@jaguilar87/gaia 5.0.0-rc1

package/skills/gmail-policy/reference.md

@@ -0,0 +1,150 @@
+# Gmail Policy -- Technical Reference
+
+Patterns learned from live sessions. Load this file when constructing drafts, encoding messages, or debugging `gws` command failures.
+
+## Draft Creation: Correct Schema
+
+Three failed attempts taught this: `gws gmail users drafts create` has a specific parameter split that looks wrong but is correct.
+
+```bash
+gws gmail users drafts create \
+  --params '{"userId":"me"}' \
+  --json '{"message":{"threadId":"<THREAD_ID>","raw":"<BASE64URL>"}}'
+```
+
+- `--params` carries only `userId` (query parameter, not body)
+- `--json` carries the request body with `message` as the top-level key -- no `resource` wrapper
+- `raw` is the full RFC 2822 message encoded as **base64url** (not standard base64)
+- `threadId` is optional but required to link the draft into an existing thread
+
+Wrong patterns that look right but fail:
+- `--params '{"userId":"me","message":{...}}'` -- message does not belong in params
+- `--json '{"resource":{"message":{...}}}'` -- no resource wrapper in this API
+- Standard base64 in raw -- Gmail rejects it; must be base64url
+
+## Base64url Encoding Pipeline (Shell Only)
+
+Avoids a Python T3 approval for a simple transform:
+
+```bash
+RAW=$(base64 -w 0 /tmp/reply.eml | tr '+/' '-_' | tr -d '=')
+```
+
+- `base64 -w 0` disables line wrapping (required -- Gmail rejects newlines mid-string)
+- `tr '+/' '-_'` converts standard base64 alphabet to URL-safe alphabet
+- `tr -d '='` strips padding (Gmail requires no padding)
+
+The result goes directly into the `raw` field of `--json`.
+
+If writing the `.eml` first via the Write tool, then encode with the pipeline above. This is T0 (read-only transformation).
+
+## RFC 2822 Reply Construction
+
+Minimum headers for a threading-aware reply:
+
+```
+From: Nombre Apellido <email@example.com>
+To: recipient@example.com
+Subject: Re: Asunto Original
+In-Reply-To: <message-id-of-the-message-being-replied-to@mail.gmail.com>
+References: <message-id-1@...> <message-id-2@...>
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Cuerpo del mensaje.
+```
+
+For Spanish content with accents and UTF-8: `Content-Transfer-Encoding: 8bit` works correctly. Do not use quoted-printable for Spanish -- it creates unnecessary encoding noise.
+
+`In-Reply-To` and `References` must use the raw `Message-ID` value from `gws gmail users messages get` -- it looks like `<some-long-hex@mail.gmail.com>` including the angle brackets.
+
+### HTML Reply Template with Gmail Quote Collapse
+
+For replies where visual quality matters (external recipients, business correspondence):
+
+```
+From: {{SENDER_NAME}} <{{SENDER_EMAIL}}>
+To: {{RECIPIENT_EMAIL}}
+Subject: Re: {{ORIGINAL_SUBJECT}}
+In-Reply-To: <{{ORIGINAL_MESSAGE_ID}}>
+References: <{{ORIGINAL_MESSAGE_ID}}>
+MIME-Version: 1.0
+Content-Type: multipart/alternative; boundary="----=_Part_boundary_001"
+
+------=_Part_boundary_001
+Content-Type: text/plain; charset=UTF-8
+
+{{PLAINTEXT_BODY}}
+
+-- 
+{{SENDER_NAME}}
+
+> {{QUOTED_ORIGINAL_TEXT_SINGLE_LINE_SUMMARY}}
+
+------=_Part_boundary_001
+Content-Type: text/html; charset=UTF-8
+
+<html>
+<body>
+<p>{{HTML_BODY_PARAGRAPH_1}}</p>
+<p>{{HTML_BODY_PARAGRAPH_2}}</p>
+<br>
+-- <br>
+{{SENDER_NAME}}<br>
+<br>
+<div class="gmail_quote">
+  <div dir="ltr">On {{ORIGINAL_DATE}}, {{ORIGINAL_SENDER}} wrote:</div>
+  <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
+    {{QUOTED_ORIGINAL_HTML}}
+  </blockquote>
+</div>
+</body>
+</html>
+
+------=_Part_boundary_001--
+```
+
+Key points:
+- The `<div class="gmail_quote"><blockquote class="gmail_quote" style="...">` wrapper is what Gmail collapses into the "..." toggle. Without it, quoted text renders as a wall of plain text.
+- Signature separator: `-- \n` (dash-dash-space-newline per RFC 3676). In HTML: `-- <br>`.
+- The boundary string must match exactly between the `Content-Type` header and the body part delimiters (including the `------` prefix with 6 hyphens).
+
+## Multi-Source Data Lookup: Real Examples
+
+These examples are from an actual Assetplan session (2026-04-17). They show how connecting threads avoids asking the user for data they have already shared elsewhere.
+
+| Data needed | Where it was found |
+|-------------|-------------------|
+| RUT | Thread from Colmena (health insurance) -- appeared in a form confirmation |
+| Property address (depto arrendado) | Thread from Samuel Aranda (previous property manager) |
+| Contrato de arrendamiento | Thread from Condominio Evolución -- PDF attachment |
+| m² and property details | PDF notarial (Tasación) attached to mortgage thread |
+| DOB and civil status | PDF notarial (Compraventa / Hipoteca) |
+
+Search pattern: before asking the user for any datum, run a targeted `gws gmail +search` for the topic. Examples:
+- RUT: `gws gmail +search "RUT OR cédula OR 12.345"` (use known name patterns)
+- Address: `gws gmail +search "{{street name}} OR {{condo name}}"`
+- Contract: `gws gmail +search "contrato arrendamiento"`
+
+If found, cite the source to the user ("Tu dirección la saqué del correo de Samuel Aranda de marzo 2025.").
+
+## Draft Verification
+
+After `gws gmail users drafts create`, always verify:
+
+```bash
+gws gmail users drafts list --params '{"userId":"me"}'
+```
+
+Report to the user: draft ID, threadId (if linked), and snippet. This closes the loop and confirms the API call succeeded. Do not just assume the create worked.
+
+## PII Cleanup Protocol
+
+After a draft is created from a `.eml` file containing sensitive data:
+
+1. Delete the `.eml`: `rm /tmp/reply.eml` (T3 -- file mutation, but within PII hygiene flow)
+2. Verify deletion with Glob: `Glob /tmp/*.eml`
+3. Report: "Archivo temporal eliminado."
+
+Sensitive data includes: RUT, número de cuenta bancaria, teléfono, DOB, dirección física, números de contrato, número de pasaporte.

package/skills/gmail-triage/SKILL.md

@@ -0,0 +1,100 @@
+---
+name: gmail-triage
+description: Use when the user wants to clean up, organize, or triage their Gmail inbox interactively
+metadata:
+  user-invocable: false
+  type: technique
+---
+
+# Gmail Triage
+
+Interactive GTD-inspired state machine for Gmail. Gaia analyzes threads, proposes transitions. User decides. Gaia executes. The `gmail-policy` skill governs allowed operations and label definitions.
+
+## State Labels
+
+Four active states (defined in `gmail-policy`):
+- `_gaia/action` — user must act
+- `_gaia/waiting` — user acted, awaiting reply
+- `_gaia/someday` — interesting, no urgency
+- `_gaia/pending` — staging (triage backlog)
+- `_gaia/trash` — soft delete; never truly deleted
+
+No `_gaia/*` label = processed/done.
+
+## Thread-Awareness Rule
+
+Before presenting ANY labeled email, check the thread: message count, who sent last, when. This determines framing:
+- "necesitas responder" (user is last)
+- "esperando desde [date]" (user replied, waiting on them)
+- "sin actividad hace 2 semanas — ¿hacer seguimiento?" (stale waiting)
+
+## Automatic Transitions (no confirmation needed)
+
+- User replies to an `action` thread → move to `waiting`
+- New message arrives in a `waiting` thread → move to `action`
+
+## Transitions Requiring Confirmation
+
+- Anything → `trash` or `someday`
+- Clearing any label (marking done)
+- `someday` → `action`
+
+## Modes
+
+**Modes 1–5 open with a state summary before their specific work:**
+"Antes de empezar: N en action, N en waiting, N en someday." Flag `action` items stale >3 days.
+
+### 0. Check ("chequea mi mail" / "¿algo nuevo?")
+
+1. **Review `_gaia/action`** — present each item with thread framing. Did user already reply? Auto-propose → `waiting`.
+2. **Review `_gaia/waiting`** — did the other party respond? Auto-propose → `action`. Stale >1 week → flag.
+3. **Review `_gaia/someday`** — count only: "tienes 5 en someday." Detail only if asked.
+4. **Scan inbox for new signal** — Financial (large amounts, bills, due dates), personal/important (housing, legal, health), expected reply arrived → propose `action`. Interesting, no urgency → propose `someday`.
+5. **Summarize** — overall inbox state in 2-3 sentences.
+
+### 1. Full Triage ("organicemos el correo")
+
+Scan inbox, group by sender/category, report counts. Present top groups. User decides per group → trash/action/someday/content-label. Report progress: "Procesamos 500 de 2000. ¿Seguimos?"
+
+### 2. Quick Cleanup ("limpiemos algo rápido")
+
+Pick easiest batch (highest volume, most repetitive). "340 promos de retail. ¿Las mando a trash?" One confirmation = hundreds processed. Target: under 2 minutes.
+
+### 3. Post-Vacation ("acumulé mucho")
+
+Move unprocessed to `_gaia/pending`. Report: "847 correos: 600 promos, 120 banco, 80 LinkedIn, 47 otros." Work categories in follow-up modes.
+
+### 4. Review ("¿qué tengo pendiente?")
+
+Dedicated state review — all three active labels:
+- `_gaia/action` — stale >3 days? move to waiting/someday/done?
+- `_gaia/waiting` — any responses arrived? stale >1 week?
+- `_gaia/someday` — weekly review: promote to action? trash any?
+
+### 5. Promo Analysis ("analiza las promos")
+
+Group by sender, identify patterns. Flag genuinely interesting vs noise. Recommend bulk trash for repetitive senders.
+
+## Presentation Format
+
+Group by sender/topic. Show count + sample subject. Flag unusual items ("movimiento de $50K en Bci"). Propose action per group. Max 5-7 groups per interaction.
+
+## Batch Rules
+
+- Max 500 emails per API call. Always confirm before moving: state count and destination.
+- After each batch: "Moví X a trash, Y a action. Z restantes."
+- On "todo trash": double-check — "¿Seguro? Son N correos de [sender]."
+
+## Anti-Patterns
+
+- Listing individual emails when hundreds exist — group first, detail on request.
+- Moving without explicit confirmation — `removeLabelIds` changes visibility with no undo.
+- Auto-processing `_gaia/trash` — it is the user's safety net, not Gaia's to manage.
+- Assuming promos are trash — some are genuinely interesting. Always ask.
+- Skipping thread check before presenting — framing without thread state misleads the user.
+- More than 5-7 groups per round — decision fatigue kills triage momentum.
+
+## Related Skills
+
+- `gmail-policy` — security rules, label definitions, operation tiers
+- `gws-setup` — CLI installation and authentication

package/skills/gws-setup/SKILL.md

@@ -0,0 +1,99 @@
+---
+name: gws-setup
+description: Use when installing or configuring the Google Workspace CLI (gws) for a Google account
+metadata:
+  user-invocable: false
+  type: technique
+---
+
+# GWS Setup
+
+The gws CLI looks straightforward but breaks in subtle ways -- Google's OAuth flow has undocumented constraints that differ between personal and organizational accounts, and the gws tool itself has open bugs around scopes and multi-account. This procedure captures the working path and the traps discovered through real setup sessions, so you avoid the silent failures that waste hours.
+
+**Prerequisites:** gcloud CLI installed, browser access for OAuth, interactive terminal for auth steps.
+
+## Procedure
+
+### 1. Install gws binary
+
+- Download latest Linux x86_64 from https://github.com/googleworkspace/cli/releases
+- Place in `~/.local/bin/`, `chmod +x`
+- Verify: `gws --version`
+
+### 2. Add Google account to gcloud
+
+- `gcloud auth login <email> --no-launch-browser` (interactive terminal required)
+- This adds alongside existing accounts -- does NOT replace them
+- After login, restore work account: `gcloud config set account <work-account>`
+
+### 3. Create or select GCP project
+
+- Check existing: `gcloud projects list --account=<email>`
+- Create new: `gcloud projects create gaia-<name> --name="Gaia <Name>" --account=<email>`
+- Naming: `gaia-<identifier>-personal` or `gaia-<identifier>-work`
+
+### 4. gws auth setup
+
+- `gws auth setup --project <project-id>`
+- TRAP: When selecting scopes, DO NOT use presets ("Recommended" or "Read Only") -- they include organizational scopes that break for @gmail.com accounts
+
+### 5. Scope selection (CRITICAL)
+
+For safe scopes and blocked scopes by account type, read `reference.md` in this directory.
+
+Known bug: gws issue #119 -- `gws auth login` unusable with personal @gmail.com when organizational scopes are included. Google returns `400: invalid_scope`.
+
+### 6. OAuth consent screen (manual in browser)
+
+- URL: `https://console.cloud.google.com/apis/credentials/consent?project=<project-id>`
+- User Type: External | App name: gws CLI | Support email: the account email
+- TRAP: Add the account as a Test User BEFORE attempting login
+  - Test Users section -> Add Users -> enter the email
+  - Without this, Google returns `403: access_denied` ("app not verified")
+
+### 7. OAuth client (manual in browser)
+
+- URL: `https://console.cloud.google.com/apis/credentials?project=<project-id>`
+- TRAP: Application type must be **Desktop app** (NOT "Web application")
+  - Web application type causes `401: invalid_client`
+- Download `client_secret_*.json` -> save to `~/.config/gws/client_secret.json`
+
+### 8. gws auth login
+
+- `gws auth login` -- opens browser for OAuth consent (interactive terminal required)
+- If Google shows "app not verified" warning -> click "Advanced" -> "Go to gws-cli (unsafe)" -- safe for personal use
+
+### 9. Verification
+
+- `gws auth status` -- confirm token valid
+- `gws gmail users messages list --params '{"userId":"me","maxResults":5}'` -- test Gmail
+- `gws gmail users labels list --params '{"userId":"me"}'` -- test labels
+
+### 10. Restore gcloud
+
+- `gcloud config set account <original-work-account>`
+- Verify: `gcloud config get account`
+
+## Multi-account (future)
+
+gws supports multi-account via `gws auth login --account <email>`, `gws auth list`, `gws auth default <email>`, `gws --account <email> <command>`.
+
+Known bug: issue #181 -- `--account` flag doesn't work correctly yet.
+
+## Anti-Patterns
+
+- Using scope presets for personal @gmail.com -- causes `400: invalid_scope`
+- Skipping Test User in OAuth consent screen -- causes `403: access_denied`
+- Choosing "Web application" as OAuth client type -- causes `401: invalid_client`
+- Forgetting to restore `gcloud config set account` after setup
+- Including `admin.*`, `cloud-identity.*`, or `directory.*` scopes for personal accounts
+
+## Related Skills
+
+- `gmail-policy` -- operational Gmail security (tiers, labels, no-delete rule)
+
+## References
+
+- https://github.com/googleworkspace/cli
+- https://github.com/googleworkspace/cli/issues/119 (personal account scope bug)
+- https://github.com/googleworkspace/cli/issues/181 (multi-account bug)

package/skills/gws-setup/reference.md

@@ -0,0 +1,73 @@
+# GWS Setup Reference
+
+Heavy reference material for the `gws-setup` skill. Read on-demand during scope selection and command authoring.
+
+## Safe Scopes (personal @gmail.com)
+
+| Scope | Purpose |
+|-------|---------|
+| `gmail.modify` | Read, send, label messages (no delete) |
+| `gmail.readonly` | Read-only Gmail access |
+| `gmail.labels` | Manage labels |
+| `drive.readonly` | Read-only Drive access |
+| `drive.metadata.readonly` | Read Drive file metadata |
+| `drive.file` | Access files created by the app |
+| `calendar.readonly` | Read-only Calendar access |
+| `calendar.events.readonly` | Read calendar events |
+| `contacts.readonly` | Read-only Contacts access |
+| `tasks` | Manage Tasks |
+| `userinfo.email` | Read email address |
+| `userinfo.profile` | Read basic profile |
+| `cloud-platform` | GCP platform access -- granted and working |
+
+## Blocked Scopes (organizational / enterprise only)
+
+NEVER select these for personal @gmail.com accounts:
+
+| Scope | Reason |
+|-------|--------|
+| `admin.*` | Google Workspace admin only |
+| `cloud-identity.*` | Organizational accounts only |
+| `classroom.*` | Google Classroom (educational) |
+| `ediscovery.*` | Enterprise Vault only |
+| `directory.*` | Organizational directory only |
+
+Including any of these causes `400: invalid_scope` for personal accounts (gws issue #119).
+
+## Command Syntax
+
+All gws gmail commands require the `userId` parameter:
+
+```bash
+# List messages
+gws gmail users messages list --params '{"userId":"me","maxResults":N}'
+
+# List labels
+gws gmail users labels list --params '{"userId":"me"}'
+
+# Create label
+gws gmail users labels create --params '{"userId":"me"}' --json '{"name":"label-name"}'
+
+# Get message
+gws gmail users messages get --params '{"userId":"me","id":"<message-id>"}'
+
+# Modify message labels
+gws gmail users messages modify --params '{"userId":"me","id":"<message-id>"}' --json '{"addLabelIds":["LABEL_ID"]}'
+```
+
+## Credential Paths
+
+| File | Path | Notes |
+|------|------|-------|
+| Client secret | `~/.config/gws/client_secret.json` | Downloaded from GCP console |
+| Encrypted credentials | `~/.config/gws/credentials.enc` | Created by `gws auth login` |
+| Encryption | AES-256-GCM | Key stored in OS keyring |
+
+## Error Quick Reference
+
+| Error | Cause | Fix |
+|-------|-------|-----|
+| `400: invalid_scope` | Organizational scope on personal account | Remove blocked scopes, re-run `gws auth setup` |
+| `403: access_denied` | Missing Test User in OAuth consent | Add email to Test Users in GCP console |
+| `401: invalid_client` | Wrong OAuth client type | Recreate as "Desktop app", not "Web application" |
+| `403: app not verified` | Normal for dev apps | Click "Advanced" -> "Go to gws-cli (unsafe)" |

package/skills/investigation/SKILL.md

@@ -0,0 +1,100 @@
+---
+name: investigation
+description: Use when starting an investigation, analyzing existing code or infrastructure, or building findings before proposing changes
+metadata:
+  user-invocable: false
+  type: technique
+---
+
+# Investigation
+
+Every codebase is a record of accumulated decisions. Investigation
+is not a prerequisite you rush through — it is the most important part.
+The first 2-3 files you read define whether your solution fits or
+fights the project.
+
+## Phase 1: Start From Injected Context
+
+Before your first tool call, extract anchors from your injected
+Project Context: paths, service names, resource IDs. These are
+your starting point — go directly to them.
+
+Define what you need to know that the context does NOT answer.
+Those are your unknowns.
+
+## Phase 2: Explore Known Paths
+
+For each path or name from context:
+- Read the file or directory directly — no Glob needed
+- Read 2-3 similar existing resources to understand conventions
+- Extract: naming patterns, directory structure, dependencies
+
+If context includes an `investigation_brief`, use it to prioritize
+your surface, adjacent surfaces, and required checks.
+
+## Phase 3: Discover Unknowns
+
+Search only for things NOT covered by context. Use Glob and Grep.
+
+After initial evidence, check adjacency:
+- **Neighbors:** Files next to your target often explain constraints
+- **References:** What references this resource? What does it reference?
+- **Breadth:** Find 2-3 instances of the same pattern. One example is
+  anecdote; three are convention.
+
+Stop when new files confirm what you already know.
+
+## Phase 4: Live State
+
+Only if drift is suspected or the task needs runtime data. Use `fast-queries` triage first.
+
+## Phase 5: Pattern Hierarchy
+
+Apply in order — do not skip levels:
+
+1. **Codebase first** — Find 2-3 existing resources of the same type.
+   If found, follow them. Consistency beats preference.
+   This applies to every resource your plan touches — including
+   prerequisites and dependencies, not just your primary deliverable.
+2. **Domain skill** — If no codebase pattern, use your domain skill
+   (terraform-patterns, gitops-patterns, etc.)
+3. **Training knowledge** — Last resort. Mark explicitly:
+   *"No existing pattern found — applying best practices."*
+
+When following patterns: **COPY** names/paths exactly.
+When a pattern is problematic: **ALERT** as DEVIATION, propose alternative.
+
+## Phase 6: Validate Before Proposing
+
+Before proposing, test your plan against what you found: for each
+action that creates, modifies, or deletes a resource, did your
+investigation reveal how the project manages that resource type?
+If so, your action must use the same mechanism. If a prerequisite
+falls outside your scope, report it as a dependency rather than
+solving it yourself.
+
+- Does code agree with project-context? If not → investigate drift
+- Uncertain about correctness? → one more read-only validation
+- Multiple valid approaches? → list options, set status `NEEDS_INPUT`
+
+Separate what is **confirmed** (seen in code, validated) from what
+is **assumed** (inferred). Never propose on assumptions.
+
+## Anti-Patterns
+
+- **Searching before reading context.** Your injected context already has
+  paths and names. Searching for what you have wastes tool calls.
+- **Planning before resolving unknowns.** A plan built on assumptions
+  collapses when reality disagrees. Find contradictions early.
+- **Treating training knowledge as codebase convention.** The codebase
+  says "we do Y" -- consistency within the project matters more than
+  abstract best practice from your training.
+- **Skipping investigation because the prompt is specific.** The orchestrator
+  does not see the codebase. When instructions contradict code, code wins.
+- **Creating files before reading existing examples.** Without seeing how
+  the project structures similar resources, your output looks foreign.
+- **Solving prerequisites by the fastest path instead of the project's
+  path.** When your task needs a resource that doesn't exist yet, the
+  temptation is to create it with whatever tool is quickest. But if
+  investigation showed the project manages that resource type through a
+  specific mechanism, bypassing it creates drift. Report the dependency.

package/skills/memory-curation/SKILL.md

@@ -0,0 +1,83 @@
+---
+name: memory-curation
+description: Use when reorganizing, deduplicating, or pruning accumulated memory files and the MEMORY.md index
+metadata:
+  user-invocable: false
+  type: reference
+---
+
+# Memory Curation
+
+Organize and maintain memory files that Claude Code saves natively. This skill does not cover creating or searching memory -- only curating what already exists.
+
+## Memory Structure
+
+Memory lives at `~/.claude/projects/{project-slug}/memory/`.
+
+| Component | Purpose |
+|-----------|---------|
+| `MEMORY.md` | Index file -- table of all memory files with descriptions |
+| `{type}_{topic}.md` | Individual memory files, one per topic |
+
+## File Format
+
+Every memory file has YAML frontmatter and markdown body:
+
+```yaml
+---
+name: project_gaia_v5
+description: Gaia v5 architecture decisions
+type: project
+---
+```
+
+| Type | Purpose | Example |
+|------|---------|---------|
+| `project` | Repo/system knowledge | `project_gaia_v5.md` |
+| `user` | Personal preferences | `user_blog_articles.md` |
+| `feedback` | Corrections/learnings | `feedback_terraform_style.md` |
+
+## Curation Operations
+
+### Index Integrity
+
+MEMORY.md must reflect actual files. To reconcile:
+
+1. Scan the memory directory for all `.md` files (excluding MEMORY.md itself)
+2. Compare against the index table rows
+3. Add missing files to the index; remove rows for deleted files
+4. Update descriptions that no longer match the file's actual content
+
+### Deduplication
+
+1. Read all memory files and identify overlapping topics
+2. Merge content into the file with the broader scope
+3. Delete the narrower file
+4. Update the index
+
+### Pruning Stale Entries
+
+1. Identify entries that reference outdated projects, deprecated tools, or resolved decisions
+2. Remove or archive the stale content
+3. Update the index
+
+### Merging Overlapping Topics
+
+1. When two files cover adjacent concerns, merge into one with a clear scope
+2. Choose the name that best represents the combined topic
+3. Update frontmatter description to reflect the merged scope
+4. Delete the redundant file and update the index
+
+### Splitting Overgrown Files
+
+When a file exceeds ~100 lines, split into focused subtopics. Create one file per subtopic, update the index for each.
+
+## Rules
+
+| Rule | Reason |
+|------|--------|
+| Always update index and files together | Prevents drift between MEMORY.md and actual files |
+| One topic per file | Split if a file outgrows its scope |
+| Frontmatter required | Every file needs name, description, type in YAML frontmatter |
+| Conciseness | Memory files are scannable references -- tables, bullets, short sections |
+| Confirm before deleting | Report what will be pruned/merged and get user confirmation |