the pushed branch"
+  - intent: "clean up commits on the PR branch"
+  - intent: "tidy history after pushing"
+  - keyword: "git rebase -i"
+  - keyword: "--amend"
+  - keyword: "force-push"
+  - keyword: "--force-with-lease"
+  - phrase: "branch diverged"
+  - phrase: "pull --rebase failed"
+  - phrase: "ahead and behind"
+routes_to:
+  - "skill:git-workflow"
+---
+
+# Post-Push Rewrite Discipline
+
+## Iron Law
+
+```
+ONCE PUSHED, A COMMIT IS PUBLISHED.
+ANY REWRITE OF PUSHED HISTORY MUST PAIR WITH AN IMMEDIATE RE-PUSH
+IN THE SAME TURN — OR DON'T REWRITE.
+NEVER END A SESSION WITH REWRITTEN-BUT-UNPUSHED LOCAL HISTORY.
+```
+
+## Two protective stops
+
+1. **Pre-rewrite stop.** Before any squash / amend / rebase on a
+   branch that is on origin: `git fetch && git rev-list --left-right
+   --count HEAD...@{u}`. If **either** side is non-zero — STOP and
+   route to `skill:git-workflow § Divergent-State Recovery`. A blind
+   `git pull --rebase` in this state is the documented failure mode.
+
+2. **Post-rewrite stop.** After the rewrite, push in the **same turn**
+   with `--force-with-lease=<branch>:<fetched-sha>` and verify
+   `git rev-parse origin/<branch>` equals `git rev-parse HEAD`.
+   If the push fails (hook, network, token budget) — fix the cause
+   and re-push **before** ending the session, committing new work,
+   or handing off.
+
+If either stop fires and resolution is not immediate → tag the state
+(`git tag local-rewritten-tip-<ISO-date>`) and hand control back to
+the user. Do not let a new session inherit a dirty divergence.
+
+## Why this rule exists
+
+A previous session squashed a pushed branch, the push hook failed at
+the token boundary, the session ended — and the next session saw
+local and origin pointing at different SHAs for the same logical work.
+A blind `git pull --rebase` cascaded into conflicts across every
+derived file (`.compression-hashes.json`, router projections). Recovery
+required forensic SHA-archaeology. This rule makes that sequence
+structurally impossible: rewrite without immediate push is forbidden.
+
+## See also
+
+- [`no-unsolicited-rebase`](no-unsolicited-rebase.md) — whether to
+  rewrite at all (this rule kicks in once rewriting is authorized).
+- [`skill:git-workflow`](../skills/git-workflow/SKILL.md) — Safe
+  Squash-After-Push protocol and Divergent-State Recovery decision
+  tree.
+- [`commit-policy`](commit-policy.md) — never rewrite or commit
+  without explicit authorization.