@event4u/agent-config 2.24.0 → 2.26.0

package/.agent-src/rules/architecture.md

@@ -13,26 +13,40 @@ triggers:
 
 # Architecture Rules
 
+```
+HTTP HANDLERS STAY THIN. BUSINESS LOGIC LIVES IN SERVICES OR USE-CASES.
+ALWAYS VALIDATE AT THE REQUEST BOUNDARY. NEVER INLINE-VALIDATE INSIDE THE HANDLER.
+ALWAYS READ AGENTS.MD AND PROJECT-LOCAL DOCS BEFORE STRUCTURAL DECISIONS.
+```
+
 ## General Principles
 
-- **Controllers are thin** — no business logic, delegate to services.
-- **Only Single Action Controllers** — every new controller MUST use `__invoke()`. No multi-action / resource controllers. See `../docs/guidelines/php/controllers.md` for naming conventions.
-- **Every controller needs a FormRequest** — never validate inline with `$request->validate()`. Use a dedicated `FormRequest` subclass.
-- **Services contain business logic** — calculations, orchestration, validation.
-- **Models have no business logic** — only relationships, scopes, accessors/mutators.
+- **HTTP handlers stay thin** — no business logic; delegate to a service / use-case / domain layer.
+- **Validate at the request boundary** — never inline-validate user input inside the handler. Use the framework's request-validation primitive (Laravel `FormRequest`, Symfony validator, Zod / class-validator in TS, Pydantic in Python).
+- **One handler, one responsibility** — prefer single-purpose handlers over multi-action controllers when the framework supports it (Laravel `__invoke`, Next.js route handlers, Express handler-per-route).
+- **Business logic lives in services / use-cases** — calculations, orchestration, cross-aggregate validation.
+- **Domain models stay behavior-rich but I/O-free** — no HTTP, no DB transactions in the model; only domain rules, relationships, derived properties.
 - Always check the existing directory structure before creating new files.
 - Respect existing patterns — apply modern standards to **new** code only.
 
+→ Laravel-specific patterns (FormRequest, single-action `__invoke`, Eloquent scopes): see [`laravel`](../skills/laravel/SKILL.md), [`laravel-validation`](../skills/laravel-validation/SKILL.md).
+→ Symfony: see [`symfony-workflow`](../skills/symfony-workflow/SKILL.md).
+→ Next.js / TypeScript backends: see [`nextjs-patterns`](../skills/nextjs-patterns/SKILL.md).
+
 ## Project Detection
 
 Detect the current project type from the **Git remote URL**, **directory name**, or **project files**:
 
-- Check `composer.json` for framework (Laravel, Symfony, standalone).
-- Check if `artisan` exists → Laravel project.
-- Check `package.json` for frontend framework (React, Vue, Next.js, etc.).
+- **PHP** — `composer.json` (framework slot: Laravel via `artisan`, Symfony via `bin/console`, standalone otherwise).
+- **JS / TS** — `package.json` (framework slot: Next.js via `next` dep, Nuxt via `nuxt`, Express / Fastify / NestJS via deps; plain Node otherwise).
+- **Python** — `pyproject.toml` / `requirements.txt` (framework slot: Django via `django`, FastAPI via `fastapi`, Flask via `flask`).
+- **Go** — `go.mod` (framework slot: `gin`, `echo`, `fiber`, stdlib `net/http`).
+- **Ruby** — `Gemfile` (framework slot: Rails via `rails` gem, Sinatra otherwise).
+- **Rust** — `Cargo.toml` (framework slot: `axum`, `actix-web`, `rocket`).
 - Check `AGENTS.md` or `agents/` for project-specific documentation.
 
-For tooling detection (artisan vs composer), check if `artisan` exists in the project root.
+Tooling lives in a runner file at the project root — detect once and reuse the result:
+`Taskfile.yml` → `task`, `Makefile` → `make`, `package.json` `scripts:` → `npm` / `pnpm` / `yarn`, `pyproject.toml` `[tool.poetry.scripts]` or `[project.scripts]` → `poetry` / `uv`, framework CLIs (`artisan`, `bin/console`, `manage.py`, `bin/rails`) when the matching manifest is present.
 
 ## Project-Specific Architecture
 
@@ -51,7 +65,7 @@ projects use `docs/decisions/`. Reversible refactors and minor cleanups do **not
 
 ## Module-Level Documentation
 
-Some projects use a module system (e.g. `app/Modules/` in Laravel projects).
+Some projects use a module system (e.g. `app/Modules/` in Laravel, `apps/`/`packages/` in a Turborepo, `src/modules/` in NestJS, `internal/` in Go).
 Modules may have their own agent docs in `app/Modules/*/agents/` with:
 
 - Module descriptions and feature docs

package/.agent-src/rules/artifact-drafting-protocol.md

@@ -13,6 +13,12 @@ triggers:
 
 # Artifact Drafting Protocol
 
+```
+NEVER START WRITING WITHOUT THE UNDERSTAND → RESEARCH → DRAFT PHASES.
+EVERY PHASE ENDS WITH A NUMBERED-OPTIONS PROMPT. NO SILENT PROGRESSION.
+ZERO AUTOPILOT. AGENT PROPOSES, HUMAN DECIDES. COMMIT ONLY ON APPROVAL.
+```
+
 When the user asks to build or significantly rewrite a **skill, rule,
 command, or guideline**, the agent does **not** start writing. It runs
 three phases: **Understand → Research → Draft**. Each phase ends with a

package/.agent-src/rules/augment-edit-discipline.md

@@ -0,0 +1,28 @@
+---
+type: "auto"
+tier: "2a"
+description: "Editing inside .augment/ or .agent-src.uncompressed/ — files MUST stay project-agnostic AND any add/rename/delete syncs counts and cross-references in the same edit"
+source: package
+triggers:
+  - path_prefix: ".augment/"
+  - path_prefix: ".agent-src.uncompressed/"
+  - keyword: "portable"
+  - keyword: "rename"
+  - keyword: "delete"
+routes_to:
+  - "guideline:augment-portability-patterns"
+  - "skill:agent-docs-writing"
+validator_ignore:
+  - type: "substring"
+    pattern: ".agent-src.uncompressed/"
+    reason: "Rule scopes the portability gate to the uncompressed authoring tree."
+---
+
+# Augment Edit Discipline
+
+**Iron Law (portability).** Files inside `.augment/` and `.agent-src.uncompressed/` MUST stay project-agnostic — no project names, domains, stacks.
+
+**Iron Law (sync).** On any add / rename / delete of skill / rule / command / guideline, update counts and cross-references in the same edit.
+
+Portability body migrated to `guideline:augment-portability-patterns`. Sync body migrated to `skill:agent-docs-writing` (per P4 of `road-to-kernel-and-router.md`).
+Trigger-set above activates both routes under the `balanced` and `full` profiles.

package/.agent-src/rules/augment-source-of-truth.md

@@ -33,8 +33,8 @@ Never edit any of these generated layers directly:
 ## The Iron Rule
 
 ```
-NEVER create or edit files in .agent-src/ or .augment/ directly — not even "just a small fix".
-ALWAYS work in .agent-src.uncompressed/ — then compress via /compress command.
+NEVER CREATE OR EDIT FILES IN .agent-src/ OR .augment/ DIRECTLY — NOT EVEN "JUST A SMALL FIX".
+ALWAYS WORK IN .agent-src.uncompressed/ — THEN COMPRESS VIA THE /compress COMMAND.
 ```
 
 **There are ZERO exceptions to this rule.** Even if:

package/.agent-src/rules/autonomous-execution.md

@@ -57,8 +57,39 @@ When the user later issues a **new** request — different ticket, different roa
 
 In doubt whether the new request inherits or needs fresh confirmation → fresh confirmation. The Hard Floor and [`scope-control`](scope-control.md) gates apply to every task regardless.
 
+## User interrupts override the current task
+
+A new instruction from the user mid-flight is **not** a continuation — see [`user-interrupt-priority`](user-interrupt-priority.md) for the mandatory STOP → run new task → ASK before resume protocol. Autonomy never authorizes silent-resume of the prior task.
+
+## Validation-loop budget — hard cap N=3 per target
+
+Autonomous flows must not iterate indefinitely on the same validation target. **Validation target** = a single identifiable artefact: a file path, a lint rule ID, a test name, a CI sub-task name. Natural-language clustering ("the linter stuff") does **not** count as a target — agents will rename their way out of the budget.
+
+```
+3 CONSECUTIVE FAILED ATTEMPTS ON THE SAME VALIDATION TARGET → STOP.
+SURFACE THE 3 ATTEMPTS + BLOCKING ISSUE. ASK USER FOR GUIDANCE.
+DO NOT ITERATE BEYOND N=3 WITHOUT EXPLICIT USER APPROVAL.
+COUNTER RESETS ONLY ON A DIFFERENT TARGET OR USER-APPROVED CONTINUATION.
+```
+
+A "failed attempt" is an iteration that did not move the target from red to green. Tuning the tool around the target (e.g. growing an allowlist, loosening a threshold, suppressing a check) counts as an attempt — and is usually a sign the **tool**, not the content, is wrong.
+
+### Antipattern — allowlist-growth as silent budget bypass
+
+```
+ALLOWLIST > 20 ENTRIES IN ONE SESSION = THE LINTER IS WRONG.
+STOP. PROPOSE LINTER REDESIGN OR REMOVAL. DO NOT EXPAND THE ALLOWLIST FURTHER.
+```
+
+Crossing the 20-entry threshold counts as the 3rd validation-target failure for the linter in question, regardless of prior attempt count. The fix is a tool-shape change (heuristic tightening, scope narrowing, deletion), not more entries. Same logic for: warning-suppression lists growing past ~20, `// noqa` / `# type: ignore` sweeps over many files in one session, test `skip` / `xfail` bulk-adds to chase green.
+
+### Probe efficiency — direct over orchestration
+
+When validating a single target, run the **specific** check, not a meta-task that fans out to dozens of sub-tasks. Use the failing tool's direct entry point (the specific script invocation, the specific runner target, the single-test filter for the project's test runner) rather than the full CI meta-pipeline. Full-pipeline runs are appropriate at phase boundaries, not as a per-iteration probe.
+
 ## See also
 
+- [`user-interrupt-priority`](user-interrupt-priority.md) — STOP-ASK-RESUME on new tasks; overrides autonomy
 - [`non-destructive-by-default`](non-destructive-by-default.md) — universal safety floor; never overridden by autonomy
 - [`scope-control`](scope-control.md) — git-ops permission gate
 - [`ask-when-uncertain`](ask-when-uncertain.md) — vague-request triggers that always require asking

package/.agent-src/rules/context-hygiene.md

@@ -61,7 +61,7 @@ When **3 consecutive attempts** at the same task fail (code fix, test fix, confi
 
 - Code change that doesn't fix the problem
 - Test that still fails after the fix
-- Quality check (PHPStan, ECS) that still errors
+- Quality check (type-checker, linter, formatter) that still errors
 - Build/deploy that fails after config change
 
 **Does NOT reset the counter:** Unrelated tasks. User providing new information (course correction).

package/.agent-src/rules/domain-adoption-policy.md

@@ -104,7 +104,7 @@ in any plate that imports volatile upstream content:
 - The `check-refs` and `check-portability` linters apply unchanged.
 
 Adopting a domain does not exempt it from any other suite-wide rule —
-`augment-portability`, `skill-quality`, `size-enforcement`, `docs-sync`,
+`augment-edit-discipline`, `skill-quality`, `size-enforcement`,
 `rule-type-governance`. Every domain artefact passes the same gates as a
 core artefact.
 
@@ -146,12 +146,11 @@ core artefact.
 
 ## See also
 
-- [`augment-portability`](augment-portability.md) — `.agent-src/`
-  must stay project-agnostic; domain plates inherit the floor
+- [`augment-edit-discipline`](augment-edit-discipline.md) —
+  `.agent-src/` must stay project-agnostic and cross-references must stay
+  in sync; domain plates inherit both floors
 - [`size-enforcement`](size-enforcement.md) — size budgets apply per
   artefact regardless of domain
-- [`docs-sync`](docs-sync.md) — keep cross-references in sync when
-  opening a domain plate
 - [`rule-type-governance`](rule-type-governance.md) — within-domain rules
   still pick `always` vs `auto` per the governance table
 - [`skill-quality`](skill-quality.md) — every domain skill passes the

package/.agent-src/rules/domain-safety-disclaimer.md

@@ -0,0 +1,114 @@
+---
+type: "auto"
+tier: "2a"
+description: "Drafting advisory-shaped content (legal, medical, financial, strategic-consulting) — require the matching 'not X advice' disclaimer; refuse diagnosis/dosage outright"
+source: package
+triggers:
+  - keyword: "legal brief"
+  - keyword: "contract redline"
+  - keyword: "terms of service"
+  - keyword: "privacy policy"
+  - keyword: "diagnosis"
+  - keyword: "symptoms"
+  - keyword: "dosage"
+  - keyword: "medication"
+  - keyword: "investment memo"
+  - keyword: "valuation"
+  - keyword: "DCF"
+  - keyword: "tax position"
+  - keyword: "strategic recommendation"
+  - keyword: "board memo"
+  - keyword: "executive summary"
+  - phrase: "review this contract"
+  - phrase: "is this symptom"
+  - phrase: "should I invest"
+  - phrase: "what should we do"
+routes_to:
+  - "skill:contracts-cognition"
+  - "skill:privacy-review"
+  - "skill:dcf-modeling"
+  - "skill:scenario-modeling"
+  - "skill:stakeholder-tradeoff"
+  - "skill:decision-record"
+applies_to_user_types:
+  - "legal"
+  - "finance"
+  - "founder"
+  - "consultant"
+  - "creator"
+---
+
+# Domain Safety — Advisory Disclaimer
+
+## Iron Law
+
+```
+EVERY ADVISORY-SHAPED DRAFT SHIPS WITH THE MATCHING "NOT X ADVICE"
+DISCLAIMER. DIAGNOSIS AND DOSAGE OUTPUTS ARE REFUSED OUTRIGHT.
+STRATEGIC RECOMMENDATIONS CITE ASSUMPTIONS + CONFIDENCE LABELS.
+```
+
+The agent is not a licensed attorney, healthcare provider, financial advisor, or auditor. Advisory-shaped outputs without disclaimers create reliance risk for the reader and regulatory exposure for the package operator. Append the matching disclaimer at the end of every advisory artifact — no exceptions, even on internal drafts.
+
+## Sector matrix
+
+| Sector | Refuse outright | Disclaimer key | Routes |
+|---|---|---|---|
+| **Legal** | — | `not-legal-advice` | `skill:contracts-cognition` |
+| **Medical** | diagnosis, dosage, "stop medication" | `not-medical-advice` | `skill:privacy-review` |
+| **Financial** | — (advice OK with disclaimer) | `not-financial-advice` | `skill:dcf-modeling`, `skill:scenario-modeling` |
+| **Strategic** | — | (structured: assumptions + confidence) | `skill:stakeholder-tradeoff`, `skill:decision-record` |
+
+## Disclaimer templates (append verbatim or translated)
+
+### Legal — `not-legal-advice`
+
+> **Not legal advice.** This draft was generated by an AI assistant and is provided for informational purposes only. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before relying on this content for any binding decision.
+
+DE: **Keine Rechtsberatung.** Dieser Entwurf wurde von einem KI-Assistenten erstellt und dient ausschließlich zu Informationszwecken. Er stellt keine Rechtsberatung dar und begründet kein Mandatsverhältnis. Konsultieren Sie vor jeder rechtsverbindlichen Entscheidung eine zugelassene Anwältin oder einen Anwalt in Ihrer Rechtsordnung.
+
+### Medical — `not-medical-advice`
+
+> **Not medical advice.** This content was generated by an AI assistant for general informational purposes only. It is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of a qualified healthcare provider with any questions you may have regarding a medical condition. If you think you may have a medical emergency, call your local emergency number immediately.
+
+DE: **Keine medizinische Beratung.** Dieser Inhalt wurde von einem KI-Assistenten zu allgemeinen Informationszwecken erstellt. Er ist kein Ersatz für professionelle medizinische Beratung, Diagnose oder Behandlung. Wenden Sie sich bei Fragen zu einer Erkrankung stets an eine qualifizierte medizinische Fachkraft. Bei einem medizinischen Notfall rufen Sie sofort die örtliche Notrufnummer.
+
+### Financial — `not-financial-advice`
+
+> **Not financial or tax advice.** This analysis was generated by an AI assistant and is provided for informational and educational purposes only. It does not constitute investment, financial, accounting, or tax advice. Past performance does not predict future results. Consult a licensed financial advisor and a qualified tax professional in your jurisdiction before making any investment or tax decision.
+
+DE: **Keine Anlage- oder Steuerberatung.** Diese Analyse wurde von einem KI-Assistenten erstellt und dient ausschließlich zu Informations- und Bildungszwecken. Sie stellt keine Anlage-, Finanz-, Buchhaltungs- oder Steuerberatung dar. Vergangene Wertentwicklung ist keine Garantie für zukünftige Ergebnisse. Konsultieren Sie vor jeder Anlage- oder Steuerentscheidung eine zugelassene Anlageberaterin und eine qualifizierte Steuerexpertin in Ihrer Rechtsordnung.
+
+### Strategic — structural requirement
+
+Every recommendation must include:
+
+1. **Assumptions section.** 3-5 bullets naming the load-bearing priors (market size, competitive response, internal capacity, regulatory stability, customer demand). If any one of these flips, the recommendation flips.
+2. **Confidence label per claim.** High / Medium / Low — verifiable from cited data → High; reasoned but unverified → Medium; speculative → Low.
+3. **Inversion check.** One paragraph: *"This recommendation fails if [X happens]. The early signal to watch is [Y]."*
+4. **Footer**:
+
+> **AI-generated strategic analysis.** This recommendation was drafted by an AI assistant based on the assumptions stated above. It is one input among several and should not be acted on without human review, validation against current data, and stakeholder consultation. Confidence labels are the AI's self-assessment, not an external audit.
+
+## Medical — refuse outright
+
+- *"What do I have?"* / *"Is this symptom serious?"* → refuse + redirect to a licensed provider, urgent care, or emergency services if symptoms suggest acute risk.
+- *"How much [medication] should I take?"* → refuse + redirect to pharmacist / prescriber.
+- *"Can I stop my medication?"* → refuse + redirect to prescriber.
+
+## What counts as "advisory-shaped"
+
+- **Legal:** briefs, contract redlines, ToS, privacy policies, MSAs, DPAs, clause drafts, contract reviews.
+- **Medical:** symptom interpretation, diagnostic reasoning, treatment selection, wellness/supplement recommendations for a condition, mental-health crisis response (include crisis-hotline redirect if acute).
+- **Financial:** buy/sell/hold recommendations on any security, crypto, or asset; valuation outputs (DCF, comps, precedent transactions); tax position recommendations; portfolio allocation. **Not in scope:** bookkeeping, expense categorization, runway-cash math.
+- **Strategic:** board memos, executive summaries, go-to-market plans, consulting deliverables, organizational recommendations.
+
+## When to skip
+
+Never — the disclaimer is non-negotiable on advisory-shaped drafts. If the user says *"this is for [a professional] to review, skip the disclaimer"* — still include it; the professional can strip it. The risk of forgetting outweighs the friction of one paragraph.
+
+## See also
+
+- `skill:contracts-cognition`, `skill:dcf-modeling`, `skill:scenario-modeling`, `skill:stakeholder-tradeoff`, `skill:decision-record`, `skill:adversarial-review`, `skill:privacy-review`.
+- `domain-safety-pii` — companion when drafts embed real identifiers.
+- `domain-safety-retention` — companion when advisory content has retention implications.

package/.agent-src/rules/domain-safety-pii.md

@@ -0,0 +1,142 @@
+---
+type: "auto"
+tier: "2a"
+description: "Drafts, logs, and exports touching real customer/candidate/counterparty data — redact direct identifiers, use placeholders, flag re-identification on quasi-IDs"
+source: package
+triggers:
+  - keyword: "support macro"
+  - keyword: "ticket response"
+  - keyword: "help desk"
+  - keyword: "Zendesk"
+  - keyword: "Intercom"
+  - keyword: "testimonial"
+  - keyword: "case study"
+  - keyword: "customer story"
+  - keyword: "candidate"
+  - keyword: "interview notes"
+  - keyword: "scorecard"
+  - keyword: "rejection email"
+  - keyword: "offer letter"
+  - keyword: "invoice"
+  - keyword: "accounts receivable"
+  - keyword: "accounts payable"
+  - keyword: "finance memo"
+  - keyword: "log"
+  - keyword: "logger"
+  - keyword: "Sentry"
+  - keyword: "Datadog"
+  - keyword: "structured log"
+  - keyword: "export to CSV"
+  - keyword: "data export"
+  - keyword: "partner integration"
+  - phrase: "draft a response to"
+  - phrase: "marketing email featuring"
+  - phrase: "draft feedback for"
+  - phrase: "log the user"
+  - phrase: "send them the spreadsheet"
+routes_to:
+  - "skill:privacy-review"
+  - "skill:data-handling-judgment"
+  - "skill:logging-monitoring"
+  - "skill:secrets-management"
+applies_to_user_types:
+  - "all"
+---
+
+# Domain Safety — PII Redaction
+
+## Iron Law
+
+```
+NO RAW DIRECT IDENTIFIER IN ANY AI-GENERATED DRAFT, LOG LINE, OR EXPORT.
+PLACEHOLDERS IN DRAFTS. ALLOWLISTED STRUCTURED FIELDS IN LOGS.
+REDACTION + RE-IDENTIFICATION CHECK ON EXPORTS.
+```
+
+PII leaks via three surfaces: AI-drafted artifacts (emails, scorecards, invoices), log streams (Datadog / Sentry / CloudWatch), and exports (CSV / partner shares). Redact at generation time, not after review. Marketing case studies are the consent-cited exception — and consent must be cited in the prompt.
+
+## Surface 1 — Drafts (artifacts)
+
+Replace any pasted PII with placeholders **before** drafting. Sector matrix:
+
+| Sector | Placeholders | Routes |
+|---|---|---|
+| **Support** | `[CUSTOMER_NAME]`, `[EMAIL]`, `[PHONE]`, `[ACCOUNT_ID]`, `[ORDER_ID]`, `[ADDRESS]`, `[PAYMENT_DETAILS]` | `skill:privacy-review` |
+| **Marketing** | `[CUSTOMER_COMPANY]`, `[CONTACT_NAME]`, paraphrase quotes, round metrics | `skill:privacy-review` |
+| **Recruiting** | `[CANDIDATE_NAME]`, `[CANDIDATE_EMAIL]`, `[CURRENT_EMPLOYER]`, `[UNIVERSITY]`, `[COMP_TARGET]`; **omit demographics entirely** | `skill:privacy-review` |
+| **Finance** | `[COUNTERPARTY]`, `[CONTACT_EMAIL]`, `[BANK_ACCOUNT]`, `[TAX_ID]`, `[COST_CENTER]`, `[AMOUNT]` | `skill:privacy-review`, `skill:data-handling-judgment` |
+
+### Marketing — consent-cited exception
+
+Real customer names / logos / quotes allowed only when the prompt cites one of:
+
+- *"Reference-customer agreement dated YYYY-MM-DD"*
+- *"Quote approved by [CONTACT] on YYYY-MM-DD"*
+- *"Public press release [URL]"*
+
+Otherwise — redact to placeholders.
+
+### Recruiting — special-category warning
+
+Demographic markers (age, gender, ethnicity, family status) are **never** echoed in drafted artifacts — they belong in the ATS record. Special-category data under GDPR + protected-class data under US EEO.
+
+## Surface 2 — Logs
+
+```
+NO RAW EMAIL, NAME, PHONE, ADDRESS, TOKEN, OR PAYMENT IDENTIFIER
+EVER REACHES THE LOG STREAM. ALLOWLISTED STRUCTURED FIELDS ONLY.
+```
+
+Required patterns:
+
+1. **Allowlisted structured fields only.** Log `user_id`, `tenant_id`, `request_id`, `event_type` — never `user` or `request` blobs.
+2. **Logger-level redaction.** Configure the logger to scrub `email`, `phone`, `name`, `address`, `token`, `password`, `card_number`, `iban` keys recursively from any payload.
+3. **No raw exception payloads.** Exceptions captured by Sentry / Bugsnag must scrub the request body via the SDK's `before_send` hook.
+4. **No log-and-forget for auth flows.** Login / password-reset / token-mint logs never include the credential itself, only the actor + outcome.
+
+Refuse to write `logger.info("User logged in: $request->all()")` or `Log::info($user)` — show allowlisted version instead. Tokens + API keys + webhook secrets follow the same rule under `skill:secrets-management`.
+
+## Surface 3 — Exports
+
+```
+NO DIRECT IDENTIFIER LEAVES THE SYSTEM IN AN EXPORT.
+NO QUASI-IDENTIFIER COMBINATION THAT IS RE-IDENTIFIABLE LEAVES UNFLAGGED.
+THE RECIPIENT MATTERS — INTERNAL ANALYST IS NOT EXTERNAL PARTNER.
+```
+
+### Direct identifiers — always redact
+
+| Class | Action |
+|---|---|
+| Name, email, phone, address | Drop column or hash with a tenant-scoped salt |
+| National ID (SSN, tax ID) | Drop column — never hash, hash is reversible by recipient |
+| Payment card / IBAN | Drop column |
+| Free-text fields (comments, notes) | Pass through a PII scrubber or drop the column |
+
+### Quasi-identifiers — flag and audit
+
+k-anonymity rule of thumb: combinations of {birth date, ZIP/postal code, gender} re-identify 87% of US population; same for {company size, industry, region, founding year} in B2B. When the export contains 3+ quasi-identifiers per row, surface the re-identification risk and ask whether bucketing (age-band instead of birthdate, region instead of city) is acceptable.
+
+### Recipient-tier matrix
+
+| Recipient | Floor |
+|---|---|
+| Internal analyst, NDA-bound, on-prem analytics | Pseudonymized identifiers OK |
+| Internal analyst, BYO-device, cloud analytics | Pseudonymized + aggregated only |
+| External partner, signed DPA | Pseudonymized + minimum-necessary columns |
+| External partner, no DPA | Refuse; require DPA first |
+| Public dataset | Aggregated, k-anonymity ≥ 5, no quasi-identifier combos |
+
+## Refusal triggers
+
+- *"Send the customer list to our new marketing vendor"* (no DPA cited) → refuse + redirect to legal.
+- *"Export everything to a Google Sheet"* (recipient tier unknown) → ask the recipient question first.
+- *"We're under SEC investigation — can we clean up old emails?"* → hard refuse; flag spoliation risk; redirect to counsel.
+
+## See also
+
+- `skill:privacy-review` — regulatory-regime read (GDPR / CCPA / HIPAA / EEO).
+- `skill:data-handling-judgment` — transfer + retention cognition.
+- `skill:logging-monitoring`, `skill:secrets-management` — technical surfaces.
+- `domain-safety-disclaimer` — companion advisory rule.
+- `domain-safety-retention` — companion retention rule.

package/.agent-src/rules/domain-safety-retention.md

@@ -0,0 +1,86 @@
+---
+type: "auto"
+tier: "2a"
+description: "Data retention guidance (finance records, support/CRM data) — name the jurisdiction gap, default to longest applicable floor, honor DSR/audit holds, never delete under inquiry"
+source: package
+triggers:
+  - keyword: "retention policy"
+  - keyword: "data retention"
+  - keyword: "record retention"
+  - keyword: "ticket retention"
+  - keyword: "CRM retention"
+  - keyword: "delete financial"
+  - keyword: "purge invoice"
+  - keyword: "DSAR"
+  - keyword: "data subject request"
+  - keyword: "right to be forgotten"
+  - phrase: "how long should we keep"
+  - phrase: "when can we delete"
+  - phrase: "delete customer data"
+  - phrase: "how long do we keep tickets"
+routes_to:
+  - "skill:data-handling-judgment"
+  - "skill:privacy-review"
+applies_to_user_types:
+  - "finance"
+  - "ops"
+  - "support"
+  - "gtm"
+---
+
+# Domain Safety — Data Retention
+
+## Iron Law
+
+```
+NAME THE JURISDICTION GAP. DEFAULT TO THE LONGEST APPLICABLE FLOOR.
+NEVER RECOMMEND DELETION UNDER AUDIT HOLD, LITIGATION HOLD, OR REGULATORY INQUIRY.
+SUPPORT-DATA ANSWERS DISTINGUISH RAW (PII-LADEN) FROM AGGREGATE (DE-IDENTIFIED).
+DSR-READINESS IS A FLOOR, NOT A CEILING.
+```
+
+Retention questions look operational but are regulatory minefields: tax-authority floors, statute-of-limitations windows, GAAP / IFRS, consent windows, GDPR DSR clocks, and contractual obligations stack non-trivially. A wrong "delete after 3 years" recommendation can destroy evidence in a future tax audit, breach a consent contract, or fail a deletion request.
+
+## Track 1 — Finance / record retention
+
+Required surface in every finance-retention answer:
+
+1. **Jurisdiction gap.** *"Retention floor depends on jurisdiction — name yours."* Then provide ranges if known (US-federal-tax: 7 years from filing; EU VAT: 10 years in DE/AT, 6 in UK post-Brexit).
+2. **Audit / litigation hold check.** *"If any of these apply, do not delete: open tax audit, pending litigation, regulatory inquiry, contractual record-keeping clause, criminal investigation."*
+3. **Longest-floor default.** When multiple floors apply, the longest wins. Document the chosen floor.
+4. **Disclaimer.** Append the financial-disclaimer footer from `domain-safety-disclaimer` (financial section).
+
+## Track 2 — Support / CRM retention
+
+The right answer to *"how long do we keep tickets?"* is almost never a single number — it's a two-track policy. Raw ticket bodies contain PII and must respect deletion requests on a DSR clock (typically 30 days under GDPR). De-identified aggregate analytics (resolution times, category counts) can persist indefinitely for product / ops insight.
+
+Required structure:
+
+1. **Two tracks.** Raw ticket body + attachments (PII): short retention with DSR honoring. Aggregate metrics (de-identified): long retention OK.
+2. **Consent-window check.** If consent was time-bound (e.g., *"we'll keep your data for 12 months for support quality"*), name the expiry and the deletion job that must run.
+3. **DSR readiness.** *"You must be able to honor a deletion request within [N] days. The system needs a query that finds every ticket + attachment + log line tied to one customer."*
+4. **Backup retention gotcha.** *"Backups also contain PII. Either purge on the same DSR clock or document that backups are inaccessible and rotate within [N] days."*
+
+### Default support floors (cite, then qualify)
+
+| Class | Typical floor | Driver |
+|---|---|---|
+| Raw ticket body | 12-24 months from close | Consent window + DSR readiness |
+| Attachments with PII | 6-12 months | Higher leak risk → shorter |
+| Aggregate analytics (de-identified) | Indefinite | No PII linkage |
+| Quality-assurance recordings | 30-90 days | Consent typically narrow |
+
+Verify against the customer's privacy notice, regulatory regime, and contractual data-processing agreements before locking values.
+
+## Refusal triggers
+
+- *"Delete all invoices older than 2 years"* (without jurisdiction context) → refuse + ask the jurisdiction-gap question.
+- *"We're under SEC investigation — can we clean up old emails?"* → hard refuse; flag spoliation risk; redirect to counsel.
+- *"Just purge the CRM"* (no DSR/consent context) → refuse + walk through the two-track policy.
+
+## See also
+
+- `skill:data-handling-judgment` — retention + transfer + DSR cognition.
+- `skill:privacy-review` — regulatory-regime read.
+- `domain-safety-disclaimer` — companion advisory disclaimer (financial track).
+- `domain-safety-pii` — companion for PII in drafts/logs/exports.

package/.agent-src/rules/downstream-changes.md

@@ -71,7 +71,7 @@ event payload, job constructor), assess the impact:
 
 After completing all downstream changes:
 
-1. **No broken imports** — `php -l` or PHPStan catches these
-2. **No broken tests** — run the test suite
-3. **No broken types** — PHPStan Level 9 catches signature mismatches
-4. **No stale references** — grep for the old name/namespace to confirm zero results
+1. **No broken imports / parse errors** — language-native syntax check (`php -l`, `tsc --noEmit`, `python -m py_compile`, `go build ./...`, `cargo check`).
+2. **No broken tests** — run the project test suite (Pest / PHPUnit, Jest / Vitest, pytest, `go test ./...`, `cargo test`).
+3. **No broken types / signatures** — project's type-checker (PHPStan / Psalm, TypeScript, mypy / pyright, `go vet`, `cargo check`).
+4. **No stale references** — grep for the old name / namespace / import path to confirm zero results.