@jaimevalasek/aioson 1.30.2 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (158) hide show
  1. package/CHANGELOG.md +75 -0
  2. package/README.md +19 -6
  3. package/docs/en/1-understand/ecosystem-map.md +45 -29
  4. package/docs/en/1-understand/glossary.md +5 -5
  5. package/docs/en/1-understand/what-is-aioson.md +5 -5
  6. package/docs/en/2-start/existing-project.md +7 -7
  7. package/docs/en/2-start/first-project.md +32 -38
  8. package/docs/en/2-start/initial-decisions.md +18 -17
  9. package/docs/en/3-recipes/README.md +2 -2
  10. package/docs/en/3-recipes/continuity-between-sessions.md +2 -2
  11. package/docs/en/3-recipes/from-idea-to-prd-via-briefing.md +5 -2
  12. package/docs/en/3-recipes/full-feature-with-sheldon.md +327 -338
  13. package/docs/en/4-agents/README.md +28 -14
  14. package/docs/en/4-agents/discovery-design-doc.md +20 -8
  15. package/docs/en/4-agents/forge-run.md +3 -2
  16. package/docs/en/5-reference/cli-reference.md +51 -48
  17. package/docs/en/5-reference/executable-verification.md +10 -7
  18. package/docs/en/5-reference/parallel.md +2 -0
  19. package/docs/en/5-reference/qa-browser.md +2 -2
  20. package/docs/en/README.md +3 -3
  21. package/docs/pt/1-entender/glossario.md +4 -4
  22. package/docs/pt/1-entender/mapa-do-ecossistema.md +32 -21
  23. package/docs/pt/2-comecar/decisoes-iniciais.md +16 -16
  24. package/docs/pt/2-comecar/primeiro-projeto.md +1 -1
  25. package/docs/pt/3-receitas/README.md +1 -1
  26. package/docs/pt/3-receitas/app-saas-do-zero.md +35 -122
  27. package/docs/pt/3-receitas/feature-completa-com-sheldon.md +289 -338
  28. package/docs/pt/4-agentes/analyst.md +9 -5
  29. package/docs/pt/4-agentes/architect.md +9 -5
  30. package/docs/pt/4-agentes/dev.md +19 -7
  31. package/docs/pt/4-agentes/discovery-design-doc.md +25 -23
  32. package/docs/pt/4-agentes/orchestrator.md +164 -118
  33. package/docs/pt/4-agentes/pentester.md +5 -5
  34. package/docs/pt/4-agentes/pm.md +15 -7
  35. package/docs/pt/4-agentes/sheldon.md +166 -99
  36. package/docs/pt/4-agentes/ux-ui.md +7 -4
  37. package/docs/pt/5-referencia/agent-chain-continuity.md +14 -5
  38. package/docs/pt/5-referencia/comandos-cli.md +1 -1
  39. package/docs/pt/5-referencia/harness-retro.md +2 -1
  40. package/docs/pt/5-referencia/sdd-automation-scripts.md +6 -6
  41. package/docs/pt/5-referencia/sdd-framework.md +53 -16
  42. package/docs/pt/5-referencia/sdd-planos-e-estrutura.md +27 -15
  43. package/docs/pt/README.md +4 -4
  44. package/docs/pt/agentes.md +48 -50
  45. package/package.json +2 -2
  46. package/src/artifact-kinds.js +110 -0
  47. package/src/cli.js +82 -42
  48. package/src/commands/agent-epilogue.js +251 -186
  49. package/src/commands/agents.js +104 -48
  50. package/src/commands/audit-code.js +344 -0
  51. package/src/commands/classify.js +75 -13
  52. package/src/commands/feature-close.js +43 -18
  53. package/src/commands/harness-check.js +259 -175
  54. package/src/commands/harness-retro-promote.js +387 -0
  55. package/src/commands/live.js +24 -0
  56. package/src/commands/prototype-check.js +163 -0
  57. package/src/commands/review-feature.js +189 -0
  58. package/src/commands/runtime.js +81 -66
  59. package/src/commands/sync-agents-copy.js +115 -0
  60. package/src/commands/verification-plan.js +116 -0
  61. package/src/commands/verify-artifact.js +530 -0
  62. package/src/commands/verify-implementation.js +428 -0
  63. package/src/commands/workflow-execute.js +309 -309
  64. package/src/commands/workflow-next.js +361 -19
  65. package/src/commands/workflow-plan.js +5 -5
  66. package/src/constants.js +4 -0
  67. package/src/gateway-pointer-merge.js +7 -1
  68. package/src/handoff-contract.js +267 -172
  69. package/src/harness/contract-integrity-gate.js +172 -0
  70. package/src/harness/contract-integrity.js +111 -0
  71. package/src/harness/contract-schema.js +377 -332
  72. package/src/harness/detect-runtime-feature.js +90 -0
  73. package/src/harness/static-criteria.js +192 -0
  74. package/src/i18n/messages/en.js +8 -4
  75. package/src/i18n/messages/es.js +8 -4
  76. package/src/i18n/messages/fr.js +8 -4
  77. package/src/i18n/messages/pt-BR.js +8 -4
  78. package/src/install-wizard.js +8 -8
  79. package/src/installer.js +13 -6
  80. package/src/lib/retro/retro-render.js +10 -1
  81. package/src/lib/retro/retro-sources.js +45 -27
  82. package/src/lib/retro/verification-reports.js +230 -0
  83. package/src/parser.js +6 -0
  84. package/src/preflight-engine.js +12 -12
  85. package/src/runtime-store.js +13 -9
  86. package/src/verification/evidence-bundle.js +251 -0
  87. package/src/verification/ledger-store.js +221 -0
  88. package/src/verification/path-policy.js +74 -0
  89. package/src/verification/policy-engine.js +95 -0
  90. package/src/verification/prompt-package.js +314 -0
  91. package/src/verification/redaction.js +77 -0
  92. package/src/verification/report-parser.js +132 -0
  93. package/src/verification/report-store.js +97 -0
  94. package/src/verification/result.js +16 -0
  95. package/src/verification/runners/index.js +319 -0
  96. package/src/verification/runtime-telemetry.js +144 -0
  97. package/src/verification/schema.js +276 -0
  98. package/src/verification/source-discovery.js +153 -0
  99. package/src/verification-policy.js +398 -0
  100. package/src/version.js +52 -1
  101. package/template/.aioson/agents/analyst.md +9 -6
  102. package/template/.aioson/agents/architect.md +34 -5
  103. package/template/.aioson/agents/briefing-refiner.md +25 -0
  104. package/template/.aioson/agents/briefing.md +69 -12
  105. package/template/.aioson/agents/committer.md +2 -1
  106. package/template/.aioson/agents/copywriter.md +30 -21
  107. package/template/.aioson/agents/design-hybrid-forge.md +28 -15
  108. package/template/.aioson/agents/dev.md +28 -10
  109. package/template/.aioson/agents/deyvin.md +3 -2
  110. package/template/.aioson/agents/discover.md +12 -3
  111. package/template/.aioson/agents/discovery-design-doc.md +7 -2
  112. package/template/.aioson/agents/genome.md +19 -10
  113. package/template/.aioson/agents/neo.md +30 -30
  114. package/template/.aioson/agents/orache.md +20 -11
  115. package/template/.aioson/agents/orchestrator.md +84 -7
  116. package/template/.aioson/agents/pm.md +8 -8
  117. package/template/.aioson/agents/product.md +15 -11
  118. package/template/.aioson/agents/profiler-enricher.md +20 -11
  119. package/template/.aioson/agents/profiler-forge.md +20 -11
  120. package/template/.aioson/agents/profiler-researcher.md +20 -11
  121. package/template/.aioson/agents/qa.md +87 -17
  122. package/template/.aioson/agents/scope-check.md +19 -5
  123. package/template/.aioson/agents/setup.md +12 -1
  124. package/template/.aioson/agents/sheldon.md +92 -9
  125. package/template/.aioson/agents/site-forge.md +11 -2
  126. package/template/.aioson/agents/squad.md +20 -5
  127. package/template/.aioson/agents/ux-ui.md +4 -2
  128. package/template/.aioson/agents/validator.md +33 -1
  129. package/template/.aioson/config/verification.json +61 -0
  130. package/template/.aioson/config.md +13 -9
  131. package/template/.aioson/docs/LAYERS.md +2 -2
  132. package/template/.aioson/docs/autopilot-handoff.md +10 -10
  133. package/template/.aioson/docs/dev/execution-discipline.md +41 -0
  134. package/template/.aioson/docs/dev/phase-loop.md +47 -0
  135. package/template/.aioson/docs/feature-expansion-taxonomy.md +31 -3
  136. package/template/.aioson/docs/presets/workflow.config.full-merged.json +15 -0
  137. package/template/.aioson/docs/presets/workflow.config.lean.json +15 -0
  138. package/template/.aioson/docs/product/prd-contract.md +12 -12
  139. package/template/.aioson/docs/prototype-contract.md +98 -0
  140. package/template/.aioson/docs/reference-identity.md +94 -0
  141. package/template/.aioson/docs/sheldon/harness-contract.md +155 -28
  142. package/template/.aioson/docs/verification-config.md +82 -0
  143. package/template/.aioson/docs/verify-artifact-gates.md +91 -0
  144. package/template/.aioson/docs/workflow-lean-lane.md +129 -0
  145. package/template/.aioson/skills/design/interface-design/references/intent-and-domain.md +2 -0
  146. package/template/.aioson/skills/process/aioson-spec-driven/SKILL.md +16 -14
  147. package/template/.aioson/skills/process/aioson-spec-driven/references/approval-gates.md +2 -2
  148. package/template/.aioson/skills/process/aioson-spec-driven/references/classification-map.md +4 -4
  149. package/template/.aioson/skills/process/aioson-spec-driven/references/dev.md +15 -15
  150. package/template/.aioson/skills/process/briefing-expansion-scout/SKILL.md +25 -3
  151. package/template/.aioson/skills/process/design-hybrid-forge/SKILL.md +5 -3
  152. package/template/.aioson/skills/process/design-hybrid-forge/references/external-source-ingestion.md +89 -0
  153. package/template/.aioson/skills/process/product-scope-expansion/SKILL.md +29 -2
  154. package/template/.aioson/skills/process/prototype-forge/SKILL.md +98 -0
  155. package/template/.aioson/skills/process/reference-identity-extract/SKILL.md +164 -0
  156. package/template/.aioson/skills/process/sheldon-expansion-audit/SKILL.md +23 -2
  157. package/template/.aioson/skills/static/multi-agent-patterns.md +5 -5
  158. package/template/CLAUDE.md +15 -11
@@ -0,0 +1,94 @@
1
+ ---
2
+ description: "Reference-image-driven visual identity — how user-provided reference images become a text identity.md the interface-design engine applies, instead of every project inheriting a fixed preset's look. Covers the schema, the two scopes, the extraction skill, the verify:artifact gate, and the cross-harness/no-vision fallback."
3
+ agents: [setup, briefing-refiner, ux-ui]
4
+ task_types: [design, configuration, verification]
5
+ triggers: [identity.md, reference image, visual identity, reference-identity-extract, kind=identity, brand reference, design_skill interface-design]
6
+ ---
7
+
8
+ # Reference-image-driven visual identity
9
+
10
+ A fixed design preset (`clean-saas-ui`, `aurora-command-ui`, …) hardcodes a palette and a typeface, so
11
+ every project that picks the same preset looks the same — the generic, "made-by-AI" look. The
12
+ `interface-design` skill is the opposite: a craft **engine** whose mandate is *"if another AI would
13
+ produce the same output, you failed."* This flow feeds that engine the user's **own references** so the
14
+ result is specific and premium.
15
+
16
+ The pipeline: **reference images → extracted once into `identity.md` (text) → the engine builds from the
17
+ text.** The build never reads the images. This is the same move AIOSON already makes when it extracts a
18
+ real website into a token spec — generalized so the **source** is images and the **lifetime** is
19
+ per-briefing (or per-project brand), not a frozen preset.
20
+
21
+ ## Two image roles
22
+
23
+ - **Visual identity** — brand color, type, texture, the *feel*. Drives the token system.
24
+ - **Component / structure** — a board, a table, a screen the user wants. Drives **structure only**; its
25
+ own colors/fonts are ignored. Feeds `prototype-forge`'s surface map.
26
+
27
+ Synthesis = **apply the identity to the structure.** This is why you do not want "component skills": a
28
+ component skill smuggles in its own fixed identity and reintroduces the sameness. A component *image*
29
+ contributes layout, and the identity comes from the identity images.
30
+
31
+ ## The `identity.md` record
32
+
33
+ One text file the build consumes. Frontmatter mirrors the proven extracted-token shape; sections map to
34
+ the `interface-design` token families plus its Phase-1 anti-sameness anchors. Authored by the
35
+ `reference-identity-extract` process skill (see its `SKILL.md` for the exact schema).
36
+
37
+ - **Frontmatter:** `kind`, `scope` (`briefing` | `brand`), `slug`, `source` (`references` | `intent`),
38
+ `generated_by`, `generated_at`, `confidence`, `theme`, `base_unit`.
39
+ - **Sections:** `## Design pillars`, `## Palette` (real hex), `## Typography`, `## Spacing & layout`,
40
+ `## Radius & depth` (exactly one depth strategy), `## Motion`, `## Signature moves`, `## Anti-goals`,
41
+ `## Component structure notes`, `## Provenance` (generic — never names an external source).
42
+ - `source: references` (filled from images) vs `intent` (image-less fallback via interface-design's own
43
+ Phase 0). **Same shape either way**, which is what makes it gateable and harness-portable.
44
+
45
+ ## Two scopes
46
+
47
+ | scope | record | images |
48
+ |---|---|---|
49
+ | **Per-briefing** (default) | `.aioson/briefings/{slug}/identity.md` | `.aioson/briefings/{slug}/references/{identity,structure}/` |
50
+ | **Project brand** | `.aioson/context/identity.md` | `.aioson/context/brand-references/{identity,structure}/` |
51
+
52
+ **Resolution order** (identical for `@ux-ui` and `prototype-forge`): per-briefing → project brand →
53
+ none (then `interface-design` Phase 0 governs). The **text record is canonical and committed**; the
54
+ images are raw source and may be `.gitignore`d — extraction runs once, so the build never needs them
55
+ again.
56
+
57
+ ## How it runs
58
+
59
+ - **`@briefing-refiner`** (prototype mode) — when a rich-surface product would benefit from a visual,
60
+ it offers reference-image intake: the user drops images into `references/{identity,structure}/`, the
61
+ agent loads `reference-identity-extract`, writes `identity.md`, and `prototype-forge` builds from it.
62
+ No images → it skips and `interface-design` runs intent-first. Always optional, never blocking.
63
+ - **`@setup`** — for `site`/`web_app`, the recommended visual route is *interface-design + reference
64
+ images* (sets `design_skill: interface-design`; the concrete look comes from `identity.md`). The
65
+ fixed presets remain an explicit alternative.
66
+ - **`@ux-ui`** — Step 0 loads `identity.md` as the **identity input** the single interface-design engine
67
+ applies. It is **not** a second design skill: exactly one design skill is loaded, and `identity.md`
68
+ parameterizes it. This does not weaken the ONE-SKILL-ONLY rule.
69
+
70
+ ## The gate
71
+
72
+ `aioson verify:artifact . --kind=identity --file=<path>` proves the record is complete — the token
73
+ skeleton plus both anti-sameness anchors (`## Design pillars` + `## Signature moves`) plus the structure
74
+ section are present, and no placeholder or unfilled hex slipped through. Build-free, deterministic, the
75
+ periphery analog of the code pipeline's `SG-*` gates. The extraction skill runs it `--advisory` before
76
+ handing back. Path-resolved via `--file` because the record lives in either scope.
77
+
78
+ ## Cross-harness & no-vision
79
+
80
+ The extraction pass is the **only** vision step. On a vision-less harness, either run extraction once on
81
+ a vision-capable harness, or hand-author `identity.md` from the schema — the gate then proves it is
82
+ complete. The build is identical in both cases because it reads only the text. This is the same reason
83
+ gates are engine-driven rather than hook-driven: the portable artifact crosses harnesses; the
84
+ host-specific capability does not.
85
+
86
+ ## Notes
87
+
88
+ - **Vision is non-deterministic** — two extractions of one image can differ. That is exactly why the
89
+ text record exists: `identity.md` is the frozen, user-editable source of truth, and the build off it
90
+ is deterministic.
91
+ - **Image storage** — reference images are binary and can bloat git. The text record is canonical and
92
+ committed; images are optional and may be `.gitignore`d at the project level.
93
+ - **Provenance discipline** — `## Provenance` describes sources by type only. Never name an external
94
+ product, brand, site, or tool in any artifact.
@@ -15,10 +15,16 @@ Run **after** writing `sheldon-enrichment-{slug}.md`, gated by `project.context.
15
15
 
16
16
  | Classification | Action |
17
17
  |---|---|
18
- | MICRO | Skip entirely. No contract, no progress.json. |
19
- | SMALL | Produce `progress.json` only (no `harness-contract.json`). |
18
+ | MICRO | Skip entirely **unless it is a runtime feature** (`has_api`/DB/prototype): then produce a minimal `harness-contract.json` (just the §2c `RG-*` criteria) + `progress.json`. |
19
+ | SMALL | Produce `progress.json` only **plus `harness-contract.json` with the §2c `RG-*` criteria when it is a runtime feature**, so `harness:check` can enforce the runtime gate. |
20
20
  | MEDIUM | Produce both `harness-contract.json` and `progress.json`. |
21
21
 
22
+ A **runtime feature** (`has_api` / DB / migrations / `## Prototype reference`) therefore carries the `RG-*`
23
+ runtime gate at **every** classification. The CLI deterministically blocks the subset it can locate on disk
24
+ (prototype manifests and migration/Prisma paths from progress/git evidence) when the runtime contract is missing
25
+ or has no `RG-*`; the Play `has_api` case still requires the `@validator` Step 0 judgment because that flag lives
26
+ inside the target app. Non-runtime MICRO/SMALL keep the lightweight path (no contract).
27
+
22
28
  ## Steps
23
29
 
24
30
  ### 1. Initialize stub
@@ -57,31 +63,139 @@ Authoring rules for `verification`:
57
63
 
58
64
  - **Prefer the project's own test runner** (`node --test tests/x.test.js`, `npm test -- --grep "..."`, `pytest tests/test_x.py`). A criterion backed by a real test is the gold standard.
59
65
  - **One-liner assertions** when no test exists yet: `node -e "const m = require('./src/x'); process.exit(typeof m.parseX === 'function' ? 0 : 1)"`.
60
- - **Deterministic only**: no network calls, no wall-clock dependence, no interactive prompts.
66
+ - **Deterministic only**: no network calls, no wall-clock dependence, no interactive prompts. *(Exception: the runtime-gate criteria in §2c — `build`/`migrate`/`boot`/`smoke` — MAY provision an ephemeral DB and boot the app. That setup is the point, not a violation.)*
61
67
  - **Cross-platform**: single commands or npm scripts — avoid shell chaining (`&&`, `||`) and POSIX-only utilities (`grep`, `test -f`) on Windows-first projects; use `node -e` for file/shape assertions instead.
62
- - **Self-contained**: the command must pass/fail on a clean checkout after install — no hidden setup steps.
68
+ - **Self-contained**: the command must pass/fail on a clean checkout after install — no hidden setup steps. *(Runtime-gate criteria may require `db:up`/`migrate reset` as their declared first step; declare it inside the `verification`, never as a hidden prerequisite.)*
63
69
  - A `binary: true` criterion **without** `verification` remains valid (judged by `@validator`, as before), but the contract schema emits a coverage warning — treat each one as debt and justify it in the enrichment log.
64
70
 
71
+ ### 2c. Runtime gate criteria — MANDATORY for runtime features
72
+
73
+ A contract whose criteria are all unit/component test commands (e.g. `pnpm test -- <file>`) proves the
74
+ **tests** pass, not that the **app** runs. Tests mock the database, the auth SDK and the network; a feature
75
+ can be 100% green on unit tests while its migrations never applied, its UI was never wired to the API, and
76
+ the process never booted. To close that gap, any feature that ships a runtime surface MUST carry criteria that
77
+ exercise the **real, running stack** — not only mocks.
78
+
79
+ A feature is a **runtime feature** when ANY of these holds:
80
+
81
+ - `manifest.json` has `has_api: true`, declares a server/process, or a Play runtime; or
82
+ - the feature creates or changes a database / Prisma schema / migrations; or
83
+ - the feature carries a `## Prototype reference` (a clickable prototype whose Core interactions must work).
84
+
85
+ For a runtime feature, add these criteria (use the project's OWN commands; drop a row only with a written
86
+ reason in the enrichment log):
87
+
88
+ | id | what it proves | example `verification` (adapt to the project) |
89
+ |----|----------------|-----------------------------------------------|
90
+ | `RG-build` | the app compiles for real, not a mocked subset | `pnpm build` · `npm run build` · `tsc -p .` |
91
+ | `RG-migrate` | migrations **apply** to a fresh DB — not just exist as files | `prisma migrate reset --force` (or `migrate deploy`) against an ephemeral/throwaway DB |
92
+ | `RG-boot` | server + client start without crashing | start the process and probe health, e.g. `node scripts/smoke-boot.mjs` hitting `/api/health` → 200 |
93
+ | `RG-smoke` | the prototype's Core happy-path works on the running stack | `aioson qa:run` / `aioson qa:scan`, or an e2e/integration run that drives the **real** endpoints/UI end-to-end |
94
+
95
+ **Hard rules:**
96
+
97
+ - A runtime-feature contract containing **zero** of {`RG-build`, `RG-migrate`, `RG-boot`, `RG-smoke`} is
98
+ **invalid** — treat it as a coverage *error*, not a warning, and do not declare the contract final.
99
+ `@validator` rejects such a contract at its Contract-integrity precheck.
100
+ - **No duplicate verification.** Two `binary: true` criteria must never carry the **same** `verification`
101
+ command. Each criterion maps to a distinct check. (Padding 11 criteria out of 6 commands is exactly how a
102
+ hollow contract scores "11/11".) `RG-migrate` and `RG-boot` are separate criteria with separate commands.
103
+ - `RG-smoke` must drive at least the prototype-manifest's **Core** interactions for the feature
104
+ (create / list / switch / edit / archive of the primary objects), end to end — never a mocked unit of one
105
+ of them, and never a static source-string assertion that an API call *appears* in the code.
106
+ - These criteria are first-class binary criteria: `aioson harness:check` runs them like any other, and their
107
+ exit code is the verdict. If the project lacks a smoke/boot harness, that harness is itself part of `@dev`'s
108
+ scope — do not downgrade `RG-smoke` to a unit test to make it "self-contained".
109
+
110
+ > **CLI backstop (deterministic).** `aioson harness:check . --slug={slug}` enforces the first two hard rules
111
+ > itself, not only through `@validator`, and `workflow:next --complete=dev|qa` / `feature:close --verdict=PASS`
112
+ > call the same integrity gate before advancing. When the CLI detects a runtime surface it can locate
113
+ > deterministically — a `.aioson/briefings/{slug}/prototype-manifest.md`, or a migration/Prisma path in
114
+ > `progress.completed_steps`, `progress.changed_files`, or the git changed-file set — a missing contract is
115
+ > blocked, a contract with **no** `RG-*` criterion fails with `missing_runtime_gate`, and two binary criteria
116
+ > sharing one `verification` command fail with `duplicate_verification`; both flip the check's `ok` to `false`.
117
+ > The Play `manifest.json` `has_api` trigger lives in the target app and is **not** locatable from the framework
118
+ > in all projects — for that case the `@validator` Step 0 precheck remains the enforcer, and `RG-smoke` actually
119
+ > exercising Core (vs. a unit test wearing the id) is always a `@validator` judgment. In an **untracked** session
120
+ > (plain slash activation, no `workflow:next`), `aioson agent:epilogue --agent=dev|qa` surfaces the same check as a
121
+ > non-blocking **advisory** `contract:integrity` step — a signal in the dashboard trail, not a gate; only the
122
+ > tracked `workflow:next` / `feature:close` paths block. Treat a green `harness:check` as necessary, not sufficient.
123
+
124
+ ### 2d. Static gate criteria (SG-*) — build-independent proof
125
+
126
+ `RG-*` criteria run a command (a build, a migrated DB, a booted app). They are
127
+ the truth, but they are **expensive** — `aioson harness:check` runs them once, at
128
+ the last gate (`@qa`, else `@dev`). They also cannot run until the app builds.
129
+
130
+ An **SG-* (static gate)** criterion proves a claim by **reading the changed
131
+ files** instead of running them: a required pattern is present (the code was
132
+ actually written / wired) and a forbidden pattern is absent (no placeholder,
133
+ stub or anti-pattern snuck in). It is pure `fs + RegExp + parse` — no shell, no
134
+ build — so it costs milliseconds and the contract-integrity gate evaluates it at
135
+ **every** stage (`@dev`-done and `@qa`-done), even when the runtime checks are
136
+ deferred. That makes it the cheap layer that catches "claimed done but stubbed
137
+ it / left a placeholder / never wired `requireAuth`" the instant it happens,
138
+ on any model, cross-platform.
139
+
140
+ Add an SG-* criterion when an AC has a concrete, greppable signature — a symbol
141
+ that must be called, an export that must exist, an env var that must be read, an
142
+ anti-pattern that must not appear — that you want proven without booting the app:
143
+
144
+ ```json
145
+ {
146
+ "id": "SG-auth-wired",
147
+ "description": "auth middleware is wired into the protected router",
148
+ "assertion": "requireAuth is applied in src/routes/private.ts",
149
+ "binary": true,
150
+ "files": ["src/routes/private.ts"],
151
+ "must_match": ["requireAuth\\(", "export const privateRouter"],
152
+ "must_not_match": ["TODO", "as any", "not implemented"]
153
+ }
154
+ ```
155
+
156
+ Semantics:
157
+
158
+ - `must_match` — **OR across files**: each pattern must appear in **≥ 1** of `files[]`.
159
+ - `must_not_match` — **absent in all**: no pattern may appear in **any** of `files[]`.
160
+ - Each `files[]` entry is also **parse-checked** (`JSON.parse` for `.json`,
161
+ `node --check` for `.js/.mjs/.cjs`) to catch a truncated/corrupted write; a
162
+ declared file that does not exist fails the criterion.
163
+ - An invalid regex degrades to a literal-substring test — a typo never crashes the gate.
164
+
165
+ **Rules:**
166
+
167
+ - Use the `SG-` id prefix (mirrors `RG-` / `SEC-`).
168
+ - A criterion is **either** runtime (`verification` command) **or** static
169
+ (`must_match`/`must_not_match`), **never both** — split into two criteria.
170
+ - A static criterion **requires** a non-empty `files[]` to read.
171
+ - SG-* does **not** replace `RG-*`: a static `must_match` proving an API *call
172
+ appears in source* is not proof the endpoint *runs*. Keep the `RG-smoke`
173
+ runtime gate; SG-* is the cheap, early, build-independent complement.
174
+
175
+ For a **project-wide** sweep of the same anti-patterns (not tied to one AC), run
176
+ `aioson audit:code . --json` — the categorized static scan (`TODO` /
177
+ `ANTI_PATTERN` / `DEAD_CODE` / `DUPLICATION`) `@qa` consumes one category at a time.
178
+
65
179
  ### 3. Set `contract_mode`
66
180
 
67
- By classification and risk surface, using the modes accepted by the harness schema:
68
-
69
- - **SMALL** → `safe`
70
- - **MEDIUM (default)** → `builder`
71
- - **MEDIUM with sensitive surface** (auth, money, ownership, secrets, uploads, external URLs) → `safe`
72
- - **Explicit user-approved long autonomous run** → `autopilot`
181
+ By classification and risk surface, using the modes accepted by the harness schema:
182
+
183
+ - **SMALL** → `safe`
184
+ - **MEDIUM (default)** → `builder`
185
+ - **MEDIUM with sensitive surface** (auth, money, ownership, secrets, uploads, external URLs) → `safe`
186
+ - **Explicit user-approved long autonomous run** → `autopilot`
73
187
 
74
188
  ### 4. Set `governor` block
75
189
 
76
- Safe defaults for a normal MEDIUM `builder` contract:
77
-
78
- ```json
79
- { "max_steps": 30, "cost_ceiling_tokens": 1000000, "error_streak_limit": 5 }
80
- ```
81
-
82
- - `safe` applies the tight preset for risky or bounded runs.
83
- - `builder` applies the normal MEDIUM preset.
84
- - `autopilot` applies the largest preset and requires explicit user approval.
190
+ Safe defaults for a normal MEDIUM `builder` contract:
191
+
192
+ ```json
193
+ { "max_steps": 30, "cost_ceiling_tokens": 1000000, "error_streak_limit": 5 }
194
+ ```
195
+
196
+ - `safe` applies the tight preset for risky or bounded runs.
197
+ - `builder` applies the normal MEDIUM preset.
198
+ - `autopilot` applies the largest preset and requires explicit user approval.
85
199
 
86
200
  ## Authoring rules
87
201
 
@@ -96,14 +210,14 @@ Safe defaults for a normal MEDIUM `builder` contract:
96
210
  ### `harness-contract.json`
97
211
 
98
212
  ```json
99
- {
100
- "feature": "<slug>",
101
- "contract_mode": "balanced | safe | builder | autopilot",
102
- "governor": {
103
- "max_steps": 50,
104
- "cost_ceiling_tokens": 1000000,
105
- "error_streak_limit": 5
106
- },
213
+ {
214
+ "feature": "<slug>",
215
+ "contract_mode": "balanced | safe | builder | autopilot",
216
+ "governor": {
217
+ "max_steps": 50,
218
+ "cost_ceiling_tokens": 1000000,
219
+ "error_streak_limit": 5
220
+ },
107
221
  "criteria": [
108
222
  {
109
223
  "id": "C1",
@@ -111,12 +225,24 @@ Safe defaults for a normal MEDIUM `builder` contract:
111
225
  "assertion": "...",
112
226
  "binary": true,
113
227
  "verification": "node --test tests/foo.test.js"
228
+ },
229
+ {
230
+ "id": "SG-1",
231
+ "description": "...",
232
+ "assertion": "...",
233
+ "binary": true,
234
+ "files": ["src/x/y.ts"],
235
+ "must_match": ["export function parseX"],
236
+ "must_not_match": ["as any", "TODO"]
114
237
  }
115
238
  ]
116
239
  }
117
240
  ```
118
241
 
119
- `verification` is optional per criterion (legacy contracts remain valid), executed via `aioson harness:check` with exit code 0 = pass.
242
+ A criterion is **runtime** (carries `verification`, executed via `aioson
243
+ harness:check` with exit code 0 = pass) **or** **static** (carries `files[]` +
244
+ `must_match`/`must_not_match`, evaluated build-free — see §2d). Both are
245
+ optional per criterion; a criterion with neither stays an `@validator` judgment.
120
246
 
121
247
  ### `progress.json`
122
248
 
@@ -138,3 +264,4 @@ Safe defaults for a normal MEDIUM `builder` contract:
138
264
  - **No verifiable ACs in PRD** — go back to enrichment with `@product` and add concrete assertions before generating a contract.
139
265
  - **All ACs are advisory** — flag to user; the harness adds no value. Skip contract generation, document the decision in `sheldon-enrichment-{slug}.md`.
140
266
  - **`harness:init` CLI missing** — write stubs manually, but record in handoff that CLI was unavailable so `@dev` can install it.
267
+ - **All criteria are unit tests on a runtime feature** — the contract proves the tests pass, not that the app runs. This is the failure that ships a green-but-broken build (migrations never applied, UI never wired, process never booted). Add the §2c runtime-gate criteria before declaring the contract final; a runtime-feature contract without them is invalid.
@@ -0,0 +1,82 @@
1
+ ---
2
+ description: "Verification sub-agent config (verification.json) — which verifiers run, when, and on which host/model; native vs external dispatch."
3
+ agents: [dev, qa, validator]
4
+ task_types: [verification, configuration]
5
+ triggers: [verification config, verification.json, sub-agent verification, native vs external, cross-vendor auditor]
6
+ ---
7
+
8
+ # Verification sub-agent config — `.aioson/config/verification.json`
9
+
10
+ Controls **which** verification sub-agents run, **when**, and on **which model** — resolved per host harness. Consumed by the `@dev` phase-loop (per-phase checks) and the post-dev review cycle (end-of-feature gate). Auto-generated on `aioson init`/`update` and hand-editable: your values survive updates (additive merge), only `version` is framework-owned.
11
+
12
+ ## The one rule that trips people up: `native` vs `external`
13
+
14
+ Dispatch is **keyed by the host harness** (`claude` / `codex` / `opencode`), and each host has two modes:
15
+
16
+ - **`native`** — an in-harness sub-agent. On **Claude Code** it runs a **Claude model tier** (e.g. `sonnet-4.6`, `opus-4.8`). On codex/opencode it runs that CLI's own configured model. You **cannot** run a codex/GPT model as a *native Claude Code sub-agent* — different vendor, different process.
17
+ - **`external`** — spawn a **different vendor CLI** as a read-only auditor (`aioson verify:implementation --tool=...`). This is the *only* way to bring a cross-vendor model in while hosted elsewhere. Heavier; reserve for a second opinion on sensitive surfaces — see `cross_check`.
18
+
19
+ So the config never asks "run codex inside claude". Each host row just names the right **native** model for whoever is hosting; `cross_check` is the explicit, opt-in cross-vendor escape hatch.
20
+
21
+ ## Per-agent fields
22
+
23
+ ```jsonc
24
+ "qa": {
25
+ "enabled": true, // true | false | "auto" (framework decides)
26
+ "triggers": ["per-phase", "end-of-feature"],
27
+ "dispatch": {
28
+ "claude": { "mode": "native", "model": "sonnet-4.6" },
29
+ "codex": { "mode": "native", "model": "configured-default" },
30
+ "opencode": { "mode": "native", "model": "configured-default" }
31
+ },
32
+ "report": "qa-report-{slug}.md" // {slug} is substituted at run time
33
+ }
34
+ ```
35
+
36
+ - **`enabled`** — `true` / `false` / `"auto"`. `"auto"` resolves from context: `pentester` only on a sensitive surface, `tester` on anything above MICRO, others on.
37
+ - **`triggers`** — `per-phase` (light, cheap, runs between phases), `end-of-feature` (full gate), `sensitive-surface` (security pass). Per-phase is the cheap loop check; the full smoke runs once at `end-of-feature`.
38
+ - **`model: "configured-default"`** — delegate to the host CLI's own configured model (don't pin one).
39
+ - **`validator.cross_check`** — `{ "enabled": false, "mode": "external", "tool": "codex", "model": "..." }`. Flip `enabled: true` to add an independent cross-vendor verdict on the contract.
40
+
41
+ ## Budget (token economy)
42
+
43
+ ```jsonc
44
+ "budget": {
45
+ "max_subagents_per_phase": 1, // cap concurrent verifiers per phase
46
+ "skip_on_micro": true, // suppress per-phase checks on MICRO
47
+ "full_smoke": "end-of-feature-only" // never re-run the full runtime smoke per phase
48
+ }
49
+ ```
50
+
51
+ The whole point is **leve por fase / completo no fim**: a per-phase check confirms the slice cheaply; the expensive build+migrate+boot+happy-path smoke runs once, at the end.
52
+
53
+ ## Code-quality gate (`audit_code`)
54
+
55
+ Controls the deterministic, build-free `aioson audit:code` scan wired into the **tracked** `workflow:next` `@dev`/`@qa` done-gate (the non-security categories: anti-patterns / TODOs / dead code / duplication; security stays with `security:audit`).
56
+
57
+ ```jsonc
58
+ "audit_code": {
59
+ "tracked_gate": "advisory", // "block" | "advisory" | "off"
60
+ "scope": "changed" // "changed" (git diff, fast) | "full" (whole tree)
61
+ }
62
+ ```
63
+
64
+ - **`advisory`** (default) — the scan runs, persists `.aioson/context/audit-code.json`, emits a guard event on a HIGH finding, and rides a summary on the workflow result, but **never blocks** the stage. `audit:code` is a heuristic opinion, not the feature's declared contract, so it does not gate by default (and existing flows keep advancing).
65
+ - **`block`** — a HIGH finding in scope is a **hard gate**: `@dev`/`@qa` cannot complete until it is fixed (or the policy relaxed). Use this when you want the tracked workflow to enforce code health like a runtime gate.
66
+ - **`off`** — skip the step entirely.
67
+
68
+ This is deterministic (no LLM judgment) and runs at every tracked `@dev`/`@qa` completion. `@qa` separately treats a HIGH as a Gate-D blocker in its review, and the same scan auto-fires as an advisory in `aioson agent:epilogue` for untracked sessions.
69
+
70
+ > **Periphery analog:** for the **non-code** artifacts the specialized agents produce (project context, genomes, profiler reports, the discovery cache, hybrid skills, generated sites, copy, commit subjects), the same build-free philosophy is applied by `aioson verify:artifact` — see **`verify-artifact-gates.md`**.
71
+
72
+ ## Examples
73
+
74
+ Pin qa to the cheapest Claude tier per phase:
75
+ ```json
76
+ "qa": { "dispatch": { "claude": { "mode": "native", "model": "haiku-4.5" } } }
77
+ ```
78
+
79
+ Add a cross-vendor second opinion on the contract for sensitive features:
80
+ ```json
81
+ "validator": { "cross_check": { "enabled": true, "mode": "external", "tool": "codex", "model": "configured-default" } }
82
+ ```
@@ -0,0 +1,91 @@
1
+ ---
2
+ description: "Artifact done-gates (verify:artifact) — build-free, model-agnostic completeness/integrity checks for the non-code artifacts the specialized agents produce before they register done."
3
+ agents: [setup, genome, profiler-researcher, profiler-enricher, profiler-forge, discover, orache, design-hybrid-forge, site-forge, copywriter, committer, squad]
4
+ task_types: [verification, configuration]
5
+ triggers: [verify:artifact, artifact gate, done gate, artifact done-gate, placeholder gate, kind=]
6
+ ---
7
+
8
+ # Artifact done-gates — `aioson verify:artifact`
9
+
10
+ The periphery analog of the code pipeline's `SG-*` / `RG-*` harness gates: a
11
+ build-free **"done = proven, not asserted"** check for the **non-code artifacts**
12
+ the specialized agents produce. Where `audit:code` scans code quality and the
13
+ harness contract gates a feature, `verify:artifact` proves a produced artifact is
14
+ complete and well-formed before the agent calls `agent:done`.
15
+
16
+ The failure mode it closes is the one the runtime smoke gate closed for code: an
17
+ agent self-declaring done with no proof — a `project.context.md` with an invalid
18
+ enum, a genome missing its manifest, a research report with an unfilled
19
+ `[Full Name]`, a generated site that never built.
20
+
21
+ ```bash
22
+ aioson verify:artifact . --kind=<kind> [--slug=<slug>] [--file=<path>] [--advisory] [--strict]
23
+ ```
24
+
25
+ A `kind` routes to either an **existing validator** or a declarative **SG-\***
26
+ **ruleset** over the shared static-criteria engine — pure `fs` + `RegExp` +
27
+ `JSON.parse` / `node --check` (no shell, no build, cross-platform by
28
+ construction). Adding a gate to a new agent is a registry entry plus one
29
+ done-gate line, not a bespoke implementation.
30
+
31
+ | kind | agent | backed by | default |
32
+ |---|---|---|---|
33
+ | `project-context` | `@setup` | `validateProjectContextFile` (required fields, enums, frontmatter parse) | blocking |
34
+ | `genome` | `@genome`, `@profiler-forge` | `genome:doctor` (manifest/references/anchor/Track-4.3 quality) | blocking |
35
+ | `research-report` | `@profiler-researcher` | ruleset (frontmatter + inventory/extracted/gaps sections, no template token) | blocking |
36
+ | `enriched-profile` | `@profiler-enricher` | ruleset (exec summary / psychometric / operational method / trait interactions) | blocking |
37
+ | `bootstrap` | `@discover` | ruleset (all 4 cold-start files exist with real frontmatter, no placeholder) | blocking |
38
+ | `orache-report` | `@orache` | ruleset, resolved via `--file` (7 dimensions + impact + source) | blocking |
39
+ | `hybrid-skill` | `@design-hybrid-forge` | ruleset (`.skill-meta.json` parses + sources, SKILL.md, both previews) | blocking |
40
+ | `site` | `@site-forge` | static floor + `npm run build` on the real stack | blocking |
41
+ | `copy` | `@copywriter` | ruleset (placeholder / Lorem / TODO / unfilled-token scan) | advisory |
42
+ | `commit-message` | `@committer` | subject heuristics (`--file` draft or HEAD commit) | advisory |
43
+
44
+ ## Contract
45
+
46
+ - Every gate returns a uniform `{ ok, issues[], warnings[] }`, persists
47
+ `.aioson/context/verify-artifact-<kind>.json`, and sets **exit 1** on a hard
48
+ failure — **unless `--advisory`** (warn-only, always exit 0). `--strict`
49
+ promotes warnings to blocking issues.
50
+ - `--slug` resolves a slug-keyed artifact path; `--file` resolves a
51
+ caller-known / date-stamped path. A kind that needs one fails with a clean
52
+ usage error instead of probing a `null/` path.
53
+ - `--no-build` (kind=`site`) runs the static floor only — a fast mid-work
54
+ re-check that skips the `npm run build` runtime floor.
55
+
56
+ ## Auto-fire at `agent:done`
57
+
58
+ These gates do not depend on each agent remembering to run its `## Done gate`
59
+ line. `aioson agent:done` resolves the calling agent to its artifact kind
60
+ (`src/artifact-kinds.js`) and runs the matching `verify:artifact --advisory`
61
+ itself — so the check fires at the one call every agent already makes at session
62
+ end (and rides on `agent:epilogue`, which wraps `agent:done`):
63
+
64
+ - **Self-resolving kinds** (`setup`→`project-context`, `discover`→`bootstrap`,
65
+ `committer`→`commit-message`) run with no extra input — fully deterministic,
66
+ no markdown dependency.
67
+ - **Locator-keyed kinds** run when the agent threads its locator into that same
68
+ call (`--slug` / `--file` / `--dir`, which the agent's Observability line now
69
+ carries); without it, `agent:done` surfaces a one-line hint naming the exact
70
+ command, so the gate is visible rather than silently skipped.
71
+
72
+ Always advisory at this layer: a failed or skipped check is surfaced but never
73
+ flips the session-end result. The explicit per-agent `## Done gate` stays as the
74
+ agent-facing "check and FIX" step; this is the deterministic engine net beneath
75
+ it — the periphery analog of how `audit:code` auto-fires in `agent:epilogue`.
76
+
77
+ ## `@squad` is gated separately
78
+
79
+ A squad ships through its own `aioson squad:validate` (structural: manifest
80
+ schema, required files, every declared executor file exists, no duplicate slugs,
81
+ canonical paths) plus its source-grounded multi-model **eval-gate** — both
82
+ promoted from opt-in into the default `validate` step. See `@squad`'s Done gate.
83
+
84
+ ## Why this shape
85
+
86
+ Same philosophy as the `audit_code` gate in `verification-config.md`: build-free,
87
+ model-agnostic, deterministic, and cheap enough to run at **every** agent's done
88
+ gate. It does not judge subjective quality (resonance, voice, persuasiveness) —
89
+ those stay with each agent's own checklist. It proves the artifact is *there*,
90
+ *structured*, and *not a placeholder*, which is exactly what self-asserted "done"
91
+ was silently skipping.
@@ -0,0 +1,129 @@
1
+ ---
2
+ name: workflow-lean-lane
3
+ agents: [setup, product, sheldon, dev, qa, validator, neo, orchestrator]
4
+ modes: [planning]
5
+ task_types: [workflow, routing, configuration]
6
+ load_tier: trigger
7
+ triggers: [lean lane, workflow.config.json, fewer agents, menos é mais, lean pipeline]
8
+ ---
9
+
10
+ # Workflow Lean Lane (SMALL default; opt-in for MEDIUM)
11
+
12
+ SMALL features now run the **lean chain by default**, and MEDIUM runs the **`@orchestrator` maestro lane**
13
+ (`@product → @orchestrator → @dev → @pentester → @qa`), where `@orchestrator` fans out to
14
+ `@analyst`/`@architect`/`@pm` (+ `@ux-ui` when UI-heavy) as sub-agents and consolidates one gated spec
15
+ package, with `@scope-check`, `@discovery-design-doc`, and `@ux-ui` available as opt-in detours. The older heavy chain (`product → analyst → scope-check → architect →
16
+ discovery-design-doc → pm → dev → qa`) is no longer a built-in default, but its spec hops can be opted
17
+ back in. The bottleneck was never "too few design documents", it was the absence of a gate that runs the
18
+ real app (now fixed: see `.aioson/docs/sheldon/harness-contract.md` §2c and `@qa`'s Runtime smoke gate).
19
+
20
+ The **lean lane** removes the intermediate hops and makes `@sheldon` the single spec authority:
21
+
22
+ ```
23
+ product (PRD) → sheldon (enrich + ACs + design + plan + harness-contract) → dev → qa → (validator detour)
24
+ ```
25
+
26
+ `@sheldon` runs in **Lean lane mode (RF-LEAN)** and produces, in one pass, what analyst/architect/
27
+ discovery-design-doc/pm would have produced (requirements + ACs, design-doc + readiness, implementation plan,
28
+ and the §2c runtime-gated harness contract). `@dev` implements from that plan using the project's design skill;
29
+ `@qa` runs the Runtime smoke gate; `@validator` runs as a detour when a harness contract exists.
30
+
31
+ ## When to use which lane
32
+
33
+ | Use the **lean lane** when… | Opt into the **full chain** when… |
34
+ |---|---|
35
+ | Most features — bounded scope, a single product surface, a clear prototype | Genuinely large or multi-domain scope |
36
+ | You want velocity and one spec authority | Sensitive surface (money, multi-tenant ownership, regulated data) that wants independent architecture + scope-check + adversarial review as distinct gates |
37
+ | The team trusts `@sheldon` to own the bridge | You want the readiness/scope-check checkpoints to be separate agents |
38
+
39
+ The **runtime smoke gate is mandatory in both lanes** for every runtime surface the framework can prove from
40
+ local artifacts. The CLI blocks detectable runtime features (prototype manifest or migration/Prisma evidence)
41
+ without a valid `RG-*` contract; `@validator` still owns the target-app-only `has_api` judgment.
42
+
43
+ ## How to opt in
44
+
45
+ SMALL already ships lean — no config needed. Use this preset to extend the lean shape to MEDIUM (or to pin it
46
+ explicitly). Drop this file at `.aioson/context/workflow.config.json` (the CLI's `readWorkflowConfig` merges it over the
47
+ built-in defaults — per-classification arrays replace the defaults). Then run `aioson workflow:next .` as usual.
48
+
49
+ A ready-to-copy preset lives at `.aioson/docs/presets/workflow.config.lean.json`:
50
+
51
+ ```json
52
+ {
53
+ "version": 1,
54
+ "feature": {
55
+ "MICRO": ["product", "dev", "qa"],
56
+ "SMALL": ["product", "sheldon", "dev", "qa"],
57
+ "MEDIUM": ["product", "sheldon", "dev", "qa"]
58
+ },
59
+ "project": {
60
+ "MICRO": ["setup", "dev"],
61
+ "SMALL": ["setup", "product", "sheldon", "dev", "qa"],
62
+ "MEDIUM": ["setup", "product", "sheldon", "dev", "qa"]
63
+ },
64
+ "rules": { "required": ["dev"], "allowDetours": true }
65
+ }
66
+ ```
67
+
68
+ `allowDetours: true` keeps `@validator` (harness contract present) and `@tester`/`@pentester` (fired by `@qa`'s
69
+ triggers) available as detours — they are not in the static sequence in either lane.
70
+
71
+ Autopilot (`auto_handoff: true`) drives only the **post-dev** cycle (`@dev → @qa → …`) in the lean lane:
72
+ `@product`/`@sheldon` always hand off manually (upstream-agent policy), so there is nothing to auto-chain before
73
+ `@dev`. This matches the MEDIUM maestro lane, whose `@product`/`@orchestrator` pre-dev handoffs are also manual —
74
+ so the lean lane loses no automation it was ever supposed to have.
75
+
76
+ Running the agents by hand (slash commands) is equivalent: activate `@product → @sheldon → @dev → @qa` and skip
77
+ analyst/architect/discovery-design-doc/pm. No config file is needed for the manual path.
78
+
79
+ ## Full-merged chain (heavier, opt-in)
80
+
81
+ The lean/maestro defaults are enough for most work. When a project genuinely wants the heavier multi-agent
82
+ chain back — independent `@analyst`, `@architect`, and `@pm` as distinct gates — drop the **full-merged**
83
+ preset at `.aioson/context/workflow.config.json` (ready-to-copy at
84
+ `.aioson/docs/presets/workflow.config.full-merged.json`): it is that chain with `discovery-design-doc`
85
+ removed. On this full-merged detour, when the active sequence routes `@architect` → `@dev` while omitting
86
+ `@discovery-design-doc`, `@architect` runs in **merged mode** (see `agents/architect.md` → *Architect merged
87
+ mode*) and produces the design-doc + readiness + dev-state itself, then hands off to `@dev`. Merging `@architect` +
88
+ `@discovery-design-doc` keeps the readiness gate (the cheap, valuable part) while dropping the redundant
89
+ second file-level-plan hop; it is a velocity change, not a correctness one — the runtime gate is what
90
+ prevents the green-but-broken outcome.
91
+
92
+ ```json
93
+ {
94
+ "version": 1,
95
+ "feature": {
96
+ "MICRO": ["product", "dev", "qa"],
97
+ "SMALL": ["product", "analyst", "scope-check", "architect", "dev", "qa"],
98
+ "MEDIUM": ["product", "analyst", "architect", "pm", "scope-check", "dev", "pentester", "qa"]
99
+ },
100
+ "project": {
101
+ "MICRO": ["setup", "dev"],
102
+ "SMALL": ["setup", "product", "analyst", "scope-check", "architect", "dev", "qa"],
103
+ "MEDIUM": ["setup", "product", "analyst", "architect", "ux-ui", "pm", "orchestrator", "scope-check", "dev", "qa"]
104
+ },
105
+ "rules": { "required": ["dev"], "allowDetours": true }
106
+ }
107
+ ```
108
+
109
+ ## What this does NOT change
110
+
111
+ - The override mechanism is unchanged — `readWorkflowConfig` still merges `workflow.config.json` over the
112
+ built-in defaults (per-classification arrays replace the defaults). Only the built-in default *shape* changed
113
+ (SMALL ships lean, MEDIUM ships the `@orchestrator` maestro lane); the lean lane stays a project-level config +
114
+ agent capability, not a different engine.
115
+ - The runtime safety gates are unchanged: `@qa`'s Runtime smoke gate, the §2c `RG-*` criteria, the CLI
116
+ contract-integrity backstop, and `@validator`'s target-app judgment apply identically in both lanes.
117
+
118
+ ## What the lean lane DOES change about the gates
119
+
120
+ Removing `@analyst`/`@pm` removes the agents that produced `spec-{slug}.md` and approved the process gates
121
+ A (requirements), B (design) and C (plan). Those gates still fire under `aioson workflow:next` — `@dev`'s
122
+ completion checks **Gate C** against `spec-{slug}.md`, and `@qa`'s checks **Gate D** against the same file — so
123
+ the lean lane would dead-end at `@dev` if nothing produced them. In the lean lane **`@sheldon` owns that**: its
124
+ RF-LEAN pass writes `spec-{slug}.md` with `gate_requirements`/`gate_design`/`gate_plan: approved` and an
125
+ `implementation-plan-{slug}.md` with `status: approved` (the hops it collapsed, after the user confirms its
126
+ spec-authority output). Gate D / execution stays with `@qa`, which writes the `## QA sign-off` PASS into the same
127
+ file after the Runtime smoke gate. If you run the lane by hand (slash
128
+ commands, untracked), the gate frontmatter is informational — but writing it keeps the manual and tracked paths
129
+ identical.
@@ -19,6 +19,8 @@ If `.interface-design/system.md` exists, treat it as the visual source of truth:
19
19
  - Respect it unless the user explicitly wants a redesign.
20
20
  - Update it when you introduce a reusable pattern, token rule, or layout decision.
21
21
 
22
+ If an `identity.md` exists (`.aioson/briefings/{slug}/identity.md`, else `.aioson/context/identity.md`), treat it as the visual source of truth too — it is the **extracted-from-references** form of `system.md`, distilled once from the user's own reference images (see `.aioson/docs/reference-identity.md`). Load its token sections and `## Component structure notes` before choosing a direction, and **apply** them rather than re-deriving a generic one. It is an input you apply, not a separate design system.
23
+
22
24
  If the file does not exist and the task covers more than one screen or component family, create it with:
23
25
  - Product context and UI intent
24
26
  - Chosen design direction and anti-goals