@event4u/agent-config 2.25.0 → 2.26.0

package/.agent-src/contexts/augment-infrastructure.md

@@ -57,17 +57,14 @@ Define hard constraints: coding standards, Docker usage, language preferences, s
 |---|---|
 | `quality-workflow.md` | PHP (PHPStan → Rector → PHPStan) and JS/TS pipelines |
 | `downstream-changes.md` | After every edit, find and update ALL callers, tests, imports |
-| `docs-sync.md` | Keep docs in sync when skills/rules change |
+| `augment-edit-discipline.md` | Edits inside `.augment/` / `.agent-src.uncompressed/` stay project-agnostic AND sync counts + cross-references in the same edit |
 | `context-hygiene.md` | 3-failure rule, state dumps |
 | `architecture.md` | Architecture principles, file placement |
 | `docker-commands.md` | All PHP commands run inside Docker containers |
 | `commit-conventions.md` | Conventional Commits format |
 | `dev-efficiency.md` | Running CLI commands with verbose output — git, tests, linters, docker, build tools |
-| `e2e-testing.md` | Playwright E2E tests — locators, assertions, Page Objects, CI |
 | `lang-files.md` | Laravel lang files, both de/ and en/ always in sync |
 | `rtk.md` | Using rtk for token-efficient CLI output filtering |
-| `agent-docs.md` | When to read/create/update documentation |
-| `augment-portability.md` | Everything in `.augment/` must be project-agnostic |
 | `roadmap-progress-sync.md` | Checkbox edits in `agents/roadmaps/*.md` must regenerate `agents/roadmaps-progress.md` in the same response |
 
 ### Skills (`.augment/skills/`)
@@ -79,14 +76,14 @@ Skills organized by domain:
 
 | Category | Skills |
 |---|---|
-| **PHP/Laravel** | `php`, `php-coder`, `laravel`, `eloquent`, `laravel-validation`, `php-service`, `dto-creator`, `artisan-commands`, `laravel-horizon`, `laravel-mail`, `laravel-middleware`, `laravel-notifications`, `laravel-pennant`, `laravel-pulse`, `laravel-reverb`, `laravel-scheduling` |
+| **PHP/Laravel** | `php`, `php-coder`, `laravel`, `eloquent`, `laravel-validation`, `php-service`, `laravel-dto`, `artisan-commands`, `laravel-horizon`, `laravel-mail`, `laravel-middleware`, `laravel-notifications`, `laravel-pennant`, `laravel-pulse`, `laravel-reverb`, `laravel-scheduling` |
 | **API** | `api-endpoint`, `api-design`, `api-versioning`, `api-testing`, `openapi` |
 | **Analysis** | `analysis-autonomous-mode`, `universal-project-analysis`, `project-analysis-laravel`, `bug-analyzer`, `security-audit`, `performance-analysis` |
 | **Testing** | `pest-testing`, `test-generator`, `test-performance`, `php-debugging`, `playwright-testing` |
 | **Frontend** | `javascript`, `typescript`, `vue`, `react`, `nextjs`, `nuxt`, `tailwind`, `livewire`, `flux`, `blade-ui`, `fe-design` |
 | **Infrastructure** | `docker`, `aws-infrastructure`, `terraform`, `terragrunt`, `devcontainer`, `github-ci`, `cloudflare-workers`, `traefik` |
-| **Data** | `database`, `migration-creator`, `multi-tenancy`, `performance`, `sql-writing` |
-| **Jobs/Events** | `jobs-events`, `logging-monitoring`, `grafana`, `websocket` |
+| **Data** | `database`, `laravel-migration`, `multi-tenancy`, `performance`, `sql-writing` |
+| **Jobs/Events** | `jobs-events`, `logging-monitoring`, `grafana`, `laravel-websocket` |
 | **Packages** | `composer`, `composer-packages`, `npm`, `npm-packages` |
 | **Design** | `dashboard-design`, `design-review`, `fe-design` |
 | **Agent System** | `agent-docs-writing`, `agents-audit`, `context-create`, `commands`, `copilot-config`, `copilot-agents-optimization`, `feature-planning`, `file-editor`, `guidelines`, `mcp`, `override-management`, `project-docs`, `roadmap-management`, `module-management`, `naming`, `project-analyzer`, `sequential-thinking`, `skill-reviewer` |

package/.agent-src/contexts/communication/rules-auto/guidelines-mechanics.md

@@ -33,7 +33,7 @@ before writing or reviewing code); this file is the catalog.
 | `performance.md` | Performance conventions — caching, Redis, eager loading, response time targets |
 | `security.md` | Security conventions — auth, authorization, SQL injection, XSS, CSRF, headers |
 | `sql.md` | Raw SQL conventions — parameterization, MariaDB syntax, common mistakes |
-| `websocket.md` | WebSocket conventions — Broadcasting, channel types, connection management |
+| `laravel-websocket.md` | Laravel Broadcasting conventions — channel types, connection management, Echo client |
 | `patterns.md` | Design patterns index (links to `patterns/` subdirectory) |
 
 ## PHP Patterns (`docs/guidelines/php/patterns/`)

package/.agent-src/contexts/contracts/research-schema.md

@@ -103,7 +103,7 @@ properties:
 Upstream (`Weizhena/Deep-Research-skills`) shipped a `validate_json.py`
 Pydantic-based validator that assumed `~/.claude/` paths and a Python
 runtime in the consumer environment. Both are
-`augment-portability` violations for this package (zero-runtime-Python
+`augment-edit-discipline` violations for this package (zero-runtime-Python
 goal, host-agnostic distribution). The schema reference above lets the
 agent validate by reading; consumers needing programmatic validation
 can pipe the YAML through any JSON-Schema validator they prefer

package/.agent-src/contexts/execution/interrupt-examples.md

@@ -0,0 +1,34 @@
+# Interrupt Examples — Non-Interrupts, Failure Modes
+
+Loaded by the [`user-interrupt-priority`](../../rules/user-interrupt-priority.md)
+rule when concrete examples sharpen a classification call. The Iron
+Law, classification table, and stop-ask-resume protocol live in the
+rule itself.
+
+## What does NOT count as an interrupt
+
+- **Clarifying question about the current task** — answer in place,
+  keep going.
+- **Quoted text / code / log content** containing imperative verbs
+  ("stop", "abort") — content, not instruction. Speech-act check, same
+  as [`autonomous-execution § opt-in detection`](../../rules/autonomous-execution.md#opt-in-detection--match-by-intent-not-exact-string).
+- **User pasting an error or screenshot** without a redirect —
+  diagnostic input for the current task.
+- **"Why are you doing X?"** as a question — answer it, then continue
+  (unless the answer reveals the current task is wrong, in which case
+  STOP and confirm).
+
+## Failure modes
+
+- **Silent-resume** — treated the interrupt as a pause, returned to the
+  old task without asking. Iron Law violation.
+- **Partial-execution-then-resume** — answered the new ask in two
+  sentences, then went back to the old task without completing the new
+  one. Treat meta-tasks (process audits, council consultations, rule
+  changes) as full tasks, not as quick acknowledgments.
+- **Greedy-bundling** — appended the new task to the old task's plan
+  and continued the old plan first. New task runs **first**, alone, in
+  full.
+- **Autonomy-as-cover** — "user said autonomy on, so I just continued"
+  — autonomy never overrides a fresh instruction. See
+  [`autonomous-execution § Task-scope`](../../rules/autonomous-execution.md).

package/.agent-src/contexts/skills-and-commands.md

@@ -95,13 +95,13 @@ Commands often chain together. Here are the main workflows:
 | Area | Skills |
 |---|---|
 | API endpoints | `api-endpoint`, `api-design`, `api-versioning`, `api-testing`, `openapi`, `laravel-validation` |
-| Database | `eloquent`, `database`, `migration-creator`, `multi-tenancy`, `sql-writing` |
+| Database | `eloquent`, `database`, `laravel-migration`, `multi-tenancy`, `sql-writing` |
 | Background jobs | `jobs-events`, `laravel-horizon`, `laravel-scheduling`, `performance` |
 | Email/Notifications | `laravel-mail`, `laravel-notifications` |
 | Middleware/Auth | `laravel-middleware`, `security` |
 | Feature flags | `laravel-pennant` |
 | Monitoring | `laravel-pulse`, `logging-monitoring`, `grafana`, `sentry-integration` |
-| Real-time | `laravel-reverb`, `websocket` |
+| Real-time | `laravel-reverb`, `laravel-websocket` |
 | Testing | `pest-testing`, `test-generator`, `playwright-testing` |
 | Frontend | `livewire`, `flux`, `blade-ui`, `tailwind`, `vue`, `react`, `fe-design` |
 | Infrastructure | `docker`, `aws-infrastructure`, `terraform`, `terragrunt`, `cloudflare-workers`, `traefik` |

package/.agent-src/rules/architecture.md

@@ -13,26 +13,40 @@ triggers:
 
 # Architecture Rules
 
+```
+HTTP HANDLERS STAY THIN. BUSINESS LOGIC LIVES IN SERVICES OR USE-CASES.
+ALWAYS VALIDATE AT THE REQUEST BOUNDARY. NEVER INLINE-VALIDATE INSIDE THE HANDLER.
+ALWAYS READ AGENTS.MD AND PROJECT-LOCAL DOCS BEFORE STRUCTURAL DECISIONS.
+```
+
 ## General Principles
 
-- **Controllers are thin** — no business logic, delegate to services.
-- **Only Single Action Controllers** — every new controller MUST use `__invoke()`. No multi-action / resource controllers. See `../docs/guidelines/php/controllers.md` for naming conventions.
-- **Every controller needs a FormRequest** — never validate inline with `$request->validate()`. Use a dedicated `FormRequest` subclass.
-- **Services contain business logic** — calculations, orchestration, validation.
-- **Models have no business logic** — only relationships, scopes, accessors/mutators.
+- **HTTP handlers stay thin** — no business logic; delegate to a service / use-case / domain layer.
+- **Validate at the request boundary** — never inline-validate user input inside the handler. Use the framework's request-validation primitive (Laravel `FormRequest`, Symfony validator, Zod / class-validator in TS, Pydantic in Python).
+- **One handler, one responsibility** — prefer single-purpose handlers over multi-action controllers when the framework supports it (Laravel `__invoke`, Next.js route handlers, Express handler-per-route).
+- **Business logic lives in services / use-cases** — calculations, orchestration, cross-aggregate validation.
+- **Domain models stay behavior-rich but I/O-free** — no HTTP, no DB transactions in the model; only domain rules, relationships, derived properties.
 - Always check the existing directory structure before creating new files.
 - Respect existing patterns — apply modern standards to **new** code only.
 
+→ Laravel-specific patterns (FormRequest, single-action `__invoke`, Eloquent scopes): see [`laravel`](../skills/laravel/SKILL.md), [`laravel-validation`](../skills/laravel-validation/SKILL.md).
+→ Symfony: see [`symfony-workflow`](../skills/symfony-workflow/SKILL.md).
+→ Next.js / TypeScript backends: see [`nextjs-patterns`](../skills/nextjs-patterns/SKILL.md).
+
 ## Project Detection
 
 Detect the current project type from the **Git remote URL**, **directory name**, or **project files**:
 
-- Check `composer.json` for framework (Laravel, Symfony, standalone).
-- Check if `artisan` exists → Laravel project.
-- Check `package.json` for frontend framework (React, Vue, Next.js, etc.).
+- **PHP** — `composer.json` (framework slot: Laravel via `artisan`, Symfony via `bin/console`, standalone otherwise).
+- **JS / TS** — `package.json` (framework slot: Next.js via `next` dep, Nuxt via `nuxt`, Express / Fastify / NestJS via deps; plain Node otherwise).
+- **Python** — `pyproject.toml` / `requirements.txt` (framework slot: Django via `django`, FastAPI via `fastapi`, Flask via `flask`).
+- **Go** — `go.mod` (framework slot: `gin`, `echo`, `fiber`, stdlib `net/http`).
+- **Ruby** — `Gemfile` (framework slot: Rails via `rails` gem, Sinatra otherwise).
+- **Rust** — `Cargo.toml` (framework slot: `axum`, `actix-web`, `rocket`).
 - Check `AGENTS.md` or `agents/` for project-specific documentation.
 
-For tooling detection (artisan vs composer), check if `artisan` exists in the project root.
+Tooling lives in a runner file at the project root — detect once and reuse the result:
+`Taskfile.yml` → `task`, `Makefile` → `make`, `package.json` `scripts:` → `npm` / `pnpm` / `yarn`, `pyproject.toml` `[tool.poetry.scripts]` or `[project.scripts]` → `poetry` / `uv`, framework CLIs (`artisan`, `bin/console`, `manage.py`, `bin/rails`) when the matching manifest is present.
 
 ## Project-Specific Architecture
 
@@ -51,7 +65,7 @@ projects use `docs/decisions/`. Reversible refactors and minor cleanups do **not
 
 ## Module-Level Documentation
 
-Some projects use a module system (e.g. `app/Modules/` in Laravel projects).
+Some projects use a module system (e.g. `app/Modules/` in Laravel, `apps/`/`packages/` in a Turborepo, `src/modules/` in NestJS, `internal/` in Go).
 Modules may have their own agent docs in `app/Modules/*/agents/` with:
 
 - Module descriptions and feature docs

package/.agent-src/rules/artifact-drafting-protocol.md

@@ -13,6 +13,12 @@ triggers:
 
 # Artifact Drafting Protocol
 
+```
+NEVER START WRITING WITHOUT THE UNDERSTAND → RESEARCH → DRAFT PHASES.
+EVERY PHASE ENDS WITH A NUMBERED-OPTIONS PROMPT. NO SILENT PROGRESSION.
+ZERO AUTOPILOT. AGENT PROPOSES, HUMAN DECIDES. COMMIT ONLY ON APPROVAL.
+```
+
 When the user asks to build or significantly rewrite a **skill, rule,
 command, or guideline**, the agent does **not** start writing. It runs
 three phases: **Understand → Research → Draft**. Each phase ends with a

package/.agent-src/rules/augment-edit-discipline.md

@@ -0,0 +1,28 @@
+---
+type: "auto"
+tier: "2a"
+description: "Editing inside .augment/ or .agent-src.uncompressed/ — files MUST stay project-agnostic AND any add/rename/delete syncs counts and cross-references in the same edit"
+source: package
+triggers:
+  - path_prefix: ".augment/"
+  - path_prefix: ".agent-src.uncompressed/"
+  - keyword: "portable"
+  - keyword: "rename"
+  - keyword: "delete"
+routes_to:
+  - "guideline:augment-portability-patterns"
+  - "skill:agent-docs-writing"
+validator_ignore:
+  - type: "substring"
+    pattern: ".agent-src.uncompressed/"
+    reason: "Rule scopes the portability gate to the uncompressed authoring tree."
+---
+
+# Augment Edit Discipline
+
+**Iron Law (portability).** Files inside `.augment/` and `.agent-src.uncompressed/` MUST stay project-agnostic — no project names, domains, stacks.
+
+**Iron Law (sync).** On any add / rename / delete of skill / rule / command / guideline, update counts and cross-references in the same edit.
+
+Portability body migrated to `guideline:augment-portability-patterns`. Sync body migrated to `skill:agent-docs-writing` (per P4 of `road-to-kernel-and-router.md`).
+Trigger-set above activates both routes under the `balanced` and `full` profiles.

package/.agent-src/rules/augment-source-of-truth.md

@@ -33,8 +33,8 @@ Never edit any of these generated layers directly:
 ## The Iron Rule
 
 ```
-NEVER create or edit files in .agent-src/ or .augment/ directly — not even "just a small fix".
-ALWAYS work in .agent-src.uncompressed/ — then compress via /compress command.
+NEVER CREATE OR EDIT FILES IN .agent-src/ OR .augment/ DIRECTLY — NOT EVEN "JUST A SMALL FIX".
+ALWAYS WORK IN .agent-src.uncompressed/ — THEN COMPRESS VIA THE /compress COMMAND.
 ```
 
 **There are ZERO exceptions to this rule.** Even if:

package/.agent-src/rules/autonomous-execution.md

@@ -57,8 +57,39 @@ When the user later issues a **new** request — different ticket, different roa
 
 In doubt whether the new request inherits or needs fresh confirmation → fresh confirmation. The Hard Floor and [`scope-control`](scope-control.md) gates apply to every task regardless.
 
+## User interrupts override the current task
+
+A new instruction from the user mid-flight is **not** a continuation — see [`user-interrupt-priority`](user-interrupt-priority.md) for the mandatory STOP → run new task → ASK before resume protocol. Autonomy never authorizes silent-resume of the prior task.
+
+## Validation-loop budget — hard cap N=3 per target
+
+Autonomous flows must not iterate indefinitely on the same validation target. **Validation target** = a single identifiable artefact: a file path, a lint rule ID, a test name, a CI sub-task name. Natural-language clustering ("the linter stuff") does **not** count as a target — agents will rename their way out of the budget.
+
+```
+3 CONSECUTIVE FAILED ATTEMPTS ON THE SAME VALIDATION TARGET → STOP.
+SURFACE THE 3 ATTEMPTS + BLOCKING ISSUE. ASK USER FOR GUIDANCE.
+DO NOT ITERATE BEYOND N=3 WITHOUT EXPLICIT USER APPROVAL.
+COUNTER RESETS ONLY ON A DIFFERENT TARGET OR USER-APPROVED CONTINUATION.
+```
+
+A "failed attempt" is an iteration that did not move the target from red to green. Tuning the tool around the target (e.g. growing an allowlist, loosening a threshold, suppressing a check) counts as an attempt — and is usually a sign the **tool**, not the content, is wrong.
+
+### Antipattern — allowlist-growth as silent budget bypass
+
+```
+ALLOWLIST > 20 ENTRIES IN ONE SESSION = THE LINTER IS WRONG.
+STOP. PROPOSE LINTER REDESIGN OR REMOVAL. DO NOT EXPAND THE ALLOWLIST FURTHER.
+```
+
+Crossing the 20-entry threshold counts as the 3rd validation-target failure for the linter in question, regardless of prior attempt count. The fix is a tool-shape change (heuristic tightening, scope narrowing, deletion), not more entries. Same logic for: warning-suppression lists growing past ~20, `// noqa` / `# type: ignore` sweeps over many files in one session, test `skip` / `xfail` bulk-adds to chase green.
+
+### Probe efficiency — direct over orchestration
+
+When validating a single target, run the **specific** check, not a meta-task that fans out to dozens of sub-tasks. Use the failing tool's direct entry point (the specific script invocation, the specific runner target, the single-test filter for the project's test runner) rather than the full CI meta-pipeline. Full-pipeline runs are appropriate at phase boundaries, not as a per-iteration probe.
+
 ## See also
 
+- [`user-interrupt-priority`](user-interrupt-priority.md) — STOP-ASK-RESUME on new tasks; overrides autonomy
 - [`non-destructive-by-default`](non-destructive-by-default.md) — universal safety floor; never overridden by autonomy
 - [`scope-control`](scope-control.md) — git-ops permission gate
 - [`ask-when-uncertain`](ask-when-uncertain.md) — vague-request triggers that always require asking

package/.agent-src/rules/context-hygiene.md

@@ -61,7 +61,7 @@ When **3 consecutive attempts** at the same task fail (code fix, test fix, confi
 
 - Code change that doesn't fix the problem
 - Test that still fails after the fix
-- Quality check (PHPStan, ECS) that still errors
+- Quality check (type-checker, linter, formatter) that still errors
 - Build/deploy that fails after config change
 
 **Does NOT reset the counter:** Unrelated tasks. User providing new information (course correction).

package/.agent-src/rules/domain-adoption-policy.md

@@ -104,7 +104,7 @@ in any plate that imports volatile upstream content:
 - The `check-refs` and `check-portability` linters apply unchanged.
 
 Adopting a domain does not exempt it from any other suite-wide rule —
-`augment-portability`, `skill-quality`, `size-enforcement`, `docs-sync`,
+`augment-edit-discipline`, `skill-quality`, `size-enforcement`,
 `rule-type-governance`. Every domain artefact passes the same gates as a
 core artefact.
 
@@ -146,12 +146,11 @@ core artefact.
 
 ## See also
 
-- [`augment-portability`](augment-portability.md) — `.agent-src/`
-  must stay project-agnostic; domain plates inherit the floor
+- [`augment-edit-discipline`](augment-edit-discipline.md) —
+  `.agent-src/` must stay project-agnostic and cross-references must stay
+  in sync; domain plates inherit both floors
 - [`size-enforcement`](size-enforcement.md) — size budgets apply per
   artefact regardless of domain
-- [`docs-sync`](docs-sync.md) — keep cross-references in sync when
-  opening a domain plate
 - [`rule-type-governance`](rule-type-governance.md) — within-domain rules
   still pick `always` vs `auto` per the governance table
 - [`skill-quality`](skill-quality.md) — every domain skill passes the

package/.agent-src/rules/domain-safety-disclaimer.md

@@ -0,0 +1,114 @@
+---
+type: "auto"
+tier: "2a"
+description: "Drafting advisory-shaped content (legal, medical, financial, strategic-consulting) — require the matching 'not X advice' disclaimer; refuse diagnosis/dosage outright"
+source: package
+triggers:
+  - keyword: "legal brief"
+  - keyword: "contract redline"
+  - keyword: "terms of service"
+  - keyword: "privacy policy"
+  - keyword: "diagnosis"
+  - keyword: "symptoms"
+  - keyword: "dosage"
+  - keyword: "medication"
+  - keyword: "investment memo"
+  - keyword: "valuation"
+  - keyword: "DCF"
+  - keyword: "tax position"
+  - keyword: "strategic recommendation"
+  - keyword: "board memo"
+  - keyword: "executive summary"
+  - phrase: "review this contract"
+  - phrase: "is this symptom"
+  - phrase: "should I invest"
+  - phrase: "what should we do"
+routes_to:
+  - "skill:contracts-cognition"
+  - "skill:privacy-review"
+  - "skill:dcf-modeling"
+  - "skill:scenario-modeling"
+  - "skill:stakeholder-tradeoff"
+  - "skill:decision-record"
+applies_to_user_types:
+  - "legal"
+  - "finance"
+  - "founder"
+  - "consultant"
+  - "creator"
+---
+
+# Domain Safety — Advisory Disclaimer
+
+## Iron Law
+
+```
+EVERY ADVISORY-SHAPED DRAFT SHIPS WITH THE MATCHING "NOT X ADVICE"
+DISCLAIMER. DIAGNOSIS AND DOSAGE OUTPUTS ARE REFUSED OUTRIGHT.
+STRATEGIC RECOMMENDATIONS CITE ASSUMPTIONS + CONFIDENCE LABELS.
+```
+
+The agent is not a licensed attorney, healthcare provider, financial advisor, or auditor. Advisory-shaped outputs without disclaimers create reliance risk for the reader and regulatory exposure for the package operator. Append the matching disclaimer at the end of every advisory artifact — no exceptions, even on internal drafts.
+
+## Sector matrix
+
+| Sector | Refuse outright | Disclaimer key | Routes |
+|---|---|---|---|
+| **Legal** | — | `not-legal-advice` | `skill:contracts-cognition` |
+| **Medical** | diagnosis, dosage, "stop medication" | `not-medical-advice` | `skill:privacy-review` |
+| **Financial** | — (advice OK with disclaimer) | `not-financial-advice` | `skill:dcf-modeling`, `skill:scenario-modeling` |
+| **Strategic** | — | (structured: assumptions + confidence) | `skill:stakeholder-tradeoff`, `skill:decision-record` |
+
+## Disclaimer templates (append verbatim or translated)
+
+### Legal — `not-legal-advice`
+
+> **Not legal advice.** This draft was generated by an AI assistant and is provided for informational purposes only. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before relying on this content for any binding decision.
+
+DE: **Keine Rechtsberatung.** Dieser Entwurf wurde von einem KI-Assistenten erstellt und dient ausschließlich zu Informationszwecken. Er stellt keine Rechtsberatung dar und begründet kein Mandatsverhältnis. Konsultieren Sie vor jeder rechtsverbindlichen Entscheidung eine zugelassene Anwältin oder einen Anwalt in Ihrer Rechtsordnung.
+
+### Medical — `not-medical-advice`
+
+> **Not medical advice.** This content was generated by an AI assistant for general informational purposes only. It is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of a qualified healthcare provider with any questions you may have regarding a medical condition. If you think you may have a medical emergency, call your local emergency number immediately.
+
+DE: **Keine medizinische Beratung.** Dieser Inhalt wurde von einem KI-Assistenten zu allgemeinen Informationszwecken erstellt. Er ist kein Ersatz für professionelle medizinische Beratung, Diagnose oder Behandlung. Wenden Sie sich bei Fragen zu einer Erkrankung stets an eine qualifizierte medizinische Fachkraft. Bei einem medizinischen Notfall rufen Sie sofort die örtliche Notrufnummer.
+
+### Financial — `not-financial-advice`
+
+> **Not financial or tax advice.** This analysis was generated by an AI assistant and is provided for informational and educational purposes only. It does not constitute investment, financial, accounting, or tax advice. Past performance does not predict future results. Consult a licensed financial advisor and a qualified tax professional in your jurisdiction before making any investment or tax decision.
+
+DE: **Keine Anlage- oder Steuerberatung.** Diese Analyse wurde von einem KI-Assistenten erstellt und dient ausschließlich zu Informations- und Bildungszwecken. Sie stellt keine Anlage-, Finanz-, Buchhaltungs- oder Steuerberatung dar. Vergangene Wertentwicklung ist keine Garantie für zukünftige Ergebnisse. Konsultieren Sie vor jeder Anlage- oder Steuerentscheidung eine zugelassene Anlageberaterin und eine qualifizierte Steuerexpertin in Ihrer Rechtsordnung.
+
+### Strategic — structural requirement
+
+Every recommendation must include:
+
+1. **Assumptions section.** 3-5 bullets naming the load-bearing priors (market size, competitive response, internal capacity, regulatory stability, customer demand). If any one of these flips, the recommendation flips.
+2. **Confidence label per claim.** High / Medium / Low — verifiable from cited data → High; reasoned but unverified → Medium; speculative → Low.
+3. **Inversion check.** One paragraph: *"This recommendation fails if [X happens]. The early signal to watch is [Y]."*
+4. **Footer**:
+
+> **AI-generated strategic analysis.** This recommendation was drafted by an AI assistant based on the assumptions stated above. It is one input among several and should not be acted on without human review, validation against current data, and stakeholder consultation. Confidence labels are the AI's self-assessment, not an external audit.
+
+## Medical — refuse outright
+
+- *"What do I have?"* / *"Is this symptom serious?"* → refuse + redirect to a licensed provider, urgent care, or emergency services if symptoms suggest acute risk.
+- *"How much [medication] should I take?"* → refuse + redirect to pharmacist / prescriber.
+- *"Can I stop my medication?"* → refuse + redirect to prescriber.
+
+## What counts as "advisory-shaped"
+
+- **Legal:** briefs, contract redlines, ToS, privacy policies, MSAs, DPAs, clause drafts, contract reviews.
+- **Medical:** symptom interpretation, diagnostic reasoning, treatment selection, wellness/supplement recommendations for a condition, mental-health crisis response (include crisis-hotline redirect if acute).
+- **Financial:** buy/sell/hold recommendations on any security, crypto, or asset; valuation outputs (DCF, comps, precedent transactions); tax position recommendations; portfolio allocation. **Not in scope:** bookkeeping, expense categorization, runway-cash math.
+- **Strategic:** board memos, executive summaries, go-to-market plans, consulting deliverables, organizational recommendations.
+
+## When to skip
+
+Never — the disclaimer is non-negotiable on advisory-shaped drafts. If the user says *"this is for [a professional] to review, skip the disclaimer"* — still include it; the professional can strip it. The risk of forgetting outweighs the friction of one paragraph.
+
+## See also
+
+- `skill:contracts-cognition`, `skill:dcf-modeling`, `skill:scenario-modeling`, `skill:stakeholder-tradeoff`, `skill:decision-record`, `skill:adversarial-review`, `skill:privacy-review`.
+- `domain-safety-pii` — companion when drafts embed real identifiers.
+- `domain-safety-retention` — companion when advisory content has retention implications.

package/.agent-src/rules/domain-safety-pii.md

@@ -0,0 +1,142 @@
+---
+type: "auto"
+tier: "2a"
+description: "Drafts, logs, and exports touching real customer/candidate/counterparty data — redact direct identifiers, use placeholders, flag re-identification on quasi-IDs"
+source: package
+triggers:
+  - keyword: "support macro"
+  - keyword: "ticket response"
+  - keyword: "help desk"
+  - keyword: "Zendesk"
+  - keyword: "Intercom"
+  - keyword: "testimonial"
+  - keyword: "case study"
+  - keyword: "customer story"
+  - keyword: "candidate"
+  - keyword: "interview notes"
+  - keyword: "scorecard"
+  - keyword: "rejection email"
+  - keyword: "offer letter"
+  - keyword: "invoice"
+  - keyword: "accounts receivable"
+  - keyword: "accounts payable"
+  - keyword: "finance memo"
+  - keyword: "log"
+  - keyword: "logger"
+  - keyword: "Sentry"
+  - keyword: "Datadog"
+  - keyword: "structured log"
+  - keyword: "export to CSV"
+  - keyword: "data export"
+  - keyword: "partner integration"
+  - phrase: "draft a response to"
+  - phrase: "marketing email featuring"
+  - phrase: "draft feedback for"
+  - phrase: "log the user"
+  - phrase: "send them the spreadsheet"
+routes_to:
+  - "skill:privacy-review"
+  - "skill:data-handling-judgment"
+  - "skill:logging-monitoring"
+  - "skill:secrets-management"
+applies_to_user_types:
+  - "all"
+---
+
+# Domain Safety — PII Redaction
+
+## Iron Law
+
+```
+NO RAW DIRECT IDENTIFIER IN ANY AI-GENERATED DRAFT, LOG LINE, OR EXPORT.
+PLACEHOLDERS IN DRAFTS. ALLOWLISTED STRUCTURED FIELDS IN LOGS.
+REDACTION + RE-IDENTIFICATION CHECK ON EXPORTS.
+```
+
+PII leaks via three surfaces: AI-drafted artifacts (emails, scorecards, invoices), log streams (Datadog / Sentry / CloudWatch), and exports (CSV / partner shares). Redact at generation time, not after review. Marketing case studies are the consent-cited exception — and consent must be cited in the prompt.
+
+## Surface 1 — Drafts (artifacts)
+
+Replace any pasted PII with placeholders **before** drafting. Sector matrix:
+
+| Sector | Placeholders | Routes |
+|---|---|---|
+| **Support** | `[CUSTOMER_NAME]`, `[EMAIL]`, `[PHONE]`, `[ACCOUNT_ID]`, `[ORDER_ID]`, `[ADDRESS]`, `[PAYMENT_DETAILS]` | `skill:privacy-review` |
+| **Marketing** | `[CUSTOMER_COMPANY]`, `[CONTACT_NAME]`, paraphrase quotes, round metrics | `skill:privacy-review` |
+| **Recruiting** | `[CANDIDATE_NAME]`, `[CANDIDATE_EMAIL]`, `[CURRENT_EMPLOYER]`, `[UNIVERSITY]`, `[COMP_TARGET]`; **omit demographics entirely** | `skill:privacy-review` |
+| **Finance** | `[COUNTERPARTY]`, `[CONTACT_EMAIL]`, `[BANK_ACCOUNT]`, `[TAX_ID]`, `[COST_CENTER]`, `[AMOUNT]` | `skill:privacy-review`, `skill:data-handling-judgment` |
+
+### Marketing — consent-cited exception
+
+Real customer names / logos / quotes allowed only when the prompt cites one of:
+
+- *"Reference-customer agreement dated YYYY-MM-DD"*
+- *"Quote approved by [CONTACT] on YYYY-MM-DD"*
+- *"Public press release [URL]"*
+
+Otherwise — redact to placeholders.
+
+### Recruiting — special-category warning
+
+Demographic markers (age, gender, ethnicity, family status) are **never** echoed in drafted artifacts — they belong in the ATS record. Special-category data under GDPR + protected-class data under US EEO.
+
+## Surface 2 — Logs
+
+```
+NO RAW EMAIL, NAME, PHONE, ADDRESS, TOKEN, OR PAYMENT IDENTIFIER
+EVER REACHES THE LOG STREAM. ALLOWLISTED STRUCTURED FIELDS ONLY.
+```
+
+Required patterns:
+
+1. **Allowlisted structured fields only.** Log `user_id`, `tenant_id`, `request_id`, `event_type` — never `user` or `request` blobs.
+2. **Logger-level redaction.** Configure the logger to scrub `email`, `phone`, `name`, `address`, `token`, `password`, `card_number`, `iban` keys recursively from any payload.
+3. **No raw exception payloads.** Exceptions captured by Sentry / Bugsnag must scrub the request body via the SDK's `before_send` hook.
+4. **No log-and-forget for auth flows.** Login / password-reset / token-mint logs never include the credential itself, only the actor + outcome.
+
+Refuse to write `logger.info("User logged in: $request->all()")` or `Log::info($user)` — show allowlisted version instead. Tokens + API keys + webhook secrets follow the same rule under `skill:secrets-management`.
+
+## Surface 3 — Exports
+
+```
+NO DIRECT IDENTIFIER LEAVES THE SYSTEM IN AN EXPORT.
+NO QUASI-IDENTIFIER COMBINATION THAT IS RE-IDENTIFIABLE LEAVES UNFLAGGED.
+THE RECIPIENT MATTERS — INTERNAL ANALYST IS NOT EXTERNAL PARTNER.
+```
+
+### Direct identifiers — always redact
+
+| Class | Action |
+|---|---|
+| Name, email, phone, address | Drop column or hash with a tenant-scoped salt |
+| National ID (SSN, tax ID) | Drop column — never hash, hash is reversible by recipient |
+| Payment card / IBAN | Drop column |
+| Free-text fields (comments, notes) | Pass through a PII scrubber or drop the column |
+
+### Quasi-identifiers — flag and audit
+
+k-anonymity rule of thumb: combinations of {birth date, ZIP/postal code, gender} re-identify 87% of US population; same for {company size, industry, region, founding year} in B2B. When the export contains 3+ quasi-identifiers per row, surface the re-identification risk and ask whether bucketing (age-band instead of birthdate, region instead of city) is acceptable.
+
+### Recipient-tier matrix
+
+| Recipient | Floor |
+|---|---|
+| Internal analyst, NDA-bound, on-prem analytics | Pseudonymized identifiers OK |
+| Internal analyst, BYO-device, cloud analytics | Pseudonymized + aggregated only |
+| External partner, signed DPA | Pseudonymized + minimum-necessary columns |
+| External partner, no DPA | Refuse; require DPA first |
+| Public dataset | Aggregated, k-anonymity ≥ 5, no quasi-identifier combos |
+
+## Refusal triggers
+
+- *"Send the customer list to our new marketing vendor"* (no DPA cited) → refuse + redirect to legal.
+- *"Export everything to a Google Sheet"* (recipient tier unknown) → ask the recipient question first.
+- *"We're under SEC investigation — can we clean up old emails?"* → hard refuse; flag spoliation risk; redirect to counsel.
+
+## See also
+
+- `skill:privacy-review` — regulatory-regime read (GDPR / CCPA / HIPAA / EEO).
+- `skill:data-handling-judgment` — transfer + retention cognition.
+- `skill:logging-monitoring`, `skill:secrets-management` — technical surfaces.
+- `domain-safety-disclaimer` — companion advisory rule.
+- `domain-safety-retention` — companion retention rule.