@massu/core 0.6.1 → 0.6.2

package/commands/massu-golden-path/references/phase-2.5-gap-analyzer.md

@@ -24,7 +24,7 @@ WHILE iteration < MAX_ITERATIONS:
   iteration += 1
 
   result = Task(subagent_type="gap-analyzer", prompt="
-    Gap & Enhancement Analysis — Iteration {iteration}
+    Gap & Enhancement Analysis -- Iteration {iteration}
 
     CONTEXT:
     - Plan file: {PLAN_PATH}
@@ -54,67 +54,33 @@ WHILE iteration < MAX_ITERATIONS:
     - Missing confirmation for destructive actions (AlertDialog)
     - Missing keyboard navigation (tabIndex, onKeyDown for Enter)
     - Missing responsive behavior (sm:/md:/lg: breakpoints)
-    - Inconsistent spacing (page-container class, gap values)
+    - Inconsistent spacing (layout classes, gap values)
     - Missing breadcrumbs or navigation context
-    - VR-VISUAL weighted score < 3.0 on affected routes
 
     C. DATA INTEGRITY GAPS
     - Optimistic updates without rollback
     - Missing query invalidation after mutations
     - Stale data after navigation (missing refetch)
     - Missing pagination for large datasets
-    - Unhandled BigInt/Decimal serialization
+    - Unhandled serialization edge cases
 
     D. SECURITY GAPS
-    - Missing protectedProcedure on mutations
-    - Missing input validation on router inputs
-    - Missing RLS policies on new tables
-    - Exposed sensitive data in client responses
+    - Missing input validation on handler inputs
+    - Exposed sensitive data in responses
+    - Missing access controls on new endpoints
 
     E. PATTERN COMPLIANCE
-    - Run ./scripts/pattern-scanner.sh on changed files
-    - Check for pattern violations
-    - Check for hardcoded colors (should use design tokens)
+    - Run bash scripts/massu-pattern-scanner.sh on changed files
+    - Check for ESM compliance (.ts extensions, no require())
+    - Check for config-driven patterns (no hardcoded project-specific values)
+    - Check for TypeScript strict mode compliance
 
     F. ENHANCEMENT OPPORTUNITIES
     - Type safety improvements (replace 'any' with proper types)
     - Code deduplication (extract shared logic)
-    - Performance (unnecessary re-renders, missing useMemo/useCallback)
+    - Performance (unnecessary re-renders, missing caching)
     - Accessibility (aria-labels, alt text, focus management)
 
-    G. E2E WIRING GAPS
-    - For each data flow in changed files, verify VR-ROUNDTRIP:
-      WRITE: mutation/action reachable from UI or cron
-      STORE: data persists in a real table
-      READ: query reads from that same table
-      DISPLAY: component renders the query data (or cron logs output)
-    - Background-only features (crons, webhooks): WRITE->STORE->READ sufficient
-    - Query-only features (read views): READ->DISPLAY sufficient
-
-    I. RUNTIME & BOOT VERIFICATION (CR-44, Incident 2026-03-29)
-    - For EACH service that was created, modified, or registered in this session:
-      1. VR-DEPS: Verify .venv/bin/python3 exists (if plist references it)
-      2. VR-DEPS: Parse imports from main.py, verify each is installed in the venv
-      3. VR-COMPAT: Check for Python 3.10+ syntax (x | None, match/case) on Python 3.9 systems
-      4. VR-BOOT: Actually start the service (launchctl bootstrap or direct python), wait 5s, verify:
-         - Process is still alive (pgrep)
-         - Exit code is 0 (launchctl list | grep service)
-         - stderr log has no import errors or crashes
-      5. If boot fails: read stderr log, diagnose (missing package? wrong path? syntax error?), fix, retry
-    - Skip condition: plan has NO service/daemon/LaunchAgent items
-    - This category exists because static verification (VR-SYNTAX, VR-GREP) cannot catch:
-      missing venvs, missing pip packages, Python version incompatibilities, or runtime import errors
-
-    H. SPRINT CONTRACT COMPLIANCE (if contracts exist from Phase 2A.5)
-    - Read the sprint contracts from the Phase 2A tracking table
-    - For EACH plan item with a sprint contract:
-      1. List all acceptance criteria from the contract
-      2. Verify EACH criterion with specific evidence (grep, screenshot, DOM state, network response)
-      3. Any unmet criterion = GAP (P1 severity minimum)
-    - Contract criteria are IN ADDITION TO categories A-G — both must pass
-    - Skip condition: items marked `Contract: N/A` in the tracking table
-    - If no sprint contracts were negotiated (Phase 2A.5 skipped), skip this category
-
     FOR EACH FINDING:
     1. Classify: GAP (must fix) or ENHANCEMENT (should fix)
     2. Severity: P0 (broken) / P1 (incorrect) / P2 (polish)
@@ -129,14 +95,14 @@ WHILE iteration < MAX_ITERATIONS:
 
     | # | Type | Severity | Description | File | Fixed |
     |---|------|----------|-------------|------|-------|
-    | 1 | GAP | P0 | Missing error boundary | src/app/.../page.tsx | YES |
+    | 1 | GAP | P0 | Missing error boundary | src/... | YES |
     ```
   ")
 
   gaps = parse GAPS_DISCOVERED from result
 
   IF gaps == 0:
-    Output: "Gap analysis clean in iteration {iteration} — zero gaps found"
+    Output: "Gap analysis clean in iteration {iteration} -- zero gaps found"
     BREAK
   ELSE:
     Output: "Iteration {iteration}: {gaps} gaps found and fixed, re-analyzing..."
@@ -156,7 +122,7 @@ IF iteration == MAX_ITERATIONS AND gaps > 0:
 | **Full re-pass required** | After fixes, a fresh pass must find ZERO to exit |
 | **P0 gaps block** | Any P0 gap that can't be fixed stops the golden path |
 | **Enhancements are mandatory** | Enhancements found MUST be applied (this is golden path, not quick fix) |
-| **Pattern scanner gates** | `./scripts/pattern-scanner.sh` must exit 0 after each iteration |
+| **Pattern scanner gates** | `bash scripts/massu-pattern-scanner.sh` must exit 0 after each iteration |
 | **No new files without reason** | Don't create helper files that aren't needed |
 
 ---

package/commands/massu-golden-path/references/phase-3-simplify.md

@@ -9,7 +9,7 @@
 ## 3.1 Fast Gate
 
 ```bash
-./scripts/pattern-scanner.sh  # Fix ALL violations before semantic analysis
+bash scripts/massu-pattern-scanner.sh  # Fix ALL violations before semantic analysis
 ```
 
 ## 3.1.5 Dead Code Detection
@@ -23,13 +23,13 @@ Review output for unused exports, files, and dependencies. Remove dead code befo
 
 ## 3.2 Parallel Semantic Review (3 Agents)
 
-Spawn IN PARALLEL (Principle #20 -- one task per agent):
+Spawn IN PARALLEL (one task per agent):
 
-**Efficiency Reviewer** (haiku): Query inefficiency (findMany.length -> SQL COUNT, N+1, unbounded queries), React inefficiency (useState for derived, useEffect->setState, missing useMemo/useCallback), algorithmic inefficiency (O(n^2), repeated sort/filter).
+**Efficiency Reviewer** (haiku): Query inefficiency (findMany equivalent vs SQL COUNT, N+1 queries, unbounded queries), algorithmic inefficiency (O(n^2), repeated sort/filter), unnecessary allocations, missing caching opportunities.
 
-**Reuse Reviewer** (haiku): Known utilities (formatFileSize, serializeUnifiedProduct, mergeWhereWithTenant, emptyToNull, PhoneInputField, sanitizeContentHtml), component duplication against src/components/shared/ and ui/, pattern duplication across new files.
+**Reuse Reviewer** (haiku): Known utilities (getConfig(), stripPrefix(), tool registration patterns, memDb lifecycle pattern), module duplication against existing tool modules, pattern duplication across new files, config values that should be in massu.config.yaml.
 
-**Pattern Compliance Reviewer** (haiku): React Query v5 (no onSuccess in useQuery), DB patterns (Object.assign->mergeWhereWithTenant, include:->3-step, BigInt Number()), UI patterns (Select value="", missing states, Suspense), security (z.string()->z.enum() for orderBy, CR-5 precedence, CRON_SECRET guard), architecture (link table scoping, SQL aggregates, client/server boundary).
+**Pattern Compliance Reviewer** (haiku): ESM compliance (.ts import extensions, no require()), config-driven patterns (no hardcoded project-specific values -- VR-GENERIC), TypeScript strict mode compliance, tool registration (3-function pattern preferred), hook compilation (esbuild compatible), memDb lifecycle (try/finally close), security (input validation, no eval/exec).
 
 ## 3.3 Apply ALL Findings
 

package/commands/massu-golden-path/references/phase-4-commit.md

@@ -10,58 +10,33 @@
 
 | Gate | Command | Expected |
 |------|---------|----------|
-| 1. Pattern Scanner | `./scripts/pattern-scanner.sh` | Exit 0 |
-| 2. Type Safety (VR-TYPE) | `NODE_OPTIONS="--max-old-space-size=8192" npx tsc --noEmit` | 0 errors |
+| 1. Pattern Scanner | `bash scripts/massu-pattern-scanner.sh` | Exit 0 |
+| 2. Type Safety (VR-TYPE) | `cd packages/core && npx tsc --noEmit` | 0 errors |
 | 3. Build (VR-BUILD) | `npm run build` | Exit 0 |
-| 4. Lint | `npm run lint` | Exit 0 |
-| 5. Prisma Validate | `npx prisma validate` | Exit 0 |
-| 6. Secrets Staged | `git diff --cached --name-only \| grep -E '\.(env\|pem\|key\|secret)'` | 0 files |
-| 7. Credentials in Code | `grep -rn "sk-\|password.*=.*['\"]" --include="*.ts" --include="*.tsx" src/ \| grep -v "process.env" \| wc -l` | 0 |
-| 8. Schema Mismatch | Extract tables from staged routers -> query columns via MCP | All exist |
-| 9. VR-RENDER | For EACH staged component: `grep "<ComponentName" src/app/**/page.tsx` | Match found |
-| 9.5. VR-COLOR | `git diff --cached \| grep "text-red-\|bg-green-\|..."` | 0 matches |
-| 9.6. VR-COUPLING | `massu_coupling_check` or `./scripts/check-coupling.sh` | Exit 0 |
-| 10. Plan Coverage | Verify ALL plan items with VR-* proof | 100% |
-| 11. VR-PLAN-STATUS | `grep "IMPLEMENTATION STATUS" [plan]` | Match |
-| 12. Dependency Security | `npm audit --audit-level=high` | 0 high/crit |
-| 13. Test Coverage | Check test files exist for new code | WARN level |
-| 14. VR-VISUAL | `bash scripts/ui-review.sh [route]` (if UI files changed) | VR_VISUAL_STATUS: PASS |
+| 4. Tests (VR-TEST) | `npm test` | ALL pass |
+| 5. Hook Compilation (VR-HOOK-BUILD) | `cd packages/core && npm run build:hooks` | Exit 0 |
+| 6. Generalization (VR-GENERIC) | `bash scripts/massu-generalization-scanner.sh` | Exit 0 |
+| 7. Security Scanner | `bash scripts/massu-security-scanner.sh` | Exit 0 |
+| 8. Secrets Staged | `git diff --cached --name-only \| grep -E '\.(env\|pem\|key\|secret)'` | 0 files |
+| 9. Credentials in Code | `grep -rn "sk-\|password.*=.*['\"]" --include="*.ts" packages/ \| grep -v "process.env" \| wc -l` | 0 |
+| 10. VR-TOOL-REG | For EACH new tool: verify definitions + handler wired in tools.ts | All wired |
+| 11. Plan Coverage | Verify ALL plan items with VR-* proof | 100% |
+| 12. VR-PLAN-STATUS | `grep "IMPLEMENTATION STATUS" [plan]` | Match |
+| 13. Dependency Security | `npm audit --audit-level=high` | 0 high/crit |
 
-For each modified file: `massu_validate_file`, `massu_security_score`, `massu_security_heatmap`. If any file scores > 7/10 risk, flag for review.
+## 4.2 Quality Scoring Gate
 
-Spawn `massu-pattern-reviewer` agent for deep CR rule checks, import chain validation, semantic pattern matching.
+Spawn `massu-output-scorer` (sonnet): Code Clarity, Pattern Compliance, Error Handling, Test Coverage, Config-Driven Design (1-5 each). All >= 3: PASS. Any < 3: FAIL.
 
-## 4.2 Database Verification (All Environments)
-
-For EACH affected table, query all configured environments via MCP:
-
-| Env | MCP Prefix | Verify |
-|-----|-----------|--------|
-| DEV | `mcp__supabase__DEV__execute_sql` | Table, columns, RLS, grants |
-| PROD | `mcp__supabase__PROD__execute_sql` | Table, columns, RLS, grants |
-
-VR-DATA: If config-driven features, query actual config values and compare to code expectations.
-
-## 4.3 Help Site Auto-Sync
-
-1. Get staged files -> pass to `massu_docs_audit`
-2. For STALE/NEW pages: update MDX, set `lastVerified`, add changelog
-3. Commit to help site repo (separate git)
-4. Return to main app repo
-
-## 4.4 Quality Scoring Gate
-
-Spawn `massu-output-scorer` (sonnet): Code Clarity, Pattern Compliance, Error Handling, UX Quality, Test Coverage (1-5 each). All >= 3: PASS. Any < 3: FAIL.
-
-## 4.5 If ANY Gate Fails
+## 4.3 If ANY Gate Fails
 
 **DO NOT PAUSE** -- Fix automatically, re-run ALL gates, repeat until all pass.
 
-## 4.6 Auto-Learning Protocol
+## 4.4 Auto-Learning Protocol
 
-- For each bug fixed: `massu_memory_ingest` type="bugfix", update MEMORY.md
-- For new patterns: `massu_memory_ingest` type="pattern"
-- Add detection to `scripts/pattern-scanner.sh` if grep-able
+- For each bug fixed: update memory files
+- For new patterns: record in memory
+- Add detection to `scripts/massu-pattern-scanner.sh` if grep-able
 - Codebase-wide search: no other instances of same bad pattern (CR-9)
 - Record user corrections to `memory/corrections.md`
 
@@ -85,8 +60,7 @@ Changes:
 
 Verified:
 - Pattern scanner: PASS | Type check: 0 errors | Build: PASS
-- DB: All environments verified
-- Help site: UP TO DATE
+- Tests: ALL pass | Hooks: compiled | Generalization: PASS
 
 Co-Authored-By: Claude <noreply@anthropic.com>
 EOF

package/commands/massu-golden-path/references/phase-5-push.md

@@ -18,13 +18,11 @@ Run in parallel where possible:
 
 | Check | Command |
 |-------|---------|
-| Pattern Scanner | `./scripts/pattern-scanner.sh` |
-| VR-COUPLING | `./scripts/check-coupling.sh` |
-| VR-UX | `./scripts/check-ux-quality.sh` |
-| TypeScript | `NODE_OPTIONS="--max-old-space-size=8192" npx tsc --noEmit` |
+| Pattern Scanner | `bash scripts/massu-pattern-scanner.sh` |
+| Generalization | `bash scripts/massu-generalization-scanner.sh` |
+| TypeScript | `cd packages/core && npx tsc --noEmit` |
 | Build | `npm run build` |
-| Prisma | `npx prisma validate` |
-| Schema Mismatch | `./scripts/check-schema-mismatches.sh` |
+| Hook Compilation | `cd packages/core && npm run build:hooks` |
 
 ## 5.3 Tier 2: Test Suite (CRITICAL)
 
@@ -33,33 +31,29 @@ Run in parallel where possible:
 ```bash
 # Establish baseline on main
 git stash && git checkout main -q
-npm run test:run 2>&1 | tee /tmp/baseline-tests.txt
+npm test 2>&1 | tee /tmp/baseline-tests.txt
 git checkout - -q && git stash pop -q
 
 # Run on current branch
-npm run test:run 2>&1 | tee /tmp/current-tests.txt
+npm test 2>&1 | tee /tmp/current-tests.txt
 
 # Compare: any test passing on main but failing now = REGRESSION
 # Regressions MUST be fixed before push
 ```
 
-### 5.3.1-5.3.5 Test Execution
+### 5.3.1-5.3.3 Test Execution
 
 Use **parallel Task agents** for independent checks:
 
 ```
 Agent Group A (parallel):
-- Agent 1: npm run test:run (unit tests)
+- Agent 1: npm test (unit tests)
 - Agent 2: npm audit --audit-level=high
-- Agent 3: npx tsx scripts/detect-secrets.ts
-
-Agent Group B (parallel, after A):
-- Agent 1: npm run test:e2e (E2E tests)
-- Agent 2: npm run test:visual:run (visual regression)
+- Agent 3: bash scripts/massu-security-scanner.sh
 
 Sequential:
-- ./scripts/validate-router-contracts.sh
-- VR-RENDER: verify ALL new components rendered in pages
+- VR-TOOL-REG: verify ALL new tools registered in tools.ts
+- VR-GENERIC: verify ALL files pass generalization scanner
 ```
 
 ## 5.4 Tier 3: Security & Compliance
@@ -67,35 +61,8 @@ Sequential:
 | Check | Command |
 |-------|---------|
 | npm audit | `npm audit --audit-level=high` |
-| Secrets scan | `npx tsx scripts/detect-secrets.ts` |
-| Accessibility | `./scripts/verify-accessibility.sh` |
-| DB sync | Verify schema match across all environments |
-
-### VR-STORED-PROC (If migrations in push)
-
-```sql
-SELECT proname, prosrc FROM pg_proc
-JOIN pg_namespace n ON n.oid = pronamespace
-WHERE n.nspname = 'public' AND prosrc LIKE '%old_table_name%';
--- Run on all environments. Expected: 0 rows.
-```
-
-### VR-RLS-AUDIT (CR-33)
-
-```sql
-SELECT c.relname FROM pg_class c
-JOIN pg_namespace n ON c.relnamespace = n.oid
-WHERE n.nspname = 'public' AND c.relkind = 'r' AND c.relrowsecurity = false;
--- Run on all environments. Expected: 0 rows.
-```
-
-### VR-DATA (Config-Code Alignment)
-
-If push includes config-driven features, verify config keys match code expectations.
-
-### Compliance Audit Trail
-
-Generate: `massu_audit_log`, `massu_audit_report`, `massu_validation_report`.
+| Security scan | `bash scripts/massu-security-scanner.sh` |
+| Config validation | Parse massu.config.yaml without errors |
 
 ## 5.5 Tier 4: Final Gate
 
@@ -113,4 +80,4 @@ All tiers must pass:
 
 See `approval-points.md` for the exact format.
 
-After approval: `git push origin [branch]`, then monitor CI with `./scripts/ci-status.sh --wait --max-wait 300`. If CI fails, auto-run `/massu-ci-fix` protocol.
+After approval: `git push origin [branch]`, then verify with `gh run list --limit 3`.

package/commands/massu-golden-path/references/phase-6-completion.md

@@ -14,14 +14,10 @@ SUMMARY:
 Phase 0: Requirements & Context    D1-D10 resolved
 Phase 1: Plan Creation & Audit     [N] items, [M] audit passes
 Phase 2: Implementation            [N] audit loops, 3 reviewers passed
-Phase 2A.5: Sprint Contracts       [N] contracts negotiated, [M] criteria total
-Phase 2C.2: QA Evaluator           [N] sprints evaluated, [M] bugs caught / SKIPPED (no UI)
 Phase 2G: Browser Verification     [N] pages tested, [M] issues fixed / SKIPPED
-Phase 2.5: Gap & Enhancement       [N] iterations, [M] gaps fixed, [K] enhancements
 Phase 3: Simplification            [N] findings fixed
-Phase 4: Pre-Commit Verification   13 gates passed
+Phase 4: Pre-Commit Verification   All gates passed
 Phase 5: Push Verification         3 tiers passed, 0 regressions
-Phase 5.5: Production Verification [N]/[M] immediate PASS, [K] deferred pending
 --------------------------------------------------------------------------
 
 DELIVERABLES:
@@ -29,7 +25,6 @@ DELIVERABLES:
   Commit: [hash]
   Branch: [branch]
   Pushed: YES
-  Production: [VERIFIED / VERIFIED + DEFERRED / BLOCKED]
   Files changed: [N]
 
 ===============================================================================
@@ -43,10 +38,9 @@ Add to TOP of plan document:
 # IMPLEMENTATION STATUS
 
 **Plan**: [Name]
-**Status**: COMPLETE -- PRODUCTION VERIFIED / COMPLETE -- PENDING DEFERRED VERIFICATION
+**Status**: COMPLETE -- PUSHED
 **Last Updated**: [YYYY-MM-DD HH:MM]
 **Push Commit**: [hash]
-**Production Verified**: [YYYY-MM-DD HH:MM] / PENDING (deferred items in session-state/deferred-verifications.md)
 **Completed By**: Claude Code (Massu Golden Path)
 
 ## Task Completion Summary
@@ -55,59 +49,15 @@ Add to TOP of plan document:
 | 1 | [description] | 100% COMPLETE | VR-BUILD: Pass | [date] |
 ```
 
-## 6.2.1 Sprint Contract Results (if Phase 2A.5 was executed)
-
-Add after Task Completion Summary:
-
-```markdown
-## Sprint Contract Results
-| Item | Criteria Count | Met | Unmet | Renegotiated | Final Status |
-|------|---------------|-----|-------|--------------|--------------|
-| P-XXX | N | N | 0 | 0 | FULFILLED |
-
-**Contracts Fulfilled**: N/N (100%)
-**Criteria Met**: N/N total acceptance criteria
-**Renegotiations**: N (with reasons documented in tracking table)
-```
-
-Skip this section if no sprint contracts were negotiated (Phase 2A.5 skipped).
-
-## 6.2.2 QA Evaluator Summary (if Phase 2C.2 was executed)
-
-Add after Sprint Contract Results:
-
-```markdown
-## QA Evaluator Summary
-| Sprint | Product Depth | Functionality | Visual Design | Code Quality | Bugs Found | Verdict |
-|--------|--------------|---------------|---------------|-------------|------------|---------|
-| 1 | 4 | 3 | 4 | 4 | 2 | PASS |
-
-**Sprints Evaluated**: N
-**Total Bugs Caught by QA**: N (N fixed before merge)
-**Average Scores**: PD=X.X FN=X.X VD=X.X CQ=X.X
-**QA Gate Failures**: N (required re-implementation)
-```
-
-Skip this section if the plan had no UI files (QA evaluator not triggered).
-
 ## 6.3 Auto-Learning Protocol (MANDATORY)
 
 1. Review ALL fixes: `git diff origin/main..HEAD`
-2. For each fix: verify ingested into limn memory (`massu_memory_ingest`)
-3. For each fix: verify MEMORY.md updated
-4. For each new pattern: verify recorded
-5. For each failed approach: verify recorded as `failed_attempt`
-6. Record user corrections to `memory/corrections.md`
-7. Consider new CR rule if a class of bug was found
-
-## 6.4 Quality & Observability Report
-
-Generate: `massu_quality_score`, `massu_quality_trend`, `massu_quality_report`, `massu_prompt_effectiveness`, `massu_session_stats`, `massu_prompt_analysis`, `massu_tool_patterns`.
-
-## 6.5 Feature Registration (CR-32)
-
-Call `massu_sentinel_register` with feature name, file list, domain, test status.
+2. For each fix: verify memory files updated
+3. For each new pattern: verify recorded
+4. For each failed approach: verify recorded
+5. Record user corrections to `memory/corrections.md`
+6. Consider new CR rule if a class of bug was found
 
-## 6.6 Update Session State
+## 6.4 Update Session State
 
 Update `session-state/CURRENT.md` with completion status.

package/commands/massu-golden-path.md

@@ -5,17 +5,17 @@ allowed-tools: Bash(*), Read(*), Write(*), Edit(*), Grep(*), Glob(*), Task(*), m
 ---
 name: massu-golden-path
 
-> **Shared rules apply.** Read `.claude/commands/_shared-preamble.md` before proceeding. CR-12, CR-9 enforced.
+> **Shared rules apply.** Read `.claude/commands/_shared-preamble.md` before proceeding. CR-9 enforced.
 
 # Massu Golden Path: Requirements to Production Push
 
 ## Objective
 
 Execute the COMPLETE development workflow in one continuous run:
-**Requirements -> Plan Creation -> Plan Audit -> Implementation -> Gap Analysis -> Simplification -> Security Audit -> Commit -> Push**
+**Requirements -> Plan Creation -> Plan Audit -> Implementation -> Gap Analysis -> Simplification -> Commit -> Push**
 
 This command has FULL FEATURE PARITY with the individual commands it replaces:
-`/massu-create-plan` -> `/massu-plan` -> `/massu-loop` -> `/massu-loop-playwright` -> `/massu-simplify` -> `/massu-security` -> `/massu-commit` -> `/massu-push`
+`/massu-create-plan` -> `/massu-plan` -> `/massu-loop` -> `/massu-loop-playwright` -> `/massu-simplify` -> `/massu-commit` -> `/massu-push`
 
 ---
 
@@ -24,7 +24,7 @@ This command has FULL FEATURE PARITY with the individual commands it replaces:
 - **Complete workflow (CR-11)** -- ALL phases must execute, no skipping. 100% plan coverage required
 - **Zero failures** -- Each phase gate must pass before proceeding
 - **Proof required (CR-1)** -- VR-* output pasted, not summarized. "I verified" without output = invalid
-- **FIX ALL ISSUES ENCOUNTERED (CR-9)** -- Whether from current changes or pre-existing
+- **FIX ALL ISSUES AT ALL SEVERITY LEVELS (CR-9 + CR-45)** -- Whether from current changes or pre-existing. CRITICAL, HIGH, MEDIUM, LOW — ALL get fixed. No severity is exempt. This applies to security findings, gap analysis, enhancement analysis, code review, simplification, and every other review phase
 - **MEMORY IS MANDATORY (CR-38)** -- Persist ALL learnings before session ends
 - **Stagnation bail-out (CR-37)** -- If same item fails 3+ times, replan instead of grinding
 
@@ -62,7 +62,6 @@ After receiving approval, immediately continue. Do NOT ask "shall I continue?" -
 | **Continue** | `/massu-golden-path "Continue [feature]"` | Resume from session state |
 | **Competitive** | `/massu-golden-path --competitive "task"` | Spawn 2-3 competing implementations with bias presets, score, select winner |
 | **Competitive (3 agents)** | `/massu-golden-path --competitive --agents 3 "task"` | 3 agents with quality/ux/robust biases (default: 2 agents = quality + robust) |
-| **External Loop** | `/massu-golden-path --external /path/to/plan.md` | Phase 2 uses `scripts/loop-external.sh` for context-fresh iterations |
 
 ---
 
@@ -76,10 +75,9 @@ After receiving approval, immediately continue. Do NOT ask "shall I continue?" -
 | 2-COMP | Competitive Implementation | Spawn N agents with bias presets, score, select winner (`--competitive` only) | WINNER SELECTION |
 | 2.5 | Gap & Enhancement Analysis | Find+fix gaps, UX issues, security, pattern compliance; loop until zero | -- |
 | 3 | Simplification | Pattern scanner, parallel semantic review, apply findings | -- |
-| 3.5 | Deep Security Audit | Full adversarial audit loop with parallel red-team agents, iterate to zero findings | -- |
 | 4 | Pre-Commit Verification | Verification gates, quality scoring | COMMIT APPROVAL |
-| 5 | Push Verification | `scripts/push-verify.sh`, CI monitoring via `scripts/ci-status.sh` | PUSH APPROVAL |
-| 6 | Completion | Final report, plan update, auto-learning, feature registration | -- |
+| 5 | Push Verification | Push verification checks, CI monitoring | PUSH APPROVAL |
+| 6 | Completion | Final report, plan update, auto-learning | -- |
 
 ---
 
@@ -87,7 +85,7 @@ After receiving approval, immediately continue. Do NOT ask "shall I continue?" -
 
 Read `references/phase-0-requirements.md` for full details.
 
-**Summary**: Load session context via memory tools. Build a 10-dimension requirements coverage map (D1-D10). Run ambiguity detection (7 signals). If ambiguity score >= 2, enter interview loop. Fast-track to Phase 1 when D1, D2, D5 covered or user says "skip" / "just do it".
+**Summary**: Load session context via memory files. Build a 10-dimension requirements coverage map (D1-D10). Run ambiguity detection (7 signals). If ambiguity score >= 2, enter interview loop. Fast-track to Phase 1 when D1, D2, D5 covered or user says "skip" / "just do it".
 
 ---
 
@@ -96,8 +94,8 @@ Read `references/phase-0-requirements.md` for full details.
 Read `references/phase-1-plan-creation.md` for full details.
 
 **Summary**: Three sub-phases:
-- **1A: Research & Reality Check** -- Feature understanding, codebase check, blast radius analysis (CR-25), pattern compliance, backend-frontend coupling (CR-12), question filtering, security pre-screen (6 dimensions).
-- **1B: Plan Generation** -- Write plan to `docs/plans/[YYYY-MM-DD]-[feature-name].md` with P-XXX numbered items across 6 phases.
+- **1A: Research & Reality Check** -- Feature understanding, config/schema reality check, config-code alignment, codebase check, blast radius analysis (CR-25), pattern compliance, tool registration check, question filtering, security pre-screen (5 dimensions).
+- **1B: Plan Generation** -- Write plan to `docs/plans/[YYYY-MM-DD]-[feature-name].md` with P-XXX numbered items across 5 phases.
 - **1C: Plan Audit Loop** -- Subagent architecture. Iterate until GAPS_DISCOVERED = 0. Max 10 iterations.
 
 **Gate**: APPROVAL POINT #1: PLAN
@@ -108,12 +106,11 @@ Read `references/phase-1-plan-creation.md` for full details.
 
 Read `references/phase-2-implementation.md` for full details.
 
-**Summary**: Nine sub-phases (or external loop via `--external` flag using `scripts/loop-external.sh` for context-fresh iterations):
+**Summary**: Seven sub-phases:
 - **2A**: Extract plan items into tracking table, initialize session state
-- **2A.5**: Sprint contracts -- negotiate definition-of-done per plan item before implementation (scope boundary, acceptance criteria, VR-* mapping). See `references/sprint-contract-protocol.md`
 - **2B**: Implementation loop (pre-check, execute, guardrail, verify, update per item)
-- **2C**: Multi-perspective review (3 parallel agents: security, architecture, UX) + **QA evaluator** (conditional, UI plans only -- adversarial Playwright-based acceptance testing against sprint contracts). See `references/qa-evaluator-spec.md`
-- **2D**: Verification audit loop (subagent, circuit breaker CR-37, refine-or-pivot at 3+ iterations, sprint contract verification, max 10 iterations)
+- **2C**: Multi-perspective review (3 parallel agents: security, architecture, quality)
+- **2D**: Verification audit loop (subagent, circuit breaker CR-37, max 10 iterations)
 - **2E**: Post-build reflection + memory persist (CR-38)
 - **2F**: Documentation sync (if user-facing features)
 - **2G**: Browser verification & fix loop (auto-triggers if UI files changed, Playwright MCP)
@@ -126,7 +123,7 @@ Read `references/phase-2-implementation.md` for full details.
 
 Read `references/phase-2.5-gap-analyzer.md` for full details.
 
-**Summary**: After implementation completes, run a continuous gap and enhancement analysis loop. A subagent analyzes all changed files across 7 categories (functional gaps, UX gaps, data integrity, security, pattern compliance, enhancements, sprint contract compliance). VR-VISUAL uses weighted 4-dimension scoring (threshold >= 3.0). Every gap/enhancement found is fixed immediately. The loop re-runs until a full pass discovers ZERO gaps. Max 10 iterations. Skippable only for documentation-only changes or explicit user request.
+**Summary**: After implementation completes, run a continuous gap and enhancement analysis loop. A subagent analyzes all changed files across 6 categories (functional gaps, UX gaps, data integrity, security, pattern compliance, enhancements). Every gap/enhancement found is fixed immediately. The loop re-runs until a full pass discovers ZERO gaps. Max 10 iterations. Skippable only for documentation-only changes or explicit user request.
 
 ---
 
@@ -138,19 +135,11 @@ Read `references/phase-3-simplify.md` for full details.
 
 ---
 
-## PHASE 3.5: DEEP SECURITY AUDIT
-
-Read `references/phase-3.5-security-audit.md` for full details.
-
-**Summary**: Run a full adversarial security audit loop against ALL changed files. Launches 2-4 parallel red-team agents (injection, network/leakage, DoS, bypass) per iteration. Every finding is fixed in-place. Loop iterates until zero findings remain (max 5 iterations). This phase is NEVER skipped -- security is non-negotiable. Security fixes flow into Phase 4's verification gates automatically.
-
----
-
 ## PHASE 4: PRE-COMMIT VERIFICATION
 
 Read `references/phase-4-commit.md` for full details.
 
-**Summary**: Verification gates (pattern scanner, tsc, build, lint, secrets, VR-RENDER, VR-COUPLING, plan coverage, plan status, dep security). Quality scoring gate. Auto-fix on failure.
+**Summary**: Auto-verification gates (pattern scanner, tsc, build, tests, hooks, generalization, security, secrets, tool registration, plan coverage, plan status, dep security). Quality scoring gate. Auto-fix on failure.
 
 **Gate**: APPROVAL POINT #3: COMMIT
 
@@ -160,7 +149,7 @@ Read `references/phase-4-commit.md` for full details.
 
 Read `references/phase-5-push.md` for full details.
 
-**Summary**: Pre-flight (commits to push). Tier 1: quick re-verification. Tier 2: test suite with mandatory regression detection. Tier 3: security & compliance (npm audit, secrets scan). Tier 4: final gate.
+**Summary**: Pre-flight (commits to push). Tier 1: quick re-verification. Tier 2: test suite with mandatory regression detection. Tier 3: security & compliance. Tier 4: final gate.
 
 **Gate**: APPROVAL POINT #4: PUSH
 
@@ -170,7 +159,7 @@ Read `references/phase-5-push.md` for full details.
 
 Read `references/phase-6-completion.md` for full details.
 
-**Summary**: Final report with phase-by-phase status. Plan document update (IMPLEMENTATION STATUS at top). Auto-learning protocol (memory ingest for all fixes/patterns). Quality & observability report. Feature registration. Session state update.
+**Summary**: Final report with phase-by-phase status. Plan document update (IMPLEMENTATION STATUS at top). Auto-learning protocol (memory updates for all fixes/patterns). Session state update.
 
 ---
 
@@ -181,17 +170,13 @@ This skill is a folder. The following files are available for reference:
 | File | Purpose | Read When |
 |------|---------|-----------|
 | `references/phase-0-requirements.md` | Requirements interview, ambiguity detection, 10-dimension coverage map | Starting a new implementation from a task description |
-| `references/phase-1-plan-creation.md` | Blast radius analysis, plan generation, audit loop | Writing or auditing a plan |
-| `references/phase-2-implementation.md` | Item loop, sprint contracts, multi-perspective review, QA evaluator, verification audit, browser testing | Executing implementation; any Phase 2 sub-phase |
-| `references/sprint-contract-protocol.md` | Sprint contract template, quality bar, negotiation rules, skip conditions | Phase 2A.5 sprint contract negotiation |
-| `references/qa-evaluator-spec.md` | Adversarial QA evaluator: 4 dimensions, anti-leniency rules, known failure patterns | Phase 2C.2 QA evaluation (UI plans only) |
-| `references/vr-visual-calibration.md` | Score 5/3/1 calibration examples for VR-VISUAL weighted dimensions | Calibrating VR-VISUAL evaluator scoring |
-| `references/phase-2.5-gap-analyzer.md` | Gap/enhancement analysis loop, 7 categories (incl. sprint contract compliance), fix-and-repass until zero | After implementation, before simplification |
+| `references/phase-1-plan-creation.md` | Config/schema reality check, blast radius analysis, plan generation, audit loop | Writing or auditing a plan |
+| `references/phase-2-implementation.md` | Item loop, multi-perspective review, verification audit, browser testing | Executing implementation; any Phase 2 sub-phase |
+| `references/phase-2.5-gap-analyzer.md` | Gap/enhancement analysis loop, 6 categories, fix-and-repass until zero | After implementation, before simplification |
 | `references/phase-3-simplify.md` | Pattern scanner fast gate, dead code detection, parallel semantic review agents | Running simplification after implementation |
-| `references/phase-3.5-security-audit.md` | Deep adversarial security audit loop with parallel red-team agents, iterate to zero findings | After simplification, before commit verification |
-| `references/phase-4-commit.md` | Verification gates, quality scoring, commit format | Preparing a commit |
-| `references/phase-5-push.md` | Pre-flight, push verification, regression detection | Preparing to push to remote |
-| `references/phase-6-completion.md` | Final report, plan status update, auto-learning, feature registration | After all verification; completing the golden path |
+| `references/phase-4-commit.md` | Auto-verification gates, quality scoring, commit format | Preparing a commit |
+| `references/phase-5-push.md` | Pre-flight, 4-tier push verification, regression detection | Preparing to push to remote |
+| `references/phase-6-completion.md` | Final report, plan status update, auto-learning | After push; completing the golden path |
 | `references/approval-points.md` | Exact format and options for all 4 approval points (5 with --competitive: Plan, New Pattern, Winner Selection, Commit, Push) | Presenting any approval gate to the user |
 | `references/competitive-mode.md` | Competitive mode protocol: agent spawning, scoring, winner selection | Using --competitive flag |
 | `references/error-handling.md` | Abort handling, non-recoverable errors, post-compaction re-verification, competitive mode errors | On user abort, blocker error, or after context compaction |
@@ -201,8 +186,8 @@ This skill is a folder. The following files are available for reference:
 ## Gotchas
 
 - **Compaction mid-loop loses plan state** -- if context compaction occurs during implementation, the plan file path and current item must be recoverable from session-state/CURRENT.md
-- **UI items need browser verification (CR-41)** -- any plan item touching UI files must be verified with Playwright before claiming done
-- **Approval points must not be skipped** -- there are 4 approval gates (5 with --competitive: Plan, New Pattern, Winner Selection, Commit, Push)
+- **UI items need browser verification** -- any plan item touching UI files must be verified with Playwright before claiming done
+- **Approval points must not be skipped** -- there are 4 approval gates (5 with --competitive: Plan, New Pattern, Winner Selection, Commit, Push). Skipping any gate is a violation
 - **Plan file must be re-read from disk, not memory (CR-5)** -- after compaction, always re-read the plan file. Memory of plan contents drifts from reality
 - **100% coverage required (CR-11)** -- never stop early. "Most items done" is not "all items done"
 - **--competitive increases token cost ~2-3x for Phase 2** -- use for high-stakes features only
@@ -219,8 +204,8 @@ This skill is a folder. The following files are available for reference:
 | Code Clarity | 1-5 | Naming, structure, comments |
 | Pattern Compliance | 1-5 | CLAUDE.md patterns followed |
 | Error Handling | 1-5 | Edge cases, validation, fallbacks |
-| UX Quality | 1-5 | Loading/error/empty states, accessibility |
 | Test Coverage | 1-5 | Test files exist for new code |
+| Config-Driven Design | 1-5 | No hardcoded project-specific values |
 
 All >= 3: PASS. Any < 3: FAIL.
 
@@ -228,7 +213,7 @@ All >= 3: PASS. Any < 3: FAIL.
 
 ## START NOW
 
-**Step 0: Write AUTHORIZED_COMMAND to session state (CR-12)**
+**Step 0: Write AUTHORIZED_COMMAND to session state (CR-35)**
 
 Update `session-state/CURRENT.md`:
 ```
@@ -242,9 +227,8 @@ AUTHORIZED_COMMAND: massu-golden-path
 4a. **Phase 2-COMP**: Competitive implementation (if --competitive) -> **PAUSE: Winner Selection**
 5. **Phase 2.5**: Gap & enhancement analysis loop (until zero gaps)
 6. **Phase 3**: Simplification (efficiency, reuse, patterns)
-6.5. **Phase 3.5**: Deep security audit (adversarial red-team loop to zero findings)
 7. **Phase 4**: Pre-commit verification -> **PAUSE: Commit Approval**
-8. **Phase 5**: Push verification via `scripts/push-verify.sh` -> **PAUSE: Push Approval**
+8. **Phase 5**: Push verification -> **PAUSE: Push Approval**
 9. **Phase 6**: Completion, learning, quality metrics
 
 **This command does NOT stop to ask "should I continue?" -- it runs straight through.**