@event4u/agent-config 2.25.0 → 2.26.0

package/.agent-src/rules/domain-safety-retention.md

@@ -0,0 +1,86 @@
+---
+type: "auto"
+tier: "2a"
+description: "Data retention guidance (finance records, support/CRM data) — name the jurisdiction gap, default to longest applicable floor, honor DSR/audit holds, never delete under inquiry"
+source: package
+triggers:
+  - keyword: "retention policy"
+  - keyword: "data retention"
+  - keyword: "record retention"
+  - keyword: "ticket retention"
+  - keyword: "CRM retention"
+  - keyword: "delete financial"
+  - keyword: "purge invoice"
+  - keyword: "DSAR"
+  - keyword: "data subject request"
+  - keyword: "right to be forgotten"
+  - phrase: "how long should we keep"
+  - phrase: "when can we delete"
+  - phrase: "delete customer data"
+  - phrase: "how long do we keep tickets"
+routes_to:
+  - "skill:data-handling-judgment"
+  - "skill:privacy-review"
+applies_to_user_types:
+  - "finance"
+  - "ops"
+  - "support"
+  - "gtm"
+---
+
+# Domain Safety — Data Retention
+
+## Iron Law
+
+```
+NAME THE JURISDICTION GAP. DEFAULT TO THE LONGEST APPLICABLE FLOOR.
+NEVER RECOMMEND DELETION UNDER AUDIT HOLD, LITIGATION HOLD, OR REGULATORY INQUIRY.
+SUPPORT-DATA ANSWERS DISTINGUISH RAW (PII-LADEN) FROM AGGREGATE (DE-IDENTIFIED).
+DSR-READINESS IS A FLOOR, NOT A CEILING.
+```
+
+Retention questions look operational but are regulatory minefields: tax-authority floors, statute-of-limitations windows, GAAP / IFRS, consent windows, GDPR DSR clocks, and contractual obligations stack non-trivially. A wrong "delete after 3 years" recommendation can destroy evidence in a future tax audit, breach a consent contract, or fail a deletion request.
+
+## Track 1 — Finance / record retention
+
+Required surface in every finance-retention answer:
+
+1. **Jurisdiction gap.** *"Retention floor depends on jurisdiction — name yours."* Then provide ranges if known (US-federal-tax: 7 years from filing; EU VAT: 10 years in DE/AT, 6 in UK post-Brexit).
+2. **Audit / litigation hold check.** *"If any of these apply, do not delete: open tax audit, pending litigation, regulatory inquiry, contractual record-keeping clause, criminal investigation."*
+3. **Longest-floor default.** When multiple floors apply, the longest wins. Document the chosen floor.
+4. **Disclaimer.** Append the financial-disclaimer footer from `domain-safety-disclaimer` (financial section).
+
+## Track 2 — Support / CRM retention
+
+The right answer to *"how long do we keep tickets?"* is almost never a single number — it's a two-track policy. Raw ticket bodies contain PII and must respect deletion requests on a DSR clock (typically 30 days under GDPR). De-identified aggregate analytics (resolution times, category counts) can persist indefinitely for product / ops insight.
+
+Required structure:
+
+1. **Two tracks.** Raw ticket body + attachments (PII): short retention with DSR honoring. Aggregate metrics (de-identified): long retention OK.
+2. **Consent-window check.** If consent was time-bound (e.g., *"we'll keep your data for 12 months for support quality"*), name the expiry and the deletion job that must run.
+3. **DSR readiness.** *"You must be able to honor a deletion request within [N] days. The system needs a query that finds every ticket + attachment + log line tied to one customer."*
+4. **Backup retention gotcha.** *"Backups also contain PII. Either purge on the same DSR clock or document that backups are inaccessible and rotate within [N] days."*
+
+### Default support floors (cite, then qualify)
+
+| Class | Typical floor | Driver |
+|---|---|---|
+| Raw ticket body | 12-24 months from close | Consent window + DSR readiness |
+| Attachments with PII | 6-12 months | Higher leak risk → shorter |
+| Aggregate analytics (de-identified) | Indefinite | No PII linkage |
+| Quality-assurance recordings | 30-90 days | Consent typically narrow |
+
+Verify against the customer's privacy notice, regulatory regime, and contractual data-processing agreements before locking values.
+
+## Refusal triggers
+
+- *"Delete all invoices older than 2 years"* (without jurisdiction context) → refuse + ask the jurisdiction-gap question.
+- *"We're under SEC investigation — can we clean up old emails?"* → hard refuse; flag spoliation risk; redirect to counsel.
+- *"Just purge the CRM"* (no DSR/consent context) → refuse + walk through the two-track policy.
+
+## See also
+
+- `skill:data-handling-judgment` — retention + transfer + DSR cognition.
+- `skill:privacy-review` — regulatory-regime read.
+- `domain-safety-disclaimer` — companion advisory disclaimer (financial track).
+- `domain-safety-pii` — companion for PII in drafts/logs/exports.

package/.agent-src/rules/downstream-changes.md

@@ -71,7 +71,7 @@ event payload, job constructor), assess the impact:
 
 After completing all downstream changes:
 
-1. **No broken imports** — `php -l` or PHPStan catches these
-2. **No broken tests** — run the test suite
-3. **No broken types** — PHPStan Level 9 catches signature mismatches
-4. **No stale references** — grep for the old name/namespace to confirm zero results
+1. **No broken imports / parse errors** — language-native syntax check (`php -l`, `tsc --noEmit`, `python -m py_compile`, `go build ./...`, `cargo check`).
+2. **No broken tests** — run the project test suite (Pest / PHPUnit, Jest / Vitest, pytest, `go test ./...`, `cargo test`).
+3. **No broken types / signatures** — project's type-checker (PHPStan / Psalm, TypeScript, mypy / pyright, `go vet`, `cargo check`).
+4. **No stale references** — grep for the old name / namespace / import path to confirm zero results.

package/.agent-src/rules/framework-neutrality-in-generic-skills.md

@@ -0,0 +1,130 @@
+---
+type: "auto"
+tier: "2a"
+description: "When editing a generic skill/rule/command — block single-stack mandates; use language-agnostic procedures with carve-out pointers."
+source: package
+triggers:
+  - path_prefix: ".agent-src.uncompressed/skills/"
+  - path_prefix: ".agent-src.uncompressed/rules/"
+  - path_prefix: ".agent-src.uncompressed/commands/"
+  - keyword: "FormRequest"
+  - keyword: "PHPStan"
+  - keyword: "php artisan"
+  - keyword: "composer.json"
+  - keyword: "Eloquent"
+  - keyword: "Pest"
+  - keyword: "Blade"
+  - keyword: "vendor/bin"
+  - keyword: "Artisan"
+  - keyword: "Rector"
+  - phrase: "every controller"
+  - phrase: "all controllers"
+  - phrase: "generic skill"
+applies_to_user_types:
+  - "maintainer"
+validator_ignore:
+  - type: "substring"
+    pattern: ".agent-src.uncompressed/"
+    reason: "Rule's subject is generic artifacts under .agent-src.uncompressed/; every body link points there by design."
+  - type: "substring"
+    pattern: "scripts/lint_framework_leakage"
+    reason: "Rule cites the enforcing linter script by name in body and enforcement section."
+---
+
+# framework-neutrality-in-generic-skills
+
+## The Iron Law
+
+```
+NO GENERIC ARTIFACT MAY MANDATE A SPECIFIC FRAMEWORK.
+SPECIFICS BELONG IN CARVE-OUT ARTIFACTS (laravel-*, symfony-*,
+nextjs-*, pest-*, eloquent, quality-tools).
+```
+
+A generic skill, rule, or command names a *procedure* — what to do.
+A carve-out artifact names a *stack* — how that procedure looks in
+Laravel, Next.js, Pest, etc. Mixing the two leaks framework assumptions
+into surfaces the agent must trigger on regardless of project stack.
+
+## Scope
+
+This rule fires on edits under:
+
+- `.agent-src.uncompressed/skills/`
+- `.agent-src.uncompressed/rules/`
+- `.agent-src.uncompressed/commands/`
+
+**Exempt** (file or directory name matches — these are correctly
+framework-specific): `laravel*`, `symfony*`, `nextjs*`, `react-*`,
+`^php-*`, `^pest-*`, `^eloquent`, `^blade*`, `^livewire`, `^flux`,
+`^artisan-*`, `^composer-*`, `^docker*`, `^aws-*`, `^grafana`,
+`^openapi$`, `^quality-tools`, `^sql-writing`, `^tailwind*`,
+`^terraform*`, `^terragrunt*`, `^traefik`, `^mobile-e2e`,
+`-routing$`, `project-analysis-(laravel|symfony|nextjs|react|node-express|zend-laminas)`.
+
+## Forbidden patterns in generic artifacts
+
+| Pattern | Why it leaks | Fix |
+|---|---|---|
+| `FormRequest` as a mandate | Laravel-only validation class | Say "request-validation primitive (FormRequest in Laravel, zod in Next.js, pydantic in FastAPI)" or move to `laravel-validation` carve-out |
+| `php artisan …` as a canonical command | Laravel CLI | Generalize to "the framework's CLI" or move to `artisan-commands` carve-out |
+| `PHPStan` as the only example | PHP-only static analyser | List peers (`mypy` for Python, `tsc` for TypeScript) or move to `quality-tools` carve-out |
+| `composer.json` mentioned alone | PHP package manifest | Add `package.json` / `pyproject.toml` peers, or move to a PHP-scoped carve-out |
+| `Eloquent` / `Model::…` | Laravel ORM | Generalize to "the project's ORM/data layer" or move to `eloquent` carve-out |
+| `Pest` as the only test runner | PHP/Laravel test framework | List peers (`pytest`, `vitest`, `jest`) or move to `pest-testing` carve-out |
+| `Blade` / `Livewire` / `Flux` as default UI | Laravel view stack | Generalize to "the project's UI layer" or move to `blade-ui` / `livewire` / `flux` carve-outs |
+| `vendor/bin/<tool>` as a canonical path | PHP/Composer-specific binary path | Say "the project's quality CLI" or carve-out it |
+| `Rector` as the only refactor tool | PHP-only refactorer | List peers (`ts-morph`, `libcst`) or carve-out it |
+| "every controller" / "all controllers" | Assumes MVC PHP framework | Generalize to "every request handler" / "every endpoint" |
+
+## Allowed: cross-stack documentation
+
+Multi-stack tables or detection maps with **at least two ecosystems
+side-by-side** are documentation, not leakage. The linter's
+auto-detect heuristic (Step 0.5 of the audit roadmap) skips a hit when
+its ±2-line window contains patterns from a different ecosystem family
+(`php_family` vs `js_family` vs `python_family`).
+
+Example (allowed):
+
+```
+- PHP/Composer project → `composer.json` present
+- Node project        → `package.json` present
+- Python project      → `pyproject.toml` present
+```
+
+## Allowed: carve-out pointers
+
+A generic artifact may end a section with a one-line handoff to its
+framework-specific peers. Canonical shape:
+
+```
+→ Laravel-specific: see [laravel-validation](../skills/laravel-validation/SKILL.md)
+→ Next.js-specific: see [nextjs-patterns](../skills/nextjs-patterns/SKILL.md)
+```
+
+The pointer is a link, not a procedure — the generic artifact never
+inlines stack-specific code.
+
+## Enforcement
+
+`scripts/lint_framework_leakage.py` runs in the package CI pipeline.
+Exit codes:
+
+- `0` — no hits, or every hit is auto-detected as cross-stack, or
+  every hit is allowlisted in
+  `scripts/lint_framework_leakage_allowlist.json` with a `reason`.
+- `1` — at least one hit in a generic artifact (non-carve-out) that
+  is neither cross-stack nor allowlisted.
+
+The linter is intentionally noisy on first introduction — the audit
+roadmap drives hits to zero phase by phase.
+
+## See also
+
+- [`roadmap-ci-steps-policy`](roadmap-ci-steps-policy.md) — sibling
+  Tier-2a rule that drove this pattern.
+- [`skill-quality`](skill-quality.md) — every skill must remain
+  executable; carve-outs must still pass skill-quality.
+- [`scope-control`](scope-control.md) — neutralizing a skill is not
+  a refactor pretext; only touch the leaking sentences.

package/.agent-src/rules/git-history-discipline.md

@@ -0,0 +1,99 @@
+---
+type: "auto"
+tier: "2a"
+alwaysApply: false
+description: "Git history operations — never rebase/squash/amend without explicit request; once pushed, rewrites must pair with immediate re-push in same turn"
+source: package
+triggers:
+  - intent: "rebase the branch"
+  - intent: "squash commits"
+  - intent: "clean up commit history"
+  - intent: "fold this into the previous commit"
+  - intent: "tidy history after pushing"
+  - keyword: "git rebase"
+  - keyword: "fixup"
+  - keyword: "--amend"
+  - keyword: "force-push"
+  - keyword: "--force-with-lease"
+  - keyword: "squash-merge"
+  - phrase: "branch diverged"
+  - phrase: "pull --rebase failed"
+  - phrase: "ahead and behind"
+routes_to:
+  - "skill:git-workflow"
+---
+
+# Git History Discipline
+
+## Iron Law — Gate (no unsolicited rewrites)
+
+```
+NEVER REBASE, SQUASH, FIXUP, OR AMEND PUBLISHED OR LOCAL HISTORY
+WITHOUT THE USER ASKING FOR IT THIS TURN.
+LINEAR HISTORY IS A PREFERENCE, NOT A DEFAULT.
+COMMIT-CHUNK ORDER IS NOT A CORRECTNESS GOAL.
+```
+
+Add the next commit on top. Never reorder, fold, drop, or rewrite earlier
+commits to make the log "look right".
+
+## Iron Law — Protocol (once authorized)
+
+```
+ONCE PUSHED, A COMMIT IS PUBLISHED.
+ANY REWRITE OF PUSHED HISTORY MUST PAIR WITH AN IMMEDIATE RE-PUSH
+IN THE SAME TURN — OR DON'T REWRITE.
+NEVER END A SESSION WITH REWRITTEN-BUT-UNPUSHED LOCAL HISTORY.
+```
+
+## When rewrite is allowed
+
+Exactly three:
+
+1. **User says so this turn** — "rebase onto main", "squash these two", "amend that". This operation only, not a standing rule.
+2. **Standing instruction not yet revoked** — the user said earlier in the conversation "always squash before pushing"; honor it.
+3. **Conflict resolution forced by `git pull --rebase`** — the user already invoked the rebase via pull; finish it.
+
+Anything else — chunk-tidiness, "logical order", folding a follow-up fix into its parent — **forbidden**. The follow-up ships as its own commit (`fix: …`, `chore: …`).
+
+## Two protective stops (for the protocol phase)
+
+1. **Pre-rewrite stop.** Before any squash / amend / rebase on a branch that is on origin: `git fetch && git rev-list --left-right --count HEAD...@{u}`. If **either** side is non-zero — STOP and route to `skill:git-workflow § Divergent-State Recovery`. A blind `git pull --rebase` in this state is the documented failure mode.
+
+2. **Post-rewrite stop.** After the rewrite, push in the **same turn** with `--force-with-lease=<branch>:<fetched-sha>` and verify `git rev-parse origin/<branch>` equals `git rev-parse HEAD`. If the push fails (hook, network, token budget) — fix the cause and re-push **before** ending the session, committing new work, or handing off.
+
+If either stop fires and resolution is not immediate → tag the state (`git tag local-rewritten-tip-<ISO-date>`) and hand control back to the user. Do not let a new session inherit a dirty divergence.
+
+## Equivalents that are also forbidden by default
+
+- `git rebase -i` (interactive)
+- `git rebase --autosquash`
+- `git commit --fixup` / `--squash` (helpers that feed autosquash)
+- `git commit --amend` on already-pushed commits
+- `git push --force` / `--force-with-lease` (unless paired with the protocol)
+- `git reset --hard` past unpushed work the user might want
+- Squash-merge of a PR via API or CLI when the user has not picked the merge strategy
+- Cherry-pick rewriting that drops or reorders commits
+
+`--amend` on the *current local* commit before the first push is the narrow exception (treated as continuing to compose the commit, not rewriting history).
+
+## Why this rule exists
+
+Interactive rebase + fixup loops generate disproportionate token cost on every iteration: re-running CI per replayed commit, resolving the same content conflict in three derived files (`.compression-hashes.json`, `router.json`, `.windsurfrules`), losing the working tree to a stash that silently re-introduces older state. A single conflict can burn the budget of an entire feature.
+
+A previous session squashed a pushed branch, the push hook failed at the token boundary, the session ended — and the next session saw local and origin pointing at different SHAs for the same logical work. A blind `git pull --rebase` cascaded into conflicts across every derived file. Recovery required forensic SHA-archaeology. The pre/post-rewrite stops make that sequence structurally impossible.
+
+## When you'd be tempted
+
+- "I want commit 3 to come before commit 2 because the topic flows better." → don't. Reviewers read the PR diff.
+- "There are two `chore: regenerate` commits, ugly." → don't. They are honest checkpoints.
+- "A linter caught an issue in commit 2 — let me fold the fix in." → don't. Add `fix(scope): …` on top.
+- "I want to drop the WIP commit before pushing." → ask the user first.
+- "Squash-merge when I open the PR will clean it anyway." → also true, also irrelevant — let the merge strategy do that work, not you.
+
+## See also
+
+- [`scope-control`](scope-control.md) — git-ops permission gate ("rebase" already named in the canonical list).
+- [`commit-policy`](commit-policy.md) — commits are the user's call; rewriting them is a stronger version of the same restriction.
+- [`token-efficiency`](token-efficiency.md) — Iron Law on burning the user's tokens for cosmetic gain.
+- [`skill:git-workflow`](../skills/git-workflow/SKILL.md) — Safe Squash-After-Push protocol and Divergent-State Recovery decision tree.

package/.agent-src/rules/minimal-safe-diff.md

@@ -12,6 +12,12 @@ triggers:
 
 # Minimal Safe Diff
 
+```
+THE DIFF CONTAINS THE SMALLEST CHANGE THAT SOLVES THE STATED PROBLEM.
+NEVER REFORMAT, RENAME, OR RESTRUCTURE UNTOUCHED CODE IN THE SAME DIFF.
+NEVER ADD DRIVE-BY EDITS, OPPORTUNISTIC REFACTORS, OR DEPENDENCY BUMPS.
+```
+
 A diff is **safe** when every line in it is traceable to the stated task.
 Every other line is scope creep and must be removed or moved to a separate
 change.

package/.agent-src/rules/no-roadmap-references.md

@@ -126,8 +126,10 @@ Failure modes:
 
 ## See also
 
-- [`docs-sync`](docs-sync.md) — cross-reference sync after rename / delete
-- [`agent-docs`](agent-docs.md) — roadmap layer conventions
+- [`augment-edit-discipline`](augment-edit-discipline.md) — portability
+  + cross-reference sync after rename / delete
+- [`skill:agent-docs-writing`](../skills/agent-docs-writing/SKILL.md) —
+  roadmap layer conventions
 - [`roadmap-progress-sync`](roadmap-progress-sync.md) — sync dashboard
   on roadmap touch
 - [`augment-source-of-truth`](augment-source-of-truth.md) — edit

package/.agent-src/rules/user-interrupt-priority.md

@@ -0,0 +1,46 @@
+---
+type: "always"
+tier: "1"
+description: "User interrupts override the current task — STOP, complete new task in full, then ASK before resuming; never silently return to prior work"
+alwaysApply: true
+source: package
+load_context:
+  - ../contexts/execution/interrupt-examples.md
+---
+
+# User-Interrupt Priority
+
+A new instruction mid-flight is **not** a continuation. Examples and failure modes: [`contexts/execution/interrupt-examples.md`](../contexts/execution/interrupt-examples.md).
+
+## The Iron Law
+
+```
+NEW TASK FROM USER MID-FLIGHT → STOP CURRENT TASK.
+COMPLETE NEW TASK IN FULL.
+THEN ASK BEFORE RESUMING THE OLD TASK.
+NEVER SILENTLY RESUME.
+```
+
+Holds regardless of `personal.autonomy`, a standing autonomy directive, or roadmap authorization. Autonomy narrows trivial workflow questions — it does not authorize ignoring a fresh instruction.
+
+## Classify every user turn
+
+| Bucket | Signal | Action |
+|---|---|---|
+| **Continuation** | Same deliverable + target + success criterion. "weiter", "next step". | Keep working. |
+| **Clarification** | Question / correction about the current task. No new deliverable. | Answer, then continue. |
+| **Interrupt** | Different deliverable, target, or success criterion. Meta-tasks ("audit", "stop and analyze") count. | STOP. Run new task. ASK before resume. |
+
+In doubt → treat as interrupt. Cost of a spurious ask is one turn; cost of silent-resume is the rest of the unwanted work.
+
+## Stop-ask-resume protocol
+
+1. **STOP** — abandon the current tool plan. No "one more check" unless the new instruction says so.
+2. **EXECUTE** the new task in full. All other rules (Hard Floor, scope, autonomy) apply.
+3. **ASK** when done — name the interrupted task and request a resume decision:
+
+```
+Done with <new task>. Resume <interrupted task name>? (yes / no / different)
+```
+
+Only resume on `yes` or a restatement. "and then continue with X" = explicit resume authorization; no re-ask.

package/.agent-src/rules/verify-before-complete.md

@@ -22,7 +22,7 @@ If you haven't run the verification command **in this message**, you cannot clai
 
 Before claiming ANY work is complete:
 
-1. **IDENTIFY** — What command proves this claim? (tests, PHPStan, build, etc.)
+1. **IDENTIFY** — What command proves this claim? (tests, type-checker, linter, build — whichever the project actually runs)
 2. **RUN** — Execute the full command (fresh, complete, not cached)
 3. **READ** — Full output, check exit code, count failures
 4. **VERIFY** — Does the output actually confirm the claim?
@@ -43,7 +43,7 @@ Skip any step = the claim is unverified.
 - Expressing satisfaction before running verification
 - About to commit/push without running tests + quality
 - Trusting a previous run from earlier in the conversation
-- Relying on partial verification (ran tests but not PHPStan)
+- Relying on partial verification (ran tests but skipped the type-checker / linter)
 - ANY wording implying success without fresh evidence
 
 ## Verification commands
@@ -64,3 +64,12 @@ all live in
 The Iron Law and the Gate above are the obligation surface; the
 mechanics context is the lookup material the agent pulls when the
 gate fires.
+
+## Examples
+
+Pattern Memory — wrong / right / why demos for the Iron Law and the
+red-flags list:
+[`verify-before-complete-demos`](../docs/guidelines/agent-infra/verify-before-complete-demos.md)
+(hedged claims, trusting earlier runs, partial-verification creep).
+Outcome baseline locked at
+[`tests/golden/outcomes/verify_before_complete.json`](../../tests/golden/outcomes/verify_before_complete.json).

package/.agent-src/skills/adversarial-review/SKILL.md

@@ -104,7 +104,7 @@ Only surface trade-offs or concerns that need the user's input.
 - **feature-planning** — adversarial review after Understanding Lock, before presenting the plan.
 - **bug-analyzer** — review the proposed fix before implementing.
 - **code-review** — self-review before creating a PR.
-- **migration-creator** — review migration for data safety.
+- **laravel-migration** (or framework-native equivalent) — review migration for data safety.
 - **api-design** — review API design for consistency and breaking changes.
 - **security** — review security-sensitive changes for attack surface.
 

package/.agent-src/skills/ai-council/SKILL.md

@@ -3,6 +3,7 @@ name: ai-council
 description: "Use when polling external AIs (OpenAI, Anthropic) outside the host session for a neutral second opinion on a roadmap, diff, prompt, or file set — or 'cross-check with another model'."
 source: package
 domain: process
+meta_skill: true
 ---
 
 <!-- cloud_safe: degrade -->