@event4u/agent-config 2.24.0 → 2.25.0

package/.agent-src/rules/provider-lifecycle-discipline.md

@@ -0,0 +1,75 @@
+---
+type: "auto"
+tier: "2a"
+description: "When editing an AI video/image/audio adapter — declare lifecycle tier (experimental | stable | deprecated | community); never default to non-stable"
+source: package
+triggers:
+  - keyword: "/video:"
+  - keyword: "/image:"
+  - keyword: "/audio:"
+  - keyword: "ai-video"
+  - keyword: "ai-image"
+  - keyword: "ai-audio"
+  - keyword: "adapter"
+  - keyword: "provider"
+  - path_prefix: "scripts/ai-video/adapters/"
+  - path_prefix: "agents/.ai-video.xml"
+  - phrase: "lifecycle"
+  - phrase: "default provider"
+routes_to:
+  - "contract:provider-lifecycle"
+applies_to_user_types:
+  - "creator"
+  - "developer"
+  - "maintainer"
+---
+
+# Provider Lifecycle Discipline
+
+## Iron Law
+
+```
+NEVER DEFAULT TO A NON-STABLE PROVIDER SILENTLY.
+SURFACE THE LIFECYCLE TIER. ASK BEFORE RUNNING.
+```
+
+This rule routes the agent to [`docs/contracts/provider-lifecycle.md`](../docs/contracts/provider-lifecycle.md) whenever a `/video:* / /image:* / /audio:*` surface fires, an adapter under `scripts/ai-video/adapters/` is read or edited, or `agents/.ai-video.xml.example` (or the operator's `agents/.ai-video.xml`) is in play. The contract defines four tiers — `experimental | stable | deprecated | community` — and the agent's obligations per tier.
+
+## What this rule enforces
+
+1. **Read the tier before picking.** When the agent resolves a provider (from `--provider <id>`, from `<default-video-provider>` / `<default-image-provider>`, or from a skill's default), it MUST read both:
+   - the `<lifecycle>` element under `<provider id="…">` in `agents/.ai-video.xml.example` (or the operator's `.ai-video.xml`), and
+   - the `Lifecycle:` header comment in `scripts/ai-video/adapters/<id>.sh`.
+   Mismatch between the two is a contract violation and MUST be surfaced before running.
+
+2. **Refuse-and-surface on non-stable.** If the resolved default is `experimental`, `deprecated`, or `community`, the agent surfaces the tier and the path to the contract, then emits **one** clarifying question (per [`ask-when-uncertain`](ask-when-uncertain.md)): either confirm the non-stable run, or pick a `stable` provider. No silent default. No "I'll just try it".
+
+3. **Refuse `deprecated` without naming the successor.** A `deprecated` adapter's header comment records the successor; the agent surfaces "X is deprecated; successor: Y" before any run, even with confirmation.
+
+4. **Record the tier in the run summary.** The summary line emitted after every `/video:* / /image:* / /audio:*` run names the chosen provider AND its tier. This is the audit-log entry the agent-in-the-loop enforcement model rests on.
+
+5. **Promotion is the maintainer's call.** The agent never auto-promotes `experimental → stable`. It MAY draft a promotion checklist (see [`docs/contracts/provider-lifecycle.md § 2`](../docs/contracts/provider-lifecycle.md#-2--promotion-path)) for maintainer review, but the tier-flip commit is human-authored.
+
+## Failure modes — what counts as a violation
+
+- Running `/video:scene` against the `<default-video-provider>` without reading the lifecycle tag first → violation.
+- Picking a `community` provider because it was named in the prompt, without surfacing the tier → violation.
+- Editing an adapter and leaving its header `Lifecycle:` comment out of sync with `agents/.ai-video.xml.example` → violation (CI does not catch this; the agent must).
+- Auto-promoting an adapter from `experimental` to `stable` because "dry-run worked" → violation. Promotion requires a maintainer-captured real-API smoke trace under `agents/ai-video/smoke-traces/`.
+
+## Day-one state
+
+All five shipped adapters (`openai-images`, `gemini-veo`, `kling`, `higgsfield`, `sora`) ship as `experimental`. This means **every** default `/video:* / /image:*` run today triggers the refuse-and-surface path. That is intentional — it is the conservative-by-construction posture the contract argues for. As maintainers capture smoke traces and flip individual adapters to `stable`, the friction reduces per-adapter.
+
+## Why agent-in-the-loop, not Python gate
+
+A Python pre-run gate enumerating tier-by-command rules would either be too coarse (`experimental → block`, breaking day-to-day dev iteration) or too detailed (per-command tier matrix, drifting from reality on every new provider). The agent reading the tag at run time, surfacing the tier, and asking is the correct enforcement surface: the model that picked the provider is the model that surfaces the obligation, and the human is the policy decision point.
+
+The CI guarantee is structural reachability — the linter would fail if a provider was declared in `agents/.ai-video.xml.example` without a lifecycle tag (extension planned). It does not enforce the runtime obligation; the agent does.
+
+## See also
+
+- [`docs/contracts/provider-lifecycle.md`](../docs/contracts/provider-lifecycle.md) — the full tier definitions, promotion / demotion criteria, and day-one assignment matrix.
+- [`scripts/ai-video/lib/adapter-contract.md`](../../scripts/ai-video/lib/adapter-contract.md) — the four-method shell surface every adapter implements; the tier tag is read alongside this contract.
+- [`media-governance-routing`](media-governance-routing.md) — sibling tier-2a rule that surfaces the prompt-side policy layer; this rule covers the provider-side discipline.
+- [`ask-when-uncertain`](ask-when-uncertain.md) — the one-question-per-turn discipline the refuse-and-surface path uses.

package/.agent-src/rules/roadmap-ci-steps-policy.md

@@ -0,0 +1,145 @@
+---
+type: "auto"
+tier: "2a"
+description: "When authoring or executing roadmaps — forbid task ci / make test / npm run check steps when quality.local_auto_run is false; skip inline at execution"
+source: package
+triggers:
+  - path_prefix: "agents/roadmaps/"
+  - path_prefix: "app/Modules/"
+  - keyword: "task ci"
+  - keyword: "make test"
+  - keyword: "npm run check"
+  - keyword: "pnpm run check"
+  - keyword: "yarn check"
+  - keyword: "composer test"
+  - phrase: "run the quality pipeline"
+  - phrase: "run task ci"
+  - phrase: "run the full ci"
+applies_to_user_types:
+  - "maintainer"
+  - "developer"
+validator_ignore:
+  - type: "substring"
+    pattern: "agents/roadmaps/"
+    reason: "Rule's subject is roadmap files under agents/roadmaps/; every body link points there by design."
+  - type: "substring"
+    pattern: ".agent-settings.yml"
+    reason: "Rule reads quality.local_auto_run from .agent-settings.yml; naming the file is the contract."
+---
+
+# Roadmap CI-Steps Policy
+
+## Iron Law
+
+```
+WHEN quality.local_auto_run IS FALSE,
+ROADMAPS MUST NOT SCHEDULE FULL-PIPELINE CI STEPS,
+AND EXECUTION MUST SKIP THEM INLINE WITH [-] AND A REASON.
+```
+
+When `quality.local_auto_run: false` in `.agent-settings.yml`, every
+full-pipeline gate run during roadmap work is wasted wall-clock and
+tokens — remote CI on the PR is the authoritative gate. Roadmaps
+must neither schedule nor execute them locally. New CI gates and
+smoke/test files added by the roadmap itself are exempt — they must
+run once locally to count as verified evidence per
+[`verify-before-complete`](verify-before-complete.md).
+
+## Forbidden step patterns (authoring + execution)
+
+A step is **CI-shaped** when its text matches any pattern below.
+Case-insensitive. Line-bounded — literal must appear inside the
+step's `- [ ]` line or its immediate inline `<!-- … -->` / `(…)` note.
+
+| Pattern | Example |
+|---|---|
+| `task ci` | `Run task ci before the boundary` |
+| `task ci-strict` | `task ci-strict release gate` |
+| `task ci-fast` | `task ci-fast smoke` |
+| `make test` | `Run make test on phase boundary` |
+| `make ci` | `make ci pre-merge` |
+| `npm run check` / `pnpm run check` / `yarn check` | `npm run check before commit` |
+| `composer test` | `composer test on every phase` |
+| `vendor/bin/phpunit` (whole-suite, no path arg) | `vendor/bin/phpunit` |
+| `php artisan test` (no `--filter`) | `php artisan test` |
+
+Targeted commands (`vendor/bin/phpstan analyse app/Modules/X`,
+`php artisan test --filter=…`, `npm run lint -- --fix path/`) are
+**not** CI-shaped — narrow verifications, allowed regardless of the
+setting.
+
+## Carve-outs — when CI-shaped steps are still allowed
+
+1. **New CI gate / smoke test / test file landed by this roadmap.**
+   Once-locally execution is mandatory under
+   [`verify-before-complete`](verify-before-complete.md) carve-out
+   (see `templates/agent-settings.md` § `quality.local_auto_run`).
+   Mark the step with `<!-- carve-out: new-gate-verification -->`
+   on the same line; linter and execution loop honour it and let the
+   step run.
+2. **`quality.local_auto_run: true`.** Opt-in restores pre-policy
+   behaviour — linter no-ops, execution loop runs CI steps unmodified.
+3. **Acceptance-criteria block at end of roadmap.** Final-gate prose
+   like "All quality gates pass (`task ci`)" inside an
+   `## Acceptance criteria` section is documentation, not an
+   executable step (no `- [ ]` checkbox in front). Linter ignores;
+   execution loop never reaches it as a step.
+
+## Authoring — linter blocks at write-time
+
+`task lint-roadmap-ci-steps` (wired into `task ci-fast` /
+`lint-roadmap-complexity` cadence) scans `agents/roadmaps/*.md` and
+`app/Modules/*/agents/roadmaps/*.md`. Exit code:
+
+- `0` — no CI-shaped steps, or setting is `true`, or every match is
+  carve-out-marked.
+- `1` — at least one CI-shaped step in an active (non-archived,
+  non-skipped) roadmap with `quality.local_auto_run: false` and no
+  carve-out marker. Linter prints file, line, matched literal, and
+  suggested rewording.
+
+Archive (`agents/roadmaps/archive/`) and skipped
+(`agents/roadmaps/skipped/`) are out of scope — they record history,
+not future work.
+
+## Execution — process-loop skips inline
+
+Wrappers `/roadmap:process-step|phase|full` honour the policy at the
+top of [`roadmap-process-loop § 5`](../contexts/execution/roadmap-process-loop.md#5-step-loop):
+
+1. Before running a step, match its text against the patterns above.
+2. CI-shaped **and** `quality.local_auto_run: false` **and** no
+   carve-out marker → flip checkbox to `[-]` (cancelled), append a
+   one-line reason as inline note, regenerate the dashboard, continue
+   to next step. **Never** run the gate.
+3. CI-shaped **and** `quality.local_auto_run: true` → run normally.
+4. Carve-out-marked → run regardless of the setting.
+
+The `[-]` reason format is fixed:
+`<!-- skipped: quality.local_auto_run=false → remote CI is the gate -->`.
+Per [`roadmap-progress-sync`](roadmap-progress-sync.md) the flip and
+dashboard regen happen in the **same reply** that decides to skip;
+saving skips for the archive commit is a rule violation.
+
+## Failure modes
+
+- Authoring `- [ ] Run task ci` while `local_auto_run: false` — linter
+  fails the PR.
+- Executing a CI-shaped step without inline-skip flip — Iron Law
+  violation; loop never reaches the gate.
+- Carve-out marker on an *existing* pipeline run — abuse; the marker
+  is reserved for **new** gates introduced by the same roadmap.
+- Hiding the literal inside a fenced bash block to dodge the linter —
+  linter matches inside fenced blocks too (see
+  `scripts/lint_roadmap_ci_steps.py`).
+
+## See also
+
+- [`verify-before-complete`](verify-before-complete.md) — Iron Law
+  this rule narrows; carve-out cites it.
+- [`roadmap-progress-sync`](roadmap-progress-sync.md) — inline flip +
+  dashboard regen contract.
+- `templates/agent-settings.md` § `quality.local_auto_run` — source
+  of the toggle and its carve-out wording.
+- [`contexts/execution/roadmap-process-loop`](../contexts/execution/roadmap-process-loop.md)
+  — § 5 owns the inline-skip mechanics.

package/.agent-src/rules/roadmap-progress-sync.md

@@ -25,16 +25,17 @@ Roadmap touch = create / rename / delete / move file, add/rename/remove a phase,
 ```
 EVERY DONE STEP FLIPS [ ] → [x] IN THE SAME REPLY THAT LANDS THE WORK.
 NO "I UPDATE THE ROADMAP AT THE END OF THE PHASE."
-NO "FOUR STEPS DONE, ONE COMMIT, ONE REGEN."
 A REPLY THAT LANDS A VERIFIED STEP WITHOUT FLIPPING ITS CHECKBOX
 IS A RULE VIOLATION, NOT AN OVERSIGHT.
 ```
 
-`/roadmap:process-step`, `/roadmap:process-phase`, `/roadmap:process-full`, and any other multi-step autonomous run flip the box for step N **before** moving on to step N+1. The dashboard is a real-time monitor, not a post-hoc summary. Batched flips at the archive commit defeat the dashboard's purpose.
+`/roadmap:process-step`, `/roadmap:process-phase`, `/roadmap:process-full`, and any other multi-step autonomous run flip the box for step N **before** moving on to step N+1. The checkbox itself is the real-time monitor — the markdown file is the source of truth, the dashboard is a derived view.
 
 **Step counts as done** when its code/doc change is written and saved AND the verification cited in the step has passed (fresh output in this reply or an earlier one).
 
-**In-progress marker.** When a step takes more than one reply, mark it `[~]` the moment work starts and regen — the user sees one row move `[ ] → [~] → [x]` instead of silent rows. `[~]` stays open for `count_open` but advances the phase percentage.
+**In-progress marker.** When a step takes more than one reply, mark it `[~]` the moment work starts — the user sees one row move `[ ] → [~] → [x]` instead of silent rows. `[~]` stays open for `count_open` but advances the phase percentage.
+
+**Dashboard regen cadence — opt-in batching.** The checkbox flip is non-batchable. The **subprocess regen** (`./agent-config roadmap:progress`) is batchable per `roadmap.dashboard_regen_cadence` in `.agent-settings.yml` (`per_step` default · `every_5_steps` · `phase_boundary`). Run end, phase boundary, and any file-shape touch (rename / phase add / archive — Iron Law 1) always force an immediate regen regardless of cadence.
 
 ## Pre-send self-check — MANDATORY
 
@@ -42,10 +43,15 @@ Before sending any reply that landed roadmap work:
 
 1. Did this reply land a step (code/doc saved + verification passed)?
 2. Is its checkbox flipped to `[x]` / `[~]` / `[-]` in `agents/roadmaps/<file>.md`? If no → flip, then continue.
-3. Did `./agent-config roadmap:progress` run after the flip? If no → run, then continue.
+3. Is regen due now per `roadmap.dashboard_regen_cadence`?
+   - `per_step` → yes, always.
+   - `every_5_steps` → yes when this is the 5th, 10th, … closed step in the run, or the last step of the reply.
+   - `phase_boundary` → only when this reply closes the phase or run.
+   - Any file-shape touch (rename / phase add / archive) → yes, regardless of cadence.
+   If yes and not run yet → run `./agent-config roadmap:progress`, then continue.
 4. Did `count_open` reach 0? If yes → `git mv` to `archive/` and regen again — same reply.
 
-Any "no" at step 2 or 3 → reply is incomplete. Do not send.
+Any "no" at step 2 → reply is incomplete. Do not send. A skipped step 3 regen is fine when cadence permits — checkbox truth lives in the markdown file.
 
 Long-form mechanics (failure-mode catalog, Copilot fallback, `[~]` vs `[ ]` semantics, hook + CI defence-in-depth) live in `guideline:agent-infra/roadmap-progress-mechanics`.
 Trigger-set above activates this routing under the `balanced` and `full` profiles.

package/.agent-src/skills/character-consistency/SKILL.md

@@ -2,7 +2,6 @@
 name: character-consistency
 description: "Use when a character must stay visually identical across AI video scenes — locks identity tokens (silhouette, palette, wardrobe, prop) in JSON. Triggers 'character lock', 'same character'."
 personas:
-  - pixar-storyboard-artist
   - hollywood-director
 source: package
 domain: product
@@ -118,3 +117,15 @@ the lock.
 - Do NOT skip the reference frame after the first render — visual
   regression has nothing to compare against.
 - Do NOT lock a character that appears in only one scene.
+
+## Policies
+
+When a character lock would identify or render a real person, consult before emitting the JSON:
+
+- [`agents/policies/media/likeness.md`](../../../agents/policies/media/likeness.md) — real-person identity tokens require a cited likeness release.
+- [`agents/policies/media/public-figures.md`](../../../agents/policies/media/public-figures.md) — recognised public figures carry the harder gate (publicity rights + transformative-intent).
+- [`agents/policies/media/voice-cloning.md`](../../../agents/policies/media/voice-cloning.md) — when `voice_note` references a real person's voice.
+- [`agents/policies/media/disclosure.md`](../../../agents/policies/media/disclosure.md) — outputs carrying a real-person lock require the non-removable AI-generation disclosure downstream.
+
+Refuse-and-surface the file path; do not silently sanitise the prompt.
+

package/.agent-src/skills/git-workflow/SKILL.md

@@ -77,6 +77,139 @@ The project uses `.github/pull_request_template.md`:
 - `main` is default/production branch.
 - Merge strategy: merge commits (not squash).
 
+## Procedure: Safe squash-after-push
+
+Use ONLY when the user explicitly authorized a squash on a branch that
+is already on origin. The whole sequence runs in **one turn** — never
+end the session between rewrite and push.
+
+Trigger context: `post-push-rewrite-discipline` rule routed here.
+
+### 1. Snapshot before touching anything
+
+```bash
+BRANCH=$(git branch --show-current)
+DATE=$(date +%F)
+git fetch origin
+git tag "safe-squash-pre/${BRANCH}/${DATE}" HEAD
+git tag "safe-squash-origin/${BRANCH}/${DATE}" "@{u}"
+```
+
+Two tags = two recoveries (local tip + origin tip). Do not skip the
+tags — `git reflog` is TTL-bounded and unreliable across sessions.
+
+### 2. Verify aligned starting state
+
+```bash
+git rev-list --left-right --count HEAD...@{u}
+```
+
+- `0  0` → aligned, proceed.
+- `N  0` (local ahead) → unpushed work, proceed.
+- `0  N` (origin ahead) → `git pull --ff-only` first, then re-check.
+- `M  N` (both non-zero) → **divergent**. Abandon the squash and run
+  § Divergent-State Recovery below.
+
+### 3. Perform the squash
+
+Default — soft-reset path (single token-cheap rewrite):
+
+```bash
+git reset --soft "$(git merge-base HEAD <base>)"
+git commit -m "<conventional commit message>"
+```
+
+Interactive rebase only when the user wants per-commit control — it
+replays derived files (`.compression-hashes.json`, router projections)
+per commit and conflicts on every replay.
+
+### 4. Re-push in the SAME turn
+
+```bash
+FETCHED_SHA=$(git rev-parse "@{u}")
+git push --force-with-lease="${BRANCH}:${FETCHED_SHA}" origin "${BRANCH}"
+git fetch origin
+[ "$(git rev-parse HEAD)" = "$(git rev-parse @{u})" ] \
+  && echo "OK: origin matches HEAD" \
+  || echo "MISMATCH — do not end session"
+```
+
+If the push fails (pre-push hook, network, token budget):
+- Fix the underlying cause **now**.
+- Re-push immediately.
+- Do not commit new work on top of the squashed-but-unpushed tip.
+- Do not end the session until `HEAD == @{u}`.
+
+### 5. Hand off only with verified parity
+
+Report exactly:
+- pre-squash tip SHA (from step 1)
+- pre-squash tag name (for recovery)
+- post-squash tip SHA == origin SHA (verified in step 4)
+- PR number, if any, and confirm it picked up the new tip
+
+## Procedure: Divergent-State Recovery
+
+Fires when `git rev-list --left-right --count HEAD...@{u}` shows
+**both** sides non-zero on the current branch.
+
+### 1. Stop. Do not pull.
+
+A blind `git pull --rebase` here replays remote commits on top of a
+local history that may already represent the same work in a different
+shape — guaranteed conflict storm in derived files, possible
+double-application of the same change. This is the documented failure
+mode behind `post-push-rewrite-discipline`.
+
+### 2. Tag both sides immediately
+
+```bash
+TS=$(date +%FT%H%M)
+git tag "diverged-local/${TS}" HEAD
+git tag "diverged-origin/${TS}" "@{u}"
+```
+
+### 3. Diagnose: which side is the correct future?
+
+```bash
+git log --oneline @{u}..HEAD   # local-only commits
+git log --oneline HEAD..@{u}   # origin-only commits
+git diff @{u}..HEAD --stat     # shape of local-ahead work
+```
+
+Decision matrix:
+
+| Pattern | Future | Action |
+|---|---|---|
+| Local has the same logical work as origin, just reshaped (squash/rebase) | **Local** | After PR-review check (step 4), `git push --force-with-lease=<branch>:<origin-sha>` |
+| Origin has commits local does not reflect (another contributor pushed) | **Origin** | Tag any local-ahead work for cherry-pick, then `git reset --hard @{u}` |
+| Both sides have genuine independent work | **ask user** | Never decide silently — surface the two commit lists and let the user pick |
+
+### 4. PR review-comment check (mandatory before any force-push)
+
+If a PR is open on this branch:
+```bash
+gh pr view --json reviews,comments
+# or via GitHub API: /repos/<owner>/<repo>/pulls/<num>/{reviews,comments}
+```
+
+If review comments are anchored to commits that the force-push will
+erase → STOP, ask the user how to preserve them. A force-push that
+destroys live review feedback is unrecoverable from the agent side.
+
+### 5. Recover or proceed
+
+Use the tags from step 2 to restore either side if step 4 surfaces a
+problem. After resolution, verify `HEAD == @{u}` and report both
+SHAs plus the tags created.
+
+## Hard prohibitions on a pushed branch
+
+- No `git pull --rebase` after detecting divergent state.
+- No `git push --force` without `--force-with-lease=<branch>:<sha>`.
+- No squash-then-end-session — the push must complete in the same turn.
+- No reflog-only recovery — always tag the state explicitly first.
+
 ## Output format
 
 1. Commits following conventional commit format

package/.agent-src/skills/motion-choreographer/SKILL.md

@@ -147,3 +147,15 @@ stdin shape. The orchestrator pipes this into the video adapter's
 - Do NOT paraphrase identity tokens from `character.json`.
 - Do NOT call any network API — this skill is provider-tuning
   prose only.
+
+## Policies
+
+Motion prompts inherit upstream blueprint constraints. Before emitting provider-tuned prose:
+
+- [`agents/policies/media/disclosure.md`](../../../agents/policies/media/disclosure.md) — every distributed clip → non-removable AI-generation disclosure; refuse adapter flags that suppress it.
+- [`agents/policies/media/transparency.md`](../../../agents/policies/media/transparency.md) — provider provenance (C2PA / SynthID) preserved; refuse re-encode flags that strip provenance.
+- [`agents/policies/media/voice-cloning.md`](../../../agents/policies/media/voice-cloning.md) — motion prompt requests `audio: native` in named voice.
+- [`agents/policies/media/brand-impersonation.md`](../../../agents/policies/media/brand-impersonation.md) — copies recognised brand's chyron / mascot / signature transition.
+
+Refuse-and-surface; motion prompt cannot launder upstream policy gap.
+

package/.agent-src/skills/pixar-storyteller/SKILL.md

@@ -1,18 +1,19 @@
 ---
 name: pixar-storyteller
 description: "Use when turning an idea into a Pixar-style animation prompt — character sheet, scene, image, video — anchored in emotional beat, want, obstacle. Triggers 'Pixar prompt', 'animated scene'."
-personas:
-  - pixar-storyboard-artist
 source: package
 domain: product
 ---
 
 # pixar-storyteller
 
-> Turn an animation beat into the **four-block storyboard** the
-> `pixar-storyboard-artist` persona ships: CHARACTER SHEET · SCENE
-> PROMPT · IMAGE PROMPT · VIDEO PROMPT. Output is provider-agnostic;
-> provider tuning is [`motion-choreographer`](../motion-choreographer/SKILL.md).
+> Turn an animation beat into the **four-block storyboard**:
+> CHARACTER SHEET · SCENE PROMPT · IMAGE PROMPT · VIDEO PROMPT.
+> Output is provider-agnostic; provider tuning is
+> [`motion-choreographer`](../motion-choreographer/SKILL.md).
+>
+> The acting / storyboard lens is enforced inline by the procedure
+> and self-review below.
 
 ## When to use
 
@@ -105,3 +106,15 @@ Any "no" → revise that block.
 - Do NOT emit provider-specific tokens — that is `motion-choreographer`.
 - Do NOT cite "Pixar-style" without a specific film + year.
 - Do NOT compound emotional beats ("sad but hopeful and tired").
+
+## Policies
+
+The Pixar-storyteller skill anchors prompts to named films and studios by design — the policy surface is the largest in the video cluster:
+
+- [`agents/policies/media/style.md`](../../../agents/policies/media/style.md) — naming a film + year as the *primary* anchor crosses the "in the style of [STUDIO]" trigger; surface and refuse without a transformative-intent rationale.
+- [`agents/policies/media/likeness.md`](../../../agents/policies/media/likeness.md) — when a beat references a named animator's signature character (real-person extension of style).
+- [`agents/policies/media/public-figures.md`](../../../agents/policies/media/public-figures.md) — when the storyteller's character is a recognised public figure rendered in Pixar shape.
+- [`agents/policies/media/disclosure.md`](../../../agents/policies/media/disclosure.md) — every Pixar-style output ships with the AI-generation disclosure; parody / commentary cases are flagged for human review.
+
+Refuse-and-surface when style ⇒ primary signature, not one influence among several.
+

package/.agent-src/skills/roadmap-writing/SKILL.md

@@ -137,6 +137,16 @@ to every roadmap you author.
   user (`commit-policy` Iron Law). A roadmap is "implementation-complete"
   once its checkboxes are ticked and verification has been run — merge
   timing is tracked outside the roadmap.
+* Schedule full-pipeline CI literals (`task ci`, `task ci-fast`,
+  `task ci-strict`, `make ci`, `make test`, `npm/pnpm run check`,
+  `yarn check`, `composer test`, whole-suite `vendor/bin/phpunit`,
+  whole-suite `php artisan test`) as checkbox steps when
+  `quality.local_auto_run: false` — blocked by
+  `task lint-roadmap-ci-steps` per
+  [`roadmap-ci-steps-policy`](../../rules/roadmap-ci-steps-policy.md).
+  Reword as narrow verifications, or mark with
+  `<!-- carve-out: new-gate-verification -->` when it verifies a NEW
+  gate this roadmap introduces.
 * Use ALL-CAPS Iron-Law fenced blocks — those belong in
   [`kernel-membership`](../../../docs/contracts/kernel-membership.md)-listed
   rules, not roadmaps.

package/.agent-src/skills/scene-expander/SKILL.md

@@ -3,7 +3,6 @@ name: scene-expander
 description: "Use when expanding a one-line idea into the 12-block Cinematic Scene Blueprint — provider-agnostic, includes optional dialogue + ambient. Triggers 'expand this scene', 'blueprint for X'."
 personas:
   - hollywood-director
-  - pixar-storyboard-artist
 source: package
 domain: product
 ---
@@ -13,9 +12,10 @@ domain: product
 > Expand a one-line idea or script line into the **Cinematic Scene
 > Blueprint** — 12 labeled blocks consumed by
 > [`parse-blueprint.sh`](./scene-blueprint.schema.yaml). Picks
-> `hollywood-director` for live-action and `pixar-storyboard-artist`
-> for animated beats. Output is provider-agnostic — provider tuning
-> is [`motion-choreographer`](../motion-choreographer/SKILL.md).
+> `hollywood-director` for live-action; hands off animated beats to
+> [`pixar-storyteller`](../pixar-storyteller/SKILL.md). Output is
+> provider-agnostic — provider tuning is
+> [`motion-choreographer`](../motion-choreographer/SKILL.md).
 
 ## When to use
 
@@ -38,9 +38,11 @@ Do NOT use when:
 
 1. Read the input line. Classify as **live-action / photoreal** or
    **animated / stylized**.
-2. Live-action → load `hollywood-director` voice. Animated → load
-   `pixar-storyboard-artist`. Hybrid (live-action with VFX) →
-   `hollywood-director`; record VFX intent in ENVIRONMENT.
+2. Live-action → load `hollywood-director` voice. Animated → hand
+   off to [`pixar-storyteller`](../pixar-storyteller/SKILL.md) (its
+   procedure carries the acting / beat-decomposition lens). Hybrid
+   (live-action with VFX) → `hollywood-director`; record VFX intent
+   in ENVIRONMENT.
 3. Check for an existing `character.json` lock under
    `agents/ai-video/<project>/characters/`.
 
@@ -120,3 +122,16 @@ Any "no" → revise that block.
 - Do NOT paraphrase identity tokens when a lock exists.
 - Do NOT mix live-action LENS prescriptions with animated STYLE
   anchors in the same scene — pick one mode.
+
+## Policies
+
+The 12-block Cinematic Scene Blueprint is the policy choke point — every downstream skill (`motion-choreographer`, `video-director`) inherits whatever the blueprint encodes. Before emitting:
+
+- [`agents/policies/media/likeness.md`](../../../agents/policies/media/likeness.md) — when the SUBJECT block names or visually identifies a real person.
+- [`agents/policies/media/public-figures.md`](../../../agents/policies/media/public-figures.md) — when the SUBJECT block is a recognised public figure.
+- [`agents/policies/media/brand-impersonation.md`](../../../agents/policies/media/brand-impersonation.md) — when STYLE / ENVIRONMENT references a recognised brand's visual identity.
+- [`agents/policies/media/style.md`](../../../agents/policies/media/style.md) — when STYLE anchors to a named living artist or studio as the primary signature.
+- [`agents/policies/media/disclosure.md`](../../../agents/policies/media/disclosure.md) — every distributed blueprint output carries the AI-generation disclosure downstream.
+
+Refuse-and-surface at the blueprint layer; do not push policy questions down to the adapter.
+

package/.agent-src/skills/video-director/SKILL.md

@@ -111,3 +111,16 @@ Any "no" → revise that block before handing off.
 - Do NOT collapse anticipation / action / reaction into one verb.
 - Do NOT use "cinematic" without lens + lighting + camera move.
 - Do NOT invent character details when a `character.json` exists.
+
+## Policies
+
+11-block cinematic prompt is live-action shape — real-person + brand-impersonation risks highest in cluster. Before emitting:
+
+- [`agents/policies/media/likeness.md`](../../../agents/policies/media/likeness.md) — prompt names / visually identifies real person on camera.
+- [`agents/policies/media/public-figures.md`](../../../agents/policies/media/public-figures.md) — subject is recognised public figure.
+- [`agents/policies/media/brand-impersonation.md`](../../../agents/policies/media/brand-impersonation.md) — prompt copies journalism / broadcaster / regulated-industry visual identity.
+- [`agents/policies/media/style.md`](../../../agents/policies/media/style.md) — LIGHT / LENS anchored to named living cinematographer's signature.
+- [`agents/policies/media/disclosure.md`](../../../agents/policies/media/disclosure.md) — every distributed live-action AI clip carries non-removable AI-generation disclosure.
+
+Refuse-and-surface at directorial layer; live-action realism amplifies every downstream policy gap.
+

package/.agent-src/templates/agents/agent-project-settings.example.yml

@@ -39,7 +39,7 @@ schema_version: 1
 # CI guard: a release bump of `package.json` must update this value
 # in lockstep — see scripts/check_template_pin_drift.py (road-to-
 # portable-runtime-and-update-check P3.3).
-agent_config_version: "2.23.0"
+agent_config_version: "2.24.0"
 
 # --- Project identity ---
 project:

package/.agent-src/templates/roadmaps.md

@@ -84,6 +84,22 @@ php artisan test                     # Tests (or: vendor/bin/phpunit)
 
 Check `AGENTS.md` or `Makefile` / `Taskfile.yml` for the exact commands.
 
+### CI-step gate (when `quality.local_auto_run: false`)
+
+Roadmaps **must not** schedule full-pipeline literals (`task ci`,
+`task ci-fast`, `task ci-strict`, `make ci`, `make test`,
+`npm/pnpm run check`, `yarn check`, `composer test`, whole-suite
+`vendor/bin/phpunit`, whole-suite `php artisan test`) as checkbox
+steps when `quality.local_auto_run` is `false` in
+`.agent-settings.yml` — `task lint-roadmap-ci-steps` blocks them.
+Reword as narrow verifications (`vendor/bin/phpstan analyse
+app/Modules/X`, `php artisan test --filter=…`) or mark with
+`<!-- carve-out: new-gate-verification -->` when the step verifies a
+**new** gate this roadmap introduces. At execution,
+`/roadmap:process-*` flips matching steps to `[-]` with reason and
+skips them. Full contract:
+[`roadmap-ci-steps-policy`](../rules/roadmap-ci-steps-policy.md).
+
 ---
 
 ## Template

package/.claude-plugin/marketplace.json

@@ -6,7 +6,7 @@
   },
   "metadata": {
     "description": "Shared agent configuration \u2014 skills for AI coding tools (Claude Code, Augment, Cursor, Cline, Windsurf, Gemini CLI).",
-    "version": "2.24.0",
+    "version": "2.25.0",
     "keywords": [
       "agent-config",
       "skills",