@grant-vine/wunderkind 0.9.12 → 0.10.1

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "wunderkind",
-  "version": "0.9.12",
+  "version": "0.10.1",
   "description": "Wunderkind \u2014 specialist AI agents for any software product team, built as an oh-my-openagent addon",
   "main": "dist/index.js"
 }

package/README.md

@@ -1,11 +1,19 @@
 # Wunderkind
 
-Wunderkind — specialist AI agent addon for OpenCode that extends your team with 12 professional agents covering marketing, design, product, engineering, brand building, QA, operations, security, devrel, legal, support, and data analysis.
+Wunderkind — specialist AI agent addon for OpenCode that extends your team with 6 retained specialist agents covering marketing, design, product, engineering, security, and legal.
 
 **Requires [OpenCode](https://opencode.ai) and [oh-my-openagent](https://github.com/code-yeongyu/oh-my-openagent).** This package cannot be used standalone.
 
 > [!IMPORTANT]
-> **Breaking change (0.7.0)**: This is a pre-1.0 release. Older installs are not supported. Please ensure you are using the latest version of both Wunderkind and oh-my-openagent.
+> Wunderkind is still pre-1.0. Keep Wunderkind and oh-my-openagent up to date together; older installs are not expected to remain compatible.
+
+> [!WARNING]
+> **Breaking changes in this version.** The automated code-cleanup product surface has been fully removed from the Wunderkind product contract. If you are upgrading from an older version that included this feature, the following surfaces have changed:
+> - The `init` flag that enabled the cleanup tool no longer exists. Passing it will fail as an unknown flag.
+> - The corresponding config key is no longer written or read. Existing config files that contain it are silently tolerated — the key is ignored on read and will not be written back.
+> - The managed gitignore entry for the cleanup tool's working directory is no longer added by `wunderkind gitignore`.
+> - The first-trigger fallback message that referenced the cleanup tool has been removed from all agent prompts.
+> - The `code-health` skill is now an audit/reporting tool only — it does not install or invoke any automated cleanup tool.
 
 ---
 
@@ -15,9 +23,9 @@ Wunderkind provides a tiered CLI for installation, project setup, and health che
 
 | Command | Purpose | Modifies |
 |---|---|---|
-| `wunderkind install` | Registers the plugin in OpenCode | `opencode.json` (Global or Project) |
-| `wunderkind upgrade` | Upgrade lifecycle entry point for existing installs | None yet (surface only) |
-| `wunderkind init` | Bootstraps a project with soul files | `.wunderkind/`, `AGENTS.md`, `.sisyphus/` |
+| `wunderkind install` | Registers the plugin in OpenCode | OpenCode config + native agents/skills (+ shared native commands) |
+| `wunderkind upgrade` | Refreshes Wunderkind-owned native assets | Native agents/skills + shared native commands |
+| `wunderkind init` | Bootstraps a project with soul files | `.wunderkind/`, `AGENTS.md`, `.sisyphus/`, project-local native agents/skills |
 | `wunderkind doctor` | Read-only diagnostics | None |
 | `wunderkind uninstall` | Safely removes Wunderkind plugin wiring | OpenCode plugin config (+ global Wunderkind config when applicable) |
 | `wunderkind gitignore` | Adds AI traces to `.gitignore` | `.gitignore` |
@@ -65,7 +73,7 @@ or
 The TUI will guide you through:
 1. Installing oh-my-openagent if it isn't already (runs its own setup flow first).
 2. Selecting the install scope (Global vs Project).
-3. Configuring your shared baseline context: region, industry, and data-protection regulations.
+3. Optionally configuring shared baseline defaults: region, industry, and data-protection regulations.
 4. Optionally initializing the current project immediately.
 
 > Note: upstream's canonical npm package is `oh-my-openagent`, while the upstream CLI command and config filename remain `oh-my-opencode` and `oh-my-opencode.jsonc`.
@@ -80,6 +88,12 @@ For CI/CD or scripted environments, use the `install` command with the `--no-tui
 > ```
 > See the [oh-my-openagent docs](https://github.com/code-yeongyu/oh-my-openagent) for all available options.
 
+```bash
+bunx @grant-vine/wunderkind install --no-tui --scope=global
+```
+
+Or provide explicit shared defaults during install:
+
 ```bash
 bunx @grant-vine/wunderkind install --no-tui \
   --scope=global \
@@ -88,7 +102,13 @@ bunx @grant-vine/wunderkind install --no-tui \
   --primary-regulation=POPIA
 ```
 
-To install at the project scope:
+To install at the project scope with inherited defaults:
+
+```bash
+bunx @grant-vine/wunderkind install --no-tui --scope=project
+```
+
+Or install at the project scope with explicit project-local baseline overrides:
 
 ```bash
 bunx @grant-vine/wunderkind install --no-tui \
@@ -110,10 +130,11 @@ Wunderkind exposes an explicit upgrade lifecycle command:
 wunderkind upgrade --scope=global
 ```
 
-Current first-wave upgrade behavior is intentionally narrow:
-- it validates that Wunderkind is already installed in the requested scope
-- it preserves all project-local soul/docs settings
-- it currently behaves as a safe no-op until future baseline override flags are introduced
+Current upgrade behavior:
+- refreshes Wunderkind native agents and native skills in the requested scope
+- refreshes Wunderkind's shipped native command assets globally
+- preserves project-local soul/docs settings unless you explicitly opt into config refresh behavior
+- supports `--dry-run` and `--refresh-config` for safe testing
 
 This keeps the lifecycle concept explicit without overloading `install`.
 
@@ -136,7 +157,13 @@ wunderkind init [options]
 | `--docs-enabled <yes\|no>` | Enable or disable documentation output | `no` |
 | `--no-tui` | Skip interactive prompts | (false) |
 
-Interactive `wunderkind init` always asks for team culture, org structure, and docs-output settings. It can also optionally walk you through specialist personality overrides; if you skip that step, Wunderkind keeps the current/default specialist personalities already in effect.
+Interactive `wunderkind init` always asks for team culture, org structure, and docs-output settings. It can also optionally create project-local SOUL files for any retained persona; if you skip that step, Wunderkind keeps the neutral retained prompts and current/default personality settings already in effect. Baseline market/regulation values are inherited unless you intentionally override them in project config.
+
+Wave 2 also lets `init` set the PRD/planning workflow mode for the project:
+- `filesystem` — PRDs, plans, issues, triage notes, RFCs, and glossary artifacts live in `.sisyphus/`
+- `github` — GitHub-backed workflows can be used when `gh` is installed and the repo is GitHub-ready
+
+If `prdPipelineMode` is absent in an older project config, Wunderkind treats it as `filesystem`.
 
 `wunderkind init` creates the following project "soul files":
 - `.wunderkind/wunderkind.config.jsonc` — Project-specific configuration
@@ -163,8 +190,8 @@ Generated Wunderkind config files now include a top-level `$schema` field for ed
   - `https://raw.githubusercontent.com/grant-vine/wunderkind/<tag>/schemas/wunderkind.config.schema.json`
 
 The schema is scope-aware:
-- global config validates only baseline fields (`region`, `industry`, `primaryRegulation`, `secondaryRegulation`)
-- project config validates soul/personality/docs fields and also permits project-local baseline overrides when needed
+- global config validates shared baseline defaults (`region`, `industry`, `primaryRegulation`, `secondaryRegulation`) but allows them to be omitted when inherited defaults are acceptable
+- project config validates soul/personality/docs fields and also permits sparse project-local baseline overrides when needed
 
 ---
 
@@ -189,26 +216,25 @@ wunderkind doctor
 
 `wunderkind doctor --verbose` additionally shows:
 - Full path resolution for global and project OpenCode configs
-- Active region, industry, and regulation baseline
+- Active region, industry, and regulation baseline with source markers
+- PRD workflow mode and GitHub-readiness signals
 - All agent personality settings with human-readable descriptions
 - Docs output configuration (path, history mode, enabled status)
 
+Legend:
+- `●` = project override
+- `○` = inherited default
+
 Example output (project context with defaults):
 
 ```
 Agent Personalities
-- ciso:         pragmatic-risk-manager  (Balances risk vs. velocity; default posture)
-- fullstack:    code-archaeologist  (Deep digs into legacy systems; explains history)
-- marketing:    data-driven  (Metrics and attribution first; no vanity metrics)
-- qa:           risk-based-pragmatist  (Tests what matters most; ships with confidence)
-- product:      outcome-obsessed  (Business outcomes and measurable impact first)
-- ops:          on-call-veteran  (Incident-hardened; runbook-first)
-- creative:     pragmatic-problem-solver  (Design that ships; form follows function)
-- brand:        authentic-builder  (No spin; build trust through radical transparency)
-- devrel:       dx-engineer  (Developer experience as a product; DX metrics)
-- legal:        pragmatic-advisor  (Risk-calibrated; enables the business to move)
-- support:      systematic-triage  (Classification, routing, and severity-driven)
-- data analyst: insight-storyteller  (Translates data into narratives for decisions)
+- ciso:       pragmatic-risk-manager   (Balances risk vs. velocity; default posture)
+- fullstack:  code-archaeologist       (Deep digs into legacy systems; explains history)
+- marketing:  data-driven              (Metrics and attribution first; no vanity metrics)
+- product:    outcome-obsessed         (Business outcomes and measurable impact first)
+- creative:   pragmatic-problem-solver (Design that ships; form follows function)
+- legal:      pragmatic-advisor        (Risk-calibrated; enables the business to move)
 ```
 
 ---
@@ -236,12 +262,37 @@ wunderkind uninstall --scope=project
 
 When enabled, agents can persist their decisions and strategies to your project's docs folder.
 
-1. **Enable** via `wunderkind init --docs-path ./docs`
+1. **Enable** via interactive `wunderkind init`, or non-interactively with `wunderkind init --no-tui --docs-enabled=yes --docs-path ./docs`
 2. **Configure** in `.wunderkind/wunderkind.config.jsonc` via `docsEnabled`, `docsPath`, and `docHistoryMode`.
 3. **Refresh or bootstrap** via `/docs-index`. This is an executable plugin command that asks eligible Wunderkind agents to refresh their canonical managed docs or create them if missing, then updates the docs index and can optionally offer `init-deep` as a follow-up question.
 
 ---
 
+## Code Health
+
+The `code-health` skill (owned by `fullstack-wunderkind`) produces a structured, evidence-based code health audit report with severity-ranked findings. It is an analysis and reporting tool only — it does not mutate code, run automated cleanup tools, or create GitHub issues or RFCs.
+
+Use it when you want a prioritised list of engineering hygiene findings (coupling, testability, dependency risk, systemic patterns) before deciding what to fix. The audit report is produced as structured markdown in the agent response, with findings grouped by severity: `critical`, `high`, `medium`, `low`, and `informational`.
+
+To request an audit, ask `fullstack-wunderkind` directly or invoke the `code-health` skill.
+
+---
+
+## Init-Deep Workflow
+
+`init-deep` is an oh-my-openagent workflow concept, not a Wunderkind CLI command.
+
+Wunderkind supports that upstream bootstrap flow in this order:
+
+1. Run `wunderkind init` to create the project's soul files and local Wunderkind scaffolding.
+2. Have an agent populate `AGENTS.md` with project knowledge, conventions, and operating context.
+3. Systematically explore the codebase and capture durable findings in `.sisyphus/` notepads and evidence.
+4. Use `/docs-index` when docs output is enabled to refresh or bootstrap the managed docs set as the project evolves.
+
+Treat this as the recommended audit/bootstrap process for bringing a project up to a high-context Wunderkind baseline.
+
+---
+
 ## Install Scope
 
 | Scope | Description |
@@ -249,30 +300,24 @@ When enabled, agents can persist their decisions and strategies to your project'
 | `global` (default) | Adds the plugin to `~/.config/opencode/opencode.json`. Agents are available in all projects. |
 | `project` | Adds the plugin to `./opencode.json` (created if missing). Agents are limited to the current project. |
 
-Wunderkind installs its native agent markdown files into OpenCode's supported agent directories. Removing Wunderkind leaves any separate oh-my-openagent installation intact.
+Wunderkind installs native markdown assets into OpenCode's supported directories. Removing Wunderkind leaves any separate oh-my-openagent installation intact.
 
-> **Native agent install note**: Wunderkind now registers its specialist agents through OpenCode-native markdown agent files. Global installs write to `~/.config/opencode/agents/`; project installs and `wunderkind init` write to `.opencode/agents/` for project-local precedence.
+> **Native asset install note**: Wunderkind registers its specialist agents and skills through OpenCode-native markdown files. Global installs and upgrades refresh the shared native assets; project installs and `wunderkind init` write `.opencode/agents/` and `.opencode/skills/` for project-local precedence. The shipped `/docs-index` command is a native command asset that Wunderkind refreshes globally.
 
 ---
 
 ## Agents
 
-| Agent Key | Role | Category |
+| Agent Key | Role | OpenCode Category |
 |---|---|---|
-| `marketing-wunderkind` | CMO-calibre strategist | primary |
-| `creative-director` | Brand & UI/UX lead | primary |
-| `product-wunderkind` | VP Product | primary |
-| `fullstack-wunderkind` | CTO-calibre engineer | primary |
-| `brand-builder` | Community, PR, thought leadership | primary |
-| `qa-specialist` | TDD, coverage, user story review | primary |
-| `operations-lead` | SRE/SLO, runbooks, incident response | primary |
-| `ciso` | Security architecture, OWASP, compliance | primary |
-| `devrel-wunderkind` | Developer relations and advocacy | primary |
-| `legal-counsel` | Legal and regulatory compliance | primary |
-| `support-engineer` | Technical support and troubleshooting | primary |
-| `data-analyst` | Data analysis and insights | primary |
-
-Wunderkind agents are distributed as native OpenCode markdown agents. Their prompts are static defaults, while runtime behavior is tailored by merged Wunderkind config from `~/.wunderkind/wunderkind.config.jsonc` and `.wunderkind/wunderkind.config.jsonc`.
+| `marketing-wunderkind` | CMO-calibre strategist for brand, community, developer advocacy, docs-led launches, and GTM | `writing` |
+| `creative-director` | Brand & UI/UX lead | `visual-engineering` |
+| `product-wunderkind` | Default orchestrator and front door for all Wunderkind requests. Routes, clarifies, and synthesises across specialists. VP Product authority: roadmaps, OKRs, PRDs, issue intake, acceptance review, sprint planning, and decomposition. | `writing` |
+| `fullstack-wunderkind` | CTO-calibre engineer | `unspecified-high` |
+| `ciso` | Security architecture, OWASP, compliance | `unspecified-high` |
+| `legal-counsel` | Legal and regulatory compliance | `writing` |
+
+Wunderkind agents are distributed as native OpenCode markdown agents. Their prompts are neutral defaults, while runtime behavior is tailored by merged Wunderkind config from `~/.wunderkind/wunderkind.config.jsonc` and `.wunderkind/wunderkind.config.jsonc`, plus optional project-local SOUL overlays in `.wunderkind/souls/<agent-key>.md`.
 
 > **About prompt size:** Wunderkind specialists are intentionally more focused and domain-heavy than many generic assistants. In practice that means their prompts are somewhat larger than medium-sized OMO specialists, because each Wunderkind agent carries deeper domain context and tighter role guidance. We optimize repeated boilerplate where it is safe to do so, but we prefer specialist quality and consistency over shaving tokens at the cost of role clarity.
 
@@ -280,76 +325,91 @@ Wunderkind agents are distributed as native OpenCode markdown agents. Their prom
 
 ## Sub-skills
 
+Skill authoring and review in this repo follow `skills/SKILL-STANDARD.md`. New or revised skills should use trigger-first descriptions, explicit surviving ownership, filesystem scope, anti-triggers, and review gates.
+
 | Skill Name | Parent Agent | Domain |
 |---|---|---|
 | `social-media-maven` | marketing-wunderkind | Social media strategy & content |
 | `visual-artist` | creative-director | Colour palettes, design tokens, WCAG |
 | `agile-pm` | product-wunderkind | Sprint planning, task decomposition |
+| `grill-me` | product-wunderkind | Requirement interrogation & ambiguity collapse |
+| `ubiquitous-language` | product-wunderkind | Shared domain glossary & canonical terminology |
+| `prd-pipeline` | product-wunderkind | PRD → plan → issues workflow |
+| `triage-issue` | product-wunderkind | Issue intake, repro shaping, acceptance clarity, and backlog-ready handoff |
+| `experimentation-analyst` | product-wunderkind | Product experiments, feature readouts, and statistical interpretation |
+| `write-a-skill` | product-wunderkind | Wunderkind-native skill authoring and adaptation |
 | `db-architect` | fullstack-wunderkind | Drizzle ORM, PostgreSQL, Neon DB |
+| `code-health` | fullstack-wunderkind | Severity-ranked code health audit reports (coupling, testability, dependency risk) |
 | `vercel-architect` | fullstack-wunderkind | Vercel, Next.js App Router, Edge Runtime |
+| `improve-codebase-architecture` | fullstack-wunderkind | Architecture RFCs, module boundaries, deep modules |
+| `design-an-interface` | fullstack-wunderkind | High-complexity API and abstraction design |
+| `tdd` | fullstack-wunderkind | Red-green-refactor loops for Bun + strict TypeScript |
 | `security-analyst` | ciso | OWASP Top 10, vulnerability assessment |
 | `pen-tester` | ciso | Penetration testing, ASVS, attack simulation |
 | `compliance-officer` | ciso | GDPR, POPIA, data classification |
+| `technical-writer` | marketing-wunderkind | Developer docs, guides, and reference writing |
+| `oss-licensing-advisor` | legal-counsel | Open source license compliance and compatibility |
 
 ---
 
 ## Configuration
 
 Wunderkind uses a split configuration model:
-- global config stores shared market/regulation baseline
-- project config stores soul/personality/docs settings
+- global config stores shared market/regulation defaults
+- project config stores personality/docs/workflow settings plus only the baseline values that intentionally override those defaults
+- project-local SOUL files in `.wunderkind/souls/` store long-form persona customization and durable learned context
 
 | File | Scope |
 |---|---|
 | `~/.wunderkind/wunderkind.config.jsonc` | Global baseline (applies to all projects) |
-| `.wunderkind/wunderkind.config.jsonc` | Per-project soul/personality/docs settings |
+| `.wunderkind/wunderkind.config.jsonc` | Per-project soul/personality/docs/workflow settings and sparse baseline overrides |
 
-Edit the global file to change region/industry/regulation defaults after install. Edit the project file to change team culture, personalities, or docs-output settings after init.
+Edit the global file to change region/industry/regulation defaults after install. Edit the project file to change team culture, personalities, docs-output settings, PRD workflow mode, or only the baseline values that differ for this project after init.
 
 ### Configuration Reference
 
 ```jsonc
-// Global baseline config
+// Global baseline config (all fields optional; omitted values fall back to built-in defaults)
 {
   "$schema": "https://raw.githubusercontent.com/grant-vine/wunderkind/main/schemas/wunderkind.config.schema.json",
   // Geographic region — e.g. "South Africa", "United States", "United Kingdom", "Australia"
-  "region": "South Africa",
+  "region": "Global",
   // Industry vertical — e.g. "SaaS", "FinTech", "eCommerce", "HealthTech"
-  "industry": "SaaS",
+  "industry": "",
   // Primary data-protection regulation — e.g. "GDPR", "POPIA", "CCPA", "LGPD"
-  "primaryRegulation": "POPIA",
+  "primaryRegulation": "",
   // Optional secondary regulation
   "secondaryRegulation": ""
 }
 ```
 
 ```jsonc
-// Project-local soul/docs config
+// Project-local soul/docs config (sparse overrides only)
 {
   "$schema": "https://raw.githubusercontent.com/grant-vine/wunderkind/main/schemas/wunderkind.config.schema.json",
+  // Optional project-specific baseline override example:
+  // "industry": "Software Development Services",
+
   // Team culture baseline — affects all agents' communication style and decision rigour
   "teamCulture": "pragmatic-balanced",
   // Org structure — "flat" (peers) | "hierarchical" (domain authority applies)
   "orgStructure": "flat",
 
-  // Agent personalities — controls each agent's default character archetype
+  // Agent personalities — controls each retained agent's default character archetype
   "cisoPersonality": "pragmatic-risk-manager",
   "ctoPersonality": "code-archaeologist",
   "cmoPersonality": "data-driven",
-  "qaPersonality": "risk-based-pragmatist",
   "productPersonality": "outcome-obsessed",
-  "opsPersonality": "on-call-veteran",
   "creativePersonality": "pragmatic-problem-solver",
-  "brandPersonality": "authentic-builder",
-  "devrelPersonality": "dx-engineer",
   "legalPersonality": "pragmatic-advisor",
-  "supportPersonality": "systematic-triage",
-  "dataAnalystPersonality": "insight-storyteller",
 
   // Documentation Output (Init-only customizations)
   "docsEnabled": false,
   "docsPath": "./docs",
-  "docHistoryMode": "overwrite"
+  "docHistoryMode": "overwrite",
+
+  // PRD / planning workflow mode
+  "prdPipelineMode": "filesystem"
 }
 ```
 
@@ -364,48 +424,32 @@ Each agent's behaviour is controlled by a `*Personality` key in your project con
 | Value | What it means |
 |---|---|
 | `paranoid-enforcer` | Maximum threat paranoia; blocks anything unproven |
-| `pragmatic-risk-manager` | Balances risk vs. velocity; default posture (default) |
-| `educator-collaborator` | Guides teams through security thinking collaboratively |
+| `pragmatic-risk-manager` | Balances risk, incident urgency, compliance impact, and delivery speed; default posture (default) |
+| `educator-collaborator` | Guides teams through security thinking, incident posture, and compliance tradeoffs collaboratively |
 
 ### CTO / Fullstack (`ctoPersonality`)
 
 | Value | What it means |
 |---|---|
-| `grizzled-sysadmin` | Battle-hardened ops mindset; stability over novelty |
-| `startup-bro` | Move fast; bias toward shipping |
-| `code-archaeologist` | Deep digs into legacy systems; explains history (default) |
+| `grizzled-sysadmin` | Battle-hardened ops mindset; stability, runbooks, supportability, and regression proof over novelty |
+| `startup-bro` | Move fast; bias toward shipping, direct technical triage, and pragmatic test depth |
+| `code-archaeologist` | Deep digs into legacy systems, flaky tests, and recurring incident history before changing architecture (default) |
 
 ### CMO / Marketing (`cmoPersonality`)
 
 | Value | What it means |
 |---|---|
-| `data-driven` | Metrics and attribution first; no vanity metrics (default) |
-| `brand-storyteller` | Narrative and emotional resonance over raw data |
-| `growth-hacker` | Experiments, loops, and funnel obsession |
-
-### QA (`qaPersonality`)
-
-| Value | What it means |
-|---|---|
-| `rule-enforcer` | Strict standards; gates every release |
-| `risk-based-pragmatist` | Tests what matters most; ships with confidence (default) |
-| `rubber-duck` | Walks devs through their own bugs; collaborative |
+| `data-driven` | Metrics, attribution, community health, docs adoption, activation, and TTFV first; no vanity metrics (default) |
+| `brand-storyteller` | Narrative, PR trust-building, thought leadership, and developer education over raw data alone |
+| `growth-hacker` | Experiments, onboarding loops, docs-led adoption, community flywheels, and funnel obsession |
 
 ### Product (`productPersonality`)
 
 | Value | What it means |
 |---|---|
-| `user-advocate` | User pain and delight over internal efficiency |
-| `velocity-optimizer` | Throughput and cycle time over perfect specs |
-| `outcome-obsessed` | Business outcomes and measurable impact first (default) |
-
-### Operations (`opsPersonality`)
-
-| Value | What it means |
-|---|---|
-| `on-call-veteran` | Incident-hardened; runbook-first (default) |
-| `efficiency-maximiser` | Automates everything; cost and throughput focused |
-| `process-purist` | Change management and process integrity |
+| `user-advocate` | User pain, issue clarity, adoption friction, and acceptance quality over internal efficiency |
+| `velocity-optimizer` | Throughput, backlog-ready triage, and rapid experiment cadence over perfect specs |
+| `outcome-obsessed` | Business outcomes, acceptance rigor, issue intake quality, and usage-driven prioritization first (default) |
 
 ### Creative Director (`creativePersonality`)
 
@@ -415,22 +459,6 @@ Each agent's behaviour is controlled by a `*Personality` key in your project con
 | `bold-provocateur` | Intentionally disruptive visual choices |
 | `pragmatic-problem-solver` | Design that ships; form follows function (default) |
 
-### Brand Builder (`brandPersonality`)
-
-| Value | What it means |
-|---|---|
-| `community-evangelist` | Builds through authentic community engagement |
-| `pr-spinner` | Narrative control and media-savvy messaging |
-| `authentic-builder` | No spin; build trust through radical transparency (default) |
-
-### DevRel (`devrelPersonality`)
-
-| Value | What it means |
-|---|---|
-| `community-champion` | Forum presence, events, OSS contribution |
-| `docs-perfectionist` | Every API documented; no gaps tolerated |
-| `dx-engineer` | Developer experience as a product; DX metrics (default) |
-
 ### Legal Counsel (`legalPersonality`)
 
 | Value | What it means |
@@ -439,22 +467,6 @@ Each agent's behaviour is controlled by a `*Personality` key in your project con
 | `pragmatic-advisor` | Risk-calibrated; enables the business to move (default) |
 | `plain-english-counselor` | Translates legalese into plain language |
 
-### Support Engineer (`supportPersonality`)
-
-| Value | What it means |
-|---|---|
-| `empathetic-resolver` | Treats every ticket as a relationship |
-| `systematic-triage` | Classification, routing, and severity-driven (default) |
-| `knowledge-builder` | Every fix becomes a doc; knowledge loop focus |
-
-### Data Analyst (`dataAnalystPersonality`)
-
-| Value | What it means |
-|---|---|
-| `rigorous-statistician` | Significance, confidence intervals, no p-hacking |
-| `insight-storyteller` | Translates data into narratives for decisions (default) |
-| `pragmatic-quant` | Good-enough analysis fast; directional signals |
-
 ---
 
 ## Directory Structure
@@ -464,6 +476,8 @@ Each agent's behaviour is controlled by a `*Personality` key in your project con
 ```
 .wunderkind/
   wunderkind.config.jsonc     # per-project config override
+  souls/
+    <agent-key>.md            # optional project-local SOUL overlays for retained personas
 ```
 
 ### Global (`~/.wunderkind/`)
@@ -473,6 +487,14 @@ Each agent's behaviour is controlled by a `*Personality` key in your project con
   wunderkind.config.jsonc     # global config baseline
 ```
 
+## Research Inputs
+
+Wunderkind's evolving workflow strategy is informed in part by Matt Pocock's public skills repository:
+
+- https://github.com/mattpocock/skills
+
+We plan to adapt selected ideas such as ubiquitous language, structured questioning, and PRD/planning flows to Wunderkind's filesystem-first `.sisyphus/` workflow rather than adopting GitHub-issue-centric assumptions directly.
+
 ---
 
 ## Manual Installation

package/agents/ciso.md

@@ -10,28 +10,18 @@ permission:
 ---
 # CISO — Soul
 
-You are the **CISO** (Chief Information Security Officer). Before acting, read `.wunderkind/wunderkind.config.jsonc` and load:
-- `cisoPersonality` — your character archetype:
-  - `paranoid-enforcer`: Everything is a threat until proven otherwise. Zero tolerance, zero exceptions. Block first, ask questions after.
-  - `pragmatic-risk-manager`: Paranoid but practical. Prioritise by real-world exploitability. Recommend mitigations, not just red-flags.
-  - `educator-collaborator`: Explain attack vectors, provide doc links, teach the team to fish. Security through understanding.
-- `orgStructure`: If `hierarchical`, your security findings are non-negotiable — you have hard veto on any feature or change until critical findings are remediated. If `flat`, escalate unresolved conflicts to the user.
-- `teamCulture`: Adjust communication rigour accordingly — `formal-strict` means documented evidence for every finding; `experimental-informal` means Slack-friendly summaries.
+You are the **CISO** (Chief Information Security Officer). Before acting, read the resolved runtime context for `cisoPersonality`, `teamCulture`, `orgStructure`, `region`, `industry`, and applicable regulations.
+
+If a project-local SOUL overlay is present, treat it as additive guidance that refines the neutral base prompt for this project.
 
 **Regardless of personality or org structure, this rule is absolute and cannot be overridden:**
 > When a security finding of severity High or Critical is raised, remediation must begin within **72 hours**. No sprint priorities, deadlines, or business pressure can delay this. No other agent can deprioritise a CISO finding. No exceptions.
 
-Also read:
-- `primaryRegulation` — applies to all breach notification and data-handling decisions
-- `region` and `industry` — for jurisdiction-specific compliance requirements
-
-If `.wunderkind/wunderkind.config.jsonc` is absent, default to: `pragmatic-risk-manager`, `flat` org, GDPR as primary regulation.
-
 ---
 
 # CISO
 
-You are the **CISO** (Chief Information Security Officer) — a security architect and risk manager who protects systems, data, and users through proactive threat modelling, rigorous code review, and a culture of security-by-default. You apply NIST CSF 2.0 and lead three specialist sub-skills: Security Analyst, Pen Tester, and Compliance Officer.
+You are the **CISO** (Chief Information Security Officer) — a security architect, risk manager, and security-incident leader who protects systems, data, and users through proactive threat modelling, rigorous code review, and a culture of security-by-default. You apply NIST CSF 2.0 and lead three specialist sub-skills: Security Analyst, Pen Tester, and Compliance Officer.
 
 Your mandate: **secure by design, not secure by audit.**
 
@@ -80,6 +70,14 @@ Security controls must exist at multiple layers — compromising one layer must
 - Verify package integrity (checksums, provenance) for critical dependencies
 - Evaluate new dependencies: last updated, maintainer reputation, download count, known CVEs
 
+### Security Incident Command & Compliance Impact
+- Triage whether an outage, anomaly, or integrity failure is actually a security event or a plain reliability issue
+- Preserve evidence: logs, timelines, impacted identities, changed infrastructure, and exposed credentials before cleanup destroys context
+- Coordinate containment with `fullstack-wunderkind` while you own security priority, blast-radius framing, and control-gap analysis
+- Assess privacy and compliance impact: what regulated data, systems, or obligations are implicated, and how fast escalation must happen
+- Distinguish technical containment from formal legal notice: security owns the impact assessment, legal owns final regulatory and contractual wording
+- Feed every incident back into controls, threat models, and preventive guardrails so the same class of failure is harder to repeat
+
 ---
 
 ## Operating Philosophy
@@ -175,19 +173,19 @@ Activate the security incident response playbook.
 5. **Recover**: restore from verified clean backups, verify integrity, monitor closely post-recovery
 6. **Learn**: postmortem within 48 hours, update threat model, improve controls
 
-**For containment and operational response**, delegate to `wunderkind:operations-lead` immediately in parallel:
+**For containment and service recovery**, delegate to `wunderkind:fullstack-wunderkind` immediately so engineering owns the operational response while you retain security command:
 
 ```typescript
 task(
   category="unspecified-high",
-  load_skills=["wunderkind:operations-lead"],
+  load_skills=["wunderkind:fullstack-wunderkind"],
   description="Incident containment: [incident type]",
   prompt="A security incident has been declared: [incident type and known details]. Execute containment: isolate affected systems, revoke exposed credentials/tokens, disable compromised accounts, capture and preserve logs for forensics, assess service availability impact, and stand up a status page or internal comms channel. Return: actions taken, systems affected, blast radius estimate, and current service status.",
   run_in_background=false
 )
 ```
 
-**If personal data is involved**, delegate to `wunderkind:compliance-officer` for breach notification obligations:
+**If personal data is involved**, assess breach-notification obligations with `wunderkind:compliance-officer`; route final legal wording or contractual notice work to `wunderkind:legal-counsel` after the impact is classified:
 
 ```typescript
 task(

package/agents/creative-director.md

@@ -11,13 +11,9 @@ permission:
 ---
 # Creative Director — Soul
 
-You are the **Creative Director**. Before acting, read `.wunderkind/wunderkind.config.jsonc` and load:
-- `creativePersonality` — your character archetype:
-  - `perfectionist-craftsperson`: Every pixel must earn its place. Pixel-perfect or not shipped. Design is a discipline, not decoration.
-  - `bold-provocateur`: Push the boundaries. Safe is forgettable. The best designs divide opinion and start conversations.
-  - `pragmatic-problem-solver`: Design solves real problems within real constraints. Ship beautiful work on time. Perfect is the enemy of launched.
-- `teamCulture` for how formal design critique and review processes should be.
-- `region` for cultural design preferences, colour symbolism, and typography conventions.
+You are the **Creative Director**. Before acting, read the resolved runtime context for `creativePersonality`, `teamCulture`, `orgStructure`, `region`, `industry`, and applicable regulations.
+
+If a project-local SOUL overlay is present, treat it as additive guidance that refines the neutral base prompt for this project.
 
 ---