@haaaiawd/anws 2.4.0 → 2.4.1

package/templates/.agents/workflows/upgrade.md

@@ -1,11 +1,11 @@
 ---
-description: "【ALPHA】/upgrade：anws update 后读 changelog、定级 Minor/Major、产人类可审计划并路由到 /change 或 /genesis；宿主不替下游落盘长模板。"
+description: "/upgrade：anws update 后读 changelog、定级 Minor/Major、产人类可审计划并路由到 /change 或 /genesis；宿主不替下游落盘长模板。"
 ---
 
-# /upgrade (ALPHA)
+# /upgrade
 
 <phase_context>
-你是 **UPGRADE ORCHESTRATOR（升级编排师）— ALPHA 线**。
+你是 **UPGRADE ORCHESTRATOR（升级编排师）**。
 
 **使命**：在 **`anws update` 已完成**的前提下，读取 `.anws/changelog/` 最新记录，判断 **Minor / Major**，生成可审升级计划，并在人类批准后**路由**到 `/change` 或 `/genesis`（由目标工作流执行写盘）。  
 **能力**：定位 changelog 与当前 `v{N}`、定级、框架→业务文档影响映射、路由建议、推断段 WARNING 标记规范。  
@@ -19,8 +19,8 @@ description: "【ALPHA】/upgrade：anws update 后读 changelog、定级 Minor/
 ## CRITICAL 凝练与版式（/craft + /challenge 思想）
 
 > [!IMPORTANT]
-> **craft**：改稿前 Read shipped `.agents/skills/craft-authoring/SKILL.md` 与 `.agents/workflows/craft.md`；各 `## Step …` 使用 **`### 做什么` / `### 为什么` / `### 怎么验收`**；`<completion_criteria>` 必填。  
-> **凝练**：计划与汇报 **一句一事**；定级规则与执行序 **不得削弱** shipped `templates/.../upgrade.md` 的硬约束。  
+> **craft**：改稿前 Read **`.agents/skills/craft-authoring/SKILL.md`** 与 **`.agents/workflows/craft.md`**；各 `## Step …` 使用 **`### 做什么` / `### 为什么` / `### 怎么验收`**；`<completion_criteria>` 必填。  
+> **凝练**：计划与汇报 **一句一事**；定级规则与执行序 **不得削弱** 本 workflow 所载硬约束。
 > **不注入**：人类检查点展示**须含职能**（changelog 路径、当前 `v{N}`、定级、推荐路由、受影响文件+原因、推断风险提示、批准/拒绝/调整）——**不**粘贴整页 fenced 模板。
 
 ---
@@ -54,7 +54,7 @@ description: "【ALPHA】/upgrade：anws update 后读 changelog、定级 Minor/
 
 ### 做什么
 
-按 shipped `upgrade` 规则（**仅** Minor/Major）：评估是否需**新架构版本**、是否动目录/多工作流协议、`01`/`02`/`03` **结构语义**、是否需保留旧版兼容叙事。逐条记录**是/否+一句理由**。
+按本 workflow **Minor / Major** 分级（**仅**此两档）：评估是否需**新架构版本**、是否动目录/多工作流协议、`01`/`02`/`03` **结构语义**、是否需保留旧版兼容叙事。逐条记录**是/否+一句理由**。
 
 ### 为什么
 
@@ -105,9 +105,9 @@ upgrade 与执行工作流解耦，避免双写。
 
 ### 做什么
 
-- **Minor**：读取宿主挂载的 **`/change`** 工作流（若使用 `templates_alpha` overlay 则读同树 `change.md`），将 Step 2 映射作为输入；后续**全部**遵守 `/change` 权限与签名；若执行中发现超出 `/change` → 停止并改 `/genesis`。  
-- **Major**：读取 **`/genesis`**（同上 overlay 规则），将 Step 2 作为新版本演进输入；遵守 Copy & Evolve 与版本规则。  
-- 需 AI 补全且非纯机械替换的段落：段前加 shipped 规定的 **`> [!WARNING] AI 推断填充，请人类复核。`**  
+- **Minor**：读取宿主挂载的 **`/change`** 工作流（**`.agents/workflows/change.md`**，与当前工作区同源），将 Step 2 映射作为输入；后续**全部**遵守 `/change` 权限与签名；若执行中发现超出 `/change` → 停止并改 `/genesis`。  
+- **Major**：读取 **`/genesis`**，将 Step 2 作为新版本演进输入；遵守 Copy & Evolve 与版本规则。  
+- 需 AI 补全且非纯机械替换的段落：段前加 **`> [!WARNING] AI 推断填充，请人类复核。`**
 - **业务常量**（领域术语、产品目标、用户故事业务意图、团队约束、自定义边界）**禁止**被框架升级覆盖。
 
 ### 为什么

package/templates_en/.agents/skills/anws-system/SKILL.md

@@ -29,9 +29,11 @@ Use this skill when any of the following applies:
 3. Then read corresponding workflow references as needed
 4. Before finishing required references, do not directly execute write operations of that workflow
 
-## Workflow Map
-
-- `references/quickstart.md`
+## Workflow Map
+
+> `references/*.md` is generated by CLI projection for skills-only targets such as Codex / Trae; the canonical source remains `.agents/workflows/*.md`.
+
+- `references/quickstart.md`
   - Purpose: global entry. Determine current project stage and which workflow to call first
 - `references/probe.md`
   - Purpose: system risk probing before taking over legacy projects or major changes

package/templates_en/.agents/skills/code-reviewer/SKILL.md

@@ -1,18 +1,19 @@
 ---
 name: code-reviewer
-description: 【ALPHA】Pure static "contract fidelity / implementation-side evidence" review: Against PRD, ADR, system design, 05A_TASKS, and 05B_VERIFICATION_PLAN, produce traceable conclusions on contract closure, task fulfillment, architecture health, security boundaries, verification evidence, and backflow consistency; shared by /challenge (CODE/FULL) and /forge (Step 3 §3.6 end-of-wave).
+description: Pure static "contract fidelity / implementation-side evidence" review: Against PRD, ADR, system design, 05A_TASKS, and 05B_VERIFICATION_PLAN, produce traceable conclusions on contract closure, task fulfillment, architecture health, security boundaries, verification evidence, and backflow consistency; shared by /challenge (CODE/FULL) and /forge (Step 3 §3.6 end-of-wave).
 ---
 
-# Code Reviewer — Implementation-side evidence layer【ALPHA】
+# Code Reviewer — Implementation-side evidence layer
 
 You are **CODE REVIEWER**. Your job is not a generic PR review or style grading, but to answer with purely static evidence: **whether the implementation faithfully fulfills commitments in PRD / ADR / System Design / 05A_TASKS / 05B_VERIFICATION_PLAN; if not, what the risks are and where the evidence is.**
 
 ## CRITICAL methodological anchors
 
 - **Static-only is the boundary**: Only readable artifacts and code form are admitted; anything that depends on processes, networks, browsers, or real runtime ordering must be labeled **cannot be confirmed via static review** or **requires manual verification**, and must not be written as proven.
-- **Contract over intuition**: Ordering and wording follow PRD / ADR / System Design / `05A_TASKS.md` / `05B_VERIFICATION_PLAN.md` / this round’s task description; preference-driven criticism without an anchor must not appear in strong conclusions.
-- **Evidence tiers**: Assertions such as Critical / High / Fail / Pass must cite `**path:line**`; without a location, downgrade to “suspected” or “cannot confirm”; do not overstate certainty.
-- **Root cause over stacking**: Merge similar issues into a fixable root cause; do not inflate severity by duplicate entries.
+- **Contract over intuition**: Ordering and wording follow PRD / ADR / System Design / `05A_TASKS.md` / `05B_VERIFICATION_PLAN.md` / this round’s task description; preference-driven criticism without an anchor must not appear in strong conclusions.
+- **Evidence tiers**: Assertions such as Critical / High / Fail / Pass must cite `**path:line**`; without a location, downgrade to “suspected” or “cannot confirm”; do not overstate certainty.
+- **Root cause over stacking**: Merge similar issues into a fixable root cause; do not inflate severity by duplicate entries.
+- **Shared report contract**: persisted reports, single-writer rules, subagent handoff, and de-duplication follow `.agents/skills/output-contract/SKILL.md`.
 
 ## Hard boundaries (must follow)
 

package/templates_en/.agents/skills/concept-modeler/SKILL.md

@@ -1,9 +1,9 @@
 ---
 name: concept-modeler
-description: 【ALPHA】Use when user needs are vague or terminology is unclear. Clarifies domain concepts through interactive follow-up questions, extracting entities, flows, and dark matter (missing_components). Invoked by **alpha `/genesis` Step 1** after Step 0 has set `TARGET_DIR = .anws/v{N}`; use with the `templates_alpha` workflow bundle in the same bundle; **do not** mix in the same session with the shipped skill of the same name under `templates/`.
+description: Use when user needs are vague or terminology is unclear. Clarifies domain concepts through interactive follow-up questions, extracting entities, flows, and dark matter (missing_components). Invoked by **`/genesis` Step 1** after Step 0 has set `TARGET_DIR = .anws/v{N}`; use with **`/genesis`** in the same workspace.
 ---
 
-# Domain Modeler【ALPHA】
+# Domain Modeler
 
 > "If you cannot describe it clearly, you cannot build it." — Eric Evans
 
@@ -16,7 +16,7 @@ You are the **DOMAIN MODELER**.
 
 **Mission**: In `/genesis` **Step 1**, converge vague user wording into **Ubiquitous Language** and a machine-readable/writable `concept_model.json`; supply unambiguous nouns, verbs, and known gaps for PRD writing.  
 **Capabilities**: Vagueness scan (entities / verbs / dark matter / boundaries), controlled questioning (multiple choice or very short answers), incremental model maintenance on every answer, `glossary` and `clarifications` traceability.  
-**Constraints**: **Output only one question to the user at a time** (queue is internal only; do not dump the full list at the user); do not skip follow-up and fill JSON from memory; do not mix in-session with the shipped `templates/` `concept-modeler`; if the host provides a structured questioning tool (e.g. `ask question`), **prefer the tool** to ask.  
+**Constraints**: **Output only one question to the user at a time** (queue is internal only; do not dump the full list at the user); do not skip follow-up and fill JSON from memory; if the host provides a structured questioning tool (e.g. `ask question`), **prefer the tool** to ask.
 **Sub-agents (optional)**: Bounded slices only (e.g. "only generate vagueness candidates", "only reconcile glossary synonym conflicts"); after merge **the parent agent** is the sole writer of `.anws/v{N}/concept_model.json`; sub-agents must not race the same file.  
 **Output Goal**: `.anws/v{N}/concept_model.json` with field semantics matching the **spec contract** below; user-side closure on key terminology.
 </phase_context>
@@ -115,7 +115,7 @@ You are the **DOMAIN MODELER**.
 
 ## Triggering and host pairing
 
-- **Primary path**: alpha **`/genesis` Step 1**: after Step 0 has set `TARGET_DIR`, load this skill, run requirement clarification, and write `concept_model.json`.  
+- **Primary path**: **`/genesis` Step 1**: after Step 0 has set `TARGET_DIR`, load this skill, run requirement clarification, and write `concept_model.json`.  
 - **Secondary path**: if the user does domain scaffolding outside genesis, still follow this skill and write `concept_model.json` for the currently active version (path rules unchanged).
 
 ---
@@ -193,7 +193,7 @@ JSON on disk matches the latest conversation; no "answered everything then fabri
 
 ---
 
-## Veteran rules (stacked with ALPHA contract)
+## Veteran rules (stacked with this SKILL contract)
 
 1. **Do not assume**: Never default-understand user vocabulary; questions are contract sources.  
 2. **One at a time**: Only one outward question.  
@@ -227,4 +227,4 @@ JSON on disk matches the latest conversation; no "answered everything then fabri
 - [ ] **`clarifications`** matches outward question count or gaps are explainable.  
 - [ ] Model saved to **`TARGET_DIR/concept_model.json`** (equivalent **`.anws/v{N}/concept_model.json`**).  
 - [ ] User confirmed terminology understanding (verbal or "continue"-class signal—next genesis step gating is host-defined).  
-- [ ] Not mixed in-session with shipped **`templates/`** `concept-modeler`.
+- [ ] Session uses only workspace **`.agents/skills/concept-modeler/SKILL.md`**; no alternate-path paraphrase of the same skill.

package/templates_en/.agents/skills/craft-authoring/SKILL.md

@@ -21,7 +21,7 @@ This skill carries the execution detail of `/craft`.
 - A weak document sounds energetic but depends on improvisation.
 
 > **Split from `output-contract`**: This file covers **scaffolds** for workflows/skills/prompts only. Shared on-disk spec, parent/child delegation, and single-writer rules live in **`.agents/skills/output-contract/SKILL.md`**.  
-> **CLI install manifest**: what copies on `anws init`, canonical vs **`templates_alpha*`** overlay, and merge checklists—read **`references/BUNDLE_POLICY.md`**.
+> **CLI install manifest**: what copies on `anws init`, registry + **`BUNDLE_POLICY`** boundaries—read **`references/BUNDLE_POLICY.md`**.
 
 ---
 

package/templates_en/.agents/skills/craft-authoring/references/BUNDLE_POLICY.md

@@ -1,6 +1,6 @@
-# Template bundle contract (CLI · canonical · alpha)
+# Template bundle contract (CLI · package templates)
 
-This document defines **install boundaries**: what the CLI copies, how canonical `templates/` relates to alpha overlays, and how we avoid **silent product-contract changes**.  
+This document defines **install boundaries**: what the CLI copies. The product ships **one** `RESOURCE_REGISTRY`. **`zh` / `en`** only selects which on-disk tree supplies text for the **same relative paths**—not two competing product authorities.  
 Any change to **`lib/manifest.js`** `RESOURCE_REGISTRY` is an **explicit** change to what users receive—document it in **release notes**.
 
 ---
@@ -10,51 +10,33 @@ Any change to **`lib/manifest.js`** `RESOURCE_REGISTRY` is an **explicit** chang
 | Mechanism | Role |
 |-----------|------|
 | **`RESOURCE_REGISTRY`** | Array in `lib/manifest.js`; **only** driver for paths written by `anws init` / `anws update` (per IDE projection). |
-| **`TEMPLATE_ROOT`** | `src/anws/templates/` (see `lib/resources`). **`resolveCanonicalSource`** joins this root + each registry **`source`**. |
+| **`TEMPLATE_ROOT`** / **`TEMPLATE_ROOT_EN`** | `src/anws/templates/` and `src/anws/templates_en/` (see `lib/resources`). **`resolveCanonicalPath(rel, templateLocale)`** reads **`templates/`** for **`zh`**; for **`en`** it prefers the same **relative path** under **`templates_en/`**, falling back to **`templates/`** when missing. |
 | **Check** | `scripts/check-canonical-templates.js`: every registry **`source`** must exist under **`templates/`** as a regular file. |
 
-Relative paths that **do not** appear in **`RESOURCE_REGISTRY`**—even if present on disk under **`templates/`**—are **not** installed by default CLI. That is **registry gap vs shipped disk**, not the same as alpha **choosing** to omit a mirrored skill. (Example: a **`nexus-query/`** tree on disk without a registry row is **not** CLI-delivered; an alpha tree may omit the mirror entirely—use **registry + this doc**, do not conflate.)
+Relative paths that **do not** appear in **`RESOURCE_REGISTRY`**—even if present on disk under **`templates/`**—are **not** installed by default CLI. Example: a **`nexus-query/`** tree maintained in-repo but **not** registered is **not** CLI-delivered—use **registry + this doc** as authority.
 
 ---
 
-## 2. Canonical (`templates/`) vs EN mirror (`templates_en/`)
+## 2. `templateLocale`: `templates/` and `templates_en/`
 
-- **`templates/`**: canonical tree shipped in the npm package (default zh authoring layout).
-- **`templates_en/`**: English mirror for bilingual maintenance; **CLI still resolves copy sources from `templates/` only**. Keeping zh/en aligned is a **maintainer** duty, not a second install root.
+- **`templates/`**: default zh copy tree in the npm package; also the **registry existence check root**.
+- **`templates_en/`**: English mirror; when **`install-lock`** has **`templateLocale: en`**, init/update reads the same **relative paths** from **`templates_en/`**, with fallback to **`templates/`** for missing files.
+- Maintainer duty: keep **the same `source` relative paths** semantically aligned across zh/en—avoid EN-only drift.
 
 ---
 
-## 3. Alpha overlay (`templates_alpha/` · `templates_alpha_en/`)
-
-**Not** a second semver line and **not** mounted wholesale in **`RESOURCE_REGISTRY`**.
-
-| Property | Detail |
-|----------|--------|
-| **Purpose** | Optional install root, remediation, experiments. |
-| **Install** | No `anws init --bundle alpha` today—overlay use is **manual** or custom scripting. |
-| **vs canonical** | May **omit** whole skills (e.g. no **`nexus-query`** mirror) to save volume; if you need that capability, read shipped **`templates/`** homonyms or **register** those paths in the registry before relying on CLI. |
-| **Shared contracts** | Prefer **`output-contract`** and single skill references instead of duplicating long prose in the overlay. |
-
-### Before merging overlay into canonical (checklist)
-
-1. **Omission**: **permanent product removal** vs **overlay-only**—if the latter, canonical/registry must not pretend the feature vanished.
-2. **Registry**: adding/removing entries affects **every** user on update—semver + release notes.
-3. **Bulk**: **slim / extract skills / dedupe** first, then merge—avoid dumping narrative debt into default paths.
-
----
-
-## 4. Split vs `/craft` and `output-contract`
+## 3. Split vs `/craft` and `output-contract`
 
 | Artifact | Owns |
 |----------|------|
 | **`craft-authoring` SKILL** | Authoring scaffolds + scoring gate for `/craft`. |
 | **`output-contract`** | Runtime persisted-report spec + delegation + single-writer rules. |
-| **This `BUNDLE_POLICY`** | **What the CLI installs**, canonical vs alpha **semantics**, merge **decisions**. |
+| **This `BUNDLE_POLICY`** | **What the CLI installs**, locale root selection, registry **decisions**. |
 
 ---
 
-## 5. Slim-down roadmap (suggested order)
+## 4. Slim-down roadmap (suggested order)
 
 1. **Registry gap**: if a path under **`templates/`** should ship but is missing from **`RESOURCE_REGISTRY`**, either **register** it or **delete** unused disk clutter.
 2. **Dedupe**: replace duplicated bullets in reviewers/workflows with **one-line pointers** to **`output-contract`** / this policy.
-3. **Heavy skills** (e.g. **`system-architect`**): shrink embedded templates; **link** one authoritative file instead of mirroring ADR tables—then revisit alpha promotion or large merges.
+3. **Heavy skills** (e.g. **`system-architect`**): shrink embedded templates; **link** one authoritative file instead of mirroring ADR tables—then revisit large merges.

package/templates_en/.agents/skills/design-reviewer/SKILL.md

@@ -1,10 +1,9 @@
 ---
 name: design-reviewer
-description: 【ALPHA】Load when `/challenge` needs design-side contract-closure evidence (three-dimensional architecture and system-design doc review); deliver anchorable, severity-graded findings for inclusion in 07_CHALLENGE_REPORT—not final rulings outside challenge context.
+description: Load when `/challenge` needs design-side contract-closure evidence (three-dimensional architecture and system-design doc review); deliver anchorable, severity-graded findings for inclusion in 07_CHALLENGE_REPORT—not final rulings outside challenge context.
 ---
 
-# design-reviewer (ALPHA)
-
+# design-reviewer
 > Naming design defects before implementation is an order of magnitude cheaper than settling the debt after production.
 
 Within the `/challenge` chain, you are the **design-side evidence layer**: show which contracts remain unclosed at system boundaries, interfaces, state, timing, and error paths; you **do not** replace CHALLENGER’s holistic report judgment or routing—only deliver mergeable, verifiable design finding blocks.
@@ -26,13 +25,13 @@ Within the `/challenge` chain, you are the **design-side evidence layer**: show
 
 ## CRITICAL Deliverable contract
 
-> [!IMPORTANT]
->
-> - **Precise**: Every finding carries **minimal sufficient anchors** (`path`, explicit title / subsection name, or stable chapter id); do not write only “see architecture doc”.
-> - **Traceable**: “Finding → quote or précis → inference chain → impact → suggestion” stays in consistent order for lookup; without an inference chain, do not tag Critical / High.
-> - **No duplication**: Same gap keeps only one master finding; the summary table does not paste long detail blobs.
-> - **No padding**: Forbidden: object-free “attention needed”, “recommend strengthening”, “to optimize”; in the **Core findings table**, **finding / impact / suggestion** are each **one sentence** (very short compound sentences allowed).
-> - **Quality over quantity**: A few high-signal findings beat a pile of guesses.
+> [!IMPORTANT]
+>
+> Shared persisted-report rules (precision, evidence, non-repetition, no filler, single-writer, delegation closure) are defined in **`.agents/skills/output-contract/SKILL.md`**; this skill only adds design-review-specific anchor and severity rules.
+> - **Anchor**: Every finding carries **minimal sufficient anchors** (`path`, explicit title / subsection name, or stable chapter id); do not write only “see architecture doc”.
+> - **Traceable**: “Finding → quote or précis → inference chain → impact → suggestion” stays in consistent order for lookup; without an inference chain, do not tag Critical / High.
+> - **Table rule**: In the **Core findings table**, **finding / impact / suggestion** are each **one sentence** (very short compound sentences allowed).
+> - **Quality over quantity**: A few high-signal findings beat a pile of guesses.
 
 ---
 

package/templates_en/.agents/skills/e2e-testing-guide/SKILL.md

@@ -1,16 +1,16 @@
 ---
 name: e2e-testing-guide
-description: [ALPHA] Specifies the human-facing E2E / manual verification *Testing Guide* and *E2E Verification* report skeleton (PRD traceability, human walk-through order, verdict columns may only be PASS/PARTIAL_PASS/FAIL); **does not include real-browser orchestration**—order of operations and backfill obligations are fixed by the host **`/forge` §3.7** (and alpha-aligned forge text).
+description: Specifies the human-facing E2E / manual verification *Testing Guide* and *E2E Verification* report skeleton (PRD traceability, human walk-through order, verdict columns may only be PASS/PARTIAL_PASS/FAIL); **does not include real-browser orchestration**—order of operations and backfill obligations are fixed by the host **`/forge` §3.7** (per `/forge` wording).
 ---
 
-# E2E Testing Guide — Human verification document layer [ALPHA]
+# E2E Testing Guide — Human verification document layer 
 
 <phase_context>
 You are **E2E GUIDE AUTHOR (verification guide writer)**.
 
 **Mission**: Before **executing or being authorized for real-browser testing**, produce *E2E Verification* documentation a reader can follow **as if seeing the product for the first time**: **read-the-screen before action**, honest entries and coverage, each conclusion traceable to PRD/acceptance; do **not** mistake “having written the guide” for “having tested”.
 **Capability**: Context gathering and explicit blocking issues; structured RTM/Surface/Journey enumeration; steps aligned with human exploration order; expected Evidence types; aligning with `/forge` §3.7 on filenames on disk and order of operations.
-**Constraint**: Do not write browser-automation protocols or verdict tiers outside this skill; do **not**, without a real browser run, set `Journey result` / `Step result` to `PASS`; do **not** remove the **hard constraints, mandatory walk-through rules, or required headings/tables below** (you may only compress repetitive asides); in the **same artifact session** as other **templates_alpha** skills, **do not** mix with the shipped **templates/** version under the same path.
+**Constraint**: Do not write browser-automation protocols or verdict tiers outside this skill; do **not**, without a real browser run, set `Journey result` / `Step result` to `PASS`; do **not** remove the **hard constraints, mandatory walk-through rules, or required headings/tables below** (you may only compress repetitive asides).
 **Relationship to sub-agents**: The parent session exclusively owns **TARGET_DIR/wave-{N}-e2e.md** (or the current workflow offline-equivalent path); subtasks may only return **table blocks and boundary notes** that can be merged; after merging, perform a **spec-contract** acceptance pass before persisting.
 **Output goal**: Satisfy the Markdown skeleton in **Required output**; real-browser backfill runs in **`/forge` §3.7** step two after authorization.
 </phase_context>

package/templates_en/.agents/skills/nexus-mapper/SKILL.md

@@ -241,8 +241,8 @@ Allowed to honestly write uncertainty, but must explain which missing evidence c
 
 ```bash
 # Set SKILL_DIR (adjust based on actual installation path)
-# Scenario A: Installed as .agent/skills
-SKILL_DIR=".agent/skills/nexus-mapper"
+# Scenario A: Installed as .agents/skills
+SKILL_DIR=".agents/skills/nexus-mapper"
 # Scenario B: Independent repo (during development/debugging)
 SKILL_DIR="/path/to/nexus-mapper"
 

package/templates_en/.agents/skills/nexus-mapper/references/probe-protocol.md

@@ -40,7 +40,7 @@ python $SKILL_DIR/scripts/git_detective.py $repo_path --days 90 \
   > $repo_path/.nexus-map/raw/git_stats.json
 ```
 
-> `$SKILL_DIR` is this Skill's installation path (`.agent/skills/nexus-mapper` or independent repo path).
+> `$SKILL_DIR` is this Skill's installation path (`.agents/skills/nexus-mapper` or independent repo path).
 > `$repo_path` is absolute path to target repo.
 > `extract_ast.py --file-tree-out` by default excludes `.git/`, `.nexus-map/`, `node_modules/`, `__pycache__/`, `.venv/`, `dist/`, `build/` and other noise directories and files.
 

package/templates_en/.agents/skills/nexus-query/SKILL.md

@@ -42,7 +42,7 @@ python $SKILL_DIR/scripts/extract_ast.py $repo_path > $AST_JSON
 python $SKILL_DIR/scripts/git_detective.py $repo_path --days 90 > $GIT_JSON
 ```
 
-> `$SKILL_DIR` is this skill's install path (`.agent/skills/nexus-query` or standalone repo path).
+> `$SKILL_DIR` is this skill's install path, usually `.agents/skills/nexus-query`; when projected to a target IDE, use that target's skills directory.
 
 **Dependency install (first use)**:
 ```bash

package/templates_en/.agents/skills/runtime-inspector/SKILL.md

@@ -1,101 +1,150 @@
----
-name: runtime-inspector
-description: Analyze runtime behavior, process boundaries, and IPC mechanisms to detect protocol drift risk and process lifecycle issues.
----
-
-# The Wiretapper's Casebook
-
-> "Code can lie, but processes do not. A single `.spawn()` reveals more than a thousand lines of comments." -- Old wiretapper proverb
-
-This skill's job is to **trace communication lines between processes**.
-
-**Master rule**: If two processes are talking but no one defines their language, version, or format, that is a **Protocol Mismatch** disaster waiting to happen.
-
----
-
-## Deep Thinking Requirement
-
-> [!IMPORTANT]
-> **Runtime analysis requires deep thinking; choose thinking mode based on model capability and task complexity.**
->
-> **Core decision rules:**
-> - **No CoT model** -> **must call** `sequential-thinking` CLI
-> - **CoT model + simple project** (single process, clear communication) -> use guided natural CoT
-> - **CoT model + complex project** (multi-process, premise corrections needed) -> call `sequential-thinking` CLI
->
-> Example thinking prompts:
-> 1. "How many entry points (`main` functions) are in this project? One process or many?"
-> 2. "How do processes communicate? Pipe? HTTP? Shared DB?"
-> 3. "If I only update process A's communication module, will process B break? Is there version handshake?"
-
----
-
-## Task Goal
-Identify **Runtime Boundaries** and **Communication Contracts**.
-
----
-
-## Investigation Flow
-
-### Step 1: Identify Entry Points
-Each `main` function may represent an independent process.
-
-* **Search targets**:
-  * Rust: `fn main()`, `#[tokio::main]`
-  * Python: `if __name__ == "__main__":`
-  * Node: `require.main === module`, `bin` in package.json
-  * Go: `func main()`
-* **Expert intuition**: Found multiple entry points? Immediately ask: "Do they run independently, or are they managed by one parent process?"
-
-### Step 2: Trace Spawning Chains
-If process A starts process B, that is a lineage link.
-
-* **Search targets**:
-  * Rust: `Command::new(...)`, `std::process::Stdio`, `tauri-plugin-shell`
-  * Python: `subprocess.Popen`, `multiprocessing.Process`
-  * Node: `child_process.spawn`, `child_process.fork`
-* **Expert alerts (Lifecycle Risks)**:
-  * `spawn` without parent-death handling -> **Zombie Child risk**
-  * child crash without restart strategy -> **Silent failure risk**
-
-### Step 3: Tap the Wire
-How do processes "talk"? Where is the protocol defined?
-
-* **Search channels**:
-  * `Pipe`, `NamedPipe`, `unix_stream`, `zmq`
-  * `TcpListener`, `UdpSocket`, `websocket`, `http::server`
-* **Search protocols**:
-  * `Handshake`, `Version`, `MagicBytes`, `schema`
-  * `protobuf`, `serde_json`, `JSON.parse`, `enum Message`
-
-* **Contract status rules**:
-
-  | Finding | Status | Recommendation |
-  | :--- | :---: | :--- |
-  | Channel + `enum Message` or Protobuf definition | Strong | Contract exists; relatively safe. |
-  | Channel + `Version` or `Handshake` check | Strong | Version negotiation exists; good. |
-  | Channel + only raw JSON/string | Weak | No explicit contract; one-sided changes may break peer. |
-  | Channel + no protocol definition | None | Communication black hole; high risk. |
-
----
-
-## IPC Risk Pattern Cheat Sheet (from security research)
-
-| Risk Pattern | Detection Signal | Recommendation |
-| :--- | :--- | :--- |
-| **Protocol Mismatch** | Channel exists but no Handshake/Version | Force version-handshake tasks in planning |
-| **Zombie Child** | `spawn` exists but no Kill-on-Drop/heartbeat | Flag process lifecycle management risk |
-| **SPOF** | One process controls all IPC, no fault tolerance | Add reconnect/restart logic |
-| **Named Pipe permission flaw (Windows)** | Named Pipe used without explicit Security Descriptor | High severity: default may allow Everyone access |
-| **Race Condition** | Rapid multi-process interactions without ordering control | Add message sequence IDs or locking |
-
----
-
-## Output Checklist
-
-1. **Process Roots**: Entry points found (file path, role).
-2. **Spawning Chains**: Process creation relationships (A spawns B).
-3. **IPC Surfaces**: Communication channels found (type, keywords, locations).
-4. **Contract Status**: `[Strong / Weak / None]` with justification.
-5. **Lifecycle Risks**: Risks such as zombie processes and silent crashes.
-6. **Security Flags (Windows)**: For Named Pipes, whether ACL is configured.
+---
+name: runtime-inspector
+description: Load when `/probe` needs to identify runtime entrypoints, process boundaries, spawn chains, IPC channels, protocol strength, and lifecycle risks. Observes and reports only; does not modify code.
+---
+
+# Runtime Inspector (ALPHA)
+
+<phase_context>
+You are **RUNTIME INSPECTOR**.
+
+**Mission**: identify how the project starts, spawns processes, communicates, and fails; provide evidence for `/probe` Runtime Topology and Risk Matrix.  
+**Capabilities**: entrypoint discovery, spawn/fork chain detection, IPC surface inventory, protocol-strength classification, lifecycle and platform-security risk labeling.  
+**Limits**: do not start long-running services, do not modify code, and do not present static inference as runtime proof; use `Cannot confirm` when evidence is insufficient.  
+**Output Goal**: Process Roots, Spawning Chains, IPC Surfaces, Contract Status, Lifecycle Risks, and Security Flags.
+</phase_context>
+
+---
+
+## CRITICAL Output Contract
+
+> [!IMPORTANT]
+> Persisted-report rules, evidence rules, single-writer rules, and de-duplication rules follow `.agents/skills/output-contract/SKILL.md`. This skill returns an evidence slice for `/probe`.
+>
+> - Strong conclusions require a path, keyword, or command-output anchor.
+> - Runtime behavior that was not actually exercised must be phrased as static evidence or `Cannot confirm`.
+> - IPC contract classification must state the evidence: channel, message schema, version handshake, or missing pieces.
+> - Windows Named Pipe permissions and parent/child process lifecycle are priority checks.
+
+---
+
+## sequential-thinking Rules
+
+- No CoT model: call the `sequential-thinking` CLI.
+- CoT model + simple single-process project: natural CoT is acceptable, but still answer entrypoint, communication, and failure questions.
+- CoT model + multiprocess, IPC, spawn/fork, or protocol inference: call the `sequential-thinking` CLI.
+
+---
+
+## Step 1: Identify Entrypoints
+
+### What
+Search for entrypoints that may represent independent processes:
+
+| Language / Platform | Search Signals |
+| --- | --- |
+| Rust | `fn main()`, `#[tokio::main]` |
+| Python | `if __name__ == "__main__":` |
+| Node | `require.main === module`, `package.json` `bin` |
+| Go | `func main()` |
+
+### Why
+Entrypoints define process boundaries; multiple entrypoints usually imply deployment, IPC, or lifecycle risks.
+
+### Acceptance
+- Output `Process Roots`: path, entrypoint type, inferred role.
+- For multiple entrypoints, label independent process / parent-managed / `Cannot confirm`.
+
+---
+
+## Step 2: Trace Spawn Chains
+
+### What
+Search for parent processes launching children:
+
+| Platform | Search Signals |
+| --- | --- |
+| Rust | `Command::new`, `std::process::Stdio`, `tauri-plugin-shell` |
+| Python | `subprocess.Popen`, `multiprocessing.Process` |
+| Node | `child_process.spawn`, `child_process.fork` |
+
+### Why
+Spawn chains create lifecycle risk: parent exit, child crash, restart policy, and cleanup policy need explicit contracts.
+
+### Acceptance
+- Output `Spawning Chains`: parent path, child command/module, stdio/environment passing.
+- Label zombie child, silent failure, restart gap, and cleanup gap where visible.
+
+---
+
+## Step 3: Identify IPC Surfaces
+
+### What
+Search for communication channels and protocol definitions:
+
+| Category | Search Signals |
+| --- | --- |
+| Channel | `Pipe`, `NamedPipe`, `unix_stream`, `zmq`, `TcpListener`, `UdpSocket`, `websocket`, `http::server` |
+| Protocol | `Handshake`, `Version`, `MagicBytes`, `schema`, `protobuf`, `serde_json`, `JSON.parse`, `enum Message` |
+
+### Why
+A channel without schema, version, or handshake creates protocol drift, which is a core hidden risk in multiprocess systems.
+
+### Acceptance
+- Output `IPC Surfaces`: channel type, location, protocol evidence.
+- Every IPC surface has `Contract Status`.
+
+---
+
+## Contract Status
+
+| Status | Rule |
+| --- | --- |
+| Strong | channel + explicit message schema / enum / protobuf, or a version handshake |
+| Weak | channel + raw JSON/string, but no centralized schema or version |
+| None | channel exists, but no protocol definition is found |
+| Cannot confirm | static evidence is insufficient |
+
+---
+
+## Risk Patterns
+
+| Risk | Detection Signal | Recommendation |
+| --- | --- | --- |
+| Protocol Mismatch | channel exists without schema/version/handshake | add protocol schema or version handshake task |
+| Zombie Child | spawn exists without exit cleanup or heartbeat | add kill-on-exit, heartbeat, or cleanup contract |
+| Silent Failure | child failure has no error propagation or restart policy | add error propagation, retry, or supervisor strategy |
+| Named Pipe Permission Risk | Windows Named Pipe lacks explicit ACL | add permission-boundary design and verification |
+| Race Condition | multiprocess messages lack ordering, locks, or idempotency | add sequence numbers, locks, or idempotency contract |
+
+---
+
+## Required Output
+
+```markdown
+## Runtime Inspector Findings
+
+### Process Roots
+| Path | Entrypoint | Role | Confidence |
+
+### Spawning Chains
+| Parent | Child | Channel / stdio | Lifecycle Risk |
+
+### IPC Surfaces
+| Path | Channel | Protocol Evidence | Contract Status |
+
+### Lifecycle Risks
+| Risk | Evidence | Impact | Suggested follow-up |
+
+### Security Flags
+| Flag | Evidence | Severity | Suggested follow-up |
+```
+
+---
+
+<completion_criteria>
+- Process Roots, Spawning Chains, IPC Surfaces, Contract Status, and Lifecycle Risks are present or explicitly `N/A + reason`.
+- Strong/Weak/None/Cannot confirm classifications include evidence.
+- Static inference is not presented as runtime proof.
+- Output can be merged directly into `/probe` Runtime Topology and Risk Matrix.
+</completion_criteria>

package/templates_en/.agents/skills/spec-writer/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: spec-writer
-description: "[ALPHA] genesis Step 2: turn fuzzy or high-level needs into strict product requirement documents (PRDs); includes craft scaffolding, PRD spec contract, optional sub-agent shard orchestration, and Step completion signals. Use when requirements are vague, scope is too large, or expression stays conceptual."
+description: "genesis Step 2: turn fuzzy or high-level needs into strict product requirement documents (PRDs); includes craft scaffolding, PRD spec contract, optional sub-agent shard orchestration, and Step completion signals. Use when requirements are vague, scope is too large, or expression stays conceptual."
 ---
 
 # Requirements Detective Handbook
@@ -9,9 +9,9 @@ description: "[ALPHA] genesis Step 2: turn fuzzy or high-level needs into strict
 
 Your job is to **eliminate ambiguity**.
 
-## [ALPHA] genesis Step 2 (scope and handoff)
+## genesis Step 2 (scope and handoff)
 
-Compared with `templates/.agents/skills/spec-writer`, this template adds **[ALPHA]**-side **craft scaffolding**, **spec contract** (on-disk semantics), **sub-agent orchestration**, and **completion**. The normative force of **Execution checklist / Methodology / 10-dimension ambiguity scan / User Story quality gate** sections is **unchanged**—rules such as Socratic probing, **one question at a time**, the hard cap on `[NEEDS CLARIFICATION]`, Non-Goals, and the User Story gate **apply verbatim**.
+Compared with `templates/.agents/skills/spec-writer`, this template adds **craft scaffolding**, **spec contract** (on-disk semantics), **sub-agent orchestration**, and **completion**. The normative force of **Execution checklist / Methodology / 10-dimension ambiguity scan / User Story quality gate** sections is **unchanged**—rules such as Socratic probing, **one question at a time**, the hard cap on `[NEEDS CLARIFICATION]`, Non-Goals, and the User Story gate **apply verbatim**.
 
 ### Craft scaffolding (artifact skeleton)