@friedbotstudio/create-baseline 0.3.0 → 0.4.0

package/obj/template/.claude/skills/changelog/tests/non-git-shortcircuit_test.sh

@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+# Fixture-based test for AC-003: when a project is not a git repository,
+# /triage SHALL auto-except changelog alongside commit and the swarm-* phases,
+# AND no Run /changelog task SHALL be seeded.
+#
+# Static-analysis test: reads the LIVE .claude/skills/triage/SKILL.md content
+# (which the implement worker edits) and asserts on its content. Until the
+# implement worker updates triage SKILL.md, this test fails RED.
+
+set -uo pipefail
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$HERE/../../../.." && pwd)"
+TRIAGE_SKILL="$REPO_ROOT/.claude/skills/triage/SKILL.md"
+
+PASS=0; FAIL=0; FAILED=()
+
+fail() { echo "  FAIL: $*"; return 1; }
+
+assert_file_contains() {
+  local path="$1" needle="$2" msg="$3"
+  if grep -qF "$needle" "$path" 2>/dev/null; then return 0; fi
+  fail "$msg :: file $path missing: $needle"
+}
+
+assert_file_matches() {
+  local path="$1" pattern="$2" msg="$3"
+  if grep -qE "$pattern" "$path" 2>/dev/null; then return 0; fi
+  fail "$msg :: file $path missing pattern: $pattern"
+}
+
+run() {
+  local name="$1"
+  echo "RUN  $name"
+  if "$name"; then
+    PASS=$((PASS+1)); echo "PASS $name"
+  else
+    FAIL=$((FAIL+1)); FAILED+=("$name"); echo "FAIL $name"
+  fi
+}
+
+# --- AC-003 — static-analysis on triage SKILL.md -----------------------------
+
+test_when_triage_skill_md_describes_nongit_then_changelog_in_exceptions_list() {
+  [ -f "$TRIAGE_SKILL" ] || { fail "AC-003 triage/SKILL.md missing"; return 1; }
+  # The non-git auto-except list MUST mention 'changelog' alongside the
+  # existing 'swarm-plan', 'approve-swarm', 'swarm-dispatch', 'grant-commit',
+  # 'commit' entries. The exact phrasing may vary; assert presence of the
+  # changelog token within reasonable proximity of the other tokens.
+  if ! grep -qE '"swarm-plan".*"swarm-dispatch".*"commit"' "$TRIAGE_SKILL"; then
+    fail "AC-003 baseline non-git auto-except list not found in triage SKILL.md"
+    return 1
+  fi
+  assert_file_contains "$TRIAGE_SKILL" '"changelog"' \
+    "AC-003 triage SKILL.md non-git auto-except list must include \"changelog\"" \
+    || return 1
+}
+
+test_when_triage_task_templates_include_changelog_row_between_grant_commit_and_commit() {
+  [ -f "$TRIAGE_SKILL" ] || { fail "AC-003 triage/SKILL.md missing"; return 1; }
+  # Each non-chore template (tdd-entry, spec-entry, intake-entry) AND the
+  # chore template SHOULD include a Run /changelog task row between
+  # "Wait for /grant-commit" and "Run /commit". The exact prose varies but the
+  # ordering must hold.
+  # Strategy: extract the prose between "Wait for /grant-commit" and "Run /commit"
+  # blocks and require "changelog" to appear within that slice.
+  if ! python3 - "$TRIAGE_SKILL" <<'PY'
+import re, sys
+path = sys.argv[1]
+text = open(path).read()
+# Find every occurrence of "Wait for /grant-commit" followed by content up to "Run /commit"
+matches = list(re.finditer(
+    r'Wait for /grant-commit[\s\S]*?Run /commit', text))
+if not matches:
+    sys.exit('no "Wait for /grant-commit" → "Run /commit" sequence found in triage SKILL.md')
+# Every such slice must mention "changelog".
+missing = [i for i, m in enumerate(matches) if 'changelog' not in m.group(0).lower()]
+if missing:
+    sys.exit(f'{len(missing)} task-seeding slice(s) missing changelog: indices {missing}')
+PY
+  then
+    fail "AC-003 triage SKILL.md task-seeding templates must include changelog between grant-commit and commit"
+    return 1
+  fi
+}
+
+# --- runner -------------------------------------------------------------------
+
+run test_when_triage_skill_md_describes_nongit_then_changelog_in_exceptions_list
+run test_when_triage_task_templates_include_changelog_row_between_grant_commit_and_commit
+
+echo "----"
+echo "Passed: $PASS  Failed: $FAIL"
+if [ "$FAIL" -gt 0 ]; then
+  echo "Failed tests:"
+  for t in "${FAILED[@]}"; do echo "  - $t"; done
+fi
+exit $((FAIL > 0))

package/obj/template/.claude/skills/changelog/tests/preview-only_test.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+# Fixture-based integration test for AC-012: the changelog actuator's
+# --preview-only mode prints projected next semver + draft fragment to stdout,
+# requires no commit_consent gesture, and writes no files.
+#
+# Pre-implement RED: actuator does not exist; test fails on missing file.
+
+set -uo pipefail
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$HERE/../../../.." && pwd)"
+ACTUATOR="$REPO_ROOT/.claude/skills/changelog/changelog.mjs"
+
+PASS=0; FAIL=0; FAILED=()
+
+fail() { echo "  FAIL: $*"; return 1; }
+
+# Build a tempdir project WITHOUT commit_consent (preview must work without it).
+seed_preview_project() {
+  local proj="$1"
+  mkdir -p "$proj/.claude/state"
+  cd "$proj"
+  git init -q
+  git config user.email "test@example.com"
+  git config user.name "Test"
+  git commit --allow-empty -q -m "chore: initial"
+  git tag v0.1.0
+  echo "preview" > thing.txt
+  git add thing.txt
+  git commit -q -m "feat: preview path"
+  # NO commit_consent file.
+  # NO workflow.json — preview must not require one.
+  cat > "$proj/.releaserc.json" <<'EOF'
+{
+  "branches": ["main"],
+  "plugins": [
+    ["@semantic-release/commit-analyzer", { "preset": "angular" }]
+  ]
+}
+EOF
+}
+
+run() {
+  local name="$1"
+  echo "RUN  $name"
+  if "$name"; then
+    PASS=$((PASS+1)); echo "PASS $name"
+  else
+    FAIL=$((FAIL+1)); FAILED+=("$name"); echo "FAIL $name"
+  fi
+}
+
+# --- AC-012 -------------------------------------------------------------------
+
+test_when_preview_only_flag_then_stdout_projection_no_writes() {
+  local proj; proj="$(mktemp -d)"; trap "rm -rf $proj" RETURN
+  seed_preview_project "$proj"
+  if [ ! -f "$ACTUATOR" ]; then
+    fail "AC-012 actuator not yet at $ACTUATOR — expected pre-implement RED state"
+    return 1
+  fi
+  local out
+  out="$(node "$ACTUATOR" --preview-only --slug demo --project-root "$proj" 2>/tmp/preview-stderr.$$)"
+  local ec=$?
+  if [ "$ec" -ne 0 ]; then
+    fail "AC-012 preview-only must exit 0; got $ec; stderr: $(cat /tmp/preview-stderr.$$)"
+    return 1
+  fi
+  # stdout matches Projected: <semver>.
+  if ! printf '%s' "$out" | grep -qE 'Projected:\s*[0-9]+\.[0-9]+\.[0-9]+'; then
+    fail "AC-012 stdout must contain Projected: <semver>; got: $out"
+    return 1
+  fi
+  # No state file written.
+  if [ -f "$proj/.claude/state/changelog/demo.json" ]; then
+    fail "AC-012 preview-only must NOT write state file"
+    return 1
+  fi
+  # CHANGELOG.md is either absent (we never created one) or unchanged.
+  if [ -f "$proj/CHANGELOG.md" ]; then
+    fail "AC-012 preview-only must NOT create CHANGELOG.md when absent"
+    return 1
+  fi
+}
+
+# --- runner -------------------------------------------------------------------
+
+run test_when_preview_only_flag_then_stdout_projection_no_writes
+
+echo "----"
+echo "Passed: $PASS  Failed: $FAIL"
+if [ "$FAIL" -gt 0 ]; then
+  echo "Failed tests:"
+  for t in "${FAILED[@]}"; do echo "  - $t"; done
+fi
+exit $((FAIL > 0))

package/obj/template/.claude/skills/changelog/tests/run.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# Aggregate test runner for .claude/skills/changelog/.
+# Invokes each sibling *_test.sh AND any *_test.mjs (node --test) and exits
+# non-zero if any fail.
+
+set -uo pipefail
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+FAIL=0
+
+for t in "$HERE"/*_test.sh; do
+  [ -f "$t" ] || continue
+  echo "=== $(basename "$t") ==="
+  bash "$t" || FAIL=$((FAIL+1))
+done
+
+for t in "$HERE"/*_test.mjs; do
+  [ -f "$t" ] || continue
+  echo "=== $(basename "$t") ==="
+  node --test "$t" || FAIL=$((FAIL+1))
+done
+
+if [ "$FAIL" -gt 0 ]; then
+  echo "changelog/tests: $FAIL suite(s) failed"
+  exit 1
+fi
+echo "changelog/tests: all suites passed"
+exit 0

package/obj/template/.claude/skills/changelog/unreleased-writer.mjs

@@ -0,0 +1,155 @@
+// CHANGELOG.md curation under ## [Unreleased].
+//
+// Two exports:
+//   appendUnderUnreleased(changelogPath, entries) — per-commit RMW.
+//   reinsertUnreleasedHeading(changelogPath)       — AC-013 fallback for the
+//     case where @semantic-release/changelog has prepended versioned notes
+//     above the `# Changelog` and `## [Unreleased]` headings. Restores the
+//     canonical order: `# Changelog\n\n## [Unreleased]\n\n<rest>`.
+//
+// File shape we maintain (keepachangelog 1.0.0):
+//
+//   # Changelog
+//
+//   ## [Unreleased]
+//
+//   ### Added
+//   - <entry>
+//
+//   ### Fixed
+//   - <entry>
+//
+//   ## [0.1.0] - 2026-01-01
+//
+//   ...
+
+import { readFile, writeFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+
+const UNRELEASED_HEADING = '## [Unreleased]';
+const CHANGELOG_HEADING = '# Changelog';
+
+const CATEGORY_ORDER = ['Added', 'Changed', 'Deprecated', 'Removed', 'Fixed', 'Security'];
+
+function groupBySection(entries) {
+  const map = new Map();
+  for (const entry of entries) {
+    if (!map.has(entry.section)) map.set(entry.section, []);
+    map.get(entry.section).push(entry);
+  }
+  return map;
+}
+
+function renderUnreleasedBody(entries) {
+  if (entries.length === 0) return '';
+  const grouped = groupBySection(entries);
+  const lines = [];
+  for (const section of CATEGORY_ORDER) {
+    const items = grouped.get(section);
+    if (!items || items.length === 0) continue;
+    lines.push('');
+    lines.push(`### ${section}`);
+    lines.push('');
+    for (const item of items) {
+      const prefix = item.breaking ? '**BREAKING:** ' : '';
+      lines.push(`- ${prefix}${item.body}`);
+    }
+  }
+  return lines.join('\n');
+}
+
+// Split text into { preamble, unreleasedBody, rest } where preamble is
+// everything up to and including the `## [Unreleased]` line, unreleasedBody
+// is the content between that and the next `##` heading, and rest is from
+// the next `##` heading onward.
+function splitAroundUnreleased(text) {
+  const unreleasedIdx = text.indexOf(UNRELEASED_HEADING);
+  if (unreleasedIdx < 0) return null;
+  const afterHeading = text.indexOf('\n', unreleasedIdx);
+  const headingEnd = afterHeading < 0 ? text.length : afterHeading + 1;
+  // Find the next `## ` heading after the Unreleased heading.
+  const restMatch = text.slice(headingEnd).match(/\n## [^\n]+\n/);
+  const restOffset = restMatch ? headingEnd + restMatch.index + 1 : text.length;
+  return {
+    preamble: text.slice(0, headingEnd),
+    unreleasedBody: text.slice(headingEnd, restOffset),
+    rest: text.slice(restOffset),
+  };
+}
+
+function defaultChangelogText() {
+  return `# Changelog\n\n## [Unreleased]\n\n`;
+}
+
+export async function appendUnderUnreleased(changelogPath, entries) {
+  let text;
+  if (existsSync(changelogPath)) {
+    text = await readFile(changelogPath, 'utf8');
+  } else {
+    text = defaultChangelogText();
+  }
+  if (!text.includes(CHANGELOG_HEADING)) {
+    text = `${CHANGELOG_HEADING}\n\n${text}`;
+  }
+  if (!text.includes(UNRELEASED_HEADING)) {
+    text = text.replace(
+      new RegExp(`(${CHANGELOG_HEADING}\\n)`, ''),
+      `$1\n${UNRELEASED_HEADING}\n\n`,
+    );
+  }
+  const parts = splitAroundUnreleased(text);
+  if (!parts) {
+    // Defensive: should be unreachable after the insertions above.
+    throw new Error(`could not locate ${UNRELEASED_HEADING} in ${changelogPath}`);
+  }
+  const body = renderUnreleasedBody(entries);
+  const merged = `${parts.preamble}${body}\n${parts.rest.startsWith('\n') ? parts.rest : '\n' + parts.rest}`;
+  await writeFile(changelogPath, merged, 'utf8');
+}
+
+export async function reinsertUnreleasedHeading(changelogPath) {
+  const text = await readFile(changelogPath, 'utf8');
+  // If the first `##` heading in the file is already `## [Unreleased]`, the
+  // file is structurally correct; do nothing.
+  const firstH2 = text.match(/^## .+$/m);
+  if (firstH2 && firstH2[0].includes('[Unreleased]')) {
+    return;
+  }
+  // Otherwise: find the existing Unreleased heading (which may sit deeper in
+  // the file because @semantic-release/changelog prepended notes above it)
+  // and lift it to the canonical top position.
+  const lines = text.split('\n');
+  // Identify the Unreleased section's start and the next `##` start.
+  let unreleasedStart = -1;
+  let unreleasedEnd = -1;
+  for (let i = 0; i < lines.length; i++) {
+    if (unreleasedStart < 0 && lines[i] === UNRELEASED_HEADING) {
+      unreleasedStart = i;
+      continue;
+    }
+    if (unreleasedStart >= 0 && /^## /.test(lines[i])) {
+      unreleasedEnd = i;
+      break;
+    }
+  }
+  if (unreleasedStart < 0) {
+    // No Unreleased heading anywhere; insert a fresh one at the top.
+    const top = `${CHANGELOG_HEADING}\n\n${UNRELEASED_HEADING}\n\n`;
+    await writeFile(changelogPath, top + text, 'utf8');
+    return;
+  }
+  if (unreleasedEnd < 0) unreleasedEnd = lines.length;
+  const unreleasedBlock = lines.slice(unreleasedStart, unreleasedEnd);
+  const without = lines.slice(0, unreleasedStart).concat(lines.slice(unreleasedEnd));
+  // Strip any leading blank lines from the without-block so the result starts
+  // with the `# Changelog` heading (we'll insert one if absent).
+  const withoutText = without.join('\n');
+  const head = withoutText.startsWith(CHANGELOG_HEADING)
+    ? withoutText
+    : `${CHANGELOG_HEADING}\n\n${withoutText.replace(/^\n+/, '')}`;
+  const restored = head.replace(
+    new RegExp(`^(${CHANGELOG_HEADING})\\n\\n?`),
+    `$1\n\n${unreleasedBlock.join('\n')}\n\n`,
+  );
+  await writeFile(changelogPath, restored, 'utf8');
+}

package/obj/template/.claude/skills/changelog/version-preview.mjs

@@ -0,0 +1,124 @@
+// Projected-version preview via semantic-release JS API.
+//
+// Returns { version, type, commits } where commits is the analyzer's list
+// of conventional-parsed commits between the last release tag and HEAD.
+
+import { execFileSync } from 'node:child_process';
+
+// Parse conventional-commit subject lines: type(scope)?: subject  +  breaking-suffix.
+function parseConventional(subject) {
+  const match = subject.match(/^([a-z]+)(?:\(([^)]+)\))?(!)?:\s*(.+)$/i);
+  if (!match) return { type: 'unknown', scope: null, breaking: false, subject };
+  return {
+    type: match[1].toLowerCase(),
+    scope: match[2] || null,
+    breaking: Boolean(match[3]),
+    subject: match[4],
+  };
+}
+
+// List commits between the latest tag and HEAD via plain git (no semantic-release
+// dep needed for the commit list itself; semantic-release is only used for the
+// projected version computation).
+function listCommitsSinceLastTag(cwd) {
+  let lastTag;
+  try {
+    lastTag = execFileSync('git', ['describe', '--tags', '--abbrev=0'], {
+      cwd, encoding: 'utf8',
+    }).trim();
+  } catch {
+    lastTag = null;
+  }
+  const range = lastTag ? `${lastTag}..HEAD` : 'HEAD';
+  let raw;
+  try {
+    raw = execFileSync('git', ['log', range, '--format=%H%x09%s%x09%b%x00'], {
+      cwd, encoding: 'utf8',
+    });
+  } catch {
+    return [];
+  }
+  return raw.split('\0').filter(Boolean).map((entry) => {
+    const [sha, subject, body] = entry.split('\t');
+    const parsed = parseConventional(subject || '');
+    const breakingBody = /^BREAKING CHANGE:/m.test(body || '');
+    return {
+      sha,
+      subject: parsed.subject,
+      body: (body || '').trim(),
+      type: parsed.type,
+      scope: parsed.scope,
+      breaking: parsed.breaking || breakingBody,
+    };
+  });
+}
+
+// Use semantic-release's JS API to compute the next version.
+async function semanticReleaseDryRun(cwd) {
+  const mod = await import('semantic-release');
+  const semanticRelease = mod.default || mod;
+  const noopWritable = { write: () => true, end: () => {} };
+  const result = await semanticRelease(
+    {
+      dryRun: true,
+      ci: false,
+      branches: ['main', 'master'],
+    },
+    {
+      cwd,
+      env: { ...process.env },
+      stdout: noopWritable,
+      stderr: noopWritable,
+    },
+  );
+  if (result && result.nextRelease) {
+    return { version: result.nextRelease.version, type: result.nextRelease.type };
+  }
+  return { version: null, type: null };
+}
+
+// Fallback: derive a projection locally if semantic-release rejects the run
+// (e.g., no .releaserc.json, no remote, no commits since last tag).
+function localProjection(cwd, commits) {
+  let lastTag;
+  try {
+    lastTag = execFileSync('git', ['describe', '--tags', '--abbrev=0'], {
+      cwd, encoding: 'utf8',
+    }).trim();
+  } catch {
+    lastTag = 'v0.0.0';
+  }
+  const baseSemver = lastTag.replace(/^v/, '');
+  const baseParts = baseSemver.split('.').map((s) => parseInt(s, 10) || 0);
+  let bumpType = null;
+  for (const commit of commits) {
+    if (commit.breaking) { bumpType = bumpType === 'major' ? 'major' : 'minor'; continue; }
+    if (commit.type === 'feat') { bumpType = bumpType === 'major' ? 'major' : (bumpType === 'minor' ? 'minor' : 'minor'); continue; }
+    if (commit.type === 'fix' || commit.type === 'perf' || commit.type === 'refactor') {
+      if (!bumpType) bumpType = 'patch';
+    }
+  }
+  if (!bumpType) return { version: baseSemver, type: null };
+  const [maj, min, pat] = baseParts;
+  if (bumpType === 'major') return { version: `${maj + 1}.0.0`, type: 'major' };
+  if (bumpType === 'minor') return { version: `${maj}.${min + 1}.0`, type: 'minor' };
+  return { version: `${maj}.${min}.${pat + 1}`, type: 'patch' };
+}
+
+export async function previewProjectedVersion(cwd) {
+  const commits = listCommitsSinceLastTag(cwd);
+  let projection;
+  try {
+    projection = await semanticReleaseDryRun(cwd);
+    if (!projection.version) {
+      projection = localProjection(cwd, commits);
+    }
+  } catch {
+    projection = localProjection(cwd, commits);
+  }
+  return {
+    version: projection.version || '0.0.0',
+    type: projection.type,
+    commits,
+  };
+}

package/obj/template/.claude/skills/commit/SKILL.md

@@ -5,7 +5,7 @@ description: Workflow Phase 11 — Commit Preparation and Execution. Stages and
 argument-hint: "[optional commit message; otherwise drafted from the spec/intake]"
 ---
 
-Prereq: BOTH `archive` AND `memory-flush` in `completed` (Phase 10.5 moved slug artifacts to `docs/archive/<date>/<slug>/`; Phase 10.6 curated `_pending.md` and applied canonical memory writes) AND a valid consent token at `.claude/state/commit_consent` (the Git Commit Guard hook enforces this independently). On any workflow where `memory-flush` is in `exceptions` (rare), this skill SHALL refuse to proceed unless that exception is explicit in `workflow.json`.
+Prereq: ALL of `archive` AND `memory-flush` AND `changelog` in `completed` (Phase 10.5 archives slug artifacts; Phase 10.6 curates `_pending.md`; Phase 11.5 appends keepachangelog entries under `## [Unreleased]` in `CHANGELOG.md`) AND a valid consent token at `.claude/state/commit_consent` (the Git Commit Guard hook enforces this independently). On any workflow where `memory-flush` or `changelog` is in `exceptions` (e.g. non-git projects auto-except both), this skill SHALL refuse to proceed unless those exceptions are explicit in `workflow.json`.
 
 **Applicability.** This skill applies only when the project is a git repository. Non-git projects auto-except `commit` at `/triage` time (CLAUDE.md Article IV); the workflow ends after `/archive`.
 

package/obj/template/.claude/skills/harness/SKILL.md

@@ -106,7 +106,7 @@ The phases the harness loops through, in order:
 ```
 intake → scout → research → spec → /approve-spec → tdd → simplify →
 security → integrate → document → archive → memory-flush →
-/grant-commit → commit
+/grant-commit → changelog → commit
 ```
 
 - Phases listed in `workflow.json → exceptions` are skipped.
@@ -158,6 +158,8 @@ On each `/harness` invocation, read `workflow.json` and decide whether to enter
 | `completed` contains `spec` **and** approval token present, but `tdd`/`swarm-dispatch` not in `completed` | Enter loop; decide swarm-vs-solo at first iteration; invoke the next phase |
 | `completed` contains `swarm-plan` but no `swarm_approvals/<slug>.approval` | Enter loop; loop exits with `state: yielded` (approve-swarm gate) |
 | `completed` contains `archive` but no `commit_consent` (git project) | Enter loop; loop exits with `state: yielded` (grant-commit gate) |
+| `completed` contains `grant-commit` consent (token fresh) but no `changelog` | Enter loop; invoke `Skill(changelog)` (Phase 11.5); on success continue to commit |
+| `completed` contains `changelog` but no commit yet (git project) | Enter loop; invoke `Skill(commit)` (Phase 11) |
 | Phase skill returned an error this invocation | Loop exits with phase-failure reason; user investigates |
 
 ## Constraints

package/obj/template/.claude/skills/triage/SKILL.md

@@ -17,7 +17,7 @@ Triage the user's request and set up `.claude/state/workflow.json` so downstream
 # Steps
 
 1. Restate the request back to the user in 1-2 sentences, and name the entry phase you've chosen and why.
-2. **Git-repo detection (mandatory).** Run `git rev-parse --is-inside-work-tree 2>/dev/null` at the project root. If the exit status is non-zero, the project is not a git repository: gate C / `commit` are inapplicable AND the swarm path is unavailable because worktree isolation (the swarm contract's physical safety mechanism) requires git (CLAUDE.md Article IV "Phase 6c and Phase 11 are git-conditional", Article VII). Append `"swarm-plan"`, `"approve-swarm"`, `"swarm-dispatch"`, `"grant-commit"`, and `"commit"` to the exceptions array you'll write in step 4. Tell the user: "Non-git project detected — `swarm-plan`, `approve-swarm`, `swarm-dispatch`, `grant-commit`, and `commit` auto-excepted. Phase 6 routes to solo `/tdd`. Workflow ends after `/archive`. Persistence outside git is your responsibility."
+2. **Git-repo detection (mandatory).** Run `git rev-parse --is-inside-work-tree 2>/dev/null` at the project root. If the exit status is non-zero, the project is not a git repository: gate C / `commit` are inapplicable AND the swarm path is unavailable because worktree isolation (the swarm contract's physical safety mechanism) requires git (CLAUDE.md Article IV "Phase 6c and Phase 11 are git-conditional", Article VII). Append `"swarm-plan"`, `"approve-swarm"`, `"swarm-dispatch"`, `"grant-commit"`, `"changelog"`, and `"commit"` to the exceptions array you'll write in step 4. `"changelog"` is auto-excepted alongside `"commit"` because Phase 11.5 is a pre-commit curator with no purpose outside a commit-bearing workflow. Tell the user: "Non-git project detected — `swarm-plan`, `approve-swarm`, `swarm-dispatch`, `grant-commit`, `changelog`, and `commit` auto-excepted. Phase 6 routes to solo `/tdd`. Workflow ends after `/archive`. Persistence outside git is your responsibility."
 3. If the user has not confirmed yet, ask: "Entry phase = <X>. Exceptions = <Y>. Proceed? (or tell me a different entry)"
 4. On confirmation, write `.claude/state/workflow.json`:
    ```json
@@ -36,18 +36,19 @@ Triage the user's request and set up `.claude/state/workflow.json` so downstream
    The `source_backlog_keys` field is optional. When the user's request explicitly names one or more backlog entries this workflow picks up (the common framing is a `Source:` line listing backlog keys), populate the array with those keys. `/commit` (Phase 11) reads this field and invokes `sweep.py --mode stamp-closure` after the commit lands, stamping each named entry with `status: picked-up` + `superseded-at: <today>` so the next `/memory-flush` Step 0a auto-closes them. Absent / empty array → `/commit` skips the stamp step entirely (backward-compatible for any workflow that pre-dates the field). `/triage` does NOT auto-detect backlog keys from free-form prose — the user populates the field (or names them in the triage prompt and you populate it during step 4).
 5. **Seed the workflow tasklist.** Use the `TaskCreate` tool to register one task per non-excepted phase plus each applicable consent gate. The tasks are the running checklist that `/harness` (or any direct phase invocation) reads to decide the next action; consent-gate tasks block the workflow until the user runs the corresponding command. **When `grant-commit` and `commit` are in exceptions (non-git project), do NOT seed those two tasks** — the workflow ends after `/archive`. Use these canonical templates:
 
-   **For `chore` track** (single phase + memory-flush + commit gate):
+   **For `chore` track** (single phase + memory-flush + changelog + commit gate):
    - `Run /chore for <slug>` — activeForm: "Running chore", metadata: `{"phase": "chore"}`
    - `Run /memory-flush for <slug>` — activeForm: "Running memory-flush", metadata: `{"phase": "memory-flush"}`, addBlockedBy previous
    - `Wait for /grant-commit` — metadata: `{"phase": "grant-commit", "needs_user": true}`, addBlockedBy previous
+   - `Run /changelog for <slug>` — activeForm: "Running changelog", metadata: `{"phase": "changelog"}`, addBlockedBy previous
    - `Run /commit for <slug>` — activeForm: "Running commit", metadata: `{"phase": "commit"}`, addBlockedBy previous
 
    **For `tdd`-entry quickfix track** (skip intake/scout/research/spec/review):
-   - `Run /tdd`, `Run /simplify`, `Run /security` (only if not in exceptions), `Run /integrate`, `Run /document`, `Run /archive`, `Run /memory-flush`, `Wait for /grant-commit` (`needs_user`), `Run /commit` — each with `addBlockedBy` set to the previous task's id.
+   - `Run /tdd`, `Run /simplify`, `Run /security` (only if not in exceptions), `Run /integrate`, `Run /document`, `Run /archive`, `Run /memory-flush`, `Wait for /grant-commit` (`needs_user`), `Run /changelog`, `Run /commit` — each with `addBlockedBy` set to the previous task's id.
 
-   **For `spec`-entry track** (skip upstream): start from `Run /spec`, then `Wait for /approve-spec <path>` (`needs_user`), then continue per the full track.
+   **For `spec`-entry track** (skip upstream): `Run /spec`, `Wait for /approve-spec <path>` (`needs_user`), `Run /tdd`, `Run /simplify`, `Run /security` (unless excepted), `Run /integrate`, `Run /document`, `Run /archive`, `Run /memory-flush`, `Wait for /grant-commit` (`needs_user`), `Run /changelog`, `Run /commit` — each with `addBlockedBy` set to the previous task's id.
 
-   **For `intake`-entry full track**: `Run /intake`, `Run /brd` (only if stakeholder-heavy), `Run /scout`, `Run /research`, `Run /spec`, `Wait for /approve-spec <path>` (`needs_user`), `Run /tdd` OR (`Run /swarm-plan`, `Wait for /approve-swarm <slug>` (`needs_user`), `Run /swarm-dispatch`), `Run /simplify`, `Run /security` (unless excepted), `Run /integrate`, `Run /document`, `Run /archive`, `Run /memory-flush`, `Wait for /grant-commit` (`needs_user`), `Run /commit`. **On non-git projects the swarm branch SHALL NOT be seeded** — only `Run /tdd` goes in the list, regardless of expected component count. Swarm-vs-solo is a Phase-6 main-context decision (per CLAUDE.md Article V) only on git projects; non-git workflows resolve to solo at triage time because `swarm-plan`, `approve-swarm`, and `swarm-dispatch` are already in `exceptions`.
+   **For `intake`-entry full track**: `Run /intake`, `Run /brd` (only if stakeholder-heavy), `Run /scout`, `Run /research`, `Run /spec`, `Wait for /approve-spec <path>` (`needs_user`), `Run /tdd` OR (`Run /swarm-plan`, `Wait for /approve-swarm <slug>` (`needs_user`), `Run /swarm-dispatch`), `Run /simplify`, `Run /security` (unless excepted), `Run /integrate`, `Run /document`, `Run /archive`, `Run /memory-flush`, `Wait for /grant-commit` (`needs_user`), `Run /changelog`, `Run /commit`. **On non-git projects the swarm branch SHALL NOT be seeded** — only `Run /tdd` goes in the list, regardless of expected component count. Swarm-vs-solo is a Phase-6 main-context decision (per CLAUDE.md Article V) only on git projects; non-git workflows resolve to solo at triage time because `swarm-plan`, `approve-swarm`, and `swarm-dispatch` are already in `exceptions`. On non-git projects `changelog` is also auto-excepted alongside `commit` (Phase 11.5 only has purpose with a downstream commit).
 
    For every task: `subject` is imperative ("Run /scout for <slug>" / "Wait for /approve-spec <path>"); `description` names the phase + the slug; `metadata.phase` carries the phase name; consent-gate tasks set `metadata.needs_user: true`. Wire `addBlockedBy` so each task blocks until its predecessor completes — this surfaces the workflow's true dependency graph and prevents `/harness` from racing past a gate.
 

package/obj/template/CLAUDE.md

@@ -40,7 +40,7 @@ On every new session, before any work, you SHALL:
 
 1. **Read** `.claude/project.json` and check the `configured` field.
 2. **If `configured: false`** — `/init-project` has not run. The repository is in a sanctioned operating state called **project-agnostic mode**: hooks are active but `test_runner` and `lint_runner` run in guide mode and nothing is tailored to the user's stack. You SHALL greet the user with this exact framing:
-   > "This repo has the Claude Code baseline installed (22 hooks, 1 subagent, 36 skills). It's in **project-agnostic mode** — `test_runner` and `lint_runner` are in guide mode and nothing is tailored to your stack. Run **`/init-project`** to scout the codebase, run the recommender, and generate a config. Skip it if you want baseline-only behavior, but you'll miss stack-specific tailoring."
+   > "This repo has the Claude Code baseline installed (22 hooks, 1 subagent, 37 skills). It's in **project-agnostic mode** — `test_runner` and `lint_runner` are in guide mode and nothing is tailored to your stack. Run **`/init-project`** to scout the codebase, run the recommender, and generate a config. Skip it if you want baseline-only behavior, but you'll miss stack-specific tailoring."
    You SHALL then proceed with whatever the user asks. Project-agnostic mode is **allowed** — the user is not required to run `/init-project` to use the baseline. The `setup_guard` hook surfaces a one-shot reminder on Write/Edit/MultiEdit (rate-limited to 10 minutes); it does **not** block writes. Other guards (commit, env, spec-approval, verify-pass, track, swarm-boundary) remain hard regardless of `configured` state.
 3. **If `configured: true`** — read `docs/init/seed.md` §16 if present so you know what was added. Tell the user:
    > "Configured for `<stack>`. Run `/triage \"<request>\"` to start a workflow, or `/harness` for the full pipeline."
@@ -292,7 +292,7 @@ Cryptographic supply-chain attestation, signed lock files, and per-skill aggrega
 |---|---|
 | `.claude/hooks/` | 22 hook scripts (17 write/run-boundary + 4 lifecycle + 1 input-boundary). Bash + python3, no jq. |
 | `.claude/agents/` | 1 baseline subagent: `swarm-worker` (rendered from `src/agents/swarm-worker.template.md`) |
-| `.claude/skills/` | 36 skills: artifact (4) + phases (10) + workers (5) + spec helpers (4) + orchestration (3) + memory (1) + shared globals (7) + audit (1) + alt tracks (1) |
+| `.claude/skills/` | 37 skills: artifact (4) + phases (11) + workers (5) + spec helpers (4) + orchestration (3) + memory (1) + shared globals (7) + audit (1) + alt tracks (1) |
 | `.claude/commands/` | 5 consent/bootstrap gates: `approve-spec`, `approve-swarm`, `grant-commit`, `grant-push`, `init-project` |
 | `.claude/memory/` | 7 canonical knowledge files + `_pending.md` (staging) + `_resume.md` (continuity snapshot) + `README.md` |
 | `.claude/project.json` | per-project config (test/lint cmd, TDD globs, destructive patterns, swarm config, additions). Populated by `/init-project`. |

package/obj/template/docs/init/seed.md

@@ -11,7 +11,7 @@
 
 **Mandatory binding language.** Each numbered section (§) below specifies a binding requirement for the baseline. Implementations SHALL conform; `CLAUDE.md` Articles SHALL reference the corresponding §; project amendments (per `CLAUDE.md` Art. X) SHALL NOT contradict any § here.
 
-The baseline turns soft engineering rules (no unauthorized commits, no stubs, no mocks of internal code, no self-approved specs) into structural guarantees enforced by write-boundary hooks. Eleven workflow phases plus one stripped-down chore track (skips TDD; runs verify + archive mandatorily, simplify/integrate/document conditionally), seventeen write/run-boundary guards plus four lifecycle hooks plus one input-boundary hook (twenty-two hook scripts total — twenty `.sh` + two `.mjs` after the JS-port pilot), thirty-six skills, one subagent, and four consent gates. Decisions live in main context; the lone subagent (`swarm-worker`) executes pre-decided recipes in parallel worktrees during `/swarm-dispatch`. Every artifact is archived; every third-party API is looked up against live docs. Project memory accumulates across sessions in `.claude/memory/` — auto-extracted by a Stop hook, curated in main context via `/memory-flush`, self-healing via re-verification.
+The baseline turns soft engineering rules (no unauthorized commits, no stubs, no mocks of internal code, no self-approved specs) into structural guarantees enforced by write-boundary hooks. Eleven workflow phases plus one stripped-down chore track (skips TDD; runs verify + archive mandatorily, simplify/integrate/document conditionally), seventeen write/run-boundary guards plus four lifecycle hooks plus one input-boundary hook (twenty-two hook scripts total — twenty `.sh` + two `.mjs` after the JS-port pilot), thirty-seven skills, one subagent, and four consent gates. Decisions live in main context; the lone subagent (`swarm-worker`) executes pre-decided recipes in parallel worktrees during `/swarm-dispatch`. Every artifact is archived; every third-party API is looked up against live docs. Project memory accumulates across sessions in `.claude/memory/` — auto-extracted by a Stop hook, curated in main context via `/memory-flush`, self-healing via re-verification.
 
 ---
 
@@ -110,7 +110,7 @@ Applies to every language. Mappings for TSX, Node, Python, Go, Rust ship inside
 │   │   └── lib/common.sh       # shared helpers
 │   ├── agents/                 # 1 subagent: swarm-worker (rendered from src/agents/swarm-worker.template.md)
 │   ├── commands/               # 5 consent/bootstrap gates (user-only — structurally)
-│   ├── skills/                 # 36 skills: artifact (4) + phases (10) + workers (5) + spec helpers (4) + orchestration (3) + memory (1) + shared globals (7) + audit (1) + alt tracks (1)
+│   ├── skills/                 # 37 skills: artifact (4) + phases (11) + workers (5) + spec helpers (4) + orchestration (3) + memory (1) + shared globals (7) + audit (1) + alt tracks (1)
 │   ├── memory/                 # project memory: 7 canonical files + _pending.md (gitignored body) + README.md
 │   └── state/                  # runtime: workflow.json, approvals, swarm plans, verdicts, logs
 ├── src/                        # pristine ship-time templates (overlay source for `npx @friedbotstudio/create-baseline`)
@@ -181,7 +181,7 @@ The baseline ships exactly one subagent. The architectural reason: subagents los
 
 **Automated re-rendering by `/init-project`.** Step 6.4 re-renders `swarm-worker.md` from the template, driven by the recommender's `additions.swarm_worker_skills`. The recommender does **not** propose new subagent types — only stack-skill additions for the existing worker. Specialization happens via skills loaded into the worker's context, not via parallel agent personas; new decision-making roles belong in skills, which run in main context.
 
-### §4.3 Skills (36)
+### §4.3 Skills (37)
 
 Each at `.claude/skills/<name>/SKILL.md`, frontmatter `name` + `description`, plus optional `template.md` (artifact skills) or helper scripts.
 
@@ -516,7 +516,7 @@ Seed-level requirement: no stale workflow artifacts in the working tree after co
 
 **Step 4:** Write `src/agents/swarm-worker.template.md` (canonical-body store, per §4.2) — the only subagent template. Then render `.claude/agents/swarm-worker.md` from it with default tokens. The template carries four tokens — `{{NAME}}`, `{{DESCRIPTION}}`, `{{SKILLS}}`, `{{ROLE_LINE}}`. Default `SKILLS` is the YAML list block `  - scenario\n  - implement` (the worker's two mandatory sub-skills). Render-parity holds at this stage. `/init-project` later re-renders the worker with stack-aware tokens when the recommender flags stack-specific skills to preload via `additions.swarm_worker_skills`.
 
-**Step 5:** Write `.claude/skills/` for the 36 skills (§4.3) — 28 workflow/worker/orchestration/memory/alt-track skills you author plus 7 shared globals plus 1 audit skill. The breakdown: artifact drafting (4) + workflow phases (10) + phase workers (5: `scenario`, `implement`, `verify`, `prose`, `design-ui`) + spec helpers (4: `spec-lint`, `spec-render`, `spec-diagram-review`, `spec-traceability-review`) + orchestration (3: `harness`, `swarm-plan`, `swarm-dispatch`) + memory (1: `memory-flush`) + shared globals (7: `claude-automation-recommender`, `code-structure`, `humanizer`, `documentation`, `technical-tutorials`, `copywriting`, `impeccable`) + drift defender (1: `audit-baseline`) + alternate tracks (1: `chore`). The vendored `claude-automation-recommender` (Apache 2.0, from `claude-code-setup`), the writing/quality globals, and the design global ship unchanged with their licenses intact. Artifact skills (intake, brd, spec, rca) each ship a `template.md`. Helper scripts: swarm-plan gets `validate.sh`, swarm-dispatch gets `swarm_merge.sh`, spec-render gets `render.sh`, spec-lint gets `lint.sh`, archive gets `archive.sh`, audit-baseline gets `audit.sh`. All helper scripts `chmod +x`.
+**Step 5:** Write `.claude/skills/` for the 37 skills (§4.3) — 29 workflow/worker/orchestration/memory/alt-track skills you author (the +1 over 28 is the `changelog` Phase 11.5 skill) plus 7 shared globals plus 1 audit skill. The breakdown: artifact drafting (4) + workflow phases (10) + phase workers (5: `scenario`, `implement`, `verify`, `prose`, `design-ui`) + spec helpers (4: `spec-lint`, `spec-render`, `spec-diagram-review`, `spec-traceability-review`) + orchestration (3: `harness`, `swarm-plan`, `swarm-dispatch`) + memory (1: `memory-flush`) + shared globals (7: `claude-automation-recommender`, `code-structure`, `humanizer`, `documentation`, `technical-tutorials`, `copywriting`, `impeccable`) + drift defender (1: `audit-baseline`) + alternate tracks (1: `chore`). The vendored `claude-automation-recommender` (Apache 2.0, from `claude-code-setup`), the writing/quality globals, and the design global ship unchanged with their licenses intact. Artifact skills (intake, brd, spec, rca) each ship a `template.md`. Helper scripts: swarm-plan gets `validate.sh`, swarm-dispatch gets `swarm_merge.sh`, spec-render gets `render.sh`, spec-lint gets `lint.sh`, archive gets `archive.sh`, audit-baseline gets `audit.sh`. All helper scripts `chmod +x`.
 
 **Step 6:** Write `.claude/commands/*.md` for the 4 gates (§4.4). All carry `disable-model-invocation: true` as belt-and-braces; structural user-only is enforced by their directory.