@friedbotstudio/create-baseline 0.2.0 → 0.3.0

package/obj/template/.claude/skills/tdd/tests/drift_check_test.sh

@@ -0,0 +1,190 @@
+#!/usr/bin/env bash
+# Fixture-based integration tests for the drift_check.py helper.
+# Covers AC-002, AC-003, AC-004, AC-011 (and OQ-4) from
+# docs/specs/workflow-loop-closing-hygiene.md.
+#
+# Contract under test (drift_check.py):
+#   python3 .claude/skills/tdd/drift_check.py --slug <slug> \
+#           [--project-root <path>] [--diff <path>]
+# Reads docs/specs/<slug>.md, scores every numbered AC + ## Design calls row
+# against either git diff or the --diff override, writes a markdown report at
+# .claude/state/drift/<slug>.md inside the project-root. Exits:
+#   0 — zero unresolved
+#   1 — >=1 unresolved
+#   2 — tool error (missing args, IO, etc.)
+# Special case: missing spec at the named slug exits 0 with "no spec; skipped"
+# on stdout and writes no report (chore-track support per AC-011).
+
+set -uo pipefail
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$HERE/../../../.." && pwd)"
+DRIFT="$REPO_ROOT/.claude/skills/tdd/drift_check.py"
+
+PASS=0; FAIL=0; FAILED=()
+
+fail() { echo "  FAIL: $*"; return 1; }
+
+assert_file_contains() {
+  local path="$1" needle="$2" msg="$3"
+  if grep -qF "$needle" "$path" 2>/dev/null; then return 0; fi
+  fail "$msg :: file $path missing: $needle"
+}
+
+assert_contains() {
+  local haystack="$1" needle="$2" msg="$3"
+  case "$haystack" in
+    *"$needle"*) return 0 ;;
+    *) fail "$msg :: expected to contain: $needle" ;;
+  esac
+}
+
+# Run drift_check.py against a synthetic project-root, setting $OUT (combined
+# stdout+stderr) and $EXIT in the caller's scope. Called without command
+# substitution so the assignments survive into the test function.
+run_drift() {
+  local root="$1" slug="$2" diff_path="${3:-}"
+  if [ ! -f "$DRIFT" ]; then
+    OUT='{"error":"drift_check.py missing"}'
+    EXIT=127
+    return
+  fi
+  local args=( --slug "$slug" --project-root "$root" )
+  [ -n "$diff_path" ] && args+=( --diff "$diff_path" )
+  OUT="$(python3 "$DRIFT" "${args[@]}" 2>&1)"
+  EXIT=$?
+}
+
+# Build a minimal synthetic project-root with docs/specs/<slug>.md present.
+# $1 = root, $2 = slug, $3 = AC list (newline-sep `AC-NNN`), $4 = design-calls body
+seed_project() {
+  local root="$1" slug="$2" acs="$3" dc="$4"
+  mkdir -p "$root/docs/specs" "$root/.claude/state"
+  {
+    printf '# Spec — %s\n\n' "$slug"
+    printf '## Goal\n\nMinimal synthetic spec for drift_check tests.\n\n'
+    printf '## Design\n\nN/A\n\n'
+    printf '## Design calls\n\n%s\n\n' "$dc"
+    printf '## Acceptance criteria\n\n| ID | Criterion | Upstream | Sequence |\n|---|---|---|---|\n'
+    while IFS= read -r ac; do
+      [ -z "$ac" ] && continue
+      printf '| %s | given X, when Y, then Z | upstream | §Behavior #1 |\n' "$ac"
+    done <<< "$acs"
+    printf '\n## Test plan\n\nN/A\n'
+  } > "$root/docs/specs/$slug.md"
+}
+
+# Synthesize a diff file. $1 = path, $2 = lines (literal text).
+seed_diff() {
+  printf '%s' "$2" > "$1"
+}
+
+today() { date -u +%Y-%m-%d; }
+
+run() {
+  local name="$1"
+  echo "RUN  $name"
+  if "$name"; then
+    PASS=$((PASS+1)); echo "PASS $name"
+  else
+    FAIL=$((FAIL+1)); FAILED+=("$name"); echo "FAIL $name"
+  fi
+}
+
+# --- AC-002, AC-004 -----------------------------------------------------------
+
+test_when_drift_check_on_spec_with_all_resolved_then_exit_0() {
+  local root; root="$(mktemp -d)"; trap "rm -rf $root" RETURN
+  seed_project "$root" "wf-all-resolved" "AC-001
+AC-002" "*(none)*"
+  # Diff carrying test names that reference AC-001 and AC-002 substrings.
+  local diff_path="$root/diff.txt"
+  seed_diff "$diff_path" "+def test_when_AC-001_satisfied_then_x_works(): pass
++def test_when_AC-002_satisfied_then_y_works(): pass
+"
+  OUT=""; EXIT=0
+  run_drift "$root" "wf-all-resolved" "$diff_path"
+  if [ "$EXIT" -ne 0 ]; then
+    fail "AC-002 expected exit 0 (all resolved), got $EXIT; stdout: $OUT"
+    return 1
+  fi
+  local report="$root/.claude/state/drift/wf-all-resolved.md"
+  [ -f "$report" ] || { fail "AC-002 report not written at $report"; return 1; }
+  assert_file_contains "$report" "AC-001" "AC-002 report missing AC-001" || return 1
+  assert_file_contains "$report" "AC-002" "AC-002 report missing AC-002" || return 1
+  assert_file_contains "$report" "resolved" "AC-002 report missing resolved verdict" || return 1
+}
+
+# --- AC-003 -------------------------------------------------------------------
+
+test_when_drift_check_finds_unresolved_then_exit_1() {
+  local root; root="$(mktemp -d)"; trap "rm -rf $root" RETURN
+  seed_project "$root" "wf-unresolved" "AC-99" "*(none)*"
+  local diff_path="$root/diff.txt"
+  # Diff has no reference to AC-99 anywhere.
+  seed_diff "$diff_path" "+def test_when_unrelated_then_ok(): pass
+"
+  OUT=""; EXIT=0
+  run_drift "$root" "wf-unresolved" "$diff_path"
+  if [ "$EXIT" -ne 1 ]; then
+    fail "AC-003 expected exit 1 (>=1 unresolved), got $EXIT; stdout: $OUT"
+    return 1
+  fi
+  local report="$root/.claude/state/drift/wf-unresolved.md"
+  [ -f "$report" ] || { fail "AC-003 report not written at $report"; return 1; }
+  assert_file_contains "$report" "AC-99" "AC-003 report missing AC-99" || return 1
+  assert_file_contains "$report" "unresolved" "AC-003 report missing unresolved verdict" || return 1
+}
+
+# --- AC-002 boundary, AC-011 --------------------------------------------------
+
+test_when_drift_check_no_spec_then_exit_0_skipped() {
+  local root; root="$(mktemp -d)"; trap "rm -rf $root" RETURN
+  # No spec file is created at docs/specs/<slug>.md.
+  mkdir -p "$root/docs/specs" "$root/.claude/state"
+  OUT=""; EXIT=0
+  run_drift "$root" "nonexistent-slug"
+  if [ "$EXIT" -ne 0 ]; then
+    fail "AC-011 expected exit 0 (no spec → skip), got $EXIT; stdout: $OUT"
+    return 1
+  fi
+  assert_contains "$OUT" "no spec; skipped" "AC-011 expected 'no spec; skipped' on stdout (got: $OUT)" || return 1
+  local report="$root/.claude/state/drift/nonexistent-slug.md"
+  if [ -f "$report" ]; then
+    fail "AC-011 expected no report file when spec absent (found at $report)"
+    return 1
+  fi
+}
+
+# --- AC-002, OQ-4 -------------------------------------------------------------
+
+test_when_drift_check_with_none_design_calls_then_section_renders_skipped() {
+  local root; root="$(mktemp -d)"; trap "rm -rf $root" RETURN
+  seed_project "$root" "wf-none-dc" "AC-001" "*(none)*"
+  local diff_path="$root/diff.txt"
+  seed_diff "$diff_path" "+def test_when_AC-001_then_ok(): pass
+"
+  OUT=""; EXIT=0
+  run_drift "$root" "wf-none-dc" "$diff_path"
+  if [ "$EXIT" -ne 0 ]; then
+    fail "OQ-4 expected exit 0 (none design calls, AC resolved), got $EXIT; stdout: $OUT"
+    return 1
+  fi
+  local report="$root/.claude/state/drift/wf-none-dc.md"
+  assert_file_contains "$report" "no design calls" "OQ-4 expected 'no design calls — skipped' notice in report" || return 1
+}
+
+# --- runner -------------------------------------------------------------------
+
+run test_when_drift_check_on_spec_with_all_resolved_then_exit_0
+run test_when_drift_check_finds_unresolved_then_exit_1
+run test_when_drift_check_no_spec_then_exit_0_skipped
+run test_when_drift_check_with_none_design_calls_then_section_renders_skipped
+
+echo "----"
+echo "Passed: $PASS  Failed: $FAIL"
+if [ "$FAIL" -gt 0 ]; then
+  echo "Failed tests:"
+  for t in "${FAILED[@]}"; do echo "  - $t"; done
+fi
+exit $((FAIL > 0))

package/obj/template/.claude/skills/tdd/tests/run.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# Aggregate test runner for .claude/skills/tdd/.
+# Invokes each sibling *_test.sh and exits non-zero if any fail.
+
+set -uo pipefail
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+FAIL=0
+
+for t in "$HERE"/*_test.sh; do
+  [ -f "$t" ] || continue
+  echo "=== $(basename "$t") ==="
+  bash "$t" || FAIL=$((FAIL+1))
+done
+
+if [ "$FAIL" -gt 0 ]; then
+  echo "tdd/tests: $FAIL suite(s) failed"
+  exit 1
+fi
+echo "tdd/tests: all suites passed"
+exit 0

package/obj/template/.claude/skills/technical-tutorials/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) jonathimer (https://github.com/jonathimer/devmarketing-skills)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/obj/template/.claude/skills/technical-tutorials/NOTICE

@@ -0,0 +1,23 @@
+technical-tutorials
+===================
+
+This skill is vendored from the `technical-tutorials` skill in the
+`devmarketing-skills` collection published by jonathimer and is redistributed
+here under the terms of the MIT License (see LICENSE in this directory).
+
+Upstream:
+  Repository: https://github.com/jonathimer/devmarketing-skills
+  Author:     jonathimer
+  Skill:      technical-tutorials/
+
+Vendored into:  .claude/skills/technical-tutorials/
+Vendored on:    2026-05-15 (this commit) — prior install date unknown; LICENSE
+                + NOTICE added retroactively as part of the licensing-attribution
+                drift fix in the branch-aware-git-policy workflow.
+
+Local changes:
+  - 2026-04-28: consolidated the upstream `developer-audience-context`
+    standalone skill into this skill's `references/audience-context.md`,
+    per the SKILL.md note in the body. No other behavior changes.
+  - Frontmatter `owner: baseline` added so the audit-baseline drift check
+    tracks this file as a shipped baseline artifact.

package/obj/template/.claude/skills/technical-tutorials/SKILL.md

@@ -561,7 +561,7 @@ Before publishing, verify:
 
 ## Related Skills
 
-These four are upstream companion skills (from the `claude-code-setup` plugin family) and **do not ship with this baseline**. Listed here for reference only; if you need their capabilities, ask the user inline or install the plugin separately.
+These four are upstream companion skills from the same source repo as `technical-tutorials` ([`jonathimer/devmarketing-skills`](https://github.com/jonathimer/devmarketing-skills)) and **do not ship with this baseline**. Listed here for reference only; if you need their capabilities, ask the user inline or vendor them separately following the same MIT terms.
 
 - `developer-audience-context` — Understand skill level and environment
 - `devrel-content` — General technical writing principles

package/obj/template/.claude/skills/triage/SKILL.md

@@ -23,26 +23,31 @@ Triage the user's request and set up `.claude/state/workflow.json` so downstream
    ```json
    {
      "request": "<the request>",
+     "slug": "<workflow slug>",
      "entry_phase": "<intake|spec|tdd|chore>",
      "exceptions": ["<phase>", ...],
      "completed": [],
+     "source_backlog_keys": ["<backlog stable key>", ...],
      "created_at": <epoch>,
      "updated_at": <epoch>
    }
    ```
+
+   The `source_backlog_keys` field is optional. When the user's request explicitly names one or more backlog entries this workflow picks up (the common framing is a `Source:` line listing backlog keys), populate the array with those keys. `/commit` (Phase 11) reads this field and invokes `sweep.py --mode stamp-closure` after the commit lands, stamping each named entry with `status: picked-up` + `superseded-at: <today>` so the next `/memory-flush` Step 0a auto-closes them. Absent / empty array → `/commit` skips the stamp step entirely (backward-compatible for any workflow that pre-dates the field). `/triage` does NOT auto-detect backlog keys from free-form prose — the user populates the field (or names them in the triage prompt and you populate it during step 4).
 5. **Seed the workflow tasklist.** Use the `TaskCreate` tool to register one task per non-excepted phase plus each applicable consent gate. The tasks are the running checklist that `/harness` (or any direct phase invocation) reads to decide the next action; consent-gate tasks block the workflow until the user runs the corresponding command. **When `grant-commit` and `commit` are in exceptions (non-git project), do NOT seed those two tasks** — the workflow ends after `/archive`. Use these canonical templates:
 
-   **For `chore` track** (single phase + commit gate):
+   **For `chore` track** (single phase + memory-flush + commit gate):
    - `Run /chore for <slug>` — activeForm: "Running chore", metadata: `{"phase": "chore"}`
+   - `Run /memory-flush for <slug>` — activeForm: "Running memory-flush", metadata: `{"phase": "memory-flush"}`, addBlockedBy previous
    - `Wait for /grant-commit` — metadata: `{"phase": "grant-commit", "needs_user": true}`, addBlockedBy previous
    - `Run /commit for <slug>` — activeForm: "Running commit", metadata: `{"phase": "commit"}`, addBlockedBy previous
 
    **For `tdd`-entry quickfix track** (skip intake/scout/research/spec/review):
-   - `Run /tdd`, `Run /simplify`, `Run /security` (only if not in exceptions), `Run /integrate`, `Run /document`, `Run /archive`, `Wait for /grant-commit` (`needs_user`), `Run /commit` — each with `addBlockedBy` set to the previous task's id.
+   - `Run /tdd`, `Run /simplify`, `Run /security` (only if not in exceptions), `Run /integrate`, `Run /document`, `Run /archive`, `Run /memory-flush`, `Wait for /grant-commit` (`needs_user`), `Run /commit` — each with `addBlockedBy` set to the previous task's id.
 
    **For `spec`-entry track** (skip upstream): start from `Run /spec`, then `Wait for /approve-spec <path>` (`needs_user`), then continue per the full track.
 
-   **For `intake`-entry full track**: `Run /intake`, `Run /brd` (only if stakeholder-heavy), `Run /scout`, `Run /research`, `Run /spec`, `Wait for /approve-spec <path>` (`needs_user`), `Run /tdd` OR (`Run /swarm-plan`, `Wait for /approve-swarm <slug>` (`needs_user`), `Run /swarm-dispatch`), `Run /simplify`, `Run /security` (unless excepted), `Run /integrate`, `Run /document`, `Run /archive`, `Wait for /grant-commit` (`needs_user`), `Run /commit`. **On non-git projects the swarm branch SHALL NOT be seeded** — only `Run /tdd` goes in the list, regardless of expected component count. Swarm-vs-solo is a Phase-6 main-context decision (per CLAUDE.md Article V) only on git projects; non-git workflows resolve to solo at triage time because `swarm-plan`, `approve-swarm`, and `swarm-dispatch` are already in `exceptions`.
+   **For `intake`-entry full track**: `Run /intake`, `Run /brd` (only if stakeholder-heavy), `Run /scout`, `Run /research`, `Run /spec`, `Wait for /approve-spec <path>` (`needs_user`), `Run /tdd` OR (`Run /swarm-plan`, `Wait for /approve-swarm <slug>` (`needs_user`), `Run /swarm-dispatch`), `Run /simplify`, `Run /security` (unless excepted), `Run /integrate`, `Run /document`, `Run /archive`, `Run /memory-flush`, `Wait for /grant-commit` (`needs_user`), `Run /commit`. **On non-git projects the swarm branch SHALL NOT be seeded** — only `Run /tdd` goes in the list, regardless of expected component count. Swarm-vs-solo is a Phase-6 main-context decision (per CLAUDE.md Article V) only on git projects; non-git workflows resolve to solo at triage time because `swarm-plan`, `approve-swarm`, and `swarm-dispatch` are already in `exceptions`.
 
    For every task: `subject` is imperative ("Run /scout for <slug>" / "Wait for /approve-spec <path>"); `description` names the phase + the slug; `metadata.phase` carries the phase name; consent-gate tasks set `metadata.needs_user: true`. Wire `addBlockedBy` so each task blocks until its predecessor completes — this surfaces the workflow's true dependency graph and prevents `/harness` from racing past a gate.
 

package/obj/template/CLAUDE.md

@@ -44,7 +44,7 @@ On every new session, before any work, you SHALL:
    You SHALL then proceed with whatever the user asks. Project-agnostic mode is **allowed** — the user is not required to run `/init-project` to use the baseline. The `setup_guard` hook surfaces a one-shot reminder on Write/Edit/MultiEdit (rate-limited to 10 minutes); it does **not** block writes. Other guards (commit, env, spec-approval, verify-pass, track, swarm-boundary) remain hard regardless of `configured` state.
 3. **If `configured: true`** — read `docs/init/seed.md` §16 if present so you know what was added. Tell the user:
    > "Configured for `<stack>`. Run `/triage \"<request>\"` to start a workflow, or `/harness` for the full pipeline."
-4. **Memory check.** The `memory_session_start` hook injects a memory index into your additional context. If it reports `K candidates pending in _pending.md` with `K > 0`, you SHALL invoke `/memory-flush` before any workflow phase work — keeps canonical memory fresh for downstream skills.
+4. **Memory check.** The `memory_session_start` hook injects a memory index into your additional context. The hook emits a **debt-mode nag** only when `_pending.md` has unflushed candidates AND no active workflow on disk (i.e., `.claude/state/workflow.json` is absent) — those candidates are debt from a prior workflow that didn't end-flush. During an active workflow, **Phase 10.6** (memory-flush, between archive and grant-commit) handles flushing automatically; the session-start nag stays silent. You SHALL run `/memory-flush` when the debt-mode nag fires, before starting new work.
 5. **Git-repo check.** Run `git rev-parse --is-inside-work-tree 2>/dev/null` at the project root. If non-zero (not a git repo), surface this once per session and tell the user that gate C and the `commit` phase will be auto-excepted; the workflow ends after `/archive`. This is a sanctioned operating mode — Article IV phase 11 and Article VII are git-conditional.
 6. Once per session is sufficient. You SHALL NOT repeat the greeting on every prompt.
 
@@ -68,6 +68,7 @@ The 11-phase workflow is the only sanctioned path from request to commit. Phase
 | 9 | Integrate | `/integrate` | binding verify verdict |
 | 10 | Document | `/document` | docs |
 | 10.5 | Archive | `/archive` | bundle at `docs/archive/<date>/<slug>/` |
+| 10.6 | Memory flush | `/memory-flush` | curated canonical memory + reset `_pending.md` |
 | 11 | **Grant commit** (gate C) + commit | user runs **`/grant-commit`**, then `/commit` (skill) | commit |
 
 **Mandatory rules:**
@@ -77,7 +78,7 @@ The 11-phase workflow is the only sanctioned path from request to commit. Phase
 - The only mechanism to bypass a phase is the `exceptions` array in `.claude/state/workflow.json`, written by `/triage`.
 - **Phase 6c and Phase 11 are git-conditional.** On a project where `git rev-parse --is-inside-work-tree` exits non-zero (no `.git/`, not inside a work tree), `/triage` SHALL auto-add `swarm-plan`, `approve-swarm`, `swarm-dispatch`, `grant-commit`, and `commit` to `exceptions`. Phase 6 routes to solo `/tdd` unconditionally; the workflow ends after `/archive`. Worktree isolation (the swarm contract's physical safety mechanism) requires git; `swarm.isolation: "shared"` is a sanctioned configuration knob for git projects that opt out of worktrees but does NOT restore the cross-task write isolation the swarm-worker assumes — it is unsafe as a non-git fallback, especially when `swarm.exempt_path_prefixes` covers baseline-internal paths (e.g. `.claude/`). Persistence outside git is the user's responsibility. See Article VII for the matching rule on git operations.
 - The three consent gates (A, B, C) are **commands**, not skills. They are structurally un-invokable by Claude. You SHALL NOT self-approve.
-- **How the gates are structurally enforced.** Each consent command (`/approve-spec`, `/approve-swarm`, `/grant-commit`) is a slash command typed by the user. The `consent_gate_grant` UserPromptSubmit hook (Art. VIII) parses the user's prompt **before Claude is invoked** and writes a short-lived consent marker at `.claude/state/.<gate>_grant`. The corresponding PreToolUse approval guard (`spec_approval_guard`, `swarm_approval_guard`, `git_commit_guard`) then allows Claude's slash-command-body write of the approval token only when the marker is present, fresh (≤ `consent.gate_marker_ttl_seconds`, default 120), and slug-matched; the marker is single-use and deleted on the allowed write. Slug derivation is centralized in `lib/common.sh → canonical_slug` (strip directory prefix + trailing `.md`) so the marker and the expected slug always agree, whether the user typed a bare slug, a filename, or a full path. The same guards block Claude from writing the marker file itself via Write/Edit/MultiEdit. Claude cannot reach the UserPromptSubmit code path, so it cannot forge consent.
+- **How the gates are structurally enforced.** Each consent command (`/approve-spec`, `/approve-swarm`, `/grant-commit`, `/grant-push`) is a slash command typed by the user. The `consent_gate_grant` UserPromptSubmit hook (Art. VIII) parses the user's prompt **before Claude is invoked** and writes a short-lived consent marker at `.claude/state/.<gate>_grant`. The corresponding PreToolUse approval guard (`spec_approval_guard`, `swarm_approval_guard`, `git_commit_guard`) then allows Claude's slash-command-body write of the approval token only when the marker is present, fresh (≤ `consent.gate_marker_ttl_seconds`, default 120), and slug-matched; the marker is single-use and deleted on the allowed write. `/grant-push` is **not** a workflow-phase gate — it is a Bash-time consent for push to a protected branch (see Article VII). Slug derivation is centralized in `lib/common.sh → canonical_slug` (strip directory prefix + trailing `.md`) so the marker and the expected slug always agree, whether the user typed a bare slug, a filename, or a full path. The same guards block Claude from writing the marker file itself via Write/Edit/MultiEdit. Claude cannot reach the UserPromptSubmit code path, so it cannot forge consent.
 - **Out-of-band**: `/rca` produces an incident postmortem at `docs/rca/<slug>.md`. It is not a workflow phase and often precedes a bugfix intake.
 
 **Entry points** (`/triage` writes `workflow.json` with `entry_phase` and `exceptions`):
@@ -105,7 +106,7 @@ When `/harness` is invoked, you SHALL:
 
 **The safety net.** The `harness_continuation` Stop hook (Article VIII) re-fires `Skill(harness)` only when the loop exited mid-flow — i.e., on-disk state is `{state: "continue"}` with the marker present, and `stop_hook_active` is absent on the Stop payload. In normal operation (loop runs to gate/failure/done), the hook sees `state != continue` or marker absent and stays silent. The hook is a defense-in-depth signal, not the primary driver: a healthy `Skill(harness)` invocation never depends on it. The hook is also bounded to one block per turn by Claude Code's `stop_hook_active` semantics, so it cannot itself drive multi-phase chaining.
 
-**Resume after yield.** The user runs the consent command (which writes the gate marker via `consent_gate_grant`), then `/harness` again. The next invocation re-enters preflight, finds the gate token on disk, marks the gate task `completed`, and re-enters the loop.
+**Resume after yield (auto).** After yielding at a consent gate, the harness skill writes `state: yielded` and removes `.harness_active`. The user runs the consent slash command in their next prompt; `consent_gate_grant` writes the gate marker (outside Claude's tool boundary), the command body writes the consent token, and the `harness_continuation` Stop hook detects fresh consent (rung 4: `workflow.json` present + `state=yielded` + a consent-token mtime newer than `harness_state`). The hook emits `{decision:"block"}`, and `Skill(harness)` is re-invoked in the same turn. The next invocation re-enters preflight, finds the gate token on disk, marks the gate task `completed`, and re-enters the loop. The user does not type `/harness` to resume.
 
 **Task discipline (autonomous progression).** `/triage` seeds a `TaskCreate`-backed checklist covering every non-excepted phase plus consent-gate placeholders (the placeholders carry `metadata.needs_user: true`). Inside the loop you SHALL: (a) call `TaskList` first; if empty, re-seed from `workflow.json → completed + exceptions + entry_phase` using the canonical templates in `triage`'s SKILL.md; (b) `TaskUpdate` the next pending non-blocked task to `in_progress` before invoking its phase skill; (c) `TaskUpdate` to `completed` only after the phase skill returns success; (d) when the next pending task carries `needs_user: true`, EXIT LOOP with YIELD — never invoke a skill for that task. The TaskList is session-bound; `workflow.json → completed` is the durable truth, and re-seeding always reconciles to it.
 
@@ -157,21 +158,25 @@ The following bind every code change.
 
 **Applicability.** Article VII applies only when the project is a git repository (`git rev-parse --is-inside-work-tree` exits 0 at the project root). On a non-git project, this Article is vacuously satisfied: you SHALL NOT attempt any git operation, gate C and the `commit` phase are auto-excepted at triage time (Art. IV), and the workflow ends after `/archive`. The rules below bind only inside the git-repository case.
 
-You SHALL run `git add <named paths>` and `git commit` only when **both** hold:
+**Branch-aware consent policy.** Consent enforcement for `git commit` and `git push` is driven by two `project.json` knobs:
 
-1. The user has explicitly asked for a commit in their current request; **and**
-2. A fresh `commit_consent` token exists at `.claude/state/commit_consent` (5-minute TTL, written by `/grant-commit`).
+- `git.protected_branches` — glob list. `null` (default) means every branch is protected. Set e.g. `["main", "release/*"]` to limit consent enforcement to those branches.
+- `git.branch_pattern` — regex. `null` (default) means no naming check. Set e.g. `"^(feat|fix|chore|docs)/[a-z0-9-]+$"` to require conformant branch names on commit.
 
-`git_commit_guard` (Art. VIII) enforces both conditions.
+On a **protected branch**, commits require a fresh `commit_consent` token (written by `/grant-commit`, 5-min TTL) and pushes require a fresh `push_consent` token (written by `/grant-push`, 5-min TTL) — both gated by the user having explicitly asked for the operation in their current request. On a non-protected branch, commits and pushes proceed without consent. `git_commit_guard` (Art. VIII) is the enforcer.
 
-You SHALL NEVER, unless the user names the exact operation in their current request:
+**Detached HEAD.** When the current branch resolves to the literal string `HEAD` (detached state), the guard denies both commit and push with an explicit message. Check out a named branch before attempting either — branch-aware policy needs a named branch to evaluate `git.protected_branches` and `git.branch_pattern`.
 
-- `git push`, `git push --force`, `--force-with-lease`
-- `git commit --amend` — always create a new commit
-- `--no-verify`, `--no-gpg-sign`, or any flag that skips hooks/signing
-- `git reset --hard`, `git clean -f`, `git checkout --`, `git branch -D`
-- `git config`, `git rebase -i`, `git add -i`
-- `git add -A`, `git add .` — name the paths
+**Hard-blocks regardless of consent, branch, or user request.** These operations rewrite history, skip safety, or sweep paths; `git_commit_guard`'s `FORBIDDEN_RE` blocks them flat-out:
+
+- `git commit --amend` — always create a new commit.
+- `--no-verify`, `--no-gpg-sign`, or any flag that skips hooks/signing.
+- `git reset --hard`, `git clean -f`, `git checkout --`, `git branch -D`.
+- `git config` changes.
+- `git rebase -i`, `git add -i` (interactive).
+- `git add -A`, `git add .` — name the paths.
+
+`git push` is no longer in this set — it is governed by the branch-aware policy above. `git push --force` and `--force-with-lease` are still forbidden unless the user names the exact operation in their current request, AND additionally subject to the branch-aware policy (force-push to a protected branch requires fresh `push_consent` plus the user-named carve-out).
 
 ## Article VIII — Hooks (the enforcement layer)
 
@@ -181,7 +186,7 @@ The 22 hooks in `.claude/hooks/` are the structural enforcement of this constitu
 |---|---|---|---|
 | `setup_guard` | PreToolUse / Edit\|Write\|MultiEdit | Art. III | Advisory reminder when `configured: false` (rate-limited 10 min). Does **not** block. |
 | `destructive_cmd_guard` | PreToolUse / Bash | Art. VII | Hard-block catastrophic commands; ask risky |
-| `git_commit_guard` | PreToolUse / Bash + Edit\|Write\|MultiEdit | Art. IV gate C, Art. VII | Bash: require fresh consent for `git commit`; hard-block forbidden flags. Write: gate writes to `.claude/state/commit_consent` and the `.commit_consent_grant` marker |
+| `git_commit_guard` | PreToolUse / Bash + Edit\|Write\|MultiEdit | Art. IV gate C, Art. VII | Bash: enforce branch-aware policy — `git commit` on a protected branch requires fresh `commit_consent`; `git push` on a protected branch requires fresh `push_consent`; both proceed without consent on non-protected branches; off-`branch_pattern` branches deny commits; detached HEAD denies both. Hard-block remaining forbidden flags (--amend, --no-verify, reset --hard, etc.). Write: gate writes to `.claude/state/{commit,push}_consent` and the matching `.{commit,push}_consent_grant` markers. |
 | `env_guard` | PreToolUse / Edit\|Write\|MultiEdit\|NotebookEdit | Art. VII | Block writes to `.env*` (allows `.env.example`) |
 | `spec_approval_guard` | PreToolUse / Edit\|Write\|MultiEdit | Art. IV gate A | Validate fresh `.spec_approval_grant` marker before allowing approval-token writes; block self-approval inside spec markdown; block direct writes to the marker |
 | `swarm_approval_guard` | PreToolUse / Edit\|Write\|MultiEdit | Art. IV gate B | Validate fresh `.swarm_approval_grant` marker before allowing swarm-approval writes; block direct writes to the marker |
@@ -200,13 +205,13 @@ The 22 hooks in `.claude/hooks/` are the structural enforcement of this constitu
 | `memory_stop` | Stop | Art. IX | Auto-extract memory candidates each turn-end |
 | `harness_continuation` | Stop | Art. V | Three-rung gate: (1) `stop_hook_active` absent on payload; (2) `.claude/state/.harness_active` exists (session-scoped marker created by the harness skill on `continue`, deleted on `yielded`/`done`, cleaned by `memory_session_start.sh` on session boundary); (3) `harness_state.state == "continue"`. When all three pass, emits `{"decision":"block","reason":"…invoke Skill(harness)…"}`. Sanity rail: marker-slug-vs-`workflow.json`-slug mismatch logs WARN to `harness_continuation.log` without changing the decision. Silent on any rung fail. Never writes consent markers. |
 | `memory_pre_compact` | PreCompact | Art. IX | Capture resume snapshot before context compaction |
-| `consent_gate_grant` | UserPromptSubmit | Art. IV gates A/B/C | Detect `/approve-spec`/`/approve-swarm`/`/grant-commit` in user input and write the gate-specific consent marker — runs OUTSIDE Claude's tool boundary so Claude cannot forge it |
+| `consent_gate_grant` | UserPromptSubmit | Art. IV gates A/B/C, Art. VII | Detect `/approve-spec`/`/approve-swarm`/`/grant-commit`/`/grant-push` in user input and write the gate-specific consent marker — runs OUTSIDE Claude's tool boundary so Claude cannot forge it |
 
 ## Article IX — Project memory
 
 The memory system at `.claude/memory/` accumulates project facts across sessions. You SHALL:
 
-1. Treat the six canonical files (`landmarks.md`, `libraries.md`, `decisions.md`, `landmines.md`, `conventions.md`, `pending-questions.md`) as long-term project memory. Each entry has a stable key per the schema in `.claude/memory/README.md`.
+1. Treat the seven canonical files (`landmarks.md`, `libraries.md`, `decisions.md`, `landmines.md`, `conventions.md`, `pending-questions.md`, `backlog.md`) as long-term project memory. Each entry has a stable key per the schema in `.claude/memory/README.md`.
 2. **Re-verify before citing.** Every skill that cites a memory entry SHALL re-verify it (file exists, symbol still at named line, library version still pinned). Failed verification → you SHALL correct or delete the entry in the same run before proceeding.
 3. Treat `_pending.md` as the auto-extraction inbox (written by `memory_stop`). Promote candidates to canonical files only via `/memory-flush`. You SHALL NOT write directly into canonical memory files outside the natural byproduct of phase skills.
 4. Treat `_resume.md` as the cross-session continuity snapshot (refreshed every turn-end and before compaction). It is **session memory**, not project memory.
@@ -257,7 +262,7 @@ Every UI design task that originates inside a workflow phase SHALL route through
 | A spec whose `write_set` intersects `project.json → tdd.ui_globs` SHALL declare a populated `## Design calls` section, one row per design surface. | `spec_design_calls_guard` (Art. VIII) at the Write boundary; `/spec-lint` at preflight. |
 | `/tdd` Step 6 SHALL invoke `Skill(design-ui, task_brief)` once per `## Design calls` row before Step 7 (verify). | `tdd` skill SOP. |
 | `design-ui` SHALL NOT write product code. Its only writes are the state file at `.claude/state/design/<slug>.json`, snapshots under `docs/design/<slug>.*.md`, and memory candidates. The product-code writes happen inside `impeccable` invocations. | `design-ui` SKILL.md. |
-| `design-ui` SHALL classify incoming intents at Stage 0 (design / development / copy). A misrouted intent returns `final_state: "not_a_design_task"` with a pointer to the correct lane and writes no code. | `design-ui` Stage 0 + `references/design-vs-development.md`. |
+| `design-ui` SHALL classify incoming intents at Stage 0 (design / development / copy). A misrouted intent returns one of two terminal states: `final_state: "not_a_design_task"` (single-lane misroute) with `correct_lane`, OR `final_state: "mixed_brief"` (multi-lane misroute) with a structured `lane_split` array. Neither writes code. | `design-ui` Stage 0 + `references/design-vs-development.md`. |
 | Iteration cap: `audit → polish` loops SHALL terminate after 3 iterations with `final_state: "needs_human"` if P0 ≥ 1 or P1 > 0 persist. P0 issues block (do not loop). | `design-ui` SKILL.md + `references/orchestration.md`. |
 | Multi-step impeccable recipes SHALL ask the user before proceeding. Single-step recipes SHALL auto-execute. | `references/intent-table.md` `mode` column. |
 
@@ -267,15 +272,15 @@ The vendored `impeccable` skill stays untouched (Article IX). `design-ui` is the
 
 ## Article XI — Skill provenance and the baseline manifest
 
-Every skill at `.claude/skills/<slug>/SKILL.md` SHALL declare ownership in its YAML frontmatter as `owner: baseline` or `owner: user`. The build script `scripts/build-manifest.mjs` reads each `owner:` value and emits the canonical baseline-skill set into `obj/template/manifest.json` under `owners.skills` (a JSON object mapping slug → `"baseline"`). The CLI mirrors this manifest verbatim to `<target>/.claude/.baseline-manifest.json` on install. The audit at `.claude/skills/audit-baseline/audit.sh` consumes `manifest.owners.skills` as the canonical baseline-skill enumeration — the previous hard-coded `EXPECTED_SKILLS` set is removed.
+A skill at `.claude/skills/<slug>/SKILL.md` is **baseline-owned** iff its YAML frontmatter declares `owner: baseline`. Every other skill on disk — those without an `owner:` field, or those declaring `owner: user` — is user/third-party and out-of-scope of baseline audit checks. Absence-of-`owner` is the deliberate default so a project with pre-existing skills can install the baseline without annotating any of its own files. The build script `scripts/build-manifest.mjs` reads each `owner:` value and emits the canonical baseline-skill set into `obj/template/manifest.json` under `owners.skills` (a JSON object mapping slug → `"baseline"`). The CLI mirrors this manifest verbatim to `<target>/.claude/.baseline-manifest.json` on install. The audit at `.claude/skills/audit-baseline/audit.sh` consumes `manifest.owners.skills` as the canonical baseline-skill enumeration — the previous hard-coded `EXPECTED_SKILLS` set is removed.
 
 You SHALL:
 
-1. **Declare ownership.** Every new SKILL.md you author starts with `owner: baseline` (if it ships in the baseline) or `owner: user` (if it is project-local). The field appears in frontmatter directly after `name:`. Missing or invalid values fail the audit with `missing owner frontmatter` or `invalid owner=<value>`.
+1. **Declare baseline ownership only.** A SKILL.md that ships in the baseline SHALL declare `owner: baseline` in its frontmatter directly after `name:`. Authoring a user/third-party skill does NOT require any `owner:` annotation — absence is the default. Explicit `owner: user` is permitted but never required. The only frontmatter-related FAIL the audit emits is `invalid owner=<value>` (a present-but-malformed `owner:` field, e.g. typo). Missing-`owner:` is silently skipped.
 2. **Trust the manifest.** The shipped `obj/template/manifest.json` (mirrored to `<target>/.claude/.baseline-manifest.json` on install) is the canonical record of baseline-owned skills and their content hashes. You SHALL NOT maintain a separate hard-coded list of baseline-skill slugs anywhere in the codebase.
 3. **Re-derive on drift.** The audit re-derives sha256 hashes from `manifest.files` for every path under `.claude/skills/<slug>/` whose slug appears in `owners.skills`, and compares against on-disk content. Mismatches surface as `hash mismatch at <path>`. A baseline-listed slug missing from disk surfaces as `baseline skill missing`. These are hard FAIL — drift detection has no opt-out.
 4. **Preserve constitutional citation.** This Article XI SHALL remain in CLAUDE.md AND in `src/CLAUDE.template.md` (byte-equal mirror). The genesis §17 in `docs/init/seed.md` SHALL remain present, with `src/seed.template.md` mirroring it. The audit verifies both citations and reports `CLAUDE.md missing Article XI citation` or `seed.md missing §17 citation` on absence.
-5. **Exempt user skills from baseline checks.** User-owned skills (`owner: user`) are excluded from the baseline count, the names-match check, and the hash-drift check. Adding a local skill does not break the audit; it is the user's responsibility to maintain.
+5. **Out-of-scope skills don't break the audit.** Any skill on disk that doesn't declare `owner: baseline` is out-of-scope: excluded from the baseline count, the names-match check, and the hash-drift check. Installing the baseline into a project that already has its own skills is zero-friction — no per-file annotation required. Maintenance of those skills is the user's responsibility.
 
 Cryptographic supply-chain attestation, signed lock files, and per-skill aggregate merkle hashes are non-goals. The per-file `manifest.files` map already covers every file in every skill directory. A future `npx @friedbotstudio/create-baseline upgrade` subcommand will consume `manifest.owners.skills` + `manifest.files` to re-overlay baseline-owned files safely while leaving user-added or locally-customized files untouched — that subcommand is out of scope of this Article.
 
@@ -288,11 +293,11 @@ Cryptographic supply-chain attestation, signed lock files, and per-skill aggrega
 | `.claude/hooks/` | 22 hook scripts (17 write/run-boundary + 4 lifecycle + 1 input-boundary). Bash + python3, no jq. |
 | `.claude/agents/` | 1 baseline subagent: `swarm-worker` (rendered from `src/agents/swarm-worker.template.md`) |
 | `.claude/skills/` | 36 skills: artifact (4) + phases (10) + workers (5) + spec helpers (4) + orchestration (3) + memory (1) + shared globals (7) + audit (1) + alt tracks (1) |
-| `.claude/commands/` | 4 consent/bootstrap gates: `approve-spec`, `approve-swarm`, `grant-commit`, `init-project` |
-| `.claude/memory/` | 6 canonical knowledge files + `_pending.md` (staging) + `_resume.md` (continuity snapshot) + `README.md` |
+| `.claude/commands/` | 5 consent/bootstrap gates: `approve-spec`, `approve-swarm`, `grant-commit`, `grant-push`, `init-project` |
+| `.claude/memory/` | 7 canonical knowledge files + `_pending.md` (staging) + `_resume.md` (continuity snapshot) + `README.md` |
 | `.claude/project.json` | per-project config (test/lint cmd, TDD globs, destructive patterns, swarm config, additions). Populated by `/init-project`. |
 | `.claude/settings.json` | hook wiring + permissions |
-| `.claude/state/` | runtime: `workflow.json`, `commit_consent`, `spec_approvals/`, `swarm_approvals/`, `swarm/`, `harness/<slug>.log`, `last_test_result` |
+| `.claude/state/` | runtime: `workflow.json`, `commit_consent`, `push_consent`, `spec_approvals/`, `swarm_approvals/`, `swarm/`, `harness/<slug>.log`, `last_test_result` |
 | `.mcp.json` | three baseline MCP servers: `context7`, `plantuml`, `playwright` |
 | `src/` | pristine ship-time templates for every file `/init-project` modifies (overlay source for `npx @friedbotstudio/create-baseline`) |
 | `docs/init/seed.md` | genesis prompt — governing specification of the baseline |
@@ -317,8 +322,14 @@ Cryptographic supply-chain attestation, signed lock files, and per-skill aggrega
 **Memory (1)**:
 - `memory-flush`
 
-**Shared globals (7)** — vendored / globally available:
-- `claude-automation-recommender` (Apache 2.0, vendored), `code-structure` (mandatory on all code), `humanizer`, `documentation`, `technical-tutorials`, `copywriting`, `impeccable`
+**Shared globals (7)** — one written for this baseline, six vendored from external sources with their upstream licenses preserved in `LICENSE` + `NOTICE` alongside each skill:
+- `claude-automation-recommender` — vendored from Anthropic's `claude-code-setup` plugin, Apache 2.0.
+- `code-structure` — written for this baseline (Friedbot Studio). Mandatory on every code-generation step.
+- `humanizer` — vendored from [`blader/humanizer`](https://github.com/blader/humanizer), MIT.
+- `documentation` — vendored from Anthropic's `claude-code-setup` plugin, Apache 2.0.
+- `technical-tutorials` — vendored from [`jonathimer/devmarketing-skills`](https://github.com/jonathimer/devmarketing-skills), MIT.
+- `copywriting` — vendored from [`coreyhaines31/marketingskills`](https://github.com/coreyhaines31/marketingskills), MIT.
+- `impeccable` — vendored from [`pbakaus/impeccable`](https://github.com/pbakaus/impeccable), Apache 2.0.
 
 **Audit (1)**:
 - `audit-baseline` — drift check between this constitution + seed.md and the implementation