@jetrabbits/agentic 0.4.0 → 0.5.0

package/AGENTS.md

@@ -63,6 +63,14 @@ Cross-cutting practices that apply to every project regardless of area.
 - Apply the `product-owner` role to confirm that docs describe the user-facing behavior, acceptance criteria, and
   operational constraints of the change.
 
+### Versioning And Changelog
+
+- After every completed feature, update the project version in the appropriate version source for the repository.
+- Update `CHANGELOG.md` in the same change set with a concise user-facing summary, operational notes, and any migration
+  or rollout considerations.
+- Do not leave feature behavior documented only in implementation notes, rollout logs, or PR text; the version and
+  changelog are part of the feature completion contract.  
+
 ### MCP Memory Providers
 
 See [MEMORY.md](MEMORY.md) for the full protocol: provider roles, Context7 usage, MemPalace session-start queries,

package/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## v0.5.0
+- Fixed skill and rule dependencies within workflows
+
 ## v0.4.0
 
 - Fixed OpenCode MCP config generation to use top-level `mcp` entries and migrate/remove legacy `mcpServers` from generated OpenCode configs.

package/Makefile

@@ -1,4 +1,4 @@
-.PHONY: help install dev test test-all test-cli test-tui test-mcp test-cross test-doctor test-markers test-opencode-plugins test-telegram-plugin test-ubuntu-blackbox test-real-agent-doctor test-real-blackbox test-real-blackbox-codex test-real-blackbox-opencode test-real-blackbox-telegram test-real-opencode-mapper test-coverage _test-coverage-steps lint fmt clean build assess-areas
+.PHONY: help install dev test test-all test-cli test-tui test-mcp test-cross test-doctor test-markers test-opencode-plugins test-telegram-plugin test-ubuntu-blackbox test-real-agent-doctor test-real-blackbox test-real-blackbox-codex test-real-blackbox-opencode test-real-blackbox-telegram test-real-opencode-mapper test-coverage _test-coverage-steps check-no-pycache lint fmt clean build sync-diagrams assess-areas
 
 define timed_step
 	@label='$(1)'; \
@@ -41,10 +41,12 @@ help:
 		"  test-real-blackbox-telegram  Run real OpenCode Telegram blackbox test" \
 		"  test-real-opencode-mapper  Run real OpenCode mapper input blackbox" \
 		"  test-coverage  Run traced e2e coverage for agentic" \
+		"  check-no-pycache  Fail if Python bytecode/cache artifacts are present" \
 		"  lint          Run prompt and catalog validation" \
 		"  fmt           Check formatting hooks placeholder" \
 		"  clean         Remove generated reports" \
 		"  build         Build generated docs catalog" \
+		"  sync-diagrams Generate workflow agent interaction diagrams" \
 		"  assess-areas  Generate area quality scorecards"
 
 install:
@@ -136,11 +138,21 @@ _test-coverage-steps:
 	$(call timed_step,test-coverage-doctor,AGENTIC_COVERAGE_TRACE_FILE="$(AGENTIC_COVERAGE_TRACE_FILE)" AGENTIC_TEST_CLI="$(CURDIR)/tests/e2e/coverage_shim.sh" bash tests/e2e/doctor.e2e.sh >/tmp/agentic-coverage-doctor.log 2>&1)
 	$(call timed_step,test-coverage-parse,bash tests/e2e/coverage_parse.sh "$(AGENTIC_COVERAGE_TRACE_FILE)")
 
+check-no-pycache:
+	@found="$$(find . -name .git -prune -o \( -type d -name __pycache__ -o -type f \( -name '*.pyc' -o -name '*.pyo' -o -name '*.pyd' \) \) -print)"; \
+	if [ -n "$$found" ]; then \
+	  printf '%s\n' "Python bytecode/cache artifacts are not allowed:"; \
+	  printf '%s\n' "$$found"; \
+	  exit 1; \
+	fi
+
 lint:
 	bash -n agentic
-	python3 -m py_compile scripts/build_docs_catalog.py scripts/lint_prompts.py scripts/assess_area_quality.py
-	python3 scripts/lint_prompts.py --strict
-	python3 scripts/build_docs_catalog.py --validate --output /tmp/agentic-catalog-check.json
+	PYTHONPYCACHEPREFIX=/tmp/agentic-pycache-check python3 -m py_compile scripts/build_docs_catalog.py scripts/lint_prompts.py scripts/assess_area_quality.py scripts/sync_workflow_diagrams.py
+	PYTHONDONTWRITEBYTECODE=1 python3 scripts/lint_prompts.py --strict
+	PYTHONDONTWRITEBYTECODE=1 python3 scripts/sync_workflow_diagrams.py --check
+	PYTHONDONTWRITEBYTECODE=1 python3 scripts/build_docs_catalog.py --validate --output /tmp/agentic-catalog-check.json
+	$(MAKE) check-no-pycache
 
 fmt:
 	@printf '%s\n' "No formatter configured."
@@ -149,7 +161,11 @@ clean:
 	rm -f reports/area-quality.json reports/area-quality.md
 
 build:
-	python3 scripts/build_docs_catalog.py --output docs/site/catalog.json --validate
+	PYTHONDONTWRITEBYTECODE=1 python3 scripts/sync_workflow_diagrams.py --check
+	PYTHONDONTWRITEBYTECODE=1 python3 scripts/build_docs_catalog.py --output docs/site/catalog.json --validate
+
+sync-diagrams:
+	python3 scripts/sync_workflow_diagrams.py
 
 assess-areas:
 	python3 scripts/assess_area_quality.py --json-output reports/area-quality.json --markdown-output reports/area-quality.md

package/README.md

@@ -205,10 +205,23 @@ project/.agent/
 
 ### OpenCode Plugins
 
-- `telegram-opencode-notifier`: sends Telegram notifications when an OpenCode session becomes idle, including the final
-  response or an attachment for long output.
-- `agent-model-mapper`: maps `.opencode/agents/*.md` roles to main and fallback OpenCode models during interactive
-  `agentic install`/`agentic tui`. OpenCode startup never prompts or writes project files.
+- `Telegram Notifications`: sends Telegram notifications when an OpenCode session becomes idle, including the final
+  response or an attachment for long output. Stored internally as `telegram-notification`.
+- `Agent Model Mapping`: maps `.opencode/agents/*.md` roles to main and fallback OpenCode models during interactive
+  `agentic install`/`agentic tui`. Stored internally as `agent-model-mapper`; OpenCode startup never prompts or writes
+  project files.
+
+### OpenCode Model Profiles
+
+- `OpenAI Model Profile`: applies the bundled OpenAI model mapping from `extensions/opencode/profiles/openai/`.
+- `GitHub Copilot Model Profile`: applies the bundled GitHub Copilot model mapping from
+  `extensions/opencode/profiles/githubcopilot/`.
+- User profiles: place `opencode.json` files under `$HOME/.config/agentic/opencode/profiles/<profile-id>/`. For
+  example, `$HOME/.config/agentic/opencode/profiles/DT/opencode.json` appears in the optional OpenCode plugin menu as
+  `DT profile`, and `$HOME/.config/agentic/opencode/profiles/GH/opencode.json` appears as `GH profile`.
+- `none`: applies no model profile and does not copy the baseline `extensions/opencode/opencode.json` just for profile
+  selection. OpenCode MCPs, Telegram notifications, and model mapping may still create or update `.opencode/opencode.json`
+  when those options are selected.
 
 ---
 

package/agentic

@@ -31,6 +31,7 @@ XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}"
 APP_CONFIG_DIR="$XDG_CONFIG_HOME/$APP_NAME"
 APP_CONFIG_FILE="$APP_CONFIG_DIR/config"
 OPENCODE_PLUGIN_CONFIG_FILE="$APP_CONFIG_DIR/opencode-plugins.json"
+OPENCODE_USER_PROFILES_DIR="$HOME/.config/$APP_NAME/opencode/profiles"
 APP_DATA_DIR="$XDG_DATA_HOME/$APP_NAME"
 APP_REPO_DIR="$APP_DATA_DIR/repo"
 
@@ -911,7 +912,7 @@ mcp_registry_json() {
 JSON
 }
 
-opencode_profile_contains() {
+opencode_builtin_profile_contains() {
   local expected="$1"
   local profile_id
   for profile_id in "${OPENCODE_PROFILE_IDS[@]}"; do
@@ -920,11 +921,37 @@ opencode_profile_contains() {
   return 1
 }
 
+opencode_profile_contains() {
+  local expected="$1"
+  opencode_builtin_profile_contains "$expected" && return 0
+  [[ -f "$OPENCODE_USER_PROFILES_DIR/$expected/opencode.json" ]] && return 0
+  return 1
+}
+
+opencode_user_profile_ids() {
+  [[ -d "$OPENCODE_USER_PROFILES_DIR" ]] || return 0
+  find "$OPENCODE_USER_PROFILES_DIR" -mindepth 2 -maxdepth 2 -type f -name opencode.json -print 2>/dev/null | \
+    while IFS= read -r profile_config; do
+      basename -- "$(dirname -- "$profile_config")"
+    done | sort
+}
+
+opencode_profile_source_path() {
+  local profile_id="$1"
+  local bundled_src="$EXTENSIONS_ROOT/opencode/profiles/$profile_id/opencode.json"
+  local user_src="$OPENCODE_USER_PROFILES_DIR/$profile_id/opencode.json"
+  if [[ -f "$bundled_src" ]]; then
+    printf '%s\n' "$bundled_src"
+    return
+  fi
+  printf '%s\n' "$user_src"
+}
+
 opencode_profile_label() {
   case "$1" in
     openai) echo "OpenAI Model Profile" ;;
     githubcopilot) echo "GitHub Copilot Model Profile" ;;
-    *) echo "$1" ;;
+    *) echo "$1 profile" ;;
   esac
 }
 
@@ -937,6 +964,12 @@ opencode_profile_id_from_label() {
       return
     fi
   done
+  case "$label" in
+    *" profile")
+      printf '%s\n' "${label%" profile"}"
+      return
+      ;;
+  esac
   printf '%s\n' "$label"
 }
 
@@ -956,6 +989,15 @@ opencode_plugin_id_from_label() {
   esac
 }
 
+opencode_profile_is_none() {
+  local profile_id
+  profile_id="$(trim "${1:-}")"
+  case "$profile_id" in
+    ""|none|None|skip|Skip|no|No) return 0 ;;
+    *) return 1 ;;
+  esac
+}
+
 selected_agent_os_contains() {
   local expected="$1"
   local agent
@@ -1597,6 +1639,7 @@ ensure_bin_dir_in_shell_path() {
 copy_dir_contents() {
   local src="$1"
   local dest="$2"
+  local skip_opencode_base_config="${3:-false}"
   ensure_dir "$dest"
   if [[ "$DRY_RUN" == true ]]; then
     log "DRY-RUN copy managed contents $src -> $dest"
@@ -1606,7 +1649,7 @@ copy_dir_contents() {
 
   local event kind value events_file
   events_file="$(mktemp "${TMPDIR:-/tmp}/agentic-copy-events.XXXXXX")"
-  python3 - "$src" "$dest" "$REPO_ROOT" "$PROJECT_DIR" "$(project_manifest_path)" "$APP_REPO_LINK" "$(app_version_label)" > "$events_file" <<'PY'
+  python3 - "$src" "$dest" "$REPO_ROOT" "$PROJECT_DIR" "$(project_manifest_path)" "$APP_REPO_LINK" "$(app_version_label)" "$skip_opencode_base_config" > "$events_file" <<'PY'
 import hashlib
 import json
 import re
@@ -1620,6 +1663,7 @@ project_dir = Path(sys.argv[4])
 manifest = Path(sys.argv[5])
 repo = sys.argv[6]
 version = sys.argv[7]
+skip_opencode_base_config = sys.argv[8].lower() == "true"
 
 
 def emit(kind: str, value: str) -> None:
@@ -1727,6 +1771,10 @@ for file_path in sorted(p for p in src.rglob("*") if p.is_file()):
     rel = file_path.relative_to(src)
     if str(src).endswith("/extensions/opencode") and rel.parts and rel.parts[0] == "profiles":
         continue
+    if str(src).endswith("/extensions/opencode") and skip_opencode_base_config and rel == Path("opencode.json"):
+        continue
+    if str(src).endswith("/extensions/opencode") and skip_opencode_base_config and rel == Path("plugins/telegram-notification.ts"):
+        continue
     target = dest_root / rel
     project_rel = rel_to_project(target)
     source_ref = rel_to_repo(file_path)
@@ -2397,7 +2445,8 @@ configure_opencode_profile_if_needed() {
   fi
   SELECTED_OPENCODE_PROFILE="$profile_id"
 
-  local src="$EXTENSIONS_ROOT/opencode/profiles/$profile_id/opencode.json"
+  local src
+  src="$(opencode_profile_source_path "$profile_id")"
   local dest="$PROJECT_DIR/.opencode/opencode.json"
   if [[ ! -f "$src" ]]; then
     warn "OpenCode profile not found: $src"
@@ -3084,6 +3133,13 @@ configure_opencode_plugins_if_needed() {
     "$(opencode_profile_label "openai")"
     "$(opencode_profile_label "githubcopilot")"
   )
+  local user_profile_id
+  while IFS= read -r user_profile_id; do
+    [[ -z "$user_profile_id" ]] && continue
+    opencode_builtin_profile_contains "$user_profile_id" && continue
+    opencode_profile_contains "$user_profile_id" || continue
+    plugin_options+=("$(opencode_profile_label "$user_profile_id")")
+  done < <(opencode_user_profile_ids)
   local selected_plugins=()
   local use_fzf_plugins=false
   if fzf_available; then
@@ -3109,8 +3165,13 @@ configure_opencode_plugins_if_needed() {
     case "$selected_plugin" in
       telegram-notification|telegram-opencode-notifier) enable_telegram="y" ;;
       agent-model-mapper) enable_agent_model_mapper="y" ;;
-      "OpenAI Model Profile") SELECTED_OPENCODE_PROFILE="openai" ;;
-      "GitHub Copilot Model Profile") SELECTED_OPENCODE_PROFILE="githubcopilot" ;;
+      *)
+        local selected_profile_id
+        selected_profile_id="$(opencode_profile_id_from_label "$selected_plugin")"
+        if opencode_profile_contains "$selected_profile_id"; then
+          SELECTED_OPENCODE_PROFILE="$selected_profile_id"
+        fi
+        ;;
     esac
   done
 
@@ -3605,7 +3666,17 @@ copy_extension_for_agent() {
     return
   fi
 
-  copy_dir_contents "$src" "$dest"
+  local skip_opencode_base_config=false
+  if [[ "$agent_os" == "opencode" ]]; then
+    local profile_id="${AGENTIC_OPENCODE_PROFILE:-$SELECTED_OPENCODE_PROFILE}"
+    if opencode_profile_is_none "$profile_id" \
+      && [[ "$OPENCODE_TELEGRAM_ENABLED" != "true" ]] \
+      && [[ "$OPENCODE_AGENT_MODEL_MAPPER_ENABLED" != "true" ]]; then
+      skip_opencode_base_config=true
+    fi
+  fi
+
+  copy_dir_contents "$src" "$dest" "$skip_opencode_base_config"
 }
 
 copy_extensions() {

package/areas/devops/ci-cd/workflows/onboard-repo.md

@@ -69,5 +69,34 @@ quality-gates:
 - Write `docs/ci-cd.md`: stages, how to run locally, how to add a new secret
 - **Done when:** documentation committed
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /onboard-repo"])
+  role_1["devops-engineer"]
+  role_2["developer"]
+  step_1["1. Assess & Plan"]
+  step_2["2. Secrets & Environments Setup"]
+  step_3["3. Write Pipeline Config"]
+  step_4["4. First Run & Debug"]
+  step_5["5. Document"]
+  exit(["Green pipeline + staging deploy + documentation = repo onboarded."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> exit
+  role_1 -. owns .-> step_1
+  role_1 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+  role_2 -. owns .-> step_4
+  role_1 -. owns .-> step_5
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Green pipeline + staging deploy + documentation = repo onboarded.

package/areas/devops/ci-cd/workflows/pipeline-debug.md

@@ -62,5 +62,31 @@ quality-gates:
 - Merge fix; confirm pipeline green on main
 - If flaky test: add to quarantine list; file follow-up ticket with `flaky-test` label
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /pipeline-debug"])
+  role_1["devops-engineer"]
+  role_2["developer"]
+  step_1["1. Classify Failure"]
+  step_2["2. Diagnose by Category"]
+  step_3["3. Fix & Verify"]
+  step_4["4. Merge & Monitor"]
+  exit(["Pipeline green + root cause documented in ticket = debug complete."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> exit
+  role_1 -. owns .-> step_1
+  role_2 -. owns .-> step_2
+  role_1 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Pipeline green + root cause documented in ticket = debug complete.

package/areas/devops/ci-cd/workflows/release-pipeline.md

@@ -110,6 +110,59 @@ helm upgrade --install order-service charts/order-service \
 - Verify business KPIs (conversion, checkout success, error funnel).
 - Publish deployment report with links to metrics, logs, and release artifact metadata.
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /release-pipeline"])
+  role_1["team-lead"]
+  role_2["pm"]
+  role_3["developer"]
+  role_4["devops-engineer"]
+  role_5["qa"]
+  step_1["1. Release Readiness and Freeze Check"]
+  step_2["2. Database Compatibility Gate"]
+  step_3["3. Tag Release"]
+  step_4["4. CI Release Pipeline (automated) — CI system"]
+  step_5["5. Deploy Staging"]
+  step_6["6. Production Gate"]
+  step_7["7. Canary Deployment"]
+  step_8["8. Feature Flag Progression"]
+  step_9["9. Post-Deploy Validation"]
+  exit(["Release is complete when 100% traffic is healthy, post-deploy checks pass,..."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> step_6
+  step_6 --> step_7
+  step_7 --> step_8
+  step_8 --> step_9
+  step_9 --> exit
+  role_1 -. owns .-> step_1
+  role_2 -. owns .-> step_1
+  role_3 -. owns .-> step_2
+  role_4 -. owns .-> step_2
+  role_3 -. owns .-> step_3
+  role_3 -. owns .-> step_4
+  role_4 -. owns .-> step_4
+  role_1 -. owns .-> step_4
+  role_2 -. owns .-> step_4
+  role_5 -. owns .-> step_4
+  role_4 -. owns .-> step_5
+  role_1 -. owns .-> step_6
+  role_5 -. owns .-> step_6
+  role_4 -. owns .-> step_7
+  role_3 -. owns .-> step_8
+  role_5 -. owns .-> step_8
+  role_5 -. owns .-> step_9
+  role_2 -. owns .-> step_9
+  step_9 -. iterate if blocked .-> step_1
+```
+<!-- agent-diagram:end -->
+
 ## Rollback
 
 ```bash

package/areas/devops/database-ops/workflows/backup-verify.md

@@ -103,5 +103,32 @@ curl -X POST $SLACK_WEBHOOK \
 ```
 - **If any step fails:** post failure to Slack + page on-call → P1 incident
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /backup-verify"])
+  role_1["devops-engineer"]
+  step_1["1. Pre-Check: Backup Catalog"]
+  step_2["2. Provision Test Environment"]
+  step_3["3. Restore Latest Backup"]
+  step_4["4. Row Count Validation"]
+  step_5["5. Report + Cleanup"]
+  exit(["Restore successful + row counts validated + test env destroyed + report pos..."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> exit
+  role_1 -. owns .-> step_1
+  role_1 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+  role_1 -. owns .-> step_5
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Restore successful + row counts validated + test env destroyed + report posted = backup verified.

package/areas/devops/database-ops/workflows/db-incident.md

@@ -82,5 +82,35 @@ SELECT pg_terminate_backend(<pid>); -- forceful
 - Root cause + fix in incident ticket
 - If query regression: create optimization ticket for development team
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /db-incident"])
+  role_1["devops-engineer"]
+  role_2["developer"]
+  step_1["1. Triage"]
+  step_2["2. Immediate Mitigation by Type"]
+  step_3["3. Root Cause"]
+  step_4["4. Fix & Verify"]
+  step_5["5. Document"]
+  exit(["Metrics normal + root cause documented = db incident resolved."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> exit
+  role_1 -. owns .-> step_1
+  role_2 -. owns .-> step_2
+  role_1 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_2 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+  role_1 -. owns .-> step_5
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Metrics normal + root cause documented = db incident resolved.

package/areas/devops/devsecops/workflows/policy-onboard.md

@@ -100,5 +100,39 @@ kubectl get constraint ${POLICY} -o jsonpath='{.status.byPod}'
 # metric: gatekeeper_violations_total{enforcement_action="deny"}
 ```
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /policy-onboard"])
+  role_1["devops-engineer"]
+  role_2["developer"]
+  role_3["team-lead"]
+  step_1["1. Design Policy"]
+  step_2["2. Unit Test"]
+  step_3["3. Dryrun in Staging"]
+  step_4["4. Fix Existing Violations"]
+  step_5["5. Switch to Enforce"]
+  step_6["6. Monitor Policy Health"]
+  exit(["Policy tested + existing violations resolved + enforce mode active + monito..."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> step_6
+  step_6 --> exit
+  role_1 -. owns .-> step_1
+  role_1 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_2 -. owns .-> step_4
+  role_1 -. owns .-> step_4
+  role_1 -. owns .-> step_5
+  role_3 -. owns .-> step_5
+  role_1 -. owns .-> step_6
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Policy tested + existing violations resolved + enforce mode active + monitoring in place = policy onboarded.

package/areas/devops/devsecops/workflows/security-scan-pipeline.md

@@ -151,5 +151,38 @@ echo "IaC:          $(cat iac-scan.sarif | jq '.runs[0].results | length') findi
 echo "SBOM:         attached to registry"
 ```
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /security-scan-pipeline"])
+  role_1["devops-engineer"]
+  step_1["1. Secrets Scan"]
+  step_2["2. SAST (Static Analysis)"]
+  step_3["3. Dependency CVE Scan"]
+  step_4["4. Container Image Scan"]
+  step_5["5. IaC Security Scan"]
+  step_6["6. Generate SBOM"]
+  step_7["7. Collate Report"]
+  exit(["Zero unresolved Critical/High + SBOM attached + scan report filed = securit..."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> step_6
+  step_6 --> step_7
+  step_7 --> exit
+  role_1 -. owns .-> step_1
+  role_1 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+  role_1 -. owns .-> step_5
+  role_1 -. owns .-> step_6
+  role_1 -. owns .-> step_7
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Zero unresolved Critical/High + SBOM attached + scan report filed = security scan complete.

package/areas/devops/infrastructure/workflows/destroy-environment.md

@@ -92,5 +92,36 @@ aws dynamodb delete-item \
 ### 6. Document — `@devops-engineer`
 - Record in decommission log: environment, date, approver, reason, data disposition
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /destroy-environment"])
+  role_1["devops-engineer"]
+  role_2["team-lead"]
+  step_1["1. Confirm Scope"]
+  step_2["2. Approval"]
+  step_3["3. Pre-Destroy Backup"]
+  step_4["4. Ordered Teardown"]
+  step_5["5. Verify & Cleanup"]
+  step_6["6. Document"]
+  exit(["Terraform state empty + cloud console clean + documentation filed = environ..."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> step_6
+  step_6 --> exit
+  role_1 -. owns .-> step_1
+  role_2 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+  role_1 -. owns .-> step_5
+  role_1 -. owns .-> step_6
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Terraform state empty + cloud console clean + documentation filed = environment destroyed.

package/areas/devops/infrastructure/workflows/drift-remediation.md

@@ -62,5 +62,34 @@ terraform apply remediation.plan
 ### 5. Report — `@devops-engineer`
 - Update `drift-log.md` with date, resources affected, classification, action taken
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /drift-remediation"])
+  role_1["devops-engineer"]
+  role_2["team-lead"]
+  step_1["1. Detect Drift"]
+  step_2["2. Classify Findings"]
+  step_3["3. Remediate (if REMEDIATE class)"]
+  step_4["4. Investigate (if INVESTIGATE class)"]
+  step_5["5. Report"]
+  exit(["All drift classified + REMEDIATE resolved + INVESTIGATE escalated = drift c..."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> exit
+  role_1 -. owns .-> step_1
+  role_1 -. owns .-> step_2
+  role_2 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+  role_1 -. owns .-> step_5
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 All drift classified + REMEDIATE resolved + INVESTIGATE escalated = drift cycle complete.

package/areas/devops/infrastructure/workflows/module-development.md

@@ -97,5 +97,37 @@ git push origin modules/<module-name>/v1.0.0
 # Reference in other modules: ?ref=v1.0.0 (never ?ref=main)
 ```
 
+## Agent Interaction Diagram
+
+<!-- agent-diagram:start -->
+```mermaid
+flowchart TD
+  start(["Start /module-development"])
+  role_1["devops-engineer"]
+  role_2["team-lead"]
+  step_1["1. Design Interface"]
+  step_2["2. Implement Module"]
+  step_3["3. Write Examples"]
+  step_4["4. Test"]
+  step_5["5. Code Review"]
+  step_6["6. Release"]
+  exit(["Module published + examples tested + documentation complete = module released."])
+  start --> step_1
+  step_1 --> step_2
+  step_2 --> step_3
+  step_3 --> step_4
+  step_4 --> step_5
+  step_5 --> step_6
+  step_6 --> exit
+  role_1 -. owns .-> step_1
+  role_2 -. owns .-> step_1
+  role_1 -. owns .-> step_2
+  role_1 -. owns .-> step_3
+  role_1 -. owns .-> step_4
+  role_2 -. owns .-> step_5
+  role_1 -. owns .-> step_6
+```
+<!-- agent-diagram:end -->
+
 ## Exit
 Module published + examples tested + documentation complete = module released.