@event4u/agent-config 3.0.0 → 3.1.0

package/.agent-src/commands/install-via-agent.md

@@ -0,0 +1,129 @@
+---
+name: install-via-agent
+tier: 2
+skills: []
+description: Drive `@event4u/agent-config` installer through its JSON agent-mode protocol — turn-by-turn workspace + pack selection without TTY.
+disable-model-invocation: true
+suggestion:
+  eligible: true
+  trigger_description: "install @event4u/agent-config in this project via agent mode, headless install, no TTY"
+  trigger_context: "user wants to install or re-install @event4u/agent-config and the agent should drive the picker (not a human at a terminal)"
+workspaces:
+  - agent-config-maintainer
+  - engineering
+packs:
+  - meta
+lifecycle: active
+trust:
+  level: core
+  confidence: high
+  human_review_required: false
+install:
+  default: false
+  removable: true
+---
+
+# /install-via-agent
+
+Drive the `@event4u/agent-config` installer through its **agent-mode**
+protocol — a JSON-over-stdio state machine that lets an LLM agent
+pick workspaces + packs turn-by-turn without a TTY.
+
+Contract: [`docs/contracts/installer-agent-mode.md`](../docs/contracts/installer-agent-mode.md).
+Architecture: [ADR-016](../../docs/decisions/ADR-016-installer-architecture.md) § 4, § 6.
+
+## When to use
+
+- Headless / CI install where no human is at a keyboard.
+- Re-install with a different workspace + pack mix.
+- Demonstrating the protocol for documentation or smoke tests.
+
+For interactive install with a human, run `npx @event4u/agent-config init`
+in a real terminal — the installer auto-detects the TTY and renders
+the `@inquirer/prompts` picker.
+
+## Steps
+
+### 1. Locate the installer
+
+```bash
+which agent-config-installer            # global install
+ls node_modules/.bin/agent-config-installer  # local install
+# OR run from monorepo dev:
+node packages/core/installer/dist/cli.js --version
+```
+
+### 2. Turn 1 — request the first question
+
+```bash
+agent-config-installer init --agent --dry-run
+```
+
+The CLI emits a single JSON line:
+
+```json
+{"status":"question","protocol_version":1,"id":"q1.workspaces", … "next_call":"init --agent --answer q1.workspaces=<value>"}
+```
+
+Parse `choices[]` and pick the workspaces the project needs (multi:
+comma-separated values, e.g. `engineering,product`).
+
+### 3. Turn 2 — answer workspaces, request pack list
+
+Execute the `next_call` substituting `<value>`:
+
+```bash
+agent-config-installer init --agent --dry-run --answer q1.workspaces=engineering
+```
+
+Response:
+
+```json
+{"status":"question","id":"q2.packs", … "next_call":"… --answer q1.workspaces=engineering --answer q2.packs=<value>"}
+```
+
+Pick from `choices[]`. The list is already scoped to the workspaces
+chosen in turn 1.
+
+### 4. Turn 3 — answer packs, possibly confirm auto-added
+
+```bash
+agent-config-installer init --agent --dry-run --answer q1.workspaces=engineering --answer q2.packs=engineering-base,php
+```
+
+Two terminal cases:
+
+- **`done`** — selection complete, no auto-added packs:
+
+  ```json
+  {"status":"done","summary":{"files_written":83,"lockfile_sha256":"…"}}
+  ```
+
+- **`question` (`q3.confirm`)** — `requires_hint` pulled extra packs
+  in. Re-issue with `--answer q3.confirm=yes` to proceed, or
+  `--answer q3.confirm=no` to abort with `aborted_by_agent`.
+
+### 5. Drop `--dry-run` for the real install
+
+Once the agent has confirmed the plan, repeat the final turn
+without `--dry-run`. Files materialize atomically; the lockfile
+lands at `agents/agent-config.lock.yml`. <!-- ref-ignore -->
+
+## Failure modes
+
+- **Exit 2 + `status:"error"`** — `answer_malformed`,
+  `out_of_order`, `unknown_workspace`, `unknown_pack`, or
+  `aborted_by_agent`. Read `reason` and `expected_question_id`,
+  fix the next call, re-issue.
+- **Manifest not found** — pass `--manifest <path>` pointing at
+  `dist/discovery/discovery-manifest.json`.
+- **`protocol_version` mismatch** — abort; do not attempt
+  recovery. Upgrade the agent or pin an older installer.
+
+## Rules
+
+- **One JSON envelope per turn** — never batch.
+- **Re-issue from scratch on doubt** — the installer is stateless;
+  carrying all prior answers in `--answer` flags is the contract.
+- **Do NOT commit `agent-config.lock.yml` blind** — review the
+  lockfile diff before committing per `commit-policy`.

package/.agent-src/commands/video/from-script.md

@@ -31,7 +31,7 @@ install:
 
 Drives a Markdown script through the full pipeline. Provider flags
 override the `<default-image-provider>` / `<default-video-provider>`
-from [`agents/.ai-video.xml`](../../../agents/.ai-video.xml.example);
+from [`agents/.ai-video.xml`](../../../agents/templates/.ai-video.xml.example);
 absent flags fall back to the XML defaults.
 
 **Block-on-ambiguity:** a missing scene heading, an unparseable

package/.agent-src/commands/video.md

@@ -27,7 +27,7 @@ install:
 
 Top-level orchestrator for the `/video:*` family — multi-provider AI
 video creation. Reads provider keys + defaults from
-[`agents/.ai-video.xml`](../agents/.ai-video.xml.example) (gitignored
+[`agents/.ai-video.xml`](../agents/templates/.ai-video.xml.example) (gitignored
 real file; example shipped). Every subcommand is **dry-run by default**;
 network calls require explicit per-turn confirmation per the adapter
 contract under [`scripts/ai-video/lib/adapter-contract.md`](../scripts/ai-video/lib/adapter-contract.md).

package/.agent-src/contexts/execution/cheap-question-mechanics.md

@@ -0,0 +1,81 @@
+# Cheap Question Mechanics
+
+Catalog material for [`no-cheap-questions`](../../rules/no-cheap-questions.md) — Iron Laws 3, 4, 5, 6 and the cheap-class catalog. The rule states the laws; this context carries the prose.
+
+## Cheap classes — full catalog
+
+Sequencing · format-only · commit / CI / test asks · fenced re-ask · Iron-Law option · context-derived · dominant option · re-ask after decline · paternalistic (IL 3) · continuation under mandate (IL 4) · prereq-for-authorized-action (IL 5) · destination-already-stated (IL 6). Extended examples: [`asking-and-brevity-examples`](../../../docs/guidelines/agent-infra/asking-and-brevity-examples.md#cheap-question-class-catalog--extended-examples).
+
+## Iron Law 3 — No Paternalistic State-Assuming Options
+
+```
+NEVER FABRICATE USER STATE TO JUSTIFY AN OPTION.
+"TAKE A BREAK", "SLEEP ON IT", "COME BACK FRESH" — FORBIDDEN.
+THE USER DECIDES WHEN TO STOP.
+```
+
+## Iron Law 4 — halt conditions under autonomous mandate
+
+### Mandate triggers
+
+A standing autonomous mandate is active when any of these fire:
+
+- `/roadmap:process-full` invocation.
+- `/roadmap:process-phase` invocation.
+- Explicit "entscheide selbst / decide and don't ask" in the current or a recent un-revoked turn.
+
+### Halt conditions
+
+The only halts named in the invoking command:
+
+- **Hard Floor trigger** — bulk deletion, infra change, prod-trunk merge.
+- **Council-off + ambiguity** — host can't resolve without input.
+- **Security-sensitive** — auth, secrets, tenancy, public endpoints (`security-sensitive-stop`).
+- **Scope out of roadmap** — work crosses the roadmap's stated bounds.
+- **Test / quality RED** — failure that cannot be auto-fixed.
+
+A clean edit-batch is not a halt condition — pick the next item.
+
+## Iron Law 5 — prereq examples (silent execution, never a question)
+
+When the user authorizes a top-level action ("commit", "push", "open PR", "run tests", "deploy"), the following prereq work is execution, not a decision point — never raise a numbered-options block about it:
+
+- compression / hash-sync before commit
+- code formatting / linter auto-fix before commit
+- type-check / quality-tool repairs to clear CI gates
+- test repair when the user said "commit and the tests pass"
+- symlink / index regeneration after edits
+- manifest / discovery refresh
+- branch-base inventory when user named the destination
+- pre-push hook fix when it blocks an authorized push and the fix is obvious (gate-script update, stale pattern removal)
+
+### Halt conditions during prereq execution
+
+Stop and surface only on:
+
+- **Hard Floor trigger** — bulk deletion, infra change, prod-trunk merge.
+- **Test / quality RED** that cannot be auto-fixed → surface + ask.
+- **Genuine ambiguity in WHAT to do** (not HOW to do it).
+
+Everything else stays silent execution.
+
+## Iron Law 6 — destination triggers (never re-ask)
+
+The user has already named the destination — branch-base inventory does not fire:
+
+- "commit in this PR" / "commit auf diesem branch"
+- "commit in PR #218" / explicit PR number
+- "push to `<branch>`"
+- **Implicit**: user is currently ON the branch and says "commit" without a qualifier → the current branch IS the destination.
+
+No "which branch?", no "should I open a new PR?", no branch-base inventory. `scope-control`'s branch inventory applies only when the destination is **unstated**.
+
+## When asking IS allowed
+
+Real architectural / scope trade-off · vague-request trigger ([`ask-when-uncertain`](../../rules/ask-when-uncertain.md)) · security-sensitive ([`security-sensitive-stop`](../../rules/security-sensitive-stop.md)) · Hard Floor ([`non-destructive-by-default`](../../rules/non-destructive-by-default.md)) · two genuinely-equivalent paths where user preference is the tiebreaker.
+
+## See also
+
+- [`no-cheap-questions`](../../rules/no-cheap-questions.md) — the rule.
+- [`commit-policy`](../../rules/commit-policy.md) — when commit IS authorized.
+- [`scope-control § git-ops`](../../rules/scope-control.md) — branch / PR permission gate (fires only when destination unstated).

package/.agent-src/rules/caveman-speak.md

@@ -33,7 +33,7 @@ Read `caveman.speak_scope` from `.agent-settings.yml`:
 - `aggressive` — caveman everywhere except Iron-Law literals.
 
 Compile-time toggle `caveman.speak`: `false` → rule omitted from
-`router.json` (zero runtime cost). `caveman.enabled: false` forces all
+`dist/router.json` (zero runtime cost). `caveman.enabled: false` forces all
 sub-switches off regardless.
 
 ## Carve-outs — byte-for-byte preserved
@@ -86,7 +86,7 @@ Example: *"I will now check the file and see if it exists"* →
 | Key | Default | Effect |
 |---|---|---|
 | `caveman.enabled` | `true` | Master — `false` forces all sub-switches off. |
-| `caveman.speak` | `true` | Compile-time include in `router.json`. |
+| `caveman.speak` | `true` | Compile-time include in `dist/router.json`. |
 | `caveman.speak_scope` | `prose_only` | Runtime scope of caveman grammar. |
 
 Cross-rule index: [`frugality-charter § cross-references`](../contexts/contracts/frugality-charter.md#cross-references--frugality-canon-rules).

package/.agent-src/rules/context-hygiene.md

@@ -90,6 +90,42 @@ Calling the **same tool** more than **2 times in a row** with similar parameters
 `sequentialthinking` is especially prone to loops. Use at most **once** per task,
 NEVER for simple file operations, command execution, or straightforward edits.
 
+## Read-Loop Detection — the 15 / 25 rule
+
+```
+READING WITHOUT ACTING IS A LOOP.
+EVERY TURN MUST EDIT, RUN, OR ASK.
+```
+
+**Read-only turn:** only `view` / `codebase-retrieval` / `grep` /
+`git log` / `git show`. No `str-replace-editor`, `save-file`, no
+test/build/quality run, no `git commit`.
+
+**15-min warning (3 read-only turns in a row) — change approach.**
+Next turn MUST contain at least one of: an edit, a test/build/quality
+command, or an explicit user question. Self-check:
+
+1. Source expectation known? If no → read **once**, then act.
+2. Can a single failing test name the error? If yes → run it now.
+3. Regression in working code? → `git log` + `git show <sha> -- <file>`.
+4. Guessing at mock / payload shape? → read the producer **once**.
+
+**25-min abort (5 read-only turns) — STOP and ask:**
+
+```
+> ⛔ Loop: N read-only turns, ~M min. Read: <files>. Hypothesis: <X>.
+> 1. Different approach (suggestion: <Y>)
+> 2. Point me at the right spot
+> 3. Fresh chat with state dump
+```
+
+Non-bypassable. Autonomous mandate (`/work`, `/roadmap:process-*`,
+"entscheide selbst") does **not** lift the abort — it is the safety
+net that protects autonomy from becoming a token sink.
+
+Debug procedure for "I'm in a read loop fixing tests" →
+[`systematic-debugging § Debug micro-loop`](../skills/systematic-debugging/SKILL.md#debug-micro-loop--one-test-one-fix-one-re-run).
+
 ## State dump format
 
 ```

package/.agent-src/rules/engineering-safety-floor.md

@@ -0,0 +1,102 @@
+---
+type: "auto"
+tier: "2a"
+description: "Engineering output touching production, infra, security, data, or external systems — surface blast radius, name rollback path, never autonomous on Hard-Floor triggers"
+source: package
+triggers:
+  - keyword: "production"
+  - keyword: "deploy"
+  - keyword: "migration"
+  - keyword: "schema change"
+  - keyword: "DROP TABLE"
+  - keyword: "TRUNCATE"
+  - keyword: "force push"
+  - keyword: "rebase main"
+  - keyword: "rollback"
+  - keyword: "secrets rotation"
+  - keyword: "IAM"
+  - keyword: "DNS"
+  - keyword: "terraform apply"
+  - keyword: "kubectl apply"
+  - phrase: "ship to prod"
+  - phrase: "deploy to production"
+  - phrase: "merge to main"
+  - phrase: "release this"
+routes_to:
+  - "skill:launch-readiness"
+  - "skill:threat-modeling"
+workspaces:
+  - engineering
+packs:
+  - engineering-base
+lifecycle: active
+trust:
+  level: core
+  confidence: high
+  human_review_required: false
+install:
+  default: true
+  removable: false
+---
+
+# Engineering Safety Floor
+
+Domain safety floor for engineering output that crosses into production, infrastructure, security, or external systems. Restates the Hard-Floor obligations from `non-destructive-by-default` and adds engineering-specific surfacing requirements. Auto-active everywhere (lives in `core`).
+
+## Iron Law — production, infra, and bulk-destructive moves are never autonomous
+
+```
+HARD FLOOR OVERRIDES EVERYTHING.
+DEPLOY, MERGE-TO-PROD-TRUNK, PROD DATA / INFRA, BULK DESTRUCTIVE —
+EXPLICIT USER CONFIRMATION ON THIS TURN. NO STANDING AUTONOMY APPLIES.
+```
+
+This rule does not lift the Hard Floor — it surfaces the **engineering-shaped** evidence the user needs to evaluate the call.
+
+## Required structural elements for production-bound changes
+
+Before any deploy, prod-trunk merge, schema migration, or infra change, the agent surfaces:
+
+1. **Blast radius** — what breaks if this goes wrong (services, tenants, users, data).
+2. **Rollback path** — exact command / PR / step to revert; estimated time to rollback.
+3. **Pre-flight checks** — tests run, quality gates passed, dry-run output (where applicable).
+4. **Observability** — what signal will detect a regression, and where to look for it.
+5. **Named risk owner** — who is on call, who approves the change.
+
+Missing any of the five → the change is not ready to ship.
+
+## Human review escalation
+
+| Trigger | Action |
+|---|---|
+| Schema migration that drops or renames a column | Surface `HUMAN REVIEW REQUIRED`; require explicit user confirmation; route to `migration-architect`. |
+| IAM / policy / secrets rotation | Surface blast radius across all consumers before applying. |
+| Force-push to a shared branch | Refuse without explicit, this-turn permission per `git-history-discipline`. |
+| Bulk delete (≥ 5 unrelated files or whole directories) | Hard Floor — show diff, name the scope, ask. |
+| External-system change (DNS, webhook, OAuth app, payment provider) | Threat-model first per `security-sensitive-stop`. |
+
+## Forbidden moves
+
+- Deploy or merge to a production trunk without explicit this-turn permission
+- Schema migration without a stated rollback path
+- `--force` / `--no-verify` / `git reset --hard <pushed>` without explicit, named authorization
+- Disabling tests / quality gates to ship faster
+- Touching `auth`, `billing`, `tenants`, `secrets`, `uploads`, `webhooks` without threat-modeling first (per `security-sensitive-stop`)
+- Claiming a change is "done" / "shipped" without fresh verification evidence (per `verify-before-complete`)
+
+## When this rule applies
+
+Active whenever any of these are in the request, the open file, or the loaded skill set:
+- A production-touching skill or command (`launch-readiness`, `threat-modeling`, `incident-commander`, `aws-infrastructure`, `terraform`, `terragrunt`, `github-ci`)
+- Keywords: production, deploy, migration, schema change, DROP TABLE, TRUNCATE, force push, rebase main, rollback, secrets rotation, IAM, DNS, terraform apply, kubectl apply
+- Phrases: "ship to prod", "deploy to production", "merge to main", "release this"
+
+## See also
+
+- [`non-destructive-by-default`](non-destructive-by-default.md) — canonical Hard Floor
+- [`scope-control`](scope-control.md) — git-ops permission gate
+- [`security-sensitive-stop`](security-sensitive-stop.md) — threat-model before editing
+- [`verify-before-complete`](verify-before-complete.md) — fresh evidence before completion claims
+- [`commit-policy`](commit-policy.md) — when commits are allowed
+- [`launch-readiness`](../skills/launch-readiness/SKILL.md) — pre-merge checklist
+- [`threat-modeling`](../skills/threat-modeling/SKILL.md) — pre-implementation abuse-case enumeration

package/.agent-src/rules/finance-safety-floor.md

@@ -0,0 +1,114 @@
+---
+type: "auto"
+tier: "2a"
+description: "Finance-pack output (runway, valuation, DCF, scenario, unit economics, forecasting) — never issue final invest/raise call; mandatory disclosure footer; sensitivity + counter-case required"
+source: package
+triggers:
+  - keyword: "runway"
+  - keyword: "burn"
+  - keyword: "valuation"
+  - keyword: "DCF"
+  - keyword: "IRR"
+  - keyword: "MOIC"
+  - keyword: "LTV"
+  - keyword: "CAC"
+  - keyword: "payback"
+  - keyword: "sensitivity"
+  - keyword: "fundraise"
+  - keyword: "term sheet"
+  - keyword: "dilution"
+  - keyword: "NRR"
+  - keyword: "EBITDA"
+  - keyword: "free cash flow"
+  - phrase: "what's it worth"
+  - phrase: "how long do we have"
+  - phrase: "should we raise"
+  - phrase: "model the scenarios"
+routes_to:
+  - "skill:runway-cognition"
+  - "skill:dcf-modeling"
+  - "skill:scenario-modeling"
+  - "skill:unit-economics-modeling"
+  - "skill:forecasting"
+workspaces:
+  - finance
+packs:
+  - finance-basic
+  - finance-advanced
+lifecycle: active
+trust:
+  level: advisory
+  confidence: high
+  human_review_required: true
+install:
+  default: true
+  removable: false
+---
+<!-- agent-config:human-review-banner -->
+> HUMAN REVIEW REQUIRED · trust: advisory · owner: finance
+
+# Finance Safety Floor
+
+Domain safety floor for finance-pack artefacts (cash, runway, valuation, scenario, unit economics, forecasting). Auto-activates when `pack-finance-basic` or `pack-finance-advanced` is installed.
+
+## Iron Law — no final investment recommendation
+
+```
+THE AGENT NEVER ISSUES A FINAL "INVEST" / "DON'T INVEST" / "RAISE" / "DON'T RAISE" CALL.
+SURFACE THE TRADE-OFF. NAME THE RISK. THE HUMAN DECIDES.
+```
+
+Holds for every finance-pack skill (`runway-cognition`, `dcf-modeling`, `scenario-modeling`, `unit-economics-modeling`, `forecasting`, `fundraising-narrative`, `forecast-accuracy`). Finance output is decision support, never the decision.
+
+## Mandatory disclosure footer
+
+Every finance-pack deliverable (memo, valuation, forecast, runway analysis) ends with:
+
+```
+> **Not investment / tax / legal advice.** Figures are model output, not
+> assured. Sensitivity assumptions are stated above. Human review
+> required before any commit / raise / spend decision.
+```
+
+The footer is non-optional. Drop it → safety violation.
+
+## Required structural elements
+
+Each finance deliverable surfaces, in this order:
+
+1. **Assumptions block** — every input value the model uses, sourced or marked `assumption`.
+2. **Sensitivity** — at least one variable swept (±20% or ±1 σ); single-point estimates without sensitivity are forbidden for valuation and runway.
+3. **Confidence band** — `high` / `medium` / `low` per the surrounding council / skill conventions, with the reason for the band (data quality, model fit, time horizon).
+4. **Counter-case** — one sentence on what would invalidate the conclusion ("if growth halves, runway compresses to 7 months").
+
+## Human review escalation
+
+| Trigger | Action |
+|---|---|
+| Board-pack-bound figure | Surface `HUMAN REVIEW REQUIRED` banner; do not commit without explicit user confirmation. |
+| External (investor, lender, auditor) consumption | Refuse to finalize; output `DRAFT` watermark. |
+| ≥ €100k single-decision exposure | Mandatory sensitivity + counter-case + named risk owner. |
+| Tax position or accounting treatment | Refuse; route to `domain-safety-disclaimer` and explicitly defer to a CPA / Steuerberater. |
+
+## Forbidden moves
+
+- "Based on this model, you should …" without surfacing the assumption set
+- DCF or valuation output without a discount-rate sensitivity sweep
+- Runway figure as a single number (must be a shape: optimistic / base / downside)
+- Forecast accuracy claim without retro-loop reference
+- Comparing two companies / deals without naming the comparability gap
+- Suggesting capital actions (raise, cut, layoff) without naming the human-decision owner
+
+## When this rule applies
+
+Active whenever any of these are in the request, the open file, or the loaded skill set:
+- A finance-pack skill name (`runway-cognition`, `dcf-modeling`, `scenario-modeling`, `unit-economics-modeling`, `forecasting`, `fundraising-narrative`, `forecast-accuracy`)
+- Keywords: cash, runway, burn, valuation, DCF, IRR, MOIC, LTV, CAC, payback, scenario, sensitivity, fundraise, raise, term sheet, dilution, ARR, MRR, NRR, churn rate, gross margin, contribution margin, EBITDA, free cash flow
+- Phrases: "what's it worth", "how long do we have", "should we raise", "model the scenarios", "what's our LTV"
+
+## See also
+
+- `domain-safety-disclaimer` — generic advisory-content floor (core pack)
+- [`runway-cognition`](../skills/runway-cognition/SKILL.md) — operational depth on runway shape
+- `dcf-modeling` — valuation depth (pack-finance-advanced)
+- `scenario-modeling` — base / upside / downside construction (pack-finance-advanced)

package/.agent-src/rules/git-history-discipline.md

@@ -91,7 +91,7 @@ If either stop fires and resolution is not immediate → tag the state (`git tag
 
 ## Why this rule exists
 
-Interactive rebase + fixup loops generate disproportionate token cost on every iteration: re-running CI per replayed commit, resolving the same content conflict in three derived files (`.compression-hashes.json`, `router.json`, `.windsurfrules`), losing the working tree to a stash that silently re-introduces older state. A single conflict can burn the budget of an entire feature.
+Interactive rebase + fixup loops generate disproportionate token cost on every iteration: re-running CI per replayed commit, resolving the same content conflict in three derived files (`.compression-hashes.json`, `dist/router.json`, `.windsurfrules`), losing the working tree to a stash that silently re-introduces older state. A single conflict can burn the budget of an entire feature.
 
 A previous session squashed a pushed branch, the push hook failed at the token boundary, the session ended — and the next session saw local and origin pointing at different SHAs for the same logical work. A blind `git pull --rebase` cascaded into conflicts across every derived file. Recovery required forensic SHA-archaeology. The pre/post-rewrite stops make that sequence structurally impossible.
 

package/.agent-src/rules/no-cheap-questions.md

@@ -20,60 +20,62 @@ install:
 
 # No Cheap Questions
 
-A question is **cheap** when context already answers it, an option breaches an Iron Law, choices differ only in sequencing / format, or one option is dominant. Mode-independent. Autonomy never lifts the floor.
+Cheap = context answers it, option breaches an Iron Law, choices differ only in sequencing / format, or one option dominates. Mode-independent; autonomy never lifts the floor.
 
 ## The Iron Laws
 
 ```
-NEVER ASK WHAT THE STATED CONTEXT ALREADY ANSWERS.
-NEVER PRESENT AN OPTION THAT VIOLATES AN IRON LAW.
-NEVER OFFER NUMBERED CHOICES WITHOUT A REAL TRADE-OFF.
+NEVER ASK WHAT CONTEXT ANSWERS.
+NEVER OFFER AN IRON-LAW-VIOLATING OPTION.
+NEVER NUMBER CHOICES WITHOUT A REAL TRADE-OFF.
 ```
 
-## Cheap classes
-
-Sequencing · format-only · commit asks · CI / test asks · fenced re-ask · Iron-Law option · context-derived · dominant option · re-ask after decline · paternalistic (Iron Law 3) · continuation under mandate (Iron Law 4). Catalog: [`asking-and-brevity-examples`](../docs/guidelines/agent-infra/asking-and-brevity-examples.md#cheap-question-class-catalog--extended-examples).
+Cheap-class catalog + IL 3 (no paternalistic state-assuming options): [`cheap-question-mechanics § cheap classes`](../contexts/execution/cheap-question-mechanics.md#cheap-classes--full-catalog).
 
 ## Iron Law 4 — No Continuation Prompts Under Autonomous Mandate
 
 ```
-WHEN A STANDING AUTONOMOUS MANDATE IS ACTIVE — /roadmap:process-full,
-/roadmap:process-phase, EXPLICIT "ENTSCHEIDE SELBST / DECIDE AND DON'T
-ASK" — NEVER ASK "WEITER? / NEXT STEP? / SHALL I CONTINUE?".
-A CLEAN EDIT-BATCH IS NOT A HALT CONDITION. THE ONLY HALTS ARE THE
-FIVE NAMED IN THE INVOKING COMMAND (HARD-FLOOR, COUNCIL-OFF +
-AMBIGUITY, SECURITY-SENSITIVE, SCOPE-OUT-OF-ROADMAP, TEST/QUALITY RED).
+STANDING AUTONOMOUS MANDATE ACTIVE → NEVER ASK
+"WEITER? / NEXT STEP? / SHALL I CONTINUE?".
+A CLEAN EDIT-BATCH IS NOT A HALT CONDITION.
+```
+
+Mandate triggers + halt list: [`cheap-question-mechanics § Iron Law 4`](../contexts/execution/cheap-question-mechanics.md#iron-law-4--halt-conditions-under-autonomous-mandate).
+
+## Iron Law 5 — Prereq Work Is Execution, Not a Question
+
+```
+USER AUTHORIZES X ("COMMIT" / "PUSH" / "OPEN PR" / "DEPLOY")
+→ ALL PREREQ WORK IS EXECUTION. NEVER ASK, NEVER OFFER
+"DO THE PREREQ" vs "SKIP AND BREAK THE GATE".
 ```
 
-## Iron Law 3 — No Paternalistic State-Assuming Options
+Prereq catalog + halt conditions: [`cheap-question-mechanics § Iron Law 5`](../contexts/execution/cheap-question-mechanics.md#iron-law-5--prereq-examples-silent-execution-never-a-question).
+
+## Iron Law 6 — Destination Already Stated, Never Re-Ask
 
 ```
-NEVER FABRICATE USER STATE TO JUSTIFY AN OPTION.
-"TAKE A BREAK", "SLEEP ON IT", "COME BACK FRESH" — FORBIDDEN.
-THE USER DECIDES WHEN TO STOP. THE AGENT DECIDES WHAT TO BUILD NEXT.
+USER NAMED THE DESTINATION → DO NOT RE-ASK.
+NO BRANCH-BASE INVENTORY, NO "WHICH BRANCH?", NO "NEW PR?".
 ```
 
+Triggers + scope-control interaction: [`cheap-question-mechanics § Iron Law 6`](../contexts/execution/cheap-question-mechanics.md#iron-law-6--destination-triggers-never-re-ask).
+
 ## Pre-Send Self-Check — MANDATORY before every question
 
-Silent, before any numbered-options block:
+Silent, before any numbered-options block. Any "yes" → don't ask:
 
-1. Answer already in stated context?
-2. Option violates `commit-policy`, `scope-control § git-ops`, or `non-destructive-by-default`?
+1. Answer in stated context?
+2. Option violates `commit-policy` / `scope-control § git-ops` / `non-destructive-by-default`?
 3. Pure sequencing / format, no trade-off?
 4. One option obviously dominant?
 5. User fenced step (*"plan only"*, *"review first"*) → deliver + handback.
 6. User already declined? Re-ask forbidden.
-7. Option assumes user fatigue / frustration without in-message citation? Iron Law 3 — drop.
-8. Standing autonomous mandate + "weiter? / continue?" — Iron Law 4, drop; pick next item.
-
-Any "yes" → don't ask. Pick dominant path, state inline assumption, hand back. Genuine ambiguity → [`ask-when-uncertain`](ask-when-uncertain.md).
-
-## When asking IS allowed
+7. Assumes user fatigue / frustration without citation? IL 3.
+8. Mandate active + "weiter? / continue?" — IL 4, pick next item.
+9. Prereq for user-authorized action? IL 5, execute silently.
+10. Destination (branch / PR) already named? IL 6, never re-ask.
 
-- Real architectural / scope decision with non-obvious trade-offs.
-- Vague-request trigger ([`ask-when-uncertain`](ask-when-uncertain.md)).
-- Security-sensitive ([`security-sensitive-stop`](security-sensitive-stop.md)).
-- Hard Floor ([`non-destructive-by-default`](non-destructive-by-default.md)).
-- Two genuinely-equivalent paths; user preference is the tiebreaker.
+Pick dominant path, state inline assumption, hand back. Genuine ambiguity → [`ask-when-uncertain`](ask-when-uncertain.md).
 
-In doubt → ask. This rule narrows asking, never widens silence.
+In doubt → ask. This rule narrows asking, never widens silence. When asking IS allowed: [`cheap-question-mechanics § when-asking-is-allowed`](../contexts/execution/cheap-question-mechanics.md#when-asking-is-allowed).

package/.agent-src/rules/provider-lifecycle-discipline.md

@@ -45,12 +45,12 @@ NEVER DEFAULT TO A NON-STABLE PROVIDER SILENTLY.
 SURFACE THE LIFECYCLE TIER. ASK BEFORE RUNNING.
 ```
 
-This rule routes the agent to [`docs/contracts/provider-lifecycle.md`](../docs/contracts/provider-lifecycle.md) whenever a `/video:* / /image:* / /audio:*` surface fires, an adapter under `scripts/ai-video/adapters/` is read or edited, or `agents/.ai-video.xml.example` (or the operator's `agents/.ai-video.xml`) is in play. The contract defines four tiers — `experimental | stable | deprecated | community` — and the agent's obligations per tier.
+This rule routes the agent to [`docs/contracts/provider-lifecycle.md`](../docs/contracts/provider-lifecycle.md) whenever a `/video:* / /image:* / /audio:*` surface fires, an adapter under `scripts/ai-video/adapters/` is read or edited, or `agents/templates/.ai-video.xml.example` (or the operator's `agents/.ai-video.xml`) is in play. The contract defines four tiers — `experimental | stable | deprecated | community` — and the agent's obligations per tier.
 
 ## What this rule enforces
 
 1. **Read the tier before picking.** When the agent resolves a provider (from `--provider <id>`, from `<default-video-provider>` / `<default-image-provider>`, or from a skill's default), it MUST read both:
-   - the `<lifecycle>` element under `<provider id="…">` in `agents/.ai-video.xml.example` (or the operator's `.ai-video.xml`), and
+   - the `<lifecycle>` element under `<provider id="…">` in `agents/templates/.ai-video.xml.example` (or the operator's `.ai-video.xml`), and
    - the `Lifecycle:` header comment in `scripts/ai-video/adapters/<id>.sh`.
    Mismatch between the two is a contract violation and MUST be surfaced before running.
 
@@ -66,7 +66,7 @@ This rule routes the agent to [`docs/contracts/provider-lifecycle.md`](../docs/c
 
 - Running `/video:scene` against the `<default-video-provider>` without reading the lifecycle tag first → violation.
 - Picking a `community` provider because it was named in the prompt, without surfacing the tier → violation.
-- Editing an adapter and leaving its header `Lifecycle:` comment out of sync with `agents/.ai-video.xml.example` → violation (CI does not catch this; the agent must).
+- Editing an adapter and leaving its header `Lifecycle:` comment out of sync with `agents/templates/.ai-video.xml.example` → violation (CI does not catch this; the agent must).
 - Auto-promoting an adapter from `experimental` to `stable` because "dry-run worked" → violation. Promotion requires a maintainer-captured real-API smoke trace under `agents/reference/ai-video/smoke-traces/`.
 
 ## Day-one state
@@ -77,7 +77,7 @@ All five shipped adapters (`openai-images`, `gemini-veo`, `kling`, `higgsfield`,
 
 A Python pre-run gate enumerating tier-by-command rules would either be too coarse (`experimental → block`, breaking day-to-day dev iteration) or too detailed (per-command tier matrix, drifting from reality on every new provider). The agent reading the tag at run time, surfacing the tier, and asking is the correct enforcement surface: the model that picked the provider is the model that surfaces the obligation, and the human is the policy decision point.
 
-The CI guarantee is structural reachability — the linter would fail if a provider was declared in `agents/.ai-video.xml.example` without a lifecycle tag (extension planned). It does not enforce the runtime obligation; the agent does.
+The CI guarantee is structural reachability — the linter would fail if a provider was declared in `agents/templates/.ai-video.xml.example` without a lifecycle tag (extension planned). It does not enforce the runtime obligation; the agent does.
 
 ## See also